I'm looking for a script that can look for illegal scripts/services that are being run on OpenVZ VPS from the host node. Things like IRC, EggDrop, Brute Force scripts and such.
View 7 Repliesinternal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com
(20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received.
(20:27:14) oscar: unable to connect to FLAP server of type 0x0002
(20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
I'm trying to avoid having to migrate my machine to Fedora: it's either learn to clone some existing Puppet manifests from Fedora to Ubuntu, or move back to Fedora. I'm running into several problems, including parsing errors for rules that work for Fedora and fail for Ubuntu, presumably because the version of libaugeas-ruby is older for Ubuntu (0.3.0) than Fedora (0.4.0). For Ubuntu, these rules fail with "Could not evaluate: Could not retrieve information from source(s)". Another one is a failure of augeas to use the 'ins' command to insert a rule into krb5.conf. I can't think of any good reason for these other than the older versions of the libraries render Puppet unable to parse properly.
At any rate, I was wondering whether anyone has had experience and success controlling security services in Ubuntu (Natty), such as krb5, pam, screensaver locking, etc. I should be able to hack my way through these, but I keep hitting walls like the evaluation error above.
I was wondering if there is any way in Linux in general and Fedora 13 in particular to configure system so that any service that needs access to internet will have to ask for password/permission to do so. So that I can
View 3 Replies View RelatedI have been trying to get my Samba 3.x NAS to connect to my Windows XP laptop. I can see the server though I cannot open it and see the shares. I have run various tests on the network and Samba (ping, smbclient) though still cannot find why I can't connect.
I can access the NAS via webmin, so I am thinking I need the security or the services settings on the XP machine. Is there a list somewhere of the Windows XP services and security settings required to share files?
I'd like to run a Tor relay, but am trying to understand the security implications. For some time I've run my torrent client in a VirtualBox virtual machine, which is run as a very non-prived user, bridges directly to The Internets, and writes to one directory on the host. My belief is this is about as secure as it can be, but am open to suggestion.If I run a relay in the VM it wouldn't be associated with my use of Tor as a client, which is fine since there is no technical need for them to be connected and it's desirable for security.I read that chroot jails can be broken, particularly when run as root, so I don't really trust that. Also studied a vserver, but it must share the network setup which doesn't strike me as isolated enough.
View 14 Replies View RelatedI'm having problems with hackers from across the globe trying to get into our servers. Why? i have no clue. nothing of value in my servers worth getting.
Right now my service only does business with USA. So I'm trying to find a way to block all Non USA traffic. I called my hosting provider and they are unable to help. Said it was up to me to do this.
Well I've already taken care of the TCP Wrappers. by spawning a small C program i made that uses MaxMind's GeoIP system. to automatically deny access. Now i need to do something about all the other network connections that come in to services that do not use the TCP wrappers.
So i was wondering if IPTABLES have a way to spawn a sub proccess like TCP wrappers or if there was any other firewall software out there for linux that would let me achieve my goal.
I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
View 9 Replies View RelatedI've been looking for an aptitude command to search for security updates. This information is being shown when running the screen. So far I reached to this command: aptitude search '~S ~VCANDIDATE ~Asecurity ~U' It looks like producing the correct results, but I still don't quite understand the how the filter (~S) command works.
View 3 Replies View RelatedSo I want to get mount/umount option under right click services menu. I went to Dolphin -> Settings -> Configure Dolphin -> Services -> Download New Services and from there I installed KDE CDEmu Emulator and MountISO. But neither of them is showing up in actual context menu. Neither in Dolphin -> Settings -> Configure Dolphin -> Services for that matter. I tried to install them as normal user and as a root. I went to have a peak in /usr/share/kde4/services/ServiceMenus/ but they aren't there as well... It's just me or lots of things seems to be not quite working in 11.3?
View 9 Replies View RelatedWhen I google this I get a million results, most of which are either too in-depth to be practical or advertisements for one solution or another. Is there a general guideline for hardening a linux (kubuntu) system? A set of steps say, to close all ports and disable all listening services like you would do to a windows machine? I can hardly believe that there are NO vulnerable points of attack on a default kubuntu 10.10 install. I don't know very much right now so I'm looking for something to fill in the gaps and translate my knowledge of windows (in)security into a holistic view of how the penguin operates.
View 5 Replies View RelatedHow can Vsftpd services & Xinetd.d services can be differentiated?
View 5 Replies View Relatedmy question is quite simple and at the same time should even sound weird for people that is used to use raids... but here we go! I have got 2 hard disks that do match in space. I'd like to use mdadm to create a raid 1, the mirror one. Since I don't want to format / erase / delete what's in my primary hard disk (/dev/sda, 3 partitions), how can I replicate its content into /dev/sdb and mirror it with the raid tool? Does something like this work?
- install madam
- fdisk /dev/sdb and replicate sda's partitions (using as filesystem "fd");
- sudo mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdb1
- sudo mdadm --create --verbose /dev/md1 --level=mirror --raid-devices=2 /dev/sda2 /dev/sdb2
sudo mdadm --create --verbose /dev/md2 --level=mirror --raid-devices=2 /dev/sda3 /dev/sdb3
Do you have any page to point, with the right documentation to achieve a replication of the hard disk without a format of the source disk?
I have totally exhausted my search to find IPBlock. I use it on my other Ubuntu machines but for some strange reason I cannot find it anywhere for my Ubuntu 10.10 Maverick. I know where the iplist is but not the actual file IPBlock download
View 2 Replies View RelatedI've been backing up a lot of my computer data for 2 years now and it has added up to a terabyte, so I went to bestbuy and bought a 1.5 terabyte external hard drive. I went home and I moved all my data on to it.Now it is starting to fail! As soon as I heard clicking noises I copied all the files over back to my original hard drive.
I had alot of personal information on the 1.5 TB hard drive that is failing(it is still working though), and incase when I try to take it back and they restore it, I do not want them looking through my stuff. I have tried the shred command but thats going to take forever just to overwrite one terabyte once.Will a format remove all my personal files from recovery? What are some other things I could try?
What I want to do is force my DVD burner to use full writing power on the entire surface of a DVD. This should be able to invisibly damage the contained data, and should work on CDs, DVDs and BRDs too (in theory). I don't want to write data over it, so it's not a matter of having a RW disc or a R one. The result I want to obtain is simply an unreadable disc that does not look damaged. Do you know if there's a program able to ignore a disc being already full and perform this task?
View 2 Replies View RelatedIf I partition and install Ubuntu on part of my pc's hardrive, would the digital image factory-settings restore feature still be available? If so, and if used, would a factory restore use 100% of the hardrive and erase the Ubuntu install?
View 3 Replies View RelatedI'm looking to partition HD to place Ubuntu 11, and not destroy Windows Vista, here's what I see, Allocate drive space,
/dev/sda
/dev/sda1 ntfs 310641 MB unknown
/dev/sda2 ntfs 9428 MB 8346 MB
below that,
Device for boot loader installation
/dev/sda ATA ST3320820AS (320.1GB)
what to do next? *UPDATE: I think my HD is bad, I went ahead with the full install and get; Error: Input/output error during read on/dev/sda. The reason I started this was problems with HD and Vista OS, but after running Ubuntu live CD and being able to see the HD contents which showed Main partition with a boot exclamation and the recovery partition I thought it might be OK still.
I installed fandora 14.I modified "/etc/inittab" for change "text mode".
id:5:initdefault:
to
id:3:initdefault:
And I want to disappear the booting logo splash. Beacuse I want to see kernel messages at the linux booting.
I can see this phenomenon on 2 different systems running 11.3 .In simple mode and also in expert mode.
View 9 Replies View RelatedI'm having issue with raid6. I already created a thread in the "Linux -General" forum, but it seems, there is no right audience
[URL]
I dont want to wipe the whole drive, and i don't want to delete only particular files. I want to completely destroy all data in free space.I've found some articles about secure-delete package for linux that would allow erasing freespace with the command 'sfill,' but I can't find it in the repositories nor through google. This would be ideal but it seems maybe it's debian only.
View 2 Replies View Relatedi guess this is an installation issue as i am newish to Linux and got a F14 laptop from a used/refurb store... Anyway it seem i have difficulty with getting GTK running or maybe it is WGET...?
i did manage to install apt-get and was able to run synaptics ... but now whenever i try to run synaptics it flashes the interface and crashes. i tried apt-get search wget and it says invalid operation search. i tried apt cache wget and get a crash box in the upper right corner... i tried apt-get gtk+extra-2.1.2-4.fc14 and it says invalid operation gtk...
All of which is frustrating my attempts to get the GTK interface to J working. Their script uses WGET which i also cannot get.
I just upgraded Fedora 10 to Fedora 11. When I rebooted I just had a flashing cursor. So I typed Ctrl-Alt-F2 to open a console window on booting. That worked fine. I was going to edit xorg.conf because I suspected the problem was related to haveing installed the latest Linux NVIDIA drivers (and custom kernal) in Fedora 10 before upgrading to Fedora 11. But, I decided to edit the run level in /etc/inittab first. Unfortunately, I fat fingered run level 3 to runlevel 333. No when booting I get hung up with the error "telinit: illegal run level 333". When I try to use Ctrl-Alt-F2 to open a console window on booting now it doesn't work. How to get into a console window with this error?
View 1 Replies View RelatedI've been trying to install the latest updates on my Ubuntu 10.10 system but keep getting the same error in Update Manager and the terminal:
Code:
dpkg: file triggers record mentions illegal package name I've tried running sudo dpkg --configure -a and sudo apt-get upgrade -f after running sudo apt-get update but to no avail.
After searching the forum and google I haven't been able to find this issue or a solution to a similar issue that works for my problem.
I have a SUSE mail server where I have user names like john.doe. And so the email address looks like [URL]..Now I move the server to slackware and I cannot create such users, it shows the error (I use adduser command): User 'john.doe' contains illegal characters (period/dot); please choose another What can be the best (simplest) solution to preserve my email addresses as they are. I also would like to preserve the user-names used for email authentication, because there are lot of mail user clients already using those logins. What is the point in that the dot is illegal in user names? I guess that there is a good reason to this but I would like to know what it is.
View 3 Replies View RelatedI just downloaded Play On Linux to my computer. I saw that I could install Microsoft Office 2007, and wondered ho that was legal, so I clicked on it. An install wizard came up and said, we are not in charge for anything that happens.
View 3 Replies View Relatedmy firefox has been crashing since yesterday and when i tried to run yum update it gives me error: illegal instruction (core dumped)
View 7 Replies View RelatedTomorrow I decided to dedicate 100% of my disk to opensuse! So I backed up the files from the remaining windows partition, deleted them and expanded the /home partition. Well, I ran into some problems during first boot. I referred to an article at the wiki and fixed it. Although I did some small fixing manually at the fstab file. The system booted! But I can't browse anywhere outside the local network! At this forum I found some info regarding the dmesg |tail command. Here is my output:
biduzido@biduNote:~> dmesg |tail
[ 1256.061852] sr 1:0:0:0: [sr0] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1256.061865] sr 1:0:0:0: [sr0] Sense Key : Illegal Request [current]
[ 1256.061873] sr 1:0:0:0: [sr0] Add. Sense: Logical block address out of range
[ 1256.061882] end_request: I/O error, dev sr0, sector 0
[ 1256.061890] Buffer I/O error on device sr0, logical block 0
[ 1256.062662] sr 1:0:0:0: [sr0] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1256.062672] sr 1:0:0:0: [sr0] Sense Key : Illegal Request [current]
[ 1256.062682] sr 1:0:0:0: [sr0] Add. Sense: Logical block address out of range
[ 1256.062690] end_request: I/O error, dev sr0, sector 0
[ 1256.062697] Buffer I/O error on device sr0, logical block 0