Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

The error i get when i use port 21The error i get when i use port 21The error i get when i use port 21I have  this ftp dameon installed on my server for ftp access : psa-proftpd      1.3.5b-cos7.build1205160427.18. I am running centos 7 with a plesk 12.5 control panel. Each time i try to access port 21 with a valid user name and password i get an error. I have a screenshot of the area as an attachment to this question. I have never setup the ftpd dameon, it was installed when plesk was installed. I need help on understanding, do i need to do some manual changes to the config file of this dameon. I have firewalld and a router running, and both allow port 21 access to the real world. What can be the problem here, please help. I even check to see if the port is open from the web and it is. I am sure this issue is not hard, i just am a bit stuck at this point.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

--> Running transaction check
---> Package R-core-devel.x86_64 0:3.4.0-2.el6 will be an update
--> Processing Dependency: libicu-devel for package: R-core-devel-3.4.0-2.el6.x86_64
---> Package kernel.x86_64 0:2.6.32-642.11.1.el6 will be erased
--> Finished Dependency Resolution
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
 You could try using --skip-broken to work around the problem
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
tomcat6-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
0
Hi Experts

I am trying install CentOS 6.8 minimal thru kick start on an Virtual Machine(VMware workstation) and assigning kickstart file thru http on another VM, kickstarts goes thru smoothly creates partitions and all but stuck on repo section unable to find repo following types of error, errors attached

Stuck with this error from few days, Please help

In /var/www/html location has ks.cfg file and all centos 6.8 minimal dvd content as it is

[root@srv1 html]# ls
CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-6
EFI              ks.cfg                    RPM-GPG-KEY-CentOS-Debug-6
EULA             Packages                  RPM-GPG-KEY-CentOS-Security-6
GPL              RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6
images           repodata                  TRANS.TBL

Open in new window


Section of kickstart file i am assign is shown below
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
url --url=http://10.0.0.11/
text
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --mtu=1496 --bootproto static --ip 10.91.48.17 --netmask 255.255.255.224 --gateway 10.91.48.1 --noipv6 --nameserver 8.8.8.8 --hostname nac17
network --onboot no --device eth1 --bootproto dhcp --noipv6 --hostname nac17
rootpw  --iscrypted 
# Reboot after installation
reboot --eject
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Asia/Kolkata
#bootloader 

Open in new window

0
I have linux application account and  would like to restrict the user to login directly. I want this account to be under sudoers. users can login and sudo into this account. How do i do that in linux?
0
John Experts,

I am running John on Kali.
I have ntlmv2 hashes in a file called hash.txt under /tmp
I just want to just the default word list

I know all my passwords are min 10 characters and max 14 characters
I know there will only be one digit within 0-9

Given the above, what do I edit within john.conf to reflect this?
0
How to disable disable any 96-bit hmac algorithms in centos
0
Hi,

I am working on a tenable nessus audit file for ibm aix.

What i am trying to achieve is 2 compliance check on the /etc/hosts.equiv file:

1. To find all UID less that 100 and UID not equals to the default system user ids (0,1,2,3,4,5)

2. To find all GID less that 100 and GID not equals to the default system group ids (0,1,2,3,4,5)

<custom_item>
type: CMD_EXEC
description: "UID less than 100 and not system default UID"
cmd: ""
expect: ""
</custom_item>

<custom_item>
type: CMD_EXEC
description: "GID less than 100 and not system default GID"
cmd: ""
expect: ""
</custom_item>

I am really new to working with tenable and also new to aix.

Really apperciate if anyone can help me out with what i should put for the cmd and expect statement on how to make the compliance check work.

Thanks really apperciate it!

Link: https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm
0
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Short question that requires a lengthy answer....   For security reasons -- Should we host our website on a linux box or Windows?    Ultimately it will have to share data with our MS SQL server.   Also looking for someone reasonably priced but excellent web developer.... (do those go hand-in-hand?)

Mich
0
Hello Folks,
I have a few users to create for centos, and I would like to set them with restrictions such "system tools, create shortcuts, folders...similar to a kiosk " is there any way to do that or is there a special profile that needs to be created?

thanks for looking
0
Free Tool: IP Lookup
LVL 9
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I need to connect a Virtual Machine hosted somewhere running CentOS 6 to a client which is allowing connection through VPN only. However I have almost no knowledge about VPNs. The client has given me following info for connection:

VPN Remote Endpoint: <IP Address given by the client>
VPN Hardware: NGX R75.45 (SPLAT)

IKE (Phase 1)
==================
Authentication Method: Pre shared key (TBA)
DIffie-Hellman group: DH-2
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 14400 seconds

IPSEC (phase 2)
======================
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 3600 seconds
PFS Enabled: Yes

I am not sure where to put all these info in CentOS to make it to connect to the client's network.

I will be much thankful for any help.
0
Dear All,

We have created a chrooted jail environment for our SFTP access. Using chrooted environment, we restrict users either to their home directory or to a specific directory. Now my question is if there's anyway we can an additional username to access the same home directory for other username? Or any other words, is there anyway I can assign different usernames to the same home-directory and have it chrooted jail?

Below is our current config if that helps:

group add sftponly


vi /etc/ssh/sshd_config

#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

systemctl restart sshd.service

useradd USERNAME –g sftponly –s /bin/false
passwd  USERNAME


mkdir /home/USERNAME/SFTPWRITE
chown root /home/USERNAME
chmod 755 /home/USERNAME
chown USERNAME /home/USERNAME/SFTPWRITE
chmod 755 /home/USERNAME/SFTPWRITE

setsebool –P ssh_chroot_rw_homedirs on
0
On RH 6 systems running rsyslog 5.8.10 we noticed that if we setup a
client system to use TCP to log to a remote server:
*.*       @@192.168.1.2

Open in new window

If the remote log server is not reachable for some reason no logging takes place, not even local logging to the local system log files.
When the log server is available and rsyslog is restarted  both local logging and remote logging work.   I would like to come up with a config that would ensure that local logging still occurs when  the TCP remote server is down?  I think I need to look at action queues, but was hoping someone could provide an example on how to get this to work.
0
I have nas disk mounted as nfs mount point i linux. how to create a dd image of this. the mount point is like that
s
tor01-nas.llg:/export/shared/ps_oem   nfs     2G  9.9K  2G    1% /oem1
0
Having a hard time trying to add to the domain a machine using Arch Linux, somehow I managed to sort of make the machine to join the domain but when it comes to the authentication part the computer won't recognize the credentials. Has anyone had luck doing this? if so can someone please help with the proper commands to make this work? Been dealing with this issue for a week now and I'm getting really frustrated. Bottom line if there's an easier way to make this machine to join the domain and authenticate properly that would be fantastic.

Many thanks in advance to anyone with the answer out there!
0
I have just installed my first IPA-Server (using CentOS) and it is already set as the LDAP server hosting the centralized credentials control from many users login on to many Ubuntu servers.

My problem is that I have tried to set a new group created in the IPA Server in order to assign SUDO permissions for the users login on to the Ubuntu servers using the LDAP accounts but it is still not working.

Does any expert has experience configuring IPA-SERVER.
0
Hi all...

Need to integrate with Ubuntu and other Linux systems. Basically, I would like to pass AD credentials on the network to a Linux system integration. I hope my question makes sense and looking forward to any ideas out there.

Thanks
0
I have a user that needs to be able to copy new files into a specific directory, but only have read access to this directory's existing and new files.  What is a good way to set this up?
0
I have many subscription form hackers putting in false emails and I want to stop them with fail2ban.

This isn't catching any from the log file.  I ran

 fail2ban-regex /path to log file /path to filter.d/http-post-dos.conf

All I get are continuous lines of
Matched time template Day/MONTH/Year:Hour:Minute:Second

# Fail2Ban configuration file
#
[Definition]

# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all vali$
# You should set up in the jail.conf file, the maxretry and findtime carefully $

failregex = ^<HOST> -.*"POST.*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

Open in new window


Here is an excerpt of my log file

1.1.1.1 - - [23/Jan/2016:07:04:06 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:14 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:18 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:23 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:27 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:32 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:36 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:41 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:45 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"
1.1.1.1 - - [23/Jan/2016:07:04:50 -0500] "POST / HTTP/1.1" 200 12821 "-" "-"

Open in new window


You can see how fast they are hitting my form.

I am on a Centos 6.5 server.

Thanks,
0
NEW Veeam Agent for Microsoft Windows
LVL 1
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Hi,

I'm getting this in my mail messages log in /var/log/mail/messages:


Sep 24 07:50:30 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/A/IN': 194.85.61.76#53
Sep 24 07:50:30 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/AAAA/IN': 194.85.61.76#53
Sep 24 07:50:30 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/A/IN': 194.85.61.76#53
Sep 24 07:50:30 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/AAAA/IN': 194.85.61.76#53
Sep 24 07:50:31 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/AAAA/IN': 109.70.26.37#53
Sep 24 07:50:31 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/A/IN': 109.70.26.37#53
Sep 24 07:50:31 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/A/IN': 109.70.26.37#53
Sep 24 07:50:31 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/AAAA/IN': 109.70.26.37#53
Sep 24 07:52:57 ip-184-168-116-73 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Sep 24 07:52:57 ip-184-168-116-73 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__2cNLkM4Ieu_9JcBamIYwRn5tTvr8kcPpcGlK6Vo3a6NVytbn9eUpDry4cgWVFrsx is now logged in
Sep 24 07:52:57 ip-184-168-116-73 pure-ftpd: …
0
Hi,

Every time I add user's ssh key on server they access server with username within the ssh key. But what strange me is they can use command  "sudo su" and change to root without any password prompt. I would like to know any where I can disable that.

Thanks
Bunheng
0
I wanted to Restrict a user to a particular directory in windriver linux....in FTP/SFTP/SSH connection
0
I want to run apache with a non root user on port 443. I cannot do this and was looking at port forwarding in iptables as an option to work around it. I'd like to forward intranet and internet traffic coming in on port 443 to 8080 since I'll have apache running on this port instead.

Would this work for intranet and internet traffic coming in to the machine on port 443?
# enable forwarding in the kernel and save it
sysctl -w net.ipv4.ip_forward=1
sysctl -p /etc/sysctl.conf

#accept all input connections on port 443
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# redirect traffic coming in on port 443 to port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

#allow the traffic back from port 8080 to port 443
iptables -t nat -I OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports 8080

Are any of these required?
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# check nat with iptables and save the rules if happy
iptables -L -t nat
service iptables save
0
I'm having problem with configuring SNORT as IDS on my virtual box.

This is my configuration:

# Setup the network addresses you are protecting
ipvar $HOME_NET 192.168.1.0/24 #this is my internal friendly network

# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET !$HOME_NET

I followed the instruction from here:
http://sublimerobots.com/2014/12/installing-snort-part-2/

and this is the output error after running this command: "sudo snort -T -c /etc/snort/snort.conf"
-------------------------
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
ERROR: /etc/snort/snort.conf(45) Missing argument to HOME_NET
Fatal Error, Quitting..

I would really appreciate if anyone can help me solve this problem!.
0
Hello
Some people try to frighten me that it's too dangerous to run a production HTTP server from a Ubuntu 14.04 LTS desktop environment.
And also that GUI is too demanding on a system for it to handle HTTP traffic on top of everything else.
A few words about my situation. I run a micro business. More like a freelance type of thing, though in LLC form. I expect maybe up to 10 visitors per day if I'm lucky. So 95% of the time the server will be in its idle state. Hardware resources-wise what I have is this:
Intel Core i5 3230M 2.6 up to 3.2 GHz CPU, 6 GB of DDR3 RAM and up to 50 Mb/s upstream (for uploading files) Internet speed.
Of course, I have a static IP as well.
I know that there're ways to harden Linux. There're plenty of tutorials and books on the subject. My question is... If let's say I follow all the steps to harden the server and take necessary precautions, will it be safe enough in your opinion for me to run a web server in GUI environment or you still won't recommend it. If so, then why.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>