Re: (no subject)

2002-06-25 Thread Kenneth Pronovici
On Tue, Jun 25, 2002 at 05:14:49PM -0400, [EMAIL PROTECTED] wrote: > Unable to log onto secure sites. > Followed http://pandor etc directions > Got an index of / ~kitamd/morzilla without the ability to download >apt-get update or >apt-get install mozilla > What can you suggest?

Re: IPtables log summary?

2002-04-25 Thread Kenneth Pronovici
> I've not used it, but in looking for another package (!) I found fwlogwatch: > > Description: Firewall log analyzer > fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and > Cisco PIX log summary reports in text and HTML form and has a lot of > options to find and display

IPtables log summary?

2002-04-25 Thread Kenneth Pronovici
I use logcheck right now to analyze my logs on an hourly basis. As it turns out, the iptables entries (about denied connections, etc.) are most of what's in the logcheck emails. This is a little tiring because a lot of the time, I don't do anything based on these entries. I know I sometimes miss

Re: IPtables log summary?

2002-04-25 Thread Kenneth Pronovici
> I've not used it, but in looking for another package (!) I found fwlogwatch: > > Description: Firewall log analyzer > fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and > Cisco PIX log summary reports in text and HTML form and has a lot of > options to find and display

IPtables log summary?

2002-04-25 Thread Kenneth Pronovici
I use logcheck right now to analyze my logs on an hourly basis. As it turns out, the iptables entries (about denied connections, etc.) are most of what's in the logcheck emails. This is a little tiring because a lot of the time, I don't do anything based on these entries. I know I sometimes mis

Re: failed ssh breakins on my exposed www box ..

2002-03-25 Thread Kenneth Pronovici
> Does this work? Going to civil court against a cracker? YES. It > comes down to: > > Do you have the time to wait for a result or lawsuit? > Do you know or have a lawyer that is net-smart or willing to learn? > Do you have the start-up money for the lawsuit? (at least > $1,000-$5000) Sorry to

Re: failed ssh breakins on my exposed www box ..

2002-03-25 Thread Kenneth Pronovici
> Does this work? Going to civil court against a cracker? YES. It > comes down to: > > Do you have the time to wait for a result or lawsuit? > Do you know or have a lawyer that is net-smart or willing to learn? > Do you have the start-up money for the lawsuit? (at least > $1,000-$5000) Sorry t

Re: Say, wheres 2.2.20?

2002-03-08 Thread Kenneth Pronovici
> Personally, I compile and install kernels by hand (i.e. make > menuconfig; make bzImage; make install) What's the advantage of using > make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on > development boxes. I used to make them by hand, too, but what I like about make-kpkg i

Re: Say, wheres 2.2.20?

2002-03-08 Thread Kenneth Pronovici
> Personally, I compile and install kernels by hand (i.e. make > menuconfig; make bzImage; make install) What's the advantage of using > make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on > development boxes. I used to make them by hand, too, but what I like about make-kpkg

Re: problems with ssh

2002-01-07 Thread Kenneth Pronovici
> i have problems with the ssh server.. > im trying to connect to a server via ssh but i dont want the server to ask > for the password. > how can i fix it? From 'man ssh' ssh implements the RSA authentication protocol automatically. The user creates his/her RSA key pair by running ssh-key

Re: problems with ssh

2002-01-07 Thread Kenneth Pronovici
> i have problems with the ssh server.. > im trying to connect to a server via ssh but i dont want the server to ask > for the password. > how can i fix it? From 'man ssh' ssh implements the RSA authentication protocol automatically. The user creates his/her RSA key pair by running ssh-ke

Interpreted Network Service?

2001-11-14 Thread Kenneth Pronovici
This might be a bit off topic...if it is, please take replies to me directly. Can anyone tell me if there is any reason, from a security standpoint, that one would not want to write a publicly-available network service in an interpreted language such as Python or Perl? Thanks... KEN -- Kenn

Interpreted Network Service?

2001-11-14 Thread Kenneth Pronovici
This might be a bit off topic...if it is, please take replies to me directly. Can anyone tell me if there is any reason, from a security standpoint, that one would not want to write a publicly-available network service in an interpreted language such as Python or Perl? Thanks... KEN -- Ken

Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!

2001-11-09 Thread Kenneth Pronovici
> > On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: > > > Wouldn't it just be better if the lists accepted mail from members > > > only, > > > > I have always thought so, but whenever that suggestion comes up on any of > > the debian lists it gets a pretty violent response. > > yeah I

Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!

2001-11-09 Thread Kenneth Pronovici
> > On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: > > > Wouldn't it just be better if the lists accepted mail from members > > > only, > > > > I have always thought so, but whenever that suggestion comes up on any of > > the debian lists it gets a pretty violent response. > > yeah

Re: FTP and security

2001-11-08 Thread Kenneth Pronovici
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > > Is there a decent Windows FTP application that supports sftp? > > Unfortunately, I have to use Windows at work. :/ > > cygwin includes openssh... and the sftp it has supports everything you > need. Or, try Putty: http://w

Re: FTP and security

2001-11-08 Thread Kenneth Pronovici
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > > Is there a decent Windows FTP application that supports sftp? Unfortunately, I >have to use Windows at work. :/ > > cygwin includes openssh... and the sftp it has supports everything you > need. Or, try Putty: http://www

Re: Strange auth.log entry

2001-11-08 Thread Kenneth Pronovici
> the **unknown* is due to if there is not a correct uid (number) match to a > username (your login name) in /etc/passwd. I only know this because of a bug > in the dialy server I use (connectd) which didn't for whatever reason collect > the correct uid for the user 'nobody'. Obviously somethi

Re: Strange auth.log entry

2001-11-08 Thread Kenneth Pronovici
> the **unknown* is due to if there is not a correct uid (number) match to a > username (your login name) in /etc/passwd. I only know this because of a bug > in the dialy server I use (connectd) which didn't for whatever reason collect > the correct uid for the user 'nobody'. Obviously someth

Re: AIDE database corrupt

2001-10-29 Thread Kenneth Pronovici
> My AIDE database keeps getting corrupt so that "aide --check" stops working. > I have to issue a "aide --init" to get it back. > Then after a couple of days the database will have gone corrupt again. > Anyone seen this behaviour before? I use AIDE under potato and woody. I recall that a while

Re: AIDE database corrupt

2001-10-29 Thread Kenneth Pronovici
> My AIDE database keeps getting corrupt so that "aide --check" stops working. > I have to issue a "aide --init" to get it back. > Then after a couple of days the database will have gone corrupt again. > Anyone seen this behaviour before? I use AIDE under potato and woody. I recall that a while

Re: BugTraq Kernel 2.2.19

2001-10-19 Thread Kenneth Pronovici
> Has anyone else noticed that the included exploit does not affect > 2.2.19? I tested it on one of my boxes and got the expected 'Operation > not permitted'. Maybe I'm misunderstanding the problem, but I thought > taht 2.2.19 took care of (well hindered) the ptrace problems. I can't make the pt

Re: BugTraq Kernel 2.2.19

2001-10-19 Thread Kenneth Pronovici
> i think Linus has already approved the patch. im not sure yet when will > it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. KEN

Re: BugTraq Kernel 2.2.19

2001-10-19 Thread Kenneth Pronovici
> Has anyone else noticed that the included exploit does not affect > 2.2.19? I tested it on one of my boxes and got the expected 'Operation > not permitted'. Maybe I'm misunderstanding the problem, but I thought > taht 2.2.19 took care of (well hindered) the ptrace problems. I can't make the p

Re: BugTraq Kernel 2.2.19

2001-10-19 Thread Kenneth Pronovici
> i think Linus has already approved the patch. im not sure yet when will > it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. KE

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> I have taken a look at the gatelogin source code and seems to be > pretty simple to change in order to use ssh instead of rlogin. Have you > tried it? I haven't done it, but I agree... that change should be pretty simple. I'm just a bit leery of putting my own (slightly-tested) code out o

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> I have taken a look at the gatelogin source code and seems to be > pretty simple to change in order to use ssh instead of rlogin. Have you > tried it? I haven't done it, but I agree... that change should be pretty simple. I'm just a bit leery of putting my own (slightly-tested) code out

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> Indeed, this gets you to one internal machine, but this is better than loggin > into your firewall isn't it? From your internal machine you can then get to > any other box you need to. Agreed, I can make it work this way if I need to... what I'm trying to emulate is a corporate gateway that I

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> If youre using ssh/telnet you can forward all packets from the external > interface incoming to port 22, etc. to the internal machines ip. Yep, that works if there's just one internal machine... but what if there's more than one? I end up with a separate port-forwarding rule and a separate port

Gateway Login

2001-10-17 Thread Kenneth Pronovici
I've been looking for a way to have my firewall act as a login gateway for my internal machines, i.e. be able to login as [EMAIL PROTECTED] in order to log into the internal machine rather than the firewall itself. A friend pointed this package out: http://www.stat.auckland.ac.nz/~blom001/gat

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> Indeed, this gets you to one internal machine, but this is better than loggin > into your firewall isn't it? From your internal machine you can then get to > any other box you need to. Agreed, I can make it work this way if I need to... what I'm trying to emulate is a corporate gateway that

Re: Gateway Login

2001-10-17 Thread Kenneth Pronovici
> If youre using ssh/telnet you can forward all packets from the external > interface incoming to port 22, etc. to the internal machines ip. Yep, that works if there's just one internal machine... but what if there's more than one? I end up with a separate port-forwarding rule and a separate por

Gateway Login

2001-10-17 Thread Kenneth Pronovici
I've been looking for a way to have my firewall act as a login gateway for my internal machines, i.e. be able to login as [EMAIL PROTECTED] in order to log into the internal machine rather than the firewall itself. A friend pointed this package out: http://www.stat.auckland.ac.nz/~blom001/ga

Re: firewall

2001-09-10 Thread Kenneth Pronovici
[snip] > Now only if there was as nifty a debian tool to make the package system > think that a particular package was installed, without actually having it > installed. Have you tried 'equiv' ?? You can build a dummy package to provide the capability that is required by other packages. I used

Re: firewall

2001-09-10 Thread Kenneth Pronovici
[snip] > Now only if there was as nifty a debian tool to make the package system > think that a particular package was installed, without actually having it > installed. Have you tried 'equiv' ?? You can build a dummy package to provide the capability that is required by other packages. I used

Re: apt-get issue(s)

2001-08-14 Thread Kenneth Pronovici
> do you use a proxy with lynx, if so you may need to use one with apt! Ah.. that got asked before privately; I should have posted a reply to the list. No, there's no proxy needed. KEN

Re: apt-get issue(s)

2001-08-14 Thread Kenneth Pronovici
> do you use a proxy with lynx, if so you may need to use one with apt! Ah.. that got asked before privately; I should have posted a reply to the list. No, there's no proxy needed. KEN -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PRO

Re: apt-get issue(s)

2001-08-14 Thread Kenneth Pronovici
> is ftp2.sourceforge.net a debian mirror? I got it off the mirrors list, and it looked like everything was sensible from checking with lynx. > deb http://ftp.de.debian.org/debian/ testing main non-free contrib > and an "apt-get update" > what´s the exact output? First, note that 'lynx http://ft

Re: apt-get issue(s)

2001-08-14 Thread Kenneth Pronovici
> is ftp2.sourceforge.net a debian mirror? I got it off the mirrors list, and it looked like everything was sensible from checking with lynx. > deb http://ftp.de.debian.org/debian/ testing main non-free contrib > and an "apt-get update" > what´s the exact output? First, note that 'lynx http://f

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> Hmm... > > Any logs about? /var/log/syslog? /var/log/messages? > are you able to "apt" another server? Is your apt installation fine or is > any file missing? > Try to fetch the aptdeb, purge your existing apt ("dpkg --force-depends > --purge apt), and reinstall it, to assure no file´s missi

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> Hmm... > > Any logs about? /var/log/syslog? /var/log/messages? > are you able to "apt" another server? Is your apt installation fine or is > any file missing? > Try to fetch the aptdeb, purge your existing apt ("dpkg --force-depends > --purge apt), and reinstall it, to assure no file´s miss

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> do you use any kind of firewall? In the network or local? Eventually a > configuration mistake in netfilterIs your specific machine allowed to > connect to debian.org? > can you ping 132.229.131.40? ping security.debian.org? > What does telnet security.debian.org 80 say? Yes, I'm using a firewal

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> >Err http://security.debian.org potato/updates/main Packages > > Could not connect to security.debian.org (132.229.131.40). > > > >My guess is that this was a temporary server or network >outage. I just did an apt-get update with this same source. >It hung and 99% the first

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> do you use any kind of firewall? In the network or local? Eventually a > configuration mistake in netfilterIs your specific machine allowed to > connect to debian.org? > can you ping 132.229.131.40? ping security.debian.org? > What does telnet security.debian.org 80 say? Yes, I'm using a firewa

Re: apt-get issue(s)

2001-08-13 Thread Kenneth Pronovici
> >Err http://security.debian.org potato/updates/main Packages > > Could not connect to security.debian.org (132.229.131.40). > > > >My guess is that this was a temporary server or network >outage. I just did an apt-get update with this same source. >It hung and 99% the first

apt-get issue(s)

2001-08-12 Thread Kenneth Pronovici
I'm cross-posting this to user and security, because there are really two (possibly-related) issues here. Feel free to take replies to just one list or the other. On my firewall (running potato), I have been using these apt sources.list entries: deb http://security.debian.org potato/updates

apt-get issue(s)

2001-08-12 Thread Kenneth Pronovici
I'm cross-posting this to user and security, because there are really two (possibly-related) issues here. Feel free to take replies to just one list or the other. On my firewall (running potato), I have been using these apt sources.list entries: deb http://security.debian.org potato/updates

Re: apt-get install apache (was "red worm amusement")

2001-07-23 Thread Kenneth Pronovici
> Yes, but when you're upgrading your existing packages, and the > dependencies have changed to such a degree to require *new* packages, > that almost always implies a major change, such as a stable -> testing > transition, not a security fix for a package in stable (which is what > security.debian

Re: apt-get install apache (was "red worm amusement")

2001-07-23 Thread Kenneth Pronovici
> Yes, but when you're upgrading your existing packages, and the > dependencies have changed to such a degree to require *new* packages, > that almost always implies a major change, such as a stable -> testing > transition, not a security fix for a package in stable (which is what > security.debia

Re: apt-get install apache (was "red worm amusement")

2001-07-22 Thread Kenneth Pronovici
> > If you're upgrading for > > security and bug fixes, you use upgrade. In michael's defense, take this entry from the apt-get mapage: dist-upgrade dist-upgrade, in addition to performing the func­ tion of upgrade, also intelligently handles chang­

Re: apt-get install apache (was "red worm amusement")

2001-07-22 Thread Kenneth Pronovici
> > If you're upgrading for > > security and bug fixes, you use upgrade. In michael's defense, take this entry from the apt-get mapage: dist-upgrade dist-upgrade, in addition to performing the func­ tion of upgrade, also intelligently handles chang­

Security Feedback - Backup Process?

2001-07-16 Thread Kenneth Pronovici
I realize this is a little off-topic for this list, but based on some of the other discussions that I've followed over the last month, I'm hopeful that I might be able to get some feedback from some of you, either on the list or privately. Basically, what I'm looking for is a security-based critiq

Security Feedback - Backup Process?

2001-07-16 Thread Kenneth Pronovici
I realize this is a little off-topic for this list, but based on some of the other discussions that I've followed over the last month, I'm hopeful that I might be able to get some feedback from some of you, either on the list or privately. Basically, what I'm looking for is a security-based criti

Re: sshd port config and security

2001-04-07 Thread Kenneth Pronovici
> Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if > your firewall administrator tries to encourage telnet and block ssh... Personally, I think this is more a case of the administrator just wanting to open "standard" services... and ssh isn't considered "standard". Most o

Re: sshd port config and security

2001-04-07 Thread Kenneth Pronovici
> Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if > your firewall administrator tries to encourage telnet and block ssh... Personally, I think this is more a case of the administrator just wanting to open "standard" services... and ssh isn't considered "standard". Most

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> If they root your box, they could mess with your gpg keyring and/or binary. > They could just spew out fake emails that say the thing was checked, and > even spin the floppy disk in case you were watching to make sure it was > doing a "real" check. OK, I give up. ;-) > You can't use a poss

RE: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> Ok with that said, how feasable is it for a cracker to install their > rootkit, and mimic the checksummed files to match the contents of the > floppy? Wouldn't he/she just have to unmount the exising floppy drive, > remount it to his/her pseudo check sums? > > I'm probably missing the howto deta

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> If they root your box, they could mess with your gpg keyring and/or binary. > They could just spew out fake emails that say the thing was checked, and > even spin the floppy disk in case you were watching to make sure it was > doing a "real" check. OK, I give up. ;-) > You can't use a pos

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> You remount it, or you umount it and change the read/write tab on the > actual floppy? Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus the disk's tab is moved to the RO position. I agree... I wouldn't feel comfortable or safe if the floppy was just mounted RO. KEN -- K

RE: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> Ok with that said, how feasable is it for a cracker to install their > rootkit, and mimic the checksummed files to match the contents of the > floppy? Wouldn't he/she just have to unmount the exising floppy drive, > remount it to his/her pseudo check sums? > > I'm probably missing the howto det

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> Of course. I'd have to burn a CDROM or something. But it's something > I've been meaning to find out about, just in case... I have a CD-R drive, but I don't use it for AIDE. Instead, I keep my (otherwise-unused) floppy drive with an AIDE floppy in it always mounted as read-only. When I need

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> You remount it, or you umount it and change the read/write tab on the > actual floppy? Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus the disk's tab is moved to the RO position. I agree... I wouldn't feel comfortable or safe if the floppy was just mounted RO. KEN --

Re: MD5 sums of individual files?

2001-03-29 Thread Kenneth Pronovici
> Of course. I'd have to burn a CDROM or something. But it's something > I've been meaning to find out about, just in case... I have a CD-R drive, but I don't use it for AIDE. Instead, I keep my (otherwise-unused) floppy drive with an AIDE floppy in it always mounted as read-only. When I need

Re: Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
> Use proftpd. It supports anonymous users and users that have /bin/false as > shell in the /etc/passwd which makes logins via ssh/telnet impossible. This is exactly what I needed. I gave the user a /bin/false shell, and then in /etc/proftp.conf, I added an anonymous section for that user such th

Re: Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
> you can change user's shell to /dev/null Well... it doesn't look like I can log in via telnet or FTP without a valid login shell. I tried that with various entries other than /dev/null ... KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/

Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
Hello - I'm not sure exactly where to look for this information, so if I should RTFM, just point me toward the right one. I have a situation where I've volunteered to host a few webpages for some users. They're at a university and are having problems getting timely access to their organizationa

Re: Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
> Use proftpd. It supports anonymous users and users that have /bin/false as > shell in the /etc/passwd which makes logins via ssh/telnet impossible. This is exactly what I needed. I gave the user a /bin/false shell, and then in /etc/proftp.conf, I added an anonymous section for that user such t

Re: Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
> you can change user's shell to /dev/null Well... it doesn't look like I can log in via telnet or FTP without a valid login shell. I tried that with various entries other than /dev/null ... KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic

Allow FTP in, but not shell login

2001-03-13 Thread Kenneth Pronovici
Hello - I'm not sure exactly where to look for this information, so if I should RTFM, just point me toward the right one. I have a situation where I've volunteered to host a few webpages for some users. They're at a university and are having problems getting timely access to their organization

Re: Debian or Linux 7???

2001-02-19 Thread Kenneth Pronovici
> It might be more secure, because the packages chosen for distribution or > often more tested - not the latest versions with brand new bugs but > (somewhat) older packages with known bugs removed. I would also have to add: I find it easier to keep Debian secure because it is easier to get and ins

Re: Debian or Linux 7???

2001-02-19 Thread Kenneth Pronovici
> It might be more secure, because the packages chosen for distribution or > often more tested - not the latest versions with brand new bugs but > (somewhat) older packages with known bugs removed. I would also have to add: I find it easier to keep Debian secure because it is easier to get and in