Petro wrote:
> Is there a file-security scanner like tripwire (or like AIDE) that
> works across a network? I'm envisioning something that does local
> file scanning, then transmits the resulting table to a remote (more
> secure) host where the verification is done.
Try samhain
On Tue, Mar 12, 2002 at 11:31:34AM +0800, Marcel Welschbillig wrote:
> Hi,
>
> Is there any known security issues with installing micro$oft Front Page
> extensions on a Debian Apache web server? I am reluctant to infect my
> nice Linux web server with micro$oft code.
>
Well you did use
On Tue, Mar 12, 2002 at 05:18:34PM +1300, John Morton wrote:
> On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > > Doesnt dpkg also compile with a static zlib? Why does it not make
> > > this list?
> > What Internet-accessible port are you running dpkg on? :)
> > dpkg doesn't normally
On Mon, Mar 11, 2002 at 08:52:54PM -0600, Steve Langasek wrote:
> dpkg doesn't normally run on a network port, so exploiting it doesn't get
> you local access unless you already have it; and it's not suid, so running
> it from commandline doesn't let you get root. Therefore, there is no
> securit
On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > Doesnt dpkg also compile with a static zlib? Why does it not make
> > this list?
>
> What Internet-accessible port are you running dpkg on? :)
>
> dpkg doesn't normally run on a network port, so exploiting it doesn't
> get you local acc
> Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
No, it doesn't. The potato version of dpkg forks a copy of gzip. Any
other versions don't get security support. :)
--
Mike Stone
Unless your are going to dial into a malicious ISP, I doubt this will be a
problem (AFAIK, but don't quote me).
Most of my servers are stable/testing hybrids, including 2 running 2.4 (and
I have been very happy with them).
Update your sources.list to have both stable and testing (and make sure y
Hi,
Is there any known security issues with installing micro$oft Front Page
extensions on a Debian Apache web server? I am reluctant to infect my
nice Linux web server with micro$oft code.
Thanks !
--
Regards,
Marcel Welschbillig
ii ppp2.4.1-0.bunk.2 Point-to-Point Protocol (PPP) daemon.
How does this affect ppp servers running potato with the unofficial 2.4
packages provided by Adrian Bunk?
Does anyone have any recommendations for fixing this potential exploit?
Thanks,
Chuck
--
To UNSUBSCRIBE, email t
On Mon, Mar 11, 2002 at 05:16:43PM -0600, Jor-el wrote:
> On Mon, 11 Mar 2002, Michael Stone wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > - --
> > Debian Security Advisory DSA 122-1 [EMAIL PROTECTED]
On Tue, Mar 12, 2002 at 11:31:34AM +0800, Marcel Welschbillig wrote:
> Hi,
>
> Is there any known security issues with installing micro$oft Front Page
> extensions on a Debian Apache web server? I am reluctant to infect my
> nice Linux web server with micro$oft code.
>
Well you did use
On Mon, Mar 11, 2002 at 05:16:43PM -0600, Jor-el wrote:
> > amaya 2.4-1potato1
> > dictd 1.4.9-9potato1
> > erlang 49.1-10.1
> > freeamp 2.0.6-2.1
> > mirrordir 0.10.48-2.1
> > ppp 2.3.11-1.5
> > rsync 2.3.2-1.6
> > vrweb 1.5-5.1
> >
> Hi,
>
> Doesnt dpkg also compile with
On Mon, 11 Mar 2002, Jor-el wrote:
> > The zlib vulnerability is fixed in the Debian zlib package version
> > 1.1.3-5.1. A number of programs either link statically to zlib or include
> > a private copy of zlib code. These programs must also be upgraded
> > to eliminate the zlib vulnerability. The
On Tue, Mar 12, 2002 at 05:18:34PM +1300, John Morton wrote:
> On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > > Doesnt dpkg also compile with a static zlib? Why does it not make
> > > this list?
> > What Internet-accessible port are you running dpkg on? :)
> > dpkg doesn't normally
Jor-el wrote:
> Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
Yeah, dpkg-deb does. Presumaly you already have to trust debs you
install, but this could affect using dpkg to examine the contents of
untrusted debs..
--
see shy jo
I have tripwire installed on one of my servers (Debian Stable), and I've
managed to get the configuration pretty quiet, but I'm having a little
problem with one or two of them.
The particular section of tw.config looks like:
/var@@AW
!/var/log/ksymoops/
/var/log@@LOGSEARCH
/
On Mon, Mar 11, 2002 at 08:52:54PM -0600, Steve Langasek wrote:
> dpkg doesn't normally run on a network port, so exploiting it doesn't get
> you local access unless you already have it; and it's not suid, so running
> it from commandline doesn't let you get root. Therefore, there is no
> securi
On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > Doesnt dpkg also compile with a static zlib? Why does it not make
> > this list?
>
> What Internet-accessible port are you running dpkg on? :)
>
> dpkg doesn't normally run on a network port, so exploiting it doesn't
> get you local ac
Hi,
Is there any known security issues with installing micro$oft Front Page
extensions on a Debian Apache web server? I am reluctant to infect my
nice Linux web server with micro$oft code.
Thanks !
--
Regards,
Marcel Welschbillig
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subje
On Mon, Mar 11, 2002 at 05:16:43PM -0600, Jor-el wrote:
> On Mon, 11 Mar 2002, Michael Stone wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > - --
> > Debian Security Advisory DSA 122-1 [EMAIL PROTECTED]
On Mon, 11 Mar 2002, Michael Stone wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> - --
> Debian Security Advisory DSA 122-1 [EMAIL PROTECTED]
> http://www.debian.org/security/
> Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
No, it doesn't. The potato version of dpkg forks a copy of gzip. Any
other versions don't get security support. :)
--
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe
On Mon, 11 Mar 2002, Jor-el wrote:
> > The zlib vulnerability is fixed in the Debian zlib package version
> > 1.1.3-5.1. A number of programs either link statically to zlib or include
> > a private copy of zlib code. These programs must also be upgraded
> > to eliminate the zlib vulnerability. Th
Jor-el wrote:
> Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
Yeah, dpkg-deb does. Presumaly you already have to trust debs you
install, but this could affect using dpkg to examine the contents of
untrusted debs..
--
see shy jo
--
To UNSUBSCRIBE, email
I have tripwire installed on one of my servers (Debian Stable), and I've
managed to get the configuration pretty quiet, but I'm having a little
problem with one or two of them.
The particular section of tw.config looks like:
/var@@AW
!/var/log/ksymoops/
/var/log@@LOGSEARCH
On Mon, 11 Mar 2002, Michael Stone wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> - --
> Debian Security Advisory DSA 122-1 [EMAIL PROTECTED]
> http://www.debian.org/security/
He might have meant that he doesn't want to run the risk of getting
a poor utility thinking that it is a good one(risk of security by ignorance),
so he's asking for recommendations from people that might know something.
However, he should understand program/technology limitations (e.g. they mig
On Mon, Mar 11, 2002 at 04:10:10PM +0100, Alexander Reelsen wrote:
> Hiya
>
> On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña
> wrote:
> > On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> > >Which is the best way to create a POP only account? jus
On Mon, 11 Mar 2002, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> > You have in the "/etc/hosts.deny" this:
> > ALL:PARANOID
>
> That's exactly what I was thinking about.. many programs in
> Debian are now compiled with the
He might have meant that he doesn't want to run the risk of getting
a poor utility thinking that it is a good one(risk of security by ignorance),
so he's asking for recommendations from people that might know something.
However, he should understand program/technology limitations (e.g. they mi
The apache project has a full featured mail system called james. It's
written in Java and seems very full featured. The specs are impressive but
I haven't used it myself. You may want to check it out.
:wq
Tim Uckun
US Investigations Services/Due Diligence
http://www.diligence.com/
On Mon, Mar 11, 2002 at 04:10:10PM +0100, Alexander Reelsen wrote:
> Hiya
>
> On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña wrote:
> > On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> > >Which is the best way to create a POP only account? just
On Mon, 11 Mar 2002, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> > You have in the "/etc/hosts.deny" this:
> > ALL:PARANOID
>
> That's exactly what I was thinking about.. many programs in
> Debian are now compiled with the
Hiya
On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> >Which is the best way to create a POP only account? just change the
> > last field in /etc/passwd to /bin/false?
> No. My 2 cents
On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> Hi,
>
>Which is the best way to create a POP only account? just change the
> last field in /etc/passwd to /bin/false?
No. My 2 cents (of Euro): use a directory for POP authentication
using the appropiate PAM module
The apache project has a full featured mail system called james. It's
written in Java and seems very full featured. The specs are impressive but
I haven't used it myself. You may want to check it out.
:wq
Tim Uckun
US Investigations Services/Due Diligence
http://www.diligence.com/
--
To
Pedro Zorzenon Neto writes:
> Hi,
>
>Which is the best way to create a POP only account? just change the
> last field in /etc/passwd to /bin/false?
What about using qmail with vpopmail ? Simple, efficient, and really
disconnected
from the underlying server ...
--
Davy Gigan
System & Ne
El 11 de mar de 2002, a las 12:24 +, Alan James escribio:
[...]
>
> ReverseMappingCheck no
>
[...]
-- Fin de mensaje original --
But this is only in "SSH protocol version 2", isn.t it??
I.m trying to look for this in version 1 and I don.t found it.
Bye,
--
---
Hi,
If I were you I'd use Dbmail (www.dbmail.org, cvs version).
It has got all this and more.
Best regards,
Eelco
On 11-03-2002 13:21, "Pedro Zorzenon Neto" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Which is the best way to create a POP only account? just change the
> last field in /etc/passwd to
Hiya
On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> >Which is the best way to create a POP only account? just change the
> > last field in /etc/passwd to /bin/false?
> No. My 2 cent
On Mon, 11 Mar 2002 09:02:17 -0300, Pedro Zorzenon Neto <[EMAIL PROTECTED]>
wrote:
> I've looked in "man sshd" and "man ssh" and I didn't see any
>configuration option which bypass the reverse lookup, enabling
>connections from machines without reverse DNS lookup. How can I do
>this? (I don't wa
On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> You have in the "/etc/hosts.deny" this:
> ALL:PARANOID
That's exactly what I was thinking about.. many programs in
Debian are now compiled with the tcpwrappers library: ssh, portmap,
in.talk, rpc.statd, rpc.mountd, g
Hi,
Which is the best way to create a POP only account? just change the
last field in /etc/passwd to /bin/false?
I want that the user will not be able to do anything on the machine
but retriving mail.
I will enable APOP in qpopper or use some ssl wrapper for POP3, will
disable the plain
On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> Hi,
>
>Which is the best way to create a POP only account? just change the
> last field in /etc/passwd to /bin/false?
No. My 2 cents (of Euro): use a directory for POP authentication
using the appropiate PAM modul
On Mon, 11 Mar 2002 09:02:17 -0300
"Pedro Zorzenon Neto" <[EMAIL PROTECTED]> wrote:
> ssh_exchange_identification: Connection closed by remote host
This message means that a connection was made to the server but was closed
before SSH protocol was initiated.
This is usually caused by a libwrap se
You have in the "/etc/hosts.deny" this:
ALL:PARANOID
Try something like this
"/etc/hosts.deny" => ALL:ALL
"/etc/hosts.allow" => sshd:ALL
For more information "man 5 hosts.access & man 5 hosts_options"
Bye ;)
--
--
Hi,
ssh in potato is set to always try to use reverse DNS lookup. If the
client is not registered in the DNS server, then it gets an answer:
"ssh_exchange_identification: Connection closed by remote host"
I've looked in "man sshd" and "man ssh" and I didn't see any
configuration option whic
Pedro Zorzenon Neto writes:
> Hi,
>
>Which is the best way to create a POP only account? just change the
> last field in /etc/passwd to /bin/false?
What about using qmail with vpopmail ? Simple, efficient, and really disconnected
from the underlying server ...
--
Davy Gigan
System & Ne
El 11 de mar de 2002, a las 12:24 +, Alan James escribio:
[...]
>
> ReverseMappingCheck no
>
[...]
-- Fin de mensaje original --
But this is only in "SSH protocol version 2", isn.t it??
I.m trying to look for this in version 1 and I don.t found it.
Bye,
--
--
Hi,
If I were you I'd use Dbmail (www.dbmail.org, cvs version).
It has got all this and more.
Best regards,
Eelco
On 11-03-2002 13:21, "Pedro Zorzenon Neto" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Which is the best way to create a POP only account? just change the
> last field in /etc/passwd t
On Mon, 11 Mar 2002 09:02:17 -0300, Pedro Zorzenon Neto <[EMAIL PROTECTED]>
wrote:
> I've looked in "man sshd" and "man ssh" and I didn't see any
>configuration option which bypass the reverse lookup, enabling
>connections from machines without reverse DNS lookup. How can I do
>this? (I don't w
On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> You have in the "/etc/hosts.deny" this:
> ALL:PARANOID
That's exactly what I was thinking about.. many programs in
Debian are now compiled with the tcpwrappers library: ssh, portmap,
in.talk, rpc.statd, rpc.mountd,
Hi,
Which is the best way to create a POP only account? just change the
last field in /etc/passwd to /bin/false?
I want that the user will not be able to do anything on the machine
but retriving mail.
I will enable APOP in qpopper or use some ssl wrapper for POP3, will
disable the plai
On Mon, 11 Mar 2002 09:02:17 -0300
"Pedro Zorzenon Neto" <[EMAIL PROTECTED]> wrote:
> ssh_exchange_identification: Connection closed by remote host
This message means that a connection was made to the server but was closed before SSH
protocol was initiated.
This is usually caused by a libwrap s
You have in the "/etc/hosts.deny" this:
ALL:PARANOID
Try something like this
"/etc/hosts.deny" => ALL:ALL
"/etc/hosts.allow" => sshd:ALL
For more information "man 5 hosts.access & man 5 hosts_options"
Bye ;)
--
-
Hi,
ssh in potato is set to always try to use reverse DNS lookup. If the
client is not registered in the DNS server, then it gets an answer:
"ssh_exchange_identification: Connection closed by remote host"
I've looked in "man sshd" and "man ssh" and I didn't see any
configuration option whi
57 matches
Mail list logo
