On Thu, 8 Feb 2001 13:00:06 -0800, Rene Hendrix <[EMAIL PROTECTED]> wrote:
:>G'Afternoon.
:>
:>We here at Cobalt wanted to assure you that we are doing everything
:>possible to get .pkg's out the door for the recent BIND exploit as
:>well as the recent ProFTPD response to several security holes.
[snip]
:>ProFTPD:
[snip]
:> mips w/o PAM: (RaQ1, Qube2)
:>
:ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1-NOPAM.mips.rpm
:>
:>As always, the RPMS are experimental and upsupported until the
:>official pkg is release and posted.
:>
:>If you have any questions about these upgrades, please contact me
:>at [EMAIL PROTECTED]
Why is it NOPAM for the Qube2?
I am a bit reluctant to install the Qube2 rpm since my system has a ton of pam
stuff:
/etc/pam.conf
/etc/pam.d
/etc/pam.d/ftp
/etc/pam.d/imap
/etc/pam.d/other
/etc/pam.d/ppp
/etc/pam.d/rexec
/etc/pam.d/rlogin
/etc/pam.d/rsh
/etc/pam.d/sshd
/etc/pam.d/su
/etc/security/pam_env.conf
/lib/libpam.so
/lib/libpam.so.0
/lib/libpam.so.0.64
/lib/libpam_misc.a
/lib/libpam_misc.so
/lib/libpam_misc.so.0
/lib/libpam_misc.so.0.64
/lib/security/pam_access.so
/lib/security/pam_cracklib.so
/lib/security/pam_deny.so
/lib/security/pam_env.so
/lib/security/pam_filter.so
/lib/security/pam_ftp.so
[snip] -- the /lib/security and /usr/include/security files are dated 20 Aug
1998
/sbin/pamconfig
/sbin/pam_filter
/sbin/pam_filter/upperLOWER
/usr/include/security/pam_appl.h
/usr/include/security/pam_filter.h
/usr/include/security/pam_misc.h
/usr/include/security/pam_modules.h
/usr/include/security/_pam_compat.h
/usr/include/security/_pam_macros.h
/usr/include/security/_pam_types.h
[admin@vanecek security]$
[admin@vanecek security]$ d /etc/pam.d
total 14
drwxr-xr-x 2 root root 1024 Nov 23 03:53 ./
drwxr-xr-x 32 root root 4096 Feb 2 09:06 ../
-rw-r--r-- 1 root root 283 Nov 11 12:46 ftp
-rw-r--r-- 1 root root 116 Nov 4 1998 imap
-rw-r--r-- 1 root root 210 Aug 20 1998 other
-rw-r--r-- 1 root root 155 Jan 25 1999 ppp
-rw-r--r-- 1 root root 216 Nov 16 1997 rexec
-rw-r--r-- 1 root root 429 Nov 16 1997 rlogin
-rw-r--r-- 1 root root 204 Nov 16 1997 rsh
-rw-r--r-- 1 root root 410 Nov 23 03:54 sshd
-rw-r--r-- 1 root root 284 Feb 6 1998 su
>From the doco:
Linux:
To use PAM with ProFTPD, you must edit /etc/pam.d/ftp and add the
following lines for RedHat installations:
[admin@vanecek security]$ less /etc/pam.d/ftp
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
>From the doco:
ProFTPD attempts to check for the necessary PAM support automatically,
and unless specifically overridden, will use PAM on those platforms
whenever possible. In order to use PAM, you must configure a
configuration file. ... On others, such as Linux, configuration is
taken from the directory /etc/pam.d, in a file called ftp.
It would appear that the Qube2 has a lot of hooks into PAM??
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
