On Fri, 2007-01-12 at 14:22 +0100, Sven Arvidsson wrote:
Snip
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10
Thanks for the link.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Jan 12, 2007 at 02:22:48PM +0100, Sven Arvidsson wrote:
> On Thu, 2007-01-11 at 18:52 -0500, Roberto C. Sanchez wrote:
> > Yup. While that will thwart the most naïve of attacks, put a binary
> > (not a script) in there (something like ls works) and run this:
> >
> > /lib/ld-linux.so.2 /tm
On Thu, 2007-01-11 at 18:52 -0500, Roberto C. Sanchez wrote:
> Yup. While that will thwart the most naïve of attacks, put a binary
> (not a script) in there (something like ls works) and run this:
>
> /lib/ld-linux.so.2 /tmp/ls
That is actually not possible if you have a recent linux kernel.
On Thu, Jan 11, 2007 at 01:38:09PM -0500, Greg Folkert wrote:
>
> At one time I had an IRC-Bot on my machine. It was put in /dev/shm/ I
> fixed the access issue (it was writable by anyone)
>
The fact that /dev/shm is world writable is not an access issue anymore
than /tmp being world writable. I
On Wed, 2007-01-10 at 11:53 -0600, Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
>
> I'm unable to locate the file/files that are infected. Add
Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
>
> I'm unable to locate the file/files that are infected. Additionally, I
> can't see the proces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/10/07 11:53, Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
"IRC_nick" is really ambiguous.
Kevin Mark <[EMAIL PROTECTED]> wrote:
> On Wed, Jan 10, 2007 at 10:01:46AM -0800, Andrew Sackville-West wrote:
> > On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
> > > I've been told by my ISP that my sarge webserver (only port 80 open, all
> > > software up to date) is spewing traffic they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Jan 10, 2007 at 10:01:46AM -0800, Andrew Sackville-West wrote:
> On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
> > I've been told by my ISP that my sarge webserver (only port 80 open, all
> > software up to date) is spewing traffic the
On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
>
> I'm unable to locate the file/files that are infecte
10 matches
Mail list logo
