Archive for the tag 'Access'

SBDavid

How do i access cpanel webmail logs

How do i access cpanel webmail logs

If you would like to access webmail logs to see who accessed a certian webmail accounts.

The following log file could be searched to help locate specific access log entries from webmail.

/usr/local/cpanel/logs/access_log

Or use the following.

grep -in username /usr/local/cpanel/logs/access_log

Replace username with the webmail user.

From the grep man pages.

-i, –ignore-case
Ignore case distinctions in both the PATTERN and the input files. (-i is specified by POSIX.)

-n, –line-number
Prefix each line of output with the 1-based line number within its input file. (-n is specified by POSIX.)

There are some trojans that scan networks for services on ports from 31337 to 31340.

Since there are no legitimate services that communicate via these non-standard ports, blocking it can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.

iptables -A OUTPUT -o eth0 -p tcp –dport 31337 –sport 31337 -j DROP
iptables -A FORWARD -o eth0 -p tcp –dport 31337 –sport 31337 -j DROP

You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN. For example, if your LAN uses the 192.168.1.0/24 range, a rule can set the Internet facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range. Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.

iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP

The REJECT target denies access and returns a connection refused error to users who attempt to connect to the service. The DROP target, as the name implies, drops the packet without any warning.

SBDavid

Limiting Root Access

Limiting Root Access

Rather than completely deny access to the root user, the administrator may want to allow ac-cess only via setuid programs, such as su or sudo.

Upon typing the su command, the user is prompted for the root password and, after authentica-tion, is given a root shell prompt.

:~$ su
Password:
root@laptop:#

Once logged in via the su command, the user is the root user and has absolute administrative access to the system. In addition, once a user has become root, it is possible for them to use the su command to change to any other user on the system without being prompted for a password.

Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.

One of the simplest ways to do this is to add users to the special administrative group called wheel. To do this, type the following command as root:

usermod -G wheel username

In the previous command, replace with the username you want to add to the wheel group.

You can also try using the command prompt for this, type the command system-config-users at a shell prompt.

Select the Users tab, select the user from the user list, and click Properties from the button menu (or choose File => Properties from the pull-down menu).

Then select the Groups tab and click on the wheel group.

Next, open the PAM configuration file for su (/etc/pam.d/su) in a text editor and remove the comment # from the following line:

auth required /lib/security/$ISA/pam_wheel.so use_uid

Doing this permits only members of the administrative group wheel to use the program.

Module access control for users in Webmin

Once a user has been given access to the module, you can limit him to just mounting or un-mounted selected filesystems by following these steps :

In the Webmin Users module, click on Disk and Network Filesystems next to the user’s name to bring up the access control form.

Change the Can edit module configuration? field to No to stop him from configuring the module to use a different fstab file or mount commands.

In the Filesystems that can be edited field, select Under listed directories and enter a list of mount points into the adjacent text box.

For example, you might enter /mnt/floppy /mnt/cdrom. It is also possible to enter a directory like /mnt to allow access to all filesystems under it.

Change the Can add new filesystems? field to No.

Change the Only allow mounting and unmounting? field to Yes, so that the user cannot actually edit filesystem details.

Hit the Save button to activate the new restrictions.

For more please visit - http://doxfer.com/Webmin/DiskAndNetworkFilesystems

After logging into Webmin, I get the error message - You do not have access to any Webmin modules.

Follow these steps to fix it:

Login to your server via telnet or at the console as root.

Edit the file

/etc/webmin/webmin.acl

and make sure the line starting with root: or admin: (depending on which you use to login to Webmin) exists and looks like :

admin: acl

Login to Webmin again, and go into the Webmin Users module, which will be the only one you have access to.

Click on your username in the list, grant yourself access to all the modules, and click Save.

« Prev - Next »