Re: broken updates just now clamav ....
On Fri, 30 May 2008, Stephen Gran wrote: Good luck, and please feel free to tell upstream this was an unhelpful change. hrm, I wonder if/when the other (3rd party) dbs will get upgraded: http_source_urls=" http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz http://clamav.securiteinfo.com/vx.hdb.gz http://www.malware.com.br/cgi/submit?action=list_clamav,fetch_interval=86400, " Since I'm going to be out of town this weekend, I'm holding off on the clamav update 'til I'm back and can watch it - but the others are pulled from cron daily -- Rick Nelson Why use Windows when you can have air conditioning? Why use Windows, when you can leave through the door? -- Konrad Blum -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problems after sendmail security upgrade
On Mon, 3 Apr 2006, Emmanuel Halbwachs wrote: For some reasons, the admins didn't configure sendmail "the Debian way" and didn't use the queue aging feature in /etc/mail/sendmail.conf. - is it mandatory to use /etc/mail/sendmail.conf? No, not at all - is there a way to manually configure sendmail the classical way without using the Debian configuration wrappers but cleanly against the package upgrade? (no offense, just for people accustomed to other OS like *BSD) set this variable in /etc/mail/sendmail.conf HANDS_OFF="Yes"; After setting that, the scripts become non-functional; any and all changes must be done manually -- Rick Nelson Microsoft is a cross between the Borg and the Ferengi. Unfortunately, they use Borg to do their marketing and Ferengi to do their programming. -- Simon Slavin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problems after sendmail security upgrade
On Fri, 24 Mar 2006, Emmanuel Halbwachs wrote: Emmanuel Halbwachs a ?crit (Fri, Mar 24, 2006 at 06:57:43PM +0100) : - after the upgrade : in some cases (more on this below), incoming mail goes to /var/spool/mqueue/daily and is stuck there OK, the problem was on our side: /etc/cron.d/sendmail has been tailored to our needs and has been reverted to a standard Debian one by the upgrade. Very sorry for the noise and thanks for your collaboration. Can you mail me more details... there is support in /etc/mail/sendmail.conf to automagically support the type of queue aging that you are doing... -- Rick Nelson * BenC wonders why he has upgraded to 3.3.5-1 before teh X maintainer
Re: preserving sendmail configuration security hacks
On Wed, 10 Nov 2004, Duncan Simpson wrote: > I can put the rulesets Local_check_* rulesets in the LOCAL_RULESETS in > sendmail.mc and delete the blank ones make sendmail.cf generates > manually but this is suboptimal. Is there a way of writing the > sendmail.mc file so the extra rules in the Local_check_* rulesets > appear. I do stuff like this all the time (in sendmail.mc, or include): LOCAL_RULESETS # Allow etrn,expn,vrfy from anyplace allowed to relay through us SLocal_check_commands ... # No pause for port 587(MSP) as authentication is required SLocal_greet_pause ... The last case does cause two occurances of Slocal_greet_pause... but unlike the Bat book V2 (still gotta get V3), sendmail doesn't complain - and does the right thing. I'd be happy to look over you setup if you'd like... If you've got anything that might be generally applicable, I'd love to merge it into what I'm putting together... a set of hacks to increase security and simplify things as much as possible. -- Rick Nelson "What you end up with, after running an operating system concept through these many marketing coffee filters, is something not unlike plain hot water." (By Matt Welsh) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: telnetd vulnerability from BUGTRAQ
On Sat, 25 Sep 2004, Rick Moen wrote: > Quoting Richard A Nelson ([EMAIL PROTECTED]): > > > Yes, I have putty on *my* windows boxen... But there are still > > significant numbers of boxes that I use - MVS/VM (z/OS)... > > OpenSSH works on MVS. See: > http://www.stdnet.com/uploads/media/MOVEit-DMZ-Compatible-Clients.PDF. Yes indeed, but MVS isn't an OS where mere mortals get to install software... So I'd most likely be stuck with only client support. MVS is getting telnet-SSL support also - and I use that where I can > , W2k, etc. > > Innumerable SSH implementations work on MS-Windows 2000. See: > http://linuxmafia.com/ssh/win32.html I typically use cygwin on *MY* laptop, but when away from that - I try not to install random software on other's boxen > For others, please see: http://linuxmafia.com/ssh/ > > > ...that require me to allow directed telnet to my laptop/workstation. > > Maybe, but not the ones you mentioned. ok, I should've said to/from my laptop (and occaisionally other boxen) The point remains that while telnet/ftp should be treated as deprecated when feasible, sometimes there just aren't alternatives... and even stock w98 had a built-in telnet client. -- Rick Nelson Besides, its really not worthwhile to use more than two times your physical ram in swap (except in a select few situations). The performance of the system becomes so abysmal you'd rather heat pins under your toenails while reciting Windows95 source code and staring at porn flicks of Bob Dole than actually try to type something. -- seen on c.o.l.development.system, about the size of the swap space -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: telnetd vulnerability from BUGTRAQ
In the non-unix world, telnet is still a necessity :( Yes, I have putty on *my* windows boxen... But there are still significant numbers of boxes that I use - MVS/VM (z/OS), W2k, etc. that require me to allow directed telnet to my laptop/workstation. Just because there is a H2 on the block, doesn't mean that the original VW bug is now no longer needed... -- Rick Nelson Linux supports the notion of a command line or a shell for the same reason that only children read books with only pictures in them. Language, be it English or something else, is the only tool flexible enough to accomplish a sufficiently broad range of tasks. -- Bill Garrett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]