Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Modifying SSH to Capture Login Credentials from Attackers

From: Gichuki John Chuksjonia <chuksjonia () gmail com>
Date: Wed, 30 Sep 2009 06:54:48 +0300
Thank you for this my.hndl. There are some issues i have been having
and seems your methodology may work on Fedora and others OSs.

Thankx

./Chuks

On 9/30/09, maxigas <maxigas () anargeek net> wrote:

From: "bodik () civ zcu cz" <bodik () civ zcu cz>
Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials
from Attackers
Date: Wed, 30 Sep 2009 00:03:51 +0200


All standard users have read access to /var/log/auth, so if root


they shouldn't, at least on my default debian they don't ...


On my default Ubuntu, users in "adm" group have reac access to the
authentication log file:

me@machine: ls -l /var/log/auth.log
-rw-r----- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log

--
×× maxigas
// villanypásztor / kiberpunk / web shepherd //

-= Important communication disclaimer: by replying to my emails you are
disclaiming all your disclaimers. =-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
-- 
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosigmer () inbox com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: