[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] LOG FILES and Telnet
- Subject: RE: [cobalt-users] LOG FILES and Telnet
- From: David Etheridge <DavidE@xxxxxxxxxxxx>
- Date: Fri Nov 3 00:55:06 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Theodore,
I only caught this post after I sent you that private mail, sorry!
I was unsure of the ProFTPd symptoms but Linuxsecurity.com will have info.
It is also updated anyway with the Cobalt patch:
RaQ3-All-System-3.0.2-6449.pkg
Also check out the Cobalt downlaod site as there is a new update regarding
Local Compromise of the LCDPanel command used to display info on the RaQ's
LCD. Look for RaQ3-All-System-3.0.1-7686.pkg for the LCD fix.
Logcheck is a god send, only last night somebody tried several attempts at
logging into my box (and failed thankfully).
I am also checking with Cobalt Racks to see if it is safe to disable telnet.
Do RaQ's have a seperate console port so the ISP can reboot etc?
As for portsentry restarting on reboot add the lines:
portsentry -tcp &
portsentry -udp &
to the end of the config file /etc/rc.d/rc.local
Also follow the instructions for logcheck to ensure that the relevant cron
entries are added that fire the logcheck script.
Dave Etheridge
-----Original Message-----
From: Theodore Jones [mailto:theoj@xxxxxxxxxxxxx]
Sent: 03 November 2000 01:33
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] LOG FILES
David,
I think I got hit with the ProFTP exploit unfortunately. Are there any
links/alerts you could send me on this exploit and its "symptoms"?
I use Psionic Portsentry and it's an excellent tool also I will attest. Can
you
possibly offer me the syntax of the commands and where to put them for how
to
get it to reboot whenever the server is rebooted or crashes? Right now I
have
to restart it manaully every time with a ./portsentry -tcp command.
I will also try to install Psionic Logcheck soon as well. I need basically
the
same thing as this person below does in terms of notification of any telnetd
login.
Thanks!,
~ Theo
David Etheridge wrote:
> Have you tried Psionic Logcheck, it emails you on a regular basis with
> security alerts and status info. I recommend it as I've found several
cases
> of people trying to use the proftpd vulnerability to hack my box.
Thankfully
> I updated proftpd to close that hole. Also look at Portsentry again from
> Psionic, any hack attacks are killed by Route and hosts.deny entries.
>
> Dave Etheridge
>
> -----Original Message-----
> From: Sean Chester [mailto:seanc@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: 02 November 2000 12:21
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] LOG FILES
>
> does anyone know how i can pass my /var/log/messages (doesthislog all
> connection attempts??) through to a html page?
>
> i need to know if iv had un-authorised connections, i guess this is an
easy
> way?
>
> either that or send an email to me when someone attempts a telent or ftp
> connection (i should be the only person who telnets and ftp's - my sites
are
> just used for mail and www)
>
> thnx in advance.
>
> basically im looking for a very simple solution to checking my log files.
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users