Re: Kernel ptrace Hole - Fix For i386 ?

2003-04-22 Thread simon raven
Greetings list, Le Mon, Apr 14, 2003 at 20:01:57 -0500, Greg Norris a écrit: > On Tue, Apr 15, 2003 at 12:46:38AM +0100, Nick Boyce wrote: > > The fix is in vanilla kernel 2.4.20 as I understand it, and it sounds > > like some people here are downloading that source for their Woody i386 > > system

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Karl Hammar
> Hi folks, > > I got the last 2.4.20 kernel with apt-get install. I want to patch it > with grsec, but I met many times the follow message: > "Reversed (or previously applied) patch detected! Assume -R? [n]" > When I answered "yes" to all questions, the kernel compilation had failed. > I think

Re: HELP, my Debian Server was hacked!

2003-04-22 Thread Christiano Anderson
Hi, Boot your machine in single user. Run a md5sum in /sbin/init and compare with a 'secure' machine. Download http://www.chkrootkit.org and run it. It's recommended to run chkrootkit using your own static binaries on another path or CDROM (you can see which binaries is needed on chkrootkit web

Re: HELP, my Debian Server was hacked!

2003-04-22 Thread Dale Amon
On Tue, Apr 22, 2003 at 09:00:11PM +0200, Christian K?nning wrote: > /var/log, symlinked /root/.bash_history > /dev/null, etc. > Is there any way to recover the evidences, e.g. the /var/log/ directory? > (ext2) Examine your /dev/swap after following advice in other replies about making sure thing

Re: ptrace patch for vanilla kernel 2.4.20

2003-04-22 Thread Alexander Schmehl
* Konstantin <[EMAIL PROTECTED]> [030422 23:03]: > can anyone post the patch for the 2.4.20-kernel (from kernel.org) or give me > an adress I can leech it from. http://www.ussg.iu.edu/hypermail/linux/kernel/0303.2/0226.html http://sinuspl.net/ptrace/ cu Alex -- PGP key on demand, mailto:[EMA

Re: DSA-288 - a question

2003-04-22 Thread Jason Lunz
[EMAIL PROTECTED] said: > DSA 288 [0] says: > > ] You will have to decide whether you want the security update which is > ] not thread-safe and recompile all applications that apparently fail >^^ > ] after the upgrade, [...] > > Does that mean th

Re: HELP, my Debian Server was hacked!

2003-04-22 Thread David Ehle
While the earlier advice is probably the best advice, don't forget to run chkrootkit. I recently had the same thing happen to one of my machines. I've found a kit in /dev/proc/fuckit The total nuking of /log makes this look like a very amature job. If they were hot they would edit the appropri

Re: HELP, my Debian Server was hacked!

2003-04-22 Thread xbud
tar up your /proc/ directory to save a copy of your kcore - it should have useful information unless he managed to zero out all the memory that was being utilized during the break in. turn the box off but make sure it don't delete crap, watch out for logic bombs or what not. remove the disk a

Re: HELP, my Debian Server was hacked!

2003-04-22 Thread Javier Fernández-Sanguino Peña
On Tue, Apr 22, 2003 at 09:00:11PM +0200, Christian Könning wrote: > Hello List, > > I hope this is not of topic: > > My private server has been hacked: > debian woody 2.4.18bf2.4 kernel, apache-ssl, samba, squid. Ouch. Was it up-to-date to security patches? > > now my problem: the intruder u

ptrace patch for vanilla kernel 2.4.20

2003-04-22 Thread Konstantin
hi, can anyone post the patch for the 2.4.20-kernel (from kernel.org) or give me an adress I can leech it from. thx for help Fallen_Angel

Re: Network stress testing

2003-04-22 Thread Javier Fernández-Sanguino Peña
On Tue, Apr 22, 2003 at 06:31:56PM +0100, Gustavo Adolfo Silva Ribeiro Felisberto wrote: > > http://www.netperf.org/ > > There is a tool to stress test http servers, but i dont remenber the name. There are several, already mentioned, and also httperf (available as a Debian package) Regards J

Re: Network stress testing

2003-04-22 Thread Dale Amon
On Tue, Apr 22, 2003 at 11:31:25AM -0600, xbud wrote: > Hi Dale, > > Stress testing networks can be quite tedious depending on what type of 'real > simulation' you have to abide by. > If you have a budget take a look at an appliance called 'Flame Thrower' I > forget who the vendor is ATM, but it

DSA-288 - a question

2003-04-22 Thread Marcin Owsiany
Hi! DSA 288 [0] says: ] You will have to decide whether you want the security update which is ] not thread-safe and recompile all applications that apparently fail ^^ ] after the upgrade, [...] Does that mean that installing 0.9.6c-2.woody.3 and

Re: Network stress testing

2003-04-22 Thread Wolfgang Kaufmann
* Thus spoke Gustavo Adolfo Silva Ribeiro Felisberto <[EMAIL PROTECTED]>: Hello, > There is a tool to stress test http servers, but i dont remenber the name. - Bye, Wolle -- "Es gibt Diebe, die nicht bestraft werden und einem doch das Kostbarste st

RE: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Hobbs, Richard
Hello, Thanks for the reply... So does this mean it will become available in woody when it is deemed stable enough? Any ideas when this might be? Also I am right in saying this does fix the ptrace bug, right? I think I'm right on this one. Thanks, Richard. > -Original Message- > F

HELP, my Debian Server was hacked!

2003-04-22 Thread Christian Könning
Hello List, I hope this is not of topic: My private server has been hacked: debian woody 2.4.18bf2.4 kernel, apache-ssl, samba, squid. now my problem: the intruder used a rootkit, i think, cause he deleted /var/log, symlinked /root/.bash_history > /dev/null, etc. Is there any way to recover the

Re: Network stress testing

2003-04-22 Thread Michal Melewski
On Tue, Apr 22, 2003 at 04:21:03PM +0100, Dale Amon wrote: > Would anyone have a recommendation for doing a stress > test of a network? I've got a big show coming up and > I'd like to set up re-produceable test procedures so > I know how things respond under expected real life loads. >From what i h

Re: Network stress testing

2003-04-22 Thread xbud
Hi Dale, Stress testing networks can be quite tedious depending on what type of 'real simulation' you have to abide by. If you have a budget take a look at an appliance called 'Flame Thrower' I forget who the vendor is ATM, but it was complete in regaurds to stress testing IDS's. We used it at

RE: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Mark L. Kahnt
On Tue, 2003-04-22 at 12:16, Hobbs, Richard wrote: > Hello, > > I was under the impression that an "apt-get dist-upgrade" would upgrade me > to the latest everything... > > I am running "stable" if that makes a difference. Is 2.4.20 in testing or > unstable at the moment, or is it just being bloc

Re: Network stress testing

2003-04-22 Thread Gustavo Adolfo Silva Ribeiro Felisberto
On Tue, 22 Apr 2003 16:21:03 +0100 Dale Amon <[EMAIL PROTECTED]> wrote: > Would anyone have a recommendation for doing a stress > test of a network? I've got a big show coming up and > I'd like to set up re-produceable test procedures so > I know how things respond under expected real life loads.

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Jonathan McDowell
On Tue, Apr 22, 2003 at 09:46:13AM -0400, John Keimel wrote: > On Tue, Apr 22, 2003 at 03:17:56PM +0300, Ted Bukov wrote: > > I got the last 2.4.20 kernel with apt-get install. I want to patch > > it with grsec, but I met many times the follow message: "Reversed > > (or previously applied) patch de

Re: Network stress testing

2003-04-22 Thread TiM
> Would anyone have a recommendation for doing a stress > test of a network? I've got a big show coming up and > I'd like to set up re-produceable test procedures so > I know how things respond under expected real life loads. Which layer do you want to test? Layer 2 (Ethernet etc) Layer 3 (IP) La

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Emmanuel Lacour
On Tue, Apr 22, 2003 at 06:13:06PM +0200, Marcel Weber wrote: > Hobbs, Richard wrote: > >Hello, > > > >Where is the 2.4.20 kernel in apt?? > > > Hi > > You do not miss anything (or I would miss the same thing...). The 2.4.20 > kernel is part of sid and not woody. For a 2.4.20 kernel grab sid's >

RE: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Hobbs, Richard
Hello, I was under the impression that an "apt-get dist-upgrade" would upgrade me to the latest everything... I am running "stable" if that makes a difference. Is 2.4.20 in testing or unstable at the moment, or is it just being blocked from my woody installation? Thanks, Richard. > -Origin

Network stress testing

2003-04-22 Thread Dale Amon
Would anyone have a recommendation for doing a stress test of a network? I've got a big show coming up and I'd like to set up re-produceable test procedures so I know how things respond under expected real life loads. I'm sure I've run across discussions of such tools but I can't remember any name

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Marcel Weber
Hobbs, Richard wrote: Hello, Where is the 2.4.20 kernel in apt?? Hi You do not miss anything (or I would miss the same thing...). The 2.4.20 kernel is part of sid and not woody. For a 2.4.20 kernel grab sid's kernel source or the plain vanilla kernel from kernel.org. Regards Marcel

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Jorge Luis V. C. Mendes
Im using grsecurity and i dont have problems to install :- / white-snake:~# apt-cache search grsec kernel-patch-2.4-grsecurity - grsecurity kernel patch - OpenWall based 2.4.x security patch - Original Message - From: "Raphael SurcouF" <[EMAIL PROTECTED]> To: Sent: Tuesday, April 22, 20

RE: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Hobbs, Richard
Hello, Where is the 2.4.20 kernel in apt?? turnip:~# apt-cache search kernel | grep image | grep 2.4 kernel-image-2.4.16-386 - Linux kernel image for version 2.4.16 on 386. kernel-image-2.4.16-586 - Linux kernel image for version 2.4.16 on 586/K5/5x86/6x86/6x86MX. kernel-image-2.4.16-586t

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread John Keimel
On Tue, Apr 22, 2003 at 03:17:56PM +0300, Ted Bukov wrote: > Hi folks, > > I got the last 2.4.20 kernel with apt-get install. I want to patch it > with grsec, but I met many times the follow message: > "Reversed (or previously applied) patch detected! Assume -R? [n]" > When I answered "yes" to a

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Marc-Christian Petersen
On Tuesday 22 April 2003 15:12, [EMAIL PROTECTED] wrote: Hi, > Ted Bukov <[EMAIL PROTECTED]> 22.04.2003, 14:17:56: > > I got the last 2.4.20 kernel with apt-get install. I want to patch it > > with grsec, but I met many times the follow message: > > "Reversed (or previously applied) patch detec

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Raphael SurcouF
Le Tue, 22 Apr 2003 15:17:56 +0300, Ted Bukov a écrit : > Hi folks, > > I got the last 2.4.20 kernel with apt-get install. I want to patch it > with grsec, but I met many times the follow message: > "Reversed (or previously applied) p

Re: grsec patch over debian 2.4.20 kernel

2003-04-22 Thread e-hoeffner
Ted Bukov <[EMAIL PROTECTED]> 22.04.2003, 14:17:56: > I got the last 2.4.20 kernel with apt-get install. I want to patch it > with grsec, but I met many times the follow message: > "Reversed (or previously applied) patch detected! Assume -R? [n]" > When I answered "yes" to all questions, the

grsec patch over debian 2.4.20 kernel

2003-04-22 Thread Ted Bukov
Hi folks, I got the last 2.4.20 kernel with apt-get install. I want to patch it with grsec, but I met many times the follow message: "Reversed (or previously applied) patch detected! Assume -R? [n]" When I answered "yes" to all questions, the kernel compilation had failed. I think grsec patch ha