Tag Archives: security

Locking and Unlocking a User in Ubuntu

Posted on by

To lock a user in Ubuntu sudo usermod –expiredate 1 [username] Substitute the user’s username where username is shown below.

[code]sudo usermod –expiredate 1 username[/code]

This also can be shortened to

[code]sudo usermod -e 1 username[/code]

To unlock a user

[code]sudo usermod -e -1 username[/code]

This will disable the user both from accessing via password and from accessing via a private key.

You can also expire a user at a future date using

[code]sudo usermod -e YYYY-MM-DD username[/code]

To expire a password and force a user to enter a new password

[code]sudo passwd -e YYYY-MM-DD username[/code]

Related: Managing Users in UbuntuReset Root Password on MySQL DatabaseDonโ€™t Copy-Paste Directly from Website to Terminal

Compare WordPress Files on Server to Proper WordPress Version

Posted on by

Sadly one of the hassles in managing your own WordPress blog is dealing with people that use your blog to serve spam content. These hacks can insert spam links into your pages and posts or create spam directories that are completely their own content on your domain.

There are many issues to deal with in re-establishing control of your server; but that isn’t the scope of this post.

This is just a tips if you are troubleshooting to try and determine what is going on. Often your server has been hacked to allow uploaded php pages to be added or for WordPress php files to be edited.

One way to track down if the files have been changed or new ones added is to compare the WordPress files on your server to the current files for a fresh WordPress install. This assumes your blog is using the current version, which hopefully it is because on the big improvement WordPress made is to make those updates automatic. That greatly reduces the chance to have WordPress be the vector to infecting your server. If you were using a older version then just compare to the field for that version from the WordPress server.

If you don’t have a current backup I would make a backup before I tried this. Obviously, don’t make any deletions or changes to your server unless you understand what you are doing. You can create big problems for yourself.

You can use the diff command to view the difference between WordPress on your sever and the fresh install from WordPress. I install the new WordPress in a new directory outside public_html. At the cli on a Ubuntu/Linux server:

[code]sudo wget http://wordpress.org/wordpress-4.0.zip
unzip wordpress-4.0.zip
diff -rq wordpress ../public_html/[/code]

wordpress-4.0.zip – replace with whatever the version is you are using.
../public_html/blog/ – replace with the path to your blog

Continue reading

VPS, Cloud and Server Colocation Options

Posted on by

Finding the right place to host your content is important. Thankfully their are several excellent providers. For virtual private servers (one server shared with multiple virtual servers) Linode and DigitalOcean. And there are lots of good choices but those two are widely appreciated for excellent service at a good price.

AWS ec2 (the Amazon elastic cloud) is not great for minimal hosting in my opinion – it adds extra complexity and is likely more expensive. But it is a great solution when you have the resources to manage it and you have significantly variable demand. Because of the ability to add capacity on the fly as you need it you can maintain a low baseline and add capacity only as needed and drop that extra capacity as soon as it isn’t needed.

Rackspace is another good option for hosting. Rackspace and AWS are often used for very large applications and sites but Linode and Digital Ocean also can serve those needs and provide similar options to add capacity on the fly.

All of these options require you to manage your server (which may well be a virtual server – that is just a portion of a actual physical server that you control).

Rackspace also offers co-location where your physical server is put in their network operation center with electricity; cooling; network and internet connections; and physical security managed by them and the server managed by you.

As colocation has evolved what is included and to what level things like physical security and redundancy are dealt with have evolved. It has become quite complex to understand all the options for those organizations that need more than a simple virtual private server. As often happens when their is a business need, people offer solutions. And there are companies that specialize in helping you find the best colocation options for your needs.

Today the cloud options have led many organizations to eliminate (or greatly reduce) there own network operations centers and colocation needs. But cloud options are not always the right choice. And for some needs cloud options are not appropriate yet (mainly due to security or legal issues stemming from security concerns).

Managing your own servers with a colocation arrangement can be significantly cheaper than cloud hosting options (especially if you don’t need to massively increase capacity to deal with short term bursts of demand). Of course, technology continues to change so quickly it is hard to predict what the future will bring.

Service quality is absolutely critical for colocation. While saving money is important, the reason colocation was selected (over virtual private servers or the cloud) is normally how critical the function was. Using experts to help sort through the options and assure the quality of service of provides is wise.

Related: Keeping Your Hosted Ubuntu Web Server Software Up to DateChecklist for Setting Up a New Domain on VPSSystem Monitoring Tools for VPS

Reset Root Password on MySQL Database

Posted on by

How to reset the root password on a MySQL database.

Stop mysql using this command:

[bash]sudo /etc/init.d/mysql stop[/bash]

Because you are not checking user privledges at this point, it’s safest to disable networking. Then, start the mysqld demon process using the –skip-grant-tables option using

[bash]sudo /usr/sbin/mysqld –skip-grant-tables –skip-networking &[/bash]

Next, start the mysql client process using this command:

[bash]mysql -u root[/bash]

from the mysql prompt execute this command to be able to change any password

[bash]FLUSH PRIVILEGES;[/bash]

Then reset/update your password

[bash]SET PASSWORD FOR root@’localhost’ = PASSWORD(‘password’);[/bash]

Related: Turn It Off and On Again (WordPress Loses Database Connection)Some MySQL cli syntax examplesKeeping Your Hosted Ubuntu Web Server Software Up to Date

Don’t Copy-Paste Directly from Website to Terminal

Posted on by

Good reminder and discussion on Hacker News about the danger of copy-paste from a website into terminal.

When copying from a website it is easy for hidden text to be included in the clipboard. If you paste that into terminal it can be executed before you see the code. Including new line commands in the copied text will automatically execute the commands (in most terminal applications).

The best solution is to paste the clipboard content into something to view the text before pasting into clipboard. The best way is probably to recopy it. I use this double copy method to get rid of formatting I don’t want (when the clipboard includes things like font styling info you don’t want – not relavent when pasting into terminal but the pasting [into say vim, which won’t include the extra formatting details] and recopying part is similar). It may be possible to have text hidden (write it in a way where it won’t show up on the screen but is in the clipboard – using some tricky unicode characters or something).

Some people put # before pasting into clipboard but that only protects the first “line.” Any new lines could still be run without you seeing them.

The discussion warns against a malicious website intentionally creating a problem but if you paste in multiple lines there is also just the danger from the lines executing immediately when you wanted to edit the line before it was executed.

Related: Customizing the Command Prompt for TerminalBash Profile Adjustments, Scrolling HistoryAdding a Key to Your Server for SSH Login

ModSecurity – Adjustments for WordPress

Posted on by

How to secure an Ubuntu 12.04 LTS server – Part 1 The Basics is a great resource to secure a VPS.

Mod_Security is a web application firewall. I found a couple things to add to my servers.

The same site includes a very good guide to installing it (you also may well want to whitelist Googlebot, instructions in the link). However it blocked my access to one of my sites. You end up just getting the message:

“Forbidden

You don’t have permission to access / on this server.”

There are tips on some edits to include when using WordPress on an Apache server with modsecurity.

One simple action is to include

SecRule SERVER_NAME “[your-domain.com]” phase:1,nolog,allow,ctl:ruleEngine=off

[bash]SecRule SERVER_NAME "code.curiouscatnetwork.com" phase:1,nolog,allow,ctl:ruleEngine=off[/bash]

on the bottom of modsecurity.conf which is found /etc/modsecurity (for me, on Ubunutu 12.04). Then restart Apache

[bash]sudo service apache2 restart[/bash]

and see if the problem goes away. If it does then you have a very good indication modsecurity was blocking access and can continue to narrow the scope of the problem by adding the WordPress whitelist rules in the link above.

Another note, service apache2 start, failed in a non-obvious way to me anyway. For me if I use sudo it works fine. If I don’t it gives odd errors which lead me on a 10 minute wild goose chase before remembering to try sudo.

Related: Upgrading VPS Web Server from Ubuntu 10.04 to 12.04Keeping Your Hosted Ubuntu Web Server Software Up to DateLinux/Ubuntu File and Directory Permissions

Setting Up 2 Factor Authentication for Gmail

Posted on by

Sadly there are significant risks to having valuable information accessible via the internet. Someone with access to your accounts is a huge risk and it can be a huge hassle to deal with what they can do with that access. Email is one of the most critical, there is tons of information you need, and often the email account can be used to get access to many other accounts (obviously financial sites are also critical, as are others). You should set up 2 factor authentication for critical sites.

2 factor authentication is made of up 1 thing you know, and 1 thing you have. So you know your password. The easiest other item is a smart phone (that is the default option for gmail and most places for the thing you have). Some banks and computer networks (intranet access) use security tokens. Either way they give you a code which you then enter after you enter in your username and password.

Gmail offers a app for smart phones that will generate these codes even if you don’t have cell phone service. Also, if you don’t have a smart phone, or lose yours there is a backup thing you can have (pre-printed codes). Make sure you print these and keep them somewhere you can access them (Google suggests your wallet).

With Gmail you will be prompted for your 2nd level authentication if you attempt to access with a computer that has not been authorized previously. If you are using a computer that you logged into your account with and told Google to authorize you will login normally. Every 30 days Google will then have you provide the 2nd level authentication (I think this is right, I might not have it exactly right for when Google asks for 2nd level authentication).

Whatever email account you have I would strongly recommend having 2 factor authentication setup. And you then must be sure that you can gain access. It is a bother but you need to make sure you understand the process and understand how to cope with issues (losing your smart phone, etc.).

Once you setup your account for 2 factor authentication make sure you add a secondary phone number backup (in case you lose your phone or it is stolen). And make sure you print out the backup code.

Process:

Continue reading

Keeping Your Hosted Ubuntu Web Server Software Up to Date

Posted on by

To setup automatic security updates follow the instructions from Ubuntu.

To run security update manually

[bash]sudo unattended-upgrade[/bash]

A full update of all packages can be done using the follow, remember this may create some issues is one update makes something else you have no longer work properly. You should test to make sure things all work after the updates (for production systems obviously you should test things before [first updating the staging server to make sure the updates don’t cause any problems] and after the updates).

First update the local package index (to find what needs to be upgraded).

[bash]sudo apt-get update[/bash]

Then upgrade the software.

[bash]sudo apt-get upgrade[/bash]

Adding a Key to Your Server for SSH Login

Posted on by

Using Ubuntu

An authentication key allows your server to authenticate the computer you are using has the right key and should be granted access. This lets you use the key instead of a username and password when using ssh.

If you don’t already have a key on your local machine (look for a file named id_rsa.pub in your user home directory under the .ssh folder

[bash]cd /.ssh[/bash]

will get you to the right directory) then you need to generate the key pair. On your desktop machine use:

[bash]ssh-keygen[/bash]

Next you copy the file to your server. scp ~/.ssh/id_dsa.pub [user]@[server]:.ssh/

[bash]scp ~/.ssh/id_dsa.pub username@servername:.ssh/[/bash]

Rename the file on the server to authorized_keys2
[bash]mv id_rsa.pub authorized_keys2[/bash]

The key is for to authenticate your computer. But on the ssh login Ubuntu will look in the user folder. So if you also had user2 access to the server and tried to ssh into the server you would not be authenticated because it would look in user2/.ssh for the authorized key file and not find it. You can put the same key in any user folder on your server to have that user also be automatically authenticated.

Replacing a Host Key

Posted on by

Host keys are used to security log into remote servers (such as Virtual Private Servers – VPS). With Ubuntu if you are using host keys to sign into servers securely and have asked for strict checking, if you make a change (such as rebuilding your VPS) the host key will change and you cannot login and will get a message like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

Please contact your system administrator.

RSA host key for 128.0.0.128 has changed and you have requested strict checking.
Host key verification failed.

if that happens you need to remove your local host key. Then you can sign back in and you will be able to save a new copy of the host key. If you don’t know why the key has changed you should figure that out first as it maybe be an indication of an important security problem. To remove you local key, you can use ssh-keygen -R [ip address of server with the bad key] for example: ssh-keygen -R 128.0.0.128

Then when you try to sign in you will get

The authenticity of host '128.0.0.128 (128.0.0.128)' can't be established.

RSA key fingerprint is ed:...:ea.
Are you sure you want to continue connecting (yes/no)?

And if you know why (such as you made changes to the server) you can say yes and connect and save the new known host key.