I forgot to say thanks ...
Joh
On Thursday 17 January 2008 13:13:27 Peter Jordan wrote:
> Johannes Graumann, 01/17/08 13:07:
> > See subject,
> >
> > Joh
>
> gmane.linux.debian.devel.security ???
signature.asc
Description: This is a digitally signed message part.
See subject,
Joh
signature.asc
Description: This is a digitally signed message part.
How am I supposed to guess that 'devel' refers to the general?
Joh
On Thursday 17 January 2008 13:13:27 Peter Jordan wrote:
> Johannes Graumann, 01/17/08 13:07:
> > See subject,
> >
> > Joh
>
> gmane.linux.debian.devel.security ???
--
Johannes
Hi,
The machine I'm running tiger on gets its ntp server via dynamic dhcp and
therefore that changes regularly ...
I was wondering whether it is admissible to use wildcards in
/etc/tiger/templates/check_listeningprocs.out.template
or what else I could do to prevent the recurring false ala
The database should be on read-only media - I assume that was meant ... try
samhain in combination with gnupg for a remedy ...
Joh
On Friday 09 May 2008 14:54:40 phobot wrote:
> On May 7, 1:10 pm, martin f krafft <[EMAIL PROTECTED]> wrote:
> > > use integrit/aide/tripwire
> >
> > only useful wit
Elmar,
Do you have documentation of your labours available?
Sincerely, Joh
On Monday 30 November 2015 18:20:00 Elmar Stellnberger wrote:
> Dear Henriette,
>
> Yes, I am using qemu-kvm based virtualization. According to my
> experience that was sufficient to protect the host from the guest. The
Hello,
I'm looking at this triade:
Tripwire
Aide
Fcheck
and was wondering as to what this group is prefering and why or whether there
are other more trusted alternatives.
My main argument ageinst tripwire is it's pseudo-commercial source.
Thankful for any comment,
Joh
p
What's your reasoning?
Joh
On Thu, 05 Dec 2002 13:01:46 +1000
Alexander Zangerl <[EMAIL PROTECTED]> wrote:
> On Wed, 04 Dec 2002 18:44:12 PST, Johannes Graumann writes:
> >and was wondering as to what this group is prefering and why or whether
> >there are other
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across thi
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
I'm one of those people. How do I figure out what kernel image to (AMD
k6/K6 II/K6 III, AMD K7, AMD k7 SMP) for a AMD 1800+ XP Thoroughbred
processor? How do I find out whether it supports ReiserFS, ...?
Thanks for any hint to the novice.
Joh
On Wed, 3 Dec 2003 02:00:19 -0800
Rick Moen <[EMAIL PR
Thanks,
Joh
On Wed, 03 Dec 2003 14:35:51 -0800
Kourosh <[EMAIL PROTECTED]> wrote:
> On Wed, 2003-12-03 at 09:54, Johannes Graumann wrote:
> > I'm one of those people. How do I figure out what kernel image to
> > (AMD k6/K6 II/K6 III, AMD K7, AMD k7 SMP) for a AMD
... but on a second thought: how do I find this information out ion my
own and what does "SMP" stand for?
Joh
On Wed, 03 Dec 2003 14:35:51 -0800
Kourosh <[EMAIL PROTECTED]> wrote:
> On Wed, 2003-12-03 at 09:54, Johannes Graumann wrote:
> > I'm one of those pe
Hello,
Where are the options below from?
I run aide 0.10, which is according to the sourceforge site the current
one and it doesn't like it. Also as someone else mentioned:
http://www.cs.tut.fi/~rammer/aide.html says "Future plans: ...
Encrypted and signed database".
Joh
On Fri, 12 Dec 2003 12:
Hello,
I set out to create an encrypted partition using my new 2.6.1 custom
kernel (compiled from kernel.org sources, loopdevice and cryptoloop
statically compiled in, ciphers present as modules). Following what was
said in several HOWTOs, I said 'modprobe aes' and tried various
permutations of 'l
Hello,
Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# r
han wrote:
> > >>>>> "Johannes" == Johannes Graumann <[EMAIL PROTECTED]> writes:
> >
> > [...]
> >
> > Johannes> And on another note: in
> > Johannes>
> > http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-A
On Wed, 21 Jan 2004 05:12:18 -0400
Peter Cordes <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
> > I feel this is kind of over my head ... to boil it down: does it
> > even make sense to run reiserfs inside a loopback partiti
Hello,
As of this morning two of my machines - which are regularly contacted
trough ssh from each other - showed this message upon 'chkrootkit':
> Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
> Checking 'lkm'... You have 4 processes hidden for ps command
The latter happened to me before a
On Tue, 3 Feb 2004 09:55:04 +1300 (NZDT)
"TiM" <[EMAIL PROTECTED]> wrote:
>
> > Hello,
> >
> > As of this morning two of my machines - which are regularly
> > contacted trough ssh from each other - showed this message upon
> > 'chkrootkit':
> >> Checking 'bindshell'... INFECTED [PORTS: 1524 3133
Hello again,
Here is what I make of my evidence at the end of a quite anxious day. I
would highly appreciate any comments on my conclusions!
> > Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running - '/etc/init.d/portsent
Would you mind charing some of the scripting involved?
Joh
On Wed, 10 Dec 2003 23:26:21 -0500
Peter Solodov <[EMAIL PROTECTED]> wrote:
> On 10 Dec 2003, Douglas F. Calvert wrote:
> > With all the recent discussions about debsigs and file integrity I
> > have been trying to figure out the best wa
Hello,
I'm looking at this triade:
Tripwire
Aide
Fcheck
and was wondering as to what this group is prefering and why or whether there are
other more trusted alternatives.
My main argument ageinst tripwire is it's pseudo-commercial source.
Thankful for any comment,
Joh
What's your reasoning?
Joh
On Thu, 05 Dec 2002 13:01:46 +1000
Alexander Zangerl <[EMAIL PROTECTED]> wrote:
> On Wed, 04 Dec 2002 18:44:12 PST, Johannes Graumann writes:
> >and was wondering as to what this group is prefering and why or whether
> >there are other
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across thi
I'm one of those people. How do I figure out what kernel image to (AMD
k6/K6 II/K6 III, AMD K7, AMD k7 SMP) for a AMD 1800+ XP Thoroughbred
processor? How do I find out whether it supports ReiserFS, ...?
Thanks for any hint to the novice.
Joh
On Wed, 3 Dec 2003 02:00:19 -0800
Rick Moen <[EMAIL PR
Thanks,
Joh
On Wed, 03 Dec 2003 14:35:51 -0800
Kourosh <[EMAIL PROTECTED]> wrote:
> On Wed, 2003-12-03 at 09:54, Johannes Graumann wrote:
> > I'm one of those people. How do I figure out what kernel image to
> > (AMD k6/K6 II/K6 III, AMD K7, AMD k7 SMP) for a AMD
... but on a second thought: how do I find this information out ion my
own and what does "SMP" stand for?
Joh
On Wed, 03 Dec 2003 14:35:51 -0800
Kourosh <[EMAIL PROTECTED]> wrote:
> On Wed, 2003-12-03 at 09:54, Johannes Graumann wrote:
> > I'm one of those pe
Hello,
Where are the options below from?
I run aide 0.10, which is according to the sourceforge site the current
one and it doesn't like it. Also as someone else mentioned:
http://www.cs.tut.fi/~rammer/aide.html says "Future plans: ...
Encrypted and signed database".
Joh
On Fri, 12 Dec 2003 12:
Hello,
I set out to create an encrypted partition using my new 2.6.1 custom
kernel (compiled from kernel.org sources, loopdevice and cryptoloop
statically compiled in, ciphers present as modules). Following what was
said in several HOWTOs, I said 'modprobe aes' and tried various
permutations of 'l
Hello,
Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# r
han wrote:
> > >>>>> "Johannes" == Johannes Graumann <[EMAIL PROTECTED]> writes:
> >
> > [...]
> >
> > Johannes> And on another note: in
> > Johannes>
> > http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-A
On Wed, 21 Jan 2004 05:12:18 -0400
Peter Cordes <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
> > I feel this is kind of over my head ... to boil it down: does it
> > even make sense to run reiserfs inside a loopback partiti
Hello,
As of this morning two of my machines - which are regularly contacted
trough ssh from each other - showed this message upon 'chkrootkit':
> Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
> Checking 'lkm'... You have 4 processes hidden for ps command
The latter happened to me before a
On Tue, 3 Feb 2004 09:55:04 +1300 (NZDT)
"TiM" <[EMAIL PROTECTED]> wrote:
>
> > Hello,
> >
> > As of this morning two of my machines - which are regularly
> > contacted trough ssh from each other - showed this message upon
> > 'chkrootkit':
> >> Checking 'bindshell'... INFECTED [PORTS: 1524 3133
Hello again,
Here is what I make of my evidence at the end of a quite anxious day. I
would highly appreciate any comments on my conclusions!
> > Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running - '/etc/init.d/portsent
Would you mind charing some of the scripting involved?
Joh
On Wed, 10 Dec 2003 23:26:21 -0500
Peter Solodov <[EMAIL PROTECTED]> wrote:
> On 10 Dec 2003, Douglas F. Calvert wrote:
> > With all the recent discussions about debsigs and file integrity I
> > have been trying to figure out the best wa
Hello,
Tiger run for the first time last night on my newly installed DEBox.
Amongother messages I got the following statements:
# Checking accounts from /etc/passwd.
--WARN-- [acc001w] Login ID nobody is disabled, but still has a valid
shell (/bin/sh).
--WARN-- [acc006w] Login ID mail's home dire
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
It's me again ;0) and I ask again for advice on how to deal with certain
errors reported by my daily Tiger-run.
The first pair of erors I'm facing is:
* The port for services afs3-fileserver is assigned to service
ircd-dalnet.
* The port fo
40 matches
Mail list logo
