Hi list, hi Volker,
>-----Ursprüngliche Nachricht-----
>Von: Volker Wiegand [SMTP:wiegand@suse.de]
>Gesendet am: Sonntag, 6. Februar 2000 20:56
>An: Gerling, Stephan
>Cc: suse-security(a)suse.com
>Betreff: Re: AW: [suse-security] Application Firewall. (fwd)
>On Wed, 2 Feb 2000, Stephan Gerling wrote:
>> Hi Volker,
>>
>> The TIS FWTK is not longer for free use, i think.
>> The SuSE Proxy-Suite is a good Proxy Suite.
>>
>Thank you very much.
>> If it is supporting Virus Scanner for SMTP and FTP it would be a good
>> solution. When you thinking about an Proxy for HTTP, whats about User
>> Timeline restrictions and Time based URL restriction for the HTTP use?
>> I am now using Squid. The best way, i think is, all from one hand
>> which is easyier to configure and monitoring the activity on the web.
>>
>What would the benefits of time based URL restrictions?
I thought about URL Restriction based on an spezific Time like that:"a user is not able to
connect on Recreation or Sport or other URL's that are not for his buisiness relevant ( or no
access to the Internet) from an Time Window between 8:00 Uhr - 12:00 Uhr and
13:00 Uhr - 17:00 Uhr. In the Time between 12:00 - 13:00 he is able to connect to the other
Sites for private researches, because it is his freetime.
>> One thing i am missing in the Proxys is, that logging is not avaible
>> on an SQL Database like Oracle, MS-SQL or MY-SQL directly. Or i dont
>> know how to set it up. Collecting the data from the different logfile
>> and make an report (even if it is done automaticly by scripts) is an
>> boring work. Has someone an idea about an solution ????
>>
>AFAIK mSQL was originally designed for such a purpose. I have not thought
>about it yet. I guess it would be no big deal, but how big is the need?
Is it not increasing the Security if the Logfiles are unreachable (for the Intruder) writed into
another System, where the Logs are stored (maybe on an worm medium) for further analysis???
I think many people do not think about this. The first way of breaking in a System is,
save the Log's, delete your entrys, go your way, before logging out restore the original Log's.
So no one will ever seen the really Intruding.
>> Did someone use the little brother program from kansmen
>> (www.kansmen.com)???? This progie makes super reports for outgoing
>> traffic. Such reports you can create with the OLAP Service of MS-SQL
>> 7.0 if there is a way to import the data from the logfiles.
>>
>Never heard of that. When I have time I will look into it. Does it run
>under Linux? Is it Open Source?
No, not yet. But they think about an Linux Version. But its not free.
>> Are there any aditional tools for monitoring the incoming/outgoing
>> Traffic with bandwidth use and reading the logs made by ipchains and
>> the proxysuite for easy reports creating????? Iptraf, tcpdump......
>> are good tools, but i am looking for an all in one
>> (eierlegendewollmilchsau) solution.
>>
>No, sorry, I have not been looking into this so far.
>> I think thats enough for today.
>>
>> best regards
>>
>> Stephan Gerling
>>
>Volker
>--
>Volker Wiegand Phone: +49 (0) 6196 / 50951-24
>SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07
>Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76
>D-65760 Eschborn E-Mail: Volker.Wiegand(a)suse.de
>++ Only users lose drugs. Or was it the other way round? ++
Stephan Gerling
Hello,
does anybody know about an apache (version 1.3.6, that ships with
SuSE <= 6.2) DOS vulnerabilitiy? I detected today that the httpd was no
more running, but I didn't find any trace in the log-files.
Cheers, Peter
--
Peter Münster **** Brittany **** France
URL: http://gmv.spm.univ-rennes1.fr/~peter/
> Betreff: [suse-security] bind8 vs bind4
>
> Are there any security reasons to change from
> bind 4.9.7-T1B to bind 8.2.2-P5?
>
One feature in the Bind is the posiblity to
Bind your nameserver to a specific Interface.
This way only certain (internal) subnets could
at all reach your Nameserver!
Stefan Becker
becker(a)lufa-sp.vdlufa.de
Hi,
wann genau faengt das Meeting denn an?
Von Dortmund nach Nuernberg fahre ich ca. 6 h... also ich hoffe, dass ich
puenktlich da sein kann. :(
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas(a)suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
Hello,
I want to set up a FTP- and a Webserver on the same machine.
So one this machine I will have normal Linux-Users and ftp-users.
Is it possible to configure the ftp-user in a way, that they can't log
into the Server via telnet, rlogin, ssh etc.
Normal users should do that. But not ftp-users.
If it isn't possible, is it possible to give this users an own
Root-Directory-Structure with chroot?
regards,
Rene Bangemann
Hi,
anybody ever seen something like this:
---snip---
Feb 6 20:30:07 deLonghi kernel: eth0: Transmit timed out: status 0050 0000 at 32045118/32045132 command 000c0000.
Feb 6 20:30:07 deLonghi kernel: eth0: Trying to restart the transmitter...
---snip---
Is that security relevant?
Best
Dan
Are there any security reasons to change from
bind 4.9.7-T1B to bind 8.2.2-P5?
Andreas Kunberger
Andreas Kunberger
--
Dipl.-Ing. Andreas Kunberger
Institut fuer Textil- und Verfahrenstechnik
Universitaet Stuttgart
Hi,
> I want to set up a FTP- and a Webserver on the same machine.
> So one this machine I will have normal Linux-Users and ftp-users.
> Is it possible to configure the ftp-user in a way, that they can't log
> into the Server via telnet, rlogin, ssh etc.
> Normal users should do that. But not ftp-users.
You can set the user's shell to /bin/false so no login via telnet,... is
possible but as /bin/false is a valid shell (/etc/shells) ftp-logins are
possible.
>
> If it isn't possible, is it possible to give this users an own
> Root-Directory-Structure with chroot?
Yes, you can do this by inserting the users into /etc/ftpchroot and setting
their homedir to the chroot target.
Malte Sandow
Hello,
does anybody know about the following log entries?
It seems to me as if somebody tried to execute a program on our server
and abused sendmail for that purpose.
...
Feb 4 18:44:36 www sendmail[30239]: NOQUEUE: SYSERR: putoutmsg
(node13c7b.a2000.nl): error on output channel sending "220
www.our-domain.de ESMTP Sendmail 8.9.3/8.9.3; Fri, 4 Feb 2000 18:44:36
GMT": Broken pipe
Feb 4 18:44:36 www sendmail[30239]: NOQUEUE: Null connection from
root@localhost
...
Thanks in advance
Greetings,
Heiko
