Re: log permissions

2000-11-03 Thread Pedro Zorzenon Neto
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote: Hi, I have a slink-potato-woody server, and I am a little concerned about the permissions some of the log files in /var/log have. There are too many to list, but here are some: -rw-r--r--1 root root 8232348 Nov 3 06:43

Re: log permissions

2000-11-03 Thread Pedro Zorzenon Neto
to root, then try: cd /etc/ppp egrep -r "\-password" . to find any relevant settings. HTH. -chet - yet he has sorcery On Fri, 3 Nov 2000, Pedro Zorzenon Neto wrote: On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote: Hi, I have a slink-po

restricted bash (rbash)

2000-11-14 Thread Pedro Zorzenon Neto
Hi, all I put /bin/rbash as the default shell (in /etc/passwd) for some users that I just want them to use a restricted login. When the user logs in, rbash is being executed and the restricted login is working well. But, if the user executes 'bash', everything becames unrestricted. How

Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
Hi all, Happy New Year! I have some database files on a remote computer that I'd like to transfer to home, and I need to send them encrypted. I know how to use gnupg and scp and they would work fine, but the other computer does't have them installed. I sent an email to

Re: Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
Another idea would be to use a small perl client/server modell with Crypt::CBC and IDEA... To use perl is a good idea. I could create a perl script that encrypts the files with a public key and send them to me by e-mail. So, I can put it in cron and receive the files periodically. Some

Re: Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
On Tue, Jan 02, 2001 at 10:20:26AM -0800, Tom Marshall wrote: Can you use FTP to put precompiled ssh and scp binaries on the machine? $HOME/bin is usually a good place. I've done this before with some success. --- The most effective Windows NT remote management tool? A car. The remote

Re: Encrypted file transfer

2001-01-08 Thread Pedro Zorzenon Neto
the files with perl is a good idea as well, since they could be crypted then downloaded from FTP without worries. This wouldn't require opening or utilizing ports that may be firewalled. THere should be plenty of examples in perldoc for doing this. --Henry On Tue, 2 Jan 2001, Pedro Zor

Re: SSH and RSA

2001-02-19 Thread Pedro Zorzenon Neto
Hi Duane, from 'man ssh' you can find some answer: As a third authentication method, ssh supports RSA based authentication. The scheme is based on public-key cryptography: there are cryptosystems where encryption and decryption are done using separate keys, and it is not

anyone using telnet

2001-03-19 Thread Pedro Zorzenon Neto
Hi, I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh to any other machine and use their account on the other machine. A simple solution would be create one acount for user "anyone" without password and restrict its login with rbash to use just

Re: anyone using telnet

2001-03-19 Thread Pedro Zorzenon Neto
-rishi On Mon, 19 Mar 2001, Pedro Zorzenon Neto wrote: Hi, I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh to any other machine and use their account on the other machine. A simple solution would be create one acount for

Re: Ports to block?

2001-04-05 Thread Pedro Zorzenon Neto
I'd say to block all the ports you don't need to be available to the world. Just leave opened the essencial ports you need to provide services. Try nmap to see your opened ports. On Thu, Apr 05, 2001 at 12:57:24PM -0700, Brandon High wrote: Does anyone have a recommendation of ports that

Re: ipchains log (62459 UDP port)

2001-04-11 Thread Pedro Zorzenon Neto
it uses. Nick Nanos - -Original Message- From: Pedro Zorzenon Neto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 11, 2001 10:07 AM To: [EMAIL PROTECTED] Subject: ipchains log (62459 UDP port) Hi, I'd like to know to which service these packets belong. I got if from

Re: other mysterious port things

2001-05-29 Thread Pedro Zorzenon Neto
On Tue, May 29, 2001 at 12:07:47PM +0100, Tim Haynes wrote: sudo netstat -plan | grep LIST just a small note: if your LC enviroment variables are set to other language, you may need to change LIST for other word. (in pt_BR is OUÇA) -- Pedro Zorzenon Neto http

'locate' does not check permissions

2001-06-07 Thread Pedro Zorzenon Neto
4096 Mai 16 09:54 private ... $ locate private | grep /home/pzn/private the whole contents of my private dir suddenly appears here... Why doesn't locate/updatedb saves the permissions? Thanks in advance, Pedro -- Pedro Zorzenon Neto http://www.autsens.cjb.net

Re: 'locate' does not check permissions

2001-06-07 Thread Pedro Zorzenon Neto
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote: Hi list, I created a directory /home/pzn/private/ and chmod it go-rwx to put my private things. Then nobody can see the contents and files of this directory, right? I've believed it was true, but other user can do

read-write to stdin-stdout or to a file?

2001-07-20 Thread Pedro Zorzenon Neto
Hi list, I wrote a program that needs to run setuid root due to direct hardware access (Package: avrprog). This program needs to read data from a file and also write to other file. I could use some options like this: $ avrprog -i input.data -o output.data But I chose to

Re: read-write to stdin-stdout or to a file?

2001-07-20 Thread Pedro Zorzenon Neto
On Fri, Jul 20, 2001 at 12:42:13PM +0100, David Wright wrote: Do you mean this package? Programmer for Atmel AVR microcontrolers that uses PC parallel port Yes. If so, I'm not sure why you think it needs to be setuid. Just chgrp somegroup /dev/lp0 (or whichever port) and put yourself

Re: pop3

2001-07-29 Thread Pedro Zorzenon Neto
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Hi Moe, All POP3 services are

sending password in the command line

2001-12-27 Thread Pedro Zorzenon Neto
Hi Friends, I am developing a software to provide access control to users of a network. The gateway has ipchains rules to DENY packets from all 192.168.0.0/16 hosts to the 0.0.0.0/0 world. If the user (a regular user, not root) does: $ myprogram enable username password IP the

Re: sending password in the command line

2001-12-27 Thread Pedro Zorzenon Neto
On Thu, Dec 27, 2001 at 02:11:42PM -0200, Pedro Zorzenon Neto wrote: $tmp=`umask 177; tempfile`; fopen (PASS,$tmp); print PASS $password; fclose PASS; `cat $tmp | myprogram enable $user $ip; rm -f $tmp`; sorry... open (PASS,| myprogram enable $user $ip); print PASS

best way to create pop only accounts

2002-03-11 Thread Pedro Zorzenon Neto
Hi, Which is the best way to create a POP only account? just change the last field in /etc/passwd to /bin/false? I want that the user will not be able to do anything on the machine but retriving mail. I will enable APOP in qpopper or use some ssl wrapper for POP3, will disable the

Re: log permissions

2000-11-03 Thread Pedro Zorzenon Neto
On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote: Hi, I have a slink-potato-woody server, and I am a little concerned about the permissions some of the log files in /var/log have. There are too many to list, but here are some: -rw-r--r--1 root root 8232348 Nov 3 06:43

Re: log permissions

2000-11-03 Thread Pedro Zorzenon Neto
to root, then try: cd /etc/ppp egrep -r \-password . to find any relevant settings. HTH. -chet - yet he has sorcery On Fri, 3 Nov 2000, Pedro Zorzenon Neto wrote: On Fri, Nov 03, 2000 at 04:50:27PM +1100, Ian wrote: Hi, I have a slink-potato-woody server

restricted bash (rbash)

2000-11-14 Thread Pedro Zorzenon Neto
Hi, all I put /bin/rbash as the default shell (in /etc/passwd) for some users that I just want them to use a restricted login. When the user logs in, rbash is being executed and the restricted login is working well. But, if the user executes 'bash', everything becames unrestricted. How

Re: restricted bash (rbash)

2000-11-15 Thread Pedro Zorzenon Neto
+++ !5 X-- R++ tv(+) b+(++) DI(+) D++ G+++ e-- h! !r y+++ --END GEEK CODE BLOCK-- On Tue, 14 Nov 2000, Jochen Striepe wrote: Hi, On 14 Nov 2000, Pedro Zorzenon Neto [EMAIL PROTECTED] wrote: When the user logs in, rbash is being executed and the restricted login

Re: restricted bash (rbash)

2000-11-15 Thread Pedro Zorzenon Neto
wrote: Le Wed, Nov 15, 2000 at 12:59:44PM -0200, Pedro Zorzenon Neto ecrit : I changed in /etc/passwd home directory of my restricted users to: /usr/local/bin/restricted users's shell to: /bin/rbash And created .bashrc .bash_profile in /usr/local/bin/restricted

Re: restricted bash (rbash)

2000-11-16 Thread Pedro Zorzenon Neto
I forgot one thing about all this... All about the restricted bash could be useless if you forget to lock the ftp acount of the restricted users. You can avoid them to edit and create shell scripts inside their telnet session, but if you forget to lock their ftp session ... they could

Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
Hi all, Happy New Year! I have some database files on a remote computer that I'd like to transfer to home, and I need to send them encrypted. I know how to use gnupg and scp and they would work fine, but the other computer does't have them installed. I sent an email to [EMAIL PROTECTED]

Re: Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
Another idea would be to use a small perl client/server modell with Crypt::CBC and IDEA... To use perl is a good idea. I could create a perl script that encrypts the files with a public key and send them to me by e-mail. So, I can put it in cron and receive the files periodically. Some

Re: Encrypted file transfer

2001-01-02 Thread Pedro Zorzenon Neto
On Tue, Jan 02, 2001 at 10:20:26AM -0800, Tom Marshall wrote: Can you use FTP to put precompiled ssh and scp binaries on the machine? $HOME/bin is usually a good place. I've done this before with some success. --- The most effective Windows NT remote management tool? A car. The remote

Re: Encrypted file transfer

2001-01-08 Thread Pedro Zorzenon Neto
with perl is a good idea as well, since they could be crypted then downloaded from FTP without worries. This wouldn't require opening or utilizing ports that may be firewalled. THere should be plenty of examples in perldoc for doing this. --Henry On Tue, 2 Jan 2001, Pedro Zorzenon Neto wrote

Re: SSH and RSA

2001-02-19 Thread Pedro Zorzenon Neto
Hi Duane, from 'man ssh' you can find some answer: As a third authentication method, ssh supports RSA based authentication. The scheme is based on public-key cryptography: there are cryptosystems where encryption and decryption are done using separate keys, and it is not

Re: how secure is mail and ftp and netscape/IE???

2001-02-21 Thread Pedro Zorzenon Neto
Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some

anyone using telnet

2001-03-19 Thread Pedro Zorzenon Neto
Hi, I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh to any other machine and use their account on the other machine. A simple solution would be create one acount for user anyone without password and restrict its login with rbash to use just telnet/ssh.

Re: anyone using telnet

2001-03-19 Thread Pedro Zorzenon Neto
Mar 2001, Pedro Zorzenon Neto wrote: Hi, I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh to any other machine and use their account on the other machine. A simple solution would be create one acount for user anyone without password

Question about ipchains

2001-03-26 Thread Pedro Zorzenon Neto
Hi all, I have a computer with potato that is a gateway for my intranet. It has real IP, while the intranet has 192.168.1.x IP's. Several services are running on it but I'd like only ssh, ntp and https to be available to the outside world. So, I thought this ipchains rules could help: Chain

Re: other mysterious port things

2001-05-29 Thread Pedro Zorzenon Neto
On Tue, May 29, 2001 at 12:07:47PM +0100, Tim Haynes wrote: sudo netstat -plan | grep LIST just a small note: if your LC enviroment variables are set to other language, you may need to change LIST for other word. (in pt_BR is OUÇA) -- Pedro Zorzenon Neto http

Re: checking memory

2001-06-01 Thread Pedro Zorzenon Neto
On Fri, Jun 01, 2001 at 09:21:19AM +0200, Philipp Schulte wrote: I was thinking of bad memory that might cause this behaviour. Helping about checking memory: Install package 'hwtools' Put a blank, formatted floppy disk in /dev/fd0 (or fd1) # cp usr/lib/hwtools/memtest86.bin /dev/fd0

Re: 'locate' does not check permissions

2001-06-07 Thread Pedro Zorzenon Neto
On Thu, Jun 07, 2001 at 06:57:18PM -0300, Pedro Zorzenon Neto wrote: Hi list, I created a directory /home/pzn/private/ and chmod it go-rwx to put my private things. Then nobody can see the contents and files of this directory, right? I've believed it was true, but other user can do

What about closed ports?

2001-06-28 Thread Pedro Zorzenon Neto
Hi folks, Suppose I trust ultimately in my 192.168.1.x users. To the outside world the only service 'nmap' shows opened is tcp port 22 - ssh. So, if 'ssh' has some security bug, people can use this bug to explore my system. That I know is true. Now, what I'd like to know... Is there any way

read-write to stdin-stdout or to a file?

2001-07-20 Thread Pedro Zorzenon Neto
Hi list, I wrote a program that needs to run setuid root due to direct hardware access (Package: avrprog). This program needs to read data from a file and also write to other file. I could use some options like this: $ avrprog -i input.data -o output.data But I chose to use

Re: read-write to stdin-stdout or to a file?

2001-07-20 Thread Pedro Zorzenon Neto
On Fri, Jul 20, 2001 at 12:42:13PM +0100, David Wright wrote: Do you mean this package? Programmer for Atmel AVR microcontrolers that uses PC parallel port Yes. If so, I'm not sure why you think it needs to be setuid. Just chgrp somegroup /dev/lp0 (or whichever port) and put yourself (and

Re: pop3

2001-07-29 Thread Pedro Zorzenon Neto
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Hi Moe, All POP3 services are

Re: HARASS ME MORE.........

2001-09-01 Thread Pedro Zorzenon Neto
On Sat, Sep 01, 2001 at 01:32:55AM -0500, Steven Barker wrote: I don't blame to for being mad. I do blame you for ranting obscenly in reply to every message. You may get 50 messages from this list, but 35 of them are from you. Please stop flaming everyone and unsubscribe yourself. I also

Re: sending password in the command line

2001-12-27 Thread Pedro Zorzenon Neto
On Thu, Dec 27, 2001 at 04:46:45PM +0100, David Flatz wrote: Pedro Zorzenon Neto said: $ PASS=password myprogram enable username IP then myprogram will read the PASS from the environment. is there anyway a regular user could capture passwords? yes it is ps auxe try

Re: sending password in the command line

2001-12-27 Thread Pedro Zorzenon Neto
On Thu, Dec 27, 2001 at 02:11:42PM -0200, Pedro Zorzenon Neto wrote: $tmp=`umask 177; tempfile`; fopen (PASS,$tmp); print PASS $password; fclose PASS; `cat $tmp | myprogram enable $user $ip; rm -f $tmp`; sorry... open (PASS,| myprogram enable $user $ip); print PASS

Re: sending password in the command line

2001-12-27 Thread Pedro Zorzenon Neto
On Thu, Dec 27, 2001 at 05:16:16PM +, Merlin wrote: On Thursday 27 December 2001 16:46, Benjamin Smith wrote: Because that doesn't solve the original problem of the password being visible on the command line. The environment and the stdin were two suggested ways of passing the

ssh without reverse DNS lookup

2002-03-11 Thread Pedro Zorzenon Neto
Hi, ssh in potato is set to always try to use reverse DNS lookup. If the client is not registered in the DNS server, then it gets an answer: ssh_exchange_identification: Connection closed by remote host I've looked in man sshd and man ssh and I didn't see any configuration option which

best way to create pop only accounts

2002-03-11 Thread Pedro Zorzenon Neto
Hi, Which is the best way to create a POP only account? just change the last field in /etc/passwd to /bin/false? I want that the user will not be able to do anything on the machine but retriving mail. I will enable APOP in qpopper or use some ssl wrapper for POP3, will disable the

bind8+chroot step by step howto

2002-03-18 Thread Pedro Zorzenon Neto
Hi Folks, I wrote a simple step by step howto to help people to setup bind8 chrooted in Debian Potato. Check it at http://people.debian.org/~pzn/howto/chroot-bind.sh.txt If you have some comments, please send them to me, so I can improve the howto. If you don't think the comments will

Re: scp and sftp

2002-04-01 Thread Pedro Zorzenon Neto
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you