Hi, when I try "yum update", it gives these dependency error messages. What should I do?
Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * extras: mi.mirror.garr.it * BlueOnyx: bb-one.blueonyx.it * updates: mi.mirror.garr.it * base: mi.mirror.garr.it * addons: mi.mirror.garr.it * Solarspeed.net: blueonyx.solarspeed.net Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package apr.i386 0:1.2.7-11.el5_3.1 set to be updated ---> Package base-network-locale-de_DE.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-network-glue.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-vsite-locale-ja.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-power-capstone.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package base-network-capstone.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-network-locale-ja.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-power-glue.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package base-vsite-locale-de_DE.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-console-glue.noarch 0:1.1.0-0BX09 set to be updated ---> Package base-console-locale-de_DE.noarch 0:1.1.0-0BX09 set to be updated ---> Package base-network-ui.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-swupdate-ui.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package base-swupdate-locale-de_DE.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package subversion.i386 0:1.4.2-4.el5_3.1 set to be updated ---> Package base-ssl-locale-de_DE.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package proftpd.i386 0:1.3.2a-1BX3 set to be updated ---> Package sausalito-cce-server.i386 0:0.80.4-1BQ44.centos5 set to be updated ---> Package base-ssl-capstone.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package base-vsite-locale-en.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-swupdate-locale-da_DK.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package base-console-locale-en.noarch 0:1.1.0-0BX09 set to be updated ---> Package base-console-locale-ja.noarch 0:1.1.0-0BX09 set to be updated ---> Package libxml2.i386 0:2.6.26-2.1.2.8 set to be updated ---> Package base-vsite-glue.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-ssl-ui.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package apr-util.i386 0:1.2.7-7.el5_3.2 set to be updated ---> Package base-power-locale-ja.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package base-ssl-locale-da_DK.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package base-swupdate-capstone.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package pam.i386 0:0.99.6.2-5BX01.centos5 set to be updated ---> Package base-power-locale-de_DE.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package base-swupdate-locale-ja.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package base-vsite-ui.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-vsite-locale-da_DK.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-power-locale-en.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package sausalito-cce-client.i386 0:0.80.4-1BQ44.centos5 set to be updated ---> Package libxml2-python.i386 0:2.6.26-2.1.2.8 set to be updated ---> Package base-ssl-glue.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package base-power-ui.noarch 0:1.1.0-65BQ15.centos5 set to be updated ---> Package base-vsite-capstone.noarch 0:3.0-132BQ55.centos5 set to be updated ---> Package base-ssl-locale-en.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package base-network-locale-en.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-swupdate-locale-en.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package base-console-locale-da_DK.noarch 0:1.1.0-0BX09 set to be updated ---> Package base-swupdate-glue.noarch 0:1.2.0-1BQ15.centos5 set to be updated ---> Package base-network-locale-da_DK.noarch 0:1.1.0-82BQ27.centos5 set to be updated ---> Package base-console-capstone.noarch 0:1.1.0-0BX09 set to be updated ---> Package base-ssl-locale-ja.noarch 0:1.1.0-68BQ13.centos5 set to be updated ---> Package base-console-ui.noarch 0:1.1.0-0BX09 set to be updated ---> Package mod_dav_svn.i386 0:1.4.2-4.el5_3.1 set to be updated ---> Package base-power-locale-da_DK.noarch 0:1.1.0-65BQ15.centos5 set to be updated --> Processing Dependency: /lib/security/pam_loginuid.so for package: openssh-server --> Finished Dependency Resolution openssh-server-4.3p2-29.el5.i386 from installed has depsolving problems --> Missing Dependency: /lib/security/pam_loginuid.so is needed by package openssh-server-4.3p2-29.el5.i386 (installed) Error: Missing Dependency: /lib/security/pam_loginuid.so is needed by package openssh-server-4.3p2-29.el5.i386 (installed) On Mon, Aug 10, 2009 at 1:09 PM, Michael Stauber <[email protected]>wrote: > Hi all, > > Tired about those brute force login attempts against your server(s)? > > Well, this time we did something against it and extended BlueOnyx with a > default mechanism which detects and blocks those attempts. > > Don't worry, it will not conflict with any existing install of APF+BFD, > Dfix, > DenyHosts or similar custom tool that you have aboard, as it uses entirely > different methods. Firewalling offending IPs off is still the best > approach, > but our implementation is quicker upon detecting brute force login attempts > and has less overhead. > > Now this update is somewhat extensive, so this somewhat longer than usual > message walks you through all need to knows. > > The HTML version of this message can be found here: > > > http://www.blueonyx.it/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=37&cntnt01origid=15&cntnt01returnid=54 > > --- > > The following updates for BlueOnyx were released today and are now > available > through YUM: > > ========== > Package > ========== > > Updating: > base-console-capstone > base-console-glue > base-console-locale-da_DK > base-console-locale-de_DE > base-console-locale-en > base-console-locale-ja > base-console-ui > base-network-capstone > base-network-glue > base-network-locale-da_DK > base-network-locale-de_DE > base-network-locale-en > base-network-locale-ja > base-network-ui > pam > proftpd > sausalito-cce-client > sausalito-cce-server > > Transaction Summary > ============================ > Install 0 Package(s) > Update 18 Package(s) > Remove 0 Package(s) > > > These package addresses the following issues: > > base-console, pam and sausalito-cce-server: > ================================ > > Feature update: This updates accomplish a few things in one go. Most > importantly it extends BlueOnyx with a basic (but effective) brute force > password discovery attacks protection trough the implentation of pam_abl. > > General explanation: > ------------------------- > > pam_abl provides auto blacklisting of hosts and (optionally!) users > responsible for repeated failed authentication attempts. > > Brute force password discovery attacks involve repeated attempts to > authenticate against a service using a dictionary of common passwords. > While > it is desirable to enforce strong passwords for users this is not always > possible and in cases where a weak password has been used brute force > attacks > can be effective. > > The pam_abl module monitors failed authentication attempts and > automatically > blacklists those hosts (and optionally also accounts) that are responsible > for > a configureable numbers of failed attempts. Once a host is blacklisted it > is > guaranteed to fail authentication even if the correct credentials are > provided. > > Blacklisting is triggered when the number of failed authentication attempts > in > a particular period of time exceeds a predefined limit. Hosts which stop > attempting to authenticate will - after a period of time - be > un-blacklisted > automatically. > > Detailed explanation: > -------------------------- > > Our implementation of pam_abl protects pretty much any network service that > uses the pluggable authentication mechanism (PAM). On BlueOnyx that > includes > SSH, Telnet, FTP, SMTP-Auth, POP3, IMAP and so on. pam_abl records failed > logins into a temporary database, which is purged periodically. During such > purges old entries with no frequent activity are expired. If someone > exceeds a > certain (configurable) amount of failed logins, then anyone from the > offending > IP will be unable to authenticate - even if they try a valid username and > password combination. > > Please note: pam_abl is not a firewall. It just ties into the autentication > mechanism that all services use and blocks on that level. So if you already > have some brute force detection mechanism, then this update will not > conflict > with it. > > The most visible aspects of this new update are the two new GUI pages under > "Server Manegement" / "Security". They are called "Failed Logins" and > "Login > Manager". > > "Login Manager" allows you to configure the settings of pam_abl. Like how > long > entries without recent activity remain in the database before they are > purged > from it. And more importantly: How many failed authentication attempts > trigger > a lock out of the offending host or (optionally) user. Generally you should > only block hosts - this is the default. > > The "Failed Logins" page shows a list of hosts that had failed password > attempts. It also shows how many failed login attempts they had, if they > are > currently blocked, or if they (still - or again) are able to login. Like > said: > Bans are temporary and expire after one hour of no further activity from > that > host. > > That page also shows you a list of usernames that were used during the > failed > login attempts. > > And of course the page allows you to reset all host and/or user bans. > > Built in safeguards: > ----------------------- > > Of course any mechanism to restrict access to the server has the potentical > to > backfire. Users could lock themselves out because they repeatedly login > with > the wrong username and/or password. However, we set reasonable defaults, so > this should be a rare event. Of course you can change the default values > through the GUI, or could disable the automatic temporary blocking in > general. > > At the worst you could lock yourself out, too. So we built in a few > safeguards > which allow you to do something about that - even if you locked yourself > out. > > Safeguard #1: Regardless if pam_abl has your IP address blocked or not, you > will always be able to login to the GUI interface with the servers admin > account. From there you can use the buttons on the "Failed Logins" page to > reset all blocks - or just the one involving your IP. > > Safeguard #2: If the server is rebooted, the pam_abl database and all > blocks > are reset. > > Safeguard #3: If you still have acces to the command line of the server > (from > another IP or from a "root" session that is still open), then simply run > "/etc/init.d/pam_abl stop" to manually initiate a flush of the pam_abl > database. > > Command line usage: > -------------------------- > > The following new commands allow you to receive a bit more information > about > pam_abl on the command line: > > /etc/init.d/pam_abl > > Options: start|stop|status|purge > > start or stop: Flush the databases, delete all blocks and erase the failed > login history. > > status: Shows detailed information about all recorded events - including > date > and time stamps. > > purge: Allows to manually expire events from the database which are older > than > the defined record keeping settings. > > /usr/bin/pam_abl > > Command line tool of pam_abl. Run it with the -h switch to see all > available > options. > > > > ProFTPd: > ======= > > This update brings ProFTPd to the latest version. Additionally we had to > modify the autehtication mechanisms of ProFTP a little to make it work with > pam_abl. Unfortunately this breaks ProFTPd's built in support for > authentication against LDAP or MySQL. But as those aren't used by default > on > BlueOnyx we considered that acceptable. > > Our new ProFTPd also has the custom module mod_ban now compiled in by > default. > > The mod_ban module is designed to add dynamic "ban" lists to proftpd. A ban > prevents the banned user, host, or class from logging in to the server; it > does not prevent the banned user, host, or class from connecting to the > server. mod_ban is not a firewall. The module also provides automatic bans > that are triggered based on configurable criteria. > > Beyond the protection that pam_abl already provides, mod_ban adds another > layer of security that can be finely tuned. > > To edit the mod_ban settings see /etc/proftpd.conf > > Caveats: > ----------- > > This ProFTPd update is potentially troublesome, because we had to rewrite > sections of /etc/proftpd.conf in order to make things happen. > > The most straightforward way to do this was to simply replace the existing > /etc/proftpd.conf with a new one and then simply add the required > VirtualHost > containers back with the help of the script > /usr/sausalito/sbin/fixproftpd_conf.pl. > > If you manually made any changes to your ProFTPd configuration, those will > unfortunately get lost during the upgrade. However, a copy of your old > proftpd.conf will be kept as /etc/proftpd.conf.pre-1.3.2a > > > > base-network: > =========== > > The GUI page from which you can configure your servers host- and domain > name, > DNS and network related settings had issues when you had more than two > network > cards. > > These bugs then prevented you from saving the changes. > > That problem has been fixed. > > > -- > With best regards > > Michael Stauber > > _______________________________________________ > Blueonyx mailing list > [email protected] > http://www.blueonyx.it/mailman/listinfo/blueonyx >
_______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
