On Fri, 2003-05-30 at 12:29, [EMAIL PROTECTED]
wrote:
> Hi,
>
> I'm a bit of a linux newbie. Out of the box, what
should be the
first things I
> do/learn/disable to secure my box? Is there
anything I could run
or look out
> for to indicate a hack of any kind?
>
> I guess this is asked a l
First of all, disable all the start-up services that you don't need by using setup
command. Install chkrootkit and tripwire program to detect if your machine has been
compromised or not?
Nabin Limbu
On 30 May 2003 at 18:29, [EMAIL PROTECTED] wrote:
> Hi,
>
> I'm a bit of a linux newbie. Out
On Fri, 2003-05-30 at 12:29, [EMAIL PROTECTED] wrote:
> Hi,
>
> I'm a bit of a linux newbie. Out of the box, what should be the first things I
> do/learn/disable to secure my box? Is there anything I could run or look out
> for to indicate a hack of any kind?
>
> I guess this is asked a lot.
What purpose would your Linux box serve? With the later versions, RH
provides some decent security with the firewall and ssh being the only
service turned on by default.
One thing I always add is some protection against people getting root
locally by rebooting to single-user mode. If you use gru
Hi Ben,
The most important thing is to not hook your box up to the internet (except through a
well-configured firewall) until you are confident with the security! Use a disk or CD
to transfer RPMs to the box.
I find the default configuration for RH9 is pretty good, but definitely needs some
t
On Thu, 20 Mar 2003, Gordon Messmer wrote:
>
> Clients don't change the server config...
I was pretty sure this was the case.
> Perhaps you had not restarted
> the sshd after making the config changes? Try to reproduce the problem
> and report it if you can. If not, then you probably didn'
Jiann-Ming Su wrote:
I'm running openssh-3.1p1-6 on RedHat 7.2. I have the following
options in my sshd_config:
...
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
So, as configured, I should only be allowed to login in if I have
a p
Something else to look at...what is in /etc/hosts.allow and
/etc/hosts.deny . I had to add sendmail:ALL in my /etc/hosts.allow file
for mail to work.
Mark
On Fri, 28 Feb 2003, Deleo Paulo Ribeiro Junior wrote:
> Hello!
>
> I am using firewall with the option "high" selected. Despite of especif
Deleo Paulo Ribeiro Junior wrote:
Hello!
I am using firewall with the option "high" selected. Despite of
especifying that ports 25 and 110 are allowed to be used (tcp and upd)
the sendmail servide does not work.
Anyone knows what is the problem?
[...]
can you post your ipchains or iptables
aa, sendmail defualts to only listen on the local (127.0.0.1) IP.
Check your sendmail.mc
> Deleo Paulo Ribeiro Junior wrote:
>
> Hello!
>
> I am using firewall with the option "high" selected. Despite of
> especifying that ports 25 and 110 are allowed to be used (tcp and upd)
> the sendmail
On Fri, 28 Feb 2003, Deleo Paulo Ribeiro Junior wrote:
> Hello!
>
> I am using firewall with the option "high" selected. Despite of especifying that
> ports 25 and 110 are allowed to be used (tcp and upd) the sendmail servide does not
> work.
>
> Anyone knows what is the problem?
>
> Thank you
Without knowing how you have sendmail setup that's a pretty big question with very
little to go in giving you an answer. One place to start is DNS - you have
limited your ports to 25 and 110 - but sendmail
needs to resolve the MX record of any domain its sending to in order to get the
m
Do you have nmap? Get it and nmap your 127.0.0.1 address and then your
regular IP address. If 25 is only open on 127 then you need to setup
sendmail to listen on the external address. If won't by default. Check
your /etc/mail/sendmail.mc file and edit it. Then use m4 to gen a new cf
file.
<>
On F
On February 28, 2003 01:39 pm, Deleo Paulo Ribeiro Junior wrote:
> I am using firewall with the option "high" selected. Despite of especifying
> that ports 25 and 110 are allowed to be used (tcp and upd) the sendmail
> servide does not work.
first, you have to find out if the service is even runni
On Tue, Feb 25, 2003 at 10:53:23PM +1100, Cameron Simpson wrote:
>
> I'm on this and still missed a recent one.
> I'm wondering if RH has quietly dropped those lists in favour of RHN?
Doesn't seem so.
I've received mail for every errata issued for quite a while (several
times, actually, since I'm
On 12:38 25 Feb 2003, Emmanuel Seyman <[EMAIL PROTECTED]> wrote:
| On Mon, Feb 24, 2003 at 12:23:22AM -0500, Kevin Krumwiede wrote:
| > If there's a remote vulnerability in some RedHat package, will it be
| > posted to this list? I know about
| > https://rhn.redhat.com/errata/rh8-errata-security.h
On Mon, Feb 24, 2003 at 12:23:22AM -0500, Kevin Krumwiede wrote:
>
> If there's a remote vulnerability in some RedHat package, will it be
> posted to this list? I know about
> https://rhn.redhat.com/errata/rh8-errata-security.html. I just wondered
> if there's a way to have security alerts delive
A good solution might be to have a look at various security-lists. I
get about 4 or 5 different security-lists (also including Debian-
security - since most bugs are general-linux). If your looking for
redhat-specific messages RHN is your first choice - but if your also
using packets / programs
that tool can't read the settings that you made before but that doesn't
mean that it failed to do what you said u want it to do.
u can check the settings via:
/etc/sysconfig/iptables
/etc/sysconfig/ipchains
or
iptables -L
ipchains -L
On Sat, 2003-02-15 at 06:39, Joel Lopez wrote:
> Hi,
>
> I'v
that tool can't read the settings that you made before but that doesn't
mean that it failed to do what you said u want it to do.
u can check the settings via:
/etc/sysconfig/iptables
/etc/sysconfig/ipchains
or
iptables -L
ipchains -L
On Sat, 2003-02-15 at 06:39, Joel Lopez wrote:
> Hi,
>
> I'v
that config tool can't read the settings u have made before. u need to
check /etc/sysconfig/iptables or ipchains to verify the settings.
Also, u can use:
iptables -L
ipchains -L
cheers.
On Sat, 2003-02-15 at 06:39, Joel Lopez wrote:
> Hi,
>
> I've been trying to change the security level fro
Joel Lopez wrote:
> Hi,
>
> I've been trying to change the security level from High to Medium. But,
> even though I'm logged in as root when I open up the tool to see if my
> changes are there it always shows the Level as High.
If your using ipchains or Linux 7.3, after you modify your security
> I've been trying to change the security level from High to Medium. But,
> even though I'm logged in as root when I open up the tool to see if my
> changes are there it always shows the Level as High.
>
> Does anyone know how to allow changes to the security level?
>
> thanks,
> Joel
FAQ Joel.
Yes. This is normal. The security tool resets itself to high by default when
it initializes. It does not seem to read the existing state of the system.
It just goes there.
It is registering your changes and applying them.
It would probably in the long run serve you better to take over the fire
wal
On Tue, Nov 19, 2002 at 11:31:32PM -0800, Rick Johnson wrote:
> Actually on my RH 8.0 boxes, iptables starts BEFORE the network is brought
> up - so you're good to go.
>
> in /etc/rc.d/rc3.d you have the following:
>
> S08iptables
> S10network
>
> That brings up iptables first :-)
Well I'll be
> Hi Rick, Thank you!
> This is a nice clean solution. It integrates so well with the existing
> system thats its almost like someone designed it that way :-)
>
> Does anybody know if there is a "gap" in coverage between the time the
> network is started up and the time the iptables rules bec
On Tue, Nov 19, 2002 at 11:15:47AM -0800, Rick Johnson wrote:
> [EMAIL PROTECTED] wrote:
> |
> | I just set up iptables on my cable cnxn (Works great!), and one of the
> | items left sort of open was exactly where the iptables rules should be
> | placed in order to have them run at startup time.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 19 Nov 2002 13:13:15 -0500, [EMAIL PROTECTED] wrote:
> On Tue, Nov 19, 2002 at 09:54:43AM -0500, Matthews, John wrote:
> > I believe firewall rules are sometimes kept in
> > /etc/sysconfig/firewall, so you might want to read the contents of
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| On Tue, Nov 19, 2002 at 09:54:43AM -0500, Matthews, John wrote:
|
|>I believe firewall rules are sometimes kept in /etc/sysconfig/firewall, so
|>you might want to read the contents of that file too and ensure you don't
|>have
On Tue, Nov 19, 2002 at 09:54:43AM -0500, Matthews, John wrote:
> I believe firewall rules are sometimes kept in /etc/sysconfig/firewall, so
> you might want to read the contents of that file too and ensure you don't
> have rules being set there.
I just set up iptables on my cable cnxn (Works grea
PROTECTED]
Subject: Re: Security level
> is that: by default my security level (of the firewal) is hight, but
> when i
> change the value to no security or median security it doesnt change (he
ask
> me if i want to change the config i select ok, but when i open it again it
> leve
Try typing "iptables --list" this will show you what firewall rules are set.
(This assumes your using iptables, which is generally the default for a 2.4
kernel.)
If you see rules being setup you can delete them by using "iptables --flush"
I believe firewall rules are sometimes kept in /etc/syscon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 19 Nov 2002 10:47:42 +, Tiago Andre wrote:
> I have install the redhat 8.0 in my computer as a server, but facing a
> problem... when i try to configure my firewal, it doesnt change, what
> i mean is that: by default my security level (of
> is that: by default my security level (of the firewal) is hight, but when i
> change the value to no security or median security it doesnt change (he ask
> me if i want to change the config i select ok, but when i open it again it
> level is again high)
try (as root): service iptables restart
Dave,
You are going to need to restart your network services for TCP Wrappers to
take effect:
ex., /etc/init.d/network restart
Your hosts.deny file should have in it
ALL:ALL
to deny access via any service from any IP address. If you want to allow
access from one specific IP address:
ALL:xxx
alf Of Emmanuel Seyman
Sent: 28 October 2002 16:14
To: [EMAIL PROTECTED]
Subject: Re: Security with TCP Wrappers
On Mon, Oct 28, 2002 at 03:10:52PM -, David Davenport wrote:
>
> RE: Security with TCP WrappersIt appears that whatever I enter in these
> files I can still get access via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 28 Oct 2002 17:14:00 +0100, Emmanuel Seyman wrote:
> > RE: Security with TCP WrappersIt appears that whatever I enter in
> > these files I can still get access via telnet form any maching (even
> > if I add single ip exc
On Mon, Oct 28, 2002 at 03:10:52PM -, David Davenport wrote:
>
> RE: Security with TCP WrappersIt appears that whatever I enter in these
> files I can still get access via telnet form any maching (even if I add
> single ip exclusions). Is there any way that something is set
Title: RE: Security with TCP Wrappers
It
appears that whatever I enter in these files I can still get access via
telnet form any maching (even if I add single ip exclusions). Is there any way
that something is set elsewhere so that these files are being
ignored?
-Original Message
Hi.
No there is not need to start xinetd or any other service. Saving any changes
to hosts.allow or .deny will make whatever in there applied.
Al-Juhani
[EMAIL PROTECTED]
>= Original Message From [EMAIL PROTECTED] =
>On Mon, Oct 28, 2002 at 11:26:53AM -, David Davenport wrote:
>>
>>
Title: RE: Security with TCP Wrappers
Hi,
For an Subnet, your entry in the hosts.allow should be
in.telnetd : 192.168.1.0/255.255.255.0
Change the Ip Adress and Subnetmask to your, that should be all
Alex
-Original Message-
From: David Davenport [mailto:[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 28 Oct 2002 11:26:53 -, David Davenport wrote:
> I am trying to disable telnet access from certain systems/subnets to a
> Linux Server. I understand this can be acheievd by adding entries to
> the hosts.allow and hosts.deny files.
>
> I h
in the hosts.allow enter:
in.telnetd: x.x.x.
where x.x.x. is the IP address of your address also you need to add localhost
as below:
in.telnetd: localhost IP_Address1 IP_Address2 IP_Address3
in the hosts.deny add the following:
ALL: ALL
to block all and only allow any hosts under hosts.allow
Hi Emmanuel
I tried that - still no luck..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:redhat-list-admin@;redhat.com]On Behalf Of Emmanuel Seyman
Sent: 28 October 2002 11:52
To: [EMAIL PROTECTED]
Subject: Re: Security with TCP Wrappers
On Mon, Oct 28, 2002 at 11:26:53AM
On Mon, Oct 28, 2002 at 11:26:53AM -, David Davenport wrote:
>
> Am I missing something?
I think you need to restart xinetd for it to read the /etc/host.* files.
Emmanuel
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.re
On Fri, Oct 18, 2002 at 03:25:21PM -0400, Andrew MacKenzie wrote:
> +++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:
[...]
> > *prevent* an attack, or am I missing something here? So, the main (only?)
> > use would be to serve as a warning system a la "This system probably has
+++ [EMAIL PROTECTED] [RedHat] [Fri, Oct 18, 2002 at 02:42:25PM -0700]:
> Sorry, First time with linux/redhat this week. Where do I locate the
> log files that you guys have been talking about?
You'll find many logs to watch in /var/log/. Messages is a very common log
file where many programs wi
On Fri, 2002-10-18 at 13:01, linux power wrote:
> The problem when I got hacked were that the firewall
> logging is turned off,and I'am not able to turn it on
> because --log-prefix /var/log/firewall in the iptables
> is no longer recognized as a valid path, so no
> logging. I got a warning about i
The problem when I got hacked were that the firewall
logging is turned off,and I'am not able to turn it on
because --log-prefix /var/log/firewall in the iptables
is no longer recognized as a valid path, so no
logging. I got a warning about it when I run iptables
-L.
So some script must have been ch
Sorry, First time with linux/redhat this week. Where do I locate the
log files that you guys have been talking about?
Mark
On Friday, October 18, 2002, at 12:25 PM, Andrew MacKenzie wrote:
+++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:
On Fri, Oct 18, 2002 at 10:04:46A
+++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:
> On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:
> > The Tripwire documentation suggests that the database be
> > held on a floppy which is then write-protected - should
> > prevent a blackhat getting to it.
>
>
Thanks for the info Jason. I've once ran portsentry and ipchains when I was a very
new newbie.Now I'am only newbie. But at that time I'll never understood how it worked.
Jason Costomiris <[EMAIL PROTECTED]> wrote:
On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:: Further, I've been
On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:
: Further, I've been thinking about portsentry. What's the use of it?
You're not the only one who wonders this.
: If you
: have a firewall set up that's only allowing access to specifically defined
: ports from the outside on which
At 5/13/2002 10:00 PM -0700, you wrote:
> My company provides Web site hosting services for about 2 dozen
> (Web site development) clients. I've just purchased my 3rd (1U) server
> for my colo space. All services (HTTP, SMTP, POP, FTP, etc.) have
> previously been allocated to just the
This isn't my expertise so don't hold me to this, but I can't think of a more secure
way to separate services.
The biggest security concern of mine is the FTP server, so if you have to combine
services, try to not combine anything with FTP.
If you really want to learn security, check out:
Max
> I am looking for tips on how tos ecure a linux file and ftp server.
> Does anyone have any ideas, links?
Start with the Linux Security HOWTO:
http://www.linuxsecurity.com/docs
Regards,
Dave
___
Redhat-list mailing list
[EMAIL PROTECTED]
https:/
> On Tue, Jan 08, 2002 at 12:18:52PM -0500, Lewi wrote:
> > i have subscribe to redhat security updates mailing list, but today
> > i have know that there is new mutt package available for security
> > update, but until know i have not receive any email yet.
> >
> That list sometimes runs a day
On Tue, Jan 08, 2002 at 12:18:52PM -0500, Lewi wrote:
> i have subscribe to redhat security updates mailing list, but today
> i have know that there is new mutt package available for security
> update, but until know i have not receive any email yet.
>
That list sometimes runs a day or two behind
netstat -at will show what's open, just comment out whatever you don;t
want in inetd or xinetd. Tripwire is built for a RH 7.0 install of
"everything" so you'll have to edit the policy text file to comment out
the files you don't have and run twinstall.sh and tripwire --init. There
are only a fe
On Thu, May 03, 2001 at 08:08:28PM -0400, Devon wrote:
> >
> I'm not sure what version of Tripwire your running, but you should
> find some documentation in /usr/share/doc/tripwire-2.3.0/ (for the
> most recent release at any rate) You should also be able to find
> more information at
> http://ww
On Thursday 03 May 2001 05:57 pm, Jeff Graves wrote:
>Also, I installed the rpm for tripwire but the documentation sucks
> (acutally, I couldn't find anything but comments in what I think were
> config files). The website tripwire.org didn't have anything either. Does
> anyone know of any document
Jeff Graves wrote:
> After having my linux boxes eventually hacked to pieces from neglect, I'm
> reinstalling with RH7.0 and locking the boxes as much as possible. I have 2
> dns servers that I want only to run bind and ssh. How can I can check to see
> what ports are still open?
The netstat(8)
There's a lot of info in the man pages for tripwire. Essentially it is a
nifty way to tell if any of your files have changed. If they have, and it
wasn't by you, you know something is up. It's typically ran as a cron job
and you can have it email you what it finds.
-Original Message-
F
> I know their is a package that checks for security breaches, port scans etc.
> But I have forgotton its name
> Can anyone help?
Chances are you'll need more than one package to do all this. Some
recommendations include:
- tripwire
- portsentry
- nmap
You can find all of these and more at Lin
There are many security packages.
tripwire is excellent for picking up on security breaches (IF you keep up with
it! I update my databases daily, and would recommend at least once a week,
more frequently if you make changes to your file system).
http://www.tripwire.org/
snort is excellent for n
On Tue, 10 Apr 2001, Stuart Clark wrote:
> Date: Tue, 10 Apr 2001 19:17:21 +1000
> From: Stuart Clark <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: security package
>
> I know their is a package that checks for security breaches, port scans etc.
> But I have
Hi Silviu,
> I just got 16 emails on the redhat-watch list sent between the 7th of June 2000
> and 31 of May 2000. I wasn't even subscribed then.
It seems they have some problems spooling ;-). I had the same thing.
Bye,
On Sat, 10 Mar 2001, Steve Gulick spewed into the bitstream:
SG>Maybe a hacker is trying to tell you something ;^>
SG>>
SG>>
SG>>
SG>> I just got 16 emails on the redhat-watch list sent between the 7th of June
SG>> 2000 and 31 of May 2000. I wasn't even subscribed then.
SG>>
SG>> I have to ask: W
Maybe a hacker is trying to tell you something ;^>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Silviu Cojocaru
> Sent: Saturday, March 10, 2001 1:06 PM
> To: [EMAIL PROTECTED]
> Subject: Security updates
>
>
>
> I just got 16 emails on the redha
On Fri, Sep 08, 2000 at 09:30:53AM +1000, Todd Black wrote:
> Hello
> I have just installed RH6.1 so i went to the RH webpage and started
> downloading all the security updates. I've noticed as you get into the
> more recent files it only list's file for 5.2 or 6.2, even though I've
> gone to the
On Fri, 8 Sep 2000, Todd Black wrote:
> Hello
>
> I have just installed RH6.1 so i went to the RH webpage and started
> downloading all the security updates. I've noticed as you get into the
> more recent files it only list's file for 5.2 or 6.2, even though I've
> gone to the 6.1 errata.
>
>
"other" is already -rwx , no need to specify it.
> On 6 Aug 2000, Robert Soros wrote:
>
> --then change the permissions and chmod /var/log/secure to something like
> --
> --
> --chmod 664 /var/log/secure
> --chown root:ADMINS /var/log/secure
> --ls /var/log/secure -al
> --
> --
On 6 Aug 2000, Robert Soros wrote:
--then change the permissions and chmod /var/log/secure to something like
--
--
-- chmod 664 /var/log/secure
-- chown root:ADMINS /var/log/secure
-- ls /var/log/secure -al
--
-- -rw-rw 1 root ADMINS 811 Aug 2 04:13
--
Michael Ghens wrote:
>
> There is no substitute to montoring and applying bug fixs when they come
> out.
No kidding, that tops the list in Support, as most frequently asked
question by our staff after someone reports everything blown to bits,
looking for a fix. "Did you apply the security fixe
Sure are.
However, keeping users off the box is a big step forward. It is alot
easier to breakin if you have shell access.
What I am listing here are some old bugs, most have been patched.
*LPD buffer overflow
*IMAP buffer overflow
*sendmail and kernel 2.2.14/15 set compat bug (was a kernel bug
You can go about this another way, with their group id.. for example the
following files
ls hawah* hedge* -al
-rw-rw-r-- 1 root robert 20 Jun 24 10:57 hawahian.email
-rw-r--r-- 1 root robert 24 Jun 29 23:59 hedges.phone
^ ^ ^ ^
| | |
doesn't cyrus imap address this issue? I don't think you even have
accounts for users - just mail. You might want to try it.
As for security issues, I don't know. You may lose some accountability. Do
their usernames or the single UID show up in logs?
hth
charles
On Sat, 5 Aug 2000, Steven Clark
I know it's been a while on this thread, but you should also look at the Stackguard
compiler, an anti stack-smashing modified version of gcc. Only works on Intel, but
the folks there have a RedHat 6.2 iso image with many of the packages compiled with
Stackguard.
umm, www.immunix.org, I think.
On Sat, 15 Jul 2000, Michael Ghens wrote:
> Todd, what is the url for this library?
>
http://www.bell-labs.com/org/11356/libsafe.html
I found it by doing a search for libsafe in http://www.freshmeat.net, but
I'm pretty sure that http://www.filewatcher.org and http://www.rpmfind.org
would also
* Michael Ghens ([EMAIL PROTECTED]) [000715 17:23]:
> Todd, what is the url for this library?
http://www.bell-labs.com/org/11356/libsafe.html
> > From: Todd A. Jacobs <[EMAIL PROTECTED]>
> > Have you tried installing libsafe on your system? It should prevent all
> > buffer overflow exploits,
http://linux.stanford.edu/rpm2html/Unknown.html
Enjoy :)
J.
- Original Message -
From: Michael Ghens <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 15, 2000 11:21 PM
Subject: Re: security: crontab
| Todd, what is the url for this library?
|
| On Wed,
Todd, what is the url for this library?
On Wed, 12 Jul 2000, Todd A. Jacobs wrote:
> Date: Wed, 12 Jul 2000 16:46:02 -0700 (PDT)
> From: Todd A. Jacobs <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: security: crontab
> Resent-Da
Neat! I hadn't heard of this before and I am very impressed. Nice little
program, thank you Bell Labs. This is going in my "Need to install on all
new systems" list.
-Ben Newman
"Before I'm done you will all taste my meaty brain chunks."
Spider
On Wed, 12 Jul 2000, Michael Ghens wrote:
> I just cannot believe this. I just tested an old vixie cron exploit
> against crontab. It was a clasic buffer overflow attack. I have a
> RH6.2 WITH UPDATES. It worked. This exploit is almost over a year old.
Have you tried installing libsafe on your s
If you want the code. Do not ask, it is readily available in the bugtraq
archive.
On Wed, 12 Jul 2000, Michael Ghens wrote:
> Date: Wed, 12 Jul 2000 15:40:23 -0700 (PDT)
> From: Michael Ghens <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: security: crontab
>
> I just cannot believe thi
Fred Whipple wrote:
> Joe,
>
> I can't remember at the moment what the name of the program is, but I
> know there is a secure 'rm' command that you can use to replace (or
> compliment) the normal 'rm' command. I don't have time presently to
> search for it :-) but if you search for 'secure rm' a
Joe,
I can't remember at the moment what the name of the program is, but I
know there is a secure 'rm' command that you can use to replace (or
compliment) the normal 'rm' command. I don't have time presently to
search for it :-) but if you search for 'secure rm' at freshmeat
(http://www.freshmea
Joe Briggs wrote:
> Windows has a large number of utilities designed to securely
> delete/overwrite files, and also to overwrite empty file space on drive
> with 1's and 0's.
>
> This is a very important security issue - does Linux have such
> capability?
I have never done this but I belive dd c
On Thu, 1 Jun 2000, K.Deepak wrote:
> Hi all,
>
> Can anyone tell me how to disable the su to root login from
> remote in RedHat Linux and Solaris. Basically, i want to login in root
> or su to root from the console , but, when i do a telnet to this
> machine, i want to disable the s
Thanks Wayne,
I found this about two hours after I had made the post. Everything is secured
according to the info I had read.
thanks--
Wayne Dyer wrote:
> Robert Canary wrote:
> > Hi,
> >
> > I got these messages in the log files and can't figure out what they
> > are, I believe strongly it
Robert Canary wrote:
> Hi,
>
> I got these messages in the log files and can't figure out what they
> are, I believe strongly it is a failed attack, but on what sort of
> exploit, and what are they trying to accomplish inorder to get root
> access? or Dos?
>
> Mar 2 19:54:01 mchn3 portmap[2735
On Wed, Feb 23, 2000 at 08:48:29AM -0500, Robert Glover wrote:
> > Robert Glover wrote:
> > > Some wretched soul might send a non-SYN packet at one your open TCP ports as
> > > part of some kind of port scan. The response from that port would tell them
> > > that something is there. If those por
> Robert Glover wrote:
> > Some wretched soul might send a non-SYN packet at one your open TCP ports as
> > part of some kind of port scan. The response from that port would tell them
> > that something is there. If those ports were blocked by the stateful
> > inspection firewall, then there wou
Robert Glover wrote:
> Some wretched soul might send a non-SYN packet at one your open TCP ports as
> part of some kind of port scan. The response from that port would tell them
> that something is there. If those ports were blocked by the stateful
> inspection firewall, then there would be no r
Gustav Schaffter wrote:
> Did you compare the results by using DENY instead of REJECT?
Yes. With DENY, the remote machine sent connection requests until it
timed out. With REJECT, the remote machine sent the connection
requests, and was told (in some way) that the port was unavailable. It
didn
I just started reading the IPCHAINS-HOWTO but from what I can remember, your
telling any packet wishing to make a connection coming in on the input chain
using TCP/IP on port 1023 that it is rejected. As a result, no connections
are being permitted.
> As long as we're on the subject of firew
This can partially be countered (but not fully be solved) by using
portsentry.
Regards
Gustav
Robert Glover wrote:
>
> > > localbox:1055 --> 1.2.3.4:80
> > >
> > >The firewall sees this and for some
> > >period of seconds or until the
> > >connection is closed will allow
> > >in
> > localbox:1055 --> 1.2.3.4:80
> >
> >The firewall sees this and for some
> >period of seconds or until the
> >connection is closed will allow
> >incomming packets on port 1055
> >only from IP address 1.2.3.4
>
> OK, but what, exactly, does that buy you that blocking SYN p
Gordon,
I'm not very sure about the low level details of ipchains, but I'll give
my input anyway. I hope I'm not shooting below your knowledge line here,
but...
Did you compare the results by using DENY instead of REJECT?
ipchains says REJECT to tell the caller that he is not allowed to
connect
On Mon, Feb 21, 2000 at 05:52:13PM -0800, Gordon Messmer wrote:
> As long as we're on the subject of firewalls, I have a question that I'd
> like to ask:
> If I have a linux box with no firewalling rules, and I attempt to
> connect from : to :, where dest is
> my unprotected linux box, and the po
1 - 100 of 163 matches
Mail list logo
