Security :: Guarddog Iptables - Reading Logs ?
Aug 15, 2010What the following means?
Code:
Does this mean that connections from those IP's have been blocked or what?
ADVERTISEMENT
Ubuntu Security :: Resolving IP Addresses In Iptables Logs?
Jan 19, 2010whether iptables logs can be set to automatically resolve IP addresses? I am running the firewall on a network with DDNS/DHCP, and this ability would really help quickly identify hosts with suspect traffic.Failing this, I guess the simplest solution will be to simply set static addresses!
View 1 Replies View RelatedUbuntu Security :: Iptables Firewall Logs Router?
Apr 5, 2011In an effort to learn more about firewalls and iptables I have left behind gui set-up tools and have setup a firewall using iptables that logs to its own file. The firewall is as follows:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TCP - [0:0]
[Code]...
Fedora Security :: Set Conditions To See Logs Of All Security Intrusions
Jul 19, 2011I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies View RelatedSecurity :: How To Find USB Logs
Jun 16, 2010how to find USB enteries/ logs in linux
View 5 Replies View RelatedSecurity :: All The Logs Are Wiped Out ?
Apr 22, 2009I have connected to my friends machine, for some reason . all the logs are wiped out . ?
CentOS .
There is nothing there? is this a unusual to Linux systems?
Ubuntu Security :: Can't Find The UFW Logs
Mar 18, 2010I cannot find one single UFW event anywhere. I have researched this and see that others have trouble finding these logs too. I have looked in every /var/log there is and I can't find one event. I have UFW enabled, default deny and logging set to medium from a previous logging low(in hopes this would create more events to be seen). In terminal, UFW is shown as active. I have been using Ubuntu for more than a year now and I recall seeing UFW events with every session in some /var/logs in Ubuntu 9.04 - I'm running 9.10 now. I have also tried looking throughout the system files and have found nothing. Is UFW not working properly or could I just not be experiencing any firewall events(not likely)?
View 9 Replies View RelatedUbuntu Security :: Where Does ZEIGEIST Put Its Logs
Apr 26, 2011If anyone knows where does ZEIGEIST put its logs. Is it in my home folder, or is it somewhere else. I have my home folder enrypted and this is really not very secure if someone can see those logs...So. Does ZEITGEIST put logs in my HOME folder or not?
View 7 Replies View RelatedSecurity :: Auditing Samba Logs?
Mar 18, 2011I have in my hands a bunch of samba logs, about 24 different files and I was wondering if there was a tool that would go through them and organize them into something readable.I had a gander at Sawmill
View 2 Replies View RelatedServer :: Security Logs With Message ID?
Mar 9, 2011Iam looking security specific event ID on Linux .hear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for Linux,unix ,Solaries,AIX etc event ID. I would to correlate and implement with Arcsight.
View 2 Replies View RelatedSecurity :: Finding & Parsing LDAP Logs?
Mar 24, 2010Please let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them
View 3 Replies View RelatedSecurity :: Syslog - Missing Entries To Logs
May 23, 2011CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
Security :: Unknown IP Addresses In Samba Logs?
Feb 1, 2011I have a (headless) Debian (Linux debian 2.6.26-2-486) system running on an old Pentium machine in our home network. I use it as a Samba share, among other things. I recently noticed some Samba log files that I cannot explain the origin of. In /var/log/samba there are a couple of files like this one:/var/log/samba/log.istvan (Note: there is no machine named 'istvan' in my local network)
Code:
[2011/01/04 21:15:34, 1] smbd/service.c:make_connection_snum(1198)
istvan (::ffff:78.92.155.185) connect to service boeken initially as user nobody
[code]...
Security :: Reading Encryption Password With Bash?
Nov 20, 2010I have two cryptsetup volumes with the same password that I want to open in a bash script, and I want to avoid writing the passphrase twice. I was thinking of using read -s. Is there any security problems with this?The other alternative would be to have a password file on a small partition encrypted with a passphrase. Then only give the passphrase and let the script open up all encrypted volumes using the password file. However this seems overly complicated. But is it more secure?
View 3 Replies View RelatedSecurity :: Reading/writing Encrypted NTFS?
Jul 25, 2010My main workstation incorporates a mixture of ext3, ext4, and NTFS partitions scattered across a number of hard drives. Several of the ext4 partitions are encrypted, and I intend to encrypt the rest of the Linux partitions in the near future.I run VMware workstation, with several Windows OS guests, including Win2K, WinXP and Win7. My Win7 VM is installed on a virtual hard disk, and that virtual hard disk is encrypted using VMware facilities.So this leaves me with a bunch of NTFS partitions that are not encrypted. These are physical partitions on a couple of different hard drives. The reason I have them is ancient and historical, and as I have upgraded my system over time I have maintained the architecture due to the extreme difficulty of rearranging Windows systems.I still need to maintain Win2K and WinXP support, and rearranging those virtual machines would represent a hideous nightmare for me; I really want to maintain the same hard drive partition architecture.But I want to encrypt the NTFS partitions, in a fashion that can be handled by any of the Windows operating systems, AND can be accessed for read and write from Linux.Is this possible? If not using Windows facilities (I don't think ntfs-3g handles encryption, and there are known backdoors in the Windows facilities anyway), is there any third party solution that would work? Would True Crypt do the job in a fashion that would permit access from all the various operating systems, as required? I do generally mount the NTFS partitions in whichever Windows VM is appropriate, then share them out via SMB, but there are circumstances (like when a VM is not running) where I will directly hit them from Linux. So, it is possible for me to contemplate a solution that only works from Windows, but this would cost me the ability to repair/modify those filesystems directly from Linux, which under certain circumstances (a malfunction of the VM, for instance) could be a problem.
View 2 Replies View RelatedDebian :: Debian Lenny Iptables Does Not Logs
Mar 29, 2011I have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:
Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx
[Code]....
i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty
Ubuntu Security :: Internet Logs - Privacy With Firefox
Jan 8, 2010These files seem to contain browsing history:
~/.mozilla/firefox/xxxxx.default/cookies.sqlite ~/.mozilla/firefox/xxxxx.default/formhistory.sqlite ~/.mozilla/firefox/xxxxx.default/downloads.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite-journal
~/.mozilla/firefox/xxxxx.default/Cache/
Therefore I have cleared these files using an erasing program. I am wondering if there are other locations where such log files are stored for Internet browsing. I have looked in the /var/log directory and cannot see anything - for example doing a grep on http:// after browsing in Firefox does not reveal anything obvious.
Ubuntu Security :: Alerts When Apache LOGS Contain Certain Data
Jul 10, 2010Does anyone know of any software that can monitor the Apache logs for certain phrases or keywords then send an alert when found? For example I know an attempt to hack has been made when I see log entries like this....
/admin/
/admin/phpadmin/
/phpadmin/
But by the time I see it, the attempt has long since failed or succeeded. What I need is a way for my server to alert me WHILE someone is entering these phrases. I realize there may be a "hit" to performance but my server is not that busy anyway (except for hackers).
Ubuntu Security :: Sshd Logs And Connection Ports ?
Feb 9, 2011What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
Security :: Exim Logs Spammed With Large Headers
Feb 12, 2011Has anybody else seen this kind of attack? I see those messages on 2 exim mailservers. Looks as if someone sends a 50MB big mail header :S What is their goal except from increasing my traffic?
Code:
2011-02-12 07:48:53 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=ns33.medialook.net [91.121.108.5] input="GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
[Code].....
Security :: OpenLDAP / NSS / PAM Produce Logs Of Failed Login Attempts?
Feb 16, 2011I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.
I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:
Installed OpenLDAP server/client on host (plus nss_ldap).
Configured /etc/openldap/slapd.conf (see below)
Configured /etc/openldap/ldap.conf (see below)
[code]...
Security :: Filter Pam_rhosts_auth Messages To Prevent The Logs Filling Up?
Mar 8, 2010I have a batch job which logs in to the server every 10 minutes via windows rsh. The job checks to see is there are any files that need to be send via a EDI serverto a supplier.The following logwatch report is swamped with the login messages and would like to either suppress the logging in PAM? or suppress the entry in the logwatch report?But I still want logging id the username is not username1.Connections (secure-log) Begin rshd[1754]: pam_rhosts_auth(rsh:auth): allowed to username1@10.0.0.1 as myedi
View 2 Replies View RelatedSecurity :: Support Of Third Party Tools Logs In Syslog/rsyslog?
Aug 23, 2010I am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that
View 2 Replies View RelatedUbuntu Security :: Install File For Reading Some Windows .dat Files?
Jun 15, 2010I want to install this file for reading some windows .dat files[URL]...I looked at some code and it looks like its trying to connect to an outside server. This program is supposed to give non-Microsoft e-mail programs the ability to see attachments included in an e-mail message by a Microsoft e-mail composer.
View 3 Replies View RelatedUbuntu Security :: Router Logs Show Outgoing Telnet Connection
Apr 22, 2010I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
View 2 Replies View RelatedUbuntu Security :: Home Folder - Reading Data Encrypted With Old Version
May 17, 2010If I wanted to transfer a home folder that was encrypted to another ubuntu computer could I? If I had a separate home partition that was encrypted, but I wanted to upgrade ubuntu to the latest version by doing a clean install is there an easy way so that I can still read the data encrypted with the old version?
View 5 Replies View RelatedSoftware :: Guarddog Blocking Gmote Protocol ?
Jan 19, 2009I am using gmote on my android phone to control my desktop. this works fine when guarddog is disabled and even though i have legato networking protocol enabled (this is the port range gmote is supposed to use 8889 and 9901) i am still having no luck locating my desktop with the firewall enabled.
View 2 Replies View RelatedSoftware :: Install And Use Guarddog Firewall - A KDE App - In GNOME?
Dec 15, 2010Would it be perfectly okay to install and use Guarddog firewall (a KDE program) in GNOME?
View 5 Replies View RelatedFedora Security :: SELinux Prevents Httpd From Reading Homes - Intrusion Attempt?
Aug 30, 2010the following security alert made me checking my httpd.conf:
Code:
Summary:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code:
LoadModule userdir_module modules/mod_userdir.so
in the same conf-file the access to home-dirs is disabled:
Code:
<IfModule mod_userdir.c>
[Code]....
Ubuntu :: Guarddog - Cannot Run Pogo Games When The Firewall Is Enabled
Aug 11, 2009I'm running Jaunty. For some reason, I cannot run Pogo games when the firewall is enabled. I've tried allowed "direct play gaming", thinking that might help, but it didn't. So i guess I need a custom protocol. What ports does Pogo use so I can allow them? Hopefully someone knows... and yes, I do have java. Pogo works if I turn the firewall off. Also, Ktorrent does not work either. I happen to know the ports this one uses, but when I make the protocol, it still doesn't allow torrents to run. The ports I'm trying are 6881 and UDP 4444.
View 2 Replies View Related