We had our linux firewalls audited and I wanted to get some opinions on some
of the issues raised.
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That doesn't sound right.
Mount partitions read only where possible.
I guess this is a good
I have some parody songs I downloaded of the net as .mp3 files.
How do I convert them into wav files to then get cdrecord to create me an
audio cd?
I saw some references to mp32wav but could not find any real code or
examples.
I am sure there is a simple way to do this, just as there is for
Hi,
If you need to get a small file from one RH6.2 machine to
another, and can't use networking, floppy, Zip etc
but have a null modem, how do you pipe data into/out of ttyS1?
I tried it with cat; the results were recognisable but damaged
owing to lack of stop/start control.
Cheers,
Jim Donovan
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!" --me
"I trust just one person,
and there are times when I don't even trust myself"
quote who="Rodos"
How do I convert them into wav files to then get cdrecord to create me an
audio cd?
For conversion:
mpg123 -w wav file output input.mp3
(Do this with a for loop for a whole stack of files.)
For burnage:
cdrecord dev=0,0,0 speed=8 -pad -audio *.wav
- Jeff
--
quote who="[EMAIL PROTECTED]"
If you need to get a small file from one RH6.2 machine to
another, and can't use networking, floppy, Zip etc
but have a null modem, how do you pipe data into/out of ttyS1?
You can set up a SLIP connection between the two, or use minicom to do a
On Tue, Feb 27, 2001 at 02:04:13PM +1100, Jason Rennie uttered:
Hi again,
Have i missed anything ?
Yes!
man xbill
:-)
Jason
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
--
[EMAIL PROTECTED] was once rumoured to have said:
Hi,
If you need to get a small file from one RH6.2 machine to
another, and can't use networking, floppy, Zip etc
but have a null modem, how do you pipe data into/out of ttyS1?
I tried it with cat; the results were recognisable but damaged
Howard Lowndes was once rumoured to have said:
On Tue, 27 Feb 2001, chesty wrote:
We had our linux firewalls audited and I wanted to get some opinions on some
of the issues raised.
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That
On Tue, Feb 27, 2001 at 10:09:40PM +1100, Jeff Waugh wrote:
quote who="Rodos"
How do I convert them into wav files to then get cdrecord to create me an
audio cd?
For conversion:
mpg123 -w wav file output input.mp3
I think sox does it too.
Dave.
--
SLUG - Sydney Linux User Group
On Tue, 27 Feb 2001, Jeff Waugh wrote:
mpg123 -w wav file output input.mp3
cdrecord dev=0,0,0 speed=8 -pad -audio *.wav
Thanks Jeff, thats exactly what I was looking for. One CD created and
working just fine. No coasters here.
Rodos
--
[EMAIL PROTECTED] | C makes it easy to shoot
On Tue, Feb 27, 2001 at 09:49:33PM +1100, chesty wrote:
We had our linux firewalls audited and I wanted to get some opinions on some
of the issues raised.
The good old firewall audit... Yet to find an auditor who returns a
worthwhile report...
We were advised to turn sshd
On Tue, 27 Feb 2001, chesty wrote:
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That doesn't sound right.
from ssh(1):
If other authentication methods fail, ssh prompts the user for a pass-
word. The password is sent to the
On Tue, 27 Feb 2001, Rodos wrote:
On Tue, 27 Feb 2001, Jeff Waugh wrote:
mpg123 -w wav file output input.mp3
cdrecord dev=0,0,0 speed=8 -pad -audio *.wav
Thanks Jeff, thats exactly what I was looking for. One CD created and
working just fine. No coasters here.
If you're looking
On Tue, Feb 27, 2001 at 09:18:25PM +1100, Terry Collins wrote:
Mount partitions read only where possible.
I guess this is a good idea, but in what situation would this add security?
You need to be root to be able to write to the partitions that I could mount read
only, and if someone gets
*yawn* No, I'm not up sysadminning or whatever, I'm just unwell. :) I'd love
to say I was still up hacking, but I can't concentrate *that* much.
Anyway, I've been pondering how to go about NFS mounting user directories,
for X terminals and other uses. Is it best just to mount /home at boot and
I have been looking for a reasonably sophisticated text-based
calendar/diary (something like pine for email). Does anyone have any
suggestions?
thanks
Richard
Richard Piper
Intensive Care Unit
Royal North Shore Hospital
Sydney, Australia
Work (612) 9926-8617 or 8656
Home (612) 9419-2339
Pager
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!" --me
"I trust just one person,
and there are times when I don't even trust myself"
chesty wrote:
On Tue, Feb 27, 2001 at 09:18:25PM +1100, Terry Collins wrote:
Mount partitions read only where possible.
I guess this is a good idea, but in what situation would this add security?
You need to be root to be able to write to the partitions that I could mount read
Not quite what you are asking, but ical has a nice facility to create a
text list for a perios span.
I use this with a cron job to email me my diary (forward 5 days) each
morning.
cron job:
02 02 * * * /usr/bin/ical -calendar /home/lannet/.calendar -list |
mail -s "Your next 5 day
Richard Piper wrote:
I have been looking for a reasonably sophisticated text-based
calendar/diary (something like pine for email). Does anyone have any
suggestions?
emacs has one
ducks off to gosford for the day {:-).
--
Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861
Jeff Waugh was once rumoured to have said:
*yawn* No, I'm not up sysadminning or whatever, I'm just unwell. :) I'd love
to say I was still up hacking, but I can't concentrate *that* much.
Anyway, I've been pondering how to go about NFS mounting user directories,
for X terminals and other
On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
On Tue, 27 Feb 2001, chesty wrote:
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That doesn't sound right.
from ssh(1):
If other authentication methods fail, ssh
The key word is "tunneled". The traffic is still encrypted. The
PasswordAuthentication option avoids or allows using the account password
at all.
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_
On Wed, Feb 28, 2001 at 08:00:58AM +1100, Dave Fitch wrote:
On Tue, Feb 27, 2001 at 11:54:20PM +1100, Ian Tester wrote:
from ssh(1):
If other authentication methods fail, ssh prompts the user for a pass-
word. The password is sent to the remote host for checking; however,
|If you need to get a small file from one RH6.2 machine to
|another, and can't use networking, floppy, Zip etc
|but have a null modem, how do you pipe data into/out of ttyS1?
Try kermit.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info:
I sucked down Sid the other night, and along the way one file
failed to download, I was using 'apt-get -d' so I could monitor
the update later. So I grabbed this file, and a couple of others
on a 'doze box at work and put them on a floppy, with the intention
of using 'apt-cache add'. But when I
We were advised to turn sshd PasswordAuthentication off because it allows
clear text passwords.
hey? That doesn't sound right.
pass
PasswordAuthentication allows the use of an account even if you don't have
a key on the box.. i.e. all you have to know is a username and
password.. and
I concurr with Howard - but their suggestion is legitimate - but for a
different reason. PasswordAuthentication means you're relying upon
users to pick sensible passwords. Its actually best to make sure
nobody but your administrators have access to your firewall systems
Unfortunately,
The good old firewall audit... Yet to find an auditor who returns a
worthwhile report...
It is only too true... most "auditors" are not very useful.. *sigh*
Of course, you could just upload something into a different partition which
is read-write (/etc maybe?), but given that we're
I actually burn my private keys, locked with an access phrase, onto one of
those credit card CDs, together with teraterm software so that I can
support my client's from anywhere that I have Windows and Internet access.
For Linux and Internet access then I only need the keys as the clients
have
Non root users can't write to it because of file permissions, root users
can remount it read write. You haven't convinced me. Reading other peoples
responses I can see some value in it.
You've said it yourself - root can remount rw.. again, you're assuming
initial root access. :)
Are you
OK, next question. What's the RTFM for this?
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!" --me
"I trust just one person,
and there are times when I don't even trust myself"
How many times is this a service provided by a large accounting firm using
green behind the ears accounting grads with a minor in IT.
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!"
Last night I experienced a security breach. I run a small lan with a
ppp dial-up connection that is often left connected. It seems that at
11pm an email containing the output of ifconfig and the contents of
the passwd files was sent by root to [EMAIL PROTECTED] Luckily the mail
was bounced by our
*Every*time. :)
And the procedure is pulled form an outdated copy of the ACS "audit
questions guide" or simply the output of:
/bin/satan-like-product address-range
:)
//umar.
On Wed, 28 Feb 2001, Howard Lowndes wrote:
How many times is this a service provided by a large accounting firm
I am sure there is a simple way to do this, just as there is for ripping a
CD to mp3s.
xmms has an output to wave option. Instead of to the speakers.
Jason
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
mounting noexec and nosuid?
man mount
also, mount it "nodev" as well for flavour. :)
//umar.
On Wed, 28 Feb 2001, Howard Lowndes wrote:
OK, next question. What's the RTFM for this?
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info:
Feb 28 01:53:07 emu portmap[12152]: connect from 202.157.133.184 to
getport(status): request from unauthorized host
Why are you rnning the portmapper? Turn it off if youdon't specifically
need it.
a "netstat -an | grep LISTEN" will show you "evilthings(tm)" ;)
If you don't recognize it as
Hi,
In this context. What is port 587 and 1024. I couldn't find these in
/etc/services
tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp0 0 0.0.0.0:10240.0.0.0:* LISTEN
Bernhard Lder
This electronic mail is solely for the
"netstat -ean" will tell you which uid is listening on those ports.
//umar.
On Wed, 28 Feb 2001, [iso-8859-1] Bernhard Lüder wrote:
Hi,
In this context. What is port 587 and 1024. I couldn't find these in
/etc/services
tcp0 0 0.0.0.0:587 0.0.0.0:*
Robert Graham's website has some info on port 1024:
http://www.robertgraham.com/pubs/firewall-seen.html
quoted below -
"1024 - Many people ask the question what this port is used for. The
answer is that this is the first port number in the dynamic range of ports.
Many applications don't care
Jason,
A couple of extra's
How do I create a floppy disk from Unix.
How do I print from Unix, how do I change print settings.
KenF
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
To find out which process is listening on a port, use fuser, e.g.:
[root@dropbear ~]# fuser -n tcp 53
53/tcp: 17479
[root@dropbear ~]# ps ax|grep 17479
17479 ? S0:29 named -u named
Cheers,
John
--
"Every time I have to pipe something into awk I get this mental picture of
Adrian Chiang wrote:
Robert Graham's website has some info on port 1024:
http://www.robertgraham.com/pubs/firewall-seen.html
quoted below -
"1024 - Many people ask the question what this port is used for. The
answer is that this is the first port number in the dynamic range of ports.
Hadn't tried beyond 2.4.0 (i should've been more specific in my post).
On Tue, 27 Feb 2001, Michael Covi wrote:
It's in 2.4.1 and later.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Hi,
This occurred to me as well last night - I think around 3am. Similarly, it
was discovered because the mail destination domain could not be found.
However, I think this is because somewhere in teh process of getting in,
they broke my local named (i wasnt working in the morning) - that or
Hi everybody,
I am using Netscape Messaging Server 4.1 (both on
Solaris NT 4.0). Netscape offers "Program Delivery"
function wich enable a program auto-run when a new
mail arrived. I had read some guide docs from Netscape
(Admin Docs, Messaging Access SDK,...) but they don't
tell me how does
simple things that make me weep.
I'm installing a new Debian and can't get the mouse to work. I doubt it's
hardware, because:
This box is a test bed, and yesterday this mouse worked fine under SuSE;
The mouse works through a switch and works fine on three other boxes;
I haven't moved the
Just reading the cdrecord setup for ATAPI it recommends that I add a
line like the last one in my lilo.conf
image = /boot/win4lin
label = cdr
read-only
root = /dev/hda3
hdc = ide-scsi
The last line, but this gives me:
Added cdr
Syntax error
David was once rumoured to have said:
simple things that make me weep.
I'm installing a new Debian and can't get the mouse to work. I doubt it's
hardware, because:
This box is a test bed, and yesterday this mouse worked fine under SuSE;
The mouse works through a switch and works fine
quote who="Ken Foskey"
hdc = ide-scsi
The last line, but this gives me:
Added cdr
Syntax error near line 23 in file /etc/lilo.conf
Change it to:
append="hdc=ide-scsi"
SmartArses [EMAIL PROTECTED], I cannot afford a real SCSI drive :-}
Bah. Waste of money for a
Ken Foskey was once rumoured to have said:
Just reading the cdrecord setup for ATAPI it recommends that I add a
line like the last one in my lilo.conf
image = /boot/win4lin
label = cdr
read-only
root = /dev/hda3
hdc = ide-scsi
The last line, but this
On Wed, Feb 28, 2001 at 12:55:51PM +1100, Ken Foskey wrote:
How do I create a floppy disk from Unix.
There are many ways, but one of the most useful is the "mtools"
utilities. If you find and install them, you can then use
mformat, mcopy mdir, and so on, and treat it just like a DOS
floppy.
On Tue, 27 Feb 2001, Le Nhu Hai wrote:
Hi everybody,
I am using Netscape Messaging Server 4.1 (both on
Solaris NT 4.0). Netscape offers "Program Delivery"
function wich enable a program auto-run when a new
mail arrived. I had read some guide docs from Netscape
(Admin Docs, Messaging
--8-
E:The package cache file is corrupted.
--8-
Did you hear that?
Hear what?
I think it's the sound of all the apt-get fans running for cover! ;-)
Martin Visser
Technology Consultant - Compaq
Steven downing was once rumoured to have said:
[Details snipped]
This seems (to me!) to imply some kind of lack of memory (MMap??)
So I made sure nothing much was running and tried again, but every
subsequent apt-cache add came up with..
E:The package cache file is corrupted.
Which made
Hi Everyone,
From: Umar Goldeli [EMAIL PROTECTED]
To: Sean Carmody [EMAIL PROTECTED]
Subject: Re: [SLUG] Security Breach
Feb 28 01:53:07 emu portmap[12152]: connect from 202.157.133.184 to
getport(status): request from unauthorized host
Why are you rnning the portmapper? Turn it off
If it got the contents of /etc/shadow then they got root as that file is
normally only readable by root. Big worry.
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!" --me
"I trust
Crossfire [EMAIL PROTECTED] 28/02/01 15:16:26
Steven downing was once rumoured to have said:
[Details snipped]
E:The package cache file is corrupted.
Which made me think the .deb was corrupted via Windows
stoopidnes (It might still be I guess), but closer reading leads
me to think the
Hi guys,
situation:
2 ethernet cards, both Netgear FA310tx
both detected fine.
question is, is there any way to tell which physical card is eth0 and
which is eth1 ?
and, will they always be detected in the same order ? (ie. so that eth0
will always refer to the same physical card)
thanks
On Wed, Feb 28, 2001 at 03:52:42PM +1100, Martin wrote:
2 ethernet cards, both Netgear FA310tx
both detected fine.
question is, is there any way to tell which physical card is eth0 and
which is eth1 ?
I just usually plug some ethernet in and bring one device up and
swap the
Rebecca Richards was once rumoured to have said:
Hi Everyone,
Hey There!
From: Umar Goldeli [EMAIL PROTECTED]
To: Sean Carmody [EMAIL PROTECTED]
Subject: Re: [SLUG] Security Breach
Feb 28 01:53:07 emu portmap[12152]: connect from 202.157.133.184 to
getport(status): request from
John Ferlito was once rumoured to have said:
On Wed, Feb 28, 2001 at 03:52:42PM +1100, Martin wrote:
2 ethernet cards, both Netgear FA310tx
both detected fine.
question is, is there any way to tell which physical card is eth0 and
which is eth1 ?
I just usually plug some ethernet
Ping them and watch the traffic from the port.
i'll give that a go...
In a given hardware setup, yes. Once you swap slots, change
motherboards, things may change.
i read something just after i sent that message that detection order
(and hence the numbering) was reliant on which PCI slot
Steven downing wrote:
'Apt-get update' updates the list of available packages yeah?
And I was thinking that the packages cache file
(/var/cache/apt/packages.bin??), was an index of files which had
been downloaded from a network source (and possibly not
yet installed on the system)
Read
a "netstat -an | grep LISTEN" will show you "evilthings(tm)" ;)
Not necessarily. Some rootkits have nobbled the "netstat", "ps" and other
system binaries, so that they don't show up suspicious processes/listening
ports/logged in users.
Agreed thoroughly. But remember, this is
Umar Goldeli was once rumoured to have said:
Perhaps we should have another SLUG meeting on security with a QA
session or a BOF session (or even a BOFH session ;)
I'll be up for a BOFH session :) Maybe we'll have to declare thursday
night at the SLUG stand as BOFH night ;)
C.
--
Ken Foskey wrote:
How do I create a floppy disk from Unix.
1. to format a floppy disk under Linux you use the 'fdformat' command.
The man pages for this ie 'man fdformat' will tell you heaps.
Example: to format the first floppy disk which is fd0 to High Density
1.44 Meg we use:
(the
I had this the other day. Both cards identical, but one had a cable
connected and the other didn't. The one with the cable connected got
eth0 even though it was in the further PCI slot than the other card. So I
guess there must be a number of factors. I shall have to try them with
the cable
...or keep this discussion on list for those who cannot get to SLUG
meetings.
Or both.. I'd be happy to do a presentation or a QA session on security if
anyone's interested.. and consdering that a lot of people on this list are
admins or working in IT - it'd be quite good to keep it on
...or keep this discussion on list for those who cannot get to SLUG
meetings.
BTW, when you do a backup to tape, would that not alter the atime?
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_
BTW, when you do a backup to tape, would that not alter the atime?
Oh one more thing - it will alter the atime on /dev/sdb1 (or whatever) -
but that's not exactly going to be useful anyway.
With the /dev tree - mainly you're concerned with dodgy devices - a lot of
people make a /dev/rpty123 or
Umar Goldeli was once rumoured to have said:
...or keep this discussion on list for those who cannot get to SLUG
meetings.
Or both.. I'd be happy to do a presentation or a QA session on security if
anyone's interested.. and consdering that a lot of people on this list are
admins or
On Wed, Feb 28, 2001 at 10:49:32AM +1100, Umar Goldeli wrote:
Are you serious? if someone gets in the game is over, they already know enough
about the box, wouldn't you say?
The above statement is not exactly correct, but yes they do know about the
box somewhat, and even if the man pages
On Wed, Feb 28, 2001 at 10:15:13AM +1100, Umar Goldeli wrote:
Removing binaries just means the attackers have to get them in via
some other means.
Indeed. You're buying time. Time is good. If your attacker can't readily
telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to
76 matches
Mail list logo