Server stuff….otherwise knows as server admin tasks….can take a lot of time. And for those of us who wear many hats, managing our web server is just one of the many things we have to do. So let’s take a look at our logs.
I was noticing strange entries in logwatch, so I decided to tackle a few. I’ve put the results below in hopes that they can save someone else a bit of time.
——————— Automount Begin ————————
lookup_read_master: lookup(nisplus): couldn’t locate nis+ table auto.master: 1 Time(s)
– edit /etc/auto.master
– comment out +auto.master
——————— Named Begin ————————
client 184.108.40.206 query (cache) ‘ns1.themotiongroup.tv/AAAA/IN’ denied: 10 Time(s)
client 220.127.116.11 query (cache) ‘ns2.themotiongroup.tv/AAAA/IN’ denied: 10 Time(s)
client 18.104.22.168 query (cache) ‘ns1.themotiongroup.tv/AAAA/IN’ denied: 9 Time(s)
…and a ton more of these
– edit /etc/resolv.conf
– add Google’s nameservers at the top of your file:
——————— Named Begin ————————
network unreachable resolving ‘22.214.171.124.in-addr.arpa/PTR/IN’: 2001:13c7:7002:3000::11#53: 1 Time(s)
network unreachable resolving ‘126.96.36.199.in-addr.arpa/PTR/IN’: 2001:43f8:110::10#53: 1 Time(s)
network unreachable resolving ‘188.8.131.52.in-addr.arpa/PTR/IN’: 2001:500:13::c7d4:35#53: 1 Time(s)
… and tons more
– edit /etc/sysconfig/named
– add the following:
This will cause the BIND server to only resolve or use IPV4 and disable IPV6 support. Save the file and restart BIND server.
——————— pam_unix Begin ————————
root (184.108.40.206): 440 Time(s)
…and many more
Getting lot’s of authentication errors? Most likely people who have too much time on their hands and want to hack your server.
Here’s a couple of things I did:
disable root user login
1. Add a new user. The following example, I added the user admin. I’d pick something more unique, as it will help prevent illegal logins. No…I’m not telling you what name I used 😉
[root@root ~]# adduser admin
[root@root ~]# id admin
uid=10018(admin) gid=10018(admin) groups=10018(admin)
[root@root ~]# ls -lad /home/admin/
drwx—— 2 admin admin 4096 Jun 25 16:01 /home/admin/
2. Set the password for the admin user. When prompted, type and then retype the password.
[root@root ~]# passwd admin
Changing password for user admin.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
3. SSH to the server with the new admin user and ensure that the login works. Want to make sure you can still login before we disallow the root user.
[root@root ~]#ssh email@example.com
4. Verify that you can su (switch user) to root with the admin user.
[admin@admin ~]$ su –
[root@root ~]$ whoami
5. Edit /etc/ssh/sshd_config with your favorite text editor. On a Mac? simply login to your server using Transmit. (be sure to use the new username and not root.)
[root@root ~]# vi /etc/ssh/sshd_config
Change this line:
6. Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.
[root@root ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
7. Trying logging in again as root user. If it doesn’t work…you’ve succeeded.
From now on, connect to your server via ssh with the admin (or the creative name you came up with) user and then use the command su to switch to the root user.
helpful tip: If you’re using a Mac, create an AppleScript that you store in the User Script Folder that logs you in as the ssh user, and then switches you to the root user. In fact, I have written AppleScripts for most Linux command lines that I use on a regular basis. Login. Restart Apache. Restart Plesk…and many more. A great time saver!