On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote:
> On January 12, 2002 02:28 pm, Stephen Gran wrote:
> > Thus spake Stefan Srdic:
> > > Hi,
> You might have misunderstood me, my question was, will the checksecurity
> script that runs from cron e-mail it's report to root if I have ex
On Mon, Jan 14, 2002 at 06:52:49AM -0500, Ivan R. wrote:
> > to, I can see no reason why not giving a user, that has *no* password,
> > a shell.
>
> if a user don t need a shell,
> why should we give him one?
Because a sysadmin could like to execute scripts under this uid via sudo
as he thinks
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
Previously Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
Waiting for the m68k build, I intend to release a DSA tomorrow.
Wich
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
Previously Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
Waiting for the m68k build, I intend to release a DSA tomorrow.
Wic
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Without much information to go on, I would have a stab at
/etc/syslog.conf... Do you currently have *anything* endi
>
> Ben is merely behind with updating the BTS, by the looks of it...
>
Can't close it till I fix woody/sid too. Which will be when 2.2.5 is
released (days).
--
.--===-=-==-=---==-=-.
/ Ben Collins--Debian GNU/Linux
On Sun, Jan 13, 2002 at 10:38:40AM +1100, Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
I saw this recently...
From: Ben Coll
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Oh and BTW, Slackware released an update today. Without trolling, I can
say that I was honestly surprised
On January 12, 2002 03:18 pm, Jeremy L. Gaddis wrote:
>
> I've never used checksecurity, but I assume any reports
> it creates will be sent to root. Assuming you have root
> aliased to a regular user account, that's where the reports
> will end up.
>
> j.
>
> --
> Jeremy L. Gaddis <[EMAIL PROT
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Without much information to go on, I would have a stab at
/etc/syslog.conf... Do you currently have *anything* end
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis <[EMAIL PROTECTED]>
-Original Message-
From: Stefan Srdic [mailto:[EMAIL PR
>
> Ben is merely behind with updating the BTS, by the looks of it...
>
Can't close it till I fix woody/sid too. Which will be when 2.2.5 is
released (days).
--
.--===-=-==-=---==-=-.
/ Ben Collins--Debian GNU/Linu
Thus spake Stefan Srdic:
> On January 12, 2002 02:28 pm, Stephen Gran wrote:
> > Thus spake Stefan Srdic:
> > > Hi,
> > >
> > > I was going through the Securing Debian HOW-TO and noticed the section
> > > on setuid check (4.11). I would like for the checksecurity script to
> > > email root of any
On January 12, 2002 02:28 pm, Stephen Gran wrote:
> Thus spake Stefan Srdic:
> > Hi,
> >
> > I was going through the Securing Debian HOW-TO and noticed the section
> > on setuid check (4.11). I would like for the checksecurity script to
> > email root of any changes to the system. Will this wor
On Sun, Jan 13, 2002 at 10:38:40AM +1100, Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
I saw this recently...
From: Ben Col
Considering that an upload hasn't been made to rectify this root hole,
why hasn't something else been done about it - regular or security NMU?
One would think that this is definitely serious.
Oh and BTW, Slackware released an update today. Without trolling, I can
say that I was honestly surprised
Thus spake Stefan Srdic:
>
> Hi,
>
> I was going through the Securing Debian HOW-TO and noticed the section
> on
> setuid check (4.11). I would like for the checksecurity script to email root
> of any changes to the system. Will this work if I have exim installed?
>
> Currently, exim fo
On January 12, 2002 03:18 pm, Jeremy L. Gaddis wrote:
>
> I've never used checksecurity, but I assume any reports
> it creates will be sent to root. Assuming you have root
> aliased to a regular user account, that's where the reports
> will end up.
>
> j.
>
> --
> Jeremy L. Gaddis <[EMAIL PRO
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards all mail from root to my day-to-d
I've never used checksecurity, but I assume any reports
it creates will be sent to root. Assuming you have root
aliased to a regular user account, that's where the reports
will end up.
j.
--
Jeremy L. Gaddis <[EMAIL PROTECTED]>
-Original Message-
From: Stefan Srdic [mailto:[EMAIL P
Alan Aldrich wrote:
> Of course I took it off the net and had to rebuild the whole system, and now
> I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
> needs logins anyway, all it does is VPN proxy and authentication on certain
> ports.
The way it should be. No unnesesc
Thus spake Stefan Srdic:
> On January 12, 2002 02:28 pm, Stephen Gran wrote:
> > Thus spake Stefan Srdic:
> > > Hi,
> > >
> > > I was going through the Securing Debian HOW-TO and noticed the section
> > > on setuid check (4.11). I would like for the checksecurity script to
> > > email root of an
On January 12, 2002 02:28 pm, Stephen Gran wrote:
> Thus spake Stefan Srdic:
> > Hi,
> >
> > I was going through the Securing Debian HOW-TO and noticed the section
> > on setuid check (4.11). I would like for the checksecurity script to
> > email root of any changes to the system. Will this wo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Ivan" == \"Ivan R \" writes:
>> Just make sure that you have some way of doing stuff as root
>> (e.g. sudo), and that you don't kill single mode. (Never tried this,
>> but I don't see why you couldn't do this.)
Ivan> ok for sudo, but what do
Thus spake Stefan Srdic:
>
> Hi,
>
> I was going through the Securing Debian HOW-TO and noticed the section on
> setuid check (4.11). I would like for the checksecurity script to email root
> of any changes to the system. Will this work if I have exim installed?
>
> Currently, exim forw
Hi,
I was going through the Securing Debian HOW-TO and noticed the section on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards all mail from root to my day-to-d
Alan Aldrich wrote:
> Of course I took it off the net and had to rebuild the whole system, and now
> I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
> needs logins anyway, all it does is VPN proxy and authentication on certain
> ports.
The way it should be. No unneses
oh yeah.. by the way, that chkrootkit that someone mentioned pointed me
right to the problems.
that is a great tool.
thanks
alan
- Original Message -
From: "Jacques Lav!gnotte" <[EMAIL PROTECTED]>
To: "Alvin Oga" <[EMAIL PROTECTED]>
Cc: "Alan Aldrich" <[EMAIL PROTECTED]>;
Sent: Friday, Ja
I wish I did know how the hacker got in, but I am pretty sure they won't be
able to now.
Someone mentioned tripwire. Is that a good monitor for hacker activity?
alan
- Original Message -
From: "Alvin Oga" <[EMAIL PROTECTED]>
To: "Patrice Neff" <[EMAIL PROTECTED]>
Cc:
Sent: Friday, Januar
Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd, ifc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Ivan" == \"Ivan R \" writes:
>> Just make sure that you have some way of doing stuff as root
>> (e.g. sudo), and that you don't kill single mode. (Never tried this,
>> but I don't see why you couldn't do this.)
Ivan> ok for sudo, but what d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
> I Have a trouble with my e-mail server. I have to change it to my
> domain name and not .local ...
> I need mailserver.domainname.no
If I want to change hostname or IP I use a combination of find grep
and sed and just replace every occurance un
oh yeah.. by the way, that chkrootkit that someone mentioned pointed me
right to the problems.
that is a great tool.
thanks
alan
- Original Message -
From: "Jacques Lav!gnotte" <[EMAIL PROTECTED]>
To: "Alvin Oga" <[EMAIL PROTECTED]>
Cc: "Alan Aldrich" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTE
I wish I did know how the hacker got in, but I am pretty sure they won't be
able to now.
Someone mentioned tripwire. Is that a good monitor for hacker activity?
alan
- Original Message -
From: "Alvin Oga" <[EMAIL PROTECTED]>
To: "Patrice Neff" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd, if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
> I Have a trouble with my e-mail server. I have to change it to my
> domain name and not .local ...
> I need mailserver.domainname.no
If I want to change hostname or IP I use a combination of find grep
and sed and just replace every occurance u
En réponse à Christian Hammers <[EMAIL PROTECTED]>:
> Apart from the ftp users which (sometimes) need their ftp password to
> be stored in /etc/shadow and thus would making it a valid login
> password
> to, I can see no reason why not giving a user, that has *no* password,
> a shell.
ok, but we
En réponse à Hubert Chan <[EMAIL PROTECTED]>:
> Anything that is not a real user can have its shell set to /bin/false.
> In fact, depending on how your system is set up, you could probably
> even
> set root's shell to /bin/false.
ok
> Just make sure that you have some way
> of doing stuff as roo
En réponse à Christian Hammers <[EMAIL PROTECTED]>:
> Apart from the ftp users which (sometimes) need their ftp password to
> be stored in /etc/shadow and thus would making it a valid login
> password
> to, I can see no reason why not giving a user, that has *no* password,
> a shell.
ok, but w
En réponse à Hubert Chan <[EMAIL PROTECTED]>:
> Anything that is not a real user can have its shell set to /bin/false.
> In fact, depending on how your system is set up, you could probably
> even
> set root's shell to /bin/false.
ok
> Just make sure that you have some way
> of doing stuff as ro
42 matches
Mail list logo
