Re: Can a daemon listen only on some interfaces?
On Sat, Dec 08, 2001 at 07:39:44PM +1000, [EMAIL PROTECTED] wrote: > > The only ones I didn't know about in this list are portmap and > XF86_SVGA. Firstly, I can't seem to find the config file for X where > you set the --nolisten parameter >From man Xserver(1) -nolisten trans-type Disable a transport type. For example TCP/IP connections can be disabled with -nolisten tcp It's a command line option passed to the X server. Depending on how you start X, it could be passed in the startx file as part of serverargs: xinit $clientargs -- $serverargs Regards, Robert
Re: Can a daemon listen only on some interfaces?
On Sat, Dec 08, 2001 at 07:39:44PM +1000, [EMAIL PROTECTED] wrote: > > The only ones I didn't know about in this list are portmap and > XF86_SVGA. Firstly, I can't seem to find the config file for X where > you set the --nolisten parameter >From man Xserver(1) -nolisten trans-type Disable a transport type. For example TCP/IP connections can be disabled with -nolisten tcp It's a command line option passed to the X server. Depending on how you start X, it could be passed in the startx file as part of serverargs: xinit $clientargs -- $serverargs Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: finding hidden processes
On Mon, Dec 03, 2001 at 07:29:22PM +0100, Tarjei Huse wrote: For those few pid's which return no cmdline info (for instance): > pid: 111 > pid: 2 > pid: 3 > pid: 4 > pid: 429 etc... You can usually get some helpful info using: cd /proc cat pid/status Regards, Robert
Re: finding hidden processes
On Mon, Dec 03, 2001 at 07:29:22PM +0100, Tarjei Huse wrote: For those few pid's which return no cmdline info (for instance): > pid: 111 > pid: 2 > pid: 3 > pid: 4 > pid: 429 etc... You can usually get some helpful info using: cd /proc cat pid/status Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: finding hidden processes
Hello, On Mon, Dec 03, 2001 at 06:14:33PM +0100, Tarjei Huse wrote: > > How can I find these processes? cd /proc for n in [0-9]* ; do echo -n "pid: "$n" "; cat $n/cmdline; echo; done Hth Robert
Re: finding hidden processes
Hello, On Mon, Dec 03, 2001 at 06:14:33PM +0100, Tarjei Huse wrote: > > How can I find these processes? cd /proc for n in [0-9]* ; do echo -n "pid: "$n" "; cat $n/cmdline; echo; done Hth Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: a filter for tcp socket
Hello, > hello, > this is a work i would like to study but i fall in problem when looking for > Linux Socket Filtering Documentation. [ snip ]--- > .. through Linux Socket Filtering but it seem not to be any docs about that. > is there someone who has links to docs, examples or can suggest me another > way > to do that ? Use the source ;-) Regards, Robert
Re: FW: a filter for tcp socket
Hello, > hello, > this is a work i would like to study but i fall in problem when looking for > Linux Socket Filtering Documentation. [ snip ]--- > .. through Linux Socket Filtering but it seem not to be any docs about that. > is there someone who has links to docs, examples or can suggest me another > way > to do that ? Use the source ;-) Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: iptables install
Hello, On Fri, Jul 20, 2001 at 12:37:27PM -0700, Jeff Coppock wrote: >Dilemna: >I want to run iptables, but I'm running stable. I have a >clean, bootable 2.4.6 kernel (took awhile, but I got it), and >then realized that the iptable package in not in stable, but >is in testing and unstable. http://netfilter.filewatcher.org Have been using iptables on potato with no problems. Downloaded source and compiled. Check that you've included iptables support in your kernel, or have compiled the correct modules. Regards, Robert
Re: iptables install
Hello, On Fri, Jul 20, 2001 at 12:37:27PM -0700, Jeff Coppock wrote: >Dilemna: >I want to run iptables, but I'm running stable. I have a >clean, bootable 2.4.6 kernel (took awhile, but I got it), and >then realized that the iptable package in not in stable, but >is in testing and unstable. http://netfilter.filewatcher.org Have been using iptables on potato with no problems. Downloaded source and compiled. Check that you've included iptables support in your kernel, or have compiled the correct modules. Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: gnupg problem
Hello, > > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. > A reading of the Debian Social Contract (section 5) contains the following concerning "contrib" and "non-free"... "The software in these directories is not part of the Debian system, although it has been configured for use with Debian". One of the things that I find admirable about the Debian people is that they draw a very clear and crisp line as to what they consider acceptable to include in their distribution. Any compromise with those principles should be avoided. Mailcrypt isn't part of Debian, so it's not the responciblity of the security team. Regards, Robert
Re: gnupg problem
Hello, > > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. > A reading of the Debian Social Contract (section 5) contains the following concerning "contrib" and "non-free"... "The software in these directories is not part of the Debian system, although it has been configured for use with Debian". One of the things that I find admirable about the Debian people is that they draw a very clear and crisp line as to what they consider acceptable to include in their distribution. Any compromise with those principles should be avoided. Mailcrypt isn't part of Debian, so it's not the responciblity of the security team. Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: hi, any help ? about an evil mysterious crazy Open tcp port ?
Hello, On Tue, May 29, 2001 at 03:05:52AM +0300, killah wrote: > how, can i see the tcp port 4350 that states to be opened useing nmap As root, you can do: fuser -v -n tcp 4350 and: lsof -i tcp:4350 The lsof command, if it finds anything, will return a PID as part of it's output, you can then see the files used by that process with: lsof -p Regards, Robert
Re: hi, any help ? about an evil mysterious crazy Open tcp port ?
Hello, On Tue, May 29, 2001 at 03:05:52AM +0300, killah wrote: > how, can i see the tcp port 4350 that states to be opened useing nmap As root, you can do: fuser -v -n tcp 4350 and: lsof -i tcp:4350 The lsof command, if it finds anything, will return a PID as part of it's output, you can then see the files used by that process with: lsof -p Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange output from "last" command
Hello,
On Wed, Mar 21, 2001 at 02:39:39PM -0800, William R. Ward wrote:
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> I'm worried that the "date" entries are a consequence of
> some hacker activity, but I have been unable to find any other
> symptoms.
Are you running "rdate" to set your time ? It produces that behaviour.
Regards,
Robert
> --Bill.
>
> --
> William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
> -
> "Those are my principles. If you don't like them I have others."-Groucho Marx
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
Re: Strange output from "last" command
Hello,
On Wed, Mar 21, 2001 at 02:39:39PM -0800, William R. Ward wrote:
> date { Wed Mar 21 02:00 still logged in
> date | Wed Mar 21 02:00 still logged in
> I'm worried that the "date" entries are a consequence of
> some hacker activity, but I have been unable to find any other
> symptoms.
Are you running "rdate" to set your time ? It produces that behaviour.
Regards,
Robert
> --Bill.
>
> --
> William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
> -
> "Those are my principles. If you don't like them I have others."-Groucho Marx
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel patches
Hello, On Wed, Mar 07, 2001 at 05:03:55PM +0100, Niklas H?glund wrote: > Hi! > Anyone know where I can find a kernel patch that restricts users so.. > 'who' shows only the user himself "who" is not a kernel function, it's a system utility. Something like this will work: alias who="me=`whoami`; who | grep $me" You could put it in /home/user/.bashrc ... Regards, Robert > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: kernel patches
Hello, On Wed, Mar 07, 2001 at 05:03:55PM +0100, Niklas H?glund wrote: > Hi! > Anyone know where I can find a kernel patch that restricts users so.. > 'who' shows only the user himself "who" is not a kernel function, it's a system utility. Something like this will work: alias who="me=`whoami`; who | grep $me" You could put it in /home/user/.bashrc ... Regards, Robert > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: connecting to my box
Hello, On Sat, Jan 27, 2001 at 10:24:01AM -0600, Mohammed Elzubeir wrote: > > I just changed it and removed the last ':', and now I get "Permission > denied". Failing all else, SSH should ask you for a password if you have the server configured to allow this. In the SSH source code, in sshconnect1.c the "Permission denied." string is returned if "All authentication methods have failed..." Assuming you have not set up encrypted key exchange, etc, perhaps you should double check your configuration to see what authentication method your server will use. Regards, Robert --[snip]-
Re: connecting to my box
Hello, On Sat, Jan 27, 2001 at 10:24:01AM -0600, Mohammed Elzubeir wrote: > > I just changed it and removed the last ':', and now I get "Permission > denied". Failing all else, SSH should ask you for a password if you have the server configured to allow this. In the SSH source code, in sshconnect1.c the "Permission denied." string is returned if "All authentication methods have failed..." Assuming you have not set up encrypted key exchange, etc, perhaps you should double check your configuration to see what authentication method your server will use. Regards, Robert --[snip]- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Need help analyzing firewall log message
Hello, On Thu, Sep 14, 2000 at 07:59:08PM +0200, Christian Pernegger wrote: > Sep 14 19:41:44 jesus kernel: Packet log: \ > input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x > T=255 (#4) For ICMP protocol packets, the number following the source address should be the ICMP type and the number following the destination address should be the ICMP code. See the IPCHAINS-HOWTO (I'm not shouting, the name is written that way) at: http://www.linuxdoc.org Regards, Robert > > Happens in bursts of ~7, once a day, maybe more > > eth1 is the external interface, connected to a cable modem that is fully > transparent. > (That is I block all incoming/outgoing private LAN addresses and it still > works) > This is the only thing that I ever see coming in from a private address. > > Protocol 1 is ICMP according to /etc/protocols. > 10.34.15.1 seems to be other end of the cable modem bridge. (I made a route > and checked.) > The target ip is my box. > > How do I read the ports in ICMP logs? > > I'm sure it's legit, I just wanna know WTF my ISP is doing... > > Thanks > > Christian > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: Need help analyzing firewall log message
Hello, On Thu, Sep 14, 2000 at 07:59:08PM +0200, Christian Pernegger wrote: > Sep 14 19:41:44 jesus kernel: Packet log: \ > input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x > T=255 (#4) For ICMP protocol packets, the number following the source address should be the ICMP type and the number following the destination address should be the ICMP code. See the IPCHAINS-HOWTO (I'm not shouting, the name is written that way) at: http://www.linuxdoc.org Regards, Robert > > Happens in bursts of ~7, once a day, maybe more > > eth1 is the external interface, connected to a cable modem that is fully > transparent. > (That is I block all incoming/outgoing private LAN addresses and it still > works) > This is the only thing that I ever see coming in from a private address. > > Protocol 1 is ICMP according to /etc/protocols. > 10.34.15.1 seems to be other end of the cable modem bridge. (I made a route > and checked.) > The target ip is my box. > > How do I read the ports in ICMP logs? > > I'm sure it's legit, I just wanna know WTF my ISP is doing... > > Thanks > > Christian > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
