[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being
   executed)

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
0
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.


From CIS benchmark:

Scoring Information
================
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.



Profile
=====

 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …
0
CVE-2017-1283  - How to fix this?
0
If my rsyslog.conf is configured to write *.info *.warn *.kern and some others to /var/log/messages is there any way to identify the local6 *.info messages apart from the *kern and *.warn and others in  /var/log/messages? I've noticed sometimes that the messages contain kern and warn but not just sure what *.info are and if there's an easy way to identify them
I'd rather not have to configure /etc/rsyslog.conf to have another log file for just *.info if it can be avoided. If there's no other way then I might just have to do it but I'm curious what the local 6 information messages actually are.
0
I have several linux systems. Normally I login on them with my account, and after I login i execute sudo -s, so I can get admin privileges.
Sometimes I need to edit some files or copy some files out of the linux systems and in the past I ofter used the winscp program.
Unfortunately when I login with winscp with my account I don't have admin privileges, and thus I am not able to open and edit needed files, I am not able to copy files out of the system. Can you tell me how to login with winscp with admin privileges
0
I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.
0
Consider the below scenario

userPC---- firewall --- Destination-server
                         10.1.1.1


I have installed some software on the server, the service  of that software is using port # 301.

1) Scenario...
      Firewall defined
      server#  service UP
        userPC# telnet 10.1.1.1 301  --> user get reply

2)Scenario...
      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

==
This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.
0
I need to upgrade fail2ban 0.8.14 to 0.10.3.  I am on a Linux 2 server which prevents me from loading any repositories or using Yum to install it.

So, I need to know the steps to get my fail2ban upgraded.  

Thanks,
0
Fail2ban stopped working.  I have scoured the log files and no errors.  It was working and it seems since my last Yum update for security it quit working.  I can do fail2ban-client status and it shows 7 jails.  I can look in the iptables and it shows the jails.  However, when I run fail2ban-regex it shows many hits but none are getting blocked by the iptables.  The iptables are on.

This is 0.8.14 and I am on a Linux 2 Amazon Ami with PHP 7 and Python 2.7.14.

When it was working  it had over 221 ips banned just in one jail.

Please help me get this going.  The bots overrun my system if it isn't in place.
0
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0
Introduction to R
LVL 12
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

In ubuntu 16:
it's added a wrong file in /etc/sudores.d/ folder.
I can't do sudo form any user. I can't do any thing.
How can I remove this file from folder sudores.d.
can I remove file if I login in as recover mode?

HELP
0
Hi,

Now our MySQL cluster test platform do not have internet connection and we need to setup local repository for it.

I check out a lot of googled page and it seems no one exactly match what I am going to install, let see what I go from latest MySQL cluster 7.6.6 binary:

rpm files list.
so for management node, which rpm I should install and what is the command for it? just yum --noplugin localinstall <rpm name> ?

For data node, which rpm I should install?

For SQL  node, which rpm I should install ?
0
I have installed fail2ban on an Amazon Linux 2 instance running Apache 2.4.  I can't start it up because I am using postfix and the default mta is sendmail.  I don't have sendmail installed and I don't want it.

I use google apps for my smtp server.

How can I change over to postfix or use google apps for my fail2ban mail option?

Thanks,
0
I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
0
Dear Experts

When we enable encryption in windows 10 systems it encrypts when we store documents, what exactly happens here as we take the stored files from the encrypted  and transfer it via email or copy to USB or share it in network drive all those other side people who have access can open and read or modify based on permissions does it mean it is not file level encryption I mean whoever know the system password files are accessible if someone wants to crack the harddisk then the file formats stored is not as per the document extension like .docs, or .exls please help me to understand this.

2. what does it mean server side encryption like next cloud deployment says we can enable server side encryption how is it different from ssl enablement that is user accessing through https,
please help me understand above two , thank you very much in advance.
0
We have a few Ubuntu 16.04/18.04 servers and some CentOS 6 and 7 servers at our site that we'd like to lock down to only allow logins from users on our Active Directory domain controller via LDAP. The domain controllers are both Windows Server 2016. We have multiple techs that need access to the servers, but only a few that should have full sudo abilities. Can someone share some step by step details in implementing this on these servers and how to make sure only certain AD accounts are allowed sudo abilities?

Thanks!
0
Dear Experts

We are using nextcloud which is on ubuntu 16.04 with php, mysql and apache until now we were using within the local network but now there is a requirement to enable this to external network that is from internet hence would like to procure ssl certificate and install the same,
1.  can you please suggest the good source to purchase the ssl certificates
2. at present users are using this solution  by installing the ssl certificates will it have any impact of not functioning or breaking down the system please suggest.
3. can you please help me how to install the ssl certificate in this server instance
0
I need to create an ipset for ipv6 I have it for ipv4 already.  I want to use ipdeny.com and insert specific country blocks into the ipset which is connected to the iptables.
0
Individual log  files on my server getting zipped every 1 hour and individual log files getting deleted.

PRoblems i am facing with zipped log files are
1. not able to grep them as easily as individual files

2. not able to tail to see any recent issues



if i copy over to local windows laptop using winscp and unzil anf try to open individual file using notepadd++ says too huge file to open.


how to extract zip file in unix box itself and check log files by doing grep and tail etc

please advise
0
The 7 Worst Nightmares of a Sysadmin
LVL 1
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Dear Experts

please suggest what all ways desktop/laptop users of windows 10 and ubuntu desktop systems can be encrypted, OS level and if any third party tool , i read an article about bit locker drive encryption is it recommend please suggest similarly how it can be done for ubuntu desktops please suggest
0
tail -n5000 xyz.log

above shows last 5000 lines right


if i want to see all the 15723 lines of xyz.log what command i have to give

tail -n5000 xyz.log|grep 'ERROR WS'
how to make above case sensitive search like
tail -n5000 xyz.log|grep 'error ws'
how to make above whole word search? so that i wont see below as result ERROR aaa WS etc


please advise
0
Hi

after i installed nextcloud 13.0.1 on centos 7 and most of the features works

i am facing a strange issue with calendar

i cannot create or delete or do anything with calendar on nextcloud management    please check the attached file

do you think i have to change something from GUI or CLI  or install or do something


kindly advice
ccccccccc.jpg
0
Hello Experts,

Getting following error while execute cmd from ssh :-

[root@200 ~]# separateBod
ENTER SERVER IP LAST 1 QUADRANT WHICH YOU WANT TO BOD:
119
Option "-t" is deprecated and might be removed in a later version of gnome-terminal.
Option "-t" is deprecated and might be removed in a later version of gnome-terminal.
Failed to parse arguments: Cannot open display:

separateBod Code:-
#!/bin/bash
printf "ENTER SERVER IP LAST 1 QUADRANT WHICH YOU WANT TO BOD"
 read IPNAME
 for i in $IPNAME
 do
  ssh user@192.168.1.$i BOD & pid=$!
 done

BOD Code:-
#!/bin/bash
gnome-terminal \
        --tab -t "Exchange" -e " sh -c 'sleep 1s; ./startapp Exchange' "\
        --tab -t "Dragon" -e " sh -c 'sleep 10s; ./startapp Dragon' "\

startapp code:-
ulimit -c unlimited
export LD_LIBRARY_PATH=./:${LD_LIBRARY_PATH}
./$1 $2 $3 $4 $5

After giving execution cmd from server (ssh) it should be displayed on other server vnc (user@192.168.1.119), it was working properly till last week suddenly i got this error, we have following versions of CentOS 64bit (6.7, 6.8, 6.9, 7.4), getting issue only with 7.4 64bit.

please suggest.
0
I have had to disable SELinux to get an application installed ,I was wondering if anyone has ever used 'AUDIT2ALLOW' to re-tag the objects in SELINUX and re-enable SELINUX  

I have never ever worked with SELINUX before and could use any advice you can give
0
log file how to copy whole content

zgrep -C20 '1234' 1234.log.gz

above gave lot of results in unix screen

how to copy whole page and paste into a text file on my C drive of the windows laptop through which i am connecting to unix box using putty?


also

i see all results like

0123456
9123488

etc

which i do not want

i want complete word search of 1234 only
how to achieve it
please advise
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.