Re: utilisateur backup
Boris Daix [EMAIL PROTECTED] wrote: - Can I safely give an SSH key to my backup user without any passphrase so that it could be automated via cron ? You can use `ssh-keygen -f single_action_key' to create a key for remote execution of scripts. On the remote end, add this key to the `.ssh/authorized_keys' file. You should add a forced command so that only one command may be executed with that key. For rsync(1), you need to capture the exact switches of the rsync server command. To do this, you can use this script on the destination server: #!/usr/bin/perl open CAPTURE, $ENV{HOME}/capture.log; print CAPTURE @ARGV\n; close CAPTURE; Then add --rsync-path=/path/to/script to your rsync command line. This will leave something similar to the following in the destination ~/capture.log: --server -vlgtpr --partial . yourhost So, you would use an authorized_keys entry like this (all one line): command=rsync --server -vlogDtpr --partial . yourhost,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,1024 35 23...2334 Server backup key For more complete security, you could add a `chroot' jail to the above command. - Is amanda appropriate for this task and would it be more secure to use it instead ? - If it is unsecure, how would I do such backups without having to enter passpgrase/passwd ? System backups are always an easy entry point, very often they contain things like secret keys to encryption, etc that will allow a malicious user to pretend to be the machine that they have access to the backups of. Protect your backups carefully! -- Sam Vilain, [EMAIL PROTECTED] WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 Real Programmers don't write in Fortran. Fortran is for wimp engineers who wear white socks. They get excited over finite state analysis and nuclear reactor simulation. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recent fun on Debian-Security
Sat, 20 Jul 2002 09:38:44 +0200, tu as dit : Le Friday 19 July 2002 à 13:08:07 -0400, Phillip Hofmeister a écrit: [...] Sush a system of real-time blacklist mainted by email already exist for french users, see http://perso.linuxfr.org/nospam/spam.html. A robot is listening an email address, it receives GPG signed emails with copies of spam mail and command to add an email or a domain in the blacklist. Anyone can listen to the list and reproduce the robot actions on it own MTA access files or regulary download the files directly on http://perso.linuxfr.org/nospam/user.txt and http://perso.linuxfr.org/nospam/domain.txt. Maybe this robot could be reused, see with [EMAIL PROTECTED] Hi. I can give away the sources of the perl robot which does that. Simple, you do add the name which appear in the gpg key, then people sign the message with a command to add / remove an entry. Mail me if you are interested. -- Fabien Penso [EMAIL PROTECTED] | LinuxFr a toujours besoin de : http://perso.LinuxFr.org/penso/ | http://linuxFr.org/dons/ pgppL09DIlCqW.pgp Description: PGP signature
OTP telnet
Dear All I write to you instead of submitting bug/wish because this is related to more than one package. This letter is related to packages login and telnetd and have security issues. I would like to configure telnet to login only using One Time Passwords. It looks simple: install opie packagaes (server, client and pam modules), disable pasword login and add OTP login to /etc/pam.d/login. But there is one problem: it also changes behavior of login from console. *getty spawns the same /bin/login as telnetd and wants from user an OTP password, not a unix password. Temporary sollution is: auth sufficient pam_unix.so auth sufficient pam_opie.so auth required pam_deny.so (as described in libpam-opie) but it still allows users to login via telnet using unix password. I have an idea for discussion: is it possible to create two /bin/login instances (i.e. /bin/login and /bin/login-telnet) which differs only by used PAM entry? There could be also one /bin/login symlinked as /bin/login-sth. If called as /bin/login login entry in PAM is checked. If called as /bin/login-sth sth entry is checked. It would also require changes in telnetd code. New name/path of login program must be hardcoded. Also there should be an option to set this name/path from command line. If you think this idea is ok notify me, please. I will try to write patch for it. Regards Artur Czechowski Disclaimer: Feel free to cite/forward this email if you find it useful. -- Artur Czechowski JMC Sp. z o.o. e-mail: [EMAIL PROTECTED] Tel.: (0 22) 825 23 24, tel./fax.: (0 22) 825 95 58 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Unidentified subject!
unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
SMTP RCPT TO overflow
Does anyone know what causes the snort warning about SMTP RCPT TO overflow I presume it is not an actual attack because I've seen it happening between almost all of my mail systems, even isolated ones. I use exim of course. I would presume this is a false positive, but what tweaks it and is there a way to untweak it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Want to Make a million!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Want to make a million bucks this year? Me too but it's probably not going happen! However if your looking for the opportunity to make a couple thousand a week, working form home, with your pc, we need to talk. If you're over 18 and a US resident, Just Click REPLY Send me your Name, State, Complete telephone number, and the best time to contact you. I will personally speak with you within 48 hours. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SMTP RCPT TO overflow
On Mon, Jul 22, 2002 at 18:11:48 +0100, Dale Amon [EMAIL PROTECTED] wrote: Does anyone know what causes the snort warning about SMTP RCPT TO overflow There has been recent talk about this siganture on snort-signatures mailing list, actually. I presume it is not an actual attack because I've seen it happening between almost all of my mail systems, even isolated ones. I use exim of course. I would presume this is a false positive, but what tweaks it and is there a way to untweak it? Take a look at: http://marc.theaimsgroup.com/?w=2r=1s=SMTP+RCPT+TO+overflowq=t or more specifcally: http://marc.theaimsgroup.com/?l=snort-sigsm=102704170806018w=2 -- It's God. No, not Richard Stallman, or Linus Torvalds, but God. (By Matt Welsh) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SMTP RCPT TO overflow
On Mon, Jul 22, 2002 at 03:48:36PM -0500, jh wrote: There has been recent talk about this siganture on snort-signatures mailing list, actually. Take a look at: http://marc.theaimsgroup.com/?w=2r=1s=SMTP+RCPT+TO+overflowq=t or more specifcally: http://marc.theaimsgroup.com/?l=snort-sigsm=102704170806018w=2 Thanks. Read them and the gist of it was pretty much as I thought, a bad rule that gets triggered by normal operations. I'll be dropping it from my config. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]