Re: Securing Apache: vserver or chroot ?
On Tue, Oct 22, 2002 at 12:37:04PM +0200, Alexander Neumann wrote:
# Yes, jailtool takes Debian Package Dependencies and/or CPAN .packlist
# files. I didn't know about 'makejail', I think I'll have a look at it...
theres also another one called jailer, but if you want to secure your
system, then you have to know well about it, use strace,lsof,mknod,ldd
and mount command to create chroot jail system manually.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Securing Apache: vserver or chroot ?
On Tue, Oct 22, 2002 at 11:10:56PM +0200, Alain Tesio wrote:
# theres also another one called jailer, but if you want to secure your
# system, then you have to know well about it, use strace,lsof,mknod,ldd
# and mount command to create chroot jail system manually.
#
# These are the commands makejail uses (I'm the author), except lsof.
# Any interest to use lsof ? Is there any reason it should mention a file
# you can't see in the outputs of ldd and strace ?
i compare the open file call from strace with lsof, i just want to make
sure that i got all the file i needed.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Securing Apache: vserver or chroot ?
On Tue, Oct 22, 2002 at 12:37:04PM +0200, Alexander Neumann wrote:
# Yes, jailtool takes Debian Package Dependencies and/or CPAN .packlist
# files. I didn't know about 'makejail', I think I'll have a look at it...
theres also another one called jailer, but if you want to secure your
system, then you have to know well about it, use strace,lsof,mknod,ldd
and mount command to create chroot jail system manually.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: Securing Apache: vserver or chroot ?
On Tue, Oct 22, 2002 at 11:10:56PM +0200, Alain Tesio wrote:
# theres also another one called jailer, but if you want to secure your
# system, then you have to know well about it, use strace,lsof,mknod,ldd
# and mount command to create chroot jail system manually.
#
# These are the commands makejail uses (I'm the author), except lsof.
# Any interest to use lsof ? Is there any reason it should mention a file
# you can't see in the outputs of ldd and strace ?
i compare the open file call from strace with lsof, i just want to make
sure that i got all the file i needed.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: Block 198.175 admins? who are they?
On Tue, 24 Sep 2002 [EMAIL PROTECTED] wrote:
#
# I've been just properly scanned and whois is telling
# 198.175.98.0 is Distributed Network Technical Support (NET-INTEL-IT34),
# nothing more, who shall I contact then ;)
whois -h whois.arin.net NET-198-175-64-0-1
OrgName:Intel Corporation
OrgID: NTLS
NetRange: 198.175.64.0 - 198.175.123.255
CIDR: 198.175.64.0/19, 198.175.96.0/20, 198.175.112.0/21, 198.175.120.0/22
NetName:NETBLK-INTEL-IT
NetHandle: NET-198-175-64-0-1
Parent: NET-198-0-0-0-0
NetType:Direct Allocation
NameServer: NS1.INTEL.COM
NameServer: NS2.INTEL.COM
NameServer: NS3.INTEL.COM
NameServer: NS4.INTEL.COM
Comment:
RegDate:1993-05-12
Updated:2002-08-23
TechHandle: ZI78-ARIN
TechName: Intel Corporation
TechPhone: +1-408-765-8080
TechEmail: [EMAIL PROTECTED]
# ARIN Whois database, last updated 2002-09-23 22:15
# Enter ? for additional hints on searching ARIN's Whois database.
Cheers
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: Closing ports...
On Sun, 15 Sep 2002, Markus Grunwald wrote:
# I wanted to close unnecessary ports. I noticed one thing: With netstat,
# _all_ ports were open to the whole world:
#
# Proto Recv-Q Send-Q Local Address Foreign Address
# State tcp 0 0 *:6565 *:* LISTEN 8078/junkbuster
#
# But I have configured junkbuster to listen only to my network:
# deny 0.0.0.0/0
# permit 192.168.42.0/24
nothing wrong, its completely different aspect, * on the netstat output mean
the daemon _listen_ on every network interface, and doesnt mean that the daemon
can be connected from anywhere.
Cheers
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: no more /sbin in root path... been rooted?
On Thu, 5 Sep 2002, David Raulo wrote:
# Did you login via SSH ??
#
#
# No (I don't have a sshd running). The problem occurs when I log directly on
# console, or when I do su - from an xterm.
# Have you got an idea?
hmm .. strange, when you su - then its use login
if your box has been rooted, posible backdoor is in the /bin/login
maybe you should re-install the login package, just to make sure.
but before that please recheck /etc/login.defs, /etc/profile, /etc/bashrc,
~/.bashrc
Cheers
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: no more /sbin in root path... been rooted?
On Thu, 5 Sep 2002, David Raulo wrote:
# Is the whole login process on Debian described somewhere, with the order in
# which the files are read? I'd really like to sort out this problem, so I'll
# be pretty sure my machine haven't been cracked.
# Thanks again for your help,
feels free to contact login maintainer Karl Ramm [EMAIL PROTECTED]
Cheers
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
Re: Permissions Required On hosts.allow ?
On Thu, 29 Aug 2002, Jason Clarke wrote:
# Found the problem to be that SSH was doing DNS lookups on IP's.
#
# So I setup an internal reverse DNS for my local lan, and shebang, it's
# almost instant now.
use -u0 on the sshd option
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID - [personal - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
