Security :: Modsecurity - Switching From Logging To Denying

Apr 17, 2011

Just had ModSecurity with CRS installed for me on my hosted website, which I'm hardening after a recent hack. My site is a php-based user community with MySQL back end, so people register as members via php.

First, I'd like to properly log malicious activity Then I'd like to deny access where an attack looks likely Thing is, I'm not sure which /etc/apache2/modsecurity_crs modsecurity config files to tweak.then I can't even see my login page because I'm forbidden from the .php file it loads.I'm guessing I need to change rules individually but I have no idea how or which to change to stop attacks. The CRS documentation is just a bit too heavy to give me the basics.

View 5 Replies


ADVERTISEMENT

Ubuntu Security :: Can't Get Modsecurity Core Ruleset 2.0.8 To Work

Aug 30, 2010

I tried updating my modsecurity core ruleset to the latest version 2.0.8 and something seems broken. I didn't change any of my configs, I just downloaded the latest ruleset archive and extracted it just like I always do, If I go back to the previous version I was using, 2.0.4. everything works fine. Has anyone else had problems with 2.0.8?

View 4 Replies View Related

Security :: How To Make PAM Give Message When Denying Ssh Access?

Oct 23, 2009

We use PAM to control access to our RHEL4 servers. We would like PAM to give a message, of our choice, when users who are not allowed to login try to login. PAM's default is to let the user try 3 times without any explanation.

View 7 Replies View Related

Ubuntu :: Switching Between Desktop Environments Without Logging Out

Mar 21, 2011

I have both xmonad and Gnome installed and tend to switch between them quite often. Normally, I need to log out and log back in which is starting to become annoying because I need to open any running applications again.I have tried using "Switch User", but it doesn't work. I go to the switching screen when I am logged into Gnome and log in again after selecting Xmonad, but it brings me back to my Gnome session.

So is there any way to log in as the same user with two different desktop environments at the same time?

View 1 Replies View Related

Ubuntu :: USB Devices Not Mounting When Switching Users / Logging On With Different User

Feb 28, 2010

I have an external USB drive that is NTFS. It mounts fine under my account and my wife's, but only if I fully shut-down the computer between switching. While switching users or logging out then in with a different account it will not mount the drive. I am not sure what to do... but we both access data from the same drive.

View 2 Replies View Related

Security :: System Logging And Auditing?

Oct 19, 2010

As part of server hardening process i would like to know the Best way of System Logging and Auditing.Following pointould be taken into consideration.Logging of critical eventsLogging access to critical accountsSecure storage and availability of logsReview of logsSecurity of logs

View 2 Replies View Related

Security :: Logging/Blocking LAN Traffic?

Apr 26, 2010

Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)

I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.

View 7 Replies View Related

Ubuntu Security :: Disable Root From Logging In Via GDM?

Mar 11, 2010

I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10

View 9 Replies View Related

Ubuntu Security :: Logging Into The Secure Website?

Oct 8, 2010

A friend of mine has a private forum setup so he and I can communicate back and forth so we don't have to send emails. The link is a "https://" so I'm assuming it's secure. I'm a newbie to ubuntu and I have already switch 3 of my computers at home to ubuntu.

I'm using Ubuntu 10.04 and google chrome as my browser. When I log into his forum it pops up with a screen saying "The site's security certificate is not trusted" and I always click proceed anyways. I'm not worried about this because I'm 110% sure that it's his website that I'm trying to access. My question/problem is it also pops up with a little box telling me to enter my Username and Password every time. When I was using WindowsXP, I had to enter this info once and then I wouldn't have to enter it again.

View 4 Replies View Related

Security :: Console Users Logging In Without Passwords?

Jul 19, 2010

Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.

I did:
passwd joeuser

To change his password and still he goes right in without being asked for a password!

Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.

View 14 Replies View Related

Security :: Iptables - Logging All Protocols - Not Just Tcp - Udp - Icmp

Jun 21, 2010

Brief overview of my current setup:

Code:

The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.

I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.

How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?

View 5 Replies View Related

Security :: SIEM - Logging - Correlating - Monitoring

Sep 30, 2010

I'm going to start monitoring our Linux servers with a log management/correlation tool to take a proactive approach to the security of our systems.

Right now I'm going to search for log events that include the following:

Any other commands or logs that would be good to correlate or be alerted on when a potential breach or suspicous activity is happening on the box? Logging cleared, permission changes on accounts or particular files or directories? What would you want to see while monioring your servers?

View 3 Replies View Related

Security :: Logging Connection Bytes For Iptables?

Mar 28, 2011

I am wondering if it's possible to log the number of bytes a connection transfered when the connection is complete with iptables. I know I've seen this sort of information in Cisco FWSM logs, where the "Teardown" entry of the logs has the bytes transferred for that connection. Is it possible to have something similar to that with iptables? Where the initial connection attempt is logged (i.e. NEW, which I have logging fine) AND an entry for that connection that includes the bytes transferred?

View 6 Replies View Related

Security :: Logging DROPPED And INVALID Packets

Oct 18, 2010

I am trying to figure out what command to use to show the number of DROPPED and INVALID packets that the firewall is handling.I'm going to put these commands into a log analyzer script which will run every 15 minutes with cron. The firewall is running and operating the way I want it to. I'm running CentOS 5.4.

View 2 Replies View Related

Security :: Logging In As Root Over Rsync/ssh For Backups?

Sep 30, 2010

I need to login as root, or at least get root privileges, in a cron triggered backup run. The straight way to do this would be the backup server making an ssh connection to the server to be backed up (this way because I want to avoid many servers being backed up in parallel and the backup server itself would be managing this diversity), via the rsync command which would be performing the backup's synchronization step.

I'm looking for alternatives to this in some form. I'd like to disallow direct root login to my ssh port (not 22One idea I have is to have the backup server initiate an ssh login as a non-root user, to either the actual source server, or to a server that can reach the source server ... and set up port forwarding. Over the forwarded port, then initiate the rsync that logs in as root via another port that allows direct root, but cannot be reached from the internet at all (because the border firewall doesn't include this port as allowed in).FYI, these logins will be using ssh keys, not passwords. I do need to keep ownership metadata for files being backed up, so this is why I am using root. Also, rsync is needed to get the incremental updates to keep bandwidth usage lower (otherwise I could just transfer a tarball each day).Anyone have any other ideas or comments, for security issues, based on experience doing things like this (backups, routine data replication, etc)?

View 5 Replies View Related

Fedora Security :: Disable Logging In As Root In Console?

Feb 22, 2010

I wanted to disable root logins in console, so I searched for that. I found that if I change root's bash to "/sbin/nologin" in "/etc/passwd", root user will not be able to login. So I did that. But when I wanted to use sudo command, it didn't show me root bash, but it only do the same thing as logging in as root in single user mode (shows message that this account is disabled). So, how I can disable root logins, but keep enabled sudo command for standard users?

View 6 Replies View Related

Ubuntu Security :: AppArmor Enforce Program Without Logging?

Apr 19, 2011

I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.

Is there a way to let it enforce restrictions but not log denials?

View 9 Replies View Related

Ubuntu Security :: UFW Stopped Logging Blocked Packets / Solution For This?

Mar 17, 2010

On April 10, 2010, I upgraded some packages on my Ubuntu 9.04 server. This included an upgrade to "ufw 0.27-0ubuntu2". I rebooted the server, and all appeared to be fine.

Now I've noticed that UFW is not logging blocked packets since that reboot. It used to do this. It is still logging the allowed packets that I've configured it to log.

Here's what a "ufw status verbose" says code...

View 2 Replies View Related

Ubuntu Security :: Snort Init Errors Mysql Logging?

Feb 23, 2011

I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below

[Code]...

View 2 Replies View Related

Fedora Security :: Logging Dropped Packets With System-config-firewall?

Sep 1, 2009

I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".

View 6 Replies View Related

Security :: Su - Incorrect Password - When Logging As Wheel User And Trying To Access Root

Dec 18, 2010

I have tried to not allow root access and have created a wheel user.

Now I can not logged in as root.

Its okay but when am logging as wheel user and trying to access root then it says:

Code:

View 14 Replies View Related

Ubuntu :: Denying File Access In Windows?

May 3, 2010

use dual boot with win 7 and ubuntu 10.04, i installed Win7 first on one partition, and afterwards Ubuntu 10.04 on a second partition on the same drive. Now when i try to delete some files in windows like old games that where on a other harddrive it sais "You require permission from S-1-5-21-293015479-4145159318-3171105019-500 to make changes to this folder"How do i resolve the problem that ubuntu takes ownership over some folder/files

View 3 Replies View Related

General :: Denying Login Based On Time

May 1, 2010

i want to deny certain users based on time to login to my machine i am using CentOs 5.0 any sugestions?

View 2 Replies View Related

General :: Firestarter Denying Connections On Ports 80 & 443 Despite Settings

Apr 19, 2011

My firestarter is denying connections on ports 80 and 443, despite the fact that I have set rules to allow both the services, and indeed any connection from my gateway (the source of the connections).

Can someone please advise why this might be?I can surf the 'net fine, unfortunately I cannot load facebook, gmail, or another couple of sites that require logins, and I assume this is due to HTTPS not communicating properly.(On the off chance anyone can answer these real quick, I'm also trying to solve my resolution resetting every time I restart, and one of the icons in my KDE panel turning into a widget from an icon every time I restart. Still working on these, but just if anyone knows already).

View 1 Replies View Related

Ubuntu :: Firewall Enabled - Difference Between Rejecting / Denying Traffic?

Apr 3, 2011

I have installed the graphic user interface for IPtables and enabled this firewall. However, I find it a bit strange. What is the difference between rejecting and denying the traffic? If I want to configure IPtables as two-way, how can I define which of my apps can connect to the internet and which can't? If this firewall is enabled, does it really run in the background, protecting the user,or does it run only when its GUI is opened?

View 9 Replies View Related

Networking :: VSFTPD 2.2.2 On Ubuntu Lucid Denying Remote Access

Apr 28, 2011

My apologies if this is the wrong board for this thread, but seeing how the issue appears to be related to where I'm connecting from, I thought this would be the place to look.To start off, I've been running VSFTPD on the box for a good year or so now. Until recently, everything seemed to be working fine, but during the past few days I've run into issues with it and have been having trouble pin-pointing the problem. I've gone as far as reinstalling VSFTPD and rechecking every line in the conf file to no avail.The issue presents itself when I try to login to the FTP server remotely. The moment I put my user name in, I get disconnected without any error message, simply connection closed. That isn't the case when I'm connecting locally from the server.If I try to connect remotely using eth0 (internal network), it works fine again... but if I try eth1 (external network)... it fails. I'm thinking it might be related to PAM, but so far have been unable to figure out what I need to change in the configuration there. Additionally, the PAM log file doesn't show any activity if I'm connecting through eth1, but displays it if connecting through eth0.

View 1 Replies View Related

Security :: Secure FTP - Root Privileges After Logging In Form A Macintosh And Could Browse The Root Directory

Apr 12, 2010

I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.

View 1 Replies View Related

Fedora :: Switching To Kdm In 11?

Jul 29, 2009

I want to use KDM, but I cant find where to change default gdm to kdm.

View 2 Replies View Related

Slackware :: Switching From 64-bit To 32 Bit?

Aug 2, 2010

I recently purchased a new laptop for school and installed Slackware64 13.1 I love Slackware, don't get me wrong, in ten years of using Linux, it is by far THE BEST distro I've ever used. However, after about a week's worth of use, I'm doubting the "advantages" of using a 64 bit version. Frequent incompatibilities, library headaches, almost no performance difference, the list goes on. In truth, I have no real need for 64 bit, and 32 bit would probably solve most, if not all, of these little headaches. My question is, what is the best way to switch to 32-bit? Should I just backup, format and re-install using the 32-bit version? Would a simple kernel recompile work? If I re-install using 32-bit, should I format first? I'm personally thinking that I should do a "bare metal install" and cut the Gordian knot instead of trying to untie it. The following is the technical specifications of the computer in question.

Acer Aspire 5538 Notebook

Cpu: AMD Athlon X2 Dual-Core @ 1.2 Ghz
RAM: 4GB DDR2
HDD: 320GB/298 GiB

ATI Radeon 3200HD Graphics
ATI RS780 Azalia Sound card
Atheros 928x 802.11 b/g wi-fi

I'm aware that some of this hardware is slightly exotic, but I've had no trouble getting any of it working on Slackware64 13.1 and I don't anticipate any problems with it when I switch to 32-bit, but I have been wrong before.

View 6 Replies View Related

Debian :: Switching To Another Distro?

May 9, 2010

I am considering switching from Ubuntu to another distro.

Is it possible to crossgrade from Ubuntu to Debian rather than reinstalling? Has anyone ever done that before? Are there any instructions for this anywhere?

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved