[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SFTP on Raq4 as Root?

Subject: Re: [cobalt-security] SFTP on Raq4 as Root?
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 5 Aug 2001 16:17:46 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > I get a message for every attempt... every login, and that's followed by
> > a "disconnected" message....
> Sounds good, but this is you personally. Does your advice still
> hold to the rest of us in this group without these scripts? Or could you let
> us all know where we might get hold of something like them?

Stuff like this is pretty easy to do, eg:

tail -f /var/log/messages | grep "Accepted password" &

Would pop up every instance of 'Accepted password' appearing in the
messages log on the console on which it was run.  You can probably do some
funky stuff with xargs and write/mail if you wanted to send the output
elsewhere.  Augment the grep command a little to include other lines from
the log.  Also of interest for those that like to monitor their boxes in
realtime is colortail[1], and xtail[2] has been recomended to me, though I
havn't used it myself.

> I guess you mean SUID CGI scripts to do quick-fixes to re-enable access or
> something like that. Can you provide more information so we can do this kind
> of thing too?

Again, this kind of stuff's pretty easy to build, but I'd rather not.

Regards,

John.

[1] http://www.student.hk-r.se/~pt98jan/colortail.html
[2] http://www.unicom.com/sw/xtail/

References:
- Re: [cobalt-security] SFTP on Raq4 as Root?
  - From: Stephen Rice

Prev by Date: Re: [cobalt-security] Security Practices (WAS: SFTP on Raq4 as Root?)
Next by Date: [cobalt-security] Slightly off topic..
Previous by thread: Re: [cobalt-security] SFTP on Raq4 as Root?
Next by thread: Re: [cobalt-security] SFTP on Raq4 as Root?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index