Hello... I hope this isn't off-topic, so I posted the message here.
I have Snort running (ver 1.8.6 build 105) logging to a MySQL database
and Snortreport version 1.11 to read the logs in the database. The
problem is that if supposedly my host was attacked, or portscanned for
On Fri, Jun 07, 2002 at 11:23:52AM +0900, Oohara Yuuma wrote:
On Thu, 6 Jun 2002 20:28:24 +0200 (MEST),
Thomas Schmid [EMAIL PROTECTED] wrote:
So, I set up my server with aide and tiger to check it's integrity. The
reports are mailed to root which one is redirected to an other localadress
On Thu, 6 Jun 2002, Andrew Ferrier wrote:
For Windows, the ssh client from www.ssh.com is the best I've
found. Don't know if free for university use though. If you
want a free client, WinSCP is best I've used, though it's far
more buggy than the aforementioned.
PSCP and PSFTP (part of
Le Thursday 06 June 2002 à 20:28:24 +0200, Thomas Schmid a écrit:
Hi,
So, I set up my server with aide and tiger to check it's integrity. The
reports are mailed to root which one is redirected to an other localadress
and to a second adresse on a other server. My question is now: is it
On Fri, 2002-06-07 at 09:37, Alf B Lervåg wrote:
Yes, I know about the putty suite. (First thing I download whenever I'm
forced to sit on a windows computer. ;)
The problem with psftp and pscp, is that they're command line tools.
This is all well and good for people who like it, but since
Hello ppl,
What are some important things to watch on your debian box ? I'm checking
logfiles periodically, and run chkrootkit once in a while.
Are there any parameters in debian that can be turned on for some more
detailed logging ?
Also, if you're using some handy 3rd party tools, please let me
J'ai installe un reseau local qui est relié au
reste du reseau par unu machine linux configure comme routeur.
La connexion a internet se fait via squid. Les
machines du reseau local tourne sous windows.
J'ai installe identd sur ces machines.
L'identification au niveau de squid ne se fait
Well, you could stop looking at log files, and let logcheck do it for
you :)
apt-get install logcheck
You might also want a Network Intrusion Detection System -- snort
apt-get install snort
have fun.
- Wouter
[On 07 Jun, 2002, D.J. Bolderman wrote in Things to watch on m ...]
Hello
Hello ppl,
What are some important things to watch on your debian box ? I'm
checking
logfiles periodically, and run chkrootkit once in a while.
Are there any parameters in debian that can be turned on for some
more
detailed logging ?
Also, if you're using some handy 3rd party tools,
I think our friend forgot to read the portion of the list use that says:
Send all of your e-mails in English. Only use other languages on mailing lists
where that is explicitely allowed (e.g. French on debian-user-french).
Or...in case he can't read English:
Envoyez tous vos messages en
1ere remarque : ça ne se fait pas d'envoyer une question pareille sur autant de
mailing-lists à la fois.
2eme remarque : sur les listes internationales, on parle anglais, sous peine de
ne pas se faire comprendre (et de ne pas recevoir de réponse)
3eme remarque : l'orthographe ne doit pas être
vdongen [EMAIL PROTECTED] writes:
You could run logcheck, which instead of reading the logs mails you
entries that are unusual or attempted break ins
OK, my thoughts:
a) use syslog-ng to filter firewall events into a separate firewall.log;
b) use fwlogwatch to generate HTML tables of what's
As recently as 4.0.4-2, the qpopper package sets /var/spool/pop to
mode 2775, root/mail. However, for some reason, when set that way, I
get errors like:
Jun 7 09:57:09 mail01 in.qpopper[16028]: USERNAME at HOSTNAME (IP):
-ERR [SYS/TEMP] Failed to create /var/spool/pop//.USERNAME.pop with
I would like to know if changing default umask to 077 in /etc/profile will
cause me problem to install and update new packages.
Or then, must I go back to 022 ?
I see no reference to umask in the packaging how-to.
So in general, the permissions of the installed files will be dependent of
our
On Fri, Jun 07, 2002 at 03:14:23PM +0200, Wouter van Gils wrote:
Well, you could stop looking at log files, and let logcheck do it for
you :)
apt-get install logcheck
You might also want a Network Intrusion Detection System -- snort
apt-get install snort
And you can too install AIDE.
Julián Muñoz [EMAIL PROTECTED] writes:
I would like to know if changing default umask to 077 in /etc/profile
will cause me problem to install and update new packages.
Or then, must I go back to 022 ?
I see no reference to umask in the packaging how-to. So in general, the
permissions of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Bonner [EMAIL PROTECTED] wrote:
Whenever I logout from an SSH2 session now, I get the following
in my /var/log/messages:
June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv: delete
non-existent entry; MAIL
I get the exactly same
On Fri, Jun 07, 2002 at 02:05:42PM +, Julián Muñoz wrote:
I would like to know if changing default umask to 077 in /etc/profile will
cause me problem to install and update new packages.
No, when you install a package, the permissions are already set.
The umask doesn't have any effect
Alf == Alf B Lervåg [EMAIL PROTECTED] writes:
[...]
Alf The problem with psftp and pscp, is that they're command line
Alf tools. This is all well and good for people who like it, but since
Alf most of our students only use windows and gui programs, they
Alf wouldn't like having to use cli.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
* Jeff Bonner ([EMAIL PROTECTED]) [020604 16:47]:
Whenever I logout from an SSH2 session now, I get the following
in my /var/log/messages:
June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv: delete
non-existent entry; MAIL
I'm not sure exactly why it's carping like that, but take
Hei
Voisitko kääntää tuon Ranskan Englanniksi, siksi kun tämän pitäisi olla
Englannin kielinen internationillinen sähköposti-lista ?
Gætirðu vinsamlegast þýtt spurninguna á Ensku þar sem þetta á að heita
enkumælandi e-mail listi?
= Could you please translate Your question to english, because
On Thu, Jun 06, 2002 at 11:40:01PM +0200, Daniel Kobras did this all over the
keyboard:
On Thu, Jun 06, 2002 at 07:15:24PM +0200, Willi Dyck wrote:
on a daily basis I do run chkrootkit version 0.31 on a server I
maintain. Today chkrootkit reported the following:
Checking `lkm'... You
On Fri 07 Jun 2002 11:03, Jussi Ekholm wrote:
Whenever I logout from an SSH2 session now, I get the following
in my /var/log/messages:
June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv: delete
non-existent entry; MAIL
I get the exactly same message under same conditions --
And if so, what could make chkproc think, seeing something what is
probably not there? Perhaps some kind of runtime failure in the C code?
Well, remember that you're running on a pre-emptivly scheduled system.
Processes can be created and destroyed during that code's running.
Although you
On Fri 07 Jun 2002 16:27, Vineet Kumar wrote:
Whenever I logout from an SSH2 session now, I get the
following in my /var/log/messages:
June 4 19:36:26 firegate sshd[24364]: PAM pam_putenv:
delete non-existent entry; MAIL
I'm not sure exactly why it's carping like that, but
26 matches
Mail list logo