Martin SchrC6der <[EMAIL PROTECTED]> writes:
> On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote:
>> appreciable added risk. The only loose end is that sshd doesn't
>> currently log the RSA/DSA key that is used to gain access. Ideally it
>
> Hu? Try
> LogLevel VERBOSE
Your eloquent repl
hmm, on Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt said that
> It IS POSSIBLE to set something up and have it be secure and NOT TOUCH
> IT, because many people have OpenBSD machines running older releases
> running without any modification for YEARS now, RISK FREE, without
> having to upd
Making is a process.
Toast is not a process.
>- --- Original Message --- -
>From: [EMAIL PROTECTED]
>To: misc@openbsd.org
>Sent: Fri, 23 Sep 2005 02:30:10
>
>[EMAIL PROTECTED] wrote:
>
>>> Security is everything you've ever said, plus a
>process.
>>
>> If it is secure, it doesn't
[EMAIL PROTECTED] wrote:
Security is everything you've ever said, plus a process.
If it is secure, it doesn't need a process. So why would security be a
process again? Because of the vendors making "mistakes" and fix it later?
Jimmy Scott
It is a "process" in the same way that "making toast
On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote:
> appreciable added risk. The only loose end is that sshd doesn't
> currently log the RSA/DSA key that is used to gain access. Ideally it
Hu? Try
LogLevel VERBOSE
Best
Martin
--
http://www.tm.oneiros.de
Tim Hammerquist <[EMAIL PROTECTED]> writes:
> [*] I would consider leaving PermitRootLogin enabled a firing
> offense in itself.
PermitRootLogin is needed for rdisting. Without that you end up
having to maintain N systems.
/etc/ssh/sshd_config:
Protocol 2
PermitRootLogin without-password
Pa
Quoting "Clint M. Sand" <[EMAIL PROTECTED]>:
> On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote:
> > > > People keep yammering this bullshit about "Security is a process".
> > > > Bullshit! Lies! It's about paying attention to the frigging details
> > > > when they are right in fron
Clint M. Sand wrote:
> > > Theo de Raadt wrote:
> > > > It's about paying attention to the frigging details when
> > > > they are right in front of your face.
[ snippage ]
>
> No, you can put an openbsd box up and leave it for years with
> root login enabled and password for a password. It takes m
>Security is everything you've ever said, plus a
>process.
No. security does not require the process.
Attempted security (that doesn't quite work) requires a process.
Like the difference between does work and should work.
On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote:
> > > People keep yammering this bullshit about "Security is a process".
> > > Bullshit! Lies! It's about paying attention to the frigging details
> > > when they are right in front of your face. And it is very clear other
> > > vend
> Which is why I now know MORE about air-conditioners than most of the
> technicians who come here.
>
> The phrase, and everything you said, is all excuses for the vendors.
I bet that the air-conditoner technicians believe that
"Air-conditioner maintainance is a process".
Which is why they can n
> > People keep yammering this bullshit about "Security is a process".
> > Bullshit! Lies! It's about paying attention to the frigging details
> > when they are right in front of your face. And it is very clear other
> > vendors do not pay attention to the details, considering the work I
> > did
On Thu, Sep 22, 2005 at 02:02:13PM -0600, Theo de Raadt wrote:
> People keep yammering this bullshit about "Security is a process".
> Bullshit! Lies! It's about paying attention to the frigging details
> when they are right in front of your face. And it is very clear other
> vendors do not pa
adt [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 22, 2005 1:02 PM
To: Michael Favinsky
Cc: 'misc@openbsd.org'
Subject: Re: Portmap non-local set / unset attempt
> I'm receiving the following messages from portmap when starting Legato
> Networker's nsrex
> I'm receiving the following messages from portmap when starting Legato
> Networker's nsrexecd. The nsrexecd I'm running is the Linux version under
> emulation:
>
> portmap[16083]: non-local unset attempt (might be from 127.0.0.1)
> portmap[16083]: non-local set attempt (might be from 127.0.0.1)
I'm receiving the following messages from portmap when starting Legato
Networker's nsrexecd. The nsrexecd I'm running is the Linux version under
emulation:
portmap[16083]: non-local unset attempt (might be from 127.0.0.1)
portmap[16083]: non-local set attempt (might be from 127.0.0.1)
The program
16 matches
Mail list logo