LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-28-2006, 03:13 PM   #1
af465
LQ Newbie
 
Registered: Nov 2006
Posts: 10

Rep: Reputation: 0
My Linux reborn old configurations


Hi all

I have getting some strange behavior on my linux server. I change some default configurations but they reborn after some time or when i reboot! I have insisted, but the old configuration come back again! Being more specific:

Problem 1)

I have setup the SSH server, edited "/etc/ssh/ssdd_config" and changed the line "PermitRootLogin without-password" to "PermitRootLogin yes", to enable root login through SSH and SFTP, but the old configuration reborn after some time.
I have done it through the KDE interface and also editing the file with vi but the results are the same!

Problem 2)

I have created a directory "www" under "/home" to hold a test site, called /home/www. It appears like that:
"drwx------ 4 root root 1024 Dec 14 23:39 www/"
In order to be able to browse the directory and write things on in with another login besides root, I changed the group and permissions to the following:
"drwxrwxr-- 4 root apache 1024 Dec 14 23:39 www/"
But again after some while linux resets the permissions for group and other to the following:
"drw------ 4 root apache 1024 Dec 14 23:39 www/"

I am using Mandriva 2007 and have set the security level to higher!

Why is that happening? Any one can give me a help?

best regards and a best 2007 year for all
Antonio

Last edited by af465; 12-28-2006 at 03:15 PM.
 
Old 12-28-2006, 03:45 PM   #2
bitva
Member
 
Registered: Dec 2002
Location: Los Angeles
Distribution: Debian
Posts: 72

Rep: Reputation: 15
I've never used Mandriva, but what if you change the Security level lower. Does the problem still exist?

You say it happens after some time, is it minutes, hours or days?

I'd check /etc/crontab and see if there are any scheduled jobs that may do a "security" sweep.
 
Old 12-29-2006, 12:02 PM   #3
af465
LQ Newbie
 
Registered: Nov 2006
Posts: 10

Original Poster
Rep: Reputation: 0
Hello bitva

I am not sure but i think i always did notice that problem only on the day after!

The contents of crontab and related files are as follows:

Quote:
cat /etc/crontab
----------
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
02 4 * * * root nice -n 19 run-parts --report /etc/cron.daily
22 4 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
42 4 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
Quote:
ls -l /etc/cron.hourly
----------
total 0
lrwxrwxrwx 1 root root 14 Dec 11 04:07 msec -> /usr/sbin/msec*

cat /usr/sbin/msec
----------
(the file is empty)
Quote:
ls -l /etc/cron.daily
----------
total 6
-rwxr-xr-x 1 root root 1024 Jul 28 11:27 certwatch*
-rwxr-xr-x 1 root root 180 May 22 2006 logrotate*
-rwxr-xr-x 1 root root 402 Sep 16 17:52 makewhatis.cron*
lrwxrwxrwx 1 root root 27 Dec 11 04:07 msec -> /usr/share/msec/security.sh*
-rwxr-xr-x 1 root root 118 Nov 6 20:10 rpm*
-rwxr-xr-x 1 root root 101 Sep 6 21:19 tetex.cron*
-rwxr-xr-x 1 root root 403 Jun 29 2006 tmpwatch*

cat /etc/cron.daily/certwatch
----------
#!/bin/sh
#
# Issue warning e-mails if SSL certificates expire, using
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
# to disable.
#

[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd

# Use configured httpd binary
HTTPD="/usr/sbin/httpd"
CONF="/etc/httpd/conf"
EMAIL="`egrep '^ServerAdmin' $CONF/httpd.conf | awk '{print $2}'`"

# Sanity checks
test -z "${NOCERTWATCH}" || exit 0
test -x $HTTPD || exit 0
test -r $CONF/httpd.conf || exit 0
test -x /usr/sbin/certwatch || exit 0
test -x /usr/sbin/sendmail || exit 0

DEFINE=`/etc/rc.d/init.d/httpd show_defines`
certs=`$HTTPD -t -f $CONF/httpd.conf $DEFINE -DDUMP_CERTS 2>/dev/null`
RETVAL=$?
test $RETVAL -eq 0 || exit 0

for c in $certs; do
# Check whether a warning message is needed, then issue one if so.
/usr/sbin/certwatch -q "$c" &&
/usr/sbin/certwatch "$c" "$EMAIL" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
done

# because certwatch does exit 1 on a valid cert, force exit 0 here so cron
# doesn't think there are errors
exit 0

cat /etc/cron.daily/logrotate
----------
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

cat /etc/cron.daily/makewhatis.cron
----------
#!/bin/bash

LOCKFILE=/var/lock/makewhatis.lock

# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "rm -f $LOCKFILE" EXIT
touch $LOCKFILE
makewhatis -u -w
exit 0

cat /usr/share/msec/security.sh
----------
(the file is empty)

cat /etc/cron.daily/rpm
----------
#!/bin/sh

/usr/bin/rpmquery -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' 2>&1 \
| sort > /var/log/rpmpkgs

cat /etc/cron.daily/tetex.cron
----------
#!/bin/bash
# Remove and TeX fonts not used in 90 days
/usr/sbin/tmpwatch 2160 /var/lib/texmf
exit 0

cat /etc/cron.daily/tmpwatch
----------
#!/bin/sh

[ -f /etc/sysconfig/tmpwatch ] && . /etc/sysconfig/tmpwatch

/usr/sbin/tmpwatch $TMPWATCH_EXCLUDES 240 /tmp /var/tmp

[ -f /etc/sysconfig/i18n ] && . /etc/sysconfig/i18n
if [ -d /usr/share/man/$LANG/ ] && [ -d /var/catman/$LANG/ ]; then
/usr/sbin/tmpwatch -f 240 /var/catman/{X11R6/cat?,cat?,local/cat?,$LANG/cat?}
else
/usr/sbin/tmpwatch -f 240 /var/catman/{X11R6/cat?,cat?,local/cat?}
fi
Quote:
ls -l /etc/cron.weekly
----------
total 2
-rwxr-xr-x 1 root root 399 Sep 16 17:52 makewhatis.cron*
-rwxr-xr-x 1 root root 54 Sep 19 09:42 slocate.cron*

cat /etc/cron.weekly/makewhatis.cron
----------
#!/bin/bash

LOCKFILE=/var/lock/makewhatis.lock

# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "rm -f $LOCKFILE" EXIT
touch $LOCKFILE
makewhatis -w
exit 0

cat /etc/cron.weekly/slocate.cron
----------
#!/bin/sh

nice --adjustment=+19 /usr/bin/slocate -u
Quote:
ls -l /etc/cron.monthly
----------
total 0
regards
Antonio
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Oracle(R) Validated Configurations Offer Faster Linux Deployment LXer Syndicated Linux News 0 06-13-2006 10:54 AM
Fonts configurations for Linux apps calande *BSD 0 03-06-2006 09:54 PM
LXer: Mozilla Reborn: SeaMonkey 1.0 Is Released LXer Syndicated Linux News 0 02-01-2006 12:31 AM
Some Questions and Opnions needed regarding Linux Server Configurations..Thank You :) lionelx Linux - Newbie 2 09-30-2004 10:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration