On Wed, 26 Dec 2001, Shachar Shemesh wrote: > Hi all, > > I don't know whether this is relevant to Shlomi's email or not, as his > email is the first email I got since subscribing to this list. > > I am currently trying to come to terms with the server, in order to bump > up all sensitive services to non-vulnerable versions. I talked to Mulix > and we decided this list is probably the best place to coordinate such > efforts. > > Some of the things planned are SSH upgrade, login, proftpd, glibc > update, kernel 2.2.20 (does anyone have any objections toOpenWall's > non-executable stack patch?).
No. But OpenWall also includes a patch of permissions on procfs. If you apply this part, then please make sure all the local users have proper read access from /procfs (so every local user can run top, and need not su for that, even if that user can) > I am not doing anything for the next two > days, however, to make sure I am not stepping on anyone's toes. First of all, I think that nobody has any objection to anything that is in RedHat's errata. Applying stuff from there should probably be safe. Problematic packages there may be: * kernel * apache Packages that are not from RPMs (partial list): * Zope * MySQL (?) * openssh (?) * FAQ-O-Matic > > I would also like to know whether there are any requirements, such as > the requirement that only OSes Ligad sell, regarding this server. Does > that mean an upgrade to a newer version is out of the question? Is an upgrade to 7.2 > > Shachar > > Shlomi Fish wrote: > > >Hi! > > > >Can someone please configure the firewall so it will grant access to > >a certain high port number, which is not already taken. Something like: > >12345 or so. I need it to run the second SSH daemon. Or maybe open the firewall altogether for that short period. But please get on with it. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
