Re: suid
IMHO, this would be bad. The Cron Daemon would have to sanitize the input of the crontab each time it checks the file for running (presumably every minute, unless their is a way of notifying the cron daemon of a new crontab.) The default crontab in debian creates a file in /tmp, the user modifies it using their favorite editor, saves it, crontab then performs a sanity check on it. If all is good it copies the file into the crontab directory and notifies the daemon of the new crontab. I think the current system works well... let's combine it :) user puts his crontab in his home... launches something non-suid that notifies the cron deamon that there's a new entry, cron sanitizes it and copies to its directory... this would allow crontab to run non-suid since it would just have to be notified of changes, and it could run as a deamon... greetings, Kuba BIGHard Jakubik
Re: init.d startup sequence for shorewall
Yogesh Sharma wrote: Hello, I am using shorewall as firewall for my system. It has got 2 ethernet cards one connected to internet and one for internal network. init.d/networking script is linked as S35networking and init.d/shorewall script is linked as S90shorewall. In my opinion shorewall must be started as soon as network is up. can't you just mv S90shorewall S35shorewall ? -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK--
Re: /usr/lib/libkssl.so.2.0.2
Juha Jäykkä wrote: I am wondering... what would be the correct md5sum of the above file? In three machines I get twice the value 4b68a1146dfd0e326c4396e339abc750 and once the value cd59e38dfd54eca39a99094fd85a1af0. This seems quite suspicious to me, especially since I JUST INSTALLED the kdelibs3-packages to all three machines, using ftp.fi.debian.org-mirror. How is this possible? try http://www.knowngoods.org it's a great database of file hashes :) greetz BIGHard -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK--
Re: /usr/lib/libkssl.so.2.0.2
Fredrik Mollerstrand wrote: By the way, how do I go about calculating md5 sums? you mean HOWTO? md5sum BIGHard -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK--
Re: securing pop3
Kristof Goossens wrote: Hello all, I need to make a pop3 account on my server. I intend to work with ipop3d to provide secure pop3 service. Now I want to provide this service for only few people, and I don't want them to have an account on the system. Well, they can have a pop3 account, but no other access whatsoever... I don 't like the idea of giving them an account and setting their shell to /bin/false. So my question is: "Is it possible to create a pop3 account without needing to modify the /etc/passwd file?" but it's the simplest way - /bin/false as a shell and they have only access to pop3 you need the users to have an account on the system, so smtp can receive mail for them afaik. GreetZ BIGHard -- () ascii |GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O /\ ribbon|M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ RLU#165711
Re: HTTP tunnel with linux server and windows client
Is there is any software to bypass http proxy Some kind of pptp via http $-). try doing ppp-over-ssh you launch ppp on the first end, tunel it through ssh and launch another ppp on the other end. Afair mini/VPN-HOWTO is about this... BIGHard -- () ascii |GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O /\ ribbon|M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ RLU#165711
Re: idea for improving security
my idea is to add some rules to iptables eg iptables -A INPUT -p tcp --dport 1985 -j LOG --prefix "key port 1:" iptables -A INPUT -p tcp --dport 1985 -j DROP iptables -A INPUT -p tcp --dport 12731 -j LOG --prefix "key port 2:" iptables -A INPUT -p tcp --dport 12731 -j DROP iptables -A INPUT -p tcp --dport 200312 -j LOG --prefix "key port 3:" iptables -A INPUT -p tcp --dport 200312 -j DROP iptables -A INPUT -p tcp --dport 436093 -j LOG --prefix "key port 4:" iptables -A INPUT -p tcp --dport 436093 -j DROP iptables -A INPUT -p tcp --dport 1 -j LOG --prefix "key port 5:" iptables -A INPUT -p tcp --dport 1 -j DROP iptables -A INPUT -p tcp --dport 1123123 -j LOG --prefix "key port 6:" iptables -A INPUT -p tcp --dport 1123123 -j DROP so you get: 1. ports are DROPED everytime you try to access them (you can set the drop rule to something else (reply with reset or sth) 2. you have log entries like key port 2: SRC=xxx.xxx.xxx.xxx etc. so you just use bash/awk/grep/perl to find the sequence in order from the ip and open/close the port as you wish if you need i could write such scripts and send it to the group/to you Geetings, Kuba BIGHard Jakubik jid: [EMAIL PROTECTED]
Re: /etc/hosts on a router
> What is the best way? hmm... I've found a tool that spoofs dns replys basing on a config file - you can make it return YOUR answers instead the original ones - it's like having the /etc/hosts file accessible to all machines on the net. check it out at: http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=dnshijacker&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0 or directly on dnshijacker's site at: http://pedram.redhive.com/projects.php Greetings, Kuba BIGHard Jakubik
re: strange broadcast packets
Hello, isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp requests from clients? Carpe Noctem, Kuba BIGHard Jakubik
Re: SYN rate statistics.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi list, | How to determine normal/peak rate of packets with SYN to my debian box, for using this value | in iptables limit match. here you are: - --- CUT --- #!/bin/sh TEMPFILE=`tempfile` SCOREFILE="/tmp/scorefile" MYHOST="10.0.0.254" while [ 1 -eq 1 ]; do DATE1=`date +%s` tcpdump tcp[13]=0x2 and dst $MYHOST 2> /dev/null > $TEMPFILE & sleep 10 killall tcpdump DATE2=`date +%s` NUMBER=`cat $TEMPFILE | wc -l` echo "$DATE1 $DATE2 $NUMBER" >> $SCOREFILE echo -n > $TEMPFILE done rm $TEMPFILE - --- CUT --- just change MYHOST to your ip and viola :) then just suck the scorefile to some spreadsheet or just visually analise it. Greetings, Kuba BIGHard Jakubik -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qiWWYcNicAJN4x0RAlmdAKCjnRdkkGvMH1IH5B0s40Y9dvFjIACgvYSp +GfEY0MQcUV9tHMpxZIfD0Y= =ePJs -END PGP SIGNATURE-
Network Operations Center?
Hello, does anybody know a good and free as in beer Network Monitoring Tool for linux? I don't want nagios or such, because it's web-based. Moodss is nice, but a little raw... anything more user-friendly? I want to see graphs of several things like bandwidth, ping times etc in realtime, on my debian box, and connect to remote hosts by ssh. Possible? Do you know such a tool? Greetz, Kuba BIGHard Jakubik Poland, Wrzesnia
Re: init.d startup sequence for shorewall
Yogesh Sharma wrote: Hello, I am using shorewall as firewall for my system. It has got 2 ethernet cards one connected to internet and one for internal network. init.d/networking script is linked as S35networking and init.d/shorewall script is linked as S90shorewall. In my opinion shorewall must be started as soon as network is up. can't you just mv S90shorewall S35shorewall ? -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /usr/lib/libkssl.so.2.0.2
Juha Jäykkä wrote: I am wondering... what would be the correct md5sum of the above file? In three machines I get twice the value 4b68a1146dfd0e326c4396e339abc750 and once the value cd59e38dfd54eca39a99094fd85a1af0. This seems quite suspicious to me, especially since I JUST INSTALLED the kdelibs3-packages to all three machines, using ftp.fi.debian.org-mirror. How is this possible? try http://www.knowngoods.org it's a great database of file hashes :) greetz BIGHard -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /usr/lib/libkssl.so.2.0.2
Fredrik Mollerstrand wrote: By the way, how do I go about calculating md5 sums? you mean HOWTO? md5sum BIGHard -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ --END GEEK CODE BLOCK-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: securing pop3
Kristof Goossens wrote: Hello all, I need to make a pop3 account on my server. I intend to work with ipop3d to provide secure pop3 service. Now I want to provide this service for only few people, and I don't want them to have an account on the system. Well, they can have a pop3 account, but no other access whatsoever... I don 't like the idea of giving them an account and setting their shell to /bin/false. So my question is: "Is it possible to create a pop3 account without needing to modify the /etc/passwd file?" but it's the simplest way - /bin/false as a shell and they have only access to pop3 you need the users to have an account on the system, so smtp can receive mail for them afaik. GreetZ BIGHard -- () ascii |GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O /\ ribbon|M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ RLU#165711 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HTTP tunnel with linux server and windows client
Is there is any software to bypass http proxy Some kind of pptp via http $-). try doing ppp-over-ssh you launch ppp on the first end, tunel it through ssh and launch another ppp on the other end. Afair mini/VPN-HOWTO is about this... BIGHard -- () ascii |GIT d--- s: a--- C UL P+ L+++ E--- W+ N o-- K++ w--- O /\ ribbon|M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+ y+ RLU#165711 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: strange broadcast packets
Hello, isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp requests from clients? Carpe Noctem, Kuba BIGHard Jakubik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SYN rate statistics.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi list, | How to determine normal/peak rate of packets with SYN to my debian box, for using this value | in iptables limit match. here you are: - --- CUT --- #!/bin/sh TEMPFILE=`tempfile` SCOREFILE="/tmp/scorefile" MYHOST="10.0.0.254" while [ 1 -eq 1 ]; do DATE1=`date +%s` tcpdump tcp[13]=0x2 and dst $MYHOST 2> /dev/null > $TEMPFILE & sleep 10 killall tcpdump DATE2=`date +%s` NUMBER=`cat $TEMPFILE | wc -l` echo "$DATE1 $DATE2 $NUMBER" >> $SCOREFILE echo -n > $TEMPFILE done rm $TEMPFILE - --- CUT --- just change MYHOST to your ip and viola :) then just suck the scorefile to some spreadsheet or just visually analise it. Greetings, Kuba BIGHard Jakubik -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qiWWYcNicAJN4x0RAlmdAKCjnRdkkGvMH1IH5B0s40Y9dvFjIACgvYSp +GfEY0MQcUV9tHMpxZIfD0Y= =ePJs -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Network Operations Center?
Hello, does anybody know a good and free as in beer Network Monitoring Tool for linux? I don't want nagios or such, because it's web-based. Moodss is nice, but a little raw... anything more user-friendly? I want to see graphs of several things like bandwidth, ping times etc in realtime, on my debian box, and connect to remote hosts by ssh. Possible? Do you know such a tool? Greetz, Kuba BIGHard Jakubik Poland, Wrzesnia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: suid
IMHO, this would be bad. The Cron Daemon would have to sanitize the input of the crontab each time it checks the file for running (presumably every minute, unless their is a way of notifying the cron daemon of a new crontab.) The default crontab in debian creates a file in /tmp, the user modifies it using their favorite editor, saves it, crontab then performs a sanity check on it. If all is good it copies the file into the crontab directory and notifies the daemon of the new crontab. I think the current system works well... let's combine it :) user puts his crontab in his home... launches something non-suid that notifies the cron deamon that there's a new entry, cron sanitizes it and copies to its directory... this would allow crontab to run non-suid since it would just have to be notified of changes, and it could run as a deamon... greetings, Kuba BIGHard Jakubik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
