Hey Everyone,
Lots of sweeping changes and additions in in here.
115 Users now
--
See all prior updates older than 01/14/99 at:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS-old-updates.wri
**************************************************
** TrinityOS **
** "CRITICALITY" list **
** 01/14/99 **
**************************************************
- This section is for TrinityOS users to better track what TrinityOS
changes ARE and AREN'T so IMPORTANT to be fixed on their Linux box
Key:
----
*C = CRITICAL: *15* items
Something CRITICAL means that your are vunerable to
attack either due to some new security exploit, an
error on my part (firewall rules, etc), or something
that should be tested ASAP.
I = IMPORTANT: *25* items
Something IMPORTANT means that these changes will
have direct impact on the functionality of your box
or is a medium security risk. Not all IMPORTANT things
are important to everyone.
G = GOOD READ: *15* items
Something as GOOD READ means that it is informative
and will better help you track your machine.
N = Not Important: *42* items
Something NOT IMPORTANT are things like Typo corrections,
formatting changes, etc.
================================================================================
=======
Criticality
--
Date What was changed and in what [Section]
--------
----------------------------------------------------------------------
================================================================================
=======
G 02/22/99 I think adding the name of the section in the various Changelog
makes things more readible. What do you think?
[ Section ? - Add the section's description here]
Added the SWAN / IPSEC URLs to the master URL Section
[Section 5 - Software download map]
Added the Swan homepage URL and fixed some Typos
[Section 48 - IPSEC VPNs]
G 02/21/99 Wow.. totally left these sections out of the table of contents:
Section 46 - So you think you are being hacked.. Confirm it!
Section 47 - UNIX and Samba Printing
Section 48 - SWAN / IPSEC VPN
[Section 2]
N Updated the harware to reflect an Epson Stylus 500 Color ink
jet
[Section 4]
N Added the Distribution-HOWTO to the Picking a distribution
section.
[Section 6]
I I made a mistake in the new permission changes that broke Unix
and Samba printing. Do the following to get printing working
again: chmod 4750 /usr/bin/lpr
[Section 8]
N Added the Epson ink jet printer to the Samba section
[Section 33]
N Added the Epson printer and cleaned up a few things in the UNIX
and Samba printing section
[Section 47]
I Though I haven't tested all this yet, I've had a few users
report
back that it works well. So, with this, I've now added the
full
instructions on how to get a IPSEC VPN running between Linux
machines and even to other Cisco, Axent, etc devices as well!
[Section 48]
C* Changed the perms of ZGV to 0500 due to a root exploit
[Section 50]
-------------------
G 02/19/99 Added a "Future Feature" of graphing the APCUPSd logs
with Gnuplot
[Section 3]
Added two good little scripts for bru:
/usr/local/sbin/bru-viewtape
/usr/local/sbin/bru-find-changes
[Section 29]
G I've removed the Redhat Errata list since it was out of date
and you can just as easily get all this information from
the "Automatic RPM notifier" from [Section 43]
[Section 50]
C* Added the lsof-4.40-1.i386.rpm to fix a security issue
[Section 50]
-------------------
N 02/18/99 Added a Future Feature to impliment external 10.x.x.x and
172.19-31.x.x
filtering
[Section 3]
N Added alias settings to /etc/profile to Let Minicom and "ls"
run in
Color
[Section 7]
I Added a little blurb in the "how a firewall works" on why I
prefer
REJECT rules vs. DENY rules.
-------------------
C* 02/17/99 I found that ANY user can load a copy of Inetd. This is VERY
bad. So, while I was fixing that, I found and changed the
permissions
of -66- other programs. (at the bottom of this section)
[Section 8]
I Updated the MASQ and NON-MASQ firewall to v2.93
- # v2A.93 - Added explict OUTPUT filters for the
BackOrofice
and NetBus Windows trojans
[Section 10]
I Fixed the permissions of APCUPSD to not allow other users to
start APCUPSD.
[Section 36]
C* There is a root exploit against /usr/sbin/lsof. Change its
perms
to 755
[Section 50]
-------------------
N 02/16/99 Posted a URL for the new 0.98 Diald code that is maintained
under
a new author.
[Section 5]
I Added the "free" output and changed the "ps" output to "ps aux"
in the nightly Sendlogs cron script
[Section 9]
G Posted some URLs at the bottom of this section for code that
is
required for users upgrading to the 2.2.x kernels
[Section 12]
N Cleaned up and noted that Diald has a new maintainer.
[Section 23]
-------------------
G 02/15/99 Added a little NOTE in the sendlog section to tell any users
that
run a true multi-user Linux box, that I have a slightly altered
version of the log parser that cuts out a lot of the redundant
log info.
[Section 9]
*C Noted a root exploit in Debian's "Super" Program.
[Section 50]
-------------------
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
