Re: aide, apt-get and remote management...
On 11 Dec 2003, Douglas F. Calvert wrote: > When I do the files are obviously different in the aide database and > I wondering if anyone has come up with a way to deal with these > differences. Do you mean that new signatures don't match the ones in database? In this case you review changes and if you're satisfied they are expected, just replace old database with new one. You need to keep database up to date. My AIDE reports are usually pretty short unless something big happens, like new packages, or reboot. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Re: aide, apt-get and remote management...
On 11 Dec 2003, Douglas F. Calvert wrote: > When I do the files are obviously different in the aide database and > I wondering if anyone has come up with a way to deal with these > differences. Do you mean that new signatures don't match the ones in database? In this case you review changes and if you're satisfied they are expected, just replace old database with new one. You need to keep database up to date. My AIDE reports are usually pretty short unless something big happens, like new packages, or reboot. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: aide, apt-get and remote management...
On 11 Dec 2003, DI Peter Burgstaller wrote: > Hi there, > > I'm trying to use aide now as well .. but with the default debian > config .. it produces every day massive changes .. especially to the > /var/log/* files due to logrotate. > > Any reasonable settings that account for that? Modify AIDE's config to suit your needs. Here's what works for me: # check user, group and permissions /var/log u+g+p # expect files to grow /var/log/.* > # permissions, user, group, number of links, and growing size for # syslog logs /var/log/syslog/.* p+u+g+n+S # don't check any of the following log directories =/var/log/(sysstat|setuid|apache|exim|ksymoops) R And I don't use Debian package, I've compiled AIDE myself. The config files I'm using probably have very little in common with what Debian supplies. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Re: aide, apt-get and remote management...
On 11 Dec 2003, DI Peter Burgstaller wrote: > Hi there, > > I'm trying to use aide now as well .. but with the default debian > config .. it produces every day massive changes .. especially to the > /var/log/* files due to logrotate. > > Any reasonable settings that account for that? Modify AIDE's config to suit your needs. Here's what works for me: # check user, group and permissions /var/log u+g+p # expect files to grow /var/log/.* > # permissions, user, group, number of links, and growing size for # syslog logs /var/log/syslog/.* p+u+g+n+S # don't check any of the following log directories =/var/log/(sysstat|setuid|apache|exim|ksymoops) R And I don't use Debian package, I've compiled AIDE myself. The config files I'm using probably have very little in common with what Debian supplies. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: aide, apt-get and remote management...
On 10 Dec 2003, Douglas F. Calvert wrote: > With all the recent discussions about debsigs and file integrity I > have been trying to figure out the best way to deal with apt-get > uprgades on remote machines with aide running. Does anyone have a > good system for the management of the aide database and system > upgrades? Or just any good aide tips would be nice as well. Here's how I do that. I have a tightly secured well-protected machine. It holds file integrity databases. Every night it runs AIDE on a bunch of remote machines (AIDE binary is uploaded, then signatures are collected and output is shipped back to the secure machine). AIDE reports are generated on the machine that initiated the check. Nothing on a remote machine indicates signatures are collected. That's the file integrity part. As for upgrades and updates, I never install anything automatically, but I have a cron job which checks if updates are available. And if there are, I would log on to a machine and install new packages myself. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Re: aide, apt-get and remote management...
On 10 Dec 2003, Douglas F. Calvert wrote: > With all the recent discussions about debsigs and file integrity I > have been trying to figure out the best way to deal with apt-get > uprgades on remote machines with aide running. Does anyone have a > good system for the management of the aide database and system > upgrades? Or just any good aide tips would be nice as well. Here's how I do that. I have a tightly secured well-protected machine. It holds file integrity databases. Every night it runs AIDE on a bunch of remote machines (AIDE binary is uploaded, then signatures are collected and output is shipped back to the secure machine). AIDE reports are generated on the machine that initiated the check. Nothing on a remote machine indicates signatures are collected. That's the file integrity part. As for upgrades and updates, I never install anything automatically, but I have a cron job which checks if updates are available. And if there are, I would log on to a machine and install new packages myself. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssl on debian
On Thu, 3 Jul 2003, [EMAIL PROTECTED] wrote: > i have installed openssl latest source, and everything installed > fine, but when i open a program that requires ssl it tells me ssl > not installed ?? > > I can type openssl at the prompt and can use that fine, so what i'am > i missing, You installed it from source, right? You need to make sure other programs know where OpenSSL's libraries are. Make sure line with path to OpenSSL libraries is on /etc/ld.so.conf. Then run ldconfig as root. But if you installed OpenSSL from latest source, you might encounter another problem. Packages were compiled against the packaged version and hence there's a change they won't work with the newest one. Be careful about that. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Re: ssl on debian
On Thu, 3 Jul 2003, [EMAIL PROTECTED] wrote: > i have installed openssl latest source, and everything installed > fine, but when i open a program that requires ssl it tells me ssl > not installed ?? > > I can type openssl at the prompt and can use that fine, so what i'am > i missing, You installed it from source, right? You need to make sure other programs know where OpenSSL's libraries are. Make sure line with path to OpenSSL libraries is on /etc/ld.so.conf. Then run ldconfig as root. But if you installed OpenSSL from latest source, you might encounter another problem. Packages were compiled against the packaged version and hence there's a change they won't work with the newest one. Be careful about that. - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Advice Needed On Recent Rootings
On Thu, 29 May 2003, Jayson Vantuyl wrote: > On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote: >> Just curious, how do you su to root, if root's password is >> disabled? Do you have a modified su replacement? > > One of the few really nice things to come out of RedHat is PAM. It's probably a good idea to mention that PAM came out of Sun :-) - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Advice Needed On Recent Rootings
On Thu, 29 May 2003, Jayson Vantuyl wrote: > On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote: >> Just curious, how do you su to root, if root's password is >> disabled? Do you have a modified su replacement? > > One of the few really nice things to come out of RedHat is PAM. It's probably a good idea to mention that PAM came out of Sun :-) - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Re: ssh + expired password
That's not the first time! When posting to this list, please post in English since this is the language of majority of subscribers. Questions in Russian must go to debian-russian list! - Peter -- Peter Solodov| Concordia University http://alcor.concordia.ca/~peter | Montreal, QC, Canada