The UNIX and Linux Forums
Search Man Pages
UNIX Man Pages
Linux Man Pages
OpenSolaris 2009.06 Commands
FreeBSD 11.0 Commands
Full Man Repository
Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.
Show Threads .
Google Site Search
Login to post a new question or discussion.
Threads in Forum
Search this Forum
ID Management Security guideline for Linux, AIX, SunOS and HP UX
I'm searching for COMPREHENSIVE ID management security guideline to manage user administration in my current job. I couldn't find it online or the books that could help. What I need to know: User security directories and how to use it. How user should be managed. How the standard user...
Proper naming conventions
Hey guys, not sure should I post it here or in 'What is on Your Mind?' I’m discussing usage of DSL (domain specific language) in security tools with my colleagues. We haven't been able to reach an agreement over naming conventions. There are many tools using DSL: splunk, sumologic,...
Fake MicroSoft calls
Dear colleagues, it's that time of the year again: in recent days and weeks I'm receiving annoying numbers of annoying "support" calls from dubious "MicroSoft Centers" telling me that my computer generates errors and / or downloads malicious SW. Although ignoring these pesterers on the phone,...
Wordpress and Joomla hash and salt
I would like to know where the hash and salt are in Wordpress and Joomla hashes? For example: In this wordpress hash P$BTBCNLQpY5CWWQ6XC4WJ6IPJQ877s3 where the salt is? In this Joomla hash $2y$10$io60pn4npWCRWwg4308pB.4rLmfz.vFwzxzYmX6W48Ff7wTi7ZEMO where the salt is? For example (source...
Two Factor Authentication – Best for the UNIX/Linux Server Security
The UNIX/Linux server security is challenging because these servers are at a risk of getting compromised at any point of time by the attackers. In today’s enterprise environment, the UNIX and Linux servers are growing popular. With their increased popularity, these servers have become the primary...
Looking for suggestion on authentication method for UNIX/Windows
Hello, We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP. We have plans to migrate from NIS to LDAP, so...
What are these events (from Proxy access logs)?
Hi all, I'm trying to identify what this is in my proxy access logs: POST http://18.104.22.168/open/1 Followed by thousands of: POST http://22.214.171.124/IVmYwvJKhJFesFjK/1001 POST http://126.96.36.199/IVmYwvJKhJFesFjK/1002
How to use Netfilter properly with IPv6?
Hello, on a PC with Debian 8 I try to use a Bash script with Netfilter rules so that only traffic goes in and out that is wanted. For that I set all 3 default policies to "drop". The machine uses DHCP to get its IP, gateway and DNS. And I never checked so I was quite surprised that my...
DSL Modem 192.168.a.b botnet member me?
I need a hint or a clue. Some four weeks or even more I try to change the password for my wifi access of the DSL Router without success. I access 192.168.x.x and filling in username as well as the password I am stuck. Literally nothing happens and the support line tells me that this is not...
Need help for iptables rules
Hello, I did 2 scripts. The second one is, I hope, more secure. What do you think? Basic connection (no server, no router, no DHCP and the Ipv6 is disabled) #######script one ####################
Openvpn nat and iptables
good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 188.8.131.52(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 184.108.40.206 (CentOS both host and virtual). ...
I was asked to change the run.sh script to add 2 properties: “-DMH2.IB.DE.AUTO.START=false” “-D JMSListener.Q.DECHECK.IMG.start=false” what does adding this two properties do?
Maybe a security problem involving Linux hosts
Hello, with the following problem I feel helpless because I do not know where to look for the problem. Sorry in advance for my poor English. At some point the interaction with people on Freenode IRC has become mysterious and offending so that I checked my modem/router device. When I tried to...
Linux ClamTK virusscanner
ClamTK virus scanner finds each day the same viruses, I delete them, but each day they are refreshed. Some say that are harmless (to LINUX) and only windows viruses, and that ClamTK is only for windows viruses, so that a LINUX server does not distribute them among windows client computers that he...
CVE_2015_1692-1 is that an UNIX / Linux day zero exploit number?
I can't imagine they number day zero exploits all through the open source software, like a CVE number can be for GIMP, LIBREOFFICE, (Ubuntu) LINUX, FireFox etc. Could be an exploit of LINUX through FireFox, since its an HTML exploit? One LINUX exploit I know has an CVE number (the exploit...
Role based access and security
Hello, We are planning to setup a Role based access and security to our Linux servers. We can use mostly use sudo for providing the limited access to service and files. My query is that how can we manage that members can edit/access only specific files (it would be 1 or multiple files or...
Not sure if this is the correct forum but a 0 day exploit of UEFI... My aimful life: Exploring and exploiting Lenovo firmware secrets
Best practice to allow 3rd party app to read messages file.
What is the best practice to allow a 3rd party health monitoring app to read the messages file. Since messages is a system file and is owned by root the app cannot read the file. I don't want to run the app as root so how should I allow the app to read the file. The read function is actually built...
Security of Environment Variables
Hello, I'm trying to help a client with passing decrypted passwords into child processes. I just want to ask how secure (or not) it is to pass those decrypted passwords via environment variables? Thanks, denden
Not able to login Openvas after update NVT
Hello, Today, i just updated my Openvas server for latest NVT, portsname and scapdata but after that i am not able to login to my openvas instance. Below command i fired to get this done. openvas-nvt-sync openvas-certdata-sync openvas-portnames-update openvas-scapdata-sync
Hashsums and collisions
are collisions less or more likely to occur if you use compressed (ascii) file?
Virtualbox guest as a firewall for lUbuntu host
Using virtualbox, I am trying to use Alpine linux (guest) as a firewall for my lubuntu (host). My physical network card (NIC) is eth0. ISP WAN -> Alpine linux (guest) -> lubuntu (host) LAN I am trying to get the ip from my ISP DHCP server but I had no success. I know that in virtualbox I have...
Log Review- SU
Hi, Can some please provide some hints on what to look for in unix/Linux logs such as sulog from a Information security perspective. Regards
I just started playing around with Unix's OpenSSL utility. I can't seem to get the hang of it, and the man page isn't helping much. I wanted to experiment with file encryption, so I created a dummy text file with one line of text and tried to encrypt it using DES. I used the following command: ...
A little iptables help for Guest Access
Hey folks, I've setup a wifi guest network on an E2500 router running TomatoUSB, that I only want to have internet access provided for. Did this by creating a separate bridge (br1), then putting it in it's own VLAN, created a virtual wifi interface, then set some firewall rules to isolate...
Rpm for BIND 9 version 9.9.7-P2 (fix CVE-2015-5477) rhel
Hello, I have a RedHat machine (version 5.11) and i need to install BIND version version 9.9.7-P2 in order to fix a known BIND vulnerability CVE-2015-5477. I downloaded the tar file from isc website but i am having trouble to install the file. Does anybody knows a link for the rpm package of...
Can't access my device DJI Phantom 3 which uses UNIX. Need Help please!
Equipment: DJI Phantom 3 I have the root and passwords access, but I cannot find out how to access the equipment. There is a USB port going to a miniUSB that connects to the equipment, but on Windows is detecting the connection as being a Serial Port (COM3). I need some help in order to gain...
Cron Logs File Permissions
Are there any security risks in having cron logs readable by all (644)? We have scheduled some jobs and have issues we want to investigate, but this is justification provided in rejecting our request: "Cron log will have only read permission for root, we cannot change the permission to make...
IP Domain registrant
Sorry for not beeing absolutely sure if this is the right forum to put my request, but as it deals about fraud, and the physical person behind a domain or IP I just take this one. It comes like this. hm may someone can help me to find out, who the hell registered a domain, a very specific one,...
Tor and vm's
Hello all! That's my first post here and I have some few questions about navigation with tor network: 1) Is it safe to use it to access mainstream websites such as facebook, google and so on? I mean, they will probably know by there that we are using tor. And they can of course send out this...
CompTIA Security+ book for beginner?
please i want a name of a CompTIA Security+ book for beginner?
Ssh acces without passwd from unique machine to all servers
hello i want to acces to many machines over LAN network from a unique machine , that allow me to use a SSH directly without password. i ama using redhat enterprise version . i didnt find the right way to realise that. what should i do at first ?
Mass account creation
By the company winning business from another outsource provider, I've suddenly inherited towards 300 servers and all accounts are local. One of the immediate tasks is to set up all the OS, DB, and app support staff on all of the servers operating systems. I've slapped together a crude script...
iptables as "proxy" and a filter
Openssl s_client Adding Headers Manually
Daily stupid question: How can I successfully add/pass HTTP options to openssl? I am trying to get a response from our test web server /vpn/index.html for testing an application. I can successfully get it doing it the manually way like: openssl s_client -connect 192.168.3.20:443 blah blah...
Apply SeLinux policy to *nix device files
If its possible to apply SELinux policies to unix device files, would that be a problem? I would like to apply a policy to a process and enforce what it can communicate with device-wise (eg. physical network interface port) based on that policy. Would think that the "selinux-policy-mls" tool...
BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons Is it just me, or is this issue not getting the publicity it seems to deserve.
'Shell Shock' vulnerability in Bourne shell
A severe vulnerability was discovered in Bourne shell. Just google for: bash vulnerability ... for more details.
Hello, Last two years I am doing email marketing I have lots of Gmail data with me Can Any one help for cleanup data with my Cent OS server And PHP Scripting Every time I put the data in My 3rd party software I get Hard bounces And soft bounces How can i clean up to Data in bulk with PHP...
Stream Content Security with user:pass
Hello, I have a linux based streaming server and I do not want to make it public. I am looking for a solution to make my streaming content secured with username & password for each individual. If i had been dealing with a webpage application, it would have been easy for me: To create .htpasswd...
Login to post a new question or discussion.
Page 1 of 17
Showing threads 1 to 40 of 655
Moderators : 1
Last Post Time
Thread Start Time
Number of Replies
Number of Views
Last 2 Days
Last 10 Days
Last 2 Weeks
Last 45 Days
Last 2 Months
Last 75 Days
Last 100 Days
Search this Forum
Mark This Forum Read
View Parent Forum
Search this Forum
All times are GMT -4. The time now is
The UNIX and Linux Forums - unix commands, linux commands, linux server, linux ubuntu, shell script, linux distros.
Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
Not a Forum Member?