[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
above grep printing all the columns successfully satisfying abov condition of

$24>300


Now i need to filter above query based on the state like Florida which is printing in 23rd column i.e $23

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$23=FLORIDA {print}'

above query not working

how to check String equality in AWK

Please advise
0
Virus Depot: Cyber Crime Becomes Big Business
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

What's the best way to monitor for UDP syslog traffic coming in from a redhat 4 and redhat 5 syslog clients if it's not arriving at the syslog server. The syslog server is running on a Redhat 6 server. netstat -taulpe | grep syslog is showing that UDP is listening on all IP's on the server but I'd like to see if there is any other way apart from running  tcpdump -i <nic> port 514. Would watch lsof -a -i:514 show it?
0
xhost executing successfully for the user who has the direct login access to the OS.

when I swtich to the other user (su) and which doesn't have the direct login access to OS, could not run the xhost command.

Kindly advice, how to achieve the same.
0
http://www-01.ibm.com/support/docview.wss?uid=swg22005400

Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 )


what does  IBM MQ and IBM MQ Appliance MQOPEN call means?
does it mean client side or server side?
0
0
awk query
 unzip -c  xyz.log.20180905.gz| awk '$0>= "2013-Sep-09 18:33" && $0 <="2013-Sep-09 23:15"'| grep '|[1-9][0-9][0-9][0-9][0-9]|0000'|wc -l
Zip file too big (greater than 4294959102 bytes)
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
how to learn awk any good video tutorials on it?
please advise
0
We have implemented a new ERP system and are using seven Datalogic portable data terminals logging in to a Linux VM using telnet connections over WiFi. The problem I am facing is we only have seven licenses for our handheld units and at times a unit will lose connection and the user has to log back into their telnet session, however their old shell on the VM is orphaned and we cannot log in due to the license restrictions. I have set the units up so I can identify each unit by userid so I can kill the duplicate sessions but it happens enough that managing it this way is not practical as a long term solution.

I know just enough Linux to be dangerous but not enough to accomplish what I would like to do which is when a user HH1 or HH2 or HH3 logs in I would like to kill any existing shells for the user so each handheld is a one to one between the physical unit and the shell on the VM.

Any ideas on how to do this. We use TelNetCE on the units and just telnet and the users have a simple green screen, character based menu driven system.

Thanks
0
Hi,

I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.


[root@server01 log]# cat /etc/openldap/ldap.conf
#
SASL_NOCANON    on
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
#
[root@server01 log]# getent passwd testuser
testuser:*:123456:7001:testuser:/home/testuser:/bin/bash
[root@server01 log]#


[hubba@servder01 ~]$ su - testuser
Password:
su: Authentication failure



[root@server01 log]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
0
I am in the process of standing up a Ubuntu Linux server from a .vhd file.
The existing partitions are too small to handle the backup file thus I need to add extra partition space to the system.
This is a hyper-V hosted system.
I've never done this before. Can someone give me some guidance on what I will need to do?
Initially I was building a new server with 2 Tb of disk space but we decided to use a existing secured version of a .ova file which I converted over to a .vhd file.
Can anyone help me understand what I need to do?
We have more space available, the vhd was set to more than what the original image was configured for.
How can I expand the relevant partitions to take account of this extra available space?
Which partitions should get the extra space?  Opt is where the backups are stored via the main application so that one definitely needs to be expanded.
Filesystem                        Size  Used Avail Use% Mounted on
udev                               16G     0   16G   0% /dev
tmpfs                             3.1G  8.7M  3.1G   1% /run
/dev/mapper/vg00-root              19G  1.4G   17G   8% /
tmpfs                              16G  4.0K   16G   1% /dev/shm
tmpfs                             5.0M     0  5.0M   0% /run/lock
tmpfs                              16G     0   16G   0% /sys/fs/cgroup
/dev/sda1                         464M   58M  382M  14% /boot
/dev/mapper/vg00-opt               76G   76G     0 100% /opt
tmpfs                            …
0
how to import sessions from putty or mputty to securecrt.
https://www.vandyke.com/products/securecrt/

I recently installed securecrt not sure how to import all existing conections to different servers on different environments that are present in putty to winscp.

any tips on effective use of securecrt as i am new to it

Please advise
0
OWASP: Threats Fundamentals
LVL 12
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

I'm looking for a commercial RADIUS solution that Linux Servers can authenticate against. Specifically:

1) Primary purpose is for Linux user authentication
2) Is there any RADIUS solution that can replicate to other RADIUS servers, just like Microsoft Active Directory Servers can replicate to each other? This can even be a one way replication.
3) Preferably this RADIUS solution runs on Linux and not windows.
4) Preferably is a supported RADIUS solution, i.e. paid for product that we can get support on as needed. Unless there is a simple to use free version that doesn't require extensive learning to use.

Thanks!
0
We have setup OpenVas in our infrastructure. We were able to run it in order to scan assessments reports on VM's within our infrastructure. However the results of the scans is very long and complete. We would like to filter that same report in order to only have results of the High severity reports.

Any idea on what would be the most effective approach to filter the Greenbone scans?
0
What is pam?  What is ldap?   I know those two are for authentication but still confused. Why system administrators usually configure authentication by pam_ldam.conf. What is the advantage with this.

how to configure pam_ldap in client side to connect solaris ldap server.

Thanks,
bvm
0
What awstat format i need for that type af log from ftp server
....
....
Feb 26 13:47:24 ftp sshd[1260]: Disconnected from 115.238.245.6 port 36575 [preauth]
Feb 26 13:47:24 ftp sshd[1260]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.245.6  user=root
...
....

i used all 1 ...4 then i used :
LogFormat= "%time3 %other %method %url %logname %host %code %other"
or
LogFormat= "%time3 %other %host %bytesd %url %other %other %method %other %logname %other %code %other %other"

all says  
found 401 dropped records
2000 corrupted records
...
0
Hi, i'm trying to set up PAM Authentication on debian 9: On the first login at boot, i would like for PAM to ask both my password AND my yubikey neo. Once i'm logged in , i would like to only use my yubikey for sudo, screenlock and so on. I would like this to happen for a specific user only, while still being able to login via root with just my root password.
I successfully configured the PAM module for yubikey (auth required pam_yubico.so mode_challenge-response) but this way, i have to type my psw AND have the yubikey plugged in at EVERY sudo, login, screenlock.


I'm going crazy over this because i'm unable to find decent documentation about this on the web.

Can somebody please provide some help?

regards
0
I have a ubuntu server on wan. i can connect to it via ssh from windows on another ip rang.
my clint not ping it and i can't ping my client from server.
how to use X app from server i install xinit and x app on server .
firewall is disabled on ubuntu server.
0
I am getting this error message, when I was trying to run rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm on Red Hat Linux 7.4 (Kernel version: 3.10.0-693.1.1.el7.x86_64). Can some one let me know what is problem and what should be the proper procedure to fix it. Here is the output mentioned below,

#rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm
Installing lin_tape-3.0.23-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.sCvFVM
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf lin_tape-3.0.23
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/lin_tape-3.0.23.tgz
+ /usr/bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd lin_tape-3.0.23
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.KGligF
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd lin_tape-3.0.23
++ echo x86_64-redhat-linux-gnu
++ cut -f 1 -d -
+ p=x86_64
+ '[' x86_64 == i386 ']'
+ '[' x86_64 == i586 ']'
+ '[' x86_64 == i686 ']'
+ '[' x86_64 == ppc64 ']'
+ '[' x86_64 == powerpc ']'
+ '[' x86_64 == powerpc64 ']'
+ '[' x86_64 == s390 ']'
+ '[' x86_64 == s390x ']'
+ '[' x86_64 == ia64 ']'
+ '[' x86_64 == x86_64 ']'
+ proc=AMD
+ make KERNEL=3.10.0-693.1.1.el7.x86_64 PROC=x86_64 SFMP=0 driver
make: Nothing to be done for `driver'.
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.hQeoFx
+ umask 022
+ cd /root/rpmbuild/BUILD
+ '[' /root/rpmbuild/BUILDROOT/lin_tape-3.0.23-1.x86_64 '!=' / ']'
+ rm -rf …
0
hi

How to Make The Text Cursor Automatically when i'm on console text ?
I use directly on boot the tty console and desactivate graphical mode.

Thanks for your reply,

someone talk me about : /etc/inittab, or /etc/fstab
But i don't think it's good idea to modify 2 by 5
0
I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…

**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb

**************************



This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…



**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab

**************************



So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.



**************************

[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost …
0
Learn SQL Server Core 2016
LVL 12
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

1. Centos server 6.9 in AD = OK

2. Only access feathers for users of group_USER_AD, applying control via /etc/security/access.conf = OK
3. Blocked root access directly to no server. /etc/ssh/sshd_config (PermitRootLogin no) = OK

 4. To use local account, you will need to use "su -" and do not log in without server with local account = OK

----------------

I have an application that runs with a local account. How can I release the user's access to use the winscp tool and write the application's non /home? Attempts without success

1.) Add the network user's AD group within the application's local group.

2.) There are many network users AD. I can not add one by one in the local group.

How do I solve it?
0
Hello ,

I have a problem with interfaces on a multihomed topology. My interfaces can not ping each other and can not ping theirselves too
sysctl as given below.

But it is able to ping the interface ip when i directly write ping 37.123.98.142 , if the both interface are not able to ping this interface's ip how does it ping it or from where ?

I have to let them have access each other how shoud i do it ?

Note: loopback interface activated
Note2: em interfaces are all down

[root@spd network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.p1p1.rp_filter = 2
net.ipv4.conf.p1p2.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.lo.rp_filter = 2
net.ipv4.conf.p1p1.accept_local = 1
net.ipv4.conf.p1p2.accept_local = 1
net.ipv4.conf.all.accept_local = 1
net.ipv4.conf.default.accept_local = 1
net.ipv4.conf.lo.accept_local = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.p1p2.arp_filter = 0
net.ipv4.conf.p1p1.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.p1p1.arp_announce = 2
net.ipv4.conf.p1p2.arp_announce = 2

Open in new window


PING 37.123.98.142 (37.123.98.142) from 37.123.98.142 p1p1: 56(84) bytes of data.

^C
--- 37.123.98.142 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms

[root@spd network-scripts]# ping -I p1p1 37.123.98.138
PING 37.123.98.138 (37.123.98.138) from 37.123.98.142 p1p1: 56(84) bytes of data.

^C
--- 37.123.98.138 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3064ms

[root@spd network-scripts]# ping -I p1p2 37.123.98.138
PING 37.123.98.138 (37.123.98.138) from 37.123.98.138 p1p2: 56(84) bytes of data.

^C
--- 37.123.98.138 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1038ms

[root@spd network-scripts]# ping -I p1p2 37.123.98.142
PING 37.123.98.142 (37.123.98.142) from 37.123.98.138 p1p2: 56(84) bytes of data.

^C
--- 37.123.98.142 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2060ms

Open in new window


[root@spd network-scripts]# ping 37.123.98.142
PING 37.123.98.142 (37.123.98.142) 56(84) bytes of data.
64 bytes from 37.123.98.142: icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from 37.123.98.142: icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from 37.123.98.142: icmp_seq=3 ttl=64 time=0.017 ms
64 bytes from 37.123.98.142: icmp_seq=4 ttl=64 time=0.015 ms

Open in new window




Open in new window

0
Hello ,

Is there any possible way to drop bogus packets as seem below .

for this packets ; packet payload is smaller then the length of the packet

 Screen-Shot-2017-08-23-at-22.22.46.png
0
Hi,

I am working on a tenable nessus audit file for ibm aix.

What i am trying to achieve is 2 compliance check on the /etc/hosts.equiv file:

1. To find all UID less that 100 and UID not equals to the default system user ids (0,1,2,3,4,5)

2. To find all GID less that 100 and GID not equals to the default system group ids (0,1,2,3,4,5)

<custom_item>
type: CMD_EXEC
description: "UID less than 100 and not system default UID"
cmd: ""
expect: ""
</custom_item>

<custom_item>
type: CMD_EXEC
description: "GID less than 100 and not system default GID"
cmd: ""
expect: ""
</custom_item>

I am really new to working with tenable and also new to aix.

Really apperciate if anyone can help me out with what i should put for the cmd and expect statement on how to make the compliance check work.

Thanks really apperciate it!

Link: https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm
0
Hello Folks,
I have a few users to create for centos, and I would like to set them with restrictions such "system tools, create shortcuts, folders...similar to a kiosk " is there any way to do that or is there a special profile that needs to be created?

thanks for looking
0
I need to connect a Virtual Machine hosted somewhere running CentOS 6 to a client which is allowing connection through VPN only. However I have almost no knowledge about VPNs. The client has given me following info for connection:

VPN Remote Endpoint: <IP Address given by the client>
VPN Hardware: NGX R75.45 (SPLAT)

IKE (Phase 1)
==================
Authentication Method: Pre shared key (TBA)
DIffie-Hellman group: DH-2
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 14400 seconds

IPSEC (phase 2)
======================
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 3600 seconds
PFS Enabled: Yes

I am not sure where to put all these info in CentOS to make it to connect to the client's network.

I will be much thankful for any help.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>