Security :: How To Make PAM Give Message When Denying Ssh Access?
Oct 23, 2009
We use PAM to control access to our RHEL4 servers. We would like PAM to give a message, of our choice, when users who are not allowed to login try to login. PAM's default is to let the user try 3 times without any explanation.
I'm new to LinuxQuestions and this is my first post. I'm trying to build rrdtool to install Cacti and encountered the following problem: 'make' step returns an error messages:
Code: ./.libs/librrd.so: undefined reference to `xmlTextReaderGetParserLineNumber' collect2: ld returned 1 exit status What I have doneDownload and build the latest version of pkg-config, glib, pixman, cairo, pango, atk, gtk+ from official sites. Download rrdtool source Set PKG_CONFIG_PATH correctly
There is actually another problem with the computer which is "The Nautilus application has quit unexpectedly" everytime I open File Browser application or right-click>Properties a file/directory. This happen only after installing cairo and pango and I don't know how to revert to old version. Since there are a lot of log files so I'm very confused. Can someone give me a direction on how to resolve this?
I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.
I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
Code: drwx------ 65 root root 4096 Apr 29 7:38 rsyslog The cisco folks are requesting access to these logs, which is allowed by company policy.
I want to give access to a student to a server in order to make repeated trials of traceroute to different hosts. We have realized that it is preferable to use the -T option, as it sends TCP packets that are less commonly blocked by firewalls. However, this option is only available to superusers, and I don't want to grant the student such privileges.
Just had ModSecurity with CRS installed for me on my hosted website, which I'm hardening after a recent hack. My site is a php-based user community with MySQL back end, so people register as members via php.
First, I'd like to properly log malicious activity Then I'd like to deny access where an attack looks likely Thing is, I'm not sure which /etc/apache2/modsecurity_crs modsecurity config files to tweak.then I can't even see my login page because I'm forbidden from the .php file it loads.I'm guessing I need to change rules individually but I have no idea how or which to change to stop attacks. The CRS documentation is just a bit too heavy to give me the basics.
use dual boot with win 7 and ubuntu 10.04, i installed Win7 first on one partition, and afterwards Ubuntu 10.04 on a second partition on the same drive. Now when i try to delete some files in windows like old games that where on a other harddrive it sais "You require permission from S-1-5-21-293015479-4145159318-3171105019-500 to make changes to this folder"How do i resolve the problem that ubuntu takes ownership over some folder/files
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
My apologies if this is the wrong board for this thread, but seeing how the issue appears to be related to where I'm connecting from, I thought this would be the place to look.To start off, I've been running VSFTPD on the box for a good year or so now. Until recently, everything seemed to be working fine, but during the past few days I've run into issues with it and have been having trouble pin-pointing the problem. I've gone as far as reinstalling VSFTPD and rechecking every line in the conf file to no avail.The issue presents itself when I try to login to the FTP server remotely. The moment I put my user name in, I get disconnected without any error message, simply connection closed. That isn't the case when I'm connecting locally from the server.If I try to connect remotely using eth0 (internal network), it works fine again... but if I try eth1 (external network)... it fails. I'm thinking it might be related to PAM, but so far have been unable to figure out what I need to change in the configuration there. Additionally, the PAM log file doesn't show any activity if I'm connecting through eth1, but displays it if connecting through eth0.
I'm a little security paranoid, there are a lot of times that my terminal is available to prying eyes and listless fingers. As a security minded individual, I would like to make sure to lock down my Ubuntu (11.04b3) install in one of the best ways I can think of, and require a dongle to access my box. Is this something any of you other security minded people have done?
What are other great ways to lock my terminal? I would like to make sure that not only the "average" user, but also the ABOVE average user will not be able to penetrate my system without a key. Let me know what you think, and other measures I can take.
Hi I am running a fedora 10 desktop. when i send an email using evolution the message was not sent but returns a error message:"Error while performing operation.DATA command failedError: 550 Viagra SPAM - Hi in Subject" and the message did not have an attachment just plain words. what might have gone wrong for i have been using this for sometime without a problem. or what security measures should be in place to remove this viagra spamAm I infected by virus on this fedora, all my updates are up to date.
I have installed a cvs server i want to give access to the cvs only from certain ip from my LAN is there any tag to add to /etc/xinetd.d/cvs file to do this. also provide me information on how to secure my server
can someone give me some details for ssh passthrough from ssh version1 to ssh version 2. ssh version1 to version1 and version 2 to version 2 works wel, but version 1 to version 2 is asking for a password ...
like few sites i go to - IE: Facebook i want to take a webcam pic through facebook and in order to do it in windows u click take a picture then u have to click "allow" to give acess to the webcam....in ubuntu the screen comes up but theres no place to click allow....(im using adobe flash plugin for ubuntu........anyone know what i should do? also how can i tell if my webcam is working? my mic is working (which is built in to my webcam) but i am not sure about webcam
So on one of the Linux systems here (2.6 kernel if it matters), there's some weirdness regarding trying to ssh into the system. Basically, if you give it the wrong password on the first ssh attempt, it will give you two more attempts, but even if you give it the correct password, it still won't let you in on those subsequent attempts. (If you give the correct password on the first attempt, it will let you in.)
i am using proftpd-mod-sql on ubuntu 10.04lts and i am trying to give the ftp users access to my external usb hdd's because the internal drive is too small. I am using vusers in a sql db. They are associated to the ftpuser and ftpgroup. My drives are mounted to /media/... and belong to my user and group. The rights are set to 0700. So my ftp users have no access to it and i cannot change it. I could change the vusers uid/guid to my username but i think, that is not a good solution. I would like to have access to the usb drives with the ftp users and with my ordinary username (for xbmc and samba access).
I want to give some web address to host file and except these web address no website will open. For example I give permission for [URL] and [URL]. The user just enter these 2 website. Other websites will be blocked.
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want: username:client1 password:12345 home directory: home/server1 username:client2 password:12345 home directory: home/server2
I just created a 2nd user on my computer. I've got the hard drive that ubuntu runs on, and then a 2tb drive for media. If the 2tb is mounted on my desktop, it won't show up on his desktop even if I'm logged out. It won't show up on his unless I unmount on mine.
If I'm logged out I'm obviously not using it. So why doesn't it show up? He has all privileges. Is there a way to make this work without having to unmount?
I'm running karmic btw. If you need computer info let me know what to type into the terminal and whatnot and I'll paste it all here!
I've got folder /srv/www/site1 that's owned by www-data:www-data (Apache). Now I need to give FTPuser1:ftpusers r/w access to the same folder, but all my attempts are gone bad. How should I exactly do it?
I have recently secured a server by preventing root from logging in via SSH. Now I log in with a non-root account and use 'su' when necessary.However, now I can't do something I used to do, which is open 'sftp://user@ipaddress' in nautilus and be able to edit files as root. Is there anyway to get nautilus to give me root permissions on the server? Or at least end up with root permissions in a GUI text editor on my computer? I don't mind if I have to use bash to start the process, once I can get a GUI for editing files.
Note 1: Yes, I realize I could ssh in and use nano/vi etc, but I'd rather use my graphical text editor. Note 2: The server does not run X, so I can't just forward it.