Looking to limit SSH brute force connections

On Fri, 7 Aug 2009, Darren Reed wrote: >>> Wouldn't it be better if sshd was able to make some function >>> call and tell something about those repeated login failures? >>> And then if there was some way to instruct that to manage >>> things like pools of bad IP addresses in IPFilter? >>> >> >

Problem with pfexec and Privileges after upgrade 114->117->119

--On 8/7/09 4:41 PM -0700 Scott Rotondo sent: > Glenn Faden wrote: >> Aric Gregson wrote: >>> On 8/7/09 2:18 PM, Glenn Faden wrote: Please verify that Primary Administrator is still /etc/security/prof_attr. >>> Actually, no. Why not?? >> Good question. I suspect it is related to the new

Problem with pfexec and Privileges after upgrade 114->117->119

Glenn Faden wrote: > Aric Gregson wrote: >> On 8/7/09 2:18 PM, Glenn Faden wrote: >>> Please verify that Primary Administrator is still >>> /etc/security/prof_attr. >> Actually, no. Why not?? > Good question. I suspect it is related to the new SMF service, > svc:/system/rbac. This is supposed to

Problem with pfexec and Privileges after upgrade 114->117->119

On 8/7/09 4:23 PM, Glenn Faden wrote: > Aric Gregson wrote: >> On 8/7/09 3:20 PM, Glenn Faden wrote: >>> Aric Gregson wrote: On 8/7/09 2:18 PM, Glenn Faden wrote: > Please verify that Primary Administrator is still > /etc/security/prof_attr. Actually, no. Why not?? >>> Good ques

Problem with pfexec and Privileges after upgrade 114->117->119

Aric Gregson wrote: > On 8/7/09 3:20 PM, Glenn Faden wrote: >> Aric Gregson wrote: >>> On 8/7/09 2:18 PM, Glenn Faden wrote: Please verify that Primary Administrator is still /etc/security/prof_attr. >>> Actually, no. Why not?? >> Good question. I suspect it is related to the new SMF se

Problem with pfexec and Privileges after upgrade 114->117->119

On 8/7/09 3:52 PM, Scott Rotondo wrote: > In the meantime, you can fix this problem by putting back the line > that used to be there: > >> % cat /etc/security/exec_attr | grep "Primary" >> Primary Administrator:suser:cmd:::*:uid=0;gid=0 > > Make sure there is a Primary Administrator line in > /et

Problem with pfexec and Privileges after upgrade 114->117->119

Aric Gregson wrote: > On 8/7/09 1:56 PM, Valerie Bubb Fenwick wrote: >> >> what do you see when this fails? can you show us an actual >> example of trying to run "pfexec "? > Examples include: > > % pfexec gedit /var/share/lxde/openbox/menu.xml -> cannot save changes > on file > -rw-r--r-- 1 ro

Problem with pfexec and Privileges after upgrade 114->117->119

On 8/7/09 3:20 PM, Glenn Faden wrote: > Aric Gregson wrote: >> On 8/7/09 2:18 PM, Glenn Faden wrote: >>> Please verify that Primary Administrator is still >>> /etc/security/prof_attr. >> Actually, no. Why not?? > Good question. I suspect it is related to the new SMF service, > svc:/system/rbac.

Problem with pfexec and Privileges after upgrade 114->117->119

On 8/7/09 1:56 PM, Valerie Bubb Fenwick wrote: > > what do you see when this fails? can you show us an actual > example of trying to run "pfexec "? Examples include: % pfexec gedit /var/share/lxde/openbox/menu.xml -> cannot save changes on file -rw-r--r-- 1 root bin 3.2K Aug 4 11:4

Problem with pfexec and Privileges after upgrade 114->117->119

Aric Gregson wrote: > On 8/7/09 2:18 PM, Glenn Faden wrote: >> Please verify that Primary Administrator is still >> /etc/security/prof_attr. > Actually, no. Why not?? Good question. I suspect it is related to the new SMF service, svc:/system/rbac. This is supposed to merge existing entries with

Looking to limit SSH brute force connections

On Thu, 6 Aug 2009, Darren Reed wrote: >Wouldn't it be better if sshd was able to make some function >call and tell something about those repeated login failures? >And then if there was some way to instruct that to manage >things like pools of bad IP addresses in IPFilter? Darren, do you

Problem with pfexec and Privileges after upgrade 114->117->119

On 8/7/09 2:18 PM, Glenn Faden wrote: > Please verify that Primary Administrator is still > /etc/security/prof_attr. Actually, no. Why not??

Problem with pfexec and Privileges after upgrade 114->117->119

aric wrote: > I am wondering if there is a bug? > > % cat /etc/security/exec_attr | grep "Primary" > Primary Administrator:suser:cmd:::*:uid=0;gid=0 > > # usermod -P'Primary Administrator' mylogin > UX: usermod: ERROR: Primary Administrator is not a valid profile name. > Choose another. > > % id

Problem with pfexec and Privileges after upgrade 114->117->119

HI Aric - what do you see when this fails? can you show us an actual example of trying to run "pfexec "? I thought I had a problem with profiles on my machine, but it turns out I was trying to pfexec from a directory that was only readable by me (not the super user), which caused problems for the

Looking to limit SSH brute force connections

ciated functionality generally useful. At present, it is very hard to use the audit functionality in [Open]Solaris. I'd like to see that changed. Darren -- next part -- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/security-discuss/attachments/20090807/24ee1007/attachment.html>

Problem with pfexec and Privileges after upgrade 114->117->119

I am wondering if there is a bug? % cat /etc/security/exec_attr | grep "Primary" Primary Administrator:suser:cmd:::*:uid=0;gid=0 # usermod -P'Primary Administrator' mylogin UX: usermod: ERROR: Primary Administrator is not a valid profile name. Choose another. % id -a uid=100(mylogin) gid=100(m

Looking to limit SSH brute force connections

Jan Pechanec wrote: > On Thu, 6 Aug 2009, Darren Reed wrote: > > >> Wouldn't it be better if sshd was able to make some function >> call and tell something about those repeated login failures? >> And then if there was some way to instruct that to manage >> things like pools of bad IP addresses i