Fedora Security :: Redirect Auditd Log To Remote Host?
Sep 17, 2009
way to redirect the audit daemon message to a remote host I checked the auditd.conf and it's man page and find that the log location is specified by the line log_file = file_path and in the man page
Quote:
"log_file: This keyword specifies the full path name to the log file where audit records will be stored. It must be a regular file."
does this mean that the auditd does not have the function to redirect the logs to a remote hosts.
We recently had a vulnerability scan done on our network and one of the vulnerabilities was that the dns server discloses the remote host name when using hostname.bind.
Is there any way that we can stop this from happening? Our name server is a Fedora 11 machine.
I was able to install and start tftp.I can tftp localhost and get a file, even from a non-administrator login.I can connect from a remote host, but the *get* times out.I suspect there is a security issue. Can you tell me how to lower the security on tftp so that a remote host can do gets?
I want to monitor a part of my filesystem for changes, including file opening and attempts to open files/dirs without necessary permissions.Since every read/write/open is run by syscalls i figured that running the auditd would be the simplest way to do this. I installed auditd and added a rule:
Code: auditctl -w /srv -p warx However I do not get any writes reported via ausearch -i. As a simple example, if I run
Anyone can tell me how to enable and config auditd in linux kernel 2.6.9-5.EL. I have only found command auditd and auditctl in server that run kernel 2.6.9-5.EL. I ran auditd & and can saw auditd ran in my server. But I couldn't do anything with auditctl, no status, no rules, nothing :| . I tried to find audit.rules or auditd.conf but that nothing I can find.
I am using TomCat6 with Ubuntu Server 9.10 x64. I successfully configured to iptables to redirect the port "443" to "8443" (Tomcat SSL), using this command:
I've created a virtual host and when I try to access it it displays the root of the Default Server. Running Fedora 11. This works fine in our Fedora 8, same configuration.
192.168.0.200 Default server is set to Listen 80 virtual server
have fedora 10 and am having problems with ssh. For some reason I can't connect via a remote host to my ssh. Local network connections do work just fine. I have been looking for a log of what is going on but have not had luck seeing anything.Things I have tried:
-Modify hosts.allow to allow ssh to all -generated rsa1 key identity tryed specifying that with the -i option on the guest computer
I have a box (boell) running Fedora 10 sitting behind a firewall at school. I am able to freely ssh to and from this box to other computers (minion) within that lan. Outside of this network I cannot directly ssh to boell - I must ssh first to minion, then I can ssh to boell. I've spoken with the sysadmin and he's verified that the firewall permits ssh freely - i haven't had any issues like this with other boxes of mine there, so this isn't any surprise.
I have verified that the hosts.deny file is blank, iptables permits ports 22 (and 80) and I didn't see anything obvious in the sshd_config. I tried a tcp dump on the external host and boell while attempting to ssh from the former to boell. The packets appear to be acknowledged by boell, but this fails to lead to a connection. I've tried this process with external hosts in different locations with the same result. I have made few modifications to the default installation for F10, so perhaps there is some default somewhere I have to change. In any case, below I have attached excerpts of germane files.
======== ssh from boell ======= [root@boell log]# ssh -vvv 71.189.5.67 OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config
Our requirement is not to use the default SSH port, So I have edited /etc/ssh/sshd_config file and changed the default port 22 to 2022, and I have restarted the sshd daemon. Now port 2022 is open in all servers however when I ssh to the remote hosts I cannot login directly. I have to use the below command to connect to the remote server, I don't want to provide SSH port number info while login to remote servers, How to achieve this. ssh -p 2022 server02
I am doing some R&D on 11g RMAN in oracle at home. i have installed oracle enterprise linux and i have installed oracle software. when i am trying to configure listener, it is error-ed out. i have verified that telnet with the port is not working and i am seeing connection refused error.
I have a dell desktop PC that runs with ubuntu 9.04 jaunty jackalope and has 2 network cards eth0 that is connected to internet with an pppoe connection and is shared on eth1 for the other pc that is with windows on the ubuntu server machine is installed EHCP controls panel and No-IP, No-IP works fine but if I add a host as a domain in EHCP where I want to add EHCP {itself, problem appears. No-IP does not redirect to my IP after I added host in EHCP. EHCP is set to have the original IP of my pppoe and I tried with the 127.0.0.1 IP and the problem is still there.
My goal is a testing server with an apache virtual host for each site that I'm working on, with fairly painless setup for each new job.For example, I want http://site-a.mydomain to server this document root /home/client-a/site-a/public_html (or something to that effect)Ideally, DNS will use a wildcard to point http://anything-i-type.mydomain to the testing server, and apache will have a dynamic virtual host definition that will do a little magic so that I won't have to mess with DNS records or add a new virtual host each time I add a new site for a client. I'll worry about that when I get there, just put that out there in case anyone has any tips! for now I just have one little problem that's hurting my mood-
It looks like I've got my DNS server working just fine, so yay there- BUT my first attempt at adding a virtual host isn't working quite how I expected- meaning that site-a.mydomain now serves up the correct document root, but when you put http://site-a.mydomain into the browser's address bar, the address bar is then updated to http://10.0.1.100/site-a/public_html - bogus!! I must be missing an option like "FunnyBusiness Off" -
root@ubuntuvm:/etc/apache2/sites-available# vim client-a.mydomain <VirtualHost *:80> UseCanonicalName Off ServerName site-a.mydomain DocumentRoot /home/client-a/site-a/public_html </VirtualHost>2
Have done a bit of Googling around this but got totally swamped so will try here. Basically we are running a CentOS server which hosts a number of virtual hosts under Apache. Recently I needed to set up a development environment for another site using Ubuntu and have this running and accessible on the LAN from a VMWare image. I'm using bridged networking so the VMWare machine has its own IP on the LAN subnet.
I've set up a DNS to point to the external IP of the physical host but can't figure out how to route traffic requested on this domain to the VMWare host. I've basically tried two approaches (configuring a proxy web server and reverse proxy in an httpd.conf file and mucking around with iptables forwarding rules but without success.
Ideally I'd like somesite.somewhere.com to point to the VMWare IP but I could live with a custom port on the end if thats whats required.
To throw further complication into the mix I need reliable communication between the VMWare machine and external mail relay servers in order to debug any issues with mail bouncebacks, embargos etc.
Any idea what's the easiest way to accomplish this?
I'm doing some commands on a remote server (using ssh to log on to the remote server, did a ssh key swap), how do i redirect the output of a command back to the local server ?the person who helps me out is my HERO i'm really stuck on this and it would bring me a lot further if i get this to work
I am trying to show library content (asp files, IIS server, MySQL database on Windows Server 2003 - Inetpub/wwwroot/library - 192.168.0.3) publicly. But Apache webserver is on Linux machine. In one of previos topics I was adviced to mount this remote machine webfolder into Linux /var/www. Well this way it want work. I was adviced it can be done through redirecting.
I have had a look at the the information on the ubuntu forum about this but am having trouble getting the server to do what i want it to do.
I have a VPS running ubuntu 9.10 and i am trying to set it up to redirect port 25 to a remote machine via a VPN connection (remote machine connected via VPN)
i have tried setting this up in the firewall using webmin but it is not working.
i have a problem........ How to redirect local http port to remote ip ddress(192.168.10.64) using iptables..my destro is Centos 5.3 my rule is this iptables -t nat -A PREROUTING -s 0/0 -d <my local ip> -p tcp --dport 80 -j DNAT --to-destination 192.168.10.64
I'm trying to workaround a limitation in a server application. The limitation is that I can only connect to a LOCAL mysql database. I am trying to fool the server in to using a remote mysql database. I was hoping to do this by simply forwarding 3306 to another server on the same subnet.To that end I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
I'd love a hint or two on the following problem. I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
Code: iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to 128.XXX.XXX.XXX:3197 iptables -A FORWARD -p tcp -d 128.XXX.XXX.XXX --dport 3197 -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE Since locally-generated packets will never hit the PREROUTING rule, you'll need to setup a near identical rule using OUTPUT to make it work. Here is what I've tried:
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
My server is connected to the Internet for ssh on port 22 with root logon disabled, a single non-dictionary word user name allowed, and pki authentication only (about as secure as I can make it). I've previously run fc5 and 9 servers using the same sshd config since 2006 and had no security troubles, so I'm happy, but.. After the fc13 install and configuration, logins from a host on a remote network are taking about 1m 30s to complete! A (partial) console output for ssh -vv appears below. The lines marked with "**" were the lines after which significant pauses happen. This is fully repeatable.
Code:
debug1: Next authentication method: publickey debug1: Offering public key: debug2: we sent a publickey packet, wait for reply
I have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
I have a F11 box serving xdmcp. I log into them machine remotely with xming. As far as I can tell, all x clients work fine, EXCEPT for sealert. I get occasional selinux alerts, but I cannot use the sealert browser on my remote machine. When I try to run the browser, I get this: sealert -V -b
2010-03-05 11:27:49,841 [dbus.proxies.ERROR] Introspect error on :1.61:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-03-05 11:27:49,842 [dbus.proxies.DEBUG] Executing introspect queue due to error 2010-03-05 11:27:49,842 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.61 was not provided by any .service files
I see the bug at [URL].. but it does not mention the browser, nor does it say what the fix/workaround is..Im going to stab in the dark and start relabeling things, but anyone know what's really wrong?
