openSUSE Security April 2001

security@lists.opensuse.org

192 participants
198 discussions

SSH Authentication
by Joao Reis 18 Nov '02

18 Nov '02

Hi! I implemented a ssh conection from the outside to my intranet. This ssh requires a username and a password. In terms of security what is more secure: require authentication (username and password) or having the public key of each user that connects to our intranet in the authorized public key lists (in this case there is no need for username and password)? In the second case there is no need of authentication and only the users wich have the public keys in the list are allowed to enter in my intranet. This second solution is a good solution or that brings other security problems ? Thanks. -- Farewell. "Keep your friends close, but your enemies closer." "Do or do not. There is no try" - Yoda João Reis -------------------------------------------------------

2 1

Re: AW: [suse-security] What are these services?
by Marko Kaening 02 May '01

02 May '01

Thanks for all the replies up to now! > i don't know any service on port 1024 I should look closely at this port next time I meet it and detect the owner of the process using that port. Thanks to advice! > this is what i found about port 1987 > > tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port > tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port > > maybe one of the cisco guys know what this service > is exactly for. Well, that would be great to know what hides behind this... Funny, I have SuSE 6.3 with Firewall4.4 and I don't think that such ports should be usable... Marko

2 3

What are these services?
by Marko Kaening 30 Apr '01

30 Apr '01

Hi, running nmap lately on my host revealed some open ports which I couldn't really identify: 1) port 1987 with service named something like "trsrb-p1" (don't remember the name exactly, since the open port vanished after a while) 2) port 1024 with service "unknown" What are those ports used for? Especially the first one with that strange name I have never seen so far... I coudln't find any hints in /etc/inetd.conf nor in /etc/services. Regards, Marko

4 3

Netsaint Network monitoring
by Steffen Dettmer 30 Apr '01

30 Apr '01

Hi, I just looked to netsaint and I like it :) I set it up a little, first some PING and other network-based tests only. Now I want to collect remote informations (i.e. load). The onliest possibility are SSH connects. It's not practicable to install some "sensors" or so remotly, at least not manually or as deamon. I would like to ssh connect a single (!) script which gaters the informations. I think such a script (perl or shell) should exists, but I haven't found one. I have not found informations how to collect such informations remotly in a secure manner. Could somebody point me to some informations? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.

2 1

Recursive Shellscript
by Peer-Christoph Mettelem 29 Apr '01

29 Apr '01

Hi, I just wrote a shell script which looks like this: while true do $0 done I executed it as normal user and then the following happened: As you can imagine, very many shells were started (i wasnt able to count them because the system wasnt responding any more). And then the system started killing system processes like X and smbd. I got the following output on console 10: Apr 23 09:11:54 AlBundy kernel: VM: killing process kmail Apr 23 09:12:52 AlBundy kernel: VM: killing process smbd Apr 23 09:13:03 AlBundy kernel: VM: killing process smbd Apr 23 09:13:05 AlBundy kernel: VM: killing process xconsole Apr 23 09:13:13 AlBundy kernel: VM: killing process X The system recovered itself by killing X. That worked because i started the script from a shell in KDE. But if the script would be started within a telnet session, it could be more dangerous. I dont know if this is a security hole, but it might be. My system: SuSE 7.0 (kernel 2.2.18) Lots of updates and patches installed PII 350 MHz 320 MB RAM Peer-Christoph Mettelem BezRegMS (NRW, Germany) Software developer (trainee) PS.: This is my first mail to the mailing list. Sorry if its OT or something...

12 21

Kerberos...
by omicron 28 Apr '01

28 Apr '01

hello all, i have a single linux workstation and i want to learn kerberos. Is it enough (and safe) to atleast know the basics ? regards omicron -- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1 0

Cybercrimeact
by jochen mader 28 Apr '01

28 Apr '01

Has anybody here read about the european cybercrime act? It distrubs me quite much to not have seen anything on slashdot and in this list about it. Do you no what impact this thing will have on our work? It will make our work nearly impossible by making it illegal to use tools like nmap, nessus, statan under ANY circumstances. This thing will become a LAW within the next few weeks (probably months). It has got that far that there is only one voting left to make it a law, and there is nobody there who knows a thing about security and privacy and they will harm ALL of us. Regards Jochen P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm

5 5

squid behind SuSEfirewall using an ADSL connection
by Volker Widlok 28 Apr '01

28 Apr '01

Hi, I was running in the following trouble. At first a systemdescription: SuSE 7.1 Kernel 2.2.18 (not recompiled), squid 2.3STABLE4, Ethernet to DSL-Modem using pppoed, Network Devices: eth0 Intranet, eth1 - ppp0 Internet. Everything works fine after startup the system and connecting to my provider using the "Internet Dial-In" . Firewall and squid are comming up automatically at boottime (controlled by rc.config) but the dialup itself is done manually (using the icon down right in KDE2 after configuring ADSL with yast2). My provider (Verizon) have no Proxy, but two DNS-Servers. All entries are done properly after dialin (/etc/resolv.conf etc.). So, when I disconnect, using this icon down right (or stopping the pppoe service on commandline) and reconnecting I have no response from the internet and I receive the following in my "/var/log/messages": Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17 151.202.0.84:53 151.203.123.246:1077 L=246 S=0x00 I=48363 F=0x4000 T=248 (#112) repeat interval is about 5 seconds. Seems to be fine because my firewall works pretty good - too good. So, I tried the following: 1. restarting squid -> everything works fine 2. When I cut the connection (without doing '1.') and edit my "/etc/rc.config.d/firewall.rc.config" making the follwoing adjustment: FW_SERVICES_EXTERNAL_UDP="1077" (the port rejected from firewall in the messages file) and reconnect, everithing works fine. 3. restarting squid after doing '2.' results in the following message Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17 151.202.0.84:53 151.203.123.246:1078 L=246 S=0x00 I=48363 F=0x4000 T=248 (#112) Look at the port. At this time it is 1078. When I try commandline tools like nslookup it works. I can change the browser settings (netscape or konqueror) to direct internet connection and everything works fine. Who knows a solution or is that a feature ? best regards (oder auch viele Gruesse) Volker -- volker.widlok(a)verizon.net Peabody, MA 01960

2 1

Syslog parser
by Alexander Bien 28 Apr '01

28 Apr '01

Hi Folks, Lets say u have one machine that is a log server for several others. Can anyone recommend a good script / tool / whatever to parse the logfile and extract relevant information out of it? I have tried several allready, but id like to hear opinions of ppl who allready used remote loggin for a while .. im pretty new to this. -- Mit freundlichen Grüßen Alexander Bien -- PIRONET NDH Alexander Bien - Technical Assistant - SBU Services Josef-Lammerting-Allee 14-18, 50933 Cologne - Germany Tel.: +49 (0)172 7760569 - Fax: +49 (0)221 770 2815 mailto:abien@pironet.com - http://www.pironet-ndh.com

5 4

upgrade??
by Jesse yep 27 Apr '01

27 Apr '01

Hello everyone, Ok, I have just installed SuSE 6.4 and have been updating it for the past 2 days. I have every new programs/file/doc you can probably think of. Of course I wouldn't have every new programing from the new version of SuSE 7.1. I was wondering if it would be a good idea to upgrade? (I want to upgrade kernels too, that I will do in time). __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/

1 0

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security April 2001