>
> Still, when someone offers their help there really is no need
> to play a smart ass as you did. The only thing you might achieve doing
> that is a) direct rebuttals (my e-mail) and b) mild propositions to
> build patched packages yourself.
>
Admittedly I didn't read the email as properly as I
I made lenny packages for my machines. I could share them if you want?
On Wed, Oct 1, 2014 at 1:28 PM, Nikolay Hristov wrote:
> Hello there,
>
> I know that this is outdated debian release and it is in the archives but
> I still have 6 servers running Lenny and I don't want to upgrade them to
>
http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_go
With the exception of replacing /etc/exim4/exim.conf, its pretty much
exactly what happened to me :-)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Cont
On Wed, Dec 22, 2010 at 2:06 PM, Bastian Blank wrote:
> This looks like the rootkit I found somewhere in the internet:
> | 137a3bbda16034d34307a9d686e6fdb45b3c8683 procps/free
> | 5db25350dd15d3f1e63a4ff44fa85b72c21df72d procps/kill
> | eeab165a2cf06feb327fa996f35271c076e992bc procps/pgrep
> |
This is a me too email.
I found one overlooked machine that was compromised on 16th of December.
The usual process related things replaced:
free pgrep pmap skillsnice tload uptime w
kill pkill psslabtop sysctl topvmstat watch
All of these were chattr +ai, as if that was
On Sat, Dec 18, 2010 at 4:25 PM, Andrew McGlashan
wrote:
> Oh and HP's iLO might need an "advanced" license for virtual media to work,
> not sure about that yet. I picked up a nice DL380 G4 with the advanced iLO
> license already installed.
Yup, I've also discovered that one day when we reinstal
On Fri, Dec 17, 2010 at 3:44 PM, Thorsten Göllner wrote:
> Your are (both) right. I will reinstall.
What would be really nice though, is if you could do some kind of
post-mortem. I am always curious to know the techniques of the
black-hats, makes for nice war-stories around the camp fire :-)
Unf
> No question, reinstall.
I agree, this is a root exploit, and once you have root you can pretty
much hide anything you want.
On a side note, the patch even applies cleanly on older versions of
exim (such as 4.63), so if you're stuck with an older exim for
whatever reason (like I am), its easy en
2009/7/11 Maurice Guerrier :
> Je suis sur debian avec GNOME comme interface graphique, j'utilise un
> clavier US c'est a dire QWERTY comment dois-je faire pour avoir les
> caracteres accentues.
I don't read french, but I know "avec" means "with" and I assume
"clavier" means "keyboard". It seems y
On Fri, Jun 5, 2009 at 9:54 AM, Izak Burger wrote:
> If you push me for an answer, I'll say qemu, virtualbox and/or vmware
> should be safer, but in practice I will likely choose vserver because
> there is way less complexity involved and much better performance.
One more thin
On Thu, Jun 4, 2009 at 5:00 PM, wrote:
> Ok, what is Your opinion on qemu guest - does it offer more
> protection/guarantee?
The differences are in how much is virtualised.
Vserver does very little virtualisation and focuses on isolation.
There is no virtual cpu, virtual network device or any su
On Wed, Jun 3, 2009 at 5:53 PM, john wrote:
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view of ease of
> installation, ease of maintenance, quality of the tool, and ability to
> have it deliver really useful informatio
On Tue, Jun 2, 2009 at 6:42 PM, Wade Richards wrote:
> Don't obsess on root access. Any unauthorized use is a problem.
You are right of course. Right after I sent my message saying that
"perhaps the machine hasn't been exploited yet" I realised how wrong
such a view is. Someone gained access to
On Mon, Jun 1, 2009 at 12:26 PM, Vladislav Kurz
wrote:
> Well, this really looks suspicious. Look for unexpected processes running,
> open ports, etc. Directory /dev/shm/ is world-writable like /tmp, so chances
> are that the attacker did not gain root yet. But he might have shell
> listening on s
On Sun, May 31, 2009 at 8:56 PM, Sthu Deus wrote:
> as what are the requirements. Can You explain its isolation level? Say, If I
> place there a server, and one day it will be hacked so that the criminal gets
> full control of the guest OS, - will it protect the host OS?
Linux vserver shares the
On Sat, Feb 14, 2009 at 6:19 AM, Chip Panarchy wrote:
> Which 256-bit encryption is the best? Camellia or AES?
>From the wikipedia article it seems they are the same as far as
strength goes, but Camellia is supposedly a little more efficient (ie
less/smaller cpu and that sort of thing).
http://e
On Thu, Feb 12, 2009 at 10:37 PM, Lupe Christoph wrote:
> Mode 600 will deny /etc to everybody except root while it will change
> nothing for root. If you have any services on your system that run under
> non-root UIDs, and that have config under /etc, you hose them with any
> mode that removes th
> "Stephen Vaughan" wrote:
>> When will people learn not to set auto replies
Nothing wrong with a proper auto-reply (one that does some decent
caching, only replies once a day, avoids mailing lists and things with
precedence: bulk, etc etc).
The problem IMHO is that that is so hard to do. For ex
On Wed, Dec 10, 2008 at 7:40 PM, Sjors Gielen <[EMAIL PROTECTED]> wrote:
> He doesn't mean a suspend to disk, which is what I thought too, first.
> He wants to make his installation "frozen", i.e., changes aren't saved
> over reboots. I don't know how to do it, but maybe this clears up his
> origin
On Wed, Dec 10, 2008 at 6:51 PM, Carlos Carrero Gutierrez
<[EMAIL PROTECTED]> wrote:
> Hi, i would like to freeze my linux in order to freeze the OS, then,
> when I reboot the computer all changes that i made in the computer
> dissapears and it returns to the previous OS freezed.
Cross posting is
On Mon, Oct 6, 2008 at 3:00 AM, Jack T Mudge III
> Correct me if I've missed something, but isn't the /etc/passwd *supposed* to
> be world-readable, for example to translate UIDs to user names using the ls
> command?
Correct. NSS uses that file (in a standard setup) to translate uid's
to usernames
On Thu, Jun 12, 2008 at 7:06 AM, Andreas Kretschmer
<[EMAIL PROTECTED]> wrote:
> Sowas an eine Mailingliste? Das ist, sorry, asozial.
Probably one of those features where you upload your address book (or
give them your gmail username/password) and it automatically invites
everyone. An honest mista
On Thu, May 15, 2008 at 9:58 PM, Guido Hennecke
<[EMAIL PROTECTED]> wrote:
> In Germany we say: "Wer nichts macht, macht auch nichts verkehrt".
Which means: he who does nothing makes no mistakes. (For those who
don't understand German)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subje
On 8/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Software failures *are* in the worst cases life threatening, and
> everyday non-safety-critical systems can easily be a very serious
> nuisiance to other users.
I propose we stick a label on: This software is not meant to be run in
life su
On 8/16/07, Jack T Mudge III <[EMAIL PROTECTED]> wrote:
> My personal view is that there are plenty of simpler distributions out there,
> knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
> who need hand-holding. Debian is primarily for advanced users, and for users
> who
> does it not cover the case of packets arriving at eth0 spoofed as
> from 127.0.0.1 ?
Right you are, that slipped my mind.
I seem to recall that earlier versions of debian had rp_filter default
to 1 (I see sarge still has this, you set spoofprotect=yes in
/etc/network/options, and afaik it defau
On 8/16/07, Ondrej Zajicek <[EMAIL PROTECTED]> wrote:
> And if there is no firewall (or other
> hand-crafted protective measures), then there is no need for
> rp_filter. So on common workstation there is no need for
> rp_filter too.
I also don't see why you need rp_filter on a workstation. A
work
On 12/17/06, Thorsten Schmidt <[EMAIL PROTECTED]> wrote:
However, this requires alpha having a ssh-key. Furthermore I'm not in charge
with alpha's security, thus I've to make sure, that a attacker, who gained
access to alpha's ssh-key is not able to compromis beta (well, he might be
able to delet
On 10/18/06, Matvey Gladkikh <[EMAIL PROTECTED]> wrote:
Stop using blobs like nvidia videodriver in debian.
Force them to go opensource!
Can the opensource driver do proper acceleration yet?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL
On 9/18/06, Morgan Walker <[EMAIL PROTECTED]> wrote:
I was just wondering if there was a package/script out there that could be
used to notify the sys. admin every time a user logged into a debian system.
The simplest two ways, as was already noted, is to add something to
/etc/profile or some o
On 8/26/06, Michelle Konzack <[EMAIL PROTECTED]> wrote:
Never had autoinstalled nfs-common and lpr...
Those are definitly installed by default, at least in stable, or it
was installed the last time I installed stable. IIRC so is
nfs-kernel-server, although it is disabled by default since
/etc/
On 8/20/06, kevin bailey <[EMAIL PROTECTED]> wrote:
I'm sure it's been included in to the default setup for a reason - but I
will be removing it on most servers.
I always remove it after the installation (about the same time when I
get rid of nvi and install vim). I see no point for it to be
i
On 8/11/06, Christian Schuerer <[EMAIL PROTECTED]> wrote:
Isn't it strange that there is an DHCP client running on lo? I don't get the
point of doing that.
The pid is the same for all three (29184), so it is obviously a
process that binds to 0.0.0.0, and as a result, ends up listening on
lo as
On 7/17/06, Izak Burger <[EMAIL PROTECTED]> wrote:
--- snip ---
and ran it on a sarge box running 2.6.8 (not sure exactly which
version), and STILL got a root prompt back.
--- snip ---
Ok, I'm an idiot. I cannot for the life of me reproduce the
problem now. I recall accidently
Hi all,
Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down. I maintained that only
kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:
llowed to log in.
regards,
Izak
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
http://www.cs.sun.ac.za/
Tel. +27 21 808 4863
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
A big enough hammer can usually fix anything.
llowed to log in.
regards,
Izak
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
http://www.cs.sun.ac.za/
Tel. +27 21 808 4863
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
A big enough hammer can usually fix anything.
--
To UNSUBSCRIBE, email to [EM
er seeing a solution with some kind of preloaded library that
makes writes to the syslog go to stdout instead. You can then simply pipe
it into multilog.
regards,
Izak
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
er seeing a solution with some kind of preloaded library that
makes writes to the syslog go to stdout instead. You can then simply pipe
it into multilog.
regards,
Izak
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
I think you're thinking about BSD process accounting. It provides a way
to tell the kernel to write process information to a file. I have never
worked with it before, but now you have a bit more to go on :)
regards,
Izak Burger
On Mon, 5 Mar 2001, Miguel Ángel Varó Giner wrote:
>
I think you're thinking about BSD process accounting. It provides a way
to tell the kernel to write process information to a file. I have never
worked with it before, but now you have a bit more to go on :)
regards,
Izak Burger
On Mon, 5 Mar 2001, Miguel Ángel Varó Giner wrote:
>
gs, it installs a
whole lot of things I'm REALLY not interested in. These days I try to
stick with apt-get.
regards,
Izak Burger
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
http://www.cs.sun.ac.za/
Tel. +27
things, it installs a
whole lot of things I'm REALLY not interested in. These days I try to
stick with apt-get.
regards,
Izak Burger
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger ([EMAIL PROTECTED])
http://www.cs.sun.ac.za/
Tel. +27
43 matches
Mail list logo
