Suddenly, I'm getting lots of messages in my CentOS 5.6 secure log : -
May 12 13:07:49 CentOS55 webmin[14538]: Successful login as root from 192.168.0.203
May 12 13:10:03 CentOS55 userhelper[14698]: pam_timestamp(system-config-securitylevel:session): updated timestamp file `/var/run/sudo/root/unknown'
[code]....
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I have an ethernet disk (iomega Home Media Network Hard Drive) that runs debian/lenny.Telnetting to it, and issuing "dmesg" sometime i see messages like: desc_count 0xf000, ret 0x96a8, transfer_count 0xf000sometime a single line, sometime a bunch of messages:
desc_count 0xcdb0, ret 0x7c91, transfer_count 0xcdb0
desc_count 0x890f, ret 0x7c92, transfer_count 0x890f
desc_count 0x86d52, ret 0x7c9c, transfer_count 0x10000
[code]....
More than 7 G bytes were logged to the messages file last three weeks I got this message in /var/log/messages I want to stop this messaging cause it takes to much space
Quote:
Apr 30 20:25:18 TEST-NODE kernel: IPT: IN_NOMATCH IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:a4:a7:3d:a2:08:00 SRC=172.26.16.27 DST=172.26.16.255 LEN=104 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=10100 DPT=10100 LEN=84
[code]...
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies View RelatedI've lately been getting some strange nfs mount requests for non existant users' home directories on a F14 machine to my file server (CentOS).The message log on the file server shows the following
May 23 03:10:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
May 24 03:21:13 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
May 25 03:26:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
[code]....
looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies View RelatedI was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
How to Centos 5.5 very secure for mail server. how to its performance very fast.
View 2 Replies View Relatedperform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
Recently I've been finding two strange-looking files on my Windows shared folders! Their names are 'khy' and 'qffhtx.exe', they appear as hidden, and they're hard to delete!! especially the first one because it has no extension. I use Ubuntu 10.10, but I am worried because I also dual-boot Windows XP. Today I tried to open the .exe file in nautilus to see what is inside and I received the message "Unable to open archive", 'khy' is apparently an empty text file. Then I unmounted my /home partition so my files are out of the way, and I ran the .exe file using WINE,
Now I have a strange-looking applet on my top panel!! and it says "Script paused", also it says "Exit', and also Wine command prompt says something strange about "LockWindowUpdate", don't imagine it I'll post the screenshots so you can see it for yourselves. Also --and this is weird-- the virus apparently is trying to call a Windows process named csrcs.exe!! Again, I'll post the screenshots.
If this is a virus, then it's like a fish out of the water on my Ubuntu, it's probably trying to do something but it can't find its way around, it's kinda funny, but Im worried because I also dual-boot Windows XP, I'm having a hard time trying to remember the name KHY, it's a very weird acronym, it's the acronym of a disease, according to what I googled, i'm sure it's a virus!!! Anyway it's HARD to remember!!!
what can I do about this? How can I see the "script"? can Ubuntu kick its ***?how can I clean my Windows?
how to secure opensue? Or point me to some good articles etc?
View 9 Replies View RelatedI set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
A) Pc-bsd
B) Ubuntu
And also which OS is more reliable?
How can i secure grub 2.0 ? with grub 1 just do : grub-md5-crypt then we write password --md5 <crypted_password> in /boot/grub/menu.lst
View 9 Replies View RelatedIs it possible at all to secure transmission?
View 9 Replies View RelatedNewbie here,
I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
If so, How?
Is there any way to secure harddisk accessbility ? i want encrypt my hard disk, and partitions that ubuntu installed on that. is there a way ? i want deny all access to hard disk, just my own root account can have access to all.
View 9 Replies View RelatedOk im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View RelatedI want to set up a website that hosts very confidential business information. The info needs to be accessed by multiple people in different geographical regions. The entire website would require the high security (ie: there are no little sections that are publicly viewable). While the site will be run with Ubuntu server, I will be hosting it in Amazon's EC2 cloud.
So, if I use the HTTPS protocol with an SSL certificate, am I pretty well reaching the most secure possible situation? Are there any concerns with using the EC2 solution? Obviously there are a LOT of variables involved with maintaining website security, but I want to know if HTTPS is the current best bet (in addition to all the "best practices" of securing a site) or if there is a more robust way of securing content.
what is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
View 3 Replies View RelatedAre the default firewall settings of F10 without any modification, sufficiently secure for general usage and to bridge the timeframe between a fresh installation of F10 and the time before the security updates are applied?imilar to how Windows firewall is set without any configuration, or do I need manually configure it to be somewhat secure, or something like Firestarter.
View 14 Replies View RelatedHow to secure the Home folder. I forgot what the script was?
Something like chmod 0700 $HOME. Is that right? I'm just not sure.
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies View RelatedI seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies View RelatedI always hear 'do NOT install anything from anywhere except the official repositories'. But I find a lot of great apps that are not included in repositories and would like to ask. How actually secure launchpad is? Are the codes reviewed by anyone? How do I make sure that a piece of software is not going to harm my Ubuntu? If I add a PPA for some program I won't going to check it's code every time it updates or am I being too cautious?
View 9 Replies View RelatedIs there a way to securely empty the trash bin without the need to type some shred command into consoles. My intentions is to be able to securely delete files when the 'Empty Trash' is used so to save the trouble of going to a console and doing some commands using shred.
View 5 Replies View Related