On Thu Apr 24, 2003 at 07:0001PM +0200, Kay-Michael Voit wrote:
> I'm just setting up my first webserver in a productive environment.
> Now I wonder how I could use chkrootkit.
>
> My first idea was to run a cronjob, butI have two problems with this
> solution:
>
> 1) An attacker could just chang
On Thu, Apr 24, 2003 at 06:46:11PM +0200, Adam ENDRODI wrote:
> Due to several requests received both in private and in public
> I decided the best would be to post the script on the list.
Thanks much.
Dear Sir/Madam,
We reached you through one of our clients.
We are now looking for a serious companies/entrepreneurs to locally represent our comanies new technology in other markets.
We have developed an unique product and successfully penetrated into the Israeli market:
CELLULAR REMOTE CONTR
On Thu, 24 Apr 2003 19:32:01 +0200
Kay-Michael Voit <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: MD5
>
> DCE> for (1) I guess you can put the binaries in a read-only medium
> DCE> and run them from there, like a CD-ROM or a write-protected
> DCE> floppy/flash-medium.
>
> I.R. van Dongen sì che favelando
> sibillò:
>
> > PS I would really like to see you perlscript, if
> you could send it to
> > me personallyI would really apriciate it.
>
I really apreciate if you can share with me your
script.
Thanks in advance.
=
Por favor, NO utilice formatos
It may be slightly unpure, but what's wrong with:
chkrootkit -q | grep -vE '(eth[0-9]+:*[0-9]* *is not
promisc)'
That would at least avoid triggering the mail from the
cron job.
Regards,
Josh
--- Kay-Michael Voit <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: MD5
>
> D
On Wednesday, 23 April 2003, at 16:37:01 -0700,
Jamie Penner wrote:
> or, if using syslog-ng, do this for each logfile type in your config file:
>
> destination syslog { file("/var/log/serverlogs/$HOST/syslog" owner("root")
> group("adm") perm(0640)); };
>
On the syslog-ng side I would suggest
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
DCE> for (1) I guess you can put the binaries in a read-only medium and run
DCE> them from there, like a CD-ROM or a write-protected floppy/flash-medium.
Well, the attacker could just stop the cronjob... but great idea
though.
My server is a remote root
hi,
for (1) I guess you can put the binaries in a read-only medium and run
them from there, like a CD-ROM or a write-protected floppy/flash-medium.
I am not sure I got what you mean in (2)
-dce.
Kay-Michael Voit wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hi,
I'm just setting up m
> perl script for automatic updates...
secpack does what you are looking for:
http://therapy.endorphin.org/secpack/
Sebastian
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hi,
I'm just setting up my first webserver in a productive environment.
Now I wonder how I could use chkrootkit.
My first idea was to run a cronjob, butI have two problems with this
solution:
1) An attacker could just change the chkrootkit binaries. I
Due to several requests received both in private and in public
I decided the best would be to post the script on the list.
It requires perl5, wget and gnupg. The current Debian Archive
Automatic Signing Key (38C6029A) should be present in the keyring
of the user executing the script (who needn't
On Wed, Apr 23, 2003 at 11:20:45PM +0200, Horst Pflugstaedt wrote:
> I don' know much about security issues for this one, but you might want
> to take a look at syslog-ng...
syslog-ng does remote logging on a specific tcp port,
and there is supposed to be encryption added at some point.
Not there
On Thu, Apr 24, 2003 at 04:18:10PM +0200, Kay-Michael Voit wrote:
> IRvD> PS I would really like to see you perlscript, if you could send it to
> me personallyI would really apriciate it.
I guess I'd not mind double checking that I haven't
missed something and should add it to my cfengine2
sc
Il Thu, 24 Apr 2003 07:03:48 -0500 (CDT)
David Ehle sì che favelando
sibillò:
> I use a cronjob. I'll send it to you privatly, if anyone else wants it
> let me know.
> David.
Thanks a lot, i'll be happy to see it.
--
sracatus
Il Thu, 24 Apr 2003 15:27:28 +0200 (CEST)
I.R. van Dongen sì che favelando
sibillò:
> PS I would really like to see you perlscript, if you could send it to
> me personallyI would really apriciate it.
me too :)
thanks a lot!!
bye
--
sracatus
IRvD> PS I would really like to see you perlscript, if you could send it to me
personallyI would really apriciate it.
place me on the list, too, please.
IRvD> On Thu, 24 Apr 2003 14:17:48 +0200, [EMAIL PROTECTED] wrote:
>> On Thu, Apr 24, 2003 at 11:43:06AM +0200, I.R. van Dongen wrote:
>
On Thu, 24 Apr 2003, Dale Amon wrote:
> On Wed, Apr 23, 2003 at 10:44:34AM -0400, James Duncan wrote:
> > Obviously steps should be in place to mitigate the damage of these sorts
> > of acts. Have steps in place to quickly replace machines that have to be
> > removed from production quickly and w
On Thu, Apr 24, 2003 at 01:16:49PM +, simon raven wrote:
> Le Thu, Apr 24, 2003 at 08:48:27 -0400, Raymond Wood a ?crit:
> > On Thu, Apr 24, 2003 at 02:17:48PM +0200, Adam ENDRODI imagined:
> >
[snip]
> > > Details on how to implement this have been discusssed in the
> > > list several times a
On Wed, 23 Apr 2003, Stefan Neufeind wrote:
> what is the best way to remotely syslog? In
> "RE: HELP, my Debian Server was hacked!" by James Duncan he wrote to
> use "syslog to log locally AND remotely". This is a good idea. But I
> wonder how to make it safe. Let's say I have two servers. Each c
I make a simple (ugly?) "solution" for that.
http://www.maluco.com.br/utils/anti-ptrace.c
Its a simple module that I applied at servers that i cannt reboot
now.
-Thiago Rondon
On Thu, Apr 24, 2003 at 12:29:54AM +0200, Mail Operator wrote:
> this one worked fine for me:
>
> http://sinuspl.net/p
this crontab does not download any packages, notice the "-s" switch which
simulates the download en install process.
it merly tells you what it would download and install if you would leave out
the -s switch.
Gr,
Ivo van Dongen
PS I would really like to see you perlscript, if you could send
Le Thu, Apr 24, 2003 at 08:48:27 -0400, Raymond Wood a écrit:
> On Thu, Apr 24, 2003 at 02:17:48PM +0200, Adam ENDRODI imagined:
>
> > On Thu, Apr 24, 2003 at 11:43:06AM +0200, I.R. van Dongen wrote:
> > >
> > > lamorak:~# crontab -l
> > > @daily apt-get -q -q -q -q update && apt-get -s
On Wed, Apr 23, 2003 at 07:43:36PM +0200, Stefan Neufeind wrote:
> Hi,
>
> what is the best way to remotely syslog? In
> "RE: HELP, my Debian Server was hacked!" by James Duncan he wrote to
> use "syslog to log locally AND remotely". This is a good idea. But I
> wonder how to make it safe. Let's
On Thu, Apr 24, 2003 at 02:17:48PM +0200, Adam ENDRODI imagined:
> On Thu, Apr 24, 2003 at 11:43:06AM +0200, I.R. van Dongen wrote:
> >
> > lamorak:~# crontab -l
> > @daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q
> > dist-upgrade
> Before you deploy such a mechanism, I adv
Le Wed, Apr 23, 2003 at 09:44:16 -0400, andrew lattis a écrit:
> On 2003/04/23 04:20:16AM +, Wed, simon raven wrote:
>
> i'm running ben's kernels with grsec no problem, there might have
> been one or two small rejects, but nothing major. currently i'm at
> 2.4.20-ben8 with grsecurity 1.9.9c,
I'm really sorry, I didn't notice that when I wrote my message
François TOURDE wrote:
Le 12166ième jour après Epoch,
Nicolas Sulek écrivait:
[SNIP...]
Please, please, please... No HTML in text messages... Even if you run NT on your
box :)
On Thu, Apr 24, 2003 at 11:43:06AM +0200, I.R. van Dongen wrote:
>
> lamorak:~# crontab -l
> @daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q
> dist-upgrade
Before you deploy such a mechanism, I advise that you set up
another one between the "update" and "upgrade" which check
> Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
> David Ehle sì che favelando
> sibillò:
>
> > nightly apt-get update && apt-get upgrade
>
> But if it asks human interaction?? How can i do??
I use a cronjob. I'll send it to you privatly, if anyone else wants it let
me know.
David.
>
> --
> sracatus
Are these patched kernels available for i386 too? Can someone post the link
please?
> i'm running ben's kernels with grsec no problem, there might have
> been one or two small rejects, but nothing major. currently i'm at
> 2.4.20-ben8 with grsecurity 1.9.9c, i think its c, maybe d. on i386
> grs
Le 12166ième jour après Epoch,
Mathias Gygax écrivait:
> On Don, Apr 24, 2003 at 11:19:34 +0200, Mauro Chiarugi wrote:
> > Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
> > David Ehle sì che favelando
> > sibillò:
> >
> > > nightly apt-get update && apt-get upgrade
> >
> > But if it asks human intera
Oops.
I'm VERY sorry everyone. I just did something really stupid with my mail
system and ended up sending messages to everyone whos email addresses I
filter in anyway.
If you have received messages from [EMAIL PROTECTED] with the subject
'This is a test' or from 'jillgreen' subject 'Hi' or from '
Le 12166ième jour après Epoch,
Nicolas Sulek écrivait:
>
>
[SNIP...]
>
Please, please, please... No HTML in text messages... Even if you run NT on your
box :)
--
QOTD:
"What I like most about myself is that I'm so understanding
when I mess things up."
--
François TOURDE - to
On Thu, Apr 24, 2003 at 04:02:56AM +0100, Dale Amon wrote:
> On Wed, Apr 23, 2003 at 10:44:34AM -0400, James Duncan wrote:
> > Obviously steps should be in place to mitigate the damage of these sorts
> > of acts. Have steps in place to quickly replace machines that have to be
> > removed from prod
On Don, Apr 24, 2003 at 11:19:34 +0200, Mauro Chiarugi wrote:
> Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
> David Ehle sì che favelando
> sibillò:
>
> > nightly apt-get update && apt-get upgrade
>
> But if it asks human interaction?? How can i do??
from the apt-get manual page:
[...]
-y
On Thu, Apr 24, 2003 at 11:19:34AM +0200, Mauro Chiarugi wrote:
> Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
> David Ehle s? che favelando
> sibill?:
>
> > nightly apt-get update && apt-get upgrade
>
> But if it asks human interaction?? How can i do??
>
apt-get --assume-yes upgrade
That'll answer
you can use cron-apt
cron-apt - Automatic update of packages using apt
Mauro Chiarugi wrote:
Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
David Ehle sì che favelando
sibillò:
nightly apt-get update && apt-get upgrade
But if it asks human interaction?? How can i do??
--
lamorak:~# crontab -l
@daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q
dist-upgrade
make sure the output is mailed to an address you use daily.
When an update is available you will be mailed, otherwise you get no mail.
Gr,
Ivo van Dongen
On Thu, 24 Apr 2003 11:19:34 +0200
Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
David Ehle sì che favelando
sibillò:
> nightly apt-get update && apt-get upgrade
But if it asks human interaction?? How can i do??
--
sracatus
39 matches
Mail list logo
