Re: non-executable stack (via PT_GNU_STACK) not being enforced
On 10/12/2010 03:10 AM, Marcin Owsiany wrote: On Mon, Oct 11, 2010 at 11:08:04PM -0500, Boyd Stephen Smith Jr. wrote: On Monday, October 11, 2010 17:18:34 you wrote: On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote: What can be done to not disable page protections in the default kernel? Enable PAE. From what I understand, the features are not separable in the i386 kernel. You either suffer under PAE and get NX, or you suffer without NX and drop PAE. That's my understanding too. I was really asking about the default. Most of us would prefer the 1% performance hit over having an executable stack (and heap). Then install -bigmem, reboot and be done. Remember that Debian i386 targets more than beefy servers. In fact, it probably has a larger install base on Atom-based router boards, All-in-one PCs, and netbooks. And it might be non-obvious, but some CPUs (e.g. the one in my not-so-old laptop) don't support PAE, so making the default kernel use PAE would make debian unbootable on them. This is true. However, I've always wondered why we don't detect whether the CPU appears to support PAE and suggest a bigmem kernel at installation.
Re: OT: Server protection strategy from evil doers - how to stop them.
I use a combination of suhosin, mod_security and scripts to automatically respond to attacks. Something like Fail2Ban http://www.fail2ban.org/wiki/index.php/Main_Page or CSF http://www.configserver.com/cp/csf.html will automatically take the appropriate actions based on your preferences and email you about it. Hope this helps... Best regards, -Chris sthu.d...@gmail.com wrote: Good day. My question is about the strategy practice of stopping the evil doers at my server - as it is a server I can not turn it off, yet I would not that the things that some guys try to do will be repeated. Therefore, may, You would share Your experience/knowledge how to stop them. The situation: I see evil doing in logs. I know the addresses they did use for that. What is the best way (1. Effective; 2. Easy to commit) to stop them? My own considerations for now: to use iptables to ban those IPs, but here I have the following problem: if I exclude by IP - it is a lot of IPs. If I exclude by its ranges - I risk to exclude goo users from our public services (web, email) others - the same is for the ISP nets - as their users can change their IPs easily. So... please, any suggestions. Thank You for Your time and effort. Best regards, Sthu Deus. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
