d you explain more precisely what you mean by utmp and /or explicit
> redirecting?
> Looking at the line that starts with gpg, I try to redirect the input
> from /dev/console.
> But I still ge the same error. I do also get a "cannot open '/dev/tty' :
> no such device or address"
> if I insert a debug statement like 'echo "Debug" > /dev/tty' into my
> script.
try
gpg --passphrase-fd 0 < /dev/console
Lars Ellenberg
early 2003,
maybe it is still active sometimes, maybe there is a new one.
you are "safe", but this should show in some "DROP" or "REJECT" statistics.
have a look at the output of "iptables -vnL"
you want to tell the guy responsible for 217.77.34.162, and the
hostmaster at easynet.no, that they have a compromised machine, and
should take it offline.
and that you want them to pay for the traffic they are causing you.
Lars Ellenberg
On Fri, Nov 15, 2002 at 01:16:25PM -0600, Steve Waterman wrote:
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
this really gets annoying. is the list owner willing and able to filter those
dumb messages, and maybe boun
On Sun, Dec 15, 2002 at 07:15:25PM -0800, Torrin wrote:
> I'll also add connection tracking in my iptables script. Is
> there anything I can do in my ipchains script?
did you ever look at the SuSEfirewall{,2} scripts by marc heuse?
GPL, will work with any distro, maybe small changes where to fi
On Fri, Dec 20, 2002 at 06:30:49PM +0200, Juha Jäykkä wrote:
> I am wondering... what would be the correct md5sum of the above file? In
> three machines I get twice the value 4b68a1146dfd0e326c4396e339abc750 and
> once the value cd59e38dfd54eca39a99094fd85a1af0. This seems quite
> suspicious to m
On Sat, Dec 21, 2002 at 02:51:29PM -0500, Oleg wrote:
> That is cmkdir gives an error, but creates a directory, while cattach fails
> altogether. Does anyone know why? And isn't CFS supposed to be file system
> agnostic?
do a strace, maybe that helps to find the cause.
guessing: it tries to chmo
suppose you have a file list like generated by find $BASEDIR -print
pipe through
# include all files with necessary paths
sed -ne "s,^${BASEDIR//\\*/\\*}/,+ /,;"'
:l1;/+ ../{p;s,/$,,;s,[^/]*$,,;b l1;};' |
sort -u > tmp.rsync # sort and remove duplicates
# exclude evrything not explicitly i
On Wed, Feb 19, 2003 at 04:51:04PM -0600, George Smith wrote:
> The basic goal is to provide a SSH connection
> to a machine running mvBase. MvBase is a operating system
> running on top of windows NT4.0 or windows 2000. It is where
> our applications reside in a blob - they are
> not windows appli
On Wed, Feb 19, 2003 at 06:49:26PM -0800, Ted Parvu wrote:
> What I really meant to say was that there are a plenty of good computer
> security consultants in need of work. You obviously have a need for
> corporate strength computer security. If you want this done right, and
> why would you ever
On Thu, Feb 20, 2003 at 05:35:01AM +, Dale Amon wrote:
> > win2000, probably the "server" variant...
> > ... but thats a different problem ...
>
> I doubt it. FreeSWAN uses Linux kernel patches and
> kernel crypto.
I not meant to say problem with freeswan, but problem with windows IPSec
solut
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote:
> On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
> > Jon wrote:
> >
> > [...]
> >
> > >>
> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]>
> > >>
> > >>=> Simple mode, executing /usr/bin/id > /dev/tty
> > >>sizeof(shellcode)=
On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> Is there a way to remove revoked/expired and otherwise invalid or
> useless keys from a GPG keyring, in batch?
well, I do not know how to automatically list only "invalid" keys.
but you could do:
# backup you keyring, in case som
I got this autoreply on each of my recent posts to the list.
maybe someone in charge of it can remove this address from the list.
Lars
- Forwarded message from [EMAIL PROTECTED] -
Date: Thu, 27 Mar 2003 09:16:48 +0100
From: [EMAIL PROTECTED]
To: Lars Ellenberg <[EM
On Thu, Mar 27, 2003 at 01:36:31PM +0100, Sander Smeenk wrote:
> Quoting Lars Ellenberg ([EMAIL PROTECTED]):
>
> > I got this autoreply on each of my recent posts to the list.
> > maybe someone in charge of it can remove this address from the list.
>
> > Di
On Sat, Mar 29, 2003 at 03:26:33PM +0100, Kjetil Kjernsmo wrote:
> On Thursday 27 March 2003 08:53, Lars Ellenberg wrote:
> > On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> > > Is there a way to remove revoked/expired and otherwise invalid or
> > &
On Thu, Apr 24, 2003 at 08:52:10PM +0200, Jose Luis Domingo Lopez wrote:
8< syslog-ng --> named pipe --> perl script --> ssh tunnel --> SQL DB
> destination d_logpipe { pipe("/tmp/pipe" owner("someone") template("\(
> '$HOST', '$ISODATE', '$FACILITY', +'$PRIORITY', '$MESSAGE' \)\n") ); };
you
On Wed, May 07, 2003 at 02:51:39PM +0100, Ian Goodall wrote:
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
> dev1:/home/ian# last
> ian pts/0172.16.3.195
On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias wrote:
> We'd like to protect that content, so that even if someone unplugs the
> machine
> and connects the HD to another Linux box, they can't access that information.
> Of course it's difficult to do, but we think there mi
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like to read your comme
cal user, and maybe some more), can easily DoS
arbitrary ips unless these are on a whitelist... no good!
hth,
Lars Ellenberg
for postfix though, have a look at man 5 pcre_table and regexp_table.
Lars Ellenberg
er
> overflows or the like...
>
> Is such code (away from the fact that it can easily lead to segfaults) a
> security problem?
imho, yes.
thats why there is the
int snprintf(char *str, size_t size, const char *format, ...);
^ ^^
counterpart.
> How to determine normal/peak rate of packets with SYN to my
> debian box, for using this value in iptables limit match.
tcpdump plus perl?
binary search with iptables limit and LOG target?
alancer, which redirects to one of the
apaches. apache replies with src port 80, and the "random"
dst port of the http client, but the load balancer *fails* to map
back the apache IP.
so your netscreen sees "traffic" without ever seeing the tcp
handshake for this pair of IP:port<->IP:port.
Lars Ellenberg
of your key ring
read /usr/share/doc/packages/gpg/DETAILS or wherever that is on your box,
try gpg --list-keys --with-colons, which should make it easier to
find what exactly may be wrong
use gpg --delete-key
to get rid of the key, if you really mean it
if unlikely and inconvenient, it still may be legal to have
duplicate UIDs ...
Lars Ellenberg
gnature verification and decryption
> (perhaps callable by procmail).
>
> I'm not surprised there isn't one monolithic tool to do what you ask;
> you're asking a lot. Chaining one existing specific tool after
> another to build up your overall system is the wa
too.
I like it. Much brainwork went in it. I'd love to see something
similar (based on it?) in Debian.
AFAIK, the most recent version
can be found here, and on the suse mirrors of course:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/noarch/SuSEfirewall2.rpm
(I don't know of any tgz, sorry
ing activation.
But this was only a first glance at this amazing script.
Lars Ellenberg
; apache26758 www-data memDEL0,5 393216
> /SYSV
>
> is it opening tmp files and immediately deleting
> them like mailers do so they vanish if the program dies?
hint: SysV shared memory
man 3 mm
Lars Ellenberg
On Fri, Nov 15, 2002 at 01:16:25PM -0600, Steve Waterman wrote:
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
this really gets annoying. is the list owner willing and able to filter those
dumb messages, and maybe boun
On Sun, Dec 15, 2002 at 07:15:25PM -0800, Torrin wrote:
> I'll also add connection tracking in my iptables script. Is
> there anything I can do in my ipchains script?
did you ever look at the SuSEfirewall{,2} scripts by marc heuse?
GPL, will work with any distro, maybe small changes where to fi
On Fri, Dec 20, 2002 at 06:30:49PM +0200, Juha Jäykkä wrote:
> I am wondering... what would be the correct md5sum of the above file? In
> three machines I get twice the value 4b68a1146dfd0e326c4396e339abc750 and
> once the value cd59e38dfd54eca39a99094fd85a1af0. This seems quite
> suspicious to m
On Sat, Dec 21, 2002 at 02:51:29PM -0500, Oleg wrote:
> That is cmkdir gives an error, but creates a directory, while cattach fails
> altogether. Does anyone know why? And isn't CFS supposed to be file system
> agnostic?
do a strace, maybe that helps to find the cause.
guessing: it tries to chmo
suppose you have a file list like generated by find $BASEDIR -print
pipe through
# include all files with necessary paths
sed -ne "s,^${BASEDIR//\\*/\\*}/,+ /,;"'
:l1;/+ ../{p;s,/$,,;s,[^/]*$,,;b l1;};' |
sort -u > tmp.rsync # sort and remove duplicates
# exclude evrything not explicitly i
On Wed, Feb 19, 2003 at 04:51:04PM -0600, George Smith wrote:
> The basic goal is to provide a SSH connection
> to a machine running mvBase. MvBase is a operating system
> running on top of windows NT4.0 or windows 2000. It is where
> our applications reside in a blob - they are
> not windows appli
On Wed, Feb 19, 2003 at 06:49:26PM -0800, Ted Parvu wrote:
> What I really meant to say was that there are a plenty of good computer
> security consultants in need of work. You obviously have a need for
> corporate strength computer security. If you want this done right, and
> why would you ever
On Thu, Feb 20, 2003 at 05:35:01AM +, Dale Amon wrote:
> > win2000, probably the "server" variant...
> > ... but thats a different problem ...
>
> I doubt it. FreeSWAN uses Linux kernel patches and
> kernel crypto.
I not meant to say problem with freeswan, but problem with windows IPSec
solut
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote:
> On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
> > Jon wrote:
> >
> > [...]
> >
> > >>
> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]>
> > >>
> > >>=> Simple mode, executing /usr/bin/id > /dev/tty
> > >>sizeof(shellcode)=
On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> Is there a way to remove revoked/expired and otherwise invalid or
> useless keys from a GPG keyring, in batch?
well, I do not know how to automatically list only "invalid" keys.
but you could do:
# backup you keyring, in case som
I got this autoreply on each of my recent posts to the list.
maybe someone in charge of it can remove this address from the list.
Lars
- Forwarded message from [EMAIL PROTECTED] -
Date: Thu, 27 Mar 2003 09:16:48 +0100
From: [EMAIL PROTECTED]
To: Lars Ellenberg <[EM
On Thu, Mar 27, 2003 at 01:36:31PM +0100, Sander Smeenk wrote:
> Quoting Lars Ellenberg ([EMAIL PROTECTED]):
>
> > I got this autoreply on each of my recent posts to the list.
> > maybe someone in charge of it can remove this address from the list.
>
> > Di
On Sat, Mar 29, 2003 at 03:26:33PM +0100, Kjetil Kjernsmo wrote:
> On Thursday 27 March 2003 08:53, Lars Ellenberg wrote:
> > On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> > > Is there a way to remove revoked/expired and otherwise invalid or
> > &
On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias wrote:
> We'd like to protect that content, so that even if someone unplugs the machine
> and connects the HD to another Linux box, they can't access that information.
> Of course it's difficult to do, but we think there might
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like to read your comme
cal user, and maybe some more), can easily DoS
arbitrary ips unless these are on a whitelist... no good!
hth,
Lars Ellenberg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
for postfix though, have a look at man 5 pcre_table and regexp_table.
Lars Ellenberg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
er
> overflows or the like...
>
> Is such code (away from the fact that it can easily lead to segfaults) a
> security problem?
imho, yes.
thats why there is the
int snprintf(char *str, size_t size, const char *format, ...);
^ ^^
counterpart.
> How to determine normal/peak rate of packets with SYN to my
> debian box, for using this value in iptables limit match.
tcpdump plus perl?
binary search with iptables limit and LOG target?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL
alancer, which redirects to one of the
apaches. apache replies with src port 80, and the "random"
dst port of the http client, but the load balancer *fails* to map
back the apache IP.
so your netscreen sees "traffic" without ever seeing the tcp
handshake for this pair of IP:port&
of your key ring
read /usr/share/doc/packages/gpg/DETAILS or wherever that is on your box,
try gpg --list-keys --with-colons, which should make it easier to
find what exactly may be wrong
use gpg --delete-key
to get rid of the key, if you really mean it
if unlikely and inconvenient, it still may be
gnature verification and decryption
> (perhaps callable by procmail).
>
> I'm not surprised there isn't one monolithic tool to do what you ask;
> you're asking a lot. Chaining one existing specific tool after
> another to build up your overall system is the wa
too.
I like it. Much brainwork went in it. I'd love to see something
similar (based on it?) in Debian.
AFAIK, the most recent version
can be found here, and on the suse mirrors of course:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/noarch/SuSEfirewall2.rpm
(I don't know of any tgz, sorry
ing activation.
But this was only a first glance at this amazing script.
Lars Ellenberg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
26758 www-data memDEL0,5 393216 /SYSV
>
> is it opening tmp files and immediately deleting
> them like mailers do so they vanish if the program dies?
hint: SysV shared memory
man 3 mm
Lars Ellenberg
--
To UNSUBSCRIBE, email to [EMAIL
early 2003,
maybe it is still active sometimes, maybe there is a new one.
you are "safe", but this should show in some "DROP" or "REJECT" statistics.
have a look at the output of "iptables -vnL"
you want to tell the guy responsible for 217.77.34.162, and the
hostma
d you explain more precisely what you mean by utmp and /or explicit
> redirecting?
> Looking at the line that starts with gpg, I try to redirect the input
> from /dev/console.
> But I still ge the same error. I do also get a "cannot open '/dev/tty' :
> no such d
58 matches
Mail list logo
