Category Archives: Security

mesg: cannot change mode

如果profile里加了mesg n 这句话,在使用su – 的时候会得到mesg: cannot change mode的提示,这是因为su – 的用户不能改变登陆用户的mesg的mode,事实上不影响tty或者terminal的状况,所以可以忽略

Solaris security tips

1           acct (Accounting)

Solaris Accounting can record each command.

  • To turn on (Solairs 10):
ln -s /etc/init.d/acct /etc/rc2.d/S20acct
/etc/rc2.d/S20acct

 

  • Default process accounting file is /var/adm/pacct and /var/adm/acct
  • To use different path, try:

/usr/lib/acct/accton path/file

  • To see the accounting:

lastcomm [username]

I’ll check and update later for details.

See also:

http://space.itpub.net/228190/viewspace-681680 solaris10开启account功能

http://solaris.tophk.net/security/security_start_point.html Solaris日誌介紹

2           Authentication log

Authlog record authentication information

  • To turn on

if [ ! “`grep -v ‘^#’ /etc/syslog.conf | \

grep /var/log/authlog`” ]; then

echo -e “auth.info\t\t\t/var/log/authlog” \

>>/etc/syslog.conf

fi

logadm -w authlog -C 13 -a ‘pkill -HUP syslogd’ \

/var/log/authlog

  • To check

cat /var/log/authlog

3           Prevent directly ssh by remote for some users

Can use DenyUsers and DenyGroups in the /etc/ssh/sshd_config, see ‘man sshd_config’

4           Lock/Prevent user-lock by unsuccessful login attempts

  • Lock account after maximum login attempts
  1. Setup RETRIES in /etc/default/login to 3 (or number you want)
  2. Setup LOCK_AFTER_RETRIES=YES in /etc/security/policy.conf
  • Prevent unnecessary user-lock by unsuccessful login attempts (for example, we setup the user can’t be login directly by ssh in the section 3)

Modify the /etc/user_attr file to add “lock_after_retries=no” property to the account you want to change, just like:

gmb::::type=normal;roles=secadm;lock_after_retries=yes

If there is no the line for your account, create a new line:

gmb::::lock_after_retries=no

See also:

https://blogs.oracle.com/gbrunett/entry/solaris_10_account_lockout_three Solaris 10 Account Lockout (“Three Strikes!”)