Re: Kernel Crash Bug????
Would it be possible to run that program trough e.g. perl/php/... ? A use could ftp the executable and write a php script that execute it. Thanks in advance, Rudy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Crash Bug????
Ignore my message. I didn't read the url give aboven carefully enough. It mentions what I asked. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: Does PHP allow executing arbitary binaries? [snip] Yes, unless in your php.ini you have something along the lines of: disable_functions = system,passthru,shell_exec,popen,proc_open Can somebody point me to some documentation about securing PHP? -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org Schamper sysadmin http://www.schamper.ugent.be GNU/Linux user and Savannah hacker http://savannah.gnu.org On-line, adj.: The idea that a human being should always be accessible to a computer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Crash Bug????
Would it be possible to run that program trough e.g. perl/php/... ? A use could ftp the executable and write a php script that execute it. Thanks in advance, Rudy
Re: Kernel Crash Bug????
Ignore my message. I didn't read the url give aboven carefully enough. It mentions what I asked.
securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: Does PHP allow executing arbitary binaries? [snip] Yes, unless in your php.ini you have something along the lines of: disable_functions = system,passthru,shell_exec,popen,proc_open Can somebody point me to some documentation about securing PHP? -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org Schamper sysadmin http://www.schamper.ugent.be GNU/Linux user and Savannah hacker http://savannah.gnu.org On-line, adj.: The idea that a human being should always be accessible to a computer.
loggin with iptables, syslog problem
Hello, I have the following entry: LOGall -- anywhere anywhere limit: avg 3/hour burst 5 LOG level debug prefix `IPT INPUT packet died: ' and the following thing in syslog.conf ahmed:/var/log# grep kern /etc/syslog.conf kern.* -/var/log/kern.log kern.debug /var/log/iptables But nothing gets logged to /var/log/iptabels... It does show in dmesg... How can I correctly redirect logs with level debug to the /var/log/iptables file? Thanks in advance, -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org GNU/Linux user and Savannah hacker http://savannah.gnu.org It's hard to be humble, when you're as great as I am. -- Mohammed Ali -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org GNU/Linux user and Savannah hacker http://savannah.gnu.org If I were two-faced, would I be wearing this one? - Abraham Lincoln (1809-1865) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
loggin with iptables, syslog problem
Hello, I have the following entry: LOGall -- anywhere anywhere limit: avg 3/hour burst 5 LOG level debug prefix `IPT INPUT packet died: ' and the following thing in syslog.conf ahmed:/var/log# grep kern /etc/syslog.conf kern.* -/var/log/kern.log kern.debug /var/log/iptables But nothing gets logged to /var/log/iptabels... It does show in dmesg... How can I correctly redirect logs with level debug to the /var/log/iptables file? Thanks in advance, -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org GNU/Linux user and Savannah hacker http://savannah.gnu.org It's hard to be humble, when you're as great as I am. -- Mohammed Ali -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org GNU/Linux user and Savannah hacker http://savannah.gnu.org If I were two-faced, would I be wearing this one? - Abraham Lincoln (1809-1865)
strangelog
Hello, This weekend I got a strange log: Unusual System Events =-=-=-=-=-=-=-=-=-=-= Aug 11 06:25:03 alhandra su[3584]: + ??? root-nobody Aug 11 06:25:03 alhandra PAM_unix[3584]: (su) session opened for user nobody by +(uid=0) I'm sure I was asleep at that time... What is this? Did someone log in? Or was it a service who su'ed? (I doubt it). Anybody have some tips for me? Thanks, -- Rudy Gevaert -- [EMAIL PROTECTED] Beifeld's Principle: The probability of a young man meeting a desirable and receptive young female increases by pyramidical progression when he is already in the company of (1) a date, (2) his wife, (3) a better-looking and richer male friend. -- R. Beifeld
Re: strangelog
On Sun, 12 Aug 2001, Steven Barker wrote: On Sun, Aug 12, 2001 at 05:33:34PM +0200, Rudy Gevaert wrote: This weekend I got a strange log: Unusual System Events =-=-=-=-=-=-=-=-=-=-= Aug 11 06:25:03 alhandra su[3584]: + ??? root-nobody Aug 11 06:25:03 alhandra PAM_unix[3584]: (su) session opened for user nobody by +(uid=0) This is root (uid=0) becoming nobody. It's surely a cron job that is setup to change user to nobody before running. The locate package runs updatedb as nobody every day, for example. Ah, k! Thanks for the quick reply! -- Rudy Gevaert -- [EMAIL PROTECTED] Beifeld's Principle: The probability of a young man meeting a desirable and receptive young female increases by pyramidical progression when he is already in the company of (1) a date, (2) his wife, (3) a better-looking and richer male friend. -- R. Beifeld
moving groups
Hello, When I had to add some users to pc, I just added them into my group. But now I have to change some users their group. What is the correct way? Is it ok, if I just make a new group. And then chown the users file into de right group? Or is their some other things I need the look at? Thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: moving groups
On Sat, 16 Jun 2001, Reidar Krogstad wrote: Take a look at 'usermod' You might also need to chown all their files/directories after that. Yep, that did the trick :), I had to chown everything, but yeah I can't want everything :) -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://www.zeuswpi.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
moving groups
Hello, When I had to add some users to pc, I just added them into my group. But now I have to change some users their group. What is the correct way? Is it ok, if I just make a new group. And then chown the users file into de right group? Or is their some other things I need the look at? Thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be
Re: moving groups
On Sat, 16 Jun 2001, Reidar Krogstad wrote: Take a look at 'usermod' You might also need to chown all their files/directories after that. Yep, that did the trick :), I had to chown everything, but yeah I can't want everything :) -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://www.zeuswpi.org
Re: detecting portscanning
Hello, On Thu, 24 May 2001, Vladislav wrote: Check out www.snort.org. Snort capable to detect portscans. Note, that not only portscans, but other strange activities (i.e. tracing, os fingerprinting, etc) and attacks. You can download sources from original site or get *.deb from debian (it included into latest release). Could I use this with ippl? Or just on portscanning system? Greets, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be
detecting portscanning
Hello Everyone, It is my first time i'm putting up a server (at home, cable modem) with ftp/ssh/apache on it. Now I would like to know who does portscans on my machine, and when. And how many. Is there a package for it in debian? Or do I have to install something else. Thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: detecting portscanning
On Thu, 24 May 2001, Rudy Gevaert wrote: Hello again, Some people suggested ippl, I installed it, and it runs. It works :-) Some other people, said I should use portsentry. And I look for it on the website, and it is a tar.gz file, but in the unstable section I can find a deb file. But I'm using stable. Will this give any problems? Or can I just download it? I think I will have to add a line to my apt-get config file. Right? Again, thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: detecting portscanning
On Thu, 24 May 2001, Ed Street wrote: Hello, there's several methods to tell that. a) use a product like portsentry b) use iptables/ipchains to reject all forms of portscans c) don't connect the box to the inet as portscans are a fact of life ;) portsentry will trashcan any system that attempts to portscan you. If your using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net search for stealth) that helps hinder scans iptables has an awsome mechanism for portscans ;) in fact you can set it up so that all portscans (well most I should say) will literaly take HOURS to return nothing. Ok thanks, I'll use iptable when I got my network running. Now it is just a standalone box. I'm running ippl and it logs the most things. It will work for now I think ;) Thanks to everyone for all the help! Greetings, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
detecting portscanning
Hello Everyone, It is my first time i'm putting up a server (at home, cable modem) with ftp/ssh/apache on it. Now I would like to know who does portscans on my machine, and when. And how many. Is there a package for it in debian? Or do I have to install something else. Thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be
Re: detecting portscanning
On Thu, 24 May 2001, Rudy Gevaert wrote: Hello again, Some people suggested ippl, I installed it, and it runs. It works :-) Some other people, said I should use portsentry. And I look for it on the website, and it is a tar.gz file, but in the unstable section I can find a deb file. But I'm using stable. Will this give any problems? Or can I just download it? I think I will have to add a line to my apt-get config file. Right? Again, thanks in advance, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be
RE: detecting portscanning
On Thu, 24 May 2001, Ed Street wrote: Hello, there's several methods to tell that. a) use a product like portsentry b) use iptables/ipchains to reject all forms of portscans c) don't connect the box to the inet as portscans are a fact of life ;) portsentry will trashcan any system that attempts to portscan you. If your using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net search for stealth) that helps hinder scans iptables has an awsome mechanism for portscans ;) in fact you can set it up so that all portscans (well most I should say) will literaly take HOURS to return nothing. Ok thanks, I'll use iptable when I got my network running. Now it is just a standalone box. I'm running ippl and it logs the most things. It will work for now I think ;) Thanks to everyone for all the help! Greetings, Rudy -- ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be