CentOS 5 Networking :: Restrict User "admin" To Login To The Server From A Specific IP Address?
Jun 9, 2009
i am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified
#The following commands will only allow specific IP to login to ssh.
#AllowUsers admin user1 user2
#AllowGroups
# override default of no subsystems.Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....
i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,
I wish to intercept/forward emails that is sent to one user on multi user mail server.I only want email from one specific address or group,to be redirected and it will be redirected to another user on same server.The email should not arrive in original users inbox.".forward" file can not give me such solution,because ".forward" file will forward all mails to another specific mail id,which i don't want. I want only specific users mails onto another local user.Is this possible in sendmail?Anybody have clear idea of "virtusetable" & "aliases" file?
I am looking at ways in which I can restrict the SSH session requests come by specific SSH client (say Putty or NX Client). Is it possible to restrict SSH client login to a client application?
I hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
Is it possible to restrict root logons to the SSH server to just a single ip address (or maybe a range?) I have other users connecting to the server daily so restricting ALL access to a single ip i cannot do. I need root enabled (for my own reasons) but want to lock it down a bit more.
I installed the VNC server by following [URL] (Remote login with vnc-ltsp-config). Everything works great for normal user but when I try to access admin tools in the GUI, nothing appends. If there is a way to authorize the root to log via VNC viewer.
I installed Centos 5.5 on a home PC to be used remotely.
All server daemons work fine but only start if the user is logged in.
How do I set the SSH server to start whenever the PC is turned on, rather than when the user is logged in? I read the chkconfig man page online but couldn't find anything.
Plus I put a script in my startup services to be run whenever the computer boots (I'm guessing when the users logs in). How do I go about setting that to run too whenever the system boots instead?
I have a very peculiar issue - I can't log in to KDE as one particular user (andrew, which is my regular account) though all other users including root, mythtv & other family members can log in without any problem. When I try to login as andrew the X server appears to crash as the screen goes blank and I have to press Ctrl+Alt+BkSp to get back to the KDM login screen. The proximate cause seems to have been updating KDE to 4.4.5 using yum - I did this logged in as andrew in a terminal session using su - root, and the black screen problem arose next time I tried to log in.
I can log in OK as andrew using a different desktop manager e.g. Sugar. I am using radeonhd graphics driver; if I change to "vesa" in xorg.conf I can log in OK. If I change the home directory for andrew to that of another test user and change the file ownerships, I can log in OK. Therefore the problem must lie in a config file(s) somewhere in the andrew home directory tree, which is specific to KDE and also radeonhd. I have checked in all the obvious (and unobvious) places but can't find anything. There are no relevant SELinux errors or entries in syslog or Xorg.0.log. The .xsession-errors file from a failed login attempt is here [URL] it isn't significantly different from a normal one, and as the entries are not time-stamped I am not sure which ones arise during the login and which when I restart the X server. I am running F13 (kernel 2.6.33.6-147.fc13.x86_64) without any other significant issues.
I installed the Centos 5.5 and after the Xen. After I put a virtual machine named VM01.Initially it worked properly, I tried everything and it worked.When rebooted, I had problems with the network.I have two network cards eth0 and eth1, but eth1 does not have any ip and I use only eth0.The error that appears is:
vif0.0: received packet with own address the source address
I've had a server setup working perfectly for the last 2 years. Today we installed a newer version of postgresql and recompiled apache/php.
Postgresql will not start now.
"service postgresql start" = /var/lib/pgsql/data is missing. Use "service postgresql initdb" to initialize the cluster first. To initdb we need to be as user postgres.
"su - postgres" = "no file or directory"
In /etc/passwd = postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
how i can login as postgres user and enter these commands?
I want to restrict to send mail for particular allowed users of UNIX user. How can I achieve that? Which file I need to configure to allow users to send mail?
I'm working on a kiosk-type system. What it needs to do is boot, auto login as a specific user, display only the Gnome desktop (no icons, etc), and auto start an application.
Is this possible (I'm sure it is)? If so, can this be scripted, i.e. without having to use graphical tools like Sabayon.
I am facing login issues when i try to login as admin using phpldapadmin into ldap server. Installed phpldapadmin for administering ldap server from the repository:
1)[url]
2)yum install phpldapadmin
Able to see the default phpldapadmin login page.
ldapadmin throws the error as "Bad username/password.Please try again"
But when i login as anonymous i am able to login but the web page asks whether to create the root domain?
whether anything needs to be done for making it login as admin.
I want to limit delete of a particular folder in the user's home folder and to restrict any add/change/delete on files in that restricted directory. /home/myuser /home/myuser/_protected //no delete /home/myuser/_protected/1.txt //only read How can I do that on Ubuntu server?
I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
Can advise if I want to have a alert message when a specific user is login to the system , what can I do ? that mean if a specific is login to system then send me a alert message ( by any way ) to inform me the user is login , what is the method ?
I am looking to create a user to be able to do WinSCP or SSH into the system and only be able to see /var/www/html/joomla/ and that is it. I don't want them to be able to start or stop service but be able to upload and download files to the specific directory or change privileges of the mentioned directory. Is that possible? what commands should I run.
I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?
The biggest problem for me is user management and passwords.
Till know my email server use passwords from system users /etc/passwd. I would like to have a server where user which doesnt have an access to console can change the password in webmail panel (RoundCube, SquirrelMail)
Do You have any suggestions ? Or maybe You know some complete systems with nice admin and user panel ?
I'm having a bit of a problem after joining Ubuntu 9.04 to my company's Windows Domain. I can log in and use sudo just fine but I don't have access to certain things in my menu (i.e. "Add/Remove Software") and I can't open the User Manager. I manually edited the /etc/group file as root and added my username (username@domain) to the appropriate groups but still no luck.
I am attempting to get this network card running under CentOS 5.2 but have had no luck. Some sites say to use the sk98lin driver, others the skge, which I can't find at all. I have tried multiple versions of the driver in rpm but none seem to work. The card shows under the network manager but will not get an IP address from the DHCP server.
Here are the outputs for this card. uname -rmi 2.6.18-92.1.10.el5 x86_64 x86_64 lspci -m 04:01.0 "Ethernet controller" "D-Link System Inc" "DGE-530T Gigabit Ethernet Adapter (rev 11)" -r11 "D-Link System Inc" "DGE-530T Gigabit Ethernet Adapter (rev 11)" lspci -n | grep "$(/sbin/lspci | awk '/net/ { print $1 }')" 04:01.0 0200: 1186:4b01 (rev 11) lspci -vv 04:01.0 Ethernet controller: D-Link System Inc DGE-530T Gigabit Ethernet Adapter (rev 11) (rev 11) Subsystem: D-Link System Inc DGE-530T Gigabit Ethernet Adapter (rev 11) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- Latency: 64 (5750ns min, 7750ns max), Cache Line Size: 32 bytes Interrupt: pin A routed to IRQ 121 Region 0: Memory at febfc000 (32-bit, non-prefetchable) [size=16K] Region 1: I/O ports at e800 [size=256] Expansion ROM at e0000000 [disabled] [size=128K] Capabilities: [48] Power Management version 2 Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+) Status: D0 PME-Enable- DSel=0 DScale=1 PME- Capabilities: [50] Vital Product Data
How to get this working as we have 3 of these cards for computers without a Gb NIC and I don't want to fight with it 3 separate times.
Something strange with my firewall i used firestarter I dont know why i cannot ping outside on a specific IP address here is my setup. I have IP from ISP
119.92.56.77 - eth0 192.168.50.1 - eth1
with DHCP features from 192.168.50.1 - 254. my problem is i cannot ping this specific IP address which is 119.93.232.234 if you can try there and pinging is ok but here cannot because that IP address (119.93.232.234) they used that to connect to our openvpn which is the IP is 119.92.56.78 <---- this system linux(centos) or IP has no firewall enabled. meaning i separeted this connection. which my setup is like this for OPenVPN
I'm running gnome desktop on squeeze system. When I boot my system seems to be using my internet modem as its dhcp server. The rest of the machines on my lan are correctly using my router for that purpose. As a result, what happens then is that my debian machine frequently gets a duplicate ip address assigned to it. I would like to specify to my debian computer that I want it to use the specific fixed ip address of my router for dhcp purposes.
Because I keep a lot of data on a Netgear ReadyNAS which can be presented as a NFS server, I would like to have the default CentOS user have a uid and gid that match those for the user that owns the main NFS share. That way I can treat it as if it were a directory that I owned on the local machine. I'm probably going to install CentOS 5.3 over again to get a totally clean system. What is the neatest way to ensure that the default user has the desired uid and gid? Or is there a better way to work with the NAS? (Right now I'm running it with CIFS shares, but these are quirky and do not behave quite like a local file system, I'm hoping that NFS would be more consistent, but previously attempts to run NFS were hampered by different uid and gid values).
