I run lastb every now and again to see who is trying to p0wn my box and it dates back to november 08. how do i clear these entries to i can get a more update view? or if you know a way i can do a 'more' or something so the IP's are not flying by that would be cool too!
View 2 Replies
I'm running OS X and it appears that after SSHing to several machines, using identity files, my ssh-agent builds up a lot of identity / keys and then offers too many sometimes to a remote machines, causing them to kick me off before connecting.
Received disconnect from 10.12.10.16: 2: Too many authentication failures for cwd
It's pretty obvious what's happening, and this page talks about it in more detail:
SSH servers only allow you to attempt to authenticate a certain number of times. Each failed password attempt, each failed pubkey/identity that is offered, etc, take up one of these attempts. If you have a lot of SSH keys in your agent, you may find that an SSH server may kick you out before allowing you to attempt password authentication at all. If this is the case, there are a few different workarounds.
Rebooting clears the agent and then everything works OK again. I can also add this line to my .ssh/config file to force it to use password authentication:
PreferredAuthentications keyboard-interactive,password
Anyhow, I saw the note on the page I referenced talking about deleting keys from the agent, but I'm not sure if that applies on a mac since they appear to be cleared after reboot anyhow. So, my question is, is there a simple way to clear out all keys in the ssh-agent (the same thing that happens at reboot)?
I just installed F9 and updated to F11 (fedora 11) and I updated the system because I couldn't get the media player working and then I installed all these packages for two days. I have tried yum clear cache and the rpm update. Here are some of the ones I tried:
rm -f /var/lib/rpm/__db*
yum update PackageKit
; yum clean all;
And this is the error:
Error Type: <type 'exceptions.TypeError'>
Error Value: 'NoneType' object is unsubscriptable
File : /usr/share/PackageKit/helpers/yum/yumBackend.py, line 2280, in <module>
main()
File : /usr/share/PackageKit/helpers/yum/yumBackend.py, line 2277, in main
backend.dispatcher(sys.argv[1:])
File : /usr/lib/python2.5/site-packages/packagekit/backend.py, line 600, in dispatcher
self.dispatch_command(args[0], args[1:])
File : /usr/lib/python2.5/site-packages/packagekit/backend.py, line 508, in dispatch_command self.get_updates(filters)
File : /usr/share/PackageKit/helpers/yum/yumBackend.py, line 1743, in get_updates self._check_init()
File : /usr/share/PackageKit/helpers/yum/yumBackend.py, line 1965, in _check_init self.yumbase.repos.doSetup()
File : /usr/lib/python2.5/site-packages/yum/repos.py, line 71, in doSetup self.ayum.plugins.run('postreposetup&apos
File : /usr/lib/python2.5/site-packages/yum/plugins.py, line 178, in run func(conduitcls(self, self.base, conf, **kwargs))
File : /usr/lib/yum-plugins/rpm-warm-cache.py, line 32, in postreposetup_hook
cmd = commands[0]
I am having issues with using OpenSSL. How do I view the currently used certificate? Also, do you know of a good site that has instructions on how to install a certificate. The previous user installed a GoDaddy cert for an FTP server and I need to update it because it's expiring real soon.
View 10 Replies View RelatedThis is apparently a long standing problem across all Linux distros for some time now, and various posted solutions may be distro and version specific.Am hoping that someone can post a solution that should work for OpenSuSE, and if necessary for each currently supported version.What is lastb?lastb is the "bad logon" corollary to the working "last" that reads successful logons to the file /var/log/wtmp. At the moment I haven't checked but the OpenSuSE Forum post I listed below suggests that failed ssh logons may be logged to btmp, but no local terminal failures are and it's unclear if any other types of failed logons are supported.
Some relevant links I've foundThe only relevant OpenSuSE Forums post I've foundThe only relevant Novell Forums post I've foundA RH List postWhat I've triedHave created /var/log/btmp and /var/log/ftmp files and applied permissions copying from the wtmp file as described in the Novell Forum post and verified permissions are applied. On my machine (11.3), the wtmp default group permission is "tty."Then, after verifying that lastb can find and read the btmp and ftmp files, from a console executed failed "su root" commands (wrong password) to try to generate a failed logon entry which I expect should be logged into either btmp or ftmp.Result is that nothing is written to either btmp or ftmp. According to many references on the Internet, typically ( ) systems should be automatically configured to write at least some bad logon types to either btmp or ftmp when the files exist.
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedInstalling a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
View 2 Replies View RelatedI got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies View RelatedI have been getting the following in the samba section of the log watch report for the past few days. But don't know what it means.
[Code]....
and more. What does it mean? Does it mean any attempt to hack or is it some kind of status update? If this is not a threat and can be suppressed, how can I do this?
The ubuntu installation came with my ubuntu (it does not matter which version etc.) Contains sshd_config file with this interesting lines:
# Change to no to disable tunneled clear text passwords
#PasswordAuthentication yes
The same lines are seen in many Ubuntu-related internet pages. This is quite surprising to see.
This seem to contradict to the fact that ssh was created specially to provide authentication (with passwords, of couse) but without sending them by internet as clear text like previous programs did. But I could not find any clear confirmations of that neither in Kubuntu-related documents no anywhere else. I put below fragment of a document from RedHat. This seem to imply that if one will use two "yes", the passwords will be passed in encripted form (and this is what is recommended by RedHat). Is that true? Is this true for Ubuntu too? Is the quoted line from sshd_config wrong? Or incomplete?
[URL] RSAAuthentication yes
The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes.
PasswordAuthentication yes
The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
When I'm logged in, physically on the server as root and logout the lines doesn't get cleared like when you logout as a normal user. This could be a bug and if it is, it could be a security problem. The last actions done shows.
Additional information:
Ubuntu Server 10.10 (32 bit)
RAM: 1GB
Server used as: webserver, database, gaming server.
CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
I was reading that Arch does not provide security updates, but just provides security by keeping with up-to-date software...So what is in a security update and what does it patch? The kernel?
View 10 Replies View RelatedI've noticed on a couple of occasions that e-mail address auto-complete drop down lists have e-mail addresses in that I have never entered (!!) They all seem to be for people with the surname fenton at either gmail or hotmail. Is it likely that I have been hacked?
View 3 Replies View RelatedAnyone, I would like to ask if it was possible to change the entries of a file's inode table ?
For example
Code...
I was wondering if I can change the entries in this inode table's entries.
For example I want to change the "Modify" entry ? I want it to reflect to day 2009-05-19 for example.
Can i do it ?
My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients. Please assist, am running Linux Ubuntu 9 and I dont know where to start troubleshooting this. let me confession that I am still on the learning curve on Linux
View 8 Replies View RelatedHow can I track IPsec module's operations? Can I find such a log file or entries in Linux?
View 1 Replies View RelatedI like to load other distro's via their own grub.
So at the min I add an entry to code...
however when update-grub2 is run it also adds its own entries (for arch linux).
Is there a way to stop the update-grub2 script automatically adding a entry on a specific partition ?
Yesterday, I updated my system with the latest security update and other software updates. Following the update, I am not able to log into the system after restart.As usual, I was prompted with the login page which looks as per normal. I chose my login id and entered my password. It brings me briefly to my desktop showing only my wallpaper (without any upper and bottom taskbars/panels). Then the screen went blank and the login page appeared again.I entered the login id and password, was shown the desktop wallpaper, screen went blank and the login page appeared. This continues over and over and over. After multiple tries and with some luck, I am able to log in as per normal.What seems to be the problem?
1. How do I check the system for errors?
2. How do I check which update has been updated?
3. Is there any way for me to restore to its original state (I migrated from FC10 to FC11 via yum update)?
The only other change apart from the security update is that I installed wine - which has been uninstalled the moment I was able to re-logged in.I attach the details of my grub.conf file below which I hope could be of some useful info.
I just installed FC12 and was trying to do the security update, but it encountered an "internal error" and asked me to "report this bug to the distribution's bugtracker" with the details. However, I am not sure exactly what to do. Could someone be kind enough to let me know?
View 1 Replies View RelatedIs there some way to view the an openssh servers auth logs in real time?
View 2 Replies View RelatedToday (25 of March) Fedora 10 asked to install latest security updates. I allowed it to install them and everything seemed ok. But after the next boot I understood that some applications won't launch. Skype, last.fm player, VirtualBox - all the qt ones. I've reinstalled those apps, and reinstalled qt. They still don't launch.When I execute one of them from terminal - it just waits and nothing happens.The process really starts, I can see it from ps -A and gnome's System Monitor.Here's the /var/log/yum.log for March 25th:
Mar 25 00:20:37 Updated: libX11-1.1.5-1.fc10.i386
Mar 25 00:20:39 Updated: lcms-libs-1.18-1.fc10.i386
Mar 25 00:20:44 Updated: gtk2-2.14.7-7.fc10.i386
[code]....
There are lots of updates in it. This is just a newly install fedora 12. I don't know which is necessary to update in SE.
View 5 Replies View RelatedI know very little about SE Linux and I've heard that in some situations it's better to disable it. For a home user, is it important? Does it improve your life ? or does it get in the way ?
Last week some update stopped my printing and I had to install the new hplip from HP because it wasn't in the Fedora repos to correct the problem. I don't know if SELinux had anything to do with it, but today when I disabled SELinux a few minutes later I get a star up on the toolbar and when I clicked on it it mentioned something about hplip. It wouldn't make any sense to me but maybe this has happened to others.
Just finished a security update, (Fedora 12) and it said I had to restart the computer to have it take effect. When I restarted, all I got was the "Compaq" logo....forever. No Grub2 (it's a three system set up), no bios, just the brand name of the box. Even worse, when I tried going at it with a live cd, the same thing; the bios never loads, so no live cd fix.
View 6 Replies View RelatedThe problem is that yum is refusing to install gcc on a new SL6 install. As far as I can make out, a security update that I applied prior to my attempt to install gcc has caused problems. I did a new SL6 install (x86_86) a couple of weeks ago. This was a minimal installation, and I didn't install any dev tools, as I intended to install them later from yum. Since then, I've done very little; I installed a few packages (samba, xemacs, etc), and I let the system update itself. The update installed 'kernel', and updated 'kernel-firmware' [URL]. I now need to install the dev tools (g++, and so on), but I can't. I've tried this from gpk-application, and directly from yum. The complete yum output is below, but the basic error is:
> Error: Package: glibc-2.12-1.7.el6.i686 (sl)
> Requires: glibc-common = 2.12-1.7.el6
> Installed: glibc-common-2.12-1.7.el6_0.5.x86_64 (@sl-security)
[code]....
What are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies View RelatedI have received an email with a .csv attachment from a bank, and need to know how to view the attachment without risk. Using View>Message Source I see a large solid block of random upper and lower case characters, whereas I would expect to see some readable text mixed in. The email subject and the attachment name both contain data specific to me, but the text of the email consists largely of disclaimers with no mention of my name or any clue as to the nature of the attachment. I am using Thunderbird as my email client.
View 8 Replies View Related
