Hi all,
here's a bit of a step-by-step description on how to keep nimda
and codered from filling your apache logs.
Parts used:
- SuSE 7.2 Professional
- SuSEfirewall2
- iptables 1.2.3
- linux kernel 2.4.13-pre5
steps:
1. install kernel sources for a kernel >> 2.4.9, running 2.4.13-
pre5 here, works fine so far
2. get the sources for iptables 1.2.3 from
http://netfilter.samba.org
3. unpack sources somewhere
4. export KERNEL_DIR=$(where you put the kernel tree)
5. cd into unpacked iptables sources, there's a subdirectory
named patch-o-matic there
6. apply wanted patches by running ./runme $(name.of.patch)patch
for this here You'll want the string patch
You can also apply other patches, like the irc-conntrack patch
7. now there's a little bug in this patch...
here's a diff:
--- linux/net/ipv4/netfilter/ipt_string.c~ Sun Oct 21
00:16:29 2001
+++ linux/net/ipv4/netfilter/ipt_string.c Sun Oct 21
16:54:45 2001
@@ -62,7 +62,7 @@
sk = skip[haystack[right_end - i]];
sh = shift[i];
- right_end = max(int, right_end - i + sk,
right_end + sh);
+ right_end = max(right_end - i + sk, right_end +
sh);
}
return NULL;
8. now, make config/menuconfig/xconfig... as usual. You can
import your running kernel's config first.
9. enable the experimental stuff
10. go to networking options->netfilter, there's an option there
to enable string matching; set that to M
11. compile and install kernel as usual; remember to uncomment
the export INSTALL_PATH=/boot in the main makefile.
12. now build a rpm file for the new iptables stuff by installing
the source rpm which comes with suse, then edit the spec file,
put the iptables source in /usr/src/packages/SOURCE and rebuild.
13. now there are some small changes to the firewall config
files.
a) uncomment the last line in
/etc/rc.config.d/firewall2.rc.config:
FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
b) edit that file, I got the following stuff in mine:
for forbidden_string in root.exe cmd.exe .ida; do
iptables -I input_ext -p tcp --dport http -m string \
--string $forbidden_string -m state \
--state ESTABLISHED -j REJECT --reject-with tcp-reset
done
put that in the last supfunction defined in the custom rc file.
c) change the FW_LOG setting in firewall2.rc.config from reading
-log-level warning to -log-level kernel.warning
14. last: some small changes to /sbin/SuSEfirewall2
search in the script for the parts where the modules are loaded
and unloaded; be sure to add ipt_string (and the other new
modules you created by patching the kernel and enabling them in
make config) to the modules loading/unloading code there.
15. reboot
16. if you try now to access (from outside, of course) one of the
nimda or codered URLS, all you get is a 'connection reset by
peer', and the request doesn't show in apache log files.
btw, no guarantees, and the usual YMMV :)
bye
[L]
Hello
I have basically a suse samba server setup. Eth0 is for the internet
connection (cable). Eth1 is my internal network. I use eth1 for my samba
server. When i have the shares/ drive letters mapped, whatever, Ill goto
access them and that computer will just lockup or timeout for about 1
minute, then it will resume operation normally. I have approx. 5 comptuers
on the suse server, and they all do this from windows xp to windows 98se. I
am using set up addresses of 192.168.0.x, where is greater than 2. My
question is have or is there something Ive setup wrong to cause this pause
to occur. ? Its becomming very annoying..and frustrating. Im using kernel
2.4.18-64GB-SMP with a dual processor setup. If anyone has any ideas please
let me know. Every package installed is orginal versions from the suse
install cdroms. (no updates done).
Anything come to mind. btw, ive replaced the switch, with a new netgear one,
and all the networks at startech ST100 Realtek 8139 chipsets on 100Tx.
Anyone... !
Hi there SuSErs...
Well I must be doing something really wrong because everything that I do with SuSEFirewall2 is just not working!
I have a small network with 5 PCs (all Win9X) and a Linux box (Currently SuSE 7.3) acting as a server. The server is a DHCP server and a Samba server for the entire network. So far everything is working perfect!!! Users log on the network, logon script executes etc....
Then a new task came up: let's input the internet into the network.
Configured a 56Kbps modem on the server with YAST. Manged to get my account setup and running. Made a test connection and netscape works great on the server as well as e-mail (pop3).
I tried configuring SuSEfirewall to manage all incoming requests from the PCs of the network. The firewall warned me about masquerading etc. so I downloaded the latest version of SuSEfirewall2 from the internet and installed it.
Since I only need direct masquerading to be done (no proxies are currently working on the net) I made all the necessary changes as outlined in the examples supplied with the software. Since I needed to have Samba to keep working on the network, I opened (among others) 139 port for samba to work.
Double checked all the changes that I have made and run rcSuSEfirewall2 to see what happens. Strange enough when wvdial executes it tells me that DNS is not functioning properly since www.suse.com cannot be found (or something like that please forgive me I am away from the Linux station now).
Further on, when I open mIRC or other like programs (winmx etc) from a station, I look at the activity of IPtraf (I check this to see what happens) and I see no connections being created whatsoever.... mIRC prompts me that there was an error trying to find the host....
I have made no changes to the Win9X PCs.
Is there something that I am forgeting to do?? I undestand that it is impossible for all of you to react to this since I have no output of the SuSEfirewall.conf file being published to this message.... I understand.
Can someone please send me their configuration file so I can see what you have done, on a system that currently is working fine?? In addition, is there something that I have to do regarding route or routing??
What about the Win9X PCs?? Is there something that I have to do there??
I thank you so very much for all your help is advance!!!! I am killing myself trying to figure this one out for about 2 weeks now and managed nothing more than thin air!!!!!
Chris
Hi!
I implemented a ssh conection from the outside to my intranet. This ssh requires a username and a password.
In terms of security what is more secure: require authentication (username and password) or having the public key of each user that connects to our intranet in the
authorized public key lists (in this case there is no need for username and password)?
In the second case there is no need of authentication and only the users wich have the public keys in the list are allowed to enter in my intranet.
This second solution is a good solution or that brings other security problems ?
Thanks.
--
Farewell.
"Keep your friends close, but your enemies closer."
"Do or do not. There is no try" - Yoda
João Reis
-------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: glibc
Announcement-ID: SuSE-SA:2002:031
Date: Friday, Aug 30th 2002 19:00 MEST
Affected products: 7.0, 7.1, 7.2, 7.3, 8.0
SuSE Linux Database Server,
SuSE eMail Server III,
SuSE Linux Enterprise Server,
SuSE Linux Firewall on CD
SuSE Linux Connectivity Server
SuSE Linux Office Server
Vulnerability Type: local/remote privilege escalation
Severity (1-10): 6
SuSE default package: yes
Cross References: CAN-2002-0391, CERT CA-2002-25
Content of this advisory:
1) security vulnerability resolved: glibc
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- ethereal
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
An integer overflow has been discovered in the xdr_array() function,
contained in the Sun Microsystems RPC/XDR library, which is part of
the glibc library package on all SuSE products. This overflow allows
a remote attacker to overflow a buffer, leading to remote execution of
arbitrary code supplied by the attacker.
There is no temporary workaround for this security problem other than
disabling all RPC based server and client programs. The permanent
solution is to update the glibc packages with the update packages
listed below.
Notes, Special installation instructions:
* The update packages for the SuSE Linux distributions 7.0 and 7.1
have not been built yet. The packages for these distributions will
be published in approximately two weeks (mid September) from now.
* The names of both the source RPM as well as the binary RPM (sub-)
packages have changed between different SuSE Linux products.
Overview:
dist | source-RPM | shared libs | static libs,header| profiling
-----------------------------------------------------------------------
7.0 libc shlibs libc libd
all SuSE products after and including SuSE Linux 7.1
glibc glibc glibc-devel glibc-profile
Find out which of the four packages are installed on your system
according to the package names in the table. Use the command
rpm -q name_of_package
to query the package database for each name.
If you have your package list, download the packages that you need
from the URLs as listed below. Verify their integrity and authenticity
following the guidelines as described in section 3) of this security
announcement.
* PRECAUTIONS
The shared libraries package of the glibc is the most sensitive
part of a running Linux system, and modifications to it should be
handled with special care. During the update of the shlibs/glibc
package, runtime-linking the shared libraries is likely to fail for
processes that execute a new binary with the execve(2) system call.
Therefore, we recommend to bring a system to single user mode
("init S") to perform the package update. If this is not applicable
for operational reasons, a system receiving the update should be kept
as quiet as possible (no shell scripts of any kind, no cron jobs, no
incoming email).
* After performing the update, you should run the following command
on your system:
/sbin/ldconfig
ldconfig will rebuild the runtime linker cache. If you use YOU
(Yast2 Online Update), the ldconfig command will be executed
automatically at the end of the update.
The shared libraries that were installed on the system before the
update have been removed from the filesystem, but they are still
in use by the running applications. Therefore, the diskspace as well
as the memory will not be freed until the last process that uses
these files exits. We recommend to reboot the system to workaround
this problem.
Listed below you find the URLs for the update packages for the SuSE Linux
products. We only list the packages that are relevant for the security update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
Intel i386 Platform:
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/glibc-2.2.5-123.i386.rpm
57bb8eb5e4355539f01ee9dc2e1b790e
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/glibc-devel-2.2.5-123.i386.r…
cf1a18510a8e78914500c10cc9b79bf0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/glibc-profile-2.2.5-123.i386…
a03333bb8a0bd77def78b633d790fdb2
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/glibc-2.2.5-123.src.rpm
5ca1e41a5ab22282b0cd0ecc5c286093
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/glibc-2.2.4-75.i386.rpm
b6c392faf66f4a3e23f9f8ba70166496
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/glibc-devel-2.2.4-75.i386.rpm
f4616d3ddcaef2847b113f2ac7a86866
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/glibc-profile-2.2.4-75.i386.…
a8d5377fc289837c5b9d7902785ea1fe
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/glibc-2.2.4-75.src.rpm
646af6d0e99f54fd03eb0ec99449df36
SuSE-7.2:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/a1/glibc-2.2.2-64.i386.rpm
1408ad17ef2bc543cb9ff42cb2813f99
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/glibc-devel-2.2.2-64.i386.rpm
283d808402eed8f0f4a8ae2b64b91e17
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d2/glibc-profile-2.2.2-64.i386.…
d23a61431b924e5c2e09861463f5489d
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/glibc-2.2.2-64.src.rpm
9019bbfd6a6952bb154bdcf7cd8d37d3
Sparc Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/a1/glibc-2.2.4-43.sparc.rpm
df6be3f3b427f4ca6cd27b12dbf16fc8
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d1/glibc-devel-2.2.4-43.sparc.…
f90e87513d996235cb2711286371dfae
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/glibc-profile-2.2.4-43.spar…
bc659d5181c4d571950821a978fa6ab2
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/glibc-2.2.4-43.src.rpm
846403d32700d8173e10932517926fc3
AXP Alpha Platform:
- no new packages -
PPC Power PC Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/a1/glibc-2.2.4-63.ppc.rpm
2294e4d4777954e7d7c85b6a4e5c8ef7
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d1/glibc-devel-2.2.4-63.ppc.rpm
f68b4b421cd5af4e62a80e9a2c803bd6
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d2/glibc-profile-2.2.4-63.ppc.rpm
0f837c5c1e4bac59e73a0d23b0d88187
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/glibc-2.2.4-63.src.rpm
fdef49ff7f4ec9546f1e9d8bd46e8fa9
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- ethereal
Multiple overflows and other security related problems have been found
in ethereal, a network traffic analyzer program. We have provided update
packages on our ftp server that upgrade the ethereal package to the
latest version 0.9.6. A backport of the security fixes to the versions
supplied in the released SuSE Linux products does not seem feasible.
We will not release an own announcement for this specific problem.
- postgresql
A buffer overflow has been found in the postgresql database management
system. We are about to prepare update packages for this vulnerability.
- openldap2
Andrew McCall reported a problem within the openldap2 package which could
lead to a denial of service attack against the slapd server. This problem
has been fixed. New openldap2 packages will soon be available.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security(a)suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SuSE in rpm packages for SuSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SuSE Linux distributions version 7.1 and thereafter install the
key "build(a)suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security announcements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
=====================================================================
SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SuSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
Roman Drahtmüller,
SuSE Security.
- --
- -
| Roman Drahtmüller <draht(a)suse.de> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPW+lVney5gA9JdPZAQF0cQf/bLrFDn0vzfXuT+LZ+lME3R438/PM9IOU
XfUKz8rKJk14pkHMHxI6MCxzQnNS41jajE9XkG6i4z89bGy5+8cXShl6Jl+woVWN
iwCJC8U1BgMKXHq3ns5c0+YzQpD7f7YQSUUXoCLoARNYMS/A8b4FHmX942uurjKg
u4VKCe4nV0VY9ydn8hHtb+AtA/2FEkuK2J7b5jeh80UeC0ZzysahawB8zyOmaOYm
ip1ji2YmuKzsVcVd1Wy7gQUkUmzTIxGX7XB4UaAJY99NeXkeBapRgDKRgNVdj06a
QVu1Yh/0jA4XptOIUlBdwYLUPckRR0EV3xeYl6kmb/V7cDJesvGHRw==
=g3B7
-----END PGP SIGNATURE-----
-
Hi , , I am trying to configure my
server as DNS i am never able to figure it out what is the error
my files looks like the attahcment i have enclosed but it when i do
nslookup on my local system and try to resolve my hostname it never
work. i did not find any bind program like 'ndc' supported by other
unix OS.
like
nslookup *** Can't find server name for address 64.252.31.94 : No
response from server
set type=SOA
> sambitnanda.com
Server: ns2.snet.net
Address: 204.60.0.3
*** ns2.snet.net can't find sambitnanda.com: Non-existent host/domain
which should work from my local system
Question 2
what is the way i can open my ftp , i changed my inetd.conf to like
ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -a
# ftp stream tcp nowait root /usr/sbin/tcpd proftpd
# ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
but it never works.
thanks
Sambit
$TTL 172800
@ IN SOA sambitnanda.com. root.sambitnanda.com. (
25082002 ; Serial
2508 ; Refresh
7200 ; Retry
864000 ; Expire
86400) ; Minimum TTL
NS sambitnanda.com.
1 PTR localhost.
$TTL 172800
@ IN SOA sambitnanda.com. root.sambitnanda.com. (
25082002 ; Serial
2508 ; Refresh
7200 ; Retry
864000 ; Expire
86400) ; Minimum TTL
NS sambitnanda.com.
4 PTR sambitnanda.com.
;
; There might be opening comments here if you already have this file.
; If not don't worry.
;
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
options {
directory "/var/named";
datasize 20M;
listen-on { 64.252.31.94 }
// Uncommenting this might help if you have to go through a
// firewall and things are not working out:
// query-source port 53;
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0";
};
zone "31.252.64.in-addr.arpa" {
type master;
file "64.252.31";
};
# zone "50.10.10.in-addr.arpa" {
# type master;
# file "64.252.31";
# };
zone "sambitnanda.com" {
type master;
notify no;
file "sambitnanda.com";
};
search sambitnand.com 64.252.31.94 204.60.0.3 203.60.0.2
nameserver 64.252.31.94
nameserver 204.60.0.3
nameserver 204.60.0.2
$TTL 172800
@ IN SOA sambitnanda.com. root.sambitnanda.com. (
25082002 ; Serial
2508 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Minimum TTL
)
@ IN NS sambitnanda.com.
IN A 64.252.31.94
IN MX 10 sambitnanda.com.
TXT "Sambit Nanda Org "
localhost A 127.0.0.1
sambitnanda.com. A 64.252.31.94
ns A 64.252.31.94
www A 64.252.31.94
mail CNAME sambitnanda.com.
ftp CNAME sambitnanda.com.
The CERT/Debian announcement referring to Hylafax brought me to
http://www.hylafax.org/4.1.3.html "Also fixed is a buffer overflow
condition when receiving fax image data which potentially could be
exploited to execute arbitrary code as root."
Are the SuSE packages affected as well? Are you working on update
packages?
Kevin
--
_ | Kevin Ivory | Tel: +49-551-3700000
|_ |\ | | Service Network GmbH | Fax: +49-551-3700009
._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de
Service Network | 37081 Goettingen | http://www.SerNet.de/
While verifying a user could actually log in, I just noticed some weird
behaviour with our new SuSE 8 boxen; The remote session hangs (and the
process is not killalble) when I try to su from root to my own account.
You may say that that is pointless, as indeed it is, since I could just as
well exit my su session, but still... this shouldn't happen, IMHO.
Is this behaviour correct ? Can anyone here reproduce this at all ?
maarten@new4:~> id
uid=500(maarten) gid=100(users) groups=100(users)
maarten@new4:~> su -
Password:
new4:~ # su - andrew
andrew@new4:~> id
uid=504(andrew) gid=100(users) groups=100(users)
andrew@new4:~> logout
new4:~ # su - maarten
[at this point everything hangs, neither control-c nor control-z help]
Greetings,
Maarten
--
This email has been scanned for the presence of computer viruses.
Maarten J. H. van den Berg ~~//~~ network administrator
VBVB - Amsterdam - The Netherlands - http://vbvb.nl
T +31204233288 F +31204233286 G +31651994273
Hello everybody,
tying still to conf. my remot to log in without any passwd using the SSH Key Authentication. I generate a key via ssh-keygen. copied the "identity.pub" file into the "remote:/$HOME/.ssh" --> appended the file to the "authorized_keys" file.
than I restart the sshd on both machines --> try to log me in to the remote-machine via ssh and the result was that I had to enter the remote passwd again. Is there anybody who can help me, to solve this problems.
thanx for your hints, regards Dom
________________________________
Assistent ISB-TeamTechnik
Dominik Metzler
Plattenstrasse 14
CH-8032 Zuerich
Every big release brings new bugs as well - 0.7.1 should fix them all :)
>From the changelog:
* Fixes for 0.7.0
+ Warning message about ftp_proxy, even if not set, fixed
+ Man page/cronjob-template cleanups
+ Wrong "wget error 1" message bug fixed
* Suppression of common wget error messages (that are no errors)
* The patches.cont directory is now only checked on SuSE 7.3
* Option --nocont changed to --patchescont
Have a lot of fun ...
Markus
--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(a)gaugusch.at X Against HTML Mail
/ \
