[lug] sending log files to another machine

Mon Jan 10 16:35:13 MST 2000

Walter Pienciak wrote

>
> But, winrip, as for your perhaps-deserved paranoia . . . you do use
> ssh and tripwire, yes?
>
> Walter
>

Well ssh is in the works, it's downloaded and ready to install I'm just
looking at the documentation to figure it all out. Ftp and httpd are the only
services I allow in. Tripwire, that's a whole other story. With Redhat 5.1
-5.2 it wasn't a problem, however with 6.1 and the latest version of tripwire,
all I get are segfaults. I haven't quite figured out why yet. So to answer,
yes the system is insecure once you get in.

Gary, as for rsync and the like, I was under the impression, only use r
commands if your system isn't connected to anything outside of your location
and even then it's a bad idea, from a security stand point anyway.

I really hadn't thought of ftp, I guess I could login to the remote as a non
priv. user so files can't be deleted. hmmm...   Thanks

Walter thanks for the snippet. an area I am going to pursue.

Michael, thanks, I may use this as a fail over, a sort of backup for the
backup.

If anyone is interested, here's the fake telnet daemon I run. It was
originally in SysAdmin Jan 2000. Modified lightly so it would run under RH6.1:

#include <signal.h>
#include <sys/types.h>
#include <sys/resource.h>
#include <sys/param.h>
#include <sys/fcntl.h>
#include <sys/termios.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <varargs.h>
#include <netdb.h>
#include <syslog.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>

extern int  errno;

// globals

//Arguments used

main (argc, argv)
   int argc;
   char **argv;
   {
   int i;
   char tbuf [1500];
   char username [1500];
   char *password;
   int char_val =-1;
   int non_white_space_flag = 0;
   int index = 0;
   sigset_t mask;
   struct sigaction signal_vector;

    openlog ("telnet_plugin", LOG_PID | LOG_ODELAY, LOG_DAEMON);

//Signal Handling

  if (sigemptyset (&mask) == -1) {
  perror ("sigemptyset FAILED");
  exit (1);
  }

  if ((sigaddset (&mask, SIGINT)) == -1 || (sigaddset (&mask, SIGQUIT)) == -1
|| (sigaddset (&mask, SIGSTOP)) == -1) {
   perror ("sigaddset FAILED");
   exit (1);
   }

  if (sighold (SIGINT) == -1) {
   perror ("sigaction FAILED FOR SIGINT");
   exit(1);
   }
  if (sighold (SIGQUIT) == -1){
   perror ("sigaction FAILED FOR SIGQUIT");
   exit(1);
   }
  if (sighold (SIGSTOP) == -1) {
   perror ("sigaction FAILED FOR SIGSTOP");
   exit (1);
   }

  fprintf(stderr, "RedHat Linux 6.1 (cartman)\n2.2.12-20smp on i686\n\n\n");

  //assume we're invoked by inetd

    for (i=0; i<5; i++)
    {
    do
    {
      non_white_space_flag = 0;
      index=0;
      char_val =-1;

      fprintf(stderr, "login: ");
      while (char_val != 10)
       {
         char_val = getc (stdin);
          if ((char_val !=32) && (char_val != 10))
                    {non_white_space_flag = 1;}
          if (char_val !=10) {username[index++] = (char) char_val;}

       }
       username[index] ='\0';
       }
      while (non_white_space_flag ==0);
      fprintf(stderr, "Password: ");
      password = getpass("");
      sleep (4);
      fprintf(stderr, "Login incorrect");
      syslog(LOG_ALERT, "Someone tried to access telnet port using
\nusername:%s and password:%s", username, password);
      fprintf (stderr,"\n");
      }
      }