Questions tagged [security]

Content related to computer security., i.e. content about policies, mechanisms, etc. needed make sure data is not leaked or corrupted and services available in all circumstances.

Security of Unix & Linux systems. If your question is about balancing the pros and cons of a security policy, you may be interested in the IT Security site.

Computer security deals with ensuring three properties:

confidentiality, i.e. data is not leaked
integrity, i.e. data is not corrupt, data is received as it has been sent in the correct destination
availability, i.e. a given service is available under all circumstances, for example, it's resilient to Denial of Service attack

For some systems, for example in cars or airplanes, another insteresting property is the safety. This is the warranty that the system will not put human life at risk while running or because it does not function properly.

2615 questions

266

votes

4 answers

Security implications of forgetting to quote a variable in bash/POSIX shells

If you've been following unix.stackexchange.com for a while, you should hopefully know by now that leaving a variable unquoted in list context (as in echo $var) in Bourne/POSIX shells (zsh being the exception) has a very special meaning…

asked Dec 03 '14 at 21:59

Stéphane Chazelas

522,931
91
1,010
1,501

256

votes

11 answers

Allow setuid on shell scripts

The setuid permission bit tells Linux to run a program with the effective user id of the owner instead of the executor: > cat setuid-test.c #include #include int main(int argc, char** argv) { printf("%d", geteuid()); …

shell scripting setuid security

asked Aug 12 '10 at 02:20

Michael Mrozek

91,316
38
238
232

238

votes

8 answers

What's the difference between /sbin/nologin and /bin/false

Technically, unless pam is set up to check your shell with pam_shells neither of these can actually prevent your login, if you're not on the shell. On my system they are even different sizes, so I suspect they actually do something. So what's the…

shell security login

asked Apr 07 '11 at 20:08

xenoterracide

57,918
74
184
250

141

votes

9 answers

The myths about malware in Unix / Linux

Is it possible for my Linux box to become infected with a malware? I haven't heard of it happening to anyone I know, and I've heard quite a few times that it isn't possible. Is that true? If so, what's up with Linux Anti-Virus (security) software?

security malware

asked Oct 05 '10 at 09:02

Stefan

24,830
40
98
126

137

votes

7 answers

How can I monitor all outgoing requests/connections from my machine?

My machine is a server so I want to ignore connections being made to my server (e.g. when someone visits my website). I want to see only connections/requests being made by my server to other places. How do I see only those outgoing…

command-line networking shell-script security

asked Nov 23 '12 at 11:13

trusktr

4,035
7
29
34

133

votes

8 answers

Which is the safest way to get root privileges: sudo, su or login?

I would like to have the root account in safety even if my unprivileged user is compromised. On Ubuntu you can only use sudo for "security reasons" by default. However I am not sure it is any safer than just using login on a text-mode console. There…

security sudo login su privileges

asked Mar 04 '11 at 17:02

stribika

5,374
5
30
35

124

votes

2 answers

When was the shellshock (CVE-2014-6271/7169) bug introduced, and what is the patch that fully fixes it?

Some context about the bug: CVE-2014-6271 Bash supports exporting not just shell variables, but also shell functions to other bash instances, via the process environment to (indirect) child processes. Current bash versions use an environment …

bash security shellshock

asked Sep 25 '14 at 03:53

Deer Hunter

1,866
3
20
26

120

votes

13 answers

How to create SHA512 password hashes on command line

In Linux I can create a SHA1 password hash using sha1pass mypassword. Is there a similar command line tool which lets me create sha512 hashes? Same question for Bcrypt and PBKDF2.

security password encryption hashsum

asked Oct 17 '12 at 18:38

student

17,875
31
103
169

120

votes

3 answers

SSH login with clear text password as a parameter?

I need to login to a user that I've created on a remote host running Ubuntu. I can't use an ssh key because the ssh login will happen from a bash script ran within a server that I won't have access to (think continuous integration server like…

linux ubuntu ssh security login

asked May 15 '12 at 23:36

mmla

1,327
2
9
7

114

votes

2 answers

Is Vim immune to copy-paste attack?

You should never paste from web to your terminal. Instead, you should paste to your text editor, check the command and then paste to the terminal. That's OK, but what if Vim is my text editor? Could one forge a content that switches Vim to command…

security vim escape-characters clipboard special-characters

asked Apr 03 '17 at 13:07

Adam Trhon

1,623
3
17
20

112

votes

5 answers

Why is root login via SSH so bad that everyone advises to disable it?

Everybody on the Internet advises to disable root login via SSH as it is a bad practice and a security hole in the system, but nobody explains why it is so. What is so dangerous in enabling root login (especially with disabled password login)? And…

ssh security root

asked Jul 11 '13 at 12:54

rush

27,055
7
87
112

111

votes

3 answers

Why is there a big delay after entering a wrong password?

I notice a weird (well, according to me) thing about passwords. For example, if I type an incorrect password during login, there will be a few seconds' delay before the system tells me so. When I try to sudo with a wrong password I would also have…

security password authentication pam

asked Sep 16 '10 at 05:18

phunehehe

20,030
27
99
151

105

votes

1 answer

Chrome: DNS requests with random DNS names: malware?

Over the years (since 2005), I have seen logs of strange random DNS requests done, on the multiple DNS / BIND servers I have maintained. May 7 12:13:50 1.1.1.1 named[63742]: client 1.1.1.2#24123 (verxkgiicjmcnxg): view internal: query:…

security dns chrome

asked May 07 '17 at 11:37

Rui F Ribeiro

55,929
26
146
227

101

votes

5 answers

What is the point of sshd “UseDNS” option?

I know what it does, but I don't know why. What attack(s) does it prevent? Is it relevant for all kind of authentication methods? (hostbased, password, publickey, keyboard-interactive ...)

ssh security dns openssh

asked Nov 27 '12 at 22:13

user368507

2,143
4
19
17

101

votes

8 answers

Does /usr/sbin/nologin as a login shell serve a security purpose?

In my /etc/passwd file, I can see that the www-data user used by Apache, as well as all sorts of system users, have either /usr/sbin/nologin or /bin/false as their login shell. For example, here is a selection of…

shell security users login

asked Sep 11 '14 at 23:59

Mark Amery

2,860
6
22
29

2 3

…

99 100 Next