Re: System Accounts
Hello, In /etc/passwd verify that they are actually loginable. Some deamons/programs, etc need an account to run, but don't actually need to login. This would be for security reasons, so you don't run it as root, thus, making it harder for someone to exploit your server and gain root access. -Adam On Mon, Oct 14, 2002 at 09:47:42AM -0400, R. Bradley Tilley wrote: Hello, I am experimenting with a Debian system to be used as a firewall/gateway. I am using Debian 3.0 with the 2.4.18 kernel. I did a basic install selecting the Unix server task. Just wondering why there are so many accounts with shell access installed by default? games, irc, news, gnats, lp, uucp, operator, backup, etc. For security reasons, I would like to remove these accounts, but I don't understand how the system uses them, or if it uses them at all. Can someone explain this? Also, what are the bare minimum accounts? Thank you, Brad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: System Accounts
Hello, In /etc/passwd verify that they are actually loginable. Some deamons/programs, etc need an account to run, but don't actually need to login. This would be for security reasons, so you don't run it as root, thus, making it harder for someone to exploit your server and gain root access. -Adam On Mon, Oct 14, 2002 at 09:47:42AM -0400, R. Bradley Tilley wrote: Hello, I am experimenting with a Debian system to be used as a firewall/gateway. I am using Debian 3.0 with the 2.4.18 kernel. I did a basic install selecting the Unix server task. Just wondering why there are so many accounts with shell access installed by default? games, irc, news, gnats, lp, uucp, operator, backup, etc. For security reasons, I would like to remove these accounts, but I don't understand how the system uses them, or if it uses them at all. Can someone explain this? Also, what are the bare minimum accounts? Thank you, Brad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: Ncurses - warning off topic
You need to install the development stuff, I believe, so that you can use make menuconfig. Thanks, Adam - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - On Fri, May 10, 2002 at 06:57:45PM +0200, Lars Roland Kristiansen wrote: - this is not the list for these kind of questions, but i will giv it a try. What is the full name of the libncurses you need to install in order to use make menuconfig. i have run apt-get install ncurses* and non of them works - i still get You need to have Ncurses installed when trying menuconfig. Runing woody and kernel 2.4.18. Thanks ___ Mvh./Yours sincerely Lars Lars Roland Kristiansen | (__) Stu. Sci. Math/Computer science | (oo) Copenhagen University - | /--\/ MUH MUHHH Institute for Mathematical Sciences |/ ||| Url: www.math.ku.dk | * /\---/\ Email: [EMAIL PROTECTED] | ~~ ~~ Politics is for the moment, equations are forever - Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Ncurses - warning off topic
You need to install the development stuff, I believe, so that you can use make menuconfig. Thanks, Adam - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - On Fri, May 10, 2002 at 06:57:45PM +0200, Lars Roland Kristiansen wrote: - this is not the list for these kind of questions, but i will giv it a try. What is the full name of the libncurses you need to install in order to use make menuconfig. i have run apt-get install ncurses* and non of them works - i still get You need to have Ncurses installed when trying menuconfig. Runing woody and kernel 2.4.18. Thanks ___ Mvh./Yours sincerely Lars Lars Roland Kristiansen | (__) Stu. Sci. Math/Computer science | (oo) Copenhagen University - | /--\/ MUH MUHHH Institute for Mathematical Sciences |/ ||| Url: www.math.ku.dk | * /\---/\ Email: [EMAIL PROTECTED] | ~~ ~~ Politics is for the moment, equations are forever - Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rootkit detection
Hello, chkrootkit is pretty good. You can get it at http://www.chkrootkit.org/. Thanks, Adam On Sun, Mar 10, 2002 at 01:07:47PM +0100, [EMAIL PROTECTED] wrote: hey ppl! I just wanted to ask if someone can recommend a rootkit detection/removal utility. There are a bunch of them if you look around but I don't want to run any risk :-) would be kind if someone knew of a serious solution :-) best regards Roman Sommer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rootkit detection
Hello, chkrootkit is pretty good. You can get it at http://www.chkrootkit.org/. Thanks, Adam On Sun, Mar 10, 2002 at 01:07:47PM +0100, [EMAIL PROTECTED] wrote: hey ppl! I just wanted to ask if someone can recommend a rootkit detection/removal utility. There are a bunch of them if you look around but I don't want to run any risk :-) would be kind if someone knew of a serious solution :-) best regards Roman Sommer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: FTP and security
When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. ...adam On Fri, Nov 09, 2001 at 05:52:35PM +0100, Jens Schuessler wrote: At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. ...adam On Fri, Nov 09, 2001 at 05:52:35PM +0100, Jens Schuessler wrote: At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: FTP and security
Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: Previously Lars Bjarby wrote: While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: Previously Lars Bjarby wrote: While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: Ports to block?
I like to look at it the other way around. What ports not to block?. I block ALL ports except for the ones that *I* want to get through. This increases the security of your firewall, because you have only allowed the ports that YOU want open. ...adam On Thu, Apr 05, 2001 at 12:57:24PM -0700, Brandon High wrote: Does anyone have a recommendation of ports that should be blocked (via ipchains/netfilter/etc) to make a system more secure? In light of the recent security holes, I did a netstat -an, then lsof -i for all ports that were listening and/or UDP. I put a filter in the way of everything that I didn't want externally visible, but UDP port 1028 shows nothing listening lsof. I blocked it out of principle, but does anyone know what it might be? -B -- Brandon High [EMAIL PROTECTED] We are Homer of Borg. Resistance is ... Ooo! Donuts! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: how secure is mail and ftp and netscape/IE???
What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use "Mutt" to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] ----- Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use Mutt to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: How to use apt to install security updates ?
After that, try doing an "apt-get upgrade". That should do it for ya! ...adam On Sun, Feb 11, 2001 at 06:14:39PM +0100, Christian Schlettig wrote: Hello, I'm new to the list and I've just read the security.debian.org page and inserted the "deb http://security.debian.org/ slink updates" line to my /etc/apt/sources.list. When i run apt-get update i'll get the following output: :/home/user# apt-get update Get:1 http://security.debian.org slink/updates Packages [19.4kB] Get:2 http://security.debian.org slink/updates Release [105B] Fetched 19.5kB in 3s (5958B/s) Reading Package Lists... Done Building Dependency Tree... Done and nothing else. I'm using the original files from somewhere October so i'm wondering why there are no new packages for me ?! What am i doing wrong. Thanks, Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to use apt to install security updates ?
After that, try doing an apt-get upgrade. That should do it for ya! ...adam On Sun, Feb 11, 2001 at 06:14:39PM +0100, Christian Schlettig wrote: Hello, I'm new to the list and I've just read the security.debian.org page and inserted the deb http://security.debian.org/ slink updates line to my /etc/apt/sources.list. When i run apt-get update i'll get the following output: :/home/user# apt-get update Get:1 http://security.debian.org slink/updates Packages [19.4kB] Get:2 http://security.debian.org slink/updates Release [105B] Fetched 19.5kB in 3s (5958B/s) Reading Package Lists... Done Building Dependency Tree... Done and nothing else. I'm using the original files from somewhere October so i'm wondering why there are no new packages for me ?! What am i doing wrong. Thanks, Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH
SH2 is supposed to be more secure. Stability, not sure about. However, one thing to think about... someone can load the local "exploit" dsniff on your machine. This makes ssh1 look as cleartext as telnet. Fortunately, it hasn't been done for ssh2 yet. Personally, I like using RSA keys. Make sure to disable xauth, that's another security risk... etc, etc. ...adam On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: Christian Hammers wrote: On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: Why does Debian only have SSH-1 not SSH-2 ? It does not. The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb I have non-us.debian.org in my list. deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free Maybe ssh_2.3.0 exist in unstable ? Do I gain something in security if I install SSH-2 ? What is the difference between 1 and 2 ? // Jonas C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
SH2 is supposed to be more secure. Stability, not sure about. However, one thing to think about... someone can load the local exploit dsniff on your machine. This makes ssh1 look as cleartext as telnet. Fortunately, it hasn't been done for ssh2 yet. Personally, I like using RSA keys. Make sure to disable xauth, that's another security risk... etc, etc. ...adam On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: Christian Hammers wrote: On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: Why does Debian only have SSH-1 not SSH-2 ? It does not. The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb I have non-us.debian.org in my list. deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free Maybe ssh_2.3.0 exist in unstable ? Do I gain something in security if I install SSH-2 ? What is the difference between 1 and 2 ? // Jonas C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Port Scanning...
tcpwrappers and a firewall are your two best bets. You can provide false info or whatever you want with tcpwrappers, and a firewall can prevent them from getting information off your ports. These have always worked for me well. ...adam On Thu, Feb 01, 2001 at 08:18:19PM -0600, Jason Arden wrote: Can anyone recommend a program to stop people from portscanning your server... or maybe put out some false information, like lets say 20 pages of open ports? -Jason Thanks for your time... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Port Scanning...
tcpwrappers and a firewall are your two best bets. You can provide false info or whatever you want with tcpwrappers, and a firewall can prevent them from getting information off your ports. These have always worked for me well. ...adam On Thu, Feb 01, 2001 at 08:18:19PM -0600, Jason Arden wrote: Can anyone recommend a program to stop people from portscanning your server... or maybe put out some false information, like lets say 20 pages of open ports? -Jason Thanks for your time...