vicidial.org

VICIDIAL astGUIclient discussion forum
http://forum.eflo.net/VICIDIALforum/

/var/log/secure

http://forum.eflo.net/VICIDIALforum/viewtopic.php?f=7&t=20402

Page 1 of 1

/var/log/secure

PostPosted: Fri Sep 02, 2011 10:03 pm
by gmcust3
Content of few file from /var/log/secure after which My SERVER didn't work. Luckily I restored it but it happened twice.

Any article on How to SECURE my VICIDIAL server from any attack ?

Sep 3 00:26:28 vici sshd[22129]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 00:26:30 vici sshd[22129]: Accepted password for cron from 86.123.197.166 port 4930 ssh2
Sep 3 01:41:19 vici sshd[11939]: Accepted password for cron from 82.165.140.50 port 1160 ssh2
Sep 3 02:39:43 vici login: pam_unix(login:session): session closed for user root
Sep 3 03:07:59 vici sshd[19474]: Failed password for root from 118.122.179.71 port 53340 ssh2
Sep 3 05:25:21 vici sshd[2348]: Received signal 15; terminating.
Sep 3 05:49:56 vici sshd[2340]: Server listening on :: port 22.
Sep 3 05:49:56 vici sshd[2340]: Server listening on 0.0.0.0 port 22.
Sep 3 05:51:08 vici webmin[2903]: Webmin starting
Sep 3 06:05:09 vici sshd[8917]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 06:05:12 vici sshd[8917]: Accepted password for cron from 86.123.197.166 port 5900 ssh2
Sep 3 06:14:25 vici sshd[16053]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 06:14:38 vici sshd[16053]: Accepted password for root from 86.123.197.166 port 5903 ssh2
Sep 3 06:37:51 vici sshd[2340]: Received signal 15; terminating.
Sep 3 06:39:55 vici sshd[2340]: Server listening on :: port 22.
Sep 3 06:39:55 vici sshd[2340]: Server listening on 0.0.0.0 port 22.

PostPosted: Fri Sep 02, 2011 10:10 pm
by gmcust3
Looking at

http://wasdak.blogspot.com/2009/08/secu ... idial.html

http://www.eflo.net/VICIDIALforum/viewtopic.php?t=14509

PostPosted: Sat Sep 03, 2011 9:42 am
by williamconley
Addition for php folder lock:
Code: Select all
nano +64 /etc/apache2/default-server.conf

=add new phpMyAdmin directory=
below '''cgi-bin''' directory setup,
Protect phpMyAdmin folder from attacks
use htpasswd /srv/www/passwd/phpmyadmin newuser to add new users (and delete unauthorized users from that file)
requires /etc/init.d/apache2 restart to take effect
Code: Select all
 <Directory /srv/www/htdocs/phpMyAdmin>
  AllowOverride None
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "phpMyAdmin -- Authorized Managers Only -- "
  AuthUserFile /srv/www/passwd/phpmyadmin
  Require valid-user
 </Directory>

=create the password file=
change admin to a valid user name if we already have one and use a client password (that we can give to the client when they request access)
Code: Select all
 mkdir /srv/www/passwd
 htpasswd -c /srv/www/passwd/phpmyadmin admin
May be necessary to
Code: Select all
 zypper install thttpd


=add more users to it=
will ask for password after each
htpasswd /srv/www/passwd/phpmyadmin admin
htpasswd /srv/www/passwd/phpmyadmin manager
htpasswd /srv/www/passwd/phpmyadmin agent

PostPosted: Mon Sep 05, 2011 2:34 am
by gmcust3
I tried

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

and I got :

Code: Select all
I tried and I got :

[root@go ~]# ./cron.pl

Previous astGUIclient configuration file found at: /etc/astguiclient.conf

Please enter the new cron password : 9999

Please enter root MySQL password : vicidialnow

  new cron password:      9999
  root MySQL password:    vicidialnow

Are these settings correct?(y/n): [y] y
Writing changes to astguiclient.conf file: /etc/astguiclient.conf
Writing changes to manager.conf file: /etc/astguiclient.conf
Writing changes to dbconnect.php file: /var/www/html/agc/dbconnect.php
Writing changes to dbconnect.php file: /var/www/html/vicidial/dbconnect.php

STARTING DATABASE TABLES UPDATES PHASE...
  Updating servers table ASTmgrSECRET...
  Updating phones table ASTmgrSECRET...
  Updating phones table DBX_pass...
  Updating phones table DBY_pass...
  Updating servers table default ASTmgrSECRET...
  Updating phones table default ASTmgrSECRET...
  Updating phones table default DBX_pass...
  Updating phones table default DBY_pass...
  Updating MySQL password for user 'cron'...

CRON PASSWORD CHANGE FOR VICIDIAL FINISHED!


     - process runtime      (6 sec) (0.1 minutes)
[root@go ~]#




Now, when I tried to Login using coreftp, I can login using CRON and 1234 as password !!

PostPosted: Mon Sep 05, 2011 4:16 pm
by williamconley
didja reboot?
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/