How to secure access to OpenManage Webtools

Byron byron_28_98 at yahoo.com
Wed Jun 6 16:21:49 CDT 2007


Hi,

I have a question on how best to secure access to the
Open Manage web page.

I have installed OM5.2.0 on CentOS5 (Final) 32bits and
we are using RSYSLOG to log messages.

OM 5.2.0 does seem to log a failed login to
/var/log/secure (See below), but it fails to mention
WHAT ip was the culprit :(


Jun  6 21:46:49 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:46:49 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:46:49 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user admin
Jun  6 21:55:37 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:55:37 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:55:37 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user asd
Jun  6 21:55:45 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:55:45 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:55:45 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user asdasd
Jun  6 21:55:52 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:55:52 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:55:52 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user ddd
Jun  6 21:55:59 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:55:59 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:55:59 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user jfjfj
Jun  6 21:56:06 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 21:56:06 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 21:56:06 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user jh
Jun  6 22:00:29 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): check pass; user unknown
Jun  6 22:00:29 servername dsm_om_connsvc32d:
pam_unix(omauth:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun  6 22:00:29 servername dsm_om_connsvc32d:
pam_succeed_if(omauth:auth): error retrieving
information about user wer
Jun  6 22:08:05 servername vsftpd:
pam_unix(vsftpd:auth): authentication failure;
logname= uid=0 euid=0 tty=ftp ruser=username
rhost=192.168.0.100  user=username

The last message is from VSFTP, where you can see how
the offending IP is logged.

Does anyone have any idea why OM5.2.0 doesn't log the
IP that is trying to hack into it?

My goal is to autoban the offending IP with a tool
called FAIL2BAN, which checks the logfiles for errors.

If there are other (better?) ways to secure access to
Open Manage, I'd love to hear them!

Thanks in advance!

Byron


 
____________________________________________________________________________________
TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/



More information about the Linux-PowerEdge mailing list