Security :: Unknown IP Addresses In Samba Logs?

Feb 1, 2011

I have a (headless) Debian (Linux debian 2.6.26-2-486) system running on an old Pentium machine in our home network. I use it as a Samba share, among other things. I recently noticed some Samba log files that I cannot explain the origin of. In /var/log/samba there are a couple of files like this one:/var/log/samba/log.istvan (Note: there is no machine named 'istvan' in my local network)

Code:
[2011/01/04 21:15:34, 1] smbd/service.c:make_connection_snum(1198)
istvan (::ffff:78.92.155.185) connect to service boeken initially as user nobody

[code]...

View 9 Replies


ADVERTISEMENT

Ubuntu Security :: Resolving IP Addresses In Iptables Logs?

Jan 19, 2010

whether iptables logs can be set to automatically resolve IP addresses? I am running the firewall on a network with DDNS/DHCP, and this ability would really help quickly identify hosts with suspect traffic.Failing this, I guess the simplest solution will be to simply set static addresses!

View 1 Replies View Related

Security :: Auditing Samba Logs?

Mar 18, 2011

I have in my hands a bunch of samba logs, about 24 different files and I was wondering if there was a tool that would go through them and organize them into something readable.I had a gander at Sawmill

View 2 Replies View Related

Security :: Unknown Entries In Samba Log

Nov 9, 2010

I have been getting the following in the samba section of the log watch report for the past few days. But don't know what it means.

[Code]....

and more. What does it mean? Does it mean any attempt to hack or is it some kind of status update? If this is not a threat and can be suppressed, how can I do this?

View 2 Replies View Related

Networking :: Monitor Dhcp For Unknown Mac Addresses

Oct 25, 2009

I am using Ubuntu Server and would like to recieve an email once a day listing mac address's that have requested an ip address that are not in my list of known mac address's.

lookup=`grep $mac /root/dhcp.macs`

#This does not work as the first entry mac1 will be okay but mac2 and mac3 will not

#It will try to use mac2 as the file to look in which won't exist

#I need to make it loop through for each line of the variable and add that to the lookup value diff $mac $lookup

#I think this should differentiate known from unknown if i can get a lookup value

View 5 Replies View Related

Fedora Networking :: Unknown Samba Password - Use Samba For File Sharing Like On A Windows Home Network

Jul 17, 2010

I want to use samba for file sharing like on a Windows home network. Actually they are all Linux machines but nfs is too complicated. On my host machine I installed samba and system-config-samba. I created a new share for /home, check marked writable and visible and put access to everybody. For preferences-->server settings--> security the "authentication mode" is set to user, encrypt passwords is no, and guest account is no guest account. Under preferences-->samba users I added myself as a user with the same windows user name as my Linux user name and the same password.

My client is a virtualbox fedora (used for testing purposes but actual clients will be real computers on my home network). I entered the address smb://192.168.1.184. When asked for the user name and password I put my regular user name and password since that was what I set in samba users. However, the password dialog keeps coming up and won't let met into my own computer. If I quit it says something like access is denied. How can I get my home network back? I liked this feature when my home computers ran XP but I switched them to Fedora 12.

View 2 Replies View Related

Fedora Security :: Set Conditions To See Logs Of All Security Intrusions

Jul 19, 2011

I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.

View 5 Replies View Related

Ubuntu Networking :: Cant See Samba Shares After Changing IP Addresses?

Feb 27, 2010

i have a file server running kubuntu and samba, when i plugged it into a different router, the router assigned it a different IP address (as I expected - its using DHCP) - but the old router was supplying 192.168.1.x type IP's and now the new router is suppliing 10.0.0.x type addresses.I now cannt see the samba shares on the file server.the computers can ping each other and they have working connections to the internet

View 1 Replies View Related

Ubuntu Servers :: Windows XP Logs On To Samba PDC Instead Of BDC

Feb 3, 2011

I'm running a set of virtual machines (most in ESXi, one in VirtualBox on my desktop) to try and replicate an existing physical network structure with a Samba domain operating across multiple subnets. The layout is:

(ESXi)
* Router - Ubuntu 8.04, running dnsmasq, bridging my 2 virtual subnets (10.10.4.1/24 & 10.10.5.1/24) and my physical network
* PDC - Ubuntu 8.04, configured as a Samba PDC with PAM configured to use LDAP, SMBLDAP etc. on 10.10.4.11
* LDAP - Ubuntu 8.04, running Zimbra 5 mail server, acting as the LDAP backend for Samba on 10.10.4.12
* BDC - Ubuntu 8.04, configured as a Samba BDC with PAM LDAP etc.
* Client1 - Windows XP, joined to domain on 10.10.5.100
(Virtualbox)
* Client2 - Windows XP, joined to domain on 10.10.5.99

Watching /var/log/daemon.log, /var/log/samba/*, smbstatus -bd0 shows that Client1 successfully logs on to the BDC (10.10.5.2) but Client2 logs on to the PDC (10.10.4.11) instead. Both clients have the same subnet, DNS, WINS settings etc. I've seen the issue happen in our physical setup too but very infrequently and usually when there's been a network interruption between the BDC(s) and the LDAP server.

View 1 Replies View Related

Ubuntu Servers :: Cups Connection Refused In Samba Logs

Feb 4, 2010

I was just checking some of the generated logs from Samba.

Code:

Quote:

I've looked over my smb.conf and it doesn't look like I even have any printer sharing enabled.

Quote:

How PC1 was refused a connection when it looks like I don't have any printers being shared throught Samba?

This is just on a home LAN.

View 1 Replies View Related

Ubuntu Security :: Gpg With Different Mail Addresses?

May 14, 2011

possible to use a gpg key registered on a different email account than the account I have linked to evolution. As is now, I have entered the key id into evolution, but it does not decrypt my mails. It does not even ask for a password.simply opens the message and displays a page of code.

View 2 Replies View Related

Debian Configuration :: File Access Logs - Functionality Like Already Built Into Samba?

Sep 7, 2010

wants some sort of logging capability on the system. to have a log of every change to every file, although that might be a bit unwieldy. perhaps a simpler compromise would be some way of monitoring a few specific folders, and tracking all changes to them, including the user that did so. Particularly important is that it should be possible to work with access through samba, as we want to track what users on the network are creating or changing files. Is there functionality like this already built into debian or samba? is there a useful additional app to gather this information? or am I going to need to be grep'ing log files to present something useable?

View 2 Replies View Related

Ubuntu Security :: What IP Addresses To Be Used For Update Servers

Mar 22, 2010

Does anyone know the ubuntu update servers IP addresses. I am trying to fine tune my firewall rules and was unsure of what ip addresses to use for the update servers. I believe they are us.archive.ubuntu.com and security.ubuntu.com. However, I could be wrong.

View 3 Replies View Related

Security :: IPTABLES Apply Certain Rules To Certain Mac Addresses

Jul 11, 2010

so the firewall rules I am currently using are displayed below.

Code:

# DROP ALL FORWARDED PACKETS
iptables -P FORWARD DROP # DROP ALL PACKETS
# ALLOW DHCP THROUGH THE FIREWALL

[code]....

View 6 Replies View Related

Security :: How To Find USB Logs

Jun 16, 2010

how to find USB enteries/ logs in linux

View 5 Replies View Related

Security :: All The Logs Are Wiped Out ?

Apr 22, 2009

I have connected to my friends machine, for some reason . all the logs are wiped out . ?

CentOS .

There is nothing there? is this a unusual to Linux systems?

View 3 Replies View Related

Ubuntu Security :: Modify The Firewall To Let In Certain Ip Addresses But Lock Others Out?

Jan 12, 2010

how do i modify the ubuntu firewall to let in certain ip addresses but lock others out.

View 6 Replies View Related

Ubuntu Security :: Firewall Can Install Only Let Certain MAC Addresses Through On Certain Port?

Jul 25, 2010

Is there a firewall I can install that will only let certain MAC addresses through on a certain port?

View 2 Replies View Related

Ubuntu Security :: Can't Find The UFW Logs

Mar 18, 2010

I cannot find one single UFW event anywhere. I have researched this and see that others have trouble finding these logs too. I have looked in every /var/log there is and I can't find one event. I have UFW enabled, default deny and logging set to medium from a previous logging low(in hopes this would create more events to be seen). In terminal, UFW is shown as active. I have been using Ubuntu for more than a year now and I recall seeing UFW events with every session in some /var/logs in Ubuntu 9.04 - I'm running 9.10 now. I have also tried looking throughout the system files and have found nothing. Is UFW not working properly or could I just not be experiencing any firewall events(not likely)?

View 9 Replies View Related

Ubuntu Security :: Where Does ZEIGEIST Put Its Logs

Apr 26, 2011

If anyone knows where does ZEIGEIST put its logs. Is it in my home folder, or is it somewhere else. I have my home folder enrypted and this is really not very secure if someone can see those logs...So. Does ZEITGEIST put logs in my HOME folder or not?

View 7 Replies View Related

Server :: Security Logs With Message ID?

Mar 9, 2011

Iam looking security specific event ID on Linux .hear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for Linux,unix ,Solaries,AIX etc event ID. I would to correlate and implement with Arcsight.

View 2 Replies View Related

Server :: Samba On Redhat 9.0 Shows An Unknown IP Address?

Jun 30, 2010

I am running RedHat 9.0 on a VMware on Window XP, I have bridged the network card eth0 such that
I can ping the host machine 192.168.45.67 and the Windows XP machines on my LAN.

I managed to set up the samba server on this Redhat 9.0, And I can see the netbios name on my WindowXP: Rhl machines. Now I want to reach the Windows machines vi sambaclient but I get an Ip address that is not on my network -192.168.24.1.I did not set this IP address.

This is the message I get when I run smbclient so that I can reach windows machine when I am on Redhat:

# smbclient //machine name/name of user on windows machine
added interface ip=192.168.45.90 bcast=192.168.45.255 nmask=255.255.255.0
Got a positive name query response from 192.168.45.21 (192.168.24.1 192.168.249.1 192.168.45.21
error connecting to 192.168.24.1:139 (Network unreachable)
Error connecting to 192.168.24.1 (Network is unreachable)
Connection to machine name failed
#

My question is Where does 192.168.24.1 IP address come from. Where must I look in order to remove it ( in Linux or Windowx Xp.

View 2 Replies View Related

Security :: Finding & Parsing LDAP Logs?

Mar 24, 2010

Please let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them

View 3 Replies View Related

Security :: Guarddog Iptables - Reading Logs ?

Aug 15, 2010

What the following means?

Code:

Does this mean that connections from those IP's have been blocked or what?

View 3 Replies View Related

Security :: Syslog - Missing Entries To Logs

May 23, 2011

CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -

Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...

The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.

View 2 Replies View Related

Ubuntu Networking :: Win 7 Gives Unknown Username Or Bad Password With Samba Share

Sep 30, 2010

I'm on Debian Lenny. I've shared a folder on gnome GUI, then went to win 7. I see my machine, SERVDEB01. When I click on it, I get the login popup. The workgroup set in samba is FILE-SHARING, so I login with the following: FILE-SHARINGmyuser password and that's when I get the unknown username or bad password thing.

I had a look to /etc/samba/smb/conf security = user is uncommented the shared folder appears at the end of the config file In despair, I've also created an identical user on win 7 and the linux box. I've been into the security Local Policies of windows 7 set NTLM to LM and NTLM (instead of NTLMv2) Here's my smb.conf in case it's needed.

[Code]....

View 4 Replies View Related

Ubuntu Security :: Tcpdump: Filtering For Packets From A Site With Mulitple Ip Addresses?

Aug 13, 2011

I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?

View 2 Replies View Related

Ubuntu Security :: Internet Logs - Privacy With Firefox

Jan 8, 2010

These files seem to contain browsing history:
~/.mozilla/firefox/xxxxx.default/cookies.sqlite ~/.mozilla/firefox/xxxxx.default/formhistory.sqlite ~/.mozilla/firefox/xxxxx.default/downloads.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite-journal
~/.mozilla/firefox/xxxxx.default/Cache/

Therefore I have cleared these files using an erasing program. I am wondering if there are other locations where such log files are stored for Internet browsing. I have looked in the /var/log directory and cannot see anything - for example doing a grep on http:// after browsing in Firefox does not reveal anything obvious.

View 6 Replies View Related

Ubuntu Security :: Alerts When Apache LOGS Contain Certain Data

Jul 10, 2010

Does anyone know of any software that can monitor the Apache logs for certain phrases or keywords then send an alert when found? For example I know an attempt to hack has been made when I see log entries like this....

/admin/
/admin/phpadmin/
/phpadmin/

But by the time I see it, the attempt has long since failed or succeeded. What I need is a way for my server to alert me WHILE someone is entering these phrases. I realize there may be a "hit" to performance but my server is not that busy anyway (except for hackers).

View 3 Replies View Related

Ubuntu Security :: Sshd Logs And Connection Ports ?

Feb 9, 2011

What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.

I have specified the ssh server to listen on port 5525, and can login without a problem.

When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.

What is happening here and why is the logged connection a different port to the one specified in the config file?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved