johndmiller wrote: > I am starting to get into securing things on my box. I have RH 7.0 and > applied the security patches for the RH site. I have purchased the book > Linux Security Tools. The first chapter talks about pam in the last part > of the first chapter. My question is, when do I know when pam is being > used for authentication and when is it not. I log in to my machine from > work using telnet. Would pam be used for that or some other service. AAAAAAHHHHHH. NO NO NO NO NO NO. Say it ain't so. SAY IT AIN'T SO. You should switch to OpenSSH emediately. IP's are spoofed very easily and telnet sends your password in cleartext - No cracking involved. Switch to OpenSSH and change all you passwords. > Second question: > I am getting messages like : > portmap[9271] connect from 202.105.205.141 to dump(): request from > unauthorized host > > portmap[?] connct from 200.221.96.88 to getport(status) request from > unauthoriezed host Probably people scanning IP blocks and looking for telnet daemons. > > > What are these unauthorized people trying to do? They may be trying to hack you connection. > I have in my hosts.deny all:all and hosts.allow the only two ip that I > would log in from. Like I said, IP's are spoofed very very easily. Authentication by IP is not enough. If you really want to be secure install OpenSSH and generate your public/private key pairs. Put the public key on your computer at home and set up some automatic logins. No password involved. Oddly enough it's more secure than passwords. Much easier than telnet and very secure. My $0.02 sim