l in PHP and pass an "-f" switch to the
sendmail invocation. That way, you can specify any sender address you like.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
code from the GNOME guidelines mentioned there, and
just create your fifo instead of doing the open().
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
stall from scratch.
Maybe also consider using a different ftpd...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
dress in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this,
confirmation senders would notice that the system doesn't work.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http:
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
|
hat case, squid is indeed
the wrong solution.
Maybe have a look at sslwrap+redir, or stunnel, which can run on any
machine in your DMZ and forward incoming connections to the internal
machine, adding SSL encryption to make it more secure.
Cheers,
Richard
--
__ _
|_) /| Richard Atter
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer
files.
umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!
Cheers,
Ri
d
that one host in your LAN is configured to the address 1.2.3.4.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
big network, if I will
> >choice freeswan (or other) without OE ?
100 VPN connections isn't /that/ much, I think FreeS/WAN or the 2.6.0 IPSec
should be able to handle it. (Maybe ask the developers to ensure it does.)
> >PS: Sorry, for my poor english, I'm not a native speaker.
> me neither :)
Ditto. :-)
ü,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
//www.strongsec.com/freeswan/>, sections
3.1 and 3.2.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
rmance are a problem for you. Each of the 100 LANs would just route
all 10.0.0.0/16 addresses to the central node, and only the central node
would be trusted, so you don't have to mess with CAs etc...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
x27;s even support for it
in Apache 2... but do today's browsers support it?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
hat case, squid is indeed
the wrong solution.
Maybe have a look at sslwrap+redir, or stunnel, which can run on any
machine in your DMZ and forward incoming connections to the internal
machine, adding SSL encryption to make it more secure.
Cheers,
Richard
--
__ _
|_) /| Richard Atter
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer
files.
umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!
Cheers,
Ri
d
that one host in your LAN is configured to the address 1.2.3.4.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a su
big network, if I will
> >choice freeswan (or other) without OE ?
100 VPN connections isn't /that/ much, I think FreeS/WAN or the 2.6.0 IPSec
should be able to handle it. (Maybe ask the developers to ensure it does.)
> >PS: Sorry, for my poor english, I'm not a native speaker.
> me neither :)
Ditto. :-)
ü,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
//www.strongsec.com/freeswan/>, sections
3.1 and 3.2.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
rmance are a problem for you. Each of the 100 LANs would just route
all 10.0.0.0/16 addresses to the central node, and only the central node
would be trusted, so you don't have to mess with CAs etc...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
x27;s even support for it
in Apache 2... but do today's browsers support it?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
l in PHP and pass an "-f" switch to the
sendmail invocation. That way, you can specify any sender address you like.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROT
om the GNOME guidelines mentioned there, and
just create your fifo instead of doing the open().
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of &
stall from scratch.
Maybe also consider using a different ftpd...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dress in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this,
confirmation senders would notice that the system doesn't work.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http:
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
|
er via ARP poisoning,
persuading them to try logging on on my machine, or just bribing them. :)
But with my nitpicking-security-paranoia hat on, the solution is not ideal.
> This is important because $s and $c get stored in the cookie.
Why $s? Surely you'll only store $c in the cookie
On Thu, Aug 12, 2004 at 01:56:53PM +0200, Marcel Weber wrote:
> Richard Atterer wrote:
> >This strikes me as a weird solution. What's wrong with setting the
> >cookie lifetime higher, so that people only need to log in e.g. once a
> >day? Hmm, presumably the web applicat
file and no data can be written
to the file. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
Is something similar also available for other filing systems?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer |
33 matches
Mail list logo
