Info - Useful information: June 2011 Archives

Configuring denyhost on Mac OSX 10.6

By
Karen Nakamura
on June 11, 2011 11:53 PM | | Comments (2)

I had some trouble configuring denyhost on my Mac OS X 10.6 (user) machine as the instructions on the website @ http://www.denyhosts.net/faq.html#macos were wrong. Here is the correct configuration for denyhosts.cfg: 

denyhosts.cfg

# Mac OS X (v10.4 or greater - 
#   also refer to:   http://www.denyhosts.net/faq.html#macos
# SECURE_LOG = /private/var/log/asl.log
# SSHD_FORMAT_REGEX=.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM: (?P.*?)\].*?

# Mac OS X (v10.6 or greater - 
#   - reversion to standard log format. No need to do log regex parsing.
SECURE_LOG = /var/log/secure.log


# zip down a bit to the bottom:

#this work_dir worked for me, it's where the python install script added it:

WORK_DIR = /usr/share/denyhosts/data

#this lock_file worked for me although I had to create the directory:

LOCK_FILE = /var/lock/subsys/denyhosts

and then for the file [daemon-control]: 

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN   = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"

PYTHON_BIN      = "/usr/bin/env python"

Hope this helps! This is only really necessary if your Mac is on the internet with a static IP and not behind a firewall or NAT router. 99.9% of home machines are ok because they are hidden behind NAT routers, it's mostly academic machines that are in danger.

Continue reading Configuring denyhost on Mac OSX 10.6.

Hacker attacks as well!

By
Karen Nakamura
on June 9, 2011 2:40 PM | | Comments (1)
If spam wasn't enough, my machines are also getting hit by hackers trying to get through the sshd port: 
Jun  5 00:35:31 kyoto sshd[59150]: Invalid user prueba from 62.27.42.80
Jun  5 00:35:32 kyoto sshd[59152]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:32 kyoto sshd[59154]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:33 kyoto sshd[59156]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:34 kyoto sshd[59158]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:34 kyoto sshd[59160]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:35 kyoto sshd[59162]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:36 kyoto sshd[59164]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:37 kyoto sshd[59170]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:37 kyoto sshd[59172]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:38 kyoto sshd[59174]: Invalid user postgres from 62.27.42.80
Jun  5 00:35:39 kyoto sshd[59176]: Invalid user hadoop from 62.27.42.80
Jun  5 00:35:39 kyoto sshd[59178]: Invalid user hadoop from 62.27.42.80
Jun  5 00:35:40 kyoto sshd[59180]: Invalid user hadoop from 62.27.42.80
Jun  5 00:35:41 kyoto sshd[59182]: Invalid user hadoop from 62.27.42.80
I've installed denyhost, let's hope that it can work to cut back on some of this nonsense.
Continue reading Hacker attacks as well!.

QTSS spamming my secure.log (Mac OSX server)

By
Karen Nakamura
on June 8, 2011 11:14 PM | | Comments (0)

This is just for people running Mac OSX server. If your secure.log is full of spam like this:

Jun  8 23:02:40 media-lab com.apple.SecurityServer[55]: Succeeded authorizing ri
ght com.apple.server.admin.streaming by client /usr/sbin/QuickTimeStreamingServe
r for authorization created by /System/Library/CoreServices/ServerManagerDaemon.
bundle.
Jun  8 23:03:40 media-lab com.apple.SecurityServer[55]: Succeeded authorizing ri
ght com.apple.server.admin.streaming by client /System/Library/CoreServices/Serv
erManagerDaemon.bundle for authorization created by /System/Library/CoreServices
/ServerManagerDaemon.bundle.
Jun  8 23:03:40 media-lab com.apple.SecurityServer[55]: Succeeded authorizing ri
ght com.apple.server.admin.streaming by client /usr/sbin/QuickTimeStreamingServe
r for authorization created by /System/Library/CoreServices/ServerManagerDaemon.
bundle.
Jun  8 23:04:40 media-lab com.apple.SecurityServer[55]: Succeeded authorizing ri
ght com.apple.server.admin.streaming by client /System/Library/CoreServices/Serv
erManagerDaemon.bundle for authorization created by /System/Library/CoreServices
/ServerManagerDaemon.bundle.

Then the problem is an overzealous servermgrd (server manager daemon). You can throttle it back by editing its preferences at:

/Library/Preferences/com.apple.servermgrd.plist

Change the idlePeriod from 60 to 300 (the max). This will at least put 5 minutes between the spam messages.

Thanks to: macenterprise

« Info - Useful information: February 2011 | Main Index | Archives | Info - Useful information: July 2011 »

Info - Useful information: November 2012: Monthly Archives

Categories

Monthly Archives

Pages

Syndication

Sponsored Links

Powered by Movable Type 5.11

Sponsored by

 

Search

Tag Cloud

Sponsored Links

About this Archive

This page is a archive of entries in the Info - Useful information category from June 2011.

Info - Useful information: February 2011 is the previous archive.

Info - Useful information: July 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.

August 2014

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31