-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 179-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 18th, 2002
On Thursday 17 October 2002 05:03 am, Orlando wrote:
Not sure if this is real.
He's using a hushmail account to post to the lists which is somewhat
suspicious.
He claims to have attached the binary but no one seems to have a copy of
it. Some co-workers and other people have asked for a copy
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
You said what would try to connect to my system's port [...] 111
from within my own system. I would
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
On Friday 18 October 2002 06:58 am, Fruhwirth Clemens wrote:
Hi!
http://therapy.endorphin.org/secpack_0.1-1.deb implements a
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
It'll get to you when you have 200+ debian systems spread across the
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading,
On Fri, 18 Oct 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
As pointed out several times in the past Debian has not fully
On Fri, 2002-10-18 at 09:33, Mark Janssen wrote:
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
It'll get to you
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
przemol
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On Thu, 2002-10-17 at 01:53, WebMaster wrote:
hello,
can i safely apply the grsecurity patch?
Yes, removing the EXTRAVERSION line in the patch(woody).
if this patch make servers more secure just by apply it (without acl),
why isn it applied by default?
It can be much aggressive to set by
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
Banner
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed information for a ssh client connecting to your
server, therefor you
From Jan Niehusmann on Friday, 18 October, 2002:
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Of course, if the hacker managed to modify files on
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
Mark Janssen --
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
edit /etc/ssh/sshd_config and put a comment mark
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
you can't without
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1
This won't do the trick, AFAIK it will only display /etc/issue.net
content before the password prompt, but wont change/hide the version
of the sshd when telnet'ing localhost || ip on port 22.
-xavier
Edit sshd_config
find the line with something like
Banner /etc/issue.net
and set
#
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed
Hi,
On Fri, 18 Oct 2002, vdongen wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed information for a ssh
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
If you attempt to disable this message
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How
You can still have a look there:
http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.comoutput=gplain
for an answer, but would be better to not touch it.
If you can restrict the access to port 22 for a few ip's, do it and block
the rest. Will save you some sleepless nights if you'r
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
Banner /etc/issue.net
and set
# Banner /etc/issue.net
killall -9 sshd
done
Regards
afaik /etc/issue.net is intended for telnet and not for ssh.
furthermore:
$ netcat 0 22
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
If people are interested enough in it, I might throw together something
more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the
Hello,
You can; however, recompile and get rid of the Debian 1:3.4p1-1 part...
Why isn't it done by default ?
FreeBSD started this to get rid of users, complaining about the old
OpenSSH in the base system and to indicate that their OpenSSH is not the
2.3.0, but a security patched one.
FreeBSD
* [EMAIL PROTECTED] [EMAIL PROTECTED]:
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
You don't want to disable it.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
-xavier
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of
the line that says
Banner /etc/issue.net
or something like
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
You can; however, recompile and get rid of the Debian 1:3.4p1-1 part...
Why isn't it done by default ?
9-12 months down the road (or whenever the next exploit in OpenSSH is
found), Debian will likely backport the fix into
IMHO there is no lack of interesting ideas - what we really need are
implementations.
Ja. I just have to find the time. :)
apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
also improve security significantly. Together, I'd say they'd suffice to
make the debian mirrors
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
On Friday 18 October 2002 09:55 am, Jan Niehusmann wrote:
On Fri, Oct 18, 2002 at 08:20:14AM
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
It does. The problem is, how
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
Why isn't it done by default ?
You would have to ask the maintainer...
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
XP Source Code:
#include win2k.h
On Tue, Oct 15, 2002 at 02:37:19PM -0700, Anne Carasik wrote:
Hi Mathias,
Thanks that's helpful if I'm workign on ONE machine. The problem
is I can't get this working for our loghost which gets all the
files.
All I get is this:
Other hosts syslogging to us:
290374 host1.example.edu
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
Banner gets diplayed _after_ successful login, but ssh handshake needs
some information about server ssh version.
There was a big flame about the 3.4p1 Debian 1:3.4p1-1 part of
message. It can _not_ be
Jussi Ekholm [EMAIL PROTECTED] writes:
Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight on this
This is unrelated to any security patches / exploits, hence
off-topic. I'm posting here mostly because it seems like the right
crowd for this sort of problem. If this offends you, let me know and
I'll find a different venue in the future.
OK. We're a large network running
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
Now, we're looking to upgrade the Linux on these thin clients. I like
Debian, so that's one obvious choice. However, a standard Debian
install (e.g. what I run on my machine) gives us much more than we
need.
Towards
OK, thanks. BTW, how does that differ from running tasksel and not
selecting any tasks? Or is that even possible?
-chris
Noah L. Meyerhans [EMAIL PROTECTED] writes:
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
Now, we're looking to upgrade the Linux on these thin
* Chris Majewski [EMAIL PROTECTED] [021018 22:43]:
RedHat), with an NFS-mounted root fs. They run almost nothing
locally: currently an X server, sshd, and possibly some music forwarding
daemon in the future, so users can listen to tunes on their thin
clients using software
On Wed, Oct 16, 2002 at 05:07:06PM -0500, Nathan A. Ferch wrote:
is there a means to recieve email notifications of security-related
packages in the same format as the -changes mailing lists or the emails
that the PTS sends out? or is this not possible due to the way that the
security archive
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
You said what would try to connect to my system's port [...] 111
from within my own system. I would
On Thursday 17 October 2002 05:03 am, Orlando wrote:
Not sure if this is real.
He's using a hushmail account to post to the lists which is somewhat
suspicious.
He claims to have attached the binary but no one seems to have a copy of
it. Some co-workers and other people have asked for a copy
Hi!
http://therapy.endorphin.org/secpack_0.1-1.deb implements a simple cron
based daily security update with signature checking using a modified version
of ajt's apt-check-sigs.
Feedback is appreciated. CC please, /me not on list.
Regards, Clemens
pgpVBkwjvCD5f.pgp
Description: PGP signature
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
On Friday 18 October 2002 06:58 am, Fruhwirth Clemens wrote:
Hi!
http://therapy.endorphin.org/secpack_0.1-1.deb implements a
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
It'll get to you when you have 200+ debian systems spread across the
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading,
On Fri, 18 Oct 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
As pointed out several times in the past Debian has not fully
On Fri, 2002-10-18 at 09:33, Mark Janssen wrote:
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
I don't understand the need for this.
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
It'll get to you
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
przemol
On Thu, 2002-10-17 at 01:53, WebMaster wrote:
hello,
can i safely apply the grsecurity patch?
Yes, removing the EXTRAVERSION line in the patch(woody).
if this patch make servers more secure just by apply it (without acl),
why isn it applied by default?
It can be much aggressive to set by
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
Banner
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed information for a ssh client connecting to your
server, therefor you
From Jan Niehusmann on Friday, 18 October, 2002:
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Of course, if the hacker managed to modify files on
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
Mark Janssen --
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
edit /etc/ssh/sshd_config and put a comment mark
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
you can't without
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
If you attempt to disable this message
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1
On Fri, 18 Oct 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
Edit sshd_config
find the line with something like
Banner /etc/issue.net
That will not get rid of the version identification string.
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
You can still have a look there:
http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.comoutput=gplain
for an answer, but would be better to not touch it.
If you can restrict the access to port 22 for a few ip's, do it and block
the rest. Will save you some sleepless nights if you'r
Hi,
On Fri, 18 Oct 2002, vdongen wrote:
Woody
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
This banner is needed information for a ssh
This won't do the trick, AFAIK it will only display /etc/issue.net
content before the password prompt, but wont change/hide the version
of the sshd when telnet'ing localhost || ip on port 22.
-xavier
Edit sshd_config
find the line with something like
Banner /etc/issue.net
and set
#
On Fri, Oct 18, 2002 at 09:42:14AM -0400, Phillip Hofmeister wrote:
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
host:/home/przemoltelnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
Banner /etc/issue.net
and set
# Banner /etc/issue.net
killall -9 sshd
done
Regards
afaik /etc/issue.net is intended for telnet and not for ssh.
furthermore:
$ netcat 0 22
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
If people are interested enough in it, I might throw together something
more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the
* Aleksander Iwanski [EMAIL PROTECTED]:
Edit sshd_config
find the line with something like
Banner /etc/issue.net
That's not the banner he's talking about.
killall -9 sshd
There are better ways to stop the ssh daemon.
* [EMAIL PROTECTED] [EMAIL PROTECTED]:
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
You don't want to disable it.
Hello,
You can; however, recompile and get rid of the Debian 1:3.4p1-1 part...
Why isn't it done by default ?
FreeBSD started this to get rid of users, complaining about the old
OpenSSH in the base system and to indicate that their OpenSSH is not the
2.3.0, but a security patched one.
FreeBSD
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
-xavier
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of
the line that says
Banner /etc/issue.net
or something like
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
You can; however, recompile and get rid of the Debian 1:3.4p1-1 part...
Why isn't it done by default ?
9-12 months down the road (or whenever the next exploit in OpenSSH is
found), Debian will likely backport the fix into
IMHO there is no lack of interesting ideas - what we really need are
implementations.
Ja. I just have to find the time. :)
apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
also improve security significantly. Together, I'd say they'd suffice to
make the debian mirrors
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
On Friday 18 October 2002 09:55 am, Jan Niehusmann wrote:
On Fri, Oct 18, 2002 at 08:20:14AM
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
It does. The problem is, how
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
Why isn't it done by default ?
You would have to ask the maintainer...
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
XP Source Code:
#include win2k.h
On Tue, Oct 15, 2002 at 02:37:19PM -0700, Anne Carasik wrote:
Hi Mathias,
Thanks that's helpful if I'm workign on ONE machine. The problem
is I can't get this working for our loghost which gets all the
files.
All I get is this:
Other hosts syslogging to us:
290374 host1.example.edu
Four words: Single point of failure.
(Or is that six? Or ten? Yes, yes, that's right, twelve words. Let's try
that again, shall we? ... ;)
Besides, I strongly believe that it already does this... IIRC apt-get does
this to make sure that the packages weren't corrupted (or truncated) in
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
Banner gets diplayed _after_ successful login, but ssh handshake needs
some information about server ssh version.
There was a big flame about the 3.4p1 Debian 1:3.4p1-1 part of
message. It can _not_ be
Jussi Ekholm [EMAIL PROTECTED] writes:
Olaf Dietsche [EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight on this issue would
This is unrelated to any security patches / exploits, hence
off-topic. I'm posting here mostly because it seems like the right
crowd for this sort of problem. If this offends you, let me know and
I'll find a different venue in the future.
OK. We're a large network running
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
Now, we're looking to upgrade the Linux on these thin clients. I like
Debian, so that's one obvious choice. However, a standard Debian
install (e.g. what I run on my machine) gives us much more than we
need.
Towards
OK, thanks. BTW, how does that differ from running tasksel and not
selecting any tasks? Or is that even possible?
-chris
Noah L. Meyerhans [EMAIL PROTECTED] writes:
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
Now, we're looking to upgrade the Linux on these thin
On Fri, 18 Oct 2002 at 12:41:37PM -0700, Chris Majewski wrote:
Now, we're looking to upgrade the Linux on these thin clients. I like
Debian, so that's one obvious choice. However, a standard Debian
install (e.g. what I run on my machine) gives us much more than we
need. This isn't
Hi.
I have been thinking about puting apache inside a place it cannot harm
anything else on the system.
We are serving web pages for several projects and we cannot control what
every of them do (PHPNuke, PostNuke and friends have their big share of
vulnerabilities).
I have been reading about
* Chris Majewski [EMAIL PROTECTED] [021018 22:43]:
RedHat), with an NFS-mounted root fs. They run almost nothing
locally: currently an X server, sshd, and possibly some music forwarding
daemon in the future, so users can listen to tunes on their thin
clients using software
87 matches
Mail list logo