Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
I'm no expert. I run chkrootkit on a regular basis. Run a virus scanner it will find some exploits. Hacafee found a few rootkits and known kernel exploits. I use mcafee for linux. Analyze history files for certain keywords. The best way would be to analyze command frequency in history files and look for infrequently occuring commands that are good indications of hack attempts. Look at anyone running command: uname -a Install grsecurity, and laugh at the attempts to do buffer overruns. Enable grsecurity acl subsystem and continue laughing. Analyze login frequency, what country are they logging in from? Have they logged in from this address before? Analyze login time, 2-6am is when most exploits occur. Look at tripwire or sash logs. (still use tripwire have not learned how to use sash) Look at when root logins. Check for processes initiating outgoing connections, hackers love to wget their files. Check for process using a lot of memory or processor time. Jason Lim said: > >> >> One of my hats is a junior sys admin in an academic environment. I'm >> curious as to how you know when shell users are trying to exploit a > kernel >> hole. > > chkrootkit? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- --Luke CS Sysadmin, Montana State University-Bozeman
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
I'm no expert. I run chkrootkit on a regular basis. Run a virus scanner it will find some exploits. Hacafee found a few rootkits and known kernel exploits. I use mcafee for linux. Analyze history files for certain keywords. The best way would be to analyze command frequency in history files and look for infrequently occuring commands that are good indications of hack attempts. Look at anyone running command: uname -a Install grsecurity, and laugh at the attempts to do buffer overruns. Enable grsecurity acl subsystem and continue laughing. Analyze login frequency, what country are they logging in from? Have they logged in from this address before? Analyze login time, 2-6am is when most exploits occur. Look at tripwire or sash logs. (still use tripwire have not learned how to use sash) Look at when root logins. Check for processes initiating outgoing connections, hackers love to wget their files. Check for process using a lot of memory or processor time. Jason Lim said: > >> >> One of my hats is a junior sys admin in an academic environment. I'm >> curious as to how you know when shell users are trying to exploit a > kernel >> hole. > > chkrootkit? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
On Wed, 21 Jan 2004 11:12, Jose Alberto Guzman <[EMAIL PROTECTED]> wrote: > As for the time consuming job part, it may be so, if your hardware is > something like a pentium mmx, nowadays it takes less than 3 or 4 minutes > to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login > prompt. If you compile a kernel that has the bare minimum of features needed for one machine then this may be the case. If you compile a kernel suitable for many machines on a low-end P3 machine (such as the P3-650 I use) then it can take quite a bit longer. Also there is the issue of maintaining kernel patches where necessary and testing. The release of a new kernel demands a minimum of 6 hours work for me, although that includes producing 4 different kernel-patch packages for Debian... But there are kernel-image packages available which remove a lot of this work. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: FreeBSD/ Redhat / Debian
On Wed, 21 Jan 2004 11:12, Jose Alberto Guzman <[EMAIL PROTECTED]> wrote: > As for the time consuming job part, it may be so, if your hardware is > something like a pentium mmx, nowadays it takes less than 3 or 4 minutes > to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login > prompt. If you compile a kernel that has the bare minimum of features needed for one machine then this may be the case. If you compile a kernel suitable for many machines on a low-end P3 machine (such as the P3-650 I use) then it can take quite a bit longer. Also there is the issue of maintaining kernel patches where necessary and testing. The release of a new kernel demands a minimum of 6 hours work for me, although that includes producing 4 different kernel-patch packages for Debian... But there are kernel-image packages available which remove a lot of this work. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
Peter wrote: On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. It's not only when kernel bugs appear, that admins have to follow security lists very closely, it's just about everytime. As for the time consuming job part, it may be so, if your hardware is something like a pentium mmx, nowadays it takes less than 3 or 4 minutes to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login prompt. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are "hardened" out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. I'd partially disagree on this one. There is no such thing as a 'secured system'. Security is a relative thing, not an absolute one. I believe that if the common debian admins keep their systems up to date with the latest security patches released by debian, they'll deter probably 99% of the available exploits. The remaining 1% would fall on the unpublished exploits or those which are 'work in progress', and thus only targeted and crafted for the high profile sites which should have a security expert in their payroll anyway. On the other hand, it certainly adds comfort to have a buffer-over-underrun-proof kernel running on the server. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better "jail" solution, especially interesting for webhosting. Better accounting, better filesystem. What exactly is developed? *BSD is certainly based in a much older code base than linux, but at this point in time, I'd say that most of the cutting edge stuff is happening more on the linux side of the free unixes (hardware support, filesystems, clustering, virtualization, etc), also linux has had for quite a while now, a much broader base of _developers_ (google for "the cathedral and the bazaar"). Is UFS a better filesystem than ext2 in terms of robustness and speed? *maybe*. Better than Reiserfs?hardly. that´s how it appears to me. i have average admin knowledge and judge only on one thing: "how much time does it cost to keep the system running". Linux was to expensive last year. Peter Also, these are just my opinions. We used to serve everything here for ~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were the 2.x-3.x 'make world for update' times. Since some 4 years now we grown to ~11k users, and everything runs on Debian and that's just because of the quality that maintainers put on their packages and the the distro in general, and the consequent ease for updating, securing, and managing debian servers. Jose
Re: FreeBSD/ Redhat / Debian
Peter wrote: On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. It's not only when kernel bugs appear, that admins have to follow security lists very closely, it's just about everytime. As for the time consuming job part, it may be so, if your hardware is something like a pentium mmx, nowadays it takes less than 3 or 4 minutes to recompile a 2.4, and maybe other 3 or 4 mins. from reboot to login prompt. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are "hardened" out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. I'd partially disagree on this one. There is no such thing as a 'secured system'. Security is a relative thing, not an absolute one. I believe that if the common debian admins keep their systems up to date with the latest security patches released by debian, they'll deter probably 99% of the available exploits. The remaining 1% would fall on the unpublished exploits or those which are 'work in progress', and thus only targeted and crafted for the high profile sites which should have a security expert in their payroll anyway. On the other hand, it certainly adds comfort to have a buffer-over-underrun-proof kernel running on the server. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better "jail" solution, especially interesting for webhosting. Better accounting, better filesystem. What exactly is developed? *BSD is certainly based in a much older code base than linux, but at this point in time, I'd say that most of the cutting edge stuff is happening more on the linux side of the free unixes (hardware support, filesystems, clustering, virtualization, etc), also linux has had for quite a while now, a much broader base of _developers_ (google for "the cathedral and the bazaar"). Is UFS a better filesystem than ext2 in terms of robustness and speed? *maybe*. Better than Reiserfs?hardly. that´s how it appears to me. i have average admin knowledge and judge only on one thing: "how much time does it cost to keep the system running". Linux was to expensive last year. Peter Also, these are just my opinions. We used to serve everything here for ~8k users (email, web hosting, web caching, etc.) on FreeBSD, these were the 2.x-3.x 'make world for update' times. Since some 4 years now we grown to ~11k users, and everything runs on Debian and that's just because of the quality that maintainers put on their packages and the the distro in general, and the consequent ease for updating, securing, and managing debian servers. Jose -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: courier-pop with maildir in /var/mail
Craig Schneider wrote: Hi Guys Have configure exim to deliver mail to /var/mail/[EMAIL PROTECTED], now I need to tell courier-pop and courier-imap that the mail resides here. Any ideas ? in /etc/courier/userdb set the user and the mail= Or if you use other authentification methods, change the parameter in a similar way. ciao cate
Re: SOP for debian isp/corporate server...
On Tuesday 20 January 2004 09:25 am, prasad wrote: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old message, > > What applies for isp-servers also applies for corporate servers which > are 24/7 connected to net for things like mail etc, which need to take > similar precautions. One of the reasons I have found, one company took > a policy decision to not deploy to linux servers some time back, is > becuse these rapidly moving distros like RH with insecure preinstalled > bloat, was causing major maintainance & security hasle. Now that RH is > out of picture, and debian just the kind of thing made for such a > configuration, SOP will help. > > regards, > prasad I have one in my head... Debian is extraordinarily easy to keep clean in that when you build it you can select virtually no packages and then add only those that you need for the particular server you're setting up. Apt/Dpkg takes care of dependencies and you're off and running in no time. (Hardly worth writing an SOP for -- it's that easy. Just don't select any packages from tasksel or from dselect during installation. Then add only what you need.) -- Nate Duehr, [EMAIL PROTECTED]
Re: SOP for debian isp/corporate server...
Greetings! On Tue, 20 Jan 2004 21:55:37 +0530 prasad <[EMAIL PROTECTED]> wrote: > As many of you must have experienced, there are usual SOPs for setting > up non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find > any old message, SPO = Standards of Practice? If so, see at http://www.debian.org/doc/user-manuals#securing http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html A bare Debian install is pretty much stripped down (<50MB iirc), so not overly much bloat here. > One of the reasons I have found, one company took > a policy decision to not deploy to linux servers some time back, is > becuse these rapidly moving distros like RH with insecure preinstalled > bloat, was causing major maintainance & security hasle. Well, with the current release timescale being ~2 years (3.0 was released 2002-07-19) I won't call Debian "rapidly moving"... Maintenance is - as always - minimum hassle with Debian. :-) Bye Volker Tanger ITK-Security
courier-pop with maildir in /var/mail
Hi Guys Have configure exim to deliver mail to /var/mail/[EMAIL PROTECTED], now I need to tell courier-pop and courier-imap that the mail resides here. Any ideas ? Thanks Craig
Re: courier-pop with maildir in /var/mail
Craig Schneider wrote: Hi Guys Have configure exim to deliver mail to /var/mail/[EMAIL PROTECTED], now I need to tell courier-pop and courier-imap that the mail resides here. Any ideas ? in /etc/courier/userdb set the user and the mail= Or if you use other authentification methods, change the parameter in a similar way. ciao cate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOP for debian isp/corporate server...
Prasad, 1) There is a manual on securing Debian at: http://www.debian.org/doc/manuals/securing-debian-howto 2) There really is no SOP on "bloat" because one man's bloat is another's needed service. You, however, can create your own. Basically do an install and add/strip whatever packages you want. Once you have your "perfect" set of packages do a: dpkg --get-selections '*' > {some-file-name} You will now have a list of the status of all Debian packages (i.e. installed, purged, etc.) on your system. Next time you do an install do a: dpkg --set-selections < {some-file-name} then run apt-get dselect-upgrade This will add and remove packages as needed to bring the packages on your new system exactly like the base system. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Ho Quoting prasad <[EMAIL PROTECTED]>: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up > non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old > message, > > What applies for isp-servers also applies for corporate servers which > are > 24/7 connected to net for things like mail etc, which need to take > similar > precautions. One of the reasons I have found, one company took a policy > decision to not deploy to linux servers some time back, is becuse these > rapidly moving distros like RH with insecure preinstalled bloat, was > causing > major maintainance & security hasle. Now that RH is out of picture, and > debian just the kind of thing made for such a configuration, SOP will > help. > > regards, > prasad > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > sting
Re: SOP for debian isp/corporate server...
On Tuesday 20 January 2004 09:25 am, prasad wrote: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old message, > > What applies for isp-servers also applies for corporate servers which > are 24/7 connected to net for things like mail etc, which need to take > similar precautions. One of the reasons I have found, one company took > a policy decision to not deploy to linux servers some time back, is > becuse these rapidly moving distros like RH with insecure preinstalled > bloat, was causing major maintainance & security hasle. Now that RH is > out of picture, and debian just the kind of thing made for such a > configuration, SOP will help. > > regards, > prasad I have one in my head... Debian is extraordinarily easy to keep clean in that when you build it you can select virtually no packages and then add only those that you need for the particular server you're setting up. Apt/Dpkg takes care of dependencies and you're off and running in no time. (Hardly worth writing an SOP for -- it's that easy. Just don't select any packages from tasksel or from dselect during installation. Then add only what you need.) -- Nate Duehr, [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SOP for debian isp/corporate server...
hi, As many of you must have experienced, there are usual SOPs for setting up non-bloated, secure bare-bones Servers with respective OSs eg for solaris. Is there SOP for debian, if not, I guess this list is better poised to produce one. Any links, pointers... I have googled, but didn't find any old message, What applies for isp-servers also applies for corporate servers which are 24/7 connected to net for things like mail etc, which need to take similar precautions. One of the reasons I have found, one company took a policy decision to not deploy to linux servers some time back, is becuse these rapidly moving distros like RH with insecure preinstalled bloat, was causing major maintainance & security hasle. Now that RH is out of picture, and debian just the kind of thing made for such a configuration, SOP will help. regards, prasad
Re: FreeBSD/ Redhat / Debian
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: > > I will be new user of Debian. For quick tour I want to learn and I >want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are "hardened" out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better "jail" solution, especially interesting for webhosting. Better accounting, better filesystem. that´s how it appears to me. i have average admin knowledge and judge only on one thing: "how much time does it cost to keep the system running". Linux was to expensive last year. Peter
Re: SOP for debian isp/corporate server...
Greetings! On Tue, 20 Jan 2004 21:55:37 +0530 prasad <[EMAIL PROTECTED]> wrote: > As many of you must have experienced, there are usual SOPs for setting > up non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find > any old message, SPO = Standards of Practice? If so, see at http://www.debian.org/doc/user-manuals#securing http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html A bare Debian install is pretty much stripped down (<50MB iirc), so not overly much bloat here. > One of the reasons I have found, one company took > a policy decision to not deploy to linux servers some time back, is > becuse these rapidly moving distros like RH with insecure preinstalled > bloat, was causing major maintainance & security hasle. Well, with the current release timescale being ~2 years (3.0 was released 2002-07-19) I won't call Debian "rapidly moving"... Maintenance is - as always - minimum hassle with Debian. :-) Bye Volker Tanger ITK-Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
courier-pop with maildir in /var/mail
Hi Guys Have configure exim to deliver mail to /var/mail/[EMAIL PROTECTED], now I need to tell courier-pop and courier-imap that the mail resides here. Any ideas ? Thanks Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOP for debian isp/corporate server...
Prasad, 1) There is a manual on securing Debian at: http://www.debian.org/doc/manuals/securing-debian-howto 2) There really is no SOP on "bloat" because one man's bloat is another's needed service. You, however, can create your own. Basically do an install and add/strip whatever packages you want. Once you have your "perfect" set of packages do a: dpkg --get-selections '*' > {some-file-name} You will now have a list of the status of all Debian packages (i.e. installed, purged, etc.) on your system. Next time you do an install do a: dpkg --set-selections < {some-file-name} then run apt-get dselect-upgrade This will add and remove packages as needed to bring the packages on your new system exactly like the base system. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Ho Quoting prasad <[EMAIL PROTECTED]>: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up > non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old > message, > > What applies for isp-servers also applies for corporate servers which > are > 24/7 connected to net for things like mail etc, which need to take > similar > precautions. One of the reasons I have found, one company took a policy > decision to not deploy to linux servers some time back, is becuse these > rapidly moving distros like RH with insecure preinstalled bloat, was > causing > major maintainance & security hasle. Now that RH is out of picture, and > debian just the kind of thing made for such a configuration, SOP will > help. > > regards, > prasad > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > sting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SOP for debian isp/corporate server...
hi, As many of you must have experienced, there are usual SOPs for setting up non-bloated, secure bare-bones Servers with respective OSs eg for solaris. Is there SOP for debian, if not, I guess this list is better poised to produce one. Any links, pointers... I have googled, but didn't find any old message, What applies for isp-servers also applies for corporate servers which are 24/7 connected to net for things like mail etc, which need to take similar precautions. One of the reasons I have found, one company took a policy decision to not deploy to linux servers some time back, is becuse these rapidly moving distros like RH with insecure preinstalled bloat, was causing major maintainance & security hasle. Now that RH is out of picture, and debian just the kind of thing made for such a configuration, SOP will help. regards, prasad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: > > I will be new user of Debian. For quick tour I want to learn and I >want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are "hardened" out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better "jail" solution, especially interesting for webhosting. Better accounting, better filesystem. that´s how it appears to me. i have average admin knowledge and judge only on one thing: "how much time does it cost to keep the system running". Linux was to expensive last year. Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP / Autorization Required 4 internet connection...
Greetings! On Tue, 20 Jan 2004 14:39:32 +0100 (CET) [EMAIL PROTECTED] wrote: > I have problem with internet connection in Knoppix (latest v.). I > configured the network card, entered the proxy server, but mozilla > says that proxy needs to be autorized and it couldn't fullfill my > request or something like that. I could not connect even my > communicator in WinXp cause of due proxy autorization data. Where > should I look 4 the auth. info? In WinXP i can only browsee the > websites. In Knoppix I pinged my adress, the another lan adres, > server, isp, and all with response exept hosts like google.com or > yahoo.com. Please help! If you're using MS Proxy oer MS-ISA Server, that will be (if configured default or on Microsoft suggestion) to use NTLM authentication scheme. The latter is said to be supported with Mozilla 1.6 as being the very first one after MS-IE. What do the headers of the proxy's answer packet tell about the auth scheme? Bye Volker Tanger ITK-Security
ISP / Autorization Required 4 internet connection...
I have problem with internet connection in Knoppix (latest v.). I configured the network card, entered the proxy server, but mozilla says that proxy needs to be autorized and it couldn't fullfill my request or something like that. I could not connect even my communicator in WinXp cause of due proxy autorization data. Where should I look 4 the auth. info? In WinXP i can only browsee the websites. In Knoppix I pinged my adress, the another lan adres, server, isp, and all with response exept hosts like google.com or yahoo.com. Please help! === Tlen.pl zaciagnij sie! http://tlen.pl/ ===
Re: ISP / Autorization Required 4 internet connection...
Greetings! On Tue, 20 Jan 2004 14:39:32 +0100 (CET) [EMAIL PROTECTED] wrote: > I have problem with internet connection in Knoppix (latest v.). I > configured the network card, entered the proxy server, but mozilla > says that proxy needs to be autorized and it couldn't fullfill my > request or something like that. I could not connect even my > communicator in WinXp cause of due proxy autorization data. Where > should I look 4 the auth. info? In WinXP i can only browsee the > websites. In Knoppix I pinged my adress, the another lan adres, > server, isp, and all with response exept hosts like google.com or > yahoo.com. Please help! If you're using MS Proxy oer MS-ISA Server, that will be (if configured default or on Microsoft suggestion) to use NTLM authentication scheme. The latter is said to be supported with Mozilla 1.6 as being the very first one after MS-IE. What do the headers of the proxy's answer packet tell about the auth scheme? Bye Volker Tanger ITK-Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ISP / Autorization Required 4 internet connection...
I have problem with internet connection in Knoppix (latest v.). I configured the network card, entered the proxy server, but mozilla says that proxy needs to be autorized and it couldn't fullfill my request or something like that. I could not connect even my communicator in WinXp cause of due proxy autorization data. Where should I look 4 the auth. info? In WinXP i can only browsee the websites. In Knoppix I pinged my adress, the another lan adres, server, isp, and all with response exept hosts like google.com or yahoo.com. Please help! === Tlen.pl zaciagnij sie! http://tlen.pl/ === -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: upgrading to MySQL 4 on woody (final)
Thanks to all - it works great with backports.org! Oh, how I love the Debian Universe... They have been thinking of everything, haven't they? Andreas Check out the www.backports.org website. P.S.: Of cource, security is an important issue and will get lower when using testing or "backported" packages. But, in this particular case, it doesn't matter that much (there are only very little shell accounts on the box in question, no MySQL networking a.s.o.) Thanks again for nice help and discussion. -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com
RE: upgrading to MySQL 4 on woody (final)
Thanks to all - it works great with backports.org! Oh, how I love the Debian Universe... They have been thinking of everything, haven't they? Andreas Check out the www.backports.org website. P.S.: Of cource, security is an important issue and will get lower when using testing or "backported" packages. But, in this particular case, it doesn't matter that much (there are only very little shell accounts on the box in question, no MySQL networking a.s.o.) Thanks again for nice help and discussion. -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
> > One of my hats is a junior sys admin in an academic environment. I'm > curious as to how you know when shell users are trying to exploit a kernel > hole. chkrootkit?
shell access exploits (was Re: upgrading to MySQL 4 on woody)
> I have at most a week from a known kernel exploit to when one of my users > tries to exploit via shell access. One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. In another non academic environment and based on info from this list, I've been running snoopy with an eye to grepping the logs for naughiness # On Mon, 19 Jan 2004, Lucas Albers wrote: > > Rod Rodolico said: > > > Becoming a firm believer that you CAN have it all, stability and the > > latest packages :) > > > > There are other places to get backports, BTW. This one works for me. > > > Rod, > Yes I agree with your statements. > Thanks for the link I'll use it on one of my systems... > > But you don't explicitly have security, you have the testing delay for > security updates, combined with the propagation time to backports from > testing. > > I'm still leery of using testing for any publicly exposed service, or for > machines with shell access. > I have at most a week from a known kernel exploit to when one of my users > tries to exploit via shell access. > > --Luke CS Sysadmin, Montana State University-Bozeman > > >