Re: [SLUG] Recommending a Keyspan USB-Serial adapter

[Simon Wong]

On Wed, 2005-04-13 at 14:37 +1000, Terry Collins wrote:
> What drivers are you using?

I knew there was something else I was going to add!

Debian Testing Kernel 2.6.8-2-686 so the module is "keyspan" included
with the Debian kernel:

filename:   
/lib/modules/2.6.8-2-686/kernel/drivers/usb/serial/keyspan.ko
author: Hugh Blemings <[EMAIL PROTECTED]
description:Keyspan USB to Serial Converter Driver
license:GPL
vermagic:   2.6.8-2-686 preempt 686 gcc-3.3
depends:usbcore,usbserial
...
alias:  usb:v06CDp0110dl*dh*dc*dsc*dp*ic*isc*ip*
alias:  usb:v06CDp010Adl*dh*dc*dsc*dp*ic*isc*ip*
alias:  usb:v06CDp012Adl*dh*dc*dsc*dp*ic*isc*ip*
parm:   debug:Debug enabled or not

Works a treat in my testing so far :-)



-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] SLUG BoF at LCA?

[Peter Hardy]

On Wed, 2005-04-13 at 14:30 -0400, David Kempe wrote:
> Peter Hardy wrote:
> 
> >Anybody interested in having a SLUG dinner one night during LCA?
> >
> >  
> >
> 
> yeah. might be up for it. of course we could just meet up somewhere for 
> a beer

I hope you don't think I would seriously suggest dining with slug people
*without* beer?! The very concept is absurd. :-)

I was thinking along the lines of the usual after-meeting dinner
transplanted to a different city. There's a lot of SLUG people going to
LCA who I haven't had the chance to actually meet yet, and staying away
from a pub for a while means some of our more age-challenged members can
join in.

-- 
Pete

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Recommending a Keyspan USB-Serial adapter

[Terry Collins]

Simon Wong wrote:
Just thought I'd drop a line to recommend a USB to Serial adaptor 
What drivers are you using?
I acquired some yum cha USB to serial cables before, but have not yet 
fiddled with them.

--
   Terry Collins {:-)}}} email: terryc at woa.com.au  www: 
http://www.woa.com.au
   Wombat Outdoor Adventures 

 "People without trees are like fish without clean water"
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] SLUG BoF at LCA?

[David Kempe]

Peter Hardy wrote:
Anybody interested in having a SLUG dinner one night during LCA?
 

yeah. might be up for it. of course we could just meet up somewhere for 
a beer

dave
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Alexander Samad]

On Tue, Apr 12, 2005 at 10:30:23PM +1000, Nick Croft wrote:
> * Rob Sharp ([EMAIL PROTECTED]) wrote:
> > Funny you should menion it but:
> > 
> > grep Invalid /var/log/auth.log yields
> > 
> > Apr 10 07:05:36 islay sshd[3403]: Invalid user t from :::211.30.136.xxx
> > Apr 10 13:00:41 islay sshd[3823]: Invalid user test from 
> > :::61.144.122.39
> > Apr 12 00:05:59 islay sshd[4048]: Invalid user test from 
> > :::202.82.195.xxx
> > Apr 12 00:06:01 islay sshd[4050]: Invalid user guest from 
> > :::202.82.195.xxx
> > Apr 12 00:06:04 islay sshd[4052]: Invalid user admin from 
> > :::202.82.195.xxx
> > Apr 12 00:06:06 islay sshd[4054]: Invalid user admin from 
> > :::202.82.195.xxx
> > Apr 12 00:06:07 islay sshd[4056]: Invalid user user from 
> > :::202.82.195.xxx
> > Apr 12 00:06:14 islay sshd[4064]: Invalid user test from 
> > :::202.82.195.xxx
> > Apr 12 00:06:17 islay sshd[4066]: Invalid user test from 
> > :::202.82.195.xxx
> > Apr 12 00:06:19 islay sshd[4068]: Invalid user test from 
> > :::202.82.195.xxx
> > Apr 12 00:06:21 islay sshd[4070]: Invalid user test from 
> > :::202.82.195.xxx
> > 
> > All the latter accesses are from the same IP address too...
> > 
> Bah
> 
> test, guest, admin, user
> 
> My would-be sshers are:
> 
> mustang, tigger , maggie , pascal , tara, violet, sheena, nikiata, shadow,
> antik, itera, kerlim magnus, lover, krista, liana, gigi, hello, lady, yoko
> and zetina.
> 
> They're from Russia, and can keep trying as long as they don't get in.

been seeing this for a while too, I changed sshd to only allow key
authentication and I also scan the log and TARPIT the address they are
comming from on the hour !

A

> 
> N
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] SLUG BoF at LCA?

[Peter Hardy]

Anybody interested in having a SLUG dinner one night during LCA?

-- 
Pete

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Recommending a Keyspan USB-Serial adapter

[Simon Wong]

Just thought I'd drop a line to recommend a USB to Serial adaptor if
anyone else needs a serial port for their laptop that only has USB.
There are lots on the market but I had heard lots of sad stories of
limited success.

I'm using a Keyspan USA-19HS (www.keyspan.com/support/linux) very
successfully to talk to modems and serial barcode printers (Zebra).

HTH someone.


-- 
Simon Wong <[EMAIL PROTECTED]>
Wongy.org

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[O Plameras]

Joshua Bassett wrote:
Hi Sluggers,
I was going through my auth.log file the other day and noticed that
someone (possibly several machines) are trying to login to my box
using a variety of "canned" usernames. Looks like they're trying to
bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
Also, are they likely to try more cunning techniques (ie. exploits) if
this yeilds no results for them? Is there a way I can find the person
behind this?
Any help would be greatly appreciated.
 

One of the protection methods from these attacks is to
'hide' your Login Server(LS).
You may 'hide' your (LS) by using Firewall. Hiding
LS is one of the functions of Firewall.
In addition or by itself, you may use 'Authentication and
Authorization Systems' that's client-server where the
client (the attacker)  has to be a member of the REALM
that you are belonging to, in your Local Area Network (LAN).
The attacker has to determine your REALM first of all inorder
to start to launch an attack. After that he has to acquire a specific
Authenticatiion System which do not come installed by default
on MSWindows, MacOS, or Linux. These alone will prevent
many canned software from successfully penetrating your system.
The more pre-requisites there are for launching an attack is so much 
better for your security.

With this in my design, I am using Kerberos5 for my Authentication
and Authorization Systems at home (http://web/mit.edu/kerberos/www).
One important feature of this System to prevent the attacks you illustrated
from being successful, is its ability to implement 'policy' authentication
whereby users are force to use 'strong' username/password combinations.
It implements Secure-ID Authentication or what people call 'strong 
authentication'.
What this means is that  the password does not travel across 'the wire'
from client-to-server and vice-versa;  the password is only used within
the server and/or within the client computers and is encrypted. The
passwords, even when already encrypted, are not exchanged between
client and server computers.

Conversations between the server and client computers have security and
privacy as these are encrypted using strong encryption standards.
Kerberos5 uses triple-DES as default encryption whilst Kerberos4 uses
DES.
Authentication is symmetric.  This means the server authenticates
the client and the client authenticates the server.
Authentication is implemented by requesting and acquiring Keys. The
Key Distribution Center, which supplies Keys after an authenticated 
request,
is centralised making management simple and efficient. Just to illustrate,
even if this does not apply to you. Imagine if you have 10 or 100 servers.
Many organisations these days have thousands of servers each.

A sysadmin person left the company suddenly under questionable
circumstances. He has Admin permissions to several servers, say 500
servers. With Kerberos the procedure calls for a simple procedure of
changing the authentication of Admin once and it will be implemented
across all of your servers, automatically. Another way I look at this
is it helps enforce standards of authentication within the Company.
There are  other features that can be implemented depending on your
requirements.
A snippet:
mybox:~# grep Illegal /var/log/auth.log
Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
:::67.112.29.138
Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
:::67.112.29.138
Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
:::67.112.29.138
Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
:::67.112.29.138
Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:33:58 localhost sshd[9920]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:34:09 localhost sshd[9932]: Illegal user rolo from
:::203.145.172.175
Apr 10 10:34:10 localhost sshd[9934]: Illegal user iceuser from
:::203.145.172.175
Apr 10 10:34:12 localhost sshd[9936]: Illegal user horde from
:::203.145.172.175
Apr 10 10:34:14 localhost sshd[9938]: Illegal user cyrus from
:::203.145.172.175
Apr 10 10:34:16 localhost sshd[9940]: Illegal user www from
:::203.145.172.175
Apr 10 10:34:17 localhost sshd[9942]: Illegal user wwwrun from
:::203.145.172.175
Apr 10 10:34:19 localhost sshd[9944]: Illegal user matt from
:::203.145.172.175
Apr 10 10:34:21 localhost sshd[9946]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:22 localhost sshd[9948]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:24 localhost sshd[9950]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:26 localhost sshd[9952]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:31 localhost sshd[9958]: Illegal user operator from
:::2

RE: [SLUG] MS Tax on every computer

[Simon]

None of this applied to Independent schools in NSW, they are, well,
independent.


> Heres a link from Victoria:
> 
>http://www.sofweb.vic.edu.au/ict/software/microsoft/index.htm
> 
> They say "State Wide" licenses but they don't say whether you 
> have to pay per PC, the implication seems to be that license 
> fees are all paid. There are certainly some details glossed over.
> 
> I found it hard to get details from NSW (brief search only) 
> found this which says all new computers are to have Microsoft 
> pre-installed but doesn't actually say it is impossible to 
> get computers on the side:
> 
>
> https://www.det.nsw.edu.au/media/downloads/reports_stats/annua
> l_reports/year99/chapter3.pdf
> 
> There was a law passed in 1998 resulting in Section 51AC of 
> the Trade Practices Act making it unlawful to engage in 
> unconscionable conduct. It goes some way towards protecting 
> small business against larger, more powerful, companies 
> treating them harshly or unfairly in a commercial 
> relationship. In some cases the small business can simply 
> declare a contract void. In this case:
> 
> * The DET made the agreement on behalf of the independent schools
>   (i.e. they were forced into agreeing)
> * The bargaining power was enequal (MS and DET combined vs 
> independent school)
> * The schools were deprived of their ability to negotiate terms
> * The schools have been deprived of their normal legal right 
> to purchase
>   software from alternative suppliers
> * The schools are forced to comply with unrealistic conditions that
>   are breached by any additional computer purchase (i.e. under normal
>   trade conditions MS would get paid for what they deliver, 
> not for what
>   someone else delivers).
> 
> There's a chance that an independent school could fight it 
> under these grounds. It may have to go through the ACCC.
> 
> I think there's also a few other grounds like monopolistic 
> practices and Microsoft already got told not to do this sort 
> of thing with PC retailers (from memory their PC retail 
> agreements were declared void both here and in the USA). They 
> are just repeating the entire exercise with schools.
> 
> You would have to find a proper lawyer to give you real 
> details but if the independent schools are getting stung by 
> these costs, I suggest they get together and fight it. Maybe 
> the schools don't see how much they are getting railroaded so 
> they don't try to fight it, maybe they just don't care... At 
> least it would be interesting for them to get the full 
> documentation together and plonk it in front of a good Trade 
> Practices lawyer and see how much wriggle room they have to work in.
> 
> 
>   - Tel  ( http://bespoke.homelinux.net/ )
> 
> -- 
> SLUG - Sydney Linux User's Group Mailing List - 
http://slug.org.au/ Subscription info and FAQs:
http://slug.org.au/faq/mailinglists.html

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] MS Tax on every computer

[Kevin Saenz]

Most religous institution can apply to companies like microsoft for a
discounted version.
I know of a guy in a made up religon who actually got a new car from
ford, computer, and a few other things for free by just writing to
those groups.


> I do work from a NSW independent (church) school and they get none of
> their gear thru DET.  Their M$ licences are paid by the church.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] NEXT WEEK - "Open Computing in Government 2005" - Register today!

[Grant Parnell - EverythingLinux]

I've registered for this one myself, it's cheaper if you're already going 
to linux.conf.au and cheaper again if you're and AUUG member.

 --- cut ---

** News - NSW Department of Commerce to give perspective on Open Source **

Open Computing in Government 2005 is a unique opportunity to listen to,
meet, and learn from the trendsetters and decision makers that are
behind the rising tide of Open Source and Open Systems software within
the public sector.

The conference will take place at the same venue and with the
cooperation of Linux.conf.au as a "co-conference" - but separate
registration is required to attend.

Presenters include:

* Senator the Hon Eric Abetz
   Special Minister of State

* Senator Stephen Conroy
   Deputy Leader of the Federal Labor Party in the Senate
   Shadow Minister for Communications & Information Technology

* John Grant
   Acting Australian Government CIO
   Australian Government Information Management Office (AGIMO)

* Patrick Callioni
   Division Manager
   Australian Government Information Management Office (AGIMO)

* Dr Elizabeth Gordon-Werner
   Manager Strategic Projects
   Government Chief Information Office (GCIO), NSW Department of Commerce

* Kevin Russell
   WA Department of Industry and Resources (DoIR) (OpenSource.wa.gov.au)

* Stephen McInerney
   HealthInsite and the Federal Dept of Health

* Mark Shuttleworth
   Founder of Thawte and the Ubuntu Linux distribution,
   and the first African in Space

* Pia Smith
   Linux Australia

* Paul Kangro
   Novell

* Avi Miller
   Squiz.net

* Brendan Scott
   Open Source Law

* Ian Oi
   Blake Dawson Waldron

* Tom Knapp
   CSC

* Greg Stone
   National Technology Officer, Microsoft Australia

* And many more ...


The Senator the Hon Eric Abetz, Special Minister of State, will launch
the much anticipated "Guide to Open Source Software for Australian
Government Agencies". And John Grant, Acting Australian Government CIO,
AGIMO will be presenting the opening address.

Learn more and register at http://www.auug.org.au/events/2005/ocg

The conference will be held at the Manning Clark Centre at The
Australian National University, Canberra, on 18 and 19 April 2005.

No matter what aspect of IT in government interests you, you'll find a
presentation to spark your interest.

Plus, it's not all hard work! The Conference Cocktail Reception on the
Monday evening will give you the chance to meet the speakers and other
delegates.

If you have any questions about the conference, please don't hesitate to
contact AUUG.

Register NOW at http://www.auug.org.au/events/2005/ocg


=
Proudly presented by -

AUUG, the organisation for UNIX, Linux and Open Source professionals.

[EMAIL PROTECTED]
http://www.auug.org.au/
Free Call 1800 625 655, T +61 (0)2 8824 9511, F +61 (0)2 8824 9522
ABN 15 645 981 718
=


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Has anyone got any screenshots of the new clearlooks artwork?

[Lyle Chapman]

Has anyone got any screenshots of the new clearlooks artwork? I am just 
interrested in what it looks like.

cheers,
Lyle Chapman
Prepress Supervisor
Torch Publishing Company
47 Allingham Street, Condell Park, NSW, Australia
Ph: 61 02 9795 
Fax: 61 02 9795 0096
email: [EMAIL PROTECTED]
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] MS Tax on every computer

[Howard Lowndes]

I do work from a NSW independent (church) school and they get none of 
their gear thru DET.  Their M$ licences are paid by the church.

[EMAIL PROTECTED] wrote:
On Tue, Apr 12, 2005 at 07:50:54PM +1000, Simon wrote:
-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Terry Collins
Sent: Tue, 12. April 2005 12:21 PM
To: slug@slug.org.au
Subject: Re: [SLUG] Exhibitors at Education Expo

[EMAIL PROTECTED] wrote:
On Tue, Apr 12, 2005 at 09:53:56AM +1000, Terry Collins wrote:

4) The MS Tax is charged on EVERY computer in the school, 
hence there 

is
no money saving incentive to replace MS with FOSS/Linux.

I thought that was illegal...
...how do they attempt to enforce this?
It was either a flat or stepped fee based on the number of computers 
they knew that your school had. NSW Public schools basically get all 
their hardware through the department.

So there was no incentive for say "by replacing MS with FOSS on X 
computers I can save $Y".
I thought he was being cynical in the fact that it is difficult to buy a
PC without Windows - you need to specify that and negotiate the price
(usually cheaper).
However this may be a reference to the 'Schools Agreement' which I
belive DET have signed up to for all their schools - this gives schools
access to nearly all MS software at NO extra cost - some server based
stuff still has some cost. You pay a licence for every PC in the school
regardless of OS or whether it is capable of running the latest MS
software (which is all the licence covers - you can downgrade by only
one version) BTW you are helping to pay for this through State taxes.
While this is good for the DET schools it is a very significant cost in
the Independent Sector. 

Heres a link from Victoria:
   http://www.sofweb.vic.edu.au/ict/software/microsoft/index.htm
They say "State Wide" licenses but they don't say whether you have to pay per
PC, the implication seems to be that license fees are all paid. There are
certainly some details glossed over.
I found it hard to get details from NSW (brief search only) found this
which says all new computers are to have Microsoft pre-installed but doesn't
actually say it is impossible to get computers on the side:
   
https://www.det.nsw.edu.au/media/downloads/reports_stats/annual_reports/year99/chapter3.pdf
There was a law passed in 1998 resulting in Section 51AC of the Trade Practices
Act making it unlawful to engage in unconscionable conduct. It goes some way
towards protecting small business against larger, more powerful, companies
treating them harshly or unfairly in a commercial relationship. In some
cases the small business can simply declare a contract void. In this case:
* The DET made the agreement on behalf of the independent schools
  (i.e. they were forced into agreeing)
* The bargaining power was enequal (MS and DET combined vs independent school)
* The schools were deprived of their ability to negotiate terms
* The schools have been deprived of their normal legal right to purchase
  software from alternative suppliers
* The schools are forced to comply with unrealistic conditions that
  are breached by any additional computer purchase (i.e. under normal
  trade conditions MS would get paid for what they deliver, not for what
  someone else delivers).
There's a chance that an independent school could fight it under
these grounds. It may have to go through the ACCC.
I think there's also a few other grounds like monopolistic practices and
Microsoft already got told not to do this sort of thing with PC retailers
(from memory their PC retail agreements were declared void both here and
in the USA). They are just repeating the entire exercise with schools.
You would have to find a proper lawyer to give you real details but if the
independent schools are getting stung by these costs, I suggest they get
together and fight it. Maybe the schools don't see how much they are getting
railroaded so they don't try to fight it, maybe they just don't care...
At least it would be interesting for them to get the full documentation
together and plonk it in front of a good Trade Practices lawyer and see
how much wriggle room they have to work in.
- Tel  ( http://bespoke.homelinux.net/ )
--
Howard.
LANNet Computing Associates - Your Linux people 
--
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
--
Flatter government, not fatter government;
Get rid of the Australian states.
begin:vcard
fn:Howard Lowndes
n:Lowndes;Howard
org:LANNet Computing Associates
adr:;;PO Box 1174;Lavington;NSW;2641;Australia
email;internet:howard [AT] lowndes [DOT] name
tel;work:02 6040 0222
tel;fax:02 6040 0222
tel;cell:0419 464 430
note:I am heartily sick and tired of telemarketers, therefore I do not answer phone calls which do not present Caller Line Identification, they get flicked to voicemail.  I apologise if this inconveniences you, and I respect your right t

Re: [SLUG] libcrypto, libssl needed for ProFTPd

[O Plameras]

matthew hannigan wrote:
Coupla thoughts on this thread:
1. You can probably build proftpd without ssl anyway.  Are you
  sure you need it?  (hint: you probably don't)
 Try something like --without ssl or --without openssl
 in the configure run.
 

Or, rebuild 'openssl.???-??.srpm' by changing the locations of the
libraries required by proftpd from '/lib;/usr/lib' to 
'/usr/local/lib;/usr/local/usr/lib'
in 'openssl.???-??.srpm'. This is a mechanical procedure I think.

In this way, one does not have to overwrite the libraries for legacy 
openssl
which are required by other legacy modules in RH7.3.

2. Install (fedora3/rhel4) from scratch on another box and
  and move apps one by one; substitute when you're happy.
  (you can get faster box than yours for $100 at e.g. North
  Rocks computer market)
 

This is the better alternative, if every other alternative is not 
operational.

Matt
 

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] MS Tax on every computer

[telford]

On Tue, Apr 12, 2005 at 07:50:54PM +1000, Simon wrote:
>
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On Behalf Of Terry Collins
> > Sent: Tue, 12. April 2005 12:21 PM
> > To: slug@slug.org.au
> > Subject: Re: [SLUG] Exhibitors at Education Expo
> > 
> > 
> > [EMAIL PROTECTED] wrote:
> > > On Tue, Apr 12, 2005 at 09:53:56AM +1000, Terry Collins wrote:
> > > 
> > > 
> > >>4) The MS Tax is charged on EVERY computer in the school, 
> > hence there 
> > >>is
> > >>no money saving incentive to replace MS with FOSS/Linux.
> > > 
> > > 
> > > I thought that was illegal...
> > > ...how do they attempt to enforce this?
> > 
> > It was either a flat or stepped fee based on the number of computers 
> > they knew that your school had. NSW Public schools basically get all 
> > their hardware through the department.
> > 
> > So there was no incentive for say "by replacing MS with FOSS on X 
> > computers I can save $Y".
> 
> I thought he was being cynical in the fact that it is difficult to buy a
> PC without Windows - you need to specify that and negotiate the price
> (usually cheaper).
> However this may be a reference to the 'Schools Agreement' which I
> belive DET have signed up to for all their schools - this gives schools
> access to nearly all MS software at NO extra cost - some server based
> stuff still has some cost. You pay a licence for every PC in the school
> regardless of OS or whether it is capable of running the latest MS
> software (which is all the licence covers - you can downgrade by only
> one version) BTW you are helping to pay for this through State taxes.
> While this is good for the DET schools it is a very significant cost in
> the Independent Sector. 

Heres a link from Victoria:

   http://www.sofweb.vic.edu.au/ict/software/microsoft/index.htm

They say "State Wide" licenses but they don't say whether you have to pay per
PC, the implication seems to be that license fees are all paid. There are
certainly some details glossed over.

I found it hard to get details from NSW (brief search only) found this
which says all new computers are to have Microsoft pre-installed but doesn't
actually say it is impossible to get computers on the side:

   
https://www.det.nsw.edu.au/media/downloads/reports_stats/annual_reports/year99/chapter3.pdf

There was a law passed in 1998 resulting in Section 51AC of the Trade Practices
Act making it unlawful to engage in unconscionable conduct. It goes some way
towards protecting small business against larger, more powerful, companies
treating them harshly or unfairly in a commercial relationship. In some
cases the small business can simply declare a contract void. In this case:

* The DET made the agreement on behalf of the independent schools
  (i.e. they were forced into agreeing)
* The bargaining power was enequal (MS and DET combined vs independent school)
* The schools were deprived of their ability to negotiate terms
* The schools have been deprived of their normal legal right to purchase
  software from alternative suppliers
* The schools are forced to comply with unrealistic conditions that
  are breached by any additional computer purchase (i.e. under normal
  trade conditions MS would get paid for what they deliver, not for what
  someone else delivers).

There's a chance that an independent school could fight it under
these grounds. It may have to go through the ACCC.

I think there's also a few other grounds like monopolistic practices and
Microsoft already got told not to do this sort of thing with PC retailers
(from memory their PC retail agreements were declared void both here and
in the USA). They are just repeating the entire exercise with schools.

You would have to find a proper lawyer to give you real details but if the
independent schools are getting stung by these costs, I suggest they get
together and fight it. Maybe the schools don't see how much they are getting
railroaded so they don't try to fight it, maybe they just don't care...
At least it would be interesting for them to get the full documentation
together and plonk it in front of a good Trade Practices lawyer and see
how much wriggle room they have to work in.


- Tel  ( http://bespoke.homelinux.net/ )

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Phil Scarratt]

David Kempe wrote:
Dean Hamstead wrote:
ahh script kiddies
might want to put ssh on a non standard port.

If you dig through the archives, you might find a suggestion i made 
about tcpwrappers only allowing australian subnets. this will cut this 
crap out pretty well. of course ideally, you only ssh from know ips

dave
Of coursebut that is not always possible.
Fil
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] pata ide raid cards

[mlh]

On Wed, Apr 13, 2005 at 01:49:45AM +1000, Mike K wrote:
> From my limited experience with the IDE RAID cards, the same is true -
> might as well save the money, and boot from software raid.

Agreed.  You get a lot of flexibility from software raid, too.

Matt
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] libcrypto, libssl needed for ProFTPd

[matthew hannigan]

Coupla thoughts on this thread:

1. You can probably build proftpd without ssl anyway.  Are you
   sure you need it?  (hint: you probably don't)

  Try something like --without ssl or --without openssl
  in the configure run.

2. Install (fedora3/rhel4) from scratch on another box and
   and move apps one by one; substitute when you're happy.
   (you can get faster box than yours for $100 at e.g. North
   Rocks computer market)


Matt
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[O Plameras]

Dean Hamstead wrote:
or use key based auth as well as login

As well,  use 'Authentication Systems' that
enforce 'minimum #of characters' and dictionaries
of  'disallowed usernames/passwords'.
O Plameras
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] pata ide raid cards

[Mike K]

G'day Dean,

>From my limited experience with the IDE RAID cards, the same is true -
might as well save the money, and boot from software raid.

-Mike

On Wed, 2005-04-13 at 00:12 +1000, Dean Hamstead wrote:
> anyone have a story to tell regarding hardware pata raid cards?
> 
> my use of sata raid cards has proved to show that they are infact
> just a bios that can see software raid and then boot and tell the
> OS about is (see doco on sis driver)
> 
> is this so with pata? i would like to know if the $50 cards you can
> get anywhere are worth it. im only talking mirroring (raid 1)
> 
> Dean
> -- 
> WWW: http://dean.bong.com.au  LAN: http://www.bong.com.au
> EMAIL: [EMAIL PROTECTED]   or   [EMAIL PROTECTED]
> ICQ: 16867613

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] libcrypto, libssl needed for ProFTPd

[James Gregory]

On Tue, 2005-04-12 at 21:43 +1000, Voytek wrote:
> 
> > Quoting Voytek <[EMAIL PROTECTED]>:
> 
> >> apache/php/mysql/mail on P2 320MB
> >
> > Hrmm. The PHP element there makes that sound like a mildly difficult
> > upgrade.
> 
> why is that ?

Because PHP has had a number of incompatible language changes between
versions. RPM will be able to manage the job of replacing the php .so
(or executable), but it is likely that there will be code modifications
that you'll need to do in order to keep your site running.

There's workarounds for that of course (you *can* run multiple versions
of php on the same machine, but it's a real pain), but you'll have to do
some legwork either way.

> 
> > Which MTA are you using?
> 
> Postfix with MySQL

Postfix won't present problems. I don't remember how straightforward it
is to upgrade MySQL. Can anyone here comment? I'd take a mysqldump of
the database before you do anything.

HTH,

James.

-- 
My love burns for you
A Thermonuclear rose
Now lets go make out
  -- http://www.solardeathray.com/rose.html


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] pata ide raid cards

[Dean Hamstead]

anyone have a story to tell regarding hardware pata raid cards?
my use of sata raid cards has proved to show that they are infact
just a bios that can see software raid and then boot and tell the
OS about is (see doco on sis driver)
is this so with pata? i would like to know if the $50 cards you can
get anywhere are worth it. im only talking mirroring (raid 1)
Dean
--
WWW: http://dean.bong.com.au  LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]   or   [EMAIL PROTECTED]
ICQ: 16867613
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[David Kempe]

Nick Croft wrote:
They're from Russia, and can keep trying as long as they don't get in.
I had someone from Russia get into one of my boxes once. Someone added 
an admin user then later on changed the bloody password to admin. of 
course it was 'brute' forced. The only thing that saved the box was the 
grsec enabled kernel - PaX kicked in on everyone of the 8 different 
rootkits they tried. pretty impressive effort I must say.
grsec saved the box even though the attacker had a shell... seems to 
work better than afs and kerberos i must say ;)

dave
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Nick Croft]

* Rob Sharp ([EMAIL PROTECTED]) wrote:
> Funny you should menion it but:
> 
> grep Invalid /var/log/auth.log yields
> 
> Apr 10 07:05:36 islay sshd[3403]: Invalid user t from :::211.30.136.xxx
> Apr 10 13:00:41 islay sshd[3823]: Invalid user test from :::61.144.122.39
> Apr 12 00:05:59 islay sshd[4048]: Invalid user test from :::202.82.195.xxx
> Apr 12 00:06:01 islay sshd[4050]: Invalid user guest from 
> :::202.82.195.xxx
> Apr 12 00:06:04 islay sshd[4052]: Invalid user admin from 
> :::202.82.195.xxx
> Apr 12 00:06:06 islay sshd[4054]: Invalid user admin from 
> :::202.82.195.xxx
> Apr 12 00:06:07 islay sshd[4056]: Invalid user user from :::202.82.195.xxx
> Apr 12 00:06:14 islay sshd[4064]: Invalid user test from :::202.82.195.xxx
> Apr 12 00:06:17 islay sshd[4066]: Invalid user test from :::202.82.195.xxx
> Apr 12 00:06:19 islay sshd[4068]: Invalid user test from :::202.82.195.xxx
> Apr 12 00:06:21 islay sshd[4070]: Invalid user test from :::202.82.195.xxx
> 
> All the latter accesses are from the same IP address too...
> 
Bah

test, guest, admin, user

My would-be sshers are:

mustang, tigger , maggie , pascal , tara, violet, sheena, nikiata, shadow,
antik, itera, kerlim magnus, lover, krista, liana, gigi, hello, lady, yoko
and zetina.

They're from Russia, and can keep trying as long as they don't get in.

N
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] libcrypto, libssl needed for ProFTPd

[Voytek]

> On Mon, Apr 11, 2005 at 09:23:48PM +1000, Voytek wrote:

> I notice there's openssl095a-0.9.5a-11.i386.rpm in the package list, you
might have to install this one to get the older versions of the
libraries. If this works then that's probably the best answer.
> Don't uninstall your current version, they should both be able to be
installed at the same time.

looking at http://download.fedoralegacy.org/redhat/7.3/updates/i386/, I
found:

openssl095a-0.9.5a-23.7.3.i386.rpm

which i'm guessing is equivalent (is it ?) to what you suggest

I;ve installed it, it has:

libcrypto.so.0.9.5a and libssl.so.0.9.5a

should I symlink 0.9.5a above as per below suggestion ?

>
> Sometimes with these library version problems, symlinks can work:
>
>   ln -s /lib/libcrypto.so.0.9.6b /lib/libcrypto.so.1
>   ln -s /lib/libssl.so.0.9.6b /lib/libssl.so.1
>
> If that does seem to work then I would suggest you do a bit of
> testing because there might be some trivial incompatibility that causes
it to crash. Then again, you probably just want to do
> regular ftp which is never going to use the details of the ssl
> system anyhow.

yes, all I need is basic authenticated ftp for web pages uploads


-- 
Voytek



-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] libcrypto, libssl needed for ProFTPd

[Voytek]

> Quoting Voytek <[EMAIL PROTECTED]>:

>> apache/php/mysql/mail on P2 320MB
>
> Hrmm. The PHP element there makes that sound like a mildly difficult
> upgrade.

why is that ?

> Which MTA are you using?

Postfix with MySQL


-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Exhibitors at Education Expo

[Terry Collins]

Simon wrote:
My understanding is that Curriculums need approval as well.
These basically come from the "standards" or whatever it is called.
Apparently there are binders of them all that you can buy.
Bit vague, but is on s.bt
Okay, found it. The Australian National Training Authority puts out 
outlines of Competency. I have one

BSBCMN213A Produce simple wordprocessed documents
3 elements 1 use safe work practices(3), 2 Confirm document 
requirments(2) & 3 Produce documents(6)

{n} is the number of performance criteria to be met for each
and it goes on for another five pages of Range statement (3 pages 12 
items), Evidence guide (1.5 pages, the stuff you collect to show you 
gave the training required to keep your arse safe) and 0.5 pages on "Key 
Competency Levels.

You basically combine a number of these to make up your certificate.
In short, once you get your head around the paperwork, you can start.
The evidence guide (final project?) for my Cert Iv took as long as the 
course (5 days).
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Exhibitors at Education Expo

[Simon]

> > 
> >>If you want to offer "certificates", consider setting up a 
> Registered
> >>Training Organisation. Then you can offer Cert I, Cert II, 
> etc course, 
> >>but you do need Cert IV qualified trainers.

This is not a trivial or inexpensive task, with on-going compliance
inspections, training costs, insurance etc it is one best left to bigger
players (TAFE, Community Colleges etc - although most 'Business
Colleges' give out AQF certificates and so must also be an RTO unless
someone else does the assessment for them.

> AFAIUI under the new national training/qualification format basically 
> any "registered training organisation" can provide "certificates".
> 
> These "certificates" have to be training in certain skills as 
> laid down 
> in the standards.

My understanding is that Curriculums need approval as well.

Do some Googling under AQF (Australian Quality Framework)

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Exhibitors at Education Expo

[Simon]

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Terry Collins
> Sent: Tue, 12. April 2005 12:21 PM
> To: slug@slug.org.au
> Subject: Re: [SLUG] Exhibitors at Education Expo
> 
> 
> [EMAIL PROTECTED] wrote:
> > On Tue, Apr 12, 2005 at 09:53:56AM +1000, Terry Collins wrote:
> > 
> > 
> >>4) The MS Tax is charged on EVERY computer in the school, 
> hence there 
> >>is
> >>no money saving incentive to replace MS with FOSS/Linux.
> > 
> > 
> > I thought that was illegal...
> > ...how do they attempt to enforce this?
> 
> It was either a flat or stepped fee based on the number of computers 
> they knew that your school had. NSW Public schools basically get all 
> their hardware through the department.
> 
> So there was no incentive for say "by replacing MS with FOSS on X 
> computers I can save $Y".

I thought he was being cynical in the fact that it is difficult to buy a
PC without Windows - you need to specify that and negotiate the price
(usually cheaper).
However this may be a reference to the 'Schools Agreement' which I
belive DET have signed up to for all their schools - this gives schools
access to nearly all MS software at NO extra cost - some server based
stuff still has some cost. You pay a licence for every PC in the school
regardless of OS or whether it is capable of running the latest MS
software (which is all the licence covers - you can downgrade by only
one version) BTW you are helping to pay for this through State taxes.
While this is good for the DET schools it is a very significant cost in
the Independent Sector. 

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Gottfried Szing]

hi

> Has anyone else experienced this?

now and time, but i am not really concerned about it.

> Also, are they likely to try more cunning techniques (ie. exploits) if
> this yeilds no results for them? Is there a way I can find the person
> behind this?

i dont think that you can track the user back with the ip address logged
(dial in, zombies,...).

what i have done is some debian hardening [1] and make always sure that
the box is always up2date.

this makes me sleep very well even i know that there are some bad guys in
the world (or should i say script kiddies?).

hth, gottfried

[1] http://www.debian.org/doc/manuals/securing-debian-howto/

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[O Plameras]

This is common now a days.
When you notice these attempts, do something by
reporting these attempts to the Owner of these IP numbers.
Email the owner of the IP numbers advising of these attempts.
How to determine the Owners of the IP numbers ?
One way is go to:
http://www.apnic.net
Then use the 'whois' query by entering the IP number of
the subject. For example, one of the numbers in your log
is: 203.145.172.175
The owner of this number is based in India.
You will find the phone number, email-address of the Owners
(or Contact Person) of the IP numbers, etc., concerned.
If every one do this then the owners will be more attentive to
these complaints as it may result to prosecutions and severe
penalties.
O Plameras
Joshua Bassett wrote:washingtonpost.com/
Hi Sluggers,
I was going through my auth.log file the other day and noticed that
someone (possibly several machines) are trying to login to my box
using a variety of "canned" usernames. Looks like they're trying to
bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
Also, are they likely to try more cunning techniques (ie. exploits) if
this yeilds no results for them? Is there a way I can find the person
behind this?
Any help would be greatly appreciated.
A snippet:
mybox:~# grep Illegal /var/log/auth.log
Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
:::67.112.29.138
Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
:::67.112.29.138
Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
:::67.112.29.138
Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
:::67.112.29.138
Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:33:58 localhost sshd[9920]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:34:09 localhost sshd[9932]: Illegal user rolo from
:::203.145.172.175
Apr 10 10:34:10 localhost sshd[9934]: Illegal user iceuser from
:::203.145.172.175
Apr 10 10:34:12 localhost sshd[9936]: Illegal user horde from
:::203.145.172.175
Apr 10 10:34:14 localhost sshd[9938]: Illegal user cyrus from
:::203.145.172.175
Apr 10 10:34:16 localhost sshd[9940]: Illegal user www from
:::203.145.172.175
Apr 10 10:34:17 localhost sshd[9942]: Illegal user wwwrun from
:::203.145.172.175
Apr 10 10:34:19 localhost sshd[9944]: Illegal user matt from
:::203.145.172.175
Apr 10 10:34:21 localhost sshd[9946]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:22 localhost sshd[9948]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:24 localhost sshd[9950]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:26 localhost sshd[9952]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:31 localhost sshd[9958]: Illegal user operator from
:::203.145.172.175
Apr 10 10:34:33 localhost sshd[9960]: Illegal user adm from
:::203.145.172.175
Apr 10 10:34:34 localhost sshd[9962]: Illegal user apache from
:::203.145.172.175
Apr 10 10:34:40 localhost sshd[9968]: Illegal user adm from
:::203.145.172.175
Apr 10 10:34:46 localhost sshd[9976]: Illegal user jane from
:::203.145.172.175
Apr 10 10:34:48 localhost sshd[9978]: Illegal user pamela from
:::203.145.172.175
Apr 10 10:34:58 localhost sshd[9990]: Illegal user cosmin from
:::203.145.172.175
Apr 10 10:36:02 localhost sshd[10064]: Illegal user cip52 from
:::203.145.172.175
Apr 10 10:36:04 localhost sshd[10066]: Illegal user cip51 from
:::203.145.172.175
Apr 10 10:36:07 localhost sshd[10070]: Illegal user noc from
:::203.145.172.175
Apr 10 10:36:16 localhost sshd[10080]: Illegal user webmaster from
:::203.145.172.175
Apr 10 10:36:17 localhost sshd[10082]: Illegal user data from
:::203.145.172.175
Apr 10 10:36:19 localhost sshd[10084]: Illegal user user from
:::203.145.172.175washingtonpost.com/
Apr 10 10:36:21 localhost sshd[10086]: Illegal user user from
:::203.145.172.175
Apr 10 10:36:23 localhost sshd[10088]: Illegal user user from
:::203.145.172.175
Apr 10 10:36:24 localhost sshd[10090]: Illegal user web from
:::203.145.172.175
Apr 10 10:36:26 localhost sshd[10092]: Illegal user web from
:::203.145.172.175
Apr 10 10:36:28 localhost sshd[10094]: Illegal user oracle from
:::203.145.172.175
Apr 10 10:36:30 localhost sshd[10096]: Illegal user sybase from
:::203.145.172.175
Apr 10 10:36:31 localhost sshd[10098]: Illegal user master from
:::203.145.172.175
Apr 10 10:36:33 localhost sshd[10100]: Illegal user account from
:::203.145.172.175washingtonpost.com/
Apr 10 10:36:36 localhost sshd[10104]: Illegal user server from
:::203.145.172.175
Apr 10 10:36:38 localhost sshd[10106]: Illegal user adam from
:::203.145.172.175
Apr 10 10:36:40 localhost sshd[10108]: Illegal user alan from
:::20

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Dean Hamstead]

or use key based auth as well as login
Dean
David Kempe wrote:
Dean Hamstead wrote:
ahh script kiddies
might want to put ssh on a non standard port.

If you dig through the archives, you might find a suggestion i made 
about tcpwrappers only allowing australian subnets. this will cut this 
crap out pretty well. of course ideally, you only ssh from know ips

dave

--
WWW: http://dean.bong.com.au  LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]   or   [EMAIL PROTECTED]
ICQ: 16867613
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] PHP load error

[telford]

On Tue, Apr 12, 2005 at 01:25:59PM +1000, Edwin Humphries wrote:
> We were having some errors in execution of a cron-initiated php script. We ran
> it from the console, and got some errors.

If PHP works when accessed through your web server then you can initiate the
script by putting a lynx command into a cron script:

   lynx http://127.0.0.1/blah/blah.php > /dev/null

I've often noticed anomalies between command line php execution and running
it through a web server (although in theory both should be equivalent).

If your PHP does not run through the web server then, yeah, you really do
have a problem, follow the troubleshooting suggestions elsewhere in this list.

- Tel  ( http://bespoke.homelinux.net/ )

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[David Kempe]

Dean Hamstead wrote:
ahh script kiddies
might want to put ssh on a non standard port.

If you dig through the archives, you might find a suggestion i made 
about tcpwrappers only allowing australian subnets. this will cut this 
crap out pretty well. of course ideally, you only ssh from know ips

dave
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Dean Hamstead]

ahh script kiddies
might want to put ssh on a non standard port.
Dean
Phil Scarratt wrote:
Joshua Bassett wrote:
Hi Sluggers,
I was going through my auth.log file the other day and noticed that
someone (possibly several machines) are trying to login to my box
using a variety of "canned" usernames. Looks like they're trying to
bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
Also, are they likely to try more cunning techniques (ie. exploits) if
this yeilds no results for them? Is there a way I can find the person
behind this?
Any help would be greatly appreciated.
A snippet:
mybox:~# grep Illegal /var/log/auth.log
Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
:::67.112.29.138
Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
:::67.112.29.138
Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
:::67.112.29.138
Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
:::67.112.29.138
Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from


I get them on all but one of the internet facing machines I manage. 
Started sometime thru last year.

Fil
--
WWW: http://dean.bong.com.au  LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]   or   [EMAIL PROTECTED]
ICQ: 16867613
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Phil Scarratt]

Joshua Bassett wrote:
Hi Sluggers,
I was going through my auth.log file the other day and noticed that
someone (possibly several machines) are trying to login to my box
using a variety of "canned" usernames. Looks like they're trying to
bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
Also, are they likely to try more cunning techniques (ie. exploits) if
this yeilds no results for them? Is there a way I can find the person
behind this?
Any help would be greatly appreciated.
A snippet:
mybox:~# grep Illegal /var/log/auth.log
Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
:::67.112.29.138
Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
:::67.112.29.138
Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
:::67.112.29.138
Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
:::67.112.29.138
Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from

I get them on all but one of the internet facing machines I manage. 
Started sometime thru last year.

Fil
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Rob Sharp]

Funny you should menion it but:

grep Invalid /var/log/auth.log yields

Apr 10 07:05:36 islay sshd[3403]: Invalid user t from :::211.30.136.xxx
Apr 10 13:00:41 islay sshd[3823]: Invalid user test from :::61.144.122.39
Apr 12 00:05:59 islay sshd[4048]: Invalid user test from :::202.82.195.xxx
Apr 12 00:06:01 islay sshd[4050]: Invalid user guest from :::202.82.195.xxx
Apr 12 00:06:04 islay sshd[4052]: Invalid user admin from :::202.82.195.xxx
Apr 12 00:06:06 islay sshd[4054]: Invalid user admin from :::202.82.195.xxx
Apr 12 00:06:07 islay sshd[4056]: Invalid user user from :::202.82.195.xxx
Apr 12 00:06:14 islay sshd[4064]: Invalid user test from :::202.82.195.xxx
Apr 12 00:06:17 islay sshd[4066]: Invalid user test from :::202.82.195.xxx
Apr 12 00:06:19 islay sshd[4068]: Invalid user test from :::202.82.195.xxx
Apr 12 00:06:21 islay sshd[4070]: Invalid user test from :::202.82.195.xxx

All the latter accesses are from the same IP address too...

Hmmm.

Rob.

On Apr 12, 2005 4:51 PM, Joshua Bassett <[EMAIL PROTECTED]> wrote:
> Hi Sluggers,
> 
> I was going through my auth.log file the other day and noticed that
> someone (possibly several machines) are trying to login to my box
> using a variety of "canned" usernames. Looks like they're trying to
> bruteforce their way in...they try maybe 20 usernames per day.
> 
> Has anyone else experienced this?
> 
> Also, are they likely to try more cunning techniques (ie. exploits) if
> this yeilds no results for them? Is there a way I can find the person
> behind this?
> 
> Any help would be greatly appreciated.
> 
> A snippet:
> 
> mybox:~# grep Illegal /var/log/auth.log
> Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
> :::67.112.29.138
> Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
> :::67.112.29.138
> Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
> :::67.112.29.138
> Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
> :::67.112.29.138
> Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
> :::67.112.29.138
> Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
> :::67.112.29.138
> Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from
> :::203.145.172.175
> Apr 10 10:33:58 localhost sshd[9920]: Illegal user patrick from
> :::203.145.172.175
> Apr 10 10:34:09 localhost sshd[9932]: Illegal user rolo from
> :::203.145.172.175
> Apr 10 10:34:10 localhost sshd[9934]: Illegal user iceuser from
> :::203.145.172.175
> Apr 10 10:34:12 localhost sshd[9936]: Illegal user horde from
> :::203.145.172.175
> Apr 10 10:34:14 localhost sshd[9938]: Illegal user cyrus from
> :::203.145.172.175
> Apr 10 10:34:16 localhost sshd[9940]: Illegal user www from
> :::203.145.172.175
> Apr 10 10:34:17 localhost sshd[9942]: Illegal user wwwrun from
> :::203.145.172.175
> Apr 10 10:34:19 localhost sshd[9944]: Illegal user matt from
> :::203.145.172.175
> Apr 10 10:34:21 localhost sshd[9946]: Illegal user test from
> :::203.145.172.175
> Apr 10 10:34:22 localhost sshd[9948]: Illegal user test from
> :::203.145.172.175
> Apr 10 10:34:24 localhost sshd[9950]: Illegal user test from
> :::203.145.172.175
> Apr 10 10:34:26 localhost sshd[9952]: Illegal user test from
> :::203.145.172.175
> Apr 10 10:34:31 localhost sshd[9958]: Illegal user operator from
> :::203.145.172.175
> Apr 10 10:34:33 localhost sshd[9960]: Illegal user adm from
> :::203.145.172.175
> Apr 10 10:34:34 localhost sshd[9962]: Illegal user apache from
> :::203.145.172.175
> Apr 10 10:34:40 localhost sshd[9968]: Illegal user adm from
> :::203.145.172.175
> Apr 10 10:34:46 localhost sshd[9976]: Illegal user jane from
> :::203.145.172.175
> Apr 10 10:34:48 localhost sshd[9978]: Illegal user pamela from
> :::203.145.172.175
> Apr 10 10:34:58 localhost sshd[9990]: Illegal user cosmin from
> :::203.145.172.175
> Apr 10 10:36:02 localhost sshd[10064]: Illegal user cip52 from
> :::203.145.172.175
> Apr 10 10:36:04 localhost sshd[10066]: Illegal user cip51 from
> :::203.145.172.175
> Apr 10 10:36:07 localhost sshd[10070]: Illegal user noc from
> :::203.145.172.175
> Apr 10 10:36:16 localhost sshd[10080]: Illegal user webmaster from
> :::203.145.172.175
> Apr 10 10:36:17 localhost sshd[10082]: Illegal user data from
> :::203.145.172.175
> Apr 10 10:36:19 localhost sshd[10084]: Illegal user user from
> :::203.145.172.175
> Apr 10 10:36:21 localhost sshd[10086]: Illegal user user from
> :::203.145.172.175
> Apr 10 10:36:23 localhost sshd[10088]: Illegal user user from
> :::203.145.172.175
> Apr 10 10:36:24 localhost sshd[10090]: Illegal user web from
> :::203.145.172.175
> Apr 10 10:36:26 localhost sshd[10092]: Illegal user web from
> :::203.145.172.175
> Apr 10 10:36:28 localhost sshd[10094]: Illegal user oracle from
> :::203.145.172.175
> Apr 10 10:36:30 localhost sshd[10

Re: [SLUG] Someone's bruteforcing my debian box...should I worry?

[Howard Lowndes]

Joshua Bassett wrote:
Hi Sluggers,
I was going through my auth.log file the other day and noticed that
someone (possibly several machines) are trying to login to my box
using a variety of "canned" usernames. Looks like they're trying to
bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
Practically every machine that I manage, and that is I'net facing has 
been seeing this for some time.

Also, are they likely to try more cunning techniques (ie. exploits) if
this yeilds no results for them?
Who knows.  Just make sure that sshd is up to date.
 Is there a way I can find the person
behind this?
One of the IP addresses is from a Pac Bell block, the other is in India 
 - good luck.  The Indian one is a small block so you might get 
somewhere there - do a whois.

Any help would be greatly appreciated.
A snippet:
mybox:~# grep Illegal /var/log/auth.log
Apr 10 07:35:01 localhost sshd[9868]: Illegal user test from
:::67.112.29.138
Apr 10 07:35:04 localhost sshd[9870]: Illegal user guest from
:::67.112.29.138
Apr 10 07:35:06 localhost sshd[9872]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:09 localhost sshd[9874]: Illegal user admin from
:::67.112.29.138
Apr 10 07:35:12 localhost sshd[9876]: Illegal user user from
:::67.112.29.138
Apr 10 07:35:22 localhost sshd[9884]: Illegal user test from
:::67.112.29.138
Apr 10 10:33:57 localhost sshd[9918]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:33:58 localhost sshd[9920]: Illegal user patrick from
:::203.145.172.175
Apr 10 10:34:09 localhost sshd[9932]: Illegal user rolo from
:::203.145.172.175
Apr 10 10:34:10 localhost sshd[9934]: Illegal user iceuser from
:::203.145.172.175
Apr 10 10:34:12 localhost sshd[9936]: Illegal user horde from
:::203.145.172.175
Apr 10 10:34:14 localhost sshd[9938]: Illegal user cyrus from
:::203.145.172.175
Apr 10 10:34:16 localhost sshd[9940]: Illegal user www from
:::203.145.172.175
Apr 10 10:34:17 localhost sshd[9942]: Illegal user wwwrun from
:::203.145.172.175
Apr 10 10:34:19 localhost sshd[9944]: Illegal user matt from
:::203.145.172.175
Apr 10 10:34:21 localhost sshd[9946]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:22 localhost sshd[9948]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:24 localhost sshd[9950]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:26 localhost sshd[9952]: Illegal user test from
:::203.145.172.175
Apr 10 10:34:31 localhost sshd[9958]: Illegal user operator from
:::203.145.172.175
Apr 10 10:34:33 localhost sshd[9960]: Illegal user adm from
:::203.145.172.175
Apr 10 10:34:34 localhost sshd[9962]: Illegal user apache from
:::203.145.172.175
Apr 10 10:34:40 localhost sshd[9968]: Illegal user adm from
:::203.145.172.175
Apr 10 10:34:46 localhost sshd[9976]: Illegal user jane from
:::203.145.172.175
Apr 10 10:34:48 localhost sshd[9978]: Illegal user pamela from
:::203.145.172.175
Apr 10 10:34:58 localhost sshd[9990]: Illegal user cosmin from
:::203.145.172.175
Apr 10 10:36:02 localhost sshd[10064]: Illegal user cip52 from
:::203.145.172.175
Apr 10 10:36:04 localhost sshd[10066]: Illegal user cip51 from
:::203.145.172.175
Apr 10 10:36:07 localhost sshd[10070]: Illegal user noc from
:::203.145.172.175
Apr 10 10:36:16 localhost sshd[10080]: Illegal user webmaster from
:::203.145.172.175
Apr 10 10:36:17 localhost sshd[10082]: Illegal user data from
:::203.145.172.175
Apr 10 10:36:19 localhost sshd[10084]: Illegal user user from
:::203.145.172.175
Apr 10 10:36:21 localhost sshd[10086]: Illegal user user from
:::203.145.172.175
Apr 10 10:36:23 localhost sshd[10088]: Illegal user user from
:::203.145.172.175
Apr 10 10:36:24 localhost sshd[10090]: Illegal user web from
:::203.145.172.175
Apr 10 10:36:26 localhost sshd[10092]: Illegal user web from
:::203.145.172.175
Apr 10 10:36:28 localhost sshd[10094]: Illegal user oracle from
:::203.145.172.175
Apr 10 10:36:30 localhost sshd[10096]: Illegal user sybase from
:::203.145.172.175
Apr 10 10:36:31 localhost sshd[10098]: Illegal user master from
:::203.145.172.175
Apr 10 10:36:33 localhost sshd[10100]: Illegal user account from
:::203.145.172.175
Apr 10 10:36:36 localhost sshd[10104]: Illegal user server from
:::203.145.172.175
Apr 10 10:36:38 localhost sshd[10106]: Illegal user adam from
:::203.145.172.175
Apr 10 10:36:40 localhost sshd[10108]: Illegal user alan from
:::203.145.172.175
Apr 10 10:36:42 localhost sshd[10110]: Illegal user frank from
:::203.145.172.175
Apr 10 10:36:43 localhost sshd[10112]: Illegal user george from
:::203.145.172.175
Apr 10 10:36:45 localhost sshd[10114]: Illegal user henry from
:::203.145.172.175
Apr 10 10:36:47 localhost sshd[10116]: Illegal user john from
:::203.145.172.175
Apr 10 10:36:57 localhost sshd[10128]: Illegal user test from
:::203.145.172.175
--
Howard.

RE: [SLUG] Firefox & favicon.ico

[Rowling, Jill]

http://www.mavetju.org/unix/favicon.php
Shows how to create favicons and hints as to how to get them in the Mozilla
menus if they don't work. This should also work for Firefox.

Regards,

Jill.

-Original Message-
From: Howard Lowndes [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 12 April 2005 4:58 PM
To: Mail List - SLUG
Subject: [SLUG] Firefox & favicon.ico


OK, totally cosmetic, but worth the enquiry.

How do I get the favicon.ico to appear alongside an entry in the 
bookmarks toolbar.  I have some of them there, but not all, and I know 
there is a favicon.ico for those that don't appear as clicking on the 
bookmark brings up the site complete with favicon.ico on the tab, but it 
still doesn't appear in the bookmarks toolbar.

-- 
Howard.
LANNet Computing Associates - Your Linux people 
-- 
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
-- 
Flatter government, not fatter government;
Get rid of the Australian states.

--
IMPORTANT NOTICES
This email (including any documents referred to in, or attached, to this
email) may contain information that is personal, confidential or the subject
of copyright or other proprietary rights in favour of Aristocrat, its
affiliates or third parties. This email is intended only for the named
addressee. Any privacy, confidence, copyright or other proprietary rights in
favour of Aristocrat, its affiliates or third parties, is not lost because
this email was sent to you by mistake.

If you received this email by mistake you should: (i) not copy, disclose,
distribute or otherwise use it, or its contents, without the consent of
Aristocrat or the owner of the relevant rights; (ii) let us know of the
mistake by reply email or by telephone (+61 2 9413 6300); and (iii) delete
it from your system and destroy all copies.

Any personal information contained in this email must be handled in
accordance with applicable privacy laws.

Electronic and internet communications can be interfered with or affected by
viruses and other defects. As a result, such communications may not be
successfully received or, if received, may cause interference with the
integrity of receiving, processing or related systems (including hardware,
software and data or information on, or using, that hardware or software).
Aristocrat gives no assurances in relation to these matters.

If you have any doubts about the veracity or integrity of any electronic
communication we appear to have sent you, please call +61 2 9413 6300 for
clarification.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html