Resources/tools for server hardening?

Hi All :) What resources or tools do you use for server hardening/checking servers' security? I currently am checking Nessus, it looks good :) I found some info also about Bastille but it seems to be dead. Which other tools do you recommend? I am thinking about applying some common sense security

Re: Resources/tools for server hardening?

On 19/10/14 18:27, Rafał Radecki wrote: > Hi All :) > > What resources or tools do you use for server hardening/checking > servers' security? > I currently am checking Nessus, it looks good :) I found some info also > about Bastille but it seems to be dead. The old domain was taken over, but the

Re: [exim4] rewrite left hand of email on outgoing mail

On Sat, Oct 18, 2014 at 08:58:11PM -0400, Harry Putnam wrote: > Now if I can just set things so that this host can accept mail from > the rest of the lan and relay it to my smarthost. > > But before I create some openended monster spam hole... > Is that just a matter of inserting the networks who'

Re: [exim4] rewrite left hand of email on outgoing mail

On Sat, 18 Oct 2014 20:58:11 -0400 Harry Putnam wrote: > Jonathan Dowland writes: > > > My sympathies, I don't think it's an obvious location (ie outside of > > /etc/exim4) and I recall feeling similar when I eventually stumbled > > over it. > > > >> On 18 Oct 2014, at 00:52, Harry Putnam wrot

insane hibernation policy (war: Re: All roads to suspend/hibernate lead through systemd?)

Hi Joe, Am Samstag, 18. Oktober 2014, 21:17:48 schrieb Joe: > On Sat, 18 Oct 2014 12:44:23 -0500 > > Nate Bargmann wrote: > > No, this is not a troll (seems like that is necessary to state up > > front). I have been experimenting with dropping systemd from my > > laptop running Sid but find tha

Re: All roads to suspend/hibernate lead through systemd?

On Sat, 18 Oct 2014 19:53:38 -0700 (PDT) Rusi Mody wrote: > On Saturday, October 18, 2014 11:40:01 PM UTC+5:30, Nate Bargmann > wrote: > > No, this is not a troll (seems like that is necessary to state up > > front). I have been experimenting with dropping systemd from my > > laptop running Sid

Re: Good news on claws-mail

On 18/10/14 19:36, Marko Ranđelović wrote: Great, but that's Gentoo way, we should have made a Gentuish Debian, i.e. port certain portage features into APT, such as easily control build flgas. But then it's needed to keep record of not which packages a package depends on, but which parts of which

Re: Resources/tools for server hardening?

Le 19/10/2014 09:27, Rafał Radecki a écrit : Hi All :) What resources or tools do you use for server hardening/checking servers' security? I currently am checking Nessus, it looks good :) I found some info also about Bastille but it seems to be dead. Which other tools do you recommend? I a

Re: Monitor does not turn on after suspend

On 19/10/14 02:54, Marko Ranđelović wrote: > I use Wheezy on desktop computer. I use vesa driver for X because radeon is > not working. After pm-suspend command, computer is like turned off, when press > power button it wakes up, but not monitor and not keyboard. > > I tried --quirk-dpms-on, but d

Re: Good news on claws-mail

On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote: > On 18/10/14 13:49, Scott Ferguson wrote: > >Do you have an answer to your question? > > > >Wild guess - notifications? > > I don't know claws, but I know from Wheezy that many packages depend > on dbus although dbus isn't necessary for d

Re: Good news on claws-mail

Peter Nieman writes: > As mentioned already in another posting, I think the best, if not the > only solution for Debian would be to split the whole thing in two, one > for desktop environment users and one for users who do not want a > desktop environment. Packages that only work in a desktop

debian-installer: detection of Mobile Broadband even before installation?

Wishlist: debian-installer: detection of Mobile Broadband even before installation? More and more people have a fast (HSDPA) or super-fast (LTE) Mobile Broadband access to the internet. And a flatrate for this access. Question: Should the debian installer also offer netinst installation thr

download files from iceweasel using kdialog

When I download a file via chromium, it uses kdialog to figure out where the file is supposed to be stored on the disk. I find this GUI to be very intuitive compared to what iceweasel uses for choosing the file location. Is there any way to tell iceweasel to use kdialog to choose the file location

unattended-upgrades

Hi, I'm having no luck getting unattended-upgrads working on a Wheezy server. The image for Wheezy is from my vServer provider and has not been a problem until now. I'm not a programmer so bear with me. No entry appears in /var/log/unattended-upgrades/unattended-upgrades.log other than the dry

Re: download files from iceweasel using kdialog

On 19/10/14 23:32, kamaraju kusumanchi wrote: > When I download a file via chromium, it uses kdialog to figure out where > the file is supposed to be stored on the disk. I find this GUI to be > very intuitive compared to what iceweasel uses for choosing the file > location. > > Is there any way to

Re: download files from iceweasel using kdialog

On 10/19/2014 at 08:32 AM, kamaraju kusumanchi wrote: > When I download a file via chromium, it uses kdialog to figure out > where the file is supposed to be stored on the disk. I find this GUI > to be very intuitive compared to what iceweasel uses for choosing the > file location. > > Is there a

Re: [exim4] Testing and making sense of smtp output

Brian writes: > On Fri 17 Oct 2014 at 03:15:49 +0200, lee wrote: > >> Brian writes: >> >> > On Mon 13 Oct 2014 at 04:12:04 +0200, lee wrote: >> > >> >> Jonathan Dowland writes: >> >> >> >> > On Sun, Oct 12, 2014 at 02:45:44PM -0400, Harry Putnam wrote: >> >> >> > And if so, is that not acquir

Re: Good news on claws-mail

Mark Carroll writes: > Peter Nieman writes: > >> As mentioned already in another posting, I think the best, if not the >> only solution for Debian would be to split the whole thing in two, one >> for desktop environment users and one for users who do not want a >> desktop environment. Package

Re: Problem with quotatool

Peter Buzanits writes: > Hello, > > I have a problem on 2 Wheezy installations in Vmware, if I want to set > quota for a user: > > bastelecke:~# quotatool -u tutor -bq 2000M -l 2500M / > quotatool: Error while detecting kernel quota version: No such file or > directory Which version of VMWare an

Re: [exim4] Testing and making sense of smtp output

Joe writes: > On Sat, 18 Oct 2014 00:13:54 +0100 > Brian wrote: > >> On Fri 17 Oct 2014 at 03:20:44 +0200, lee wrote: >> >> > Brian writes: >> > >> > > Not that I'm suggesting setting up exim to offer an invalid HELO; >> > > it will lead to trouble sooner or later. However, as a reason for >>

Re: Moderated posts?

Chris Bannister writes: > On Sat, Oct 18, 2014 at 03:24:32AM +0200, lee wrote: >> >> Klensin Standards Track[Page 71] >> >> >> RFC 5321 SMTP October 2008 >> >> >>if this address is null ("<>"), the rec

terminology: how do you change the foreground colour?

Hi, the subject already says it: How do you change the foreground colour in terminology? I can only set the background. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-us

Re: Good news on claws-mail

Steve Litt writes: > Those visual and audio hints are one of the few things that most > programs might need to write to. They need a predefined standard to > write to, and I guess dbus is the standard being used. If I were in > charge of standards, I might have used something simpler (like a fifo

Re: [exim4] Testing and making sense of smtp output

Brian writes: >> > An address literal is not the same as an IP address. An MTA should not >> > be rejecting mail on the basis that the HELO is an address literal. >> >> Oh, then what is it? > > Using an example from RFC5321, an address literal is [123.255.37.2]. An > IP address would presumably

Re: download files from iceweasel using kdialog

Apologies - I forgot to include this this:- Previously I have had the *alternative* file picker thingy (I assume that's what you meant by "kdialog") working instead of the default iceweasel one - but the experience was flaky and breaks on upgrades. NOTE: it *still* uses GTK not QT. Use an Iceweas

Re: download files from iceweasel using kdialog

On 20/10/14 00:16, kamaraju kusumanchi wrote: > > > On Sun, Oct 19, 2014 at 7:51 AM, Scott Ferguson > > wrote: > > On 19/10/14 23:32, kamaraju kusumanchi wrote: > > When I download a file via chromium, it uses kdialog to figure out where >

Re: Good news on claws-mail

On 19/10/14 13:48, Brian wrote: On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote: On 18/10/14 13:49, Scott Ferguson wrote: Do you have an answer to your question? Wild guess - notifications? I don't know claws, but I know from Wheezy that many packages depend on dbus although dbus i

Re: Good news on claws-mail

On 20/10/14 00:35, Peter Nieman wrote: > On 19/10/14 13:48, Brian wrote: >> On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote: >> >>> On 18/10/14 13:49, Scott Ferguson wrote: Do you have an answer to your question? Wild guess - notifications? >>> >>> I don't know claws, but I

Re: Good news on claws-mail

On Sun, 19 Oct 2014 12:47:03 +0200 Peter Nieman wrote: > By the way, I am a desktop user, using fvwm. But I don't want all my > applications to "look and feel" the same, I don't want everything to > interact with everything, and I want to control my computer instead > of being controlled by my

Re: "kworker" writes to disc every 5 seconds on battery

On 10/18/2014 04:47 PM, Teresa e Junior wrote: Hello! I have noticed that my current setup of Chrome writes to disc every second. While hunting for the problem, I have found an old bug report on Google Code about this, and from my tests I concluded my solution for now would be to run Chrome with

Re: Good news on claws-mail

On Sun, 19 Oct 2014 14:20:25 +0200 lee wrote: > Since you're re-inventing the wheel: > > // sxnotify.c > // > // This program is free software: you can redistribute it and/or > // modify it under the terms of the GNU General Public License as > // published by the Free Software Foundation, eith

Re: Lots of updates? OK?

> My wheezy system shows 34 packages updated since I last checked, which > I think was yesterday. Is this legitimate? I got a security warning > about the keys when I first checked, but that went away after I did > another aptitude update. I haven't installed any of the new packages > yet. The

Re: [exim4] Testing and making sense of smtp output

[I may be misunderstanding how your mail system works but your Date: header doesn't look right] On Sun 19 Oct 2014 at 00:53:44 +0200, lee wrote: > Brian writes: > > > On Fri 17 Oct 2014 at 03:15:49 +0200, lee wrote: > > > >> There is no mentioning of /etc/mailname here. Perhaps that's an > >>

libjpeg mess in testing

Hello, I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs which claim ownership of the same file. There are already bugs about this (764318, 764322,765667,765790) but I do not understand what I should do about this So, do someone have a hint ? -- To UNSUBSCRIBE, email to debi

Re: GR proposed re: choice of init systems

Ahoj, Dňa Fri, 17 Oct 2014 16:09:59 -0400 Dan Ritter napísal: > On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote: > > On Friday 17 October 2014 18:30:31 Andre N Batista wrote: > > > I cannot believe some people still > > > thinks [snip] that we should simply stick with > > > the TC's a

Re: libjpeg mess in testing

Erwan David wrote: Hello, I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs which claim ownership of the same file. There are already bugs about this (764318, 764322,765667,765790) but I do not understand what I should do about this So, do someone have a hint ? I had the s

Re: download files from iceweasel using kdialog

kamaraju kusumanchi wrote: When I download a file via chromium, it uses kdialog to figure out where the file is supposed to be stored on the disk. I find this GUI to be very intuitive compared to what iceweasel uses for choosing the file location. Is there any way to tell iceweasel to use kdi

Re: GR proposed re: choice of init systems

On Sunday, October 19, 2014 10:00:02 PM UTC+5:30, Slavko wrote: > Ahoj, > napísal: > > On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote: > > > On Friday 17 October 2014 18:30:31 Andre N Batista wrote: > > > > I cannot believe some people still > > > > thinks [snip] that we should simply

Re: Moderated posts?

On 10/17/2014 9:24 PM, lee wrote: > You do not accept messages you can not deliver unless you are relaying > them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. Postfix allows you to do this even if you are unable to get/maintain a local list of v

Re: GR proposed re: choice of init systems

On 19/10/14 17:45, Rusi Mody wrote: As for 'wounded ego': Do you have a wounded ego if a dead branch falls and smashes the windshield of your car? Or a Tsunami knocks off your seafront house? If you are taking offense, who are you offended by? Debian is not a person (as far as I know!) Debian

Stuck in update

This morning I tried to update a wheezy recently upgraded from squeeze. It didn't work and I am stuck. # aptitude update # aptitude g u These packages could be upgraded, but they have been kept in their current state to avoid breaking dependencies. q b (just beeps) There were some error mes

user authentication for a secure laptop.

In wheezy, is there a routine means of allowing "login" on the machine itself without a password, while keeping traditional password authentication for any remote login. From a superficial understanding of PAM, I'd guess that it can provide this capability. Thanks, ...

Re: GR proposed re: choice of init systems

On 10/17/2014 3:42 PM, Ric Moore wrote: > The fun part will be to see who actually steps up to the plate to do all > of the extra work. Especially amongst all of those pledged seconds. I > hope someone is keeping a list. :) Ric >From what I read, it will be one all debian devs (package maintain

Fwd: download files from iceweasel using kdialog

On Sun, Oct 19, 2014 at 8:11 AM, Scott Ferguson < scott.ferguson.debian.u...@gmail.com> wrote: > Apologies - I forgot to include this this:- > > Previously I have had the *alternative* file picker thingy (I assume > that's what you meant by "kdialog") working instead of the default > iceweasel one

Fwd: download files from iceweasel using kdialog

On Sun, Oct 19, 2014 at 8:29 AM, Scott Ferguson < scott.ferguson.debian.u...@gmail.com> wrote: > On 20/10/14 00:16, kamaraju kusumanchi wrote: > > > > I think you misunderstood my question. > > No, but I did split the post into two parts (hit send too early). See > the second post for details on h

Re: download files from iceweasel using kdialog

On Sun, Oct 19, 2014 at 12:40 PM, Jimmy Johnson wrote: > kamaraju kusumanchi wrote: > >> When I download a file via chromium, it uses kdialog to figure out where >> the file is supposed to be stored on the disk. I find this GUI to be very >> intuitive compared to what iceweasel uses for choosing

Re: download files from iceweasel using kdialog

kamaraju kusumanchi wrote: On Sun, Oct 19, 2014 at 12:40 PM, Jimmy Johnson mailto:field.engin...@gmail.com>> wrote: kamaraju kusumanchi wrote: When I download a file via chromium, it uses kdialog to figure out where the file is supposed to be stored on the disk. I find

Re: Good news on claws-mail

On 19/10/14 15:04, Scott Ferguson wrote: You hijacked the thread - and this is why that's considered bad form - it muddies the discussion. Tangents deserve their own, appriately chosen Subject line, threads - then they get the attention they deserve instead of being passed over by reader on the b

Re: GR proposed re: choice of init systems

Slavko wrote: Ahoj, Dňa Fri, 17 Oct 2014 16:09:59 -0400 Dan Ritter napísal: On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote: On Friday 17 October 2014 18:30:31 Andre N Batista wrote: I cannot believe some people still thinks [snip] that we should simply stick with the TC's author

Re: [exim4] Testing and making sense of smtp output

On Sun 19 Oct 2014 at 01:19:51 +0200, lee wrote: > Brian writes: > > >> > An address literal is not the same as an IP address. An MTA should not > >> > be rejecting mail on the basis that the HELO is an address literal. > >> > >> Oh, then what is it? > > > > Using an example from RFC5321, an ad

Re: GR proposed re: choice of init systems

On 10/19/2014 01:25 PM, Tanstaafl wrote: On 10/17/2014 3:42 PM, Ric Moore wrote: The fun part will be to see who actually steps up to the plate to do all of the extra work. Especially amongst all of those pledged seconds. I hope someone is keeping a list. :) Ric From what I read, it will be

Re: debian-installer: detection of Mobile Broadband even before installation?

On Sun, 19 Oct 2014, Jan David Mörike wrote: > Wishlist: debian-installer: detection of Mobile Broadband even before > installation? [...] > Question: Should the debian installer also offer netinst installation > through Mobile Internet? If you're interested in this, please file a wishlist bug a

linux-image-3.16-3-amd64

No 'linux-headers-amd64' or 'linux-image-amd64' packages are available for the new kernel(linux-image-3.16-3-amd64). -- Jimmy Johnson Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14 Registered Linux User #380263 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject o

Re: libjpeg mess in testing

On 2014-10-19 17:39 +0200, Erwan David wrote: > I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs > which claim ownership of the same file. > > There are already bugs about this (764318, 764322,765667,765790) but I > do not understand what I should do about this Probably install

Re: linux-image-3.16-3-amd64

On 2014-10-19 20:46 +0200, Jimmy Johnson wrote: > No 'linux-headers-amd64' or 'linux-image-amd64' packages are available > for the new kernel(linux-image-3.16-3-amd64). You had better report this on the debian-kernel mailinglist, or file a bug report (reportbug --source linux-latest). Cheers,

Avoid reboot by loading initramfs again

Hello, I wonder if one can avoid a complete reboot of the system just by halting the operating system but right after load the initramfs and restart from there? Basically when we reboot, we only want to reset the operating system state but rarely to do all the hardware checks again. And for a ker

Re: linux-image-3.16-3-amd64

Sven Joachim wrote: On 2014-10-19 20:46 +0200, Jimmy Johnson wrote: No 'linux-headers-amd64' or 'linux-image-amd64' packages are available for the new kernel(linux-image-3.16-3-amd64). You had better report this on the debian-kernel mailinglist, or file a bug report (reportbug --source linux-

Re: user authentication for a secure laptop.

On 20/10/14 03:40, pe...@easthope.ca wrote: > In wheezy, is there a routine means of allowing "login" on > the machine itself without a password, Do you mean using fingerprints as local authentication?? > while keeping traditional > password authentication for any remote login. Do you mean