Re: [OT] named logs

On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote: Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN This is odd. Is /etc/bind/named.root configured correctly? It may be that named.conf isn't pointing to the right named.root file since you're running in a chroot.

Re: [OT] named logs

On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote: Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN This is odd. Is /etc/bind/named.root configured correctly? It may be that named.conf isn't pointing to the right named.root file since you're running in a chroot.

Re: export problems on security updates?

On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote: My understanding is that the law restricts U.S. citizens from exporting certain types of cryptographic software. As a non-US national, I believe you have a moral responsibility to thumb your nose at US law. At this point, the US

Re: export problems on security updates?

On Wed, Oct 09, 2002 at 10:21:31PM +0200, Alberto Cort?s wrote: In other words, is http://security.debian.org/ located outside the US?. Where have you been for the past year? Cryptographic software is legal to export from US Debian mirrors and has been integrated into the main archive. The

Re: export problems on security updates?

On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote: My understanding is that the law restricts U.S. citizens from exporting certain types of cryptographic software. As a non-US national, I believe you have a moral responsibility to thumb your nose at US law. At this point, the US

Re: postfix in qmail out proftpd in pureftpd

On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote: In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail... My offer still stands. Nobody has found any security holes in qmail. snip it s because we can read on

Re: Block 198.175 admins? who are they?

On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote: Are you sure that they portscanned you and not someone faking that IP? There'd have to be one *seriously* misconfigured router out there to allow such a thing to work. Otherwise, they'd never get the results of their portscan back.

Re: Block 198.175 admins? who are they?

On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote: Are you sure that they portscanned you and not someone faking that IP? There'd have to be one *seriously* misconfigured router out there to allow such a thing to work. Otherwise, they'd never get the results of their portscan back.

Re: SSL update.. still giving me a Vulnerable status

On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote: After updating libssl09 to the latest stable (0.9.4-6.woody.2) version. And running the openssl-sslv2-master script from (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php) The test program is being

Re: SSL update.. still giving me a Vulnerable status

On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote: After updating libssl09 to the latest stable (0.9.4-6.woody.2) version. And running the openssl-sslv2-master script from (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php) The test program is being

Re: OpenSSL and Potato a request for clarificiation

On Sun, Sep 15, 2002 at 12:42:04PM +0100, John Winters wrote: Can anyone clarify this please? Have the relevant fixes from openssl 0.9.6e been back-ported into openssl-0.9.6c-0.potato.2? The problem is that potato has more than one version of openssl. The security team had to package OpenSSL

Re: Fwd: bugtraq.c httpd apache ssl attack

On Sat, Sep 14, 2002 at 07:24:06PM +0200, Michael Renzmann wrote: One thing that makes me wonder: after I wrote my first few lines about the attack on the rlx blade server that we experienced, someone gave a correct hint to the worm (describing it with some of its actions), and also

Re: Fwd: bugtraq.c httpd apache ssl attack

On Sat, Sep 14, 2002 at 07:46:03PM +0200, Guille -bisho- wrote: I have seen two Debian machines exploited with the -d version of openssl, denoted by the the files: /tmp/.bugtraq.c /tmp/.uubugtraq That's not surprising. OpenSSL 0.9.6d is vulnerable. However, in woody we have

Re: Fwd: bugtraq.c httpd apache ssl attack

On Sat, Sep 14, 2002 at 08:00:15PM +0200, Guille -bisho- wrote: In 3 dias, about 1500 diferent IP address tried to contact my machine at UDP port 2002. Fortunally i have iptables configured. That's interesting. I haven't seen any traffic to udp port 2002 in the past couple of days at all.

Re: Fwd: bugtraq.c httpd apache ssl attack

On Sat, Sep 14, 2002 at 08:14:56PM +0200, Michael Renzmann wrote: Any idea about the outgoing connections to port 80? We noticed that the bugtraq-process systematically tries to connect to port 80 in an ip block, and it keeps trying and trying, incrementing the ip addresses by one per step

Re: IPSec VPN

On Sun, Aug 11, 2002 at 05:40:15PM +0200, Jens Hafner wrote: directly connected to the Internet (e.g. by a dialup connection). Things start to break as soon as I connect the laptop to my private network (192.168.0.0/24) whose default gateway is a debian (woody, kernel 2.2.19) box. I configured

Re: To test a OpenSSH trojaned server

On Mon, Aug 05, 2002 at 07:40:36PM +0300, Halil Demirezen wrote: Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? Remember that the trojan only exists during the build process. The ssh server

Re: PGP

On Mon, Aug 05, 2002 at 01:06:03PM -0500, Daniel Rychlik wrote: In pgp, how do I upload my public key to a key server? Ive read the documentation on it and I cannot seem to find a way to do it. --send-keys [names] Same as --export but sends the keys to a key?

Re: PGP

On Mon, Aug 05, 2002 at 01:19:45PM -0500, Daniel Rychlik wrote: must have missed that one. I am sorry for giving an RTFM-style answer. I didn't think anybody was still using PGP. Is there a specific reason you need it instead of gpg? pgp can't upload to keyservers on its own. Take a look

Re: Security update of libpng[23]

an apt-get update apt-get upgrade -dy today brought me new libpng[23]-Packages from security.debian.org for woody/stable, but I can't find an advisory for them. What changes were made? The advisory was DSA 140-1. If it's not on the web site, it will be. You should subscribe to

Re: Support for Potato

On Wed, Jul 24, 2002 at 01:24:51PM -0400, Desai, Jason wrote: Does anybody know how long Debian will officially be supporting Potato and providing security updates for it? We haven't yet announced anything officially. We do want to continue to support it for a longer time than we supported

Re: Support for Potato

On Thu, Jul 25, 2002 at 08:54:17AM +0900, Howland, Curtis wrote: I can't upgrade, it would require restarting and that would blow my record on necraft.com Why would you need to restart? Today I wanted to upgrade a busy server (busy with apache proftp). I put apache proftp on hold in

Re: utilisateur backup

On Fri, Jul 19, 2002 at 03:58:18PM +0200, Mathias Palm wrote: - Can I safely give an SSH key to my backup user without any passphrase so that it could be automated via cron ? I'd say, the security is that of your original account then. Say there are the computers A and B, where

Re: Good Day

On Mon, Jul 01, 2002 at 09:55:57PM -0700, Rafael wrote: Assuming the spam came from 213.181.64.226 it would be very easy to reject it based on the fact that there is no RR in DNS for that IP. I don't agree with the policy of rejecting mail due to a lack of a reverse DNS entry. However,

Re: Good Day

On Tue, Jul 02, 2002 at 03:30:52PM +0100, Tim Haynes wrote: Given that rfc-ignorant lists *.uk for not having contact info, would you like to refine that to `shite idea'? That's in the whois.rfc-ignorant.org blacklist. That's not the list I was talking about. And it is not rfc-ignorant's

Re: Good Day

On Mon, Jul 01, 2002 at 03:07:37PM +0200, Olle Hedman wrote: At 08:25 2002-01-07, Mr.Muyiwa Ige wrote: [a load of bullshit] If anyone wonders what that mail was, read here: http://www.snopes.com/inboxer/scams/nigeria.htm And forward it to [EMAIL PROTECTED], with full headers intact, of

Re: More SSH Fun (X11 forwarding)

On Mon, Jul 01, 2002 at 01:24:34PM -0700, Anne Carasik wrote: However, when I try to launch an xterm, I get either: can't open DISPLAY Are you explicitly asking for X11 forwarding on the client's command line (-X)? Or the display is set to server:10.0. That is normal. That's what it should

Re: More SSH Fun (X11 forwarding)

On Mon, Jul 01, 2002 at 01:48:31PM -0700, Anne Carasik wrote: So, if I force X11 with the -X (even though my ssh_config on the client is set to X11Forwarding yes), I get this: Get what? You don't have UseLogin set in sshd_config, do you? noah --

Re: Ssh not upgraded when doing apt-get upgrade?

On Thu, Jun 27, 2002 at 07:35:21PM -0400, Moti Levy wrote: this line in /etc/apt/sources.list did it for me ... deb http://security.debian.org testing/updates main contrib non-free You should probably use 'woody', not 'testing'. After all, testing doesn't normally get security updates. Once

Re: Ssh not upgraded when doing apt-get upgrade?

On Thu, Jun 27, 2002 at 04:55:31PM -0700, Tom Dominico wrote: When woody goes stable, though, I want to move on to whatever testing is at that point. That's why I had been using testing in my sources.list rather than explicitly saying woody; I thought it would make it easier to stay current.

Re: DSA-134-1

On Tue, Jun 25, 2002 at 11:58:13PM +0200, James Nord wrote: In which case you just need a local exploit to go with your remote exploit. A local exploit that can be run by a non-root user in an empty chroot. Those are considerably harder to come by than the standard local exploit. Are any

Re: DSA-134-1

On Tue, Jun 25, 2002 at 06:01:36PM -0400, Noah L. Meyerhans wrote: A local exploit that can be run by a non-root user in an empty chroot. Oh, and I forgot to mention that non-root user does not have write permissions on the chroot. There's really not much you can do with such an environment

Re: Quality of security assurance with Debian vs. RedHat vs. SuSE

On Tue, Jun 11, 2002 at 07:20:50PM -0400, Jeff Bonner wrote: I am certainly not in a position to say which is more secure, but this reminded me of a flap that arose over a list of vulnerabilities posted by platform, etc on SecurityFocus: http://securityfocus.com/vulns/stats.shtml I'm not

Re: Forum for security-review of code?

On Mon, Jun 10, 2002 at 12:14:34AM +0100, Karl E. Jorgensen wrote: Can anybody suggest a suitable forum/mailing list to ask for help on this? At one point (a year ago? more?) somebody suggested creating debian-codereview to provide exactly such a forum. I don't remember who it was, but they

Re: Uh-oh. Cracked allready. I think...

On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote: Security patches go into stable first. Sid/unstable is generally upgraded pretty promptly too. They're working on a system (AFAIK) to allow security patches to be fast tracked into testing. Not to be fast tracked in to testing.

Re: Uh-oh. Cracked allready. I think...

On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote: Security patches go into stable first. Sid/unstable is generally upgraded pretty promptly too. They're working on a system (AFAIK) to allow security patches to be fast tracked into testing. Not to be fast tracked in to testing. To

Re: syn flood attacked?

On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote: IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to /etc/network/options. after making this change, what service must I restart to make the change take effect? None, the changes are in kernel space. Just make

Re: syn flood attacked?

On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote: IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to /etc/network/options. after making this change, what service must I restart to make the change take effect? None, the changes are in kernel space. Just make

Re: force to use SSH2

On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote: Which is the best way to ensure that clients will connect using ssh2 and not ssh1? How can I avoid the use of ssh1? RTFM. See in particular sshd(8). See in particular the following: Protocol Specifies the

Re: force to use SSH2

On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote: Which is the best way to ensure that clients will connect using ssh2 and not ssh1? How can I avoid the use of ssh1? RTFM. See in particular sshd(8). See in particular the following: Protocol Specifies the

Re: possible hole in mozilla et al

On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote: http://sec.greymagic.com/adv/gm001-ns/ It claims to affect 0.9.7+ but on 1.0 all it does is crashing my browser. That bug was fixed in the version of mozilla from sid, but *not* woody. Woody appears vulnerable and had probably

Re: Why is there a prompt for a root shell when the default linux kernel boots?

On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. This is what I was thinking at

Re: Services using Ports 1 6

On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name raw0 0 0.0.0.0:1 0.0.0.0:* 7 - raw0 0

Re: Services using Ports 1 6

On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name raw0 0 0.0.0.0:1 0.0.0.0:* 7 - raw0 0

Re: fswcert

On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote: the fswcert tool, which is used to extract private key from certificate was before in freeswan package. I was not able to find it in 1.95 version of freeswan. Anyone knows why it has been removed ??? Because it's no longer

Re: fswcert

On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote: the fswcert tool, which is used to extract private key from certificate was before in freeswan package. I was not able to find it in 1.95 version of freeswan. Anyone knows why it has been removed ??? Because it's no longer

Re: OpenSSH 3.1

On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote: Debian usually patches the (security) bug, without going straight to the new upstream release, but only upgrading the package number That's only the case with stable. In unstable, there is no reason not to go straight to the new

Re: OpenSSH 3.1

On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote: Debian usually patches the (security) bug, without going straight to the new upstream release, but only upgrading the package number That's only the case with stable. In unstable, there is no reason not to go straight to the new

Re: A question about some network services

On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote: Yikes! I guess, you didn't remove inetd that way, right? But how then? As root: /etc/init.d/inetd stop rm /etc/rc?.d/S??inetd It will not be started again, but the K??inetd links will still be in place so the next upgrade won't

Re: A question about some network services

On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote: Yikes! I guess, you didn't remove inetd that way, right? But how then? As root: /etc/init.d/inetd stop rm /etc/rc?.d/S??inetd It will not be started again, but the K??inetd links will still be in place so the next upgrade won't

Re: A question about some network services

On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote: Well, daytime spits out the time of day, time is for NTP, and I'm not sure what discard is used for. No, NTP does not use the time port. It uses port 123 (ntp in /etc/services). Discard is the network equivalent of /dev/null

Re: A question about some network services

On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote: Well, daytime spits out the time of day, time is for NTP, and I'm not sure what discard is used for. No, NTP does not use the time port. It uses port 123 (ntp in /etc/services). Discard is the network equivalent of /dev/null The

Re: scp and ftp

On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote: concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did,

Re: scp and ftp

On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote: concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did,

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Sure, but this particular attempt

Re: Unusual logging

On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote: What seems odd to me is the the yyy IP is originating from such a low port (3) which means the system is most likely not unix or windows (or at least not standard apps), unless using some specific application. Anyone know of one

Re: Unusual logging

On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote: What seems odd to me is the the yyy IP is originating from such a low port (3) which means the system is most likely not unix or windows (or at least not standard apps), unless using some specific application. Anyone know of one

Re: Purpose of this list

On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote: Pardon my ignorance, but I was under the impression that this list is only about official Security Announcements for Debian(DSA), and not a general discussion on security. Am I on the wrong list or did I read the list

Re: SNMP problems published by Schneier/Counterpane

On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote: Has anyone else heard of this SNMP problem? Are we up to date with the security fixes on stable, etc? That's ancient history. The fix was released on Feb. 14. noah -- ___ |

Re: Purpose of this list

On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote: Pardon my ignorance, but I was under the impression that this list is only about official Security Announcements for Debian(DSA), and not a general discussion on security. Am I on the wrong list or did I read the list

Re: SNMP problems published by Schneier/Counterpane

On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote: Has anyone else heard of this SNMP problem? Are we up to date with the security fixes on stable, etc? That's ancient history. The fix was released on Feb. 14. noah -- ___ |

Re: wierd connection attempt

On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote: I thought class C networks were non-routable. I think you're confused. First of all I think you're confused as to what a class C network is, and second of all I think you're confused as to what networks are non-routable and what it

Re: udp port 32794

On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote: i'm wondering what this could be. Is it a known exploit, or just a new P2P software like gnutella/kaza/etc ? It is traceroute. -- ___ | Web: http://web.morgul.net/~frodo/ | PGP

Re: wierd connection attempt

On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote: I thought class C networks were non-routable. I think you're confused. First of all I think you're confused as to what a class C network is, and second of all I think you're confused as to what networks are non-routable and what it

Re: udp port 32794

On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote: i'm wondering what this could be. Is it a known exploit, or just a new P2P software like gnutella/kaza/etc ? It is traceroute. -- ___ | Web: http://web.morgul.net/~frodo/ | PGP

Re: ssh channel bug and woody update

On Sat, Mar 09, 2002 at 09:06:09AM +0800, Patrick Hsieh wrote: I just apt-get update but seems ssh version 3.0.2p1-8 is not in the non-US archive. That is to be expected and it is exactly why we tell people not to use testing if you care about security. It takes some time for a package to

Re: proftp DoS in debian stable?

On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote: potato version is not exploitable (patched with a backported hack many months ago). See old DSA on www.debian.org. No, it is still vulnerable. I have confirmed for myself that the fix applied in the DSA did not

Re: proftp DoS in debian stable?

On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote: glibc has been patched for glob problems too. There is a not too old thread about the same subject... I am very well aware of that, however the fixes are clearly not effective as proftpd is still vulnerable. I have

Re: Say, wheres 2.2.20?

On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote: Say, stable doesn't seem to have 2.2.20 available to it yet, and yet that's supposed to be the most stable 2.2.* kernel out according to (I think it was the HOWTO on E-Infomax I read it, but they're down right now) a howto I was

Re: proftp DoS in debian stable?

On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote: potato version is not exploitable (patched with a backported hack many months ago). See old DSA on www.debian.org. No, it is still vulnerable. I have confirmed for myself that the fix applied in the DSA did not

Re: proftp DoS in debian stable?

On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote: glibc has been patched for glob problems too. There is a not too old thread about the same subject... I am very well aware of that, however the fixes are clearly not effective as proftpd is still vulnerable. I have

Re: Say, wheres 2.2.20?

On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote: Say, stable doesn't seem to have 2.2.20 available to it yet, and yet that's supposed to be the most stable 2.2.* kernel out according to (I think it was the HOWTO on E-Infomax I read it, but they're down right now) a howto I was

Re: log analyze applications

On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote: Are there any tools which are smarter, faster and cleaner as my combination of log analyze apps. ? I saw a presentation at the LISA sysadmin conference a couple years ago about something called SHARP, the syslog heuristic analysis and

Re: log analyze applications

On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote: Are there any tools which are smarter, faster and cleaner as my combination of log analyze apps. ? I saw a presentation at the LISA sysadmin conference a couple years ago about something called SHARP, the syslog heuristic analysis and

Re: Linux box as an IPsec router

On Wed, Jan 23, 2002 at 09:02:05AM +0100, Olsen Gerhard-Just wrote: Hi I'm investigating the possibility to use Linux box as an IPsec router. I want to be able to connect win clients to a LAN over the internet using IPsec. there is a win2k server set up with IPsec. Has any one any experience

Re: root's home world readable

On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote: Why has Debian choosen to let users access root's home ? Why not? Debian doesn't put any sensitive files there. In fact, it doesn't put anything notable there at all. Let me say I chmod 0700 /root, will I encounter any problems through

Re: root's home world readable

On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote: There is at least one package in Debian that requires you to put sensitive information in /root. The mysql server package needs you to have a .my.cnf in the /root if you want the logs to rotate. The my.cnf contains the clear

Re: root's home world readable

On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote: Is there any reason you can't just chmod 0600 /root/.my.cnf, in that case? Clearly there are individual files that you don't want world-readable, but that's true for normal users' home dirs as well. Why do you want folks to be

Re: root's home world readable

On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote: Why has Debian choosen to let users access root's home ? Why not? Debian doesn't put any sensitive files there. In fact, it doesn't put anything notable there at all. Let me say I chmod 0700 /root, will I encounter any problems through

Re: root's home world readable

On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote: There is at least one package in Debian that requires you to put sensitive information in /root. The mysql server package needs you to have a .my.cnf in the /root if you want the logs to rotate. The my.cnf contains the clear

Re: root's home world readable

On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote: Is there any reason you can't just chmod 0600 /root/.my.cnf, in that case? Clearly there are individual files that you don't want world-readable, but that's true for normal users' home dirs as well. Why do you want folks to be

Re: ping6

On Thu, Jan 17, 2002 at 08:56:01PM +0100, Répási Tibor wrote: What is /bin/ping6 ??? Is it normal that /bin/ping and /bin/ping6 has setuid to root? Ping6 is the IPv6 version of ping. It is normal that they have setuid turned on. Othwerise, non-root users can not open the ICMP socket

Re: Detecting break-ins

On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote: Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it provides a false sense of information. ippl is unversatile, the filter language is too simple to allow complex operations. I tend to agree with your

Re: Re: How do I disable (close) ports?

On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of

Re: Detecting break-ins

On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote: Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it provides a false sense of information. ippl is unversatile, the filter language is too simple to allow complex operations. I tend to agree with your

Re: Re: How do I disable (close) ports?

On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of

Re: Detecting break-ins

On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote: Then there are more exotic stuff. High port UDP attampts, connection to port 113 etc. High port UDP stuff is often just traceroutes. 113 is normal, as many servers will attempt an auth lookup when you access them. Now the logs

Re: udp 32768

On Tue, Jan 15, 2002 at 03:45:59PM -0600, Jeff Teitel wrote: mail:# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign AddressState udp0 0 *:32768 *:* What is this, and should I be worried? Add

Re: Detecting break-ins

On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote: Then there are more exotic stuff. High port UDP attampts, connection to port 113 etc. High port UDP stuff is often just traceroutes. 113 is normal, as many servers will attempt an auth lookup when you access them. Now the logs

Re: Debian security being trashed in Linux Today comments

On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote: So perhaps Debian security is only as good as the package maintainers? I'm sure most maintainers do care and do investigate bugs I probably just had a bad experience. That is the case in unstable and testing, but not stable. That

Re: Asking for documentation help (Re: IPSec questions...)

On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there.

Re: Asking for documentation help (Re: IPSec questions...)

On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. Even if it's *just* writing docs for the community? A lot of people don't seem to realize it, but that's one of the most

Re: Debian security being trashed in Linux Today comments

On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote: So perhaps Debian security is only as good as the package maintainers? I'm sure most maintainers do care and do investigate bugs I probably just had a bad experience. That is the case in unstable and testing, but not stable. That

Re: Asking for documentation help (Re: IPSec questions...)

On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there.

Re: Asking for documentation help (Re: IPSec questions...)

On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. Even if it's *just* writing docs for the community? A lot of people don't seem to realize it, but that's one of the most

Re: I've been hacked by DevilSoul

On Fri, Jan 11, 2002 at 05:04:53PM +, Ricardo B wrote: He can be loaded as a kernel module and then hide all traces of its presence in the system, by overriding the proper system calls and /proc info. Isn't there a way to turn module loading off (a way that can't be chagend back -

Re: I've been hacked by DevilSoul

On Fri, Jan 11, 2002 at 10:25:03PM +0100, martin f krafft wrote: i doubt that a kernel module can override the linux kernel filesystem abstraction layer. but i guess it could be possible. Oh, it certainly can! knark is a perfect example of a kernel module to do just this. (knark is

Re: I've been hacked by DevilSoul

On Fri, Jan 11, 2002 at 05:04:53PM +, Ricardo B wrote: He can be loaded as a kernel module and then hide all traces of its presence in the system, by overriding the proper system calls and /proc info. Isn't there a way to turn module loading off (a way that can't be chagend back - without

Re: I've been hacked by DevilSoul

On Fri, Jan 11, 2002 at 10:25:03PM +0100, martin f krafft wrote: i doubt that a kernel module can override the linux kernel filesystem abstraction layer. but i guess it could be possible. Oh, it certainly can! knark is a perfect example of a kernel module to do just this. (knark is

Re: List guidelines(was: Re: problems with ssh)

On Mon, Jan 07, 2002 at 05:38:07PM -0500, David B Harris wrote: I'm pretty new to the list. Is this sort of question generally the type that's discussed on this list? Well, we usually hope that the users do their homework (i.e. RTFM) before asking questions with such well documented

<    1   2   3   >