sshd possible breakin attempt messages
Hello all, I guess one of the banes of our existance as Sys Admins is that people are always pounding away at our systems trying to break in. Lately, I have been getting hit with several hundred of the messages below per dayin my security report output... gilmer.org login failures: Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5 11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! I am running FreeBSD 5.4 RELEASE, and right now this box is not a production machine, but I am going to be taking it live fairly soon. Questions: 1) Is there anything I should be doing to thwart this particular attack? 2) Given that I am on 5.4, should I upgrade my sshd or do anything else at this point to make sure my machine is as secure as possible? 3) (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I am in the best possible security situation going forward? Should I wait until 6.1 for bug fixes (generally I am opposed to n.0 anything). Thanks Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS nslint error messages
Thanks Chuck and Gorgios for all your help. I was able to resolve all of my problems with BIND and nslint. For the archives, I am running FreeBSD 5.4 RELEASE on an IBM 330 e-series server. I was getting numerous error messages when running nslint. The biggest problems were: 1) I have never configured BIND before, so this is all new stuff to me. Numerous errors from being a newbie in this area. 2) The FreeBSD distribution of BIND leaves some critical things out in the default installation (to be fair, maybe they are left out of all BIND9 installations - but maybe the FreeBSD community can do better than the original!). For example, there is no note in the /etc/namedb/named.conf file that you should add a 'localhost' zone. I am sure I will never forget this now that I have spent the better part of a week figuring it out, but it would be helpful if the sample named.conf included it. 3) The IPv6 stuff is turned on in named.conf by default, but I am not using IPv6 at all. So it never occurred to me that complaints from nslint such as... nslint: missing a: localhost.org. - 0.0.0.1 were being generated because of a bogus error in the default file /etc/namedb/master/host-v6.rev. In frustration I finally did a grep for 0.0.0.1, and there it was in this file. I fixed it by commenting out the IPv6 stuff in /etc/namedb/named.conf. 4) For other newbies, be aware that localhost. and localhost.EXAMPLE.COM are two different things. In my system I specifically point both of them to 127.0.0.1, which results in this complaint from nslint... nslint: 127.0.0.1 in use by localhost.EXAMPLE.COM. and localhost. but it seems that this error is okay. nslint is just telling you that you have two things pointing to the same IP address. 5) One more newbie comment - be sure to check /var/log/messages for errors. nslint does not catch everything. If you are pounding away making numerous changes, you can quickly check for log error messages by entering... # rndc reload This will cause BIND to re-read the zone files. 6) And one last thing - be sure to increment the serial number on the zone files to ensure that the new data is loaded. Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS nslint error messages
I am running freebsd 5.4-STABLE on an IBM e-series 330 server. I have recently started playing with DNS and have been largely successful. However, nslint reports the following errors: nslint: missing a: localhost. - 127.0.0.1 nslint: missing a: localhost.org. - 0.0.0.1 If I add the line: localhost. IN A 127.0.0.1 to my zone file, the first nslint error message goes away, but I then see the following message in my /var/log/messages file upon named startup: Jan 30 18:58:55 gilmer named[15485]: master/gilmer.org:16: ignoring out-of-zone data (localhost) So which is correct? Should I insert the A record in the zone file and ignore the nslint message, or should I leave it out and ignore the named message? Is there something else improperly configured on my system? What about the second nslint message above? Why am I getting a complaint about 0.0.0.1? My /etc/namedb/master/gilmer.org file looks like this: $TTL3600 gilmer.org. IN SOA ns1.gilmer.org. admin.gilmer.org. ( 20060126; Serial 3600; Refresh 900 ; Retry 360 ; Expire 3600 ) ; Minimum ;DNS Servers @ IN NS @ ; Machine Names localhost. IN A127.0.0.1 ns1 IN A69.46.128.60 @ IN A69.46.128.60 ;Aliases mailIN CNAME@ www IN CNAME@ ; MX Record @ IN MX 10@ (Yes, I know this configuration is a little strange, but right now, I am using one server to do everything until I get the hang of DNS.) My /etc/namedb/master/localhost.rev file looks like this: ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $ ; ; This file is automatically edited by the `make-localhost' script in ; the /etc/namedb directory. ; $TTL3600 @ IN SOA ns1.gilmer.org. admin.gilmer.org. ( 20060126; Serial 3600; Refresh 900 ; Retry 360 ; Expire 3600 ) ; Minimum IN NS ns1.gilmer.org. 1 IN PTR localhost. Thanks for the help. Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
unable to build ntp
Help please. I am running 6.0-RELEASE, and am trying to build ntp. Process fails during ./configure with the following results: # cd /usr/src/contrib/ntp # ./configure --snip--- configure: creating ./config.status config.status: creating Makefile config.status: creating ElectricFence/Makefile config.status: error: cannot find input file: ElectricFence/Makefile.in Interestingly, I get the same results using a 4.5 machine. I note that in the /usr/src/contrib/ntp/FREBSD-upgrade file, it states in part, For the import of NTP the following files were removed: ElectricFence/* so it makes sense that ElectricFence is not there, but how do I get rid of the error? Background: I have the following entry in my crontab: 7 0-23 * * * /usr/sbin/ntpdate -s pool.ntp.org /dev/null In the old days, ntpdate would only send root an email if it could not find a server. Now I get emails every time the cron runs, even though I am dumping STDOUT to /dev/null. Problem is code in 6.0 directs server found messages to STDERR, while 4.5 code did not contain this. I want to recompile with the server found messages directed to STDOUT. Thanks in advance, Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
