Re: [CentOS] What is bind97 and what are the differences to bind

[Banyan He]

Just some different versions. Here you go,

bind.x86_64 30:9.3.6-20.P1.el5_8.5   base

bind97.x86_64 32:9.7.0-17.P2.el5   base

As you can see, bind is 9.3.6-20.P1, and bind97 is 9.7.0-17.P2.


Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com

On 4/5/2013 11:01 AM, Jobst Schmalenbach wrote:
> Hi,
>
> sorry if this has been covered, I searched google for this but can't find an 
> answer (maybe I am trying the incorrect search terms).
>
> What is bind97?
> What are the differences between bind97 and bind?
>
>
>
> thanks
> Jobst
>
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] What is bind97 and what are the differences to bind

[Jobst Schmalenbach]

Hi,

sorry if this has been covered, I searched google for this but can't find an 
answer (maybe I am trying the incorrect search terms).

What is bind97?
What are the differences between bind97 and bind?



thanks
Jobst


-- 
Fortune: No such file or directory.

  | |0| |   Jobst Schmalenbach, jo...@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UIDs different [SOLVED]

[m . roth]

m.r...@5-cent.us wrote:
> m.r...@5-cent.us wrote:
>> Odd problem. Two 6.4 boxes, and a user's home directory is automounted.
>> /etc/passwd are identical... but once mounted on the other server, if we
>> su - to that user, what we see is an old UID of his, from a while back
>> (years?),  while on the home directory server, it's the current, correct
>> UID.
>>
>> Anyone have ideas?
>
> Please note that this *may* be occurring with one or two other folks, but
> doesn't affect the dozens and dozens of the rest.

The three of us got together, and it *seems* to be solved: I noticed that
the system had been up for 114 days, long before we started changing UIDs;
nfsidmap -c was the answer, to clear the cache.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UIDs different

[m . roth]

m.r...@5-cent.us wrote:
> Odd problem. Two 6.4 boxes, and a user's home directory is automounted.
> /etc/passwd are identical... but once mounted on the other server, if we
> su - to that user, what we see is an old UID of his, from a while back
> (years?),  while on the home directory server, it's the current, correct
> UID.
>
> Anyone have ideas?

Please note that this *may* be occurring with one or two other folks, but
doesn't affect the dozens and dozens of the rest.

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] UIDs different

[m . roth]

Odd problem. Two 6.4 boxes, and a user's home directory is automounted.
/etc/passwd are identical... but once mounted on the other server, if we
su - to that user, what we see is an old UID of his, from a while back
(years?),  while on the home directory server, it's the current, correct
UID.

Anyone have ideas?

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Using "root" Type User Via Forwarding-SSH-Tunnel Inside Non-Root SSH Connection

[Nicolas Thierry-Mieg]

Bry8 Star wrote:
> Hi,
> QUESTION:
> what implications are there when using the "root" or a root type of
> account via a port-forwarding ssh-tunnel inside (or on top of)
> another non-root type of user's ssh-tunnel ?
>
> Is such double layer of encryption brings more security or system
> still vulnerable same as single layer of SSH encryption ?
>

>
> QUESTION:
> what is/are better practice(s) (to secure CentOS server related to
> SSH) ?
>
> QUESTION/Possible-SOLUTION:
> Should i remove the "root@127.0.0.1" from "AllowUsers" and add
> "PermitRootLogin no" line in /etc/sshd_config file ?

your current setup is a bit complex, I can't comment on whether it gains 
you anything compared to direct ssh connection as whatever user you need 
to be (not root), and relying on sudo to elevate your admin user's 
privileges.
But yes I would recommend disabling root login, and using only keys if 
you can (ie disabling passwords).
This could be a useful read:
http://wiki.centos.org/HowTos/Network/SecuringSSH
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6: tcp-wrapping pop3?

[Max Pyziur]

On Mon, 1 Apr 2013, Eero Volotinen wrote:

> http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers

Much thanks for the link; there is this one also:
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)

> so, I think that process name is pop3. remember to check that dovecot is
> compiled to support tcp wrappers.

Actually, the process is dovecot:
root@brill ~> lsof -i | grep dovecot
COMMAND PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
dovecot3056 root   19u  IPv4 49213594  0t0  TCP *:pop3 
(LISTEN)
dovecot3056 root   20u  IPv6 49213595  0t0  TCP *:pop3 
(LISTEN)
dovecot3056 root   28u  IPv4 49213620  0t0  TCP *:imap 
(LISTEN)
dovecot3056 root   29u  IPv6 49213621  0t0  TCP *:imap 
(LISTEN)

So, in hosts.deny you would put
dovecot: xxx.xxx.xxx.xxx

However going back to the links above, I'm concerned in making the 
configuration correctly.

If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf

Then everything accessing ports controlled by dovecot (and open by 
iptables) is blocked.

So my question relates to the second part of the configuration examples in 
the links above:

service tcpwrap {
   unix_listener login/tcpwrap {
 group = $default_login_user
 mode = 0600
 user = $default_login_user
   }
}

Where does this code get placed (in dovecot.conf or in one of the files in 
/etc/dovecot/conf.d)?

And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf

Should that line be uncommented?

Thanks.


> Eero

Max Pyziur
p...@brama.com

> 2013/3/31 Max Pyziur 
>
>>
>> Greetings,
>>
>> Per the subject line, how does pop3 get tcp-wrapped when using dovecot?
>>
>> More specifically, when blocking email and (still) using sendmail, entries
>> in /etc/hosts.deny look something like:
>> sendmail: xxx.xxx. etc (depending on the depth/degree)
>>
>> for vsftpd it's
>> vsftpd: xxx.xxx (where the x's are parts of an octet)
>>
>> for sshd it's
>> sshd: xxx.xxx
>>
>> for pop3/dovecot it's?
>> : xxx.xxx
>>
>> I'm concerned about what is to the left of the colon (":"), not to the
>> right.
>>
>> Is it a dovecot.conf configuration also?
>>
>> Much thanks,
>>
>> Max Pyziur
>> p...@brama.com
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Using "root" Type User Via Forwarding-SSH-Tunnel Inside Non-Root SSH Connection

[Bry8 Star]

Hi,
QUESTION:
what implications are there when using the "root" or a root type of
account via a port-forwarding ssh-tunnel inside (or on top of)
another non-root type of user's ssh-tunnel ?

Is such double layer of encryption brings more security or system
still vulnerable same as single layer of SSH encryption ?

DETAILS:

In CentOS (6.3 & 6.4) server side i have done these:
(1) Created a user named "administrator". Then by using visudo
command, i allowed "administrator" to have higher level of access &
permission, similar/close to the "root" user, (not exactly same though).
http://wiki.centos.org/TipsAndTricks/BecomingRoot
(Basically this "administrator" user has maintenance related
software running privilege).

(2) Created a user named "non-root", a standard/normal user.

(3) In /etc/ssh/sshd_config file i have modified the default
configurations into this:
# File: /etc/ssh/sshd_config
port NNN10
protocol 2
SyslogFacility AUTHPRIV
AllowUsers non-root root@127.0.0.1 administrator@127.0.0.1
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
Banner /etc/issue.net
Subsystem sftp /usr/libexec/openssh/sftp-server
# End of File: /etc/ssh/sshd_config

Above config allows only "non-root" user to connect with CentOS
server from internet. And "administrator" or "root" can must/only
connect using local ip address 127.0.0.1.

In /etc/issue file and in /etc/issue.net file i have placed such
text info:
***
 NOTICE / WARNING TO USERS
 * This computer system is private
   property of its owner, Bry8Star.
 * This message is shown from
   hostname.sld.tld
 * It is for AUTHORIZED use only.
   Any unauthorized or improper
   use of this system will result
   in CIVIL and CRIMINAL PENALTIES
   ...
 * ...
 * Your connection IP ADDRESS,
   PORT, and TIME info etc are
   recorded by this computer.
***

In /etc/profile file, i have placed these below 13 lines just above
the "unset i" line, at bottom side:
if [ -n "$SSH_CLIENT" ]
then
set $SSH_CLIENT
echo "Your current connection coming from IP Address $1 using port
$2, to this computer."
else
if [ -n "$SSH_CONNECTION" ]
then
set $SSH_CONNECTION
echo "Your current connection coming from IP Address $1 using 
port
$2, to this computer."
else
echo "Your current connection's IP Address & port could not be
shown for now."
fi
fi

In /etc/profile.local file, i have placed these below 13 lines at
bottom side:

if [ -n "$SSH_CLIENT" ]
then
set $SSH_CLIENT
echo "You have connected from IP Address $1 using port $2"
else
if [ -n "$SSH_CONNECTION" ]
then
set $SSH_CONNECTION
echo "You have connected from IP Address $1 using port $2"
else
echo "User's IP Address could not be shown"
fi
fi

Above codes allow me to see what IP:port is currently being used.
And after login opensshd by default shows last/previous connection's
IP-address or reverse-domain. This helps to see instantly which IP
is being used right now or who is attempting to login in simple way.
Ofcourse log can show more detailed info.

And in client side (user side), i'm using PuTTY or PuTTY based or
other SSH client software, with such configurations:

SSH-client software has 3 connection profiles.

The "ssh-client-01" connection ssh-profile is configured for regular
user "non-root", and connects to ip.address.numbers:port
(hostname.sld.tld:NNN10) (sld = 2nd level domain, tld = top level
domain). This connection profile is also configured to create one
encrypted port-forwarding tunnel through the SSH-tunnel: where,
local port NNN11, is port-forwarded, to the (local-)port NNN10
inside CentOS server (hostname.sld.tld).

The "ssh-client-02" connection ssh-profile is configured for user
"administrator", and connects to local ip address 127.0.0.1 on port
NNN11 (127.0.0.1:NNN11). This connection profile itself has no
port-forwarding tunnels. It uses the forwarding-tunnel of
"ssh-client-01" to create SSH-tunnel, toward the ssh-server port
NNN10 of CentOS server.

The "ssh-client-03" connection ssh-profile is configured with user
"root", and connects to local ip address 127.0.0.1 on port NNN11
(127.0.0.1:NNN11). This connection profile itself has no
port-forwarding tunnels. It uses the forwarding-tunnel of
"ssh-client-01" to create SSH-tunnel, toward the ssh-server port
NNN10 of CentOS server.

I first connect with CentOS server using "ssh-client-01", then i
connect again with CentOS server using the "ssh-client-02".

In this way "ssh-client-02" (for "administrator"