Back to Newsletters
KEYWORDS=ssh, iptables, security, issue, telemarketing, lpd, DAVROM CONSULTING Newsletter - Issue # 31 - Dated: Wed Apr 26 23:27:52 EST 2006
From the desk of David Clark
2006, busy, busy busy....
We have just completed our version 1.0 of a newsletter database system
that lets you add contacts/recipients to a database via web browser and send
simple text e-mail along with file attachments to those in the database.
Please have a look at:
There's just no limit to what you can do with PHP interfacing with the
shell environment in UNIX/Linux.
Support has been UNIX/Linux/Cyberguard as usual. The war on spam
continues and the latest version of Spamassassin is quite a good tool to
tone down the number of rubbish e-mails users receive. Server SCO/Linux
upgrades and installs have been quite popular in the last few months and
I am now running Fedora Core 5 on my desktop - excellent.
I would like to thank the reader for their time in reading this newsletter.
When they made UNIX, they broke the mold.
ssh Security Issue
The use of ssh for remote 'telnet' like access to Linux/UNIX servers from
a LAN/WAN or via the Internet has made the comms between the remote
session and the server safe and secure - well at least the information
passing over the remote session is secure.
You can use secure private keys setup at both ends to tell ssh on the server
(sshd) to only allow secure connections from the remote login user
provided the private keys match (key setup is not covered in this article).
But what I have found is that despite the secure nature of a ssh connection,
it doesn't stop the high number of attempts hackers use to gain ssh
sessions into Internet servers. Hackers will still try to break into a
system via port 22 (ssh/sshd) and guess the passwords on user accounts -
and on most servers ssh port 22 is left open for access.
If you run the command:
grep sshd /var/log/secure
on a Linux server or:
grep sshd /var/adm/syslog
on a SCO server, you may find hacker attempts that look like the lines
Apr 20 08:25:12 mail sshd: Illegal user bart from x.x.x.x
Apr 20 08:25:15 mail sshd: Failed password for root from x.x.x.x port
Apr 20 08:25:15 mail sshd: Illegal user ben from x.x.x.x
Apr 20 08:25:18 mail sshd: Illegal user beny from x.x.x.x
Apr 20 08:25:19 mail sshd: Failed password for root from x.x.x.x port
Apr 20 08:25:24 mail sshd: Failed password for root from x.x.x.x port
If you have fixed IP addresses at both ends you can opt to create secure
private keys for login accounts. Another option is to move the incoming
port 22 to another port number. This requires changing a rule on your
firewall to point traffic coming in on say 10022, or 9922, to port 22.
While this won't stop hacking attempts completely, it removes the
obviousness of port 22 being open.
If you are running a server that DAVROM has set up you will most likely
find that we have implemented a firewall rule on the Linux server itself
using iptables to only accept incoming port 22 traffic from ourselves and
any other party that needs this access.
ssh - could be time to check you are not having hacker attempts.
I was recently contacted by a tele-marketer wanting to sell me Microsoft
solutions, or at least appraise what DAVROM was doing with regards to
running our mission critical business on Microsoft.
What I was amuzed by was when I told them that DAVROM runs all its
business solutions on SCO and Linux - and I tended that Microsoft was
used sometimes for Office and games (like "Age of Kings"), but nothing
relied on Microsoft in our business. It took me a good minute to get them
to realise that they couldn't sell me anything as I don't use Microsoft.
My conversation with the tele-marketer reminds me of something I noticed
when I went to SCO Forum in 1996 and 1997. Meeting many different industry
people I was amazed by the high number of Novell and Apple
specialists/supporters represented there along with all the UNIX specialists
(after all it was a UNIX forum) - and that Microsoft was "only one" of those
represented, not "the one".
It amazed me then, as now, how we have the general perception that Microsoft
is the main player in the I.T industry here - which clearly isn't the
Stale files in lpd - sometimes you can end up with some stale old files
in the lpd printer directories. When a print job is generated it normally
creates three files that are the data and command instructions for the
actual print job. For external reasons (hard disk full, comms failure,
unhappy software) these three files, particularly the data file, can hang
around and over time clutter up disk space.
To remote these older files you need to check the contents of the printer
directory itself. Say we have a printer called hplaser and we want to
clean out any of its old log files.
Firstly we need to change to the printers spool directory with:
and then list the directory with "ls -l". We are looking for three files
that have the same ID number so you may see something similar to:
-rw------- 1 lp lp 176 Apr 22 13:11 cfA405davrom -rw------- 1 lp lp 12333415 Apr 22 13:11 dfA405davrom -rw------- 1 lp lp 593 Apr 22 14:51 hfA405These are old files that are no longer in the print queue but for some
reason have become stuck - jobs are normally deleted out at completion of
a print task. Please exercise caution that you don't delete a current print
job which will of course have the current date/time on it.
To remove the old stale files above you would execute:
rm -f ?fA405*
rm -f *fA405*
Back to Newsletters
Website design by Davrom Consulting Pty Ltd
This site is fully tested with Google Chrome and Firefox web bowsers
Home Page | Support | Misc | David's Pages | Podcasts | Contact Us | Blog