Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm having a small issue with a recently provisioned Debian 9.1 VM (from an online hosting company).

When deploying the VM I am provided with Key-Based Authentication for the machine. Those work fine (with the new "debian" super user, root not being anymore active by default) but I'd like to be able to use user / pass too (if nothing else for console access).

How do I set my password ? I tried
passwd debian

Open in new window

but I am prompted for the "old" password which I don't know...

Also - even if it is not best practice - can I activate the root user ?
0
On Demand Webinar: Networking for the Cloud Era
LVL 10
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

what is meaning of root.
why i have to go to root. what i can do from root what i cannot do from root. what i can do using my user.
how unix allows logging in as different user say John when i logged in as say xyz

any online link or free video tutorials explaining all these concepts? an how to practice please advise
0
Hello ,


any body know what is the meaning of this numbers in iptables config file :

*raw
:PREROUTING ACCEPT [1318098:74794423]
:OUTPUT ACCEPT [2065:1143634]

Open in new window

0
Hello ,

When we add this rules for forwarded traffic it is dropping all packets as they are invalid. There is no notrack rule on the server, why does it see the forwarded traffic as it is invalid ?


#-A FORWARD -p tcp -m conntrack --ctstate INVALID -j DROP
#-A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

Open in new window

0
Hello ,

We are facing with some kind of an attack as given below  also i have attached the pcap file ,

important thing is that  ;
  1. IP addresses spoofed with our country's ISP ip addresses
  2. TTL has been spoofed also and the TTL values are in the range of the ip address owners - you should find and edit the same ddos on github with name VSE
  3. Data is a copy of real packet used on this protocol for counter strike
  4. Destination port is also counter's port
  5. checksums are correctly generated

how should i block this kind of attack without blocking the real users ?



Protokol :17  Source IP :85.104.15.177  Source Port :58061  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :9777  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.27.190  Source Port :55271  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :64648  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.238.142.125  Source Port :55150  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :37970  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.103.139.224  Source Port :52054  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :49529  Data 

Open in new window

0
hi,

now setup the first MySQL 5.7. 19 and now created a user to access it from a remote machine.

how can I grant the full right on everything to this user by doing this:

GRANT usage  on *.* TO xyz@localhost;

what I got is :

ERROR 1133 (42000): Can't find any matching row in the user table


GRANT ALL PRIVILEGES on *.* TO xyz@localhost;

and I got :

ERROR 1133 (42000): Can't find any matching row in the user table


the same message,

how can I solve it?
0
i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
I  have a few question for selection of drop policy applied place.

1. Which one first apply the drop rule ?
2. iptables and nftables are user space appliances but i do not know deeper , are they work in kernel space and pipe the requests from user space or are they work completely after kernel space ?
3. Is there any possibility to drop a packet before any kernel space module ,i tryed with netfilter and drop an ip xx.xx.xx.xx and i realize that tcpdump still reading the traffic but iptables not. So the traffic is passing to kernel space still on netfilter.
0
i am in particular folder say abc.

I did ls -ltr where there are bunch of files.

i want to search all the files starting with file name xyz alone ignoring other starting with pqr etc(ignore pqr000.log.20170806.gz etc).
My search should result like

xyz123.log.20170806.gz
xyz456.log.20170806.gz
xyz789.log.20170806.gz etc



What is the command i have to use for that.

is it grep or find or something else.

when i gave grep xyz.* it did not gave any result.

how searching inside a file content is different from search outside on unix file names.

any good link on these commands? please advise
0
I haven't worked on SUSE long time. Can some one explain me the process of patching in SUSE and I want to update the bash package.

need some steps as well. I would appreciate.

I want to cover this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup
LVL 4
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

when i cannot stop weblogic server my friend gave below commands



ps -ef | grep ggg3rrr

what above command gives as result?
kill -9 43856
what is -9 and what is 43856 in above kill command.

please advise
0
I am running  proFTPD server on  my system. When i use filezilla ftp client i get the folllowing error when i try to access the files on my server. What is causing this error? See attached file for exact screenshot of the issue.
ftpd-error-message.PNG
0
The issue is as follows, I am running an centos 7 server with a  PHP Plesk Panel 12.5 running my subscribers and their sites. I just recently installed the Ipad site builder module and the site builder module to test each for a potential site building solution for my clients. Well after i installed both,  I was forwarded to a third party website where the actual website is created for each client. Well, after the site is created, on their site i have the option to publish it to a domain on my server.  At 50% install i get the following error  fsockopen failed No route to host (113). Now this same thing happens when i use the site builder module as well.  I am running  PROFTPD on the system, so i do have an ftp server running.  What i need to find out is how to resolve this issue. I am sending you a screenshot us running filezilla  as ftp on port 21, i get the following error. I know this is a minor issue , i just need help narrowing down the cause or misconfiguration.

My firewall and router are open for port 21.
ftpd-error-message.PNG
0
I had installed Apache SVN over ubantu 16 . in which i am trying to put access base restriction for different path by AuthzSVNAccessFile /svn/net location.
 hear i am facing issue for [/]  groups are getting restricted but apart from this location any path is not getting restricted inspite of trying multiple combination in access file.

Server.conf
<Location /svn>
  DAV svn
  SVNParentPath /svn/repos/
  AuthzSVNAccessFile /etc/svn_serve.conf
  AuthType Basic
  AuthName "MITS"
  AuthUserFile /etc/svnpasswd
  Require valid-user
 </Location>

Access file

[groups]
admins=svnnet
designers=designer1
[/]
@admins=r
[/svn/net]
@designers=r
@admins=rw
0
The error i get when i use port 21The error i get when i use port 21The error i get when i use port 21I have  this ftp dameon installed on my server for ftp access : psa-proftpd      1.3.5b-cos7.build1205160427.18. I am running centos 7 with a plesk 12.5 control panel. Each time i try to access port 21 with a valid user name and password i get an error. I have a screenshot of the area as an attachment to this question. I have never setup the ftpd dameon, it was installed when plesk was installed. I need help on understanding, do i need to do some manual changes to the config file of this dameon. I have firewalld and a router running, and both allow port 21 access to the real world. What can be the problem here, please help. I even check to see if the port is open from the web and it is. I am sure this issue is not hard, i just am a bit stuck at this point.
0
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

--> Running transaction check
---> Package R-core-devel.x86_64 0:3.4.0-2.el6 will be an update
--> Processing Dependency: libicu-devel for package: R-core-devel-3.4.0-2.el6.x86_64
---> Package kernel.x86_64 0:2.6.32-642.11.1.el6 will be erased
--> Finished Dependency Resolution
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
 You could try using --skip-broken to work around the problem
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
tomcat6-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
0
I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.

The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.

So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...

If it's not too hard I could set up an ubuntu machine to be a dns server.

Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.

Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.

I want to be able to update the whitelist easily/quickly.

Any ideas/suggestions?
0
I have linux application account and  would like to restrict the user to login directly. I want this account to be under sudoers. users can login and sudo into this account. How do i do that in linux?
0
Hi,
what are differences between
user defined, environmental. local, global variables

when to use which one. what are advanatages, disadvantages of using each with practical examples.
please advise
0
What Is Blockchain Technology?
LVL 4
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Hi,

I like to write a unix shell script to check calendar year, date, current working directory.

how to write and shave .sh file(Say test.sh) and how to execute to see the output.

Any detailed link explaining these steps with screenshots. please advise
0
What are differences between
touch cat vi differences

which one is better to use to create a file. When to use which one. please advise
0
Hi,

I like to delete matched pattern in a file using vi editor and sed command

i tried as below not working

$ sed 'hello' aaaa.txt :% aaaa.sh


please advise
0
Hello,

I'm using Alienvault Ossim v. 5.3.79 together with ossec v. 2.8.

I'm trying to extend the following rules:
1002 - Unknown error somewhere in the system - bad words;
1003 - Non standard system message (size too large).

As these two rules give me a lot of false positive alerts, I've prepared custom rules in the local_rules.xml:
Original rules (syslog_rules.xml):

<rule id="1002" level="2">
    <match>$BAD_WORDS</match>
    <options>alert_by_email</options>
    <description>Unknown problem somewhere in the system.</description>
  </rule>

  <rule id="1003" level="13" maxsize="1025">
    <description>Non standard syslog message (size too large).</description>
  </rule>

Open in new window


Custom rules (local_rules.xml):

<rule id="100002" level="0">
    <if_sid>1002</if_sid>
    <program_name>nfcapd</program_name>
    <match>Sequence Errors: 0, Bad Packets: 0</match>
    <description>False positive</description>
  </rule>

  <rule id="100003" level="0">
    <if_sid>1003</if_sid>
    <hostname>host1</hostname>
    <description>Ignoring 1003 from specified host</description>
  </rule>

Open in new window


Unfortunately looks like above custom rules are ignored when I'm trying to use ossec-logtest:
For 1003:
echo "Apr 27 11:10:04 host1 user1[21565]: ./logtest.sh - Lorem ipsum dolor sit amet libero et lacus vestibulum vel, nibh. Fusce nonummy risus sit amet quam tempus vehicula, dui tellus, at lorem odio adipiscing at, egestas non, nulla. Maecenas in nulla quis 

Open in new window

0
I am conducting a penetration test against a fake Apache Tomcat server.  I have exploited the vulnerability in Metasploit and was able to open a Meterpreter session.  Some of my commands work with Meterpreter; however, commands such as "run hashdump" and "getsystem" return an error of this version of Meterpreter is not supported with this script.  I am running a virtual environment of Metasploit v4.10.0.  Is there any other script that can be used to complete this hashdump? Below is the exploit and payload that I used to open meterpreter:
use exploit/multi/http/tomcat_mgr_upload
set payload java/meterpreter/reverse_http

I have tried all other payloads that are are shown from the "show payloads" command.
0
Dear Colleagues,

I have a problem with executing SU command in Ubuntu 16.04.02. LTS.
The output is « -bash: /bin/su: Permission denied » (see attached screenshot).

Plz suggest something to overcome this issue.
ubuntu_terminal_error.jpg
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.