Questions tagged as ['security']

Security is not a product, but a process.
Score: 2
Jungroy avatar
I'm not sure if basic auth on my server is being secured
cn flag

This may be a really dumb question but I had to make sure that i'm fine with this.

I setup an HTTPS server with basic auth, but the browser informs me that the connection is not secured when i connect to the auth page, and tells me that the connection is secured after i sign in. I want to know whether this is safe, and if not, how can i make it secured?

Config(NGINX):

server {
    listen 80;
    server_ ...
Score: 0
Awaish Kumar avatar
Server goes down after every few hours - No route to host
in flag

I have a Ubuntu machine, it keep going down after some(10-15) hours. It returns the error as no route to host when I try to SSH. But it works when I restart from hetzner console and again after few hours it goes down.

I checked:

  1. syslogs: there are lots of IPs trying to connect to machine but are being blocked by firewall (UFW).
  2. I checked auth.log but I could not find any suspicious login.
  3. I chec ...
Score: 3
Unexpected entries in authorized_keys - is my server compromised?
cn flag

I’ve recently deployed a fresh cloud server and installed dokku. I’ve set up two simple apps, a PHP and Vue/static app and the plugin for letsencrypt.

Everything was fine but two days later I noticed three unusual entries in the authorized_keys file for the dokku user. I’m wondering if my server was somehow compromised or if I am overreacting:

Keys have been redacted:

command="FINGERPRINT=SH ...
Score: 0
Ror avatar
Restart services on multiple remote servers securely
om flag
Ror

I need to write a script so that my colleagues and myself can restart different services on multiple servers. We all connect to the servers with LDAP so i'd like my script to connect our LDAP users to the server and then use sudo to restart the services (I can write a script on each server to restart all the services needed). Right now the script simply run a command like

ssh -t user@host "sudo ser ...
Score: 0
Tony avatar
Disabling certain OpenSSH keys on OpenBSD: why the corresponding 'sshd_config' entries are ignored and why 'ssh-keygen -A' generates forbidden keys?
cn flag

I am trying to achieve the followings on my OpenBSD 6.9 servers:

  1. Forbidding the use of all keys but the ssh-ed25519 one on both SERVER and CLIENT sides.
  2. Limiting ssh-keygen -A to generate keys only by the authorised ssh-ed25519 algorithm and nothing else.

In order to achieve these, I have added the following lines to my sshd_config:

HostKey /etc/ssh/ssh_host_ed25519_key
CASignatureAlgorithms ssh-ed2551 ...
Score: 1
Maurice.Torres64 avatar
How to protect against/fix new vulnerability CVE-2021-36934?
in flag

The essence of this vulnerability is that if you perform a shadow copy of your important files with hashed passwords for all OS accounts, encryption key data, and other important information (the files stored in SAM, SECURITY and SYSTEM) - you will be able to read them immediately with standard user rights.

Whereas in a standard situation, after performing a shadow copy, you can’t read the specif ...

Score: -1
Does exposing an absolute system filepath to the public present a security vulnerability, and if so, how so?
dz flag

EDIT: I have reworded the title and my question to be more general, as well as being more specific as to the answer I am seeking.

I made an error when making some changes in my PHP files, and used __DIR__ to dynamically create the url in a redirect. So if users hit the redirect due to being logged out, they would have gotten directed to a url that is something like: /home/filesystem/path/to/logoutpage.p ...

Score: 0
System-wide Docker login?
ua flag

Is there any way to log a whole machine / Docker daemon into a registry?

Everything I see about docker login and various proprietary credentials helpers uses ~/.docker/config.json, i.e. is per-user.

I have a situation where I would like to pull images from a private registry; multiple people have both arbitrary sudo access on those machines and should be able to use Docker against our registry.

Sinc ...

Score: 0
Loading Additional STIGs in SCAP Compliance Checker
us flag

I have been evaluating the SCAP Compliance Checker tool (https://www.niwcatlantic.navy.mil/scap/). It comes with a reasonable set of pre-loaded STIGs, but I'd like to add additional ones. Although there is an "install" option for adding STIGs, I have so far been unsuccessful in finding any in a format that SCC will accept. I've tried using STIGs from the National Checklist Program (https://ncp.nist.g ...

Score: 2
narotello avatar
Is there a way to obtain CPS and Thruoghput metrics in Linux?
aq flag

I want to analyze my Debian 9 server's network workload to detect some possible network overloads.

The main metrics I need to analyze are:

  • CPS (connections per second)
  • Throughput

Is there a way to obtain these metrics from within Linux?
I thought that CPS metric could be somehow obtained through conntrack NEW connections events but not sure that this would be the most proper way..

Sorry if obviou ...

Score: 0
Practical difference between a DV and EV/OV SSL certificate?
ir flag

When I view a site's SSL certficiate from a browser, it always says in the "Issued to" section that the organisation is not part of the certificate.

If end users cannot independently verify my organisation (I assume the browser now does that for them), what is the practical value of having a OV/EV certificate? Is it for some other reason? If so, what?

I see that at the time of writing Comodo says tha ...

Score: 0
1qwelle avatar
Odd rpcbind connection
cn flag

I ran rpcbind on my Centos 8 server and I noted an odd server:

rpcbind 1038 rpc 13u IPv4 46028565 0t0 TCP CentOS-82-64-minimal:sunrpc->ilijavujovic.tempurl.host:61000 (ESTABLISHED)

Looks very dubious. Any idea how this might have occurred or how to avoid it?

Score: 0
Chris Butler avatar
Azure Security Centre - "90213-Windows Registry Setting To Globally Prevent Socket Hijacking Missing" - Why does this only appear for Server 2016
de flag

I have approx. 10 Windows Server virtual machines in my Azure subscription, mostly Server 2019 with a handful of older Server 2016 VMs.

Azure Security Centre is reporting "90213-Windows Registry Setting To Globally Prevent Socket Hijacking Missing" as a vulnerability that should be remediated, but only for the Server 2016 machines.

There are none of the normal links to external information for the v ...

Score: 0
Нет войне avatar
Through what mechanism(s) do cloud applications allow me to sign in with my organisation's AD credentials?
cn flag

So for years, I've been able to go into my company office, sign in to my computer, and access "on-premises" company resources such as network fileshares and internal web applications using my 'logged-on identity' from my initial windows sign-in. Let's say for the sake of discussion that I understand how that works.

In more recent years, I've also been able to go into my company office, sign in to ...

Score: 0
Orphans avatar
Sending a malicious package as a test to test Suricata alerts
cn flag

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it.

Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work?

I have done some googling but I could not find something straight-forward in order to trigger Suricata with curl.

Score: 2
adamsfamily avatar
Can an unauthorized login attempt occupy a MySQL connection for a long time?
in flag

My MySQL has a limited number of concurrent connections defined by the max_connections variable by my cloud provider. Currently limited to 151 connections.

There is only one web server using this database therefore it should be more than enough. However, I was surprised to see that I currently have 30+ active connections to my server:

mysql> show status where `variable_name` = 'Threads_connected';
+--- ...
Score: 0
Adrián avatar
Is it secure to still using an old version of VMWare ESXi for production after support ends?
es flag

I'm on a small sized business in which they own a HP ProLiant DL380 G7 Server for production. We would like to use a free license version of ESXi which is the version 6.7 U3 because we can't run modern versions on that server due to processors not been compatible.(X5650 x 2) The main problem here is that ESXi 6.7 support of security patches and updates will end in 2022, which makes me wonder if it would ...

Score: 1
jlas avatar
Where is mapping of __default__ user to unconfined_u defined in SELinux policy?
ph flag

semanage login -l shows following mappings

~]# semanage login -l

Login Name                SELinux User              MLS/MCS Range

__default__               unconfined_u              s0-s0:c0.c1023
root                      unconfined_u              s0-s0:c0.c1023
system_u                  system_u                  s0-s0:c0.c1023

So, these are the default mappings. I want to learn where the mappi ...

Score: -2
Abuzar Ghafari avatar
You don't currently have permission to access this folder. Windows 10 User Authentication Error Dialog Box
de flag

I recently was given Admin rights on my machine at work.

Unfortunately, when I am going through the directory structure I kept getting this message box: enter image description here

If I hit continue, I need to change the security permissions and need to add my username in the permissions then it works. But it is time-consuming and it may be interfering with some of my development efforts.

Is there any way to just get permanent ...

Score: 0
Akram Mohammed avatar
How does using an inboud NAT help in terms of security?
us flag

When creating a VM, I didn't give it a public ip address to RDP into it since that won't be secure. I made a public load balancer and added the VM to the backend pool and created an inbound nat rule with the VM as the target using port 3389.

How does using an Inbound NAT in Load balancer help in terms of security?, since it would forward all RDP's to our VM anyway making it feel as if the public  ...

Score: 0
Moshe Harel avatar
Is there a way to export all AWS Security Groups to CSV? moreover, is there a recommended way of keeping track of SR changes?
cl flag

We have a relatively small dev environment in AWS with about 50 Security groups with multiple permission entries. is there a recommended way of keeping track of SR changes, Access, etc?

My manager dont want to use AWS config (Price wise), so the only way i think of is to export all of the SR to a CSV file - how do I do that?

Thank you! : )

Score: 2
Why are docker permission errors not logged by selinux?
cn flag

If you try to bind mount a directory into a container under Red Hat you might have problems with selinux. The directory will be unreadable from inside the container. Unless you add a z/Z volume option.

But what I don't understand is why I can't see corresponding errors in /var/log/audit/audit.log. Indeed after:

sudo semodule --disable_dontaudit --build

they start getting logged:

type=AVC msg=audit(16 ...
Score: 4
dor avatar
Why is the root home directory, /root not in /home? (looking for reasons other than /home is mounted on a different drive)
pl flag
dor

i know that one reason for /root not being in /home is that usually /home is mounted on a different disk and if it were to fail, we still want root to be accessible. What are some of the other reasons for this structure?

Score: 0
Conditional port forwarding with ufw as a default policy
cn flag

Is there a way such that: when a connection is denied (by the rule set) in ufw, it forwards that traffic to another port on the local machine, rather than dropping (by default)?

I can see two potential ways for port forwarding in ufw, I am wondering how to modify these so that it is conditional.

  1. Adding -A PREROUTING rule to /etc/ufw/before.rules. But I need that rule only to be applied when the con ...

Score: 0
benjimin avatar
Is it possible to keep volumes private between different administrators of a shared AWS account?
in flag

In a corporate context, with one AWS account shared by many developers, is it possible to keep stored data secret from each other?

For example, is it possible to configure an EC2 instance with an encrypted volume, and prevent even account administrators from changing the ssh key or decrypting the volume without at least triggering an email alert? Does AWS provide this level of isolation almost by ...

Score: 0
Charly Roch avatar
Can someone outside of the lan uses my nginx proxy?
in flag

I know this question can sounds weird but I noticed strange behaviour on our network.

Here's the context:

I have a vm running multiple docker containers. To simplify their use and because I need https we set up a nginx reverse proxy in a container jwilder/nginx-proxy (following this method https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/)

I am se ...

Score: 3
Akala Volo avatar
Is there a real point to using "Run as" local admin accounts instead of logging in as a local administrator?
uz flag

Let's start by setting the scene -- I'm a junior systems administrator tasked with conducting a transition of the company towards a "Least-Privilege" model. This includes removing admin rights from our users, who mostly work with Windows 10.

Now at this point in time, users are (for the most part) using accounts with local admin rights. This is obviously pretty bad, and we're working on changing  ...

Score: 1
Are Windows GPOs encrypted?
de flag

We have a piece of COTS software that has a command line tool for server credential rotation. Instead of going to each machine to rotate the credentials with the tool, I would like to use GPO to run a script to do so. However, I would need to place the new credentials in the script, so I am wondering if the script files stored in the GPO are encrypted at rest. I have not found any authoritative document ...

Score: -2
Manya Singh avatar
How can my users discover my upstream server IP though they only connect through load balancers?
tc flag

I am managing a game server prone to DDoS. I have kept the upstream IP secret and only published the addresses of 100 load balancers forwarding traffic via iptables:

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A PREROUTING -p tcp --dport 1010 -j DNAT --to-destination MAIN_GAME_SERVER_IP6:1010
iptables -t nat -A PREROUTING -p udp --dport 1010 -j DNAT --to-destin ...
Score: 0
FreeIPA - ssh as root prompted for password
mm flag

I know the access via root won't work (client sshd_config and restricted account in FreeIPA). But is there a way to blacklist root either on the host or on FreeIPA so it's denied immediately rather than prompting for a password?

I'm wondering if I'm missing something... If not possible then I guess my next goal will be to log root attempts via FreeIPA and alert/report on them.