2019년 11월 5일 화요일
2019년 10월 13일 일요일
HP-UX Access is denied by the AUTH_MAXTRIES attribute in security(4).
No Trusted System 인데 계정이 잠길 경우
-syslog 에
Oct 14 14:06:30 ap1 login: 91 authentication failures on account "user"
Oct 14 14:06:32 ap1 login: 92 authentication failures on account "user"
Oct 14 14:06:34 ap1 login: 93 authentication failures on account "user"
Oct 14 14:06:36 ap1 login: 94 authentication failures on account "user"
Oct 14 14:06:37 ap1 login: 95 authentication failures on account "user"
Oct 14 14:06:40 ap1 login: 96 authentication failures on account "user"
발생
- 메세지 발생
# su - user
Password:
Access is denied by the AUTH_MAXTRIES attribute in security(4).
su: Sorry
- 조치 방법
# userdbset -d -u user auth_failures
-syslog 에
Oct 14 14:06:30 ap1 login: 91 authentication failures on account "user"
Oct 14 14:06:32 ap1 login: 92 authentication failures on account "user"
Oct 14 14:06:34 ap1 login: 93 authentication failures on account "user"
Oct 14 14:06:36 ap1 login: 94 authentication failures on account "user"
Oct 14 14:06:37 ap1 login: 95 authentication failures on account "user"
Oct 14 14:06:40 ap1 login: 96 authentication failures on account "user"
발생
- 메세지 발생
# su - user
Password:
Access is denied by the AUTH_MAXTRIES attribute in security(4).
su: Sorry
- 조치 방법
# userdbset -d -u user auth_failures
2019년 10월 1일 화요일
MS-SQL Error 15023 조치 방법
exec sp_change_users_login 'UPDATE_ONE', 'user', 'user'
GO
2019년 9월 23일 월요일
HP-UX 시스템 SSH, TELNET, FTP 접근 통제
#> cp /usr/newconfig/var/adm/inetd.sec /var/adm/inetd.sec
#> vi /etc/inetd.conf
ssh stream tcp6 nowait root /opt/ssh/sbin/sshd sshd -i
#> vi /etc/services
ssh 22/tcp #ssh
ssh 22/udp #ssh
#> vi /var/adm/inetd.sec
ssh allow x.x.x.x
telnet allow 1.2.3.4 1.2.4.*
ftp allow 11.13.171.205 52.11.171.211-212
#> vi /etc/rc.config.d/sshd
SSHD_START=0
#> /sbin/init.d/secsh stop
#> inetd -C
#> vi /etc/inetd.conf
ssh stream tcp6 nowait root /opt/ssh/sbin/sshd sshd -i
#> vi /etc/services
ssh 22/tcp #ssh
ssh 22/udp #ssh
#> vi /var/adm/inetd.sec
ssh allow x.x.x.x
telnet allow 1.2.3.4 1.2.4.*
ftp allow 11.13.171.205 52.11.171.211-212
#> vi /etc/rc.config.d/sshd
SSHD_START=0
#> /sbin/init.d/secsh stop
#> inetd -C
2019년 9월 5일 목요일
RDServer 에 EDB 설정 방법
RDServer 5.0 에 EDB 연결 시 설정 방법
RDServer/bin/rdservice.ini 파일 내용 중
param01=.\rdserver.jar;.\rdmaster.jar;..\lib\oracle\classes12.jar;..\lib\j2ee.jar;..\lib\edb\edb-jdbc15.jar;
위 'param01' 끝에 내용 추가 후"..\lib\edb\edb-jdbc15.jar;" 추가
RDServer/lib 폴더에 edb 폴더 생성 후 edb-jdbc15.jar 복사
다른 신규 Driver 도 같은 방식으로 추가 함
- db.properties 내용 -
edb.url=jdbc:edb://ip:port/dbname
edb.user=id
edb.password=password
edb.maxconn=30
edb.charset=EUC_KR
edb.driver=com.edb.Driver
edb.timeout=60
RDServer/bin/rdservice.ini 파일 내용 중
param01=.\rdserver.jar;.\rdmaster.jar;..\lib\oracle\classes12.jar;..\lib\j2ee.jar;..\lib\edb\edb-jdbc15.jar;
위 'param01' 끝에 내용 추가 후"..\lib\edb\edb-jdbc15.jar;" 추가
RDServer/lib 폴더에 edb 폴더 생성 후 edb-jdbc15.jar 복사
다른 신규 Driver 도 같은 방식으로 추가 함
- db.properties 내용 -
edb.url=jdbc:edb://ip:port/dbname
edb.user=id
edb.password=password
edb.maxconn=30
edb.charset=EUC_KR
edb.driver=com.edb.Driver
edb.timeout=60
2019년 9월 4일 수요일
linux 계정 잠금 지정(system-auth, password-auth)
vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so deny=5 onerr=fail unlock_time=600
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_tally2.so no_magic_root reset
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
vi /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so deny=5 unlock_time=1200
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_tally2.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so deny=5 onerr=fail unlock_time=600
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_tally2.so no_magic_root reset
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
vi /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so deny=5 unlock_time=1200
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_tally2.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
피드 구독하기:
덧글 (Atom)