Questions tagged [ubuntu]
Ubuntu is a Linux version derived from Debian. For questions about Ubuntu that are not about security, please post on [AskUbuntu.SE].
322 questions
1
vote
1
answer
200
views
FIDO2 Yubikey, systemd-cryptenroll Options - Differences of --fido2-with-client-pin --fido2-with-user-presence --fido2-with-user-verification
I added a FIDO2 token to my encrypted root parition with
systemd-cryptenroll <DISK>
--fido2-with-client-pin=true \
--fido2-with-user-presence \
--fido2-device=auto
The tool has three ...
- 135
0
votes
1
answer
230
views
relative path in suid binary - what prevents a local privilege escalation?
If I am not wrong, Ubuntu 24.04.01 LTS has the "dirname" linux binary in a suid bit file with relative path, not absolute (which is a security issue due to that a user can change his "...
- 19
1
vote
0
answers
61
views
commands to setup Ubuntu firewall rules from the terminal for T-Pot
Considering T-Pot System Placement
Which are the commands to configure Ubuntu firewall from the terminal, in order for the T-pot to work properly.
- 113
1
vote
0
answers
105
views
Ubuntu - snap potential security issues (for privilege escalation) [closed]
Ubuntu snap is quite a hot topic. Therefore I am curious, what security risks are known for it?
Which misconfigurations are possible? And are there any misconfigurations which can be used to escalate ...
- 29
4
votes
3
answers
3k
views
How resiliant is a private key passphase to brute force attacks?
in the documentation of Ubuntu ssh keys, I was surprised to read
"If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force.".
Really? A good ...
- 151
0
votes
0
answers
43
views
Python os.system() does not change EUID to 0, but os.execl() does, why? [duplicate]
I was working on a Capture the Flag (CTF) challenge that involved a setuid-enabled binary, '/usr/bin/python', where the owner is 'root.' I assumed the user was "www-data", with UID=33.
The ...
0
votes
1
answer
114
views
Random Requests Trying To Download Virus On Server?
So, I was hosting my website on fastapi, and then I saw this 2 requests on my server.
I found that there was link, that was linking to file named "shk" on random ip adresses. I tried to ...
- 3
1
vote
2
answers
150
views
Detecting if application connects remotely in linux
Consider me the average Linux user. I know the basics of shell scripting and intermediate Python. However, I have very limited knowledge of system admin or security related matters.
Background:
Say ...
- 13
1
vote
0
answers
83
views
Restricting ubuntu signing keys?
I started reading on apt and the security changes to always use GPG signing keys,
but further saw that it by default uses all configured GPG signing keys,
this seems like a small but unecessary ...
- 23
1
vote
2
answers
6k
views
How to update Ubuntu SSH version to latest version [closed]
I'm trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can't.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-...
1
vote
1
answer
428
views
Is my website under attack?
I have a web server. I was investigting why my nginx is keep crashing. I noticed a few other issues in my logs.
Note: In the log report, I replace the name of my website with example.com and my second ...
- 11
1
vote
0
answers
212
views
Is it possible to add a username a password to a hostname in /etc/hosts? [closed]
Is it possible to add a username a password to a hostname in /etc/hosts?
Like: a.b.c.d username:password@hostname
- 11
13
votes
3
answers
7k
views
Understanding suspicious HTTP GET Request
I was looking through my Apache log files and besides other GET requests with response status codes of 4XX (error), I've found this one which has a 200 (success) response status code:
"GET /?...
- 163
0
votes
0
answers
122
views
Making time(0) produce an error
I'm currently reviewing/reversing a software (coded in C) and it has a line like this :
time_t var = time(0);
My goal it to get this time(0) call to return -1.
(I cannot modify the parameter.)
...
- 1
1
vote
3
answers
859
views
Can Windows invade my privacy by accessing files from my Linux OS?
I have a 500 GB SSD drive with Windows 10 installed, and a 250 GB SSD drive with Ubuntu 22.04 installed. I use the latter mainly to maintain my privacy; Ubuntu is like my personal computer, with ...
0
votes
0
answers
156
views
File traversal vulnerability found on Ubuntu server running a node process using Nessus
I have an Ubuntu server running a normal Node express framework app and a vulnerability was found by a tool called Nessus.
It looks like a pretty standard issue to me, and I will have shell access, ...
- 101
8
votes
2
answers
3k
views
Clamav identifies Certbot files as infected
I ran Clamav on an Ubuntu 20.04 machine and it identified ten Certbot files as infected.
/snap/certbot/1670/lib/python3.8/site-packages/pip/_vendor/distlib/t32.exe: Win.Malware.Generic-9937882-0 FOUND
...
- 183
1
vote
2
answers
1k
views
How do I activate a malware inside a virtual machine?
I have been doing research on malware detection and my current setup is: one host OS (Ubuntu 18.04) and one guest OS (Ubuntu 18.04) inside VirtualBox. I have downloaded and executed some malware (...
2
votes
1
answer
305
views
How to make sure my laptop (Ubuntu 20.04) is secure with a Windows 7 VM?
I have an old laptop which is running Ubuntu 20.04 and I am planning to use a virtual machine of Windows 7 Pro (using VirtualBox maybe). As its an old laptop and not my primary source of using the ...
- 23
1
vote
0
answers
195
views
How to do a post-mortem after being hacked [closed]
I am wondering what the general steps are in retrospect for trying to find out how one ends up being hacked.
A couple of times I have had Linux servers that ended up being hacked. I noticed this in ...
- 111
0
votes
1
answer
617
views
How to check TCP sequence number to detect mitm?
I suspect that my router (I'm using an iPhone as router) has been owned and the attacker is making some kind of mitm attack. I suspect also that some html and js code has not been sent to my laptop ...
- 11
5
votes
2
answers
1k
views
Are Ubuntu Snaps more secure than the classic installation method from the official repos?
Today Ubuntu (and some other distros) offer a new way to install software, which is snaps. It's software packaged with all its dependencies, run with some kind of containerization, and auto-updated. ...
- 16k
0
votes
0
answers
145
views
Should I change the default folder for uploads?
PHP 7 uses the default system folder (/tmp) to store uploaded files.
PHP allows you to change the settings and change the upload destination directory. Some sites indicate to change this folder to ...
- 174
0
votes
4
answers
273
views
Mouse moving while unattended, how can I check for intrusions
A few hours ago, I spotted my unattended mouse moving and seeming to click on tabs. I promptly rebooted my system and removed Teamviewer (it's the only remote connection app that I have installed), ...
- 101
24
votes
3
answers
7k
views
How is it possible for boss to know I am finding a job?
Today, when my boss talking with me, he suddenly said: No you don't need to worry about it, everyday you have 3 or 4 messages with agent in Linkedin right?
I am very very surprised, because :
I work ...
- 351