Re: Pam access.conf and host access

• Previous message: Michael H. Warfield: "Re: RPM aware rootkits?"
• In reply to: Shane Hickey: "Pam access.conf and host access"
• Next in thread: Ajai Khattri: "Re: Pam access.conf and host access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Shane Hickey <shane@howsyournetwork.com>
To: Shane Hickey <shane@howsyournetwork.com>
Date: 19 Feb 2002 17:22:34 -0700

Ack... It was just a matter of a missing trailimg dot. I incorrectly
thought that the last "." was only used as a sort of wildcard.

So, it should have been

-:ALL:ALL EXCEPT LOCAL 10.10.0.1.

Thanks to all who responded. Not one person called me an idiot, even
though I prolly deserved it.

Thanks,

shane

On Tue, 2002-02-19 at 10:22, Shane Hickey wrote:
> Hmm.. I'm seeing something weird with the pam-0.75-19 RedHat rpm. I'm
> restricting ssh access to a box using the following for my
> /etc/security/access.conf
>
> -:ALL:ALL EXCEPT LOCAL 10.10.0.1
>
> When I try to ssh in from that IP, I get the following in the logs.
>
> Feb 19 10:04:11 test1 sshd[1774]: PAM rejected by account
> configuration[6]: Permission denied
> Feb 19 10:04:11 test1 sshd[1774]: Failed password for ROOT from
> 10.10.0.1 port 34741 ssh2
>
> However, if I change my access.conf to look like this..
>
> -ALL:ALL EXCEPT LOCAL 10.10.0.
>
> I can log in fine. It's almost like there is a weird bug or something
> that is failing to match a single complete IP in access.conf?
>
> Has anyone else seen this, or am I crazy (or doing something wrong)?
>
> Thanks,
>
> Shane Hickey
>

-- 
Shane Hickey
Network/System Consultant
Howsyournetwork.com
406.240.6675

• Previous message: Michael H. Warfield: "Re: RPM aware rootkits?"
• In reply to: Shane Hickey: "Pam access.conf and host access"
• Next in thread: Ajai Khattri: "Re: Pam access.conf and host access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Online Shared Observation Logs??? ... Sort of like a astronomy blog of logs? ... There are almost certainly some offline observation logging tools around that will generate some html for you to upload to a website, ... (sci.astro) RE: Unusual port scan? ... are you able to tell us via your logs what sort of timing there was between ... does the log dump shown here show all of the instances of this port ... being hit by this intruder? ... I am thinking this might be some sort of DOS or attempted DOS attack on your ... (Incidents) Re: BSDstats Project v2.0 ... ... the logs will be set to /dev/null ... ... setup bsdstats.org as a more 'neutral' site ... ... emails to the NetBSD, OpenBSD *and* DragonFlyBSD camps, and the only one that answered back with any sort of interest was the DF-BSD camp, and I have some mods to add to v3.0 to satisfy Matt's requirements to have it actually put into their base operating system ... ... he just wants some sort of 'connectivity check' put in place .... ... (freebsd-questions) Re: FREE SYSADMIN SEARCH TOOL ... Splunk does not throw your logs into one file, ... Some logs are placed in databases or in some sort of archives. ... The log entry wich do care are saved in a email format. ... (linux.redhat) Pam access.conf and host access ... Hmm.. ... I'm seeing something weird with the pam-0.75-19 RedHat rpm. ... restricting ssh access to a box using the following for my ... When I try to ssh in from that IP, I get the following in the logs. ... (Focus-Linux)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint