Daniel Stone wrote:
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Oh and BTW, Slackware released an update today. Without trolling, I can
say
Will Aoki [EMAIL PROTECTED] wrote:
Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
[snip...]
I would've wanted to ask, why I'm getting this kind of messages
in auth.log;
Jan 13 19:00:16 erpland sshd[9941]: Connection from 127.0.0.1 port 4316
Jan 13 19:00:16 erpland
Henrique de Moraes Holschuh [EMAIL PROTECTED] writes:
On Fri, 11 Jan 2002, Ricardo B wrote:
Isn't there a way to turn module loading off (a way that can't be chagend
back - without rebooting) ?
None that cannot be undone if you're root in a non-ACL kernel. It gets hard
if the kernel has
Dries Kimpe [EMAIL PROTECTED] writes:
Looking at all the nice things one can do with a modern (and
surprisingly easy to make) rootkit, I'm really thinking about just
avoiding modular kernels at any cost.
This was my attitude towards kernel modules, too, but nowadays, you
have to expect
It should also be noted that OpenSSH 3.0.2 (the most current
stable version) does not log when tcp wrappers' hosts_access()
succeeds. I filed a bug and a patch for it,
http://bugzilla.mindrot.org/show_bug.cgi?id=65
From Will Aoki on Saturday, 12 January, 2002:
On Mon, Jan 07, 2002 at
On Sun, Jan 13, 2002 at 07:05:10PM +0200, Jussi Ekholm wrote:
Will Aoki [EMAIL PROTECTED] wrote:
Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
[snip...]
I would've wanted to ask, why I'm getting this kind of messages
in auth.log;
Well, unless these things have
msg.pgp
Description: PGP message
On 13 Jan 2002, Florian Weimer wrote:
Henrique de Moraes Holschuh [EMAIL PROTECTED] writes:
On Fri, 11 Jan 2002, Ricardo B wrote:
Isn't there a way to turn module loading off (a way that can't be chagend
back - without rebooting) ?
None that cannot be undone if you're root in a
HI,
I've SAMBA up and running on my multihomed host so that I share resources
over my home LAN. I've created SAMBA accounts for all of my UNIX users,
however, I have my Windows users accessing SAMBA through the guest account.
I accomplished this by using the map to guest = Bad User
force user = guest
force group = user
in your samba config for that share will force anything done to that share
to be done under that combination.
This isn't exactly what you asked, but it is useful. All this and more in
`man smb.conf` :o)
-nicole
At 03:53 on Jan 13, Stefan Srdic combined
On January 13, 2002 02:53 pm, Nicole Zimmerman wrote:
force user = guest
force group = user
in your samba config for that share will force anything done to that share
to be done under that combination.
This isn't exactly what you asked, but it is useful. All this and more in
`man
On Sunday 13 January 2002 05:53 am, Stefan Srdic wrote:
My question is, how can a modify the permissions of /home/guest so that any
file created under that directory would be owned by user guest and group
users (or something else like that).
Stef
hi there,
i've got a great example
I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and
bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for
a local network. It has 2 nic cards, one with an internal ip and one with
an external ip.
When I ssh locally (to the internal ip)to this
I didn't look at your tcpdump output but I'd assume it's trying to
resolve the in-addr.arpa record for the internal IP address and failing.
Try setting up BIND to resolve PTR records for the internal network IP
addresses and make sure that the server is configured to look to itself
for DNS. Hope
Turn BIND's query logging on and see what it's trying to
lookup. You can do this from the shell (as root) by
entering ndc querylog. Then take a look at your log
files and see exactly what it's doing. As someone pointed
out, I would also guess that it's attempting to perform
lookups on the IP
Thank you
it worked. I added the dns info about the host trying to connect in the
firewalls /etc/hosts file and I guess it was able to resolve the host name
without doing a dns look-up externally.
Thanks
From: Jason Sopko [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: sshd sending
On Mon, Jan 14, 2002 at 06:52:49AM -0500, Ivan R. wrote:
to, I can see no reason why not giving a user, that has *no* password,
a shell.
if a user don t need a shell,
why should we give him one?
Because a sysadmin could like to execute scripts under this uid via sudo
as he thinks it's a
On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
You might have misunderstood me, my question was, will the checksecurity
script that runs from cron e-mail it's report to root if I have exim
Will Aoki [EMAIL PROTECTED] wrote:
Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
[snip...]
I would've wanted to ask, why I'm getting this kind of messages
in auth.log;
Jan 13 19:00:16 erpland sshd[9941]: Connection from 127.0.0.1 port 4316
Jan 13 19:00:16 erpland
Henrique de Moraes Holschuh [EMAIL PROTECTED] writes:
On Fri, 11 Jan 2002, Ricardo B wrote:
Isn't there a way to turn module loading off (a way that can't be chagend
back - without rebooting) ?
None that cannot be undone if you're root in a non-ACL kernel. It gets hard
if the kernel has
Dries Kimpe [EMAIL PROTECTED] writes:
Looking at all the nice things one can do with a modern (and
surprisingly easy to make) rootkit, I'm really thinking about just
avoiding modular kernels at any cost.
This was my attitude towards kernel modules, too, but nowadays, you
have to expect that
It should also be noted that OpenSSH 3.0.2 (the most current
stable version) does not log when tcp wrappers' hosts_access()
succeeds. I filed a bug and a patch for it,
http://bugzilla.mindrot.org/show_bug.cgi?id=65
From Will Aoki on Saturday, 12 January, 2002:
On Mon, Jan 07, 2002 at
On Sun, Jan 13, 2002 at 07:05:10PM +0200, Jussi Ekholm wrote:
Will Aoki [EMAIL PROTECTED] wrote:
Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
[snip...]
I would've wanted to ask, why I'm getting this kind of messages
in auth.log;
Well, unless these things have
msg.pgp
Description: PGP message
On 13 Jan 2002, Florian Weimer wrote:
Henrique de Moraes Holschuh [EMAIL PROTECTED] writes:
On Fri, 11 Jan 2002, Ricardo B wrote:
Isn't there a way to turn module loading off (a way that can't be chagend
back - without rebooting) ?
None that cannot be undone if you're root in a
HI,
I've SAMBA up and running on my multihomed host so that I share
resources
over my home LAN. I've created SAMBA accounts for all of my UNIX users,
however, I have my Windows users accessing SAMBA through the guest account.
I accomplished this by using the map to guest = Bad User
force user = guest
force group = user
in your samba config for that share will force anything done to that share
to be done under that combination.
This isn't exactly what you asked, but it is useful. All this and more in
`man smb.conf` :o)
-nicole
At 03:53 on Jan 13, Stefan Srdic combined
On January 13, 2002 02:53 pm, Nicole Zimmerman wrote:
force user = guest
force group = user
in your samba config for that share will force anything done to that share
to be done under that combination.
This isn't exactly what you asked, but it is useful. All this and more in
`man smb.conf`
On Sunday 13 January 2002 05:53 am, Stefan Srdic wrote:
My question is, how can a modify the permissions of /home/guest so that any
file created under that directory would be owned by user guest and group
users (or something else like that).
Stef
hi there,
i've got a great example smb.conf
I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and
bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for
a local network. It has 2 nic cards, one with an internal ip and one with
an external ip.
When I ssh locally (to the internal ip)to this
I didn't look at your tcpdump output but I'd assume it's trying to
resolve the in-addr.arpa record for the internal IP address and failing.
Try setting up BIND to resolve PTR records for the internal network IP
addresses and make sure that the server is configured to look to itself
for DNS. Hope
Turn BIND's query logging on and see what it's trying to
lookup. You can do this from the shell (as root) by
entering ndc querylog. Then take a look at your log
files and see exactly what it's doing. As someone pointed
out, I would also guess that it's attempting to perform
lookups on the IP
32 matches
Mail list logo
