On 01/30/2012 05:55 AM, Dominic Hargreaves wrote:
> On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote:
>> Moritz Mühlenhoff schrieb:
>>> Hi,
>>> the changes needed to secure Tomcat against the recent hash collision
>>> attack are large and instrusive. That's why we decided to updat
On Thu, 13 Feb 2003, gabe wrote:
> I would like to know what ppl think is the best package for monitor
> servers, at my last work place they were installing "mon". In my new
> job they use Nagios, which I'm not to sure about due to the fact that
> installation / configuration goes wrong. Most im
On Thu, 13 Feb 2003, gabe wrote:
> I would like to know what ppl think is the best package for monitor
> servers, at my last work place they were installing "mon". In my new
> job they use Nagios, which I'm not to sure about due to the fact that
> installation / configuration goes wrong. Most im
A simple way to do this is to have separate DNS servers serving the same
zones, one for the "outside" and one for the "inside." When Internet
systems do an MX query for your mail domain(s), they get the address of
your Debian SMTP gateway. Your gateway box should use the inside DNS
system for que
A simple way to do this is to have separate DNS servers serving the same
zones, one for the "outside" and one for the "inside." When Internet
systems do an MX query for your mail domain(s), they get the address of
your Debian SMTP gateway. Your gateway box should use the inside DNS
system for qu
On Sun, 12 May 2002, Mike Renfro wrote:
> On Sun, May 12, 2002 at 04:30:00AM +0200, NN_il_Confusionario wrote:
>
> > does solaris have fuser or lsof ?
>
> Don't know about Solaris 2.6, but lsof compiled fine under 2.8
There are prebuilt pkgadd files of lsof for Solaris 2.6 available at
http://www
On Sun, 12 May 2002, Mike Renfro wrote:
> On Sun, May 12, 2002 at 04:30:00AM +0200, NN_il_Confusionario wrote:
>
> > does solaris have fuser or lsof ?
>
> Don't know about Solaris 2.6, but lsof compiled fine under 2.8
There are prebuilt pkgadd files of lsof for Solaris 2.6 available at
http://ww
Hi Mike,
this isn't exactly a debian-security answer (but then again, I'm not sure
that you've posed a debian-security question), but my recommendation is to
use the apt-proxy package on "server" machine (you can even use
apt-proxy-import to build your proxying "mirror" using the files you've
alre
Hi Mike,
this isn't exactly a debian-security answer (but then again, I'm not sure
that you've posed a debian-security question), but my recommendation is to
use the apt-proxy package on "server" machine (you can even use
apt-proxy-import to build your proxying "mirror" using the files you've
alr
On Sun, 14 Apr 2002, Noah L. Meyerhans wrote:
> On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
> > Active Internet connections (servers and established)
> > Proto Recv-Q Send-Q Local Address Foreign Address State
> > PID/Program name
> > raw0 0 0.0.0.0:1
On Sun, 14 Apr 2002, Noah L. Meyerhans wrote:
> On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
> > Active Internet connections (servers and established)
> > Proto Recv-Q Send-Q Local Address Foreign Address State
> > PID/Program name
> > raw0 0 0.0.0.0:1
Steve,
I think you may be happier (i.e. spend less time working on this) if you
can drum up a copy of "redir" or "transproxy" for your Cobalt Cube. Both
of these are stable tools that I used quite heavily before the Linux
kernel incorporated a true DNAT (2.4) or port-forwarding (hacked into
2.2).
Steve,
I think you may be happier (i.e. spend less time working on this) if you
can drum up a copy of "redir" or "transproxy" for your Cobalt Cube. Both
of these are stable tools that I used quite heavily before the Linux
kernel incorporated a true DNAT (2.4) or port-forwarding (hacked into
2.2)
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
> I suspect that if all your boxes are running Debian that your life will
> be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)?
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
> I suspect that if all your boxes are running Debian that your life will
> be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)
On Fri, 5 Apr 2002, Kirill Zverev wrote:
> I found that in my logs:
>
> Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody
> Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by
> (uid=0)
>
> who could use su at six o'clock in the morning?
from /etc/crontab:
# m h
On Fri, 5 Apr 2002, Kirill Zverev wrote:
> I found that in my logs:
>
> Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody
> Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0)
>
> who could use su at six o'clock in the morning?
from /etc/crontab:
# m h d
On Thu, 28 Feb 2002, Johan Jacobsson wrote:
> I am using netsaint_statd on a debian machine and I would like to know
> what I am doing, eg what security holes may this create?
> As I understand it, the netsaint_statd deamon makes it possible to
> extract information about CPU load, disk usage, mem
On Thu, 28 Feb 2002, Johan Jacobsson wrote:
> I am using netsaint_statd on a debian machine and I would like to know
> what I am doing, eg what security holes may this create?
> As I understand it, the netsaint_statd deamon makes it possible to
> extract information about CPU load, disk usage, me
On Fri, 22 Feb 2002, Moses Moore wrote:
> I've got a server behind a firewall that users want to transfer files
> to-from. scp isn't an option because ssh is being port-forwarded to a
> machine that isn't the fileserver. ftp would be nice, but ftp sends
> passwords in cleartext.
I would recomme
On Fri, 22 Feb 2002, Moses Moore wrote:
> I've got a server behind a firewall that users want to transfer files
> to-from. scp isn't an option because ssh is being port-forwarded to a
> machine that isn't the fileserver. ftp would be nice, but ftp sends
> passwords in cleartext.
I would recomm
On Thu, 21 Feb 2002, Jaroslaw Tabor wrote:
> Does someone know, if there is a solution to use Debian (or, in
> general Linux ) as encryptor for Ethernet ? I'd like to use two
> computers connected by unsafe ethernet as secure tunnel between two
> LANs. It means, that such device have to be t
On Thu, 21 Feb 2002, Jaroslaw Tabor wrote:
> Does someone know, if there is a solution to use Debian (or, in
> general Linux ) as encryptor for Ethernet ? I'd like to use two
> computers connected by unsafe ethernet as secure tunnel between two
> LANs. It means, that such device have to be
On Tue, 4 Dec 2001, Robert Magier wrote:
> What in source files should I change if I want syslogd to read another
> config file, then /etc/syslog.conf, by default ?
How about the manpage? (The -f opttion) Or, as folks around here say:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2)
On Tue, 4 Dec 2001, Robert Magier wrote:
> What in source files should I change if I want syslogd to read another
> config file, then /etc/syslog.conf, by default ?
How about the manpage? (The -f opttion) Or, as folks around here say:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2
> > Another possibility would be to have them replace the hubs with
> > switches, this assumes you are using twisted pair, not thin net
> > or thick net.
Just a warning, this would buy you absolutely nothing (outside of some
performance). There are enough tools out there capable of ARP spoofing
> > Another possibility would be to have them replace the hubs with
> > switches, this assumes you are using twisted pair, not thin net
> > or thick net.
Just a warning, this would buy you absolutely nothing (outside of some
performance). There are enough tools out there capable of ARP spoofin
I'd recommend the former (firewalling on each server). This will let you
customize the firewall for that server alone, and spread the packet
filtering load and logging. Also, with no access the Cisco box, you'd
have to either MASQ or SNAT with proxy arps if you do insert a firewall
into the packe
I'd recommend the former (firewalling on each server). This will let you
customize the firewall for that server alone, and spread the packet
filtering load and logging. Also, with no access the Cisco box, you'd
have to either MASQ or SNAT with proxy arps if you do insert a firewall
into the pack
On Sat, 20 Oct 2001, Marc Wilson wrote:
> On Sat, Oct 20, 2001 at 07:18:25PM -0700, Jeff Coppock wrote:
> > Just for grins, I removed every udp listing in
> > /etc/services and restarted inetd and the scan came back the
> > same. I figure this is normal, but if someone can confirm this
> > behavi
On Sat, 20 Oct 2001, Marc Wilson wrote:
> On Sat, Oct 20, 2001 at 07:18:25PM -0700, Jeff Coppock wrote:
> > Just for grins, I removed every udp listing in
> > /etc/services and restarted inetd and the scan came back the
> > same. I figure this is normal, but if someone can confirm this
> > behav
31 matches
Mail list logo
