Re: Pam_tally2 logging, usage
On 2016-02-22 14:18, Nicholas Geovanis wrote: Does the pam_tally2.so module have a logging argument which doesn't appear in the man page? Or some options which increase its logging There's an "audit" option, does this help? http://www.linux-pam.org/Linux-PAM-html/sag-pam_tally2.html C. -- BOFH excuse #442: Trojan horse ran out of hay
Re: squirrelmail package in lenny
On Sun, 21 Feb 2010 at 23:20, Benjamin Vetter wrote: the squirrelmail package allows you to use the old etch php4 package, though there is no php4 within lenny. $ apt-cache dump | grep -B2 '^ File.*/status' Package: php4-common Version: 6:4.4.4-8+etch6 File: /var/lib/dpkg/status ...lists all packages only referenced in the status file, but are not listed in the Packages files of your repositories. therefore, the php package won't get updated, ever. Well, it's one thing to keep PHP4 around and squirrelmail (and probably) others wil happily continue to work, but yes - it doesn't make sense to me when the squirrelmail package page lists: depends on ... or php4 - Package not available. Maybe you could open a bug to remove this obsolete dependency? Christian. -- BOFH excuse #234: Someone is broadcasting pygmy packets and the router doesn't know how to deal with them. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/alpine.deb.2.01.1002211521090.28...@bogon.housecafe.de
Re: one user per daemon?
Andrew Pimlott wrote: On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote: in another (german) newsgroup i saw a comment, being a bit upset about the general-every-distribution behaviour to install new daemons under a single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, the default is that root starts the daemon. or user nobody does, but another daemon was configured to be run from nobody too. the same applies for user daemon. only a few daemons are run by other users by default, apache, snort or squid. You're right that this is rather ridiculous. For the trivial cost of a new user, we get a significant gain in compartmentalization. I wish there were something in policy strongly recommending creating a new user for every system service. hmm, ok. thanks for confirming that, i thought i/someone missed a hidden feature or so. i see, there is work done *towards* a one-user-per-daemon system, as i named some daemons above. and yes, i know, that *work* would be sooner done with even more people working on it Thank you, Christian. -- BOFH excuse #363: Out of cards on drive D: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
one user per daemon?
hi, in another (german) newsgroup i saw a comment, being a bit upset about the general-every-distribution behaviour to install new daemons under a single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, the default is that root starts the daemon. or user nobody does, but another daemon was configured to be run from nobody too. the same applies for user daemon. only a few daemons are run by other users by default, apache, snort or squid. the thing is, when some of the nobody processes are compromised, *every* daemon nobody has started is in danger to be killed or misused. /etc/password lists a lot of unused (but somehow standard-)users, they could be used to run processes under a different user id. yes, it's a bit confusing, please ask if i was unlcear. Thanks for comments, Christian. -- BOFH excuse #224: Jan 9 16:41:27 huber su: 'su root' succeeded for on /dev/pts/1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
one user per daemon?
hi, in another (german) newsgroup i saw a comment, being a bit upset about the general-every-distribution behaviour to install new daemons under a single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, the default is that root starts the daemon. or user nobody does, but another daemon was configured to be run from nobody too. the same applies for user daemon. only a few daemons are run by other users by default, apache, snort or squid. the things is, when some of the nobody processes are compromised, *every* daemon nobody has started is in danger to be killed or misused. /etc/password lists a lot of unused (but somehow standard-)users, they could be used to run processes under a different user id. yes, it's a bit confusing, please ask if i was unlcear. Thanks for comments, Christian. -- BOFH excuse #224: Jan 9 16:41:27 huber su: 'su root' succeeded for on /dev/pts/1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
one user per daemon?
hi, in another (german) newsgroup i saw a comment, being a bit upset about the general-every-distribution behaviour to install new daemons under a single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, the default is that root starts the daemon. or user nobody does, but another daemon was configured to be run from nobody too. the same applies for user daemon. only a few daemons are run by other users by default, apache, snort or squid. the thing is, when some of the nobody processes are compromised, *every* daemon nobody has started is in danger to be killed or misused. /etc/password lists a lot of unused (but somehow standard-)users, they could be used to run processes under a different user id. yes, it's a bit confusing, please ask if i was unlcear. Thanks for comments, Christian. -- BOFH excuse #224: Jan 9 16:41:27 huber su: 'su root' succeeded for on /dev/pts/1
one user per daemon?
hi, in another (german) newsgroup i saw a comment, being a bit upset about the general-every-distribution behaviour to install new daemons under a single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, the default is that root starts the daemon. or user nobody does, but another daemon was configured to be run from nobody too. the same applies for user daemon. only a few daemons are run by other users by default, apache, snort or squid. the things is, when some of the nobody processes are compromised, *every* daemon nobody has started is in danger to be killed or misused. /etc/password lists a lot of unused (but somehow standard-)users, they could be used to run processes under a different user id. yes, it's a bit confusing, please ask if i was unlcear. Thanks for comments, Christian. -- BOFH excuse #224: Jan 9 16:41:27 huber su: 'su root' succeeded for on /dev/pts/1
Re: request to german speaking users
Christoph Haas wrote: hm, patches. i'm not good at creating patches. would it help too if i/we send you this word, sentence, page XX.. and the like? That's a terrible burden for Alexander to create text from it. Please get the docbook formatted code and do a revision. Then just do a diff and sent the output. hm, ok, i'll try. -- BOFH excuse #413: Cow-tippers tipped a cow onto the server. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: crypto filesystem
Dale Amon wrote: You should probably go over to linux-crypto. If it's loop-aes, ask Jaari; otherwise one of the others might. yes, i've done so and Jari was as helpful as you said :-) Thanks, Christian. -- BOFH excuse #413: Cow-tippers tipped a cow onto the server. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: request to german speaking users
Alexander Schmehl wrote: I just finished the translation of the security howto to german, but some parts are very ugly hacked. It would be very nice, if some of you would review my translation (or at least small parts of it), and send me some patches. hm, patches. i'm not good at creating patches. would it help too if i/we send you this word, sentence, page XX.. and the like? You can find the latest version of it at http://www.cs.uni-frankfurt.de/~schmehl/securing-debian/ in all usual formats (and of course the sgml-source, too). as others suggested too, the reading should be shared to a group of readers. but, aren't there already tutorials how to do corrections on translating docs/software?. i don't know any, but i think there really must be some, since there are a lot of translated howtos out there... so, perhaps splitting it up chapter wise is good and just in case sbd. has already started the reading (with ch.1), i'll start with ch 9-10, will do more if we can agree about sth Thanks, Christian. -- BOFH excuse #68: only available on a need to know basis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: request to german speaking users
Alexander Schmehl wrote: I just finished the translation of the security howto to german, but some parts are very ugly hacked. It would be very nice, if some of you would review my translation (or at least small parts of it), and send me some patches. hm, patches. i'm not good at creating patches. would it help too if i/we send you this word, sentence, page XX.. and the like? You can find the latest version of it at http://www.cs.uni-frankfurt.de/~schmehl/securing-debian/ in all usual formats (and of course the sgml-source, too). as others suggested too, the reading should be shared to a group of readers. but, aren't there already tutorials how to do corrections on translating docs/software?. i don't know any, but i think there really must be some, since there are a lot of translated howtos out there... so, perhaps splitting it up chapter wise is good and just in case sbd. has already started the reading (with ch.1), i'll start with ch 9-10, will do more if we can agree about sth Thanks, Christian. -- BOFH excuse #68: only available on a need to know basis
crypto filesystem
hi, recently i set up a crypted filesystem and use it already successfully. 'cause i'm lazy, i've always used the option -p when initializing the loop-device via losetup: losetup -k 128 -p 12 -e serpent /dev/loop6 /dev/sdb2 that way, i don't have to type in the passphrase manually (instead, the passphrase is taken from the file located on inode#12). now i changed my mind and really _want_ to type in the passphrase manually. but losetup seems not to accept it. there is no error message like wrong pw or so but the following mount (right after losetup) is failing, which leads me to the assuption that losetup has not recognized the passphrase and the loopdevice was not set up correctly, hence the mount fails. the -p option is not that much documented in the manpage, am i missing an important fact about it? yes, and it's no typo here, the passphrase is right :-) any hints? Thanks, Christian.