Re: CMS [Scanned]

2004-11-22 Thread Debian ISP 
Ross, Chris wrote:
My recollection was that the you could set up a user then grant
them an access level.  At that point, the access level applied to the
entire Mambo site.  There was not a way to set up an area for each user
then grant that user access only to that area.
If you were granted the ability to create new items, you could
do that anywhere is the site.  If you had edit rites, you could edit
anywhere in that site (or virtual site).
-Original Message-
From: David Thurman [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 22, 2004 11:02 AM
To: [EMAIL PROTECTED]
Subject: Re: CMS [Scanned]

On 11/22/04 9:17 AM, "Ross, Chris" wrote:
 

We did not see a way to get very granular with Mambo.
   

What do you mean by granular?
 

I recall seeing a module that allowed for such controls. I would send a 
link from mosforge but it looks like they are experiencing technical 
difficulties this afternoon.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: CMS [Scanned]

2004-11-22 Thread Debian ISP 
David Thurman wrote:
On 11/22/04 8:46 AM, "Ross, Chris" wrote:
 

1. Access control that would allow someone access to areas that they
have been allowed to work and no other area.
2. Web browser accessible.  GUI editor.
3. EASY to use for non technical folks!
4. Little modification needed.
   

Look at MamboServer.Com
 

We are using Mambo on a few projects. Have you found any good user 
documentation? The technical/administrative information is pretty good 
but to walk a user through the basic content creation process seems a 
little daunting.

Hal
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Virus intercepted

2004-08-02 Thread debian-isp 
A message you sent to
<[EMAIL PROTECTED]>
contained Worm.Mydoom.I and has not been delivered.

The message was received by s5.iti.lt from <[EMAIL PROTECTED]> via iu66-4.iti 
[10.4.66.4]

For your information, the original message headers were:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: 
Date: Mon, 2 Aug 2004 13:21:36 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0013_B13FF8A7.ED131BE8"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Virus intercepted

2004-08-02 Thread debian-isp 
A message you sent to
<[EMAIL PROTECTED]>
contained Worm.Mydoom.I and has not been delivered.

The message was received by s5.iti.lt from <[EMAIL PROTECTED]> via iu66-4.iti 
[10.4.66.4]

For your information, the original message headers were:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Test
Date: Mon, 2 Aug 2004 11:34:41 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0011_7AB046C4.6DFAA7ED"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Starting isp and going to use Debian

2004-02-28 Thread ivan-debian-isp 
On Sat, Feb 21, 2004 at 01:27:56PM -0600, Chris Hoover wrote:
> However, what do most of you use for:
> 
> 1. Webmail

Squirrelmail

> 2. Imap/pop access

Dovecot.  Courier-IMAP is also a popular choice.

Also recommended: your choice of amavis implementations and clamav.

> 3. User management

MySQL or PostgreSQL backend for RADIUS.  For small sites, normal UNIX
accounts for mail/web, for large sites, LDAP.

> 4. Accounting/Finances

Freeside .  Insert standard disclaimer
here.

> 5. Drive usage control (i.e. user only get 10M for mail and 15M for web)

Normal old UNIX quotas.

-- 
_ivan


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Courier-imap Outlook problem - RE: Imap && imap-ssl && pop3-ssl

2004-02-12 Thread Debian ISP 
We are using courier-imap in the configuration outlined on the marlow.dk
website.

One problem we keep having involves M$ Outlook clients. It seems that
something breaks with the communication between the server and Outlook
clients (or posssible corrupts the pst files created for each maildir).

Has anyone else been faced with this problem? Since we are unable to
convince our clients to move to Debian desktops with KMail or some other OSS
alternative, some workaround for this issue would be greatly appreciated!

Googling has not proven very helpful (only confirmed this as a problem).

Thanks in advance,

Hal

-Original Message-
From: Jose Alberto Guzman [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 8:16 PM
To: Jonathan Matthews
Cc: debian-user@lists.debian.org; debian-isp@lists.debian.org
Subject: Re: Imap && imap-ssl && pop3-ssl


Jonathan Matthews wrote:
> [Sorry for the cross-post - I think it's applicable to both -isp and
> -user.]
>
> I need to offer imap, imapssl and pop3ssl services. FWIW, imap would be
> localhost only, but -ssl services would be publically accessible.
>
> My reading thus far leads me towards Courier-imap with Exim 4
> backported to stable so I can interface with ClamAV, but feel free to
> point out something important that I've missed.
>
> Do I need to have a different instance of the server running for each
> protocol?  i.e. one listening on each port that the three services use
> as standard?
>
> Is there a server that would do the job with just one instance listening
> on all three ports?  Would there be any advantages or disadvantages to
> this?  I'm thinking locking/concurrency/that-sorta-thing.
>
> How do you deal with this situation?  Are there any gotchas I need to
> know about?  I'm guessing that using Maildirs will alleviate many of the
> problems that mboxes would create ...
>
> Any pointers/suggestions/cluebats appreciated!
>
> jc
>


  What we run here, is standard uw-imap and popa3d, with stunnel. Works
like a charm.

  I know courier could handle everything with a single hand and half the
overhead, maybe someday I'll migrate every mbox into maildir and set
that up, but in the mean time, it does a pretty job.


  José

PS
  please reply to debian-isp


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

Courier-imap Outlook problem - RE: Imap && imap-ssl && pop3-ssl

2004-02-12 Thread Debian ISP 
We are using courier-imap in the configuration outlined on the marlow.dk
website.

One problem we keep having involves M$ Outlook clients. It seems that
something breaks with the communication between the server and Outlook
clients (or posssible corrupts the pst files created for each maildir).

Has anyone else been faced with this problem? Since we are unable to
convince our clients to move to Debian desktops with KMail or some other OSS
alternative, some workaround for this issue would be greatly appreciated!

Googling has not proven very helpful (only confirmed this as a problem).

Thanks in advance,

Hal

-Original Message-
From: Jose Alberto Guzman [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 8:16 PM
To: Jonathan Matthews
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Imap && imap-ssl && pop3-ssl


Jonathan Matthews wrote:
> [Sorry for the cross-post - I think it's applicable to both -isp and
> -user.]
>
> I need to offer imap, imapssl and pop3ssl services. FWIW, imap would be
> localhost only, but -ssl services would be publically accessible.
>
> My reading thus far leads me towards Courier-imap with Exim 4
> backported to stable so I can interface with ClamAV, but feel free to
> point out something important that I've missed.
>
> Do I need to have a different instance of the server running for each
> protocol?  i.e. one listening on each port that the three services use
> as standard?
>
> Is there a server that would do the job with just one instance listening
> on all three ports?  Would there be any advantages or disadvantages to
> this?  I'm thinking locking/concurrency/that-sorta-thing.
>
> How do you deal with this situation?  Are there any gotchas I need to
> know about?  I'm guessing that using Maildirs will alleviate many of the
> problems that mboxes would create ...
>
> Any pointers/suggestions/cluebats appreciated!
>
> jc
>


  What we run here, is standard uw-imap and popa3d, with stunnel. Works
like a charm.

  I know courier could handle everything with a single hand and half the
overhead, maybe someday I'll migrate every mbox into maildir and set
that up, but in the mean time, it does a pretty job.


  José

PS
  please reply to debian-isp


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

[ANNOUNCE] Freeside 1.4.1, open-source billing for ISPs

2003-08-14 Thread ivan-debian-isp 
Hi,

I'm pleased to announce the release of Freeside 1.4.1.

Freeside is an open-source, web-based billing and account administration
package for ISPs, web hosting providers, and other online businesses.

You can download the new version, read the documentation, and play with
a web demo at .

Although Freeside is free software, it is supported commercially with
installation, customization, training and support services.  Please
consider our services and help support the development of the software!

ObDebian: Freeside is not yet packaged (assistance is welcome)
but all dependances are packaged.

Significant changes since 1.4.0:

Major:
- New package price plans to charge for online time or bandwidth based
  on direct query if a FreeRADIUS, ICRADIUS or Radiator radacct table.
  Time online and bandwidth used this billing cycle shown on view
  account screen.
- ACH (electronic check) and phone-bill billing support.
- MySQL 4.1.0 is available with subquery support; updated the install
  documentation, testing is welcome

New reports:
- suspended package browse
- package definition report by # of active customer packages (with links 
  to customer package listing)
- payments report by type and/or date range

Web UI:
- relaxed "first package" restrictions; will find any appropriate
  service with quantity 1
- "Cancel this customer" button to cancel all packages.
- Change package option for easy package changes
- "Unprovision" option for individual accounts
- "unapply payment" option

Exports:
- Suspension and unsuspension hooks added
- Apache
- LDAP
- Added realms/domains to SQL RADIUS export (ICRADIUS, FreeRADIUS,
  Radiator)
- vpopmail commands (shellcommands_withdomain)

Misc:
- Web-based CSV customer and charge import
- payby-default config file and ability to hide billing information
- "Future cancellation" aka "package expiration"
- New "FTP upload" invoice event
- svc_acct-alldomains config file enables accounts to select any domain
- signup server now has separate  for state and country (no more
  "AL / US") and respects statedefault and countrydefault
- documentation updates, bugfixes and performance optimizations (works
  with current Mason and PostgreSQL)


-- 
_ivan


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Unidentified subject!

2003-06-27 Thread bounce-debian-isp=archive=jab . org 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Unidentified subject!

2003-06-27 Thread bounce-debian-isp=archive=jab . org 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

radiusd-freeradius

2003-05-30 Thread ivan-debian-isp 
Can anyone briefly summarize the current state of the radiusd-freeradius
packages?  From what I can tell, the packages were withdrawn for
some combination of immaturity/stability/maintainer interest, but there
was also an issue with the rlm_pgsql module linking with SSL - was that
ever resolved?

I'm probably interested in reviving radiusd-freeradius if I'm not
stepping on anyone's toes.

Or have folks switched to other RADIUS servers?  Is there anything else
that authenticates from and logs to MySQL/PgSQL databases?  using the
same schema or a different schema?

-- 
_ivan


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

radiusd-freeradius

2003-05-30 Thread ivan-debian-isp 
Can anyone briefly summarize the current state of the radiusd-freeradius
packages?  From what I can tell, the packages were withdrawn for
some combination of immaturity/stability/maintainer interest, but there
was also an issue with the rlm_pgsql module linking with SSL - was that
ever resolved?

I'm probably interested in reviving radiusd-freeradius if I'm not
stepping on anyone's toes.

Or have folks switched to other RADIUS servers?  Is there anything else
that authenticates from and logs to MySQL/PgSQL databases?  using the
same schema or a different schema?

-- 
_ivan

Firewall on compac flash

2003-05-23 Thread debian-isp 
Hi ! 
We are just considering if we should try to set up our firewall on a 
Rackmountsystem with only 
Compac flash card and onboard cpu. Which would reduce a least the possibility 
of a harddisk crash, and would provide an easy possiblity to swap cards when 
there is a problem. 
The compac flash card (available also with 512MB is acting like a harddisk... 
Any experience with that kind of hardware ? 


__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de

 Wir stellen aus ==

Nicht auf der CeBIT, sondern auf der noris.tech Hausmesse
am 04.06.2003 zum Thema Datenmanagement. Weitere Infos und 
Anmeldung unter http://www.netways.de/hausmesse.html

 Wir stellen aus ==

Unidentified subject!

2003-03-31 Thread bounce-debian-isp=archive=jab . org 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Unidentified subject!

2003-03-30 Thread bounce-debian-isp=archive=jab . org 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: AW: Installing Mailman

2003-03-27 Thread debian-isp 
Hi ! 

>I'm a newbie when it comes to the more complex aspects of 
>debian, so if you 
>could send me step by step instructions on getting my install 
>to work, that 
>would be really appreciated.  I haven't tried anything that I 
>didn't know 
>how to undo.  I would like to get Mailman running Postfix if 
>that makes a 
>difference.

Actually it was very easy, as most installs with deb. Packages are, to install 
mailman. 
For the : 
Apt-get install mailman worked out of the box. 
I am also running postfix and I have set up mailman with a couple of list under 
different domains. You don´t need to run
./configure anywhere  The only thing I had to do was setting an alias for 
die mailman cgis .
Anyway I don´t know if this is OT here ... 

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de

AW: AW: Installing Mailman

2003-03-27 Thread debian-isp 
Hi ! 

>I'm a newbie when it comes to the more complex aspects of 
>debian, so if you 
>could send me step by step instructions on getting my install 
>to work, that 
>would be really appreciated.  I haven't tried anything that I 
>didn't know 
>how to undo.  I would like to get Mailman running Postfix if 
>that makes a 
>difference.

Actually it was very easy, as most installs with deb. Packages are, to install 
mailman. 
For the : 
Apt-get install mailman worked out of the box. 
I am also running postfix and I have set up mailman with a couple of list under 
different domains. You don´t need to run
./configure anywhere  The only thing I had to do was setting an alias for die 
mailman cgis .
Anyway I don´t know if this is OT here ... 

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: Installing Mailman

2003-03-26 Thread debian-isp 
>Any help on this would be great, thanks

What are your problems ? I just finnished an installation ... 

>Alex
>
>
>
>-- 
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact 
>[EMAIL PROTECTED]
>
>

AW: Installing Mailman

2003-03-26 Thread debian-isp 
>Any help on this would be great, thanks

What are your problems ? I just finnished an installation ... 

>Alex
>
>
>
>-- 
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact 
>[EMAIL PROTECTED]
>
>


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Vserver

2003-03-13 Thread debian-isp 
Hi all ! 
I just came across the vserver project... Sounds really good, if you have 
different costommers with differnt needs. 
http://www.solucorp.qc.ca/miscprj/s_context.hc
Anyone experience with it ? 


__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de

Vserver

2003-03-13 Thread debian-isp 
Hi all ! 
I just came across the vserver project... Sounds really good, if you have different 
costommers with differnt needs. 
http://www.solucorp.qc.ca/miscprj/s_context.hc
Anyone experience with it ? 


__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: 400 000 mails in 12 Hours

2003-02-28 Thread debian-isp 
Hi all ! 
Thanks very much, for all the help. As soon as the project starts, 
and we have accomplished the task; I´ll let you know how we did it. 

Thanks very much 

>
>
>Nik,
>
>If you cannot find a solution to your mail delivery challenge 
>using commodity MTAs such as postfix, my company has an opt-in 
>mail delivery service which can meet your needs if you want to 
>outsource.  Obviously there would be bandwidth, etc. costs 
>involved, which would depend largely upon the total number of 
>recipients you have, concentration of recipients on domains 
>with aggressive "spam" filters (e.g. aol.com) that require 
>messages to be individually delivered, etc; and how often you 
>need to send these messages with large attachments.
>
>I hope your commodity solution pans out, but if you need to go 
>to the expense of outsourcing, our company has custom delivery 
>software that can most certainly meet your needs.  We have 
>plenty of transit available to meet the lofty 100Mbit/sec 
>projection that another debian-isp poster made based on 100% 
>individual deliveries, as well.
>
>--
>Jeff S Wheeler <[EMAIL PROTECTED]>
>
>On Thu, 2003-02-27 at 06:10, debian-isp wrote:
>> Hi all !
>> I have the task of setting up a mailserver capabel of 
>sending 400 000 mail in a max time of 12 hours. 
>> All mails have an attachment of 1 mb. The system should be a 
>mailer for a newsletter system. As I made quite a couple of 
>things with postfix, my concern is the amount and 
>considerations which have to be made when handling such an amount. 
>> 
>
>
>

AW: 400 000 mails in 12 Hours

2003-02-28 Thread debian-isp 
Hi all ! 
Thanks very much, for all the help. As soon as the project starts, 
and we have accomplished the task; I´ll let you know how we did it. 

Thanks very much 

>
>
>Nik,
>
>If you cannot find a solution to your mail delivery challenge 
>using commodity MTAs such as postfix, my company has an opt-in 
>mail delivery service which can meet your needs if you want to 
>outsource.  Obviously there would be bandwidth, etc. costs 
>involved, which would depend largely upon the total number of 
>recipients you have, concentration of recipients on domains 
>with aggressive "spam" filters (e.g. aol.com) that require 
>messages to be individually delivered, etc; and how often you 
>need to send these messages with large attachments.
>
>I hope your commodity solution pans out, but if you need to go 
>to the expense of outsourcing, our company has custom delivery 
>software that can most certainly meet your needs.  We have 
>plenty of transit available to meet the lofty 100Mbit/sec 
>projection that another debian-isp poster made based on 100% 
>individual deliveries, as well.
>
>--
>Jeff S Wheeler <[EMAIL PROTECTED]>
>
>On Thu, 2003-02-27 at 06:10, debian-isp wrote:
>> Hi all !
>> I have the task of setting up a mailserver capabel of 
>sending 400 000 mail in a max time of 12 hours. 
>> All mails have an attachment of 1 mb. The system should be a 
>mailer for a newsletter system. As I made quite a couple of 
>things with postfix, my concern is the amount and 
>considerations which have to be made when handling such an amount. 
>> 
>
>
>


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

400 000 mails in 12 Hours

2003-02-27 Thread debian-isp 
Hi all ! 
I have the task of setting up a mailserver capabel of sending 400 000 mail in a 
max time of 12 hours. 
All mails have an attachment of 1 mb. The system should be a mailer for a 
newsletter system. As I made quite a couple of things with postfix, my concern 
is the amount and considerations which have to be made when handling such an 
amount. 

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de

400 000 mails in 12 Hours

2003-02-27 Thread debian-isp 
Hi all ! 
I have the task of setting up a mailserver capabel of sending 400 000 mail in a max 
time of 12 hours. 
All mails have an attachment of 1 mb. The system should be a mailer for a newsletter 
system. As I made quite a couple of things with postfix, my concern is the amount and 
considerations which have to be made when handling such an amount. 

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: Apache Virtual Hosts Chroot ?

2003-02-25 Thread debian-isp 
>
>How about running PHP in safe mode?  In safe mode (as far as I
>understand) user scripts can only access files with the same uid.

Hm but they do have the same uid as they are uploaded via http and under the 
webserver user ... 

>
>On Tue, 2003-02-25 at 20:15, debian-isp wrote:
>> Hi all !
>> 
>> I am just asking myself how to secure our webserver with a couple of 
>> virtual hosts.
>> Currently we have a large installation of typo3 running. It 
>has a feature called fileadmin with which you can easily 
>upload files. As it is thereby possible to upload php scripts 
>and execute via the browser it is to my opionion possible to 
>access other users files. As the webserver and the files all 
>have the same user, needed by the system. 
>> Is there a way to secure this: 
>> 
>> - chrooting virtual hosts in apache ?
>> - running multiple instances of apache 
>> - some kind of security system with users and groups 
>> - using directory settings ? 
>> 
>> Any ideas
>> 
>> __
>> Nik Engel NETWAYS GmbH
>> Senior Systems Engineer   Deutschherrnstr. 47a
>> Fon.0911/92885-13 D-90429 Nürnberg
>> Fax.0911/92885-33
>> [EMAIL PROTECTED] www.netways.de
>> 
>
>

Apache Virtual Hosts Chroot ?

2003-02-25 Thread debian-isp 
Hi all ! 

I am just asking myself how to secure our webserver with a couple of virtual 
hosts. 
Currently we have a large installation of typo3 running. It has a feature 
called fileadmin with which you can easily upload files. As it is thereby 
possible to upload php scripts and execute via the browser it is to my opionion 
possible to access other users files. As the webserver and the files all have 
the same user, needed by the system. 
Is there a way to secure this: 

- chrooting virtual hosts in apache ? 
- running multiple instances of apache 
- some kind of security system with users and groups 
- using directory settings ? 

Any ideas

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de

AW: Apache Virtual Hosts Chroot ?

2003-02-25 Thread debian-isp 
>
>How about running PHP in safe mode?  In safe mode (as far as I
>understand) user scripts can only access files with the same uid.

Hm but they do have the same uid as they are uploaded via http and under the webserver 
user ... 

>
>On Tue, 2003-02-25 at 20:15, debian-isp wrote:
>> Hi all !
>> 
>> I am just asking myself how to secure our webserver with a couple of 
>> virtual hosts.
>> Currently we have a large installation of typo3 running. It 
>has a feature called fileadmin with which you can easily 
>upload files. As it is thereby possible to upload php scripts 
>and execute via the browser it is to my opionion possible to 
>access other users files. As the webserver and the files all 
>have the same user, needed by the system. 
>> Is there a way to secure this: 
>> 
>> - chrooting virtual hosts in apache ?
>> - running multiple instances of apache 
>> - some kind of security system with users and groups 
>> - using directory settings ? 
>> 
>> Any ideas
>> 
>> __
>> Nik Engel NETWAYS GmbH
>> Senior Systems Engineer   Deutschherrnstr. 47a
>> Fon.0911/92885-13 D-90429 Nürnberg
>> Fax.0911/92885-33
>> [EMAIL PROTECTED] www.netways.de
>> 
>
>


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Apache Virtual Hosts Chroot ?

2003-02-25 Thread debian-isp 
Hi all ! 

I am just asking myself how to secure our webserver with a couple of virtual hosts. 
Currently we have a large installation of typo3 running. It has a feature called 
fileadmin with which you can easily upload files. As it is thereby possible to upload 
php scripts and execute via the browser it is to my opionion possible to access other 
users files. As the webserver and the files all have the same user, needed by the 
system. 
Is there a way to secure this: 

- chrooting virtual hosts in apache ? 
- running multiple instances of apache 
- some kind of security system with users and groups 
- using directory settings ? 

Any ideas

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: Bandwidth monitoring

2003-02-12 Thread debian-isp 
>I'm not sure what tool you want. My reading is, that you want 
>to graph statistics for each customer, but not having an own 
>IP address for each customer.

First step I wanted to have a overview of different hosts behind my firewall. 
So I used ipacsum on the firewall. Creating different rules for alle 
Ip Adresses in the DMZ Zone. 
Anyway it proofed to be quite unbelivable what the results where: 


My config : 

# DMZ
incoming|in|eth0|all||
outgoing|out|eth0|all||

# Der gesammte Traffic der über das Eth1 interface geht
all_traffic|in|eth1|all||
all_traffic|out|eth1|all||

# dmz1

cebratest|in|eth1|all||dmz1.netways.de
cebratest|out|eth1|all|dmz1.netways.de|


# dmz2 
desire|in|eth1|all||dmz2.netways.de
desire|out|eth1|all|dmz2.netways.de|

# dmz3
isidor|in|eth1|all||dmz3.netways.de
isidor|out|eth1|all|dmz3.netways.de|

# firewall2
zola|in|eth1|all||firewall2.netways.de
zola|out|eth1|all|firewall2.netways.de|

# firewall1
arthur|in|eth1|all||firewall1.netways.de
arthur|out|eth1|all|firewall1.netways.de|


I can never figure out how to read the results, simple
Math prove that something is not right ! 


>I am not aware of such a tool, however, some perl combined 
>with RRDtool should be able to do this (makes the graph, but 
>does not give anything to create your bill), along with the 
>already mentioned solution of inserting everything from the 
>logs into an SQL database, where you also can do graphing and 
>billing from.
>
>If anyone knows a free application for such a task, please report. :)
>
>
>MfG/Regards, Alexander
>
>-- 
>Alexander Reelsen   http://tretmine.org
>[EMAIL PROTECTED]
>
>
>-- 
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact 
>[EMAIL PROTECTED]
>
>


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

AW: Bandwidth monitoring

2003-02-12 Thread debian-isp 
>> When installing servers in a colocated environment what do people
>> suggest for monitoring bandwidth used by virtual hosts on
>that server?
>
>Hello
>
>You can try modlogan (http://www.modlogan.org/), we are using
>it for IIS,
>Apache(clf) and Proftpd logs.

Hm looks like a mixture of webalizer http://webalizer.org/ or awstats 
http://awstats.sourceforge.net/

For me it would be interessting how I can monitor traffic per 
Ip Adress reliably ( I tried ipacsum ) and graph the data;
I gues it is only possible by assinging each customer a seperate 
IP address and then .. What do you use ?

Nik Engel

__
Nik Engel NETWAYS GmbH
Senior Systems Engineer   Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33   
[EMAIL PROTECTED] www.netways.de 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

new photos from my party!

2002-01-28 Thread bounce-debian-isp=archive=jab . org 


Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!


begin 666 www.myparty.yahoo.com
M35J0``,$__\``+@`0```
M@`X?N@X`M`G-(;@!3,TA5&AIP$`0``BT4,4U97BP"CH`%!`.@0!!2_^V?W!&0)`<#XA;?>2;.S5P]1E>!\CY#;?OQR$3'(/$$%H2P5[#PU%MV1*V
M43W4&#W^?MFUFX)J`FJS-Q;<#(U%^%`>L+;%#.I9%AC_=?C-_37L"A7\4:-H
M=#Y6$G;]]NYCC;R+3?AT,]([P;`[5?QT""?[OHO/%8T$"8D-H%`]Q/E&&Q9[
MUB"E\VJ%V&$AH@`9IF6Y+=O+`/TSV\8'_VX4Q`9+LS5;#`%A!@)P`[-U#S=S
M:-A5_\E0$01+LS1;=`8%909R!R=;LS1`"&=""0I;<[)T#6P+#"YK#>;O9#L^
M#@],B)T0/&+?=J@8#.(4OL@&FP'W9L]D)0!0L08O[K\-/QL-CC_
MT/?Q.<;&_S?2!9P7?'0,COUAK003*T.#QP0[+W+6]]L1-@M;%8/L(E=J9(`E
M-T-C8^$`7Y_\91G!FM']2W=H`,GW`8")??C'1?0)`.Z&6[EZE"%8=5/(BS68
M#!]==VN0&FCX/%`R]`9U9,R9[OS_UB(G.1^0F\T-&>`$2YSK#C<6C&0*HY91
MB/[#>P0`&FQ9DQ]\@4`4;`??_0N[+5`4;A"+\/"-KYU?5MR24R"*
MPX!EFJYSO_P$,8A%_LG-C`/P_MW)YMA`4*(SF!X::-AWLKI`45`;=`H@UH>'
M,?:%?/L#?+(/6Y"47ZQ9<'//;,<%#U"]>\EL4,"I@[U\$@(/E,#U36B#P61P
M$&`=>1O(KTP%G%"!G&AX2>J:!AVF%!!0EB62(>P#SJ?135Z23#$CSV%=7\5EN1P;8.\G80/$$/@D$E/%H/ASDWG&W`H7;R_8NLP>OR\N)5?0"[`C>
M+E&V=SA%"83`,XB$%8OM;K\00D$?=NDA@*0/NCW^[&^]!C!\#0@Y#XYH`CV%
MO^;K#"D>C0Q)28`$,,+);N:$21YJ+MS<9U]@9ZXQ-H/I`S<10IX<81\$\0$J
M)3D9!='V"ME"0@UYMCI82');I2P5AZ!N4/N^BS7)&2YV2HJ$-14\]&6S\$*A
M.7X@J7Q^&`NW%G8'6GZQ0-X\+C$\P=G9VRUT#U]U%$-&6CL<9I:^@7*_ZP?8
M"%[V+Y=,LO\P"G\&1_8D5_:#_P5_1-DY70C"X"#0W/,(1'4NOB.;#G9TT?\V
M]X.,#GPC"VQ,QFH]X$#L"`?^[#6)7>1V;:T*'ORW3SP*68AFWHL-%DZ)!(V3=!7_2;$-!B?448-99_A&
MN-W4Y3MU@I/\%[O(#^CTA5S:R_B&>0&-#!CFR0.Y@QC^20%!`=GT+;1YTT@'P#"`T@\#X>`KY!GD$3"@(==?@-+MQ@4YR".]I<"(O#=A?_
MEVW;=3#=!S\P=`=(.\)W[NL#C3YA_]-X`I?#`\H[V7,8(4`[P7*M,[U=!$BK
M"(7_B\B#2-]J'VYZA*79]CL+Q?2+SW=\>0ZD&)(U1DT(=N@Y\A$KEPT%/2^[
MHB6)`S-\/5#N,!BD`Z25@R5>\V=;%9==4ZEYD2KE+W!)JQ:T\`4
M'CP@OVNF`&CG`\O4/=+9>,2'@+AW?ES0GIJ]P@UHJ(*6622A9:V"?(`5F;5*
M7V34#A^2S:_-MJD+`71&%^B[F/WL<&K85U/%,RHU&]G1Q3KP*2!,"C)4XNPV
M+>O0%R'EK$:`(:$B5D5J!M1<2N0Q6K9*#J34Q
M+?ZQ52);MA>;4=,Y58$M2I?3""O85`RH-VJ/]0PMV0QT"WM*X3_XMW3K@\$@
M3FI@FA5&B`P00.NVS;45'BT00;VS4(3`QY-LX),_Z]8H'.5BVD>@P,M6^$)-Z<("A1`.04@Z2%\CYG^'6B$
MRI`(3LF!T#KK((>".&LP$!X<4W%E#1O;C##:;'4-"F8$G5M]_6#K4+Z&4_`$
M_.=HD8T:6@Y9!\Q3#]A41FB($[O(LI7@D33_)9@3!9PR,C(RI*B@M#,R,C*\
MN*RP7>@/6,P`5XM\)`CK/8O`<$/AGP*+3"0$5_=,]G0/BO_/.B@H&SL.=?&+
M`;K__OY^`Y=>V.#0@_`"PG$$J0`X@73KYG[WZ(M!_"8CA.1T&JFD.`ZI@''1=BVPD%(7M
M="[]@\D<_U]HA!@3\J[WT4F%THOQ=$'[_B4^]A,1.\YV%7T6/74/5E52F7AG
M^D>L]U,1BU,$%'O[0KLP==$ILUU;PXO_1`8!"FBX-1<$%`:0D`X(/F4H&#\)
MAU1IBHG?W95=WT^+]QD4B@=&.-`BAR@0<*W^4C,"..!UQ(H.,5OJ"K>@9O\W$'1\L2^;>\==-(K"Z;_B
MC4?_#(W'HY=V?P56BW2`@\\/1@RH;'_[Q78-QP8`+LC_HL.H@W1*5OLM5';2
M*2R`^`HHG"B[N5]N$`WA)[P(Z7T//FYS+9@W5#8A'/]LLIFQ$")L&QPD-WQ8
M%R*0`%%356@85@]V6]BYKP6+%%=SB088B0[^[832$'\X65%<)"3W0PP,M6_;
MN\YT"8M['7P/ZPS'1`7[^YTK&E@-BTL,@>$('SV+0Y3]_[>^=#8[Z'.CQ8L[
MB\B+T2OHP>D"\Z6+RL8-VV\]`_.DBW/,$UX8*_!A_07S]@/(B0Z)$XG9ZW<[
M[W)(!\,66L>\4_81;-6ZW(NTS`Q.TO<3W+8OF/TK^NM:_6<05[_W;9/A*USQ
M]W1+9P/P.\>_]C7=_W(_ZRL/O@Y344_[Q_",*VU]9>
ME_1E-;8/(.T7W,'R4PP,:LH@*\6)"];>;'-X-AP:%P\6V9'LLA&0`,@O3/A;
M^K$!PUF+5,U0+E!14NDM,YL)+7PL`!5G=NW3\VI`(LH4;"$-7PF$GRP8GWP3
MLEPD)4=H6>*N0GD$$(XWZ?P.:-ATP
M/X]$M_4\*WFX%/3_`71NW06V!00"3B3O"XD==156!=/]MCXL5!366>W[6[@D_"OK%*@^$*@(;Z%"7;7V%6!&S5_/A^HM.ZZ8]0)IZ
MP_;WV!O``T@!7\<%Z'X6=!H(L[D1`?YCT.`))V`\BP(Z`74N"OX"MS%I=NK&101`QUM;H%M"Y8$&G7KP.WPT-JWD&71X$##"T.=
M=,_6[2Z5`D)$Z4$PX!,"J'F:K[5F6#-;TLK)'TALH,&`ZXQO@^P@/]?5=$R##C:P-J]#A4LEG&!7HX!=&7SX`?00"P_\+7QK`2@8]@/0-?F8]?PO\
M?WU?^UYCJ2L+["M:>U!R[EGNLE%\H004_X29]_UHL`^J36P0B+H-"&#=R],V
MBU0KP5)!##PX'!"!].=96\">'T!1?/!#A'3<[8VU!GA!#7X_N3PNK_TE_H69
M]_DTB19]#@/1!5_M]L-K&Q;%N(F(`/?I&+7PC1H)A+9J)%A!]32UJS24+V`@'+RQ0#?LK
MF_A_'X/`'S5L`3U&%$@-1`+`!3@PT]B4JV6\5Q0#^_:63K@B,P+\MKP
MUVP%AUE^"NQF8G-[-WT*9CL5XBIU/V9$#07@^9[+RS%,)`8-WB,I`OMIGJ?:
M%0#8!Z'0!AXP3;?K9E<@Z%DF#;F_U`1"'6:#O"2Z?YB+'ALPQ(0D0)$'N`A,
MC1JM>(``G?V](^!:$(D53_6)#=S;:Z_K"6^C6QB2%.3X@P=G'AP+Q!Z!XF=S
MWRV2`"4$4A@/X;"!=6,:420@'QM3[J5I44!2C"3L@KC@<*L)V@+1@<0DJS]&
M3Y_T&P$"_]!H$+`0?)M-K@@$2QR\:`01`&NHAX!Y!-10$;-72.(,+&\?,!N$
MD`$/,"Q\%Y%3,0%6=0Y50_PF3J;!K?CH3$>X+1TNX=*`EU/BCP
MJ\$BBS7LE:[T=PF#[@0[\7(52;X(@7P?FQX4<^MH',L4WB@@WR01(.1U$54C
MLP799C"`])SJB93!G_<0-\7AW09S#VLJ^?=R\72;P8Q?B=X_!"+-P&Q?)`@)
M`+,>F$T;45#T4\PU#8&0T!(/#T++(;!"*`^-+%<-@1:O5+0'%P@TT0<4HW\/
M1,L)-"W&O\8/3%&M^DLA*Z.PRPYX@R\(CPN-2XT4B+_42@W&T@3NT(V$D,,?
MMGWLGB8`)\'X$"5W`"^-0O\=)`$*("T?BL&AMW*#5=C!X&V#A?^#9W03B@I"
M.-ETT82M47K6X(4'[0O81\/!X_0(Z%)C]8L*O^'!YC/+./BKWS(#^8/Q_^K/
M,\9Y?EN]:KOKG24&=-,OU5UX`56!YD6`W5Y?6YLJ]`U%BT+\.-A&Y^\XFLYL
M\-QT)X3'YQ(5W+98NVD&U.N6+;$$[EMAIL PROTECTED]>"P)
MD,C@M"14^$(%Z`^!&]3WV1O)J".6.\X0(\@.HXQK6,M]`D8$G(,/^AJ(-=H3
MG0^?C2?<`Y8=/`\;V,,7V`$6*_G2$(U6%.(8%<[HB_K?R/[AV[9AAGN#C2_(
M<`/(9C.?!X4``P$#6@@+>0*0+V=".'EU#%DK-R"$Y,A8,4@Q*I)!N[)BT@$37(A,]W#ZT@8=&)Y7%(3%(^Z1R=.M[$2
MA0`9::O]N>4VZD\$6DQ90(1B9KLZ"'QM0AE+BO5-=`!@_!J^X*Q:VC5=9
M=06+?0AV&_1O!-$#QCO^=@@[^WCZ]\>_%(:1C

portmap request

2000-10-12 Thread debian-isp 

Hey Guys,
I was wondering why some people request portmap port like this?

Oct 12 15:25:04 ghost portmap[25741]: connect from 63.73.229.42 to
dump(): request from unauthorized host
Oct 12 15:25:04 ghost portmap[25741]: connect from 63.73.229.42 to
dump(): request from unauthorized host

Thanks,

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

startup

2000-10-06 Thread debian-isp 

Hello All,
I have a simple question that I hope someone can answer.
What is the general init file that I would be able to start
new services from on reboot, so that I would not have to manually
start services (processes) on reboot.

i.e- portsentry

I would assume somewhere in /etc/init.d there would be a general file that
I could append to to start new services or programs that I want to run on
boot?

Thanks for any advice!

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

unauthorized FTP attempts

2000-10-03 Thread debian-isp 

Hello ISPers,
Recently (within the last couple months) I've noticed a big increase of
people that are trying to ftp into my debian machine. I have logchecker
running and notice whenever there is an attempt to connect. I was thinking
in my mind that they may be trying to connect to see which version of ftpd
I am running? I remember reading about a security hole in one of the old
ftp servers. I've updated mine to the stable, but think this is what they
may be trying to do.

Also, I was wondering what kind of action (if any) we should take in
stopping this type of thing? (contact the isp) ?

Anyone have anything to say about this?

Thanks,

D Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: MRTG (snmp thing)

2000-09-25 Thread debian-isp 
Hey KoS,
Thanks for the reply.
I tried configuring the mrtg.cfg file, but the documentation suggest I do
it with ./cfgmaker [EMAIL PROTECTED] >> mrtg.cfg.

When I run that I get a lot of snmp errors. 
Is there something wrong in my snmp setup? It is basically out of the
box. I don't know what I need to do it it.

Any help much appriciated.

D. Ghost

SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 5 (OID: 1.3.6.1.2.1.2.1.0)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 676417294
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
SNMPGET Problem for sysDescr sysContact sysName sysLocation ifNumber
sysObjectID on [EMAIL PROTECTED]


##
# Description:
# Contact:
# System Name:
#Location:
#.
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.4.20.1.1)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 340910753
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.2.2.1.1)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 340910754
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)



On Fri, 22 Sep 2000, Martin Kos wrote:

> 
> hi
> 
> [EMAIL PROTECTED] writes:
> 
> > Has anyone set up MRTG to monitor an ethernet device on a debian machine?
> > I was pondering doing so and wondered if anyone had had any luck or
> > advice. I may also want to monitor CPU via MRTG. 
> apt-get install snmpd
> apt-get install mrtg
> 
> edit the mrtg.cfg and everything works fine ;-)
> 
>  KoS
> 
> -- 
>  http://www.kos.li/ [EMAIL PROTECTED]  +41-76-384-93-33
>ICQ# 13556143
>   Say NO to HTML in mail and news
>   Proudly running Debian GNU/Linux. See http://www.debian.org/
>

Re: MRTG (snmp thing)

2000-09-25 Thread debian-isp 

Hey KoS,
Thanks for the reply.
I tried configuring the mrtg.cfg file, but the documentation suggest I do
it with ./cfgmaker public@domain >> mrtg.cfg.

When I run that I get a lot of snmp errors. 
Is there something wrong in my snmp setup? It is basically out of the
box. I don't know what I need to do it it.

Any help much appriciated.

D. Ghost

SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 5 (OID: 1.3.6.1.2.1.2.1.0)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 676417294
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
SNMPGET Problem for sysDescr sysContact sysName sysLocation ifNumber
sysObjectID on [EMAIL PROTECTED]


##
# Description:
# Contact:
# System Name:
#Location:
#.
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.4.20.1.1)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 340910753
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.2.2.1.1)
SNMPv1_Session (remote host: "ghost.net.cfw.com" [216.12.10.83].161
  community: "public"
 request ID: 340910754
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)



On Fri, 22 Sep 2000, Martin Kos wrote:

> 
> hi
> 
> [EMAIL PROTECTED] writes:
> 
> > Has anyone set up MRTG to monitor an ethernet device on a debian machine?
> > I was pondering doing so and wondered if anyone had had any luck or
> > advice. I may also want to monitor CPU via MRTG. 
> apt-get install snmpd
> apt-get install mrtg
> 
> edit the mrtg.cfg and everything works fine ;-)
> 
>  KoS
> 
> -- 
>  http://www.kos.li/ [EMAIL PROTECTED]  +41-76-384-93-33
>ICQ# 13556143
>   Say NO to HTML in mail and news
>   Proudly running Debian GNU/Linux. See http://www.debian.org/
> 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

tx status register 82

2000-09-21 Thread debian-isp 
Can anyone tell me what is going on with my eth0 in this machine?

Sep 21 22:23:33 ghost kernel: eth0: Transmit error, Tx status register 82.  

Sep 21 22:53:49 ghost kernel: eth0: Transmit error, Tx status register 82.
Sep 21 22:54:20 ghost kernel: eth0: Transmit error, Tx status register 82.

Thanks,

D Ghost

RE: ping

2000-09-21 Thread debian-isp 
/sbin/ipchains -I imput -p icmp -l
ipchains: Protocol not available

Is that a kernel option or a package?
I am not familiar with ipchains.

Thanks for the reply!

D Ghost

On Thu, 21 Sep 2000, Jeremy L. Gaddis wrote:

> Sure, just use ipchains:
> 
> /sbin/ipchains -I input -p icmp -l
> 
> -jg
> 
> --
> Jeremy L. Gaddis <[EMAIL PROTECTED]>
> 
> -Original Message-
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, September 21, 2000 9:46 PM
> To:   debian-isp
> Subject:  ping
> 
> Hello All,
> Is there a way to log incoming ICMP requests? What would have to be
> wrapped in order to basically log all requests of the machine (pings in
> particular)
> 
> Thanks,
> 
> D. Ghost
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
>

ping

2000-09-21 Thread debian-isp 
Hello All,
Is there a way to log incoming ICMP requests? What would have to be
wrapped in order to basically log all requests of the machine (pings in
particular)

Thanks,

D. Ghost

tx status register 82

2000-09-21 Thread debian-isp 

Can anyone tell me what is going on with my eth0 in this machine?

Sep 21 22:23:33 ghost kernel: eth0: Transmit error, Tx status register 82. 
 
Sep 21 22:53:49 ghost kernel: eth0: Transmit error, Tx status register 82.
Sep 21 22:54:20 ghost kernel: eth0: Transmit error, Tx status register 82.

Thanks,

D Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: ping

2000-09-21 Thread debian-isp 

/sbin/ipchains -I imput -p icmp -l
ipchains: Protocol not available

Is that a kernel option or a package?
I am not familiar with ipchains.

Thanks for the reply!

D Ghost

On Thu, 21 Sep 2000, Jeremy L. Gaddis wrote:

> Sure, just use ipchains:
> 
> /sbin/ipchains -I input -p icmp -l
> 
> -jg
> 
> --
> Jeremy L. Gaddis <[EMAIL PROTECTED]>
> 
> -Original Message-
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 21, 2000 9:46 PM
> To:   debian-isp
> Subject:  ping
> 
> Hello All,
> Is there a way to log incoming ICMP requests? What would have to be
> wrapped in order to basically log all requests of the machine (pings in
> particular)
> 
> Thanks,
> 
> D. Ghost
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ping

2000-09-21 Thread debian-isp 

Hello All,
Is there a way to log incoming ICMP requests? What would have to be
wrapped in order to basically log all requests of the machine (pings in
particular)

Thanks,

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logcheck

2000-09-21 Thread debian-isp 
Hey Russel and Group,
Thanks for the continuing discussion.

> Nobody suing to root is not non-threatening!  Ideally you would have a group 
> wheel or root required for su to root to prevent this.  Currently I haven't 
> as 
> I haven't got the PAM setup for it going yet.

PAM is acronym for 'password authentication mode' ?
I know that BSD uses a wheel group that needs to be enacted before a su
can happen. What means are you considering doing this?

Also, would something be running from cron that does this every morning at
6:23 AM? Anyone know how I can investigate furthur?

Thanks!

D. Ghost

MRTG

2000-09-21 Thread debian-isp 
Hello,
Has anyone set up MRTG to monitor an ethernet device on a debian machine?
I was pondering doing so and wondered if anyone had had any luck or
advice. I may also want to monitor CPU via MRTG. 

Thanks for any info!

D. Ghost

Re: logcheck

2000-09-21 Thread debian-isp 

Hey Russel and Group,
Thanks for the continuing discussion.

> Nobody suing to root is not non-threatening!  Ideally you would have a group 
> wheel or root required for su to root to prevent this.  Currently I haven't as 
> I haven't got the PAM setup for it going yet.

PAM is acronym for 'password authentication mode' ?
I know that BSD uses a wheel group that needs to be enacted before a su
can happen. What means are you considering doing this?

Also, would something be running from cron that does this every morning at
6:23 AM? Anyone know how I can investigate furthur?

Thanks!

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

MRTG

2000-09-21 Thread debian-isp 

Hello,
Has anyone set up MRTG to monitor an ethernet device on a debian machine?
I was pondering doing so and wondered if anyone had had any luck or
advice. I may also want to monitor CPU via MRTG. 

Thanks for any info!

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

logcheck

2000-09-19 Thread debian-isp 
Hey Guys,
Do any of you know what may have caused this message in my syslogs?

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 19 06:25:02 ghost su[322]: + ??? root-nobody 
Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody
by (uid=0)


I am unsure of what the ??? represents and what root-nobody is.

Any help appriciated!

D. Ghost

logcheck

2000-09-19 Thread debian-isp 

Hey Guys,
Do any of you know what may have caused this message in my syslogs?

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 19 06:25:02 ghost su[322]: + ??? root-nobody 
Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody
by (uid=0)


I am unsure of what the ??? represents and what root-nobody is.

Any help appriciated!

D. Ghost


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: tcp-wrappers

2000-09-07 Thread debian-isp 
Hello John and All,
Thank you for the reply.
How can I tell if my services are set up for tcp wrappers?
I remember I used to run wrappers a couple years back on a Redhat machine,
but I would have to compile each program to be used with wrappers and
specify in inetd.conf that they were wrapped. It is seeming to me that
some of my services are coming wrapped already (such as sshd?). I was
thinking that it is wrapped because it "listens" to my hosts.allow and
hosts.deny file when sshing into the box.

Thanks for any more info!

D. Ghost

'space ghost with linux'

>   TCP wrappers are normally used for stuff run out of inetd.conf. Then 
> based on the rules in hosts.allow and hosts.deny allow the connection to take 
> place. For more detailed info
> 
>   man hosts_access
> 
>   not sure if that works on non-debian boxen.
>   
> -- 
> John
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
>

Re: tcp-wrappers

2000-09-07 Thread debian-isp 

Hello John and All,
Thank you for the reply.
How can I tell if my services are set up for tcp wrappers?
I remember I used to run wrappers a couple years back on a Redhat machine,
but I would have to compile each program to be used with wrappers and
specify in inetd.conf that they were wrapped. It is seeming to me that
some of my services are coming wrapped already (such as sshd?). I was
thinking that it is wrapped because it "listens" to my hosts.allow and
hosts.deny file when sshing into the box.

Thanks for any more info!

D. Ghost

'space ghost with linux'

>   TCP wrappers are normally used for stuff run out of inetd.conf. Then based on 
>the rules in hosts.allow and hosts.deny allow the connection to take place. For more 
>detailed info
> 
>   man hosts_access
> 
>   not sure if that works on non-debian boxen.
>   
> -- 
> John
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

tcp-wrappers

2000-09-07 Thread debian-isp 
Hello All,
I have a general question about TCP wrappers.
I know that they "wrap" rservices and somehow enhance security, but I am
rather unsure of what they actually do physically and where to get more
info on what services it is best to have wrapped. Any info on TCP wrappers
is much appriciated! Thanks and have a good one.

D. Ghost

'space ghost with a twist of lemon lime sprite'

tcp-wrappers

2000-09-07 Thread debian-isp 

Hello All,
I have a general question about TCP wrappers.
I know that they "wrap" rservices and somehow enhance security, but I am
rather unsure of what they actually do physically and where to get more
info on what services it is best to have wrapped. Any info on TCP wrappers
is much appriciated! Thanks and have a good one.

D. Ghost

'space ghost with a twist of lemon lime sprite'


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: hosts.deny

2000-09-06 Thread debian-isp 
Hi,
Thanks for the reply.
I took the advice of putting ALL: ALL in the hosts.deny file and now even
sshd will deny an attempt at connecting to it. It is open ssh from the
debian potato archive. Not sure why it is working according to what you
wrote, but it is denying everyone not in hosts.allow now.

Thanks again!

D. Ghost

'space ghost using enlightenment'

> Another thing might be services which don't use TCP Wrappers like sshd
> compiled without the --with-libwrap option etc - these services won't care
> what's in the hosts.* files.
> 
> Regards,
> 
> Marcin Pacyna
> 
> 
> -Original Message-
> From: Nathan [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 06, 2000 3:19 PM
> To: [EMAIL PROTECTED]
> Cc: debian-isp
> Subject: Re: hosts.deny
> 
> 
> PARANOID does not mean "anyone" it means anyone who the reverse DNS lookup
> fails on.
> 
> Trty:
> 
> hosts.allow:
> ALL: X.X.X.X (replace as needed ;)
> 
> hosts.deny:
> ALL: ALL
> 
> -Nathan
> 
> On Wed, 6 Sep 2000 [EMAIL PROTECTED] wrote:
> 
> > Hello ISPers,
> > I have a question re: security.
> > I my hosts.deny I have:
> > 
> > # The PARANOID wildcard matches any host whose name does not match its
> > # address.
> > ALL: PARANOID
> > 
> > Basically I am trying to deny all but one IP address to any service. Yet I
> > wanted to test it by trying to open a ssh session to the machine and I can
> > ssh in just fine. I was wondering what I was doing wrong in my
> > host.deny. I have nothing in my host.allow also.
> > 
> > Any advice appriciated.
> > 
> > D. Ghost
> > 
> > 'space ghost and debian ghost are one'
> > 
> > 
> > 
> > --  
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> -
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>

hosts.deny

2000-09-06 Thread debian-isp 
Hello ISPers,
I have a question re: security.
I my hosts.deny I have:

# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID

Basically I am trying to deny all but one IP address to any service. Yet I
wanted to test it by trying to open a ssh session to the machine and I can
ssh in just fine. I was wondering what I was doing wrong in my
host.deny. I have nothing in my host.allow also.

Any advice appriciated.

D. Ghost

'space ghost and debian ghost are one'

RE: hosts.deny

2000-09-06 Thread debian-isp 

Hi,
Thanks for the reply.
I took the advice of putting ALL: ALL in the hosts.deny file and now even
sshd will deny an attempt at connecting to it. It is open ssh from the
debian potato archive. Not sure why it is working according to what you
wrote, but it is denying everyone not in hosts.allow now.

Thanks again!

D. Ghost

'space ghost using enlightenment'

> Another thing might be services which don't use TCP Wrappers like sshd
> compiled without the --with-libwrap option etc - these services won't care
> what's in the hosts.* files.
> 
> Regards,
> 
> Marcin Pacyna
> 
> 
> -Original Message-
> From: Nathan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 06, 2000 3:19 PM
> To: [EMAIL PROTECTED]
> Cc: debian-isp
> Subject: Re: hosts.deny
> 
> 
> PARANOID does not mean "anyone" it means anyone who the reverse DNS lookup
> fails on.
> 
> Trty:
> 
> hosts.allow:
> ALL: X.X.X.X (replace as needed ;)
> 
> hosts.deny:
> ALL: ALL
> 
> -Nathan
> 
> On Wed, 6 Sep 2000 [EMAIL PROTECTED] wrote:
> 
> > Hello ISPers,
> > I have a question re: security.
> > I my hosts.deny I have:
> > 
> > # The PARANOID wildcard matches any host whose name does not match its
> > # address.
> > ALL: PARANOID
> > 
> > Basically I am trying to deny all but one IP address to any service. Yet I
> > wanted to test it by trying to open a ssh session to the machine and I can
> > ssh in just fine. I was wondering what I was doing wrong in my
> > host.deny. I have nothing in my host.allow also.
> > 
> > Any advice appriciated.
> > 
> > D. Ghost
> > 
> > 'space ghost and debian ghost are one'
> > 
> > 
> > 
> > --  
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> -
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
> 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

hosts.deny

2000-09-06 Thread debian-isp 

Hello ISPers,
I have a question re: security.
I my hosts.deny I have:

# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID

Basically I am trying to deny all but one IP address to any service. Yet I
wanted to test it by trying to open a ssh session to the machine and I can
ssh in just fine. I was wondering what I was doing wrong in my
host.deny. I have nothing in my host.allow also.

Any advice appriciated.

D. Ghost

'space ghost and debian ghost are one'



--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

information question

2000-09-05 Thread debian-isp 
Hello Debian ISPers,
I have a question regarding something I noticed on a debian
machine I use. I have a debian machine set up for internal ticketing
(request tracker) and I was browsing through my httpd logs and noticed
that some random users of the internet have been hitting the non existant
sites of users that I have on the machine (i.e- ~debian-isp). I was
wondering how they are finding out which users that I have on the machine
and was wondering if I could be running services that pose a security
problem. I only have the following open:

PortState   Protocol  Service
21  opentcpftp
22  opentcpssh
25  opentcpsmtp
80  opentcphttp
113 opentcpauth
443 opentcphttps
515 opentcpprinter
3306opentcpmysql
6000opentcpX11

I had a question as to the function of 'auth'.
I am not quite sure what this does. If someone could give me a heads up.
Any advice appriciated.

Thank you!

D. Ghost

'space ghost with debian flavor'

information question

2000-09-05 Thread debian-isp 

Hello Debian ISPers,
I have a question regarding something I noticed on a debian
machine I use. I have a debian machine set up for internal ticketing
(request tracker) and I was browsing through my httpd logs and noticed
that some random users of the internet have been hitting the non existant
sites of users that I have on the machine (i.e- ~debian-isp). I was
wondering how they are finding out which users that I have on the machine
and was wondering if I could be running services that pose a security
problem. I only have the following open:

PortState   Protocol  Service
21  opentcpftp
22  opentcpssh
25  opentcpsmtp
80  opentcphttp
113 opentcpauth
443 opentcphttps
515 opentcpprinter
3306opentcpmysql
6000opentcpX11

I had a question as to the function of 'auth'.
I am not quite sure what this does. If someone could give me a heads up.
Any advice appriciated.

Thank you!

D. Ghost

'space ghost with debian flavor'


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]