Fedora Security :: Login Prevented, First In X And Then In VT?
Aug 18, 2010
I have had two instances recently where I was unable to log in to my computer with uid 500, but I could log in as root. In the first case, I could log in as user 500 to virtual terminals (ctrl-alt-F2, etc) but I could not log in to X. I found that, in the file /etc/pam.d/password-auth-acthere was an extra line that read"accountrequiredpam.access.so"I did not put that line there. When I removed the line, I could log in fine.In the other case, I could log in as user 500 to X, but could not log in to virtual terminals as user 500 (but could as root). I found that, in the file/etc/pam.d/system-auth-acThere was the same extra line as above. And again, I did not put it there, but when I removed it the problem was solved and I could log in to virtual terminals as user 500.I would like to find out, step by step, what happens when I enter my username and password in either a virtual terminal or in X. The login info must be passed to something that checks some files and then lets me in or not. How does that work?
View 1 Replies
ADVERTISEMENT
Nov 9, 2010
I have installed Wine on my Fedora 14 and got Security alert.SELinux has prevented wine from performing an unsafe memory operation.SELinux denied an operation requested by wine-preloader, a program used to run Windows applications under Linux. This program is known to use an unsafe operation on system memory but so are a number of malware/exploit programs which masquerade as wine. If you were attempting to run a Windows program your only choices are to allow this operation and reduce your system security against such malware or to refrain from running Windows applications under Linux. If you were not attempting to run a Windows application this indicates you are likely being attacked by some for of malware or program trying to exploit your system for nefarious purposes. My concern is if i hide this attempt, it will not stop wine to from trying to do it, only hide security alerts. This alert is occurred already nearly 5000 times in last 30 min and counting. Wine server is using 10% CPU on this, so only to hide alerts is not a solution, isn't it?
View 5 Replies
View Related
Feb 16, 2010
I am developing an application which has various modules; some pure fortran, some c++ linking to fortran, using g77 and g++. Does anyone know how to prevent 'fort.6' files being produced and put the output to 'stdout' instead? They are written by write(6,*) or write(*,*) statements. They end up in 'bin' which causes big problems.
View 1 Replies
View Related
Sep 13, 2009
Yesterday, I updated my system with the latest security update and other software updates. Following the update, I am not able to log into the system after restart.As usual, I was prompted with the login page which looks as per normal. I chose my login id and entered my password. It brings me briefly to my desktop showing only my wallpaper (without any upper and bottom taskbars/panels). Then the screen went blank and the login page appeared again.I entered the login id and password, was shown the desktop wallpaper, screen went blank and the login page appeared. This continues over and over and over. After multiple tries and with some luck, I am able to log in as per normal.What seems to be the problem?
1. How do I check the system for errors?
2. How do I check which update has been updated?
3. Is there any way for me to restore to its original state (I migrated from FC10 to FC11 via yum update)?
The only other change apart from the security update is that I installed wine - which has been uninstalled the moment I was able to re-logged in.I attach the details of my grub.conf file below which I hope could be of some useful info.
View 14 Replies
View Related
May 12, 2011
I want to run a Web service that performs a lengthy calculation for the customer. If I let PHP perform the calculation, the script gets killed by server timeout. So I figured out it should initiate a batch job.However, the HTTP server process cannot initiate a batch job because user wwwrun is denied access to service at. Why is that so, and is it safe to remove this denial?
View 9 Replies
View Related
Apr 28, 2009
I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
View 6 Replies
View Related
May 8, 2009
I just installed Fedora 10 on my laptop 2 days ago. I dont seem to remember the password i userd for my username. Is there a way to reset or change the password? I cannot login to the system.
View 4 Replies
View Related
Jul 20, 2009
I'm migrating my file server from Fedora 9 to Fedora 11 (clean install), and I'm having a horrendous time trying to get key based SSH logins working. I've set it up before, and I can't figure out why it won't work now. I copied my public key into ~/.ssh/authorized_keys2 and set the folder permissions for 700 and the file permissions for 600. Then I restarted sshd. Now unless I remember wrong I thought that's all you have to do. It didn't work. So I rebooted just for good measure. Still didn't work. So I made sure that my client was still sane. I can log into my OpenBSD machine just fine. I compared the sshd_config from OpenBSD to the Fedora one, and the options seem pretty close.
At that point I had nothing to lose and just started messing with the Fedora sshd_config. I also noticed in the config that the commented AuthorizedKeys file had dropped the 2 off the end, so I tried changing that as well. Still nothing. Password based logins work, but I really don't want to go that route. Now I can only think of two possibilities. One, some sshd_config setting is wrong and I don't know what it is. Two, there's some package that's required for key based logins that I accidentally unchecked during the install process. That's about all I can come up with. Here's my sshd_config, I tried to just set everything back to default.
Code:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 .....
View 2 Replies
View Related
Sep 8, 2009
I have a problem, I have installed Fedora 11. And i need to login as root user.
How to do so?
View 14 Replies
View Related
Nov 15, 2009
I have a server box behind my ISP router at home, and I need to allow ssh access to my server. My ISP router doesn't let me allow selectively ssh from some IP. It allows ssh to everyone.
I have fedora10 and openssh-server-5.1p1-3. How can I configure openssh to allow just from 1 IP?
Does it use xinetd at all and the hosts.allow and .deny mechanism?
View 14 Replies
View Related
Nov 29, 2009
got this message during my login to my ISP webpage broadband , this first time i got thisQuote:
You have asked Firefox to connect
securely to ******, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
[code]....
View 3 Replies
View Related
Dec 8, 2009
I'm trying to secure a workstation according to the DISA STIG and updated this machine from f10 to f12 to take care of a lot of kernel and openssl vulnerabilities.
I've gone into the Login Manager by running /usr/bin/kcmshell4 kdm --lang en_US as root, turned off themed greeter to enable the Dialog tab and inserted the login banner in the Greeting field. I checked the Xresources file in both /etc/kde/kdm and /etc/X11/xdm and the xlogin*greeting: field has my banner.
However when I restart the machine I am not prompted by the banner and when I select a user I am not prompted by the banner.
I'm not sure if this could be the issue but I get errors when launching kcmshell4:
Quote:
I have to sudo -s from the user with uid 1003 to root. does this need to be run from real root?
View 1 Replies
View Related
Jul 26, 2010
I need to create a number of internal Linux users for admin purposes. I do not want these users to appear on the initial console login page just after Fedora boots up, as users who can attempt to log in, and I do not want to allow these users to log in directly. I merely want these users to be accessed via su, just like the root user.
View 2 Replies
View Related
May 3, 2011
After entering the gdm I'm being asked "Would you like to enter a Security Context [N]?" during login. I've had a look around online but can find nothing final about this.
View 1 Replies
View Related
Apr 4, 2009
Remote root login is enabled. How do I disable this
View 14 Replies
View Related
Jul 29, 2009
Is there any way to hide my username in login screen (GDM)? I ask this because in Ubuntu I have seen that you need manually enter your username.
View 5 Replies
View Related
Sep 25, 2009
I am a new Linux user and have a question about the administrative authentication. When I am logged in as a user and I need to do something that requires root privileges the little password window comes up and I enter the root password. My question is how long are the root privileges granted for?I noticed that a few minutes after finishing checking out the firewall configuration tool and closing the window that I was still able to re-enter the fire wall tool and other administrative tools. How do I log out of the root privileges without logging out and then back into my account?
View 2 Replies
View Related
Jan 27, 2010
Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive
View 3 Replies
View Related
Feb 2, 2010
For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.
I took little real threat by the offense.
(1) my system does not allow root to login and
(2) it would cut them off sooner than later when my system issued the stop command.
fast forward
Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.
Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?
View 4 Replies
View Related
Mar 18, 2010
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
View 5 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Dec 14, 2010
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
View 9 Replies
View Related
Aug 27, 2010
just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?
View 4 Replies
View Related
Sep 8, 2010
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies
View Related
Nov 28, 2010
I had a bit of a play with the pam-usb module today and thought it was very interesting. I can now log in to my computer using my SD card, which is pretty cool.I was wondering if it would be possible to make it such that the ONLY way to authenticate would be by means of this SD card. I realise that this probably isn't the wisest idea ever and I would be better off generating a really long, really complicated password and storing it away somewhere safe for when I lose my SD card (because it would happen).
View 1 Replies
View Related
Feb 6, 2010
I'm having trouble logging in with SSH using RSA keys.
client: Karmic
server: FreeNAS (FreeBSD) ip: 192.168.0.100
I generated RSA keys on Karmic, added the id_rsa.pub to the authorized_keys file on FreeNAS, then removed the id_rsa.pub from Karmic (this is a poorly documented but necessary step I learned).My Karmic username is shawn, FreeNAS username is shawnboy.from Karmic it prompts me for my RSA key passphrase which it should do, but after I enter it, it fails and moves on to prompt me for my password. I know this isn't a FreeNAS forum, but this works perfectly using Putty SSH with RSA keys on Windows XP, so I figure it's more appropriate to ask here than in FreeNAS forums.
View 7 Replies
View Related
Aug 9, 2010
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
View 2 Replies
View Related
Nov 16, 2010
I was under the impression the Linux (in my case the Fedora OS) is very secure. However I've learnt with deep concern that that one can have access to the system during system startup i.e one can give various startup directives and bypass the normal login UI to have direct root access.
Is there a way to disble this so that the directives during startup are fixed and cannot be altered. I would like to make the system secure to the maximum extent possible.
View 5 Replies
View Related
Sep 24, 2009
Need to restrict cvs login from specific IPs
in file /etc/security/access.conf
+ : builduser : 10.200.2.1
Do not work
when changed to ALL as below it works
+ : builduser : ALL
View 2 Replies
View Related
