Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-28-2006, 03:13 PM
|
#1
|
LQ Newbie
Registered: Nov 2006
Posts: 10
Rep:
|
My Linux reborn old configurations
Hi all
I have getting some strange behavior on my linux server. I change some default configurations but they reborn after some time or when i reboot! I have insisted, but the old configuration come back again! Being more specific:
Problem 1)
I have setup the SSH server, edited "/etc/ssh/ssdd_config" and changed the line "PermitRootLogin without-password" to "PermitRootLogin yes", to enable root login through SSH and SFTP, but the old configuration reborn after some time.
I have done it through the KDE interface and also editing the file with vi but the results are the same!
Problem 2)
I have created a directory "www" under "/home" to hold a test site, called /home/www. It appears like that:
"drwx------ 4 root root 1024 Dec 14 23:39 www/"
In order to be able to browse the directory and write things on in with another login besides root, I changed the group and permissions to the following:
"drwxrwxr-- 4 root apache 1024 Dec 14 23:39 www/"
But again after some while linux resets the permissions for group and other to the following:
"drw------ 4 root apache 1024 Dec 14 23:39 www/"
I am using Mandriva 2007 and have set the security level to higher!
Why is that happening? Any one can give me a help?
best regards and a best 2007 year for all
Antonio
Last edited by af465; 12-28-2006 at 03:15 PM.
|
|
|
12-28-2006, 03:45 PM
|
#2
|
Member
Registered: Dec 2002
Location: Los Angeles
Distribution: Debian
Posts: 72
Rep:
|
I've never used Mandriva, but what if you change the Security level lower. Does the problem still exist?
You say it happens after some time, is it minutes, hours or days?
I'd check /etc/crontab and see if there are any scheduled jobs that may do a "security" sweep.
|
|
|
12-29-2006, 12:02 PM
|
#3
|
LQ Newbie
Registered: Nov 2006
Posts: 10
Original Poster
Rep:
|
Hello bitva
I am not sure but i think i always did notice that problem only on the day after!
The contents of crontab and related files are as follows:
Quote:
cat /etc/crontab
----------
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
02 4 * * * root nice -n 19 run-parts --report /etc/cron.daily
22 4 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
42 4 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
|
Quote:
ls -l /etc/cron.hourly
----------
total 0
lrwxrwxrwx 1 root root 14 Dec 11 04:07 msec -> /usr/sbin/msec*
cat /usr/sbin/msec
----------
(the file is empty)
|
Quote:
ls -l /etc/cron.daily
----------
total 6
-rwxr-xr-x 1 root root 1024 Jul 28 11:27 certwatch*
-rwxr-xr-x 1 root root 180 May 22 2006 logrotate*
-rwxr-xr-x 1 root root 402 Sep 16 17:52 makewhatis.cron*
lrwxrwxrwx 1 root root 27 Dec 11 04:07 msec -> /usr/share/msec/security.sh*
-rwxr-xr-x 1 root root 118 Nov 6 20:10 rpm*
-rwxr-xr-x 1 root root 101 Sep 6 21:19 tetex.cron*
-rwxr-xr-x 1 root root 403 Jun 29 2006 tmpwatch*
cat /etc/cron.daily/certwatch
----------
#!/bin/sh
#
# Issue warning e-mails if SSL certificates expire, using
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
# to disable.
#
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
# Use configured httpd binary
HTTPD="/usr/sbin/httpd"
CONF="/etc/httpd/conf"
EMAIL="`egrep '^ServerAdmin' $CONF/httpd.conf | awk '{print $2}'`"
# Sanity checks
test -z "${NOCERTWATCH}" || exit 0
test -x $HTTPD || exit 0
test -r $CONF/httpd.conf || exit 0
test -x /usr/sbin/certwatch || exit 0
test -x /usr/sbin/sendmail || exit 0
DEFINE=`/etc/rc.d/init.d/httpd show_defines`
certs=`$HTTPD -t -f $CONF/httpd.conf $DEFINE -DDUMP_CERTS 2>/dev/null`
RETVAL=$?
test $RETVAL -eq 0 || exit 0
for c in $certs; do
# Check whether a warning message is needed, then issue one if so.
/usr/sbin/certwatch -q "$c" &&
/usr/sbin/certwatch "$c" "$EMAIL" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
done
# because certwatch does exit 1 on a valid cert, force exit 0 here so cron
# doesn't think there are errors
exit 0
cat /etc/cron.daily/logrotate
----------
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
cat /etc/cron.daily/makewhatis.cron
----------
#!/bin/bash
LOCKFILE=/var/lock/makewhatis.lock
# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "rm -f $LOCKFILE" EXIT
touch $LOCKFILE
makewhatis -u -w
exit 0
cat /usr/share/msec/security.sh
----------
(the file is empty)
cat /etc/cron.daily/rpm
----------
#!/bin/sh
/usr/bin/rpmquery -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' 2>&1 \
| sort > /var/log/rpmpkgs
cat /etc/cron.daily/tetex.cron
----------
#!/bin/bash
# Remove and TeX fonts not used in 90 days
/usr/sbin/tmpwatch 2160 /var/lib/texmf
exit 0
cat /etc/cron.daily/tmpwatch
----------
#!/bin/sh
[ -f /etc/sysconfig/tmpwatch ] && . /etc/sysconfig/tmpwatch
/usr/sbin/tmpwatch $TMPWATCH_EXCLUDES 240 /tmp /var/tmp
[ -f /etc/sysconfig/i18n ] && . /etc/sysconfig/i18n
if [ -d /usr/share/man/$LANG/ ] && [ -d /var/catman/$LANG/ ]; then
/usr/sbin/tmpwatch -f 240 /var/catman/{X11R6/cat?,cat?,local/cat?,$LANG/cat?}
else
/usr/sbin/tmpwatch -f 240 /var/catman/{X11R6/cat?,cat?,local/cat?}
fi
|
Quote:
ls -l /etc/cron.weekly
----------
total 2
-rwxr-xr-x 1 root root 399 Sep 16 17:52 makewhatis.cron*
-rwxr-xr-x 1 root root 54 Sep 19 09:42 slocate.cron*
cat /etc/cron.weekly/makewhatis.cron
----------
#!/bin/bash
LOCKFILE=/var/lock/makewhatis.lock
# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "rm -f $LOCKFILE" EXIT
touch $LOCKFILE
makewhatis -w
exit 0
cat /etc/cron.weekly/slocate.cron
----------
#!/bin/sh
nice --adjustment=+19 /usr/bin/slocate -u
|
Quote:
ls -l /etc/cron.monthly
----------
total 0
|
regards
Antonio
|
|
|
All times are GMT -5. The time now is 10:42 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|