LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-17-2002, 03:37 PM   #1
fweaver
LQ Newbie
 
Registered: Dec 2002
Location: Phoenix, Arizona
Distribution: Mandrake 8.1, Red Hat 7.0
Posts: 14

Rep: Reputation: 0
Question Strange console messages


I have a mail server running Red Hat 7.0 and CommuniGate Pro. I recently had to re-install Linux due to a serious crash in which I could not logon as root. When I rebooted the system would hang at the Freeing excess Kernel Memory. Now that the system is up and running I am receiving the strange messages on the console as follows:

lockd: connection from unprivileged port: 200.194.103.81:2048<4>
lockd: accept failed (err 11)!
lockd: accept failed (err 11)!
Net4: Linux IPX 0.38 for Net4.0
IPX Portions Copyright (c) 1995 Caldera Inc.
Net4: Appletalk 0.18 for Linux Net4.0
eth0 Promiscuous Mode enabled

NFS is of course loaded by the default install of Linux but I am not using it. It is used as a CommuniGate mail server only. Are the outside attempts to hack the box, or general messages of passing traffic? How do you turn off promiscuous mode on an ethernet card from Linux?

Thanks
Frank Weaver
 
Old 12-17-2002, 05:08 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,519
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
If you don't need NFS, then disable it, and that goes for every service you don't need. If you don't have business with the host you mentioned, I'd accept the traffic from that host as a probe. Time to tighten security. Promiscuous mode is usually set using a libpcap tool like a sniffer (tcpdump for instance) or an IDS (Snort): "ifconfig <device> -promisc" or add a line "PROMISC="no"" to your /etc/sysconfig/ifcfg-<device>.

I'll unload the usual security reference list here, hope it helps you:
Basic references:
- AUSCERT UNIX Computer Security Checklist (Version 1.1) www.cert.org/tech_tips/AUSCERT_checklist1.1
- Steps for Recovering from a UNIX or NT System Compromise www.cert.org/tech_tips/root_compromise.html
In fact read the whole of http://www.cert.org/tech_tips/
- The CIT Computer Security Handbook: www.cit.nih.gov/security/handbook.html
- Aging stuff from Phrack, good to read back to be sure, like "Unix System Security Issues" www.fc.net/phrack/files/p18/p18-7.html
- SEI stuff like www.sei.cmu.edu/publications/lists.html handling IDS
- Intrusion Detection and Network Auditing on the Internet www.infosyssec.net/infosyssec/intdet1.htm

Top it off with some reading material on security:
- Security tips: www.cert.org/tech_tips/ and www.cert.org/security-improvement/, http://www.securityportal.com/resear...xsecurity.html
- Top ten vulnerabilities: www.sans.org/topten.htm and http://www.cert.org/present/cert-ove...ends/index.htm
- Firewalling: www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
- Securing Xwindows: http://www.uwsg.indiana.edu/usail/ex...d/xsecure.html

Basic Linux references:
http://www.sans.org/infosecFAQ/linux/linux_list.htm
- The SANS Reading room: Linux issues (used Google's cache),
- the LASG or Linux Administrator's Security Guide,
- Securing Optimizing Linux RH Edition(1),
- Linux Security HOWTO,
*Linuxsecurity.com have a Quickreference pdf card.
Post-Installation Security Procedures (Linuxjournal)
- Security Quick-Start HOWTO for Linux,
- The Linux-PAM System Administrators' Guide
- Armoring Linux,
- A Short Course on Systems Administration and Security Under Unix(1)
- SAG: The Linux System Administrator's Guide,
- Basics on firewalling: www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
- Basic introduction to building ipchains rules: www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
- Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
- Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
- The Iptables HOW-TO: http://people.unix-fu.org/andreasson/index.html
- LQ notes on Linksys security: http://www.linuxquestions.org/questi...007#post157007
- The Unix Auditor's Practical Handbook: http://www.nii.co.in/tuaph.html,
Neohapsis archives: http://www.neohapsis.com
Linux Gazette: http://www.linuxgazette.com
Experts exchange: http://www.experts-exchange.com
Linuxsecurity.com, SecurityFocus.com
Matt's Unix Security Page: http://www.deter.com/unix/
IRIA: http://www.ists.dartmouth.edu/IRIA/k...base/index.htm
E-secure-db Security Information database: http://www.e-secure-db.us/dscgi/ds.p...ollection-1586
eBCVG.com's security portal: http://www.ebcvg.com/info.php
Jay Beale's docs (Bastille-linux/CIS): http://www.bastille-linux.org/jay/se...icles-jjb.html
Snort: IDS Installation with Mandrake 8.2, Snort, Webmin, Roxen Webserver, ACID, MySQL: http://www.linux-tip.net/workshop/id.../ids-snort.htm
Snort: Database support FAQ: http://www.incident.org/snortdb/
How to Build, Install, Secure & Optimize Xinetd: http://www.openna.com/documentations...netd/index.php
Linuxmag: Hardening Linux Systems: http://www.linux-mag.com/2002-09/guru_01.html

Last edited by unSpawn; 12-17-2002 at 05:10 PM.
 
Old 12-18-2002, 07:21 PM   #3
fweaver
LQ Newbie
 
Registered: Dec 2002
Location: Phoenix, Arizona
Distribution: Mandrake 8.1, Red Hat 7.0
Posts: 14

Original Poster
Rep: Reputation: 0
Unspawn:
Thanks for the information, I will look into all these references.
 
Old 12-24-2002, 05:21 PM   #4
fweaver
LQ Newbie
 
Registered: Dec 2002
Location: Phoenix, Arizona
Distribution: Mandrake 8.1, Red Hat 7.0
Posts: 14

Original Poster
Rep: Reputation: 0
Cool

Unspawn:
Thanks again on the security information. I have, through the use of the information you provided, shut down NFS via the start/stop scripts located in /etc/rc.d/init.d. I also discovered and shut down telnet, finger, rlogin, etc. via the xinetd.d directory. Thanks again, after testing access from the internet, I feel that the system is more secure. Your information was very helpful.
 
Old 12-27-2002, 09:29 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,519
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Thnx for replying w your actions, it's always good to know the info is helpfull.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange messages in console kenneho Linux - Networking 6 08-12-2005 03:23 PM
Strange messages redneon Linux - General 16 08-10-2005 09:27 AM
Strange messages tuxunkhamon Linux - Wireless Networking 1 05-30-2005 10:49 AM
network - strange console messages on dmesg ganja_guru Linux - Software 4 01-18-2005 05:58 AM
Console Messages bfloeagle Linux - General 6 06-30-2001 02:41 PM


All times are GMT -5. The time now is 12:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration