riseringseeker

Actually they have a selection of distributions to choose from, their home-rolled RH based Emperor, Fedora, RHEL, Suse, Debian, Ubuntu, and they list Mandrake 10.1. In my latest exchange with them they said: So, Mandrake/Mandriva was/is on hard times? Fedora was not so solid not so long ago? Having only ever used Mdv, and played (very little) with a live Knoppix CD, I am not sure, but am leaning toward having Fedora, and maybe Ubuntu (though I am not a fan of the gnome desktop - for me Kubuntu might be much better) installed. One good thing is I won't be stuck with Vista, though I can have XP on it if I wish, which I just may.

I am seriously looking at Emperorlinux T60 Thinkpads. They show that Mandrake 10.1 is available as an optional install. I asked whether they were *really* using a 2+ year old version, and was told that page was out of date (by 2 years!!!?) and Fedora was STRONGLY recommended over Mandrake if I wanted to stick with an RPM based distribution. Comments?

I have a HP ze4911us that works fine with Mdv, or I should say did, when it booted. Now it does not power up at all, the power cord/supply seems to still work, and the only thing I get at all is the battery charging light come on when I hit the on switch, nothing else. I have/had Mdv2007 installed on it and the only thing that never worked was the win-modem, which I never expected anyway. The wireless was a little bit of a pain (an PCI LinkSys), but got that straightened out in short order. Given the above, I find myself in the market for a new laptop (of course if anyone has any suggestions about a quick cheap fix for the 4911, I am all ears). I am looking to spend somewhere in the $1000-$1500 range, but can and will go more. I need a laptop with a fairly large HD (I have a 40GB on the HP, which got tight fast), wireless connectivity is an absolute requirement, and bluetooth would be very nice (I have a dongle, but built-in and working would be better - less to lose.) Weight is definately a consideration, as I literally will drag this all around the world (thinking in the < 6 lbs range - as light as possible). DVD burning would also be a major plus, but not an absolute requirement. Another nice thing would be a video out and/or in port, but again, not a requirement. If the 56K modem also worked I would be surprised, but happy. I've been happy overall with the HP, and it's size (14.1 inch monitor) works well. If there is a HP that will fit the bill that's great, but am not married to the brand. If anyone can give me some ideas on what I can currently purchase in the US fitting the above, I would be grateful.

rc.local was indeed running, and after several pleas for help from the denyhosts mailing list, the author told me to modify the configuration script with: os.environ['HOSTNAME'] = "your_HOSTNAME_goes_here" after line #33 It now starts on boot. Thanks to all for trying to help! I do appreciate being part of a community so generous with their time and knowledge.

Well I am at last home. I tried modifying rc.local as above, and various variations thereof. Each and every time it rebooted, denyhosts was not running. I also modified "dodenyhosts" and "error.txt" was created, but it was just an empty file (which I assume means there were no errors) Just as an experiment, with denyhosts stopped, I ran rc.local from a command line as a normal script. Lo and behold, denyhosts was running afterward, which leads me to believe that rc.local is not running at boot up. Is there any way I can determine this for certain, and/or change something to make it run at start, assuming it really is not? Oh, just found one more thing. #service -s does not show denyhosts is running, even when it is. Curiouser and curiouser.

Thanks for the suggestions so far. I have decided I will wait until I can be in front of the computer that denyhosts resides on before making further changes. I left home Nov 15, and hope to be back Dec 11th or 12th.

No need for a screenshot, just try this: # netstat > /home/<your_user_name>/netstat_output Then it will just be a text file named netstat_output in your home directory.

Sorry I hadn't gotten back to you, I've been rather busy, and not where I could easily do what you suggested. I edited /etc/rc.d/rc.local and put in the following line: /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg This works just fine from a command line to start denyhosts in daemon mode, but it did not seem to help when I put it in rc.local. When I reboot (and recall I am doing this all a long way from the desktop at home), it still gives me a status message that denyhosts is not running after a boot. I have tried to play with the above line to no avail. It still refuses to come up on boot. Since it works on a command line, it should work in rc.local, no? rc.local I assume runs the scripts with root priveldges, doesn't it?

[user@localhost ~]$ su Password: [root@localhost]# updatedb 0 [root@localhost]# locate edonkey Try that.

I have gotten denyhosts to run for me, and have switched to the daemon mode to reduce the load of running it, it also runs more often that way, and allows to sync my bad guys with a large list of others. The problem I have now is that it refuses to start during boot. First, let me say I have done this all remotely, and cannot see the computer during the boot up for now, not until I get home. (I am running Mandriva 2007, denyhosts 2.5, and python 2.4.) What I have done thus far: I copied the control-daemon file to init.d folder: # cp /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts then ran chkconfig # chkconfig --add denyhosts I can start it, stop it, restart it, and get the status of it using "service" # service denyhosts There have been files written/copied by chkconfig for every runlevel in these directories: /etc/rc.d/init.d/denyhosts /etc/rc.d/rc0.d/K02denyhosts /etc/rc.d/rc1.d/K02denyhosts /etc/rc.d/rc2.d/S98denyhosts /etc/rc.d/rc3.d/S98denyhosts /etc/rc.d/rc4.d/S98denyhosts /etc/rc.d/rc5.d/S98denyhosts /etc/rc.d/rc6.d/K02denyhosts Yet when I reboot and query the status, it says denyhosts is not running. Looking in Madriva Control Center (MCC), it knows the process exists, and shows it should start on boot, but it also shows stopped. What am I missing? [moved from Software by spinynorman]

Of course, I can still choose Secure Shell, just change what it points to as the port. I have tried 9022 as the inbound port, and/or the "private" port (I am not sure what that means) with sshd having the same value, and am unable to log in with it set like that. I also don't understand why there are two choices for each. I am leaving in 2 1/2 hours and will be on an airplane or in an airport for 27 hours after that, and won't be home for 25 days, for until I get back, it'll have to stay pointed at port 22. I don't dare make the change when I am 10,000 miles from home, or I fear I won't be able to get back on at all.

Yes, that changes the ssh server, and I have done that, but it is the configuration of the router in conjunction with changing the server port that seems to be frustrating me. Scroll back up and you can see the configuration window I have to work with for the router. I have tried XXXX in pretty much any combination of the fields the port number would go into (where XXXX = the same port sshd is set to), and still I cannot log in.

I thought I would let everyone know that I am fairly confident that my server was not compromised (but am going through the log files daily anyway - just to be sure). I was also finally able to install and get denyhosts running. None of the RPMs available from here would work for me, even after installing libpython2.4-devel, which I found looking through the mailing list, is required. I then tried the tarball again, and since I had install the required library, it worked! I was not able to get it to run as per instructions however. I had to put this in crontab: 0,10,20,30,40,50 * * * * python /usr/bin/denyhosts.py --daemon -c /usr/share/denyhosts/denyhosts.cfg Since I did that, it is running just fine, and my /etc/hosts.deny is steadily growing. The only continuing problems I have is not getting auto-emails from the system (I must need to tweak something to be able to let the program(s) trying to send emails to my gmail account to get out.), and figuring out how to configure the router and server to use a port other than 22. So, it's still a little bit of a work in progress. Thank you all for your help - it is much appreciated.

Going to be now but its exactly like a file.... you just name a directoriy instead of the file you want to symlink... I found that symlinking was not what I needed to do after looking through the denyhosts mailing list, but instead just install without dependencies (after installing the python development libraries) rpm --install --nodeps DenyHosts-2.5-python2.4.noarch.rpm That got me much further, but when I run the install I get another error. # python setup.py install running install running build running build_py error: package directory 'DenyHosts' does not exist Still digging in the mailing list on denyhosts to figure that one out, and if I can't find out how to do it there, will start a new thread under installation about how to get it running.

I have been trying to run a different port, and when I setup a different one I can't get on the desktop from the laptop. I think it has to do with the router setup. This is what it defaults to when setting up a ssh server: I have, of course set sshd_config to a different port, but am not sure how I should set up the above. Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.

Check... what? I have had to soft link files before, but if you could lead me through how to symlink a directory I would appreciate it. I assume the link has to be in /usr/lib/python2.4 folder? Is there a handy way to find symlinks, whether all of them, or what is linked to something?

You could post the outputs here, and I could take a look through them. OK, here's netstat -a, usernames and domains edited, otherwise a cut and paste. ps aux

Thanks, Tyme. Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual. Apparently I am going to have to ask for help in installing denyhosts though. I keep being told it needs python 2.4 (my system shows 2.4.3), or, in the case of the tarball, says:

Reinstall? The entire system, or just ssh server? I seem to get merely scores. Most of them from India, China, Korea, etc. This is the first I have noted from within the US. I have not (yet) seen dictionary attacks, but have instead seen attacks with a long list of names tried in largely alphabetical order. I would guess that they just loaded a list from a "baby names" book into the script they are running, so with a long enough list, and user names that are real peoples names, they will eventually hit one of them - not that I have many users, this is after just my home system with very few users anyway. I have some user names in "allow", and several entries in "deny". If I understand this correctly, being not listed in "allow", or specifically listed in "deny" will not let any other user name in, so in a way, it's a double protection. It is. Tis set up here with a 2048 rsa key. At the moment, I still have password entry allowed, but that is for the benefit of the one "test user", a friend who has already helped with tightening security here. I plan on turning that off prior to leaving for my next trip so without a rsa public key, should not be able to get on at all. Got a range I should pick from? I will give that a try. It also occurs to me that perhaps I should turn off pinging. I have not posted a user name that I am aware of. Also, the first part of my domain is not "localhost" for that matter. That would be a major pain, but might be worth instigating.

I posted here before asking for help in determining whether or not I was having security breechs. I was told (off the board) that the entries I was concerned about was not a big deal. OK, I know I am a little paranoid, but am new to being open to ssh connections from the `net, and being paranoid doesn't mean their not really after you! Alright, I use MCC to set up the ssh server, and had specifically set it to not allow root logins. Yesterday, was double checking how I had it set up and to my surprise I found that root login somehow changed to "Yes - with password". OK, changed it back and also put "root" in deny users file. Today, checked again, and the file had been changed to allow root login - yes. I also have line after line of this type of entry: Nov 8 05:48:05 localhost sshd[16874]: Connection from 208.67.248.222 port 47297 Nov 8 05:48:05 localhost sshd[16874]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT! Nov 8 05:48:05 localhost sshd[16874]: User root from 208.67.248.222 not allowed because listed in DenyUsers Nov 8 05:48:05 localhost sshd[16874]: error: Could not get shadow information for NOUSER Nov 8 05:48:05 localhost sshd[16874]: Failed password for invalid user root from 208.67.248.222 port 47297 ssh2 Nov 8 05:48:05 localhost sshd[16874]: Excess permission or bad ownership on file /var/log/btmp Nov 8 05:48:06 localhost sshd[16876]: Connection from 208.67.248.222 port 47363 Nov 8 05:48:06 localhost sshd[16876]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT! Nov 8 05:48:06 localhost sshd[16876]: User root from 208.67.248.222 not allowed because listed in DenyUsers So, should I be worried, and/or what, if anything should I do? I have security set to "high", and only have port 22 open to the `net. I know one of the things I should do is put ssh to some oddball port, but other than that?

Not a problem. I have been told by a source I trust that nothing in the file looked overly suspicious to him, and he probed the ports that were open on my system with nmap, and saw nothing out of the ordinary. nmap <IP_address> So I am marking this one solved. though I still need to figure out why my system is unable to send mail to alert me to problems.

It works both locally, and over the internet for listed users. Being on the local network I have not been able log in using the domain name, or the "real" IP address, but a friend who also uses Linux, and for whom I have setup an account has been able to connet from various places. My concern isn't that it isn't working, but that it is not secure enough to keep the bad guys out. Correct. I'll look at the link you provided when I get back from running errands, thanks Have an "authorized_keys2" on the laptop, and am not interested in accessing the home computer from elsewhere, though I do have a usb jump drive in case that ever is needed.

OK, found those, not sure how to set to keep logs viewable in mcc any longer than they are, but at least that is one concern down! Now that I think of it, I do have it set to send e-mail in the event of evil things happening to my system. I guess I need to change e-mail addresses which it sends to, or figure out how to get that one to work. Yes, it's running, out put at the moment is: My intention is to be able to ssh (from the CLI, or using putty) into my system from where ever, and be able to print from my roaming laptop to the printer at home. Also of course, have the ability to surf the web, print locally and d/l from the desktop. (The machine the logs above are from)

I recently have setup a ssh server that I will/am/should be able to access from anywhere in the world (I travel a lot! I also got a domain name from https://www.dyndns.com/ to be able to follow my dynamic IP. Since I have done so I have seen quite a few attempts to log in from various parts of the world Pakistan, India, China, Korea. Until yesterday I believed the attempts to be unsuccessful. Looking at the logs yesterday and today though makes me wonder if I need to do something else to keep hackers off my computer. Todays logs are much like yesterdays, with the exception noted at the bottom of the list. Another concern is that is as far back as I can view - logs prior to 11/05 are not there at all! I don't know if that is because the files were dropped normally as part of keeping them a reasonable size, or if it's something more nefarious. clipped from todays logs (I was not on the system at all during this period of time): The odd thing about yesterdays logs were numerous entries like this: Any ideas anyone?

I never had any real success with smart in 2006, but will try it again now that I have 2007 going. Several things don't seem to work as well for me in 2007 as they did in 2006, maybe this will be the exception. Adding smart now....