openSUSE Security September 2000

security@lists.opensuse.org

108 participants
145 discussions

by Stiefenhofer, Marek ECOFIS

>I start my pop-server popper over the inetd with the tcpwrapper and want to >deny every connection except the local network. I know about all the other >possibilities but now I want to know how exactly the wrapper works. Hi, the syntax of hosts.deny depends on your inetd.conf. Since you're using SuSE I guess your pop3 service is tcp-wrapped like this: pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s So the correct syntex of hosts.deny is: popper: ALL EXCEPT [priv. Networks/Hosts etc] You need to have a new line after the last statement in your hosts.deny - otherwise the statement will not have effect. Check your /var/log/warn You may notice: Sep 29 11:30:32 medusa popper[13975]: warning: /etc/hosts.deny, line 5: missing newline or line too long Kind regards Marek Stiefenhofer (Netzdienste/IT Security) ECOFIS GmbH Tel.: (02 31) 75 45-1 17 FAX : (02 31) 75 45-2 22 e-mail: m.stiefenhofer(a)ecofis.de Wir sind vom 6. bis 10. November auf der SYSTEMS 2000. Vereinbaren Sie einen Termin oder kommen Sie einfach spontan vorbei. ECOFIS GmbH: Halle B3 113/214 | ComNetMedia AG: Halle B3 314 Besuchen Sie auch unseren neuen Online-Dienst: http://www.alleco.de

21 years, 10 months

2 LANs im Internet

by Lars

hi, wie kann ich zwei LANs grundsätzlich über das Internet miteinander verbinden - Samba und Apache - und wie steht es dann mit der Sicherheit? bye lars

21 years, 10 months

RE: [suse-security] Running Postfix on a firewall

by Steven Thompson

Hi Matthias are you saying there is a bug. I don't understand "Makros ??" could you please tell me a bit more info. Thanks for the reply Steven -----Original Message----- From: Matthias Krawen [mailto:Matthias_Krawen@compositiv.de] Sent: 29 September 2000 09:20 To: Steven Thompson Subject: Re: [suse-security] Running Postfix on a firewall At 16:41 28.09.2000 +0200, you wrote: >/etc/postfix/transport: >$mydomain smtp:[192.168.1.3] >.$mydomain smtp:[192.168.1.3] >But when I set this up it does not seem to work. All tips wellcome. Makros from main.cf are not interpreted in the hash-tables... MfG Matthias Compositiv EDV- und Kommunikationslösungen, PC-Service Matthias Krawen Peiffersweg 9 22307 Hamburg Tel: 040 / 611 673 - 40 EMail: info(a)compositiv.de Fax: 040 / 611 673 - 41 http://www.compositiv.de

21 years, 10 months

Re: [suse-security] Masquerade & Firewall Problem

by j b

I have used several HOW-TO's. I ran SuSEfirewall, and tried the simplest masquerade: echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ A ping causes wvdial.dod to call the ISP, packets pass to and from the ISP, but I get 100% packet loss. --- Markus Gaugusch <markus(a)gaugusch.dhs.org> wrote: > > I am trying to get masquerading to work without success. > Maybe you should read the Masquerading-HOWTO, or send your script to > the > list. > > ping to the modem p-t-p side fails. > from localhost or a machine behind? > > bye > Markus > > -- > _____________________________ > Markus Gaugusch ICQ 11374583 > markus(a)gaugusch.dhs.org > Linux only user __________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/

21 years, 10 months

RE: [suse-security] Masquerade & Firewall Setup

by Martin Mielke

> > I cannot get my firewall to pass reply packets back. > > ping to the ISP causes wvdial.dod to dial the ISP, I can see packets > being sent, and a reply coming back. But I still get 100% > packet loss. > > I have followed the advice of several HOW-TO's but with no success. I > can ping the inet side of the modem, but not the p-t-p side. > > What should my rc.firewall, rc.config, route.conf, networks > configuration files look like? > Hello, you should not disable the ICMP echo-reply ... Please, read the ipchains-howto for further information. HTH, Martin

21 years, 10 months

RE: [suse-security] Running Postfix on a firewall

by Steven Thompson

No I have not add my internal mail server to my hosts files that is why I was using the brackets. -----Original Message----- From: Martin Mielke [mailto:martinm@people-com.com] Sent: 29 September 2000 09:01 To: 'Steven Thompson'; SuSE security mailing list (E-mail) Subject: RE: [suse-security] Running Postfix on a firewall Hello, [snip] > If I understand this correctly you should do the following > please correct me > if I'm wrong. > > /etc/postfix/main.cf: > mydestination = $myhostname, localhost.$mydomain, $mydomain, > relay_domains = > transport_maps = hash:/etc/postfix/transport > > /etc/postfix/transport: > $mydomain smtp:[192.168.1.3] > .$mydomain smtp:[192.168.1.3] > > /etc/postfix/master.cf: > #local > > But when I set this up it does not seem to work. All tips wellcome. > is your SMTP-server in your /etc/hosts file?? Putting the IP between brackets tells the Postfix not to make DNS lookups... HTH, Martin

21 years, 10 months

RE: [suse-security] Running Postfix on a firewall

by Martin Mielke

Hello, [snip] > If I understand this correctly you should do the following > please correct me > if I'm wrong. > > /etc/postfix/main.cf: > mydestination = $myhostname, localhost.$mydomain, $mydomain, > relay_domains = > transport_maps = hash:/etc/postfix/transport > > /etc/postfix/transport: > $mydomain smtp:[192.168.1.3] > .$mydomain smtp:[192.168.1.3] > > /etc/postfix/master.cf: > #local > > But when I set this up it does not seem to work. All tips wellcome. > is your SMTP-server in your /etc/hosts file?? Putting the IP between brackets tells the Postfix not to make DNS lookups... HTH, Martin

21 years, 10 months

Re: [suse-security] disable init=/bin/sh?

by Juergen Ellinger

Frank Steiner wrote: >Hi, > >just stepped on this option to type "linux init=/bin/sh" at >the boot prompt, which gives me a root shell. For me, that's >really a security problem: We have some computers here which >we cannot protect with boot-passwords because they have to >come up automatically after a power drop. >Can I somehow disable this possibility of passing an alternative >init-parameter for my SuSE 6.4? > >Best regards, >Frank > If you use lilo to boot your box, just append a line restricted password = what_ever_your_password_should_be into the per image section. The bad thig is, that the password is not crypted. So you have to secure your /etc/lilo.conf: make a link to the floppy device and use a floppy whenever you install lilo. The good thing is, that booting without password is possible, but that password is required whenever a parameter to the image is typed in. I hope that helps... Greetings, Juergen --------------------------------------------------------------------- Jürgen Ellinger Siemensstraße 44 88250 Weingarten e-mail: ellinger(a)informatik.uni-tuebingen.de ellinger(a)student.uni-tuebingen.de ellinger(a)spohn.rv.bw.schule.de

21 years, 10 months

Re: [suse-security] SuSE Security Announcement: kernel-2.2.x

by Nicolas Macia

I have the same problem. My kernel is 2.2.10. It is in the 6.2 distribution What kernel should i use??? Thank's nicolas

21 years, 10 months

[suse-security] Running Postfix on a firewall

by Philipp Snizek

Hi all I'm having the same problem. Please help. thanx Philipp This is my configuration that works. /etc/postfix/main.cf relay_domains = $mydomain mydestination = $myhostname, localhost.$mydomain, transport_maps = hash:/etc/postfix/transport relayhost = [192.168.1.3] This is what they recomend <Quote> Specify a null relay_domains parameter plus a transport table to route mail for my.domain to the inside machine: /etc/postfix/main.cf: mydestination = $myhostname, my.domain, localhost.my.domain relay_domains = transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: my.domain smtp:inside-gateway.my.domain (forwards user@domain) .my.domain smtp:inside-gateway.my.domain (forwards user@firewall) /etc/postfix/master.cf: Comment out the local delivery agent </Quote> If I understand this correctly you should do the following please correct me if I'm wrong. /etc/postfix/main.cf: mydestination = $myhostname, localhost.$mydomain, $mydomain, relay_domains = transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: $mydomain smtp:[192.168.1.3] .$mydomain smtp:[192.168.1.3] /etc/postfix/master.cf: #local --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com For additional commands, e-mail: suse-security-help(a)suse.com

21 years, 10 months

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security September 2000