|ftp shouldn't be a problem if you run it as a demon with a user that has
|limited privileges
|I run proftpd with a user ftp who only has access to his home dir.
interesting... we might need for the administration of the jboss accounts on
teh server.
|
|I also turn telnet off completely and I use ssh.
|You can also put ssh on port 9999 which doesn't show up on some port
|scanners.
Ok, any holes to ssh that you know of?
also you ssh connect target:9999?
marc
|
|I just use nmap to make sure I don't have any ports open except what i
|need.
|
|ssh, httpd, ftp
|marc fleury wrote:
|>
|> |Another nice idea is to substitute telnet and ftp with some service that
|> |sents an alarm message to you. Perhaps you could also just make them
|> |look the same as telnet and ftp but let them collect every single
|> |keystroke (some sort of "honeypot") :-).
|>
|> fancy... but I can't write C for shit... :)
|>
|> do these exist out of the box???
|>
|> marc
|>
|> |
|> |Links:
|> |http://www.openwall.com/scanlogd/
|> |http://packetstorm.securify.com/linux/security/
|> |http://www.psionic.com/abacus/portsentry/
|> |http://sdetect.sourceforge.net/
|> |
|> |Tobias
|> |
|> |
|> |marc fleury wrote:
|> |>
|> |> yes, my home machine was hacked as well and then my provider
|machine from
|> |> there hence jboss down.
|> |>
|> |> It also proves "dreamhost" detected the intrusion (as I did) but
|> |wasn't able
|> |> to do anything to prevent it or repair it. :(
|> |>
|> |> I had to reinstall linux as well. It seems the first script
|kiddies were
|> |> good and just "parasited" the machine but didn't damage it (and
|> |I don't mind
|> |> some parasites, all trees have them). But then a "sloppy" script
|> |kiddy came
|> |> along and boom.
|> |>
|> |> So being badly raped when I was a "security newbie" I decided to
|> |look at it
|> |> in detail.
|> |>
|> |> Fascinating, had a great time, didn't sleep much last week :)
|> |>
|> |> essentially I disable EVERYTHING (telnet, ftp), I use xinetd
|> |which is more
|> |> secure than inetd and then I turn off all the services in xinetd
|> |but pop3s a
|> |> secure pop version on ssl. ssh is the only way to get in
|(telneat really
|> |> good on windows) Of course I do all the installation off line.
|> |And then I
|> |> put "tripwire" to monitor the main directories turn it on, once
|> |it is on I
|> |> put the machine online.
|> |>
|> |> then I downloaded a rootkit and diagnosed my own machine for
|attacks :)
|> |> fascinating.
|> |>
|> |> so much fun. Anyone knows of a good "scan detector"?
|> |>
|> |> marc
|> |>
|> |> |-----Original Message-----
|> |> |From: [EMAIL PROTECTED]
|> |> |[mailto:[EMAIL PROTECTED]]On Behalf Of Filip Hanik
|> |> |Sent: Monday, January 22, 2001 10:22 AM
|> |> |To: jBoss Developer
|> |> |Subject: [jBoss-Dev] securing your servers
|> |> |
|> |> |
|> |> |Just wanted to let everybody that run RedHat at home (maybe
|> |even the JBoss
|> |> |servers?)
|> |> |I got hit by the Ramen Noodle worm on my server at home (I
|> |forgot to turn
|> |> |off some inetd services - in this case the print service) and my
|> |> |machine got
|> |> |rooted.
|> |> |This means, I have to reinstall my machine from scratch, so be
|> |careful all
|> |> |of you who run Linux (especially redhat).
|> |> |If you run FreeBSD your safe!! :)
|> |> |
|> |> |take a look at the article
|> |>
||http://news.cnet.com/news/0-1003-200-4508359.html?tag=st.ne.1430735..ni
|> |> |
|> |> |Filip
|> |> |
|> |> |~
|> |> |Namaste - I bow to the divine in you.
|> |> |~
|> |> |Filip Hanik
|> |> |Technical Architect
|> |> |[EMAIL PROTECTED]
|> |> |
|> |> |----- Original Message -----
|> |> |From: "marc fleury" <[EMAIL PROTECTED]>
|> |> |To: "jBoss Developer" <[EMAIL PROTECTED]>
|> |> |Sent: Monday, January 22, 2001 9:55 AM
|> |> |Subject: RE: [jBoss-Dev] jndi/UserTransaction
|> |> |
|> |> |
|> |> |Hello,
|> |> |
|> |> |sorry for the delay I am finally out of the water re website
|> |(well almost).
|> |> |
|> |> |I am very interested in a integration of
|> |> |a/new TM or extended TM
|> |> |b/ Jeremie from France Telecom... it is the new JOnAS TM and I
|> |believe we
|> |> |can buy ourselves distributed TM with it.
|> |> |
|> |> |let me know if you time/energy/will to take that on. To be quite
|> |> |frank I am
|> |> |thinking b/ first then talk to ole on possibilities for a/,
|> |> |
|> |> |marc
|> |> |
|> |> |
|> |> ||-----Original Message-----
|> |> ||From: [EMAIL PROTECTED]
|> |> ||[mailto:[EMAIL PROTECTED]]On Behalf Of Sethi , Manish
|> |> ||Sent: Sunday, January 14, 2001 7:51 AM
|> |> ||To: 'jBoss Developer '
|> |> ||Subject: RE: [jBoss-Dev] jndi/UserTransaction
|> |> ||
|> |> ||
|> |> ||Hi Everybody,
|> |> ||
|> |> ||Writing very first mail to the group.
|> |> ||
|> |> ||I have gone through present implementation og JTA. I want to
|> |help in it's
|> |> ||development. Now what I want to know is what should we choose out of
|> |> ||followings for this job.
|> |> ||
|> |> ||1. Should we implement JTS/OTS specs at the back. (Probably we
|> |> ||would have to
|> |> ||start form scrach...)
|> |> ||
|> |> ||OR
|> |> ||
|> |> ||2. Should we think of some mechanism of just making TXContext
|> |> ||movable around
|> |> ||the multiple JVM...
|> |> ||
|> |> ||
|> |> ||-Manish
|> |> ||
|> |> ||
|> |> ||-----Original Message-----
|> |> ||From: marc fleury
|> |> ||To: jBoss Developer
|> |> ||Sent: 1/12/01 10:34 AM
|> |> ||Subject: RE: [jBoss-Dev] jndi/UserTransaction
|> |> ||
|> |> |||Is there a known historical fix for this, such as substituting a
|> |> ||different
|> |> |||JTA implementation or JNDI implementation? That is, has
|> |someone already
|> |> ||
|> |> ||hi,
|> |> ||
|> |> ||the jndi implementation is an orthogonal issue. We need to
|plug in a
|> |> ||distributed monitor (JTS/JTA) and hook it up to jndi. The plumbing
|> |> ||(propagation, thread association) is already there as it is an
|> |> ||adaptation of
|> |> ||the old jboss1.0 code.
|> |> ||
|> |> ||For the record, jboss1.0 used JOnAS distributed TM to provide
|> |> ||distributed
|> |> ||transactions. We deliberately removed it from 2.0 to provide
|> |fast in VM
|> |> ||tm.
|> |> ||
|> |> ||Plugging a new TM is what is needed.
|> |> ||
|> |> ||marc
|> |> ||
|> |> ||
|> |> |||provided this functionality in the past and able to offer
|suggestions?
|> |> |||Distributed JTA and UserTransaction access by remote clients
|> |> |||through JNDI is
|> |> |||spec-required.
|> |> |||
|> |> |||Sean
|> |> |||
|> |> |||on 1/11/01 11:17 PM, marc fleury at [EMAIL PROTECTED] wrote:
|> |> |||
|> |> |||> userTransaction is for beans right now. I.e visible in JNDI
|> |of beans,
|> |> ||but
|> |> |||> NOT the globla JNDI.
|> |> |||>
|> |> |||> marc
|> |> |||>
|> |> |||>
|> |> |||> |-----Original Message-----
|> |> |||> |From: [EMAIL PROTECTED]
|> |> |||> |[mailto:[EMAIL PROTECTED]]On Behalf Of
|Scott M Stark
|> |> |||> |Sent: Wednesday, January 10, 2001 8:08 PM
|> |> |||> |To: jBoss Developer
|> |> |||> |Subject: Re: [jBoss-Dev] jndi/UserTransaction
|> |> |||> |
|> |> |||> |
|> |> |||> |Can't you just access it via the context.getUserTransaction()
|> |> ||method?
|> |> |||> |It is bound under java:comp/UserTransaction, but this is only
|> |> ||available
|> |> |||> |from within the EJB while the container is executing a
|method. Its
|> |> |||> |not visable vie jndiView.
|> |> |||> |
|> |> |||> |
|> |> |||> |----- Original Message -----
|> |> |||> |From: "Peter Braswell" <[EMAIL PROTECTED]>
|> |> |||> |To: "jBoss Developer" <[EMAIL PROTECTED]>
|> |> |||> |Sent: Wednesday, January 10, 2001 7:20 PM
|> |> |||> |Subject: [jBoss-Dev] jndi/UserTransaction
|> |> |||> |
|> |> |||> |
|> |> |||> |> All,
|> |> |||> |>
|> |> |||> |> I don't see (jndiView) where the a UserTransaction is
|> |> |||> |> bound. I didn't find in the mail archives or docs
|> |> |||> |> anything indicating how this gets bound...
|> |> |||> |>
|> |> |||> |> Any hints?
|> |> |||> |>
|> |> |||> |> peter
|> |> |||> |>
|> |
|
|--
|Doug Ferguson
|Software Developer
|www.coremetrics.com
|512-342-2623x212
|512-619-9972(cell)
|
