Tcpwrappers
Thanks for the suggestion to read about tcpwrappers. I have also read the Security Quick-start howto and found it useful. One problem I am still coming to grips with is email. I am running qmail out of xinetd and using tcp-env for the smtp service. I tried putting the qmail daemons into hosts.allow (ie: qmail-smtpd: ALL), and then ALL:ALL in hosts.deny, but it denied access to all incoming emails. At the moment, I have ALL: PARANOID set in hosts.deny, but this won't allow some incoming emails and gives an error on the line where I have the line .domain.com.au set in hosts.allow, where ns.domain.com.au is our nameserver. Anyone know how I let all emails to our domain through, whether or not I can do a lookup on them? I know that our DNS works fine as I get the same error using a machine at home from a different ISP and different DNS server. I am assuming that hosts that fall into the PARANOID category must not have their DNS files setup right, or they may not be legitimate users. I suppose the other option is to try and run qmail using daemontools and uspci as the qmail manuals and life with qmail suggests. Thanks Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Help... SSH CRC-32 compensation attack detector vulnerability
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote: Never really looked into how reliable that is, but it's there. I'd like to see apt-get support some sort of 'reinstall' command. You mean it doesn't? I could have sworn... (alternately: apt-get clean; apt-get --download-only install $package; dpkg -i /var/cache/apt/archives/package.deb -- Jacob Kuntz http://www.lucidpark.net/ -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc msg04328/pgp0.pgp Description: PGP signature
Postfix 0.0.20011115.SNAPSHOT-1
Hi all, I ran apt-get update; apt-get upgrade on my mailserver today and have now the following problem: Whenever I try to send an email from my local pine client I get [Mail not sent. Sending error: 451 Error: queue file write error] Anybody knows why that would be? I ran postfix check with no problems found. The email is actually sent and in the log files I see a completely normal message delivery. - Thanks for your time, Peter /--\ | Dipl.-Ing. Peter Burgstaller | | Technical Assistant and System Administrator | | @ all information network services gmbh| | email: [EMAIL PROTECTED] | | phone: +43 662 452335| | fax : +43 662 452335 90 | \--/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: migration from FreeBSD 4.4 to Debian 2.2r4
On Sun, 2 Dec 2001, Patrick Hsieh wrote: If I don't want to use MD5 in my linux box, is it possible to migrate the account/password? How can I transfer the account/password from FreeBSD to Debian? I may be wrong, but I remember FreeBSD uses MD5 passwd encryption while Debian default does not. In this case, how can I migrate the account/password from FreeBSD to Linux? Is there any thing I should keep in mind? If your original passwords are in MD5, but you don't want to use MD5 then you are out of luck. (Unless you want to waste a lot of time running some password crackers.) In addition, the BSD master.passwd file is a different format than the Linux shadow + passwd file. You will need to convert this over. Look at the relevant manual pages. If you really don't want to use MD5 for your shadow file, then you can write some login/pop3d/whatever code that grabs the plain-text password (compares the MD5) and then regenerates a new hash. (For your information, I have moved BSD master.passwd files to Linux a few times. And also from Linux to BSD.) Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- BSD news and resources http://www.isp-faq.com/-- find answers to your questions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: trouble ticket system
El lun, 03-12-2001 a las 23:40, Matt Fair escribió: Would would be the best trouble ticket system to use? I took a rt, but it doesn't look as good people say it is (at least the one in the stable release). Thanks, Matt I like phpgroupware'sbut thats only me...sigh Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: trouble ticket system
On Mon, Dec 03, 2001 at 11:40:08PM -0600, Matt Fair wrote: Would would be the best trouble ticket system to use? I took a rt, but it doesn't look as good people say it is (at least the one in the stable release). - RT is good, at least it is clearly written and easily fit to your need if you know some perl. I didn't try IRM that I recently noticed in sid distribution. phpsat is not a debian package but is rather simple and good http://sourceforge.net/projects/phpsat/ finally my preferred page on that topic is http://linas.org/linux/pm.html hth mose -- mose Makina Corpus 105, avenue Parmentier http://makina-corpus.com FR 75011 PARIS P: +33 (0) 1 53 36 18 59 F: +33 (0) 1 40 21 03 39 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
File permissions
Hiya all I need to have a directory /home/public to have 1770 permissions. The group owner is smbusers and they access this directory though samba. My problem is that the directory is set on 1775 but when users create new files it doesn't carry the correct permission or group. The user that creates the file is the group and owner :( Any help or ideas would be appreciated Craig :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Tcpwrappers
Thanks for the suggestion to read about tcpwrappers. I have also read the Security Quick-start howto and found it useful. One problem I am still coming to grips with is email. I am running qmail out of xinetd and using tcp-env for the smtp service. I tried putting the qmail daemons into hosts.allow (ie: qmail-smtpd: ALL), and then ALL:ALL in hosts.deny, but it denied access to all incoming emails. At the moment, I have ALL: PARANOID set in hosts.deny, but this won't allow some incoming emails and gives an error on the line where I have the line .domain.com.au set in hosts.allow, where ns.domain.com.au is our nameserver. Anyone know how I let all emails to our domain through, whether or not I can do a lookup on them? I know that our DNS works fine as I get the same error using a machine at home from a different ISP and different DNS server. I am assuming that hosts that fall into the PARANOID category must not have their DNS files setup right, or they may not be legitimate users. I suppose the other option is to try and run qmail using daemontools and uspci as the qmail manuals and life with qmail suggests. Thanks Rob
Re: Help... SSH CRC-32 compensation attack detector vulnerability
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote: Never really looked into how reliable that is, but it's there. I'd like to see apt-get support some sort of 'reinstall' command. You mean it doesn't? I could have sworn... (alternately: apt-get clean; apt-get --download-only install $package; dpkg -i /var/cache/apt/archives/package.deb -- Jacob Kuntz http://www.lucidpark.net/ -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc pgp7khV4d9sVk.pgp Description: PGP signature
Postfix 0.0.20011115.SNAPSHOT-1
Hi all, I ran apt-get update; apt-get upgrade on my mailserver today and have now the following problem: Whenever I try to send an email from my local pine client I get [Mail not sent. Sending error: 451 Error: queue file write error] Anybody knows why that would be? I ran postfix check with no problems found. The email is actually sent and in the log files I see a completely normal message delivery. - Thanks for your time, Peter /--\ | Dipl.-Ing. Peter Burgstaller | | Technical Assistant and System Administrator | | @ all information network services gmbh| | email: [EMAIL PROTECTED] | | phone: +43 662 452335| | fax : +43 662 452335 90 | \--/
Re: migration from FreeBSD 4.4 to Debian 2.2r4
On Sun, 2 Dec 2001, Patrick Hsieh wrote: If I don't want to use MD5 in my linux box, is it possible to migrate the account/password? How can I transfer the account/password from FreeBSD to Debian? I may be wrong, but I remember FreeBSD uses MD5 passwd encryption while Debian default does not. In this case, how can I migrate the account/password from FreeBSD to Linux? Is there any thing I should keep in mind? If your original passwords are in MD5, but you don't want to use MD5 then you are out of luck. (Unless you want to waste a lot of time running some password crackers.) In addition, the BSD master.passwd file is a different format than the Linux shadow + passwd file. You will need to convert this over. Look at the relevant manual pages. If you really don't want to use MD5 for your shadow file, then you can write some login/pop3d/whatever code that grabs the plain-text password (compares the MD5) and then regenerates a new hash. (For your information, I have moved BSD master.passwd files to Linux a few times. And also from Linux to BSD.) Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- BSD news and resources http://www.isp-faq.com/-- find answers to your questions
Re: migration from FreeBSD 4.4 to Debian 2.2r4
OK. It will be easy if Linux use md5 password. But, if my Linux does not use md5 and is about to migrate to md5 for easier account migration, how can I do in Debian 2.2r4? Thanks. -- Patrick Hsieh--[EMAIL PROTECTED]
Re: customizing debian apache
Hello, I think your method is very wise. But after I download the apache source by apt-get source apache, how can I rename the package so that I can build my cusmomized .deb packages? Usually, I'll dpkg-source -x package-name.dsc, then cd package-name-dir dpkg-buildpackages -uc -us -rfakeroot This will build .deb packages, right? But what files or directories should I rename? -- My suggestion: apt-get source apache rename the package, to something like apache-cmore edit the debian/control to have it Provide apache, and Conflicts with apache. Yes, this is still harder to maintain with new versions, but it is still fairly tidy. An alternative would be patching suexec to accept a run-time path (from what I gather, this is non-trivial) -- Patrick Hsieh--[EMAIL PROTECTED]
trouble ticket system
Would would be the best trouble ticket system to use? I took a rt, but it doesn't look as good people say it is (at least the one in the stable release). Thanks, Matt
