The startup I'm working for is going to be hosting our site and accompanying database on Amazon Cloud Servers. I was wondering if it's possible to have multiple people SSH'd into the instance simultaneously, like if I want to fool around with the databases while my coworker edits some php sripts. Can this be done?
Yes it's possible :)
Just an advice use ssh-key it's better for detect/log who are logged.
Related
A Weblogic server got hacked and the problem is now removed.
I am looking through the infected VM's now in a sandbox and want to see what if any data was accessed on the application servers.
the app servers were getting hammered with ssh requests and so we identified the infected VM's as the web logic VMS, we did not have http logging on. Is there any way to Identify if any PII was Compromised?
Looked through secure logs on weblogic as well as looked through the PIA logs
I am not sure how to identify what if any data was accessed
I would like to find out what went out of our network and info or data
what should I be looking for
is there anything I can learn from looking at the weblogic servers running on red hat?
I would want to believe that SSH was not the only service being hammered, and that was a large attempt to make eyes be on Auth logging whilst an attempt on other services is made.
Do you have a Time frame that you are working with?
Have the OS logs been checked for that time frame?
.bash_history been checked? env variables? /etc/pass* for added users? aliases? reverse shells open on the network connections? New users created on services running on that particular host?
Was WebLogic the only service running on this publicly available host?
What other services and ports were available?
Was this due to an older version of Weblogic or another service, application, plugin?
Create yourself an excel spreadsheet and start a timeline.
Look at all the OS level logging possible and start to make note of anything that looks suspicious, to then follow that breadcrumb to exhaustion.
First, I feel very silly.
For fun/slight profit, I rent a vps which hosts an email and web server and which I use largely as a study aid. Recently, I was in the middle of working on something, and managed to lose connection to the box directly after having accidentally changed the ownership of my home folder to an arbitrary non-root, incorrect user. As ssh denies root, and anything but pubkey authentication, I'm in a bad way. Though the machine is up, I can't access it!
Assuming this is the only issue, a single chown should fix the problem, but I haven't been able to convince my provider's support team to do this.
So my question is this: have I officially goofed, or is there some novel way I can fix my setup?
I have all the passwords and reasonable knowledge of how all the following public facing services are configured:
Roundcube mail
Dovecot and postfix running imaps, smtps and smtp
Apache (but my websites are all located in that same home folder, and
so aren't accessible - At least I now get why this was a very bad idea...)
Baikal calendar setup in a very basic fashion
phpMyAdmin but with MySql's file creation locked to a folder which apache isn't serving
I've investigated some very simple ways to 'abuse' some of the other services in a way that might allow me either shell access, or some kind of chown primitive, but this isn't really my area.
Thanks!!
None of these will help you, at least of the services you listed none have the ability to restore the permissions.
All the VPS providers I've used give "console" access through the web interface. This is equivalent to sitting down at the machine, including the ability to login or reboot in recovery mode. Your hosting provider probably offers some similar functionality (for situations just like this, or for installing the operating system, etc), and it is going to be your easiest and most effective means of recovery. Log in there as root and restore your user's permissions.
One thing struck me as odd,
I haven't been able to convince my provider's support team to do this.
Is that because they don't want to do anything on your server which you aren't paying them to manage, or because they don't understand what you're asking? The latter would be quite odd to me, but the former scenario would be very typical of an unmanaged VPS setup (you have root, console access, and anything more than that is your problem).
I am trying to understand how CouchDB work. Does it come bundled up with separate Apache or does it use the Apache in the system. I am trying to understand how it determines where to serve the site and how are different directions done. This is important information because I am trying to understand how to implement the Apache 2.2 mod-proxy -module here with it. Do I need to tune CouchDB or do I need to tune a separate Apache process? Suppose you have 10 CouchDB processes and you want to direct their results to siteA, how can you do that?
Sorry I am now vague but I am trying to understand how to combine different things from one Site to another, having different authorization-cookies etc. I am having a problem where I have two separates sites hello.com/myCouchDb/ and hallo.de/someOthersite.html working separately. When I merge the codes, the authentication fails -- I think there are at least three different solution candidates:
A) redirect the verification things from the other site to another (a bit hackish) and/or
B) somehow configure the CouchDB Apache -settings, I have tried in Futon but failed.
C) store the authentication cookies to some dir or db and refresh them when they become old (or use never-old cookies)
So how can I merge different CouchDB -instances together with different authentication settings? Suppose you have ten people with different authentication cookies and you want to get them somehow incorporated to the same site. How can you do it? Do you tune network -settings, Apache -settings or CouchDB -settings? Or do you just stores the cookies to some directory or DB that you refresh every time they become old?
P.s. I am the admin so do not worry about the OAuth2.0, I have the authentication-cookies to do whatever I want with the different instances. I just cannot understand how to merge the different instances.
Perhaps related
CouchDB proxy? Apache As a Reverse Proxy?
https://stackoverflow.com/questions/12398389/different-definitions-of-the-term-proxy
What is a proxy? What is it in Apache? Does it have many different meanings?
It sounds like you're confused about the structure of CouchDB. CouchDB is a native JSON Database that has an HTTP API. That API is provided via Mochiweb, an Erlang based webserver that is bundled inside CouchDB. There's only one CouchDB server running, but it runs inside the Erlang Virtual Machine (BEAM) and has a fundamentally different architecture to the typical Apache httpd approach.
Regarding authentication, CouchDB has a per-instance (server) _users database that contains passwords and minimal account details. As an admin you can see this using Futon, although normal users only have access to their own profile. You can assign users into various roles, and then apply those roles and users to each database. Once the _security object is set on a DB, you need to be authenticated to read, and you can use validation update functions to enforce constraints on write. Some brief information on http://blog.couchbase.com/what%E2%80%99s-new-couchdb-10-%E2%80%94-part-4-security%E2%80%99n-stuff-users-authentication-authorisation-and-permissions and http://blog.mattwoodward.com/2012/03/definitive-guide-to-couchdb.html as well as on the wiki.
Just curious whether concepts like load-balancing are going away since cloud hosting seems to take care of such things for you?
Any ideas?
Thanks!
We run all of our servers in a cloud with Amazon. We have a VPC setup and some of our servers sit behind a virtual load-balancer within Amazon.
The answer is that yes, you can still use such functionality. Mostly it depends on how you use the cloud, what service you are with, and the load put on your systems.
My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach.
Thanks
Syd
Disadvantages might include the longer time it will take to run the script since it has to make a connection over the network and the need to make sure that the database connection is made securely -- that the password for the database login isn't passed in clear text & that the permissions on the receiving end of the connection are set to allow connections from only that IP. Of course you'll also want to make sure that the free hosting company provides adequate security for the database itself -- "free" doesn't alway pay for the best set up or the most knowledgeable technicians...
You should connect to your MySQL database using MySQL's built-in SSL ability. This insures that all data transfered is highly protected. You should create self-signed x509 certificates and hard code them. This is free, and you don't need a CA like Verisign for this. If there is a certificate exception then there is a MITM and thus this stops you from spilling the password.
Another option is a VPN, and this is better suited if you have multiple daemons that require secure point to point connections.
I am assuming you are hosting the OSCommerce database on the same server as the webserver and your solution only allocates one database per customer. You can use the add-on tables in the same database as the regular OSCommerce tables as long as you prefix them with some prefix so that they won't have a namespace conflicts. If the code to the third party solution is any good, it won't be too hard to configure a table prefix so that the code will know what the new names for the tables are. This solves any potential latency problem and keeps the control in your hands. I use this trick to host multiple wordpress blogs in the same database.