On Mon, Dec 09, 2013 at 09:41:34AM -0700, Jason Fergus wrote:
>
>
> On Sat, 2013-12-07 at 10:55 -0600, Richard Owlett wrote:
> > I chose phrasing of subject line to emphasize some peculiarities
> > of my needs.
> >
> > End-user emphasizes:
> >- I am *NOT* an expert
> >- my system is nev
On Sat, Dec 07, 2013 at 10:55:30AM -0600, Richard Owlett wrote:
> I chose phrasing of subject line to emphasize some peculiarities of
> my needs.
>
> End-user emphasizes:
> - I am *NOT* an expert
> - my system is never intended to be a "server"
(...)
Based on this I suggest you use a simple f
On Tue, Sep 01, 2009 at 08:53:34PM +0100, Dale Amon wrote:
> So is there a way to simply tell tiger to not look
> at certain disk drives? It seems rather silly to have
> it wasting time processing 30-40TB of backups when all
> that is needed is to monitor the actual system disks.
IIRC You can use
After a while sitting in experimental (since june this year) I have decided
to push Snort 2.8 to unstable, specially because of bug #536144
I would appreciate if people running IDS sensors tested these new packages as
soon as they are available for their architecture and submit reports to the
BTS
Dear All,
I've recently requested Debian Ftp maintainers [1] to remove from the archive
Nessus and all its related packages (nessus-core, nessus-libraries, libnasl
and nessus-plugins). The main reason for this is that upstream is more
focused in maintaining it's non-free version of Nessus (labele
On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
> RHEL and derivatives: 7 years
RHEL does offer support for 7 years, but that's paid-for support. Notice that
you *cannot* use official RHEL updates without paying for it (up2date
requires a paid subscription to Red Hat's Network).
On Mon, Jan 28, 2008 at 06:43:27PM +0100, Florian Weimer wrote:
> > Debian has a policy to install as few network services as possible in a
> > default install and bind them to the loopback interface if possible.
>
> Where is this described in Policy?
Maybe 'policy' was a rather strict word. Actu
On Wed, Jan 23, 2008 at 11:22:41PM +0100, Florian Weimer wrote:
> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can underst
On Wed, Jan 23, 2008 at 01:15:18PM -0600, William Twomey wrote:
> I guess my point is if the 'iptables' package is installed by default on
> Debian, then better integration with Debian would probably be a good
> idea.
Iptables provides the tools, the init.d script was removed since it
conflicte
On Fri, Dec 14, 2007 at 04:10:21PM +0100, Daniel Leidert wrote:
> Now I know, some upstream authors automatically provide (signed) MD5
> sums together with their packages (I do for example). Is there anything
> in the Debian packaging architecture to automatically get and compare
> the MD5 hash of
On Fri, Nov 02, 2007 at 09:35:16PM +0100, Julian Heinbokel wrote:
> Am Donnerstag, 1. November 2007 07:06 schrieb Russ Allbery:
> i found the instructions in /usr/share/doc/rssh/CHROOT.gz incomplete, so
> after a long search i copied together this (ugly) skript, but by reading
> it you might find t
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
> Simply installing update-manager (on etch) does not necessarily notify
> the user of security updates. It might 'automagically' work in some
> situations, but as long as it doesn't do so in _any_ situation it will
> just make ne
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
> > Did you actually tried update-notifier on KDE?
>
> Yes, it was installed on my system for some months, but it never
> informed me about any update. (I get informed via
> debian-security-announce, though and install updates '
On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
> - From the documentation I gather, that update-manager would probably work
> on kde, but that it just checks, if the package information has changed.
> This would have to occur either manually or by some cron job, cron-apt
> etc
On Tue, Aug 21, 2007 at 05:13:43PM +0200, Johannes Wiedersich wrote:
> >
> > Educating users also involves raising awareness that they *have* to keep
> > their system up-to-date with security patches both to prevent local and
> > remote exploits. The fact that KDE (or Xfce) does not have an equiva
On Fri, Aug 17, 2007 at 03:04:42PM -0700, Jack T Mudge III wrote:
> On Thursday 16 August 2007 15:09, R. W. Rodolico wrote:
> > Unfortunately, I have to point to some of the
> > user oriented firewalls you get for windoze (which, to my knowledge, Linux
> > does not have). When they are installed, t
On Tue, Aug 21, 2007 at 09:06:18AM +, [EMAIL PROTECTED] wrote:
> I imagine one of the available options would send you an email ?
> or you could stick it the MOTD ...
> whatabout headless web-interface controlled systems ?
For those systems there's cron-apt and debsecan. Your choice. Both use
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
> Not exactly true. Debian adds security repositories to apt's sources,
> that's true. But it does _not_ automatically install them on your
> system. It was my point that debian does not by default provide an
> automated system to
On Tue, Aug 21, 2007 at 09:32:35AM +, [EMAIL PROTECTED] wrote:
> is one of those installed by default ?
No, as I said, users have to select one of them and install it themselves.
Regards
Javier
signature.asc
Description: Digital signature
On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
> PS 2: While we are at it: debian by default also does not install or
> enable an automated system to install security updates. It is the
> responsibility of the user to decide whether and when security updates
> are installed.
On Fri, Aug 17, 2007 at 12:24:27AM +0200, Izak Burger wrote:
> On 8/16/07, Jack T Mudge III <[EMAIL PROTECTED]> wrote:
> > My personal view is that there are plenty of simpler distributions out
> > there,
> > knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
> > who need
On Mon, Aug 20, 2007 at 09:04:18AM +, [EMAIL PROTECTED] wrote:
> > I'm no security expert, but I would suggest that a benefit of
> > 'Personal' firewalls is the provision of a simple, systematic way of
> > restricting access to services. Yes, many apps offer some way of doing
> > this, but rem
On Sun, Aug 12, 2007 at 01:16:57PM -0700, Wade Richards wrote:
> 2) If you really don't like the log messages, then reconfigure your firewall
> to not
>log dropped packets.
Actually, it might be best to just drop (and not log) packets to these ports
which are flowding your messages' log and l
Just a quick note to let people know that I have just upload packages for
Snort version 2.7 (released some weeks ago) into experimental. I've also made
an upload to the Snort 2.3 packages with a new set of rules (the 'Community
rules') which increases the IDS signature ruleset by over 800 new sign
On Wed, Jan 10, 2007 at 07:23:36PM +0100, Moritz Muehlenhoff wrote:
> > Do you think there is a need for them?
>
> No, too much beaucracy for too little gain.
What bureaucracy? Unlike CVE names, each vendor can generate their own OVAL
signatures. For example:
http://people.redhat.com/mjc/oval/
fo
On Tue, Jan 09, 2007 at 08:08:36PM +0100, Florian Weimer wrote:
> Does anyone publish Debian-specific OVAL signatures? Do you think
> there is a need for them?
Not that I know of, but I have a converter to OVAL signatures that can
generate the XML files from the website contents. But somebody has
On Sat, Dec 23, 2006 at 11:20:12AM +0100, Loïc Minier wrote:
> On Fri, Dec 22, 2006, Javier Fernández-Sanguino Peña wrote:
> > I don't know how mach operates precisely, would you care to elaborate how
> > and
> > when does it use /var/tmp/mach/? What files are created th
On Fri, Dec 22, 2006 at 01:51:20PM +0100, Loïc Minier wrote:
> Would someone be so kind to either correct me or to help me word why
> this is a bad idea?
This is a bad idea because, if mach creates (on installation)
/var/tmp/mach/something, and a
rogue user creates (before installation) /var/tm
On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote:
> Do you have a strategy or anything to automate this task a little more?
> The server farm is growing and i might have to look after 20 or 30
> installations soon. I can already see myself updating ubuntu/debian
> installations all day long :(
On Mon, Nov 20, 2006 at 09:33:14PM -0700, s. keeling wrote:
>
> I'm wondering whether there might be some "secure temporary file
> checklist" which should be part of the
> indoctrinationinitiation phase for DDs?
Well, I tried to write some information for DDs in the "Securing Debian
Manual": Chap
On Mon, Nov 06, 2006 at 11:19:20AM +0100, Heilig Szabolcs wrote:
> Hello!
>
> >http://jesusch.de/~jesusch/tmp/access.log
>
> There are many log entries with "something=http://"; style
> pattern. These are common attack methods against default configured
> servers with poorly written applications.
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote:
> On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote:
> >On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> >> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
>
> I tried &q
On Thu, Oct 19, 2006 at 07:53:29AM +0800, Lestat V wrote:
> I tried using "arp -an -i eth0" plus "arping [MAC]", and results:
> dance:/home/lestat# arp -an -i eth0
> ? (10.100.105.251) at 00:07:84:52:55:3C [ether] on eth0
> ? (10.100.105.252) at 00:07:84:52:55:3D [ether] on eth0
> ? (10.100.105.250
On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
> I encouter an fake MAC address problem:
>
> I found that on ARP table of my computer, all IP addresses in my LAN
> have a same and pecular MAC address. On ARP table of two other
> computers in the same LAN as mine, different IP addresses
On Tue, Oct 17, 2006 at 01:07:08PM -0700, headshot wrote:
> Thanks!
Is this a question? I provided a version of NessusClient (1.0.0.rc1) at
http://people.debian.org/~jfs/nessus/client/ but I have not received any
comments on it.
If you want to test it out, go ahead.
Regards
Javier
signature.
On Sun, Sep 17, 2006 at 10:50:47AM +0200, Mario Fux wrote:
> > change
> > /sbin/shutdown -t1 -a -r now
> > for /bin/false
> > or anything else you whant to happen with ctrl-alt-delete
>
> Yes, I know. I seem to be unprecise. In harden-doc is written that when the
> -a
> option is included only u
I've recently uploaded a new version of Bastille (the *nix hardening tool,
more info at http://bastille-linux.org) to the 'experimental' archive. The
version of the package is 3.0.9-1 and it should work without any glitches in
any sid / testing / stable Debian system. It can be downloaded from
ht
On Mon, May 15, 2006 at 05:09:28PM +0200, Uwe Hermann wrote:
> Hi,
>
> just a random question I wanted to ask for quite a while now:
>
> What is "the Debian way" to prevent any daemon from ever starting,
> whether upon reboot, upon upgrade, upon new install etc.
Please see
http://www.debian.org/
On Sat, Mar 04, 2006 at 10:12:56AM +0100, Loïc Minier wrote:
> But you're still way more secure while sitting behind a NAT with
> responsible coworkers than connected to the Internet directly, without
> any firewall, and that's where desktops sit most of the time.
Well, a NATed gateway is not t
On Sat, Mar 04, 2006 at 01:41:14PM -0500, Joey Hess wrote:
> > - a default GNOME install should *not* install a network service, even if
> > that
> > enabled new features to the users. Consequently, if rhythmbox is part of
> > the GNOME task, it should not pull in ahavi-daemon automatically
>
On Sat, Mar 04, 2006 at 11:32:20AM +0100, Loïc Minier wrote:
> On Sat, Mar 04, 2006, Javier Fernández-Sanguino Peña wrote:
> > Rhythmbox is a very easy to use music playing and management program
> > which supports a wide range of audio formats (including mp3 and ogg).
> >
On Sat, Mar 04, 2006 at 01:26:24PM -0500, Joey Hess wrote:
> If avahi is not running, rhythmbox prints this to std(something) on
> startup and/or when you enble sharing in its prefs:
Notice that *most* users will not see this as they will start up rhythmbox
from a GNOME application menu and not t
On Sat, Mar 04, 2006 at 11:07:25AM +0100, Loïc Minier wrote:
> I'm doing my final pass on the deb-sec part of this discussion, I don't
> intend to participate much further, no new arguments are popping up.
Quite sincerily, this discussion is getting nowhere. There are sufficient
arguments in thi
On Sat, Mar 04, 2006 at 09:51:31AM +0100, Loïc Minier wrote:
> On Fri, Mar 03, 2006, Joey Hess wrote:
> > Standard Desktop task installs do not install Recommends anyway, so
> > rhythmbox does not pull in avahi-daemon in those situations and you need
> > to deal with that somehow.
>
> It's a but
On Sat, Mar 04, 2006 at 10:31:02AM +0100, Loïc Minier wrote:
> > And for the same thing, why would a typical desktop machine provide users
> > to share even files! My desktop system at home (and my parent's and my
> > uncle's and whatnot) are completely stand-alone desktop systems, connected
> > t
On Fri, Mar 03, 2006 at 06:47:34PM +0100, Loïc Minier wrote:
> Hi,
>
> On Fri, Mar 03, 2006, Henrique de Moraes Holschuh wrote:
> > Inside the network? Most managed networks have filtering at the borders, at
> > key router nodes, and if it has a more advanced distributed-firewall
> > ment
(IMHO this dicussion is reaching to a point in which it should move to
d-devel instead, but I'll keep it here)
On Thu, Mar 02, 2006 at 09:06:27PM +0100, Loïc Minier wrote:
> On Thu, Feb 23, 2006, Javier Fernández-Sanguino Peña wrote:
> > IMHO the problem here is having a mus
On Fri, Mar 03, 2006 at 02:36:38PM +0100, Loïc Minier wrote:
> This is a desktop machine, it should permit sharing of files on your
> local network. DNS servers have their port 53 open to respond to name
> resolution queries, just consider your desktop installation to be a
> name server respon
On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote:
> On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
> > You can trigger the update via ssh or wget.
>
> The entire scheme strikes me as reinventing a mechanism which has been
> existing for years now, being called cron-apt.
I do
On Thu, Feb 23, 2006 at 12:47:44PM +0100, aliban wrote:
> >
> I am sorry, but I am quite new linux and debian at all and you may excuse
> my question:
>
> why is there no rule to "prompt the user" for all applications that open
> ports on non-localhost?
The default policy is a compromise between
On Wed, Feb 22, 2006 at 08:59:40AM -0800, Rick Moen wrote:
> Quoting aliban ([EMAIL PROTECTED]):
>
> > MS Blaster infected many million system within seconds...
>
> Relying on the vulnerable MSDE embedded SQL database engine being
> embedded into a large number of consumer software products, and
On Fri, Feb 03, 2006 at 11:02:33PM +0100, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is the nmap -sT scan from a friend:
I guess you both are not in the same ISP
>
> > nmap -sT internet_address
>
> Port State Service
> 25/tcp filteredsmtp
> 46/tcp openmpm-snd
> 8
On Tue, Jan 24, 2006 at 12:16:43AM +0100, Jaroslaw Tabor wrote:
> Hi all!
>
> Has anyone know a network scanner I can run on Debian to search LAN for
> unprotected windows shares ? Or maybe something looking for simple
> passwords ? I'd like to automate discovering stupid users, leaving full
On Tue, Jan 17, 2006 at 11:26:51PM +0100, Stefan Wiens wrote:
>
> I have reported this problem on Tue, 16 Nov 2004, bug ID #281656.
When reporting these bugs please send them to the Security Team, not to the
maintainer. Actually, the bug is not even tagged 'security'. Please see
http://www.debian
On Fri, Dec 16, 2005 at 08:14:15AM -0500, Michael Stone wrote:
> On Fri, Dec 16, 2005 at 01:27:57PM +0100, Javier Fernández-Sanguino Peña
> wrote:
> >On Thu, Dec 15, 2005 at 05:54:34PM -0500, Noah Meyerhans wrote:
> >>Well, at least there's still *some* level of physi
On Thu, Dec 15, 2005 at 05:54:34PM -0500, Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 10:19:48PM +, kevin bailey wrote:
> > good point - also the fact that the users stick their email passwords to
> > their monitors using postits!
>
> Well, at least there's still *some* level of physical s
On Thu, Dec 15, 2005 at 10:02:46PM +, kevin bailey wrote:
> >
> >> - i may need to access the server over ssh from anywhere.
> >
> > bad idea... what you can do .. the cracker can also do from "anywhere"
> >
> > at least, lock down incoming ssh from certain ip#
> > vi hosts.deny
> > ALL : AL
On Thu, Dec 15, 2005 at 05:20:19PM +, kevin bailey wrote:
> > get DDOSed in retaliation (I am guessing really). Anyways on a
> > multi-user web server it difficult to track down the vulnerable cgi
> > unless you run the cgi's as the account owner (as apposed to all running
> > as www-data), and
On Tue, Nov 29, 2005 at 04:34:11AM +, kevin bailey wrote:
> hi,
>
> the following output looks like i've been rooted.
Yes, it doesn't look like a false positive:
> Checking `ls'... INFECTED
> Checking `netstat'... INFECTED
> Checking `ps'... INFECTED
> Checking `top'... INFECTED
Nasty.
> S
On Wed, Nov 23, 2005 at 07:07:21PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Well, obviously it is not a _security_ bug, since it has nothing to do
> > with security.
> ...
Without looking at the bug in detail you cannot tell for sure. A DoS
condition can become
On Fri, Nov 04, 2005 at 11:03:18AM +0200, Kostas Magkos wrote:
> Hey guys,
>
Hi there.
> Is there a more elegant solution? What is the debian way?
Read the last two examples of
/usr/share/doc/ifupdown/examples/network-interfaces.gz
Regards
Javier
PS: I know, I have to update
http://www.debian
On Wed, Nov 02, 2005 at 11:14:22PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > I'm looking for (preferably) a company, or individual, to attempt to
> > breach a standard config I have created to deploy client applications
> > in production. It is intentionally a
On Wed, Nov 02, 2005 at 05:33:54PM -0800, Alvin Oga wrote:
> > The whole point of the test will be for me to monitor what's happening
>
> that you should already be seeing all the attacks you are already
> getitng just by the generic background white-noise-attacks
> - and its free ... and d
On Mon, Oct 10, 2005 at 04:44:13PM +0200, Nicolai Ehemann wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello!
>
> I just (err, over the last 4 or 5 days) created a (hopefully
> standards-compliant) package for the pam_abl PAM module.
>
> The pam_abl module provides a fully config
On Wed, Aug 24, 2005 at 05:54:36PM +0100, Jose Manuel dos Santos Calhariz wrote:
> tripwire detected that the date of two binaries, bash and nano,
> changed. I have looked into the logs and between the two runs of
> tripwire, the machine didn't rebooted or had new software instaled.
>
> As I don'
On Wed, Aug 24, 2005 at 06:14:59PM +0800, Aldous Penaranda wrote:
> On Wed, 24 Aug 2005 12:07:00 +0200, Petter Reinholdtsen wrote:
>
> > Are there known security holes in sshd in oldstable (woody)?
>
> A quick bug search gave me this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413
>
>
On Tue, Jul 12, 2005 at 10:09:44AM +0200, Mike Gerber wrote:
> > A tool which lists all packages which are no longer downloadable from
> > any APT source would be more helpful, I think. Does it already exist?
>
> I have a slighty inefficient script for that. I believe there are better
> ways to
On Sun, Jul 10, 2005 at 03:59:43PM +0200, Florian Weimer wrote:
> Is anybody looking at this problem in a systematic manner, or should I
> just file bugs on the more likely candidates for a security update
> (dpkg and zysnc, based on the list above and assuming that 1.1 is
> indeed not affected).
On Thu, Jun 30, 2005 at 11:16:18AM +0200, neologix wrote:
> Hi everybody. I hope this question won't be too stupid.
> When I perform a standard installation (i.e minimal), the installer installs
> many servers, and launches them (like portmap, ssh, exim, etc). Why?
> I think that OpenBSD and FreeBS
On Wed, Jun 29, 2005 at 03:13:47PM +0200, Markus Kolb wrote:
> Javier Fernández-Sanguino Peña wrote on Wed, Jun 29, 2005 at 09:28:37 +0200:
> > On Tue, Jun 28, 2005 at 05:36:13PM +0200, Markus Kolb wrote:
> > > Hello,
> > >
> > > I've done a fix for sudo
On Tue, Jun 28, 2005 at 05:36:13PM +0200, Markus Kolb wrote:
> Hello,
>
> I've done a fix for sudo of sarge. Code from new upstream version.
Did you check the BTS? Please read #315115 and #315718.
Unstable actually has 1.6.8p9-1 (uploaded yesterday)
It seems that it is only pending the stable se
On Tue, Jun 28, 2005 at 11:48:23AM +0200, Marek Olejniczak wrote:
> No, it was *my* decision! I'm using Debian since 4 years and I like this
> distribution. And it suprised me that my favourite distro has problems
> with security.
Like any other *volunteer* project, there are ups and downs. Don'
On Mon, Jun 27, 2005 at 06:44:06PM -0400, Michael Stone wrote:
> On Tue, Jun 28, 2005 at 12:00:28AM +0200, martin f krafft wrote:
> >Do you guys see this as a de facto state with no solution, or is
> >a good solution simply waiting to be found?
>
> The security secretaries were originally going to
On Sun, Jun 26, 2005 at 05:22:27PM +0200, Filippo Giunchedi wrote:
> [sorry for crossposting, but this is relevant to both ML, please cc]
>
> Hi,
> while searching bugtraq for not-yet-fixed security bugs, I found out that
> there
> is no reliable way (apart from testing yourself) if a package has
On Thu, Apr 28, 2005 at 03:45:48PM +0200, Jeroen van Wolffelaar wrote:
> It'd be wise for those projects to take the extra precaution by allowing
> (and the Debian maintainer to do so) include files outside the web root,
> but to DSA for such a thing when there might not even be a vulnerability
> a
On Thu, Apr 28, 2005 at 10:04:00PM +0200, Hans Spaans wrote:
> Is this going to solve the problems? Don't get me wrong, because I love
> your goal but I don't believe that what you suggesting right now is
> going to solve the problems with PHP at this moment. Maybe its an idea
> to get in contact w
On Thu, Mar 31, 2005 at 10:44:53PM -0600, Brad Sims wrote:
>
> Will not having the usual all: local break something?
Yes:
$ ldd `which portmap`
libwrap.so.0 => /lib/libwrap.so.0 (0x4003)
libnsl.so.1 => /lib/libnsl.so.1 (0x40039000)
libc.so.6 => /lib/libc.so.6 (0x4004e
On Mon, Mar 28, 2005 at 12:37:46PM -0800, Alvin Oga wrote:
> > When I logged on I discovered two outgoing connections to port ircd on
> > the foreign hosts, and some thing listening on port 48744 TCP.
>
> sorta harmless ... script kiddies having fun
No, it's _not_ harmless. Those are usually s
On Mon, Mar 28, 2005 at 04:25:57PM -0500, Malcolm Ferguson wrote:
> With your suggestions and those from others, I have some more ideas
> about how to harden this machine. I've also been looking (again) at the
Some more suggestions (some are redundant, but are included just for fun),
since it'
Maybe you've seen it already, but the guys at Ubuntu have done a
light-weight analysis of the vulnerabilities they have been released since
"Warty" was released: https://www.ubuntulinux.org/wiki/USNAnalysis
This analysis does not match the one on ICAT's database
(http://icat.nist.gov/icat.cfm?func
On Wed, Feb 09, 2005 at 03:29:13PM +1100, Geoff Crompton wrote:
> Anyone know if gs-gpl is affected by the issues mentioned at
> http://www.securityfocus.com/bid/12327?
Not the woody version, this is bug #291373. It is not listed in Bugtraq's
credit properly, but this particular issue is listed
On Wed, Feb 09, 2005 at 03:09:26PM +1100, Geoff Crompton wrote:
> Has there been a DSA for apache, in relation to the securityfocus
> bugtraqID #12308?
> http://www.securityfocus.com/bid/12308
Take a look at the 'credits' tab.
Javier
signature.asc
Description: Digital signature
On Wed, Feb 09, 2005 at 12:24:55PM -0500, Ed Shornock wrote:
>
> Does this include snort-pgsql? I don't see for experimental (unless
> the mirrors haven't all been updated yet). I do see snort and
> snort-mysql though...
Snort-pgsql was uploaded too, it's listed in packages.debian.org so your
m
Hi everyone,
I've recently uploaded (to experimental only) new Snort 2.3.0 packages
(based on the release made by the Snort team last January 25th). One of the
main reasons I've uploaded this to experimental (and not sid) is that I've
introduced /etc/default/snort and made /etc/snort/snort.comm
On Wed, Feb 02, 2005 at 12:21:38PM +0100, Christian Jaeger wrote:
> I feel there's a lack of a central source of information about all
> the public key related topics around Debian. I can't find any info on
> www.debian.org. I realize there is http://wiki.debian.net, maybe that
> would be a plac
On Wed, Jan 12, 2005 at 04:57:41PM +1100, Andrew Pollock wrote:
> Hi,
>
> I've done some cursory apt-cache searching, and nothing's jumped out at
> me...
Have you read this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-log-alerts
Logcheck is more or less the standard way
On Tue, Nov 02, 2004 at 08:55:24PM +0100, Raffaele D'Elia wrote:
(...)
I fail to see how this is a Debian-specific security issue, but I'll bite.
> Now the problem: I have only a cross-over cable from the router to the
> firewall, so I cannot connect the backup firewall.
> Using a switch is poi
On Wed, Oct 20, 2004 at 11:50:07AM +0200, martin f krafft wrote:
> Well, since you implemented it already, why not make it
> configurable. I think per-IP makes more sense. If an IP tries 50
> times to guess my root password, I should not only try to stop it,
> I should also not be naive and let it
On Fri, Oct 08, 2004 at 11:48:49AM +0100, Marcus Williams wrote:
> I'm looking at either proftpd or vsftpd but what I want is to set it
> up so that users can login with a password that is different to their
> shell password so that their shell passwords are not broadcast in
> plaintext every time
On Sun, Sep 05, 2004 at 06:17:36PM +0200, martin f krafft wrote:
>
> I was not aware of this, and I consider it a horrible state of
> affairs. Seriously, if this becomes public, Debian is in serious
> trouble, I think.
I always believed this to be a public list.
Seriously though, all open-sour
On Tue, Aug 31, 2004 at 04:42:49PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Tuesday 31 August 2004 13.30, Volker Tanger wrote:
>
> [spyware/adware/trojans/...:]
>
> Another thing that protects Linux systems: heterogenity. Binary exploits
> usually only work properly when a program
On Wed, Jul 21, 2004 at 11:05:45AM +0200, Peter Holm wrote:
> On Tue, 20 Jul 2004 13:10:08 +0200, Peter Holm <[EMAIL PROTECTED]> wrote:
>
> >Please point me to a website where all the things, that you mentioned,
> >are explained in detail and what exactly volunteers can do to help the
> >security
On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> Hi,
>
> As I promised in [1], a suggestion for the Debian security team.
>
> Since the security team is generally very busy sorting out any kind of
> vulnerability, sometimes fixes can take a little bit longer than usual,
>
On Tue, Jun 29, 2004 at 09:28:00AM +0200, Johann Spies wrote:
>
> Does anyone know whether there are woody packages for these corrected
> versions?
Actually no, I'm not sure wether the Security Team will publish a DSA
realted to this issue since it's non-critical. For more information see
#2563
On Thu, Jun 17, 2004 at 03:15:51PM +0200, Kim wrote:
>Hi All.
>
>I have been working with Debian for about 3 years now using it as
>different server solutions.
>
>The other day I came about the Adamantix distribution. Adamantix is a
>distribution that aims to be very sec
On Thu, Jun 17, 2004 at 03:15:51PM +0200, Kim wrote:
>Hi All.
>
>I have been working with Debian for about 3 years now using it as
>different server solutions.
>
>The other day I came about the Adamantix distribution. Adamantix is a
>distribution that aims to be very sec
On Wed, Jun 16, 2004 at 11:46:05AM +1200, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
Also notice that modsecurity provides a way to easily chroot your Apache
we
On Wed, Jun 16, 2004 at 11:46:05AM +1200, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
Also notice that modsecurity provides a way to easily chroot your Apache
we
On Wed, May 19, 2004 at 09:19:46PM +0200, Marcin wrote:
>
> Hello,
>
> I am trying to find solution for finding wiruses in my LAN networks.
> I am administrator of ISP router (generaly Debian of course), and in
> LAN there are litle "storm" of wiruses, trojans, spammers, etc "shits" ...
Good luc
On Wed, May 19, 2004 at 09:19:46PM +0200, Marcin wrote:
>
> Hello,
>
> I am trying to find solution for finding wiruses in my LAN networks.
> I am administrator of ISP router (generaly Debian of course), and in
> LAN there are litle "storm" of wiruses, trojans, spammers, etc "shits" ...
Good luc
1 - 100 of 471 matches
Mail list logo
