Re: Questions on some wierd /var/log entries
- From: Douglas Mayne <doug@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 07:55:12 -0700
On Tue, 16 Jan 2007 02:36:11 -0800, sk8terg1rl wrote:
Hello group,
I've been periodically checking the entries in my /var/log files and
would like some input on what these entries are on about (yes, I did
try Googling for them). I'm running SuSE 10.2. Is there a FAQ somewhere
that explains what the different entries mean?
/var/logs/warn:
Nov 29 17:30:01 college kernel: printk: 3 messages suppressed.
Nov 29 17:30:01 college kernel: martian source [IP Address #1] from [IP
Address #2], on dev eth0
Nov 29 17:30:01 college kernel: ll header: ff:ff:ff:ff:ff:ff:[MAC
Address]
.
.
.
Jan 10 13:13:55 college SuSEfirewall2: Warning: ip6tables does not
support state matching. Extended IPv6 support disabled.
Jan 10 13:13:57 college SuSEfirewall2: Warning: no interface active
<snip>
Jan 15 21:40:23 college sshd[22669]: refused connect fromAre you running on an ipv6 network?
::ffff:81.209.167.239 (::ffff:81.209.167.239)
Are those IPs above likely to be proxies?
My college's lazy IT team (the bloody monkeys have a reputation for notI don't know the specifics about adding firewall rules using Suse's
doing anything if they can get away with it) won't entertain my request
to move my SSH port number to something else and are blocking all other
ports. Some lame excuse of "if its not vital for your work/studies, it
will not be done". So port knocking is out as is moving my SSH port to
something unconventional.
Would the only way for someone to break in be to be on my hosts.allow
list and for them to guess the right username/password? Or are there
exploits/holes I should be worried about?
Sorry if I seem paranoid about this. My computer is on pretty much 24/7
doing jobs and I'm very inexperienced with Linux security. Watching all
those failed login attempts makes me feel like watching sharks swimming
around me in a shark cage; both safe and insecure at the same time.
Is there anything else I can do to improve security? My hosts.allow
list only has a few IPs (dynamic home IP, college gateway, 2nd/3rd work
computer) and my hosts.deny list denies everything else. My computer
doesn't respond to pings and has root logins disabled.
firewall. That is because I prefer using iptables directly. If you are
sticking with Suse, then you should start learning about its firewall
interface to iptables. You can then add a rate-limit rule to limit ssh
attacks. But even before that, you should setup sshd securely.
ssh authentication...
Another important restriction for ssh is to authenticate by certificate
only; passwords are not accepted. Here is a tutorial for doing
that:
http://pkeck.myweb.uga.edu/ssh/
There are a lot of tutorials on the web. The above is one I found which
covers the basics. The sections 1 through 4 of "Getting started" are the
most important. There is one thing not mentioned in the above tutorial:
since this is for your computer, you can modify the file,
/etc/ssh/sshd_config, not to accept passwords and restart sshd.
# Some lines from /etc/sshd_config
PasswordAuthentication no
AlloweUsers sk8
# End listing
Refer to the manual for all options: man sshd_config
Also, I assume that you will be setting up between two of your boxes:
Laptop (at variable ip) <-> Desktop (at fixed ip)
Presumably, you setup keys on each device as explained in the article.
That way, you can network between the two computers. And it is obvious
that both devices would benefit from using an iptables firewall for
protection.
--
Douglas Mayne
.
- Prev by Date: Re: Close to giving up on Linux...
- Next by Date: Re: hdd problem - modprobe:can't locate module block-major-3?
- Previous by thread: MyTV and H.264 HDTV (1080p) playback
- Next by thread: Re: Questions on some wierd /var/log entries
- Index(es):
Relevant Pages
|
