En réponse à Hubert Chan [EMAIL PROTECTED]:
Anything that is not a real user can have its shell set to /bin/false.
In fact, depending on how your system is set up, you could probably
even
set root's shell to /bin/false.
ok
Just make sure that you have some way
of doing stuff as root
En réponse à Christian Hammers [EMAIL PROTECTED]:
Apart from the ftp users which (sometimes) need their ftp password to
be stored in /etc/shadow and thus would making it a valid login
password
to, I can see no reason why not giving a user, that has *no* password,
a shell.
ok, but we can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
I Have a trouble with my e-mail server. I have to change it to my
domain name and not .local ...
I need mailserver.domainname.no
If I want to change hostname or IP I use a combination of find grep
and sed and just replace every occurance
Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd,
I wish I did know how the hacker got in, but I am pretty sure they won't be
able to now.
Someone mentioned tripwire. Is that a good monitor for hacker activity?
alan
- Original Message -
From: Alvin Oga [EMAIL PROTECTED]
To: Patrice Neff [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent:
oh yeah.. by the way, that chkrootkit that someone mentioned pointed me
right to the problems.
that is a great tool.
thanks
alan
- Original Message -
From: Jacques Lav!gnotte [EMAIL PROTECTED]
To: Alvin Oga [EMAIL PROTECTED]
Cc: Alan Aldrich [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ivan == \Ivan R \ Ivan writes:
Just make sure that you have some way of doing stuff as root
(e.g. sudo), and that you don't kill single mode. (Never tried this,
but I don't see why you couldn't do this.)
Ivan ok for sudo, but what do you mean
Alan Aldrich wrote:
Snip
Of course I took it off the net and had to rebuild the whole system, and now
I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
needs logins anyway, all it does is VPN proxy and authentication on certain
ports.
Snip
The way it should be. No
Hi,
I was going through the Securing Debian HOW-TO and noticed the section on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards all mail from root to my
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes to the system. Will this work if I
Thus spake Stefan Srdic:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes to the
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis [EMAIL PROTECTED]
-Original Message-
From: Stefan Srdic [mailto:[EMAIL
On January 12, 2002 03:18 pm, Jeremy L. Gaddis wrote:
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis [EMAIL PROTECTED]
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Oh and BTW, Slackware released an update today. Without trolling, I can
say that I was honestly
Ben is merely behind with updating the BTS, by the looks of it...
Can't close it till I fix woody/sid too. Which will be when 2.2.5 is
released (days).
--
.--===-=-==-=---==-=-.
/ Ben Collins--Debian GNU/Linux
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
Hi,
my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
to be good. What can happen ?
Without much information to go on, I would have a stab at
/etc/syslog.conf... Do you currently have *anything* ending
Previously Daniel Stone wrote:
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Waiting for the m68k build, I intend to release a DSA tomorrow.
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
Hi,
my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
On Mon, Jan 14, 2002 at 06:52:49AM -0500, Ivan R. wrote:
to, I can see no reason why not giving a user, that has *no* password,
a shell.
if a user don t need a shell,
why should we give him one?
Because a sysadmin could like to execute scripts under this uid via sudo
as he thinks it's a
On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
You might have misunderstood me, my question was, will the checksecurity
script that runs from cron e-mail it's report to root if I have exim
En réponse à Christian Hammers [EMAIL PROTECTED]:
Apart from the ftp users which (sometimes) need their ftp password to
be stored in /etc/shadow and thus would making it a valid login
password
to, I can see no reason why not giving a user, that has *no* password,
a shell.
ok, but we can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
I Have a trouble with my e-mail server. I have to change it to my
domain name and not .local ...
I need mailserver.domainname.no
If I want to change hostname or IP I use a combination of find grep
and sed and just replace every occurance
Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd,
I wish I did know how the hacker got in, but I am pretty sure they won't be
able to now.
Someone mentioned tripwire. Is that a good monitor for hacker activity?
alan
- Original Message -
From: Alvin Oga [EMAIL PROTECTED]
To: Patrice Neff [EMAIL PROTECTED]
Cc:
oh yeah.. by the way, that chkrootkit that someone mentioned pointed me
right to the problems.
that is a great tool.
thanks
alan
- Original Message -
From: Jacques Lav!gnotte [EMAIL PROTECTED]
To: Alvin Oga [EMAIL PROTECTED]
Cc: Alan Aldrich [EMAIL PROTECTED];
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ivan == \Ivan R \ Ivan writes:
Just make sure that you have some way of doing stuff as root
(e.g. sudo), and that you don't kill single mode. (Never tried this,
but I don't see why you couldn't do this.)
Ivan ok for sudo, but what do you mean
Alan Aldrich wrote:
Snip
Of course I took it off the net and had to rebuild the whole system, and now
I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
needs logins anyway, all it does is VPN proxy and authentication on certain
ports.
Snip
The way it should be. No
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards all mail from root to my
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes to the system. Will this work if I
Thus spake Stefan Srdic:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes to the
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis [EMAIL PROTECTED]
-Original Message-
From: Stefan Srdic [mailto:[EMAIL
On January 12, 2002 03:18 pm, Jeremy L. Gaddis wrote:
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis [EMAIL PROTECTED]
I
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Oh and BTW, Slackware released an update today. Without trolling, I can
say that I was honestly surprised
On Sun, Jan 13, 2002 at 10:38:40AM +1100, Daniel Stone wrote:
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
I saw this recently...
From: Ben
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
Hi,
my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
37 matches
Mail list logo