February 2000 - openSUSE Security - openSUSE Mailing Lists

AW: [suse-security] Application Firewall. (fwd)
by Stephan Gerling 08 Feb '00

08 Feb '00

Hi list, hi Volker, >-----Ursprüngliche Nachricht----- >Von: Volker Wiegand [SMTP:wiegand@suse.de] >Gesendet am: Sonntag, 6. Februar 2000 20:56 >An: Gerling, Stephan >Cc: suse-security(a)suse.com >Betreff: Re: AW: [suse-security] Application Firewall. (fwd) >On Wed, 2 Feb 2000, Stephan Gerling wrote: >> Hi Volker, >> >> The TIS FWTK is not longer for free use, i think. >> The SuSE Proxy-Suite is a good Proxy Suite. >> >Thank you very much. >> If it is supporting Virus Scanner for SMTP and FTP it would be a good >> solution. When you thinking about an Proxy for HTTP, whats about User >> Timeline restrictions and Time based URL restriction for the HTTP use? >> I am now using Squid. The best way, i think is, all from one hand >> which is easyier to configure and monitoring the activity on the web. >> >What would the benefits of time based URL restrictions? I thought about URL Restriction based on an spezific Time like that:"a user is not able to connect on Recreation or Sport or other URL's that are not for his buisiness relevant ( or no access to the Internet) from an Time Window between 8:00 Uhr - 12:00 Uhr and 13:00 Uhr - 17:00 Uhr. In the Time between 12:00 - 13:00 he is able to connect to the other Sites for private researches, because it is his freetime. >> One thing i am missing in the Proxys is, that logging is not avaible >> on an SQL Database like Oracle, MS-SQL or MY-SQL directly. Or i dont >> know how to set it up. Collecting the data from the different logfile >> and make an report (even if it is done automaticly by scripts) is an >> boring work. Has someone an idea about an solution ???? >> >AFAIK mSQL was originally designed for such a purpose. I have not thought >about it yet. I guess it would be no big deal, but how big is the need? Is it not increasing the Security if the Logfiles are unreachable (for the Intruder) writed into another System, where the Logs are stored (maybe on an worm medium) for further analysis??? I think many people do not think about this. The first way of breaking in a System is, save the Log's, delete your entrys, go your way, before logging out restore the original Log's. So no one will ever seen the really Intruding. >> Did someone use the little brother program from kansmen >> (www.kansmen.com)???? This progie makes super reports for outgoing >> traffic. Such reports you can create with the OLAP Service of MS-SQL >> 7.0 if there is a way to import the data from the logfiles. >> >Never heard of that. When I have time I will look into it. Does it run >under Linux? Is it Open Source? No, not yet. But they think about an Linux Version. But its not free. >> Are there any aditional tools for monitoring the incoming/outgoing >> Traffic with bandwidth use and reading the logs made by ipchains and >> the proxysuite for easy reports creating????? Iptraf, tcpdump...... >> are good tools, but i am looking for an all in one >> (eierlegendewollmilchsau) solution. >> >No, sorry, I have not been looking into this so far. >> I think thats enough for today. >> >> best regards >> >> Stephan Gerling >> >Volker >-- >Volker Wiegand Phone: +49 (0) 6196 / 50951-24 >SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 >Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 >D-65760 Eschborn E-Mail: Volker.Wiegand(a)suse.de >++ Only users lose drugs. Or was it the other way round? ++ Stephan Gerling

2 1

apache DOS ?
by Peter Münster 07 Feb '00

07 Feb '00

Hello, does anybody know about an apache (version 1.3.6, that ships with SuSE <= 6.2) DOS vulnerabilitiy? I detected today that the httpd was no more running, but I didn't find any trace in the log-files. Cheers, Peter -- Peter Münster **** Brittany **** France URL: http://gmv.spm.univ-rennes1.fr/~peter/

2 1

AW: [suse-security] bind8 vs bind4
by Stefan Becker 07 Feb '00

07 Feb '00

> Betreff: [suse-security] bind8 vs bind4 > > Are there any security reasons to change from > bind 4.9.7-T1B to bind 8.2.2-P5? > One feature in the Bind is the posiblity to Bind your nameserver to a specific Interface. This way only certain (internal) subnets could at all reach your Nameserver! Stefan Becker becker(a)lufa-sp.vdlufa.de

1 0

Meeting am Fr.
by Thomas Biege 07 Feb '00

07 Feb '00

Hi, wann genau faengt das Meeting denn an? Von Dortmund nach Nuernberg fahre ich ca. 6 h... also ich hoffe, dass ich puenktlich da sein kann. :( Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47

2 2

chroot
by rbrabe 07 Feb '00

07 Feb '00

Hello, I want to set up a FTP- and a Webserver on the same machine. So one this machine I will have normal Linux-Users and ftp-users. Is it possible to configure the ftp-user in a way, that they can't log into the Server via telnet, rlogin, ssh etc. Normal users should do that. But not ftp-users. If it isn't possible, is it possible to give this users an own Root-Directory-Structure with chroot? regards, Rene Bangemann

2 1

Log Entries
by Daniel Amthor 07 Feb '00

07 Feb '00

Hi, anybody ever seen something like this: ---snip--- Feb 6 20:30:07 deLonghi kernel: eth0: Transmit timed out: status 0050 0000 at 32045118/32045132 command 000c0000. Feb 6 20:30:07 deLonghi kernel: eth0: Trying to restart the transmitter... ---snip--- Is that security relevant? Best Dan

3 2

bind8 vs bind4
by Andreas Kunberger 07 Feb '00

07 Feb '00

Are there any security reasons to change from bind 4.9.7-T1B to bind 8.2.2-P5? Andreas Kunberger Andreas Kunberger -- Dipl.-Ing. Andreas Kunberger Institut fuer Textil- und Verfahrenstechnik Universitaet Stuttgart

1 0

AW: [suse-security] chroot
by Sandow, Malte 07 Feb '00

07 Feb '00

Hi, > I want to set up a FTP- and a Webserver on the same machine. > So one this machine I will have normal Linux-Users and ftp-users. > Is it possible to configure the ftp-user in a way, that they can't log > into the Server via telnet, rlogin, ssh etc. > Normal users should do that. But not ftp-users. You can set the user's shell to /bin/false so no login via telnet,... is possible but as /bin/false is a valid shell (/etc/shells) ftp-logins are possible. > > If it isn't possible, is it possible to give this users an own > Root-Directory-Structure with chroot? Yes, you can do this by inserting the users into /etc/ftpchroot and setting their homedir to the chroot target. Malte Sandow

2 1

Sendmail: Bogus logfile entry
by Heiko Rother 07 Feb '00

07 Feb '00

Hello, does anybody know about the following log entries? It seems to me as if somebody tried to execute a program on our server and abused sendmail for that purpose. ... Feb 4 18:44:36 www sendmail[30239]: NOQUEUE: SYSERR: putoutmsg (node13c7b.a2000.nl): error on output channel sending "220 www.our-domain.de ESMTP Sendmail 8.9.3/8.9.3; Fri, 4 Feb 2000 18:44:36 GMT": Broken pipe Feb 4 18:44:36 www sendmail[30239]: NOQUEUE: Null connection from root@localhost ... Thanks in advance Greetings, Heiko

2 1

changed group of /dev/ttyp4
by Johannes Steingraeber 07 Feb '00

07 Feb '00

Hi all, I wonder how this could happen (generated by "Security Checker v0.5 by Marc Heuse"): > Changes in your weekly security configuration: > > > The following devices were added: > + ++ /var/lib/secchk/data/devices.new Mon Feb 7 01:13:52 2000 > + crw-rw-rw- root root 2, 4 /dev/ptyp4 > + crw-rw-rw- root root 3, 4 /dev/ttyp4 > - crw-rw-rw- root tty 2, 4 /dev/ptyp4 > - crw-rw-rw- root tty 3, 4 /dev/ttyp4 ls -l /dev/ptyp? gives me rw-rw-rw- 1 root root 2, 0 Jan 20 10:54 /dev/ptyp0 crw-rw-rw- 1 root root 2, 1 Jan 21 17:47 /dev/ptyp1 crw-rw-rw- 1 root root 2, 2 Feb 3 18:22 /dev/ptyp2 crw-rw-rw- 1 root root 2, 3 Feb 7 06:52 /dev/ptyp3 crw-rw-rw- 1 root root 2, 4 Feb 7 06:42 /dev/ptyp4 crw-rw-rw- 1 root root 2, 5 Feb 7 06:40 /dev/ptyp5 crw-rw-rw- 1 root tty 2, 6 Dec 11 1998 /dev/ptyp6 crw-rw-rw- 1 root tty 2, 7 Dec 11 1998 /dev/ptyp7 crw-rw-rw- 1 root tty 2, 8 Dec 11 1998 /dev/ptyp8 crw-rw-rw- 1 root tty 2, 9 Dec 11 1998 /dev/ptyp9 crw-rw-rw- 1 root tty 2, 10 Dec 11 1998 /dev/ptypa crw-rw-rw- 1 root tty 2, 11 Dec 11 1998 /dev/ptypb crw-rw-rw- 1 root tty 2, 12 Dec 11 1998 /dev/ptypc crw-rw-rw- 1 root tty 2, 13 Dec 11 1998 /dev/ptypd crw-rw-rw- 1 root tty 2, 14 Dec 11 1998 /dev/ptype crw-rw-rw- 1 root tty 2, 15 Dec 11 1998 /dev/ptypf Any help appreciated. Johannes

1 0