search for: authpriv

...I wouldn't know what I'm doing, but I'm guessing that during user key signature verification (RSA), the server is potentially getting confused about which RSA signing occurred on one side (perhaps mixing up ssh-rsa and rsa-sha256-512)? The relevant error in sshd log with context is: [authpriv.debug] sshd: debug3: mm_request_send: entering, type 23 [authpriv.debug] sshd: debug3: mm_sshkey_verify: entering [preauth] [authpriv.debug] sshd: debug3: mm_request_send: entering, type 24 [preauth] [authpriv.debug] sshd: debug3: mm_sshkey_verify: waitin...

...close_fds r 4 w 5 e 6 c -1 Connection to aixserver01 closed by remote host. Connection to aixserver01 closed. Transferred: sent 1648, received 1544 bytes, in 0.0 seconds Bytes per second: sent 105932.7, received 99247.6 debug1: Exit status -1 On the server aixserver01: Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: temporarily_use_uid: 150302/100513 (e=0/0) Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: trying public key file /home/users/robertobouza/.ssh/authorized_keys Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: restore_uid: 0/0 Dec 3 11...

Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1) and ftpd(8) send messages...

...462 : conn=0x7f1b380c4630 2014-02-06 10:25:05.423+00001182: debug : virUnrefConnect:145 : unref connection 0x7f1b380c4630 1 2014-02-06 10:25:05.423+00001182: debug : virReleaseConnect:94 : release connection 0x7f1b380c4630 ====== end of log ===== 7.) custom.log Feb 6 19:25:05 jp7-rk90000 [authpriv.notice] sudo: zabbix : TTY=unknown ; PWD=/etc/zabbix/sender_scripts/compute ; USER=root ; COMMAND=/usr/bin/virsh domifstat i-8-114-VM Interf ace Feb 6 19:25:05 jp7-rk90000 [authpriv.err] sudo: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open...

...it:success = mkdir rmdir read pread write pwrite rename unlink full_audit:facility = local5 full_audit:priority = notice The following in /etc/rsyslog.d/00-samba-audit.conf local5.notice /var/log/samba/audit.log & ~ and the following in /etc/rsyslog.d/50-default.conf *.*;auth,authpriv.none -/var/log/syslog *.*;local5,auth,authpriv.none -/var/log/syslog local5.notice /var/log/samba/audit.log The samba service and rsyslog have been restarted multiple times Thank you, Rob

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp #================================================# If I un-comment ForceCommand internal-sftp, syslog no longer logs activity from internal-sftp. I have the <CHROOT_DIR>/dev/log setup with my syslog, and a...

..., I would expect it to only log into /var/log/dovecot.log. Can someone suggest why this happens and help me stop logging dovecot messages in /var/log/messages ? Could it be because the following directive (in syslog.conf) does not capture dovecot messages to exclude them? *.info;mail.none;authpriv.none;cron.none /var/log/messages Could I use something like (in syslog.conf): *.info;mail.none;authpriv.none;cron.none;dovecot.none /var/log/messages to capture dovecot messages and *exclude* them from /var/log/messages ? I am not sure if syslog understands...

...ervice=imap lip=NN.NN.NN.NN rip=NNN.NN.NNN.NN lport=143 mail.info; dovecot: auth-worker(default): pam(XXXXXXXXXXXX,NNN.NN.NNN.NN): lookup service=imap kern.alert; kernel: grsec: From NN.NN.NN.NN: denied resource overstep by requesting 134242304 for RLIMIT_AS against limit 134217728 for /us authpriv.err; dovecot-auth: PAM unable to dlopen(/lib/security/pam_unix.so) authpriv.err; dovecot-auth: PAM [error: /lib/security/pam_unix.so: failed to map segment from shared object: Cannot allocate memory] authpriv.err; dovecot-auth: PAM adding faulty module: /lib/security/pam_unix.so mail.err; dovecot:...

In dealing with an unrelated issue I came across this in rsyslog.conf. # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron Why is there a &...

...shd:session): session closed for user test-sftp-only Notice that there are no "opendir" or "closedir" messages for the chrooted user, or anything else from the internal-sftp system, for that matter. /etc/sshd_config contains these settings: Subsystem sftp internal-sftp -f AUTHPRIV -l INFO Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key We've been setting up chrooted logging using this sequence: sudo mkdir...

...c/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # TIM stuff *.*;local7.debug;loc...

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno -- ,,,, /'^'\ ( o o...

...e other problem i have is that: it now seems that ipmon is logging to /var/log/messages. i've set up ipfilter successfully on many freebsd 4x boxes, but this is the first time i've tried to set it up on 5x. in my /etc/syslog.conf i have local0.* /var/log/firewall_logs *.notice;local0.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages am i missing some things that i should be doing to set up ipfilter on 5x-RELEASE? on 4x-RELEASE, i've set up ipfilter successfully, following the procedures outlined at schlacter.net to set up ipfilter. i'm basically following...

...Privacy Passphrase: NutScan at Password43LongerWord Authentication protocol: MD5 (only option other than none) Privacy Protocol: DES (only option other than none) In access control I've enabled user nut. However, when I try to use nut-scanner on it: $ nut-scanner -S -s apcups --secLevel authPriv --secName nut --authProtocol MD5 --authPassword NutScan at Password43LongerWord --privProtocol DES --privPassword NutScan at Password43LongerWord Scanning SNMP bus. Error: unknown authtypeError generating Ku from authentication pass phrase snmpwalk gives a different error: $ snmpwalk -v 3 -u nut a...

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten the test server working. Unfortunately, the production server already has that setting, so it's back to eliminating differences. Jeff On Mon, Sep 14, 2015 at 6:32 PM, J...

Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling

nut-2.6.5 Scientific Linux 6.3 APC AP9630 management card My basic question is, does nut's SNMPv3 implementation work? I have this in /etc/ups/ups.conf ...... [tfapc01] driver = snmp-ups port = tfapc01.testfest.ixorg.org mibs = apcc snmp_version = v3 secLevel = authPriv secName = tfsnmpprof1 authPassword = ralow6moHet7zoboP8 privPassword = tuseL8Pakaz9degim7 authProtocol=MD5 privProtocol=AES desc = "APC SU700 SNMP v3 device, with the highest security level" ...... Now I test /sbin/snmp-ups -DDD -a tfapc01 Network UPS Tools - Generic SNMP UPS drive...

....mfr: APC device.model: SMART-UPS 1400 device.serial: WS9831004667 device.type: ups driver.name: snmp-ups driver.parameter.authProtocol: MD5 driver.parameter.mibs: apcc driver.parameter.pollinterval: 2 driver.parameter.port: 192.5.37.191 driver.parameter.privProtocol: DES driver.parameter.secLevel: authPriv driver.parameter.synchronous: no driver.version: 2.7.4 driver.version.data: apcc MIB 1.2 driver.version.internal: 0.97 input.frequency: 60.00 input.sensitivity: high input.transfer.high: 132 input.transfer.low: 103 input.transfer.reason: selfTest input.voltage: 120.90 input.voltage.maximum: 122.20...

...late PerHostNewsNotice,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice" + +$template PerHostDebug,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug" +$template PerHostMessages,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages" + +auth,authpriv.* ?PerHostAuth +*.*;auth,authpriv.none -?PerHostSyslog +cron.* ?PerHostCron +daemon.* -?PerHostDaemon +kern.* -?PerHostKern +mail.* -?PerHostMail +user.* -?PerHostUser + +mail.info -?PerHostMai...

...ther *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +caioa.calarts.edu*.* /var/log/caioa.log <------- this is the line I need help with security.* /var/log/security auth.info;authpriv.info /var/...