Questions concerning Security Log
Paul Howarth
paul at city-fan.org
Fri Apr 8 07:33:00 UTC 2005
On Thu, 2005-04-07 at 22:57 +0300, Dotan Cohen wrote:
Please don't send replies to me *and* the list; I read the list and
don't need two copies of replies.
> On Apr 7, 2005 12:08 PM, Paul Howarth <paul at city-fan.org> wrote:
> > Dotan Cohen wrote:
> > > Thanks. I tryed to edit /etc/ssh/sshd_config and found that it is
> > > either empty or does not exist. In emacs i just get a blank screen. So
> > > maybe I don't even have ssh on this computer? I did a FC3 desktop
> > > installation.
> >
> > Do you have openssh-server installed?
> >
> > $ rpm -qa 'openssh*'
> >
> > It sounds a bit strange that you should have sshd alert messages in your
> > logs if you're not running an ssh server.
> >
> > See also what's listening on your ssh port:
> > # netstat -nalp | grep :22
> >
> > >>3. Consider turning off password authentication altogether and using
> > >>certificates instead.
> > >
> > > I will look into this. As far as I can see, I would need to purchase a
> > > certificate?
> >
> > No, you generate them yourself.
> >
> > There's an introduction at:
> > http://www.everything2.com/index.pl?node=OpenSSH
> >
> > Paul.
> >
>
> > Do you have openssh-server installed?
> > $ rpm -qa 'openssh*'
>
> I got nothing in return. After some time thinking, the prompt returned.
>
>
> > It sounds a bit strange that you should have sshd alert messages in your
> > logs if you're not running an ssh server.
> > See also what's listening on your ssh port:
> > # netstat -nalp | grep :22
>
> I got this:
> tcp 0 0 :::22 :::*
> LISTEN 4428/sshd
>
> I pasted it as it is into google and got no results, but I did not go
> digging any deeper. I figure it would be best to ask here what this
> means.
You have an ssh server listening but it does not appear to be the Fedora
openssh server, since the RPM is not installed. Normally I would expect
someone running a non-standard server to know about it...
What's in your /etc/rc.d/init.d directory? Anything relating to sshd or
sshd? If you'd got an initscript there, try figuring out which package
(if any) it came from:
$ cd /etc/rc.d/init.d
$ rpm -qf *ssh*
> Just a little question. For the rpm you used $ as the prompt sign, but
> for the netstat you used #. Any difference between them, in your
> usage?
As Jeff answered earlier, this is how I (and many other people)
distinguish commands that can or should be run as a regular user, and
those that should be run as root. Running netstat as root provides extra
information compared with running it as a regular user.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the users
mailing list