RE: [hlds_linux] Linux don't create logs
> Yeah, man...that's what gets me down sometimes. I work for a software > company (not a developer, myself), and sometimes you end up talking to > some net admin that's trying to run your server software but is adamant > about NOT opening any more ports than are *absolutely necessary* on the > firewall...even if all ports are going to allow traffic only to and from > the one server box. It's weird, but a common occurrence, even among > highly trained admins. People seem to think that more ports open means > less security, when in reality it's not the ports that are security > holes, it's the services communicating through those ports. You've > already got at least 2 ports open (minimum), so why balk at a range 1000 > more for the service? I have a guy I code for sometimes who believes the same thing. That basically crackers can exploit "ports" even if there is no application that has them open. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Linux don't create logs
> Blocking all the other services doesn't help if you have one > that is insecure (or running as root). If you have nothing on > the machine but a web server, and through the combination of it > running as root (unlikely) and a misconfiguration or summat, > it's just as easy to break into as a machine with no firewall > and a whole bunch of other programs, all properly secured, with > the buggy/misconfigured web server. Moral of the story: root != > (everyday user || service account) Yeah, man...that's what gets me down sometimes. I work for a software company (not a developer, myself), and sometimes you end up talking to some net admin that's trying to run your server software but is adamant about NOT opening any more ports than are *absolutely necessary* on the firewall...even if all ports are going to allow traffic only to and from the one server box. It's weird, but a common occurrence, even among highly trained admins. People seem to think that more ports open means less security, when in reality it's not the ports that are security holes, it's the services communicating through those ports. You've already got at least 2 ports open (minimum), so why balk at a range 1000 more for the service? -- Eric (the Deacon remix) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Linux don't create logs
Even with highest security, you are still at risk. Blocking all the other services doesn't help if you have one that is insecure (or running as root). If you have nothing on the machine but a web server, and through the combination of it running as root (unlikely) and a misconfiguration or summat, it's just as easy to break into as a machine with no firewall and a whole bunch of other programs, all properly secured, with the buggy/misconfigured web server. Moral of the story: root != (everyday user || service account) --agenthh SQLBoy wrote: Not even if "with the highest security on?" On Tue, 2003-02-11 at 19:35, Oscar N wrote: hmm, running stuff as root is not secure, not in any way, not even close... /Oscar White Tiger* wrote: He's wise! I love him :p -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of agenthh Sent: Tuesday, February 11, 2003 6:01 PM To: [EMAIL PROTECTED] Subject: Re: RE: [hlds_linux] Linux don't create logs Crazy. As the linux kernel README says, "Never take the name of root in vain." It is easy and simple to run HLDS as a separate user. Sure, you may only have HLDS on the box, but that doesn't make it good security policy. What if some l4m3r somehow gets in and trashes the box, due to the fact that HLDS is running as root? Basically, you can run HLDS as root, it's just that running as another user has less risk, for no real work. Oh, and habits. Who knows, I've done this before, you might be working on some other box, and your default policy is to run stuff as root. You might just install something as root, especially something insecure. BAD. --agenthh ---Original Message--- From: John Hemmingsen <[EMAIL PROTECTED]> Sent: 02/11/03 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] Linux don't create logs I currently run it as root, with highest security on. Only 5 ports are allowed in/out on server (the ones that hl/cs require) Got nothing else on the dedicated server, it is also outside my router. With own ip address. So I don't think running as root is dangerous :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- SQLBoy <[EMAIL PROTECTED]> http://www.playway.net ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Linux don't create logs
Not even if "with the highest security on?" On Tue, 2003-02-11 at 19:35, Oscar N wrote: > hmm, running stuff as root is not secure, not in any way, not even close... > > /Oscar > > White Tiger* wrote: > > >He's wise! I love him :p > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED]] On Behalf Of agenthh > >Sent: Tuesday, February 11, 2003 6:01 PM > >To: [EMAIL PROTECTED] > >Subject: Re: RE: [hlds_linux] Linux don't create logs > > > > > >Crazy. > >As the linux kernel README says, "Never take the name of root in vain." > >It is easy and simple to run HLDS as a separate user. Sure, you may only > >have HLDS on the box, but that doesn't make it good security policy. > >What if some l4m3r somehow gets in and trashes the box, due to the fact > >that HLDS is running as root? Basically, you can run HLDS as root, it's > >just that running as another user has less risk, for no real work. Oh, > >and habits. Who knows, I've done this before, you might be working on > >some other box, and your default policy is to run stuff as root. You > >might just install something as root, especially something insecure. > >BAD. > > > >--agenthh > > > >---Original Message--- > >From: John Hemmingsen <[EMAIL PROTECTED]> > >Sent: 02/11/03 11:47 AM > >To: [EMAIL PROTECTED] > >Subject: RE: [hlds_linux] Linux don't create logs > > > > > > > >> > >> > >I currently run it as root, with highest security on. > >Only 5 ports are allowed in/out on server (the ones that hl/cs require) > >Got nothing else on the dedicated server, it is also outside my router. > >With own ip address. > > > >So I don't think running as root is dangerous :) > >___ > >To unsubscribe, edit your list preferences, or view the list archives, > >please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > >___ > >To unsubscribe, edit your list preferences, or view the list archives, please visit: > >http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- SQLBoy <[EMAIL PROTECTED]> http://www.playway.net ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Linux don't create logs
On Wed, 2003-02-12 at 13:35, Oscar N wrote: > hmm, running stuff as root is not secure, not in any way, not even close... 'Stuff' ?? Lots of 'stuff' requires being run as root. Its simply a case that hlds doesnt need to be, so shouldnt be. Being root != insecure, it simply increases what damage can be done when software/deamons/etc.. are exploited. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Linux don't create logs
hmm, running stuff as root is not secure, not in any way, not even close... /Oscar White Tiger* wrote: He's wise! I love him :p -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of agenthh Sent: Tuesday, February 11, 2003 6:01 PM To: [EMAIL PROTECTED] Subject: Re: RE: [hlds_linux] Linux don't create logs Crazy. As the linux kernel README says, "Never take the name of root in vain." It is easy and simple to run HLDS as a separate user. Sure, you may only have HLDS on the box, but that doesn't make it good security policy. What if some l4m3r somehow gets in and trashes the box, due to the fact that HLDS is running as root? Basically, you can run HLDS as root, it's just that running as another user has less risk, for no real work. Oh, and habits. Who knows, I've done this before, you might be working on some other box, and your default policy is to run stuff as root. You might just install something as root, especially something insecure. BAD. --agenthh ---Original Message--- From: John Hemmingsen <[EMAIL PROTECTED]> Sent: 02/11/03 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] Linux don't create logs I currently run it as root, with highest security on. Only 5 ports are allowed in/out on server (the ones that hl/cs require) Got nothing else on the dedicated server, it is also outside my router. With own ip address. So I don't think running as root is dangerous :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: RE: [hlds_linux] Linux don't create logs
He's wise! I love him :p -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of agenthh Sent: Tuesday, February 11, 2003 6:01 PM To: [EMAIL PROTECTED] Subject: Re: RE: [hlds_linux] Linux don't create logs Crazy. As the linux kernel README says, "Never take the name of root in vain." It is easy and simple to run HLDS as a separate user. Sure, you may only have HLDS on the box, but that doesn't make it good security policy. What if some l4m3r somehow gets in and trashes the box, due to the fact that HLDS is running as root? Basically, you can run HLDS as root, it's just that running as another user has less risk, for no real work. Oh, and habits. Who knows, I've done this before, you might be working on some other box, and your default policy is to run stuff as root. You might just install something as root, especially something insecure. BAD. --agenthh ---Original Message--- From: John Hemmingsen <[EMAIL PROTECTED]> Sent: 02/11/03 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] Linux don't create logs > > I currently run it as root, with highest security on. Only 5 ports are allowed in/out on server (the ones that hl/cs require) Got nothing else on the dedicated server, it is also outside my router. With own ip address. So I don't think running as root is dangerous :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] Linux don't create logs
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Hi, My first post and first time setting up own server :) I have installed Redhat Mandrake 8.0 (linux) and cs offcourse. I am noob @ linux, but installed it and it runs just fine. I use adminmod on the server, works fine too. My problem is whenever i ban anyone it erases the whole banlist, so i must add the bakup over the newone to get everyone still banned. (i use SAMC list, 12000 banned wonids). I got Hlguard aswell, it looks like that one is working properly. I get problem with logging of the server too. I have enabled logging in cfg files, but it dosn't create a log folder in cs. So the server isn't logging afterall. I might have made noob mistakes, i don't know. I would be very thankful if anyone have any ideas how to correct these issues. Server ip: 81.0.162.154:27015 Sincerely [ZlD]Zelda -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux