Re: Daemon umask
Mike Mestnik wrote: > Actually I'm unsure if a shell would be invoked in most cases. For > example Apache starts as root and drops privs after opening up log > files(I wish someone would fix this) and port 80(I wish this could be > done with an ACL). Sorry, it's not clear to me what it is that you want fixed. Can you elaborate? Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/rj1df9xmr7@news.roaima.co.uk
Re: how to fix rootkit?
On Wed, 2012-02-08 at 22:56, Chris Davies wrote: > You can no longer trust the kernel [...] Milan P. Stanic wrote: > Of course, you are right here. But then I don't trust the CPU's. How we > know that the manufacturer od CPU, Ethernet card or anything, didn't put > some secret code into device [...] You don't. But since your scenario applies whether or not someone's system has been rooted, it should probably remain outside the scope of the discussion. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2p4d09xej3@news.roaima.co.uk
Re: how to fix rootkit?
Milan P. Stanic wrote: > What about statically linked binaries on the external media (CD, DVD, > USB ...) which is write protected with 'execute in place' mode? You can no longer trust the kernel. Therefore you cannot trust ANY application that runs under that kernel, either directly or indirectly. Period. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/g5bb09xbl5@news.roaima.co.uk
Re: Default valid shells and home dir permissions
Poison Bit wrote: > Why filter to those in /etc/shells ? I mean... the filter should be > applied by the system :) Mainly because it's a convenient list of "real" shells, and some of the remote service applications require a shell to be in that list. FTP is one such that springs to mind. As a counter example, /bin/false is a possible shell but it doesn't provide a particularly useful environment for the user. You could change the scriptlet to check for the 7th column being either empty or an executable file if you preferred. > But neither of both codes take in mind if there is sudo in the system, > and what is gained in its config. I don't recall the OP mentioning access via sudo. (BICBW.) > Also, neither of both codes think about ForceCommand in ssh... So I > maybe listed as /bin/bash, but I me be able only of run /usr/bin/cal > once as my shell and get kicked. ForceCommand requires an interactive shell-like login on the target, so I don't believe that's relevant here. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/uad3u8x037@news.roaima.co.uk
Re: Default valid shells and home dir permissions
Davit Avsharyan wrote: > 1/ I'm wondering why most of the system users have valid shells by > default ? > /cat /etc/passwd | grep -E '(sh|bash)' | wc -l > *21*/ That's not necessarily sufficient to determine valid shells: the absence of a shell definition implies the use of /bin/sh, so you need to check that, too. Something like this should probably give you a definitive list - SS=$(grep '^/' /etc/shells | xargs) for S in $SS ''; do getent passwd | awk -F: -v S="$S" '{if ($7 == S) print $1, $7}' done Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/djs2u8xfrv@news.roaima.co.uk
Re: Linux infected ?
Ralph Jenkin wrote: > Am I the only one thinking; "Wine can actually manage to get infected by > malware now? Cool." I've seen a fair number of discussions about this on usenet, so it's not new, no. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Rainbow tables on Linux?
Johan 'yosh' Marklund <[EMAIL PROTECTED]> wrote: > the open source rainbow tables are about 121GB (if my memory > serves me correctly) and are only available via bittorrent. > I think it took me about 2 months to download them. > http://www.antsight.com/zsl/rainbowcrack/ Out of interest, how long do you estimate it would have taken you to generate them locally? Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: What to do about SSH brute force attempts?
> Third use a non standart ssh port (for example ) Michael Tautschnig <[EMAIL PROTECTED]> wrote: > I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for > now. Try it before you dismiss it out of hand. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]