Browsing articles tagged with "security - 4/171 - Admins Goodies"
Sep 19, 2012
tom

If I’m a web server, for which accounts can I turn off shells within passwd file?

I am making a web server running LAMP and want to access it using SSH. When I open the passwd file, I see all those accounts and I want to know for which ones I can put false. I have the following accounts: root, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data backup, list, irc, gnats, nobody, libuuid, syslog, messagebus, whoopsie, mandscape, sshd, eric Except root, sshd and eric, which ones […]

Continue Reading »
Sep 9, 2012
tom

How to clean up server’s hard disks before giving it away?

I am going to sell a Linux server to a random person. For obvious reasons I want to clean up the hard disks so that the current data on the disk can never be retrieved. What is the safest way to do so? OS re-install? rm -rf *? or something else? The server is colocated and I don’t have physical access. Asked by alfish shred -z /dev/sdX This will overwrite the hard disk three times […]

Continue Reading »
Sep 5, 2012
tom

How could I make a MsAccess Frontend and Mysql Backend more user aware?

I have a distributed MsAccess front-end database which uses a mysql backend. It uses the Windows System DSN ODBC connections to connect to the server. All my Linked tables refer to that ODBC connection. The thing is though, they all use the same username and password which is hard-coded into each computer. What would be a better way to implement it so that each user gets it’s login. Since each DSN Connection is “hard-wired” I […]

Continue Reading »
Aug 26, 2012
tom

Provide Internet access for different VLAN

I have several managed switches at work that connect all computer within our office to the ADSL modem. However I would like enforce a VLAN policy to isolate traffic within the network. Through my previous studies of the CCNA certification it has come clear to me that I would require a router. The router would facilitate routing traffic back and forth between the different VLANs and the ADSL modem. However I have a limited budget […]

Continue Reading »
Aug 26, 2012
tom

Rate limiting with UFW: setting limits

UFW’s man page mentions that it can setup iptables rate limiting for me: ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. ufw will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds. See http://www.debian-administration.org/articles/187 for details. Typical usage is: ufw limit ssh/tcp Unfortunately this is all the documentation that I could find. I would like to stick with UFW, […]

Continue Reading »
Aug 25, 2012
tom

Setting wget permission to 755 so users other than root can execute it a big security risk?

I read recently in blogs that by default wget on linux is 750, so only root can execute it. I would like to allow users wget and change it to 755, but I read around the web that it is a big security risk.. Asked by giorgio79 Setting the permissions to 755 is no security risk. The security risk is, if you have software installed that have bugs (for example a blogging software, or other […]

Continue Reading »
Aug 19, 2012
tom

Risks of Network Partitioning When a Split Brain Creates a Security Flaw

I’m looking to create a high-availability, scalable networking solution by using a distributed system of data. A node here, describes a network that has control over one copy of the data. These nodes might contain more than one machine but has one copy of the data. The nodes will contain data records which can be in a spent state or an unspent state. A client can request a transition for a record to go from […]

Continue Reading »
Aug 17, 2012
tom

Prevent mail server (sendmail) used to backscatter

Hi I recently got an email from Amazon, saying that my EC2 instance is sending spam. So what they say is my mail server is receiving email for a non-existing user and therefore bounces the email back without validating the source netrange. So to my understanding, some jerks are sending bogus emails to my mail server claiming to be someone else, and since the email delivery failed my mail server bounces the email back to […]

Continue Reading »
Jul 30, 2012
tom

Encrypt content of disk without entering password at boot time

I am running Linux virtual machines on a cloud provider. So effectively, the disk is a VHD file. The machine will have some sensitive information on the disk, such as certificates, passwords… I would like to encrypt some part (or all) of the disk so that in case someone gets their hands on the VHD file, they can’t recover the private information. Of course, since the server might be rebooted at any time by the […]

Continue Reading »
Jul 27, 2012
tom

Is it possible to disable “Admin Approval Mode” for a single account on a server?

A console-app runs on a single server in a domain and is tasked with deleting some home areas of users, who are no longer active. These homeareas are located on 50+ different servers spread around the network. The account runs under the context of an account, that is also a member of the Local Administrator group on each storage server, which has “Full Control” access to the relevant folders. This works great on a bunch […]

Continue Reading »
Pages:«1234567...171»