Checking behind the wall
Although it is good to have a properly setup firewall, I was wondering what else I could do to check that the machines behind it haven't been compromised (by an email trojan or the like)? I was thinking of setting up a scanner (strobe/nmap/...?) to automatically do a scan from a cron and mail the results to me. However, is there any existing framework like this that I could leverage? -- Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Checking behind the wall
Although it is good to have a properly setup firewall, I was wondering what else I could do to check that the machines behind it haven't been compromised (by an email trojan or the like)? I was thinking of setting up a scanner (strobe/nmap/...?) to automatically do a scan from a cron and mail the results to me. However, is there any existing framework like this that I could leverage? -- Mike
Re: Allow FTP in, but not shell login
Kenneth Pronovici wrote: you can change user's shell to /dev/null Well... it doesn't look like I can log in via telnet or FTP without a valid login shell. I tried that with various entries other than /dev/null ... If all that is needed is web page upload access, you could try installing WebDAV[1] and then disabling ftp entirely. Passwords for WebDAV are those used by apache for restricting access. You'd have to get them to use a WebDAV client though. I use sitecopy on unix and Goliath on MacOS. Dunno about Windows. Hmm, I think the web folders feature of Windows is actually just WebDAV. [1]: http://www.webdav.org -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/
Re: SSH and RSA
Duane Powers wrote: Hi all, [ ... ] I have found that he did not need to transmit the local password over the tunnel, but rather used RSA to verify his identity, but I can't find documentation on how to do it. man ssh, man ssh-agent, man ssh-add, Practical UNIX Internet Security does anyone have any information on how I can implement the same safeguards? [ ... ] He probably simply generated a public/private key on his local machine, and then ftp'd (or somehow transmitted) his public key to the remote host. Somewhere within the SSH protocol, his local private key is used to sign something which is then decrypted by the remote public key. Only someone who holds the correct private key would be able to sign something which could be decrypted by the public key so this authorises client (you) to the server. To set this up, you just have to do ssh-keygen locally then append ~local_user/.ssh/identity.pub to ~remote_user/.ssh/authorized_keys. You should then be able to do "ssh -l remote_user foo.com" without being asked for a password. I think that's right, but check the manpages anyway. -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH and RSA
Duane Powers wrote: Hi all, [ ... ] I have found that he did not need to transmit the local password over the tunnel, but rather used RSA to verify his identity, but I can't find documentation on how to do it. man ssh, man ssh-agent, man ssh-add, Practical UNIX Internet Security does anyone have any information on how I can implement the same safeguards? [ ... ] He probably simply generated a public/private key on his local machine, and then ftp'd (or somehow transmitted) his public key to the remote host. Somewhere within the SSH protocol, his local private key is used to sign something which is then decrypted by the remote public key. Only someone who holds the correct private key would be able to sign something which could be decrypted by the public key so this authorises client (you) to the server. To set this up, you just have to do ssh-keygen locally then append ~local_user/.ssh/identity.pub to ~remote_user/.ssh/authorized_keys. You should then be able to do ssh -l remote_user foo.com without being asked for a password. I think that's right, but check the manpages anyway. -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/
Re: security.debian.org in woody
Niklas Hglund (ETX) wrote: Hi! I'm running woody, should have "deb http://security.debian.org potato/updates ..." in my sources.list, as there is no "deb http://security.debian.org woody/updates ..." ? I'd also like to know this, as I am running "testing" right now. -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: security.debian.org in woody
Niklas Höglund (ETX) wrote: Hi! I'm running woody, should have deb http://security.debian.org potato/updates ... in my sources.list, as there is no deb http://security.debian.org woody/updates ... ? I'd also like to know this, as I am running testing right now. -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/
Is debian OpenBSD ftpd secure?
Hi. I ran SAINT over my system today, and it highlighted a possible vulnerability in the "ftpd" package[1]. I believe this relates to "anonymous" access. Now, access to the "anonymous" account is disabled in the /etc/ftpusers file, which I understand leads to this: ... Name (ftp.houseofmoran.com:mm): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530 Login incorrect. Login failed. ftp bye 221 Goodbye. It fails even if you give a valid email address. I take it that this is because the strategy is to not give away immediately that access is denied, like login does with non-existent accounts? However, SAINT still seems to pick this up as a vulnerability. Is this just because the SAINT detection routines get fooled by the almost-successful login, or is there actually a real vulnerability? Thanks, [1]: ftpd 0.11-8potato.1 -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is debian OpenBSD ftpd secure?
Berend De Schouwer wrote: On Tue, 30 Jan 2001 15:45:50 Mike Moran wrote: [ ... ] | However, SAINT still seems to pick this up as a vulnerability. Is this | just because the SAINT detection routines get fooled by the | almost-successful login, or is there actually a real vulnerability? It shouldn't. Its "best practice" to ALWAYS ask for a password, even if the account is disabled. Does SAINT give any more info? Not that I remember (I don't have SAINT available here right now). It just highlighted the OpenBSD server in its vulnerability list, and gave a link to a list of known problems with a whole load of ftp servers. OpenBSD was mentioned in the section about anonymous access vulnerability. However, from my reading, it is only vulnerable if the "anonymous" account is available for login. Still, I'd like to be sure that it isn't vulnerable; the previous (RH) machine I was on got hit by the Ramen Worm last week, so I'd like to be doubly sure I am safe from similar attacks on debian. Are there any other SAINT-like vulnerability testers that I could double check it with? -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Is debian OpenBSD ftpd secure?
Hi. I ran SAINT over my system today, and it highlighted a possible vulnerability in the ftpd package[1]. I believe this relates to anonymous access. Now, access to the anonymous account is disabled in the /etc/ftpusers file, which I understand leads to this: ... Name (ftp.houseofmoran.com:mm): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530 Login incorrect. Login failed. ftp bye 221 Goodbye. It fails even if you give a valid email address. I take it that this is because the strategy is to not give away immediately that access is denied, like login does with non-existent accounts? However, SAINT still seems to pick this up as a vulnerability. Is this just because the SAINT detection routines get fooled by the almost-successful login, or is there actually a real vulnerability? Thanks, [1]: ftpd 0.11-8potato.1 -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/
Re: Is debian OpenBSD ftpd secure?
Berend De Schouwer wrote: On Tue, 30 Jan 2001 15:45:50 Mike Moran wrote: [ ... ] | However, SAINT still seems to pick this up as a vulnerability. Is this | just because the SAINT detection routines get fooled by the | almost-successful login, or is there actually a real vulnerability? It shouldn't. Its best practice to ALWAYS ask for a password, even if the account is disabled. Does SAINT give any more info? Not that I remember (I don't have SAINT available here right now). It just highlighted the OpenBSD server in its vulnerability list, and gave a link to a list of known problems with a whole load of ftp servers. OpenBSD was mentioned in the section about anonymous access vulnerability. However, from my reading, it is only vulnerable if the anonymous account is available for login. Still, I'd like to be sure that it isn't vulnerable; the previous (RH) machine I was on got hit by the Ramen Worm last week, so I'd like to be doubly sure I am safe from similar attacks on debian. Are there any other SAINT-like vulnerability testers that I could double check it with? -- [EMAIL PROTECTED] Web: http://houseofmoran.com/ AvantGo: http://houseofmoran.com/Lite/