that's a pretty good idea. the only thing I am worried about because of my old pc ( ;-( ) is that these log-watchers may slow done the system a little bit.
What about the following:
edit /ect/hosts.allow and invoke a scirpt everytime the ssh deamon, or what ever protocoll you like, gets acitve to check (eg.: with who or last -n 2 or ....) to see if the loggin was successfull.
should look like:
sshd: IP : spawn script-whos-there
and the script-whos-there
should include the mail -s user-XXXX-logged-in I know this may take a few if-then loops but should work...
The major drawback currently is that I do not know if hosts.allow allows the use of=20 wildcards for the ip's.=20 This solution worked quiet fine at home-net....
anyway, let me know if that solved your problem / how you solved it....
Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min.
weltweit telefonieren! http://freephone.web.de/?mc=021201
I have a rootserver with remote-console. After I have recognised, that my
provider stores the password for the remote-console in plain-text, I'm
worried about security.
- The bootloader password is set and active.
- Singleusermode is not allowed
Can someone describe me a simple solution to send me an email after a
login-attempt (failed or succeded). The destination of this email should be
an account of my email-provider.
I have ipcop (www.ipcop.org) acting as firewall/nat router in my home LAN. I
like its easy interface and setup. But would like to add some other things
to my EPIA PC running ipcop (video surveillance, VOIP) - and I thought using
more general distro would be easier way. I'm Suse fan so I'm curious what
app would let me do similar Firewall/NAT router system with easy web
interface or other interface under Suse ?
Thanks in advance,
Replying to "Nuno Ferreira" <negocios_online(a)netcabo.pt>
The (umm.. NETGEAR 8 Port 10/100 Mbps Ethernet) switch is something I bought 7
years ago when I first started to network my SOHO. Win 95 and 98. So I have
always felt compelled to keep it. Ethernet switches allow your Ethernet cards
to operate in Full Duplex mode. It's mainly a hub, bridge.
I use it as a uplink for others devices, workstations, servers. Keep the
work-horse off of the firewall/router, if and when I share *LARGE* files on
my LAN. Sending and receiving data at the same time, gets dedicated bandwidth
instead of shared bandwidth.
Separating systems that have sensitive data from the rest of the network
decreases the chances that people will gain access to information they are
not authorized to see.
There is something about this that eliminates the need for other workstations
attached, to examine each packet broadcast on the netwok, I think.
For a boring read:
See Figure 2. It's like my basic SOHO.
This computer duty is E-mail and Chat only.
invalid@addr3ss:~> su -
addr3ss:~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
link-local * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 10.10.2.16 0.0.0.0 UG 0 0 0 eth1
The netmask for the destination net; '255.255.255.255' for a
host destination and '0.0.0.0' for the default route.
Flags Possible flags include
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Don't feel bad, I'm a newbie also.
Happy Holidays to all.
On Friday 10 December 2004 03:30, Nuno Ferreira wrote:
> I am a newbie in this area, and I found intriging your using of a switch
> after the router...can you tell me what´s the use of it?
> -----Original Message-----
> From: Invalid Addr3ss [mailto:firstname.lastname@example.org]
> Sent: domingo, 5 de Dezembro de 2004 7:53
> To: suse-security(a)suse.com; focus-virus(a)securityfocus.com
> Subject: Where to Deploy Trend Micro viruswall?
> Hello All
> I was wondering where to put a Trend Micro Viruswall in my network.
> My basic setup follows below. SOHO
> Cable Modem
> / | \
> / | \
> Linux | XP
> Print Server
> Invalid Addr3ss
> Q) What do you get when you mix a spammer with a hacker?
> A) A Spacker
We are contemplating upgrading 9.1 Prof. ----> 9.2 Prof.
We had/have several problems with the current 9.1 version,
YaST broke after on-line Update,
YaST Repair did not really repair,
After on-line update the properties for sound files changed form
File Type Sound file to File Type Text file.
Since this is not a complaint forum I'll restrict myself to mentioning just
these but there are many more issues.
In short, not a real pleasant experience.
Any of these and/or other problems known in version 9.2?
How is the security level?
Thanks for your response(s)
to confirm to customer's security policies, we require to setup kdm to
display a users last sucessfull / non-sucessfull login _and_ logout-times.
Can anyone provide me with a better idea than posting "last | grep $USER
| xmessage" ?
Thanks in advance
Several strange problems have recently appeared when booting my SuSE 9.0
system. The first and most strange is that when typing my password the
"*******" no longer appear in the password box, it just remains blank and
the cursor does not move. After pulling my hair out for several hours, I
realized that if I typed the password in the box anyway and clicked OK
everything booted as normal. I can live with this quirk (I'm sure its some
new security feature), but where did It come from and how can I change it
back so my ******** appear as I type. Additionally, I can no longer shut
down my system directly from a user logon session. I can only log off and
must shut down from the kde boot screen. Again I would like to change things
back to the way they used to be, if I can. Finally, I know this is becoming
a long post, I can no longer log on to KDE as root. The screen flashes and I
am dumped back to the KDE logon screen and I must logon as a normal user. I
know its not advisable to do this but I noticed this after the following
problem appeared. Trying "sux -" logged on as a normal user in an xterminal
will not alow me to run any x related programs. I continue to get "Xlib:
connection to ":0.0" refused by server, Xlib: Protocol not supported by
server, "programx": cannot connect to X server :0.0 errors. I know the xhost
+local:root workaround, however I would like to get everything back the way
it was before this mess started. I believe this was caused by SuSE watcher
automatically updating my system with "new and improved" security fixes. I
have since disabled automatic updates. Sorry for the long post I would
really appreciate any help I could get.