Re: Iptables config
On Sun, 21 Apr 2002 18:34:58 +0200 (CEST) Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote: http://www.linuxguruz.org/iptables/ I've found that shorewall (now apt-gettable) makes a very nice iptables framework/wrapper. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Iptables config
On Sun, 21 Apr 2002 18:34:58 +0200 (CEST) Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote: http://www.linuxguruz.org/iptables/ I've found that shorewall (now apt-gettable) makes a very nice iptables framework/wrapper. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: About user monitoring
On Tue, 16 Apr 2002 20:11:29 +0300 (EEST) Halil Demirezen [EMAIL PROTECTED] wrote: I am planning to write code that will load the users terminal screens to my screen. And root will surely manage that. Is there anyone to tell me any link which contains information about this subject. Google ttysnoop. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: About user monitoring
On Tue, 16 Apr 2002 20:11:29 +0300 (EEST) Halil Demirezen [EMAIL PROTECTED] wrote: I am planning to write code that will load the users terminal screens to my screen. And root will surely manage that. Is there anyone to tell me any link which contains information about this subject. Google ttysnoop. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim mail Problem
On Thu, 17 Jan 2002 18:47:59 -0600 Daniel J Rychlik [EMAIL PROTECTED] wrote: Im seeing this same message execpt that the neat looking identifiers after the timestamp change slightly. There is about 50 diffrent identifiers or so in the main log. The problem im seeing is exim mail chewing up resources and not letting anything else play, like apache. ;o) Install the eximon package. Run it as root and then use that to investigate what messages are being held and why. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim mail Problem
On Thu, 17 Jan 2002 18:47:59 -0600 Daniel J Rychlik [EMAIL PROTECTED] wrote: Im seeing this same message execpt that the neat looking identifiers after the timestamp change slightly. There is about 50 diffrent identifiers or so in the main log. The problem im seeing is exim mail chewing up resources and not letting anything else play, like apache. ;o) Install the eximon package. Run it as root and then use that to investigate what messages are being held and why. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: Mailserver HDD organization
On 17 Jan 2002 07:06:37 +0100 eim [EMAIL PROTECTED] wrote: I was thinking about a partition for /, one for boot, one for /var/spool/mail and some other important system parts. MTAs are inherently disk IO bound. As such, if possible devote a spindle to /var/spool/mail and do what you can to reduce other system IO (eg turn of syslog fsync()). If you can't do that (and it sounds like you can't), then use the appropriate RAID types. Has anyone real-life examples of running mailservers, maybe some HDD organization infos, MTA infos and other importante related know-how to run a secure and stable mailserver on my network. There's been quite a bit of this sort of data on the Mailman lists from Chuq von Rospach, myself, Nigel Metherington, and others. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mailserver HDD organization
On Thu, 17 Jan 2002 09:23:02 -0500 Dave Kline [EMAIL PROTECTED] wrote: I know, I know, use what you feel comfortable with, but how comfortable are you guys with Exim? -A. Dave Very. I like, and use both Exim and Postfix in deployed production systems. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mailserver HDD organization
On 17 Jan 2002 07:06:37 +0100 eim [EMAIL PROTECTED] wrote: I was thinking about a partition for /, one for boot, one for /var/spool/mail and some other important system parts. MTAs are inherently disk IO bound. As such, if possible devote a spindle to /var/spool/mail and do what you can to reduce other system IO (eg turn of syslog fsync()). If you can't do that (and it sounds like you can't), then use the appropriate RAID types. Has anyone real-life examples of running mailservers, maybe some HDD organization infos, MTA infos and other importante related know-how to run a secure and stable mailserver on my network. There's been quite a bit of this sort of data on the Mailman lists from Chuq von Rospach, myself, Nigel Metherington, and others. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: Mailserver HDD organization
On Thu, 17 Jan 2002 09:23:02 -0500 Dave Kline [EMAIL PROTECTED] wrote: I know, I know, use what you feel comfortable with, but how comfortable are you guys with Exim? -A. Dave Very. I like, and use both Exim and Postfix in deployed production systems. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: MySQL-Firewall
On Tue, 8 Jan 2002 19:28:52 +0100 jonasge Jonas wrote: What ports on the ppp0 have I to open, that somebody can access with phpmyadmin over the Internet?? One would hope that you are not allowing access to PhpMyAdmin in clear text via HTTP. At least SSL wrap it (port 143). And what ports on the ppp0 have I to open, that the local php-scripts can connect to the database ??? None. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPSec questions...
On Tue, 8 Jan 2002 10:37:10 -0700 Stefan Srdic [EMAIL PROTECTED] wrote: I was curious about IPSec and had a few questions about it. Do you need more then one host on the network in order to use it? To do anything useful, yes. Can it be implemented without patching the kernel? In the case of FreeS/WAN, no, you have to patch the kernel. Does Debian support it? There is a FreeS/WAN package, and there is a FreeS/WAN kernel patch package. I've not had success with the latter (I ended up hand patching and building my own kernels). The base Debian FreeS/WAN packages seem to work. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MySQL-Firewall
On Tue, 8 Jan 2002 19:28:52 +0100 jonasge Jonas wrote: What ports on the ppp0 have I to open, that somebody can access with phpmyadmin over the Internet?? One would hope that you are not allowing access to PhpMyAdmin in clear text via HTTP. At least SSL wrap it (port 143). And what ports on the ppp0 have I to open, that the local php-scripts can connect to the database ??? None. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: IPSec questions...
On Tue, 8 Jan 2002 10:37:10 -0700 Stefan Srdic [EMAIL PROTECTED] wrote: I was curious about IPSec and had a few questions about it. Do you need more then one host on the network in order to use it? To do anything useful, yes. Can it be implemented without patching the kernel? In the case of FreeS/WAN, no, you have to patch the kernel. Does Debian support it? There is a FreeS/WAN package, and there is a FreeS/WAN kernel patch package. I've not had success with the latter (I ended up hand patching and building my own kernels). The base Debian FreeS/WAN packages seem to work. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: Apt-get is insecure
On 17 Dec 2001 14:34:12 +1100 Simon Hill [EMAIL PROTECTED] wrote: so assuming that dpkg (and/or apt?) can deal with embedded gpg signiatures in .deb files, how do we get maintainers to start using them? File bugs? -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apt-get is insecure
On 17 Dec 2001 14:34:12 +1100 Simon Hill [EMAIL PROTECTED] wrote: so assuming that dpkg (and/or apt?) can deal with embedded gpg signiatures in .deb files, how do we get maintainers to start using them? File bugs? -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: Apt-get is insecure
On Thu, 13 Dec 2001 16:24:47 +0100 Wichert Akkerman [EMAIL PROTECTED] wrote: Previously Alexander Karelas wrote: RedHat uses a PGP signature scheme. What are we doing about it? apt-get install debsign What is the status of having Jack Goerzen's dpkg patch accepted? http://lists.debian.org/debian-dpkg/2001/debian-dpkg-200103/msg00024.html -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: In Praise of Dos (RE: Mutt tmp files)
On Tue, 20 Nov 2001 22:25:36 -0600 Nathan E Norman Nathan wrote: On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. Which ignores the fact that several commonly used MTAs strip such headers. M-F-T is generally used on debian mailing lists. Used (in terms of being placed in messages) and used in terms of honoured by recipients are two very different things. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: In Praise of Dos (RE: Mutt tmp files)
On Mon, 19 Nov 2001 21:57:05 -0600 Nathan E Norman Nathan wrote: On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: But his is hugely off topic, and I'll go no futher down this road. Could you at least honor my Mail-Followup-To: header? Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WAY OT (Re: In Praise of Dos (RE: Mutt tmp files))
On Tue, 20 Nov 2001 13:00:58 -0800 Vineet Kumar [EMAIL PROTECTED] wrote: * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. So are please and thank you, but it's generally considered polite. Which is a little difficult when MTAs strip the header (Exchange and Notes are notorious for this), or you're working with an MUA which neither honours or supports it (to any extent). At that point its an invisible header with as much effect on your mail processing as a X-This-Is-Useless: header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt tmp files)
On Tue, 20 Nov 2001 22:25:36 -0600 Nathan E Norman Nathan wrote: On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. Which ignores the fact that several commonly used MTAs strip such headers. M-F-T is generally used on debian mailing lists. Used (in terms of being placed in messages) and used in terms of honoured by recipients are two very different things. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt tmp files)
On Mon, 19 Nov 2001 21:57:05 -0600 Nathan E Norman Nathan wrote: On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: But his is hugely off topic, and I'll go no futher down this road. Could you at least honor my Mail-Followup-To: header? Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: WAY OT (Re: In Praise of Dos (RE: Mutt tmp files))
On Tue, 20 Nov 2001 13:00:58 -0800 Vineet Kumar [EMAIL PROTECTED] wrote: * J C Lawrence ([EMAIL PROTECTED]) [011120 12:04]: Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. So are please and thank you, but it's generally considered polite. Which is a little difficult when MTAs strip the header (Exchange and Notes are notorious for this), or you're working with an MUA which neither honours or supports it (to any extent). At that point its an invisible header with as much effect on your mail processing as a X-This-Is-Useless: header. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Re: gnupg problem
On Tue, 19 Jun 2001 09:29:13 +0100 Brett Parker [EMAIL PROTECTED] wrote: Why not use XEmacs instead of Emacs and kill the need for this package? Unfortunately there's a lot of elisp that just won't work under one of the two. I finally gave up and evicted all the GNU/Emacs crap from my .xemacs, and now, amazingly, finally have the damn thing under 250K. better still, use mutt which has all the support in there. Mutt can't handle MH folders properly (named sequence support to name but one). No thanks. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows
Re: Good secure FTP server
On Thu, 31 May 2001 16:17:42 +0200 Alex Snijder [EMAIL PROTECTED] wrote: Hello, I'm looking for a good 'secure' FTP server. I like and use muddleftpd as I need to support user logins in intranet siuations. I recommend perusing Rock Moen's list of FTPd servers and his commentary (Marcus Ranum's AFTPd is also rather nice for pure anonymous work). -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Good secure FTP server
On Thu, 31 May 2001 16:17:42 +0200 Alex Snijder [EMAIL PROTECTED] wrote: Hello, I'm looking for a good 'secure' FTP server. I like and use muddleftpd as I need to support user logins in intranet siuations. I recommend perusing Rock Moen's list of FTPd servers and his commentary (Marcus Ranum's AFTPd is also rather nice for pure anonymous work). -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows
Re: Ports to block?
On Thu, 05 Apr 2001 13:40:54 -0700 Eric N Valor [EMAIL PROTECTED] wrote: 53-UDP (DNS, if you have bind running) DNS will talk TCP on port 53 if the record requested is particularly large. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Ports to block?
On Thu, 05 Apr 2001 13:40:54 -0700 Eric N Valor [EMAIL PROTECTED] wrote: 53-UDP (DNS, if you have bind running) DNS will talk TCP on port 53 if the record requested is particularly large. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: Debian or Linux 7???
On Mon, 19 Feb 2001 18:12:29 -0500 Steve Rudd [EMAIL PROTECTED] wrote: Hi! I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months and I am going broke rebuilding my server. The odds are good that your being cracked had nothing to do with the kernel version you were running. I went out and bought Redhat 7, and got hacked 6 weeks later. Hardly surprising. So Debian is about twice as good as redhat, but that is not real reassuring. You need to find out: a) How your systems were cracked. b) How you could have prevented that. c) How to harden a system. d) How to audit and monitor a system. e) How to actively maintain a secure system. Choice of Linux distribution or kernel version really isn't going to help you much there (minor exceptions).. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: Debian or Linux 7???
On Mon, 19 Feb 2001 18:12:29 -0500 Steve Rudd [EMAIL PROTECTED] wrote: Hi! I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months and I am going broke rebuilding my server. The odds are good that your being cracked had nothing to do with the kernel version you were running. I went out and bought Redhat 7, and got hacked 6 weeks later. Hardly surprising. So Debian is about twice as good as redhat, but that is not real reassuring. You need to find out: a) How your systems were cracked. b) How you could have prevented that. c) How to harden a system. d) How to audit and monitor a system. e) How to actively maintain a secure system. Choice of Linux distribution or kernel version really isn't going to help you much there (minor exceptions).. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: secure install
On Thu, 15 Feb 2001 15:34:07 +0100 Raphael Bauduin [EMAIL PROTECTED] wrote: Hi, I'm looking for a way to install a debian potato as securely as possible. I would follow this procedure in the future to install a lot of servers. The problem I have is that a lot of unwanted packages get installed by default (telnetd, exim, at, bc, fingerd, gpm, lpr, mtools, mutt, nfs-server, talkd, ), and having to deinstall them manually each time is not very secure as one could forget a package anytime. It is also time consuming. Is there a way to prevent the installation of those packages? Why are these installed? Where is it configured? Sure, the simplest, and in my mind, smartest approach is to just not do multiple installs. Install oneto one disk, configure it as you wish, and then use `dd` to duplicate that disk as many times as needed. Here I keep a stock of comparitive Woddy installs on various media types (IDE/SCSI/installation types) for just that purpose. Got a new desktop? Got a new web server? Got a new test box? What sort of drive? Grab a matching disk off the shelf and one `dd` later its all done. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: secure install
On Thu, 15 Feb 2001 15:34:07 +0100 Raphael Bauduin [EMAIL PROTECTED] wrote: Hi, I'm looking for a way to install a debian potato as securely as possible. I would follow this procedure in the future to install a lot of servers. The problem I have is that a lot of unwanted packages get installed by default (telnetd, exim, at, bc, fingerd, gpm, lpr, mtools, mutt, nfs-server, talkd, ), and having to deinstall them manually each time is not very secure as one could forget a package anytime. It is also time consuming. Is there a way to prevent the installation of those packages? Why are these installed? Where is it configured? Sure, the simplest, and in my mind, smartest approach is to just not do multiple installs. Install oneto one disk, configure it as you wish, and then use `dd` to duplicate that disk as many times as needed. Here I keep a stock of comparitive Woddy installs on various media types (IDE/SCSI/installation types) for just that purpose. Got a new desktop? Got a new web server? Got a new test box? What sort of drive? Grab a matching disk off the shelf and one `dd` later its all done. -- J C Lawrence [EMAIL PROTECTED] -(*) http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: Extremely simple MTA
On Thu, 14 Dec 2000 08:30:15 -0700 Nathan Paul Simons [EMAIL PROTECTED] wrote: Does anyone know of any very trimmed down MTA that all it does is forward mail to a smarthost/central mailhost? i want something that doesn't even sit on port 25, and unfortunately even when i configure exim in "satellite" mode, it still keeps port 25 open. Do a web search for SSMTP -- it does exactly this. Note that a number of mail applications deliver mail directly to localhost via SMTP (eg MH) and that use of something like SSMTP will repvent their use. -- J C Lawrence [EMAIL PROTECTED] -(*): http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Extremely simple MTA
On Thu, 14 Dec 2000 08:30:15 -0700 Nathan Paul Simons [EMAIL PROTECTED] wrote: Does anyone know of any very trimmed down MTA that all it does is forward mail to a smarthost/central mailhost? i want something that doesn't even sit on port 25, and unfortunately even when i configure exim in satellite mode, it still keeps port 25 open. Do a web search for SSMTP -- it does exactly this. Note that a number of mail applications deliver mail directly to localhost via SMTP (eg MH) and that use of something like SSMTP will repvent their use. -- J C Lawrence [EMAIL PROTECTED] -(*): http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: Snort Log?
On Mon, 4 Dec 2000 20:37:39 +0100 keatch it [EMAIL PROTECTED] wrote: 3) IDS246 - MISC - Large ICMP Packet: xxx.xx.xx.xx - home_net ... What kind of game is it?. It's a AIX features (the OS that the host claims to run)? Typically with AIX this is an MTU discovery probe. -- J C Lawrence [EMAIL PROTECTED] -(*): http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: What should a Debian-security metapackage should provide?
On 04 Dec 2000 18:37:36 +0100 Tollef Fog Heen [EMAIL PROTECTED] wrote: etheral? That's an X program - I would _never_ install X on a server. :) Which does not mean that you can't install the X libraries and run ethereal from a remote X server. Yes, X clients on servers are bad. X client libraries are not so bad. -- J C Lawrence [EMAIL PROTECTED] -(*): http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: What should a Debian-security metapackage should provide?
On 04 Dec 2000 18:37:36 +0100 Tollef Fog Heen [EMAIL PROTECTED] wrote: etheral? That's an X program - I would _never_ install X on a server. :) Which does not mean that you can't install the X libraries and run ethereal from a remote X server. Yes, X clients on servers are bad. X client libraries are not so bad. -- J C Lawrence [EMAIL PROTECTED] -(*): http://www.kanga.nu/~claw/ --=| A man is as sane as he is dangerous to his environment |=--
Re: I want to try something for freedom.
On Wed, 1 Nov 2000 09:12:34 -0500 (EST) Patrick Maheral [EMAIL PROTECTED] wrote: Isn't there a provision in American (or Canadian) law that allows reverse engineering (not disassembling code) for interoperability purposes? Tell that to the DMCA, DeCSS, and the EFF. -- J C Lawrence Home: [EMAIL PROTECTED] -(*) Other: [EMAIL PROTECTED] http://www.kanga.nu/~claw/Keys etc: finger [EMAIL PROTECTED] --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
On Wed, 1 Nov 2000 09:12:34 -0500 (EST) Patrick Maheral [EMAIL PROTECTED] wrote: Isn't there a provision in American (or Canadian) law that allows reverse engineering (not disassembling code) for interoperability purposes? Tell that to the DMCA, DeCSS, and the EFF. -- J C Lawrence Home: [EMAIL PROTECTED] -(*) Other: [EMAIL PROTECTED] http://www.kanga.nu/~claw/Keys etc: finger [EMAIL PROTECTED] --=| A man is as sane as he is dangerous to his environment |=--
Re: Good Book
On Mon, 17 Jan 2000 22:39:05 -0800 Nick Jennings [EMAIL PROTECTED] wrote: Hello, Can anyone on the list recommend a good book, online or in paper form, that goes in depth on Linux Security? Prevention Detection etc. Go for the old standbys like CheswickBellovin. Very little of the security game is built on particular application specifics. A whole lot is built on patterns and behaviour. -- J C Lawrence Home: [EMAIL PROTECTED] --(*) Other: [EMAIL PROTECTED] --=| A man is as sane as he is dangerous to his environment |=--