Security :: Ensure Changes To System-auth Do Not Lockout Root?
Jan 8, 2010
I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
View 1 Replies
ADVERTISEMENT
Mar 8, 2011
internal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
View 1 Replies
View Related
Oct 5, 2010
I am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies
View Related
Mar 16, 2011
Password strength in Linux can be ensured by setting parameters in /etc/pam.d/common-password file. But these policies apply only for non-root users, when they set password for themselves.s there any way to ensure strength of passwords assigned by root?Example: Normally root can assign passwords like "hello" "password" etc. Is there a way to ensure that passwords assigned by root must contain a special character and a digit as mandatory?
View 1 Replies
View Related
Aug 10, 2010
In a research environment how can I ensure that all RPMs / packages that appear on one system will exist on another? I.e. when using rpm -qa all libraries on one system will be there on another. The reason for this is to ensure they are as close as possible. Is there an easy way to do this without dealing with a larger management suite tool?
View 1 Replies
View Related
Mar 29, 2010
I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
View 8 Replies
View Related
Feb 11, 2011
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
View 1 Replies
View Related
May 7, 2010
I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 Replies
View Related
May 8, 2009
i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
View 9 Replies
View Related
Jan 10, 2011
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
View 1 Replies
View Related
Jan 17, 2010
My system started running at 75 % CPU (its normally 20%), so I opened a terminal and looked at 'top', there are many processes running as root, the one thats sucking the CPU is this:'user'- root, 'pid'-2963, 'command'-X. below that there are a few processes of my user account, then alot more 'root' processes.
View 2 Replies
View Related
Mar 8, 2010
I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
View 8 Replies
View Related
Jan 25, 2011
I login as normal user. I can 'su root' fine - password authenticates. However, If I try to run System->Administration->Users/Groups, when it asks for root password, it is rejected. When I run updater, it reports failure to authenticate, but doesn't even ask for root password beforehand. Is there a cached password someplace?
View 7 Replies
View Related
Aug 10, 2010
I'm getting a lot of mail messages with not really any information (that I get anyway) but things like:
@312>
W266>
I372=
[code]...
View 3 Replies
View Related
Mar 3, 2010
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
View 1 Replies
View Related
Jun 23, 2009
I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.
These are:
I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:
That's it. Are there other solutions to make the root file system is read-only?
View 1 Replies
View Related
Feb 2, 2010
For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.
I took little real threat by the offense.
(1) my system does not allow root to login and
(2) it would cut them off sooner than later when my system issued the stop command.
fast forward
Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.
Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?
View 4 Replies
View Related
Mar 3, 2010
I'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies
View Related
Aug 10, 2010
I have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
View 8 Replies
View Related
Mar 8, 2011
nternal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it. it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond here is my system-auth file on the affected server:
[Code]....
View 3 Replies
View Related
Feb 12, 2011
I have been trying to use my DS2490 USB to serial device with a Maxim .DG1921G thermocron with owfs. It is supposed to give me access to a virtual file system for the thermocrom without needing to launch owfs as root.
Code:
/var/log/messages gives:
Feb 8 16:22:45 norman-HP-G56-Notebook-PC kernel: [ 236.140141] usb 5-1: new full speed USB device using ohci_hcd and address 2[code]....
but if ds2490 module is loaded it works when run sudo.It seems from this that it is a lack of permissions to USB but I have tried all the methods on at http://owfs.org/index.php?page=udev etc. to overcome this and a few others but none work.I am running Ubuntu 10.10 kernel 2.6.35-22-generic #33-Ubuntu SMP
View 1 Replies
View Related
Jun 26, 2011
I know I need a better title, but don't have one.
The problem is when watching a video F15 Gnome decides to send me to the unlock screen. Think that's what it's called. So I have to type in my pass.
A little bit later, same thing. So how can I prevent it from happening?
View 2 Replies
View Related
Apr 20, 2010
I'm hoping someone can help me out.I made configurations changes to/etc/pam.d/system-auth and /etc/pam.d/login. When these files are configured the way they are, I can't login and/or I can't login in the GUI interface and a terminal. Contents of /etc/pam.d/login
Code:
#%PAM-1.0
#line added per security guide
[code]....
View 2 Replies
View Related
Jan 30, 2010
anyone know how to turn off or adjust the lockout feature in ubuntu.I am running the new 10.04. With this feature after I am idle for time til I am brought back to the login screen, this is very annoying for me and I have to keep unlocking multiple times a day.Hopefully there is a way to configure this behavior.I am note sure if this is something specirfic to 10.04.
View 1 Replies
View Related
May 10, 2010
I have a Lucid machine that is driving me bonkers by constantly locking the desktop screen, forcing me to enter my password each time to unlock it. I have looked everywhere but cannot find out where to change this setting.
View 2 Replies
View Related
Jun 11, 2011
I am running Ubuntu 11.04 on a dual boot with Windows 7 Home Premium (32 bit) Dell Inspiron 560s.
As long as I am engaged in activity in Ubuntu all is well. However, if I leave my computer to get a cup of coffee I find on my return the computer screen is blank and when I activate it a window comes up asking me to enter my password to take it out of lockout, leave a message etc.
I can't seem to find the appropriate command to increase the time before I get locked out.
What steps can I take to increase the time the system stays active before I am kicked out and have enter my password again?
View 2 Replies
View Related
Jan 20, 2011
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies
View Related
Apr 12, 2010
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies
View Related
Mar 25, 2010
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies
View Related
Sep 8, 2010
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies
View Related