[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qube 3 patch & sshd logging

Subject: [cobalt-security] Qube 3 patch & sshd logging
From: Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Feb 2003 08:34:16 -0800 (PST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I just applied these two patches:

  CCE Security Update 4.0.1: Qube3-All-Security-4.0.1-15714.pkg   

  Qube3 Kernel Update: Qube3-All-Kernel-4.0.1-2.2.16C33-III+VPN-1.pkg 

and now /var/log/messages only shows my connection from my own fully
qualified address:

  Feb 10 08:19:46 cobalt sshd[3942]: Accepted password for tdunn from <ipaddress> port 47404 ssh2

Never mind the fact that I am connecting in from afar.  This is of some
concern because I use hosts.allow as one of my methods of access control.
Prior to updating, it would correctly act based on my source host.  Now,
*all* inbound hosts are treated as if they are from my own fqdn, effectively
neutralizing the effect of hosts.allow if I allow myself to connect.

How do I best resolve this issue?

tim

-- 
	"There are 11 types of people in this world: people who can
	 understand binary, those who can't, and ones who don't care."

Prev by Date: Re: [cobalt-security] Re: "mirroring" software for RaQ4?
Next by Date: [cobalt-security] Active System Attack
Previous by thread: Re: [cobalt-security] Re: "mirroring" software for RaQ4?
Next by thread: [cobalt-security] Active System Attack

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index