On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
Hi,
I have a slink-potato-woody server, and I am a little concerned about the
permissions some of the log files in /var/log have.
There are too many to list, but here are some:
-rw-r--r--1 root root 8232348 Nov 3 06:43
to root, then try:
cd /etc/ppp
egrep -r "\-password" .
to find any relevant settings.
HTH.
-chet
-
yet he has sorcery
On Fri, 3 Nov 2000, Pedro Zorzenon Neto wrote:
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
Hi,
I have a slink-po
Hi, all
I put /bin/rbash as the default shell (in /etc/passwd) for some users that
I just want them to use a restricted login.
When the user logs in, rbash is being executed and the restricted login is
working well. But, if the user executes 'bash', everything becames unrestricted.
How
Hi all,
Happy New Year!
I have some database files on a remote computer that I'd like to transfer to home,
and I need to send them encrypted.
I know how to use gnupg and scp and they would work fine, but the other computer
does't have them installed. I sent an email to
Another idea would be to use a small perl client/server modell with
Crypt::CBC and IDEA...
To use perl is a good idea.
I could create a perl script that encrypts the files with a public key and send them
to me by e-mail. So, I can put it in cron and receive the files periodically.
Some
On Tue, Jan 02, 2001 at 10:20:26AM -0800, Tom Marshall wrote:
Can you use FTP to put precompiled ssh and scp binaries on the machine?
$HOME/bin is usually a good place. I've done this before with some success.
---
The most effective Windows NT remote management tool? A car.
The remote
the files with perl is a good idea as well, since they could be
crypted then downloaded from FTP without worries. This wouldn't require
opening or utilizing ports that may be firewalled. THere should be plenty
of examples in perldoc for doing this.
--Henry
On Tue, 2 Jan 2001, Pedro Zor
Hi Duane,
from 'man ssh' you can find some answer:
As a third authentication method, ssh supports RSA based authentication.
The scheme is based on public-key cryptography: there are cryptosystems
where encryption and decryption are done using separate keys, and it is
not
Hi,
I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh
to any other machine and use their account on the other machine.
A simple solution would be create one acount for user "anyone" without password and
restrict its login with rbash to use just
-rishi
On Mon, 19 Mar 2001, Pedro Zorzenon Neto wrote:
Hi,
I'd like anyone to be able to use the local keyboard of some machines to
telnet/ssh to any other machine and use their account on the other machine.
A simple solution would be create one acount for
I'd say to block all the ports you don't need to be available to the world.
Just leave opened the essencial ports you need to provide services.
Try nmap to see your opened ports.
On Thu, Apr 05, 2001 at 12:57:24PM -0700, Brandon High wrote:
Does anyone have a recommendation of ports that
it uses.
Nick Nanos
- -Original Message-
From: Pedro Zorzenon Neto [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 10:07 AM
To: [EMAIL PROTECTED]
Subject: ipchains log (62459 UDP port)
Hi,
I'd like to know to which service these packets belong. I got if from
On Tue, May 29, 2001 at 12:07:47PM +0100, Tim Haynes wrote:
sudo netstat -plan | grep LIST
just a small note: if your LC enviroment variables are set to other language, you may
need to change LIST for other word. (in pt_BR is OUÇA)
--
Pedro Zorzenon Neto http
4096 Mai 16 09:54 private
...
$ locate private | grep /home/pzn/private
the whole contents of my private dir suddenly appears here...
Why doesn't locate/updatedb saves the permissions?
Thanks in advance,
Pedro
--
Pedro Zorzenon Neto http://www.autsens.cjb.net
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote:
Hi list,
I created a directory /home/pzn/private/ and chmod it go-rwx to put my private
things.
Then nobody can see the contents and files of this directory, right? I've
believed it was true, but other user can do
Hi list,
I wrote a program that needs to run setuid root due to direct hardware access
(Package: avrprog).
This program needs to read data from a file and also write to other file.
I could use some options like this:
$ avrprog -i input.data -o output.data
But I chose to
On Fri, Jul 20, 2001 at 12:42:13PM +0100, David Wright wrote:
Do you mean this package?
Programmer for Atmel AVR microcontrolers that uses PC parallel port
Yes.
If so, I'm not sure why you think it needs to be setuid. Just
chgrp somegroup /dev/lp0 (or whichever port) and put yourself
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
Thought i'd ask what the general opinion is on the most secure pop3 daemon.
I need to install a pop3 damon on my debian machine, but I wanted to get a
good idea from you guys on which one to install.
Hi Moe,
All POP3 services are
Hi Friends,
I am developing a software to provide access control to users of a
network.
The gateway has ipchains rules to DENY packets from all 192.168.0.0/16
hosts to the 0.0.0.0/0 world.
If the user (a regular user, not root) does:
$ myprogram enable username password IP
the
On Thu, Dec 27, 2001 at 02:11:42PM -0200, Pedro Zorzenon Neto wrote:
$tmp=`umask 177; tempfile`;
fopen (PASS,$tmp);
print PASS $password;
fclose PASS;
`cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
sorry...
open (PASS,| myprogram enable $user $ip);
print PASS
Hi,
Which is the best way to create a POP only account? just change the
last field in /etc/passwd to /bin/false?
I want that the user will not be able to do anything on the machine
but retriving mail.
I will enable APOP in qpopper or use some ssl wrapper for POP3, will
disable the
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
Hi,
I have a slink-potato-woody server, and I am a little concerned about the
permissions some of the log files in /var/log have.
There are too many to list, but here are some:
-rw-r--r--1 root root 8232348 Nov 3 06:43
to root, then try:
cd /etc/ppp
egrep -r \-password .
to find any relevant settings.
HTH.
-chet
-
yet he has sorcery
On Fri, 3 Nov 2000, Pedro Zorzenon Neto wrote:
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote:
Hi,
I have a slink-potato-woody server
Hi, all
I put /bin/rbash as the default shell (in /etc/passwd) for some users that
I just want them to use a restricted login.
When the user logs in, rbash is being executed and the restricted login is
working well. But, if the user executes 'bash', everything becames unrestricted.
How
+++ !5 X-- R++ tv(+) b+(++) DI(+) D++
G+++ e-- h! !r y+++
--END GEEK CODE BLOCK--
On Tue, 14 Nov 2000, Jochen Striepe wrote:
Hi,
On 14 Nov 2000, Pedro Zorzenon Neto [EMAIL PROTECTED] wrote:
When the user logs in, rbash is being executed and the restricted login
wrote:
Le Wed, Nov 15, 2000 at 12:59:44PM -0200, Pedro Zorzenon Neto ecrit :
I changed in /etc/passwd
home directory of my restricted users to: /usr/local/bin/restricted
users's shell to: /bin/rbash
And created .bashrc .bash_profile in /usr/local/bin/restricted
I forgot one thing about all this...
All about the restricted bash could be useless if you forget to
lock the ftp acount of the restricted users.
You can avoid them to edit and create shell scripts inside their
telnet session, but if you forget to lock their ftp session ...
they could
Hi all,
Happy New Year!
I have some database files on a remote computer that I'd like to transfer to
home, and I need to send them encrypted.
I know how to use gnupg and scp and they would work fine, but the other
computer does't have them installed. I sent an email to [EMAIL PROTECTED]
Another idea would be to use a small perl client/server modell with
Crypt::CBC and IDEA...
To use perl is a good idea.
I could create a perl script that encrypts the files with a public key and
send them to me by e-mail. So, I can put it in cron and receive the files
periodically.
Some
with perl is a good idea as well, since they could be
crypted then downloaded from FTP without worries. This wouldn't require
opening or utilizing ports that may be firewalled. THere should be plenty
of examples in perldoc for doing this.
--Henry
On Tue, 2 Jan 2001, Pedro Zorzenon Neto wrote
Hi Duane,
from 'man ssh' you can find some answer:
As a third authentication method, ssh supports RSA based authentication.
The scheme is based on public-key cryptography: there are cryptosystems
where encryption and decryption are done using separate keys, and it is
not
Hi Steve,
About sending plain text password and files with telnet and ftp:
uninstall your 'telnetd' and 'ftp server' and install 'ssh'
ssh is real secure and has two usefull commands:
'ssh' is a substitute for telnet
and 'scp' is not the same thing, but substitutes ftp with some
Hi,
I'd like anyone to be able to use the local keyboard of some machines to
telnet/ssh to any other machine and use their account on the other machine.
A simple solution would be create one acount for user anyone without
password and restrict its login with rbash to use just telnet/ssh.
Mar 2001, Pedro Zorzenon Neto wrote:
Hi,
I'd like anyone to be able to use the local keyboard of some machines to
telnet/ssh to any other machine and use their account on the other machine.
A simple solution would be create one acount for user anyone without
password
Hi all,
I have a computer with potato that is a gateway for my intranet. It has real
IP, while the intranet has 192.168.1.x IP's.
Several services are running on it but I'd like only ssh, ntp and https to be
available to the outside world.
So, I thought this ipchains rules could help:
Chain
On Fri, Jun 01, 2001 at 09:21:19AM +0200, Philipp Schulte wrote:
I was thinking of bad memory that might cause this behaviour.
Helping about checking memory:
Install package 'hwtools'
Put a blank, formatted floppy disk in /dev/fd0 (or fd1)
# cp usr/lib/hwtools/memtest86.bin /dev/fd0
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote:
Hi list,
I created a directory /home/pzn/private/ and chmod it go-rwx to put my
private things.
Then nobody can see the contents and files of this directory, right? I've
believed it was true, but other user can do
Hi folks,
Suppose I trust ultimately in my 192.168.1.x users.
To the outside world the only service 'nmap' shows opened is tcp port 22 - ssh.
So, if 'ssh' has some security bug, people can use this bug to explore my
system. That I know is true.
Now, what I'd like to know...
Is there any way
Hi list,
I wrote a program that needs to run setuid root due to direct hardware
access (Package: avrprog).
This program needs to read data from a file and also write to other file.
I could use some options like this:
$ avrprog -i input.data -o output.data
But I chose to use
On Fri, Jul 20, 2001 at 12:42:13PM +0100, David Wright wrote:
Do you mean this package?
Programmer for Atmel AVR microcontrolers that uses PC parallel port
Yes.
If so, I'm not sure why you think it needs to be setuid. Just
chgrp somegroup /dev/lp0 (or whichever port) and put yourself
(and
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
Thought i'd ask what the general opinion is on the most secure pop3 daemon.
I need to install a pop3 damon on my debian machine, but I wanted to get a
good idea from you guys on which one to install.
Hi Moe,
All POP3 services are
On Sat, Sep 01, 2001 at 01:32:55AM -0500, Steven Barker wrote:
I don't blame to for being mad. I do blame you for ranting obscenly in
reply to every message. You may get 50 messages from this list, but 35 of
them are from you. Please stop flaming everyone and unsubscribe yourself.
I also
On Thu, Dec 27, 2001 at 04:46:45PM +0100, David Flatz wrote:
Pedro Zorzenon Neto said:
$ PASS=password myprogram enable username IP
then myprogram will read the PASS from the environment.
is there anyway a regular user could capture passwords?
yes it is ps auxe
try
On Thu, Dec 27, 2001 at 02:11:42PM -0200, Pedro Zorzenon Neto wrote:
$tmp=`umask 177; tempfile`;
fopen (PASS,$tmp);
print PASS $password;
fclose PASS;
`cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
sorry...
open (PASS,| myprogram enable $user $ip);
print PASS
On Thu, Dec 27, 2001 at 05:16:16PM +, Merlin wrote:
On Thursday 27 December 2001 16:46, Benjamin Smith wrote:
Because that doesn't solve the original problem of the password being
visible on the command line. The environment and the stdin were two
suggested ways of passing the
Hi,
ssh in potato is set to always try to use reverse DNS lookup. If the
client is not registered in the DNS server, then it gets an answer:
ssh_exchange_identification: Connection closed by remote host
I've looked in man sshd and man ssh and I didn't see any
configuration option which
Hi,
Which is the best way to create a POP only account? just change the
last field in /etc/passwd to /bin/false?
I want that the user will not be able to do anything on the machine
but retriving mail.
I will enable APOP in qpopper or use some ssl wrapper for POP3, will
disable the
Hi Folks,
I wrote a simple step by step howto to help people to setup bind8
chrooted in Debian Potato.
Check it at http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
If you have some comments, please send them to me, so I can improve
the howto. If you don't think the comments will
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you
49 matches
Mail list logo