Fedora Security :: Log Files Empty - System Does Not Allow Root To Login ?
Feb 2, 2010
For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.
I took little real threat by the offense.
(1) my system does not allow root to login and
(2) it would cut them off sooner than later when my system issued the stop command.
fast forward
Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.
Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?
Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive
I wasn't doing anything special on my computer (Ubuntu 11.04) when it just turned off. When I rebooted I was presented with BusyBox. I'm still pretty new to linux, but it appears that root is totally empty. Is there a way to view a log before the system crashed?
i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
I don't know whether this is a bug or feature. But I find the fact that the Trash in Gnome doesn't delete trashinfo files a security liability.
I found in ./local/share/Trash/info thousands of .trashinfo files named exactly like the files deleted and each one contains the date of deletion.
I thought when I empty the trash bin every record of the files were removed. I understand that there are forensic ways to recover data and rm isn't very secure with journaled file systems, but forensic recovery isn't 100% and if the disk is written over several times the data is gone.
Here you have a permanent list of all the files you've deleted, without you knowing and the dates of deletion. IMO that's too much information.
Update: Weird after removing the files manually and then trying to delete files again using the trash I found no .trashinfo files, this time. So they were probably leftover files, but they didn't have a different owner/permission. Could this have been an issue and now fixed? (running Lucid)
i,m using Fedora11 since some time.... to day i hav updated my system but after updation, im unable to login my system through Gnome, but i can login by KDE as usual. now there is another problem i can,t login system throgh root account although i can access root account through terminal
I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.
These are:
I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:
That's it. Are there other solutions to make the root file system is read-only?
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
It's my personal computer, no other users, no one else in the house. I'm behind a separate stand alone firewall (Checkpoint device). I'm the admin on my machine and I'm going to enter sudo, or login as root, every time I need it anyway.
There's no way that having to switch to root is going to make me stop and think about what I'm getting ready to do. In fact it's quite the opposite. If I'm in the midst of troubleshooting, I'm preparing to enter a command that I think is going to work, and I get "Permission denied"... The aggravation is more likely to reduce my logical thinking, and I'll immediately switch to root and type it anyway.
I DO understand the rational of setting users (even admin users) to a lower permission level. However I don't understand the lack of a command to make a user PERMANENTLY root equivilent. Switching back and forth is a waste of time. AND it means that I now have to deal with two home directories... /root and /home/user. Having to type sudo, or su to switch to root, does not protect my system. It only aggravates.
Is there anyway to have a different password for login and root? For example, my account is Bratu. I want a login password: ABCD and my root password: EFG
Found a major security hole in one of my more crucial linux servers today. (Only locally) I can use the user name "root" and any string for the password. So I can literally type "poop" as the password and the server lets me in. I know how to set root password settings for SSH and sudo, but where are settings located for local access that would allow something like this?
how to enable direct login of root via ssh?I find and info that i just need to update /etc/ssh/sshd_config, but i couldn't see that file in the location.
chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
On my Ubuntu 8.04.4 LTS webserver I desperately want to disable the Root account. But at the moment I am unable because I prefer to use Nautilus/Dolphin on my home laptop for SFTP. The graphical interface also helps when comparing multiple config files at once, something that being limited to NANO or PICO would make extremely painful. The problem is that if I don't use ROOT I can't perform any SSH or SFTP actions with a graphical interface, because I can't use SUDO without the terminal. Does anyone else leave root enabled? I have a non-standard port, disabled password authentication in favor of ssh keys, and I have a tarpit configured
I'm trying to turn off SSH root login on Ubuntu 10.10. However, changing PermitRootLogin=no (/etc/ssh/sshd_config) do not work. Here is the sshd_config:
I have a habbit of openning a 2 sessions of xwindow (I'm using KDE), one as user to browse the internet and the other as root to do some admin work. But someone told me that login to KDE as root is bad in terms of security. Is this true?
I want to count the failure root login attempts so that do an action when the user faild to login as root for three consecutive times (like log a line in syslog).
After running Code: nessus-fetch --register <Activation Code>
I got Code: nessus-update-plugins could not be found in your $PATH When I try to run a scan on localhost I get the message "nessusd returned an empty report".
Here's the entry in nessusd.messages Code: [Mon May 25 00:30:03 2009][13188] user mickey.harvey : testing 127.0.0.1 (127.0.0.1) [13189] [Mon May 25 00:30:04 2009][13189] Finished testing 127.0.0.1. Time : 0.03 secs [Mon May 25 00:30:04 2009][13188] user mickey.harvey : test complete [Mon May 25 00:30:04 2009][13188] Total time to scan all hosts : 1 seconds [Mon May 25 00:30:04 2009][13188] user mickey.harvey : Kept alive connection
I would like to get the scan working and make sure that nessus is updating the plugins. I have been looking though the nessus documentation and tried searching on Goggle without any success.
I get the problem to acess root password when i am in user login, means wahen i am in user login and want to install software from terminal then he asked root password, when i supplied root password but he give me login incorrect.
Everytime I login the SELinux Troubleshooter panel applet alerts me that I have 1 alert to view, however when I click on the icon and bring up the Troubleshooter there are no alerts
I edited the passwd file to modify the default shell for root from bash to tcshnow when I try to login to root it gives me the following error:"su: /bin/tcsh : No such file or directory"
I just installed Fedora 12 on a laptop. I changed the default shell on the root account to /bin/tcsh and changed the runlevel to 3 and then rebooted. Now I can't login into the root account: it returns me immediately to the login prompt and I can't see any error message (the screen is cleared).Why is this happening?Can I boot into some sort of safe mode so I can undo my changes to the /etc/inittab and /etc/passwd file?I tried booting with a Live CD with the intention of mounting the filesystem and making the changes, but the new filesystem is a LVM and it won't let me mount it (or I don't know how to mount a Logical Volume).
I just receive news from my superior. He said he cannot login to system Red Hat using root password.So when i check, someone change root password. I restart server and login as single user. When i put new password, it not change.How to fix it? Is that mean someone just hack my server? That server is in DMZ zone.
