Hi
My Debain potato GNU/Linux server is running default setup of GNU Mailman
2.0.5 and having a couple of mailing lists on that. Now, we want to have
multiple aliases for the default posting addresses for those lists.
Should I do that by adding an alias in sendmail, or are there better ways of
Peter Cordes wrote:
> On Wed, Apr 17, 2002 at 01:09:27PM +0200, Martin Peikert wrote:
>>First, you should set your policy to DROP. The way you configured your
>>filter with a policy set to ACCEPT would let all traffic pass through.
>
> No it doesn't; It would block new connections, because
* Quoting Mathias Palm ([EMAIL PROTECTED]):
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> Sorry, I dont get that. The manpage says:
>
> ...ESTABLISHED meaning that the
> packet is associated with a connection which has
> seen packets in both directions...
>
On Thu, Apr 18, 2002 at 11:28:28AM +0800, Michael Watts wrote:
> Hi,
>
> I am having trouble with a few services and want to allow root to telnet
> to a Debian 2.2r5 system for testing purposes, but can not find the way
> to allow this to happen.
You really really really do not want to do this.
From: "Howland, Curtis" <[EMAIL PROTECTED]>
>At some point you have to "trust". Unless you're ready to read every
>line of code, every script, yourself every time you install anything,
>trust is explicit.
I agree. Since essentially none of our users will have time to read
much source code, the
"Michael Watts" <[EMAIL PROTECTED]> writes:
>
> I am having trouble with a few services and want to allow root to telnet
> to a Debian 2.2r5 system for testing purposes, but can not find the way
> to allow this to happen.
I don't have a Debian 2.2 (AKA "potato") installation handy to check
for s
On April 17, 2002 10:28 pm, Michael Watts wrote:
> Hi,
>
> I am having trouble with a few services and want to allow root to
> telnet to a Debian 2.2r5 system for testing purposes, but can not
> find the way to allow this to happen.
Could you telnet in as a regular user and then su to root?
-- P
Dude, and I thought I'm paraniod :)
Even I trust the debian sources in /etc/apt/sources.list,
not without the PGP key or MD5 of course.
Just make sure the digital signature and/or MD5 checksum
comes from a trusted source.
Unless, of course, you want to write your own code. :)
-Anne
On Wed, A
Michael,
The omnibackup program should have it's own daemon.
Failing that, when telnetting to a machine (which is bad as telnet is
insecure), you should be able to login as a normal user and SU to root.
How ever, it would be better if you used SSH, which is basically an
encrypted telnet protoco
I have a Debian webserver that currently runs SSH, HTTP, and SMTP
services. The SMTP service only accepts mail from the local interface.
I try to keep my box free of any excess services that might lead to
vulnerabilities, or that transmit authentication information via
cleartext. I am running in
On Thu, Apr 18, 2002, Tom Dominico wrote:
> I have a Debian webserver that currently runs SSH, HTTP, and SMTP
> services. The SMTP service only accepts mail from the local interface.
> I try to keep my box free of any excess services that might lead to
> vulnerabilities, or that transmit authenti
Samba and encrypted passwords. The encrpyted passwords should be default
on later Windows boxes, but may require registry edits on older Windows OSes.
Fast, easy, and secure. Windows Netbios & SMB traffic should probably
already be firewalled in and out,(If not, seriously consider it), but you can
> From: Tim Freeman [mailto:[EMAIL PROTECTED]]
...
> But whose reputation?
The package maintainer directly, the Debian project indirectly.
I'm not really talking about individuals, I'm talking about generalities.
On a really secure machine, you're not going to be installing games, or utilities
hiya
download and install ssh into each windoze box that needs
access to the debian box
samba -> encrypted passwd is typically already on
smbpasswd is needed to allow the windoze users to connect
nfs -> use secure portmap, secure nfs,
ftp -> secure ftp w/ scp
telnet
Hi,
I was wondering if anyone could recommend freeish windows clients that
support ssl ( in.ftpd -z secure ).
I have tried FileZilla (Which is GPL'ed but a little flakey, at least on
Win98) but it seems to have problems establishing the data socket in
either normal, or passive mode.
Cheers...
hi ya david
you can use ssh for windows to do secure ftp to debian or bsd*
found out pftp didnt support "mput *" ... o well
highlight, drag-n-drop works
http://www.Linux-Sec.net/SSH/ssh.windows.txt
- use ssh clients from ssh.com or putty or your favorite
"i heard tom-di
At the moment my system has 876 packages installed. They were all
installed by root. Each package gets a chance to run an arbitrary
shell script as root, so it seems to me that there must have been much
more than 876 opportunities for my system to get utterly destroyed by
absolute strangers. So
> "a" == A J Rossini <[EMAIL PROTECTED]> writes:
> "jussi" == Jussi Ekholm <[EMAIL PROTECTED]> writes:
jussi> What software tries to connect to port 16001? Or does anything? What
jussi> should I think about this entry? I admit, I'm *overly* paranoid, when
jussi> it comes to run
> I don't see a clear path to doing this the "right" way, where chaos is
> prevented by something more substantial than a social convention.
>
> I have to admit that the social convention is working very well at the
> moment, though.
> > --
> Tim Freeman
> [EMAIL PROTECTED]
At some poi
Hi
My Debain potato GNU/Linux server is running default setup of GNU Mailman
2.0.5 and having a couple of mailing lists on that. Now, we want to have
multiple aliases for the default posting addresses for those lists.
Should I do that by adding an alias in sendmail, or are there better ways o
Peter Cordes wrote:
> On Wed, Apr 17, 2002 at 01:09:27PM +0200, Martin Peikert wrote:
>>First, you should set your policy to DROP. The way you configured your
>>filter with a policy set to ACCEPT would let all traffic pass through.
>
> No it doesn't; It would block new connections, because it re
* Quoting Mathias Palm ([EMAIL PROTECTED]):
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> Sorry, I dont get that. The manpage says:
>
> ...ESTABLISHED meaning that the
> packet is associated with a connection which has
> seen packets in both directions...
>
On Thu, Apr 18, 2002 at 11:28:28AM +0800, Michael Watts wrote:
> Hi,
>
> I am having trouble with a few services and want to allow root to telnet
> to a Debian 2.2r5 system for testing purposes, but can not find the way
> to allow this to happen.
You really really really do not want to do this.
From: "Howland, Curtis" <[EMAIL PROTECTED]>
>At some point you have to "trust". Unless you're ready to read every
>line of code, every script, yourself every time you install anything,
>trust is explicit.
I agree. Since essentially none of our users will have time to read
much source code, the o
"Michael Watts" <[EMAIL PROTECTED]> writes:
>
> I am having trouble with a few services and want to allow root to telnet
> to a Debian 2.2r5 system for testing purposes, but can not find the way
> to allow this to happen.
I don't have a Debian 2.2 (AKA "potato") installation handy to check
for su
On April 17, 2002 10:28 pm, Michael Watts wrote:
> Hi,
>
> I am having trouble with a few services and want to allow root to
> telnet to a Debian 2.2r5 system for testing purposes, but can not
> find the way to allow this to happen.
Could you telnet in as a regular user and then su to root?
-- Pi
Dude, and I thought I'm paraniod :)
Even I trust the debian sources in /etc/apt/sources.list,
not without the PGP key or MD5 of course.
Just make sure the digital signature and/or MD5 checksum
comes from a trusted source.
Unless, of course, you want to write your own code. :)
-Anne
On Wed, Ap
Michael,
The omnibackup program should have it's own daemon.
Failing that, when telnetting to a machine (which is bad as telnet is
insecure), you should be able to login as a normal user and SU to root.
How ever, it would be better if you used SSH, which is basically an
encrypted telnet protocol
I have a Debian webserver that currently runs SSH, HTTP, and SMTP
services. The SMTP service only accepts mail from the local interface.
I try to keep my box free of any excess services that might lead to
vulnerabilities, or that transmit authentication information via
cleartext. I am running int
On Thu, Apr 18, 2002, Tom Dominico wrote:
> I have a Debian webserver that currently runs SSH, HTTP, and SMTP
> services. The SMTP service only accepts mail from the local interface.
> I try to keep my box free of any excess services that might lead to
> vulnerabilities, or that transmit authentic
Samba and encrypted passwords. The encrpyted passwords should be default
on later Windows boxes, but may require registry edits on older Windows OSes.
Fast, easy, and secure. Windows Netbios & SMB traffic should probably
already be firewalled in and out,(If not, seriously consider it), but you can
> From: Tim Freeman [mailto:[EMAIL PROTECTED]
...
> But whose reputation?
The package maintainer directly, the Debian project indirectly.
I'm not really talking about individuals, I'm talking about generalities.
On a really secure machine, you're not going to be installing games, or
utilities
hiya
download and install ssh into each windoze box that needs
access to the debian box
samba -> encrypted passwd is typically already on
smbpasswd is needed to allow the windoze users to connect
nfs -> use secure portmap, secure nfs,
ftp -> secure ftp w/ scp
telnet
Hi,
I was wondering if anyone could recommend freeish windows clients that
support ssl ( in.ftpd -z secure ).
I have tried FileZilla (Which is GPL'ed but a little flakey, at least on
Win98) but it seems to have problems establishing the data socket in
either normal, or passive mode.
Cheers...
-
34 matches
Mail list logo
