Re: sysadmin in training

Michael Lazin writes: > SInce Ossec HIDS is GNU Public licensed I think this is not a bad idea to > include this in the documentation. The referenced article does describe > securing Debian with open source tools and I honestly have seen this > documentation for the first time tonight and I thin

Re: crontab failure for daylight savings

Billy Naylor <[EMAIL PROTECTED]> writes: > It appears that cronjobs running between 2am and 3am sunday morning > seem to not have been run, i'm in New Zealand which went into summer > daylight savings over the weekend. If you go to daylight savings, the clock jumps from 2am to 3am. So, there's no

Re: crontab failure for daylight savings

Billy Naylor <[EMAIL PROTECTED]> writes: > It appears that cronjobs running between 2am and 3am sunday morning > seem to not have been run, i'm in New Zealand which went into summer > daylight savings over the weekend. If you go to daylight savings, the clock jumps from 2am to 3am. So, there's no

Re: Simple e-mail virus scanner

Hi, Игорь Ляпин <[EMAIL PROTECTED]> writes: > Does the same approach could be use with sendmail ? Any examples? I guess, you could integrate this in . SpamAssassin already scans the email body for signs of spam, so it shouldn't be too hard, to add another regex. Alth

Re: Simple e-mail virus scanner

Hi, Игорь Ляпин <[EMAIL PROTECTED]> writes: > Does the same approach could be use with sendmail ? Any examples? I guess, you could integrate this in . SpamAssassin already scans the email body for signs of spam, so it shouldn't be too hard, to add another regex. Alth

Re: snmp packets

ulrich berthold <[EMAIL PROTECTED]> writes: > "SCAN Proxy (8080) attempt" the next outstanding alarm message was a > "SNMP public access udp". i looked into it and to my surprise found > out, that these packages are originating on the server's external > interface and going to two (nonexistent) pr

Re: snmp packets

ulrich berthold <[EMAIL PROTECTED]> writes: > "SCAN Proxy (8080) attempt" the next outstanding alarm message was a > "SNMP public access udp". i looked into it and to my surprise found > out, that these packages are originating on the server's external > interface and going to two (nonexistent) pr

Re: capabilities

Adam ENDRODI <[EMAIL PROTECTED]> writes: > -- Problem 3: I'd like to grant or revoke capabilities to/from > a running process. > > This seems to be the easiest, except that the kernel in the > default configuration doesn't permit this (cap_bound doesn't > contain CAP_SETPCAP

Re: capabilities

Adam ENDRODI <[EMAIL PROTECTED]> writes: > -- Problem 3: I'd like to grant or revoke capabilities to/from > a running process. > > This seems to be the easiest, except that the kernel in the > default configuration doesn't permit this (cap_bound doesn't > contain CAP_SETPCAP

Re: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root

"Robert Ebright" <[EMAIL PROTECTED]> writes: > I have had some problems with attempted hacks on > my box and posted here the last few days. So > I've been checking the processing running on my > box and I see this. > PID TTY STAT TIME COMMAND > 28406 ?S 0:00 /usr/sbin/sendmai

Re: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root

"Robert Ebright" <[EMAIL PROTECTED]> writes: > I have had some problems with attempted hacks on > my box and posted here the last few days. So > I've been checking the processing running on my > box and I see this. > PID TTY STAT TIME COMMAND > 28406 ?S 0:00 /usr/sbin/sendmai

Re: Advice Needed On Recent Rootings

Jayson Vantuyl <[EMAIL PROTECTED]> writes: > Thankfully, we don't have root passwords. In our space, we find root to > more of a concept than a user, so we disable the password and set up a > group that can su to root. That way we have a good handle on things. > Root never logs in, so we know so

Re: Advice Needed On Recent Rootings

Jayson Vantuyl <[EMAIL PROTECTED]> writes: > Thankfully, we don't have root passwords. In our space, we find root to > more of a concept than a user, so we disable the password and set up a > group that can su to root. That way we have a good handle on things. > Root never logs in, so we know so

Re: Disabling netstat

Brian McGroarty <[EMAIL PROTECTED]> writes: > So far as I can tell, there's no non-hackish way to accomplish what > I'd like. I have to either hold a file open to make chmod changes stay > in effect in /proc, or I have to patch the kernel. > > This sure seems kind of silly... why add all these thi

Re: smtp auth

"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: smtp auth

"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: Permissions on /root/

Christian Jaeger <[EMAIL PROTECTED]> writes: > At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote: >>Christian Jaeger <[EMAIL PROTECTED]> writes: >> >> > I began working with (unix/)linux.) And as written in my other reply >> > I'm still missin

Re: Permissions on /root/

Christian Jaeger <[EMAIL PROTECTED]> writes: > At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote: >>Christian Jaeger <[EMAIL PROTECTED]> writes: >> >> > I began working with (unix/)linux.) And as written in my other reply >> > I'm still missin

Re: Permissions on /root/

Christian Jaeger <[EMAIL PROTECTED]> writes: > I began working with (unix/)linux.) And as written in my other reply > I'm still missing a better alternative to > /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does > not provide any. Maybe /usr/local/sbin is, what you're looking f

Re: Permissions on /root/

Christian Jaeger <[EMAIL PROTECTED]> writes: > I began working with (unix/)linux.) And as written in my other reply > I'm still missing a better alternative to > /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does > not provide any. Maybe /usr/local/sbin is, what you're looking f

Re: X Security Issues?

Edward Guldemond <[EMAIL PROTECTED]> writes: > On Wed, Nov 20, 2002 at 12:53:27AM +0100, Olaf Dietsche wrote: >> >> Look at "man xinit" and "man Xserver". There you will find an option >> "-nolisten". > > In /etc/X11/xinit/xserv

Re: X Security Issues?

Edward Guldemond <[EMAIL PROTECTED]> writes: > Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) > Interesting ports on (removed) (XX.XX.XXX.XX): > (The 1552 ports scanned but not shown below are in state: closed) > Port State Service > 22/tcp openssh > 1024/tcp open

Re: X Security Issues?

Edward Guldemond <[EMAIL PROTECTED]> writes: > On Wed, Nov 20, 2002 at 12:53:27AM +0100, Olaf Dietsche wrote: >> >> Look at "man xinit" and "man Xserver". There you will find an option >> "-nolisten". > > In /etc/X11/xinit/xserv

Re: X Security Issues?

Edward Guldemond <[EMAIL PROTECTED]> writes: > Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) > Interesting ports on (removed) (XX.XX.XXX.XX): > (The 1552 ports scanned but not shown below are in state: closed) > Port State Service > 22/tcp openssh > 1024/tcp open

Re: port 16001 and 111

Jussi Ekholm <[EMAIL PROTECTED]> writes: > Olaf Dietsche <[EMAIL PROTECTED]> wrote: >> Jussi Ekholm <[EMAIL PROTECTED]> writes: >>> So, what would try to connect to my system's port 16001 and 111 >>> from within my own system? Should I be concern

Re: port 16001 and 111

Jussi Ekholm <[EMAIL PROTECTED]> writes: > Olaf Dietsche wrote: >> Jussi Ekholm <[EMAIL PROTECTED]> writes: >>> So, what would try to connect to my system's port 16001 and 111 >>> from within my own system? Should I be concerned? Should I expect >

Re: Named daemon and port 32770? (and port 32985 on restart)

Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes: > Is the first open port reasonable? I wonder why named is listening on UDP > port 32770 which, after a brief google search, comes up as a port usually > used by Solaris' rpcbind (which used to be vulnerable). IIRC, this port (could be a

Re: port 16001 and 111

Hi there (from Germany), Jussi Ekholm <[EMAIL PROTECTED]> writes: > So, what would try to connect to my system's port 16001 and 111 from > within my own system? Should I be concerned? Should I expect the worst? > Any insight on this issue would calm me down... Port 111 is used by portmap. If you

Re: Named daemon and port 32770? (and port 32985 on restart)

Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes: > Is the first open port reasonable? I wonder why named is listening on UDP > port 32770 which, after a brief google search, comes up as a port usually > used by Solaris' rpcbind (which used to be vulnerable). IIRC, this port (could be

Re: port 16001 and 111

Hi there (from Germany), Jussi Ekholm <[EMAIL PROTECTED]> writes: > So, what would try to connect to my system's port 16001 and 111 from > within my own system? Should I be concerned? Should I expect the worst? > Any insight on this issue would calm me down... Port 111 is used by portmap. If yo