Security :: Detect All User Logins?

May 25, 2011

I would like to detect every login on my server. Not only ssh logins (virtual terminals) but also physical logins.There is a way to use nagios or a script to watch log files.But I would like to know is there a way to catch that information one step before.I thought about watching /dev/pts for changes but that is not different than log watching and everything does not appear in /dev/pts like a ssh tunnel (ssh -N user@server). These are only visible in logs because ssh tunnels do not open terminals.But I would like to be able to catch these on login.

View 8 Replies


ADVERTISEMENT

General :: Detect Remote Logins Within Shell Script?

Apr 19, 2011

I've written a shell script that among other things, restarts network services. As such, I'd like to keep those who are remoting in via putty, etc. from executing the script. Is there a way to detect this and restrict running the script (by adding additional coding in the script) that disallows running it from unless you are logged in directly to the machine? It's written in bash.

View 1 Replies View Related

Security :: Lock Out Logins At The Console?

May 12, 2009

Is there a way to lock out logins at the console? I ask this because I can not login at the console but can remotely login to the system via ssh. I'm guessing I blindly implemented a security option and didn't know what I was doing when I did it.

View 2 Replies View Related

Security :: Monitoring Ssh - How To Get IP From Failed Logins

Nov 30, 2010

How do I monitor who is ssh'ing into a box (SLES) as well as failed attempts? How can I log their IP addresses, even if they're not in DNS?/var/log/messages I see their hostname but no IP address

View 13 Replies View Related

Server :: Limit The Number Of Logins For A User To Only One?

May 3, 2011

I ran into a user today that indicated that their company only allows them to log in through a terminal session once (no multiple logins). On second try their login window terminates. They are using putty.Is this being accomplished through PAM or sshd ( or some other method)?

View 1 Replies View Related

Server :: Samba Not Accepting User Logins?

Feb 23, 2011

I have a samba server that I had setup using the default smbpasswd backend, and it worked fine. So long as I remembered to use smbpasswd/passwd to setup a user with a username and password matching the account name of a Windows 7 user, then that windows 7 user would be able to navigate the shares with their permissions correctly.I have switched over to using ldap, and: the console/ssh of the machine can correctly use any of the ldap logins getent passwd/group both show the complete listing my Windows 7 machines can all ping the samba server by its netbios name my Windows 7 machines all prompt for authentication if I type \MACHINENAME into explorerHowever, all attempts to access the shares now continually ask for you to enter your username/password, and then fails anyway.No errors appear to be generated on the server (unless I'm missing a log somewhere). Having hunted around on the web, I'm wondering if it has to do with generation of machine accounts (since it tries to access from MACHINENAMEUSER). Without ldap setup, I didn't need to worry about the machine name, but I'm thinking that maybe smbpasswd took care of this somehow.I use the smbldap-useradd tool to setup a user account, which appears to correctly setup the user in ldap, such as:

Code:
dn: uid=sharer,ou=Users,dc=intbus,dc=net
objectClass: top

[code]...

View 2 Replies View Related

Ubuntu :: Disable Multiple Logins For A Single User?

Apr 5, 2011

I'm trying to disable multiple logins for a single user on Ubuntu 10.10 but I haven't been able to find a way to do this on this version

View 4 Replies View Related

Security :: Setting Up Secure Remote Logins

Jun 17, 2010

I'm trying to secure the CentOS servers on our company network as the current situation is, shall we say, less-than-ideal: remote root logins with the same password across several servers (behind a firewall, on non-standard ports, but still) and several key processes running as root. My proposal to amend this consists of the following:

- setup a bare as possible SSH-gateway with only the normal user accounts to handle remote access
- disable the root login from anywhere else but LOCAL and create special accounts with root permissions for our ~4 system administrators, like admin.foo admin.bar that can only login from inside the company network, using SSH-keys.

So far my biggest obstacle seems to be creating the administrative users, how do I go about and do that? When I simply create a user adminfoo with uid=0 it will show on my shell as root, which makes it useless as a way to make our admins accountable for their actions. BTW, my initial proposal to use sudo unfortunately met with strong resistance, because it compromises usability.

View 7 Replies View Related

Security :: Huge Number Attempted Ssh Logins?

Sep 12, 2010

Lastb often shows me a huge list of attempted ssh logins.Such as this excerpt:

Code:
admin ssh:notty Sat Sep 11 23:47 - 23:47 (00:00) 184-154-37-12.Huge-DNS.COM
root ssh:notty Sat Sep 11 23:47 - 23:47 (00:00) 184-154-37-12.Huge-DNS.COM

[code]....

View 14 Replies View Related

OpenSUSE :: Organize User Logins And Passwords Within A 6 Person Firm?

Nov 22, 2010

How should I organize user logins and passwords within a 6 person firm? We have several desktops, portables, servers and virtual machines. Everyone should be able to log in on each PC. Ldap seems overkill. Would NIS be more suited?How can I integrate other passwords like samba, mysql, vpn, ... Into this strategy?

View 4 Replies View Related

General :: Mapping Sftp/scp As A Drive Letter Without User Logins?

Aug 24, 2011

I'm trying to find a software which could map sftp/scp services to a windows drive letter. I know there are quite a bunch of those available, but i haven't found a single one which could run with SYSTEM or Netservice privileges or have decent command line options so i could elevate the program myself. The mapped drive should be available for other services running on the same server.

Most of the programs (sftp netdrive, expandrive, etc) have only option to startautomatically only when someone logs in. Because of that they are useless to me.Their inability to handle non-interactive starts is a bummer too. FTP->SFTP wrappers don't count as solution despite of integrated windows support for ftp drives. The way they are handled in windows makes ftp mapping unusable without some external ftp drive mapper software.

View 2 Replies View Related

Fedora Security :: Get Pam_tally2 To Block Failed Logins With Ssh?

Aug 1, 2011

I have been trying to get pam_tally2 to block failed logins with ssh. No matter how many failed logins I do I can still log in with the correct password using SSH. Anyone have this working?

Here are the configuration I am using. I have put this in sshd and password-auth-ac.

auth required pam_tally2.so deny=3 file=/var/log/tallylog lock_time=180 unlock_time=1200 magic_root account required pam_tally2.so magic_root In the /var/log/secure I do see messages related pam_tally2 and the counter going up.

View 1 Replies View Related

Security :: Failed Logins Are Logged To Syslog With The Login Id Set To UNKNOWN Or UNSET?

Jun 10, 2011

Failed login attempts are logged to syslog with the user id or login id set to UNKNOWN_USER or UNSET.Anybody know if this is configurable. I would rather it just pass the actual id that the user used. Doesn't matter if it exist or not, just want to know if someone is guessing at user names and what those user names are

View 1 Replies View Related

Ubuntu Security :: Hardened Baseline - Hook The Logins Into Either Enterprise Kerberos Or Active Directory (yuck)

Dec 14, 2010

I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:

1. Create list of deb packages "allowed", write script to list/uninstall everything else.

2. Hook the logins into either enterprise kerberos or Active Directory (yuck).

3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.

4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).

5. Custom-compile the kernel to strip out all the unneeded modules.

Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.

PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.

View 4 Replies View Related

General :: Root Logins Are Not Allowed \ When Try To Login As Root, After Logging Out As User, It Does Not Allow?

Dec 2, 2010

i just installed linux mandriva 2009. i set password for root and created a user account. when i try to login as root, after logging out as user, it does not allow me and gives the error "root logins are not allowed". even it does not show the root account. if i try to go to root from konsole terminal using su root, it allows to enter as a root but when i try to start the GUI with startx it gives error.not sure what to do and why i can't see my account in GUI mode

View 5 Replies View Related

Security :: Detect Nmap With Iptables?

Apr 27, 2011

i have a problem with iptables when i use nmap to scan ports then ports shown.this is my rules on my firewall.Quote:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1002:40080]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT

[Code]...

View 3 Replies View Related

Security :: Changing Home Directory Permission In User Management After User Created In Suse(KDE)?

Feb 2, 2011

created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??

View 4 Replies View Related

Debian :: How To Detect And Install Only Security Updates

Jul 20, 2015

In the past i used OpenSUSE for a few months, in OpenSUSE all updates related to security labeled as "Security Update" like updates related to Firefox, unlike OpenSUSE in the Debian i did can't find a way to detect security updates.

View 5 Replies View Related

Security :: Create A User And Limit User To A Directory?

Apr 15, 2009

I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?

View 6 Replies View Related

Ubuntu Security :: Detect Intrusion In Desktop 9.10 Version?

Mar 12, 2010

How to detect intrusion in my desktop ubunta 9.10 version ? which command that could direct tell me about any change in my files ? I would like the procedures that protect my system from intrusion , i am using firestarter and keep tracing the network by using netsta -tap ?

View 2 Replies View Related

Security :: Detect Whether Firewall Service Is Provided By Server Or By ISP?

Sep 16, 2010

I have two servers behind different networks. First network is protected with firewall provided by the router and there is no firewall in the server:

[Code]....

As you see, there are no difference in nmap output If I check with tcpdump, which packets are sent from 192.168.217.73 and 192.168.13.19(tcpdump -i eth0 src host 192.168.217.73 and tcpdump -i eth0 src host 192.168.13.19 respectively) towards me during nmap scan, there are none. It's understandable, as there should be no reply when port is filtered. Is there somehow possible to detect, whether firewall is active in the server or in the router?

View 5 Replies View Related

Security :: Detect Infected PC In LAN (Sending Packets To Internet)

Jul 17, 2009

In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.

Please take a look on this time. Instead of 141-150ms should be 4-5ms.

64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms

How can I detect which machine is infected using only linux and keyboard ?

View 5 Replies View Related

General :: Detect That An User Has Press The Scan Button On An Epson Scanner?

Dec 28, 2010

It seems that they are not shown under xev ...Someone knows if old scanner, can be detected in terms of button pressing ?[URL]button pressing does not show up into deamon.log

View 1 Replies View Related

Ubuntu Installation :: GRUB Doesn't Detect Kernel After Security Upgrades

Feb 10, 2010

I have just suscribed into this forum. I have a problem: my notebook (NOTEBOOK SATELLITE L300-SP5917A - INTEL CORE 2 DUO T6400 (2.00 GHZ - 2 MB L2 - 800MHZ FSB) - 15.4 WIDESCREEN TRUBRITE TFT LCD - 400 GB SATA 2 .5 5400 RPM - 3GB PC2-6400 DDR2) doesn't boot ubuntu after the last security upgrade. I have wubi installed.I have Windows Vista and Ubuntu in the boot menu. I select "Ubuntu" and that leads me to the GRUB shell. I'm new in linux. It seems that GRUB doesn't detect the kernel. Maybe the file menu.lst has been deleted, or something similar, but I can't make my ubuntu to boot.

View 4 Replies View Related

Ubuntu Security :: Virus Scanner That Will Support To Detect Windows Viruses

Mar 30, 2011

I have been told that some virus scanners for linux (including but not limited to AVG, Antivira, clamAV, others) are available to ubuntu. My question is which of these still CURRENTLY support detection of WINDOWS viruses in addition to linux viruses. I would like to boot the Ubuntu live jump drive I have to scan windows machines and at least detect viruses, dont really need to repair. who knows which virus scanners compatible with ubuntu that will detect windows viruses as well

View 3 Replies View Related

Security :: User Authentication Security Mechanisms

Feb 2, 2011

What security mechanisms are used by recent versions of the Linux operating system during user authentication?

View 3 Replies View Related

Security :: Detect Viruses Inside The .vmdk - VMware - Virtual MAchine Disk Format - Image?

Feb 6, 2011

I have set up a virtual machine under VMware Player 3.1.2 in Debian. Operating system of this virtual machine is a Windows Server 2003. I would like to periodically test this Windows Server 2003 installation for viruses. Obvious solution would be to install an AV software under this Windows Server 2003 installation. However, I was wondering, is this possible to use NOD32 for Linux or clamav in order to test this Windows Server 2003 installation for viruses? Is NOD32 for Linux able to detect viruses inside the .vmdk file?

View 1 Replies View Related

Security :: Hardening Security: Limit "ps" Outputs To Current User Only?

Mar 27, 2010

I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.

View 2 Replies View Related

Security :: Detect File Deletion On An Operating System And Trace The File History Or Activity?

Oct 19, 2010

i am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.

View 2 Replies View Related

Debian Multimedia :: XOrg Auto-detect Failing To Detect Max Screen Resolution

May 29, 2011

I've installed Squeeze 2.6.32-5-amd64 on my laptop (Alienware M17X R3, Intel i7 Sandybridge, ATI Technologies Inc Broadway [ATI Mobility Radeon HD 6800 Series])The screen is 17", with maximum resolution of 1920 x 1080. After a default install of the operating system, the maximum resolution I can select is 1280 x 1024.My research so far has suggested that I need to edit the /etc/X11/xorg.conf file and provide xorg with the necessary resolution.

Again, by default, the xorg.conf file is not created. This leads me to believe that xorg is scanning my hardware at startup and providing me with whatever it thinks is appropriate. I tried following these instructions to generate an xorg.conf file. This process created an xorg.conf file under /root/.

When I copy this xorg.conf file to /etc/X11, I get a blank (i.e. black) screen. Deleting this file restores the default resolution 1280 x 1024.This system is dual booting with Windows 7. Under windows I am able to get a 1920 x 1080 resolution, so I know my hardware is up to it.At this stage I have yet to install the drivers for the Radeon graphics card.What are my options regarding configuring xorg to give me a higher screen resolution?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved