Hi,
I have CVSNT installed on my Linux machine and sometimes the server goes down with the following error in /var/log/messages. Does anyone know the approach that need to followed to investigate to resolve the same. If so , please let me know.
Nov 23 05:57:43 <server ip> cvsnt(pam_unix)[6631]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:01:04 <server ip> cvsnt(pam_unix)[6652]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:01:39 <server ip> cvsnt(pam_unix)[6654]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:01:56 <server ip> cvsnt(pam_unix)[6656]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:02:06 <server ip> cvsnt(pam_unix)[6658]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:03:09 <server ip> cvsnt(pam_unix)[6660]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Nov 23 06:03:19 <server ip> cvsnt(pam_unix)[6663]: authentication failure; log name= uid=0 euid=0 tty= ruser= rhost= user=d
Thanks,
Sandy
otheus
December 15, 2008, 8:45am
2
A google of CVSNT indicates this is a version of CVS for NT. How is this related to PAM, I don't understand. What is CVSNT and why is it using PAM?
Post the contents of /etc/pam.d/cvsnt (or whatever).
cat /etc/pam.d/cvsnt
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
otheus
December 16, 2008, 3:29am
4
That looks normal.
But I still don't know what cvsnt is or why it needs authentication.
So if CVSNT has a port open to the world, it could be someone or something is connecting to that port, then hanging up. Or perhaps there's an application program that is invoked, but the program is interrupted and no user-info supplied.
What is CVSNT for?
CVSNT is the concurrent versioning system that we are using using on this server.
otheus
December 16, 2008, 4:31am
6
So here's what you need to do:
Identify which ports CVSNT has open to the world[/b]
Use IPTABLES or /etc/hosts.deny to make sure those ports are only open to those IPs that need this versioning system[/b]
Make sure your system's users all have strong passwords (look for JTR - john the ripper)[/b]
If all that's okay, then this is probably nothing to worry about.
Can you please guide me to accomplish this...i am really new to this. I would really appreciate your help
otheus
December 16, 2008, 4:44am
8
Where to start.... buy a book on UNIX / Linux system administration?