On Thu, May 13, 2004 at 09:02:45PM +0200, Kjetil Kjernsmo wrote:
>
> Hm, chkrootkit says that eth0 is not promiscuous... And as I said, I
> don't think I ever got Snort to work right... :-)
Are you sure that's not a bug in chkrootkit (false negative)? I introduced
a change in the Tiger [1] due
On Thu, May 13, 2004 at 05:52:36PM +0200, Kjetil Kjernsmo wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all!
>
> In turn to you with a bit of desperation now. It feels like I'm under
(...)
> And I can't for the life of me figure out where it's coming from...
(...)
I know the
On Wed, May 19, 2004 at 09:19:46PM +0200, Marcin wrote:
>
> Hello,
>
> I am trying to find solution for finding wiruses in my LAN networks.
> I am administrator of ISP router (generaly Debian of course), and in
> LAN there are litle "storm" of wiruses, trojans, spammers, etc "shits" ...
Good luc
On Wed, Jun 16, 2004 at 11:46:05AM +1200, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
Also notice that modsecurity provides a way to easily chroot your Apache
we
On Thu, Jun 17, 2004 at 03:15:51PM +0200, Kim wrote:
>Hi All.
>
>I have been working with Debian for about 3 years now using it as
>different server solutions.
>
>The other day I came about the Adamantix distribution. Adamantix is a
>distribution that aims to be very sec
On Thu, Jun 30, 2005 at 11:16:18AM +0200, neologix wrote:
> Hi everybody. I hope this question won't be too stupid.
> When I perform a standard installation (i.e minimal), the installer installs
> many servers, and launches them (like portmap, ssh, exim, etc). Why?
> I think that OpenBSD and FreeBS
On Sun, Jul 10, 2005 at 03:59:43PM +0200, Florian Weimer wrote:
> Is anybody looking at this problem in a systematic manner, or should I
> just file bugs on the more likely candidates for a security update
> (dpkg and zysnc, based on the list above and assuming that 1.1 is
> indeed not affected).
On Tue, Jul 12, 2005 at 10:09:44AM +0200, Mike Gerber wrote:
> > A tool which lists all packages which are no longer downloadable from
> > any APT source would be more helpful, I think. Does it already exist?
>
> I have a slighty inefficient script for that. I believe there are better
> ways to
On Wed, Aug 24, 2005 at 06:14:59PM +0800, Aldous Penaranda wrote:
> On Wed, 24 Aug 2005 12:07:00 +0200, Petter Reinholdtsen wrote:
>
> > Are there known security holes in sshd in oldstable (woody)?
>
> A quick bug search gave me this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413
>
>
On Wed, Aug 24, 2005 at 05:54:36PM +0100, Jose Manuel dos Santos Calhariz wrote:
> tripwire detected that the date of two binaries, bash and nano,
> changed. I have looked into the logs and between the two runs of
> tripwire, the machine didn't rebooted or had new software instaled.
>
> As I don'
On Mon, Oct 10, 2005 at 04:44:13PM +0200, Nicolai Ehemann wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello!
>
> I just (err, over the last 4 or 5 days) created a (hopefully
> standards-compliant) package for the pam_abl PAM module.
>
> The pam_abl module provides a fully config
On Wed, Nov 02, 2005 at 05:33:54PM -0800, Alvin Oga wrote:
> > The whole point of the test will be for me to monitor what's happening
>
> that you should already be seeing all the attacks you are already
> getitng just by the generic background white-noise-attacks
> - and its free ... and d
On Wed, Nov 02, 2005 at 11:14:22PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > I'm looking for (preferably) a company, or individual, to attempt to
> > breach a standard config I have created to deploy client applications
> > in production. It is intentionally a
On Fri, Nov 04, 2005 at 11:03:18AM +0200, Kostas Magkos wrote:
> Hey guys,
>
Hi there.
> Is there a more elegant solution? What is the debian way?
Read the last two examples of
/usr/share/doc/ifupdown/examples/network-interfaces.gz
Regards
Javier
PS: I know, I have to update
http://www.debian
On Wed, Nov 23, 2005 at 07:07:21PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Well, obviously it is not a _security_ bug, since it has nothing to do
> > with security.
> ...
Without looking at the bug in detail you cannot tell for sure. A DoS
condition can become
On Tue, Nov 29, 2005 at 04:34:11AM +, kevin bailey wrote:
> hi,
>
> the following output looks like i've been rooted.
Yes, it doesn't look like a false positive:
> Checking `ls'... INFECTED
> Checking `netstat'... INFECTED
> Checking `ps'... INFECTED
> Checking `top'... INFECTED
Nasty.
> S
On Thu, Dec 15, 2005 at 05:20:19PM +, kevin bailey wrote:
> > get DDOSed in retaliation (I am guessing really). Anyways on a
> > multi-user web server it difficult to track down the vulnerable cgi
> > unless you run the cgi's as the account owner (as apposed to all running
> > as www-data), and
On Thu, Dec 15, 2005 at 10:02:46PM +, kevin bailey wrote:
> >
> >> - i may need to access the server over ssh from anywhere.
> >
> > bad idea... what you can do .. the cracker can also do from "anywhere"
> >
> > at least, lock down incoming ssh from certain ip#
> > vi hosts.deny
> > ALL : AL
On Thu, Dec 15, 2005 at 05:54:34PM -0500, Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 10:19:48PM +, kevin bailey wrote:
> > good point - also the fact that the users stick their email passwords to
> > their monitors using postits!
>
> Well, at least there's still *some* level of physical s
On Fri, Dec 16, 2005 at 08:14:15AM -0500, Michael Stone wrote:
> On Fri, Dec 16, 2005 at 01:27:57PM +0100, Javier Fernández-Sanguino Peña
> wrote:
> >On Thu, Dec 15, 2005 at 05:54:34PM -0500, Noah Meyerhans wrote:
> >>Well, at least there's still *some* level of physi
On Tue, Jan 17, 2006 at 11:26:51PM +0100, Stefan Wiens wrote:
>
> I have reported this problem on Tue, 16 Nov 2004, bug ID #281656.
When reporting these bugs please send them to the Security Team, not to the
maintainer. Actually, the bug is not even tagged 'security'. Please see
http://www.debian
On Tue, Jan 24, 2006 at 12:16:43AM +0100, Jaroslaw Tabor wrote:
> Hi all!
>
> Has anyone know a network scanner I can run on Debian to search LAN for
> unprotected windows shares ? Or maybe something looking for simple
> passwords ? I'd like to automate discovering stupid users, leaving full
On Fri, Feb 03, 2006 at 11:02:33PM +0100, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is the nmap -sT scan from a friend:
I guess you both are not in the same ISP
>
> > nmap -sT internet_address
>
> Port State Service
> 25/tcp filteredsmtp
> 46/tcp openmpm-snd
> 8
On Wed, Feb 22, 2006 at 08:59:40AM -0800, Rick Moen wrote:
> Quoting aliban ([EMAIL PROTECTED]):
>
> > MS Blaster infected many million system within seconds...
>
> Relying on the vulnerable MSDE embedded SQL database engine being
> embedded into a large number of consumer software products, and
On Thu, Feb 23, 2006 at 12:47:44PM +0100, aliban wrote:
> >
> I am sorry, but I am quite new linux and debian at all and you may excuse
> my question:
>
> why is there no rule to "prompt the user" for all applications that open
> ports on non-localhost?
The default policy is a compromise between
On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote:
> On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
> > You can trigger the update via ssh or wget.
>
> The entire scheme strikes me as reinventing a mechanism which has been
> existing for years now, being called cron-apt.
I do
On Fri, Mar 03, 2006 at 02:36:38PM +0100, Loïc Minier wrote:
> This is a desktop machine, it should permit sharing of files on your
> local network. DNS servers have their port 53 open to respond to name
> resolution queries, just consider your desktop installation to be a
> name server respon
(IMHO this dicussion is reaching to a point in which it should move to
d-devel instead, but I'll keep it here)
On Thu, Mar 02, 2006 at 09:06:27PM +0100, Loïc Minier wrote:
> On Thu, Feb 23, 2006, Javier Fernández-Sanguino Peña wrote:
> > IMHO the problem here is having a mus
On Fri, Mar 03, 2006 at 06:47:34PM +0100, Loïc Minier wrote:
> Hi,
>
> On Fri, Mar 03, 2006, Henrique de Moraes Holschuh wrote:
> > Inside the network? Most managed networks have filtering at the borders, at
> > key router nodes, and if it has a more advanced distributed-firewall
> > ment
On Sat, Mar 04, 2006 at 10:31:02AM +0100, Loïc Minier wrote:
> > And for the same thing, why would a typical desktop machine provide users
> > to share even files! My desktop system at home (and my parent's and my
> > uncle's and whatnot) are completely stand-alone desktop systems, connected
> > t
On Sat, Mar 04, 2006 at 09:51:31AM +0100, Loïc Minier wrote:
> On Fri, Mar 03, 2006, Joey Hess wrote:
> > Standard Desktop task installs do not install Recommends anyway, so
> > rhythmbox does not pull in avahi-daemon in those situations and you need
> > to deal with that somehow.
>
> It's a but
On Sat, Mar 04, 2006 at 11:07:25AM +0100, Loïc Minier wrote:
> I'm doing my final pass on the deb-sec part of this discussion, I don't
> intend to participate much further, no new arguments are popping up.
Quite sincerily, this discussion is getting nowhere. There are sufficient
arguments in thi
On Sat, Mar 04, 2006 at 01:26:24PM -0500, Joey Hess wrote:
> If avahi is not running, rhythmbox prints this to std(something) on
> startup and/or when you enble sharing in its prefs:
Notice that *most* users will not see this as they will start up rhythmbox
from a GNOME application menu and not t
On Sat, Mar 04, 2006 at 11:32:20AM +0100, Loïc Minier wrote:
> On Sat, Mar 04, 2006, Javier Fernández-Sanguino Peña wrote:
> > Rhythmbox is a very easy to use music playing and management program
> > which supports a wide range of audio formats (including mp3 and ogg).
> >
On Sat, Mar 04, 2006 at 01:41:14PM -0500, Joey Hess wrote:
> > - a default GNOME install should *not* install a network service, even if
> > that
> > enabled new features to the users. Consequently, if rhythmbox is part of
> > the GNOME task, it should not pull in ahavi-daemon automatically
>
On Sat, Mar 04, 2006 at 10:12:56AM +0100, Loïc Minier wrote:
> But you're still way more secure while sitting behind a NAT with
> responsible coworkers than connected to the Internet directly, without
> any firewall, and that's where desktops sit most of the time.
Well, a NATed gateway is not t
On Mon, May 15, 2006 at 05:09:28PM +0200, Uwe Hermann wrote:
> Hi,
>
> just a random question I wanted to ask for quite a while now:
>
> What is "the Debian way" to prevent any daemon from ever starting,
> whether upon reboot, upon upgrade, upon new install etc.
Please see
http://www.debian.org/
I've recently uploaded a new version of Bastille (the *nix hardening tool,
more info at http://bastille-linux.org) to the 'experimental' archive. The
version of the package is 3.0.9-1 and it should work without any glitches in
any sid / testing / stable Debian system. It can be downloaded from
ht
On Sun, Sep 17, 2006 at 10:50:47AM +0200, Mario Fux wrote:
> > change
> > /sbin/shutdown -t1 -a -r now
> > for /bin/false
> > or anything else you whant to happen with ctrl-alt-delete
>
> Yes, I know. I seem to be unprecise. In harden-doc is written that when the
> -a
> option is included only u
On Tue, Oct 17, 2006 at 01:07:08PM -0700, headshot wrote:
> Thanks!
Is this a question? I provided a version of NessusClient (1.0.0.rc1) at
http://people.debian.org/~jfs/nessus/client/ but I have not received any
comments on it.
If you want to test it out, go ahead.
Regards
Javier
signature.
On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
> I encouter an fake MAC address problem:
>
> I found that on ARP table of my computer, all IP addresses in my LAN
> have a same and pecular MAC address. On ARP table of two other
> computers in the same LAN as mine, different IP addresses
On Thu, Oct 19, 2006 at 07:53:29AM +0800, Lestat V wrote:
> I tried using "arp -an -i eth0" plus "arping [MAC]", and results:
> dance:/home/lestat# arp -an -i eth0
> ? (10.100.105.251) at 00:07:84:52:55:3C [ether] on eth0
> ? (10.100.105.252) at 00:07:84:52:55:3D [ether] on eth0
> ? (10.100.105.250
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote:
> On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote:
> >On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> >> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
>
> I tried &q
On Mon, Nov 06, 2006 at 11:19:20AM +0100, Heilig Szabolcs wrote:
> Hello!
>
> >http://jesusch.de/~jesusch/tmp/access.log
>
> There are many log entries with "something=http://"; style
> pattern. These are common attack methods against default configured
> servers with poorly written applications.
On Mon, Nov 20, 2006 at 09:33:14PM -0700, s. keeling wrote:
>
> I'm wondering whether there might be some "secure temporary file
> checklist" which should be part of the
> indoctrinationinitiation phase for DDs?
Well, I tried to write some information for DDs in the "Securing Debian
Manual": Chap
On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote:
> Do you have a strategy or anything to automate this task a little more?
> The server farm is growing and i might have to look after 20 or 30
> installations soon. I can already see myself updating ubuntu/debian
> installations all day long :(
On Fri, Dec 22, 2006 at 01:51:20PM +0100, Loïc Minier wrote:
> Would someone be so kind to either correct me or to help me word why
> this is a bad idea?
This is a bad idea because, if mach creates (on installation)
/var/tmp/mach/something, and a
rogue user creates (before installation) /var/tm
On Sat, Dec 23, 2006 at 11:20:12AM +0100, Loïc Minier wrote:
> On Fri, Dec 22, 2006, Javier Fernández-Sanguino Peña wrote:
> > I don't know how mach operates precisely, would you care to elaborate how
> > and
> > when does it use /var/tmp/mach/? What files are created th
On Tue, Jan 09, 2007 at 08:08:36PM +0100, Florian Weimer wrote:
> Does anyone publish Debian-specific OVAL signatures? Do you think
> there is a need for them?
Not that I know of, but I have a converter to OVAL signatures that can
generate the XML files from the website contents. But somebody has
On Wed, Jan 10, 2007 at 07:23:36PM +0100, Moritz Muehlenhoff wrote:
> > Do you think there is a need for them?
>
> No, too much beaucracy for too little gain.
What bureaucracy? Unlike CVE names, each vendor can generate their own OVAL
signatures. For example:
http://people.redhat.com/mjc/oval/
fo
Just a quick note to let people know that I have just upload packages for
Snort version 2.7 (released some weeks ago) into experimental. I've also made
an upload to the Snort 2.3 packages with a new set of rules (the 'Community
rules') which increases the IDS signature ruleset by over 800 new sign
On Sun, Aug 12, 2007 at 01:16:57PM -0700, Wade Richards wrote:
> 2) If you really don't like the log messages, then reconfigure your firewall
> to not
>log dropped packets.
Actually, it might be best to just drop (and not log) packets to these ports
which are flowding your messages' log and l
On Mon, Aug 20, 2007 at 09:04:18AM +, [EMAIL PROTECTED] wrote:
> > I'm no security expert, but I would suggest that a benefit of
> > 'Personal' firewalls is the provision of a simple, systematic way of
> > restricting access to services. Yes, many apps offer some way of doing
> > this, but rem
On Fri, Aug 17, 2007 at 12:24:27AM +0200, Izak Burger wrote:
> On 8/16/07, Jack T Mudge III <[EMAIL PROTECTED]> wrote:
> > My personal view is that there are plenty of simpler distributions out
> > there,
> > knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
> > who need
On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
> PS 2: While we are at it: debian by default also does not install or
> enable an automated system to install security updates. It is the
> responsibility of the user to decide whether and when security updates
> are installed.
On Tue, Aug 21, 2007 at 09:32:35AM +, [EMAIL PROTECTED] wrote:
> is one of those installed by default ?
No, as I said, users have to select one of them and install it themselves.
Regards
Javier
signature.asc
Description: Digital signature
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
> Not exactly true. Debian adds security repositories to apt's sources,
> that's true. But it does _not_ automatically install them on your
> system. It was my point that debian does not by default provide an
> automated system to
On Tue, Aug 21, 2007 at 09:06:18AM +, [EMAIL PROTECTED] wrote:
> I imagine one of the available options would send you an email ?
> or you could stick it the MOTD ...
> whatabout headless web-interface controlled systems ?
For those systems there's cron-apt and debsecan. Your choice. Both use
On Fri, Aug 17, 2007 at 03:04:42PM -0700, Jack T Mudge III wrote:
> On Thursday 16 August 2007 15:09, R. W. Rodolico wrote:
> > Unfortunately, I have to point to some of the
> > user oriented firewalls you get for windoze (which, to my knowledge, Linux
> > does not have). When they are installed, t
On Tue, Aug 21, 2007 at 05:13:43PM +0200, Johannes Wiedersich wrote:
> >
> > Educating users also involves raising awareness that they *have* to keep
> > their system up-to-date with security patches both to prevent local and
> > remote exploits. The fact that KDE (or Xfce) does not have an equiva
On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
> - From the documentation I gather, that update-manager would probably work
> on kde, but that it just checks, if the package information has changed.
> This would have to occur either manually or by some cron job, cron-apt
> etc
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
> > Did you actually tried update-notifier on KDE?
>
> Yes, it was installed on my system for some months, but it never
> informed me about any update. (I get informed via
> debian-security-announce, though and install updates '
On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
> Simply installing update-manager (on etch) does not necessarily notify
> the user of security updates. It might 'automagically' work in some
> situations, but as long as it doesn't do so in _any_ situation it will
> just make ne
On Fri, Nov 02, 2007 at 09:35:16PM +0100, Julian Heinbokel wrote:
> Am Donnerstag, 1. November 2007 07:06 schrieb Russ Allbery:
> i found the instructions in /usr/share/doc/rssh/CHROOT.gz incomplete, so
> after a long search i copied together this (ugly) skript, but by reading
> it you might find t
On Fri, Dec 14, 2007 at 04:10:21PM +0100, Daniel Leidert wrote:
> Now I know, some upstream authors automatically provide (signed) MD5
> sums together with their packages (I do for example). Is there anything
> in the Debian packaging architecture to automatically get and compare
> the MD5 hash of
On Wed, Jan 23, 2008 at 01:15:18PM -0600, William Twomey wrote:
> I guess my point is if the 'iptables' package is installed by default on
> Debian, then better integration with Debian would probably be a good
> idea.
Iptables provides the tools, the init.d script was removed since it
conflicte
On Wed, Jan 23, 2008 at 11:22:41PM +0100, Florian Weimer wrote:
> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can underst
On Mon, Jan 28, 2008 at 06:43:27PM +0100, Florian Weimer wrote:
> > Debian has a policy to install as few network services as possible in a
> > default install and bind them to the loopback interface if possible.
>
> Where is this described in Policy?
Maybe 'policy' was a rather strict word. Actu
On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
> RHEL and derivatives: 7 years
RHEL does offer support for 7 years, but that's paid-for support. Notice that
you *cannot* use official RHEL updates without paying for it (up2date
requires a paid subscription to Red Hat's Network).
>
> What might concern you is Spanish law regarding the use/import of
> cryptography.
>
Which law might that be? Last I checked there was none.
Javi
>
> BTW, What ever happened to the EU urging citizens to use
> cryptography because of ECHELON?
I've doing some research... mainly on www.europa.eu.int. Maybe this
enligtens you:
http://europa.eu.int/ISPO/eif/InternetPoliciesSite/Crime/PublicHearingPresentations/AOL.html
Even there is some debat
On Sun, Oct 13, 2002 at 02:48:15PM +0200, WebMaster wrote:
> hi all,
>
>
> is there a monster bug in nessus for woody?
>
> i scaned a woody server from 2 differents hosts (woody server also)
(...)
> it detected a trinoo for linux
The 'trinoo' test in Nessus is (was?) flawed and led to
Consider this:
$ sudo lsof -ni |grep named
named 3267 root4u IPv4 512 UDP *:32770
named 3267 root 20u IPv4 508 UDP 127.0.0.1:domain
named 3267 root 21u IPv4 509 TCP 127.0.0.1:domain
(LISTEN)
named 3267 root 22u IPv4
On Tue, Oct 15, 2002 at 11:50:10AM +0200, Christian Schuerer-Waldheim wrote:
> Hi!
>
>
> > Any ideas on why there is a single UDP port open? My configuration is
> > pretty simple, no controls configured for the name server and a 'listen-on
> > port 53' statement in the config file
>
> As I
On Tue, Oct 15, 2002 at 01:33:38PM +0200, Kjetil Kjernsmo wrote:
> Hi everybody!
>
> Now, I have finally configured all the security features that I wanted,
(...)
>
> Well, I don't know if I should be alarmed, I guess the whole reason for
> running nessus is to be alarmed, so I am... :-) And it
jOn Tue, Oct 15, 2002 at 02:11:51PM +0200, Kjetil Kjernsmo wrote:
> On Tuesday 15 October 2002 13:59, Javier Fernández-Sanguino Peña wrote:
> > Try to reproduce this behavior. You can launch the attacks
> > manually using 'nasl name-of-the-script' and trace the mai
On Wed, Oct 16, 2002 at 11:08:11AM +0200, Massimiliano Mirra wrote:
>
> Am I missing something or should a bug be filed?
I would say a bug needs to be fixed (based on your account of
the issue :) Let the maintainer/security team, take a further look into
this..
Javi
I'm starting to get bored of pople replying nonsense without
tesint it themselves.
On Fri, Oct 18, 2002 at 09:19:01PM +0200, Vasarhelyi asd Daniel wrote:
> > issue(5) might help some of you about pre-login banner and daemon(s)
> > banner version.
> Banner gets diplayed _after_ successful l
On Fri, Oct 18, 2002 at 11:08:52AM -0400, Phillip Hofmeister wrote:
> On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
> > Why isn't it done by default ?
> You would have to ask the maintainer...
>
Oh! Better: file a bug. No! Wait! It's already done [1]
>:-|
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> There is obviously more than one solution here, so I'm looking for
> recommendations. We care about security; we don't want to run any
> services we don't need, etc. Reliability is key, so your uncle's
> friend's broth
On Sat, Oct 19, 2002 at 01:29:40PM +0200, Alexander Neumann wrote:
> Hi Jesus,
>
> Jesus Climent wrote:
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained manually.
>
> You can try 'jailtool', if you like:
>
> $ apt-cache show jailtool
> [..
On Thu, Oct 24, 2002 at 09:22:16PM -0400, Hubert Chan wrote:
> > "Michael" == Michael West <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Michael> I would like to ignore this, so I copy the file to:
> Michael> /etc/tiger/check_accounts.template so that it will no longer be
> Michael> reported. Bu
On Wed, Oct 30, 2002 at 11:43:28PM +0100, J.J. van Gorkum wrote:
>
> Maybe I'm too much an old school admin but 'they' allways told me to
> move all the libraries into the chroot environment (no symlinks
> watsoever) and even (if possible) move the whole chroot environment
> onto an special (read
On Sat, Nov 02, 2002 at 01:18:03PM +, Carlos Sousa wrote:
>
> # pwck -r
> user news: directory /var/spool/news does not exist
> user uucp: directory /var/spool/uucp does not exist
> user majordom: directory /usr/lib/majordomo does not exist
> user postgres: directory /var/lib/postgres does not
On Wed, Nov 13, 2002 at 12:31:48AM -0500, Roger Ward wrote:
> It is my understanding all of these vulnerabilities exist in the *stock*
> version of Bind 8.3.3-REL from ISC.
>
> Have any of these issues been addressed in the current version?
I can't speak for the security team (since I'm
On Tue, Nov 26, 2002 at 09:50:16PM +0100, Thomas Fischer wrote:
> hi Ted
>
> On Tue, Nov 26, 2002 at 09:19:43AM -0800, Ted Parvu wrote:
> > Hmmm, my bad
> >
> > No need to dredge up an old topic. However, I could
> > not find a FAQ for this list? Does one exist?
> >
>
> not a faq, but i
On Fri, Nov 29, 2002 at 03:50:09PM +0100, Fred Bowman wrote:
> hi there.
>
(..)
>
> i checked the debian webpage, faq and searched mailing list but with no
> result.
> thanx for any hint!
You didn't look (deeply) enough:
http://www.debian.org/doc/user-manuals#securing
more spec
On Mon, Dec 02, 2002 at 11:13:28AM -, Andy Coates wrote:
>
> Netbios related probes I think (windows machines). If you don't have
> any win machines, ignore it.
>
> Easiest place for these sort of queries is google - plenty of people ask
> the same type of questions.
>
Better yet:
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
>
> If so, are there any special steps required to integrate such a
> download into our Debian Woody system ?
Yes. See below.
>
> Alternatively, I note there are later signature packages in testing
> and unstable - can we use th
On Sat, Dec 07, 2002 at 02:46:01AM +, Nick Boyce wrote:
> I'd suggest maybe a note about V1.8.4 being "useless" should be added
> to http://packages.debian.org/stable/net/snort.html, along with some
> advice about getting signature updates (i.e. roll your own).
Why not file a bug?
>
>
On Sat, Dec 07, 2002 at 12:52:02AM +0100, Marcus Frings wrote:
> Any comments concerning this are very welcome.
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and prepa
On Mon, Dec 09, 2002 at 12:32:21AM +, Nick Boyce wrote:
> >On Sat, Dec 07, 2002 at 02:46:01AM +, Nick Boyce wrote:
> >> I'd suggest maybe a note about V1.8.4 being "useless" should be added
> >> to http://packages.debian.org/stable/net/snort.html, along with some
> >> advice about getting s
I was just wondering. Has anyone built one of the 'Fran CISCO' firewalls?
Read this and enjoy:
(in Spanish)
http://www.ofp-spain.com/franCISCO/
(english translation by Google)
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ofp-spain.com%2FfranCISCO%2F&langpair=es%7Cen&hl=es&ie=UTF-8&oe=U
On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
>
> In my opinion shorewall must be started as soon as network is up.
>
> What does list sugguests ? Is this a security problem ?
Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling scri
On Thu, Dec 12, 2002 at 01:07:48PM -0800, Jeremy A. Puhlman wrote:
>
> Actually that seems to be a highly secure firewall...Firewalls with no power
> cannot
> be compromised via the network:-)
Neither can this one:
http://www.ranum.com/pubs/a1fwall/
:)
Javi
pgprCjwQ1Z3Sc.pgp
Des
On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote:
> There have been several responses to Yogesh's question, but none
> of them provide a clear and straightforward answer.
Ok. Let me try again: this is a security risk.
A gateway firewall _needs_ to be setup the following way:
0.- s
On Fri, Dec 13, 2002 at 05:17:09PM +0200, Pavel Minev Penev wrote:
> /etc/network/interfaces
>
> pre-up
>
I know you can do it there. Unfortunately, firewall packages in
debian (even ones I have packaged) do not do this properyl (yet).
Regards
Javi
pgpv1X9dTJ7IA.
On Sat, Dec 14, 2002 at 02:27:48PM +0100, Matthias Hentges wrote:
> Hello all!
>
> I'm in the process of setting up a dedicated firewall for my home
> network. It only runs four services: smtp, snmp, ssh and fwlogwatch.
(...)
> but snmpd still listens on port 199/tcp (smux) on my internet IP.
(..
On Wed, Dec 18, 2002 at 11:42:16AM +0200, Haim Ashkenazi wrote:
> Hi
>
(...)
>
> I thought about 2 solutions so far:
> 1. putting iptables on all the other computers in the DMZ.
> 2. connecting this host to another VLAN and set this
>configuration on the switch (I hav
On Sat, Jan 04, 2003 at 09:00:45PM +0200, Martynas Domarkas wrote:
> Hi, I'm currently trying to use makejail... it does not work very good.
Could you elaborate more on this? I would like to know which issues
have you come up with.
Also, you might want to take a loot at the (recen
1 - 100 of 471 matches
Mail list logo
