You are attempting to login to a Linux machine (probably CentOS) and your SSH sessions are instantly disconnected.

/var/log/secure shows various Signal 15 crashes and this error:

mm_request_send:  write:  Broken pipe

Your box has been hacked.    Format and Reinstall.

Be sure to run “yum update” at frequent intervals to keep your servers/VMs up-to-date!!

 

 

 

You are receiving these errors:

Connect Error (2000) mysqld cannot connect to MySQL 4.1+ using old authentication

ERROR 1275 (HY000): Server is running in –secure-auth mode, but ‘dbname’@’localhost’ has a password in the old format; please change the password to the new format

ERROR 2049 (HY000): Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)

ERROR 1372 (HY000): Password hash should be a 16-digit hexadecimal number

Your system is definitely storing passwords in the new format.     You are going crazy because your database is offline.

UPDATE mysql.user SET Password = PASSWORD(‘cheese’) WHERE User = ‘test’ AND Host = ‘localhost’;
UPDATE mysql.user SET plugin = ‘mysql_native_password’ WHERE User = ‘test’ AND Host = ‘localhost’;
flush privileges;

List off all the rules in order. This helps to see if an allow is overriding one of your denies:

iptables -nvL –line-numbers

Reject or Drop?

Drop means to drop everything at the interface and give no response. Best for port probes and the like.

Reject responds to the source. Best practices for TCP/IP

The following describes a procedure to set up NIS network name service under Red Hat Linux. This is geared toward a small intallation with only one domain. However, it should be fairly evident how to add more NIS domains. The NIS domain name has nothing to do with any DNS naming convention being used.

In these examples, the following conventions are used:
NIS domain: “internal”
Code or configuration file data: bold
Root prompt on NIS master server: master#
Root prompt on NIS client host: client#
Setting up a NIS master server:

yum install yp-tools ypbind ypserv portmap ntpd

Set up “ntpd” service or otherwise make sure the host’s clock is synchronized.
ntpdate pool.ntp.org
chkconfig ntpd on
/etc/init.d/ntpd start

Edit /etc/yp.conf:

domain internal server ip.of.nis.server

Edit /etc/ypserv.conf:

[The below settings are, by default, activated in CentOS config]
dns: no
files: 30
xfr_check_port: yes
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port

Edit /etc/sysconfig/network:

NISDOMAIN=”internal”

Set NIS domain name:

master# domainname internal
master# ypdomainname internal

Create file /var/yp/securenets:

host 127.0.0.1
255.255.255.0 10.0.0.0

Make sure the “portmap” service is running:

master# service portmap start
master# chkconfig portmap on

Edit File: /etc/nsswitch.conf

passwd: files nis
shadow: files nis
group: files nis

Start ypserv service:

master# service ypserv start

Check that it’s listening:

master# rpcinfo -u localhost ypserv

You should see:

program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

Initialize the NIS maps:

master# /usr/lib/yp/ypinit -m

Specify local hostname, Ctrl-D, y, let finish.

Start up ypbind, yppasswdd, ypxfrd:

master# service ypbind start
master# service yppasswdd start
master# service ypxfrd start

Set YP services to run on boot-up:

master# chkconfig ypserv on
master# chkconfig ypbind on
master# chkconfig yppasswdd on
master# chkconfig ypxfrd on

NIS client host setup

Required packages: yp-tools ypbind portmap

Edit /etc/sysconfig/network:

NISDOMAIN=internal

Edit /etc/yp.conf:

domain internal server ip.of.master.server

Edit /etc/hosts:

ip.of.master.server hostname.domain hostname

Set NIS domain-name:

client# domainname internal
client# ypdomainname internal

Edit /etc/nsswitch.conf:

passwd: files nis
shadow: files nis
group: files nis

Make sure the portmap service is running:

client# service portmap start
client# chkconfig portmap on

The /etc/hosts.allow file will need rules allowing access from localhost and the NIS master server.

Start ypbind service:

client# service ypbind start
client# chkconfig ypbind on

Test it out:

client# rpcinfo -u localhost ypbind
client# ypcat passwd

Your box has been hacked.

Refer to my previous post: HERE

You need to reinstall the SSH client:

yum reinstall openssh-clients

Common services and their run levels for auto start

httpd: chkconfig –level 234 httpd on
named: chkconfig –levels 35 named on
vsftpd: chkconfig –level 234 vsftpd on

-level 234 is fairly common