Matthew H. Ray wrote:
> I'm running Debian on a CVS server and have Debian clients. We're using
> OpenSSH to replace the rsh calls in CVS. The problem is that every time
> a cvs user makes a CVS call (like cvs diff file), they have to enter my
> password. I know there's a way around this, but I
I'm running Debian on a CVS server and have Debian clients. We're using
OpenSSH to replace the rsh calls in CVS. The problem is that every time
a cvs user makes a CVS call (like cvs diff file), they have to enter my
password. I know there's a way around this, but I can't find clear
documentation
Poe-Min Oliver Wu wrote:
>
> Hi,
> I've just found that an anonymous ftp connection
> to my box whould leave a file $FTPROOT/var , whose
> u/gid is ftp/nogroup, the same as proftpd.
>
> I'm using Debian 2.2 with proftpd 1.2.0pre10-2potato1
> on an i386, and
Hi,
I've just found that an anonymous ftp connection
to my box whould leave a file $FTPROOT/var , whose
u/gid is ftp/nogroup, the same as proftpd.
I'm using Debian 2.2 with proftpd 1.2.0pre10-2potato1
on an i386, and this didn't happen before I do an
On Mon, 19 Feb 2001 18:12:29 -0500
Steve Rudd <[EMAIL PROTECTED]> wrote:
> Hi! I am frustrated with the linux 2.2 kernel. I have had two
> hacks in 3 months and I am going broke rebuilding my server.
The odds are good that your being cracked had nothing to do with the
kernel version you were r
This may help you as well.
http://www.securityportal.com/lasg/
http://www.cert.org/
>> Steve here,
>>
>> Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
>> been maintaining my own box from a su level for about 3 months. That is why
>> I was calling in an expert to insta
On Tue, Feb 20, 2001 at 04:39:09PM +1300, Matthew Sherborne wrote:
> It may get too heavy to not mirror the security update packages.
>
> Why don't we put signature verification into apt and dpkg and mirror
> everything ?
Sounds to me like a good idea; however, it would probably mean rather
exte
I would also like to know of virus scanners especially for mail servers ie
sendmail
that will work on a SPARC ???
there are a few that work under i386 ie like amavris etc can be found on
freshmeat.net
but nothing will work under a sparc
- Original Message -
From: "Matthew Sherborne" <[EMA
On Tue, Feb 20, 2001 at 04:41:02PM +1300, Matthew Sherborne wrote:
> Are there any gpl or similar anti-virus programs for linux ?
>
If you mean filters that can scan incoming email and search for Windows
or maybe Mac viruses, then yes, they exist, but I don't know of any
released under the GPL.
Are there any gpl or similar anti-virus programs for linux ?
Any reccomendations ?
GBY
It may get too heavy to not mirror the security update packages.
Why don't we put signature verification into apt and dpkg and mirror
everything ?
And perhaps have a tool that checks a bunch of known mirrors for
discrepencies in the keyring packages ?
And have a single URL, location aware,
On Mon, Feb 19, 2001 at 07:13:40PM -0800, Rick Rezinas wrote:
> I've been loosely foloowing this thread, and hope you have the best of
> luck locking down. A few places to start with the inetd.conf file. You
> probably don't
> need any of those services. Install ssh. Setup your apt sources.lis
I've been loosely foloowing this thread, and hope you have the best of
luck locking down. A few places to start with the inetd.conf file. You
probably don't
need any of those services. Install ssh. Setup your apt sources.list to
check for
deb http://security.debian.org stable/updates main co
Matthew H. Ray wrote:
> I'm running Debian on a CVS server and have Debian clients. We're using
> OpenSSH to replace the rsh calls in CVS. The problem is that every time
> a cvs user makes a CVS call (like cvs diff file), they have to enter my
> password. I know there's a way around this, but
I'm running Debian on a CVS server and have Debian clients. We're using
OpenSSH to replace the rsh calls in CVS. The problem is that every time
a cvs user makes a CVS call (like cvs diff file), they have to enter my
password. I know there's a way around this, but I can't find clear
documentatio
Poe-Min Oliver Wu wrote:
>
> Hi,
> I've just found that an anonymous ftp connection
> to my box whould leave a file $FTPROOT/var , whose
> u/gid is ftp/nogroup, the same as proftpd.
>
> I'm using Debian 2.2 with proftpd 1.2.0pre10-2potato1
> on an i386, an
Steve here,
I want to install "Real Basic Server 8" and "Webinator" search program on
the latest version of Debian 2.2r2.
1. Will they install or are they not compatible. For example, while
Webinator would work with Redhat 7, Realserver 8 would not. (But Real
Server 7 did install on Redhat 6
Hi,
I've just found that an anonymous ftp connection
to my box whould leave a file $FTPROOT/var , whose
u/gid is ftp/nogroup, the same as proftpd.
I'm using Debian 2.2 with proftpd 1.2.0pre10-2potato1
on an i386, and this didn't happen before I do an
To quote Steve Rudd <[EMAIL PROTECTED]>,
# Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I
have
# been maintaining my own box from a su level for about 3 months. That
is why
# I was calling in an expert to install Debian tomorrow. It has become
quite
# obvious to me that I am
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL
Steve here,
Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
been maintaining my own box from a su level for about 3 months. That is why
I was calling in an expert to install Debian tomorrow. It has become quite
obvious to me that I am way over my head in trying to get m
This may help you as well.
http://www.securityportal.com/lasg/
http://www.cert.org/
>> Steve here,
>>
>> Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
>> been maintaining my own box from a su level for about 3 months. That is why
>> I was calling in an expert to inst
On Tue, Feb 20, 2001 at 04:39:09PM +1300, Matthew Sherborne wrote:
> It may get too heavy to not mirror the security update packages.
>
> Why don't we put signature verification into apt and dpkg and mirror
> everything ?
Sounds to me like a good idea; however, it would probably mean rather
ext
I would also like to know of virus scanners especially for mail servers ie
sendmail
that will work on a SPARC ???
there are a few that work under i386 ie like amavris etc can be found on
freshmeat.net
but nothing will work under a sparc
- Original Message -
From: "Matthew Sherborne" <[EM
On Tue, Feb 20, 2001 at 04:41:02PM +1300, Matthew Sherborne wrote:
> Are there any gpl or similar anti-virus programs for linux ?
>
If you mean filters that can scan incoming email and search for Windows
or maybe Mac viruses, then yes, they exist, but I don't know of any
released under the GPL.
Are there any gpl or similar anti-virus programs for linux ?
Any reccomendations ?
GBY
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
It may get too heavy to not mirror the security update packages.
Why don't we put signature verification into apt and dpkg and mirror
everything ?
And perhaps have a tool that checks a bunch of known mirrors for
discrepencies in the keyring packages ?
And have a single URL, location aware, lo
On Mon, Feb 19, 2001 at 07:13:40PM -0800, Rick Rezinas wrote:
> I've been loosely foloowing this thread, and hope you have the best of
> luck locking down. A few places to start with the inetd.conf file. You probably
>don't
> need any of those services. Install ssh. Setup your apt sources.lis
I've been loosely foloowing this thread, and hope you have the best of
luck locking down. A few places to start with the inetd.conf file. You probably don't
need any of those services. Install ssh. Setup your apt sources.list to
check for
deb http://security.debian.org stable/updates main co
Olaf Meeuwissen wrote:
Stephen Andrew <[EMAIL PROTECTED]> writes:
Mike Dresser wrote:You don't mention whether the previous admin is still with you, but if not, you'll want to remove his RSA keys from the server, or else you can change your root password all you want,and he'll still be able to co
Steve here,
I want to install "Real Basic Server 8" and "Webinator" search program on
the latest version of Debian 2.2r2.
1. Will they install or are they not compatible. For example, while
Webinator would work with Redhat 7, Realserver 8 would not. (But Real
Server 7 did install on Redhat 6)
To quote Steve Rudd <[EMAIL PROTECTED]>,
# Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I
have
# been maintaining my own box from a su level for about 3 months. That
is why
# I was calling in an expert to install Debian tomorrow. It has become
quite
# obvious to me that I am
Steve Rudd wrote:
Hi Steve,
It's not just the kernel that can get hacked. Is it Linux 7 or Redhat 7
? (I'm pretty sure it's Redhat 7).
Anyway, I'm pretty new to Debian and Linux so anyone please feel free to
correct me.
An example of the different methodologies between Redhat and Debian: t
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL PR
Steve here,
Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
been maintaining my own box from a su level for about 3 months. That is why
I was calling in an expert to install Debian tomorrow. It has become quite
obvious to me that I am way over my head in trying to get m
> It might be more secure, because the packages chosen for distribution or
> often more tested - not the latest versions with brand new bugs but
> (somewhat) older packages with known bugs removed.
I would also have to add: I find it easier to keep Debian secure because
it is easier to get and ins
The distribution is only as secure as the administrator makes it. If you
just install it and let it sit, you WILL get hacked/cracked. It may take
weeks, or months, but it will happen .. only a matter of time.
--Henry
On Mon, 19 Feb 2001, Steve Rudd wrote:
> Hi!
>
> I am frustrated with the l
Stephen Andrew <[EMAIL PROTECTED]> writes:
> > Mike Dresser wrote:
> >
> > > You don't mention whether the previous admin is still with
> > you, but if not, you'll want to remove his RSA keys from the
> > server, or else you can change your root password all you want,
> > and he'll still be abl
On Mon, Feb 19, 2001 at 06:12:29PM -0500, Steve Rudd wrote:
> Just how much more secure is Debian than redhat?
The kernel is only a small part of the distribution. In fact, most security
issues are regarding application packages.
Why Debian?
It might be more secure, because the packages chosen f
> Just how much more secure is Debian than redhat?
Security comes from knowing how to use and administrate Unix, it doesn't
just fall into your lap at the press of a button. If you want a secure OS
you have to work for it and understand what you're doing. Debian is no
more secure than Redhat is
Hi!
I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months
and I am going broke rebuilding my server.
I went out and bought Redhat 7, and got hacked 6 weeks later.
I have been placed in contact with a guy who wants me to use Debian. But if
it based upon the same kernel a
Olaf Meeuwissen wrote:
[EMAIL PROTECTED]">Stephen Andrew <[EMAIL PROTECTED]> writes:
Mike Dresser wrote:You don't mention whether the previous admin is still with you, but if not, you'll want to remove his RSA keys from the server, or else you can change your root password all you want,and he'll
Steve Rudd wrote:
Hi Steve,
It's not just the kernel that can get hacked. Is it Linux 7 or Redhat 7
? (I'm pretty sure it's Redhat 7).
Anyway, I'm pretty new to Debian and Linux so anyone please feel free to
correct me.
An example of the different methodologies between Redhat and Debian: the
> It might be more secure, because the packages chosen for distribution or
> often more tested - not the latest versions with brand new bugs but
> (somewhat) older packages with known bugs removed.
I would also have to add: I find it easier to keep Debian secure because
it is easier to get and in
The distribution is only as secure as the administrator makes it. If you
just install it and let it sit, you WILL get hacked/cracked. It may take
weeks, or months, but it will happen .. only a matter of time.
--Henry
On Mon, 19 Feb 2001, Steve Rudd wrote:
> Hi!
>
> I am frustrated with the
Stephen Andrew <[EMAIL PROTECTED]> writes:
> > Mike Dresser wrote:
> >
> > > You don't mention whether the previous admin is still with
> > you, but if not, you'll want to remove his RSA keys from the
> > server, or else you can change your root password all you want,
> > and he'll still be ab
On Mon, Feb 19, 2001 at 06:12:29PM -0500, Steve Rudd wrote:
> Just how much more secure is Debian than redhat?
The kernel is only a small part of the distribution. In fact, most security
issues are regarding application packages.
Why Debian?
It might be more secure, because the packages chosen
> -Original Message-
> From: Duane Powers [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 20, 2001 7:37 AM
> To: Mike Dresser
> Cc: debian-security@lists.debian.org
> Subject: Re: SSH and RSA
>
>
> Mike Dresser wrote:
>
> > You don't mention whether the previous admin is still with
> Just how much more secure is Debian than redhat?
Security comes from knowing how to use and administrate Unix, it doesn't
just fall into your lap at the press of a button. If you want a secure OS
you have to work for it and understand what you're doing. Debian is no
more secure than Redhat is
Hi!
I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months
and I am going broke rebuilding my server.
I went out and bought Redhat 7, and got hacked 6 weeks later.
I have been placed in contact with a guy who wants me to use Debian. But if
it based upon the same kernel as
On Mon, Feb 19, 2001 at 01:21:45PM -0500, Dan Hutchinson wrote:
> Without SSH enabled, I was able to pass my root user account from one
> trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
> #cat .rhost
> Doctor
>
> #cat /etc/host.equiv
> Doctor root
>
> For example, Doctor
> -Original Message-
> From: Duane Powers [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 20, 2001 7:37 AM
> To: Mike Dresser
> Cc: [EMAIL PROTECTED]
> Subject: Re: SSH and RSA
>
>
> Mike Dresser wrote:
>
> > You don't mention whether the previous admin is still with
> you, but if
Mike Dresser wrote:
You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/inte
Hi Duane,
from 'man ssh' you can find some answer:
As a third authentication method, ssh supports RSA based authentication.
The scheme is based on public-key cryptography: there are cryptosystems
where encryption and decryption are done using separate keys, and it is
not possi
On Mon, Feb 19, 2001 at 10:14:18AM -0800, Duane Powers wrote:
> Hi all,
>
> Recently I was made administrator over a dozen Solaris boxen
> The prior admin was offsite and used ssh with rsa keys to access the boxes.
> He allowed root login, and used the RSA key functionality to keep the root
> pas
You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/internet.
Duane Powers wro
Duane Powers wrote:
>
> Hi all,
[ ... ]
> I have found
> that he did
> not need to transmit the local password over the tunnel, but rather used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> Security> does anyone have any information on how I can implement the
>
Without SSH enabled, I was able to pass my root user account from one
trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
#cat .rhost
Doctor
#cat /etc/host.equiv
Doctor root
For example, Doctor would be the solaris hostname and root would be the
account. This leaves a big s
On Mon, Feb 19, 2001 at 01:21:45PM -0500, Dan Hutchinson wrote:
> Without SSH enabled, I was able to pass my root user account from one
> trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
> #cat .rhost
> Doctor
>
> #cat /etc/host.equiv
> Doctor root
>
> For example, Docto
Hi all,
Recently I was made administrator over a dozen Solaris boxen
The prior admin was offsite and used ssh with rsa keys to access the boxes.
He allowed root login, and used the RSA key functionality to keep the root
password safe.
I am not as mature as he was regarding ssh and have only use
Mike Dresser wrote:
> You don't mention whether the previous admin is still with you, but if not,
> you'll want to remove his RSA keys from the server, or else you can change your
> root password all you want, and he'll still be able to connect, assuming he can
> get to the machine via your netwo
Hi Duane,
from 'man ssh' you can find some answer:
As a third authentication method, ssh supports RSA based authentication.
The scheme is based on public-key cryptography: there are cryptosystems
where encryption and decryption are done using separate keys, and it is
not poss
On Mon, Feb 19, 2001 at 10:14:18AM -0800, Duane Powers wrote:
> Hi all,
>
> Recently I was made administrator over a dozen Solaris boxen
> The prior admin was offsite and used ssh with rsa keys to access the boxes.
> He allowed root login, and used the RSA key functionality to keep the root
> pa
You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/internet.
Duane Powers wr
Duane Powers wrote:
>
> Hi all,
[ ... ]
> I have found
> that he did
> not need to transmit the local password over the tunnel, but rather used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> Security> does anyone have any information on how I can implement the
Without SSH enabled, I was able to pass my root user account from one
trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
#cat .rhost
Doctor
#cat /etc/host.equiv
Doctor root
For example, Doctor would be the solaris hostname and root would be the
account. This leaves a big
Hi.
My network situation:
192.168.1.0/24 192.168.1.1194.24.227.236
Sistel company LAN - (eth0) linux firewall (ppp0)
internet
my ipchains configuration:
cat begin ---
# Vycisteni ipchains
ipchains -F
i
Hi all,
Recently I was made administrator over a dozen Solaris boxen
The prior admin was offsite and used ssh with rsa keys to access the boxes.
He allowed root login, and used the RSA key functionality to keep the root
password safe.
I am not as mature as he was regarding ssh and have only use
Hi.
My network situation:
192.168.1.0/24 192.168.1.1194.24.227.236
Sistel company LAN - (eth0) linux firewall (ppp0)
internet
my ipchains configuration:
cat begin ---
# Vycisteni ipchains
ipchains -F
69 matches
Mail list logo
