On Mon, Feb 23, 2004 at 12:46:59AM +0100, Thomas Sj?gren wrote:
with gcc-3.3 (1:3.3.3ds4-0pre4) the maintainers updated the SSP patch.
That's great news.
It is not however applied by default.
I submitted a bug report [1] about this, but the problem is that my
experience with GCC w. SSP
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
I have used AIDE (Advanced Intrusion Detection Environment) both in production use and
when I've been an instructor on unix security courses I've made the students learn to
use it, because it's really simple and easy to use. Even though it's quite simple, I
don't see it lacking anything
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for
http://beboy66.info/p3/?id=lgherbs
Q9arrack
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a read
only coda mount (you can't mount it rw unless you know the coda password), and its
really fast and reliable. So my vote is Integrit, btw you should check all of them and
then make a decision for you
I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I
Hi all,
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
Thanks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
samhain (in unstable, should be easy to backport) which has some
interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0
On Mon, Feb 23, 2004 at 12:01:02PM +0100, Xavier Poinsard wrote:
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
The security team doesn't update
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
Don't use this one! This one produces kernel panics after a few hours on
my systems. I suggest
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything seems fine. Can someone help
On Tuesday 24 February 2004 07:53, Greg wrote:
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337ie=UTF-8oe=UTF-8hl=robtnG=Caut%C4%83meta=
Looks like there are a lot of false positives on it.
May be you have installed fakebo?
Billy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
31337 - are your runing portsentry on that machine ?
Quote from the www.chkrootkit.org site:
I'm running PortSentry/klaxon. What's wrong with the bindshell test?
If you're running PortSentry/klaxon or another program that binds itself
to unused ports probably chkrootkit will give you a false
On Mon, Feb 23, 2004 at 12:46:59AM +0100, Thomas Sj?gren wrote:
with gcc-3.3 (1:3.3.3ds4-0pre4) the maintainers updated the SSP patch.
That's great news.
It is not however applied by default.
I submitted a bug report [1] about this, but the problem is that my
experience with GCC w. SSP
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
I have used AIDE (Advanced Intrusion Detection Environment) both in production
use and when I've been an instructor on unix security courses I've made the
students learn to use it, because it's really simple and easy to use. Even
though it's quite simple, I don't see it lacking anything
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for
http://beboy66.info/p3/?id=lgherbs
Q9arrack
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a
read only coda mount (you can't mount it rw unless you know the coda password),
and its really fast and reliable. So my vote is Integrit, btw you should check
all of them and then make a decision for you
I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I
Hi all,
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
Thanks.
samhain (in unstable, should be easy to backport) which has some
interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0
On Mon, Feb 23, 2004 at 12:01:02PM +0100, Xavier Poinsard wrote:
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
The security team doesn't update
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
Don't use this one! This one produces kernel panics after a few hours on
my systems. I suggest
31 matches
Mail list logo