Security :: Non Privileged User Sessions Close Immediately After Login?
Apr 16, 2009
while hardening a red hat enterprise 5 installation I have done something that causes the sessions of all user accounts except root to close immediately after authentication. in the /var/log/secure log file it will show three log entries per attempt:
<date/time><hostname> login: pam_unix(login:session): session opened for user fred by LOGIN(uid=0)
<date/time><hostname> login: LOGIN ON tty1 BY fred
<date/time><hostname> login: pam_unix(login:session): session closed for user fred
Since I did a number of things and have not been able to identify what caused this.
View 2 Replies
ADVERTISEMENT
Aug 15, 2010
I am trying to run su as a non privileged user to log in as root. However, this only works when I make /etc/shadow world readable. I have /lib/security/unix_chkpwd as a setuid root executable
I use the following pam-file for su:
Code:
# Begin /etc/pam.d/su
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session optional pam_mail.so
[Code]...
View 1 Replies
View Related
Apr 13, 2010
How do you open a program, in this instance "Zenmap", from the desktop in a user account when it requires root privileges? Is there a way to be prompted for the password, the same way, for instance, you're prompted when mounting a new file system or making a change to the system? I tried entering 'sudo /usr/bin/zenmap' when creating the shortcut, however that didn't work.
View 3 Replies
View Related
Jul 19, 2011
I have a cd drive and a dvd burner in my computer that have worked fine for years. I run an up to date wheezy box. In the last month or so, the drives both started having a problem where they would immediately close after I open them by using the button on the drives. I am not sure which update caused the problem. If I do manage to shove a disc in before it closes, Nautilus doesn't mount the disk. Does anyone have any ideas on how I can get the drives to work again?
View 14 Replies
View Related
Dec 14, 2010
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
View 9 Replies
View Related
Jan 27, 2010
I just installed Fedora 12 on a laptop. I changed the default shell on the root account to /bin/tcsh and changed the runlevel to 3 and then rebooted. Now I can't login into the root account: it returns me immediately to the login prompt and I can't see any error message (the screen is cleared).Why is this happening?Can I boot into some sort of safe mode so I can undo my changes to the /etc/inittab and /etc/passwd file?I tried booting with a Live CD with the intention of mounting the filesystem and making the changes, but the new filesystem is a LVM and it won't let me mount it (or I don't know how to mount a Logical Volume).
View 3 Replies
View Related
Sep 28, 2010
When I try to login with my username, the one I created when I installed the OS, it seems to try to login but almost immediately kicks back to the login screen. No authentication error it just seems to just logout? The only change I made since last successful login was to add ". .alias" to the .profile file - the only entries in the .alias file are comments and "alias" commands. I have one other username but it is not in the sudo's list of users so I can not change anything in the master login.
View 3 Replies
View Related
Jan 20, 2011
Not sure where to post this, I am runing 10.04 LTS, 64 bit and things have been great, until..... I activated a Ubuntu One account and once I did, my Ubuntu One folder would immediately close upon opening and my downloads folder would immediately close upon opening. I delt with it, no big deal. So I decided that I need to get my crap off the Ubuntu One account so I downloaded them all from the website onto my desktop. Now none of my folders immediately close upon opening and ever couple seconds my desktop flashes and a windows quickly opens and closes stating "starting file manager".
I found a couple of posts the looked like fixes, but nothing has worked. clicked off show_desktop in gconf-editor which stops the "starting file manager", but does not stop the folder from immediately closing. I also found this, [URL]... but I don't know hoe to apply the patch nor if I should. I have tried some other things, but I cant find the threads again to provide. I believe one was the killall Nautilus then apply Linux Essentials, which I don't think even ran at all.
View 1 Replies
View Related
Sep 8, 2009
I have a problem, I have installed Fedora 11. And i need to login as root user.
How to do so?
View 14 Replies
View Related
Jun 29, 2010
How can I set up snort to only log and detect/capture logins using root or any of the "homeusers" login accounts or names?
View 9 Replies
View Related
Mar 9, 2010
I have installed CentOS 5.2. I want to login automatically for an user without authentication.
View 2 Replies
View Related
Feb 25, 2011
I want to disable the remote login for particular user id in linux server.
View 11 Replies
View Related
Sep 15, 2010
My case is that, the LADP user connected could not login via SSH. This user could login in the system console. And all the other users could login within ssh. And I was wondering whether any one could suggest which place to check next. And here is the detail: I was using SUSE 11.3 when I met this error. PAM module is used, and the corresponding files in /etc/pam.d/ have all been updated. Here is what I've added:
Code:
yl-1:/etc/pam.d # fgrep ldap *pc
common-account-pc:account [default=bad success=ok user_unknown=ignore] pam_ldap.so
[code]....
View 5 Replies
View Related
Sep 25, 2009
I am a new Linux user and have a question about the administrative authentication. When I am logged in as a user and I need to do something that requires root privileges the little password window comes up and I enter the root password. My question is how long are the root privileges granted for?I noticed that a few minutes after finishing checking out the firewall configuration tool and closing the window that I was still able to re-enter the fire wall tool and other administrative tools. How do I log out of the root privileges without logging out and then back into my account?
View 2 Replies
View Related
Apr 22, 2010
I recently set up a family computer for a friend, and now his son is "experimenting" with the terminal (randomly entering commands). since he could accidentally do something bad, I am supposed to prevent him from using terminals, but only as hi user. I tried vlock and away, but with vlock it says 'this terminal is not a virtual console', and away can't seem to lock all consoles.
View 9 Replies
View Related
Apr 4, 2011
Second off, I'm trying to capture a user password on login (through gdm) such that I can re-use it for a service like Kerberos or AFS. The idea is that the user has to log in only once, and then I renew the tickets and tokens until they log out again. If there's a better way to do this
View 4 Replies
View Related
Jun 8, 2010
I am trying to disable accounts after 5 unsuccessful login attempts. I am following the guidelines in this article:
[URL]
This is on an Oracle Enterprise 5.4 box, which is essentially RHEL 5.4 Here is what my /etc/pam.d/system-auth looks like:
--------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
[code]....
Unfortunately, the account does not seem to be locked or disabled. As root, runninng 'su test2 -c <some-command>' always sucessfully runs <some-command>, and leaves the failed attempt count at 6. /etc/shadow does not have an * or ! anywhere in the encrypted password for the 'test1' user.
What am I doing wrong? I thought that with the max attempts set to 0 in faillog, that the deny= parameter would be used. I thought I should be using su <user> -c <command> from the root account to test if the disable feature is working.
View 1 Replies
View Related
Aug 26, 2010
I have a problem with my ubuntu account. I am running 4 virtual machines, based on jeos-8.04 and I am using a public key authentication to login to my account (via ssh). This is not the problem, I have the key and the passphrase. But when I am logged in, I can't sudo, because I forgot the password for the accout.
View 6 Replies
View Related
Jan 15, 2011
I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
Code:
aparaho - maxlogins 4
or
Code:
@aparaho - maxlogins 4
Maybe '@' is a group syntax? I'm confused.
What happens after 4 failed loggins? Is it enough to restart system to get another login attempts?
Are there any other values that it is reasonable to limit for safety reasons?
View 4 Replies
View Related
Nov 26, 2009
I get the problem to acess root password when i am in user login, means wahen i am in user login and want to install software from terminal then he asked root password, when i supplied root password but he give me login incorrect.
View 2 Replies
View Related
May 5, 2010
My goal is this: Allow a user to connect to a server via SSH with any login name or password without checking to see if that account exists on that server. Their account would be captured by a universal account say, 'generic_user', and then they would be directed to one of my python scripts with the username and password they supplied for initial login. At this point my script would capture their SSHD process ID and allow/deny their existence based upon a MySQL/Subscription check.
The part I'm having trouble with is with PAM and allowing the user to login with any credentials and be successfully authenticated under the generic account. Beyond that, everything is great.
View 2 Replies
View Related
Apr 23, 2010
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies
View Related
Mar 18, 2010
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
View 5 Replies
View Related
Apr 28, 2011
Is there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?
View 1 Replies
View Related
Mar 16, 2011
I have now been trying to find an answer for the following for a while and can't seem to get anything.On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.s functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords
View 5 Replies
View Related
Jul 1, 2010
I installed openSUSE 11.2 on my Compaq 2170US laptop. When I select it from the grub menu, everything acts normally until the login screen, which freezes immediately (i.e. before I can select my user account or type in my password).I installed from the full openSUSE DVD and chose the GNOME desktop. Before installing, I took openSUSE for a test drive with the GNOME LiveCD and everything seemed to work fine.
View 4 Replies
View Related
Oct 17, 2010
I have Lucid Lynx 10.04 installed on my eee 900ha and I'm unable to log in to my desktop.
Earlier today I logged in successfully and I uninstalled a couple of unused programs (pitivi, evolution, fspot, and another that I can't remember). I then shut down the computer. Later when I booted the computer back up, I was greeted with the usual ubuntu login screen but I noticed that there were no options in the sessions drop-up menu. I entered my login information and pressed enter, and the screen went black, then went back to the login screen again.
I'm using gnome.
View 1 Replies
View Related
Jun 12, 2010
Yesterday, after I logged out of Ubuntu (Lucid Lynx), I was unable to log back in. When I enter my password the screen goes blank for a second and then it returns to the login menu. Also, I have noticed that there are no sessions to choose from (e.g. Gnome, Unity, etc.). Maybe this has something to do with it.
The last thing I did before logging out for the last time was removing a package called "indicator-datetime", which I got from installing Unity. Maybe this information isn't useful but it really seemed to me like it caused my problem.
View 1 Replies
View Related
Apr 24, 2009
My co-worker and I are working on this robotics project where robots are controlled over the web. I don't want to go into all the details, but basically the users visit a page where they have access to a PHP-based interface that allows them to send commands to robots in our tech lab (via an intermediate server). Our web server is running Apache.
Anyway, now we need to implement session control, with user-names and passwords so that only certain people can have access to the interface at a certain time, with access to only certain robots, et cetera. We were hoping there was some kind of pre-fab FOSS solution for handling both the session control and maintaining the MySQL user/password database.
My co-worker knows a little PHP, and I know a little MySQL, but we are both noobs enough that we would prefer to do as little of this from scratch as is possible. We don't have a lot of time, and I know it is easy for inexperienced MySQL programmers to introduce security vulnerabilities.
View 1 Replies
View Related
Jul 31, 2010
When I get to the login screen on my computer (with ubuntu-desktop, kubuntu-desktop, and xubuntu-desktop installed on Ubuntu), Gnome isn't in the list of desktop environments!
My temporary solution:
I have Openbox/Gnome. I also have an icon in my panel that opens "compiz --replace" so I can still use the regular WM with compiz.
Why my temporary solution isn't good enough:
It's annoying to have to have an extra icon in my panel, and to have to press it at login. Also, I don't get the Compiz splash screen when I login. Overall it's just not as impressive.
Is there any way to get Gnome back in the menu?
View 4 Replies
View Related
