Re: Broken links in web-page
Hello Henri, On Thu, Jul 28, 2011 at 05:22:58PM +0300, Henri Salo wrote: Page http://www.debian.org/security/audit/tools contains broken links to several locations: I sent a bug report. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635903. I set you as the submitter, so you'll get noticed when this gets fixed. Greetings, Mike Dornberger -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110729174209.gc4...@wolfden.dnsalias.net
Re: basically security of linux
Hi, On Fri, Jan 16, 2009 at 03:13:10PM -0600, Boyd Stephen Smith Jr. wrote: On Friday 2009 January 16 14:45:44 Michael Loftis wrote: [hardlinking (suid binaries in hope a vulnerability will be found)] you can't do it across drives, Right, but the default partitioning puts /sbin /usr/sbin etc. on the same filesystem as /home and /tmp, exposing the system to these attacks. just an addition: Often I've seen /home as a separate mount (mounted nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which can't be tmpfs, because it's purpose is to retain the files even across reboots). I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp - /var/tmp) with additional options nosuid,nodev,... (while /var or / is mounted suid,dev,...)? Greetings, Mike Dornberger -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Mass-updating cached hosts keys afrer ssh security upgrade?
Hi, On Mon, Jul 21, 2008 at 06:43:31PM -0500, JW wrote: Has anyone come up with a way to read all the cached hosts - all the ~/.ssh/known_hosts entries on a system (or at least per user) and fix them? Essentially I need some semi-automated way to fix this since I have many users's connections to fix still (hundreds if not thousands by the time I do machines X users X outgoing connections). I have written a little script that does this with the help of ssh-keyscan's -R option. (It doesn't work with the sarge version btw. because it didn't have -R.) If you put in your domain at the beginning and the hostnames in the for x in... loop it deletes (the probably hashed) lines with hostname.domain, hostname (w/o domain) if the domain is in /etc/resolv.conf and the IP of hostname.domain, if it can be resolved at the time the script runs. I have put the test with /etc/resolve.conf there, so the script can be run by users on computers in other domains, but won't delete lines for host001 there, because the would really be host001.otherdomain and not host001.yourdomain. In any case it makes a backup of the original known_hosts. It maybe is a bit too verbose, maybe some warnings get easily overlooked because of that (e. g. problem resolving hostname.domain - IP). If you use IPv6 already, you probably need to add some lines for that to the script. It should be similar to the IPv4 case. Greetings, Mike Dornberger delvulnhostkeys.sh Description: Bourne shell script
Re: Command history log for audit trail
Hi, On Thu, Jun 15, 2006 at 01:08:37PM -0700, [EMAIL PROTECTED] wrote: I need to set up an audit trail for all commands run on machines. I I'm no kernel expert, but can't processes be forked, too by calling some kernel functions directly (I mean not by using library functions)? I don't know if actual kernels have some kind of hook therefor. You may need to write a kernel module, if not. Maybe such module is part of modern intrusion detection systems. Greetings, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Request for comments: iptables script for use on laptops.
you don't trust the other users there? Why do they have an account then or a computer that is connected to the internet (assuming you don't want them to surf or run some file exchange/p2p service)? Once you allow a user to just connect to a single port out there, he might start to tunnel stuff if he really wants to do something else... (ssh over HTTP someone?) I think telling them (or not) that you do monitor the traffic (at the gateways) is far better. At least tell them, what you _not_ want them to do but don't block output. You know, they might have found a (HTTP) server running on port 6881, that tells them how to do their work ten times more efficient. :) Maybe blocking something in OUTPUT is reasonable for servers as a stumbling block if a service got taken over but then it probably won't be long until the intruder got root access there and removes the rules anyway. Greetings, Mike Dornberger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
Hi, On Wed, May 10, 2006 at 11:06:11AM +0200, Toni Mueller wrote: there's a slight problem with that: On Tue, 09.05.2006 at 13:25:22 +0200, Martin Schulze [EMAIL PROTECTED] wrote: Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb Size/MD5 checksum:45070 6d615bf5aabdb87e53b392e56d67a31c # env LANG=C /usr/bin/wget -N http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb --11:04:41-- http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb = `libtiff-opengl_3.7.2-3sarge1_i386.deb' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:3128... connected. Proxy request sent, awaiting response... 404 Not Found 11:04:41 ERROR 404: Not Found. I have no problem with it. Maybe your Proxy didn't request that file from the server? Greetings, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
