Is there anyway to prevent a user from being able to logon at a machine (Terminal and XWindows) but allow that user to logon remotely using SSH? This user is for remote capture of logs only - on a private network (no internet access).
View 1 RepliesI think someone hacked my server and I'm wondering if it's possible to view the possible the past user logons?
View 6 Replies View RelatedOur system is based on RH4 and is using pam_tally and faillog to record failed attempts and to lock users out after 5 attempts. We have a requirement to provide a normal (non-root) user logging onto our system, with information regarding the number of failed logon attempts made on their account before the current successful logon (similar to the functionality provided by HP Protect Tools on Windows). My first idea was to add 'faillog -u $USER' to the bashrc, however by the time the bashrc is run - the user has been successfully authenticated and the faillog has been reset back to zero.
View 5 Replies View RelatedI'm running Ubuntu on a Zotac home theater PC. I wish to connect from another PC prior to login. The reason is that the home theater system has no convenient display. I've succeeded in getting a connection prior to logon from a PC using TightVNC. I've also tried Teamviewer running in Ubuntu without success. I'm now experimenting with X windows, but it seems complicated.
TightVNC is working well ecept that it opens a new session and I'd rather share the same session on Display 0. how best to connect to my Ubuntu home theater PC prior to logon and share the same session.
I have got a RHEL 5.6 server configured to authenticate via a Windows 2008 domain controller via LDAPS.Everything is working fine, except from the following: When I create a new user in Active directory and check the option "user must change password at next logon", the new user cannot logon and gets an "access denied" message. In /var/log/secure, I find the following:
Mar 1 14:43:21 cpssvn10 sshd[5363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.3.12 user=testuser2
Mar 1 14:43:21 cpssvn10 sshd[5363]: pam_ldap: error trying to bind as user "CN=CPSS Testuser 2,OU=IBM,DC=cpss,DC=smarterplatform,DC=com" (Invalid credentials)
Mar 1 14:43:23 cpssvn10 sshd[5363]: Failed password for testuser2 from 192.168.3.12 port 4583 ssh2
As soon as I uncheck the "user must change ..." option, the user can log on without problems. Also password change via the passwd command works.
In fedora 14, the user order on GNOME login screen is completely different from that in fedora 13. Is there any way to order the users by date of creation ASC, not by name ASC?
Also, it is completely random. This time when I started my computer, my account was listed first. When I started this thread, it was listed last. What's happening?
I'm working on a script notifying me after a client changes a log level on a given server. I get the following error after running the script:
LogonUser [
odeunivmo3domaincommon]: unable to get property
LogonPassword [
odeunivmo3domaincommon]: unable to get property
I get the email notification fine, the environment is set to common. I think the problem is somewhere in these lines of code.
SCP_USER=`${cer_exe}/lreg -getp \
ode\\${NODE}\domain\\${loc_env} LogonUser`
SCP_PSWD=`${cer_exe}/lreg -getp \
ode\\${NODE}\domain\\${loc_env} LogonPassword`
how can i restrict a single particular user from logging into the server not more than 5 times?
The conditions may be:
1) wrong password
2) can login only 5 times on one day etc.
I'm running Suse 11.1. MySQL is installed. I downloaded and installed the software for MySQLAdmin and MySQLBrowser, this was one software package so both got installed at the same time. My question is this; When I log into MySQL to use the Admin Tools it doesn't like my root password. So I log in as 'localhost' with the id of 'root' and no password and I get right into the main Admin menu. Why doesn't it accept the root password and how can I change the root login to need to have a password. Will just changing the password in MySQL Admin do the trick?
View 5 Replies View RelatedIf you need to to exclude one or mode user from your gdm login window you must edit "/etc/gdm/gdm.schemas" and add the user you want exclude from the <key> "greeter/Exclude" (near the other user in <default></default>)
When Fedora could have a gdm config again?
Sometimes my user list is empty on start-up. When it happens the buttons beneath the empty list (shutdown, suspend and restart), are not responding. As a work-around I login to the first terminal as root to restart the machine and usually my normal user account appears back on the list. This morning the reboot work-around didn't work any more..
View 4 Replies View Relatedhaving a hard time mapping a drive from a windows xp PC to a Linux Share. I have edited the SMB.conf file to include the share I want to connect to. when I try try map a drive to the Linux share using NET USE M: \192.168.15.5pairing I get the following error:"system error 1326 has occurred.Logon filaure: unknown user name or bad password."I use a username and password that is valid on the Linux server and has access to the Share.
View 2 Replies View Relatedlogon to my RHEL as a user. I am able to logon in as root locally.
View 3 Replies View RelatedWhat is the best way to lauch bash script on user logon and logoff?
View 1 Replies View RelatedI want to use AD sys accounts to logon to linux servers. What is the best and most secure way to do this. This because we want to ensure it is tracable when a server administrator makes changes to a linux server. Now we use root to make changes to the servers.
View 13 Replies View RelatedI've config vsftpd chroot mode follow:
Code:
Code:
All of these audit messages is from one su - and root password at a gnome-terminal.This started happening from some update from koji in the last 18 hrs or so.It take 20-25 sec from su - to get the password prompt.
[Code]...
I am trying to figure out a way to pull the user information from local users on a Linux server. I have approximately 40 servers running SUSE and Ubuntu that are using Microsoft Active Directory in order to authenticate. Our internal auditing group has made us disable root ssh ability, I was doing this with clusterssh, but I can login as me then su on the server to conduct root, admin, work. This is an ongoing request to get the local users and it is a painfully slow process since I have to login to each server to get the /etc/passwd file. Is there another way to get the local user information? They are now asking about seeing the last logon date or if the account is disabled, any thoughts there as well?Most of our auditors think Windows and I am trying to make my life easier but not sure what options I have. I need to get local accounts and if they are active or disabled plus last logon date. I'm sure there will be more but if I can get the basics adding more shouldn't be too difficult but I guess I'll cross that bride when I get there.
View 7 Replies View RelatedI have recently been the victim of identify theft and have coincidentally noticed that my router has been under attack for the past few days. I've been monitoring the log on my router (a D-Link DI-624+A) and suddenly while I was on Skype, my wireless connection was lost. I reconnected and found that the router's log had been erased. It appears from the log that the hacker has so far been unsuccessful. I have already done a 'whois' on several of the IPs this hacker has been using and have notified the respective ISPs.
Is it possible to remotely delete a router log?
Here's an example of my log before and after the delete:
Code:
Wed Nov 10 18:00:24 2010 Unrecognized attempt blocked from 221.136.83.1:40245 to xxx.xxx.xxx.xxx TCP:8080
Wed Nov 10 18:08:24 2010 Unrecognized attempt blocked from 60.173.26.168:6000 to xxx.xxx.xxx.xxx TCP:9415
[Code]....
properly set up ssh to only allow one IP address to login remotely
View 2 Replies View RelatedI have a computer running Fedora 14 and when I installed it, I chose to encrypt the drive.
I've recently changed the way I have things set up and don't want the encryption any more. From what I've read there is no way to simply and easily remove the encryption, so what I would like to do is input the pass phrase remotely.
so, Is there anyway I can type in the pass phrase remotely, or remove the encryption?
What are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies View RelatedI am at my own desktop and I have root access on my own desktop.
I also have root access on a Desktop Ubuntu system (192.168.5.10) on the LAN. I need to create another desktop user account on that 192.168.5.10 system.
So I logged into that system with: ssh -Y myself@192.168.5.10
Then I did: sudo users-admin
This brings up the Users Settings but the Add User and Unlock buttons are disabled. How do I enable these buttons?
i need to find a way to securely authenticate a decryption mechanism of some sort where the authentication is provided remotely without any user-interaction. Right now i have a number of boxes that all inform a central server when they are online. When they do this an OpenVPN connection is set up between them and the server.
However, i have been given the task to ensure that the scripts involved in this process are encrypted by default. This requires some form of self-decryption, which to my mind kind of goes against the whole idea of encryption/authentication in the first place. I need some way to leave decrypted the bare essentials required to boot a box and securely connect to the central server automatically. Then the server would automatically send a key/passphrase and the rest of the files on the box would then be decrypted on the fly.
I have an Ubuntu 10.04 machine at home and apache setup on it (files are located in a Truecrypt volume). The reason for the web server being that I wanted to access my files wherever I'm at (i.e. hotel, work, hotspots, etc...). So far, it's worked out great for me seeing as a I can http download my files (or stream media files). However, I am often on a public hotspot and I know it's a matter of time before someone finds the webserver on my computer. I have the machine firewalled and password protected (via .htaccess), but either way I don't want people looking in on my computer.
The problem: I have used Truecrypt for a long time and completely trust using the program to encrypt/unencrypt a volume container to store my files. Usually, I would remote desktop into my computer and mount/unmount the volume when I needed it. However, after time it get's really annoying to do this. So I eventually figured out how to setup a bash script to automatically do this for me (which I put on the usb part of my phone). What I wanted to do was to be able send the bash script to my Ubuntu machine (via ftp from my phone) and have Ubuntu automatically run the script. Is this possible? What programs do I need on Ubuntu?
I was thinking about using something like cron, but that is for scheduled times. I don't really have a set time in which I need my files, it's pretty sporadic depending on how much I travel. Thus the need for being able to remotely mount the volume when I need it.
Summary: I need a way for Ubuntu to read a folder every minute or so to check for bash scripts to run. I want to be able to send the bash script via ftp from my phone, have Ubuntu run the script, then delete itself (so as to not store the password). I already know the script in which to mount the Truecrypt volume and how to send the file via ftp from my phone. It's really a matter of what program to use in Ubuntu to find and run the script.
Does anyone know or recommend some software or a script to remotely power on a PC from standby to on, or even better from completely off?
I guess the completely OFF to ON is much more complicated - would probably require an extra piece of hardware(?)
I'm not terribly new to Linux, but I am new to the forums, so hear me out! I am in the process of creating an electronic mapwall for our meteorology program, and have designed the computing system from scratch. I have two Linux Boxes, each with capabilities for 6 attached monitors...a total of 12 displays driven from two machines. My intention is to have one machine be the master...it has a touchpanel control. The inputs to the touchpanel will then trigger events for the both the master and the slave machine to display. Each of them has a specific IP address (DNS entry), and are not on a subnet.
Now...is there a way to remotely login to the slave machine and have it display on it's OWN monitors? The code is Java and which works on the master machine to animate directories of .gifs for each of the master's attached monitors. I will most likely have Java execute shell commands for the remote login (ssh), but I believe the answer lies somewhere in the X-configuration. Do I have the machines in an adverse configuration (creation of a subnet would be better)? Lots of questions...lots of desire...few answers!
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies View RelatedI've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
View 6 Replies View RelatedI installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....