September 2000 - openSUSE Security - openSUSE Mailing Lists

AW: [suse-security] hosts.deny
by Stiefenhofer, Marek ECOFIS 29 Sep '00

29 Sep '00

>I start my pop-server popper over the inetd with the tcpwrapper and want to >deny every connection except the local network. I know about all the other >possibilities but now I want to know how exactly the wrapper works. Hi, the syntax of hosts.deny depends on your inetd.conf. Since you're using SuSE I guess your pop3 service is tcp-wrapped like this: pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s So the correct syntex of hosts.deny is: popper: ALL EXCEPT [priv. Networks/Hosts etc] You need to have a new line after the last statement in your hosts.deny - otherwise the statement will not have effect. Check your /var/log/warn You may notice: Sep 29 11:30:32 medusa popper[13975]: warning: /etc/hosts.deny, line 5: missing newline or line too long Kind regards Marek Stiefenhofer (Netzdienste/IT Security) ECOFIS GmbH Tel.: (02 31) 75 45-1 17 FAX : (02 31) 75 45-2 22 e-mail: m.stiefenhofer(a)ecofis.de Wir sind vom 6. bis 10. November auf der SYSTEMS 2000. Vereinbaren Sie einen Termin oder kommen Sie einfach spontan vorbei. ECOFIS GmbH: Halle B3 113/214 | ComNetMedia AG: Halle B3 314 Besuchen Sie auch unseren neuen Online-Dienst: http://www.alleco.de

1 0

2 LANs im Internet
by Lars 29 Sep '00

29 Sep '00

hi, wie kann ich zwei LANs grundsätzlich über das Internet miteinander verbinden - Samba und Apache - und wie steht es dann mit der Sicherheit? bye lars

5 4

RE: [suse-security] Running Postfix on a firewall
by Steven Thompson 29 Sep '00

29 Sep '00

Hi Matthias are you saying there is a bug. I don't understand "Makros ??" could you please tell me a bit more info. Thanks for the reply Steven -----Original Message----- From: Matthias Krawen [mailto:Matthias_Krawen@compositiv.de] Sent: 29 September 2000 09:20 To: Steven Thompson Subject: Re: [suse-security] Running Postfix on a firewall At 16:41 28.09.2000 +0200, you wrote: >/etc/postfix/transport: >$mydomain smtp:[192.168.1.3] >.$mydomain smtp:[192.168.1.3] >But when I set this up it does not seem to work. All tips wellcome. Makros from main.cf are not interpreted in the hash-tables... MfG Matthias Compositiv EDV- und Kommunikationslösungen, PC-Service Matthias Krawen Peiffersweg 9 22307 Hamburg Tel: 040 / 611 673 - 40 EMail: info(a)compositiv.de Fax: 040 / 611 673 - 41 http://www.compositiv.de

1 0

Re: [suse-security] Masquerade & Firewall Problem
by j b 29 Sep '00

29 Sep '00

I have used several HOW-TO's. I ran SuSEfirewall, and tried the simplest masquerade: echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ A ping causes wvdial.dod to call the ISP, packets pass to and from the ISP, but I get 100% packet loss. --- Markus Gaugusch <markus(a)gaugusch.dhs.org> wrote: > > I am trying to get masquerading to work without success. > Maybe you should read the Masquerading-HOWTO, or send your script to > the > list. > > ping to the modem p-t-p side fails. > from localhost or a machine behind? > > bye > Markus > > -- > _____________________________ > Markus Gaugusch ICQ 11374583 > markus(a)gaugusch.dhs.org > Linux only user __________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/

2 1

RE: [suse-security] Masquerade & Firewall Setup
by Martin Mielke 29 Sep '00

29 Sep '00

> > I cannot get my firewall to pass reply packets back. > > ping to the ISP causes wvdial.dod to dial the ISP, I can see packets > being sent, and a reply coming back. But I still get 100% > packet loss. > > I have followed the advice of several HOW-TO's but with no success. I > can ping the inet side of the modem, but not the p-t-p side. > > What should my rc.firewall, rc.config, route.conf, networks > configuration files look like? > Hello, you should not disable the ICMP echo-reply ... Please, read the ipchains-howto for further information. HTH, Martin

1 0

RE: [suse-security] Running Postfix on a firewall
by Steven Thompson 29 Sep '00

29 Sep '00

No I have not add my internal mail server to my hosts files that is why I was using the brackets. -----Original Message----- From: Martin Mielke [mailto:martinm@people-com.com] Sent: 29 September 2000 09:01 To: 'Steven Thompson'; SuSE security mailing list (E-mail) Subject: RE: [suse-security] Running Postfix on a firewall Hello, [snip] > If I understand this correctly you should do the following > please correct me > if I'm wrong. > > /etc/postfix/main.cf: > mydestination = $myhostname, localhost.$mydomain, $mydomain, > relay_domains = > transport_maps = hash:/etc/postfix/transport > > /etc/postfix/transport: > $mydomain smtp:[192.168.1.3] > .$mydomain smtp:[192.168.1.3] > > /etc/postfix/master.cf: > #local > > But when I set this up it does not seem to work. All tips wellcome. > is your SMTP-server in your /etc/hosts file?? Putting the IP between brackets tells the Postfix not to make DNS lookups... HTH, Martin

1 0

RE: [suse-security] Running Postfix on a firewall
by Martin Mielke 29 Sep '00

29 Sep '00

Hello, [snip] > If I understand this correctly you should do the following > please correct me > if I'm wrong. > > /etc/postfix/main.cf: > mydestination = $myhostname, localhost.$mydomain, $mydomain, > relay_domains = > transport_maps = hash:/etc/postfix/transport > > /etc/postfix/transport: > $mydomain smtp:[192.168.1.3] > .$mydomain smtp:[192.168.1.3] > > /etc/postfix/master.cf: > #local > > But when I set this up it does not seem to work. All tips wellcome. > is your SMTP-server in your /etc/hosts file?? Putting the IP between brackets tells the Postfix not to make DNS lookups... HTH, Martin

1 0

Re: [suse-security] disable init=/bin/sh?
by Juergen Ellinger 29 Sep '00

29 Sep '00

Frank Steiner wrote: >Hi, > >just stepped on this option to type "linux init=/bin/sh" at >the boot prompt, which gives me a root shell. For me, that's >really a security problem: We have some computers here which >we cannot protect with boot-passwords because they have to >come up automatically after a power drop. >Can I somehow disable this possibility of passing an alternative >init-parameter for my SuSE 6.4? > >Best regards, >Frank > If you use lilo to boot your box, just append a line restricted password = what_ever_your_password_should_be into the per image section. The bad thig is, that the password is not crypted. So you have to secure your /etc/lilo.conf: make a link to the floppy device and use a floppy whenever you install lilo. The good thing is, that booting without password is possible, but that password is required whenever a parameter to the image is typed in. I hope that helps... Greetings, Juergen --------------------------------------------------------------------- Jürgen Ellinger Siemensstraße 44 88250 Weingarten e-mail: ellinger(a)informatik.uni-tuebingen.de ellinger(a)student.uni-tuebingen.de ellinger(a)spohn.rv.bw.schule.de

7 6

Re: [suse-security] SuSE Security Announcement: kernel-2.2.x
by Nicolas Macia 28 Sep '00

28 Sep '00

I have the same problem. My kernel is 2.2.10. It is in the 6.2 distribution What kernel should i use??? Thank's nicolas

2 2

[suse-security] Running Postfix on a firewall
by Philipp Snizek 28 Sep '00

28 Sep '00

Hi all I'm having the same problem. Please help. thanx Philipp This is my configuration that works. /etc/postfix/main.cf relay_domains = $mydomain mydestination = $myhostname, localhost.$mydomain, transport_maps = hash:/etc/postfix/transport relayhost = [192.168.1.3] This is what they recomend <Quote> Specify a null relay_domains parameter plus a transport table to route mail for my.domain to the inside machine: /etc/postfix/main.cf: mydestination = $myhostname, my.domain, localhost.my.domain relay_domains = transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: my.domain smtp:inside-gateway.my.domain (forwards user@domain) .my.domain smtp:inside-gateway.my.domain (forwards user@firewall) /etc/postfix/master.cf: Comment out the local delivery agent </Quote> If I understand this correctly you should do the following please correct me if I'm wrong. /etc/postfix/main.cf: mydestination = $myhostname, localhost.$mydomain, $mydomain, relay_domains = transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: $mydomain smtp:[192.168.1.3] .$mydomain smtp:[192.168.1.3] /etc/postfix/master.cf: #local --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com For additional commands, e-mail: suse-security-help(a)suse.com

1 0