Re: anyone using telnet
on Mon, Mar 19, 2001 at 01:07:51PM -0400, Peter Cordes ([EMAIL PROTECTED]) wrote: > On Mon, Mar 19, 2001 at 08:58:06AM -0300, Pedro Zorzenon Neto wrote: <...> > Don't even bother with telnet, it's obsolete. Install sshd on any > machines that don't have it yet, and don't install telnet on the > public machine. In this context, I agree with the statements above (a public access kiosk should use SSH). However, telnet of itself remains a useful _client_, largely for accessing arbitrary services for testing. I would tend to support rooting out all instances of telnet _daemons_ (servers). However I don't see a great deal of harm in providing a telent client to informed users. Likely not those you'd find on a public access system. -- Karsten M. Self <[EMAIL PROTECTED]>http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org PGP signature
Re: NSA Secure-Enhanced Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 21 Mar 2001, John Galt wrote: JG>On Wed, 21 Mar 2001, Dan Hutchinson wrote: JG> JG>>Has anyone implemented NSA's Secure-Enhanced Linux or has done any work JG>>with it? NSA states it just adds Mandatory Access Controls. Does this JG>>help protect a system or just become a nusance? JG> JG>I tried a few months ago, and it's a PITA with Debian. The ORA "slink" CD JG>has the userspace/kernel that selinux is supposed to work on, but it was JG>RedHat-specific enough to make me scream. If you get it to work, I'd be JG>interested in finding out how you do it. Please try to remember that these people had very little idea what they were doing when they started this, they were used to UNIX, they were not to sure of distro to use, etc.now they have more of an idea, but it is going to take a lot of time to fix.however they would except patches! Take care - Rab - -- Robert Lazzurs | "All that is etched in stone is The Lazzurs Administration | truly only scribbled in sand" +44 7092 157408 | -ARL [EMAIL PROTECTED] | EB chat client http://www.everybuddy.com AIM:lazzurs ICQ:66324927| ER-Web http://www.elite.uk.com/er Yahoo:arl666_uk MSN:arl666 | Join EFF http://www.eff.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjq5QuQACgkQns14c2mAS+6N/wCeIdu3OH46CbkfSYljPchpyb/y Q5MAn3hnLBvUo23SphKJWZUrQ57tpULL =HgZ8 -END PGP SIGNATURE-
Re: Strange output from "last" command
Hello,
On Wed, Mar 21, 2001 at 02:39:39PM -0800, William R. Ward wrote:
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> I'm worried that the "date" entries are a consequence of
> some hacker activity, but I have been unable to find any other
> symptoms.
Are you running "rdate" to set your time ? It produces that behaviour.
Regards,
Robert
> --Bill.
>
> --
> William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
> -
> "Those are my principles. If you don't like them I have others."-Groucho Marx
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
Re: Strange output from "last" command
Mike Dresser writes: >"William R. Ward" wrote: > >> I've replaced the legit usernames and IP's with "xxx" but left them in >> for context. I'm worried that the "date" entries are a consequence of >> some hacker activity, but I have been unable to find any other >> symptoms. I did a web search and did not find any mention of this > >if i run rdate, i get the same thing, entries as date. That's my theory as to >what's causing it. That would explain it. I have a cron job that runs rdate and sysclock nightly to set the clock from the NIST atomic clock. --Bill. -- William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/ - "Those are my principles. If you don't like them I have others."-Groucho Marx
Re: Strange output from "last" command
"William R. Ward" wrote: > I've replaced the legit usernames and IP's with "xxx" but left them in > for context. I'm worried that the "date" entries are a consequence of > some hacker activity, but I have been unable to find any other > symptoms. I did a web search and did not find any mention of this if i run rdate, i get the same thing, entries as date. That's my theory as to what's causing it.
Re: Strange output from "last" command
On Wed, Mar 21, 2001 at 02:40:01PM -0800, William R. Ward wrote:
> xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> pts/1xxx.xxx.xxx.xxx Wed Mar 21 01:23 still logged in
> pts/3xxx.xxx.xxx.xxx Wed Mar 21 00:09 - 01:23 (01:13)
> xxx ftpd23719xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
> xxx ftpd23714xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
> xxx ftpd23702xxx.xxx.xxx.xxx Tue Mar 20 23:24 - 23:25 (00:01)
> xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 20:00 - 20:17 (00:17)
> xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 19:01 - 19:09 (00:07)
the same thing has happened to me on a box with a crude hack...
the hack was to fetch time every hour or so from another box and adjust the
time accordingly (using rdate), the box itself is some 10 year old 486 which
had a broken bios and well.. i didn't want to spend time thinking about getting
a new bios or flashing the current one =)
try checking if you have some software that adjusts your time.
--
-< Sami Haahtinen >-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-
| 'If you haven't backed up your files recently, you might|
| want to back them up before installing Windows 98' |
| -- finnish windows 98 SE installation |
Re: Strange output from "last" command
On 2001-03-21, William R. Ward wrote:
>My wtmp file seems to have some rather strange entries...
>
>xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
>date { Wed Mar 21 02:00 still logged in
>date | Wed Mar 21 02:00 still logged in
[...]
On my debian box, rdate -s some.time.server adds similar entries to
my wtmp. I guess you synchronize your system clock using rdate, don't
you? I hope it will help.
>--Bill.
Regards,
Jakub.
--
(0> Jakub Jankowski [url]: none
//\ [EMAIL PROTECTED] [uin]: 70771776
V_/_ [EMAIL PROTECTED] [cell]: 502110186
Strange output from "last" command
My wtmp file seems to have some rather strange entries...
xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
date { Wed Mar 21 02:00 still logged in
date | Wed Mar 21 02:00 still logged in
pts/1xxx.xxx.xxx.xxx Wed Mar 21 01:23 still logged in
pts/3xxx.xxx.xxx.xxx Wed Mar 21 00:09 - 01:23 (01:13)
xxx ftpd23719xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23714xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23702xxx.xxx.xxx.xxx Tue Mar 20 23:24 - 23:25 (00:01)
xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 20:00 - 20:17 (00:17)
xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 19:01 - 19:09 (00:07)
I've replaced the legit usernames and IP's with "xxx" but left them in
for context. I'm worried that the "date" entries are a consequence of
some hacker activity, but I have been unable to find any other
symptoms. I did a web search and did not find any mention of this
sort of thing. I'm using the stable distribution of Debian, with a
2.2.17 kernel.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
Re: NSA Secure-Enhanced Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 21 Mar 2001, John Galt wrote: JG>On Wed, 21 Mar 2001, Dan Hutchinson wrote: JG> JG>>Has anyone implemented NSA's Secure-Enhanced Linux or has done any work JG>>with it? NSA states it just adds Mandatory Access Controls. Does this JG>>help protect a system or just become a nusance? JG> JG>I tried a few months ago, and it's a PITA with Debian. The ORA "slink" CD JG>has the userspace/kernel that selinux is supposed to work on, but it was JG>RedHat-specific enough to make me scream. If you get it to work, I'd be JG>interested in finding out how you do it. Please try to remember that these people had very little idea what they were doing when they started this, they were used to UNIX, they were not to sure of distro to use, etc.now they have more of an idea, but it is going to take a lot of time to fix.however they would except patches! Take care - Rab - -- Robert Lazzurs | "All that is etched in stone is The Lazzurs Administration | truly only scribbled in sand" +44 7092 157408 | -ARL [EMAIL PROTECTED] | EB chat client http://www.everybuddy.com AIM:lazzurs ICQ:66324927| ER-Web http://www.elite.uk.com/er Yahoo:arl666_uk MSN:arl666 | Join EFF http://www.eff.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjq5QuQACgkQns14c2mAS+6N/wCeIdu3OH46CbkfSYljPchpyb/y Q5MAn3hnLBvUo23SphKJWZUrQ57tpULL =HgZ8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange output from "last" command
Hello,
On Wed, Mar 21, 2001 at 02:39:39PM -0800, William R. Ward wrote:
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> I'm worried that the "date" entries are a consequence of
> some hacker activity, but I have been unable to find any other
> symptoms.
Are you running "rdate" to set your time ? It produces that behaviour.
Regards,
Robert
> --Bill.
>
> --
> William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
> -
> "Those are my principles. If you don't like them I have others."-Groucho Marx
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange output from "last" command
Mike Dresser writes: >"William R. Ward" wrote: > >> I've replaced the legit usernames and IP's with "xxx" but left them in >> for context. I'm worried that the "date" entries are a consequence of >> some hacker activity, but I have been unable to find any other >> symptoms. I did a web search and did not find any mention of this > >if i run rdate, i get the same thing, entries as date. That's my theory as to >what's causing it. That would explain it. I have a cron job that runs rdate and sysclock nightly to set the clock from the NIST atomic clock. --Bill. -- William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/ - "Those are my principles. If you don't like them I have others."-Groucho Marx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: NSA Secure-Enhanced Linux
On Wed, 21 Mar 2001, Dan Hutchinson wrote: >Has anyone implemented NSA's Secure-Enhanced Linux or has done any work >with it? NSA states it just adds Mandatory Access Controls. Does this >help protect a system or just become a nusance? I tried a few months ago, and it's a PITA with Debian. The ORA "slink" CD has the userspace/kernel that selinux is supposed to work on, but it was RedHat-specific enough to make me scream. If you get it to work, I'd be interested in finding out how you do it. >Thanks in Advance >Dan > >___ >To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, >all in one place - sign up today at http://www.zdnetonebox.com > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED]
Re: Strange output from "last" command
"William R. Ward" wrote: > I've replaced the legit usernames and IP's with "xxx" but left them in > for context. I'm worried that the "date" entries are a consequence of > some hacker activity, but I have been unable to find any other > symptoms. I did a web search and did not find any mention of this if i run rdate, i get the same thing, entries as date. That's my theory as to what's causing it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange output from "last" command
On Wed, Mar 21, 2001 at 02:40:01PM -0800, William R. Ward wrote:
> xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> pts/1xxx.xxx.xxx.xxx Wed Mar 21 01:23 still logged in
> pts/3xxx.xxx.xxx.xxx Wed Mar 21 00:09 - 01:23 (01:13)
> xxx ftpd23719xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
> xxx ftpd23714xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
> xxx ftpd23702xxx.xxx.xxx.xxx Tue Mar 20 23:24 - 23:25 (00:01)
> xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 20:00 - 20:17 (00:17)
> xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 19:01 - 19:09 (00:07)
the same thing has happened to me on a box with a crude hack...
the hack was to fetch time every hour or so from another box and adjust the
time accordingly (using rdate), the box itself is some 10 year old 486 which
had a broken bios and well.. i didn't want to spend time thinking about getting
a new bios or flashing the current one =)
try checking if you have some software that adjusts your time.
--
-< Sami Haahtinen >-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-
| 'If you haven't backed up your files recently, you might|
| want to back them up before installing Windows 98' |
| -- finnish windows 98 SE installation |
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange output from "last" command
On 2001-03-21, William R. Ward wrote:
>My wtmp file seems to have some rather strange entries...
>
>xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
>date { Wed Mar 21 02:00 still logged in
>date | Wed Mar 21 02:00 still logged in
[...]
On my debian box, rdate -s some.time.server adds similar entries to
my wtmp. I guess you synchronize your system clock using rdate, don't
you? I hope it will help.
>--Bill.
Regards,
Jakub.
--
(0> Jakub Jankowski [url]: none
//\ shasta@IRCnet [uin]: 70771776
V_/_ [EMAIL PROTECTED] [cell]: 502110186
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
NSA Secure-Enhanced Linux
Has anyone implemented NSA's Secure-Enhanced Linux or has done any work with it? NSA states it just adds Mandatory Access Controls. Does this help protect a system or just become a nusance? Thanks in Advance Dan ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com
Strange output from "last" command
My wtmp file seems to have some rather strange entries...
xx pts/3xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
date { Wed Mar 21 02:00 still logged in
date | Wed Mar 21 02:00 still logged in
pts/1xxx.xxx.xxx.xxx Wed Mar 21 01:23 still logged in
pts/3xxx.xxx.xxx.xxx Wed Mar 21 00:09 - 01:23 (01:13)
xxx ftpd23719xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23714xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23702xxx.xxx.xxx.xxx Tue Mar 20 23:24 - 23:25 (00:01)
xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 20:00 - 20:17 (00:17)
xx pts/3xxx.xxx.xxx.xxx Tue Mar 20 19:01 - 19:09 (00:07)
I've replaced the legit usernames and IP's with "xxx" but left them in
for context. I'm worried that the "date" entries are a consequence of
some hacker activity, but I have been unable to find any other
symptoms. I did a web search and did not find any mention of this
sort of thing. I'm using the stable distribution of Debian, with a
2.2.17 kernel.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: NSA Secure-Enhanced Linux
On Wed, 21 Mar 2001, Dan Hutchinson wrote: >Has anyone implemented NSA's Secure-Enhanced Linux or has done any work >with it? NSA states it just adds Mandatory Access Controls. Does this >help protect a system or just become a nusance? I tried a few months ago, and it's a PITA with Debian. The ORA "slink" CD has the userspace/kernel that selinux is supposed to work on, but it was RedHat-specific enough to make me scream. If you get it to work, I'd be interested in finding out how you do it. >Thanks in Advance >Dan > >___ >To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, >all in one place - sign up today at http://www.zdnetonebox.com > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
NSA Secure-Enhanced Linux
Has anyone implemented NSA's Secure-Enhanced Linux or has done any work with it? NSA states it just adds Mandatory Access Controls. Does this help protect a system or just become a nusance? Thanks in Advance Dan ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Ldap security?
A colleague of mine successfully setup OpenLDAP and has interfaced several server applications to it that were originally designed for Netscape Directory Server. It's running fast and stable so far. jc On Sat, Mar 17, 2001 at 09:25:40AM -0700, Moe Harley wrote: > I'm playing with the idea of adding an ldap service/daemon to my debian > machine. But before running one, I wanted to get a good idea of what > the general opinion of ldap servers is as far as security is concerned. I > also > was wondering if anyone had any opinions on which one I should use? > The only one I could find was OpenLDAP from www.openldap.org, > anyone have a better suggestion? > > -Moe Harley
Re: Ldap security?
A colleague of mine successfully setup OpenLDAP and has interfaced several server applications to it that were originally designed for Netscape Directory Server. It's running fast and stable so far. jc On Sat, Mar 17, 2001 at 09:25:40AM -0700, Moe Harley wrote: > I'm playing with the idea of adding an ldap service/daemon to my debian > machine. But before running one, I wanted to get a good idea of what > the general opinion of ldap servers is as far as security is concerned. I > also > was wondering if anyone had any opinions on which one I should use? > The only one I could find was OpenLDAP from www.openldap.org, > anyone have a better suggestion? > > -Moe Harley -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
