Many organizations have authentication mechanisms already in place. They may not want to have the LDAP server be the central repository for authentication credentials and the authentication mechanism. The typical deployment would use PAM as the gateway to authentication. They do want to have many apps use the LDAP server for authentication and for authorization, user information, etc., just not as the authoritative data source for credentials. GSS/SASL is typically used for this e.g. for Kerberos, you can use your ticket to authenticate to the DS - the DS "passes through" the authentication to Kerberos. But many apps cannot (or will not) use SASL as their authentication mechanism - they must use simple cleartext password BINDs. For these applications, it would be very useful to have the DS pass through the auth creds to PAM.
http://directory.fedoraproject.org/wiki ... in_for_PAM
[ add comment ] ( 30 views ) | [ 0 trackbacks ] | permalink
church is a hospital for sinners
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+
all together: http://fedoraproject.org/wiki/SELinux/MLS
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
A "patch" which allows you to define users which can gain access to SquirrelMail web interface. The patch is a wrapper around the line "$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);" which is used in function sqimap_login in file /var/www/html/functions/imap_general.php
/* -------user login patch by alchy--------------------------------------------------------------- */
$user_found = FALSE;
/**
* ALLOWUSERS: "patch" to SquirrelMail
* uses file "/etc/allow_webmail" where you should put all the users to allow access SqMail
* one user per line
*/
$handle = @fopen("/etc/allow_webmail", "r");
if ($handle)
{
while ( !feof($handle) )
{
$buffer = fgets( $handle, 4096 );
#logout_error( _("diag: nacetl jsem '$buffer' a srovnavam s '$username'") );
if ( strcmp( rtrim( $buffer ), $username ) == 0 ) {
$user_found = TRUE;
#logout_error( _("diag: nastavuji hodnotu user_found!") );
}
}
fclose($handle);
} else {
logout_error( _("Chyba: Nemohu pristpupit na soubor /etc/allow_webmail.") );
exit;
}
if ( $user_found == FALSE ) {
logout_error( _("Pozor: uzivateli $username neni povoleno se prihlasit prostrednictvim teto aplikace.") );
exit;
} else
{
$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);
}
/* ----------------------------------------------------------------------------------------------- */
[ add comment ] ( 8 views ) | [ 0 trackbacks ] | permalink
The document linked below seems like a pretty decent overview of the auditing functionality on Linux. The link is here.The vital page is http://people.redhat.com/sgrubb/audit/index.html - the audit HQ.
To create a report that focuses on the login attempts to your machine, run the
aureport -l command. This command generates a numbered list of all loginrelated
events including date, time, audit ID, host and terminal used, name of the
executable, success or failure of the attempt, and an event ID.
aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
1. 04/23/2007 12:38:38 PM root earth.example.com /dev/pts/0 /usr/sbin/sshd yes 1624
2. 04/23/2007 01:38:12 PM root earth.example.com /dev/pts/1 /usr/sbin/sshd yes 1655
3. 04/23/2007 03:32:58 PM root 192.168.0.20 /dev/pts/0 /usr/sbin/sshd yes 1712
Also, there is a RH discussion list: http://blog.gmane.org/gmane.linux.redha ... ity.audit/
Code snippet which prints the login successes or failures even with sudo or su attempts.
# ausearch -m USER_AUTH -i | sed -n "s/.*msg=audit(\([^ ]*\) \([^. ]*\).[0-9]*[:]\([0-9]*\).* uid=\([^ ]*\).* auid=\([^ ]*\).* user=\([^ ]*\) exe=\([^ ]*\).* addr=\([^,]*\).* result=\([a-zA-Z]*\).*/\date='\1' time='\2' avc='\3' uid='\4' auid='\5' user='\6' exe='\7' addr='\8' result='\9'/p"
date='01/11/2011' time='07:50:24' avc='5' uid='root' auid='unset' user='root' exe='/bin/su' addr='?' result='Success'
date='01/11/2011' time='07:50:31' avc='11' uid='root' auid='unset' user='test' exe='/bin/su' addr='?' result='Success'
On Red Hat Enterprise Linux AS release 4 (Nahant Update 5) with audit-1.0.15-3.EL4 the ouptut is:
# ausearch -m USER_AUTH -i
----
type=USER_AUTH msg=audit(01/11/2011 07:50:24.457:5) : user pid=3350 uid=root auid=unset msg='PAM authentication: user=root exe=/bin/su (hostname=?, addr=?, terminal=pts/0 result=Success)'
----
type=USER_AUTH msg=audit(01/11/2011 09:40:28.323:30) : user pid=3810 uid=root auid=unset msg='PAM authentication: user=root exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Success)'
----
type=USER_AUTH msg=audit(01/11/2011 09:40:59.756:39) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication
----
type=USER_AUTH msg=audit(01/11/2011 09:41:03.236:41) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication
----
type=USER_AUTH msg=audit(01/11/2011 09:41:06.738:43) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication
So the sed filter does not work for failures as with RHEL5+. Notice the -i (interpreted) result reports failure as Authentication, which is a bug.
Example how to get rid of some characters:
# ausearch -m USER_AUTH | sed -e "s/'//g" | sed -e "s/\"//g" | se
d -e "s/,//g" | sed -e "s/Authentication failure/failure/g"
Parses out audit USER_AUTH on one line.
#!/bin/bash
# logname contais servername!
# ex: /var/log/syslog-ng/date/unix/servername-audit
if [ "$1" = "" ]; then
echo "specify pathname"
exit
fi
FILE=$1
TMP="/tmp/tmp.$$"
> ${TMP}
AUDIT_HEAD=".*msg=audit(\([^ ]*\) \([^. ]*\).[0-9]*[:]\([0-9]*\).*"
AUDIT_HEAD_P="date='\1' time='\2' avc='\3'"; VAL="\([^ ]*\).*" # space ending value
SERVER=`basename $FILE | sed -e 's/-audit//g'`
ausearch -i -m USER_AUTH -if $FILE 2>/dev/null | \
tr -d '\n' | \
sed -e 's/----/\n/g' | \
strings | \
sed -e "s/'//g" | \
sed -e "s/\"//g" | \
sed -e "s/,//g" | \
sed -e "s/acct/user/g" | \
sed -e "s/res=/result=/g" | \
sed -n "s/${AUDIT_HEAD} uid=${VAL} auid=${VAL} user=*${VAL} exe=${VAL} addr=${VAL} result=\([^)]*\).*/${AUDIT_HEAD_P} uid='\4' auid='\5' user='\6' exe='\7'
addr='\8' result='\9'/p" > ${TMP}
while read line
do
echo -n "server='$SERVER'"
echo " $line"
done < ${TMP}
rm ${TMP}
exit
# comments
[ add comment ] ( 29 views ) | [ 0 trackbacks ] | permalink
make_self_npdrm makes valid NPDRM selfs from elfs
it does not contain any info on decrypting or removing NPDRM
NPDRM is required for interoperability of our homebrew applications
package_finalize turns your debug packages into psuedoretail packages
psuedoretail packages install on a geohot jailbroken PS3
https://github.com/geohot/ps3publictools/blob/master/README
[ add comment ] ( 29 views ) | [ 0 trackbacks ] | permalink
set nagios_group in nagios.cfg to be nagcmd, here is a thread.
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
When you can not use the find command with mtime option for some reason.
find /var/log/clc/ -type f -mtime 1 | grep -v *gz | xargs gzip --verbose
Then a nice funcionality of date command allows you to get the date before or after X days (hours/minutes/years). The example compress specific sub folder which name is $year/$month/$day format.
#!/bin/bash
# name: parchive.sh
# this script is copied into /etc/cron.daily/
cd /tmp
ARCHIVE_DIR="/home/log/"
MSG_FILE=/tmp/archive.tmp
year=`date +%Y -d "1 day ago"`
month=`date +%m -d "1 day ago"`
day=`date +%d -d "1 day ago"`
cd $ARCHIVE_DIR/$year/$month/$day
if [ $? != 0 ]; then
echo "Can't change directory to $ARCHIVE_DIR/$year/$month/$day, exitting"
echo "Can't change directory to $ARCHIVE_DIR/$year/$month/$day, exitting" \
| mailx -s "`hostname --fqdn` ${0} failed" root@localhost
exit 1
fi
gzip *
if [ $? != 0 ]; then
echo "Gzip failed, please check the $ARCHIVE_DIR/$year/$month/$day manually. Exitting." > $MSG_FILE
fuser * >> $MSG_FILE
cat $MSG_FILE
cat $MSG_FILE \
| mailx -s "`hostname --fqdn` ${0} failed" root@localhost
exit 1
fi
echo "Archives created successfuly for `ls` \n at `hostname --fqdn` with ${0}" \
| mailx -s "`hostname --fqdn` ${0} ok" root@localhost
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
# Get almost all messages according to
# facility and priority (old syslogd concept)
filter f_all { level(debug .. emerg); };
# Filter just messages for ssh login attempts
filter f_sshlogin { program("sshd.*") and match("(Failed|Accepted)"); };
# Filter anything with "mymsg" messages
filter f_rmatch { match("mymsg"); };
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink