Squid is one of the first open-source programs I got into. I have spent a lot of time looking at squid.conf The default squid.conf (reference copy in /usr/share/doc/squid/examples/squid.conf) is about 5000 lines by default. It’s great that everything is well-documented but who wants to deal with a massive config file like that? Not me. This [...]
IRL I’ve had a few people ask me about updating Ubuntu installations via cron. If you add something like 05 0 * * * /usr/bin/apt-get -y update ; /usr/bin/apt-get -y upgrade to root’s crontab, you’ll get errors like this: dpkg: warning: ‘ldconfig’ not found in PATH or not executable. dpkg: warning: ‘start-stop-daemon’ not found in [...]
Trouble in paradise: [1:0:387][aleida@aleida:pts/8][~] $ ssh m.pingbrie.com ssh_exchange_identification: Connection closed by remote host Let’s talk about it. sshd was logging at debug level so here is the output from the latest attempt, PID 25451 root@avogadro:/var/log# grep 25451 auth.log Nov 7 15:03:20 avogadro sshd[650]: debug1: Forked child 25451. Nov 7 15:03:20 avogadro sshd[25451]: debug1: rexec start [...]
I scrolled back through the output of making the nmap port and saw this gem hidden. Thought you’d enjoy. That is all.
I read about bijk, a server monitoring service, in the latest issue of Linux User & Developer. They gave it a really positive review and the screenshots looked great so, naturally, I had to check it out. I was surprised when I read the installation instructions and tech specs. They host everything (I thought it [...]
While changing the MX for unixsysadmin.org (again), I saw something I hadn’t noticed before in the Google Apps for Your Domain configuration process: For your convenience, the Google Team monitors all mail sent to the addresses abuse@yourdomain.com and postmaster@yourdomain.com, to ensure that we can properly address all reports of spam, abuse, and technical issues. Since [...]
Also filed in Google
|
Tagged abuse, apps, big brother, Email, EULA, google, license, license agreement, MX, postmaster, security, spam, terms
|
OSSEC keeps emailing me a Level 2 notice every time Cacti polls despite having this set in the ossec.conf file: <email_alert_level>7</email_alert_level> I shouldn’t be getting emails below level 7 then, right? Wrong. OSSEC allows for this to be overridden if a specific rule has : <options>alert_by_email</options> The rule that kept firing for me was 1002. [...]
I recently installed OSSEC (a HIDS) and set it up to email security@ this domain. I’m familiar enough with my system to know what certain events that OSSEC didn’t understand were. However, I noticed this one that startled me: Trojaned version of file ‘/bin/login’ detected. Signature used: ‘bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk’ (Generic). Umm…what? It turns out this is [...]
Also filed in Ubuntu
|
Tagged bash, errors, HIDS, login, LTS, lucid, OSSEC, security, trojan, trojaned version, ubuntu
|
Ever get that message ‘username is not in the sudoers file. This incident will be reported’? I have at various times. I always figured this was an empty threat. It’s not. I got one of those incident reports today on my prgmr VPS in /var/mail/root. The contents of the report are: From aleida@REDACTED Wed Mar [...]
I can only vouch for this within Apache. You need two files ‘.htaccess’ and ‘.htpasswd’. Pretend you want this in the directory ‘/var/www/protected’. Your .htaccess file should read something like this: AuthUserFile /var/www/protected/.htpasswd AuthType Basic AuthName “unixsysadmin.org” Require valid-user OK. We referenced a non-existent .htpasswd file. The quickest way to generate this file is to [...]