I want to filter and block failed attempt to access my proftp server. Here are few line from the /var/log/secure file:Quote:
Jan 2 18:38:25 server1 proftpd[17847]: server1.XYZ.com (93.218.93.95[93.218.93.95]) - Maximum login attempts (3) exceeded
Jan 2 18:38:27 server1 proftpd[17864]: server1.XYZ.com (93.218.93.95[93.218.93.95]) -
[code]....
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
View 7 Replies View RelatedI learned that, even while on Linux, using Iceweasel/Firefox 3.0.6 is not safe. So I tried to update the browser for my PPC G4 iMac (256 MB RAM, 800 MHz processor).
1. I downloaded a backported Iceweasel .deb from URL...
2. I then tried to install it with dpkg -i PathToIceweasel.deb
3. There was an error. I remember seeing xulrunner-1.9.1 is not installed. I tried to install that with apt-get but it was not available.
4. Now when I click on web browser I get the error "Failed to execute default Web Browser: Input/Output error".
5. What can I do without having to reinstall?
I followed blindly this how to : [URl].. out of laziness and then for some reason bind9 didn't want to start. So I tried to apt-get remove it, but when I re-install it, it failed because
Code:
chgrp: cannot access `/etc/bind/named.conf*': No such file or directory
so I assume the chrooting stuff I did is in the way, but I know very little about chrooting and permissions ... how can I undo the following things I did :
Code:
/etc/init.d/bind9 stop
[Code]...
We have a CentOS server which has beed restarted due to some reason. Now we have ping to the server and we can reboot it via KVM, but the server loads to some messaageThis is filter.unknown_domain (Linux ...)Filter Login:and then it stops. Do you have an idea what might be the problem and how can we fix it?
View 2 Replies View Relatedi was tasked to setup a proxy server to block access to some websites. i'm using centOS 5 and Squid 7:2.6 STABLE21-6.e15...i appended the following and tested the configuration with the supposed server i am using and the it does seem to work but now i'm wondering how i can test it with a client computer..i have 2 LAN cards and i just connected the other to one PC (can a direct connection work or does it need to pass thru a switch or hub)...i just can't figure out how it should be... how do i configure the 2nd LAN card to use this computer as its proxy server?
View 8 Replies View RelatedI think the installation caused the corruption of the partition table. I removed the last 3 logical partitions and gparted correctly reported the 2 remaining distros and the swap. The problem hopefully will be solved when I reinstall those distros. I have a 160 gig HD with 3 Linux,1 swap,and a Windows partition. I attempted to install PCLINUXOS unsuccessfully. When I rebooted I had the same grub. I checked gparted and it indicated all 160 gigs as unallocated. fdisk shows the partitions. and indicates one partition as empty where I attempted to install PCLOS.
No problem in accessing any of my distros, but currently I can't make any changes to my HD. I've tried parted magic and there was no solution there. I have been unable to download the Ubuntu Rescue remix. Is there a way to restore? I haven't used fdisk or cfdisk for that purpose. I am beginning to think I would need to delete all of the partitions in the extended.
FDISK
omitting empty partition (8)
Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x23213b72
Device Boot Start End Blocks Id System
/dev/sda1 * 1 5354 43005973+ 7 HPFS/NTFS
/dev/sda2 5355 15690 83022975 5 Extended
/dev/sda3 18740 19059 2560000 82 Linux swap / Solaris
/dev/sda4 19059 19458 3203072 83 Linux
/dev/sda5 5355 7908 20506624 83 Linux
/dev/sda6 7908 10840 23552000 83 Linux
/dev/sda7 10840 13772 23552000 83 Linux
Can you show me how to block a domain from local access through URL Filter?ay be an example is a very good start.
View 10 Replies View Relatedvsftpd not working on my CentOS system. I tried logging in using FileZilla but the error message was: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
View 7 Replies View RelatedFilter access server through the net only to authenticated users from domain controller (Win2k). Server (Centos)(Firewall with 2 nic), which makes access to the net, with only 196MB RAM (PIII500Mhz), so I do not want a solution based on proxy or what resources it uses large I want a solution with a script that runs at login on windows this check series HDD and to communicate with Linux server that's open accessor another simple solutionNow just use only MAC filtering on
View 1 Replies View RelatedI need to block all BitTorrent access on my machine, ie blovk users from using Bittorrent. Is there a port range I can block or some sort of protocol?
View 9 Replies View RelatedI run my own home server using OpenSuse 11.1, everything is setup using apache, php, etc etc, and it all works perfect, but now I need to use my own email server for the use of Dolphin social networking software, so that when someone registers, the email server sends out registration confirmation emails, so I set up postfix, yeah right!!!, even though I followed all instructions to set postfix as a closed relay, a test done at mxtoolbox site still said it was an open relay, but while I was trying to set up postfix, my access to the server slowed down, and my servers drive light was constantly active,,, so when I look at the mail queue, I saw 4000+ emails, all from japan, (hinen.net), so I promptly shut down postfix and use postsuper -d ALL in the command console to delete the queue, but no matter how I try, I couldn't configure postfix as a closed relay,,, so I uninstalled it and installed sendmail, and using webmin, I could use a spam list and block the domain, now, sendmail's test at mxtools show as a closed relay, I can't even send out a test email using smtp auth, but disabling auth, I can, but now my IP is blocked at spam cop, and spamhaus,,, gmail server say my IP is not authorized to send to their servers, but to use my ISP relay instead,,, but my ISP doesn't have a relay,,hence the need to run my own email server.
My home server uses double layer firewall, a hardware firewall between the internet and the server, and a software firewall on the server, and I only allow the ports I need, IE, 80 = http, 443 = https, 20/21 = ftp, 25 = smtp, 110 = pop3. and that's all, but any other internal access from my workstation to the server, using ssh, I only open the ports on the server firewall. If someone here has a great deal of knowledge on sendmail, and can set up a an M4 (linux.mc) config file for me, it would be much appreciated. What I would like my email server to do, is to only allow the sending of emails from inside it's own server system,, ie, when a php script sends an email to the server, then the email server would let it through, but anything else, outside the local network is ignored.
I need to make a script in which I want to block an ip when its access on a web server exceeds than certain number e.g., 5000 for a particular time period, let's say for 6 hours or 12. If any ip exceeds that limit, it should automatically be blocked. I also want to run this script on regular intervals in 24 hours for atleast 2 times.
View 2 Replies View Relatedin my network, users has total access to their PCs, so theres a problem to filter (URL, ports,etc.) their virtual machines installed (they can assign self any IP, e.g.)
Id thought about use the MAC prefix in VMware VMs (00:0c:29:*), but i can only found a way through DHCP, and this isn't a good solution (they can assign a static IP to workaround...)
It will be better using firewall (iptables), but I don't found the way to add rules based in MACs with wildcards.
I had a failed attempt at an upgrade to 10.04 but I know the error of my ways however before I go through it again does 10.04 still have the tools available for a dial-up connection, wvdial & gnome ppp?
View 4 Replies View RelatedI installed from a live CD when it came to selecting the partition I re-sized the partition that Ubuntu was on because it was 68 gigs I shaved off 15 gigs for SUSE. Then I selected this new 15gig partition to install SUSE on, everything went fine with the installation I was tinkering around on SUSE but of course I needed internet access, so I go to get on Ubuntu where I had my file with my network key. I restarted expecting to see the usual GRUB boot-loader screen only now with an added option for SUSE. Instead I see an entirely new layout for the GRUB boot loader and all that is listed is SUSE, Failsafe SUSE, Windows XP, and Floppy. The Windows is my XP install and it loads fine sadly it is actually what I'm using now because it is the only thing left that I have my network key saved so I can get on this forum.
Looking on SUSE I notice that the 50gig partition formerly known as Ubuntu still exists I figure no problem add the partition back on to the boot-loader and I'm good to go. Added it and when I select to load it nothing happens it starts to then reverts back to the OS list. Does anyone A) Know how to resolve this or have any ideas. B) Think I can at least copy files off that 50 gig partition to an external hard drive.
When I try 'makebootdisk' and get to the 'format' stage, it tells me: "The attempt to format the floppy disk in /dev/fd0 has failed ..." The disk is fine, and can be read from, but the above msg. shows up instantly -- the light on the drive doesn't even come on. I'd expect this to be a routine problem but I can't find any solutions either here or on the web.
View 2 Replies View RelatedI am running CentOS release 5.5 (Final) with PROFTP installed.
I am able to connect to the ftp server from local, but when I try it from dream weaver CS5 it can't connect to the server. I ran a port scan and 21 seems to be open:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
[Code]....
I'm running a ProFTP 1.3.3 server on a CentOS 5.5.What has come to my mind in terms of security is to have the server disabling / deactivating account that enters the wrong password, lets say three times.Using MaxLoginAttempts only limits the possible retries on a open connection.
View 2 Replies View RelatedI made an attempt to backup my system (karmic koala) using this routine. cd / then sudo tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /
The process of backup went on for a very long time, which is probably normal. On returning to the computer in the morning, it was in suspend mode and would not power on via the usual method,tapping power button. So then I used the reset button, and after booting up a message appears on the top right that reports "Install problem! The configuration defaults for GNOME Power Manager have not been installed correctly. Please contact your computer administrator."
Is there something wrong with the statement that was used for backing up the system? Also when I attempt to login it does not work now either, it eventually returns to the login user selection. So is there a possibility the backup finished and then there may be a chance the system can be restored from the backup file? I have tried booting up with a live cd and could use some advice on how to navigate with terminal to root of the system and see if the backup file exist even, have been unable to get to the root folder(where the backup would be) with the GUI method via live cd.
My buddy has a computer with a problem and hes asked me to see if I can retrieve the data documents from the computer. The subject computer is a COMPAQ PRESARIO SR5030NX with a Pentium 4 cpu, 3.2 GHz, 1 GB RAM, running Windows Vista Home Basic.
His goal was to create a dual boot computer UBUNTU and Vista. What he did was to install UBUNTU, partitioning the computer in two partitions. The computer is now giving an error code of 21 when GRUB Loader starts up. Is there a restore disk or some kind of utility that can undo what was done to the computer. He has no backup disk.
I tried Recovery Commander Ver. 3 made by Avanquest but as their website indicates it�s for XP. They never updated it for Vista and Windows 7. Is there a utility that can undo some of the changes that were made to the machine when UBUNTU was installed, albeit, unsuccessfully.
(1) I have an HP PC running XP professional and I was wondering if I take the hard drive out from the COMPAQ and rig it to my HP via a SATA/IDE to USB 2.0 Adapter device would I be able to see the contents of that COMPAQ computer that had Vista and now UBUNTU.
(2)What about attaching the COMPAQ internal hard drive and attaching it to my HP as a slave drive.
(3)Can the UBUNTU disk going to help?
Were just after the data files and not software programs.
I've searched lot on forums but couldn't find a related post. My problem is I want to hide my mail folders when login attempt in Evolution has failed. I dont use Remember password option so everytime I'm prompted for password.
When I give no password and escape that dialog, I can see all the mails that have been already downloaded form my gmail account. If any of you guys know already existing post, please redirect me to that one.
How to add parental control like { block web site access, restricting login access for particular time, restrict web access} for particular user accounts in Linux.
View 5 Replies View Relatedit possible to block root access to a particular directory.
View 7 Replies View RelatedA few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
I am trying to block a few websites on a lucid lynx, I tried editing /etc/hosts and that blocks access via url but the site still open if I enter the ip on the browser, how can I block ip access also? (without using any extra software besides what linux 10.04 have by default)
View 1 Replies View RelatedI have been using proftp for about 8 months. After getting the configuration right, it worked perfectly. It is only used intermittently, so I don't know for sure when the problems started, but I suspect it was triggered by a recent OS upgrade to Ubuntu 10.04 (64 bit). I have proftp set up so that TLS is required on both the data and control channels. The problem is that, after successful login, the server seems to be terminating the session because the client (FileZilla) is attempting to renegotiate something (probably the TLS). The client settings didn't change, nor did the server settings.
I have tried switching off the TLSRequired flag, and am then able to establish a non-secure FTP session which works (but that does not meet my requirements). I wondered whether the OS upgrade had somehow invalidated my TLS certificates, but the symptoms don't seem consistent with that cause. The TLS part of my proftpd.conf file is:
[Code]...
I run the openssh daemon on port 22 and have the proftp running on port 21. I would like to block SSH for a specific user.I use proftpd.I would like to prevent the SSH access for this user and leave the FTP working for this user specific.Into /etc/passwd, I tried to change the /bin/bash to /bin/false, but this blocks both SSH and FTP access for this account.
View 3 Replies View RelatedI have a LVM snapshot that triggers these kernel errors when any LVM-related commands run:
Jul 6 10:31:38 itmanager kernel: attempt to access beyond end of device
Jul 6 10:31:38 itmanager kernel: dm-28: rw=0, want=66156996183394672, limit=25165824
dm-28 is the snapshot volume in device mapper. I think this error is generated because most LVM commands will check the first 4K of various drives and volumes for LVM metadata and labels, but attempts to read any of the first eight sectors (ie: 4K) of this particular snapshot logical volume trigger this error.The most interesting thing is that the snapshot is 25165824 sectors long (12G), but attempts to access the first eight sectors result in an attempt to access sector 66156996183394672!I've obtained an info dump from getinfo.sh disk, and added the output from lvs. You can find the results here:URL.. It's not as if the sectors that back the first 4K of the volume are corrupt, either: the read request never hits any hardware because the read request is attempting to read a non-sensical sector, instead of the correct sector. Perhaps the COW metadata for the snapshot is corrupt?
How do I find the cause of this problem?Is this a critical error that I should file a bug report for?I first noticed this some time after turning the machine on Sunday afternoon.As far as I can tell from the logs, the shutdown the previous evening was normal.I use LVM fairly heavily on this machine, and this is the first time I've ever seen this kind of problem..I've worked around the problem by copying the first eight sectors from the Origin volume, and the rest from the Snapshot volume, to a new normal logical volume.However, I'm still concerned about how this error occurred in the first place.
I have a real system user say 'test', created in a number of system groups, up to 3 additional groups (including ftp of course). Its set to the usual standard directory /home/test. But what if I wanted to use /home/test as their home directory but login to what would be unknown to them to be ProFTP to make them go in say [URL] or something random like that, how is this done? Just been through things like this:
Quote:
<VirtualHost 192.168.0.255>
ServerName "ftp.mydomain.com"
ServerAdmin "me@localhost"
[code]....
But nothing seems to work.