Security :: How To Threshold Value For Failed SSH Comms Script
Mar 3, 2011
I was playing around with a script that seems to work relatively for my needs when SSH comms fail - AKA a user or someone attacking. This works. But, how would I add a threshold value? lets say if there are 3 entries, then perform add the IP to iptables as a rule.
Code:
#!/bin/sh
#
# FIREWALL SCRIPT
#
# March 1st, 2011
#
# Purpose:
# Add offending IP from failed SSH connections
# to the iptables (firewall) rules.
#
## Vars:
TIMETHRESHOLD="10" .....
View 3 Replies
ADVERTISEMENT
Nov 29, 2010
How do I get a serial device to simply send me the data without mucking it about. I mean, if I write a c prog in DOS or a C prog on an embedded system, I get the bytes that ar sent down the line. With linux I seem to get extra characters in it (0x1A crops up alot) and its very frustrating. I am using a virtual machine with WinXP in it, merely to monitor a 38400 baud 1 stop bit 8 data bits serial line. The linux terminall /dev/ttyUSB0, throws data at me nicely but about 10% of it is gonk. I want some magic command
like stty -F /dev/ttyUSB0 38400 -totallyraw
View 3 Replies
View Related
Dec 6, 2010
I want to write a program that intercepts in real-time all network comms of whatever protocol that goes through eth0 (in and out) on my box. What do I need to take into account and where can I get necessary info? Pointers to samples & algorithms would be most welcome. There must be a standard way to access/use eth0, but I can't find.
View 6 Replies
View Related
Jun 8, 2011
went through the tutorial on FedoraSolved for securing ssh. I installed denyhosts with yum and then tried to run it with the command line command"sudo /etc/init.d/denyhosts start" but I got the message"Job Failed. See system logs and 'systemctl status' for details [FAILED]"and in the application "services" in the applications menu,t shows an exclamation warning and says that "This unit has failed"
View 1 Replies
View Related
Jun 25, 2011
It's from my /var/log/messages
Jun 25 12:27:19 nl kernel: CPU0: Temperature/speed normal
Jun 25 12:27:19 nl kernel: CPU4: Temperature/speed normal
Jun 25 12:27:19 nl kernel: CPU6: Temperature/speed normal
Jun 25 12:27:19 nl kernel: CPU2: Temperature/speed normal
Jun 25 12:27:19 nl kernel: CPU3: Temperature/speed normal
Jun 25 12:27:19 nl kernel: CPU7: Temperature/speed normal
[Code]...
I checked the temps with ln_sensors, KVM and DC temps, everything is running great. I didn't get any shutdown in the meantime. I basically need a way to disable those warnings but reboot is out of question, means no BIOS. Hope its possible to disable it from the console itself, with blacklistinh some kernel module(s) or something like that.
View 3 Replies
View Related
Jun 14, 2010
Got HP proliant dl360 g6 running RHEL 5 (x86_64). 10 days ago full update was done, inc kernel was upgraded. Everything has worked normally until today I got in log:
Jun 14 09:28:02 hp_proliant kernel: CPU3: Temperature above threshold, cpu clock throttled
Jun 14 09:30:41 hp_proliant kernel: Machine check events logged
Jun 14 10:01:01 hp_proliant mcelog: Processor 371118208 heated above trip temperature. Throttling enabled.
Jun 14 10:01:01 hp_proliant mcelog: Please check your system cooling. Performance will be impacted
Jun 14 10:01:01 hp_proliant mcelog: Processor 371118208 heated above trip temperature. Throttling enabled.
Jun 14 10:01:01 hp_proliant mcelog: Please check your system cooling. Performance will be impacted
Server room as AC, temperature is normal all the time.
hpasmcli -s "show temp" shows everything (AMBIENT, CPU#-s , CPU ZONE ) is normal, belowe threshold.
Current kernel: 2.6.18-194.3.1.el5 #1 SMP Sun May 2 04:17:42 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies
View Related
Apr 24, 2010
Did anyone else notice in the 10.04 RC that it is very difficult to expand a window from the left or right side? The threshold is one pixel long before the arrow disappears.
View 2 Replies
View Related
Jan 5, 2010
I have installed nagios in a CentOS vm and now its monitoring the local host, one remote host which is also a vm with CentOS 5.3 and one windows xp system. Is there any option for me to change the threshold time for the services given? For e.g. I had a service of current_load which comes as a default plugin while installing nagios itself. What should I do to change the threshold value of the current_load so that I might get the warning or error alert some time earlier as it was now.
View 5 Replies
View Related
Mar 3, 2011
I need to do some serial comms work and need an equivalent to hyper terminal on Debian. Does it exist?
View 3 Replies
View Related
May 15, 2011
I want to create a tunnel from my home computer to a linux server by SSH, then i can use the tunnel as a tcp forwarding proxy(SOCK 5) to access the web via the linux server. But i got "Internet Explorer cannot display the webpage" on my home computer, and when i check the "/var/log/secure" in the linux server(fedora), I found: "sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied"
View 14 Replies
View Related
Feb 3, 2010
I just installed FC12 and was trying to do the security update, but it encountered an "internal error" and asked me to "report this bug to the distribution's bugtracker" with the details. However, I am not sure exactly what to do. Could someone be kind enough to let me know?
View 1 Replies
View Related
Apr 24, 2011
I don't know why but my server is no longer successfully updating its security repositories when I run 'apt-get update' on my system.Some index files failed to download, they have been ignored, or old ones used instead.Did I mess something up? No changes have been made to the server and I ran 'apt-get clean' and that didn't really do much.
View 2 Replies
View Related
Nov 30, 2010
How do I monitor who is ssh'ing into a box (SLES) as well as failed attempts? How can I log their IP addresses, even if they're not in DNS?/var/log/messages I see their hostname but no IP address
View 13 Replies
View Related
Jul 7, 2011
I'm running 11.04 (64 bit) get the following in my syslog
[Code]....
1) Why is this happening
2) How can it be fixed
3) How can it be avoided
View 3 Replies
View Related
Jun 23, 2010
Im using CenOs 5 and have install a mail system(postfix+dovecot),when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. How can i to fix this problem?
View 2 Replies
View Related
Apr 27, 2010
Does anyone know a method for setting the timeout period for failed logins on Linux RHEL5.x systems? Linux docs say to set the failed login delay paramter in /etc/login.defs to the desired seconds. I did this, but the settings have no effect, ie weather set to 2,4,10, etc, the actuall failed login timeout period(which I verified with a stopwatch), never changes.
View 1 Replies
View Related
Jan 26, 2011
I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).
I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).
I have done the follwoing configuration at both sides
SERVER SIDE.
users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"
[Code]....
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
View 2 Replies
View Related
Mar 25, 2010
how to block any IP address who failed to connect more than 3 ssh?
View 5 Replies
View Related
May 20, 2010
How does one unlock an account when it is locked by too many failed attempts for login?
View 1 Replies
View Related
Aug 1, 2011
I have been trying to get pam_tally2 to block failed logins with ssh. No matter how many failed logins I do I can still log in with the correct password using SSH. Anyone have this working?
Here are the configuration I am using. I have put this in sshd and password-auth-ac.
auth required pam_tally2.so deny=3 file=/var/log/tallylog lock_time=180 unlock_time=1200 magic_root account required pam_tally2.so magic_root In the /var/log/secure I do see messages related pam_tally2 and the counter going up.
View 1 Replies
View Related
May 25, 2010
I'm trying to lock an account after a number of failed login attempts in a RHEL5.
This is the relevant configuration in /etc/pam.d/system-auth
In the logs I can see how the count of failed logins increase and exceeds my deny option but the account isn't locked
Do I need any other option in the PAM file? Is there any other way to lock an account?
View 5 Replies
View Related
Aug 11, 2009
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
View 7 Replies
View Related
Jun 3, 2010
I have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.
View 2 Replies
View Related
Jun 24, 2010
I'm using FC8 and have installed a mailserver(postfix+dovecot),when I trying to enable the selinux mode to enforcing and i'm have some issue, the user authentication failed.if turn the selinux mode to permissive, then it work right.How can i to fix this problem?
View 14 Replies
View Related
Feb 16, 2011
I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.
I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:
Installed OpenLDAP server/client on host (plus nss_ldap).
Configured /etc/openldap/slapd.conf (see below)
Configured /etc/openldap/ldap.conf (see below)
[code]...
View 2 Replies
View Related
Jan 7, 2010
I get the error message in the subject line, followed by a red failed message.
However, once the system is finished booting, I can log in and
Code:
sudo /etc/init.d/apparmor start
and it starts normally.
View 7 Replies
View Related
Mar 3, 2010
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
View 1 Replies
View Related
Jun 10, 2011
Failed login attempts are logged to syslog with the user id or login id set to UNKNOWN_USER or UNSET.Anybody know if this is configurable. I would rather it just pass the actual id that the user used. Doesn't matter if it exist or not, just want to know if someone is guessing at user names and what those user names are
View 1 Replies
View Related
May 18, 2011
A create an application which has to bind to port less than 1024 and must be launched under non-root user. OS: Ubuntu 10.04. Decision 1: Using a firewall to redirect packets. Problem: This decision is not good for me. I need simple way to solve the problem. Decision 2: Use CAP_NET_BIN_SERVICE. Problem: My execution file has 2,7G size. It is very big application with a lot of debug info. setcat command return an error:
[code]...
View 1 Replies
View Related
Jul 23, 2011
after upgrading ClamAV to version 0.97.1 and run the command Code: clamscan -r -i / --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc | mail -s "clamav scan report XYSERVER" xy@mail.com the following errors appeared:
[Code].....
View 3 Replies
View Related
