| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 5,245
» Latest member: dprp
» Forum threads: 4,031
» Forum posts: 16,406
Full Statistics
|
| Online Users |
There are currently 755 online users.
» 0 Member(s) | 752 Guest(s)
Baidu, Bing, Google
|
| Latest Threads |
how to allow only steam t...
Forum: Xorg Problems
Last Post: moquber
2026-03-17, 09:40 PM
» Replies: 0
» Views: 499
|
Wi-Fi works for a few min...
Forum: Network Problems
Last Post: kabifff
2025-12-15, 12:57 AM
» Replies: 0
» Views: 891
|
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 4,179
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 126,169
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 75,906
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 5,567
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 9,492
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 48,229
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 168,660
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 98,980
|
|
|
| Tuesday Fun =) |
|
Posted by: lia - 2005-03-28, 10:10 PM - Forum: Jokes
- No Replies
|
 |
Smart Ass Answer #5:
A flight attendant was stationed at the departure gate to check tickets. As a man approached, she extended her hand for the ticket and he opened his trench coat and flashed her. Without missing a beat, she said, "Sir, I need to see your ticket, not your stub."
Smart Ass Answer #4:
A lady was picking through the frozen turkeys at the grocery store, but she couldn't find one big enough for her family. She asked a stock boy, "Do these turkeys get any bigger?" The stock boy replied, "No ma'am, they're dead."
Smart Ass Answer #3:
The cop got out of his car and the kid who was stopped for speeding rolled down his window. "I've been waiting for you all day," the cop said. The kid replied, "Yeah, well I got here as fast as I could." When the cop finally stopped laughing, he sent the kid on his way without a ticket.
Smart Ass Answer #2:
A truck driver was driving along on the freeway. A sign comes up that reads, "Low Bridge Ahead." Before he knows it, the bridge is right ahead of him and he gets stuck under the bridge. Cars are backed up for miles. Finally, a police car comes up. The cop gets out of his car and walks to the truck driver, puts his hands on his hips and says, "Got stuck, huh?" The truck driver says, "No, I was delivering this bridge and ran out of gas."
AND NOW FOR THE #1 SMART ASS ANSWER OF 2004!
A college teacher reminds her class of tomorrow's final exam. "Now class, I won't tolerate any excuses for you not being here tomorrow. I might consider a nuclear attack or a serious personal injury or illness, or a death in your immediate family, but that's it, no other excuses whatsoever!" A smart ass guy in the back of the room raised his hand and asked, "What would you say if tomorrow I said I was suffering from complete and utter sexual exhaustion?" The entire class is reduced to laughter and snickering. When silence was restored, the teacher smiled knowingly at the student, shaking her head and sweetly said "Well, I guess you'd have to write the exam with your other hand."
|
|
|
| chrooting SSH on Fedora Core 3 |
|
Posted by: xDamox - 2005-03-28, 03:15 PM - Forum: Remote Access
- Replies (6)
|
|
First off install ssh (must be the PAM enabled version)and you also need the libpam_chroot module.
if you have install ssh by default on fedora this module is installed :)
Ok so they should be installed.
Then edit "/etc/pam.d/sshd".
Code: #%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_chroot.so
if you do have pam_limits.so in the sshd config file comment it out with a # or remove the line
Hopefully a pam 'head' can explain why the limit file gives difficulties... probably something simple.
Ok so now when ssh uses pam it should use the pam_chroot. Thats what we just setup. Now we need to tell ssh to actaully use it [img]<___base_url___>/uploads/emoticons/default_laugh.png[/img]
Edit "/etc/ssh/sshd_config". I'm not going to put in the WHOLE sshd_config file here just the two lines that require to be set the ... represent the rest of the file.
Code: #normally this is yes.. so switch to no
UsePrivilegeSeparation no
#normally this is yes...but check
UsePAM yes
Ok it should be stressed that you should NEVER run ssh with UsePriv.. set to no unless you plan on chroot'in. This basically gives ssh the ability to be root, this can lead to real dangers. We need it to run as root because we cannot chroot the user into the new chroot enviroment unless we are root.
Right.. so sshd is ready... Now to finish off the PAM setup.
Edit "/etc/security/chroot.conf"
NOW we're ready.... Restart your ssh daemon to get the new config:
Code: /etc/init.d/sshd restart
Once you have got this far you will want to chown /home/znx to root:root
Code: chown root.root /home/znx
The finally change the permission to 755
you will need to add the binarys and library files to the chroot as shown below:
Code: # cd /home/
# mkdir chroot
# cd chroot/
# mkdir bin lib
# cp /bin/bash bin/
# ldd /bin/bash
libncurses.so.5 => /lib/libncurses.so.5 (0x40025000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x40062000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x40065000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
# cp /lib/libncurses.so.5 lib/
# mkdir lib/tls/i686/cmov -p
# cp /lib/ld-linux.so.2 lib/
# cp /lib/tls/i686/cmov/{libdl.so.2,libc.so.6} lib/
# cd
# chroot /home/chroot/ /bin/bash
bash-2.05b# ls
bash: ls: command not found
bash-2.05b# exit
Well thats it. The ssh daemon will now force a user into the chroot 'jail' using PAM. Lets test...
Code: # ssh -l znx localhost
Password: *******
Last login: Fri Mar 25 19:28:08 2005 from localhost.localdomain
-bash-2.05b$ ls
-bash: ls: command not found
-bash-2.05b$ logout
Connection to ubuntu closed.
Jy provided a link to the following site with a script that will move the binarys and librarys to the chrooted dir:
[/url][url=http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/]http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/
This guide was produced by znx and edited by xDamox ;) many thanks to znx
|
|
|
|
| keep fedora up to date using apt |
|
Posted by: anyweb - 2005-03-27, 11:06 PM - Forum: Fedora
- No Replies
|
 |
if you want to automate fedora keeping up to date, and you use apt (as in apt-get)
then try this (as root)
Code: vi /etc/cron.daily/apt.sh
then paste the following into the blank file
Code: #!/bin/sh
apt-get update && apt-get upgrade -y
now save the file and make it executable
to test it try doing this
Code: sh /etc/cron.daily/apt.sh
and you'll see something like the following:
Quote:[root@localhost cron.daily]# sh /etc/cron.daily/apt.shGet:1 [/url]http://ayo.freshrpms.net fedora/linux/3/i386 release [2139B]
Fetched 2139B in 0s (4712B/s)
Hit http://ayo.freshrpms.net fedora/linux/3/i386/core pkglist
Hit http://ayo.freshrpms.net fedora/linux/3/i386/core release
Hit http://ayo.freshrpms.net fedora/linux/3/i386/updates pkglist
Hit http://ayo.freshrpms.net fedora/linux/3/i386/updates release
Hit http://ayo.freshrpms.net fedora/linux/3/i386/freshrpms pkglist
Hit [url=http://ayo.freshrpms.net]http://ayo.freshrpms.net fedora/linux/3/i386/freshrpms release
Reading Package Lists... Done
Building Dependency Tree... Done
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages have been kept back
libpostproc mplayer sylpheed
0 upgraded, 0 newly installed, 0 removed and 3 not upgraded.
[root@localhost cron.daily]#
cheers
anyweb
|
|
|
|
| need to register the forums.... |
|
Posted by: anyweb - 2005-03-27, 10:44 PM - Forum: Site News
- Replies (11)
|
|
hi guys,
in order to update these forums i need to cough up 185$
[/url][url=http://www.invisionboard.com/act.ips/download]http://www.invisionboard.com/act.ips/download
that will give us a
Quote:Perpetual License
|
|
|
|
| Happy Easter!! |
|
Posted by: lia - 2005-03-26, 10:50 AM - Forum: Jokes
- Replies (3)
|
|
Why do we press harder on a remote control when we know the batteries are getting weak?
>Why do banks charge a fee on "insufficient funds" when they know there is not enough?
>
>Why does someone believe you when you say there are four billion stars, but check when you say the paint is wet?
>
>Why doesn't glue stick to the bottle?
>
>Why do they use sterilized needles for death by lethal injection?
>Why doesn't Tarzan have a beard?
>
>Why does Superman stop bullets with his chest, but ducks when you throw a revolver at him?
>
>Why do Kamikaze pilots wear helmets?
>
>Whose idea was it to put an "S" in the word "lisp"?
>
>If people evolved from apes, why are there still apes?
>
>Why is it that no matter what color bubble bath you use the bubbles are always white?
>
>Is there ever a day that mattresses are not on sale?
>
>Why do people constantly return to the refrigerator with hopes that something new to eat will have materialized?
>Why do people keep running over a string a dozen times with their vacuum cleaner, then reach down, pick it up, examine it, then put it down to give the vacuum one more chance?
>
>Why is it that no plastic bag will open from the end you first try?
>
>How do those dead bugs get into those enclosed light fixtures?
>
>When we are in the supermarket and someone rams our ankle with a shopping cart then apologizes for doing so, why do we say, "It's all right?"
>Why is it that whenever you attempt to catch something that's falling off the table you always manage to knock something else over?
>
>In Winter why do we try to keep the house as warm as it was in Summer when we complained about the heat?
>
>How come you never hear father-in-law jokes?
>
>If at first you don't succeed, shouldn't you try doing it like your wife told you to do it?
>The statistics on sanity are that one out of every four persons is suffering from some sort of mental illness. Think of your three best friends, if they're okay, then it's you.
>
>Are there specially reserved parking spaces for "normal" people at the Special Olympics?
>
>Do married people live longer than single ones or does it only seem longer?
>
>
>How important does a person have to be before they are considered assassinated instead of just murdered?
>
>
>
>Why does a round pizza come in a square box?
>
>How is it that we put man on the moon before we figured out it would be a good idea to put wheels on luggage?
>
>Why is it that people say they "slept like a baby" when babies wake up every two hours?
|
|
|
|
| PAM Problems |
|
Posted by: xDamox - 2005-03-25, 05:10 PM - Forum: Remote Access
- Replies (6)
|
|
Hi,
I was wanting to setup SSH so that users SSHing into my machine would be in a chroot. well
I notice PAM supports this feature so heres what I did:
first I added a user to the machine called test I issued the following command:
Once I added my user I when to the /etc/security/chroot.conf and added the following:
Once that was done I when to /etc/pam.d and edited the SSHD file and added the following:
Code: session required pam_chroot.so
Now that I did that I edited sshd_config to use pam and also set UsePrivilegeSeparation value
to no. now that was done I did:
Code: service sshd restart
and when I did ssh -l test localhost I logged into test and was able to cd /
the security logs show the following info:
Code: Mar 25 15:56:07 localhost sshd[6432]: Failed gssapi-with-mic for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:07 localhost sshd[6432]: Failed gssapi-with-mic for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:10 localhost sshd[6432]: Accepted password for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:10 localhost pam_chroot[6433]: /home/test is writable by non-root
any ideas?
|
|
|
|
|
![[Image: shot03.png]](http://linuser.net/andreas/shot03.png)
