Thorsten Glaser writes:
> micah riseup.net> writes:
>
>> Encouraging custom DH groups is not a good idea, as this opens up the
>> triple handshake attack possibility[0].
>>
>> 0. https://www.secure-resumption.com/ (search for Initial DHE Handshake)
>> &
Kurt Roeckx writes:
> On Mon, Jun 08, 2015 at 10:00:00AM +, Thorsten Glaser wrote:
>> Stefan Fritsch sfritsch.de> writes:
>>
>> > And custom DH groups are not that easy to handle in an automated way.
>>
>> Right. I'm currently suggesting each "site" to generate one and
>> roll that out fo
or can help too, especially when used with onion
> addresses.
Are there any mirrors with a hidden service onion address? If so, I
would like to know where!
Are there any mirror operators out there who might be interested in
adding a tor hidden service, but don't know how? If so, cont
are installing. who cares what you are
installing? well it turns out that is very interesting
information. If you can see that I've just installed X package,
and you then just look over at our security tracker and find
that this package has an exploit...
micah
pgp50ulNq1plS.pgp
Description: PGP signature
want/need.
> Anyway, I'll keep updating the current setup for interested people, but
> without any interest from either party, that definitely looks like a
> dead end.
What is stopping you from creating another package, that provides the
kernel with grsecurity patches applied? Don't bother the kernel team
with it, and just maintain it yourself in the archive? Its free software
afterall.
micah
pgpy3qdaRwiBa.pgp
Description: PGP signature
On 01/26/2012 12:19 PM, Gustavo Noronha Silva wrote:
> On Thu, 2012-01-26 at 10:03 -0600, Micah Gersten wrote:
>> In Ubuntu, we need to maintain a stable branch of webkitgtk+ for 5 years
>> for our upcoming LTS. That is from Apr 2012 to Apr 2017. We'll be
>> using the w
to find other like minded people to help
maintain this branch. I assume that if Debian can standardize on 1.8,
that would be helpful for 3.5 years or so (6 months until wheezy
releases, 2 yrs of stable, 1 yr of old stable). How does this sound to
people?
--
Micah Gersten
Ubuntu Security Team
signature.asc
Description: OpenPGP digital signature
ning cron:
> grandchild #27213 failed with exit status 1: 1 Time(s)
Your cronjob returns an exit status 1, previously crond didn't report
that, but now it does. Make your cronjob return a zero exit code to make
it go away.
micah
pgp3rjl40HE1X.pgp
Description: PGP signature
* Karl Goetz [2009-06-11 08:25-0400]:
> On Wed, 10 Jun 2009 11:05:13 -0400
> Micah Anderson wrote:
>
> > * Karl Goetz [2009-06-10 03:44-0400]:
> > > On Tue, 2 Jun 2009 00:14:45 -0400
> > > Micah Anderson wrote:
>
>
> > > Odd. I've just d
* Karl Goetz [2009-06-10 03:44-0400]:
> On Tue, 2 Jun 2009 00:14:45 -0400
> Micah Anderson wrote:
>
> Thanks for your response, sorry about my delay getting back to you.
>
> > * Karl Goetz [2009-06-01 23:31-0400]:
> > > The suggestion in #vserver was "
and
find out.
However, I cannot reproduce what you have seen, using the same kernel.
micah
ps - upstream doesn't like unofficial packages either :)
signature.asc
Description: Digital signature
* Steffen Joeris [2009-03-18 18:48-0400]:
> On Thu, 19 Mar 2009 09:19:28 am Micah Anderson wrote:
[snip: removed some unrelated stuff to move discussion to
debian-security, please reply there]
> > On a somewhat tangential note, I've been asked a number of times by
> > peopl
>>On Wed, 31 Dec 2008, Micah Anderson wrote:
>>
>> Does anyone have a legitimate reason to trust any particular Certificate
>> Authority?
> Yves-Alexis Perez writes:
>
> > I may be wrong, but I trust the CAs in ca-certif
a matter
> of trust :-) )
> Don't trust certificates too much.
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
micah
signature.asc
Description: Digital signature
your logfiles using the syslog
facilities (try it yourself using 'logger'). You will quickly find
that you can very simply craft a log message that would be picked up
by these programs and be able to block an IP of your choosing.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
hat.
You could use dronebl, a dnsbl service, to check against and report
attacks to (http://headcandy.org/rojo/ for some examples using
fail2ban).
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-privileged user
on your system to issue a logger command to trigger a denyhosts DOS to
lock out anyone they want.
micah
signature.asc
Description: Digital signature
* Michael Stone <[EMAIL PROTECTED]> [2008-07-17 08:09-0400]:
> On Thu, Jul 17, 2008 at 04:46:54PM +0200, Daniel Leidert wrote:
>> Today there were some news about a study from the University of Arizona
>> regarding security issues with package management systems (like apt). I
>> did not yet read th
* s. keeling <[EMAIL PROTECTED]> [2008-07-09 17:31-0400]:
> Micah Anderson <[EMAIL PROTECTED]>:
> > * Wolfgang Jeltsch <[EMAIL PROTECTED]> [2008-07-09 13:31-0400]:
> > > > > configure it to only listen on 127.0.0.1,
> > >
> > > How do
* Wolfgang Jeltsch <[EMAIL PROTECTED]> [2008-07-09 13:31-0400]:
> > > configure it to only listen on 127.0.0.1,
>
> How do I do this? dpkg-reconfigure doesn’t help.
I think the bind9 package comes configured this way by default in
Debian (a caching-only local nameser
over the
network links
and which
was probably not
secure
in the least
Forgive me
it was convenient
so sweet
and so easy
micah
---
with apologies to william carlos williams
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
host/client keys are just used to verify the
authenticity of the server. In other words, ssh sessions are not
compromised just because an adversary has the host keys (unless a MITM
is setup, in which case you need bot the host key and the authentication
key to perform a mitm attack).
micah
--
* Stefan Novak <[EMAIL PROTECTED]> [071212 01:39]:
> Hello!
>
> http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
This is CVE-2007-6239[1].
> Will there be a patch für Debian Etch?
Etch and Sarge are vulnerable, the issue is known to the squid
maintainer and the security team[2].
1. http
S protocol at a very basic level.
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
You are missing:
deb http://security.debian.org/ etch/updates main
micah
Tomasz Ciolek wrote:
Hi All
have packages for these updates:
[DSA 1308-1] New iceweasel packages
[DSA 1309-1] New PostgreSQL 8.1
[DSA 1310-1] New libexif packages
been uploaded to the repositories and added to
em. I was able to open it the second time.
Micah
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFLGtx9n4qXRzy1ioRAscIAJ9yit4nDbeEWU1Zy6VIJJGPJsNnxACePreu
ySJpV18udhVkQmaJyPJb/qE=
=axFK
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
ew maintainer is not found[1].
This is unfortunate, because this is an fun solution to this problem.
Hopefully it will get fixed soon.
micah
1.http://lists.netfilter.org/pipermail/netfilter-devel/2005-December/022696.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDnE149n
citing random world of extentions for
firefox showed me that this extention was highly inadequite comparably.
micah
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDhf5A9n4qXRzy1ioRAj4vAJ9R0LkrGvVTbEawGHI/RGZGwCeqsACgqjTe
OkN+3cUQZD2ecy6RgnEanAQ=
=5ln7
-END PGP SIGNATU
take it as such.
micah
On Sun, 31 Jul 2005, Micah wrote:
> Nikita V. Youshchenko wrote:
>
> >>There won't be _any_ Debian solution with the current mozilla.org policy.
> >
> >
> > Not exactly. Correct statement is, '... with the current mozilla.org
eculation? Has anyone
actually spoken to people at Mozilla.org about this problem?
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Alvin Oga schrieb am Wednesday, den 29. June 2005:
>
> On Wed, 29 Jun 2005, Micah Anderson wrote:
>
> > > i think you can search thru the debian security archives just as
> > > easily as i can or in fact even more easily since yu have a debian acct ??
> >
Alvin Oga schrieb am Wednesday, den 29. June 2005:
>
> On Wed, 29 Jun 2005, Micah Anderson wrote:
>
> > Alvin Oga schrieb am Tuesday, den 28. June 2005:
> >
> > You sent an email where about what and got no response? I did not see
> > your offer to help come
Alvin Oga schrieb am Tuesday, den 28. June 2005:
> On Tue, 28 Jun 2005, Micah Anderson wrote:
>
> > Alvin Oga schrieb am Tuesday, den 28. June 2005:
> >
> > If you are interested in testing security, then there is a group
> > working on this project. Here is some in
security, then there is a group
working on this project. Here is some information about the history of
the team, and if you read through the message there is information
about how to help:
http://lists.debian.org/debian-devel-announce/2005/03/msg00014.html
micah
signature.asc
Description: Digital signature
a bug against apache (tagging it security), and
providing as much information as you can. Or the problem does not
affect the particular version of apache in Debian... Do your absolute
best to figure out the latter first.
Micah
On Wed, 30 Mar 2005, Geoff Crompton wrote:
> Does anyone know i
Fixed in 2.6.8-15 (see #300838)
Things that show up in that list are unresolved items, if it doesn't
show up there then it is resolved.
Micah
On Wed, 30 Mar 2005, Geoff Crompton wrote:
> On http://merkel.debian.org/~joeyh/testing-security.html this CAN is
> listed, as waiting for
On Wed, 16 Mar 2005, Frank Küster wrote:
> Frank Küster <[EMAIL PROTECTED]> wrote:
>
> > Micah Anderson <[EMAIL PROTECTED]> wrote:
> >
> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in te
On Thu, 17 Mar 2005, Micah Anderson wrote:
> I think that the best course of action with regards to this query is
> to send a message to [EMAIL PROTECTED] asking this very question.
> The maintainers of this package are probably not paying attention to
> debian-security, but would res
a message there, it will become re-opened.
Micah
On Thu, 17 Mar 2005, Geoff Crompton wrote:
> I noticed that #286905 fixes CAN-2005-0448, however it fixes it for
> version 5.8.4-7, while stable has perl version 5.6.1-8.8.
>
> #286905 is marked as resolved, will this fix be backport
[ note: Reply-To: set to debian-devel ]
This is a quick summary of the Debian Testing Security Team[1] work
and a request for some aid to help sort out some difficult Sarge
security problems.
Contents of this message:
What the Testing Security Team has been up to
How can I leverag
t system.
>
> I am quite sceptical about using UML to allow security flaws in UMLled
> system components.
Have a look at vservers (http://linux-vserver.org/), designed
specifically to fix the problems that can be circumvented with
chroots, take up significantly less resources than UMLs, an
announcements to you and your
organization and you want to make sure someone follows up on them, but
I don't think the rest of the list needs to know that.
Please do us all a favor and turn off your auto-responder.
Micah
On Thu, 10 Feb 2005, Physics IT Support via RT wrote:
>
> Hello,
>
I have seen that also, but that doesn't help me understand if there is
official security support for sarge yet or not?
Micah
On Fri, 20 Aug 2004, Felipe Massia Pereira wrote:
> Micah Anderson wrote:
>
> >According to [EMAIL PROTECTED] message posted by
> >Steve Langase
According to [EMAIL PROTECTED] message posted by
Steve Langasek on Mon, 2 Aug 2004 00:11:55:
Aug. 8: Official security support for sarge begins
Anyone have any updates on this? Is it happening, is it delayed, what
can we do to help?
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
e removed are the file I/O operators,
so -dSAFER is unnecessary.
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
t a couple I did try
against a site that was having similar problems, and I couldn't get
any of them to find the problem that is being discussed here.
micah
t a couple I did try
against a site that was having similar problems, and I couldn't get
any of them to find the problem that is being discussed here.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for ye
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for ye
sed under the GPL. See
> http://www.tripwire.org/ or
> http://www.sourceforge.net/projects/tripwire/
>
> noah
>
micah
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the pe
sed under the GPL. See
> http://www.tripwire.org/ or
> http://www.sourceforge.net/projects/tripwire/
>
> noah
>
micah
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the pe
seems to have a local root exploit for
CDROMs: http://lwn.net/Articles/80480/
micah
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the lea
seems to have a local root exploit for
CDROMs: http://lwn.net/Articles/80480/
micah
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the lea
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke, drupal,
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke, drupal,
Try dmesg -n1 or alternatively, change your firewall rules so they
don't log so much.
micah
E&Erdem schrieb am Monday, den 22. December 2003:
> Hi,
> >From i've set up iptables i've get this messages c
Try dmesg -n1 or alternatively, change your firewall rules so they
don't log so much.
micah
E&Erdem schrieb am Monday, den 22. December 2003:
> Hi,
> >From i've set up iptables i've get this messages c
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean no
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean no
On Tue, 02 Dec 2003, Rick Moen wrote:
> Quoting Micah Anderson ([EMAIL PROTECTED]):
>
> > I want to chime in here also, I too was unhappy that I did not know
> > about a local root exploit in 2.4.22 until the Debian machines were
> > compromised in this manner. I think
On Tue, 02 Dec 2003, Michael Stone wrote:
> On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
> >I want to chime in here also, I too was unhappy that I did not know
> >about a local root exploit in 2.4.22 until the Debian machines were
> >compromised in this man
On Tue, 02 Dec 2003, Rick Moen wrote:
> Quoting Micah Anderson ([EMAIL PROTECTED]):
>
> > I want to chime in here also, I too was unhappy that I did not know
> > about a local root exploit in 2.4.22 until the Debian machines were
> > compromised in this manner. I think
On Tue, 02 Dec 2003, Michael Stone wrote:
> On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
> >I want to chime in here also, I too was unhappy that I did not know
> >about a local root exploit in 2.4.22 until the Debian machines were
> >compromised in this man
ers"
or should we individually troll the list complaining about this and
not doing anything? ;)
micah
On Tue, 02 Dec 2003, Adam ENDRODI wrote:
>
> Just a humble question: how the average user who doesn't use the
> kernel sources provided by Debian and cannot follow lk s
ers"
or should we individually troll the list complaining about this and
not doing anything? ;)
micah
On Tue, 02 Dec 2003, Adam ENDRODI wrote:
>
> Just a humble question: how the average user who doesn't use the
> kernel sources provided by Debian and cannot follow lk s
Try the package "falselogin"
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
> On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
> > Hi
> >
> > We recently noticed that a stock woody install produces an /etc/passwd
Try the package "falselogin"
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
> On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
> > Hi
> >
> > We recently noticed that a stock woody install produces an /etc/passwd
e out.
Thanks!
micah
Steve Kemp schrieb am Tuesday, den 07. October 2003:
> On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
>
> > I had exactly the same problem, it's because logcheck look for cracking
> > patterns before removing lines which should be ignored, it
e out.
Thanks!
micah
Steve Kemp schrieb am Tuesday, den 07. October 2003:
> On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
>
> > I had exactly the same problem, it's because logcheck look for cracking
> > patterns before removing lines which should be ignored, it
le value in
the information that they contain). I've tried searching the web, and
contacting the package maintainer, but no results.
Thanks,
micah
pgpaGKEe3owA6.pgp
Description: PGP signature
le value in
the information that they contain). I've tried searching the web, and
contacting the package maintainer, but no results.
Thanks,
micah
pgp0.pgp
Description: PGP signature
an-db regeneration to work, and would have to be
reinstalled from the original packages that they came from in order to
get the man pages properly returned.
micah
On Fri, 15 Aug 2003, Per Tenggren wrote:
> Hey!
>
> I updateed my Woody a few days ago and every night I receive the following
&g
an-db regeneration to work, and would have to be
reinstalled from the original packages that they came from in order to
get the man pages properly returned.
micah
On Fri, 15 Aug 2003, Per Tenggren wrote:
> Hey!
>
> I updateed my Woody a few days ago and every night I receive the following
&g
ng semi-new, or outside of the
package scope, you have to move to woody, or just wait. With that
movement comes a significant loss in security policy.
Now that woody draws near to being stable, perhaps the policy can be
altered to accomodate for that.
Micah
ng semi-new, or outside of the
package scope, you have to move to woody, or just wait. With that
movement comes a significant loss in security policy.
Now that woody draws near to being stable, perhaps the policy can be
altered to accomodate for that.
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
>
&g
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
>
&g
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
kern
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
ker
Got what appears to be a "crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
> Active System Attack Alerts
> =-=-=-=-=-=-=
Got what appears to be a "crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
> Active System Attack Alerts
> =-=-=-=-=-=-
/checksecurity.
But, what is the point of logging these each day into
/var/log/setuid.changes if nobody sees them? Why doesn't this list get
emailed to root? Am I missing something?
Micah
/sbin/checksecurity.
But, what is the point of logging these each day into
/var/log/setuid.changes if nobody sees them? Why doesn't this list get
emailed to root? Am I missing something?
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers. mutt uses vi, pine uses pico, X based M
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers. mutt uses vi, pine uses pico, X based
ternative passwords, which expire and age, and are decent
passwords? And how does one reliably log sudo logs offsite?
Micah
ternative passwords, which expire and age, and are decent
passwords? And how does one reliably log sudo logs offsite?
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
root password to all the admins worth the additional cracks? Do you
trust each admin to be secure with both their password choices as well as
the rest of their actions?
Micah
On Sun, 08 Jul 2001, Andres Salomon wrote:
> This is completely off-topic at this point, but there are a few uses
>
root password to all the admins worth the additional cracks? Do you
trust each admin to be secure with both their password choices as well as
the rest of their actions?
Micah
On Sun, 08 Jul 2001, Andres Salomon wrote:
> This is completely off-topic at this point, but there are a few uses
>
y good ideas on how to do this? I am looking
for specifics, not something like "Write a perl script, that'll do it".
Thanks!
Micah
y good ideas on how to do this? I am looking
for specifics, not something like "Write a perl script, that'll do it".
Thanks!
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
00494 (#106)
Micah
00494 (#106)
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
27;t great. Unless I am wrong, currently there is no known
exploit for this hole, but that isn't that much of a reassurance either.
Thanks,
Micah
27;t great. Unless I am wrong, currently there is no known
exploit for this hole, but that isn't that much of a reassurance either.
Thanks,
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
d the ICMP
port orginate on the 127.0.0.1 end or the destination end?
Micah
On Sun, 11 Feb 2001, Simon Murcott wrote:
> Tim Bishopric wrote:
>
> > This log shows that Ipchains is rejecting outbound loopback (lo) traffic
> > with a source IP of 127.0.0.1 and a destination of
t log: output REJECT lo PROTO=1
+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=4545 F=0x T=255 (#64)
Feb 10 15:40:48 stallman kernel: Packet log: output REJECT lo PROTO=1
+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=5884 F=0x T=255 (#64)
Does anyone know what these are?
Thanks!
Micah
d the ICMP
port orginate on the 127.0.0.1 end or the destination end?
Micah
On Sun, 11 Feb 2001, Simon Murcott wrote:
> Tim Bishopric wrote:
>
> > This log shows that Ipchains is rejecting outbound loopback (lo) traffic with a
>source IP of 127.0.0.1 and a destination of 127.0
1 - 100 of 105 matches
Mail list logo
