Re: [expert] mandrake snf mnf and Tripwire
On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Thanks in adance. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Fri, 2003-01-10 at 08:29, Lorne wrote: On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Going way out on a limb, and I should really look it up in Ye Olde Textbook, but I would guess that the directory level check only alerts that something in the directory changed, but not what that file was, whereas a file-level check would tell you /bin/ls just got updated or backd00red. I'm probably wrong though :-) -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Friday 10 January 2003 09:47 am, Jack Coates wrote: On Fri, 2003-01-10 at 08:29, Lorne wrote: On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Going way out on a limb, and I should really look it up in Ye Olde Textbook, but I would guess that the directory level check only alerts that something in the directory changed, but not what that file was, whereas a file-level check would tell you /bin/ls just got updated or backd00red. I'm probably wrong though :-) hmm the real problem I've had is the lack of documentation. It seems the trip wire folks have done them selves a disservice by not having more information out there. ?? If you know of a book name or source I can go find, I'm all over that. :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] mandrake snf mnf and Tripwire
I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. Thanks in adance. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Thanks in adance. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Mandrake SNF
Hey Guys! I loaded SNF on a new box this weekend. (very cool little util from what I can tell) On the SNF: I can ping www.yahoo.com, and it replies. (so I assume all is good with the internet connection on that box. On a client machine behind the firewall I set: IP: 192.168.1.9 NetMast: 255.255.255.0 Gateway: 192.168.1.10 (firewall IP) DNS: 192.168.1.10 ( I have also tried a live DNS servers IP) I can ping the firewall from the machine behind the firwall, but if I try to ping www.yahoo.com it does not work. However I CAN ping live internet addresses from behind the firwall without a problem. Can anyone guess what im doing wrong?? I thought maybe the firwall just blocks pings from the inside to the outside, but my browser does not seem to be able to surf the net. (I can get to the web admin) on another not, I cant seem to get the DHCP server of the firewall to work either, but I assume that is another problem, but I thought I would throw it in in case it might be connected. Thanks ALL! Dan -- = Dan Belkie System Architect Forzani Group LTD Phone: 403.717.1400 ext 1642 Mobile: 403.605.6354 Email: [EMAIL PROTECTED] http://www.sportchek.ca = Parts that don't exist can't break. -Original Message- From: Belkie, Dan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:05 AM To: '[EMAIL PROTECTED]' Subject: RE: [expert] Remote backup Again Hi guys! Thanks for the help, But im looking for something that can remotely back up data from windows and Linux boxes. Maybe just a simple FTP? I need to automate it and would prefer not to have to set up automated FTP clients on each box. Right now I only need data from 4 or 5 boxes (4 windows and 1 Linux), but need to be able to manage about 25 or so in the future. Thoughts? -- = Dan Belkie -Original Message- From: Randy Kramer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 6:52 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Remote backup Belkie, Dan wrote: Can anyone recommend any data backup server software for Linux? I would like to remotely back up my office computers to my home through the night. I would like to only update the data that has changed. Anyone know of anything like this? Look into rsync. It's what I plan to use for a similar purpose. I have some information here, including (I hope) a link to the rsync home page. http://twiki.org/cgi-bin/view/Wikilearn/RsyncInGeneral If you find some better resources, or want to make some notes for others to use, consider registering at http://twiki.org/cgi-bin/view/TWiki/TWikiRegistration and editing or creating pages yourself. Randy Kramer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake SNF
I tried SNF a couple of months ago as well. Had the exact same problem. Sorry to say that I (after 2 days) gave up. I managed to resolve the ping issue, and get client machines on the internet, but I couldn't get FTP, SMTP, or POP to go thru the firewall. If you're looking for a dead dog simple firewall, router, etc. try: www.bbiagent.net I had it up and running in 30 minutes. Its linux, and free. I love Mandrake, but I couldn't get SNF to behave. Maybe someone on the list can offer some better advice?? Bill. On Mon, 25 Feb 2002 09:14:42 -0700 Belkie, Dan [EMAIL PROTECTED] wrote: Hey Guys! I loaded SNF on a new box this weekend. (very cool little util from what I can tell) On the SNF: I can ping www.yahoo.com, and it replies. (so I assume all is good with the internet connection on that box. On a client machine behind the firewall I set: IP: 192.168.1.9 NetMast: 255.255.255.0 Gateway: 192.168.1.10 (firewall IP) DNS: 192.168.1.10 ( I have also tried a live DNS servers IP) I can ping the firewall from the machine behind the firwall, but if I try to ping www.yahoo.com it does not work. However I CAN ping live internet addresses from behind the firwall without a problem. Can anyone guess what im doing wrong?? I thought maybe the firwall just blocks pings from the inside to the outside, but my browser does not seem to be able to surf the net. (I can get to the web admin) on another not, I cant seem to get the DHCP server of the firewall to work either, but I assume that is another problem, but I thought I would throw it in in case it might be connected. Thanks ALL! Dan -- = Dan Belkie System Architect Forzani Group LTD Phone: 403.717.1400 ext 1642 Mobile: 403.605.6354 Email: [EMAIL PROTECTED] http://www.sportchek.ca = Parts that don't exist can't break. -Original Message- From: Belkie, Dan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:05 AM To: '[EMAIL PROTECTED]' Subject: RE: [expert] Remote backup Again Hi guys! Thanks for the help, But im looking for something that can remotely back up data from windows and Linux boxes. Maybe just a simple FTP? I need to automate it and would prefer not to have to set up automated FTP clients on each box. Right now I only need data from 4 or 5 boxes (4 windows and 1 Linux), but need to be able to manage about 25 or so in the future. Thoughts? -- = Dan Belkie -Original Message- From: Randy Kramer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 6:52 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Remote backup Belkie, Dan wrote: Can anyone recommend any data backup server software for Linux? I would like to remotely back up my office computers to my home through the night. I would like to only update the data that has changed. Anyone know of anything like this? Look into rsync. It's what I plan to use for a similar purpose. I have some information here, including (I hope) a link to the rsync home page. http://twiki.org/cgi-bin/view/Wikilearn/RsyncInGeneral If you find some better resources, or want to make some notes for others to use, consider registering at http://twiki.org/cgi-bin/view/TWiki/TWikiRegistration and editing or creating pages yourself. Randy Kramer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Mandrake SNF
Anybody here know how to install the SNF edition of Mandrake? I've installed it but I can't get it to accept https connections so I can actually configure it. According to the docs, it should just work, but somehow I think not everything is installed (like Bastille, for example), neither with the recommended nor expert install. In fact, I can't even find Bastille on the CD. Any help would be greatly appreciated. --chris _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Mandrake SNF
well, I don't know, never used bastille, but as far as I know, snf is based on mdk 7.2 which didn't have bastille Bastille became standard in Mandrake with the advent of 8 I believe.. Frank Hauptle Network Payment Solutions. === |To correct all M$ Windows(tm) problems, only one | |small command is necessary: | | | |format C:| | | |(then press y.) Bingo! Your windows(tm) computer is | |now secure, stable, and everybit as useful. :-) | | | |== -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Grevstad Sent: Friday, 5 October 2001 9:24 PM To: [EMAIL PROTECTED] Subject: [expert] Mandrake SNF Anybody here know how to install the SNF edition of Mandrake? I've installed it but I can't get it to accept https connections so I can actually configure it. According to the docs, it should just work, but somehow I think not everything is installed (like Bastille, for example), neither with the recommended nor expert install. In fact, I can't even find Bastille on the CD. Any help would be greatly appreciated. --chris _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Mandrake SNF - Firewall rules
Hello, I´m using Mandrake SNF. I want (need) to use the secure remote client from CheckPoint on my local w2k PC´s. From the CheckPOint documentation I now the following details: TCP: outgoing to 99.99.99.99 port=264 (IP adr. is not the real) UDP: outgoing to 99.99.99.99 port=500 (IP adr. is not the real) incoming from 99.99.99.99 port=500 (IP adr. is not the real) outgoing to 99.99.99.99 port=2746 (IP adr. is not the real) incoming from 99.99.99.99 port=2746 (IP adr. is not the real) And this is my configuration: SDSL-Router: externe IP: 123.123.123.123 (IP adr. is not the real) interne IP: 10.0.0.250 - 255.255.255.0 Firewall: externe IP: 10.0.0.1 - 255.255.255.0 - eth1 interne IP: 192.168.3.2 - 255.255.255.0 - eth0 I enabled all Ports for the Office Traffic and I tested with and without enabeling the ports 264,500 and 2764 Internet Traffic. And every time it is not working. What´s wrong? I don´t know. Is there anybody who can help me? Thanx in advance Stefan.