Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Experts,

We have an application which is login on CentOS 6.8 64 bit (GUI Interface) & after login generate tcp port 50000 for make connection with user.
Behind that port there are many connection connected with different-different IP (192.168.207.11, 207.12, 207.13) & user name (user1, user2, user3):

Example Output:-
[root@CC ~]# lsof -i :50000
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
TCPServer 3647 rajat  245u  IPv4 156532      0t0  TCP 192.168.207.125:50000->192.168.207.15:49277 (ESTABLISHED)
TCPServer 3647 rajat  261u  IPv4  23354      0t0  TCP *:50000 (LISTEN)
TCPServer 3647 rajat  387u  IPv4  24955      0t0  TCP 192.168.207.125:50000->192.168.207.13:49271 (ESTABLISHED)

From this cmd i only check which IP is connected behind port 50000, but i want to check user name also. Please suggest.
0
Concerto Cloud for Software Providers & ISVs
LVL 5
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Does anyone know how I can stop LFD from sending Failure emails for trusted processes? Do I need to 'whitelist' certain processes in CSF?
Mine is sending an email every minute or so, resulting in tens of thousands of useless emails (& using server time of course)

THE EMAIL MESSAGE:
Subject:  
lfd on server.myservername.com: Suspicious process running under user postfix
Body:  
Time:    Fri Dec  8 07:56:26 2017 -0800
PID:     23757 (Parent PID:12511)
Account: postfix
Uptime:  104 seconds

Executable:
/usr/libexec/postfix/smtpd

Command Line (often faked in exploits):
smtpd -n 25 -t inet -u -o stress=

Network connections by the process (if any):
tcp: 0.0.0.0:25 -> 0.0.0.0:0

Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/inet.25
anon_inode:[eventpoll]
/etc/aliases.db
/etc/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/blacklists.db
/var/spool/postfix/plesk/blacklists.db

Memory maps by the process (if any):
7f3a55962000-7f3a55971000 r-xp 00000000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55971000-7f3a55b70000 ---p 0000f000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55b70000-7f3a55b71000 r--p 0000e000 103:
etc etc etc
0
Hi experts
i need the command line for ubunt to copy file from my ubuntu desktop to windows pc
thanks
0
Hello,

I would like to know how to implement ssl-cert-check from ssl-cert-check

I do have a windows box at work. Can i create it through Cygwin ?

Or what Linux flavor can i use ? Thoughts ?

Thanks for your help.
0
bash-4.4$ mv -i dir2 dir3                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12                                                                                                                                          
-rw-r--r-- 1 14392 14392  978 Nov 22 16:46 README.txt                                                                                              
-rw-r--r-- 1 14392 14392    7 Nov 22 16:47 456.txt                                                                                                
drwxr-xr-x 2 14392 14392 4096 Nov 22 16:49 dir3                                                                                                    


i tried as above but i did not get warning  like below

mv: overwrite `dir2'?


i tested with files also but no warning coming

bash-4.4$ touch a.txt                                                                                                                              
bash-4.4$ mv a.txt b.txt                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12           …
0
Hi Experts
i need to disable ubuntu desktop 17.10  GUI and startup with command or tty only
i googled for this and i found that i need to run this command
sudo systemctl stop lightdm.service
but i got error the lightdm is not available
0
Hello Folks,

does anybody have any idea on how to remove/hide Places from the top panel?

Thanks for looking
0
Hi,

I am looking for some test cases I can include in a virtual network to create rules that can make sense in an office scenario, like prohibiting social media, proxies, etc. Any ideas are appreciated, so that I will apply rules according to a particular test case. Any difficulty level, and the more original they are, the better!

Thanks in advance
0
I recently installed LAMP, then set up virtual sites by running sudo mkdir example.com.

I don't remember if I did this from root or from my limited user account.

When I log into SFTP from my limited user account it says permission denied in my FTP client.

Is this because I created the directories from the root account?

is it safe to be able to read and write files from a limited user account?

What command should I run to set the proper permissions?

thanks
0
I installed a password program on  Linux Ubuntu and have been away from this computer for about six months and of course forgot my login password (my Super user I remember). I have almost no knowledge of computers can someone walk me through the process of getting past it to get back on that thing? Or do i light it on fire?? (I don't really want to light it on fire, lol). and there are some important docs on there.
0
Who's Defending Your Organization from Threats?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Q1:
Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Q2:
Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed?  Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.


We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..."  command which we can run daily to identify which files'
permissions got changed the last 1 day?
0
We have a vendor who has put his linux based appliance behind a firewall. If I ssh to the system from the same subnet as the linux appliance ssh succeed - giving me a login prompt and then succeeding with authentication. If I login to the linux appliance from the Outside of the firewall the conversation succeeds apparently - I get a login prompt. But when I enter the same credentials the connection is promptly terminated. If I look at the firewall I see only the allowed SSH session and no other denies to the server.
Any idea what might be going on? What logging could be looked at on the linux appliance to give us insight as to why the ssh connection is failing in the second case? Thank you
0
hi,

I connnected to one production inace went to the log directory where bunch of log files there.

how to continuosly monitor logs for any possible errors , exceptions.

how frequently new files created?
do i have to do vi command to open the log file

please advise
0
our lab recently has a new Ubuntu (14.04.1) machine but many of software package is out of date.
I try to update it before upgrade to Ubuntu 16.04. However, there is always problems for the command "sudo apt-get update"

I have googled this problem and change "/etc/apt/sources.list" several times, but the error still exists.
I am thinking the error may come from => Could not resolve 'hcapxb01'
I have no idea about the 'hcapxb01'.  My machine has internet connection but I can't ping or nslookup the  'hcapxb01'

Experts, please help me to slove "sudo apt-get update" error. Thank you
Snap1.png
0
hi,
to learn unix and its command what are best online site, learning videos, training sites that are free available out there including some books.
please advise
0
hi,

i have log directory with say 40 log files in it

i have to search on "NullPoinerException" on above files and find out which file has this exception and which line

how do i grep this?

can i do these kinds of things on winscp etc some gui tools rather than putty?
0
hi,

In below grep command

grep -C20 command "session" fileName


what is meaning of -  and C and 20.
 please advise
0
Hi,

how to import saved ssessions  from putty to mputty.(i saved about 50 sessions with names like integration, systest, prod1 etc in putty which i want to transfer over to mputty without again typing host, port saved session nae etc)

How to point mputty to use putty and get data from putty?
please advise
0
CIS has hardening guides for various Windows, UNIXes and Cisco switches/routers.
There are hardening guides for Juniper as well.

Now our Audit wants a hardening guide for WAF : we use F5.

Q1:
Can anyone point me to such a hardening guide for F5 WAF?

Q2:
if there's none, any link/authoritative guide indicating it's been
sufficiently hardened (as it's an appliance customized from RHEL 5?)
will be appreciated.

Need a good justification why we don't have hardening guide in place
for F5 WAF
1
[Webinar] Database Backup and Recovery
LVL 11
[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

How do i register SUSE Linux to customer portal?

also how to check what security packages are available to install?

I have worked on RHEL and we use subscription manager to register with customer portal or redhat satellite.

what is the procedure for suse linux? what tool similar to redhat satellite SuSE uses?
0
Hi,

When i search on below command
ps -ef|grep zyz3abc
i see all the proceses running for zyz3abc
how to seach using particular port number(1567) to filter down more granular

 i tried

ps -ef|grep zyz3abc grep 1567
did not see to work.
please advise
0
Hi,

shared book marks in winscp name can i give custom names like Integration Log path, Production1 Log path etc. can you please advise

if path says crm/net/logs etc on Production1, Production2, Production 3 boxes then i cannot clearly distinguish and add as separate names. please advise
0
hi,

how to copy test folder files
from below
/crm/home/systemtest/security/test
to below folder
/crm/home/XYZ3ABC/config/security/test

trying cp command but not working
is -r different from -R

please advise
do i need to go to /crm/home/XYZ3ABC/config/security/test to execute cp command or  to  /crm/home/systemtest/security/test
0
Hi,

Lets say i want to copy bunch of files from

/crm/home/XYZ3ABC/opt/company/bea_domains/12/xyz3abc


to

/crm/home/XYZ3ABC2/opt/company/bea_domains/12/xyz3abc2

How to this copy paste.
can i do using winscp whose interface easy to me and more convenient to work than unix screens which according to me most non user friendly

Also once i copy files i need to edit those bunch of files from xyz3abc to xyz3abc2 etc
any way i can edit files without using vi which i am not 100% comfortable.
can i use winscp to edit or any other good open source tools apart from winscp

please advise
0
I have the following RPM installed on my server.  based on the security report, its RHSA-2016:0005 missing.

rpcbind-0.2.0-12.el6.x86_64

according to RHSA-2016:0005 , i need to install

Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)
rpcbind-0.2.0-11.el6_7-x86_64

This is my running kernel. RHEL 6 x86_64.
2.6.32-642.11.1.el6.x86_64


is it true vulnerability ? or is it false positive? please explain.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>