Yes 'we wait for some info...
what's up the he** ???
Is this an open source project or not ???, we use it not only for apt-*** tools.
On Thu, 27 Nov 2003, Dan Jacobson wrote:
So, give the people some time and after the details are disclosed -
learn from their experience and use it in
On Fri, 28 Nov 2003, Matthias Wieser wrote:
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
There are other ways to insert code into a running kernel. However, it may
break some automated worms or stop script kiddies who don't quite know
what
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser:
Matthias,
AFAIK NO, it doesn't. There were programs to ENABLE modules on a
module-disabled kernel.
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
Thank you, Matthias Wieser
Regards,
hi Matthias,
On Fri, 28 Nov 2003 10:47:50 +0100
Matthias Wieser [EMAIL PROTECTED] wrote:
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not
enough.
f. soul.
--
,
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment. I
have two problems that I could use some help with:
1. I've done the bare minimum amount of tweaking of the default
policy beyond answering all the
François TOURDE wrote:
Le 12383ième jour après Epoch,
Haim Ashkenazi écrivait:
Hi
I've got a server at our ISP's server farm which rebooted last night.
I've contact my ISP and no one there did nothing, also it wasn't a power
failure because the reboot is written in '/var/log/syslog':
Kjetil Kjernsmo schrieb:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
On Fri, Nov 28, 2003 at 03:03:08AM -0800, Forrest L Norvell wrote:
I know I'm not the first person to encounter this error, because I
Yes, I'm working through some of these issues with
Russell as we speak. There are errors in
/etc/mkinitrd/scripts/selinux which builds the initrd
file.
On Fri, 28 Nov 2003 22:03, Forrest L Norvell [EMAIL PROTECTED] wrote:
/usr/bin/checkpolicy -o policy policy.conf
/usr/bin/checkpolicy: loading policy configuration from policy.conf
ERROR 'attribute file_type is not declared' at token ';' on line 867:
#
type device_t, file_type;
--Thursday, November 27, 2003 12:56:18 -0500 Eric LeBlanc [EMAIL PROTECTED]:
A least, they can stay us informed about their actions... for example:
21 sep: hacked, we moved all domain to blah, bluh, blih.
22 sep: investiguation started, by X, X. We think it will take X
hours/day/month/years
On Friday 28 November 2003 13:14, Karsten M. Self wrote:
That announcement wasn't delivered for all users until _after_ murphy
was resurrected. I myself got the debian-security-announce message
mailed Nov 21 on 25 Nov 2003 15:16:56 -0800.
Hm, I got that late too, but the (unsigned) announcement
Le vendredi 28 novembre 2003 12h06 (+0100), Boris Stanislavski crivait :
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200311/msg00012.html
It says Somehow
On Fri, Nov 28, 2003 at 01:52:14PM +0100, Kjetil Kjernsmo wrote:
I learnt on /. that it had been a password compromise, so that meant, it
was in the generic class of problems. We're always vulnerable towards
that. But, we're all likely to be vulnerable to the local exploit used
to gain
On Fri, 28 Nov 2003, Marcel Hicking wrote:
I'd definitely prefer to have them working on getting things
up and running again and do the forensics. They should waste a
minute too much on reports that might proove wrong finally anyway.
Minute? Every minute is cucial... So hmm.. They dont
On Fri, Nov 28, 2003 at 07:46:45PM +0700, Jean Christophe ANDR? wrote:
May be because of the last screen local privilege escalation...?
See there: http://www.secunia.com/advisories/10310/
Yow! TWO GIGABITS OF SEMICOLONS?
One would think someone would notice an attack like
that if it ever
* Jean Christophe ANDR? ([EMAIL PROTECTED]) wrote:
Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
Le vendredi 28 novembre 2003 14h21 (+), Dale Amon crivait :
See there: http://www.secunia.com/advisories/10310/
Yow! TWO GIGABITS OF SEMICOLONS?
2 giga bytes.
One would think someone would notice an attack like
that if it ever occurred!
Not necessarly if we can generate it localy,
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a production system, I'd recommend starting
from Debian woody and Brian
On Thu, Nov 27, 2003 at 06:03:13AM -0500, Anthony DeRobertis wrote:
On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
None of those packages are new; they are all from
security.debian.org and correspnod to security advisories released
since
3.0r1.
Really? There were 13 or so things on
Alohá!
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Don't want to discourage anybody from SELinux, especially not with
kernel 2.6 reaching production status, just my 2c ;-)
best regards
Le vendredi 28 novembre 2003 09h36 (-0500), Stephen Frost crivait :
It says Somehow they got root [...], does anybody yet know how?
Did you *read* what they said?
Mhhh... I think so... But I'm not a native english speaker actually... :)
Did I miss something?
I read this: (I believe) an
This one time, at band camp, Michael Parkinson said:
Umm, I have the same problem.
If I kill Exim and Spamassassin no hidden processes reported.
Under normal load sometimes get 1-7 hidden processes. Was is a state of
panic but it does appear that Exim and Spamassassin combined do
On Sat, 29 Nov 2003 05:10, Martin G.H. Minkler [EMAIL PROTECTED] wrote:
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here for
Hi!
On Sat, 29 Nov 2003 05:10, Martin G.H. Minkler [EMAIL PROTECTED] wrote:
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here for
On Fri, Nov 28, 2003 at 11:06:40PM +1100, Russell Coker wrote:
2. When I attempt to boot into my SELinux kernel (all packages,
versions, and kernel configuration options at the end of this
message), I get an error about being unable to find
/usr/bin/load_policy, even with an
On Fri, Nov 28, 2003 at 11:40:12AM -0500, Colin Walters wrote:
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a
Quoting Roland Mas ([EMAIL PROTECTED]):
/me suggests the Debian Planet and Debian Help (both .org) websites.
^^^
Session initialisation failed. Problems?
--
Cheers,A: No.
Rick Moen Q: Should I include
i have a firewwall with 2 nics .. its running iptables. the outside
nic forwards port 80 to an internal webserver on an internal ip. this
works great. if an internal host hits the external ip. traffic does
not go to the internal web server. if an external host hits the
external ip
on Wed, Nov 26, 2003 at 09:30:05AM +0100, Martin Schulze ([EMAIL PROTECTED]) wrote:
Dan Jacobson wrote:
To us debian users, the most notable thing during this break in or
whatever episode, is how the communication structures crumbled.
It had to be re-installed. You probably know that
On Fri, Nov 28, 2003 at 04:14:19AM -0800, Karsten M. Self wrote:
I'll disagree with Martin's comment that the server compromise didn't
constitute a security issue despite the lack of an archive compromise.
For someone well versed in Debian procedures, it might have been
plausible that the
Karsten M. Self, 2003-11-28 13:30:28 +0100 :
[...]
- Where to provide information. Personal websites and news
channels served well, but an advance statement of here's where
you should turn in the event of an emergency would be useful.
/me suggests the Debian Planet and Debian Help
Yes 'we wait for some info...
what's up the he** ???
Is this an open source project or not ???, we use it not only for apt-*** tools.
On Thu, 27 Nov 2003, Dan Jacobson wrote:
So, give the people some time and after the details are disclosed -
learn from their experience and use it in
Bernd Eckenfels wrote:
Developers dont release all binary packages and users normally dont download
source packages. So it is not that easy.
Yes, I did note that there are many wrinkles to iron out. That's not the
point I am trying to make. I don't think anyone would be foolish enough to
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
Thank you, Matthias Wieser
On Fri, 28 Nov 2003, Matthias Wieser wrote:
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
There are other ways to insert code into a running kernel. However, it may
break some automated worms or stop script kiddies who don't quite know
what
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser:
Matthias,
AFAIK NO, it doesn't. There were programs to ENABLE modules on a
module-disabled kernel.
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
Thank you, Matthias Wieser
Regards,
hi Matthias,
On Fri, 28 Nov 2003 10:47:50 +0100
Matthias Wieser [EMAIL PROTECTED] wrote:
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not
enough.
f. soul.
--
,
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment. I
have two problems that I could use some help with:
1. I've done the bare minimum amount of tweaking of the default
policy beyond answering all the
Kjetil Kjernsmo schrieb:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
On Fri, Nov 28, 2003 at 03:03:08AM -0800, Forrest L Norvell wrote:
I know I'm not the first person to encounter this error, because I
Yes, I'm working through some of these issues with
Russell as we speak. There are errors in
/etc/mkinitrd/scripts/selinux which builds the initrd
file.
On Fri, 28 Nov 2003 22:03, Forrest L Norvell [EMAIL PROTECTED] wrote:
/usr/bin/checkpolicy -o policy policy.conf
/usr/bin/checkpolicy: loading policy configuration from policy.conf
ERROR 'attribute file_type is not declared' at token ';' on line 867:
#
type device_t, file_type;
on Wed, Nov 26, 2003 at 09:30:05AM +0100, Martin Schulze ([EMAIL PROTECTED])
wrote:
Dan Jacobson wrote:
To us debian users, the most notable thing during this break in or
whatever episode, is how the communication structures crumbled.
It had to be re-installed. You probably know that
--Thursday, November 27, 2003 12:56:18 -0500 Eric LeBlanc [EMAIL PROTECTED]:
A least, they can stay us informed about their actions... for example:
21 sep: hacked, we moved all domain to blah, bluh, blih.
22 sep: investiguation started, by X, X. We think it will take X
hours/day/month/years
On Friday 28 November 2003 13:14, Karsten M. Self wrote:
That announcement wasn't delivered for all users until _after_ murphy
was resurrected. I myself got the debian-security-announce message
mailed Nov 21 on 25 Nov 2003 15:16:56 -0800.
Hm, I got that late too, but the (unsigned) announcement
Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200311/msg00012.html
It says Somehow
On Fri, Nov 28, 2003 at 01:52:14PM +0100, Kjetil Kjernsmo wrote:
I learnt on /. that it had been a password compromise, so that meant, it
was in the generic class of problems. We're always vulnerable towards
that. But, we're all likely to be vulnerable to the local exploit used
to gain
On Fri, 28 Nov 2003, Marcel Hicking wrote:
I'd definitely prefer to have them working on getting things
up and running again and do the forensics. They should waste a
minute too much on reports that might proove wrong finally anyway.
Minute? Every minute is cucial... So hmm.. They dont
On Fri, Nov 28, 2003 at 07:46:45PM +0700, Jean Christophe ANDR? wrote:
May be because of the last screen local privilege escalation...?
See there: http://www.secunia.com/advisories/10310/
Yow! TWO GIGABITS OF SEMICOLONS?
One would think someone would notice an attack like
that if it ever
* Jean Christophe ANDR? ([EMAIL PROTECTED]) wrote:
Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a production system, I'd recommend starting
from Debian woody and Brian
On Thu, Nov 27, 2003 at 06:03:13AM -0500, Anthony DeRobertis wrote:
On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
None of those packages are new; they are all from
security.debian.org and correspnod to security advisories released
since
3.0r1.
Really? There were 13 or so things on
Alohá!
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Don't want to discourage anybody from SELinux, especially not with
kernel 2.6 reaching production status, just my 2c ;-)
best regards
On Fri, Nov 28, 2003 at 04:14:19AM -0800, Karsten M. Self wrote:
I'll disagree with Martin's comment that the server compromise didn't
constitute a security issue despite the lack of an archive compromise.
For someone well versed in Debian procedures, it might have been
plausible that the
Le vendredi 28 novembre 2003 à 09h36 (-0500), Stephen Frost écrivait :
It says Somehow they got root [...], does anybody yet know how?
Did you *read* what they said?
Mhhh... I think so... But I'm not a native english speaker actually... :)
Did I miss something?
I read this: (I believe) an
This one time, at band camp, Michael Parkinson said:
Umm, I have the same problem.
If I kill Exim and Spamassassin no hidden processes reported.
Under normal load sometimes get 1-7 hidden processes. Was is a state of
panic but it does appear that Exim and Spamassassin combined do
On Sat, 29 Nov 2003 05:10, Martin G.H. Minkler [EMAIL PROTECTED] wrote:
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here for
Karsten M. Self, 2003-11-28 13:30:28 +0100 :
[...]
- Where to provide information. Personal websites and news
channels served well, but an advance statement of here's where
you should turn in the event of an emergency would be useful.
/me suggests the Debian Planet and Debian Help
Hi!
On Sat, 29 Nov 2003 05:10, Martin G.H. Minkler [EMAIL PROTECTED] wrote:
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here for
On Fri, Nov 28, 2003 at 11:06:40PM +1100, Russell Coker wrote:
2. When I attempt to boot into my SELinux kernel (all packages,
versions, and kernel configuration options at the end of this
message), I get an error about being unable to find
/usr/bin/load_policy, even with an
On Fri, Nov 28, 2003 at 11:40:12AM -0500, Colin Walters wrote:
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a
Quoting Roland Mas ([EMAIL PROTECTED]):
/me suggests the Debian Planet and Debian Help (both .org) websites.
^^^
Session initialisation failed. Problems?
--
Cheers,A: No.
Rick Moen Q: Should I include
i have a firewwall with 2 nics .. its running iptables. the outside
nic forwards port 80 to an internal webserver on an internal ip. this
works great. if an internal host hits the external ip. traffic does
not go to the internal web server. if an external host hits the
external ip
62 matches
Mail list logo