Having looked and not found, I'm asking here:
Is there any place where I can find a general ruleset for a firewall?
And, moreover, while many howto's mention how to specify a rule for a
ruleset, they do not specify *what* rules are good/bad/ugly, etc.
For instance:
Even though packets coming
Don't race to install 110-3, it has unresolved symbols.
See bug #76018
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came all this way way without saying squat and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you
Don't race to install 110-3, it has unresolved symbols.
See bug #76018
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came all this way way without saying squat and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you
Hi guys, a security related bug was recently fixed in libnss-ldap whereby a race
condition could be exploited to make nscd deadlock.
Both potato and woody are affected by this bug: I already have uploaded a fixed
version in potato proposed-updates (110-3) and I'm working on the woody
upload; I thin
I just purged and reinstalled ppp, and created a connection using
pppconfig.
box:/etc/ppp# cat options | grep -v "^\$" | grep -v "^#"
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx
box:/etc/ppp# cat pap-secrets | grep -v "^\$" | grep -v "^#"
Hi guys, a security related bug was recently fixed in libnss-ldap whereby a race
condition could be exploited to make nscd deadlock.
Both potato and woody are affected by this bug: I already have uploaded a fixed
version in potato proposed-updates (110-3) and I'm working on the woody
upload; I thi
On Fri, Nov 03, 2000 at 05:22:03PM +0100, Christian Kurz wrote:
> > -rw-r--r--1 root root0 Nov 3 06:26 mysql.err
> Well, as the name suggest, this file will contain error messages of
> mysql but it's empty and so no risk.
Well at least there is really no reason to let it be wor
is the debianized pine4.21 vulnerable to the long From address buffer
overflow vulnerability, which is corrected in 4.30 upstream?
Regards,
Robert Varga
On 00-11-03 Ian wrote:
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire
Maybe some logfile of tripwire? I don't know it's content so I can't
make a judgement about it's security risk.
> -rw-r--r--1 root root10152 N
I just purged and reinstalled ppp, and created a connection using
pppconfig.
box:/etc/ppp# cat options | grep -v "^\$" | grep -v "^#"
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx
box:/etc/ppp# cat pap-secrets | grep -v "^\$" | grep -v "^#
On Fri, Nov 03, 2000 at 05:22:03PM +0100, Christian Kurz wrote:
> > -rw-r--r--1 root root0 Nov 3 06:26 mysql.err
> Well, as the name suggest, this file will contain error messages of
> mysql but it's empty and so no risk.
Well at least there is really no reason to let it be wo
is the debianized pine4.21 vulnerable to the long From address buffer
overflow vulnerability, which is corrected in 4.30 upstream?
Regards,
Robert Varga
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On 00-11-03 Ian wrote:
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire
Maybe some logfile of tripwire? I don't know it's content so I can't
make a judgement about it's security risk.
> -rw-r--r--1 root root10152
Thanks for your help. Now the ppp.log is ok.
But, I did't change anything in the default configuration of ppp.
I just used 'pppconfig' to create my connection to ISP.
Why was /var/log/ppp.log logging the password and also readable by everyone in
the default configuration? I think that's a sec
Hi Michael!
On Fri, 03 Nov 2000, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> > will be an open relay for the entire _class_A_ net 62.
>
> Unfortunately not just for thi
The hide-password option in /etc/ppp/options should take care of that.
Although I thought hide-password was default, make sure there is no
show-password option specified.
su to root, then try:
cd /etc/ppp
egrep -r "\-password" .
to find any relevant settings.
HTH.
-chet
-
> On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
> > Hi,
> >
> > I have a slink->potato->woody server, and I am a little concerned about
the permissions some of the log files in /var/log have.
> >
> > There are too many to list, but here are some:
> > -rw-r--r--1 root root 823234
Thanks for your help. Now the ppp.log is ok.
But, I did't change anything in the default configuration of ppp.
I just used 'pppconfig' to create my connection to ISP.
Why was /var/log/ppp.log logging the password and also readable by everyone in the
default configuration? I think that's a se
Hi Michael!
On Fri, 03 Nov 2000, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> > will be an open relay for the entire _class_A_ net 62.
>
> Unfortunately not just for th
The hide-password option in /etc/ppp/options should take care of that.
Although I thought hide-password was default, make sure there is no
show-password option specified.
su to root, then try:
cd /etc/ppp
egrep -r "\-password" .
to find any relevant settings.
HTH.
-chet
-
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
> Hi,
>
> I have a slink->potato->woody server, and I am a little concerned about the
> permissions some of the log files in /var/log have.
>
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3
> On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
> > Hi,
> >
> > I have a slink->potato->woody server, and I am a little concerned about
the permissions some of the log files in /var/log have.
> >
> > There are too many to list, but here are some:
> > -rw-r--r--1 root root 82323
On Fri, Nov 03, 2000 at 12:59:31AM -0900, Ethan Benson wrote:
> no, machines in your network are allowed to relay, if i were to
> connect to your port 25 (which i won't) and try the same thing it
> would refuse to accept it.
Yes, I realized that AFTER sending my mail. I thought I had configured it
On Fri, 3 Nov 2000, Ian wrote:
> I have a slink->potato->woody server, and I am a little concerned about
> the permissions some of the log files in /var/log have.
> []
> why are these files read by all? I have "normal" users on my system, and
> although I trust them, these kinds of permissio
Please disregard my last two mails. While testing postfix I misconfigured it
and that's why it was relaying. I just noticed this too late.
Sorry.
Michael
--
Michael Meskes
Michael@Fam-Meskes.De
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!
On Fri, Nov 03, 2000 at 10:22:32AM +0100, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 10:09:10AM -0600, An Thi-Nguyen Le wrote:
> > set up myself that has a default potato debian install, with postfix
> > (default as well).
>
> Well I do run woody, but:
>
> [EMAIL PROTECTED]:~$ telnet localh
On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> will be an open relay for the entire _class_A_ net 62.
Unfortunately not just for this.
> If you do not set mynetworks postfix guesses it from the inte
On Thu, Nov 02, 2000 at 10:09:10AM -0600, An Thi-Nguyen Le wrote:
> set up myself that has a default potato debian install, with postfix
> (default as well).
Well I do run woody, but:
[EMAIL PROTECTED]:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
2
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
> Hi,
>
> I have a slink->potato->woody server, and I am a little concerned about the
>permissions some of the log files in /var/log have.
>
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3
On Fri, Nov 03, 2000 at 12:59:31AM -0900, Ethan Benson wrote:
> no, machines in your network are allowed to relay, if i were to
> connect to your port 25 (which i won't) and try the same thing it
> would refuse to accept it.
Yes, I realized that AFTER sending my mail. I thought I had configured i
On Fri, 3 Nov 2000, Ian wrote:
> I have a slink->potato->woody server, and I am a little concerned about
> the permissions some of the log files in /var/log have.
> []
> why are these files read by all? I have "normal" users on my system, and
> although I trust them, these kinds of permissi
Please disregard my last two mails. While testing postfix I misconfigured it
and that's why it was relaying. I just noticed this too late.
Sorry.
Michael
--
Michael Meskes
[EMAIL PROTECTED]
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!
--
To UNSUBSCRIBE, email to [EMAIL
On Fri, Nov 03, 2000 at 10:22:32AM +0100, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 10:09:10AM -0600, An Thi-Nguyen Le wrote:
> > set up myself that has a default potato debian install, with postfix
> > (default as well).
>
> Well I do run woody, but:
>
> mme@feivel:~$ telnet localhost 25
On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> will be an open relay for the entire _class_A_ net 62.
Unfortunately not just for this.
> If you do not set mynetworks postfix guesses it from the int
On Thu, Nov 02, 2000 at 10:09:10AM -0600, An Thi-Nguyen Le wrote:
> set up myself that has a default potato debian install, with postfix
> (default as well).
Well I do run woody, but:
mme@feivel:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 fei
35 matches
Mail list logo