Re: Exim as a secondary MX?
On Wednesday 19 April 2006 09:53 am, Mark Komarinski wrote: Is anyone doing this now or have links to some docs I can read on this? Once I get this set up, it might make a good meeting topic some month... I'll be migrating our Exim mail server soon to another IP address, so I'm setting up a second MX server to relay to it and essentially do a store-and-forward sort of methodology. Ultimately, I'm setting up the new Exim server to smarthost everything to the new server and accept no local mail. Also, I'm telling it to relay mail for the domains that the primary MX is responsible for. That way, it will accept mail from anywhere, destined to those domains and if the primary server (the smarthost) isn't available, it'll wait until it is. I'll set the timeouts on bounces and such really long, but you should pick something appropriate to how long you're willing to buffer email during an outage. Hope that helps. What you're really looking for is a secondary MX guide more than an Exim guide. I find the Exim documentation on their site incredibly helpful when I need to get into things, but the options I'm talking about above are relatively simple ones to find/adjust. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On 4/19/06, Bill Sconce [EMAIL PROTECTED] wrote: When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit, (Other than installing Linux, of course, but if he said that Bill Gates would have to kill him... ) *sigh* I hate FUD, even when it's FUD for Linux and against Microsoft. Linux has the same problem. Every system ever invented has the same problem. The problem is that if you've had a full system compromise (whether you call your superuser root, Administrator, or SUPERVISOR), you can no longer trust the computer to check itself. The attacker can subvert the system to lie to you about itself. What Microsoft is saying -- you need to reinstall from trusted media after a root compromise -- have been Standard Operating Procedure in the security community for decades, on all platforms, nix and doze included. See, for example, this classic guide from CERT: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html We've had this same situation be discussed *on this list*, multiple times, going back at least a few years. If anything, Microsoft is to be commended for telling it like it is. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
Ben Scott wrote: The problem is that if you've had a full system compromise (whether you call your superuser root, Administrator, or SUPERVISOR), you can no longer trust the computer to check itself. The attacker can subvert the system to lie to you about itself. How about boot disks that have been premade to check your system and identify suspect files? This way the compromised filesystem isn't checking itself although the computer is checking itself. ...could avoid a full, from scratch, reinstall. Cheers! Ty -- Tyson D Sawyer What is ominous is the ease with which some people go from saying that they don't like something to saying that the government should forbid it. When you go down that road, don't expect freedom to survive very long. -- Thomas Sowell ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
[EMAIL PROTECTED] said: What Microsoft is saying -- you need to reinstall from trusted media after a root compromise -- have been Standard Operating Procedure in the security community for decades, on all platforms, nix and doze included. True, but the ease of getting to such a compromised situation might be a differentiator. About a year ago there was a report done by a series of security experts warning about the issues of creating one generic brand of operating system, on one generic brand of instruction set and watching as the worms and viruses attacked it full bore like a virus in a field of generically identical corn. Their conclusion was that it was better to have a mix of OS and architectures, even if the standards of interface were the same. One of the authors of this report was mysteriously fired by his company, who valued the business of Microsoft. So if I had 2000 systems made up of 1000 Intel machines and 1000 PowerPCs, running Linux and (perhaps BSD), I might find that given huge compromise of any one architecture/OS combination I might be able to do work on the other 3/4 of my machines. Or by using a different strategy, such as LSTP, you may have to re-install a heck of a lot fewer machines. And finally, there is the issue of how fast can you get the patch, and whether it exists for all your operating systems, even the ones retired. Just some thoughts. md -- Jon maddog Hall Executive Director Linux International(R) email: [EMAIL PROTECTED] 80 Amherst St. Voice: +1.603.672.4557 Amherst, N.H. 03031-3032 U.S.A. WWW: http://www.li.org Board Member: Uniforum Association, USENIX Association (R)Linux is a registered trademark of Linus Torvalds in several countries. (R)Linux International is a registered trademark in the USA used pursuant to a license from Linux Mark Institute, authorized licensor of Linus Torvalds, owner of the Linux trademark on a worldwide basis (R)UNIX is a registered trademark of The Open Group in the USA and other countries. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On 4/19/06, Tyson Sawyer [EMAIL PROTECTED] wrote: Ben Scott wrote: The problem is that if you've had a full system compromise (whether you call your superuser root, Administrator, or SUPERVISOR), you can no longer trust the computer to check itself. The attacker can subvert the system to lie to you about itself. How about boot disks that have been premade to check your system and identify suspect files? This way the compromised filesystem isn't checking itself although the computer is checking itself. Sure. If you've taken the time to make an IDS database, and kept it current, you can boot from trusted media and run an integrity check. Tripwire is a famous tool for this, and it is available for nix and doze. I've generally found that this kind of IDS is rarely used. (Rarely != never.) It's very labor intensive and intrusive to maintain an IDS like this, since you generally have to take the system offline to run an IDS check before each update -- otherwise, how do you know you haven't been subverted, or how do you know your updated IDS DB isn't subverted? Running something like chkrootkit (the nix world's equivalent to doze anti-virus software) from a trusted boot *may* detect something, but lack of detection of known trouble is not the same as positive assurance of integrity. It's a safe bet that the lusers who install the software the Internet tells them too don't have a Tripwire IDS database ready. (This, incidentally, is the real problem -- system operators have neither the tools nor the training to protect their systems.) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On 4/19/06, Jon maddog Hall [EMAIL PROTECTED] wrote: What Microsoft is saying -- you need to reinstall from trusted media after a root compromise -- have been Standard Operating Procedure in the security community for decades, on all platforms, nix and doze included. True, but the ease of getting to such a compromised situation might be a differentiator. True. However, given the current state of affairs today, for the typical system compromise -- be it on Windows or Linux -- the only option is a wipe and reinstall. Most operators haven't got what they need (which requires a fair bit of prep work) to for assured recovery otherwise. About a year ago there was a report done by a series of security experts warning about the issues of creating one generic brand of operating system, on one generic brand of instruction set ... Sure. Diversity of systems means an targeted attack has less surface to gain traction on. On the other hand, with things like Python and Java making portability easier, portable malware is easier, too. Proof-of-concept malware that attacks both Windoze and Linux has already been demonstrated. So if I had 2000 systems made up of 1000 Intel machines and 1000 PowerPCs, running Linux and (perhaps BSD), I might find that given huge compromise of any one architecture/OS combination I might be able to do work on the other 3/4 of my machines. Unless the worm is written in Python, PHP, Perl, Java, shell script, compiled from C code ... :) Or by using a different strategy, such as LSTP, you may have to re-install a heck of a lot fewer machines. Sure. Ditto with Windows Terminal Server. (Windows just costs a lot more to implement. That's not news, either.) And finally, there is the issue of how fast can you get the patch, and whether it exists for all your operating systems, even the ones retired. You got my patch kit for Red Hat Linux 7.1? :-) Just some thoughts. Just more thoughts. Ultimately, my message here is: Security is hard. For the vast majority of security problems we see on Windows, Linux has no particular immunity. Linux isn't targeted nearly as much because there are a *lot* fewer Linux boxes in general, and basically zero Linux boxes in the clueless home user community. Attackers go after the easy targets. I believe there *are* things inherent to nix that make it easier to secure than Windows, but *none of them matter right now*. Almost all of the attacks are of the User explicitly runs the malware for the attacker or User did not install patch for buffer overflow variety. One of the authors of this report was mysteriously fired by his company, who valued the business of Microsoft. That's probably the single relevant piece of information in this thread so far. Linux isn't owned by anyone, so we're a lot less likely to be in a situation where a single company can manipulate the market at the expense of the user community. OTOH, one has to wonder what would happen if Red Hat Software asked a big Red Hat shop to do something :) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On Wed, 2006-04-19 at 15:48 -0400, Ben Scott wrote: *sigh* I hate FUD, even when it's FUD for Linux and against Microsoft. Linux has the same problem. Every system ever invented has the same problem. The problem is that if you've had a full system compromise (whether you call your superuser root, Administrator, or SUPERVISOR), you can no longer trust the computer to check itself. The attacker can subvert the system to lie to you about itself. What Microsoft is saying -- you need to reinstall from trusted media after a root compromise -- have been Standard Operating Procedure in the security community for decades, on all platforms, nix and doze included. See, for example, this classic guide from CERT: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html We've had this same situation be discussed *on this list*, multiple times, going back at least a few years. Sorry to keep beating the dead horse, but generally, the Linux reinstall is more painless unless you are dealing with pre-built system images and have kept the image archives up-to-date. Most of the system will have come from the distributor (e.g. Redhat) and the ancillary repositories. There should be relatively little rummaging around for installation media. This recent advice on theregister looks like a good approach for future system setups. Perhaps some of the savvy folks on this list are already doing this. http://www.theregister.com/2006/04/13/virtual_security/ -- Lloyd Kvam Venix Corp ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On 4/19/06, Python [EMAIL PROTECTED] wrote: Sorry to keep beating the dead horse, but generally, the Linux reinstall is more painless ... I don't know about that. Our Windows installs aren't really all that different from a Red Hat KickStart install. Hit F12 during boot, boot into RIS, start install over network, a little bit later, you're done. Of course, I know what I'm doing and have invested in the time and tools to make Windows operate properly. But I've seen clueless Linux admins before, too. The cost of a reinstall is generally all the post-OS-install, application-specific configuration that has to be done, anyway. Our crappy ERP system is hard to automate. I've encountered the same on nix, too. Ask the list about installing Oracle some time :) ... unless you are dealing with pre-built system images and have kept the image archives up-to-date. There are other ways to do automated Windows installs besides than via Ghost-style hard disk images. Like RIS, above. Most of the system will have come from the distributor (e.g. Redhat) ... Oh, really? When did that law get passed? :) I've had plenty of nix installations where the critical software most especially did *not* come from the distribution. There should be relatively little rummaging around for installation media. The big time cost is not looking for CDs. This recent advice on theregister looks like a good approach for future system setups. Perhaps some of the savvy folks on this list are already doing this. http://www.theregister.com/2006/04/13/virtual_security/ Virtualization is a valid technique, but a second ago you were saying about the difficulty of keeping pre-built images of a single system. How is keeping images of multiple virtual systems easier? :-) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoft Says Recovery from Malware Becoming Impossible
On Wed, 2006-04-19 at 17:05 -0400, Ben Scott wrote: There should be relatively little rummaging around for installation media. The big time cost is not looking for CDs. You haven't seen my office... -- Lloyd Kvam Venix Corp ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: GNHLUG Nashua, Thr 20 Apr, Eric Eldred explains the CC copyright alternative
On Wed, Apr 19, 2006 at 05:45:34AM -0500, Jim Kuzdrall wrote: Who : Eric Eldred What : Creative Commons copyright alternative Where: Martha's Exchange Day : Thur 20 Apr (*Tomorrow*) Time : 6:00 PM for grub, 7:30 PM for presentation Is someone doing an RSVP to Martha's? (I'll be there, in any case.) -- Christopher Schmidt Web Developer ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: GNHLUG Nashua, Thr 20 Apr, Eric Eldred explains the CC copyright alternative
On Wednesday 19 April 2006 06:59 pm, Christopher Schmidt wrote: On Wed, Apr 19, 2006 at 05:45:34AM -0500, Jim Kuzdrall wrote: Who : Eric Eldred What : Creative Commons copyright alternative Where: Martha's Exchange Day : Thur 20 Apr (*Tomorrow*) Time : 6:00 PM for grub, 7:30 PM for presentation Is someone doing an RSVP to Martha's? (I'll be there, in any case.) Yep. Just dump them on gnhlug-discuss (to let people know you are going), or send them to me at [EMAIL PROTECTED] if you are more secretive. Jim Kuzdrall ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: GNHLUG Nashua, Thr 20 Apr, Eric Eldred explains the CC copyright alternative
Hi, If we need to RSVP for Martha's tomorrow, I figure four people in my group. Mike --- Christopher Schmidt [EMAIL PROTECTED] wrote: On Wed, Apr 19, 2006 at 05:45:34AM -0500, Jim Kuzdrall wrote: Who : Eric Eldred What : Creative Commons copyright alternative Where: Martha's Exchange Day : Thur 20 Apr (*Tomorrow*) Time : 6:00 PM for grub, 7:30 PM for presentation Is someone doing an RSVP to Martha's? (I'll be there, in any case.) -- Christopher Schmidt Web Developer ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss