Do we have any plans in the works for a fix similar to what Red Hat are
doing?
Running potato here, and the permissions on /dev/gpmctl are indeed 777.
I am thinking about changing the group ownership on mine to "mouse"
(creating that group) and using the /etc/security/group.conf mechanism
to put
I was just about to send this to bugs with a severity of "wishlist" but
then I figured maybe I'd throw it out here first.
Package: login
Version: 19990827-20
Severity: wishlist
Hello. I was reading the login.defs man page and noted this:
CONSOLE /etc/consoles
On Thu, Jul 27, 2000 at 11:56:03PM -0800, Ethan Benson wrote:
> pam_group is only relativly secure if your system is installed and
> configured a certain way:
Yup, some of that is mentioned in the documentation... nevertheless, it
would be a big improvement over making the socket world-writable.
On Sat, Jul 29, 2000 at 02:41:51PM -0800, Ethan Benson wrote:
> we we could just fix the DoS in gpm, no?
Presumably so, though I'm not sure how the internals of gpm work... it
is conceivable that any data written to that socket in the right format
(or whatever) would be read as valid by the gpm p
On Fri, Sep 01, 2000 at 02:39:04PM -0400, Wesley A. Wannemacher wrote:
> I have a Linux machine that has been recently
> rooted. I have found many strange things on the
>
> Why is there an extra '..'? There was also a
Most likely one of them is really named ".. " or something like
that. Check
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote:
> I have some files that I would like to store encrypted. Of course I can
See also PPDD:
http://linux01.gwdg.de/~alatham/ppdd.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Conta
On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote:
> Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
> OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
> original poster was talking about OPIE...
Using OPIE doesn't mean you
Is there someplace on debian.org from which I can get a file or files
containing the md5sums of all the packages? Not the packages' contents,
but the packages themselves.
I have some ISOs I got from another site (linuxiso.org) and I would like
to confirm the sums of all the packages before I use
On Sun, Oct 29, 2000 at 03:52:40PM +, sena wrote:
> Why not check the sums of the ISOs? I'm sure the site where you downloaded
> them must have the md5sums for the ISOs...
Yes they do, and I have checked them. But this is putting an additional
layer of trust into whoever created the ISO. Th
On Thu, Nov 30, 2000 at 11:38:09PM -0600, Michael Janssen (CS/MATH stud.) wrote:
> I was wondering, in my thought ramblings, if there was a easy way to
> replace ALL binaries that are in a installed package with their
> (hoprfully) original states. i.e. If a machine was to fall victim to
> a roo
On Mon, Dec 11, 2000 at 04:26:45PM -0300, Eduardo Gargiulo wrote:
> I'm new using mutt.
> I want to send my messeges clear signed, but I can't.
> I'm using gnupg, and I put in my .muttrc
> set pgp_sign_command="gpg --clearsign"
> but the signature is attached in binary format. How can I sign my
On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> *Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
> soon.
>
> So, for all of you.. new thread? : check
Does anyone know if our "default" ftp daemon from the ftpd package is
vulnerable to the recent issue found with the OpenBSD ftpd? I don't see
anything about it in the BTS, but I haven't heard anyone ask, either. ;)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe".
Do we have any plans in the works for a fix similar to what Red Hat are
doing?
Running potato here, and the permissions on /dev/gpmctl are indeed 777.
I am thinking about changing the group ownership on mine to "mouse"
(creating that group) and using the /etc/security/group.conf mechanism
to put
I was just about to send this to bugs with a severity of "wishlist" but
then I figured maybe I'd throw it out here first.
Package: login
Version: 19990827-20
Severity: wishlist
Hello. I was reading the login.defs man page and noted this:
CONSOLE /etc/consoles
o
On Thu, Jul 27, 2000 at 11:56:03PM -0800, Ethan Benson wrote:
> pam_group is only relativly secure if your system is installed and
> configured a certain way:
Yup, some of that is mentioned in the documentation... nevertheless, it
would be a big improvement over making the socket world-writable.
On Sat, Jul 29, 2000 at 02:41:51PM -0800, Ethan Benson wrote:
> we we could just fix the DoS in gpm, no?
Presumably so, though I'm not sure how the internals of gpm work... it
is conceivable that any data written to that socket in the right format
(or whatever) would be read as valid by the gpm pr
On Fri, Sep 01, 2000 at 02:39:04PM -0400, Wesley A. Wannemacher wrote:
> I have a Linux machine that has been recently
> rooted. I have found many strange things on the
>
> Why is there an extra '..'? There was also a
Most likely one of them is really named ".. " or something like
that. Check f
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote:
> I have some files that I would like to store encrypted. Of course I can
See also PPDD:
http://linux01.gwdg.de/~alatham/ppdd.html
On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote:
> Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
> OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
> original poster was talking about OPIE...
Using OPIE doesn't mean you h
Is there someplace on debian.org from which I can get a file or files
containing the md5sums of all the packages? Not the packages' contents,
but the packages themselves.
I have some ISOs I got from another site (linuxiso.org) and I would like
to confirm the sums of all the packages before I use
On Sun, Oct 29, 2000 at 03:52:40PM +, sena wrote:
> Why not check the sums of the ISOs? I'm sure the site where you downloaded
> them must have the md5sums for the ISOs...
Yes they do, and I have checked them. But this is putting an additional
layer of trust into whoever created the ISO. Tha
On Mon, Dec 11, 2000 at 04:26:45PM -0300, Eduardo Gargiulo wrote:
> I'm new using mutt.
> I want to send my messeges clear signed, but I can't.
> I'm using gnupg, and I put in my .muttrc
> set pgp_sign_command="gpg --clearsign"
> but the signature is attached in binary format. How can I sign my
On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> *Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with
> it
> soon.
>
> So, for all of you.. new thread? : che
Does anyone know if our "default" ftp daemon from the ftpd package is
vulnerable to the recent issue found with the OpenBSD ftpd? I don't see
anything about it in the BTS, but I haven't heard anyone ask, either. ;)
On Thu, Nov 30, 2000 at 11:38:09PM -0600, Michael Janssen (CS/MATH stud.) wrote:
> I was wondering, in my thought ramblings, if there was a easy way to
> replace ALL binaries that are in a installed package with their
> (hoprfully) original states. i.e. If a machine was to fall victim to
> a root
On Fri, Feb 02, 2001 at 07:08:57PM +0100, Philippe BARNETCHE wrote:
> I still don't understand how to handle with mutt the mails that have been pgp
> signed with kmail.
Are you talking about verifying signatures?
I usually just pipe mine through gpg --verify...
| gpg --verify
Works for me. (T
On Sat, Feb 03, 2001 at 12:38:47PM -0700, Troy Telford wrote:
> I would like to use the state-tracking for IRC, but simply having the
> --state established,related (and new... but I don't think that's
> necessary) --sport irc(d) options doesn't seem to do anything...
Correct, "NEW" is not nece
On Mon, Feb 12, 2001 at 03:14:23PM +0100, Thomas Gebhardt wrote:
> A quick test with OpenSSH 2.3 + sftp 0.9.5 and SSH 2.1 Windows
> Client did not succeed.
I had similar failures with scp, sftp, and gftp using the OpenSSH-2.3.0
server. IIRC my server logs had something like "... we do not read...
On Sat, Feb 10, 2001 at 07:54:49PM +0100, Carel Fellinger wrote:
> [-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
> gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399
> gpg: Good signature from "Marco Ghidinelli <[EMAIL PROTECTED]>"
> gpg: WARNING: Th
On Mon, Mar 05, 2001 at 10:48:23AM -0500, K 0 wrote:
> i un tarred-gziiped it and saw no installation instructions nor configure
> scripts ... a straight make does work too.
Sounds like you got the wrong tarball.
Did you get it from this page?
http://www.openssh.com/portable.html
On Fri, Mar 09, 2001 at 08:47:41AM -0400, Peter Cordes wrote:
> Yes. It uses rp_filter (this is controlled in /proc/sys/... Read
Also by:
/etc/ipmasq/rules/I15lospoof.def
if you have the ipmasq package installed:
# deny and log all packets trying to come in from a 127.0.0.0/8 address
# over
On Fri, Mar 09, 2001 at 08:49:54PM +, Jim Breton wrote:
> # deny and log all packets trying to come in from a 127.0.0.0/8 address
> # over a non-'lo' interface
Oops. Just occurred to me that this is not what you were asking about.
Why do I do such things?
Anyway.
/
On Fri, Mar 09, 2001 at 10:09:13PM -0600, Ted Cabeen wrote:
> Actually we trap illegal packets like this one in I15lospoof.def.
>
> :#: Deny and log all packets trying to come in from a 127.0.0.0/8 address
> :#: over a non-'lo' interface
Double-check that against the original question:
"is deb
On Sat, Mar 10, 2001 at 10:22:48AM -0600, Ted Cabeen wrote:
> if (BADCLASS(daddr) || ZERONET(daddr) || LOOPBACK(daddr))
> goto martian_destination;
>
> This is part of the routing check for incoming packets. It should take
> care of the problem being discussed. :)
>
> (I
On Mon, Mar 12, 2001 at 02:31:57PM -0400, Peter Cordes wrote:
> Doesn't rp_filter do this, or am I missing something? It should make the
> kernel drop packets coming in on interfaces they shouldn't be, e.g. 10.0.0.0
> packets coming from an interface to 192.168.1.0.
It does do what you describe;
On Mon, Mar 12, 2001 at 06:58:07PM -0400, Peter Cordes wrote:
> On Mon, Mar 12, 2001 at 06:36:25PM +0000, Jim Breton wrote:
> > It does do what you describe; however the original question is about
> > evil packet _destinations_ and not evil packet _sources._
>
> No,
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
> Is there any reason for eth0 to be showing PROMISC all the time or is this
Some apps put the card into promisc mode and do not turn off promisc
when you exit.
On Mon, Apr 09, 2001 at 01:42:25AM +0200, Robert Magier wrote:
> I have seen this since I installed 2.4.0 kernel and iptables.
http://netfilter.samba.org/netfilter-faq-3.html#ss3.1
On Mon, Apr 09, 2001 at 03:20:00PM -0400, Noah L. Meyerhans wrote:
> Ask yourself this: *Why* should ICMP be filtered? What are you gaining?
> Do you sleep better at night knowing that your machine won't respond to
> pings? It really doesn't make you any safer.
What are you gaining by responding
On Tue, Apr 10, 2001 at 12:13:52PM +0200, Vaclav Hula wrote:
> RFC compliancy isn't enough? IMHO should be.
Someone else has already responded to this; but no, RFC compliance
doesn't necessarily tell us the best thing to do for every situation.
Take syn cookies for example.
> > A decent policy
On Thu, Apr 12, 2001 at 12:38:10AM +, Adam Olsen wrote:
> So my question: how do I set this up properly?
Not with sudo. ;)
chgrp adm /var/log/syslog # change group of file to "adm"
adduser (yourself) adm # put yourself into group "adm"
logout
log in again
:bam:
;D
On Wed, Apr 11, 2001 at 10:10:38PM -0700, Jamie Heilman wrote:
> Dan Bernstein's multilog program is the only logger I've seen that offers
> various reliability guarentees and actually delivers on them, but it has
> some prerequisites for usage that can frequently be difficult to meet.
> What I'd
On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> I know that UNIX does it so that normal users can't seem like legit and
> important services, but there surely must be some better way of delegating a
> port below 1024 to a deamon.
Well, at least on Linux, and with the right set of
On Thu, May 24, 2001 at 04:10:13PM +0900, Curt Howland wrote:
> the last two i understand, as well as domain, but sunrpc and 1171?
man fuser. Look for the "-n" option.
> i've cleaned up everything i can think of, but X11R6 says it still needs the
> RPC packages.
Why does/would X11 require RPC?
On Sun, May 27, 2001 at 02:13:13PM +0200, Tomasz Olszewski wrote:
> manual) this is not exactly what I was looking for but I think I'll try
Yep... actually this _is_ the correct way to deal with this.
I created this file with the following contents:
#!/bin/sh
exec /usr/bin/X11/X -nolisten tcp "$
On Mon, May 28, 2001 at 01:46:07PM +0200, Tomasz Olszewski wrote:
> If an user
> creates his own $HOME/.xserverrc, it overrides the system wide
> xserverrc.
So make /usr/bin/X11/X a wrapper for the "real" X.
Problem with this is, if you upgrade or re-install the package
containing it, it will get
On Mon, May 28, 2001 at 11:09:29PM -0400, S. Kraig wrote:
> the 'international kernel' and after enabling that form of encryption...
> so where do I start in doing this?
http://www.kerneli.org/
On Tue, May 29, 2001 at 11:54:29PM -0800, Ethan Benson wrote:
> trouble is when your dealing with corrupt/fascist/evil
> government/regimes encryption isn't going to do you much good, either
> they will throw you in prison for refusing to disclose the decryption
> key or worse they will use methods
On Sat, May 26, 2001 at 11:34:00PM +0200, Tomasz Olszewski wrote:
> just modified /usr/X11R6/bin/startx but wat id someone launches plain
> xinit?
On Tue, May 29, 2001 at 01:50:10PM +0200, Tomasz Olszewski wrote:
> I was thinking about it but I thought there may be a more "civilized"
> way ;) Howe
On Fri, Jun 01, 2001 at 10:25:24PM +0200, Tomasz Olszewski wrote:
> OK, I mentioned both startx and xinit but when I was talking about
> ignoring the global xinitrc I reffered to xinit (because startx was
> already not a problem).
Oh ok.
P.S. if you do modify the startx script it will be over-wri
On Sun, Jun 03, 2001 at 07:44:00AM +, Adam Olsen wrote:
> So here I was playing around with some stuff in Quakeforge, and I see
> a FISH swim across my root windows. Not surprisingly, my first
> thought was HUH?! Second was probably WTF...
http://marc.theaimsgroup.com/?t=9905757464&w=2&
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote:
>$ locate private | grep "/home/pzn/private"
> the whole contents of my private dir suddenly appears here...
Did you run "updatedb" as root anytime recently?
Notice that by default, this command is run (from cron) as us
On Wed, Jun 13, 2001 at 10:48:22AM +0200, Craig wrote:
> Now what i need to know, is woody stable enough for a proxy/firewall machine
I do not know the answer to this as I haven't really used woody yet.
But, the stuff you need to make it work smoothly on a potato box can be
found starting from her
On Sun, Jun 17, 2001 at 02:44:48AM -0800, Ethan Benson wrote:
>
> compiling without module support would be mostly the same as just
>
> lcap CAP_SYS_MODULE
Fwiw, I have heard (though not tested myself) that even if you compile
your kernel _without_ loadable module support, you will still be ab
On Fri, Feb 02, 2001 at 07:08:57PM +0100, Philippe BARNETCHE wrote:
> I still don't understand how to handle with mutt the mails that have been pgp signed
>with kmail.
Are you talking about verifying signatures?
I usually just pipe mine through gpg --verify...
| gpg --verify
Works for me. (T
On Sat, Feb 03, 2001 at 12:38:47PM -0700, Troy Telford wrote:
> I would like to use the state-tracking for IRC, but simply having the
> --state established,related (and new... but I don't think that's
> necessary) --sport irc(d) options doesn't seem to do anything...
Correct, "NEW" is not nec
On Mon, Feb 12, 2001 at 03:14:23PM +0100, Thomas Gebhardt wrote:
> A quick test with OpenSSH 2.3 + sftp 0.9.5 and SSH 2.1 Windows
> Client did not succeed.
I had similar failures with scp, sftp, and gftp using the OpenSSH-2.3.0
server. IIRC my server logs had something like "... we do not read..
On Sat, Feb 10, 2001 at 07:54:49PM +0100, Carel Fellinger wrote:
> [-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
> gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399
> gpg: Good signature from "Marco Ghidinelli <[EMAIL PROTECTED]>"
> gpg: WARNING: T
On Mon, Mar 05, 2001 at 10:48:23AM -0500, K 0 wrote:
> i un tarred-gziiped it and saw no installation instructions nor configure
> scripts ... a straight make does work too.
Sounds like you got the wrong tarball.
Did you get it from this page?
http://www.openssh.com/portable.html
--
To UNSU
On Fri, Mar 09, 2001 at 08:47:41AM -0400, Peter Cordes wrote:
> Yes. It uses rp_filter (this is controlled in /proc/sys/... Read
Also by:
/etc/ipmasq/rules/I15lospoof.def
if you have the ipmasq package installed:
# deny and log all packets trying to come in from a 127.0.0.0/8 address
# over
On Fri, Mar 09, 2001 at 08:49:54PM +, Jim Breton wrote:
> # deny and log all packets trying to come in from a 127.0.0.0/8 address
> # over a non-'lo' interface
Oops. Just occurred to me that this is not what you were asking about.
Why do I do such things?
Anyway.
/
On Fri, Mar 09, 2001 at 10:09:13PM -0600, Ted Cabeen wrote:
> Actually we trap illegal packets like this one in I15lospoof.def.
>
> :#: Deny and log all packets trying to come in from a 127.0.0.0/8 address
> :#: over a non-'lo' interface
Double-check that against the original question:
"is de
On Sat, Mar 10, 2001 at 10:22:48AM -0600, Ted Cabeen wrote:
> if (BADCLASS(daddr) || ZERONET(daddr) || LOOPBACK(daddr))
> goto martian_destination;
>
> This is part of the routing check for incoming packets. It should take
> care of the problem being discussed. :)
>
> (
On Mon, Mar 12, 2001 at 02:31:57PM -0400, Peter Cordes wrote:
> Doesn't rp_filter do this, or am I missing something? It should make the
> kernel drop packets coming in on interfaces they shouldn't be, e.g. 10.0.0.0
> packets coming from an interface to 192.168.1.0.
It does do what you describe
On Mon, Mar 12, 2001 at 06:58:07PM -0400, Peter Cordes wrote:
> On Mon, Mar 12, 2001 at 06:36:25PM +0000, Jim Breton wrote:
> > It does do what you describe; however the original question is about
> > evil packet _destinations_ and not evil packet _sources._
>
> No,
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
> Is there any reason for eth0 to be showing PROMISC all the time or is this
Some apps put the card into promisc mode and do not turn off promisc
when you exit.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscri
On Mon, Apr 09, 2001 at 01:42:25AM +0200, Robert Magier wrote:
> I have seen this since I installed 2.4.0 kernel and iptables.
http://netfilter.samba.org/netfilter-faq-3.html#ss3.1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTE
On Mon, Apr 09, 2001 at 03:20:00PM -0400, Noah L. Meyerhans wrote:
> Ask yourself this: *Why* should ICMP be filtered? What are you gaining?
> Do you sleep better at night knowing that your machine won't respond to
> pings? It really doesn't make you any safer.
What are you gaining by respondin
On Tue, Apr 10, 2001 at 12:13:52PM +0200, Vaclav Hula wrote:
> RFC compliancy isn't enough? IMHO should be.
Someone else has already responded to this; but no, RFC compliance
doesn't necessarily tell us the best thing to do for every situation.
Take syn cookies for example.
> > A decent policy
On Thu, Apr 12, 2001 at 12:38:10AM +, Adam Olsen wrote:
> So my question: how do I set this up properly?
Not with sudo. ;)
chgrp adm /var/log/syslog # change group of file to "adm"
adduser (yourself) adm # put yourself into group "adm"
logout
log in again
:bam:
;D
--
To UNSUBSCRIBE, e
On Wed, Apr 11, 2001 at 10:10:38PM -0700, Jamie Heilman wrote:
> Dan Bernstein's multilog program is the only logger I've seen that offers
> various reliability guarentees and actually delivers on them, but it has
> some prerequisites for usage that can frequently be difficult to meet.
> What I'
On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> I know that UNIX does it so that normal users can't seem like legit and
> important services, but there surely must be some better way of delegating a
> port below 1024 to a deamon.
Well, at least on Linux, and with the right set of
On Thu, May 24, 2001 at 04:10:13PM +0900, Curt Howland wrote:
> the last two i understand, as well as domain, but sunrpc and 1171?
man fuser. Look for the "-n" option.
> i've cleaned up everything i can think of, but X11R6 says it still needs the
> RPC packages.
Why does/would X11 require RPC
On Sun, May 27, 2001 at 02:13:13PM +0200, Tomasz Olszewski wrote:
> manual) this is not exactly what I was looking for but I think I'll try
Yep... actually this _is_ the correct way to deal with this.
I created this file with the following contents:
#!/bin/sh
exec /usr/bin/X11/X -nolisten tcp "
On Mon, May 28, 2001 at 01:46:07PM +0200, Tomasz Olszewski wrote:
> If an user
> creates his own $HOME/.xserverrc, it overrides the system wide
> xserverrc.
So make /usr/bin/X11/X a wrapper for the "real" X.
Problem with this is, if you upgrade or re-install the package
containing it, it will ge
On Mon, May 28, 2001 at 11:09:29PM -0400, S. Kraig wrote:
> the 'international kernel' and after enabling that form of encryption...
> so where do I start in doing this?
http://www.kerneli.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EM
On Tue, May 29, 2001 at 11:54:29PM -0800, Ethan Benson wrote:
> trouble is when your dealing with corrupt/fascist/evil
> government/regimes encryption isn't going to do you much good, either
> they will throw you in prison for refusing to disclose the decryption
> key or worse they will use method
On Sat, May 26, 2001 at 11:34:00PM +0200, Tomasz Olszewski wrote:
> just modified /usr/X11R6/bin/startx but wat id someone launches plain
> xinit?
On Tue, May 29, 2001 at 01:50:10PM +0200, Tomasz Olszewski wrote:
> I was thinking about it but I thought there may be a more "civilized"
> way ;) How
On Fri, Jun 01, 2001 at 10:25:24PM +0200, Tomasz Olszewski wrote:
> OK, I mentioned both startx and xinit but when I was talking about
> ignoring the global xinitrc I reffered to xinit (because startx was
> already not a problem).
Oh ok.
P.S. if you do modify the startx script it will be over-wr
On Sun, Jun 03, 2001 at 07:44:00AM +, Adam Olsen wrote:
> So here I was playing around with some stuff in Quakeforge, and I see
> a FISH swim across my root windows. Not surprisingly, my first
> thought was HUH?! Second was probably WTF...
http://marc.theaimsgroup.com/?t=9905757464&w=2
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote:
>$ locate private | grep "/home/pzn/private"
> the whole contents of my private dir suddenly appears here...
Did you run "updatedb" as root anytime recently?
Notice that by default, this command is run (from cron) as u
On Wed, Jun 13, 2001 at 10:48:22AM +0200, Craig wrote:
> Now what i need to know, is woody stable enough for a proxy/firewall machine
I do not know the answer to this as I haven't really used woody yet.
But, the stuff you need to make it work smoothly on a potato box can be
found starting from he
On Sun, Jun 17, 2001 at 02:44:48AM -0800, Ethan Benson wrote:
>
> compiling without module support would be mostly the same as just
>
> lcap CAP_SYS_MODULE
Fwiw, I have heard (though not tested myself) that even if you compile
your kernel _without_ loadable module support, you will still be a
On Sat, Jul 07, 2001 at 01:56:56AM -0800, Ethan Benson wrote:
> which may not work if you always type the
> full path to /bin/su anyway.
Hoping he doesn't:
alias /bin/su='/var/tmp/hax0rSu'
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAI
On Sat, Jul 07, 2001 at 03:16:39AM -0800, Ethan Benson wrote:
> > alias /bin/su='/var/tmp/hax0rSu'
>
> i would consider this a bug in the shell.
I disagree; from the Bash man page:
The alias name and the replacement text may con-
tain any valid shell input, including the meta
On Fri, Jul 20, 2001 at 12:37:49PM -0700, Jeff Coppock wrote:
>Do I need to dist-upgrade to woody to use iptables?
Nope.
http://netfilter.samba.org
Compiles very easily from source. HTH.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EM
On Fri, Jul 20, 2001 at 09:31:07PM -0700, Jeff Coppock wrote:
># modprobe ip_tables
>modprobe: Can't locate module ip_tables
>
>But, it's definitely there. I can't figure out how to fix
>this. Any help is very much appreciated.
Your version of modutils's 'modprobe' doesn't l
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
> Thought i'd ask what the general opinion is on the most secure pop3 daemon.
Here is one decent one:
http://www.openwall.com/popa3d/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [E
On Mon, Jul 30, 2001 at 12:47:46PM -0600, Moe Harley wrote:
> I'm more worried about people seeing
> my pop3 service as a potential door into my network.
See my first reply to you
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTE
On Mon, Jul 30, 2001 at 01:54:03PM -0700, Stephen Hassard wrote:
> I was just playing around securing one of my Exchange boxes, and found that
> coupling Stunnel (http://www.stunnel.org/) with your favourite mail server
> works really well (not that Exchange is my pick for a secure mail server)
I
On Fri, Aug 03, 2001 at 01:56:26PM -0400, Andrew Lattis wrote:
> 1. Check the openssh man page for AllowGroups and AllowUsers, both allow you to
> specify users that are allowed to login, everyone else is denied.
You can also disable access with PAM, using the "sshd" pam control file.
Just use pa
On Wed, Aug 08, 2001 at 12:08:22AM -0700, Petro wrote:
> Are you talking about named.conf, or the master db files?
First thing that came to my mind was /etc/resolv.conf, in the case that
he just wanted to configure the name servers for his box.
But, who knows. :-\
--
To UNSUBSCRIBE, e
On Sat, Jul 07, 2001 at 01:56:56AM -0800, Ethan Benson wrote:
> which may not work if you always type the
> full path to /bin/su anyway.
Hoping he doesn't:
alias /bin/su='/var/tmp/hax0rSu'
On Sat, Jul 07, 2001 at 03:16:39AM -0800, Ethan Benson wrote:
> > alias /bin/su='/var/tmp/hax0rSu'
>
> i would consider this a bug in the shell.
I disagree; from the Bash man page:
The alias name and the replacement text may con-
tain any valid shell input, including the metac
On Fri, Jul 20, 2001 at 12:37:49PM -0700, Jeff Coppock wrote:
>Do I need to dist-upgrade to woody to use iptables?
Nope.
http://netfilter.samba.org
Compiles very easily from source. HTH.
On Fri, Jul 20, 2001 at 09:31:07PM -0700, Jeff Coppock wrote:
># modprobe ip_tables
>modprobe: Can't locate module ip_tables
>
>But, it's definitely there. I can't figure out how to fix
>this. Any help is very much appreciated.
Your version of modutils's 'modprobe' doesn't lo
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
> Thought i'd ask what the general opinion is on the most secure pop3 daemon.
Here is one decent one:
http://www.openwall.com/popa3d/
On Mon, Jul 30, 2001 at 12:47:46PM -0600, Moe Harley wrote:
> I'm more worried about people seeing
> my pop3 service as a potential door into my network.
See my first reply to you
On Mon, Jul 30, 2001 at 01:54:03PM -0700, Stephen Hassard wrote:
> I was just playing around securing one of my Exchange boxes, and found that
> coupling Stunnel (http://www.stunnel.org/) with your favourite mail server
> works really well (not that Exchange is my pick for a secure mail server)
In
1 - 100 of 103 matches
Mail list logo
