Back to Newsletters KEYWORDS=ssh, iptables, security, issue, telemarketing, lpd, DAVROM CONSULTING Newsletter - Issue # 31 - Dated: Wed Apr 26 23:27:52 EST 2006 From the desk of David Clark 2006, busy, busy busy.... We have just completed our version 1.0 of a newsletter database system that lets you add contacts/recipients to a database via web browser and send simple text e-mail along with file attachments to those in the database. Please have a look at: http://www.davrom.com/newsletter There's just no limit to what you can do with PHP interfacing with the shell environment in UNIX/Linux. Support has been UNIX/Linux/Cyberguard as usual. The war on spam continues and the latest version of Spamassassin is quite a good tool to tone down the number of rubbish e-mails users receive. Server SCO/Linux upgrades and installs have been quite popular in the last few months and I am now running Fedora Core 5 on my desktop - excellent. I would like to thank the reader for their time in reading this newsletter. David.M.Clark UNIX Quote When they made UNIX, they broke the mold. ssh Security Issue The use of ssh for remote 'telnet' like access to Linux/UNIX servers from a LAN/WAN or via the Internet has made the comms between the remote session and the server safe and secure - well at least the information passing over the remote session is secure. You can use secure private keys setup at both ends to tell ssh on the server (sshd) to only allow secure connections from the remote login user provided the private keys match (key setup is not covered in this article). But what I have found is that despite the secure nature of a ssh connection, it doesn't stop the high number of attempts hackers use to gain ssh sessions into Internet servers. Hackers will still try to break into a system via port 22 (ssh/sshd) and guess the passwords on user accounts - and on most servers ssh port 22 is left open for access. If you run the command: grep sshd /var/log/secure on a Linux server or: grep sshd /var/adm/syslog on a SCO server, you may find hacker attempts that look like the lines below: Apr 20 08:25:12 mail sshd[8829]: Illegal user bart from x.x.x.x Apr 20 08:25:15 mail sshd[8831]: Failed password for root from x.x.x.x port 8368 ssh2 Apr 20 08:25:15 mail sshd[8834]: Illegal user ben from x.x.x.x Apr 20 08:25:18 mail sshd[8869]: Illegal user beny from x.x.x.x Apr 20 08:25:19 mail sshd[8861]: Failed password for root from x.x.x.x port 8375 ssh2 Apr 20 08:25:24 mail sshd[8871]: Failed password for root from x.x.x.x port 8388 ssh2 If you have fixed IP addresses at both ends you can opt to create secure private keys for login accounts. Another option is to move the incoming port 22 to another port number. This requires changing a rule on your firewall to point traffic coming in on say 10022, or 9922, to port 22. While this won't stop hacking attempts completely, it removes the obviousness of port 22 being open. If you are running a server that DAVROM has set up you will most likely find that we have implemented a firewall rule on the Linux server itself using iptables to only accept incoming port 22 traffic from ourselves and any other party that needs this access. ssh - could be time to check you are not having hacker attempts. Tele-marketer musing I was recently contacted by a tele-marketer wanting to sell me Microsoft solutions, or at least appraise what DAVROM was doing with regards to running our mission critical business on Microsoft. What I was amuzed by was when I told them that DAVROM runs all its business solutions on SCO and Linux - and I tended that Microsoft was used sometimes for Office and games (like "Age of Kings"), but nothing relied on Microsoft in our business. It took me a good minute to get them to realise that they couldn't sell me anything as I don't use Microsoft. My conversation with the tele-marketer reminds me of something I noticed when I went to SCO Forum in 1996 and 1997. Meeting many different industry people I was amazed by the high number of Novell and Apple specialists/supporters represented there along with all the UNIX specialists (after all it was a UNIX forum) - and that Microsoft was "only one" of those represented, not "the one". It amazed me then, as now, how we have the general perception that Microsoft is the main player in the I.T industry here - which clearly isn't the case. Tech Tip Stale files in lpd - sometimes you can end up with some stale old files in the lpd printer directories. When a print job is generated it normally creates three files that are the data and command instructions for the actual print job. For external reasons (hard disk full, comms failure, unhappy software) these three files, particularly the data file, can hang around and over time clutter up disk space. To remote these older files you need to check the contents of the printer directory itself. Say we have a printer called hplaser and we want to clean out any of its old log files. Firstly we need to change to the printers spool directory with: cd /var/spool/lpd/hplaser and then list the directory with "ls -l". We are looking for three files that have the same ID number so you may see something similar to: -rw------- 1 lp lp 176 Apr 22 13:11 cfA405davrom -rw------- 1 lp lp 12333415 Apr 22 13:11 dfA405davrom -rw------- 1 lp lp 593 Apr 22 14:51 hfA405These are old files that are no longer in the print queue but for some reason have become stuck - jobs are normally deleted out at completion of a print task. Please exercise caution that you don't delete a current print job which will of course have the current date/time on it. To remove the old stale files above you would execute: rm -f ?fA405* or rm -f *fA405* Back to Newsletters Website design by Davrom Consulting Pty Ltd This site is fully tested with Google Chrome and Firefox web bowsers Home Page | Support | Misc | David's Pages | Podcasts | Contact Us | Blog |