Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70 Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the
firewall is on, can i disable it completely or is there any way of
allowing my telnet session to happen?
--
Riaz Ur Rahaman
Riaz Ur Rahaman wrote:
I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
(why not use ssh? telnet isn't secure) are you sure that your system provides the possibility to log in via telnet? (perhaps you can try it locally: telnet localhost) HTH Stefan
On Jan 5, Riaz Ur Rahaman
I am not able to telnet to my system...I didnt have this problem when I was running 9.1.... So, what are you running now? SuSE 9.2 probably? Is the problem with your client or your server? Server probably?
telnet 215.176.125.70 Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
Since this seems to be an official internet IP, I STRONGLY SUGGEST to use SSH instead of telnet. Telnet is insecure and can easily be sniffed. SSH is as good as telnet and offers additional goodies like file transfer (SFTP/SCP), portforwarding and compression. I haven't used telnet during the past years, and so should you :) Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
The telnet server is not enabled by default, if you had it in 9.1 then
surely you enabled it in some moment (i.e. in the xinetd/inetd
configuration files). And of course, the firewall must know that you
want that service open, so must define it in your firewall
configuration.
Anyway, plain telnet is not very safe exactly, why not use i.e. ssh?
the server is enabled by default, and the only thing you must do is
enable connections from outside in the firewall
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70 Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Hi, I get the following error when i try to enable telnet.
/etc/init.d/xinetd start inetd Starting INET services. (xinetd) failed
My system is in the local office network and i need telnet access to my system enabled. please advice on this.. -Riaz On Wed, 2005-01-05 at 11:23 -0200, Gustavo Muslera wrote:
The telnet server is not enabled by default, if you had it in 9.1 then surely you enabled it in some moment (i.e. in the xinetd/inetd configuration files). And of course, the firewall must know that you want that service open, so must define it in your firewall configuration.
Anyway, plain telnet is not very safe exactly, why not use i.e. ssh? the server is enabled by default, and the only thing you must do is enable connections from outside in the firewall
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote: Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70 Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen? -- Riaz Ur Rahaman
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote: Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70
Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?! You are either too stupid to work there, or you have some other agenda. Maarten
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote:
Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70
Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten. To list: AVOID this guy. -- _____________________________________ John Andersen
On Tue, Jan 11, 2005 at 10:55:14PM -0900, John Andersen wrote:
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote:
Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70
Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten.
OH MY GOD! Anyone ever read rinkworks computer stupidities? This should be there..... Shit like this makes me want to think about a Dell. No offense @HP, but I worked flipping burgers in fast food because I'm "underqualified" because I can't afford to take the test and get my stuff from it, but THIS dude can work for HP?? OK, I'm pissed. I wouldn't be so pissed if I wasn't in need of a job so bad, but when you see things like this you just cringe. You idiot, make sure you have the Telent server installed, and then edit the firewall with YAST2 and tell it to allow telnet.... Telnet is clear text, but after seeing this crap, I don't think you'll be able to comprehend why SSH is better anyway.
On Wed, 12 Jan 2005 03:38:11 -0500, Allen
On Tue, Jan 11, 2005 at 10:55:14PM -0900, John Andersen wrote:
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote:
Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
>telnet 215.176.125.70
Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten.
OH MY GOD! Anyone ever read rinkworks computer stupidities? This should be there..... Shit like this makes me want to think about a Dell.
No offense @HP, but I worked flipping burgers in fast food because I'm "underqualified" because I can't afford to take the test and get my stuff from it, but THIS dude can work for HP?? OK, I'm pissed. I wouldn't be so pissed if I wasn't in need of a job so bad, but when you see things like this you just cringe.
You idiot, make sure you have the Telent server installed, and then edit the firewall with YAST2 and tell it to allow telnet.... Telnet is clear text, but after seeing this crap, I don't think you'll be able to comprehend why SSH is better anyway.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Avoid is right.
On Wed, Jan 12, 2005 at 01:48:04PM +0000, martin mcleod wrote:
On Wed, 12 Jan 2005 03:38:11 -0500, Allen
wrote: On Tue, Jan 11, 2005 at 10:55:14PM -0900, John Andersen wrote:
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman
wrote:
> Hi, > I am not able to telnet to my system...I didnt have this problem > when I was running 9.1.... > > >telnet 215.176.125.70 > > Trying 215.176.125.70... > telnet: connect to address 215.176.125.70: Connection refused > > What configuration changes are required to be done in this case? If > the firewall is on, can i disable it completely or is there any way > of allowing my telnet session to happen?
Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten.
OH MY GOD! Anyone ever read rinkworks computer stupidities? This should be there..... Shit like this makes me want to think about a Dell.
No offense @HP, but I worked flipping burgers in fast food because I'm "underqualified" because I can't afford to take the test and get my stuff from it, but THIS dude can work for HP?? OK, I'm pissed. I wouldn't be so pissed if I wasn't in need of a job so bad, but when you see things like this you just cringe.
You idiot, make sure you have the Telent server installed, and then edit the firewall with YAST2 and tell it to allow telnet.... Telnet is clear text, but after seeing this crap, I don't think you'll be able to comprehend why SSH is better anyway.
Heh, I doubt this guy will be back asking this question, or playing with THAT server again. ;)
To be honest, I really dislike the way people used to communicate with Riaz. Don't call people idiot nor stupid because they do mistakes. Teach them what they should do OR like in this case not do. If you are too busy to respond or just don't care, don't pollute the mailing-list with childish and arrogant posts. Give the man a chance instead. All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone! This topic has been running for too long now... Regards, David Allen wrote:
On Wed, Jan 12, 2005 at 01:48:04PM +0000, martin mcleod wrote:
On Wed, 12 Jan 2005 03:38:11 -0500, Allen
wrote: On Tue, Jan 11, 2005 at 10:55:14PM -0900, John Andersen wrote:
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
>On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman >
> > wrote: >>Hi, >> I am not able to telnet to my system...I didnt have this problem >>when I was running 9.1.... >> >> >> >>>telnet 215.176.125.70 >>> >>> >>Trying 215.176.125.70... >>telnet: connect to address 215.176.125.70: Connection refused >> >>What configuration changes are required to be done in this case? If >>the firewall is on, can i disable it completely or is there any way >>of allowing my telnet session to happen? >> >> Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten.
OH MY GOD! Anyone ever read rinkworks computer stupidities? This should be there..... Shit like this makes me want to think about a Dell.
No offense @HP, but I worked flipping burgers in fast food because I'm "underqualified" because I can't afford to take the test and get my stuff from it, but THIS dude can work for HP?? OK, I'm pissed. I wouldn't be so pissed if I wasn't in need of a job so bad, but when you see things like this you just cringe.
You idiot, make sure you have the Telent server installed, and then edit the firewall with YAST2 and tell it to allow telnet.... Telnet is clear text, but after seeing this crap, I don't think you'll be able to comprehend why SSH is better anyway.
Heh, I doubt this guy will be back asking this question, or playing with THAT server again. ;)
David De Maeyer wrote:
To be honest, I really dislike the way people used to communicate with Riaz. Don't call people idiot nor stupid because they do mistakes. Teach them what they should do OR like in this case not do. If you are too busy to respond or just don't care, don't pollute the mailing-list with childish and arrogant posts. Give the man a chance instead.
All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone!
Well said David. Choose to teach, choose to learn...
This topic has been running for too long now...
Again, well said. -- Until later, Geoffrey
On Thu, Jan 13, 2005 at 10:48:48AM +0100, David De Maeyer wrote:
To be honest, I really dislike the way people used to communicate with Riaz. Don't call people idiot nor stupid because they do mistakes. Teach them what they should do OR like in this case not do. If you are too busy to respond or just don't care, don't pollute the mailing-list with childish and arrogant posts. Give the man a chance instead.
I told him exactly how to fix his problem after I called him an Idiot. This isn't some run of the mill newbie who needed help, this person worked for HP, one fo the largest computer companies in the World.... I would understand if he was a newbie who was new to computing, but an HP employee? Hell no. I can't even get a job flippin' burgers but that guy can work at HP and be a threat to national security at the same time.... Wait, let me re-word that, WAS a threat to national security. Last I heard the Pentagon was notified of him and he was mud. I'm not saying you can't make mistakes, but DAMN, when the whole list is telling you telnet is crap, and that you should REALLY not use it, and everyone trying to help him, hello, he works at HP trying to get into a DoD computer and we should treat him nicer? Maybe if he would have asked how to EDIT the firewall config, then, maybe, even though he was still workign at HP and should already know this crap, but OK, but no, he asked how to shut it down completely.
All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone!
Yes, but most of us "dummies" weren't working at HP with an actual job being an idiot while people who are in need are sitting around waiting for a job because nothing is in need of employees. The IP should be down now.
Regards, David
Allen wrote:
On Wed, Jan 12, 2005 at 01:48:04PM +0000, martin mcleod wrote:
On Wed, 12 Jan 2005 03:38:11 -0500, Allen
wrote: On Tue, Jan 11, 2005 at 10:55:14PM -0900, John Andersen wrote:
On Tuesday 11 January 2005 01:24 am, Maarten wrote:
On Tuesday 11 January 2005 10:59, Riaz Ur Rahaman wrote:
>>On Wed, 05 Jan 2005 17:20:33 +0530, Riaz Ur Rahaman >>
>> >> wrote: >>>Hi, >>> I am not able to telnet to my system...I didnt have this problem >>>when I was running 9.1.... >>> >>> >>> >>>>telnet 215.176.125.70 >>>> >>>> >>>Trying 215.176.125.70... >>>telnet: connect to address 215.176.125.70: Connection refused >>> >>>What configuration changes are required to be done in this case? If >>>the firewall is on, can i disable it completely or is there any way >>>of allowing my telnet session to happen? >>> >>> Ehm...Let me get this straight. You're posting from a @hp.com address, to a security list, you mention two highly frowned upon items; "completely disabling firewall" and "enabling telnet" in you post *AND* you even put in the IP number of the target host...?!?!
You are either too stupid to work there, or you have some other agenda.
Maarten
Yes, trying to fiddle with a US DOD target at that. Good call Maarten.
OH MY GOD! Anyone ever read rinkworks computer stupidities? This should be there..... Shit like this makes me want to think about a Dell.
No offense @HP, but I worked flipping burgers in fast food because I'm "underqualified" because I can't afford to take the test and get my stuff from it, but THIS dude can work for HP?? OK, I'm pissed. I wouldn't be so pissed if I wasn't in need of a job so bad, but when you see things like this you just cringe.
You idiot, make sure you have the Telent server installed, and then edit the firewall with YAST2 and tell it to allow telnet.... Telnet is clear text, but after seeing this crap, I don't think you'll be able to comprehend why SSH is better anyway.
Heh, I doubt this guy will be back asking this question, or playing with THAT server again. ;)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thu, 2005-01-13 at 10:06 -0500, Allen wrote:
All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone!
Yes, but most of us "dummies" weren't working at HP with an actual job being an idiot while people who are in need are sitting around waiting for a job because nothing is in need of employees.
I am not sure if you are aware of this, so i tell you just to be on the safe side. Knowledge is not the only thing companies are searching for when employing people. The other important part is social competence (I know it sounds like a marketing word but it just brings it down to the point). You see, beeing able to help people knowing nothing or help them even if you think they should know allready, in other words - helping people that steal your last nerves, would make you a person with some social competence. Being able to do so and motivating the person to go on with his learning process would mean you have even more social competence. Doing so and not telling other people what a bastard that person is you just helped nicely, would mean you are really social competent. I just wanted to note that. I admit it's idealistic but i cant keep it behind since you are wining some people doesnt find a job. Greetings from Germany, Grand Apeiron
On Thu, Jan 13, 2005 at 04:23:35PM +0100, Grand Apeiron wrote:
On Thu, 2005-01-13 at 10:06 -0500, Allen wrote:
All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone!
Yes, but most of us "dummies" weren't working at HP with an actual job being an idiot while people who are in need are sitting around waiting for a job because nothing is in need of employees.
Why is it that once again, out of everyone who called him stupid or acted the way I did, I'm the only one anyone is saying a word too? There were 4 other posts NOt made by me that said pretty much the same thing I said, where are the emails telling them they're meanie heads too? And another thing, how many of YOU sitting there telling my how shitty my attitude is helped him ? I seen a lot of e-mails and only mine that actually showed him how to fix his problem. and I must not have been that far off, he was fired. That DoD box was enough to have him taken apart. Pentagon wasn't very happy about his little attempt and said the same things I did. I told my friend down at the DoD and his words were very similar to mine as he jumped on the phone. I'm not going to apoogize for my attutide, I don't care if you think I'm an asshole. I think you three are quick to judge. You "Wouldn't hire me" based on 3 emails.... Hmmm If I dig around in your inboxes you'd be lying to say you've never sent something your employer would frown upon. Only difference is I don't hide how I truely feel. Call it arrogance, call it an attitude problem, but what does it really mean? Nothing, I sit here all day listening to people on here complain about SUSE support, and then sit there saying "Well even though someone is trying to make a Government system insecure, he should be given another chance and no one should say anything mean".... I was never like this until I was exposed to gross incompetence. I get called a moron and an idiot all the time, so I'm bad because I point out I'm not the biggest idiot on the planet? Next time you want to judge me, ... Actually no, you call me arrogant, Judging is God's job, you judged me saying you wouldn't hire me because of my attitude, do you think you're God? That's way more arrogant than I am. It's not your place to judge. This is hmm, the 5th time a little group of you have attacked me, and only me, and it's because of my attitude? How come other people get away with saying almost the same thing as I do and no one says anything? How is that fair? I read here almost every day and the ONLY time I ever see anyone say one word to anyone is when it's me. This is "suse-security" not "group-hugs-for-people-with-attitude-problems". People whine about the list going OT, well how is attacking me, ON LIST, on topic? If I bother you so much, BLOCK ME. And while you're doign that, get a sense of humor. The last time I got reamed by 200 people (By the way, thanks for the SPAM and viruses lamers) it was because that one guy starting with me about something and I simply replied.
From what I'm seeing no one cares if you're an idiot as long as you're "socially acceptable"... Yea, I'm sure that idea serves you well in life, don't tell me how to run mine.
I am not sure if you are aware of this, so i tell you just to be on the safe side. Knowledge is not the only thing companies are searching for when employing people.
I can see that now. All I have to do is kiss some auspumpen and I'll be sure to have the job market beating my door down. The sad thing is, if any of you ever met me in person you wouldn't even believe it was me. You all seem to catch me in the worst mood and then tell me I'm bad.
The other important part is social competence (I know it sounds like a marketing word but it just brings it down to the point).
I have that, but I have this hatred of gross stupidity. I think it might be a complex after hearing how I'M stupid my whole life.
You see, beeing able to help people knowing nothing or help them even if you think they should know allready, in other words - helping people that steal your last nerves, would make you a person with some social competence.
http://www.google.com Search for BOFH
Being able to do so and motivating the person to go on with his learning process would mean you have even more social competence.
Let me ask you something. If someone killed your significant other, would you yell at the police for calling him names or being mean to him? It's a different level but same principle. Do you spank your kids if you have any? How will someone learn when they aren't punished ever? Put your hand in an open flame. Instantly you're punished for the stupidity and you instantly learn to enver do it again.
Doing so and not telling other people what a bastard that person is you just helped nicely, would mean you are really social competent.
I just wanted to note that. I admit it's idealistic but i cant keep it behind since you are wining some people doesnt find a job.
You live in Germany and talk like that? Isn't this, and censorship, how we got Hitler?
Greetings from Germany, Grand Apeiron
Gute Nacht From USA, Das Zeitalter der Aufklaerung. -- Kuerbis Der Zuhaelter
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thu, Jan 13, 2005 at 07:54:47PM -0500, Geoffrey wrote:
Allen wrote:
I read here almost every day and the ONLY time I ever see anyone say one word to anyone is when it's me.
Have a mirror handy?
Read the question I asked about Mutt. I started the mail off saying how I loved Mutt but couldn't get it to do something I wanted and couldn't find the docs to do so. Igot a reply saying I'm an idiot because I said Mutt was crap because I was to stupid to use it. That's one example. And is the only time someone has ever stuck up for me on this list.
-- Until later, Geoffrey
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
You live in Germany and talk like that? Isn't this, and censorship, how we got Hitler? http://en.wikipedia.org/wiki/Godwin's_law
You live in Germany and talk like that? Isn't this, and censorship, how we got Hitler?
I dont want to go with this but just a statement on that sentence. The reasons that someone like hitler was able to catch up the minds of a whole folk was manly that there are people which listen to naiv arguments and extremism.
Gute Nacht From USA, Das Zeitalter der Aufklaerung.
-- Kuerbis Der Zuhaelter
Regarding that statement we could start some other discussion, but lets stop ;). Zuhälter = "Fancy man" If you would be that you would at least have a job, wouldnt you ;) -- If I would be a tapeworm, I would prefer penguins.
On Fri, 14 Jan 2005, Grand Apeiron wrote:
You live in Germany and talk like that? Isn't this, and censorship, how we got Hitler?
I dont want to go with this but just a statement on that sentence. The reasons that someone like hitler was able to catch up the minds of a whole folk was manly that there are people which listen to naiv arguments and extremism.
Gute Nacht From USA, Das Zeitalter der Aufklaerung.
-- Kuerbis Der Zuhaelter
Regarding that statement we could start some other discussion, but lets stop ;). Zuhälter = "Fancy man" If you would be that you would at least have a job, wouldnt you ;)
I have a job.... Zuhaelter = pimp. I don't feell iek going back into my work ethics, because really none fo you know me well but seem to think you do. My name is Allen, I'm 22 years old and I've had a computer for 5 years now. I work in a cell phone shop, the only two people in the whole place above me, are the two founders When I get done with college, which is in another semester since I managed to take every class required and pass in two years, I have a job waiting for me in DC, where I will be a computer / Network security auditor / general security guy. my boss is a friend of mine, I got them to look into SUSE, so there is now at least one box at my next job now running SUSE Linux. My job is to make sure the network is secure, I'll get paid for Social Engineering, and locking down boxes. And of course yell at stupid users, and fire any security gaurd that lets me get past them. Like the guy who started this whole thread.
-- If I would be a tapeworm, I would prefer penguins.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Does anyone know if there is any extra chroot protection in the SuSE kernels? Apparently crafty people can "break out" of chroot jail's but there are 3rd party patches that make this much harder to do, patches like Grsecurity, maybe Openwall(?) and Linux Vserver (linux-vserver.org), etc. I don't have a problem taking a vanilla kernel and patching it... but then I'd miss out on things like Oracle Certification, etc. So yes.... does anyone know offhand if the SLES kernels have had their chroot security increased? Alas I'm not a kernel hacker or I'd go take a peek at the source myself! :) Cheers Mike
On Mon, Jan 17, 2005 at 02:45:00PM +1300, Mike Tierney wrote:
Does anyone know if there is any extra chroot protection in the SuSE kernels?
There is no extra chroot protection.
Apparently crafty people can "break out" of chroot jail's but there are 3rd party patches that make this much harder to do, patches like Grsecurity, maybe Openwall(?) and Linux Vserver (linux-vserver.org), etc. I don't have a problem taking a vanilla kernel and patching it... but then I'd miss out on things like Oracle Certification, etc.
So yes.... does anyone know offhand if the SLES kernels have had their chroot security increased? Alas I'm not a kernel hacker or I'd go take a peek at the source myself! :)
No, they don't. Ciao, Marcus
From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, 19 January 2005 10:43 p.m.
There is no extra chroot protection.
Is there any chance that the tightening up of chroot's might be looked at by the SuSE Security team? I am just wondering because Solaris 10 x86 (due out this month) has an inbuilt mechanism for walling off applications from the rest of the system (I think it's called "Solaris Containers"). I really like SLES 8, it has run brilliantly for the last 10 months with zero problems, but I'll be making a decision sometime this year to move to either SLES 9 or to Solaris 10 x86. I'll be basing that partly on which one offers more secure encapsulation of multiple applications running on the same server. I guess another question would be "Is SuSE planning to implement any kind of server virtualization?". Cheers Mike
Mike Tierney wrote:
I guess another question would be "Is SuSE planning to implement any kind of server virtualization?".
SUSE already has implemented server virtualisation via UML (User Mode Linux) in SLES9. Ingo
Cheers Mike
-- Ingo Börnig <ingo at boernig.de> /"\ \ / ASCII Ribbon Campaign ask for phone or snail mail X against HTML email / \ GPG-Fingerprint: 2F8B DDFB F2A8 155A 206D 2969 F8FB 3C63 2033 BF32
-----Original Message----- From: Ingo Boernig [mailto:ingo@boernig.de] Sent: Thursday, 20 January 2005 10:09 p.m.
SUSE already has implemented server virtualization via UML (User Mode Linux) in SLES9.
True. How *secure* is UML though? Last I heard it was more of a tool for playing around kernel changes, etc. Has that changed? I guess I'll go read up on the current state of UML! At the moment I am using the 3rd Party Linux Vserver (http://www.linux-vserver.org/) patches to add separate "contexts" whereby a process running in a particular context can see only the processes in the same context, can use only the IP address assigned to that context, and is blocked from doing things such as making new device nodes (note: even if it's running as root!). It also adds stuff like a strengthened chroot and the ability to irrevocably limit kernel capabilities on a per Vserver basis. The other advantage of the vserver patches is that only one copy of the kernel is running, hence less over-head than something like UML (which runs two copies?). However I don't think Oracle would be happy running on a Vanilla 2.4.28 kernel + vserver patches, hence why we use SLES 8!!
On Thu, Jan 20, 2005 at 10:57:00AM +1300, Mike Tierney wrote:
From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, 19 January 2005 10:43 p.m.
There is no extra chroot protection.
Is there any chance that the tightening up of chroot's might be looked at by the SuSE Security team?
Yes, there are some plans to look at that in the mid/long term future. Nothing is implemented for SLES 9.
I guess another question would be "Is SuSE planning to implement any kind of server virtualization?".
We ship Usermodelinux which is at least partial virtualization. Ciao, Marcus
On 1/13/05 10:06 AM, "Allen"
I can't even get a job flippin' burgers
Ummm, Wonder why... id·i·ot P Pronunciation Key (d-t) n. 1. A foolish or stupid person. 2. A person of profound mental retardation having a mental age below three years and generally being unable to learn connected speech or guard against common dangers. The term belongs to a classification system no longer in use and is now considered offensive. Pot = kettle -- Thanks, George Best to keep your mouth closed and let people think you're an idiot than to open it and remove all doubt.
All of us have been dummy newbies one day, never forget that. And Riaz... don't worry too much, according to this mailing-list idiotic scale, I am probably as "idiot" as you. You are not alone!
Yes, but most of us "dummies" weren't working at HP with an actual job being an idiot while people who are in need are sitting around waiting for a job because nothing is in need of employees.
Well, I think many companies are looking for people to hire. Maybe they just did not want to hire YOU, because as that guy noted before, you may be lacking the social competence to work with other people (which may be stupid sometime) in a team. And, flaming other people here does not make you look any more competent, and certainly won't make someone hire you. Try to be nicer to people and try to be a nice person overall and I am sure you will find a job. Those posts of yours are for me a very strong point NOT to hire you, so that may be one of your problems. Ralf Mengwasser
On Wed, Jan 05, 2005 at 05:20:33PM +0530, Riaz Ur Rahaman wrote:
Hi, I am not able to telnet to my system...I didnt have this problem when I was running 9.1....
telnet 215.176.125.70 Trying 215.176.125.70... telnet: connect to address 215.176.125.70: Connection refused
What configuration changes are required to be done in this case? If the firewall is on, can i disable it completely or is there any way of allowing my telnet session to happen?
Well, just enable the telnet xinetd service using yast. Ciao, Marcus
participants (18)
-
Allen
-
Allen
-
David De Maeyer
-
Geoffrey
-
george
-
Grand Apeiron
-
Gustavo Muslera
-
Ingo Boernig
-
John Andersen
-
Maarten
-
Marcus Meissner
-
Markus Gaugusch
-
martin mcleod
-
Mike Tierney
-
Riaz Ur Rahaman
-
Richard
-
SkyFlash
-
Stefan Nowy