Where is the security announcement?

be tainted more. We've already given the professional world enough of a reason to abandon ship and laugh at us. PS: the random quote generator seems to be able to establish semantic context at last! -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :not-so-pro

Re: Where is the security announcement?

also sprach Robin Schroeder <[EMAIL PROTECTED]> [2005.07.07.1133 +0200]: > I got at least security announcements from > debian-security-announce@lists.debian.org Not between 3 June and 30 June. -- Please do not send copies of list mail to me; I read the list! .''`

Re: Sudo question

s of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subke

Re: Debian Security Support in Place

o not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use sub

Re: Debian Security Support in Place

require a lot of time for testing afterwards. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better thin

Please announce current lack of security support

riate announcement ASAP to alert our users of the current lack of security support? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a syste

Re: Please announce current lack of security support

copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)key

Re: Bad press again...

server, globally spaced. Heck, we *should* have a responsive and communicative security team. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansy

Re: Bad press again...

o me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keys

Re: Bad press again...

is not a server, it's a DNS A record. It's a whole lot easier to point that elsewhere in case of problems than expecting users to make sense of the errors they get when some servers can't be reached. -- Please do not send copies of list mail to me; I read the list! .''`

Re: Bad press again...

also sprach martin f krafft <[EMAIL PROTECTED]> [2005.08.26.1907 +0200]: > security.debian.org is not a server, it's a DNS A record. It's > a whole lot easier to point that elsewhere in case of problems than > expecting users to make sense of the errors they get whe

Re: Bad press again...

belief that they are safe because s.d.o doesn't have any new stuff. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'`

Re: Bad press again...

il to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net

Re: Bad press again...

s not meet the general expectations of our users, it's essentially more of a clog than a bottleneck. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://deb

Re: Bad press again...

to Solaris because of the security fiascos. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have be

Re: Bad press again...

this stuff with me, it seems. He's never replied to mails or pings from me about this stuff. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem

Re: Bad press again...

ut their understanding of security... but then isn't it all the more important for Debian to get it right and help protect those that don't know better? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :

Re: Bad press again...

y in Debian. And it does not address the problem that our security infrastructure went down for a while and we found out about it from a German news magazine. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]>

Re: Bad press again...

urity team is a true asset and a keystone in the future of Debian security. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `-

Re: Bad press again...

send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (su

Re: Bad press again...

om what I know, Joey prefers editing text files and expects others to do the same. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `.

Re: Bad press again...

-- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Inva

Re: Bad press again...

says "delegations", but that doesn't mean that anything therein is a delegation. Looks more like tbm actually wanted to write a different message and forgot to change the subject afterwards. :) -- Please do not send copies of list mail to me; I read the list! .''`. ma

anonftpsync (was: security archive defective!?)

also sprach Andreas Barth <[EMAIL PROTECTED]> [2005.09.01.0858 +0200]: > I strongly recommend to use anonftpsync for mirroring any of the debian > archives What's the advantage over debmirror? -- Please do not send copies of list mail to me; I read the list! .'&#

Re: Security implications of allowing init to re-exec from another path

th a trojan, in addition to kernel modules and other Linux maladities. That is, if the attacker gets root... -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://d

Re: Security implications of allowing init to re-exec from another path

anyway. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system

Re: getting to www servers from inside where they have an Internal IP

er on port ? None that I know. I suggest using a second nameserver to resolve the A record to the internal IP. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer

Re: getting to www servers from inside where they have an Internal IP

s, this is what I meant. This, or a second nameserver. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you ha

tartini (one of the security mirrors) unreliable

and I see no other problems. Maybe the administrators would be so kind as to investigate the issue and send an update when it's resolved? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :pro

Re: first A record of security.debian.org extremely slow

t on the mailing list, please Cc). Please set your Mail-Followup-Header correctly. Cheers, -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info

Re: first A record of security.debian.org extremely slow

r > out that IP when there is more than one A record available > instead? (I can't think of a simple way of doing that off the top > of my head, though) It also bears the risk of hardcoding and forgetting, or missing an update. -- Please do not send copies of list mail to me; I read

Re: first A record of security.debian.org extremely slow

nd security is a time-critical domain where sometimes it's very important to have updates without any delays. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http

Re: db.debian.org certificate

also sprach Noèl Köthe <[EMAIL PROTECTED]> [2006.02.28.2224 +0100]: > the https db.debian.org certificate is expired on 2006-01-30. #354747 -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :

Re: first A record of security.debian.org extremely slow

ys. > > One day more or less doesn't really matter. So far, Debian security > updates predated widespread (semi-)automated exploits by weeks. Why then do you think security.d.o is not mirrored by Debian? -- Please do not send copies of list mail to me; I read the list! .

Re: first A record of security.debian.org extremely slow

list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkey

Re: first A record of security.debian.org extremely slow

o me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.ne

Re: first A record of security.debian.org extremely slow

es daily? Once. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a sy

Re: tartini (one of the security mirrors) unreliable

also sprach Martin Schulze <[EMAIL PROTECTED]> [2006.03.10.1541 +0100]: > I've finally removed tartini from the security round robin. Thanks! I assume wiggy is in charge to solve the problem with tartini? -- Please do not send copies of list mail to me; I read the list! .&#x

Re: howto block ssh brute-force

all/2006/03/msg00017.html -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than f

Re: howto block ssh brute-force

ere's a problem with the iptables module. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you

Re: howto block ssh brute-force

iptables rulesets to arbitrary complexity. In fact, I often wanted Firewall-1 to have a similar feature. Firewall-1 scales pretty damn well (4 Gbps throughput, stateful), but in my experience, iptables can handle way more. -- Please do not send copies of list mail to me; I read the list! .''`

Re: howto block ssh brute-force

ious subchains which handle special cases. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better thi

umn.edu security.d.o host unreachable

m. Thanks, -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system

Re: umn.edu security.d.o host unreachable

next > > door") are reachable. > > The host is not reachable. Good to see you're on top of the issue. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer

fail2ban [was: howto block ssh brute-force]

Does it expire entries? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fi

masking out invalid root logins with logcheck?

orced, which is what fail2ban takes care of anyway... Cheers, -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian -

Re: masking out invalid root logins with logcheck?

know when someone tries a password login for the root account, since password logins are not possible anyway. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://deb

Re: masking out invalid root logins with logcheck?

it. Thanks for your feedback. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do

Re: masking out invalid root logins with logcheck?

hlight, then, is a *successful* login. Sure, those get logged anyway, as cracking attempts, because our policy is never to log in as root. However, we leave without-password in there and keep a separate root DSA key, just in case. -- Please do not send copies of list mail to me; I read the list!

Re: masking out invalid root logins with logcheck?

le ones with a number of different clients. I do not want to go down this path; instead, I prefer to enforce a strong password policy. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :prou

Re: masking out invalid root logins with logcheck?

ly shot. :) But yes, you are right. To be on the safe side, I added a comment to sshd_config. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debians

Re: How to prevent daemons from ever being started?

aded, update-rc.d will not install new links, because some are already in place. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'`

Re: Command history log for audit trail

s there some > other way to create a log for all commands run on a system? apt-cache show acct? Though it really lacks a lot of information. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :'

BADSIG verifying s.d.o Release file

igning Key (2006) <[EMAIL PROTECTED]> Cheers, -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system "if a man t

Re: BADSIG verifying s.d.o Release file

ian-announce? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fix

Re: BADSIG verifying s.d.o Release file

ive, and this is just a problem that hadn't been > spotted since we've only just started releasing advisories with it.) Ok. Thanks for your time and the explanation, Steve. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <

Re: BADSIG verifying s.d.o Release file

se do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do th

Re: "su -" and "su" - what is the real difference?

also sprach LeVA <[EMAIL PROTECTED]> [2006.07.28.1533 +0100]: > So running su with the '-' option is safer then running without it? In that it bears less surprises, yes. -- Please do not send copies of list mail to me; I read the list! .''`. marti

Re: help: duplicate MAC address

E address de:ad:be:ef:ba:be -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info

Re: help: duplicate MAC address

gly. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian

Re: DD machine mysterious reboot

rdware, you may just have found out how incredibly crap it is. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debia

Re: kernel.panic (was: Re: DD machine mysterious reboot)

his is zero, the kernel will loop on a panic; if non-zero it indicates that the kernel should autoreboot after this number of seconds. When you use the software watchdog device driver, the recommended setting is 60. -- Please do not send copies of list mail to me; I read the list! .

ignored redirects

hostmaster in whois. Is this legitimate? Is someone trying to redirect me in a cheap hack attempt? Are people seeing this often? Since the Linux kernel handles it quite alright, should I have logcheck filter it? -- Please do not send copies of list mail to me; I read the list! .'

Re: ignored redirects

would it look different if someone tried a valid redirect that would be ignored due to my configuration? Sorry, I currently only have one functional machine in my test network. :/ -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[E

Re: ignored redirects

heck ICMP redirects on their networks. Stephen, could you forward me the relevant log messages from your work gateway so that I can make sure to properly draft the logcheck filters? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft &l

Re: Allow password auth for one user with sftp?

nd copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things t

Re: denying mail relay + iptables rule

Once you created the rules, please make sure to submit a bug. It can't be that hard, but do try to go with fail2ban from etch, since sarge's configuration is deprecated. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTE

Re: denying mail relay + iptables rule

n. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - wh

security mirror out of date: 128.101.240.212

to debian-security@lists.debian.org to alert people. < weinholt> i don't really have time for that, unfortunately, i have work to do -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian develo

Re: debian.org DNSs allow unrestricted zone transfers

t mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems #inclu

Re: debian.org DNSs allow unrestricted zone transfers

t be unsafer because of it. > I think a simple scan could give the same information, and anyway > the name of debian machines is listed also on the web. i see no attack vector. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[E

Re: securing server

ay consider chroot. no security benefit > It's a good idea to read through securing debian howto yes! -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - h

Re: securing server

also sprach Simon Brandmair <[EMAIL PROTECTED]> [2008.05.07.2020 +0100]: > > no security benefit > > Just wondering: Why not? http://www.bpfh.net/simes/computing/chroot-break.html -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian dev

Re: [SECURITY] [DSA 3672-1] irssi security update

onaccorso > September 21, 2016https://www.debian.org/security/faq > - The DSA is not on the website yet. Maybe it'd be better to wait for web sync before sending, or force web sync? -- .''`. m

Re: [SECURITY] [DSA 3672-1] irssi security update

security/ in the announcement, not the security tracker though. This is also not addressed in the FAQ. Hence maybe it'd make sense to add a note to the announcement? -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian

Re: Dear friends, never miss the chance to travel in China, the beautiful and mysterious place to be!

this post to everyone else. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than to fix a system pgp4P88nb59YP.pgp Description: PGP signature

security updates for testing?

? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system pgpPf4OjKN9x1.pgp Description: PGP signature

Re: security updates for testing?

epository is there, but I > wouldn't count on it for security. give me an estimate (someone) on how much manpower is required to provide this service for testing? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `&#

Re: port 113

ve to wait ages to connect to certain FTP or IRC servers. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The public PGP

Re: Stack-smashing protection

ty step forward. have a look at grsecurity.net, which i think implements this at a lower cost. -- Please do not CC me! Get a proper mailer instead: www.mutt.org .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'`

Re: VPN + Roadwarrior

s getting there... ISAKMP/Oakley... -- Please do not CC me! Get a proper mailer instead: www.mutt.org .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a syste

Re: VPN + Roadwarrior

s getting there... ISAKMP/Oakley... -- Please do not CC me! Get a proper mailer instead: www.mutt.org .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a syste

Re: securing pop3

e. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers a

Re: securing pop3

also sprach Mike Dresser <[EMAIL PROTECTED]> [2003.02.10.2226 +0100]: > That lets you in just fine unfortunately. so put /bin/true for the shell. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :'

Re: securing pop3

-pop-ssl, courier-imap-ssl and postfix-tls for the SSL functionality. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better th

Re: Peace is not off topic

d war and planet politics elsewhere. debian-security is not the place. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have

STOP THE FUXXING PEACE TALKS!

BLOODY HELL, TAKE THIS SHIT OFF HERE. I AM GETTING ANNOYED BY USELESS DISCUSSION OF THIS SORT ON *DEBIAN*-SECURITY. GO ELSEWHERE! -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian devel

expiring passwords

write a custom notification script that parses /ec/shadow? Thanks, -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better thin

Re: Traffic monitoring

ay around using separate IPs and/or an actual accounting device. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have bet

Re: Security patches

agree? If not, then please tell us what LSM precautions take care to prevent that. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when yo

Re: Security patches

gt; install for those who want to play with BSD secure levels in > Linux. The question is: does it mix with SE Linux? I always wondered about LSM... they are stacking modules, right? So this would have to come before or after SELinux, at which point one can take control from the other, no? -- Pleas

IBM and wrong DSA

[joey, CCing you to make sure you see this immediately. you probably read debian-security too, i'd assume...] Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. What's u

Re: IBM and wrong DSA

also sprach martin f krafft <[EMAIL PROTECTED]> [2002.10.04.1810 +0200]: > Check out > > http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 > > DSA 169 is htcheck, not tomcat, right? At least that's the case on > www.debian.org.

Re: harden-clients idea

also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1247 +0200]: > The problem with e.g. telnet isn't really that it shouldn't be used for > anything, but that it shouldn't be used by somebody. It is quite OK to > use to check what the webserver responds to a particular request, for > e

Re: harden-clients idea

please don't CC me on lists that I read! also sprach Kjetil Kjernsmo <[EMAIL PROTECTED]> [2002.10.08.1402 +0200]: > Oh, wasn't that the point with the harden-clients package? If you > attempt to install a Bad[tm] client, you will be told, because it > conflicts with harden-clients? Oh, now I u

Re: harden-clients idea

also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.10.08.2008 +0200]: > It uses the telnet protocol, not just a raw TCP connection, so netcat is > inadequate. netcat can negotiate telnet connections with the -t option. unless you are using very ancient terminal types, netcat is a complete substit

Re: Dear friends, never miss the chance to travel in China, the beautiful and mysterious place to be!

this post to everyone else. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than to fix a system msg07474/pgp0.pgp Description: PGP signature

security updates for testing?

? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system msg07890/pgp0.pgp Description: PGP signature

Re: security updates for testing?

epository is there, but I > wouldn't count on it for security. give me an estimate (someone) on how much manpower is required to provide this service for testing? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `&#

Re: port 113

ve to wait ages to connect to certain FTP or IRC servers. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The public PGP

  1   2   3   4   5   >