Results 1 to 8 of 8
Discuss Remote Desktop Security at the OSX Security - Hackint0sh.org; Hello, I have an issue with my OSX machine. I have consistently locked down the ...
  1. #1
    Newbie Array

    Join Date
    Jun 2009
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Remote Desktop Security

    Hello,

    I have an issue with my OSX machine. I have consistently locked down the remote desktop sharing preferences only to have the lock come undone after casual usage.

    Now I realize I could be paranoid, however, I have also run root kits to try and find any issues, and they say that my remote login is enabled.

    Where are the logs for this? Is there any way I can know who is remotely logging into my machine?

    The computer I am on was supplied by an employer who refused to provide the root password and installer disks with the machine.

    I am convinced that there is a security breach.

    What can I do.



  2. #2
    Newbie Array

    Join Date
    Jul 2007
    Posts
    9
    Post Thanks / Like
    Downloads
    1
    Uploads
    0
    Rep Power
    0

    Default

    I have also run root kits to try and find any issues
    Explain this? ^

    Anyhow, Things to try: Edit sudoers file. Disable/enable root user and set your preferences (lock remote desktop) from there. Now a bit more invasive; boot single user, use .SetupDone to make admin user if needed. All logs can be viewed via the console. If the remote-sharing box is unchecked chances are your ok. Install outbound/inbound firwalls or sentry. ipnetsentry is boss. Yea. That should do it.

    -Digitol-

  3. #3
    Newbie Array

    Join Date
    Jun 2009
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by digitol View Post
    Explain this? ^

    Anyhow, Things to try: Edit sudoers file. Disable/enable root user and set your preferences (lock remote desktop) from there. Now a bit more invasive; boot single user, use .SetupDone to make admin user if needed. All logs can be viewed via the console. If the remote-sharing box is unchecked chances are your ok. Install outbound/inbound firwalls or sentry. ipnetsentry is boss. Yea. That should do it.

    -Digitol-
    Sorry...

    it should have read... "I have also run root kit detectors. to try and find any issues "

    In any event... I have downloaded and installed Fyling Butress. Man I was amazed at how often Google down in California felt the need to ping me...

    I will look into ipsentry. I have looked into the sudoers file as well but I couldn;t really make sense of it and will have to look into it again.

    What I am really interested in is figuring out where the "Login" or "Remote access log is".

    I am systematically trying to find all the possible entry points to the system and I have recently discovered you can even grant remote access with LDAP which I am not even sure if a firewall would block. Then there is UUCP (unix to unix copy) which is another one I am concerned about.

    Will a firewall block these and will the sudoers file show if these items are active and running or a threat.

    In addition I have looked into TripWire but I am rusty on compiling my own applications. Not sure if it is worth it or if there is something better yet. I have looked into this specific application because some of my permissions are changing on my files and I want to know why. I think Tripwire might be a little over my head at this point.

    I also managed to disable root access... but I have another concern with actually finding all the users on the system. Specifically ones which require no password to get access or anoymous users. I can't figure out where the file is which lists them all. I am sorry if this seems stupid. I haven't used a mac for quite a few years now.


    If the remote-sharing box is unchecked chances are your ok
    To be specific... My Remote Sharing preferences where casually unlocking nearly every day. When I installed Flying Butress. The lock came off once and it has never come off again. To be very speculative and paranoid. That sounds to me like flying butress may have prevented some sort of monitoring system from watching my machine and then perhaps, the "remote admin" came back into machine and changed something again... Since after the firewall installation I found a problem while running a root kit detector. It said the UUCP user on my machine had changed. I don't know how to monitor UUCP. In addition, the flying butress is currently blocking alot of stealth connections. These are harmless correct?
    Last edited by MrGamma; 07-08-2009 at 04:27 PM.

  4. #4
    Senior Professional Array JayBird's Avatar

    Join Date
    Oct 2008
    Posts
    373
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    27

    Default

    or you could just go to system pref's then on the first tab 'General' put a tick in the box - 'require password to unlock each system preferences pane'.
    I Do Not Condone Piracy, If You Like It BUY IT! - It's Ok To Test But Not Steal - MacBook Pro Owner

    iPhone Owner 3G

  5. #5
    Newbie Array

    Join Date
    Jun 2009
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by JayBird View Post
    or you could just go to system pref's then on the first tab 'General' put a tick in the box - 'require password to unlock each system preferences pane'.
    That's what I did and it still came unlocked. That's why I am worried about where the users file is and how I can monitor exactly who is remotely connecting. I am worried that perhaps a UUCP or LDAP connection or something which would slip by the firewall could be in use...

    Or even maybe I just have an account somewhere which requires no password.

    Remember this is an employer who handed me this machine without the disks and they had all the time in the world to set it up however they wanted. I have changed my password... I am just worried there are other accounts, programs or even some strange anonymous user with some sort of stealth connection has access...

    I am asking these questions because I don't know. And the more I look... BSD seems to have a lot of possibilities... and Mac OS seems to have changed things around enough that there is so little documentation floating around to make deciphering it very hard...
    Last edited by MrGamma; 07-10-2009 at 01:23 AM.


  6. #6
    Senior Professional Array JayBird's Avatar

    Join Date
    Oct 2008
    Posts
    373
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    27
    I Do Not Condone Piracy, If You Like It BUY IT! - It's Ok To Test But Not Steal - MacBook Pro Owner

    iPhone Owner 3G

  7. #7
    Senior Professional Array JayBird's Avatar

    Join Date
    Oct 2008
    Posts
    373
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    27
    I Do Not Condone Piracy, If You Like It BUY IT! - It's Ok To Test But Not Steal - MacBook Pro Owner

    iPhone Owner 3G

  8. #8
    Newbie Array

    Join Date
    Jun 2009
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    That's looks like what I was having trouble finding... Thanks Guys...

 

 

Similar Threads

  1. Install MS Remote Desktop Client on ATV
    By michaelffm75 in forum AppleTV 1
    Replies: 4
    Last Post: 03-14-2010, 04:04 PM
  2. [Remote] Ports, 1.1.4 compatibility and security?
    By 12340987 in forum AppStore Software
    Replies: 1
    Last Post: 07-12-2008, 11:50 AM
  3. [Remote Desktop] Mac mini on Windows
    By jashsayani in forum Genuine Mac Support
    Replies: 2
    Last Post: 06-25-2008, 08:11 AM
  4. Remote Desktop Over Wifi ?
    By skyy in forum Free Toolchain Software (Cydia App's)
    Replies: 1
    Last Post: 03-12-2008, 02:05 AM
  5. [REQ] windows remote desktop app
    By Gregsen in forum Free Toolchain Software (Cydia App's)
    Replies: 2
    Last Post: 01-15-2008, 01:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 01:08 PM.
twitter, follow us!