Ubuntu Security :: Entries In My Auth Log ?

Mar 29, 2010

I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.

Code:

View 8 Replies


ADVERTISEMENT

Ubuntu :: Auth.log CRON - Receiving In My Auth.log File

Jan 10, 2011

Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...

Code:

View 1 Replies View Related

Security :: Fail2ban Stops Loggs In Auth.log?

Feb 11, 2011

I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In

Quote:

/var/log/auth.log

It is a Ubuntu server and I had installed fail2ban via

Quote:

apt-get install

I thought some thing might be in

Quote:

/var/log/fail2ban.log

but there I do not see any thing

Quote:

2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log

[Code].....

View 1 Replies View Related

Security :: Squid User Auth Encrypt?

May 7, 2010

I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??

View 2 Replies View Related

Ubuntu Security :: Viability Of Running SSH On Default Port Using Key Auth?

Mar 8, 2010

I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.

View 8 Replies View Related

Security :: Ensure Changes To System-auth Do Not Lockout Root?

Jan 8, 2010

I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.

password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass

[code]...

View 1 Replies View Related

Ubuntu Security :: Automatic Logout - Auth Log Indicates Failed Login Attempt?

Mar 3, 2010

A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:

Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root

[code]....

View 1 Replies View Related

Security :: PAM (system-auth) Illegal Module Type: Ccount?

Mar 8, 2011

internal system mail revealed an error. Part of the mail is the below:

Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount

i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.

it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond

here is my system-auth file on the affected server:

auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....

View 1 Replies View Related

Ubuntu Security :: Strange Named Entries In Syslog

Mar 30, 2011

I was just looking around and did a tail on my syslog and some strange entries came up:

[Code].....

I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?

View 6 Replies View Related

Security :: Cmnd_Alias Entries In Sudo?

Jan 5, 2010

Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.

View 3 Replies View Related

Security :: Unknown Entries In Samba Log

Nov 9, 2010

I have been getting the following in the samba section of the log watch report for the past few days. But don't know what it means.

[Code]....

and more. What does it mean? Does it mean any attempt to hack or is it some kind of status update? If this is not a threat and can be suppressed, how can I do this?

View 2 Replies View Related

Ubuntu Security :: Firefox Fenton Auto Complete Entries?

Oct 11, 2010

I've noticed on a couple of occasions that e-mail address auto-complete drop down lists have e-mail addresses in that I have never entered (!!) They all seem to be for people with the surname fenton at either gmail or hotmail. Is it likely that I have been hacked?

View 3 Replies View Related

Security :: Syslog - Missing Entries To Logs

May 23, 2011

CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -

Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...

The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.

View 2 Replies View Related

Fedora Security :: Lastb - Clear Entries To Can Get A More Update View?

Jun 29, 2009

I run lastb every now and again to see who is trying to p0wn my box and it dates back to november 08. how do i clear these entries to i can get a more update view? or if you know a way i can do a 'more' or something so the IP's are not flying by that would be cool too!

View 2 Replies View Related

Security :: Can I Change Entries In Inode Table Of A File (Linux)

May 19, 2011

Anyone, I would like to ask if it was possible to change the entries of a file's inode table ?

For example

Code...

I was wondering if I can change the entries in this inode table's entries.
For example I want to change the "Modify" entry ? I want it to reflect to day 2009-05-19 for example.

Can i do it ?

View 13 Replies View Related

Security :: Saw A Number Of Clients (customers) With Some Fun Characters Entries On Database?

Feb 16, 2011

My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients. Please assist, am running Linux Ubuntu 9 and I dont know where to start troubleshooting this. let me confession that I am still on the learning curve on Linux

View 8 Replies View Related

Security :: Track IPsec Module's Operations / Find Such A Log File - Entries In System?

Feb 25, 2009

How can I track IPsec module's operations? Can I find such a log file or entries in Linux?

View 1 Replies View Related

General :: How To Add Entries / How To Delete Entries

Oct 13, 2010

I am working on Red Hat Linux since last six months and learning it steps by steps. like configurating ftp server,NSF ,DNS and then email server. I want to learn squid server but technically before going into it what you suggest me that may I first learn to configure Linux as a router,Firewall machine or do IP masquerading on a server. Because all these things are directly or indirectly involve in squid.So guide me because going to start squid i may understand Linux IP table ,how to add entries in it,how to delete entries ,I think you understand my point which i want to ask for guidence.

View 4 Replies View Related

Ubuntu :: Pam Auth Error When Logon Through VNC?

May 30, 2010

On Ubuntu 10.04 with x11Vnc server, if the screen requires logon (such as if locked or upon reboot), through the VNC terminal, I always get authentication error (incorrect password). Sitting at the keyboard, I can logon just fine. Once logged on, I can access everything through VNC just fine.

Error in auth.log (username = bob):
unix_chkpwd[3926]: password check failed for user (bob)
gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000

[code]....

View 9 Replies View Related

Ubuntu :: Change The Frequency Of Auth.log?

Jun 25, 2010

I have edited /etc/logrotate.conf to include

/var/log/auth.log {
rotate 6
monthly
copytruncate
compress
}

To try and prevent auth.log rotating daily and change it to monthly but it doesnt seem to work.

Either im doing it wrong or i need to restart some service?

View 5 Replies View Related

Ubuntu :: Configuring LDAP Auth With A GUI?

Feb 28, 2011

I've been using CentOS for quite a long time, and I've recently switched to Ubuntu 10.10 as a desktop. I'm having one small stumbling block, I can't seem to setup LDAP authentication via a GUI. I found this post here.

[URL]

Is there a GUI application that allows LDAP configuration similar to the Cent OS one?

View 3 Replies View Related

Ubuntu Servers :: Ssh Logged Port In Auth.log Is Different Than 22

Oct 22, 2010

As far as I understand ssh runs on port 22 but in my /var/log/auth.log I see

Quote:

why is this logged 48504 different than ssh port 22?

View 2 Replies View Related

Ubuntu Servers :: Ssh Restart Gives Error In Auth.log

Oct 29, 2010

When ever I restart ssh

Quote:

/etc/init.d/ssh restart

I see following line in auth.log

Quote:

sshd[5678]: error: Bind to port 22 on :: failed: Address already in use.

That is a headless server. What does the above line signify or tell and why am I seeing that? Ubuntu 10.04 64 bit server edition

View 9 Replies View Related

General :: How To Rotate Auth.log

Mar 2, 2010

I have a problem with the logrotate of auth.log, it is not working. I tried using 'kill -HUP `cat /var/run/sshd.pid`'. This restarts sshd but does not create a new auth.log. Also tried "/etc/etc/init.d/ssh restart" and "/etc/init.d/ssh reload"

View 3 Replies View Related

Ubuntu Servers :: AD Auth - Changing Password At Logon

Nov 17, 2010

I have succesfully set up authentication manually in Ubuntu so users can log on with Windows Active Directory accounts and have their network drives mapped automatically using pam_mount.

Please note due to the setup I can't make any changes to the Windows 2k3 server.

If a user wants their password reset I can change it to a generic password. When they next log on to a Windows computer with the generic password it will automatically ask them to change it to something else.

Is there anyway to get this to work with Ubuntu 10.10? At the moment when logging onto Ubuntu with an account that is in this state the message Please change your password appears, it then proceds to log on without prompting to change the password and natually it won't map the drives etc.

View 2 Replies View Related

Server :: HTTP Auth From Outside + Allow From Local?

Jul 29, 2010

Been a while but have a few scripts that need to hit a website that's local to that network, but also a public site. Currently there is an .htaccess in that folder with this lockdown;

AuthType Basic
AuthName "Restricated"
Require valid-user

Now, can I break that somehow and say (here is my english translation)

[Code]..

View 1 Replies View Related

OpenSUSE :: Add / Setting -auth -audit In X Server

May 21, 2010

I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.

View 1 Replies View Related

Red Hat / Fedora :: WPA Will Only Auth Once / Right After Password Change On Router

Sep 1, 2010

I recently installed Fedora 13, Xfce, on my HP netbook. It's using AR9285. When i try to connect to my network with WPA enabled it will not work despite the password info being correct. I'm using a DI-514 router, with no updates to firmware. It only works, if I change the password, then use said password, then, when I disconnect, said password no longer works. WEP works just fine, open network works fine, why wont WPA-PSK work?

View 9 Replies View Related

Debian :: Postfix SASL Auth Not Working?

Mar 10, 2010

I'm getting relay access denied to an email outside of my domain. It seems the passwords are authenticating because I'm not getting invalid password prompts.

### BEGIN POSTFIX CONF ###
# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_size_limit = 0

[Code].....

View 5 Replies View Related

Networking :: Vsftpd 2.0.1-6 Auth Tls Clients Not Connect?

Apr 10, 2010

This is as far as FireFTP can go to make a connection.

Code:

220 Welcome to Steve Test SFTP service.
AUTH TLS
Proceed with negotiation.
PBSZ 0

All the basic vsftpd.conf advice followed:

Code:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO

[code]....

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved