Frequently Asked Questions About Linux / UNIX

Frequently Asked Questions About Linux / UNIX » Security http://www.cyberciti.biz/faq Every answer asks a more beautiful question. Fri, 03 Feb 2012 22:38:32 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Linux / UNIX: Encrypt Backup Tape Using Tar & OpenSSLhttp://www.cyberciti.biz/faq/linux-unix-encrypting-data-to-tape/ http://www.cyberciti.biz/faq/linux-unix-encrypting-data-to-tape/#comments Thu, 25 Mar 2010 18:03:12 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=6893

How do I make sure only authorized person access my backups stored on the tape drives (DAT, DLT, LTO-4 etc) under Linux or UNIX operating systems? How do I backup /array22/vol4/home/ to /dev/rmt/5mn or /dev/st0 in encrypted mode? ]]> http://www.cyberciti.biz/faq/linux-unix-encrypting-data-to-tape/feed/ 5 Nginx Block And Deny IP Address OR Network Subnetshttp://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/ http://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/#comments Wed, 13 Jan 2010 05:05:50 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=6283

How do I block or deny access based on the host name or IP address of the client visiting website under nginx web server?]]> http://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/feed/ 9 Linux Default Services Which Are Enabled at Boothttp://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/ http://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/#comments Wed, 06 Jan 2010 02:42:26 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=6194

Can you provide a guidance on default CentOS / Fedora / RHEL / Redhat enterprise Linux services which are enabled at boot time by a default? Can you provide set of recommendations for all default services and which to keep for performance and security and which to turn off? ]]> http://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/feed/ 2 CentOS / Redhat: Turn On SELinux Protectionhttp://www.cyberciti.biz/faq/rhel-fedora-redhat-selinux-protection/ http://www.cyberciti.biz/faq/rhel-fedora-redhat-selinux-protection/#comments Tue, 05 Jan 2010 11:52:59 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=6166

SELinux enforces the idea that programs should be limited in what files they can access and what actions they can take. However, by default it is turned off under RHEL / CentOS 5.x server? How do I turn it on?]]> http://www.cyberciti.biz/faq/rhel-fedora-redhat-selinux-protection/feed/ 3 Mac OS X Disable Unnecessary Serviceshttp://www.cyberciti.biz/faq/disabling-unnecessary-mac-osx-services/ http://www.cyberciti.biz/faq/disabling-unnecessary-mac-osx-services/#comments Thu, 24 Dec 2009 16:11:50 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=6133

How do I disable unnecessary services under Mac OS X to secure my Mac OS X based desktop / server / laptop?]]> http://www.cyberciti.biz/faq/disabling-unnecessary-mac-osx-services/feed/ 2 PHP Fatal error: Allowed Memory Size of 20971520 Bytes exhausted (tried to allocate 131072 bytes) Error and Solutionhttp://www.cyberciti.biz/faq/linux-php-fatal-error-allowed-memory-size/ http://www.cyberciti.biz/faq/linux-php-fatal-error-allowed-memory-size/#comments Mon, 23 Nov 2009 12:31:29 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5834

I've brand new Ubuntu Linux server (Apache + PHP5 FastCGI + Lighttpd image only server) installed for my wordpress, mediawiki and vBullietin software. I can load forntpage but user cannot edit any wiki pages or post anything and I get the following error in log file:

PHP Fatal error: Allowed Memory Size of 20971520 Bytes exhausted (tried to allocate 131072 bytes) in /usr/share/mediawiki/includes/OutputHandler.php on line 81

How do I fix this problem?]]> http://www.cyberciti.biz/faq/linux-php-fatal-error-allowed-memory-size/feed/ 2 CentOS / Redhat Apache mod_ssl Configurationhttp://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/ http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/#comments Sat, 21 Nov 2009 09:18:26 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5816

The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. How do I install and configure mod_ssl under CentOS / Fedora / Redhat Enterprise Linux?]]> http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/feed/ 10 Mac OS X Display Access Warnings Message For The Login Windowhttp://www.cyberciti.biz/faq/apple-macosx-enabling-login-access-warning-message/ http://www.cyberciti.biz/faq/apple-macosx-enabling-login-access-warning-message/#comments Tue, 10 Nov 2009 02:37:11 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5740

I know how to display notice of a computer's ownership, to warn against unauthorized access, under Linux gnome desktop. How do I display similar message under Apple Mac OS X to remind authorized users of their consent to monitoring?]]> http://www.cyberciti.biz/faq/apple-macosx-enabling-login-access-warning-message/feed/ 0 Linux Upgrade Password Hashing Algorithm to SHA-512http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/ http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comments Tue, 10 Nov 2009 02:11:36 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5736

The default algorithm for storing password hashes in /etc/shadow is MD5. I was told to use SHA-512 hashing algorithm. How do I set password hashing using the SHA-256 and SHA-512 under CentOS or Redhat Enterprise Linux 5.4?]]> http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/feed/ 10 Linux Kernel /etc/sysctl.conf Security Hardeninghttp://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/ http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/#comments Tue, 27 Oct 2009 16:55:00 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5564

How do I set advanced security options of the TCP/IP stack and virtual memory to improve security and performance of my system? How do I configure Linux kernel to prevent certain kinds of attacks using /etc/sysctl.conf? How do I set Linux kernel parameters? ]]> http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/feed/ 2 Linux Iptables: Add / Delete An IP Address Remotely Using A Shell Scripthttp://www.cyberciti.biz/faq/linux-iptables-add-delete-ip-address/ http://www.cyberciti.biz/faq/linux-iptables-add-delete-ip-address/#comments Thu, 22 Oct 2009 08:37:22 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5462

I've root ssh access and need to add / delete a few IP address on fly using the IPtables command via local shell script. How do I add or delete an IP address remotely over the SSH session under CentOS / Redhat / RHEL / Debian / Ubuntu Linux?]]> http://www.cyberciti.biz/faq/linux-iptables-add-delete-ip-address/feed/ 3 Samba: Linux Iptables Firewall Configurationhttp://www.cyberciti.biz/faq/configure-iptables-to-allow-deny-access-to-samba/ http://www.cyberciti.biz/faq/configure-iptables-to-allow-deny-access-to-samba/#comments Fri, 16 Oct 2009 08:48:47 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5360

How do I configure iptables firewall under CentOS / Fedora / RHEL / Redhat Linux to allow access to the Samba server? How do I open TCP ports # 137, 138, 139 and 445 under Linux so that all Microsoft Windows machine can access files and printer on a Linux host?]]> http://www.cyberciti.biz/faq/configure-iptables-to-allow-deny-access-to-samba/feed/ 2 Samba Restrict File Sharing To Particular Users or Network Addresseshttp://www.cyberciti.biz/faq/samba-user-network-file-sharing-restictions/ http://www.cyberciti.biz/faq/samba-user-network-file-sharing-restictions/#comments Fri, 16 Oct 2009 08:35:07 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5355

All my local Linux user accounts will be able to log in to my Samba server and access share. How do I restrict access to particular users or network subnet such as 192.168.2.1/24?]]> http://www.cyberciti.biz/faq/samba-user-network-file-sharing-restictions/feed/ 6 CentOS / RedHat: Set Password Quality Requirementshttp://www.cyberciti.biz/faq/rhel-fedora-centos-linux-password-quality-control/ http://www.cyberciti.biz/faq/rhel-fedora-centos-linux-password-quality-control/#comments Thu, 01 Oct 2009 01:22:23 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5267

I've created a unique default group for each user and also used Linux groups to enhance security. Further a group called "users" allowed to login via ssh. However, I need to enforce password quality-control for all users. How do I create a password policy and enforce its use under CentOS or RHEL 5.x server operating systems?]]> http://www.cyberciti.biz/faq/rhel-fedora-centos-linux-password-quality-control/feed/ 0 RedHat / Centos Disable IPv6 Networkinghttp://www.cyberciti.biz/faq/redhat-centos-disable-ipv6-networking/ http://www.cyberciti.biz/faq/redhat-centos-disable-ipv6-networking/#comments Sat, 29 Aug 2009 08:06:37 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5112

Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?]]> http://www.cyberciti.biz/faq/redhat-centos-disable-ipv6-networking/feed/ 14 Solaris UNIX Configure Disk Quota For UFS File Systemhttp://www.cyberciti.biz/faq/solaris-unix-disk-quota-tutorial/ http://www.cyberciti.biz/faq/solaris-unix-disk-quota-tutorial/#comments Sat, 29 Aug 2009 08:04:53 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5119

How do I configure file system quotas to control how much available storage space can be used on a given UFS file system (such as /export/home) under Solaris UNIX operating systems? ]]> http://www.cyberciti.biz/faq/solaris-unix-disk-quota-tutorial/feed/ 2 Apache IPv6 Configuration: Dual Stacked IPv4 & IPv6 Virtual Hostshttp://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/ http://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/#comments Fri, 28 Aug 2009 04:04:45 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=5032

How do I configure Apache IPv6 networking under UNIX / Linux / BSD operating systems? How do I configure httpd IPv6 and IPv4 under RHEL / CentOS / Fedora / Debian / Ubuntu Linux?]]> http://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/feed/ 3 CentOS / Red Hat: Sudo Allows People In Group Admin To Run All Commandshttp://www.cyberciti.biz/faq/linux-sudo-allows-people-in-group-admin/ http://www.cyberciti.biz/faq/linux-sudo-allows-people-in-group-admin/#comments Tue, 18 Aug 2009 06:50:17 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=4859

I like the way Ubuntu Linux works - all people in admin groups should able to run all commands after running it via sudo "command-name". How do I setup sudo under CentOS or Red Hat Enterprise Linux to allow all members of the 'admin' group to run all commands?]]> http://www.cyberciti.biz/faq/linux-sudo-allows-people-in-group-admin/feed/ 6 DenyHosts: Remove / Delete an IP addresshttp://www.cyberciti.biz/faq/linux-unix-delete-remove-ip-address-that-denyhosts-blocked/ http://www.cyberciti.biz/faq/linux-unix-delete-remove-ip-address-that-denyhosts-blocked/#comments Mon, 17 Aug 2009 20:25:17 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=4844

I've followed your guide and installed denyhosts to protect on my RedHat 5.3 OpenSSH based server. However, I've been accidentally blocked out from my home ADSL IP address. I tried removing my blocked IP from /etc/hosts.deny, but it did blocked it again quickly. It appears that DenyHosts keeps track of the attempts somewhere on disk or memory. How do I remove my own home IP address from DenyHosts?]]> http://www.cyberciti.biz/faq/linux-unix-delete-remove-ip-address-that-denyhosts-blocked/feed/ 9 Linux Iptables Open LDAP Server TCP Ports 389 and 636http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server/ http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server/#comments Sun, 16 Aug 2009 09:28:43 +0000 Vivek Gite http://www.cyberciti.biz/faq/?p=4838

The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?]]> http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server/feed/ 6