Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security

On 10/02/02, Lazarus Long wrote: > On Sat, Jan 26, 2002 at 12:25:08PM +, Matthew Vernon wrote: > > Lazarus Long writes: > > > Introduces security hole by divulging too much information to an > > > attacker about the underlying system. > > The rationale behind this, is that there are man

Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security

On 10/02/02, Lazarus Long wrote: > On Sat, Jan 26, 2002 at 12:25:08PM +, Matthew Vernon wrote: > > Lazarus Long writes: > > > Introduces security hole by divulging too much information to an > > > attacker about the underlying system. > > The rationale behind this, is that there are ma

Re: Don't panic (ssh)

On 14/01/02, [EMAIL PROTECTED] wrote: > AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus > you need to use SSH2 protocol. OpenSSH supports SSH2. You need > different keys though, as SSH2 so far does not support RSA keypairs > and needs DSA keys. OpenSSH supports both, RSA and

Re: Don't panic (ssh)

On 14/01/02, [EMAIL PROTECTED] wrote: > AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus > you need to use SSH2 protocol. OpenSSH supports SSH2. You need > different keys though, as SSH2 so far does not support RSA keypairs > and needs DSA keys. OpenSSH supports both, RSA and

Re: Secure wu-ftpd for Testing?

On 30/11/01, David Ehle wrote: > Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker. Not so far. But calling a software where the source and the fix are available, so that you can build a fixed version on your own is inappropriate. Especially if you are using Win98 and Netscape, both

Re: Secure wu-ftpd for Testing?

On 30/11/01, David Ehle wrote: > Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker. Not so far. But calling a software where the source and the fix are available, so that you can build a fixed version on your own is inappropriate. Especially if you are using Win98 and Netscape, bot

Re: [OT] resctrict ssh to localnet for some users but not for others.

On 27/11/01, martin f krafft wrote: > * op <[EMAIL PROTECTED]> [2001.11.27 10:23:57+0100]: > > I specify the users in /ets/ssh/sshd_config who are allowed to connect via > > ssh. But I'd like some more control. I'd like to control which subnets user > > x > > can connect from. Some should be al

Re: [OT] resctrict ssh to localnet for some users but not for others.

On 27/11/01, martin f krafft wrote: > * op <[EMAIL PROTECTED]> [2001.11.27 10:23:57+0100]: > > I specify the users in /ets/ssh/sshd_config who are allowed to connect via > > ssh. But I'd like some more control. I'd like to control which subnets user x > > can connect from. Some should be allowe

Re: [off-topic?] Chrooting ssh/telnet users?

On 29/10/01, Emmanuel Lacour wrote: > On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > What about a package ssh-chroot in debian? I think the pam module is > more interesting as it can be aplied to other thinks, but I tried it and > was unable to make it working (I'm not a pam mast

Re: [off-topic?] Chrooting ssh/telnet users?

On 29/10/01, Emmanuel Lacour wrote: > On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > What about a package ssh-chroot in debian? I think the pam module is > more interesting as it can be aplied to other thinks, but I tried it and > was unable to make it working (I'm not a pam mas

Re: [off-topic?] Chrooting ssh/telnet users?

On 26/10/01, Javier Fernández-Sanguino Peña wrote: > The problem is, how can an admin restrict remote access from a given user > (through telnet and/or sshd) in order to limit his "moves" inside the > operating system. [...] > AFAIK, pam only allows to limit some user accesses (cores, memory > limi

Re: [off-topic?] Chrooting ssh/telnet users?

On 26/10/01, Javier Fernández-Sanguino Peña wrote: > The problem is, how can an admin restrict remote access from a given user > (through telnet and/or sshd) in order to limit his "moves" inside the > operating system. [...] > AFAIK, pam only allows to limit some user accesses (cores, memory > lim

Re: Does Debian need to enforce a better Security policy for packages?

On 23/10/01, Michael Robinson wrote: > On Tue, Oct 23, 2001 at 09:55:04AM +0200, Christian Kurz wrote: > > Do you know how difficult and time-consuming it really is to do a manual > > source code audit? Also the available programs for source code audits > > can only give you h

Re: Does Debian need to enforce a better Security policy for packages?

On 23/10/01, Michael Robinson wrote: > On Tue, Oct 23, 2001 at 09:55:04AM +0200, Christian Kurz wrote: > > Do you know how difficult and time-consuming it really is to do a manual > > source code audit? Also the available programs for source code audits > > can only give you

Re: Does Debian need to enforce a better Security policy for packages?

On 23/10/01, Javier Fernández-Sanguino Peña wrote: > On Mon, Oct 22, 2001 at 09:31:38PM +0200, Christian Kurz wrote: > > What does security policies for building a debian package exactly have > > to do with securing a debian box? System administrator reading this > > docume

Re: Does Debian need to enforce a better Security policy for packages?

On 23/10/01, Javier Fernández-Sanguino Peña wrote: > On Mon, Oct 22, 2001 at 09:31:38PM +0200, Christian Kurz wrote: > > What does security policies for building a debian package exactly have > > to do with securing a debian box? System administrator reading this > > docume

Re: Does Debian need to enforce a better Security policy for packages?

On 22/10/01, Javier Fernández-Sanguino Peña wrote: > I am looking into the security policies outlined for package > building, in order to include some notes regarding them in the section > "How does Debian handle security" in the "Securing Debian Manual" > (http://www.debian.org/doc/ddp) Wh

Re: Does Debian need to enforce a better Security policy for packages?

On 22/10/01, Javier Fernández-Sanguino Peña wrote: > I am looking into the security policies outlined for package > building, in order to include some notes regarding them in the section > "How does Debian handle security" in the "Securing Debian Manual" > (http://www.debian.org/doc/ddp) W

Re: Is ident secure?

On 01-08-31 Martin F Krafft wrote: > also sprach Christian Kurz (on Fri, 31 Aug 2001 10:12:31AM +0200): > > > honest question: whose business is the name of a user who initiated a > > > connection??? > > It can be some sort of help if you have a system with lots of

Re: Is ident secure?

On 01-08-31 Martin F Krafft wrote: > also sprach Christian Kurz (on Fri, 31 Aug 2001 10:12:31AM +0200): > > > honest question: whose business is the name of a user who initiated a > > > connection??? > > It can be some sort of help if you have a system with lots of

Re: Is ident secure?

On 01-08-30 Brian P. Flaherty wrote: > I have had a lot of problems running non-Debian software when I > disable ident. It seems like the licensing daemons expect to find What the hell is a licensing daemon? And which package contains this software in debian? May I suggest that you first start re

Re: Is ident secure?

On 01-08-31 Martin F Krafft wrote: > On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote: > > I was checking my firewall logs and have detected lots of TCP/113 dropped > > packets. Checking /etc/services I realized it was ident traffic. What do > > you think about such service? Should I

Re: Is ident secure?

On 01-08-30 Brian P. Flaherty wrote: > I have had a lot of problems running non-Debian software when I > disable ident. It seems like the licensing daemons expect to find What the hell is a licensing daemon? And which package contains this software in debian? May I suggest that you first start r

Re: Is ident secure?

On 01-08-31 Martin F Krafft wrote: > On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote: > > I was checking my firewall logs and have detected lots of TCP/113 dropped > > packets. Checking /etc/services I realized it was ident traffic. What do > > you think about such service? Should

Re: New security packages available

On 01-08-26 Javier Fernández-Sanguino Peña wrote: > - New integrity checkers (currently tripwire and aide were available): > integrit and samhain You know that integrit is already packaged for debian? Package: integrit Priority: optional Section: admin Installed-Size: 509 Maintainer: Andras Bali

Re: New security packages available

On 01-08-26 Javier Fernández-Sanguino Peña wrote: > - New integrity checkers (currently tripwire and aide were available): > integrit and samhain You know that integrit is already packaged for debian? Package: integrit Priority: optional Section: admin Installed-Size: 509 Maintainer: Andras Bal

Re: Mutt and inline gpg

On 01-08-09 Martin Domig wrote: > On Thu, Aug 09, 2001 at 08:03:15PM +1000, Matt Hope wrote: > [...] > > : When my friends (2 differnt ones, one of which is planning to switch > > : to mutt) get the mails, they get it in an attachment, have to save it > > : and decode it manually (apparently kmail

Re: Mutt and inline gpg

On 01-08-09 Martin Domig wrote: > On Thu, Aug 09, 2001 at 08:03:15PM +1000, Matt Hope wrote: > [...] > > : When my friends (2 differnt ones, one of which is planning to switch > > : to mutt) get the mails, they get it in an attachment, have to save it > > : and decode it manually (apparently kmail

Re: pop3

On 01-07-30 Andrew Sione Taumoefolau wrote: > > I've you are using vim use: > > set textwidth=72 > > in your .vimrc to wrap te lines to a max of 72 char. > Probably better not to do it that way, unless you're okay with Vim > wrapping ALL documents you edit with it at 72 characters. I've got a li

Re: pop3

On 01-07-30 Andrew Sione Taumoefolau wrote: > > I've you are using vim use: > > set textwidth=72 > > in your .vimrc to wrap te lines to a max of 72 char. > Probably better not to do it that way, unless you're okay with Vim > wrapping ALL documents you edit with it at 72 characters. I've got a l

Re: gnupg problem

On 01-06-18 Thomas Bushnell, BSG wrote: > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. Would you please check the next time either your box running unstable or packages

Re: gnupg problem

On 01-06-18 Thomas Bushnell, BSG wrote: > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. Would you please check the next time either your box running unstable or package

Re: Debian audititing tool?

On 00-12-27 Peter Palfrader wrote: > On Wed, 27 Dec 2000, Christian Kurz wrote: > > On 00-12-27 David Wright wrote: > > > Quoting Christian Kurz ([EMAIL PROTECTED]): > > > > [ Stop sending me unnecessary Ccs.] > > > | Date: Tue, 26 Dec 2000 16:02:30 +0100

Re: Debian audititing tool?

On 00-12-27 David Wright wrote: > Quoting Christian Kurz ([EMAIL PROTECTED]): > > [ Stop sending me unnecessary Ccs.] > | Date: Tue, 26 Dec 2000 16:02:30 +0100 > | From: Christian Kurz <[EMAIL PROTECTED]> > | To: debian-security@lists.debian.org > | Subject:

Re: Debian audititing tool?

On 00-12-27 Peter Palfrader wrote: > On Wed, 27 Dec 2000, Christian Kurz wrote: > > On 00-12-27 David Wright wrote: > > > Quoting Christian Kurz ([EMAIL PROTECTED]): > > > > [ Stop sending me unnecessary Ccs.] > > > | Date: Tue, 26 Dec 2000 16:02:30 +0100

Re: Debian audititing tool?

On 00-12-27 David Wright wrote: > Quoting Christian Kurz ([EMAIL PROTECTED]): > > [ Stop sending me unnecessary Ccs.] > | Date: Tue, 26 Dec 2000 16:02:30 +0100 > | From: Christian Kurz <[EMAIL PROTECTED]> > | To: [EMAIL PROTECTED] > | Subject: Re: Debian auditi

Re: Debian audititing tool?

On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > > Debsums seems to help a little bit - you can expect to catch some > > > less-clueful > > > intruders with it, but it doesn't help in general. > > > > debs

Re: Debian audititing tool?

On 00-12-26 Peter Cordes wrote: > have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't > a real break against MD5. It means that you can find two messages that hash > to the same value. To do so, you _have_ to choose both messages yourself. > If one of the messages is /bin/

Re: Debian audititing tool?

On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > > Debsums seems to help a little bit - you can expect to catch some less-clueful > > > intruders with it, but it doesn't help in general. > > > > debsums just uses md5s

Re: Debian audititing tool?

On 00-12-26 Peter Cordes wrote: > have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't > a real break against MD5. It means that you can find two messages that hash > to the same value. To do so, you _have_ to choose both messages yourself. > If one of the messages is /bin

Re: Debian audititing tool?

On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > [ Stop sending me unnecessary Ccs.] > Start thinking about getting a decent mail client. My client is so decent, that it support a pure list-reply-function. Looks like your client is miss

Re: Debian audititing tool?

[ Stop sending me unnecessary Ccs.] On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > > Debsums seems to help a little bit - you can expect to catch some > > > less-clueful intruders with it, but it doesn't help in general. &g

Re: Debian audititing tool?

On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > [ Stop sending me unnecessary Ccs.] > Start thinking about getting a decent mail client. My client is so decent, that it support a pure list-reply-function. Looks like your client is miss

Re: Debian audititing tool?

[ Stop sending me unnecessary Ccs.] On 00-12-26 Rainer Weikusat wrote: > Christian Kurz <[EMAIL PROTECTED]> writes: > > > Debsums seems to help a little bit - you can expect to catch some > > > less-clueful intruders with it, but it doesn't help in general. &g

Re: Debian audititing tool?

On 00-12-21 Peter Cordes wrote: > On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote: > > On 00-12-21 Dan Hutchinson wrote: > > > Sorry it was fornesics, but the code is basically matching the machine > > > code, a unique pattern of 1's and 0

Re: Debian audititing tool?

On 00-12-21 Peter Cordes wrote: > On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote: > > On 00-12-21 Dan Hutchinson wrote: > > > Sorry it was fornesics, but the code is basically matching the machine > > > code, a unique pattern of 1's and 0

Re: Debian audititing tool?

On 00-12-21 Colin Phipps wrote: > On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote: > > [ Would you please stop those Ccs to me?] > If you don't want CC's then fix your mail headers: > Mail-Followup-To: Christian Kurz <[EMAIL PROTECTED]>, > debi

Re: Debian audititing tool?

On 00-12-21 Colin Phipps wrote: > On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote: > > [ Would you please stop those Ccs to me?] > If you don't want CC's then fix your mail headers: > Mail-Followup-To: Christian Kurz <[EMAIL PROTECTED]>, >[E

Re: Debian audititing tool?

[ Would you please stop those Ccs to me?] On 00-12-21 Colin Phipps wrote: > On Thu, Dec 21, 2000 at 03:30:25PM +0100, Christian Kurz wrote: > > > > > Hence my comment. "Less-clueful" intruders won't modify > > > > > /var/lib/dpkg/info/p

Re: Debian audititing tool?

On 00-12-21 Dan Hutchinson wrote: > Sorry it was fornesics, but the code is basically matching the machine > code, a unique pattern of 1's and 0's to the machine code of the kernal. Well, but then you need to know all patterns of malicous code that could occur. I think this will be a lot of patter

Re: Debian audititing tool?

On 00-12-22 Peter Eckersley wrote: > On Thu, Dec 21, 2000 at 02:33:32PM +0100, Christian Kurz wrote: > > > My suggested alternative is a system which knows about official Debian > > > packages, and will register that change as simply "installed/upgraded > > > pac

Re: Debian audititing tool?

On 00-12-22 Peter Eckersley wrote: > On Thu, Dec 21, 2000 at 01:39:19PM +0100, Christian Kurz wrote: > > On 00-12-21 Peter Eckersley wrote: > > > Basically, I started reading the tripwire documentation, stopped, and > > > thought "Debian ought to make this *much

Re: Debian audititing tool?

On 00-12-21 Dan Hutchinson wrote: > I would agree with your comments except the scan of the Linux Kernel. Thanks. :) > You can use computer fornesics to scan the kernal against familiar trojan > and virus patterns realitively quickly and at least identify problem Hm, you know that some parts ar

Re: Debian audititing tool?

[ Would you please stop those Ccs to me?] On 00-12-21 Colin Phipps wrote: > On Thu, Dec 21, 2000 at 03:30:25PM +0100, Christian Kurz wrote: > > > > > Hence my comment. "Less-clueful" intruders won't modify > > > > > /var/lib/dpkg/info/p

Re: Debian audititing tool?

On 00-12-21 Peter Eckersley wrote: > Basically, I started reading the tripwire documentation, stopped, and > thought "Debian ought to make this *much* simpler". It seemed that if I > wanted to use tripwire, I'd need to tell it every time I was installing > a new package. I'd then need to update a

Re: Debian audititing tool?

On 00-12-21 Dan Hutchinson wrote: > Sorry it was fornesics, but the code is basically matching the machine > code, a unique pattern of 1's and 0's to the machine code of the kernal. Well, but then you need to know all patterns of malicous code that could occur. I think this will be a lot of patte

Re: Debian audititing tool?

On 00-12-22 Peter Eckersley wrote: > On Thu, Dec 21, 2000 at 02:33:32PM +0100, Christian Kurz wrote: > > > My suggested alternative is a system which knows about official Debian > > > packages, and will register that change as simply "installed/upgraded > > >

Re: Debian audititing tool?

On 00-12-22 Peter Eckersley wrote: > On Thu, Dec 21, 2000 at 01:39:19PM +0100, Christian Kurz wrote: > > On 00-12-21 Peter Eckersley wrote: > > > Basically, I started reading the tripwire documentation, stopped, and > > > thought "Debian ought to make this *much

Re: Debian audititing tool?

On 00-12-21 Dan Hutchinson wrote: > I would agree with your comments except the scan of the Linux Kernel. Thanks. :) > You can use computer fornesics to scan the kernal against familiar trojan > and virus patterns realitively quickly and at least identify problem Hm, you know that some parts a

Re: Debian audititing tool?

On 00-12-21 Peter Eckersley wrote: > Basically, I started reading the tripwire documentation, stopped, and > thought "Debian ought to make this *much* simpler". It seemed that if I > wanted to use tripwire, I'd need to tell it every time I was installing > a new package. I'd then need to update

Re: questions on ident, postfix & proftp

On 00-12-17 Kevin van Haaren wrote: > Ident questions > > Going through the Securing Debian HOW-TO I don't see a specific > mention either for or against running the ident service (either > through inetd or standalone.) Is there a consensus about if this > service is particularly u

Re: questions on ident, postfix & proftp

On 00-12-17 Kevin van Haaren wrote: > Ident questions > > Going through the Securing Debian HOW-TO I don't see a specific > mention either for or against running the ident service (either > through inetd or standalone.) Is there a consensus about if this > service is particularly

Re: Debian Security-HOWTO

On 00-12-05 Javier Fernandez-Sanguino Peña wrote: > Christian Kurz escribió: > > On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > > > Christian Kurz escribió: > > > > > > > > > > > > > I have checked it out and would really like to

Re: Debian Security-HOWTO

On 00-12-05 Javier Fernandez-Sanguino Peña wrote: > Christian Kurz escribió: > > On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > > > Christian Kurz escribió: > > > > > > > > > > > > > I have checked it out and would really lik

Re: Debian Security-HOWTO

[Please do not send me Ccs, I read the list where I'm posting to. If not I explicitly state this at the beginnning of my mail.] On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > Christian Kurz escribió: > > > > > > > I have checked it out and would real

Re: What should a Debian-security metapackage should provide?

On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > (I'm taking this out of the previous thread) > I've been giving some thought on a Debian metapackage related to > security.. and I think that it might be useful to have a package > that : Do we really need to discuss this again

Re: Debian Security-HOWTO

[Please do not send me Ccs, I read the list where I'm posting to. If not I explicitly state this at the beginnning of my mail.] On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > Christian Kurz escribió: > > > > > > > I have checked it out and would real

Re: What should a Debian-security metapackage should provide?

On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > (I'm taking this out of the previous thread) > I've been giving some thought on a Debian metapackage related to > security.. and I think that it might be useful to have a package > that : Do we really need to discuss this agai

Re: Debian Security-HOWTO

On 00-12-02 Wichert Akkerman wrote: > Previously Christian Kurz wrote: > > How long is dpkg-statoverries available for debian? > Couple of weeks. There is also the slight fact that the currently > shipped version is subtly broken :(. It's still cool though! Well, from readin

Re: Debian Security-HOWTO

On 00-12-02 Wichert Akkerman wrote: > Previously Christian Kurz wrote: > > How long is dpkg-statoverries available for debian? > Couple of weeks. There is also the slight fact that the currently > shipped version is subtly broken :(. It's still cool though! Well, from r

Re: Debian Security-HOWTO

On 00-12-01 Wichert Akkerman wrote: > Previously Javier Fernandez-Sanguino Pe?a wrote: > > I do not know if other developers are aware, but there is a nice > > Security HOWTO available in > > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander > > Reelsen (which I am sending this t

Re: Debian Security-HOWTO

On 00-12-01 Wichert Akkerman wrote: > Previously Javier Fernandez-Sanguino Pe?a wrote: > > I do not know if other developers are aware, but there is a nice > > Security HOWTO available in > > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander > > Reelsen (which I am sending this

Re: Debian Security-HOWTO

On 00-11-30 Javier Fernandez-Sanguino Peña wrote: > I do not know if other developers are aware, but there is a nice > Security HOWTO available in > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander > Reelsen (which I am sending this to in case he is not o

Re: Debian Security-HOWTO

On 00-11-30 Javier Fernandez-Sanguino Peña wrote: > I do not know if other developers are aware, but there is a nice > Security HOWTO available in > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander > Reelsen (which I am sending this to in case he is not

Re: task-unstable-security-updates?

On 00-11-19 Mike Fisk wrote: [big snip] > Is that possible? Would the security team be willing to maintain such a > pseudo-package? Something very close to this kind of task package has been discussed recently on debian-devel and we come to the conclusion that it won't be helpful or easy to maint

Re: task-unstable-security-updates?

On 00-11-19 Mike Fisk wrote: [big snip] > Is that possible? Would the security team be willing to maintain such a > pseudo-package? Something very close to this kind of task package has been discussed recently on debian-devel and we come to the conclusion that it won't be helpful or easy to main

Re: scan debian packages for security vulnerabilitys big time

On 00-11-07 Andreas Schuldei wrote: > * Christian Kurz ([EMAIL PROTECTED]) [001107 00:03]: > > [Changed Reply-To to point to the right list] > Not so sure about that. I do NOT want the security issues to be an issue for > the super advanced/paranoid/freaked-out-ones/security-awar

Re: scan debian packages for security vulnerabilitys big time

On 00-11-07 Andreas Schuldei wrote: > * Christian Kurz ([EMAIL PROTECTED]) [001107 00:03]: > > [Changed Reply-To to point to the right list] > Not so sure about that. I do NOT want the security issues to be an issue for > the super advanced/paranoid/freaked-out-ones/security-awar

Re: log permissions

On 00-11-03 Ian wrote: > There are too many to list, but here are some: > -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire Maybe some logfile of tripwire? I don't know it's content so I can't make a judgement about it's security risk. > -rw-r--r--1 root root10152 N

Re: log permissions

On 00-11-03 Ian wrote: > There are too many to list, but here are some: > -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire Maybe some logfile of tripwire? I don't know it's content so I can't make a judgement about it's security risk. > -rw-r--r--1 root root10152

Re: trusted debian and echo

re is > this discussed? I think it has something to do with RSBAC (Rule Set Based Acces Control). You can find more information about this on www.rsbac.org Ciao Christian -- **** * Christian Kurz Debian De