A little security help please

[rick420]

I was reading thru it, tell me if I got the right idea. I would put the script in the inittab file? But how do I know how to make it run in the terminal in real time on the screen down there? And what is the deal the runlevels? Thanks again

[Feztaa]

No, god no.

Put the script into a text file and make it executeable. Then tell the inittab file to run that script continuously (respawn) on tty12.

[rick420]

AHHH, makes much more sense But why tty12? And where would I put that in there? Sorry for being so clueless on scripting, thanks alot though

[Feztaa]

But why tty12?

Well, where else would you put it? tty7? Putting it on tty12 is cool because it's the last one. You access it by typing ALT+F12 (or CTRL+ALT+F12 if you are in X).

And where would I put that in there? Sorry for being so clueless on scripting, thanks alot though

Well, I think the hint is very straightforward. Nevertheless, here is the relevant part of my inittab file:

Code:

log:2345:respawn:/bin/badlogin >/dev/tty12

1:2345:respawn:/sbin/agetty tty1 9600
2:2345:respawn:/sbin/agetty tty2 9600
3:2345:respawn:/sbin/agetty tty3 9600
4:2345:respawn:/sbin/agetty tty4 9600
5:2345:respawn:/sbin/agetty tty5 9600
6:2345:respawn:/sbin/agetty tty6 9600
7:2345:respawn:/sbin/agetty tty7 9600
8:2345:respawn:/sbin/agetty tty8 9600
9:2345:respawn:/sbin/agetty tty9 9600
10:2345:respawn:/sbin/agetty tty10 9600

What that does is, it gives me a console on tty1 through tty10, leaves tty11 for X, then has the script running continuously on tty12.

[rick420]

Ok let me show you the inittab file now:

Code:

# Run gettys in standard runlevels
log:2345:respawn:/bin/badlogin >/dev/tty12
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

Then I saved the script as in /bin/badlogin and chmod 777 'ed it. But when I Ctrl+Alt+F12 it, nothing is there. Also, isnt there a way to have it running in a little terminal window on my desktop?

When you say hint, what do u mean? Like you said read the inittab hint, am I missing somethign there? Thanks again

[Feztaa]

Then I saved the script as in /bin/badlogin and chmod 777 'ed it.

Do yourself a favor and learn about file permissions.

But when I Ctrl+Alt+F12 it, nothing is there.

You have to reboot.

Also, isnt there a way to have it running in a little terminal window on my desktop?

Sorry, I can't help you with this. You do have to do some of the thinking on your own.

When you say hint, what do u mean? Like you said read the inittab hint, am I missing somethign there? Thanks again

I could have sworn I told you somewhere to go to hints.linuxfromscratch.org and read the inittab hint. I can't find it on this thread, though. oh well.

[rick420]

Well you did say read the inittab hint, but never told me where... Thanks alot though, I went to the linuxfromscratch site and read up on it. I did manage to get the syslog in real time on my desktop using the tail -f command. I havent rebooted yet to check on the inittab, but that site basically explained it perfectly. I havent figured out the script part yet, but I imagine chmod 777 was no good (BTW, I do understand permissions somewhat, like chmod u+rwx, but thought chmod 777 meant make executable) Wouldnt I have to add something to that file so its not just a plain text file though? Every other script I have seems to be .sh or .pl, what do I need to add to that file to make it a working script?

Oh yea, I noticed that lastlog works fine, but faillog says no file found at /var/log/faillog . So I tried just "touch /var/log/faillog" but still cant run the faillog command. And looking thru the syslog, all I see is a bunch of :

Code:

Feb 16 17:03:02 high-on-linux ipop3d[12059]: pop3 service init
from 192.168.1.1
Feb 16 17:03:04 high-on-linux ipop3d[12059]: Login user=rick420 host=[192.168.1.1] nmsgs=0/0
Feb 16 17:03:04 high-on-linux ipop3d[12059]: Logout user=rick420 host=[192.168.1.1] nmsgs=0 ndele=0

And alot of :

Code:

Feb 16 17:05:00 high-on-linux CROND[12061]: (root) CMD (  /usr/share/sshd-monitor/sshd-restarter)
Feb 16 17:05:00 high-on-linux sshd: sshd -TERM succeeded
Feb 16 17:05:00 high-on-linux sshd: succeeded

Is this normal to do so often? it seems to happen every 5 mins or so. Looks like to me the first part is checking for new mail (gkrellm?) but the 2nd part (restarting ssh?) is that normal to do every 5 mins?
Thanks alot though guys, and Feztaa, sorry to annoy you with my questions, but in all fairness you never did tell me where to read the hints I do like to RTFM, but I didnt know where it was!

[Feztaa]

I imagine chmod 777 was no good (BTW, I do understand permissions somewhat, like chmod u+rwx, but thought chmod 777 meant make executable)

Seriously. RTFM!! 777 means that any John Q. Luser on your system can go and edit the file at their leisure. I'll explain chmod no more.

Wouldnt I have to add something to that file so its not just a plain text file though? Every other script I have seems to be .sh or .pl, what do I need to add to that file to make it a working script?

File extensions are completely arbitrary under unix. What you need is the proper bang path at the beginning of the file, and the proper permissions.

Oh yea, I noticed that lastlog works fine, but faillog says no file found at /var/log/faillog . So I tried just "touch /var/log/faillog" but still cant run the faillog command.

Let me guess, when you run it nothing happens right? That means "all clear!". Go and fail to log in a few times, then run faillog.

the 2nd part (restarting ssh?) is that normal to do every 5 mins?

I don't know anything about ssh.

[rick420]

Damn! A little annoyed with me huh??

Like I said I have a nice little text file that explains the permissions by u+rwx, a+rwx, etc, but no idea about the numbers way of doing it. I will look it up and read though.

Proper bang path?? Is that another manual to read up on? I understand you are frustrated because I dont knwo exactly what Im doing, but to be honest RTFM is not the answer to all questions. An example of how to do it IS MUCH MORE helpful. I really dont know much at all about scripting and programming and really dont have time to learn how to program right now (damn cisco classes kick my ass)

So with no faillog that means no one has ever failed to log in? I tried logging in with a fake name and a fake pass, but still no entry in faillog.
And last off, thanks alot man, even though u are pretty rude to me, you helped alot

[rick420]

Almost forgot...why would all these ports be open?

Code:

Port    State    Service
21/tcp   open    ftp
25/tcp   open    smtp
59/tcp   open    priv-file
110/tcp  open    pop-3
135/tcp  open    loc-srv
139/tcp  open    netbios-ssn
143/tcp  open    imap2
443/tcp  open    https
445/tcp  open    microsoft-ds
1025/tcp  open    listen
1026/tcp  open    nterm

I know 21, 25, 110, and 443. They are all opened thru the router as well. I think 135/139 is just netbios/samba stuff right? But, 59 , 445, 1025, 1026?? I know for DCC transfers on IRC im using dcc ports 1050-1060, but 59 might be the data port??? Any ideas on these?