Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

MY SYSTEM
Ubuntu Linux 18.04.1

QUESTION
I need to know what is the best recommended Anti-Virus and Malware protection I can install on my Linux machine.
Please include: Free, Less Expensive, and the Best (no matter what the price), so I can make my decision.
0
10 Tips to Protect Your Business from Ransomware
LVL 1
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Hi ...
I was wondering if anyone knows how to change default icons for a new user in Slitaz.
By default, trash icon and Document icon get added to desktop when a new user logs in for the first time.
I am trying to change it only to Terminal.
Thank you for your Quick Prompts.
0
zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
above grep printing all the columns successfully satisfying abov condition of

$24>300


Now i need to filter above query based on the state like Florida which is printing in 23rd column i.e $23

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$23=FLORIDA {print}'

above query not working

how to check String equality in AWK

Please advise
0
I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being
   executed)

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
0
Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.


From CIS benchmark:

Scoring Information
================
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.



Profile
=====

 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …
0
CVE-2017-1283  - How to fix this?
0
If my rsyslog.conf is configured to write *.info *.warn *.kern and some others to /var/log/messages is there any way to identify the local6 *.info messages apart from the *kern and *.warn and others in  /var/log/messages? I've noticed sometimes that the messages contain kern and warn but not just sure what *.info are and if there's an easy way to identify them
I'd rather not have to configure /etc/rsyslog.conf to have another log file for just *.info if it can be avoided. If there's no other way then I might just have to do it but I'm curious what the local 6 information messages actually are.
0
I have several linux systems. Normally I login on them with my account, and after I login i execute sudo -s, so I can get admin privileges.
Sometimes I need to edit some files or copy some files out of the linux systems and in the past I ofter used the winscp program.
Unfortunately when I login with winscp with my account I don't have admin privileges, and thus I am not able to open and edit needed files, I am not able to copy files out of the system. Can you tell me how to login with winscp with admin privileges
0
I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.
0
Consider the below scenario

userPC---- firewall --- Destination-server
                         10.1.1.1


I have installed some software on the server, the service  of that software is using port # 301.

1) Scenario...
      Firewall defined
      server#  service UP
        userPC# telnet 10.1.1.1 301  --> user get reply

2)Scenario...
      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

==
This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.
0
IT Pros Agree: AI and Machine Learning Key
LVL 1
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

awk query
 unzip -c  xyz.log.20180905.gz| awk '$0>= "2013-Sep-09 18:33" && $0 <="2013-Sep-09 23:15"'| grep '|[1-9][0-9][0-9][0-9][0-9]|0000'|wc -l
Zip file too big (greater than 4294959102 bytes)
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
how to learn awk any good video tutorials on it?
please advise
0
I need to upgrade fail2ban 0.8.14 to 0.10.3.  I am on a Linux 2 server which prevents me from loading any repositories or using Yum to install it.

So, I need to know the steps to get my fail2ban upgraded.  

Thanks,
0
Fail2ban stopped working.  I have scoured the log files and no errors.  It was working and it seems since my last Yum update for security it quit working.  I can do fail2ban-client status and it shows 7 jails.  I can look in the iptables and it shows the jails.  However, when I run fail2ban-regex it shows many hits but none are getting blocked by the iptables.  The iptables are on.

This is 0.8.14 and I am on a Linux 2 Amazon Ami with PHP 7 and Python 2.7.14.

When it was working  it had over 221 ips banned just in one jail.

Please help me get this going.  The bots overrun my system if it isn't in place.
0
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0
In ubuntu 16:
it's added a wrong file in /etc/sudores.d/ folder.
I can't do sudo form any user. I can't do any thing.
How can I remove this file from folder sudores.d.
can I remove file if I login in as recover mode?

HELP
0
Hi,

Now our MySQL cluster test platform do not have internet connection and we need to setup local repository for it.

I check out a lot of googled page and it seems no one exactly match what I am going to install, let see what I go from latest MySQL cluster 7.6.6 binary:

rpm files list.
so for management node, which rpm I should install and what is the command for it? just yum --noplugin localinstall <rpm name> ?

For data node, which rpm I should install?

For SQL  node, which rpm I should install ?
0
I have installed fail2ban on an Amazon Linux 2 instance running Apache 2.4.  I can't start it up because I am using postfix and the default mta is sendmail.  I don't have sendmail installed and I don't want it.

I use google apps for my smtp server.

How can I change over to postfix or use google apps for my fail2ban mail option?

Thanks,
0
I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
0
Dear Experts

When we enable encryption in windows 10 systems it encrypts when we store documents, what exactly happens here as we take the stored files from the encrypted  and transfer it via email or copy to USB or share it in network drive all those other side people who have access can open and read or modify based on permissions does it mean it is not file level encryption I mean whoever know the system password files are accessible if someone wants to crack the harddisk then the file formats stored is not as per the document extension like .docs, or .exls please help me to understand this.

2. what does it mean server side encryption like next cloud deployment says we can enable server side encryption how is it different from ssl enablement that is user accessing through https,
please help me understand above two , thank you very much in advance.
0
PMI ACP® Project Management
LVL 12
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

We have a few Ubuntu 16.04/18.04 servers and some CentOS 6 and 7 servers at our site that we'd like to lock down to only allow logins from users on our Active Directory domain controller via LDAP. The domain controllers are both Windows Server 2016. We have multiple techs that need access to the servers, but only a few that should have full sudo abilities. Can someone share some step by step details in implementing this on these servers and how to make sure only certain AD accounts are allowed sudo abilities?

Thanks!
0
Dear Experts

We are using nextcloud which is on ubuntu 16.04 with php, mysql and apache until now we were using within the local network but now there is a requirement to enable this to external network that is from internet hence would like to procure ssl certificate and install the same,
1.  can you please suggest the good source to purchase the ssl certificates
2. at present users are using this solution  by installing the ssl certificates will it have any impact of not functioning or breaking down the system please suggest.
3. can you please help me how to install the ssl certificate in this server instance
0
how to import sessions from putty or mputty to securecrt.
https://www.vandyke.com/products/securecrt/

I recently installed securecrt not sure how to import all existing conections to different servers on different environments that are present in putty to winscp.

any tips on effective use of securecrt as i am new to it

Please advise
0
I need to create an ipset for ipv6 I have it for ipv4 already.  I want to use ipdeny.com and insert specific country blocks into the ipset which is connected to the iptables.
0
Individual log  files on my server getting zipped every 1 hour and individual log files getting deleted.

PRoblems i am facing with zipped log files are
1. not able to grep them as easily as individual files

2. not able to tail to see any recent issues



if i copy over to local windows laptop using winscp and unzil anf try to open individual file using notepadd++ says too huge file to open.


how to extract zip file in unix box itself and check log files by doing grep and tail etc

please advise
0
Dear Experts

please suggest what all ways desktop/laptop users of windows 10 and ubuntu desktop systems can be encrypted, OS level and if any third party tool , i read an article about bit locker drive encryption is it recommend please suggest similarly how it can be done for ubuntu desktops please suggest
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.