On Sun, Sep 17, 2006 at 10:50:47AM +0200, Mario Fux wrote:
> > change
> > /sbin/shutdown -t1 -a -r now
> > for /bin/false
> > or anything else you whant to happen with ctrl-alt-delete
>
> Yes, I know. I seem to be unprecise. In harden-doc is written that when the
&
happen with ctrl-alt-delete
Yes, I know. I seem to be unprecise. In harden-doc is written that when the -a
option is included only users in /etc/shutdown.allow are allowed to shutdown
or reboot respectively the system by pressing ctrl-alt-delete.
I have no /etc/shutdown.allow at all but I think
in inittab
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
change
/sbin/shutdown -t1 -a -r now
for /bin/false
or anything else you whant to happen with ctrl-alt-delete
Le samedi 16 septembre 2006 à 22:49 +0200, Mario Fux a écrit :
> Am Samstag, 16. Se
Am Samstag, 16. September 2006 21.36 schrieb James Stevenson:
Good morning
> In which way are they able to reboot the system ?
By pressing Alt+Ctrl+Del
griits
Mario
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
In which way are they able to reboot the system ?
> -Original Message-
> From: Mario Fux [mailto:[EMAIL PROTECTED]
> Sent: 16 September 2006 13:31
> To: debian-security@lists.debian.org
> Subject: harden-doc: chapter 4.8 Restricting system reboots through the
> console
Good morning
I don't know if this is the right list please redirect me to the correct one
if I'm wrong.
ATM I try to securing my system and so I use harden-doc as well. I tried the
things in chapter 4.8 but it doesn't work. Even when the -a option is
in /etc/inittab a normal
Hi guys, i installed a second version of Sarge on my other hd and this
time just installed Bastille and downloaded the harden-doc which is
amazing, so much interesting stuff, which i'm still reading. I ran
Bastille thru grc.com to check the ports and all are closed, not
invisible but c
Hi Luis,
I think you should read
<http://www.debian.org/doc/manuals/securing-debian-howto/ap-checklist.d
e.html> too.
Or install "harden-doc" (it's the same as a package). It helped me much
hardening and understanding my system.
Ulrich
--
To UNSUBSCRIBE, email to [EM
As far as I can remember, "harden" is just a package that hints and
removes some "insecure" already installed packages. It does not secure
any packages per se. As far as Batille goes, I think is good and helps
with some security issues such as permissions, services, etc
I'm sing Sarge, kernel 2.4.27-2-686, FireHOL as my firewall, disabled
Inetd with sysvconfig, and now i want to 'harden my system' and am
wondering about Bastille (2 bugs in the BTS), has anybody had problems
with it? My box is used as a personal workstation, no lan, plain user
box.
On Mon, Dec 08, 2003 at 03:22:34AM -0600, Ryan Underwood wrote:
> harden-localflaws package conflicts with some kernel-image packages
> (needs to be updated for the <2.4.23 vulnerability) in order to ensure
> that they are removed.
They are not vulnerable on at least 3 architect
On Mon, Dec 08, 2003 at 03:22:34AM -0600, Ryan Underwood wrote:
> harden-localflaws package conflicts with some kernel-image packages
> (needs to be updated for the <2.4.23 vulnerability) in order to ensure
> that they are removed.
They are not vulnerable on at least 3 architect
Hi,
harden-localflaws package conflicts with some kernel-image packages
(needs to be updated for the <2.4.23 vulnerability) in order to ensure
that they are removed. However, this can result in an unbootable system
if they are inadvertently removed, and furthermore, does not solve the
immedi
Hi,
harden-localflaws package conflicts with some kernel-image packages
(needs to be updated for the <2.4.23 vulnerability) in order to ensure
that they are removed. However, this can result in an unbootable system
if they are inadvertently removed, and furthermore, does not solve the
immedi
On Sun, Nov 17, 2002 at 03:31:54PM -0500, ITWebtools.com wrote:
> Problem is, when I run 'apt-get install harden', or 'apt-get install
> bastille', I get 'could not find' error.
First a few questions. Is this box connected to the Internet? Is the
Internet
On Sun, Nov 17, 2002 at 03:31:54PM -0500, ITWebtools.com wrote:
> Problem is, when I run 'apt-get install harden', or 'apt-get install
> bastille', I get 'could not find' error.
First a few questions. Is this box connected to the Internet? Is the
Internet
rg/debian-non-US stable/non-US main contrib
non-f
ree
# Security updates
deb http://security.debian.org/ stable/updates main contrib non-free
I have run 'apt-update' successfully.
Problem is, when I run 'apt-get install harden', or 'apt-get install
bastille', I get 'could not find' error.
Any suggestions?
rg/debian-non-US stable/non-US main contrib
non-f
ree
# Security updates
deb http://security.debian.org/ stable/updates main contrib non-free
I have run 'apt-update' successfully.
Problem is, when I run 'apt-get install harden', or 'apt-get install
bastille', I get &#
ey_like.
If you realy want to harden this kind of threats, then take a look at
rsbac (www.rsbac.org). As of version 1.2 there is support for network
access control.
RSBAC is designed to control access to programs (system calls). So it is
possible to define a set of rules that allow some programs
ey_like.
If you realy want to harden this kind of threats, then take a look at
rsbac (www.rsbac.org). As of version 1.2 there is support for network
access control.
RSBAC is designed to control access to programs (system calls). So it is
possible to define a set of rules that allow some programs
uest, for
> example. But, you wouldn't want ma to use it and send her password in
> cleartext.
>
> What I did was that I changed group ownership of /usr/bin/telnet.netkit
> to staff and made it executable for only root and staff. I figured,
> something like that
uest, for
> example. But, you wouldn't want ma to use it and send her password in
> cleartext.
>
> What I did was that I changed group ownership of /usr/bin/telnet.netkit
> to staff and made it executable for only root and staff. I figured,
> something like that
also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.10.08.2008 +0200]:
> It uses the telnet protocol, not just a raw TCP connection, so netcat is
> inadequate.
netcat can negotiate telnet connections with the -t option. unless you
are using very ancient terminal types, netcat is a complete substitu
;t. I
don't think they have the CPU power to handle SSH. (One of the library
admins is on the local LUG mailing list, so I don't think incompetence is a
problem :)
>
> What I did was that I changed group ownership of /usr/bin/telnet.netkit
> to staff and made it executab
also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.10.08.2008 +0200]:
> It uses the telnet protocol, not just a raw TCP connection, so netcat is
> inadequate.
netcat can negotiate telnet connections with the -t option. unless you
are using very ancient terminal types, netcat is a complete substit
;t. I
don't think they have the CPU power to handle SSH. (One of the library
admins is on the local LUG mailing list, so I don't think incompetence is a
problem :)
>
> What I did was that I changed group ownership of /usr/bin/telnet.netkit
> to staff and made it executab
please don't CC me on lists that I read!
also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1402 +0200]:
> Oh, wasn't that the point with the harden-clients package? If you
> attempt to install a Bad[tm] client, you will be told, because it
> conflicts with h
ible things, yet the admin would be warned if they did
> > > something very careless with other packages.
> >
> > How would the admin be warned?
>
> Oh, wasn't that the point with the harden-clients package? If you
> attempt to install a Bad[tm] client, you will be told, because it
> conflicts with harden-clients?
>
ey did
> > something very careless with other packages.
>
> How would the admin be warned?
Oh, wasn't that the point with the harden-clients package? If you
attempt to install a Bad[tm] client, you will be told, because it
conflicts with harden-clients?
Best,
Kjetil
--
Kjetil
also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1247 +0200]:
> The problem with e.g. telnet isn't really that it shouldn't be used for
> anything, but that it shouldn't be used by somebody. It is quite OK to
> use to check what the webserver responds to a particular request, for
> ex
please don't CC me on lists that I read!
also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1402 +0200]:
> Oh, wasn't that the point with the harden-clients package? If you
> attempt to install a Bad[tm] client, you will be told, because it
> conflicts with h
root and staff. I figured,
something like that could harden-clients do too, configurable through
standard means.
That way, people with correct privileges could still use telnet for
sensible things, yet the admin would be warned if they did something
very careless with other packages.
Clever? :-)
(I&#
ible things, yet the admin would be warned if they did
> > > something very careless with other packages.
> >
> > How would the admin be warned?
>
> Oh, wasn't that the point with the harden-clients package? If you
> attempt to install a Bad[tm] client, you will be to
ey did
> > something very careless with other packages.
>
> How would the admin be warned?
Oh, wasn't that the point with the harden-clients package? If you
attempt to install a Bad[tm] client, you will be told, because it
conflicts with harden-clients?
Best,
Kjetil
--
Kjetil
also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1247 +0200]:
> The problem with e.g. telnet isn't really that it shouldn't be used for
> anything, but that it shouldn't be used by somebody. It is quite OK to
> use to check what the webserver responds to a particular request, for
> e
root and staff. I figured,
something like that could harden-clients do too, configurable through
standard means.
That way, people with correct privileges could still use telnet for
sensible things, yet the admin would be warned if they did something
very careless with other packages.
Clever? :-)
(I&#
36 matches
Mail list logo
