Re: [personal] securing pop3
Not sure if you care, but qmail has vpopmail, which is a non-passwd file based authentation method. I've been using qmail now for about 3 years solid, and I have to say its probably the most secure, fast and reliable e-mail server out there. Combine qmail with vpopmail and qmailadmin and you've got a very flexible, fast and secure mail server with good tools for you and your users... vpopmail allows your to create virtual domains and users without having to account them on your linux box... g. Kristof Goossens wrote: Hello all, I need to make a pop3 account on my server. I intend to work with ipop3d to provide secure pop3 service. Now I want to provide this service for only few people, and I don't want them to have an account on the system. Well, they can have a pop3 account, but no other access whatsoever... I don 't like the idea of giving them an account and setting their shell to /bin/false. So my question is: "Is it possible to create a pop3 account without needing to modify the /etc/passwd file?" thanks in advance, Kristof
Re: Firewall testing
On Don, 2003-02-06 at 09:41, Javier Fernández-Sanguino Peña wrote: > On Wed, Feb 05, 2003 at 11:56:42AM -0500, [EMAIL PROTECTED] wrote: > > On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote: > > > Hello I am about to make the Proxy/Firewall on your > > > www.aboutdebian.com web site. I was wondering how to go about testing > > > it when finished. I have multiple computers and various internet > > > connections. > > > (...) > > > > Run an nmap scan over the test box and make sure it is consistent with > > your firewall config. > > > Note that nmap (or nessus for that matter) will only determine the > security of the proxy/firewall itself (if pointed at it) and not of the > computers _behind_ it. > You have to also port scan the boxes behind to determine if they > are properly protected by the firewall. > > A nice document on firewall testing would be CERT's: > http://www.cert.org/security-improvement/practices/p060.html > or Eugene Schultz's > www.cerias.purdue.edu/homes/firewall/references/fwtest.doc > > Also you could use a tool to test you firewall rules from inside/out such > as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/. > Is anyone aware of similar ones? (packaged in Debian?) i found that question interesting enough to dig a bit: $apt-cache search packet|grep IP (edited) isic - Test the integrity of an IP Stack with semi-random packets nemesis - TCP/IP Packet Injection Suite rain - packet builder for testing IP protocols implementations. sendip - A commandline tool to allow sending arbitrary IP packets. stone - TCP/IP packet repeater in the application layer other injectors can surely be found at packetstorm or similiar sites. searching freshmeat (traffic/firewall + test): http://freshmeat.net/projects/packit/ http://freshmeat.net/projects/trafficgenerator/ http://freshmeat.net/projects/apsr/ furthermore the somewhat related (and imho most interesting) http://freshmeat.net/projects/fragroute/ sf doesn't add anything new, a glance at google just shows alot of noise (LeakTest, ZoneAlarm, BlackICE) thinking about it, this might be interesting, too: http://www.doxpara.com/read.php/code/paketto.html regards, tok > > Regards > > Javi
Re: [personal] securing pop3
Not sure if you care, but qmail has vpopmail, which is a non-passwd file based authentation method. I've been using qmail now for about 3 years solid, and I have to say its probably the most secure, fast and reliable e-mail server out there. Combine qmail with vpopmail and qmailadmin and you've got a very flexible, fast and secure mail server with good tools for you and your users... vpopmail allows your to create virtual domains and users without having to account them on your linux box... g. Kristof Goossens wrote: Hello all, I need to make a pop3 account on my server. I intend to work with ipop3d to provide secure pop3 service. Now I want to provide this service for only few people, and I don't want them to have an account on the system. Well, they can have a pop3 account, but no other access whatsoever... I don 't like the idea of giving them an account and setting their shell to /bin/false. So my question is: "Is it possible to create a pop3 account without needing to modify the /etc/passwd file?" thanks in advance, Kristof -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Firewall testing
On Don, 2003-02-06 at 09:41, Javier Fernández-Sanguino Peña wrote: > On Wed, Feb 05, 2003 at 11:56:42AM -0500, [EMAIL PROTECTED] wrote: > > On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote: > > > Hello I am about to make the Proxy/Firewall on your > > > www.aboutdebian.com web site. I was wondering how to go about testing > > > it when finished. I have multiple computers and various internet > > > connections. > > > (...) > > > > Run an nmap scan over the test box and make sure it is consistent with > > your firewall config. > > > Note that nmap (or nessus for that matter) will only determine the > security of the proxy/firewall itself (if pointed at it) and not of the > computers _behind_ it. > You have to also port scan the boxes behind to determine if they > are properly protected by the firewall. > > A nice document on firewall testing would be CERT's: > http://www.cert.org/security-improvement/practices/p060.html > or Eugene Schultz's > www.cerias.purdue.edu/homes/firewall/references/fwtest.doc > > Also you could use a tool to test you firewall rules from inside/out such > as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/. > Is anyone aware of similar ones? (packaged in Debian?) i found that question interesting enough to dig a bit: $apt-cache search packet|grep IP (edited) isic - Test the integrity of an IP Stack with semi-random packets nemesis - TCP/IP Packet Injection Suite rain - packet builder for testing IP protocols implementations. sendip - A commandline tool to allow sending arbitrary IP packets. stone - TCP/IP packet repeater in the application layer other injectors can surely be found at packetstorm or similiar sites. searching freshmeat (traffic/firewall + test): http://freshmeat.net/projects/packit/ http://freshmeat.net/projects/trafficgenerator/ http://freshmeat.net/projects/apsr/ furthermore the somewhat related (and imho most interesting) http://freshmeat.net/projects/fragroute/ sf doesn't add anything new, a glance at google just shows alot of noise (LeakTest, ZoneAlarm, BlackICE) thinking about it, this might be interesting, too: http://www.doxpara.com/read.php/code/paketto.html regards, tok > > Regards > > Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: raw disk access
On Sábado, 8 de Febrero de 2003 23:49, Christian Storch wrote: > What about > > cp /dev/sdx /dev/sdy > > It works very well on two identical drives - > - perhaps when the second one is larger, too. > You don't need any permissions. The result is really a clone > including partition table! > I used this from a floppy with a full version of cp. AFAIK, the result is the same as dd'ing it. In different devices, it will fail due to geometrical reasons when the size of the cylinders in each device is different. i.e., different "H" and "S" parameters in CHS terminology. However, it will work if: a) They are geomtrically identical devices (same cylinders, heads and sectors). Or b) One device has more cylinders than the other, but they both have the same number of heads and sectors. This is how I see the matter. Of course, I could be wrong. Regards Pope -- Luis Gomez Miralles InfoEmergencias - Technical Department Phone (+34) 654 24 01 34 Fax (+34) 963 49 31 80 [EMAIL PROTECTED] PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
Re: raw disk access
On Sábado, 8 de Febrero de 2003 23:49, Christian Storch wrote: > What about > > cp /dev/sdx /dev/sdy > > It works very well on two identical drives - > - perhaps when the second one is larger, too. > You don't need any permissions. The result is really a clone > including partition table! > I used this from a floppy with a full version of cp. AFAIK, the result is the same as dd'ing it. In different devices, it will fail due to geometrical reasons when the size of the cylinders in each device is different. i.e., different "H" and "S" parameters in CHS terminology. However, it will work if: a) They are geomtrically identical devices (same cylinders, heads and sectors). Or b) One device has more cylinders than the other, but they both have the same number of heads and sectors. This is how I see the matter. Of course, I could be wrong. Regards Pope -- Luis Gomez Miralles InfoEmergencias - Technical Department Phone (+34) 654 24 01 34 Fax (+34) 963 49 31 80 [EMAIL PROTECTED] PGP Public Key available at http://www.infoemergencias.com/lgomez.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]