1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Watchdog2 Event?

Discussion in 'Plesk for Linux - 8.x and Older' started by chaoszwerg, Apr 2, 2006.

  1. chaoszwerg

    chaoszwerg Guest

    0
     
    hi,

    i get the follwoing message from watchdog2:

    [01:02:39] WARNING, found: /dev/.udevdb (directory) /etc/.java (directory)
    [01:02:41] Warning: root login possible. Change for your safety the 'PermitRootLogin'
    [01:02:41] Warning: SSH version 1 possible allowed!


    how can i resolve these warnings, are they critical?

    thx
    oli
     
  2. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    login with SSH
    go to /etc/ssh/
    edit sshd_config
    find the line "Protocol 2" make sure it doesn't have "1" in it
    find the line "PermitRootLogin no" make sure it read "no"

    save the changes. BEFORE you restart SSH make sure you have a user you can login with and from which you can change to root

    type: adduser NAME
    type: passwd NAME

    RESTART ssh (type: service sshd restart)
     
  3. chaoszwerg

    chaoszwerg Guest

    0
     
    hi eilko,

    thanks for the quick answer.

    how critical is the root login ?

    what kind of user i need to change to root?
     
  4. Cranky

    Cranky Guest

    0
     
    If your password is very cryptic it's unlikely to be a problem. The suggestion of blocking root access is to make it more difficult for people (or usually scripts) from guessing your login credentials and gaining root access to your server. A cryptic root password coupled with brute-force blocking is secure enough IMHO.
     
  5. chaoszwerg

    chaoszwerg Guest

    0
     
    hi,

    ok my root password is: adminpassword

    is this secure enough???

    :) no joking!

    where can a find the option for brute-force blocking?
     
  6. ZopfWare

    ZopfWare Regular Pleskian

    25
    57%
    Joined:
    May 30, 2004
    Messages:
    215
    Likes Received:
    0
    Ohmigod! that's my root password too!

    lol

    I have been dealing with a number of brute force attempts on several of my servers and would also be interested in the "brute force checking" described in the previous post.
     
  7. Hultenius

    Hultenius Guest

    0
     
    I would recommend R-fx Networks Brute Force Detection (BFD).
    BFD works quite easy, searching the logs and counts failed logins.
    However, it does the work...

    http://www.rfxnetworks.com/bfd.php
     
  8. phatPhrog

    phatPhrog Guest

    0
     
    ART

    I'd recommend ARTs (atomicrocketturtle.com) ASL which installs a grsec kernel, and also install ARTs mod_security and mod_dosevasive as an added and most needed layer of protection after your initial upgrade with the grsecurity kernel.

    Although R-fx Networks Brute Force Detection (BFD) works, it's a bit tedious and to some hard to configure on certain servers.

    peedle....- if that is really your password you're in trouble already. :confused:
     
  9. ZopfWare

    ZopfWare Regular Pleskian

    25
    57%
    Joined:
    May 30, 2004
    Messages:
    215
    Likes Received:
    0
    I downloaded BFD and installed it...but it doesn't seem to do anything... I have personally reviewed the logs and KNOW that Brute force login attempts are being made, however it looks like BFD isn't doing anything.


    I dont get any errors, and I have looked at the conf file for BFD and it looks like it is set up to access the right log files, however I'm unable to determine if it is actually doing anyting...


    Got any further suggestions?
     
  10. phatPhrog

    phatPhrog Guest

    0
     
    You'd be better served by asking the guys at

    http://www.rfxnetworks.com/

    Trust me, unless you have those apps setup for your server you'll have problems.

    NOT that you are having problems. BFD isn't going to report brute force unless it happens, so unless you have a test app to test it, then and again, you should join the forums at rfxnetworks and ask.
     
  11. WebDork

    WebDork Guest

    0
     
    I got the following warning too:

    /etc/.java

    If you then go down enough dirs and eventually there are two empty files.

    drwxr-xr-x 2 root root 4.0K May 9 17:42 .
    drwxr-xr-x 3 root root 4.0K May 9 17:42 ..
    -rw-r--r-- 1 root root 0 May 9 17:42 .system.lock
    -rw-r--r-- 1 root root 0 May 9 17:42 .systemRootModFile

    Is this indeed a problem ?
     
  12. modom

    modom Guest

    0
     
    Hi,

    There was a post on wht about the .java folder with the empty files.

    I was told you can leave it or remove it so I removed it on my server.

    I am getting this also but may be because when CentOS 3.6 updated it goes to CentOS 3.7:

    "Warning: This operating system is not fully supported! "
     
  13. [GC]Neo

    [GC]Neo Guest

    0
     
    you know, set firewall to block ALL IP's minus Those with permission to access root.

    It's useful to have multiple IP's in case you're own IP Changes.

    and if the data-center is good enough to of given you a hardware firewall, then u only need to give em a call to lift the block or change ur IP access.
     
Loading...