Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How many...
Special Forums Cybersecurity How many... Post 5391 by LivinFree on Tuesday 14th of August 2001 04:50:20 AM
Old 08-14-2001
How many...
How many of these folks posting on here (newbies - trying to get their first Unix-like box online) do you think have taken the time to learn the ins-and-outs of tcp_wrappers, or inetd, or even simple init-scripts? Maybe I'm overreacting here, but since I've spent my time on "the other side of the wall" with security, that really concerns me.

I think new readers should check out this simple wake-up call, and at least learn how to turn off all services - turn them on again when you know what to do with them.
http://machineofthemonth.org/articles/a71/index.html
A poster recently touched upon the honeynet project - remote root access within 15 minutes on a default Redhat install (sure, it was 6.2, but 7.x isn't all that different).

How can we get word out about this without sounding like preachers? I would just hate to see someone's great new Unix-experiance muddled with the bitter taste of a cracking attack.

Any ideas?

-LivinFree
 

LEARN ABOUT REDHAT

sserver

SSERVER(8)						      System Manager's Manual							SSERVER(8)

NAME

       sserver - sample Kerberos version 5 server

SYNOPSIS

       sserver [ -p port ] [ -S keytab ] [ server_port ]

DESCRIPTION

       sserver and sclient are a simple demonstration client/server application.  When sclient connects to sserver, it performs a Kerberos authen-
       tication, and then sserver returns to sclient the Kerberos principal which was used for the Kerberos authentication.  It makes a good  test
       that Kerberos has been successfully installed on a machine.

       The  service  name  used  by sserver and sclient is sample.  Hence, sserver will require that there be a keytab entry for the service "sam-
       ple/hostname.domain.name@REALM.NAME".  This keytab is generated using the kadmin(8) program.  The  keytab  file	is  usually  installed	as
       "/etc/krb5.keytab".

       The -S option allows for a different keytab than the default.

       sserver is normally invoked out of inetd(8), using a line in /etc/inetd.conf that looks like this:

       sample  stream  tcp     nowait  root /usr/kerberos/sbin/sserver	sserver

       Since sample is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this:

       sample	       13135/tcp

       When  using  sclient,  you will first have to have an entry in the Kerberos database, by using kadmin(8), and then you have to get Kerberos
       tickets, by using kinit(8).  Also, if you are running the sclient program on a different host than the sserver it will be connecting to, be
       sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files.

       When you run sclient you should see something like this:

       sendauth succeeded, reply is:
       reply len 32, contents:
       You are nlgilman@JIMI.MIT.EDU

COMMON ERROR MESSAGES

       1)  kinit returns the error:

       kinit: Client not found in Kerberos database while getting initial credentials

       This means that you didn't create an entry for your username in the Kerberos database.

       2)  sclient returns the error:

       unknown service sample/tcp; check /etc/services

       This means that you don't have an entry in /etc/services for the sample tcp port.

       3)  sclient returns the error:

       connect: Connection refused

       This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf.

       4)  sclient returns the error:

       sclient: Server not found in Kerberos database while using sendauth

       This  means that the "sample/hostname@LOCAL.REALM" service was not defined in the Kerberos database; it should be created using kadmin, and
       a keytab file needs to be generated to make the key for that service principal available for ssclient.

       5)  sclient returns the error:

       sendauth rejected, error reply is:
	       " No such file or directory"

       This probably means sserver couldn't find the keytab file.  It was probably not installed in the proper directory.

SEE ALSO

       sclient(1), services(5), inetd(8)

																	SSERVER(8)
All times are GMT -4. The time now is 05:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy