In message <[EMAIL PROTECTED]>, Stefan Srdic writes:
> My system is my desktop and my server. The machine is
>connected to the internet and I use my own IPTables script to protect my
>network.
>
>I've used the update-rc.d script to remove the inetd init scripts from all
>runlevels. But, I still
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan Srdic <[EMAIL PROTECTED]> writes:
> On Wed 13 Feb 02 19:14, Howland, Curtis wrote:
> > Would simply commenting out all the lines in inetd.conf be sufficient?
> >
> > I realize that this is not the same as uninstalling, but it's not clear
> > w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
maybe this can help:
install rcconf, a tool for selecting which scripts from /etc/init.d are going
to run at boot time and deselect inetd;
it will be disabled, but still on your hard disk
you asked for a circumvention of the problem, not for a solut
On Wed 13 Feb 02 19:14, Howland, Curtis wrote:
> Would simply commenting out all the lines in inetd.conf be sufficient?
>
> I realize that this is not the same as uninstalling, but it's not clear
> what the goal is. If the machine is isolated, it doesn't matter. If it's
> not isolated, iptables/ipc
Stefan Srdic wrote:
> Hi,
>
> I'm running Woody at home and have no use for the inetd deamon. I
> have tried to un-install the package which provides inetd
> (netkit-inetd), but it depends on package netbase so if I remove
> nekit-inetd I lose netbase.
>
> How can I circumvent this problem?
apt
In message <02021309001300.00464@NodeFilter>, Stefan Srdic writes:
> My system is my desktop and my server. The machine is
>connected to the internet and I use my own IPTables script to protect my
>network.
>
>I've used the update-rc.d script to remove the inetd init scripts from all
>runlevels
Hi,
I'm running Woody at home and have no use for the inetd deamon. I have
tried
to un-install the package which provides inetd (netkit-inetd), but it depends
on package netbase so if I remove nekit-inetd I lose netbase.
How can I circumvent this problem?
Thanks,
Stef
In the interest of brevity, thanks to everyone who replied on this
thread!
Jeff Bonner
On Wed 13 Feb 02 19:14, Howland, Curtis wrote:
> Would simply commenting out all the lines in inetd.conf be sufficient?
>
> I realize that this is not the same as uninstalling, but it's not clear
> what the goal is. If the machine is isolated, it doesn't matter. If it's
> not isolated, iptables/ip
On 13 Feb 2002 03:35 PM, Anthony DeRobertis wrote:
> > But if the machine is restarted, those changes either do not
> > persist (same kernel) or are quite obvious (modified kernel
> > overwrites the old one, etc). On the other hand, having a
> > hostile module inserted into the kernel not only al
Stefan Srdic wrote:
> Hi,
>
> I'm running Woody at home and have no use for the inetd deamon. I
> have tried to un-install the package which provides inetd
> (netkit-inetd), but it depends on package netbase so if I remove
> nekit-inetd I lose netbase.
>
> How can I circumvent this problem?
ap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Jeff Bonner" <[EMAIL PROTECTED]> writes:
> The Securing Debian HOWTO makes mention of the possibility that you can
> set a partition as read-only, to further protect the various things in
> /usr/bin for example. Then when you apt-get upgrade, you ca
Hi,
I'm running Woody at home and have no use for the inetd deamon. I have tried
to un-install the package which provides inetd (netkit-inetd), but it depends
on package netbase so if I remove nekit-inetd I lose netbase.
How can I circumvent this problem?
Thanks,
Stef
--
To UNSUBS
In the interest of brevity, thanks to everyone who replied on this
thread!
Jeff Bonner
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On 13 Feb 2002 03:35 PM, Anthony DeRobertis wrote:
> > But if the machine is restarted, those changes either do not
> > persist (same kernel) or are quite obvious (modified kernel
> > overwrites the old one, etc). On the other hand, having a
> > hostile module inserted into the kernel not only a
Wednesday, February 13, 2002, 9:16:48 PM, Reagan Blundell wrote:
> Feb 13 17:04:40 iridium named[1525]: none:0: open: /etc/bind/rndc.key: \
> file not found
> Its looking for the rndc.key file in /etc/bind/ which would be
> /chroot/named/etc/bind
> You have it in /chroot/named/etc - hence it can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Jeff Bonner" <[EMAIL PROTECTED]> writes:
> The Securing Debian HOWTO makes mention of the possibility that you can
> set a partition as read-only, to further protect the various things in
> /usr/bin for example. Then when you apt-get upgrade, you c
On Monday, February 11, 2002, at 02:54 PM, Jeff Bonner wrote:
But if the machine is restarted, those changes either do not persist
(same kernel) or are quite obvious (modified kernel overwrites the old
one, etc). On the other hand, having a hostile module inserted
into the
kernel not only al
Wednesday, February 13, 2002, 9:16:48 PM, Reagan Blundell wrote:
> Feb 13 17:04:40 iridium named[1525]: none:0: open: /etc/bind/rndc.key: \
> file not found
> Its looking for the rndc.key file in /etc/bind/ which would be
> /chroot/named/etc/bind
> You have it in /chroot/named/etc - hence it ca
On Wed, Feb 13, 2002 at 07:54:00PM +0100, Marcus Frings wrote:
> Wednesday, February 13, 2002, 5:52:38 PM, Alan James wrote:
>
> > Your English is very good actually, you need not apologise.
>
> Thanks. :-)
>
> >>*a* and *b* confuses me a little. Although rndc.key is in the chrooted
> >>/chroot
Wednesday, February 13, 2002, 8:33:08 PM, Alain Tesio wrote:
> I'll send another post when it's ready, probably this Sunday.
Okay, I won't miss your posting. :-)
Regards,
Marcus
--
Fickle minds, pretentious attitudes
and ugly make-up on ugly faces...
The Goth Goose Of The Week: http://www.goth
On Wed, 13 Feb 2002 20:26:11 +0100
Marcus Frings <[EMAIL PROTECTED]> wrote:
> Huh, you've put quite much in the jail. I wonder why this might be
> necessary since the HOWTO just suggests to put very few files like the
> configuration and zone data files in the chroot jail. I'll try to
> resolve th
Wednesday, February 13, 2002, 7:26:56 PM, Alain Tesio wrote:
> I'm writing a script to chroot services automatically,
> I've tested it with bind9, here is the log and the
> files I have in the jail, it looks to work.
Huh, you've put quite much in the jail. I wonder why this might be
necessary si
Wednesday, February 13, 2002, 5:52:38 PM, Alan James wrote:
> Your English is very good actually, you need not apologise.
Thanks. :-)
>>*a* and *b* confuses me a little. Although rndc.key is in the chrooted
>>/chroot/named/etc/ I get this error message (in addition
> you mean /chroot/named/etc
IMHO, putting a box on the interweb has security implications. But
port-forwarding in itself isn't exactly a security problem. I use port
forwarding to forward packets do a dmz, so on the off-chance that I am
r00t'd, all they have access to is the dmz. They still would have to be
real sneaky to get
Hi, I didn't look at your problem precisely,
I'm writing a script to chroot services automatically,
I've tested it with bind9, here is the log and the
files I have in the jail, it looks to work.
Hope this helps, I'll release the script soon.
Alain
bind9.find
Description: Binary data
bind9.log
On Monday, February 11, 2002, at 02:54 PM, Jeff Bonner wrote:
>
> But if the machine is restarted, those changes either do not persist
> (same kernel) or are quite obvious (modified kernel overwrites the old
> one, etc). On the other hand, having a hostile module inserted
> into the
> kernel n
On Wed, Feb 13, 2002 at 07:54:00PM +0100, Marcus Frings wrote:
> Wednesday, February 13, 2002, 5:52:38 PM, Alan James wrote:
>
> > Your English is very good actually, you need not apologise.
>
> Thanks. :-)
>
> >>*a* and *b* confuses me a little. Although rndc.key is in the chrooted
> >>/chroo
Wednesday, February 13, 2002, 8:33:08 PM, Alain Tesio wrote:
> I'll send another post when it's ready, probably this Sunday.
Okay, I won't miss your posting. :-)
Regards,
Marcus
--
Fickle minds, pretentious attitudes
and ugly make-up on ugly faces...
The Goth Goose Of The Week: http://www.got
On Wed, 13 Feb 2002 20:26:11 +0100
Marcus Frings <[EMAIL PROTECTED]> wrote:
> Huh, you've put quite much in the jail. I wonder why this might be
> necessary since the HOWTO just suggests to put very few files like the
> configuration and zone data files in the chroot jail. I'll try to
> resolve t
Wednesday, February 13, 2002, 7:26:56 PM, Alain Tesio wrote:
> I'm writing a script to chroot services automatically,
> I've tested it with bind9, here is the log and the
> files I have in the jail, it looks to work.
Huh, you've put quite much in the jail. I wonder why this might be
necessary s
On Wed, 13 Feb 2002 17:19:33 +0100, Marcus Frings <[EMAIL PROTECTED]>
wrote:
>Dear all,
>
>first I would like to apologize for my English as I am not a native
>speaker.
Your English is very good actually, you need not apologise.
>*a* and *b* confuses me a little. Although rndc.key is in the chro
Wednesday, February 13, 2002, 5:52:38 PM, Alan James wrote:
> Your English is very good actually, you need not apologise.
Thanks. :-)
>>*a* and *b* confuses me a little. Although rndc.key is in the chrooted
>>/chroot/named/etc/ I get this error message (in addition
> you mean /chroot/named/et
IMHO, putting a box on the interweb has security implications. But
port-forwarding in itself isn't exactly a security problem. I use port
forwarding to forward packets do a dmz, so on the off-chance that I am
r00t'd, all they have access to is the dmz. They still would have to be
real sneaky to ge
Dear all,
first I would like to apologize for my English as I am not a native
speaker.
I'm using Debian Woody with the current bind 9.2.0 and I'm trying to put
it in a chroot jail. I downloaded Scott's "Chroot-BIND HOWTO" and it
worked very well except for a few small things.
The chroot jail is se
Hi, I didn't look at your problem precisely,
I'm writing a script to chroot services automatically,
I've tested it with bind9, here is the log and the
files I have in the jail, it looks to work.
Hope this helps, I'll release the script soon.
Alain
bind9.find
Description: Binary data
bind9.l
On Wed, 13 Feb 2002 17:19:33 +0100, Marcus Frings <[EMAIL PROTECTED]>
wrote:
>Dear all,
>
>first I would like to apologize for my English as I am not a native
>speaker.
Your English is very good actually, you need not apologise.
>*a* and *b* confuses me a little. Although rndc.key is in the chr
It seems to accomplish the example you posed, you need 2 external IPs.
Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:
ftp1 -> 1.1.1.1
ftp2 -> 1.1.1.2
www1 -> 1.1.1.1
www2 -> 1.1.1.2
And on your firewall do:
1.1.1.1 port 21 -> 192.168.0.10
1.1.1.2 port 21 -> 192.168.0.50
Dear all,
first I would like to apologize for my English as I am not a native
speaker.
I'm using Debian Woody with the current bind 9.2.0 and I'm trying to put
it in a chroot jail. I downloaded Scott's "Chroot-BIND HOWTO" and it
worked very well except for a few small things.
The chroot jail is s
Hi,
Ramon Acedo wrote:
>
> I'd like to have a map like this:
>
> ftp1.mydomain.net ---> 192.168.1.10
> ftp2.mydomain.net ---> 192.168.1.50
> www1.mydomain.net ---> 192.168.1.12
> www2.mydomain.net ---> 192.168.1.33
that´s hard, tricky and not always possible.
most protocols (e.g. ftp, telnet,
I think it is worth pointing out that port-forwarding has security
implications. If one of your services is compromised (even if it is not
running as root) the attacker now has a good amount of access to your
local/internal network. I would only forward ports when absolutely needed and
only t
Hi again!
Thanks for your quickly answers,
I think I hadn't explained enough clearly in the first mail.
The problem is the following:
I have a SINGLE public ip with an associated domain. In that host I have
a DNS server, mail server, web, etc. The important point is at the DNS.
What i'd l
The Securing Debian HOWTO makes mention of the possibility that you can
set a partition as read-only, to further protect the various things in
/usr/bin for example. Then when you apt-get upgrade, you can configure
apt to automagically turn off the read-only while needed, then turn it
back on (faci
It seems to accomplish the example you posed, you need 2 external IPs.
Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:
ftp1 -> 1.1.1.1
ftp2 -> 1.1.1.2
www1 -> 1.1.1.1
www2 -> 1.1.1.2
And on your firewall do:
1.1.1.1 port 21 -> 192.168.0.10
1.1.1.2 port 21 -> 192.168.0.50
Hi,
Ramon Acedo wrote:
>
> I'd like to have a map like this:
>
> ftp1.mydomain.net ---> 192.168.1.10
> ftp2.mydomain.net ---> 192.168.1.50
> www1.mydomain.net ---> 192.168.1.12
> www2.mydomain.net ---> 192.168.1.33
that´s hard, tricky and not always possible.
most protocols (e.g. ftp, telnet,
I think it is worth pointing out that port-forwarding has security implications. If
one of your services is compromised (even if it is not running as root) the attacker
now has a good amount of access to your local/internal network. I would only forward
ports when absolutely needed and only t
Hi again!
Thanks for your quickly answers,
I think I hadn't explained enough clearly in the first mail.
The problem is the following:
I have a SINGLE public ip with an associated domain. In that host I have
a DNS server, mail server, web, etc. The important point is at the DNS.
What i'd
The Securing Debian HOWTO makes mention of the possibility that you can
set a partition as read-only, to further protect the various things in
/usr/bin for example. Then when you apt-get upgrade, you can configure
apt to automagically turn off the read-only while needed, then turn it
back on (fac
48 matches
Mail list logo
