Re: Mapping a netwok
On Fri, Dec 24, 2004 at 07:02:52PM +0200, naim abu darwish wrote: > Thanks Marty > I Forgot to mention that the network has routers. The main objective > is to understand the network better, and have some kind of visual aid, > like a map with the machines labeled. cheops ? Steve -- www.debian-administration.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Limiting User Commands
On Fri, Nov 05, 2004 at 03:35:11PM -0800, Stephen Le wrote: > See the example above. Users would still be able to upload their own > Perl scripts and get Apache to execute them without restriction - the > Perl script could call commands that I want to ban the users from > executing. Lots of people have commented already, but I've not seen any discussion on why you might want to do this. What kind of bad commands are you trying to prevent? Most of the dangerous commands like fdisk, etc, will be handled by the existing permissions setup. If you give people the ability to upload CGI scripts, like the perl example you mention, you've already lost - a malicious user could compile some C code statically and exectute that remotely. If you're operating a shared system and want to keep seperate web users isolated from each other using rbash, chroots or similar should be sufficient. What exactly is it that these solutions do not give you which you need? Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get upgrade
On Mon, Oct 25, 2004 at 09:20:26AM +1300, Johnno wrote: > When I do a apt-get upgrade on one the the servers here I get this error > message: > > Do you want to continue? [Y/n] > dpkg: `ldconfig' not found on PATH. > dpkg: `start-stop-daemon' not found on PATH. > dpkg: `install-info' not found on PATH. > dpkg: `update-rc.d' not found on PATH. > dpkg: 4 expected program(s) not found on PATH. > NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin. > E: Sub-process /usr/bin/dpkg returned an error code (2) > > dpkg package is install, any ideas? The error message given should be sufficient to fix the problem: > NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin. If you're running bash, you should run: PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH export PATH apt-get upgrade Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get update
On Thu, Oct 21, 2004 at 10:01:05PM +1300, Johnno wrote: > Hello All, > > When I do a apt-get update I get this error: > > Fetched 6847kB in 33s (203kB/s) > Reading Package Lists... Error! > E: Dynamic MMap ran out of room > E: Error occured while processing lg-issue29 (NewFileVer1) > E: Problem with MergeList > /var/lib/apt/lists/linux.jetstreamgames.co.nz_dist_debian_dists_sarge_main_b > inary-i386_Packages > E: The package lists or status file could not be parsed or opened. > > How do I fix this?? Place the following in the file /etc/apt/apt.conf (create it if necessary) APT::Cache-Limit "8388608"; (Adjust the number higher if you still see the same problem, that was just what I pulled from the nearest box to me). Google is your friend .. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Advice for an IP accounting program
On Wed, Oct 20, 2004 at 06:18:26AM +1000, Craig Sanders wrote: > btw, there are also two libpcap-based netflow capturers already debianised - a > netfilter/ulog alternative would be a good thing. > > fprobe - exports NetFlow V5 datagrams to a remote collector > pmacct - promiscuous mode traffic accountant > A third would be ipaudit, which I've been testing for a few months now. I will almost certainly package it shortly. ipaudit http://ipaudit.sourceforge.net/ ipaudit-web - a front end which shows graphs, etc. http://ipaudit.sourceforge.net/ipaudit-web/ Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dhcpd management
On Wed, Sep 01, 2004 at 10:15:27AM -0500, Ant wrote: > I am the admin of a relatively small ISP (about 100 customers). I am > looking for something with a decent interface to check dhcpd stats. I > currently just look at /var/dhcp/dhcpd.leases, but it doesn't produce > very good stats. I use the reportdhcp.pl script from this site: http://www.omar.org/opensource/reportdhcp/ Simple enough to setup and it shows me all the information I need to see. I'm sure freshmeat.net and/or sourceforge.net have a lot of such scripts... Steve -- Edinburgh System Administrator & Debian Developer Looking for an interesting Job - http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [mailinglists] Re: Trusting Backports and unofficial Repositories
On Wed, Jul 21, 2004 at 10:01:58AM +0200, Andreas Barth wrote: > Well, I'm also a debian developer, and I run stable on all my > machines, with the exception of my development machine. (And use some > backports from backports.org, namely spamassassin, clamav etc.) Ditto for all my servers. I have three backports 'spamassassin', 'clamav' and 'dovecot' (an IMAP server). All my desktop/non-server machines run unstable though. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logcheck Keyword Files
On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote: > I like logcheck because it is simple. But it's not packaged for Debian, so > maybe no-one here uses it. If not, what tool do you recommend for > intrusion detection? Logcheck is a good tool, and can be modified easily. It *is* packaged for Debian as you can see from this link: http://packages.debian.org/logcheck Steve -- Looking for an interesting Job - http://www.steve.org.uk/
Re: Logcheck Keyword Files
On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote: > I like logcheck because it is simple. But it's not packaged for Debian, so > maybe no-one here uses it. If not, what tool do you recommend for > intrusion detection? Logcheck is a good tool, and can be modified easily. It *is* packaged for Debian as you can see from this link: http://packages.debian.org/logcheck Steve -- Looking for an interesting Job - http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SEARCH attack
On Tue, Jun 08, 2004 at 01:07:32AM +0200, Robert Cates wrote: > OK, you've gone beyond me. What do you mean by blocking the NOP operation > or jmp/mov instruction? How would you do this with an Apache server on a > Linux platform? Presumably meaning that you'd use a rule to block the value '0x90' (That's 90 in hex) anywhere within an URL. This is because the 0x90 byte is the value for the NOP instruction on the x86 platform and is common in exploits. It's unlikely to ever occur in a legitimate request so it seems like a simple thing to do. However if you're going to do that you might as well go the whole hog and just install 'mod_security' for Apache which will allow you to filter values passed to scripts (POST / GET) as well. > Also, wouldn't replacing the www.microsoft.com with localhost (or > http://127.0.0.1/) just send the request right back to my own server, > probably even putting it in a loop? The desired affect is that it would redirect to the requestors machine. As the attacker fetches a page, and recives a redirect response it should then go off and request it. So sending out a 127.0.0.1 response should make it request a page from its own machine. However these redirects are largely pointless. Most of the worms that I've ever been hit with have ignored the redirect request anyway. So you've not achived anything. It'd be simple to test this; find a machine which is getting repeatedly hit by one of these requests and see if you can redirect it to somewhere else on your server - testing if it worked by looking at your access log. I'd be suprised if it did. Really this kind of stuff, whilst annoying and irritating in many ways, is just background noise on todays internet. Patch your boxes, and ignore exploit attempts that affect other platforms. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit
Re: SEARCH attack
On Tue, Jun 08, 2004 at 01:07:32AM +0200, Robert Cates wrote: > OK, you've gone beyond me. What do you mean by blocking the NOP operation > or jmp/mov instruction? How would you do this with an Apache server on a > Linux platform? Presumably meaning that you'd use a rule to block the value '0x90' (That's 90 in hex) anywhere within an URL. This is because the 0x90 byte is the value for the NOP instruction on the x86 platform and is common in exploits. It's unlikely to ever occur in a legitimate request so it seems like a simple thing to do. However if you're going to do that you might as well go the whole hog and just install 'mod_security' for Apache which will allow you to filter values passed to scripts (POST / GET) as well. > Also, wouldn't replacing the www.microsoft.com with localhost (or > http://127.0.0.1/) just send the request right back to my own server, > probably even putting it in a loop? The desired affect is that it would redirect to the requestors machine. As the attacker fetches a page, and recives a redirect response it should then go off and request it. So sending out a 127.0.0.1 response should make it request a page from its own machine. However these redirects are largely pointless. Most of the worms that I've ever been hit with have ignored the redirect request anyway. So you've not achived anything. It'd be simple to test this; find a machine which is getting repeatedly hit by one of these requests and see if you can redirect it to somewhere else on your server - testing if it worked by looking at your access log. I'd be suprised if it did. Really this kind of stuff, whilst annoying and irritating in many ways, is just background noise on todays internet. Patch your boxes, and ignore exploit attempts that affect other platforms. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: adding massive amount of users for .htaccess from text file
On Fri, Feb 20, 2004 at 04:05:15PM +0100, Erik D?rnbach wrote: > Hi again, > > > untested, quick and dirty > > > > #!/usr/bin/perl > > > > while (<>) { > >($username, $password)=split /:/, $_, 2; chomp($password); > >system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", > > $username, $password); > > } > Mmmh, I'm not sure why, it looks right, but now I noticed, it doesn't > work. The output looks okay, if I change the password of one user > manually in the same htaccess (user:crytpass) it works again for that > user. Maybe something wrong gets parsed after the split part (which I > don't understand myself) into the password? There's a trailing newline on the end of the "password" variable, that makes your hash correspond to something different than what you expect. Steve -- Edinburgh System Administrator & Debian Developer Looking for an interesting Job - http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian on a Dell-Server???
On Fri, Jan 02, 2004 at 07:36:44PM +0100, Daniel Holze wrote: > Anyone know, if i can Debian on an Dell-Server? > Dell says olny RedHat9 :-/ I have several big Dell boxes which came pre-installed with RedHat and were immediately wiped and replaced with Debian. (I can find a list of model numbers when I'm back in the office next week if that's useful) But to be honest if the hardware is supported under RedHat that demonstrates that the Kernel can recognise the hardware, unless there are extra drivers with RedHat. If the hardware is recognised (RAID controllers, SCSI tape devices, etc) you should be able to switch from one distribution to another pretty much without effort. (Assuming they run comparible numbered kernels). Steve --
Re: Debian on a Dell-Server???
On Fri, Jan 02, 2004 at 07:36:44PM +0100, Daniel Holze wrote: > Anyone know, if i can Debian on an Dell-Server? > Dell says olny RedHat9 :-/ I have several big Dell boxes which came pre-installed with RedHat and were immediately wiped and replaced with Debian. (I can find a list of model numbers when I'm back in the office next week if that's useful) But to be honest if the hardware is supported under RedHat that demonstrates that the Kernel can recognise the hardware, unless there are extra drivers with RedHat. If the hardware is recognised (RAID controllers, SCSI tape devices, etc) you should be able to switch from one distribution to another pretty much without effort. (Assuming they run comparible numbered kernels). Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re:
On Sat, Dec 06, 2003 at 07:27:31AM +0100, Robert Cates wrote: > the 'top' command may be what you want. > The very first line gives you the 'uptime' (another command). > There's also memory usage info very much the same to that of 'free' (another > command). A more graphical solution such as phpsysinfo might also be useful. Steve --
Re:
On Sat, Dec 06, 2003 at 07:27:31AM +0100, Robert Cates wrote: > the 'top' command may be what you want. > The very first line gives you the 'uptime' (another command). > There's also memory usage info very much the same to that of 'free' (another > command). A more graphical solution such as phpsysinfo might also be useful. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Creating custom, automated, Debian installs.
On Mon, Oct 20, 2003 at 09:47:18PM +0200, Markus Oswald wrote: > Not really answering your question about mass-installing Debian but > suggesting another solution/approach: > Did you take a look at Gibraltar Linux (www.gibraltar.at)? It's a Debian > GNU/Linux based Firewall-Distribution which will boot straight off the > CD - should be ideal for your application as many encryption tools and > kernel-patches are already applied to the stock-ISO. I didn't see that no, so thanks for the link. I'm downloading the ISO now, but I'm a little put of to see that it's going to be a commercial offering. I'm keen to stick to free software especially considering the most important components are going to be free. (I do appreciate the effort it must take to do the integration and bundling, not to mention testing. But I know that if I start suggesting a paid distribution I'll get bounced back to being told to use WatchGaurd Fireboxes or similar ..) I've just been playing with PGI the Progency installer and I'm thinking that might be enough to do the installs... Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Creating custom, automated, Debian installs.
I'm looking at putting together a large number of VPN servers, running IPSEC and PPTPD (purely for the Windows 98 machines I have to allow onto the network). What I'd like to do is create a cut down installation based upon the stock Debian install, but including a new kernel image to support the kernel-patch-mppe and kernel-patch-freeswan. Along with that I've got some different package requirements, sudo, screen, debian-updates, etc all installed as part of the basic install and no need for any XServer components. What should be my way forward? Would FAI work best or should I look at some scheme for creating a new release ISO instead? I think I want to trim down the installer such that I don't have to answer so many questions, and just input basic information like hostname, etc. Any pointers appreciated - I wasn't sure this is the best list but I assume any large ISP has some means of automated install and rollout of server machines. Apologies if this isn't the case .. Steve -- Edinburgh System Administrator : GNU/Linux, UNIX, Windows Looking for an interesting job : http://www.steve.org.uk/ pgp0.pgp Description: PGP signature