I’m trying to migrate 14tb of files from one server to another is there a command line or option to do it? Preferably I’d like them to be transferred in the same folder structure. Thanks
I tried to download malware pcap on ubuntu VM in microsoft azure from the putty but it is not allowing me to do so .It gives following output: 2016-12-17-traffic-analysis-exercise.pcap.zip: Permission denied Cannot write to ‘2016-12-17-traffic-analysis-exercise.pcap.zip’
can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?
I have a specific use case in which there are multiple users and I only need the Home folder for each encrypted using something like eCryptfs – https://www.howtogeek.com/116032/how-to-encrypt-your-home-folder-after-installing-ubuntu/ – but it is buggy and under-maintained and many have reported does not work with Ubuntu 18.04+ and even sometimes stuck in a login loop. Any alternative to eCryptfs? Thanks
Server1 – Primary DNS/Plesk
Server2 – Secondary DNS
Server3 – OpenVPN
On by local computer running Ubuntu 20.04 I can successfully connect to the OpenVPN server and browse any website. My public IP Address shows as the SERVER3 IP Address.
On my Android, I can successfully connect to the OpenVPN server but I can only browse websites hosted on Server1. All other websites get the
DNS_PROBE_FINISHED_BAD_CONFIG error message. In the OpenVPN app it shows a successful connection and the correct IP Addresses.
I am using the exact same configuration file for both devices. Note, different certificates are used for the connection.
Looking at the syslog on Server1, I see:
client @0x7f79480ea2b0 ANDROID-PUBLIC-IP-ADDRESS#50743 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied
I don’t get these errors when browsing on the Ubuntu box.
My ovpn file:
dev tun proto tcp remote SERVER3 IP 443 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun remote-cert-tls server cipher AES-256-GCM auth SHA256 verb 3 key-direction 1 <certificates are here>
My OpenVPN Config file:
management 127.0.0.1 5555 dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh none server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt push "dhcp-option DNS SERVER1 IP" push "dhcp-option DNS SERVER2 IP" keepalive 10 120 tls-crypt ta.key cipher AES-256-GCM auth SHA256 user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 0
I am attempting to escalate privileges on a CTF Ubuntu box but I am afraid to run dirty cow due to possible crash is this kernel version vulnerable to the exploit:
Linux ip-10.0.0.1 3.13.0-162-generic #212-Ubuntu SMP Mon Oct 29 12:08:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux?
The Ubuntu version is
Dirty cow documentation shows
Ubuntu 14 versions <
3.13.0-100.147 are vulnerable although I am confused as to if this version is vulnerable and want to be somewhat positive before running it on the CTF / CapturetheFlag machine.
I’m trying to install VestaCP on Ubuntu 18.04 but keep getting the following result after successful installation:
https://123.231.312.23:8083 instead of:
What do I have to do get this result:
I set hostname to server1:
$ sudo hostnamectl set-hostname server1
then edit host file:
$ sudo nano /etc/hosts
IP_address subdomain.domain.tld subdomain
After all is done,I get hostname and FQDN as shown below, which is as it should be:
$ hostname server1 $ hostname -f server1.domain.tld
But then, the result after successful installation:
What am I doing wrong?
Alright, let me give you the context. I am a business owner with strong technical background, say a programmer, though not an advanced system administrator. I’ve bought a VPS server where I want to host several applications and webpages. One of the apps consists of backend, admin frontend and user frontend, another one is just backend and frontend. So 5 different programmers develop those apps. From time to time, as the development takes its place, those programmers need to install and upgrade some packages, modify system configs and so on, i.e. they need ssh access and some root privileges.
And here is the tricky part. It is obvious that I don’t want them to see and gain access to the folders they are not supposed to see, i.e. the devs of the first app shouldn’t have access to the folders of the second app and vice versa. Moreover the backend dev of the first app shouldn’t have access to the frontend folders of the same app and the same goes for the second app. Also I would like to restrict access for them to certain commands like visudo or reboot, so they wouldn’t be able to lock me out of my own server or reboot it without my consent.
Now, if I give them sudo privileges for them to be able to run administrative tasks needed for their development – then they have access to everything and it becomes practically impossible to restrict access for them to certain folders and commands. On the other hand if I DON’T give them sudo privileges, then it becomes a huge pain for me to every time install packages and give them access to certain files and commands they need to continue development. There are over 1500 commands and the corresponding number of system files in Linux they could potentially need access to, so it’s very VERY unconvenient for me to spend so much time to administer the VPS, especially getting the fact that I’m not a very advanced system administrator and I don’t have much time because I need to run my business.
There are already numerous posts and threads on the Internet where people try to find solutions to somewhat close problems like these: One, Two, Three, Four, Five, Six, Seven, Eight, Nine, and they still have no reasonable solutions to them, only those that involve some supercomplex activities and anyway not giving a needed result.
So from my point of view as a business owner it should be something like this: there is a root user who can do everything. He can create admins and define access rights for them, for example in that very sudoers file. Then it’s his decision whether to give access to an admin to the sudoers file itself and any of the folders and commands of his choice. For example an admin could be able to run any command in the system except “reboot” and “visudo” and he can access all files and folders except /etc/sudoers and say /var/www/private_folder even WITH sudo privileges invoked (meaning he can’t even copy those files, overwrite them, chmod and chown them and so on, i.e. access them with any command).
That would immediately make the whole system administration A LOT more easier and logical, eliminating the need for complex solutions like chroot jails, separate bash environments, splitting servers into virtual machines, using containers and so on. And it’s so simple, a matter of a couple of conditions in the code, if I understand it correctly from a developer’s perspective. Also, I want to be in control of my VPS, not having to trust any other third person believing he/she won’t steal my information and/or destroy my whole system either by making a mistake or intentionally and basically it can be considered as a serious security vulnerability from a certain point of view.
This seems so obvious and logical for me, that I was really discouraged and embarrassed that it’s really isn’t like that in Linux. Maybe 20 years ago when Linux was created it was enough to have only a root and sudoers and the rest of users to accomplish tasks they had at that time, but today everything goes a bit different way already and that archaic approach is not usable anymore.
Of course I realize I can understand something wrong and there is a strong reason why it has to be as it is, then please let me know why is it so and what is a correct and easy way of solving my problem described above without a need to build a behemoth on my VPS or manually administering it all the time by myself. After all it should be user-friendly, right? Now it’s not.
On the other hand if there is no such a solution, then I would really be willing to even pay someone who could implement some kind of a patch or a package that will allow to solve this problem.
Currently I am using WAMPserver on Windows, I'm very happy with it, but Drupal requires Drush and Composer for website maintenance and updates, all the literature is written for linux.
So I am looking into using WSL2 with ubuntu – and I am looking for a tool similar to WAMPserver for ubuntu
What I particularly appreciate in WAMPserver is that everything comes pre-installed and pre-configured, and the program takes care of creating new vhosts, etc. as needed, no need to do anything in the…
GUI for LAMP stack with ubuntu on WSL2 for website development
I recently got a VPS with Ubuntu on it, and I’d like to start creating a very basic website. However, I don’t know what steps I should take to secure this server.
I’m new with Ubuntu, new with security and new with creating websites (the website will probably be just HTML, CSS, Django/Python and some database).
My biggest concern is that some hacker could try to use it as a zombie and I won’t know. Or that robots could try to log in and sneak at whatever data I’ll store on that machine and I won’t know. Or who knows what else.
I found the firewall information page on the Ubuntu website, but will that be enough ?
P.S.: If it’s impossible to give an answer, I’d also appreciate a book/website recommendation for Ubuntu and security complete beginners
I have a Ubuntu home PC. I often use this system to enter passwords to various websites. Some sites also offer a graphical on screen keyboard to protect from keyloggers. However, I suspect that even the on screen keyboard is not safe from malicious software which records the computer screen. I want my passwords to be safe from such programs. Of course, I do ensure that I don’t install insecure programs but I would like to have an additional layer of security.