I’m looking to create an account similar to a Domain Admin, but without access to domain controllers. In other words, this account will have full Administrator rights to any client machine in the domain, be able to add machines to the domain, but have only limited user rights to the servers. This account will be used by a person in an end-user tech support kind of role. They should have full access to client machines [...]

Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP Asked by Mike B As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. Usually, all rules for connections inside your LAN should use REJECT. For the Internet, With the exception of ident [...]

Is it still considered a ‘port scan’ to have scripts trying to SSH in with a list of common account names or trying multiple passwords for ‘root’ or ‘mail’ (or similar)? I’m hoping to find a way to block these but I’m at a loss as to what to search for. When I imagine the term port scan I think of using NMAP (or equivalent) to find what’s open in iptables. Just curious if this [...]

A new RedHat EL5.6 server has been recently put under my care. It is immediately obvious that, for the previous 12 months, little to no attention has been given to any sort of package updates. Typically I am of the mindset of if it isn’t broke – don’t fix it. However, after registering the server with RHN, and also using the yum-security plugin to check security updates, there are just over 1100 “security” updates available. [...]

I am a programmer, but the company I am working for has been growing and has outgrown the 2 man IT contractor team that has been servicing us. We are looking into several different solutions for our IT needs now (smallish company 30 computers, 3 servers). I have been presented with a proposal from an IT company for a Tech Audit. The problem is I don’t know if they are covering all of the bases [...]

I used: usermod -L myUser to disable the password for this account. Assuming that I don’t know the password how do I check that it has been disabled. According to the man page it places ! in the front of the encrypted password, but I don’t know how to check that either. Asked by DarkSheep You can use the passwd utility to look at the status of the user’s password entry passwd -S user user [...]

When checking the logfiles of some of my customers I found this as username for authenticated users. We have a .htusers file used for basic web auth, all other users in the serverlog I found in the .htusers, but not the @^Y@.@{phqsp~{2′/2|pq{jvk@-1(‘@lvo)&1–1.(/1)’@./* user. Server version is 2.2.22 on 64b Opensuse 12 First question: was this user able to receive the content protected by the .htusers file? Next one: anyone having more information about this break-in [...]

ls -l /etc/passwd gives $ ls -l /etc/passwd -rw-r–r– 1 root root 1862 2011-06-15 21:59 /etc/passwd So an ordinary user can read the file. Is this a security hole? Asked by abc Actual password hashes are stored in /etc/shadow, which is not readable by regular users. /etc/passwd holds other information about user ids and shells that must be readable by all users for the system to function. Answered by Michael Check more discussion of this [...]

I have a server running Debian 6.0 with logcheck installed. Yesterday ago, I received this message: Jan 19 19:15:10 hostname sshd[28397]: Authentication tried for root with correct key but not from a permitted host (host=4.red-2-140-77.dynamicip.rima-tde.net, ip=2.140.77.4). I don’t know who this is and I doubt he was there by accident. Now, what should I do? First thing I done was disable ssh password authentication and switched to public/private key. I also check the authorized_keys file [...]

I’m trying to find a sendmail.mc that allows open relaying without username/password to any system (im testing some code that uses SMTP). Google’d, could not find and it has been a long while since I modified sendmail config! (it’s a private system for temporary use) Thanks in advance Asked by Aiden Bell Try FEATURE(promiscuous_relay) According to the doco, By default, the sendmail configuration files do not permit mail relaying (that is, accepting mail from outside [...]