Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
>
> > Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
> >
> > > Dear .debs,
> > >
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody
Martin Schulze <[EMAIL PROTECTED]> writes:
> Olaf Meeuwissen wrote:
> > Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
> >
> > > Dear .debs,
> > >
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody pre6 CDs, hardened and upgraded to woody prop
Peter Mathiasson <[EMAIL PROTECTED]> writes:
> On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> > fetchmail (5.9.11-6) testing-security; urgency=high
> >-- Henrique de Moraes Holschuh <[EMAIL PROTECTED]> Sat, 8 Jun 2002
> > 09:40:46 -0300
>
> > kdenetwork (4:2.2.2-14.
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
>
> > Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
> >
> > > Dear .debs,
> > >
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody
On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
Martin Schulze <[EMAIL PROTECTED]> writes:
> Olaf Meeuwissen wrote:
> > Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
> >
> > > Dear .debs,
> > >
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody pre6 CDs, hardened and upgraded to woody pro
Peter Mathiasson <[EMAIL PROTECTED]> writes:
> On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> > fetchmail (5.9.11-6) testing-security; urgency=high
> >-- Henrique de Moraes Holschuh <[EMAIL PROTECTED]> Sat, 8 Jun 2002 09:40:46 -0300
>
> > kdenetwork (4:2.2.2-14.0woo
On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
> > Before applying the upgrades I checked
On Mon, 30 Sep 2002 at 03:50:35AM -0700, Alvin Oga wrote:
> but i wanna be able to saywishfully... if you attempt any real illegal
> connections, that you're caught ... within a few minutes... and off we go
> to lawyers ...
Actually, several Federal Courts have held port scanning does not con
tags 144857 + patch
thanks
Package: libpam-sfs
Version: 0.2.2
Followup-For: Bug #144857
On Mon, Sep 30, 2002 at 02:43:16PM +0200, Massimiliano Mirra wrote:
> Yes, non-US source is there now (that was the reason apt-get source
> libpam-sfs was not working in the first place). The problem with
> l
On Mon, Sep 30, 2002 at 01:26:40PM +0100, Alan James wrote:
> >Yes, non-US source is there now (that was the reason apt-get source
> >libpam-sfs was not working in the first place). The problem with
> >libsfscrypt happens at configure time: the lib is there but configure
> >can't seem to find it:
On Mon, 30 Sep 2002 14:02:54 +0200, Massimiliano Mirra
<[EMAIL PROTECTED]> wrote:
>Yes, non-US source is there now (that was the reason apt-get source
>libpam-sfs was not working in the first place). The problem with
>libsfscrypt happens at configure time: the lib is there but configure
>can't se
Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
> > Before applying the upgrades I checke
On Mon, Sep 30, 2002 at 07:24:17PM +0800, SDiZ (UHome) wrote:
> >Duh, stoopid me. Of course now it apt-gets it. It still bombs on
> >libsfscrypt, though.
>
> did you add non-US source ?
> some crypt program have not moved to main yet..
Yes, non-US source is there now (that was the reason apt-ge
On Mon, 30 Sep 2002 at 03:50:35AM -0700, Alvin Oga wrote:
> but i wanna be able to saywishfully... if you attempt any real illegal
> connections, that you're caught ... within a few minutes... and off we go
> to lawyers ...
Actually, several Federal Courts have held port scanning does not co
tags 144857 + patch
thanks
Package: libpam-sfs
Version: 0.2.2
Followup-For: Bug #144857
On Mon, Sep 30, 2002 at 02:43:16PM +0200, Massimiliano Mirra wrote:
> Yes, non-US source is there now (that was the reason apt-get source
> libpam-sfs was not working in the first place). The problem with
>
Massimiliano Mirra wrote:
Duh, stoopid me. Of course now it apt-gets it. It still bombs on
libsfscrypt, though.
did you add non-US source ?
some crypt program have not moved to main yet..
On Mon, 30 Sep 2002, Michael Renzmann wrote:
> Hi.
>
> Zeno Davatz wrote:
> > I am just gonna deinstall portsentry - why did I install it in the first
> > place???
>
> In order to get informed in cases when there are (more or less) obvious
> port scans? :)
i say scan the ports all you like .
On Mon, Sep 30, 2002 at 12:09:14PM +0200, Wichert Akkerman wrote:
> > $ apt-get source libpam-sfs
> > E: Unable to find a source package for libpam-sfs
> Make sure you have a deb-src entry for non-us in
> /etc/apt/sources.list
Duh, stoopid me. Of course now it apt-gets it. It still bombs on
On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> fetchmail (5.9.11-6) testing-security; urgency=high
>-- Henrique de Moraes Holschuh <[EMAIL PROTECTED]> Sat, 8 Jun 2002
> 09:40:46 -0300
> kdenetwork (4:2.2.2-14.0woody1) testing-security; urgency=high
>-- Daniel Jac
Hi
Commonly fingerd will found inetd.conf and name as in.fingerd..., but there
are some replacement of fingerd examble cfingerd etc. Maybe some of these
variants start from /etc/init.d ?
I recommed you locate this daemon
Examble this way...
locate fingerd|more this should display all fingerd va
On Mon, Sep 30, 2002 at 01:26:40PM +0100, Alan James wrote:
> >Yes, non-US source is there now (that was the reason apt-get source
> >libpam-sfs was not working in the first place). The problem with
> >libsfscrypt happens at configure time: the lib is there but configure
> >can't seem to find it:
On 30.9.2002 11:55 Uhr, "Michael Renzmann" <[EMAIL PROTECTED]> wrote:
> In order to get informed in cases when there are (more or less) obvious
> port scans? :)
I admit - I can not really recall.
Thanks for your help.
Zeno
Previously Massimiliano Mirra wrote:
> Long version:
>
> $ apt-get source libpam-sfs
> E: Unable to find a source package for libpam-sfs
Make sure you have a deb-src entry for non-us in /etc/apt/sources.list
(and run apt-get update after adding it).
> So I got it from SourceForge (libpam-sfs
On Mon, Sep 30, 2002 at 12:01:42PM +0200, Laurent Luyckx wrote:
> You need the libgmp3-dev package for compiling...
Here already:
$ dpkg --status libgmp3-dev
Package: libgmp3-dev
Status: install ok installed
(And it's in the Build-Depends: of libpam-sfs, so dpkg-buildpackage
would have war
On Mon, 30 Sep 2002 14:02:54 +0200, Massimiliano Mirra
<[EMAIL PROTECTED]> wrote:
>Yes, non-US source is there now (that was the reason apt-get source
>libpam-sfs was not working in the first place). The problem with
>libsfscrypt happens at configure time: the lib is there but configure
>can't s
You need the libgmp3-dev package for compiling...
Cheers.
On Mon, 2002-09-30 at 11:56, Massimiliano Mirra wrote:
> I'm using the libpam-sfs PAM module, which lets users authenticate at
> login and for importing directories in one single step. The binary
> .deb that comes with Woody works fine.
I'm using the libpam-sfs PAM module, which lets users authenticate at
login and for importing directories in one single step. The binary
.deb that comes with Woody works fine. But...
Short version: when I try to compile it from source I hit a wall.
Anybody managed to compile it?
Long version:
Hi.
Zeno Davatz wrote:
I am just gonna deinstall portsentry - why did I install it in the first
place???
In order to get informed in cases when there are (more or less) obvious
port scans? :)
Bye, Mike
On Mon, 30 Sep 2002, Zeno Davatz wrote:
> It give me:
> debian:/etc/snort# netstat -lnp|grep 79
> tcp0 0 0.0.0.0:79 0.0.0.0:* LISTEN
> 303/portsentry
>
> And I also found follwoing article witch I think is very interesting:
>
> http://lists.debian.org/debian
On Mon, Sep 30, 2002 at 07:24:17PM +0800, SDiZ (UHome) wrote:
> >Duh, stoopid me. Of course now it apt-gets it. It still bombs on
> >libsfscrypt, though.
>
> did you add non-US source ?
> some crypt program have not moved to main yet..
Yes, non-US source is there now (that was the reason apt-g
On 30.9.2002 11:19 Uhr, "Tobias Overkamp" <[EMAIL PROTECTED]>
wrote:
> what does a
> netstat -lnp|grep 79
> say to you?
> You should see the process that binds to the port...
Thanks - that is a nice command.
It give me:
debian:/etc/snort# netstat -lnp|grep 79
tcp0 0 0.0.0.0:79
On Mon, Sep 30, 2002 at 11:03:17AM +0200, Zeno Davatz wrote:
> On 30.9.2002 10:54 Uhr, "InfoEmergencias - Luis Gómez"
> <[EMAIL PROTECTED]> wrote:
>
> > fingerd is the name of the package :)
> Thanks for the hint. Tried that also:
> debian:/etc# apt-get --purge remove fingerd
> Reading Package Lis
On 30.9.2002 10:54 Uhr, "InfoEmergencias - Luis Gómez"
<[EMAIL PROTECTED]> wrote:
> fingerd is the name of the package :)
Thanks for the hint. Tried that also:
debian:/etc# apt-get --purge remove fingerd
Reading Package Lists... Done
Building Dependency Tree... Done
Package fingerd is not installe
Massimiliano Mirra wrote:
> Duh, stoopid me. Of course now it apt-gets it. It still bombs on
> libsfscrypt, though.
did you add non-US source ?
some crypt program have not moved to main yet..
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EM
On 30.9.2002 10:26 Uhr, "Alvin Oga" <[EMAIL PROTECTED]>
wrote:
> looks like oyu didnt take care of inetd and other daemons
That is why I want to take care of them now...
> a start from this docs
> http://www.debian.org/doc/manuals/securing-debian-howto/
Thanks for the link.
> - turn off un-neede
On 30.9.2002 10:22 Uhr, "Riku Valli" <[EMAIL PROTECTED]> wrote:
> Disable services. Edited /etc/inetd.conf and add # to unwanted service or
> use update-inetd program to complete task. Restart inetd super daemon
> /etc/init.d/inetd restart
Thanks I commented out all services from /etc/inetd.conf t
hi ya
looks like oyu didnt take care of inetd and other daemons
a start from this docs
http://www.debian.org/doc/manuals/securing-debian-howto/
rest of the "hardening howto"
- turn off inetd
- turn off un-needed daemons
- turn off un-needed services
- fix
On Mon, 30 Sep 2002, Michael Renzmann wrote:
> Hi.
>
> Zeno Davatz wrote:
> > I am just gonna deinstall portsentry - why did I install it in the first
> > place???
>
> In order to get informed in cases when there are (more or less) obvious
> port scans? :)
i say scan the ports all you like
Hi
Disable services. Edited /etc/inetd.conf and add # to unwanted service or
use update-inetd program to complete task. Restart inetd super daemon
/etc/init.d/inetd restart
stop service ex /etc/init.d/named stop
/etc/init.d/program_name add beginning of script 'exit 0' examble of named
(listen 53
On Mon, 30 Sep 2002, Zeno Davatz wrote:
> That is exactly what I am trying to do: stop all unwanted services. To me it
> seems more difficult to to do then so say...
>
> Can you give me a hint how to stop ie. tcpmux and finger?
find out what processes are listening on those ports. You can do it,
On 30.9.2002 10:03 Uhr, "Christian Schuerer-Waldheim" <[EMAIL PROTECTED]> wrote:
> Either stop all unused/unwanted services or use a firewall (iptables) to
> protect your machine.
That is exactly what I am trying to do: stop all unwanted services. To me it
seems more difficult to to do then so say
On Mon, Sep 30, 2002 at 09:43:34 +0200, Zeno Davatz wrote:
> Can anyone give me a hint how to go about closing all the following port
> execpt ssh, http, https?
> 1524/tcp openingreslock
> 12345/tcp openNetBus
> 12346/tcp openNetBus
> 27665/tcp openTrinoo_Maste
On Mon, Sep 30, 2002 at 12:09:14PM +0200, Wichert Akkerman wrote:
> > $ apt-get source libpam-sfs
> > E: Unable to find a source package for libpam-sfs
> Make sure you have a deb-src entry for non-us in
> /etc/apt/sources.list
Duh, stoopid me. Of course now it apt-gets it. It still bombs on
On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote:
> fetchmail (5.9.11-6) testing-security; urgency=high
>-- Henrique de Moraes Holschuh <[EMAIL PROTECTED]> Sat, 8 Jun 2002 09:40:46 -0300
> kdenetwork (4:2.2.2-14.0woody1) testing-security; urgency=high
>-- Daniel Jacob
Hi
Commonly fingerd will found inetd.conf and name as in.fingerd..., but there
are some replacement of fingerd examble cfingerd etc. Maybe some of these
variants start from /etc/init.d ?
I recommed you locate this daemon
Examble this way...
locate fingerd|more this should display all fingerd v
On 30.9.2002 11:55 Uhr, "Michael Renzmann" <[EMAIL PROTECTED]> wrote:
> In order to get informed in cases when there are (more or less) obvious
> port scans? :)
I admit - I can not really recall.
Thanks for your help.
Zeno
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsu
Previously Massimiliano Mirra wrote:
> Long version:
>
> $ apt-get source libpam-sfs
> E: Unable to find a source package for libpam-sfs
Make sure you have a deb-src entry for non-us in /etc/apt/sources.list
(and run apt-get update after adding it).
> So I got it from SourceForge (libpam-sf
On Mon, Sep 30, 2002 at 12:01:42PM +0200, Laurent Luyckx wrote:
> You need the libgmp3-dev package for compiling...
Here already:
$ dpkg --status libgmp3-dev
Package: libgmp3-dev
Status: install ok installed
(And it's in the Build-Depends: of libpam-sfs, so dpkg-buildpackage
would have wa
Hi List
I am an newbie and done a nmap -v of my local maschine that is supposed to
be put into the internet after I managed to close all the necessary ports.
Can anyone give me a hint how to go about closing all the following port
execpt ssh, http, https?
Port State Service
1/tcp
You need the libgmp3-dev package for compiling...
Cheers.
On Mon, 2002-09-30 at 11:56, Massimiliano Mirra wrote:
> I'm using the libpam-sfs PAM module, which lets users authenticate at
> login and for importing directories in one single step. The binary
> .deb that comes with Woody works fine.
I'm using the libpam-sfs PAM module, which lets users authenticate at
login and for importing directories in one single step. The binary
.deb that comes with Woody works fine. But...
Short version: when I try to compile it from source I hit a wall.
Anybody managed to compile it?
Long version:
Hi.
Zeno Davatz wrote:
> I am just gonna deinstall portsentry - why did I install it in the first
> place???
In order to get informed in cases when there are (more or less) obvious
port scans? :)
Bye, Mike
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
On Mon, 30 Sep 2002, Zeno Davatz wrote:
> It give me:
> debian:/etc/snort# netstat -lnp|grep 79
> tcp0 0 0.0.0.0:79 0.0.0.0:* LISTEN
> 303/portsentry
>
> And I also found follwoing article witch I think is very interesting:
>
> http://lists.debian.org/debia
On 30.9.2002 11:19 Uhr, "Tobias Overkamp" <[EMAIL PROTECTED]>
wrote:
> what does a
> netstat -lnp|grep 79
> say to you?
> You should see the process that binds to the port...
Thanks - that is a nice command.
It give me:
debian:/etc/snort# netstat -lnp|grep 79
tcp0 0 0.0.0.0:79
On Mon, Sep 30, 2002 at 11:03:17AM +0200, Zeno Davatz wrote:
> On 30.9.2002 10:54 Uhr, "InfoEmergencias - Luis Gómez"
> <[EMAIL PROTECTED]> wrote:
>
> > fingerd is the name of the package :)
> Thanks for the hint. Tried that also:
> debian:/etc# apt-get --purge remove fingerd
> Reading Package Li
On 30.9.2002 10:54 Uhr, "InfoEmergencias - Luis Gómez"
<[EMAIL PROTECTED]> wrote:
> fingerd is the name of the package :)
Thanks for the hint. Tried that also:
debian:/etc# apt-get --purge remove fingerd
Reading Package Lists... Done
Building Dependency Tree... Done
Package fingerd is not install
On 30.9.2002 10:26 Uhr, "Alvin Oga" <[EMAIL PROTECTED]>
wrote:
> looks like oyu didnt take care of inetd and other daemons
That is why I want to take care of them now...
> a start from this docs
> http://www.debian.org/doc/manuals/securing-debian-howto/
Thanks for the link.
> - turn off un-need
On 30.9.2002 10:22 Uhr, "Riku Valli" <[EMAIL PROTECTED]> wrote:
> Disable services. Edited /etc/inetd.conf and add # to unwanted service or
> use update-inetd program to complete task. Restart inetd super daemon
> /etc/init.d/inetd restart
Thanks I commented out all services from /etc/inetd.conf
hi ya
looks like oyu didnt take care of inetd and other daemons
a start from this docs
http://www.debian.org/doc/manuals/securing-debian-howto/
rest of the "hardening howto"
- turn off inetd
- turn off un-needed daemons
- turn off un-needed services
- fi
Hi
Disable services. Edited /etc/inetd.conf and add # to unwanted service or
use update-inetd program to complete task. Restart inetd super daemon
/etc/init.d/inetd restart
stop service ex /etc/init.d/named stop
/etc/init.d/program_name add beginning of script 'exit 0' examble of named
(listen 5
On Mon, 30 Sep 2002, Zeno Davatz wrote:
> That is exactly what I am trying to do: stop all unwanted services. To me it
> seems more difficult to to do then so say...
>
> Can you give me a hint how to stop ie. tcpmux and finger?
find out what processes are listening on those ports. You can do it,
On 30.9.2002 10:03 Uhr, "Christian Schuerer-Waldheim" <[EMAIL PROTECTED]> wrote:
> Either stop all unused/unwanted services or use a firewall (iptables) to
> protect your machine.
That is exactly what I am trying to do: stop all unwanted services. To me it
seems more difficult to to do then so sa
On Mon, Sep 30, 2002 at 09:43:34 +0200, Zeno Davatz wrote:
> Can anyone give me a hint how to go about closing all the following port
> execpt ssh, http, https?
> 1524/tcp openingreslock
> 12345/tcp openNetBus
> 12346/tcp openNetBus
> 27665/tcp openTrinoo_Mast
Hi List
I am an newbie and done a nmap -v of my local maschine that is supposed to
be put into the internet after I managed to close all the necessary ports.
Can anyone give me a hint how to go about closing all the following port
execpt ssh, http, https?
Port State Service
1/tcp
66 matches
Mail list logo
