On Tue, Jun 25, 2002 at 05:14:49PM -0400, [EMAIL PROTECTED] wrote:
> Unable to log onto secure sites.
> Followed http://pandor etc directions
> Got an index of / ~kitamd/morzilla without the ability to download
>apt-get update or
>apt-get install mozilla
> What can you suggest?
> I've not used it, but in looking for another package (!) I found fwlogwatch:
>
> Description: Firewall log analyzer
> fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
> Cisco PIX log summary reports in text and HTML form and has a lot of
> options to find and display
I use logcheck right now to analyze my logs on an hourly basis. As it
turns out, the iptables entries (about denied connections, etc.) are
most of what's in the logcheck emails. This is a little tiring because
a lot of the time, I don't do anything based on these entries. I know
I sometimes miss
> I've not used it, but in looking for another package (!) I found fwlogwatch:
>
> Description: Firewall log analyzer
> fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
> Cisco PIX log summary reports in text and HTML form and has a lot of
> options to find and display
I use logcheck right now to analyze my logs on an hourly basis. As it
turns out, the iptables entries (about denied connections, etc.) are
most of what's in the logcheck emails. This is a little tiring because
a lot of the time, I don't do anything based on these entries. I know
I sometimes mis
> Does this work? Going to civil court against a cracker? YES. It
> comes down to:
>
> Do you have the time to wait for a result or lawsuit?
> Do you know or have a lawyer that is net-smart or willing to learn?
> Do you have the start-up money for the lawsuit? (at least
> $1,000-$5000)
Sorry to
> Does this work? Going to civil court against a cracker? YES. It
> comes down to:
>
> Do you have the time to wait for a result or lawsuit?
> Do you know or have a lawyer that is net-smart or willing to learn?
> Do you have the start-up money for the lawsuit? (at least
> $1,000-$5000)
Sorry t
> Personally, I compile and install kernels by hand (i.e. make
> menuconfig; make bzImage; make install) What's the advantage of using
> make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on
> development boxes.
I used to make them by hand, too, but what I like about make-kpkg i
> Personally, I compile and install kernels by hand (i.e. make
> menuconfig; make bzImage; make install) What's the advantage of using
> make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on
> development boxes.
I used to make them by hand, too, but what I like about make-kpkg
> i have problems with the ssh server..
> im trying to connect to a server via ssh but i dont want the server to ask
> for the password.
> how can i fix it?
From 'man ssh'
ssh implements the RSA authentication protocol automatically.
The user creates his/her RSA key pair by running ssh-key
> i have problems with the ssh server..
> im trying to connect to a server via ssh but i dont want the server to ask
> for the password.
> how can i fix it?
From 'man ssh'
ssh implements the RSA authentication protocol automatically.
The user creates his/her RSA key pair by running ssh-ke
This might be a bit off topic...if it is, please take replies to me
directly.
Can anyone tell me if there is any reason, from a security standpoint,
that one would not want to write a publicly-available network service
in an interpreted language such as Python or Perl?
Thanks...
KEN
--
Kenn
This might be a bit off topic...if it is, please take replies to me
directly.
Can anyone tell me if there is any reason, from a security standpoint,
that one would not want to write a publicly-available network service
in an interpreted language such as Python or Perl?
Thanks...
KEN
--
Ken
> > On Friday 09 November 2001 17:46 pm, Robert Davidson wrote:
> > > Wouldn't it just be better if the lists accepted mail from members
> > > only,
> >
> > I have always thought so, but whenever that suggestion comes up on any of
> > the debian lists it gets a pretty violent response.
>
> yeah I
> > On Friday 09 November 2001 17:46 pm, Robert Davidson wrote:
> > > Wouldn't it just be better if the lists accepted mail from members
> > > only,
> >
> > I have always thought so, but whenever that suggestion comes up on any of
> > the debian lists it gets a pretty violent response.
>
> yeah
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote:
> > Is there a decent Windows FTP application that supports sftp?
> > Unfortunately, I have to use Windows at work. :/
>
> cygwin includes openssh... and the sftp it has supports everything you
> need.
Or, try Putty:
http://w
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote:
> > Is there a decent Windows FTP application that supports sftp? Unfortunately, I
>have to use Windows at work. :/
>
> cygwin includes openssh... and the sftp it has supports everything you
> need.
Or, try Putty:
http://www
> the **unknown* is due to if there is not a correct uid (number) match to a
> username (your login name) in /etc/passwd. I only know this because of a bug
> in the dialy server I use (connectd) which didn't for whatever reason collect
> the correct uid for the user 'nobody'. Obviously somethi
> the **unknown* is due to if there is not a correct uid (number) match to a
> username (your login name) in /etc/passwd. I only know this because of a bug
> in the dialy server I use (connectd) which didn't for whatever reason collect
> the correct uid for the user 'nobody'. Obviously someth
> My AIDE database keeps getting corrupt so that "aide --check" stops working.
> I have to issue a "aide --init" to get it back.
> Then after a couple of days the database will have gone corrupt again.
> Anyone seen this behaviour before?
I use AIDE under potato and woody.
I recall that a while
> My AIDE database keeps getting corrupt so that "aide --check" stops working.
> I have to issue a "aide --init" to get it back.
> Then after a couple of days the database will have gone corrupt again.
> Anyone seen this behaviour before?
I use AIDE under potato and woody.
I recall that a while
> Has anyone else noticed that the included exploit does not affect
> 2.2.19? I tested it on one of my boxes and got the expected 'Operation
> not permitted'. Maybe I'm misunderstanding the problem, but I thought
> taht 2.2.19 took care of (well hindered) the ptrace problems.
I can't make the pt
> i think Linus has already approved the patch. im not sure yet when will
> it arrive though..
Yes, the email linked to by that /. posting :
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
has attached to it the Linus-blessed 2.2.19 patch.
KEN
> Has anyone else noticed that the included exploit does not affect
> 2.2.19? I tested it on one of my boxes and got the expected 'Operation
> not permitted'. Maybe I'm misunderstanding the problem, but I thought
> taht 2.2.19 took care of (well hindered) the ptrace problems.
I can't make the p
> i think Linus has already approved the patch. im not sure yet when will
> it arrive though..
Yes, the email linked to by that /. posting :
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
has attached to it the Linus-blessed 2.2.19 patch.
KE
> I have taken a look at the gatelogin source code and seems to be
> pretty simple to change in order to use ssh instead of rlogin. Have you
> tried it?
I haven't done it, but I agree... that change should be pretty simple.
I'm just a bit leery of putting my own (slightly-tested) code out o
> I have taken a look at the gatelogin source code and seems to be
> pretty simple to change in order to use ssh instead of rlogin. Have you
> tried it?
I haven't done it, but I agree... that change should be pretty simple.
I'm just a bit leery of putting my own (slightly-tested) code out
> Indeed, this gets you to one internal machine, but this is better than loggin
> into your firewall isn't it? From your internal machine you can then get to
> any other box you need to.
Agreed, I can make it work this way if I need to... what I'm trying to emulate
is a corporate gateway that I
> If youre using ssh/telnet you can forward all packets from the external
> interface incoming to port 22, etc. to the internal machines ip.
Yep, that works if there's just one internal machine... but what if there's
more than one? I end up with a separate port-forwarding rule and a separate
port
I've been looking for a way to have my firewall act as a login gateway
for my internal machines, i.e. be able to login as [EMAIL PROTECTED]
in order to log into the internal machine rather than the firewall itself.
A friend pointed this package out:
http://www.stat.auckland.ac.nz/~blom001/gat
> Indeed, this gets you to one internal machine, but this is better than loggin
> into your firewall isn't it? From your internal machine you can then get to
> any other box you need to.
Agreed, I can make it work this way if I need to... what I'm trying to emulate
is a corporate gateway that
> If youre using ssh/telnet you can forward all packets from the external
> interface incoming to port 22, etc. to the internal machines ip.
Yep, that works if there's just one internal machine... but what if there's
more than one? I end up with a separate port-forwarding rule and a separate
por
I've been looking for a way to have my firewall act as a login gateway
for my internal machines, i.e. be able to login as [EMAIL PROTECTED]
in order to log into the internal machine rather than the firewall itself.
A friend pointed this package out:
http://www.stat.auckland.ac.nz/~blom001/ga
[snip]
> Now only if there was as nifty a debian tool to make the package system
> think that a particular package was installed, without actually having it
> installed.
Have you tried 'equiv' ?? You can build a dummy package to provide the
capability that is required by other packages. I used
[snip]
> Now only if there was as nifty a debian tool to make the package system
> think that a particular package was installed, without actually having it
> installed.
Have you tried 'equiv' ?? You can build a dummy package to provide the
capability that is required by other packages. I used
> do you use a proxy with lynx, if so you may need to use one with apt!
Ah.. that got asked before privately; I should have posted a reply to
the list. No, there's no proxy needed.
KEN
> do you use a proxy with lynx, if so you may need to use one with apt!
Ah.. that got asked before privately; I should have posted a reply to
the list. No, there's no proxy needed.
KEN
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PRO
> is ftp2.sourceforge.net a debian mirror?
I got it off the mirrors list, and it looked like everything was sensible
from checking with lynx.
> deb http://ftp.de.debian.org/debian/ testing main non-free contrib
> and an "apt-get update"
> what´s the exact output?
First, note that 'lynx http://ft
> is ftp2.sourceforge.net a debian mirror?
I got it off the mirrors list, and it looked like everything was sensible
from checking with lynx.
> deb http://ftp.de.debian.org/debian/ testing main non-free contrib
> and an "apt-get update"
> what´s the exact output?
First, note that 'lynx http://f
> Hmm...
>
> Any logs about? /var/log/syslog? /var/log/messages?
> are you able to "apt" another server? Is your apt installation fine or is
> any file missing?
> Try to fetch the aptdeb, purge your existing apt ("dpkg --force-depends
> --purge apt), and reinstall it, to assure no file´s missi
> Hmm...
>
> Any logs about? /var/log/syslog? /var/log/messages?
> are you able to "apt" another server? Is your apt installation fine or is
> any file missing?
> Try to fetch the aptdeb, purge your existing apt ("dpkg --force-depends
> --purge apt), and reinstall it, to assure no file´s miss
> do you use any kind of firewall? In the network or local? Eventually a
> configuration mistake in netfilterIs your specific machine allowed to
> connect to debian.org?
> can you ping 132.229.131.40? ping security.debian.org?
> What does telnet security.debian.org 80 say?
Yes, I'm using a firewal
> >Err http://security.debian.org potato/updates/main Packages
> > Could not connect to security.debian.org (132.229.131.40).
> >
>
>My guess is that this was a temporary server or network
>outage. I just did an apt-get update with this same source.
>It hung and 99% the first
> do you use any kind of firewall? In the network or local? Eventually a
> configuration mistake in netfilterIs your specific machine allowed to
> connect to debian.org?
> can you ping 132.229.131.40? ping security.debian.org?
> What does telnet security.debian.org 80 say?
Yes, I'm using a firewa
> >Err http://security.debian.org potato/updates/main Packages
> > Could not connect to security.debian.org (132.229.131.40).
> >
>
>My guess is that this was a temporary server or network
>outage. I just did an apt-get update with this same source.
>It hung and 99% the first
I'm cross-posting this to user and security, because there are really two
(possibly-related) issues here. Feel free to take replies to just one list
or the other.
On my firewall (running potato), I have been using these apt sources.list
entries:
deb http://security.debian.org potato/updates
I'm cross-posting this to user and security, because there are really two
(possibly-related) issues here. Feel free to take replies to just one list
or the other.
On my firewall (running potato), I have been using these apt sources.list
entries:
deb http://security.debian.org potato/updates
> Yes, but when you're upgrading your existing packages, and the
> dependencies have changed to such a degree to require *new* packages,
> that almost always implies a major change, such as a stable -> testing
> transition, not a security fix for a package in stable (which is what
> security.debian
> Yes, but when you're upgrading your existing packages, and the
> dependencies have changed to such a degree to require *new* packages,
> that almost always implies a major change, such as a stable -> testing
> transition, not a security fix for a package in stable (which is what
> security.debia
> > If you're upgrading for
> > security and bug fixes, you use upgrade.
In michael's defense, take this entry from the apt-get mapage:
dist-upgrade
dist-upgrade, in addition to performing the func
tion of upgrade, also intelligently handles chang
> > If you're upgrading for
> > security and bug fixes, you use upgrade.
In michael's defense, take this entry from the apt-get mapage:
dist-upgrade
dist-upgrade, in addition to performing the func
tion of upgrade, also intelligently handles chang
I realize this is a little off-topic for this list, but based on some of the
other discussions that I've followed over the last month, I'm hopeful that I
might be able to get some feedback from some of you, either on the list or
privately.
Basically, what I'm looking for is a security-based critiq
I realize this is a little off-topic for this list, but based on some of the
other discussions that I've followed over the last month, I'm hopeful that I
might be able to get some feedback from some of you, either on the list or
privately.
Basically, what I'm looking for is a security-based criti
> Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if
> your firewall administrator tries to encourage telnet and block ssh...
Personally, I think this is more a case of the administrator just wanting
to open "standard" services... and ssh isn't considered "standard". Most
o
> Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if
> your firewall administrator tries to encourage telnet and block ssh...
Personally, I think this is more a case of the administrator just wanting
to open "standard" services... and ssh isn't considered "standard". Most
> If they root your box, they could mess with your gpg keyring and/or binary.
> They could just spew out fake emails that say the thing was checked, and
> even spin the floppy disk in case you were watching to make sure it was
> doing a "real" check.
OK, I give up. ;-)
> You can't use a poss
> Ok with that said, how feasable is it for a cracker to install their
> rootkit, and mimic the checksummed files to match the contents of the
> floppy? Wouldn't he/she just have to unmount the exising floppy drive,
> remount it to his/her pseudo check sums?
>
> I'm probably missing the howto deta
> If they root your box, they could mess with your gpg keyring and/or binary.
> They could just spew out fake emails that say the thing was checked, and
> even spin the floppy disk in case you were watching to make sure it was
> doing a "real" check.
OK, I give up. ;-)
> You can't use a pos
> You remount it, or you umount it and change the read/write tab on the
> actual floppy?
Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus
the disk's tab is moved to the RO position. I agree... I wouldn't feel
comfortable or safe if the floppy was just mounted RO.
KEN
--
K
> Ok with that said, how feasable is it for a cracker to install their
> rootkit, and mimic the checksummed files to match the contents of the
> floppy? Wouldn't he/she just have to unmount the exising floppy drive,
> remount it to his/her pseudo check sums?
>
> I'm probably missing the howto det
> Of course. I'd have to burn a CDROM or something. But it's something
> I've been meaning to find out about, just in case...
I have a CD-R drive, but I don't use it for AIDE. Instead, I keep my
(otherwise-unused) floppy drive with an AIDE floppy in it always mounted
as read-only. When I need
> You remount it, or you umount it and change the read/write tab on the
> actual floppy?
Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus
the disk's tab is moved to the RO position. I agree... I wouldn't feel
comfortable or safe if the floppy was just mounted RO.
KEN
--
> Of course. I'd have to burn a CDROM or something. But it's something
> I've been meaning to find out about, just in case...
I have a CD-R drive, but I don't use it for AIDE. Instead, I keep my
(otherwise-unused) floppy drive with an AIDE floppy in it always mounted
as read-only. When I need
> Use proftpd. It supports anonymous users and users that have /bin/false as
> shell in the /etc/passwd which makes logins via ssh/telnet impossible.
This is exactly what I needed. I gave the user a /bin/false shell, and
then in /etc/proftp.conf, I added an anonymous section for that user
such th
> you can change user's shell to /dev/null
Well... it doesn't look like I can log in via telnet or FTP without
a valid login shell. I tried that with various entries other than
/dev/null ...
KEN
--
Kenneth J. Pronovici <[EMAIL PROTECTED]>
Personal Homepage: http://www.skyjammer.com/~pronovic/
Hello -
I'm not sure exactly where to look for this information, so if I should
RTFM, just point me toward the right one.
I have a situation where I've volunteered to host a few webpages for
some users. They're at a university and are having problems getting timely
access to their organizationa
> Use proftpd. It supports anonymous users and users that have /bin/false as
> shell in the /etc/passwd which makes logins via ssh/telnet impossible.
This is exactly what I needed. I gave the user a /bin/false shell, and
then in /etc/proftp.conf, I added an anonymous section for that user
such t
> you can change user's shell to /dev/null
Well... it doesn't look like I can log in via telnet or FTP without
a valid login shell. I tried that with various entries other than
/dev/null ...
KEN
--
Kenneth J. Pronovici <[EMAIL PROTECTED]>
Personal Homepage: http://www.skyjammer.com/~pronovic
Hello -
I'm not sure exactly where to look for this information, so if I should
RTFM, just point me toward the right one.
I have a situation where I've volunteered to host a few webpages for
some users. They're at a university and are having problems getting timely
access to their organization
> It might be more secure, because the packages chosen for distribution or
> often more tested - not the latest versions with brand new bugs but
> (somewhat) older packages with known bugs removed.
I would also have to add: I find it easier to keep Debian secure because
it is easier to get and ins
> It might be more secure, because the packages chosen for distribution or
> often more tested - not the latest versions with brand new bugs but
> (somewhat) older packages with known bugs removed.
I would also have to add: I find it easier to keep Debian secure because
it is easier to get and in
71 matches
Mail list logo
