On Sat, Jan 31, 2015 at 09:58:39AM +0100, Ml Ml wrote:
> Is anyone else facing the same problem? What are your experiences
> doing (blind) automatic security updates.
I've done automatic updates for Debian under cfengine control for nine
years and Ubuntu for perhaps one and a half. I started with
On Fri, Apr 01, 2011 at 11:53:48AM -0300, Rafael Moraes wrote:
> *#pvdisplay*
> --- Physical volume ---
> PV Name /dev/dm-0
> VG Name vg01
> PV Size 148.79 GiB / not usable 1.29 MiB
This:
> Allocatable NO
is your problem: allocation of phy
On Tue, Aug 11, 2009 at 10:56:57AM +0200, Joerg Morbitzer wrote:
> I just did a fresh sendmail installation on Debian Etch getting this
> auto-generated new /etc/mail/access file:
>
> titan:~# grep "^Connect:.*RELAY" /etc/mail/access
> Connect:localhost RELAY
> Connect:127
On Thu, Aug 19, 2004 at 10:44:40AM +0200, Thomas Hungenberg wrote:
> On Sun, 15 Aug 2004 12:34:59 -0600, Will Aoki wrote:
>
> >> Is there a way to make the sshd included with Debian/woody to also log
> >> the usernames an attacker tried to connect with?
> >
> >
On Sun, Aug 15, 2004 at 07:15:18PM +0200, Thomas Hungenberg wrote:
> Hello,
[snip]
> Is there a way to make the sshd included with Debian/woody to also log
> the usernames an attacker tried to connect with?
Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
--
William Aoki KD7YAF [EMAIL PROTECTED]
On Wed, Feb 11, 2004 at 08:47:46PM -0800, Rick Moen wrote:
> Quoting Michael Stone ([EMAIL PROTECTED]):
>
> > comment out the line in inetd.conf and remove any S20exim links in
> > /etc/rc?.d. Removing the S links is the proper way to keep a service
> > from running in debian; the link removal is
On Wed, Feb 11, 2004 at 08:47:46PM -0800, Rick Moen wrote:
> Quoting Michael Stone ([EMAIL PROTECTED]):
>
> > comment out the line in inetd.conf and remove any S20exim links in
> > /etc/rc?.d. Removing the S links is the proper way to keep a service
> > from running in debian; the link removal is
On Wed, Feb 11, 2004 at 01:41:13AM +, Nick Boyce wrote:
[want a send-only exim]
> The default Exim MTA is installed, and I've commented out the SMTP line
> from inetd.conf, but there is a /etc/init.d/exim startup script that
> comes with the Exim package, that has this :
># Exit if exim
On Wed, Feb 11, 2004 at 01:41:13AM +, Nick Boyce wrote:
[want a send-only exim]
> The default Exim MTA is installed, and I've commented out the SMTP line
> from inetd.conf, but there is a /etc/init.d/exim startup script that
> comes with the Exim package, that has this :
># Exit if exim
On Fri, Jan 23, 2004 at 12:17:00AM -0700, Will Aoki wrote:
> I've attached a slightly cleaned-up version of the password changer that
Perhaps this time I'll remember to attach the file *and* the mailing
list won't reject it...
--
William Aoki KD7YAF [EMAIL PROTECTED]
On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
> > -Original Message-
> > From: Rene Cunningham [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 23 January 2004 4:09 PM
[snip]
> > use something like
> >
> > (sleep 1; echo $oldpasswd; sleep 1; echo $newpasswd; sleep 1;
> > ech
On Thu, Jan 22, 2004 at 10:04:48PM -0500, Tom White wrote:
> Dear List,
>
> I'm looking for a decent, secure, web based password changer for
> user accounts. Something that I can install on a debian box with a
> minimum amount of tweaking, and that isn't really any less secure than
> a shell user
On Fri, Jan 23, 2004 at 12:17:00AM -0700, Will Aoki wrote:
> I've attached a slightly cleaned-up version of the password changer that
Perhaps this time I'll remember to attach the file *and* the mailing
list won't reject it...
--
William Aoki KD7YAF [EMAIL PROTECTED]
On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
> > -Original Message-
> > From: Rene Cunningham [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 23 January 2004 4:09 PM
[snip]
> > use something like
> >
> > (sleep 1; echo $oldpasswd; sleep 1; echo $newpasswd; sleep 1;
> > ech
On Thu, Jan 22, 2004 at 10:04:48PM -0500, Tom White wrote:
> Dear List,
>
> I'm looking for a decent, secure, web based password changer for
> user accounts. Something that I can install on a debian box with a
> minimum amount of tweaking, and that isn't really any less secure than
> a shell user
On Mon, Dec 01, 2003 at 03:07:14PM +0100, Francisco Oliveira wrote:
> hi
> I have compiled kernel 2.4.22 for bridge and iptables support.
> Bridge is working ok but Layer 3 packets are only processed if they are
> addressed to bridge box ip address interface.
You need the ebtables patch from http:
On Mon, Dec 01, 2003 at 03:07:14PM +0100, Francisco Oliveira wrote:
> hi
> I have compiled kernel 2.4.22 for bridge and iptables support.
> Bridge is working ok but Layer 3 packets are only processed if they are
> addressed to bridge box ip address interface.
You need the ebtables patch from http:
On Thu, Jul 31, 2003 at 01:50:07PM -0400, Noah L. Meyerhans wrote:
[snip]
>
> libdnet has nothing to do with decnet. Its feature list, as shown on
> http://libdnet.sourceforge.net/ indicates that it does the following:
> * network address manipulation
> * kernel arp(4) cache and route(4)
On Thu, Jul 31, 2003 at 01:50:07PM -0400, Noah L. Meyerhans wrote:
[snip]
>
> libdnet has nothing to do with decnet. Its feature list, as shown on
> http://libdnet.sourceforge.net/ indicates that it does the following:
> * network address manipulation
> * kernel arp(4) cache and route(4)
On Thu, May 15, 2003 at 09:17:03AM +1000, Stewart James wrote:
>
> Hi all,
>
> My manager just came in asking questions about sudo. We use sudo here as a
> replacement for hacing to know root passwords - in general there are
> around 5 of us who need root access to the machines we maintain. we
>
On Tue, May 06, 2003 at 01:07:24PM -0500, Mark Edgington wrote:
> Hi,
> I'm not sure whether this idea has been considered or implemented
> anywhere, but I have been thinking about it, and believe it would provide a
> fairly high-level of security for systems which only run a few public
> se
On Mon, Dec 30, 2002 at 02:20:25PM -0500, Stephen Gran wrote:
> Hello all,
>
> I'm seeing the following in my logs (fairly frequently):
>
> 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "CONNECT 213.92.8.4:6667
> HTTP/1.0" 405 303 "-" "-"
> 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "POST h
On Mon, Dec 30, 2002 at 02:20:25PM -0500, Stephen Gran wrote:
> Hello all,
>
> I'm seeing the following in my logs (fairly frequently):
>
> 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "CONNECT 213.92.8.4:6667 HTTP/1.0"
>405 303 "-" "-"
> 66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] "POST ht
On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> I am working on adding a high score list to a game written in C.
> (It's already packaged.) The high score list will be 664 root:games
> and the game binary will be sgid games --- nothing special here.
> I want to dump and undump the
On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> I am working on adding a high score list to a game written in C.
> (It's already packaged.) The high score list will be 664 root:games
> and the game binary will be sgid games --- nothing special here.
> I want to dump and undump the
On Thu, Sep 19, 2002 at 08:44:18AM +0200, Dietrich Schroff wrote:
> Here my problem:
> If i log in as user in KDE and then use the screensaver, i can not
> unlock my screen. As root this is possible.
> I think the configuration file is /etc/pam.d/kde. It looks like this:
>
> auth required /
On Thu, Sep 19, 2002 at 08:44:18AM +0200, Dietrich Schroff wrote:
> Here my problem:
> If i log in as user in KDE and then use the screensaver, i can not
> unlock my screen. As root this is possible.
> I think the configuration file is /etc/pam.d/kde. It looks like this:
>
> auth required
On Sun, Aug 25, 2002 at 10:32:54AM -0500, Hanasaki JiJi wrote:
> computer1 and computer2
> - both run woody
> - both have the same /etc/resolve.con
> - both have the same ssh config
>
> ssh from 1 to 2 - no problems
> ssh from 2 to 1 - sshd reports a failed reverse dns lookup
>
On Tue, Jun 04, 2002 at 09:58:55AM -0400, Jon McCain wrote:
> You can remove the sftp-server program to disable sftp but you can't
> turn off the scp commands. They are part of ssh. So someone could
> still use something like winscp and be able to browse everything.
>
> You can "break" scp by ma
On Tue, May 28, 2002 at 05:51:02PM -0700, Stephen Johnson wrote:
> Hello, i'm confused on a couple variables in the sshd_config file, i
> have a client that's using that 'other os' and has an ssh client that he
> likes. however, he wanted me to secure the server as much as possible,
> i've always d
On Tue, May 28, 2002 at 05:51:02PM -0700, Stephen Johnson wrote:
> Hello, i'm confused on a couple variables in the sshd_config file, i
> have a client that's using that 'other os' and has an ssh client that he
> likes. however, he wanted me to secure the server as much as possible,
> i've always
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
>
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
>
> [EMAIL PROTECTED] storm]$ dpkg -l | grep opie
> ii libpam-opie0.
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
>
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
>
> [storm@defiant storm]$ dpkg -l | grep opie
> ii libpam-opie0.21
On Wed, May 15, 2002 at 09:49:08PM -0500, Steve Meyer wrote:
> I have a question. Is there any way to restrict outbound access for all but
> a few users? I know with iptables you can block outbound traffic completely
> but that wont work in my situation. There are about 150 users of my server
On Wed, May 15, 2002 at 09:49:08PM -0500, Steve Meyer wrote:
> I have a question. Is there any way to restrict outbound access for all but
> a few users? I know with iptables you can block outbound traffic completely
> but that wont work in my situation. There are about 150 users of my server
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
> On Tue, Apr 02, 2002 at 07:45:21PM +0200, eim wrote:
> > A question about some network services
> > ==
> >
> > Hallo Debian folks,
> >
> > By default, on my debian boxes, I disable this network
> >
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
> On Tue, Apr 02, 2002 at 07:45:21PM +0200, eim wrote:
> > A question about some network services
> > ==
> >
> > Hallo Debian folks,
> >
> > By default, on my debian boxes, I disable this network
>
On Mon, Mar 04, 2002 at 11:52:21AM -0500, Moses Moore wrote:
> Joao Luis Meloni Assirati wrote:
> > I want to know if my point of view is right, or if there is any
> > functionality that hosts.{allow,deny} scheme provides which iptables
> > can't.
>
> - You have daemon-by-daemon settings instead o
On Mon, Mar 04, 2002 at 11:52:21AM -0500, Moses Moore wrote:
> Joao Luis Meloni Assirati wrote:
> > I want to know if my point of view is right, or if there is any
> > functionality that hosts.{allow,deny} scheme provides which iptables
> > can't.
>
> - You have daemon-by-daemon settings instead
On Sat, Feb 09, 2002 at 09:39:00PM +0100, Johannes Weiss wrote:
>
> Hi,
> I have a security question:
> On my HTTP(s)/MAIL(SMTP,POP,IMAP)/SSH-Server:
> should I open(accept) or close(deny, perhaps reject?) the port 113???
Accept if you've chosen to run an ident server; otherwise, reject, but
don'
On Sat, Feb 09, 2002 at 09:39:00PM +0100, Johannes Weiss wrote:
>
> Hi,
> I have a security question:
> On my HTTP(s)/MAIL(SMTP,POP,IMAP)/SSH-Server:
> should I open(accept) or close(deny, perhaps reject?) the port 113???
Accept if you've chosen to run an ident server; otherwise, reject, but
don
On Fri, Feb 01, 2002 at 04:22:43PM +0100, Laurent Luyckx wrote:
> En réponse à Nemesis <[EMAIL PROTECTED]>:
>
> > Hello everybuddy:
> >
> > One question, please.
> >
> > When nessus gives a report and says
> >
> > "The remote SMTP server allows the relaying. This means that
> > it allows spamm
On Fri, Feb 01, 2002 at 04:22:43PM +0100, Laurent Luyckx wrote:
> En réponse à Nemesis <[EMAIL PROTECTED]>:
>
> > Hello everybuddy:
> >
> > One question, please.
> >
> > When nessus gives a report and says
> >
> > "The remote SMTP server allows the relaying. This means that
> > it allows spam
On Sun, Jan 20, 2002 at 01:41:44AM -0600, Nathan E Norman wrote:
> Hi,
>
> I'm setting up a project for some friends. I want each of them to
> have their own account, but I want the project to be hosted (and run
> under) a seperate account. Each user should be able to su to the
> project account
On Sun, Jan 20, 2002 at 01:41:44AM -0600, Nathan E Norman wrote:
> Hi,
>
> I'm setting up a project for some friends. I want each of them to
> have their own account, but I want the project to be hosted (and run
> under) a seperate account. Each user should be able to su to the
> project accoun
On Mon, Jan 14, 2002 at 12:17:15PM +, Iain Tatch wrote:
> On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote:
>
> >> Have I missed something and was I already OK, or is the current stable
> >> potato release shipping with a potential ssh security hole?
>
> > AFAIK, all SSH1 connections
On Mon, Jan 14, 2002 at 12:17:15PM +, Iain Tatch wrote:
> On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote:
>
> >> Have I missed something and was I already OK, or is the current stable
> >> potato release shipping with a potential ssh security hole?
>
> > AFAIK, all SSH1 connections
On Sun, Jan 13, 2002 at 07:05:10PM +0200, Jussi Ekholm wrote:
> Will Aoki <[EMAIL PROTECTED]> wrote:
>
> > Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
> [snip...]
>
> I would've wanted to ask, why I'm getting this kind of messag
On Sun, Jan 13, 2002 at 07:05:10PM +0200, Jussi Ekholm wrote:
> Will Aoki <[EMAIL PROTECTED]> wrote:
>
> > Jan 12 20:54:43 badkey sshd[14848]: Connection from 127.0.0.1 port 4074
> [snip...]
>
> I would've wanted to ask, why I'm getting this kind of messag
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
On Mon, Jan 07, 2002 at 08:00:02PM +0100, Luc MAIGNAN wrote:
> Hi,
>
> my SSH connections don't go to the 'auth.log' file, but the sshd_config seems
> to be good. What can happen ?
Do you mean that you're not seeing *any* messages from sshd in the log
file, or that sshd is logging, but that you
On Sun, Sep 23, 2001 at 06:40:46PM -0700, Nicole Zimmerman wrote:
>
> Yup, I'm not using a proxy.
>
> http://www.debian.org/doc/manuals/securing-debian-howto/
>
> I can access the following URL (which I found by going through the
> www.debian.org/doc tree):
>
> http://www.debian.org/doc/manuals
On Sun, Sep 23, 2001 at 06:40:46PM -0700, Nicole Zimmerman wrote:
>
> Yup, I'm not using a proxy.
>
> http://www.debian.org/doc/manuals/securing-debian-howto/
>
> I can access the following URL (which I found by going through the
> www.debian.org/doc tree):
>
> http://www.debian.org/doc/manual
On Sat, Jul 07, 2001 at 02:10:09AM +0100, Eric E Moore wrote:
[cut]
> I would be very shocked if you could compromise a system with a
> sudoers entry of:
> me hostname = (root) /bin/cat
Depends on what's on the system. I've thought of four similar ways.
1:
With Kerberos, you can steal someone's
On Sat, Jul 07, 2001 at 02:10:09AM +0100, Eric E Moore wrote:
[cut]
> I would be very shocked if you could compromise a system with a
> sudoers entry of:
> me hostname = (root) /bin/cat
Depends on what's on the system. I've thought of four similar ways.
1:
With Kerberos, you can steal someone'
55 matches
Mail list logo