> So I've opened perms up to 644 again, but this seems the wrong thing
> to do. I realise I was only gaining a minor layer of
> security-thru-obscurity, but every little helps - surely we don't
> want this file to be world-readable ?
>
> I note from inetd.conf that in.telnetd runs as uid.gid
> te
On Thu, 29 Aug 2002, Jason Clarke wrote:
# Found the problem to be that SSH was doing DNS lookups on IP's.
#
# So I setup an internal reverse DNS for my local lan, and shebang, it's
# almost instant now.
use -u0 on the sshd option
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID -> [person
Nick,
I found that SSHd was being unreasonably slow in authorising logins..
Found the problem to be that SSH was doing DNS lookups on IP's.
So I setup an internal reverse DNS for my local lan, and shebang, it's
almost instant now.
Jason
- Original Message -
From: "Nick Boyce" <>
To:
S
[hope this isn't too lame a question for this list]
I decided to start locking down permissions on "sensitive" files on a
recently installed Woody box, and discovered that when I changed the
permissions on "hosts.allow" (and "hosts.deny") to 640 then I could no
longer Telnet into the box from the
On Wed, Aug 28, 2002 at 11:56:24AM +0200, Michael Renzmann wrote:
> Hi.
>
> Jones, Steven wrote:
> >Ive found port sentry really good for detecting port scans and then
> >routeing
> >the return packets to no where.
>
> As an addition to that idea: would it be possible to cause similar
> effects
thx
Hi Matt,
> Ah, I missed the part where you said this was a potato system. It
looks
> like you are installing woody security updates on a potato system.
You
> probably have a line like this:
>
> deb http://security.debian.org/ stable/updates main
>
> in /etc/apt/sources.list. Since Debian 3.0 (wo
Hi,
after an "apt-get update" on my potato box, the following happens:
wurm:~# apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages have been kept back
python-base python-tk
0 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
> I think as a German I'm allowed to say this:
>
> No English, no security. There will always be bits and pieces
> available
> in English only. Making DSAs available in foreign languages will help
> amateurs without sufficient English skills to keep their systems up
> to date.
It might even help p
Hi.
Jones, Steven wrote:
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
As an addition to that idea: would it be possible to cause similar
effects to HTTP-server worms with a modified tarpit? Maybe a modified
version of the kernel
Hi Dale.
Dale Amon wrote:
The only thing you can do is to make damn certain your box does not become
part of the problem.
I'll add to that: make sure you actually check your logs. I use syslog-ng to
bring all essential realtime logging to a hardened server;
I'll add another one to that: I st
It seems to me, you need not only the patch-int , but also the loop patch,
which can be found at
ftp://ftp.kernel.org/pub/linux/crypto/v2.4/testing/loop-hvr-2.4.18.0.patch
You have to use it else the cryptoloop compile part fails.
Why the loop patch is not included in the patch-int patch, I do not
Jeff wrote:
> I've decided to learn how to setup an encrypted filesystem using the
> cryptoloop method and I'm having troubles getting my kernal source
> patched correctly. I've read the "Loopback Encrypted Filesystem
> HOWTO", but it's outdated. Here are a number of patches for kernel
> 2.4.18 a
13 matches
Mail list logo
