Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)

[Lucas Albers]

I'm no expert.
I run chkrootkit on a regular basis.
Run a virus scanner it will find some exploits.
Hacafee found a few rootkits and known kernel exploits.
I use mcafee for linux.
Analyze history files for certain keywords.
The best way would be to analyze command frequency in history files and
look for infrequently occuring commands that are good indications of hack
attempts.
Look at anyone running command: uname -a

Install grsecurity, and laugh at the attempts to do buffer overruns.
Enable grsecurity acl subsystem and continue laughing.
Analyze login frequency, what country are they logging in from?
Have they logged in from this address before?
Analyze login time, 2-6am is when most exploits occur.
Look at tripwire or sash logs. (still use tripwire have not learned how to
use sash)
Look at when root logins.
Check for processes initiating outgoing connections, hackers love to wget
their files.
Check for process using a lot of memory or processor time.

Jason Lim said:
>
>>
>> One of my hats is a junior sys admin in an academic environment. I'm
>> curious as to how you know when shell users are trying to exploit a
> kernel
>> hole.
>
> chkrootkit?
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman

Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)

[Lucas Albers]

I'm no expert.
I run chkrootkit on a regular basis.
Run a virus scanner it will find some exploits.
Hacafee found a few rootkits and known kernel exploits.
I use mcafee for linux.
Analyze history files for certain keywords.
The best way would be to analyze command frequency in history files and
look for infrequently occuring commands that are good indications of hack
attempts.
Look at anyone running command: uname -a

Install grsecurity, and laugh at the attempts to do buffer overruns.
Enable grsecurity acl subsystem and continue laughing.
Analyze login frequency, what country are they logging in from?
Have they logged in from this address before?
Analyze login time, 2-6am is when most exploits occur.
Look at tripwire or sash logs. (still use tripwire have not learned how to
use sash)
Look at when root logins.
Check for processes initiating outgoing connections, hackers love to wget
their files.
Check for process using a lot of memory or processor time.

Jason Lim said:
>
>>
>> One of my hats is a junior sys admin in an academic environment. I'm
>> curious as to how you know when shell users are trying to exploit a
> kernel
>> hole.
>
> chkrootkit?
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: FreeBSD/ Redhat / Debian

[Russell Coker]

On Wed, 21 Jan 2004 11:12, Jose Alberto Guzman <[EMAIL PROTECTED]> wrote:
>   As for the time consuming job part, it may be so, if your hardware is
> something like a pentium mmx, nowadays it takes less than 3 or 4 minutes
> to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login
> prompt.

If you compile a kernel that has the bare minimum of features needed for one 
machine then this may be the case.  If you compile a kernel suitable for many 
machines on a low-end P3 machine (such as the P3-650 I use) then it can take 
quite a bit longer.  Also there is the issue of maintaining kernel patches 
where necessary and testing.

The release of a new kernel demands a minimum of 6 hours work for me, although 
that includes producing 4 different kernel-patch packages for Debian...

But there are kernel-image packages available which remove a lot of this work.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: FreeBSD/ Redhat / Debian

[Russell Coker]

On Wed, 21 Jan 2004 11:12, Jose Alberto Guzman <[EMAIL PROTECTED]> wrote:
>   As for the time consuming job part, it may be so, if your hardware is
> something like a pentium mmx, nowadays it takes less than 3 or 4 minutes
> to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login
> prompt.

If you compile a kernel that has the bare minimum of features needed for one 
machine then this may be the case.  If you compile a kernel suitable for many 
machines on a low-end P3 machine (such as the P3-650 I use) then it can take 
quite a bit longer.  Also there is the issue of maintaining kernel patches 
where necessary and testing.

The release of a new kernel demands a minimum of 6 hours work for me, although 
that includes producing 4 different kernel-patch packages for Debian...

But there are kernel-image packages available which remove a lot of this work.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: FreeBSD/ Redhat / Debian

[Jose Alberto Guzman]

Peter wrote:
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote:

	I will be new user of Debian. For quick tour I want to learn and I
want to get your advise about Comparing other OS with Debian . 

well, three really bad kernel bugs and now on 2.6 kernel so many new
things - in 2004 linux administrators will have to follow security
mailing lists very closely. it will be a time consuming job to update
kernels every x weeks. 

 It's not only when kernel bugs appear, that admins have to follow 
security lists very closely, it's just about everytime.

 As for the time consuming job part, it may be so, if your hardware is 
something like a pentium mmx, nowadays it takes less than 3 or 4 minutes 
to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login 
prompt.

Also you will have to be a security expert to get a secured system, as
neither debian nor redhat kernels are "hardened" out of the box. maybe
it´s better to take a look at adamantix.org, that is based on debian. 

 I'd partially disagree on this one. There is no such thing as a 
'secured system'. Security is a relative thing, not an absolute one.

 I believe that if the common debian admins keep their systems up to 
date with the latest security patches released by debian, they'll deter 
probably 99% of the available exploits. The remaining 1% would fall on 
the unpublished exploits or those which are 'work in progress', and thus 
only targeted and crafted for the high profile sites which should have a 
security expert in their payroll anyway.

 On the other hand, it certainly adds comfort to have a 
buffer-over-underrun-proof kernel running on the server.

if freebsd is in your choice, take a deeper look into it. seems to be
much more developed. better "jail" solution, especially interesting
for webhosting. Better accounting, better filesystem.
  What exactly is developed? *BSD is certainly based in a much older 
code base than linux, but at this point in time, I'd say that most of 
the cutting edge stuff is happening more on the linux side of the free 
unixes (hardware support, filesystems, clustering, virtualization, etc), 
also linux has had for quite a while now, a much broader base of 
_developers_ (google for "the cathedral and the bazaar").

 Is UFS a better filesystem than ext2 in terms of robustness and speed? 
*maybe*. Better than Reiserfs?hardly.


that´s how it appears to me. i have average admin knowledge and judge
only on one thing: "how much time does it cost to keep the system
running". Linux was to expensive last year.
Peter


 Also, these are just my opinions. We used to serve everything here for 
~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were 
the 2.x-3.x 'make world for update' times. Since some 4 years now we 
grown to ~11k users, and everything runs on Debian and that's just 
because of the quality that maintainers put on their packages and the 
the distro in general, and the consequent ease for updating, securing, 
and managing debian servers.


 Jose

Re: FreeBSD/ Redhat / Debian

[Jose Alberto Guzman]

Peter wrote:
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote:


	I will be new user of Debian. For quick tour I want to learn and I
want to get your advise about Comparing other OS with Debian . 


well, three really bad kernel bugs and now on 2.6 kernel so many new
things - in 2004 linux administrators will have to follow security
mailing lists very closely. it will be a time consuming job to update
kernels every x weeks. 

 It's not only when kernel bugs appear, that admins have to follow 
security lists very closely, it's just about everytime.

 As for the time consuming job part, it may be so, if your hardware is 
something like a pentium mmx, nowadays it takes less than 3 or 4 minutes 
to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login 
prompt.

Also you will have to be a security expert to get a secured system, as
neither debian nor redhat kernels are "hardened" out of the box. maybe
it´s better to take a look at adamantix.org, that is based on debian. 

 I'd partially disagree on this one. There is no such thing as a 
'secured system'. Security is a relative thing, not an absolute one.

 I believe that if the common debian admins keep their systems up to 
date with the latest security patches released by debian, they'll deter 
probably 99% of the available exploits. The remaining 1% would fall on 
the unpublished exploits or those which are 'work in progress', and thus 
only targeted and crafted for the high profile sites which should have a 
security expert in their payroll anyway.

 On the other hand, it certainly adds comfort to have a 
buffer-over-underrun-proof kernel running on the server.

if freebsd is in your choice, take a deeper look into it. seems to be
much more developed. better "jail" solution, especially interesting
for webhosting. Better accounting, better filesystem.
  What exactly is developed? *BSD is certainly based in a much older 
code base than linux, but at this point in time, I'd say that most of 
the cutting edge stuff is happening more on the linux side of the free 
unixes (hardware support, filesystems, clustering, virtualization, etc), 
also linux has had for quite a while now, a much broader base of 
_developers_ (google for "the cathedral and the bazaar").

 Is UFS a better filesystem than ext2 in terms of robustness and speed? 
*maybe*. Better than Reiserfs?hardly.


that´s how it appears to me. i have average admin knowledge and judge
only on one thing: "how much time does it cost to keep the system
running". Linux was to expensive last year.
Peter




 Also, these are just my opinions. We used to serve everything here for 
~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were 
the 2.x-3.x 'make world for update' times. Since some 4 years now we 
grown to ~11k users, and everything runs on Debian and that's just 
because of the quality that maintainers put on their packages and the 
the distro in general, and the consequent ease for updating, securing, 
and managing debian servers.



 Jose

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: courier-pop with maildir in /var/mail

[Giacomo A. Catenazzi]

Craig Schneider wrote:
Hi Guys
Have configure exim to deliver mail to
/var/mail/[EMAIL PROTECTED], now
I need to tell courier-pop and courier-imap that the mail resides here.
Any ideas ?
in /etc/courier/userdb set the user and the mail=
Or if you use other authentification methods, change
the parameter in a similar way.
ciao
cate

Re: SOP for debian isp/corporate server...

[Nate Duehr]

On Tuesday 20 January 2004 09:25 am, prasad wrote:
> hi,
>
> As many of you must have experienced, there are usual SOPs for setting
> up non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
>
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old message,
>
> What applies for isp-servers also applies for corporate servers which
> are 24/7 connected to net for things like mail etc, which need to take
> similar precautions. One of the reasons I have found, one company took
> a policy decision to not deploy to linux servers some time back, is
> becuse these rapidly moving distros like RH with insecure preinstalled
> bloat, was causing major maintainance & security hasle. Now that RH is
> out of picture, and debian just the kind of thing made for such a
> configuration, SOP will help.
>
> regards,
> prasad

I have one in my head... Debian is extraordinarily easy to keep clean in 
that when you build it you can select virtually no packages and then add 
only those that you need for the particular server you're setting up.  
Apt/Dpkg takes care of dependencies and you're off and running in no 
time.  (Hardly worth writing an SOP for -- it's that easy.  Just don't 
select any packages from tasksel or from dselect during installation.  
Then add only what you need.)

-- 
Nate Duehr, [EMAIL PROTECTED]

Re: SOP for debian isp/corporate server...

[Volker Tanger]

Greetings!

On Tue, 20 Jan 2004 21:55:37 +0530 prasad <[EMAIL PROTECTED]> wrote:

> As many of you must have experienced, there are usual SOPs for setting
> up non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find
> any old message,

SPO = Standards of Practice?  If so, see at
http://www.debian.org/doc/user-manuals#securing
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

A bare Debian install is pretty much stripped down (<50MB iirc), so not
overly much bloat here.


> One of the reasons I have found, one company took
> a policy decision to not deploy to linux servers some time back, is
> becuse these rapidly moving distros like RH with insecure preinstalled
> bloat, was causing major maintainance & security hasle. 

Well, with the current release timescale being ~2 years (3.0 was
released 2002-07-19) I won't call Debian "rapidly moving"... 
Maintenance is - as always - minimum hassle with Debian.  
:-)

Bye

Volker Tanger
ITK-Security


 

courier-pop with maildir in /var/mail

[Craig Schneider]

Hi Guys

Have configure exim to deliver mail to
/var/mail/[EMAIL PROTECTED], now
I need to tell courier-pop and courier-imap that the mail resides here.

Any ideas ?

Thanks
Craig

Re: courier-pop with maildir in /var/mail

[Giacomo A. Catenazzi]

Craig Schneider wrote:

Hi Guys

Have configure exim to deliver mail to
/var/mail/[EMAIL PROTECTED], now
I need to tell courier-pop and courier-imap that the mail resides here.
Any ideas ?
in /etc/courier/userdb set the user and the mail=
Or if you use other authentification methods, change
the parameter in a similar way.
ciao
cate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SOP for debian isp/corporate server...

[Peter Billson]

Prasad,
1)   There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto

2) There really is no SOP on "bloat" because one man's bloat is another's needed
service.

   You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your "perfect" set of packages do a:

dpkg --get-selections '*' > {some-file-name}

  You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.


  Next time you do an install do a:

dpkg --set-selections < {some-file-name}

then run apt-get dselect-upgrade


This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.


Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho



Quoting prasad <[EMAIL PROTECTED]>:

> hi,
> 
> As many of you must have experienced, there are usual SOPs for setting
> up
> non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> 
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old
> message,
> 
> What applies for isp-servers also applies for corporate servers which
> are
> 24/7 connected to net for things like mail etc, which need to take
> similar
> precautions. One of the reasons I have found, one company took a policy
> decision to not deploy to linux servers some time back, is becuse these
> rapidly moving distros like RH with insecure preinstalled bloat, was
> causing
> major maintainance & security hasle. Now that RH is out of picture, and
> debian just the kind of thing made for such a configuration, SOP will
> help.
> 
> regards,
> prasad
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> 


sting

Re: SOP for debian isp/corporate server...

[Nate Duehr]

On Tuesday 20 January 2004 09:25 am, prasad wrote:
> hi,
>
> As many of you must have experienced, there are usual SOPs for setting
> up non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
>
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old message,
>
> What applies for isp-servers also applies for corporate servers which
> are 24/7 connected to net for things like mail etc, which need to take
> similar precautions. One of the reasons I have found, one company took
> a policy decision to not deploy to linux servers some time back, is
> becuse these rapidly moving distros like RH with insecure preinstalled
> bloat, was causing major maintainance & security hasle. Now that RH is
> out of picture, and debian just the kind of thing made for such a
> configuration, SOP will help.
>
> regards,
> prasad

I have one in my head... Debian is extraordinarily easy to keep clean in 
that when you build it you can select virtually no packages and then add 
only those that you need for the particular server you're setting up.  
Apt/Dpkg takes care of dependencies and you're off and running in no 
time.  (Hardly worth writing an SOP for -- it's that easy.  Just don't 
select any packages from tasksel or from dselect during installation.  
Then add only what you need.)

-- 
Nate Duehr, [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

SOP for debian isp/corporate server...

[prasad]

hi,

As many of you must have experienced, there are usual SOPs for setting up
non-bloated, secure bare-bones Servers with respective OSs eg for solaris.

Is there SOP for debian, if not, I guess this list is better poised to
produce one. Any links, pointers... I have googled, but didn't find any old
message,

What applies for isp-servers also applies for corporate servers which are
24/7 connected to net for things like mail etc, which need to take similar
precautions. One of the reasons I have found, one company took a policy
decision to not deploy to linux servers some time back, is becuse these
rapidly moving distros like RH with insecure preinstalled bloat, was causing
major maintainance & security hasle. Now that RH is out of picture, and
debian just the kind of thing made for such a configuration, SOP will help.

regards,
prasad

Re: FreeBSD/ Redhat / Debian

[Peter]

On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote:

>
>   I will be new user of Debian. For quick tour I want to learn and I
>want to get your advise about Comparing other OS with Debian . 

well, three really bad kernel bugs and now on 2.6 kernel so many new
things - in 2004 linux administrators will have to follow security
mailing lists very closely. it will be a time consuming job to update
kernels every x weeks. 

Also you will have to be a security expert to get a secured system, as
neither debian nor redhat kernels are "hardened" out of the box. maybe
it´s better to take a look at adamantix.org, that is based on debian. 

if freebsd is in your choice, take a deeper look into it. seems to be
much more developed. better "jail" solution, especially interesting
for webhosting. Better accounting, better filesystem.

that´s how it appears to me. i have average admin knowledge and judge
only on one thing: "how much time does it cost to keep the system
running". Linux was to expensive last year.

Peter

Re: SOP for debian isp/corporate server...

[Volker Tanger]

Greetings!

On Tue, 20 Jan 2004 21:55:37 +0530 prasad <[EMAIL PROTECTED]> wrote:

> As many of you must have experienced, there are usual SOPs for setting
> up non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find
> any old message,

SPO = Standards of Practice?  If so, see at
http://www.debian.org/doc/user-manuals#securing
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

A bare Debian install is pretty much stripped down (<50MB iirc), so not
overly much bloat here.


> One of the reasons I have found, one company took
> a policy decision to not deploy to linux servers some time back, is
> becuse these rapidly moving distros like RH with insecure preinstalled
> bloat, was causing major maintainance & security hasle. 

Well, with the current release timescale being ~2 years (3.0 was
released 2002-07-19) I won't call Debian "rapidly moving"... 
Maintenance is - as always - minimum hassle with Debian.  
:-)

Bye

Volker Tanger
ITK-Security


 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

courier-pop with maildir in /var/mail

[Craig Schneider]

Hi Guys

Have configure exim to deliver mail to
/var/mail/[EMAIL PROTECTED], now
I need to tell courier-pop and courier-imap that the mail resides here.

Any ideas ?

Thanks
Craig


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SOP for debian isp/corporate server...

[Peter Billson]

Prasad,
1)   There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto

2) There really is no SOP on "bloat" because one man's bloat is another's needed
service.

   You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your "perfect" set of packages do a:

dpkg --get-selections '*' > {some-file-name}

  You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.


  Next time you do an install do a:

dpkg --set-selections < {some-file-name}

then run apt-get dselect-upgrade


This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.


Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho



Quoting prasad <[EMAIL PROTECTED]>:

> hi,
> 
> As many of you must have experienced, there are usual SOPs for setting
> up
> non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> 
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old
> message,
> 
> What applies for isp-servers also applies for corporate servers which
> are
> 24/7 connected to net for things like mail etc, which need to take
> similar
> precautions. One of the reasons I have found, one company took a policy
> decision to not deploy to linux servers some time back, is becuse these
> rapidly moving distros like RH with insecure preinstalled bloat, was
> causing
> major maintainance & security hasle. Now that RH is out of picture, and
> debian just the kind of thing made for such a configuration, SOP will
> help.
> 
> regards,
> prasad
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> 


sting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

SOP for debian isp/corporate server...

[prasad]

hi,

As many of you must have experienced, there are usual SOPs for setting up
non-bloated, secure bare-bones Servers with respective OSs eg for solaris.

Is there SOP for debian, if not, I guess this list is better poised to
produce one. Any links, pointers... I have googled, but didn't find any old
message,

What applies for isp-servers also applies for corporate servers which are
24/7 connected to net for things like mail etc, which need to take similar
precautions. One of the reasons I have found, one company took a policy
decision to not deploy to linux servers some time back, is becuse these
rapidly moving distros like RH with insecure preinstalled bloat, was causing
major maintainance & security hasle. Now that RH is out of picture, and
debian just the kind of thing made for such a configuration, SOP will help.

regards,
prasad


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: FreeBSD/ Redhat / Debian

[Peter]

On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote:

>
>   I will be new user of Debian. For quick tour I want to learn and I
>want to get your advise about Comparing other OS with Debian . 

well, three really bad kernel bugs and now on 2.6 kernel so many new
things - in 2004 linux administrators will have to follow security
mailing lists very closely. it will be a time consuming job to update
kernels every x weeks. 

Also you will have to be a security expert to get a secured system, as
neither debian nor redhat kernels are "hardened" out of the box. maybe
it´s better to take a look at adamantix.org, that is based on debian. 

if freebsd is in your choice, take a deeper look into it. seems to be
much more developed. better "jail" solution, especially interesting
for webhosting. Better accounting, better filesystem.

that´s how it appears to me. i have average admin knowledge and judge
only on one thing: "how much time does it cost to keep the system
running". Linux was to expensive last year.

Peter


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ISP / Autorization Required 4 internet connection...

[Volker Tanger]

Greetings!

On Tue, 20 Jan 2004 14:39:32 +0100 (CET) [EMAIL PROTECTED] wrote:

> I have problem with internet connection in Knoppix (latest v.). I 
> configured the network card, entered the proxy server, but mozilla 
> says that proxy needs to be autorized and it couldn't fullfill my 
> request or something like that. I could not connect even my 
> communicator in WinXp cause of due proxy autorization data. Where 
> should I look 4 the auth. info? In WinXP i can only browsee the 
> websites. In Knoppix I pinged my adress, the another lan adres, 
> server, isp, and all with response exept hosts like google.com or 
> yahoo.com. Please help!

If you're using MS Proxy oer MS-ISA Server, that will be (if configured
default or on Microsoft suggestion) to use NTLM authentication scheme.
The latter is said to be supported with Mozilla 1.6 as being the very
first one after MS-IE. What do the headers of the proxy's answer packet
tell about the auth scheme?

Bye

Volker Tanger
ITK-Security


 

ISP / Autorization Required 4 internet connection...

[reilord]

I have problem with internet connection in Knoppix (latest v.). I 
configured the network card, entered the proxy server, but mozilla 
says that proxy needs to be autorized and it couldn't fullfill my 
request or something like that. I could not connect even my 
communicator in WinXp cause of due proxy autorization data. Where 
should I look 4 the auth. info? In WinXP i can only browsee the 
websites. In Knoppix I pinged my adress, the another lan adres, 
server, isp, and all with response exept hosts like google.com or 
yahoo.com. Please help!






===
Tlen.pl zaciagnij sie! http://tlen.pl/
===

Re: ISP / Autorization Required 4 internet connection...

[Volker Tanger]

Greetings!

On Tue, 20 Jan 2004 14:39:32 +0100 (CET) [EMAIL PROTECTED] wrote:

> I have problem with internet connection in Knoppix (latest v.). I 
> configured the network card, entered the proxy server, but mozilla 
> says that proxy needs to be autorized and it couldn't fullfill my 
> request or something like that. I could not connect even my 
> communicator in WinXp cause of due proxy autorization data. Where 
> should I look 4 the auth. info? In WinXP i can only browsee the 
> websites. In Knoppix I pinged my adress, the another lan adres, 
> server, isp, and all with response exept hosts like google.com or 
> yahoo.com. Please help!

If you're using MS Proxy oer MS-ISA Server, that will be (if configured
default or on Microsoft suggestion) to use NTLM authentication scheme.
The latter is said to be supported with Mozilla 1.6 as being the very
first one after MS-IE. What do the headers of the proxy's answer packet
tell about the auth scheme?

Bye

Volker Tanger
ITK-Security


 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ISP / Autorization Required 4 internet connection...

[reilord]

I have problem with internet connection in Knoppix (latest v.). I 
configured the network card, entered the proxy server, but mozilla 
says that proxy needs to be autorized and it couldn't fullfill my 
request or something like that. I could not connect even my 
communicator in WinXp cause of due proxy autorization data. Where 
should I look 4 the auth. info? In WinXP i can only browsee the 
websites. In Knoppix I pinged my adress, the another lan adres, 
server, isp, and all with response exept hosts like google.com or 
yahoo.com. Please help!






===
Tlen.pl zaciagnij sie! http://tlen.pl/
===


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: upgrading to MySQL 4 on woody (final)

[Andreas Vent-Schmidt]

Thanks to all - it works great with backports.org!
Oh, how I love the Debian Universe... They have been thinking of 
everything, haven't they?

Andreas
Check out the www.backports.org website.
P.S.: Of cource, security is an important issue and will get lower 
when using testing or "backported" packages. But, in this particular 
case, it doesn't matter that much (there are only very little shell 
accounts on the box in question, no MySQL networking a.s.o.)
Thanks again for nice help and discussion.
--
procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710

Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com

RE: upgrading to MySQL 4 on woody (final)

[Andreas Vent-Schmidt]

Thanks to all - it works great with backports.org!

Oh, how I love the Debian Universe... They have been thinking of 
everything, haven't they?

Andreas

Check out the www.backports.org website.

P.S.: Of cource, security is an important issue and will get lower 
when using testing or "backported" packages. But, in this particular 
case, it doesn't matter that much (there are only very little shell 
accounts on the box in question, no MySQL networking a.s.o.)
Thanks again for nice help and discussion.
--
procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710

Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)

[Jason Lim]

>
> One of my hats is a junior sys admin in an academic environment. I'm
> curious as to how you know when shell users are trying to exploit a
kernel
> hole.

chkrootkit?

shell access exploits (was Re: upgrading to MySQL 4 on woody)

[Dan MacNeil]

> I have at most a week from a known kernel exploit to when one of my users
> tries to exploit via shell access.

One of my hats is a junior sys admin in an academic environment. I'm
curious as to how you know when shell users are trying to exploit a kernel
hole.

In another non academic environment and based on info from this list, I've
been running snoopy with an eye to grepping the logs for naughiness


#

On Mon, 19 Jan 2004, Lucas Albers wrote:

>
> Rod Rodolico said:
>
> > Becoming a firm believer that you CAN have it all, stability and the
> > latest packages :)
> >
> > There are other places to get backports, BTW. This one works for me.
> >
> Rod,
> Yes I agree with your statements.
> Thanks for the link I'll use it on one of my systems...
>
> But you don't explicitly have security, you have the testing delay for
> security updates, combined with the propagation time to backports from
> testing.
>
> I'm still leery of using testing for any publicly exposed service, or for
> machines with shell access.
> I have at most a week from a known kernel exploit to when one of my users
> tries to exploit via shell access.
>
> --Luke CS Sysadmin, Montana State University-Bozeman
>
>
>