Re: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root
That is the process that sends out mail for a cronjob. I have had problems with those getting stuck if the mail message (output from the cron job) is more than 1 meg I think... it might have been more than 11 megs. I can't remember exactly but that is a normal process. I don't think it should stay in your process list for that long though... what does your pstree show? What is the parent process? you should be able to find out which cron it is being sent from as well. - Original Message - From: "Robert Ebright" <[EMAIL PROTECTED]> To: Sent: Thursday, June 19, 2003 9:10 AM Subject: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root > I have had some problems with attempted hacks on > my box and posted here the last few days. So > I've been checking the processing running on my > box and I see this. > PID TTY STAT TIME COMMAND > 28406 ?S 0:00 /usr/sbin/sendmail -i > -FCronDaemon -odi -oem root > > I have postfix installed, and I'm not sure if > this is a normal thing, or else a rogue process, > or just a cron job that got stuck. As around the > sametime my apache and apache-ssl both restarted > wtih errors below. And this command has been > running. I looked it up in google and only found > 4 instances of it, most in other languages so it > makes me think that it is not a normal process > that should be running. If someone knows please > share the info. Thanks for the help. > > apache/error.log:[Thu Jun 19 06:27:27 2003] > [notice] SIGUSR1 received. Doing graceful > restart > apache/error.log:[Thu Jun 19 06:27:28 2003] > [warn] module config_log_module is already > loaded, sk > ipping > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root
That is the process that sends out mail for a cronjob. I have had problems with those getting stuck if the mail message (output from the cron job) is more than 1 meg I think... it might have been more than 11 megs. I can't remember exactly but that is a normal process. I don't think it should stay in your process list for that long though... what does your pstree show? What is the parent process? you should be able to find out which cron it is being sent from as well. - Original Message - From: "Robert Ebright" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 19, 2003 9:10 AM Subject: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root > I have had some problems with attempted hacks on > my box and posted here the last few days. So > I've been checking the processing running on my > box and I see this. > PID TTY STAT TIME COMMAND > 28406 ?S 0:00 /usr/sbin/sendmail -i > -FCronDaemon -odi -oem root > > I have postfix installed, and I'm not sure if > this is a normal thing, or else a rogue process, > or just a cron job that got stuck. As around the > sametime my apache and apache-ssl both restarted > wtih errors below. And this command has been > running. I looked it up in google and only found > 4 instances of it, most in other languages so it > makes me think that it is not a normal process > that should be running. If someone knows please > share the info. Thanks for the help. > > apache/error.log:[Thu Jun 19 06:27:27 2003] > [notice] SIGUSR1 received. Doing graceful > restart > apache/error.log:[Thu Jun 19 06:27:28 2003] > [warn] module config_log_module is already > loaded, sk > ipping > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSL proxy server
Why don't you just ssh with port forwarding and only have the webserver listen locally? This will encrypt all the traffic and you wouldn't have to worry as much about secureity holes in the web server. Douglas Blood - Original Message - From: "Costas Magos" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Monday, May 05, 2003 9:03 AM Subject: SSL proxy server > Hello all, > > My new problem is not exactly debian-related but is surely > security-related :-) Anyway, I need desperately your security expertise > so here it goes: > > I am running a proprietary tacacs+ server that comes bundled with its > own web server used as management interface. The web server is also > commercial (a netscape server) on which it is nearly impossible to > enable SSL. As you can imagine, I need to access the web interface > through SSL.. > > Is it possible to create an SSL tunnel using stunnel or something > similar to protect the web transactions? How can this be done? Another > solution that I am thinking of (and prefer) is setting up a proxy > apache-ssl server on the same machine (or another machine on the same > DMZ) so that SSL communication is conducted with the proxy across the > firewall and unecrypted traffic is confined in the DMZ. Is that > possible? Can anybody help me in any way with such a configuration? > > Thanks all in advance. > > Costas Magos > Ariadne-t Network > ~kmag > > Please do not CC me, as I am subscribed to debian-security > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Blocking sub-range of IP addresses
http://www.ralphb.net/IPSubnet/class_a.html That is a page I use whenever I need to do anything with subnets. It explains that the /27 subnet has 30 hosts. So if you only wanted to block hosts X.Y.Z.23 - X.Y.Z.55 I would do everything under 64.. otherwise you get into defining multiple subnets so you would block X.Y.Z.64/27 - Original Message - From: "Bill" <[EMAIL PROTECTED]> To: Sent: Tuesday, March 11, 2003 1:12 PM Subject: Blocking sub-range of IP addresses > Hello Debian, > > I want to block all ip's ending in 224 to 255 but not 220 and others > searching the net I found I need to add "/27" to end of the ip. > I understand /8 /16 /24 /32 somewhat but... > > My question: what makes /27 significant > X.Y.Z.224 - X.Y.Z.255 > deny from 63.148.99.224/27 > > Thanks > P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ??? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Blocking sub-range of IP addresses
http://www.ralphb.net/IPSubnet/class_a.html That is a page I use whenever I need to do anything with subnets. It explains that the /27 subnet has 30 hosts. So if you only wanted to block hosts X.Y.Z.23 - X.Y.Z.55 I would do everything under 64.. otherwise you get into defining multiple subnets so you would block X.Y.Z.64/27 - Original Message - From: "Bill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 11, 2003 1:12 PM Subject: Blocking sub-range of IP addresses > Hello Debian, > > I want to block all ip's ending in 224 to 255 but not 220 and others > searching the net I found I need to add "/27" to end of the ip. > I understand /8 /16 /24 /32 somewhat but... > > My question: what makes /27 significant > X.Y.Z.224 - X.Y.Z.255 > deny from 63.148.99.224/27 > > Thanks > P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ??? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
