Get A Bachelor's Degree, Master's, or PhD - Classes Not Needed...colette
Academic Qualifications available from prestigious NON–ACCREDITTED universities. Do you have the knowledge and the experience but lack the qualifications? Are you getting turned down time and time again for the job of your dreams because you just don't have the right letters after your name? Get the prestige that you deserve today! Move ahead in your career today! Bachelors, Masters and PhD's available in your field! No examinations! No classes! No textbooks! Call to register and receive your qualifications within days! 24 hours a day 7 days a week! 203-286-2187 - USA twp vho skunkvzg is g vbfvdmne m wltc
RE: command logging
If your programmer gives you the diff could you please send it to me too? Thank you. Eddy Petrisor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 7:29 AM To: Dan MacNeil; [EMAIL PROTECTED] Subject: Re: command logging On Tue, Oct 28, 2003 at 10:56:53PM -0500, Dan MacNeil wrote: For a box that will have limited shell access, I'm looking for something that will log all commands. The sudo log is nice but not everything is run through sudo. There won't be many privacy issues as most users won't have shell. The goal is to review a daily report for anything unexpected: stuff like: tar -xzf rootkit.tar.gz For several servers I maintain we took the bash code and hacked it to log all commands, with usernames, to a log file. Yes, it's nosy. It's actually called 'nosy bash' by us. It's not been sent to the bash maintainers at all yet, but I could see if my coder can make a diff of it. It's come in quite handy at times. Quite handy. I didn't do that! Well, yes, you did. At 1:43:00 you type 'rm -rf /' No I didn't Yes, see, it's in the logs. Oh.. ummm... disable account Bu bye. I regualrly grep the log for keywords or sometimes tail it if I'm suspicious of someone. But for the most part, I don't ogle it constantly. Who has time for that? I'm also running grsec patches as well. Grsec didn't do the nosy bash like I wanted, so I'm keepign the nosy bash. j -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: command logging
I found snoopy to be very helpful (and packaged in Debian). Example log: Oct 29 10:57:05 onix snoopy[23669]: [arodrigo, uid:0 sid:15246]: ls -F -p -N --color=auto Oct 29 10:57:49 onix snoopy[23688]: [arodrigo, uid:0 sid:15246]: cat /var/log/control Oct 29 10:57:49 onix snoopy[23690]: [(null), uid:0 sid:15246]: grep arodrigo I am sorry I can't come up with a better output example :-) -- I don't think you trust in my self-righteous suicide ._System Of A Down_-_Chop Suey_. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim config
This one time, at band camp, Craig said: Hi Guys Does anyone happen to know how I could have Exim parse a text file with a list of users in, if they are in the file to send mail to another an exhange server else deliver to local mailbox ? Any suggestions would be welcomed. I'd take a look at the aliasfile driver - you can have a file set up similar to /etc/aliases, and redirect those addresses. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: command logging
, 2003-10-29 07:11, John Keimel : For several servers I maintain we took the bash code and hacked it to log all commands, with usernames, to a log file. Yes, it's nosy. It's actually called 'nosy bash' by us. It's not been sent to the bash maintainers at all yet, but I could see if my coder can make a diff of it. It's come in quite handy at times. Quite handy. I didn't do that! Well, yes, you did. At 1:43:00 you type 'rm -rf /' No I didn't Yes, see, it's in the logs. Oh.. ummm... disable account Bu bye. I regualrly grep the log for keywords or sometimes tail it if I'm suspicious of someone. But for the most part, I don't ogle it constantly. Who has time for that? I'm also running grsec patches as well. Grsec didn't do the nosy bash like I wanted, so I'm keepign the nosy bash. What if the user compiles zsh (or there is something similar) and uses it? Or finds a way that doesn't use bash to execute his commands? I've thought of doing something like this in the ssh server, but edned implementing it in the ssh client, because of the requirements... signature.asc Description: This is a digitally signed message part
Re: Configuring mod_ssl
Hi, I have found that I need to specify Listen 443 in addition to enabling the mod_ssl module. I notice that you do not have the directive SSLEngine On either so try putting in the aforementioned directives and see if that helps. Not sure about your unresolved symbol problem, you only need to load and configure mod_ssl to achieve SSL communications. Cheers, Fred. On Tue, 2003-10-28 at 19:00, [EMAIL PROTECTED] wrote: Hi, I'm trying to get mod_ssl configured on my server but it isn't coming together and was hoping I could get some help from the field. Below is a description of my setup and what I'm trying to do. Any guesses where I'm going wrong? I've got a server with multiple virtual hosts. For the most part, I really only need https to work for my Squirrelmail webmail pages, but may also at some point have to put in an ecommerce thing on a site to accept credit cards. It seems to me that for simplicity sake, I'd ideally like to just have all my sites be accessible identically via http and https. I'll just put in a redirect for the http version of squirrelmail to go to 443 instead of 80. Is there any good reason why I shouldn't have my docs available under http and https? Environment (debian packages) --- apache 1.3.27.0-2 apache-common 1.3.27.0-2 libapache-mod-ssl 2.8.14-3 openssl 0.9.7b-2 libssl0.9.6j-1 # apache -l Compiled-in modules: http_core.c mod_so.c mod_macro.c suexec: disabled; invalid wrapper /usr/lib/apache/suexec What I've done -- Initially, I planned to use apache-ssl to do the https, but then figured if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and easier to maintain system. So, my attempt to do that resulted in the following changes to my httpd.conf. These are in the main section and not duplicated in the Virtual hosts sections. LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so and SSLVerifyClient 0 SSLVerifyDepth 10 # generated below with openssl SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key SSLCertificateFile /etc/ssl/demoCA/certs/server.crt SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem What happens When I try to hit my home page via https, I get the following in my access_log: 10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] \x80g\x01\x03\x01 501 - And my Safari browser gives an immediate error message: Could not open the page 10.0.0.22 because Safari could not establish a secure connection to the server 10.0.0.22. Previously, I was getting the following the following error when I tried restarting apache: Cannot load /usr/lib/apache/1.3/libssl.so into server: /usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout This happened when I tried to load the apache_ssl_module in my http.conf file. I _think_ I'm not supposed to do that. If I'm correct, that module isn't necessary to run mod_ssl and is only used for apache-ssl. True? -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: command logging
On Wed, Oct 29, 2003 at 05:49:49PM +0200, ? ? wrote: ?? ??, 2003-10-29 ? 07:11, John Keimel ??: What if the user compiles zsh (or there is something similar) and uses it? Or finds a way that doesn't use bash to execute his commands? I've thought of doing something like this in the ssh server, but edned implementing it in the ssh client, because of the requirements... Yes, they could, but some of the things I'm looking for are tarballs of other shells. The vast majority of the users are non-sophisticates when it comes to the shell and it's not common knowledge that I log every command. There's a warning on login that we reserve the right to log... to cover ourselves (i.e. covers the 'notify person of monitoring' requirement legally). It's not a foolproof system, but it's better than nothing. We also had a pcsh version as well. j -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgp0.pgp Description: PGP signature
Get A Bachelor's Degree, Master's, or PhD - Classes Not Needed...colette
Academic Qualifications available from prestigious NON–ACCREDITTED universities. Do you have the knowledge and the experience but lack the qualifications? Are you getting turned down time and time again for the job of your dreams because you just don't have the right letters after your name? Get the prestige that you deserve today! Move ahead in your career today! Bachelors, Masters and PhD's available in your field! No examinations! No classes! No textbooks! Call to register and receive your qualifications within days! 24 hours a day 7 days a week! 203-286-2187 - USA twp vho skunkvzg is g vbfvdmne m wltc
RE: command logging
If your programmer gives you the diff could you please send it to me too? Thank you. Eddy Petrisor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 7:29 AM To: Dan MacNeil; debian-isp@lists.debian.org Subject: Re: command logging On Tue, Oct 28, 2003 at 10:56:53PM -0500, Dan MacNeil wrote: For a box that will have limited shell access, I'm looking for something that will log all commands. The sudo log is nice but not everything is run through sudo. There won't be many privacy issues as most users won't have shell. The goal is to review a daily report for anything unexpected: stuff like: tar -xzf rootkit.tar.gz For several servers I maintain we took the bash code and hacked it to log all commands, with usernames, to a log file. Yes, it's nosy. It's actually called 'nosy bash' by us. It's not been sent to the bash maintainers at all yet, but I could see if my coder can make a diff of it. It's come in quite handy at times. Quite handy. I didn't do that! Well, yes, you did. At 1:43:00 you type 'rm -rf /' No I didn't Yes, see, it's in the logs. Oh.. ummm... disable account Bu bye. I regualrly grep the log for keywords or sometimes tail it if I'm suspicious of someone. But for the most part, I don't ogle it constantly. Who has time for that? I'm also running grsec patches as well. Grsec didn't do the nosy bash like I wanted, so I'm keepign the nosy bash. j -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: command logging
I found snoopy to be very helpful (and packaged in Debian). Example log: Oct 29 10:57:05 onix snoopy[23669]: [arodrigo, uid:0 sid:15246]: ls -F -p -N --color=auto Oct 29 10:57:49 onix snoopy[23688]: [arodrigo, uid:0 sid:15246]: cat /var/log/control Oct 29 10:57:49 onix snoopy[23690]: [(null), uid:0 sid:15246]: grep arodrigo I am sorry I can't come up with a better output example :-) -- I don't think you trust in my self-righteous suicide ._System Of A Down_-_Chop Suey_.
Re: Exim config
This one time, at band camp, Craig said: Hi Guys Does anyone happen to know how I could have Exim parse a text file with a list of users in, if they are in the file to send mail to another an exhange server else deliver to local mailbox ? Any suggestions would be welcomed. I'd take a look at the aliasfile driver - you can have a file set up similar to /etc/aliases, and redirect those addresses. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: command logging
, 2003-10-29 07:11, John Keimel : For several servers I maintain we took the bash code and hacked it to log all commands, with usernames, to a log file. Yes, it's nosy. It's actually called 'nosy bash' by us. It's not been sent to the bash maintainers at all yet, but I could see if my coder can make a diff of it. It's come in quite handy at times. Quite handy. I didn't do that! Well, yes, you did. At 1:43:00 you type 'rm -rf /' No I didn't Yes, see, it's in the logs. Oh.. ummm... disable account Bu bye. I regualrly grep the log for keywords or sometimes tail it if I'm suspicious of someone. But for the most part, I don't ogle it constantly. Who has time for that? I'm also running grsec patches as well. Grsec didn't do the nosy bash like I wanted, so I'm keepign the nosy bash. What if the user compiles zsh (or there is something similar) and uses it? Or finds a way that doesn't use bash to execute his commands? I've thought of doing something like this in the ssh server, but edned implementing it in the ssh client, because of the requirements... signature.asc Description: This is a digitally signed message part
Re: Configuring mod_ssl
Hi, I have found that I need to specify Listen 443 in addition to enabling the mod_ssl module. I notice that you do not have the directive SSLEngine On either so try putting in the aforementioned directives and see if that helps. Not sure about your unresolved symbol problem, you only need to load and configure mod_ssl to achieve SSL communications. Cheers, Fred. On Tue, 2003-10-28 at 19:00, [EMAIL PROTECTED] wrote: Hi, I'm trying to get mod_ssl configured on my server but it isn't coming together and was hoping I could get some help from the field. Below is a description of my setup and what I'm trying to do. Any guesses where I'm going wrong? I've got a server with multiple virtual hosts. For the most part, I really only need https to work for my Squirrelmail webmail pages, but may also at some point have to put in an ecommerce thing on a site to accept credit cards. It seems to me that for simplicity sake, I'd ideally like to just have all my sites be accessible identically via http and https. I'll just put in a redirect for the http version of squirrelmail to go to 443 instead of 80. Is there any good reason why I shouldn't have my docs available under http and https? Environment (debian packages) --- apache 1.3.27.0-2 apache-common 1.3.27.0-2 libapache-mod-ssl 2.8.14-3 openssl 0.9.7b-2 libssl0.9.6j-1 # apache -l Compiled-in modules: http_core.c mod_so.c mod_macro.c suexec: disabled; invalid wrapper /usr/lib/apache/suexec What I've done -- Initially, I planned to use apache-ssl to do the https, but then figured if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and easier to maintain system. So, my attempt to do that resulted in the following changes to my httpd.conf. These are in the main section and not duplicated in the Virtual hosts sections. LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so and SSLVerifyClient 0 SSLVerifyDepth 10 # generated below with openssl SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key SSLCertificateFile /etc/ssl/demoCA/certs/server.crt SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem What happens When I try to hit my home page via https, I get the following in my access_log: 10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] \x80g\x01\x03\x01 501 - And my Safari browser gives an immediate error message: Could not open the page 10.0.0.22 because Safari could not establish a secure connection to the server 10.0.0.22. Previously, I was getting the following the following error when I tried restarting apache: Cannot load /usr/lib/apache/1.3/libssl.so into server: /usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout This happened when I tried to load the apache_ssl_module in my http.conf file. I _think_ I'm not supposed to do that. If I'm correct, that module isn't necessary to run mod_ssl and is only used for apache-ssl. True? -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED]
Re: command logging
On Wed, Oct 29, 2003 at 05:49:49PM +0200, ? ? wrote: ?? ??, 2003-10-29 ? 07:11, John Keimel ??: What if the user compiles zsh (or there is something similar) and uses it? Or finds a way that doesn't use bash to execute his commands? I've thought of doing something like this in the ssh server, but edned implementing it in the ssh client, because of the requirements... Yes, they could, but some of the things I'm looking for are tarballs of other shells. The vast majority of the users are non-sophisticates when it comes to the shell and it's not common knowledge that I log every command. There's a warning on login that we reserve the right to log... to cover ourselves (i.e. covers the 'notify person of monitoring' requirement legally). It's not a foolproof system, but it's better than nothing. We also had a pcsh version as well. j -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgpVtP2XHQjCi.pgp Description: PGP signature