Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can anyone provide a step by step instruction on how to compile & 'make'
a fully useable ClamAV on Solaris 10 (x86)?

A minor update engine was released for Linux with source code but package
is only available for Linux, no Solaris
0
PMI ACP® Project Management
LVL 13
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot
1
Refer to attached  TrendMicro's  Interscan proxy VM (a custom Linux)
that shows spurious memory shortage.

Have allocated 32GB to the VM & with only 2 users accessing, already
getting these memory messages : plan to roll out to 500 users.


What can be done to address this?  Increase swap space or RAM?
Or there's something to tune?  Hopefully don't have to switch to
another type of proxy.

As this is a bundled free product, quite difficult to get support.

Btw, what's the default root password when it's first set up?
TMproxyoutofMem.png
0
we prefer not to do apps whitelisting on our rhel n solaris due to fears of service disruption.

what alternative mitigations can we implement?
0
Good Afternoon Experts.

I have a client who is basically a Kibbutz (Think of a settlement but in a real social way of life)
Basically, They have a centos 6.10 server that was deployed by the previous sysadmin who is no longer available and said sysadmin enabled smb v1 on that server and activated shared for people to be able to view various pictures and such from various events. all was well until Microsoft decided to disable SMB V1 out of the box and to require a certain procedure to allow it, now since I can't remotely control all the computers (It's not a domain environment, not actually a business at all) I need to allow SMB v2, my question is, can I, and if I can, How do I enable Support for SMB 1 and SMB 2 on the same shares at the same time?!
0
not sure how to explain this...

i'm not trying to do a directory traversal attack, i could do that in multiple lines with a script

i want to go back a directory "cd .."
then forward in the parent directory "cd .. cd johndoe"

.
..
/home/johnsmith
/home/johndoe
/home
/bin
/var
/etc

i want to do it in one line please


thanks

-dave.j
0
Have anyone used Colortokens https://colortokens.com/
what do the do exactly and what do they do for data center and endpoint security?
0
I inherited a Cent-OS Unix system and in our password vault there are passwords for the SQL user and a few
other things. But nothing for user "root". Is it possible that during the setup of the system that the root account
was disabled or removed and individual users were just made sudoers with access to everything with sudo?
Or would that be an uncommon practice?
0
I am using an older version of oxidized (rancid) to grab configs. It was build by someone else about three years ago. I'm trying to find where you configure the user ID and password to be used by the different network equipment. I don't see a reference to a user in /home/oxidized/.config/oxidized/config and not even a reference to device type PanOS which is what I'm aiming for.
0
im having a hard time completing this assignment. it's supposed to ping the IP addresses in IPADDR with the sizes in SIZER in two for loops,
extract the results and format the output.  some hosts are unreachable, and those must be identified, as the script is to run as quickly as possible. not wait for unreachable hosts to send back an icmp unreachable.


#!/bin/bash

IPADDR="140.192.40.4 192.168.1.16 100.1.1.15 192.168.2.15 192.168.20.23 10.1.1.1 10.1.1.11 10.1.1.12"
SIZER="64 128 256 512 1024 1280 1472 3000"

format=" %-20s %20s %20s %20s \n"
header="IP_ADDRESS PACKET_SIZE ROUND_TRIP_TIME STANDARD_DEVIATION"

for X in $IPADDR
do
        for Y in $SIZER
                do
                ping_results=$(ping -f -c 150 -s $Y $X)
                RESULT=$(echo $ping_results | grep -v "0% packet loss")
                if [[$RESULT = ""]]
                then
                        echo "unreachable"
                break
                IP=$(echo $ping_results |cut -d ' ' -f 2 )
                PACKETS=$(echo $ping_results |cut -d ' ' -f 4 )
                RTT=$(echo $ping_results | tail -1 | cut -d '/' -f 5 )
                SD=$(echo $ping_results | tail -1 | cut -d '/' -f 4 | grep -oE "\b\d\d\d")
                printf "$format" \
                $IP $PACKETS $RTT $SD \
echo "-------------------------------------------------------------"
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

MY SYSTEM
Ubuntu Linux 18.04.1

QUESTION
I need to know what is the best recommended Anti-Virus and Malware protection I can install on my Linux machine.
Please include: Free, Less Expensive, and the Best (no matter what the price), so I can make my decision.
0
Hi ...
I was wondering if anyone knows how to change default icons for a new user in Slitaz.
By default, trash icon and Document icon get added to desktop when a new user logs in for the first time.
I am trying to change it only to Terminal.
Thank you for your Quick Prompts.
0
zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
above grep printing all the columns successfully satisfying abov condition of

$24>300


Now i need to filter above query based on the state like Florida which is printing in 23rd column i.e $23

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$23=FLORIDA {print}'

above query not working

how to check String equality in AWK

Please advise
0
I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being
   executed)

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
0
Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.


From CIS benchmark:

Scoring Information
================
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.



Profile
=====

 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …
0
xhost executing successfully for the user who has the direct login access to the OS.

when I swtich to the other user (su) and which doesn't have the direct login access to OS, could not run the xhost command.

Kindly advice, how to achieve the same.
0
CVE-2017-1283  - How to fix this?
0
If my rsyslog.conf is configured to write *.info *.warn *.kern and some others to /var/log/messages is there any way to identify the local6 *.info messages apart from the *kern and *.warn and others in  /var/log/messages? I've noticed sometimes that the messages contain kern and warn but not just sure what *.info are and if there's an easy way to identify them
I'd rather not have to configure /etc/rsyslog.conf to have another log file for just *.info if it can be avoided. If there's no other way then I might just have to do it but I'm curious what the local 6 information messages actually are.
0
I have several linux systems. Normally I login on them with my account, and after I login i execute sudo -s, so I can get admin privileges.
Sometimes I need to edit some files or copy some files out of the linux systems and in the past I ofter used the winscp program.
Unfortunately when I login with winscp with my account I don't have admin privileges, and thus I am not able to open and edit needed files, I am not able to copy files out of the system. Can you tell me how to login with winscp with admin privileges
0
CompTIA Cloud+
LVL 13
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.
0
Consider the below scenario

userPC---- firewall --- Destination-server
                         10.1.1.1


I have installed some software on the server, the service  of that software is using port # 301.

1) Scenario...
      Firewall defined
      server#  service UP
        userPC# telnet 10.1.1.1 301  --> user get reply

2)Scenario...
      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

==
This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.
0
awk query
 unzip -c  xyz.log.20180905.gz| awk '$0>= "2013-Sep-09 18:33" && $0 <="2013-Sep-09 23:15"'| grep '|[1-9][0-9][0-9][0-9][0-9]|0000'|wc -l
Zip file too big (greater than 4294959102 bytes)
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
how to learn awk any good video tutorials on it?
please advise
0
I need to upgrade fail2ban 0.8.14 to 0.10.3.  I am on a Linux 2 server which prevents me from loading any repositories or using Yum to install it.

So, I need to know the steps to get my fail2ban upgraded.  

Thanks,
0
Fail2ban stopped working.  I have scoured the log files and no errors.  It was working and it seems since my last Yum update for security it quit working.  I can do fail2ban-client status and it shows 7 jails.  I can look in the iptables and it shows the jails.  However, when I run fail2ban-regex it shows many hits but none are getting blocked by the iptables.  The iptables are on.

This is 0.8.14 and I am on a Linux 2 Amazon Ami with PHP 7 and Python 2.7.14.

When it was working  it had over 221 ips banned just in one jail.

Please help me get this going.  The bots overrun my system if it isn't in place.
0
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>