i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it. it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond here is my system-auth file on the affected server:
I'm looking for a script that can look for illegal scripts/services that are being run on OpenVZ VPS from the host node. Things like IRC, EggDrop, Brute Force scripts and such.
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com (20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received. (20:27:14) oscar: unable to connect to FLAP server of type 0x0002 (20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
In my system around 73gb(pc-desktop) i have,1 primary partition(windows)-25gb, 1-extended partition(remaining gb) 3 logical partitions were there in (under) extended partition in one of the logical partition is d:drive. in my hard disk d: drive is -/dev/sda5
previosly i was fat -file system , (d:drive-/dev/sda5), i remember i changed the d: drive(d:drive-/dev/sda5) file system to ext4file system ,with following command using terminal
After doing(changing the file system)this one ,i couldnt see the d:drive data
By doing that
1q) Did i reformatted the partition? i think the new filesystem(ext4) has no knowledge of the data that was on it when it had a FAT filesystem.
2q) How to do undo operation,i tried to change the filesystem type to fat/ntfs in terminal using command --sudo mkfs -t FAT /dev/sda5.
Result:its showing text message-'mkfs.FAT: No such file or directory'(not in single quote)
I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code: CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0) CRON[2971]: pam_unix(cron:session): session closed for user root
I'm hoping someone can help me out.I made configurations changes to/etc/pam.d/system-auth and /etc/pam.d/login. When these files are configured the way they are, I can't login and/or I can't login in the GUI interface and a terminal. Contents of /etc/pam.d/login
To hide the user input to be displayed on screen, use the terminal line setting command stty -echo, whatever the user enters after this command will not be displayed in the screen. to make the input characters get displayed on the screen use stty echo.
I've configured squid proxy server in a P4 desktop. I've 50 users in my network. I installed RHEL 4.4 (2.6.9-42 kernel) and the iptables version is 1.2.11-3.1. I've 2 NICs installed in the system. eth0 (192.168.100.99) for local lan and eth1 (192.168.1.2) for outgoing to internet. I've connected DSL broadband modem to eth1 (default ip of DSL modem is 192.168.1.1). All the clients except few has been forced to go through squid by user authentication to access internet. Those clients which were kept away from proxy are 192.168.100.253, 192.168.100.97, 192.168.100.95 and 192.168.100.165. Everything works fine but from last week I observed that one of some notorious user use the direct IPs (192.168.100.97 or 192.168.100.95) in the absense of the owner of these IPs to gain access to internet as we applied download/upload restrictions in squid.
I want to filter the packets of source hosts using MAC address in PREROUTING chain. I read somewhere that IPT_MAC module must be installed to make this happen. So that those notorious users can not change their ips to gain direct access to internet.
Below are the contents of my iptables file (I've ommited few entries for safty purpose).
# Generated by iptables-save v1.2.11 on Wed Nov 25 16:35:57 2009 *filter :INPUT ACCEPT [14274:3846787] :FORWARD ACCEPT [4460:1241297] :OUTPUT ACCEPT [16825:4872475] code....
I am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
Module xselinux appeared in new versions of XServer theoretically allows to use SELinux in order to improve security. First of all I'm interested in examples of the use of this module (configuration files and what functions it perform). Also interesting to know whether some user's actions with XServer can be restricted via xselinux module (e.g. screenshot prohibition).
I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code: iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT And these are the kernel modules related to iptables Code: Module Size Used by xt_limit 1382 0
I will try to keep this straight-forward. Yesterday I was able to access an ubuntu 10.10 (edubuntu) desktop using the tightVNC viewer that I installed on my Vista laptop. I never set anything up on the desktop it just worked and I didn't question it.
Today I get the following error on the viewer software: "Server did not offer supported security type" The only thing that has changed was that I installed a bunch of updates yesterday afternoon, but I am not sure what changed.
Whenever i copy ELF or BIN files from the filesystem of linux i must get permission denied. For this case i have gone through the linux security module but didn't get much help regarding the permission denied only in case of copy of ELF and BIN files from filesystem. how can i proceed in this. WORK DONE:
1. Downloaded linux-2.6.25.14
WORK NEEDS TO BE DONE:
1. compile the kernel with some modifications in linux security module to get the desired results but this time i am unaware of that.
My goal is this: Allow a user to connect to a server via SSH with any login name or password without checking to see if that account exists on that server. Their account would be captured by a universal account say, 'generic_user', and then they would be directed to one of my python scripts with the username and password they supplied for initial login. At this point my script would capture their SSHD process ID and allow/deny their existence based upon a MySQL/Subscription check.
The part I'm having trouble with is with PAM and allowing the user to login with any credentials and be successfully authenticated under the generic account. Beyond that, everything is great.
Trying to install the Suhosin module with the php 5.2.9 c5-testing repo...it won't run with the php 5.2.9 testing build (there isn't an updated suhosin package against the 5.2.9 build)
PHP Warning: PHP Startup: suhosin: Unable to initialize module Module compiled with module API=20050922, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=0
What's the best way to handle this from an admin best practices standpoint? I want to do everything possible to keep the suhosin module tracked by yum for future updating etc. Is it best to try to find a suhosin rpm that is built for 5.2.9 and install it with yum localinstall? If not, if I build the module myself, what's the best path to keeping yum/rpm in the loop on this install for future updating via yum?
