t that end users can connect
to the services, but only administrators. If you have 100 machines on the
net placed at customers it might be pretty handy, if you dont have to
worry about ssh auto rooters after the new 0day exploit, because they
don't try the magic-ip-packet-sequence. This adds anot
c on a rare or unallocated protocol before opening a
> backdoor.
http://www.phenoelit.de/stuff/cd00r.c
has been used sometimes on compromised machines...
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
[EMAIL PROTECTED]
t
or what? In a random non guessable order? Hard work... useless IMO
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
[EMAIL PROTECTED]
ertain ports (i.e. SSH) for a specified amount of time or for the next
> connection attempt only. The parameters which could be set in the config
> file would be:
Sadoor
http://cmn.listprojects.darklab.org/
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
[EMAIL PROTECTED]
p_port to '0'... If it is written via -u in
the init scripts the config file settings are overwritten, so beware.
Regards, Alexander
--
Alexander Reelsen
http://tretmine.org
p_port to '0'... If it is written via -u in
the init scripts the config file settings are overwritten, so beware.
Regards, Alexander
--
Alexander Reelsen
http://tretmine.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi
On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
> On Thu, 13 Mar 2003, Alexander Reelsen wrote:
> > Are you sure on this one?
> >
> > # sysctl -A | grep cap-bound
> > kernel.cap-bound = -257
> >
> > Being it a sysctl parameter mak
nux2:~ # sysctl -A | grep cap-bound
kernel.cap-bound = -257
Being it a sysctl parameter makes me wonder whether you can set things
runtime (if you have the appropriate capability of course). lcap does
exactly that, writing in this procfile.
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
[EMAIL PROTECTED]
Hi
On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
> On Thu, 13 Mar 2003, Alexander Reelsen wrote:
> > Are you sure on this one?
> >
> > # sysctl -A | grep cap-bound
> > kernel.cap-bound = -257
> >
> > Being it a sysctl parameter mak
nux2:~ # sysctl -A | grep cap-bound
kernel.cap-bound = -257
Being it a sysctl parameter makes me wonder whether you can set things
runtime (if you have the appropriate capability of course). lcap does
exactly that, writing in this procfile.
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sat, Aug 17, 2002 at 09:25:07PM +0100, Dale Amon wrote:
> Anyone know what this means? Even google draws a blank.
>
> tcpspy[29190]: /proc/net/tcp: warning: incomplete line
Taking a very quick look at the source along with reading the description
of tcpspy makes you feel, it's nothing to totall
AM to authenticate via /etc/passwd, you're
just not realize this :-)
Check out the (not always easy to read) documentation about PAM, however
it's worth a read.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED]GnuPG: pub 1024D/F0D7313C sub 2048g/6
AM to authenticate via /etc/passwd, you're
just not realize this :-)
Check out the (not always easy to read) documentation about PAM, however
it's worth a read.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED]GnuPG: pub 1024D/F0D7313C sub 2048g/6
he lids patch), it took less than
> two minutes to correct this by hand.
> i don't think, that there are too much more changes for the 2.4.17.
Has it become SMP safe for 2.4 kernels? It never was for 2.2...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTE
he lids patch), it took less than
> two minutes to correct this by hand.
> i don't think, that there are too much more changes for the 2.4.17.
Has it become SMP safe for 2.4 kernels? It never was for 2.2...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTE
, second you should change
.htm to .html and third this document is completely obsoleted as Javier
Fernandez has incorporated it into an official Debian Document Project
Paper on www.debian.org/doc, which should be used as reference. :)
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rh
, second you should change
.htm to .html and third this document is completely obsoleted as Javier
Fernandez has incorporated it into an official Debian Document Project
Paper on www.debian.org/doc, which should be used as reference. :)
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rh
On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote:
> On Mon, 10 Sep 2001, Alexander Reelsen wrote:
> > First binding then firewalling is a bad idea, someone might be able to
> > access that service via spoofing or other dirty tricks...
> I do not know very much i
On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote:
> On Mon, 10 Sep 2001, Alexander Reelsen wrote:
> > First binding then firewalling is a bad idea, someone might be able to
> > access that service via spoofing or other dirty tricks...
> I do not know very much i
g is a bad idea, someone might be able to
access that service via spoofing or other dirty tricks...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C
ad idea, someone might be able to
access that service via spoofing or other dirty tricks...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7
st in IRIX-style chkconfig, I can probably throw
> > something together from the scripts and docs I have lying around
> I would be interested. :)
You might want to check file-rc or rcconf as well...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED]
t; > If there is an interest in IRIX-style chkconfig, I can probably throw
> > something together from the scripts and docs I have lying around
> I would be interested. :)
You might want to check file-rc or rcconf as well...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.
ng whitehouse.gov and infecting other hosts).
Check bugtraq/securityfocus for more.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D
ng whitehouse.gov and infecting other hosts).
Check bugtraq/securityfocus for more.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D
is just to upgrade your kernel. But as your box sounds
compromised, reinstall it along with a kernel.
If you're using linux 2.2.19 please post some more information.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 20
is just to upgrade your kernel. But as your box sounds
compromised, reinstall it along with a kernel.
If you're using linux 2.2.19 please post some more information.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 20
abase itself (perhaps with an external key).
> Is something like this possible or is it planned?
apt-get install debsums
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3
abase itself (perhaps with an external key).
> Is something like this possible or is it planned?
apt-get install debsums
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3
ad or whatever (huge
"huh?" here from my side).
So if anyone has a application to add to this list, please tell me so.
Incredibly long list of apps:
- proftpd
- xntp3 w/patch (just keeps CAP_SYS_TIME, drops uid 0)
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMA
ad or whatever (huge
"huh?" here from my side).
So if anyone has a application to add to this list, please tell me so.
Incredibly long list of apps:
- proftpd
- xntp3 w/patch (just keeps CAP_SYS_TIME, drops uid 0)
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMA
filter, the issue is explained there in a long, good and clear
fashion...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debi
filter, the issue is explained there in a long, good and clear
fashion...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Secu
easy
to change, but perhaps it's a start if you monitor the md5sums files as
well, or mark them readonly with LIDS, whatever...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]
easy
to change, but perhaps it's a start if you monitor the md5sums files as
well, or mark them readonly with LIDS, whatever...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED]
paragraph about netfilter/iptables as
well.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian:http://joker.rhwd.de/doc/Securing-Debian-HOWTO
ll paragraph about netfilter/iptables as
well.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
[EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian:http://jo
to use a small perl client/server modell with
Crypt::CBC and IDEA...
You could also wrap your ftpd into SSL or use a httpsd. There are dozens
of possibilites...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
ld be to use a small perl client/server modell with
Crypt::CBC and IDEA...
You could also wrap your ftpd into SSL or use a httpsd. There are dozens
of possibilites...
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6A
#x27;lsof -i' or 'fuser -n tcp 111' will tell you, it is the portmapper,
which is listening on that port (/sbin/portmap) usually. If you don't use
NFS you can turn it off without problems.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED]
#x27;lsof -i' or 'fuser -n tcp 111' will tell you, it is the portmapper,
which is listening on that port (/sbin/portmap) usually. If you don't use
NFS you can turn it off without problems.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd.de
[EMAIL PROTECTED]
ys.
Oh, and if someone volunteers to write a paragraph about
dpkg-statoverrides, I would not be the only one to be grateful I guess ;)
I don't have a working woody station at the moment so I am not able to
write something about it.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd
ys.
Oh, and if someone volunteers to write a paragraph about
dpkg-statoverrides, I would not be the only one to be grateful I guess ;)
I don't have a working woody station at the moment so I am not able to
write something about it.
MfG/Regards, Alexander
--
Alexander Reelsen http://joker.rhwd
Hi
On Thu, Nov 30, 2000 at 01:55:33PM -0500, Jacob Kuntz wrote:
> > I do not know if other developers are aware, but there is
> > a nice Security HOWTO available in
> > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by
> > Alexander Reelsen (which I am sendi
Hi
On Thu, Nov 30, 2000 at 01:55:33PM -0500, Jacob Kuntz wrote:
> > I do not know if other developers are aware, but there is
> > a nice Security HOWTO available in
> > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by
> > Alexander Reelsen (which I am sendi
45 matches
Mail list logo