actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.
On Mon, Jul 09, 2001 at 06:58:24PM -0700, ozymandias G desiderata wrote:
On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan
On Mon, Jul 09, 2001 at 08:38:56PM -0500, Martin Maney wrote:
Give me physical access and I don't need your root password, though it may
help make the job less detectable. But you don't get more security than you
physically have to begin with.
detectability is the key here, the case should
I've found a bug in the 2.4.6 kernel archive, where can I know if this has
already been reported and where should I report it, if it hasn't been yet ?
(sorry, this is totally off-topic)
Jean-Francois JOLY
ITIN - Institut des Techniques Informatiques
Title: nomail
nomail
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
require alternative passwords, which expire and age, and are
On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.
Which is for the most part an utter waste of time, as they
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative ease...
Respectfully,
Jeremy T. Bouse
dude was said to been
On Tue, Jul 10, 2001 at 09:28:41AM -0400, dude wrote:
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
I wondered the same thing. Snort uses cron to send daily reports...
If you look in '/etc/cron.daily', you
Hello,
--- dude [EMAIL PROTECTED] wrote:
Is there any way to get snort to send more than
daily reports from snort?
You can set up logging into database (i.e. mysql), the
use acid (http://www.andrew.cmu.edu/~rdanyliw/snort/).
This way you can get reports in any time, by request.
Unfortunely,
ozymandias == ozymandias G desiderata [EMAIL PROTECTED] writes:
ozymandias Of course, this would be a different story if the web
ozymandias of trust were in more common usage, but it's not,
Ever think of *why* that is? And whether this is in any way related
to people's keys not being
On Mon, 09 Jul 2001, Jason Healy wrote:
About the best you can hope for is to log to another machine (so
sudoers can't hose your logfiles), and be vigilant about checking what
they do.
Anyway, to your point about passwords, I say again (do we detect a
theme?): use PAM and make them use a
actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.
On Mon, Jul 09, 2001 at 06:58:24PM -0700, ozymandias G desiderata wrote:
On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan
At 994740997s since epoch (07/10/01 03:56:37 -0400 UTC), Ethan Benson wrote:
detectability is the key here, the case should be locked shut ...
compare this to your envolope idea where the machine need not even be
shutdown and tell me which is more likely to go by unnoticed.
Okay, we've all
Title: nomail
nomail
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
require alternative passwords, which expire and age, and are
On Fri, 06 Jul 2001, Philippe Clérié wrote:
I got the following from snort :
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode
attack detected: 128.95.75.153:1647 - 208.52.11.121:80
Active System Attack Alerts
ozymandias G desiderata [really?] wrote:
Of course, this would be a different story if the web of trust were in
more common usage, but it's not, outside of debian-maintainers and
some small klatches of die-hard cypherpunks, some of whom are too
paranoid to admit who they know anyway.
Besides
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
apt-get install libpam-doc libpam-opie libpam-pwdfile
The first is docs, the second is OTP (one time passwords), and the
third is to authenticate against passwd-like files. The idea with
the third is that you make another passwd
On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.
Which is for the most part an utter waste of time, as they
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative ease...
Respectfully,
Jeremy T. Bouse
dude was said to been seen
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative ease...
So i should use
On Tue, Jul 10, 2001 at 09:28:41AM -0400, dude wrote:
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
I wondered the same thing. Snort uses cron to send daily reports...
If you look in '/etc/cron.daily', you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ozymandias == ozymandias G desiderata [EMAIL PROTECTED] writes:
ozymandias On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert PS. If you're going to PGP-sign your messages, you might want to
Hubert upload your key to a server, so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert Chan [EMAIL PROTECTED] writes:
[snip]
BTW, I don't know why people sign their mail to mailing lists (other than
things like debian-security-announce). I do it because I think that all
e-mail, and for that matter, all internet traffic,
There are probably others out there that can read the snort logs
as they are merely tcpdumps of the offending packets but I have found that
Ethereal is very handy and convient to examing them... So that's my personal
choice... If you find another app that views and interprets the packet
dude [EMAIL PROTECTED] wrote:
On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative
Hello,
--- dude [EMAIL PROTECTED] wrote:
Is there any way to get snort to send more than
daily reports from snort?
You can set up logging into database (i.e. mysql), the
use acid (http://www.andrew.cmu.edu/~rdanyliw/snort/).
This way you can get reports in any time, by request.
Unfortunely,
30 matches
Mail list logo
