port knocking with knockd
Hello. I'm trying to enable port knocking with `knockd'. I configured `/etc/knockd.conf': (I changed the default ports.) [options] UseSyslog [openSSH] sequence= 7000,8000,9000 seq_timeout = 5 command = /sbin/iptables -A INPUT -I 6 -p tcp --dport 22 -j ACCEPT tcpflags= syn cmd_timeout = 25 [closeSSH] sequence= 9000,8000,7000 seq_timeout = 5 command = /sbin/iptables -D INPUT -p tcp --dport 22 -j ACCEPT tcpflags= syn Then `/etc/default/knockd': START_KNOCKD=1 And started the daemon via `sudo /etc/init.d/knockd start' BTW, I have the following line in `iptables': -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT I don't have a physical access to the machine. So I decided to keep the rule and close it from a client: client$ knock 9000 8000 7000 Unfortunately, I still can connect to the SSH port. Did I make a mistake somewhere? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/38781.150.254.37.193.1358395695.squir...@lavabit.com
Re: How do you read logs?
I've read several threads about Logwatch. Many people say it's very annoying. I think I'll stick with `by hand' approach. Anyway, it's not convenient to use `more'. I'd like to try `grep' instead, but I don't know the right words (like `Exim exploded' for `/var/log/mail.log' or `PWN3D' for `/var/log/auth.log'). Is there a list? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1262.216.243.58.198.1356703660.squir...@lavabit.com
How to check what ports are filtered on a public network?
Hello. Some public networks don't allow to connect to port 25 or forbid non-http traffic. How to check what ports are filtered/blocked? I think it can be done with nmap, but I have never used it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/17031.194.150.168.162.1356476256.squir...@lavabit.com
How do you read logs?
Hello. There are a lot of `possible break-in attempts' messages in my logs. So it's hard to read them `by hand' (with last or more). How do you read yours? Do you use any log analyzers? Which ones? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/10715.194.150.168.162.1356476132.squir...@lavabit.com
warning:xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
Hello. I'm getting `warning:xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms' (/var/log/mail.log) and `fatal: no SASL authentication mechanisms' (/var/log/mail.err) in Squeeze. Installed: postfix: 2.7.1-1+squeeze1 libsasl2-2: 2.1.23.dfsg1-7 libsasl2-modules: 2.1.23.dfsg1-7 sasl2-bin: 2.1.23.dfsg1-7 What can I do to fix this? There is a related bug report: http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/2011-August/002198.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/41078.173.254.216.68.1354654937.squir...@lavabit.com