Hi list,
Can anyone recommend a good commercial Freeswan/IPSec client for Windows
which copes well with multiple configurations e.g. remote IPSec
connections using:
Analog dial-up
GSM/GPRS card
Home broadband behind router/firewall
WLAN behind router/firewall
Have been using Marcus Mullers' ipsec.exe tool over the past year but
end users are increasingly dissatisfied with it
TIA
Michael
Yet again that topic is adressed here. in a good way, though:
i have prepared a rpm package of nmap with the modification suggested in a
post on the nmap developer list. feel free to grab it from
ftp://ftp.eregion.de/pub/ and try it out. Source RPM is there as well, for
the courious.
bye,
MH
--
Hi all, I wanted to first say thanks. Everyone here seems very nice, and
extremly intelligent. I'v been using SuSE for almost a year now and I used to
be on this list and a few others before it. And I wanted to say thanks to
everyone here because I have learned alot about securing Linux from being
here.
Question:
I know uptime shouldn't be the reason patches are installed, I install all
patches on my system but only like 2 have ever needed a reboot, and that was
Nvidia drivers and the kernel. So I was wondering what everyone's best uptime
they have ever seen was. Currently this box has ...Well, in about 30 minutes
it will have 27 days, and it is used daily. 28 days was my best untill a
power outage occured. But anyway, whats the best youv had? Or seen at a
place of work?
--
____________________________________________________
We Are 138
Your surmises are correct, in my experience.
Windows PDC is, of course, the most complete solution, although you then
have the headaches of maintaining a Win 2k server plus the huge headaches of
working out what client access licenses you'll need for it.
Samba 3 is still pretty much alpha/beta. Much as I'm keen to move to it
myself, our environment here needs fileshares as an absolutely critical
service so until our architecture changes I just can't risk it. I expect
that you are in the same situation really.
There is one more alternative. The smbd daemon seems to respect ext2
privileges so you can use UNIX style groups for your users to implement
privileges. The Windows clients don't handle this very gracefully, from
memory it makes them think that there's a problem writing to the file (when
they in fact don't have privilege).
With modern kernels the ext2/ext3 and reiserfs file systems can have full
ACLs as I understand it (untested) so you should be able to implement
anything that you could implement on WinNT. The NT users will, of course,
be slightly confused as to what's going on so you may need to educate them
with a brief email or document.
Carl Peto
>From: timo <timo.raty(a)allgon.com>
>To: suse-security(a)suse.com
>Subject: [suse-security] NT group defs from Samba?
>Date: Mon, 22 Dec 2003 09:21:58 +0200
>
>
>Newest version of samba for SuSE 8.1 seems to be based on 2.2 series
>and there exists no build for 3.0.0 or 3.0.1?
>
>The problem is that I need to install a windows application that requires
>about 10 groups from PDC - and the PDC is Samba 2.2.x on Linux.
>Samba 2.2.x series does not seem to support the "domain group map"
>so how do I provide these groups from Linux?
>
>What choices do I have and what is the suggested way of doing this?
>I think options include at least:
>- changing PDC to windowsNT
>- obtaining prebuild 3.0.1 samba for SuSE 8.1
>- building and installing from 3.0.1 sources
>- any others/suggestions?
>
>So how should I do this? Installing the windows software with
>only "users" and "administrators" groups breaks its security - and
>likely the rest of the system security after that.
>
>regards,
> timo
>
>
>--
>Check the headers for your unsubscription address
>For additional commands, e-mail: suse-security-help(a)suse.com
>Security-related bug reports go to security(a)suse.de, not here
>
_________________________________________________________________
Tired of 56k? Get a FREE BT Broadband connection
http://www.msn.co.uk/specials/btbroadband
I know the problems regarding tripwire and SuSE 9.0 have been
mentioned quite a few times on this list. The last significant
email was from Roman Drahtmueller..
http://lists.suse.com/archive/suse-security/2003-Dec/0342.html
If there are going to be any beta updates for tripwire (perhaps
at ftp://ftp.suse.com/pub/people/) then could someone from SuSE
please let me or the list know. If any help is needed then I
would be more than willing to test out any potential updates
for this package before it is released.
Thanks,
Avtar
Hallo Liste,
das Problem ließ sich mit ein wenig Lesen (1 1/2 Tage) lösen. SuSE hat die
einzelnen Authentisierungsmechanismen in einzelne RPMs ausgelagert, die sollte
man natürlich auch installieren.
Okay, jetzt funkt's
Thomas
"Thomas Ruch" <thomas(a)ruchs.de> wrote:
> Hallo Liste,
>
> Ich setze gerade meinen Mailserver neu auf (SuSE 9.0) und will auch Sieve
> (via Squirrelmails avelsieve z.B.) nutzen. Leider kriege ich per Sieve keine
> Anmeldung hin (außer sieveshell, die klappt). Im /var/log/messages meckert
> timsieved dann auch wie unten zu sehen rum.
>
> ***
>
> Dec 28 17:45:05 server master[19158]: about to exec
> /usr/lib/cyrus/bin/timsieved Dec 28 17:45:05 server sieve[19158]: executed
> Dec 28 17:45:05 server sieve[19158]: accepted connection Dec 28 17:45:05
> server timsieved[19158]: Couldn't find mech PLAIN Dec 28 17:45:05 server
> timsieved[19158]: badlogin: localhost[127.0.0.1] PLAIN no mechanism
> available Dec 28 17:45:05 server master[19118]: process 19158 exited, status
> 0
>
> ***
>
> Ein Telnet auf localhost 2000 bringt:
>
> ***
>
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> "IMPLEMENTATION" "Cyrus timsieved v2.1.15"
> "SASL" "LOGIN"
> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
> relational regex"
>
> ***
>
> Ergo, PLAIN garnicht dabei (Orginal RPM von SuSE).
> Wer weiß Hilfe?
>
> Danke Thomas
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help(a)suse.com
> Security-related bug reports go to security(a)suse.de, not here
>
>
Hello, I normally used the program qpopper, to get access to my mailboxes
from my SuSE 8.2 server with outlook.
But after a reinstall with SuSE 9.0 i'm not able to do so?
how can i make this work again?
with kind regards,
Martin.
Hallo Liste,
Ich setze gerade meinen Mailserver neu auf (SuSE 9.0) und will auch Sieve
(via Squirrelmails avelsieve z.B.) nutzen. Leider kriege ich per Sieve keine
Anmeldung hin (außer sieveshell, die klappt). Im /var/log/messages meckert
timsieved dann auch wie unten zu sehen rum.
***
Dec 28 17:45:05 server master[19158]: about to exec
/usr/lib/cyrus/bin/timsieved Dec 28 17:45:05 server sieve[19158]: executed
Dec 28 17:45:05 server sieve[19158]: accepted connection Dec 28 17:45:05
server timsieved[19158]: Couldn't find mech PLAIN Dec 28 17:45:05 server
timsieved[19158]: badlogin: localhost[127.0.0.1] PLAIN no mechanism
available Dec 28 17:45:05 server master[19118]: process 19158 exited, status
0
***
Ein Telnet auf localhost 2000 bringt:
***
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.15"
"SASL" "LOGIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
***
Ergo, PLAIN garnicht dabei (Orginal RPM von SuSE).
Wer weiß Hilfe?
Danke Thomas
hello list,
since some days I get strange messages from my mailerdaemon.
I replaced the orginal domainnames wiht mydomain.de.
My Problem is that the sender of this mail can de-alias some
internaly used names like in this sample the user1,user2.
The message to postmaster (me):
<snip>
Received: from [filename /home/admin/domains.txt] (dhcp024-166-098-000.neo.rr.com [24.166.98.0])
by merkur.mydomain.de (mailerdeamon merkur.mydomain.de) with SMTP id 07AD53AC38F
for <info(a)mydomain.de>; Sun, 28 Dec 2003 03:56:56 +0100 (CET)
Message-ID: <841f01c3ccf1$97e500c1$a9fe135a@x3c2R9A>
From: "Guard Your PC From Your Boss" <aGa@[filename /home/admin/domains.txt]>
To: info(a)mydomain.de
Subject: New Product Ready
Date: Sat, 27 Dec 2003 22:21:15 -0500
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_061_06CD_639706CD.639706CD"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Postmaster Copy: Undelivered Mail
<xNlTVG@[filename /home/admin/domains.txt]>: bad host/domain syntax: "[filename
/home/admin/domains.txt]"
</snip>
The message back to the sender(Bounce):
<snip>
This is the mailerdeamon merkur.mydomain.de program at host merkur.mydomain.de.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the message returned below.
The mailerdeamon merkur.mydomain.de program
<user1(a)mydomain.de>: host public/lmtp[public/lmtp] said: 501 5.5.4 Syntax error
in parameters
<user2(a)mydomain.de>: host public/lmtp[public/lmtp] said: 501 5.5.4 Syntax error
in parameters
</snip>
Hi there,
afaig (as far as i googled ;) others had reported the problem
with 9.0 and nmap already, but noone has a solution right now.
On 9.0 no nmap i know does work. I tried multiple boxes with
9.0 with no success. A fresh builded nmap doesn't work, too.
The same nmap sourcecode on other distro's and SuSE's works.
Ok, nmap doesn't work isn't correctly, it 'works':
Doing a nmap localhost as $user isn't a problem, scan completed
in < 1 sec. su - and nmap again -> fails:
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 36.408 seconds
ok, all will now say: 'do what nmap said..' but that isn't a solution.
nmap will run then, but doesn't give any output (it's running a few
minutes now). A firewall isn't installed and manual ping localhost as
root works.
So anyone can say something about it? A solution would be nice cause
many ppl on this list may use nmap ;)
Regards,
Sven