SSH and msec level 4 - MDK 10.0
man mseclib
authorize_services(arg) Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if arg = ALL. Only local ones if arg = LOCAL and none if arg = NONE. To authorize the services you need, use /etc/hosts.allow (see hosts.allow(5)). hehe finally found it... took forever. was mad cause msec kept killing my hosts.allow. sshd needs to be a listsed service in hosts.allow root@widmer msec]# cat /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd:ALL [root@widmer msec]# cat /etc/security/msec/level.local allow_root_login (no) authorize_services (ALL) Now msec will not overwrite /etc/hosts.allow -gabe w screw the caps! |
Hi there!
Thank you so much for this info. At last I was able to ssh again to my machine with msec at 4. I'm using Mdk 10.0 and I still have another issue I like to see resolved. I want to stay at level 4 (server), but also want to be able to su to root from any user. Right now I get the message: Incorrect password. And I'm sure the pass is correct, since I can login as root from the login menu. This is my level.4 file: accept_bogus_error_responses no accept_broadcasted_icmp_echo no accept_icmp_echo no allow_autologin no allow_issues LOCAL allow_reboot no allow_remote_root_login without_password allow_root_login yes allow_user_list no allow_x_connections NONE allow_xserver_to_listen no authorize_services LOCAL enable_at_crontab no enable_console_log yes enable_dns_spoofing_protection yes enable_ip_spoofing_protection yes enable_log_strange_packets yes enable_msec_cron yes enable_pam_wheel_for_su yes enable_password yes enable_promisc_check yes enable_security_check yes enable_sulogin yes password_aging 60 30 password_history 0 password_length 6 1 1 set_root_umask 022 set_secure_level 4 set_security_conf CHECK_OPEN_PORT yes set_security_conf CHECK_PASSWD yes set_security_conf CHECK_PERMS yes set_security_conf CHECK_PROMISC yes set_security_conf CHECK_SECURITY yes set_security_conf CHECK_SGID yes set_security_conf CHECK_SHADOW yes set_security_conf CHECK_SUID_MD5 yes set_security_conf CHECK_SUID_ROOT yes set_security_conf CHECK_UNOWNED yes set_security_conf CHECK_WRITABLE yes set_security_conf CHKROOTKIT_CHECK yes set_security_conf MAIL_EMPTY_CONTENT yes set_security_conf MAIL_WARN yes set_security_conf RPM_CHECK yes set_security_conf SYSLOG_WARN yes set_security_conf TTY_WARN yes set_shell_history_size 10 set_shell_timeout 3600 set_user_umask 077 And this is my level.local file: enable_pam_wheel_for_su (yes) allow_root_login (yes) enable_at_crontab (yes) Oh yeah, when I use tcsh, no command is recognized anymore. Using bash, everything works .... Any help to get su working agin is very much appreciated!!! Josh (noob) |
All times are GMT -5. The time now is 11:06 AM. |