Allegro.cc - Online Community

Allegro.cc Forums » Off-Topic Ordeals » [Linux/UNIX] Configure /etc/sudoers to ask for password only on some command

Credits go to CGamesPlay for helping out!
This thread is locked; no one can reply to it. rss feed Print
 1   2 
[Linux/UNIX] Configure /etc/sudoers to ask for password only on some command
LennyLen
Member #5,313
December 2004
avatar
Posted on 01/06/2007 11:12 AM   View Profile
Quote:

Jan 5 18:41:07 derek sshd[18880]: Failed password for james from 127.0.0.1 port 40283 ssh2

:D

James Stanley
Member #7,275
May 2006
avatar
Posted on 01/06/2007 11:12 AM   View Profile

I disabled root logins the second I read my log. I now only allow logins by james. I emailed the ISP of the 61 address and hopefully they'll stop his connection. I couldn't get in touch with the other.

If you want to disable root logins it is 'PermitRootLogin no'

There is also,

AllowUsers user1 user2 etc
AllowGroups group1 group2 etc
DenyUsers user1 user2 etc
DenyGroups group1 group2 etc

EDIT:

Quote:

Quote:

Jan 5 18:41:07 derek sshd[18880]: Failed password for james from 127.0.0.1 port 40283 ssh2

I should have removed that one before posting... :)

I was testing the email activation thing and I typed my password wrong :)

LennyLen
Member #5,313
December 2004
avatar
Posted on 01/06/2007 11:15 AM   View Profile
Quote:

I emailed the ISP of the 61 address and hopefully they'll stop his connection.

Unforunately, it's quite possible that's just a proxy server address.

James Stanley
Member #7,275
May 2006
avatar
Posted on 01/06/2007 11:17 AM   View Profile

Oh yeah... I hadn't thought of that.

Evert
Member #794
November 2000
avatar
Posted on 01/06/2007 11:26 AM   View Profile
Quote:

I disabled root logins the second I read my log.

I personally think you're being paranoid, but disallowing remote root logins is usually a good idea regardless.

Quote:

I now only allow logins by james.

I guess I'm lucky that many ofthe "obvious" user names don't exist on my system. :)

Quote:

I emailed the ISP of the 61 address and hopefully they'll stop his connection.

It's quite possible that it traces back to a hijacked computer as well, in which case you have the wrong guy.

Quote:

If you want to disable root logins it is 'PermitRootLogin no'

I know; I want to disable su and sudo except from users (well, me) that are logged in locally (ie, not remotely).

I used to get this once or twice per day a while back; at first I found it disturbing and unnerving (and it is annoying), but if you keep your system reasonably up to date and don't have any dodgy security holes (like activating the sshd daemon through e-mail ;)) you shouldn't have anything to worry about. :)

Thomas Fjellstrom
Member #476
June 2000
avatar
Posted on 01/06/2007 11:57 AM   View Profile

It can also help to have your firewall set to drop certian types of connections, like just the "ACK" part.. Well I mean, many scanners only ask to see if a port is open, and don't actually try and open it, its this type of check you can block to make it look like open ports really aren't open.

The only scans I see these days are lame NSBIOS/SMB crap.

--
Thomas Fjellstrom - [website] - [email] - [Allegro Wiki] - [Allegro TODO]
"If you can't think of a better solution, don't try to make a better solution." -- weapon_S
"The less evidence we have for what we believe is certain, the more violently we defend beliefs against those who don't agree" -- https://twitter.com/neiltyson/status/592870205409353730

 1   2 


Go to: