Ubuntu Security :: Entries In My Auth Log ?
Mar 29, 2010I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
ADVERTISEMENT
Ubuntu :: Auth.log CRON - Receiving In My Auth.log File
Jan 10, 2011Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
Security :: Fail2ban Stops Loggs In Auth.log?
Feb 11, 2011I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
Security :: Squid User Auth Encrypt?
May 7, 2010I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 Replies View RelatedUbuntu Security :: Viability Of Running SSH On Default Port Using Key Auth?
Mar 8, 2010I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
View 8 Replies View RelatedSecurity :: Ensure Changes To System-auth Do Not Lockout Root?
Jan 8, 2010I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
Ubuntu Security :: Automatic Logout - Auth Log Indicates Failed Login Attempt?
Mar 3, 2010A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
Security :: PAM (system-auth) Illegal Module Type: Ccount?
Mar 8, 2011internal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
Ubuntu Security :: Strange Named Entries In Syslog
Mar 30, 2011I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
Security :: Cmnd_Alias Entries In Sudo?
Jan 5, 2010Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies View RelatedSecurity :: Unknown Entries In Samba Log
Nov 9, 2010I have been getting the following in the samba section of the log watch report for the past few days. But don't know what it means.
[Code]....
and more. What does it mean? Does it mean any attempt to hack or is it some kind of status update? If this is not a threat and can be suppressed, how can I do this?
Ubuntu Security :: Firefox Fenton Auto Complete Entries?
Oct 11, 2010I've noticed on a couple of occasions that e-mail address auto-complete drop down lists have e-mail addresses in that I have never entered (!!) They all seem to be for people with the surname fenton at either gmail or hotmail. Is it likely that I have been hacked?
View 3 Replies View RelatedSecurity :: Syslog - Missing Entries To Logs
May 23, 2011CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
Fedora Security :: Lastb - Clear Entries To Can Get A More Update View?
Jun 29, 2009I run lastb every now and again to see who is trying to p0wn my box and it dates back to november 08. how do i clear these entries to i can get a more update view? or if you know a way i can do a 'more' or something so the IP's are not flying by that would be cool too!
View 2 Replies View RelatedSecurity :: Can I Change Entries In Inode Table Of A File (Linux)
May 19, 2011Anyone, I would like to ask if it was possible to change the entries of a file's inode table ?
For example
Code...
I was wondering if I can change the entries in this inode table's entries.
For example I want to change the "Modify" entry ? I want it to reflect to day 2009-05-19 for example.
Can i do it ?
Security :: Saw A Number Of Clients (customers) With Some Fun Characters Entries On Database?
Feb 16, 2011My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients. Please assist, am running Linux Ubuntu 9 and I dont know where to start troubleshooting this. let me confession that I am still on the learning curve on Linux
View 8 Replies View RelatedSecurity :: Track IPsec Module's Operations / Find Such A Log File - Entries In System?
Feb 25, 2009How can I track IPsec module's operations? Can I find such a log file or entries in Linux?
View 1 Replies View RelatedGeneral :: How To Add Entries / How To Delete Entries
Oct 13, 2010I am working on Red Hat Linux since last six months and learning it steps by steps. like configurating ftp server,NSF ,DNS and then email server. I want to learn squid server but technically before going into it what you suggest me that may I first learn to configure Linux as a router,Firewall machine or do IP masquerading on a server. Because all these things are directly or indirectly involve in squid.So guide me because going to start squid i may understand Linux IP table ,how to add entries in it,how to delete entries ,I think you understand my point which i want to ask for guidence.
View 4 Replies View RelatedUbuntu :: Pam Auth Error When Logon Through VNC?
May 30, 2010On Ubuntu 10.04 with x11Vnc server, if the screen requires logon (such as if locked or upon reboot), through the VNC terminal, I always get authentication error (incorrect password). Sitting at the keyboard, I can logon just fine. Once logged on, I can access everything through VNC just fine.
Error in auth.log (username = bob):
unix_chkpwd[3926]: password check failed for user (bob)
gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000
[code]....
Ubuntu :: Change The Frequency Of Auth.log?
Jun 25, 2010I have edited /etc/logrotate.conf to include
/var/log/auth.log {
rotate 6
monthly
copytruncate
compress
}
To try and prevent auth.log rotating daily and change it to monthly but it doesnt seem to work.
Either im doing it wrong or i need to restart some service?
Ubuntu :: Configuring LDAP Auth With A GUI?
Feb 28, 2011I've been using CentOS for quite a long time, and I've recently switched to Ubuntu 10.10 as a desktop. I'm having one small stumbling block, I can't seem to setup LDAP authentication via a GUI. I found this post here.
[URL]
Is there a GUI application that allows LDAP configuration similar to the Cent OS one?
Ubuntu Servers :: Ssh Logged Port In Auth.log Is Different Than 22
Oct 22, 2010As far as I understand ssh runs on port 22 but in my /var/log/auth.log I see
Quote:
why is this logged 48504 different than ssh port 22?
Ubuntu Servers :: Ssh Restart Gives Error In Auth.log
Oct 29, 2010When ever I restart ssh
Quote:
/etc/init.d/ssh restart
I see following line in auth.log
Quote:
sshd[5678]: error: Bind to port 22 on :: failed: Address already in use.
That is a headless server. What does the above line signify or tell and why am I seeing that? Ubuntu 10.04 64 bit server edition
General :: How To Rotate Auth.log
Mar 2, 2010I have a problem with the logrotate of auth.log, it is not working. I tried using 'kill -HUP `cat /var/run/sshd.pid`'. This restarts sshd but does not create a new auth.log. Also tried "/etc/etc/init.d/ssh restart" and "/etc/init.d/ssh reload"
View 3 Replies View RelatedUbuntu Servers :: AD Auth - Changing Password At Logon
Nov 17, 2010I have succesfully set up authentication manually in Ubuntu so users can log on with Windows Active Directory accounts and have their network drives mapped automatically using pam_mount.
Please note due to the setup I can't make any changes to the Windows 2k3 server.
If a user wants their password reset I can change it to a generic password. When they next log on to a Windows computer with the generic password it will automatically ask them to change it to something else.
Is there anyway to get this to work with Ubuntu 10.10? At the moment when logging onto Ubuntu with an account that is in this state the message Please change your password appears, it then proceds to log on without prompting to change the password and natually it won't map the drives etc.
Server :: HTTP Auth From Outside + Allow From Local?
Jul 29, 2010Been a while but have a few scripts that need to hit a website that's local to that network, but also a public site. Currently there is an .htaccess in that folder with this lockdown;
AuthType Basic
AuthName "Restricated"
Require valid-user
Now, can I break that somehow and say (here is my english translation)
[Code]..
OpenSUSE :: Add / Setting -auth -audit In X Server
May 21, 2010I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies View RelatedRed Hat / Fedora :: WPA Will Only Auth Once / Right After Password Change On Router
Sep 1, 2010I recently installed Fedora 13, Xfce, on my HP netbook. It's using AR9285. When i try to connect to my network with WPA enabled it will not work despite the password info being correct. I'm using a DI-514 router, with no updates to firmware. It only works, if I change the password, then use said password, then, when I disconnect, said password no longer works. WEP works just fine, open network works fine, why wont WPA-PSK work?
View 9 Replies View RelatedDebian :: Postfix SASL Auth Not Working?
Mar 10, 2010I'm getting relay access denied to an email outside of my domain. It seems the passwords are authenticating because I'm not getting invalid password prompts.
### BEGIN POSTFIX CONF ###
# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_size_limit = 0
[Code].....
Networking :: Vsftpd 2.0.1-6 Auth Tls Clients Not Connect?
Apr 10, 2010This is as far as FireFTP can go to make a connection.
Code:
220 Welcome to Steve Test SFTP service.
AUTH TLS
Proceed with negotiation.
PBSZ 0
All the basic vsftpd.conf advice followed:
Code:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
[code]....