This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow ssh for user other than loginuser

How can I allow ssh for user other than loginuser?

I have check the usual suspects to see how loginuser is allowed.
/etc/ssh/sshd_config
/etc/pam.d/sshd
/etc/security/

I cant find what trick allows loginuser to ssh.

I need to allow another user account for my Tripwire Enterprise server to login to get snapshots of the iptables rules.

I already have a command that works, I just need to allow my newly created user to ssh in

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 10 years ago

Thought about it for a minutes and have a potential solution:

In WebAdmin, go to Logging & Reporting>>Log Settings>>Remote Log File Archives. Have the raw logs archived to some share on your network that the TWE has access to. You'll want to parse the configuration daemon (confd) logs.

It won't give you all existing rules, but you can parse for changes. See the following log snippet generated by creating and enabling a new firewall rule:

2014:05:16-21:50:43 demo01 confd[28874]: I Role::authenticate:146() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" call="new"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:536() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="packetfilter->rules" value="['REF_PacPacCitriIcaFrom']" oldvalue="[]" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:652() => id="310a" severity="info" sys="System" sub="confd" name="object created" class="packetfilter" type="packetfilter" ref="REF_PacPacCitriIcaFrom" objname="Citrix ICA from Internal (Network) to RED DNS Forward Host" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874"
2014:05:16-21:52:24 demo01 confd[4196]: I main::cleanup_changelog:964() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 9 from changelog"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:749() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" version="11" storage="/cfg"
2014:05:16-21:52:29 demo01 confd[4196]: I main::top-level:652() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="packetfilter" type="packetfilter" ref="REF_PacPacCitriIcaFrom" objname="Citrix ICA from Internal (Network) to RED DNS Forward Host" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" attr_status="1" oldattr_status="0"
2014:05:16-21:52:29 demo01 confd[4196]: I main::top-level:749() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" version="12" storage="/cfg"

For a report that'll have existing firewall rules, see Support>>Printable Configuration in WebAdmin.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1

Reply

0 Scott_Klassen over 10 years ago

2014:05:16-21:50:43 demo01 confd[28874]: I Role::authenticate:146() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" call="new"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:536() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="packetfilter->rules" value="['REF_PacPacCitriIcaFrom']" oldvalue="[]" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:652() => id="310a" severity="info" sys="System" sub="confd" name="object created" class="packetfilter" type="packetfilter" ref="REF_PacPacCitriIcaFrom" objname="Citrix ICA from Internal (Network) to RED DNS Forward Host" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874"
2014:05:16-21:52:24 demo01 confd[4196]: I main::cleanup_changelog:964() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 9 from changelog"
2014:05:16-21:52:24 demo01 confd[4196]: I main::top-level:749() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" version="11" storage="/cfg"
2014:05:16-21:52:29 demo01 confd[4196]: I main::top-level:652() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="packetfilter" type="packetfilter" ref="REF_PacPacCitriIcaFrom" objname="Citrix ICA from Internal (Network) to RED DNS Forward Host" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" attr_status="1" oldattr_status="0"
2014:05:16-21:52:29 demo01 confd[4196]: I main::top-level:749() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="admin" srcip="70.194.96.5" sid="QPBAHmikEFzQVckYInSk" facility="webadmin" client="webadmin.plx" pid="28874" version="12" storage="/cfg"

For a report that'll have existing firewall rules, see Support>>Printable Configuration in WebAdmin.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1

Children

No Data