Yes 'we wait for some info...
what's up the he** ???
Is this an open source project or not ???, we use it not only for apt-*** tools.
> On Thu, 27 Nov 2003, Dan Jacobson wrote:
>
> > > So, give the people some time and after the details are disclosed -
> > > learn from their experience and use
Bernd Eckenfels wrote:
Developers dont release all binary packages and users normally dont download
source packages. So it is not that easy.
Yes, I did note that "there are many wrinkles to iron out". That's not the
point I am trying to make. I don't think anyone would be foolish enough to
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
Thank you, Matthias Wieser
On Fri, 28 Nov 2003, Matthias Wieser wrote:
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
There are other ways to insert code into a running kernel. However, it may
break some automated worms or stop script kiddies who don't quite know
what t
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser:
Matthias,
AFAIK NO, it doesn't. There were programs to ENABLE modules on a
module-disabled kernel.
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
>
> Thank you, Matthias Wieser
Regards,
D
hi Matthias,
On Fri, 28 Nov 2003 10:47:50 +0100
Matthias Wieser <[EMAIL PROTECTED]> wrote:
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not
enough.
f. soul.
--
,
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment. I
have two problems that I could use some help with:
1. I've done the bare minimum amount of tweaking of the default
policy beyond answering all the quest
François TOURDE wrote:
> Le 12383ième jour après Epoch,
> Haim Ashkenazi écrivait:
>
>> Hi
>>
>> I've got a server at our ISP's server farm which rebooted last night.
>> I've contact my ISP and no one there did nothing, also it wasn't a power
>> failure because the reboot is written in '/var/log/
Kjetil Kjernsmo schrieb:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
http://lists.debian.org/debian-devel-announce/2003
On Fri, Nov 28, 2003 at 03:03:08AM -0800, Forrest L Norvell wrote:
> I know I'm not the first person to encounter this error, because I
Yes, I'm working through some of these issues with
Russell as we speak. There are errors in
/etc/mkinitrd/scripts/selinux which builds the initrd
file.
Al
On Fri, 28 Nov 2003 22:03, Forrest L Norvell <[EMAIL PROTECTED]> wrote:
> /usr/bin/checkpolicy -o policy policy.conf
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> ERROR 'attribute file_type is not declared' at token ';' on line 867:
> #
> type device_t, file_type;
> /usr/
on Wed, Nov 26, 2003 at 09:30:05AM +0100, Martin Schulze ([EMAIL PROTECTED])
wrote:
> Dan Jacobson wrote:
> > To us debian users, the most notable thing during this break in or
> > whatever episode, is how the communication structures crumbled.
>
> It had to be re-installed. You probably know th
--Thursday, November 27, 2003 12:56:18 -0500 Eric LeBlanc <[EMAIL PROTECTED]>:
> A least, they can stay us informed about their actions... for example:
>
> 21 sep: hacked, we moved all domain to blah, bluh, blih.
> 22 sep: investiguation started, by X, X. We think it will take X
> hours/day/month
On Friday 28 November 2003 13:14, Karsten M. Self wrote:
>That announcement wasn't delivered for all users until _after_ murphy
>was resurrected. I myself got the debian-security-announce message
>mailed Nov 21 on 25 Nov 2003 15:16:56 -0800.
Hm, I got that late too, but the (unsigned) announceme
Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
> Subject: more details on the recent compromise of debian.org machines
> Date: Fri, 28 Nov 2003 01:04:00 +
> http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200311/msg00012.html
It says "Someh
On Fri, Nov 28, 2003 at 01:52:14PM +0100, Kjetil Kjernsmo wrote:
> I learnt on /. that it had been a password compromise, so that meant, it
> was in the generic class of problems. We're always vulnerable towards
> that. But, we're all likely to be vulnerable to the local exploit used
> to gain r
On Fri, 28 Nov 2003, Marcel Hicking wrote:
> I'd definitely prefer to have "them" working on getting things
> up and running again and do the forensics. They should waste a
> minute too much on reports that might proove wrong finally anyway.
Minute? Every minute is cucial... So hmm.. They don
On Fri, Nov 28, 2003 at 07:46:45PM +0700, Jean Christophe ANDR? wrote:
> May be because of the last screen local privilege escalation...?
> See there: http://www.secunia.com/advisories/10310/
Yow! TWO GIGABITS OF SEMICOLONS?
One would think someone would notice an attack like
that if it ever
* Jean Christophe ANDR? ([EMAIL PROTECTED]) wrote:
> Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
> > Subject: more details on the recent compromise of debian.org machines
> > Date: Fri, 28 Nov 2003 01:04:00 +
> > http://lists.debian.org/debian-devel-announce/2003
Le vendredi 28 novembre 2003 à 14h21 (+), Dale Amon écrivait :
> > See there: http://www.secunia.com/advisories/10310/
> Yow! TWO GIGABITS OF SEMICOLONS?
2 giga bytes.
> One would think someone would notice an attack like
> that if it ever occurred!
Not necessarly if we can generate it l
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
> Hi!
>
> I'm attempting to set up an SELinux system using the Debian packages
> and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a production system, I'd recommend starting
from Debian woody and Brian
On Thu, Nov 27, 2003 at 06:03:13AM -0500, Anthony DeRobertis wrote:
>
> On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
> >None of those packages are new; they are all from
> >security.debian.org and correspnod to security advisories released
> >since
> >3.0r1.
>
> Really? There were 13 or so
Alohá!
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Don't want to discourage anybody from SELinux, especially not with
kernel 2.6 reaching production status, just my 2c ;-)
best regards
Mar
On Fri, Nov 28, 2003 at 04:14:19AM -0800, Karsten M. Self wrote:
> I'll disagree with Martin's comment that the server compromise didn't
> constitute a security issue despite the lack of an archive compromise.
> For someone well versed in Debian procedures, it might have been
> plausible that the a
Le vendredi 28 novembre 2003 à 09h36 (-0500), Stephen Frost écrivait :
> > It says "Somehow they got root [...]", does anybody yet know how?
> Did you *read* what they said?
Mhhh... I think so... But I'm not a native english speaker actually... :)
Did I miss something?
I read this: "(I believe) a
This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
On Sat, 29 Nov 2003 05:10, "Martin G.H. Minkler" <[EMAIL PROTECTED]> wrote:
> A little OT, but http://www.adamantix.org 's distro provides everything
> and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here fo
Karsten M. Self, 2003-11-28 13:30:28 +0100 :
[...]
> - Where to provide information. Personal websites and news
> channels served well, but an advance statement of "here's where
> you should turn in the event of an emergency" would be useful.
/me suggests the Debian Planet and Debian Help
Hi!
On Sat, 29 Nov 2003 05:10, "Martin G.H. Minkler" <[EMAIL PROTECTED]> wrote:
>> A little OT, but http://www.adamantix.org 's distro provides everything
>> and more SELinux has to offer while IMHO being a little easier to handle.
> Adamantix is not Debian. The people subscribed to this list are
On Fri, Nov 28, 2003 at 11:06:40PM +1100, Russell Coker wrote:
> > 2. When I attempt to boot into my SELinux kernel (all packages,
> > versions, and kernel configuration options at the end of this
> > message), I get an error about being unable to find
> > /usr/bin/load_policy, even wi
On Fri, Nov 28, 2003 at 11:40:12AM -0500, Colin Walters wrote:
> On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
> > Hi!
> >
> > I'm attempting to set up an SELinux system using the Debian packages
> > and am unashamed to admit that I'm a little stuck at the moment.
>
> If you're planning t
Quoting Roland Mas ([EMAIL PROTECTED]):
> /me suggests the Debian Planet and Debian Help (both .org) websites.
^^^
"Session initialisation failed." Problems?
--
Cheers,A: No.
Rick Moen Q: Should I inclu
i have a firewwall with 2 nics .. its running iptables. the outside
nic forwards port 80 to an internal webserver on an internal ip. this
works great. if an internal host hits the external ip. traffic does
not go to the internal web server. if an external host hits the
external ip traffic
Yes 'we wait for some info...
what's up the he** ???
Is this an open source project or not ???, we use it not only for apt-*** tools.
> On Thu, 27 Nov 2003, Dan Jacobson wrote:
>
> > > So, give the people some time and after the details are disclosed -
> > > learn from their experience and use
Bernd Eckenfels wrote:
Developers dont release all binary packages and users normally dont download
source packages. So it is not that easy.
Yes, I did note that "there are many wrinkles to iron out". That's not the
point I am trying to make. I don't think anyone would be foolish enough to
thin
Does it make sense to use module-disabled kernels to prevent root kits to be
used with a kernel?
Thank you, Matthias Wieser
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, 28 Nov 2003, Matthias Wieser wrote:
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
There are other ways to insert code into a running kernel. However, it may
break some automated worms or stop script kiddies who don't quite know
what t
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser:
Matthias,
AFAIK NO, it doesn't. There were programs to ENABLE modules on a
module-disabled kernel.
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
>
> Thank you, Matthias Wieser
Regards,
D
hi Matthias,
On Fri, 28 Nov 2003 10:47:50 +0100
Matthias Wieser <[EMAIL PROTECTED]> wrote:
> Does it make sense to use module-disabled kernels to prevent root kits to be
> used with a kernel?
afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not
enough.
f. soul.
--
,
Hi!
I'm attempting to set up an SELinux system using the Debian packages
and am unashamed to admit that I'm a little stuck at the moment. I
have two problems that I could use some help with:
1. I've done the bare minimum amount of tweaking of the default
policy beyond answering all the quest
François TOURDE wrote:
> Le 12383ième jour après Epoch,
> Haim Ashkenazi écrivait:
>
>> Hi
>>
>> I've got a server at our ISP's server farm which rebooted last night.
>> I've contact my ISP and no one there did nothing, also it wasn't a power
>> failure because the reboot is written in '/var/log/
Kjetil Kjernsmo schrieb:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Subject: more details on the recent compromise of debian.org machines
Date: Fri, 28 Nov 2003 01:04:00 +
http://lists.debian.org/debian-devel-announce/2003/deb
On Fri, Nov 28, 2003 at 03:03:08AM -0800, Forrest L Norvell wrote:
> I know I'm not the first person to encounter this error, because I
Yes, I'm working through some of these issues with
Russell as we speak. There are errors in
/etc/mkinitrd/scripts/selinux which builds the initrd
file.
Al
On Fri, 28 Nov 2003 22:03, Forrest L Norvell <[EMAIL PROTECTED]> wrote:
> /usr/bin/checkpolicy -o policy policy.conf
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> ERROR 'attribute file_type is not declared' at token ';' on line 867:
> #
> type device_t, file_type;
> /usr/
--Thursday, November 27, 2003 12:56:18 -0500 Eric LeBlanc <[EMAIL PROTECTED]>:
> A least, they can stay us informed about their actions... for example:
>
> 21 sep: hacked, we moved all domain to blah, bluh, blih.
> 22 sep: investiguation started, by X, X. We think it will take X
> hours/day/month
On Friday 28 November 2003 13:14, Karsten M. Self wrote:
>That announcement wasn't delivered for all users until _after_ murphy
>was resurrected. I myself got the debian-security-announce message
>mailed Nov 21 on 25 Nov 2003 15:16:56 -0800.
Hm, I got that late too, but the (unsigned) announceme
Le vendredi 28 novembre 2003 Ã 12h06 (+0100), Boris Stanislavski Ãcrivait :
> Subject: more details on the recent compromise of debian.org machines
> Date: Fri, 28 Nov 2003 01:04:00 +
> http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200311/msg00012.html
It says "Someh
On Fri, Nov 28, 2003 at 01:52:14PM +0100, Kjetil Kjernsmo wrote:
> I learnt on /. that it had been a password compromise, so that meant, it
> was in the generic class of problems. We're always vulnerable towards
> that. But, we're all likely to be vulnerable to the local exploit used
> to gain r
On Fri, 28 Nov 2003, Marcel Hicking wrote:
> I'd definitely prefer to have "them" working on getting things
> up and running again and do the forensics. They should waste a
> minute too much on reports that might proove wrong finally anyway.
Minute? Every minute is cucial... So hmm.. They don
On Fri, Nov 28, 2003 at 07:46:45PM +0700, Jean Christophe ANDR? wrote:
> May be because of the last screen local privilege escalation...?
> See there: http://www.secunia.com/advisories/10310/
Yow! TWO GIGABITS OF SEMICOLONS?
One would think someone would notice an attack like
that if it ever
* Jean Christophe ANDR? ([EMAIL PROTECTED]) wrote:
> Le vendredi 28 novembre 2003 à 12h06 (+0100), Boris Stanislavski écrivait :
> > Subject: more details on the recent compromise of debian.org machines
> > Date: Fri, 28 Nov 2003 01:04:00 +
> > http://lists.debian.org/debian-devel-announce/2003
Le vendredi 28 novembre 2003 Ã 14h21 (+), Dale Amon Ãcrivait :
> > See there: http://www.secunia.com/advisories/10310/
> Yow! TWO GIGABITS OF SEMICOLONS?
2 giga bytes.
> One would think someone would notice an attack like
> that if it ever occurred!
Not necessarly if we can generate it l
On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
> Hi!
>
> I'm attempting to set up an SELinux system using the Debian packages
> and am unashamed to admit that I'm a little stuck at the moment.
If you're planning to run a production system, I'd recommend starting
from Debian woody and Brian
On Thu, Nov 27, 2003 at 06:03:13AM -0500, Anthony DeRobertis wrote:
>
> On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
> >None of those packages are new; they are all from
> >security.debian.org and correspnod to security advisories released
> >since
> >3.0r1.
>
> Really? There were 13 or so
Alohá!
A little OT, but http://www.adamantix.org 's distro provides everything
and more SELinux has to offer while IMHO being a little easier to handle.
Don't want to discourage anybody from SELinux, especially not with
kernel 2.6 reaching production status, just my 2c ;-)
best regards
Martin
Le vendredi 28 novembre 2003 Ã 09h36 (-0500), Stephen Frost Ãcrivait :
> > It says "Somehow they got root [...]", does anybody yet know how?
> Did you *read* what they said?
Mhhh... I think so... But I'm not a native english speaker actually... :)
Did I miss something?
I read this: "(I believe) a
This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
On Sat, 29 Nov 2003 05:10, "Martin G.H. Minkler" <[EMAIL PROTECTED]> wrote:
> A little OT, but http://www.adamantix.org 's distro provides everything
> and more SELinux has to offer while IMHO being a little easier to handle.
Adamantix is not Debian. The people subscribed to this list are here fo
Hi!
On Sat, 29 Nov 2003 05:10, "Martin G.H. Minkler" <[EMAIL PROTECTED]> wrote:
>> A little OT, but http://www.adamantix.org 's distro provides everything
>> and more SELinux has to offer while IMHO being a little easier to handle.
> Adamantix is not Debian. The people subscribed to this list are
On Fri, Nov 28, 2003 at 11:06:40PM +1100, Russell Coker wrote:
> > 2. When I attempt to boot into my SELinux kernel (all packages,
> > versions, and kernel configuration options at the end of this
> > message), I get an error about being unable to find
> > /usr/bin/load_policy, even wi
On Fri, Nov 28, 2003 at 11:40:12AM -0500, Colin Walters wrote:
> On Fri, 2003-11-28 at 06:03, Forrest L Norvell wrote:
> > Hi!
> >
> > I'm attempting to set up an SELinux system using the Debian packages
> > and am unashamed to admit that I'm a little stuck at the moment.
>
> If you're planning t
Quoting Roland Mas ([EMAIL PROTECTED]):
> /me suggests the Debian Planet and Debian Help (both .org) websites.
^^^
"Session initialisation failed." Problems?
--
Cheers,A: No.
Rick Moen Q: Should I inclu
i have a firewwall with 2 nics .. its running iptables. the outside
nic forwards port 80 to an internal webserver on an internal ip. this
works great. if an internal host hits the external ip. traffic does
not go to the internal web server. if an external host hits the
external ip traffic
on Wed, Nov 26, 2003 at 09:30:05AM +0100, Martin Schulze ([EMAIL PROTECTED]) wrote:
> Dan Jacobson wrote:
> > To us debian users, the most notable thing during this break in or
> > whatever episode, is how the communication structures crumbled.
>
> It had to be re-installed. You probably know tha
On Fri, Nov 28, 2003 at 04:14:19AM -0800, Karsten M. Self wrote:
> I'll disagree with Martin's comment that the server compromise didn't
> constitute a security issue despite the lack of an archive compromise.
> For someone well versed in Debian procedures, it might have been
> plausible that the a
Karsten M. Self, 2003-11-28 13:30:28 +0100 :
[...]
> - Where to provide information. Personal websites and news
> channels served well, but an advance statement of "here's where
> you should turn in the event of an emergency" would be useful.
/me suggests the Debian Planet and Debian Help
66 matches
Mail list logo
