[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Qube 3 patch & sshd logging
- Subject: [cobalt-security] Qube 3 patch & sshd logging
- From: Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Feb 2003 08:34:16 -0800 (PST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I just applied these two patches:
CCE Security Update 4.0.1: Qube3-All-Security-4.0.1-15714.pkg
Qube3 Kernel Update: Qube3-All-Kernel-4.0.1-2.2.16C33-III+VPN-1.pkg
and now /var/log/messages only shows my connection from my own fully
qualified address:
Feb 10 08:19:46 cobalt sshd[3942]: Accepted password for tdunn from <ipaddress> port 47404 ssh2
Never mind the fact that I am connecting in from afar. This is of some
concern because I use hosts.allow as one of my methods of access control.
Prior to updating, it would correctly act based on my source host. Now,
*all* inbound hosts are treated as if they are from my own fqdn, effectively
neutralizing the effect of hosts.allow if I allow myself to connect.
How do I best resolve this issue?
tim
--
"There are 11 types of people in this world: people who can
understand binary, those who can't, and ones who don't care."