vicidial.org

VICIDIAL astGUIclient discussion forum

Skip to content

Vicidial.org Home      Vicidial Forum      Vicidial Wiki      Vicidial Issue Tracker      astGUIclient Project Page


/var/log/secure

General and Support topics relating to ViciDialNow and GoAutoDial ISO installers

Moderators: enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, s0lid

Post a reply

/var/log/secure

Postby gmcust3 » Fri Sep 02, 2011 10:03 pm

Content of few file from /var/log/secure after which My SERVER didn't work. Luckily I restored it but it happened twice.

Any article on How to SECURE my VICIDIAL server from any attack ?

Sep 3 00:26:28 vici sshd[22129]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 00:26:30 vici sshd[22129]: Accepted password for cron from 86.123.197.166 port 4930 ssh2
Sep 3 01:41:19 vici sshd[11939]: Accepted password for cron from 82.165.140.50 port 1160 ssh2
Sep 3 02:39:43 vici login: pam_unix(login:session): session closed for user root
Sep 3 03:07:59 vici sshd[19474]: Failed password for root from 118.122.179.71 port 53340 ssh2
Sep 3 05:25:21 vici sshd[2348]: Received signal 15; terminating.
Sep 3 05:49:56 vici sshd[2340]: Server listening on :: port 22.
Sep 3 05:49:56 vici sshd[2340]: Server listening on 0.0.0.0 port 22.
Sep 3 05:51:08 vici webmin[2903]: Webmin starting
Sep 3 06:05:09 vici sshd[8917]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 06:05:12 vici sshd[8917]: Accepted password for cron from 86.123.197.166 port 5900 ssh2
Sep 3 06:14:25 vici sshd[16053]: reverse mapping checking getaddrinfo for 86-123-197-166.rdsnet.ro [86.123.197.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 3 06:14:38 vici sshd[16053]: Accepted password for root from 86.123.197.166 port 5903 ssh2
Sep 3 06:37:51 vici sshd[2340]: Received signal 15; terminating.
Sep 3 06:39:55 vici sshd[2340]: Server listening on :: port 22.
Sep 3 06:39:55 vici sshd[2340]: Server listening on 0.0.0.0 port 22.

GoAutoDial CE
VERSION: 2.4-309a
BUILD: 110430-1642
No other software installed on the box.
I've read the manager manual.
gmcust3
 
Posts: 1148
Joined: Sat Oct 24, 2009 1:15 pm
Top

Postby gmcust3 » Fri Sep 02, 2011 10:10 pm

Looking at

http://wasdak.blogspot.com/2009/08/secu ... idial.html

http://www.eflo.net/VICIDIALforum/viewtopic.php?t=14509
GoAutoDial CE
VERSION: 2.4-309a
BUILD: 110430-1642
No other software installed on the box.
I've read the manager manual.
gmcust3
 
Posts: 1148
Joined: Sat Oct 24, 2009 1:15 pm
Top

Postby williamconley » Sat Sep 03, 2011 9:42 am

Addition for php folder lock:
Code: Select all
nano +64 /etc/apache2/default-server.conf

=add new phpMyAdmin directory=
below '''cgi-bin''' directory setup,
Protect phpMyAdmin folder from attacks
use htpasswd /srv/www/passwd/phpmyadmin newuser to add new users (and delete unauthorized users from that file)
requires /etc/init.d/apache2 restart to take effect
Code: Select all
 <Directory /srv/www/htdocs/phpMyAdmin>
  AllowOverride None
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "phpMyAdmin -- Authorized Managers Only -- "
  AuthUserFile /srv/www/passwd/phpmyadmin
  Require valid-user
 </Directory>

=create the password file=
change admin to a valid user name if we already have one and use a client password (that we can give to the client when they request access)
Code: Select all
 mkdir /srv/www/passwd
 htpasswd -c /srv/www/passwd/phpmyadmin admin
May be necessary to
Code: Select all
 zypper install thttpd


=add more users to it=
will ask for password after each
htpasswd /srv/www/passwd/phpmyadmin admin
htpasswd /srv/www/passwd/phpmyadmin manager
htpasswd /srv/www/passwd/phpmyadmin agent
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)
Top

Postby gmcust3 » Mon Sep 05, 2011 2:34 am

I tried

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

and I got :

Code: Select all
I tried and I got :

[root@go ~]# ./cron.pl

Previous astGUIclient configuration file found at: /etc/astguiclient.conf

Please enter the new cron password : 9999

Please enter root MySQL password : vicidialnow

  new cron password:      9999
  root MySQL password:    vicidialnow

Are these settings correct?(y/n): [y] y
Writing changes to astguiclient.conf file: /etc/astguiclient.conf
Writing changes to manager.conf file: /etc/astguiclient.conf
Writing changes to dbconnect.php file: /var/www/html/agc/dbconnect.php
Writing changes to dbconnect.php file: /var/www/html/vicidial/dbconnect.php

STARTING DATABASE TABLES UPDATES PHASE...
  Updating servers table ASTmgrSECRET...
  Updating phones table ASTmgrSECRET...
  Updating phones table DBX_pass...
  Updating phones table DBY_pass...
  Updating servers table default ASTmgrSECRET...
  Updating phones table default ASTmgrSECRET...
  Updating phones table default DBX_pass...
  Updating phones table default DBY_pass...
  Updating MySQL password for user 'cron'...

CRON PASSWORD CHANGE FOR VICIDIAL FINISHED!


     - process runtime      (6 sec) (0.1 minutes)
[root@go ~]#




Now, when I tried to Login using coreftp, I can login using CRON and 1234 as password !!
GoAutoDial CE
VERSION: 2.4-309a
BUILD: 110430-1642
No other software installed on the box.
I've read the manager manual.
gmcust3
 
Posts: 1148
Joined: Sat Oct 24, 2009 1:15 pm
Top

Postby williamconley » Mon Sep 05, 2011 4:16 pm

didja reboot?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)
Top
Post a reply

Return to ViciDialNow - GoAutoDial

Who is online

Users browsing this forum: Majestic-12 [Bot] and 75 guests

Powered by phpBB® Forum Software © phpBB Group