HomeHome  PortalPortal  FAQFAQ  SearchSearch  RegisterRegister  Log in  
openFate
openFATE - openSUSE feature tracking
Similar topics
Latest topics
» Difference between 42.2 and 42.1
by findoctr Thu Dec 15, 2016 7:53 pm

» openSUSE Leap 42.1 ?
by findoctr Fri Feb 05, 2016 8:09 pm

» Happy Turkey Day
by findoctr Thu Nov 26, 2015 1:45 pm

» Happy 4th of July!
by bozo Sat Jul 04, 2015 12:56 pm

» It's been a while ...
by bozo Mon Feb 23, 2015 8:34 pm

» Mondo chillers
by bozo Wed Feb 18, 2015 5:11 am

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
IRC Channel
You can also find us on IRC's freenode.net as #suseunbound.

Share | 
 

 Security

View previous topic View next topic Go down 
AuthorMessage
Wolfjmt
Newt
avatar

Posts : 3
Join date : 2010-08-10

PostSubject: Security   Tue Aug 10, 2010 8:47 am

Hi all

I am new to Linux, I have worked on it a little before (on Redhat 8 ), but still consider myself a novas and SUSE is completely new to me.

I was told that there are setting that can be applied to the SUSE system that will remove(delete) a specific folder on the system if a threat is defected - see example below

If the "root" user password is reset throw the single user mode (using the passwd function); will the setup (or settings on SUSE 11) automatically remove a "encrypted"(specific) folder and uninstall software.

My questions are as follows: is the above possible? and can it someway be revised?

Thanks in advance for any and everybody that can help.
Johann

Back to top Go down
bozo
Admin
avatar

Posts : 402
Join date : 2010-02-23
Location : Way out in the sticks in the Gold Country of California

PostSubject: Re: Security   Tue Aug 10, 2010 10:23 am

First of all, welcome to SuseUnbound, Wolfjmt! Hope you'll stick around. Things are a little slow right now, but we have folks here (not me! I'm just the forum jester) that have years of experience and tons of knowledge in Linux in general and Open Suse in particular. Plus it's a friendly kind of place if you just want to chew the fat a little.

As to your question, I've never heard of this function, but it wouldn't surprise me if someone has written a program to do such a thing. You might take a look at the Packman repository, or search Sourceforge for such an application.

Someone here may drop in and give you a more definitive answer to your question, so check back a few times over the next week or so; not everyone checks in every day.

Again welcome, and looking forward to hearing from you again. Let us know if you find an application that works for you in case someone else has the same need.

clown

Edit: After thinking for a moment, this sounds like something that could be done with a fairly simple script, but I'm not good enough to write one off the top of my head. You could even include running a shredder after deletion, if you're requiring that level of security. I'm sure we've got several folks that could do that if so inclined, so check back.

clown

_________________
"The trouble with quotes on the internet is that you never know if they are genuine." - Abraham Lincoln
Back to top Go down
bdquick
Admin
avatar

Posts : 583
Join date : 2010-02-22
Age : 37
Location : Central Iowa

PostSubject: Re: Security   Tue Aug 10, 2010 8:19 pm

I've not heard of this either, but it does sound possible. There would be ways of detecting failed login attempts on a certain account, and should be able to trigger events like running a script. It might also be a program that person wrote for their own use.

_________________
I'm here where ever here is.
Back to top Go down
FeatherMonkey
Old Regular
avatar

Posts : 41
Join date : 2010-02-25

PostSubject: Re: Security   Wed Aug 11, 2010 5:11 am

Certainly on 11.3 and I thought early runlevel 1 prompts for root password.

Any way this is a mute point, why? well even if you do manage it(I looked at apparmor to see if it could enforce a policy in regards to runlevel, I suspect it maybe possible if apparmor calls a profile from /etc/init.d/. Also I wondered about pam but didn't look due next point). The point is even though init 1 asks for password, /bin/bash wouldn't(Just checked 11.3), and that I would imagine would be a complicated profile if even possible. Then the other thing is what's to stop someone chrooting in how would this be detected?

The only way I can see is if pam and apparmor can and maybe even along side(or) you would need to wrap a wrapper around /bin/passwd this would also need to be obfuscated or better still binary(Otherwise you would simply read where the proper binary is being called from). This would need to check runlevel before executing and this fails with /bin/bash as checking it reports 3 and 6.

So the short story it may be possible using pam, apparmor or a wrapper but is easily defeated or extremely complicated to enforce if even possible.

Edit:
Sounds way easier to use a grub password IMHO
Back to top Go down
Wolfjmt
Newt
avatar

Posts : 3
Join date : 2010-08-10

PostSubject: Re: Security   Wed Aug 11, 2010 5:33 am

hi FeatherMonkey

Thanks for the info, so it may happened but improbable.

So if i lost he root password - and used the /bin/bash command to enter into the single user mode, then used the passwd command to reset the password - tall the information on the system would normally be there - correct??

Sorry for confusing the process but the previous administrator said that this is the case and that I thus deleted all the data off the system - I personally think he removed the data and was hopping nobody would notice it, as all the stall (IT staff) started leaving the company.
Back to top Go down
FeatherMonkey
Old Regular
avatar

Posts : 41
Join date : 2010-02-25

PostSubject: Re: Security   Wed Aug 11, 2010 5:48 am

Yes using init=/bin/bash gets you into the system it won't decrypt anything though. The only way to decrypt is via the prompt for the correct password(And this is highly unlikely to be crackable beyond bruteforce).

I really can't see why even a competent admin would write a profile or wrapper around /bin/passwd. Not to mention this is a moot point as a competent admin would know there is ways around it.

The other stuff about removing stuff also stinks like a dead rat IMO no admin worth his salt would allow a script/binary/profile to remove stuff(In forensics you do nothing you try to get a snap shot of the running server after pulling the network). Not to mention if a competent admin had actually achieved this you would have an audit trail to follow.
Back to top Go down
Wolfjmt
Newt
avatar

Posts : 3
Join date : 2010-08-10

PostSubject: Re: Security   Wed Aug 11, 2010 5:53 am

Haha , thanks for confirming my thought and thanks for all the help and responding so quickly.
Back to top Go down
FeatherMonkey
Old Regular
avatar

Posts : 41
Join date : 2010-02-25

PostSubject: Re: Security   Wed Aug 11, 2010 6:05 am

No problem -- Though I would like to add I'm no competent admin just a curious individual but were I a competent Admin I would have a good audit trail, probably via good usage of sudo. A good backup policy and I certainly would trust the encryption method and password I had chosen was good enough to do the job. Wink
Back to top Go down
Sponsored content




PostSubject: Re: Security   

Back to top Go down
 
Security
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Well....this Facebook security breach says it all
» Security Issues in Selenium IDE
» XP Internet Security 2010
» How to test dynamic ids using Selenium
» anyone on Disability for Migraines???

Permissions in this forum:You cannot reply to topics in this forum
SUSEUnbound :: Help Section :: Software-
Jump to: