At 22.16 24/09/03 -0400, Noah L. Meyerhans wrote:
How 'bout this idea: We can create a user-definable policy as to whether
or not newly installed packages that provide init scripts actually have
these init scripts run during their postinst. So, we have a file in
/etc/defaults or something that is
On Thu, 2003-09-25 at 03:19, Stefano Salvi wrote:
At 22.16 24/09/03 -0400, Noah L. Meyerhans wrote:
How 'bout this idea: We can create a user-definable policy as to whether
or not newly installed packages that provide init scripts actually have
these init scripts run during their postinst.
On Mon, Sep 22, 2003 at 10:18:20PM +0200, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Why do you think there's anything wrong with ftp?
FTP is a firewal nightmare,
You think? Firewalls are nightmare, and the only result of prefering
http-only protocols is what you'll see
On Wed, Sep 24, 2003 at 10:08:36PM +0700, Jean Christophe ANDR? wrote:
Could you please show us a apt-cache policy ssh on both servers?
Here is mine:
# apt-cache policy ssh
ssh:
Installed: 1:3.4p1-1.woody.3
Candidate: 1:3.4p1-1.woody.3
Version Table:
***
ClamAV is supported in Debian and it's very well integrated with
amavisd-new (which, in turn, can be used also with spamassassin).
Yes, but where can I find clamav for woody?
Sid's package depends on whole lot of sid stuff, so recompiling it on woody
requires significant effort. Data from
On Thu, Sep 25, 2003 at 02:27:01PM +0700, Jean Christophe ANDR? wrote:
What do you have in /usr/share/doc/ssh/changelog.Debian.gz?
openssh (1:3.4p1-2) unstable; urgency=high
* Get a security-fixed version into unstable
* Also tidy README.Debian up a little
-- Matthew Vernon [EMAIL
* Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Sun, 21 Sep 2003 at 12:58:54PM +0200, J.H.M. Dassen (Ray) wrote:
On Sat, Sep 20, 2003 at 11:13:35 -0700, Bill Moseley wrote:
Will Bind9 in stable get the delegation-only patch?
Probably not. Stable only gets updated for security issues.
On Thu, 25 Sep 2003 at 08:43:46 +0200, Dariush Pietrzak wrote:
ClamAV is supported in Debian and it's very well integrated with
amavisd-new (which, in turn, can be used also with spamassassin).
Yes, but where can I find clamav for woody?
Sid's package depends on whole lot of sid stuff, so
Noah L. Meyerhans wrote:
On Tue, Sep 23, 2003 at 02:08:29AM +0200, Michelle Konzack wrote:
I was surfing the Website http://www.xmms.org/ for new skins and
at one klick...
...xmms was hijacked !!!
No access on xmms posibel. Can anyone confirm this please...
Please Cc: me.
Nope. Worked
On Wed, Sep 24, 2003 at 01:42:01PM -0700, Adam Lydick wrote:
Is there any effort to reduce the number of services running on a
default debian install? For example: a typical workstation user doesn't
really need to have inetd enabled, nor portmap (unless they are running
fam or nfs -- which
On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote:
What about a package like the harden-* package, but one that conflicts
with packages that are pointless for a client/desktop system?
Unless such a package is part of the standard installation, it's really
of no use. The
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]:
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit :
** Message d'origine **
Most of my debian installs took the recent ssh updates without a hiccup,
but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
On Thu, Sep 25, 2003 at 07:48:00AM -0700, Adam Lydick wrote:
I haven't done more then look at the screen shots for it, but the
personal firewall (eg: iptables frontend) that comes with RH9 looks to
be default deny for most incoming traffic while providing a nice (read:
graphical and
Hi
I've read an article about FreeBSD which made me read some parts of the
FreeBSD docuemtations. in the firewall section there is a short description
about proxy firewalls. I've made some more searching and found a free
product called TIS which provide this functionality (which I thought was
Hi
I've read an article about FreeBSD which made me read some parts of the
FreeBSD docuemtations. in the firewall section there is a short description
about proxy firewalls. I've made some more searching and found a free
product called TIS which provide this functionality (which I thought was
On Thu, Sep 25, 2003 at 08:19:43AM +0200, Stefano Salvi wrote:
I think thisi is not wise:
Only because you misunderstand my idea.
- Why I must have services installed that I cannot use (are not started by
default)?
I didn't say anything about not starting by default. I said that they
would
Javier Fernández-Sanguino Peña schrieb:
On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote:
For starters, I think portmap, rpc.statd, and inetd should not run by
default. Not running a mail server (or perhaps only running one on the
loopback interface) would be nice, too.
A mail
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
And what is wrong with it when you need
On Tue, Sep 23, 2003 at 02:08:29AM +0200, Michelle Konzack wrote:
Hello All,
I was surfing the Website http://www.xmms.org/ for new skins and
at one klick...
...xmms was hijacked !!!
No access on xmms posibel. Can anyone confirm this please...
Please Cc: me.
Three other .org
On Thu, Sep 25, 2003 at 12:34:34PM +0200, Javier Fernández-Sanguino Peña wrote:
The compromise in Debian has always been that a service that gets installed
will be executed in a minimum configuration, if you don't want it, don't
install it or remove it.
That's been the policy, but's it's stupid
In article [EMAIL PROTECTED] you wrote:
And... a mail with a positive virus recognition can be deleted without having
to fear it's a false positive,
umm... what makes you think so?
Besides the typical case, that one wants to send a virus file (there are
researches out there, you know) the
On Wed, 24 Sep 2003 at 1:54:42 +0200, Thomas Ritter wrote:
Just a note: Open Antivirus programs like clamav are not perfect, because the
open virus database [1] is still too small... but for _sorting_ mail, clamav
(it's in sid) is really good. It gives you
[...]
[1]
Don't underestimate clamav. Sure it does not have 75,000 virii in it's
database, but it catches well over 98% of the viruses that cross my little
ISP. (I run both NOD32 and ClamAV with MailScanner so I see all the ones
that NOD gets and ClamAV does not, which is _very_ few). Plus the ClamAV
Am Mittwoch, 24. September 2003 02:14 schrieb Bernd Eckenfels:
In article [EMAIL PROTECTED] you wrote:
And... a mail with a positive virus recognition can be deleted without
having to fear it's a false positive,
umm... what makes you think so?
Okay, it's not absolutely safe, but for home
On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote:
On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote:
For starters, I think portmap, rpc.statd, and inetd should not run by
default. Not running a mail server (or perhaps only running one on the
loopback interface)
On Thu, Sep 25, 2003 at 12:34:34PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
The base installation is partially decided by the priority of the package
('required', 'important', 'standard', 'optional', 'extra'). The
archive maintainers have the final word (that is the 'ftp.debian.org'
Agreed. The X maintainers (as one example) started doing that a while
back. I run exim and a few other services like this (manually
configured, sadly).
On Wed, 2003-09-24 at 15:04, Florian Weimer wrote:
On Wed, Sep 24, 2003 at 01:42:01PM -0700, Adam Lydick wrote:
Is there any effort to
I like that idea, and it sounds fairly simple - packages just check
/etc/secure_level (or something similar) and do the right thing. The
tricky part is convincing every package maintainer to adopt it ;)
There are some hardening packages available, but I haven't had a
chance to play with them yet.
I haven't done more then look at the screen shots for it, but the
personal firewall (eg: iptables frontend) that comes with RH9 looks to
be default deny for most incoming traffic while providing a nice (read:
graphical and straightforward) way to punch essential holes through it
as needed. (and
At 22.16 24/09/03 -0400, Noah L. Meyerhans wrote:
How 'bout this idea: We can create a user-definable policy as to whether
or not newly installed packages that provide init scripts actually have
these init scripts run during their postinst. So, we have a file in
/etc/defaults or something that
On Thu, 2003-09-25 at 03:19, Stefano Salvi wrote:
At 22.16 24/09/03 -0400, Noah L. Meyerhans wrote:
How 'bout this idea: We can create a user-definable policy as to whether
or not newly installed packages that provide init scripts actually have
these init scripts run during their postinst.
On Mon, Sep 22, 2003 at 10:18:20PM +0200, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Why do you think there's anything wrong with ftp?
FTP is a firewal nightmare,
You think? Firewalls are nightmare, and the only result of prefering
http-only protocols is what you'll see
On Wed, Sep 24, 2003 at 10:08:36PM +0700, Jean Christophe ANDR? wrote:
Could you please show us a apt-cache policy ssh on both servers?
Here is mine:
# apt-cache policy ssh
ssh:
Installed: 1:3.4p1-1.woody.3
Candidate: 1:3.4p1-1.woody.3
Version Table:
***
ClamAV is supported in Debian and it's very well integrated with
amavisd-new (which, in turn, can be used also with spamassassin).
Yes, but where can I find clamav for woody?
Sid's package depends on whole lot of sid stuff, so recompiling it on woody
requires significant effort. Data from
On Thu, Sep 25, 2003 at 02:27:01PM +0700, Jean Christophe ANDR? wrote:
What do you have in /usr/share/doc/ssh/changelog.Debian.gz?
openssh (1:3.4p1-2) unstable; urgency=high
* Get a security-fixed version into unstable
* Also tidy README.Debian up a little
-- Matthew Vernon [EMAIL
* Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Sun, 21 Sep 2003 at 12:58:54PM +0200, J.H.M. Dassen (Ray) wrote:
On Sat, Sep 20, 2003 at 11:13:35 -0700, Bill Moseley wrote:
Will Bind9 in stable get the delegation-only patch?
Probably not. Stable only gets updated for security issues.
Noah L. Meyerhans wrote:
On Tue, Sep 23, 2003 at 02:08:29AM +0200, Michelle Konzack wrote:
I was surfing the Website http://www.xmms.org/ for new skins and
at one klick...
...xmms was hijacked !!!
No access on xmms posibel. Can anyone confirm this please...
Please Cc: me.
Nope.
On Wed, Sep 24, 2003 at 01:42:01PM -0700, Adam Lydick wrote:
Is there any effort to reduce the number of services running on a
default debian install? For example: a typical workstation user doesn't
really need to have inetd enabled, nor portmap (unless they are running
fam or nfs -- which
On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote:
What about a package like the harden-* package, but one that conflicts
with packages that are pointless for a client/desktop system?
Unless such a package is part of the standard installation, it's really
of no use. The
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]:
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit :
** Message d'origine **
Most of my debian installs took the recent ssh updates without a hiccup,
but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
On Thu, Sep 25, 2003 at 08:19:43AM +0200, Stefano Salvi wrote:
I think thisi is not wise:
Only because you misunderstand my idea.
- Why I must have services installed that I cannot use (are not started by
default)?
I didn't say anything about not starting by default. I said that they
would
Javier Fernández-Sanguino Peña schrieb:
On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote:
For starters, I think portmap, rpc.statd, and inetd should not run by
default. Not running a mail server (or perhaps only running one on the
loopback interface) would be nice, too.
A
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
And what is wrong with it when you need
On Tue, Sep 23, 2003 at 02:08:29AM +0200, Michelle Konzack wrote:
Hello All,
I was surfing the Website http://www.xmms.org/ for new skins and
at one klick...
...xmms was hijacked !!!
No access on xmms posibel. Can anyone confirm this please...
Please Cc: me.
Three other .org
On Thu, Sep 25, 2003 at 12:34:34PM +0200, Javier Fernández-Sanguino Peña wrote:
The compromise in Debian has always been that a service that gets installed
will be executed in a minimum configuration, if you don't want it, don't
install it or remove it.
That's been the policy, but's it's
In article [EMAIL PROTECTED] you wrote:
And... a mail with a positive virus recognition can be deleted without having
to fear it's a false positive,
umm... what makes you think so?
Besides the typical case, that one wants to send a virus file (there are
researches out there, you know) the
On Wed, 24 Sep 2003 at 1:54:42 +0200, Thomas Ritter wrote:
Just a note: Open Antivirus programs like clamav are not perfect, because the
open virus database [1] is still too small... but for _sorting_ mail, clamav
(it's in sid) is really good. It gives you
[...]
[1]
Don't underestimate clamav. Sure it does not have 75,000 virii in it's
database, but it catches well over 98% of the viruses that cross my little
ISP. (I run both NOD32 and ClamAV with MailScanner so I see all the ones
that NOD gets and ClamAV does not, which is _very_ few). Plus the ClamAV
On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote:
I've read an article about FreeBSD which made me read some parts of the
FreeBSD docuemtations. in the firewall section there is a short description
about proxy firewalls. I've made some more searching and found a free
product
Am Mittwoch, 24. September 2003 02:14 schrieb Bernd Eckenfels:
In article [EMAIL PROTECTED] you wrote:
And... a mail with a positive virus recognition can be deleted without
having to fear it's a false positive,
umm... what makes you think so?
Okay, it's not absolutely safe, but for home
50 matches
Mail list logo