openSUSE Security October 2004

security@lists.opensuse.org

81 participants
58 discussions

by MB

Hi list, Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection. 1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts 2. Is there a simular way for VSFTP I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts? Matt SuSE 9.1 --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we.

17 years, 6 months

SUSE 9.0 Pro Production Quality?

by Eric Kahklen

I had a discussion with my local LUG and a member had some interesting threads to share. Basically it showed that SUSE 9.0 is not really a production level version. For production level use, it is recommended to go with the Enterprise version of SUSE. Has other people got this impression? My concern is that my company can't afford to purchase any more software at this time so would I be better off looking at something like Debian? I know this is kind of off topic, but basically I am curious if 9.0 Pro is secure and stable enough for my organization needs. Thanks, Eric -- ______________________________________________________________________

17 years, 7 months

firewall and isdn dialin

by Matthias Gottschlich

Hi there, i use suse 9.1 on my old laptop to use it as WLAN-Router and isdn dialin server. On the laptop runs a dhpcd and prism-wlan-card is included (through pcmcia). i configured ippp0 as default -route and set dial on demand. My other laptops get their IP-addresses, routers and nameservers from dhpcd-server over wireless lan. I configured a firewall for masquarading (IP-Forward is set), set my internal net to "wlan-....." and the externet network to ippp0. In yast i set "restart firewall" to true in the configuration of my provider. This results in restarting the firewall on every dialin and every shutdown of the isdn-connection. But i get a problem. After shutdown of isdn, the laptops creates a new isdn-connection on demand, but the firewall prevent a connection to the internet and reports "DROP-ILL-TARGET"-Messages. It seems that the IP-adresses of ippp0 had changed an the firewall doesn't know it. I found that the firewall was started in ip-up and ip-down script (ip-down is only a symbolic link to ip-up). I deleted the call to "start_firewall" in the ip-down section. The firewall only restarts on a dialin. Now it works. The firewall doesn't prevent my server to use the new dialin-isdn connection. Is this a error in the scripts? Do i something wrong? best regards Matthias Gottschlich

17 years, 8 months

SuSEfirewall2 complains on "ip6table_mangle"...

by Peli

(I sent this already to "suse-linux-e(a)suse.com", but didn't get any answer; I just hope, that here someone can give me advice...) Hi All, I thought, that everything is just OK with my ip6 settings under my SUSE 9.1, but very recently my firewall started to complain concerning "ip6table_mangle": Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091 buckets, 32728 max) - 300 bytes per conntrack Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter `ip6table_mangle' I did the changes written by SUSE, how to disable ip6 networking, so in etc/modprobe.conf stands now: alias net-pf-10 ipv6 install ipv6 /bin/true Additionally in my /etc/sysconfig/SuSEfirewall2 is: FW_IPv6="drop" FW_IPv6_REJECT_OUTGOING="yes" Could you please suggest me a way how to block ipv6 completely, but avoid the above mentioned error message in the same time?! Do I actually need ip6_tables to be loaded?! (The machine is a stand-alone PC sometimes with eth0 via ip4, and sometimes with ppp0 via single dial-up...) Thanks in advance, Peli

17 years, 8 months

load mod_perl-startup.pl on Apache2

by Paolo Santancini

Hi all, setting up mod_perl-startup.pl on Apache2 (SuSe 9.0) I receive this message "mis-spelled or defined by a module not include in the server configuration". What do it want? Before setting up the module, I installed the mod_perl-startup.pl and www/perl-lib. Anyone may help me? Thank a lot Paolo

17 years, 8 months

file sync one way; what's the best option?

by piet

To me it is a matter of security, hopefully it is not too off-topic: I have a suse9.0-box1 which has all my images (photo's i am a photographer) stored now I want to sync them with a box2, I am working on (a suse9.0-box2) but I did some adjustments to most of the images so I don't want images of box2 overwritten by the ones of box1, only add the images that are allready on box1 but not yet on box2. My handbook suggests unison, but I can't figure out howto: update box2, with leaving altered files untouched, and leave all the files of box1 untouched someone suggested svn but I can't get that working. what I do now is load them to a winXP box use winSCP with has an option of sync-local or sync-remote, but that's a bit of a hassle. As de amount of images several gig's I want a reliable way of working. thanks in advance for any suggestion, piet

17 years, 8 months

ot: will somebody please clean this list, give advice during signup and/or stop sending autoreplies to bulk mailing lists? thanks.

by Andreas Bittner

i constantly get annoying autoreplies from paradise support (paradise_custhelp/com) on the suse security list. i tried to forward their messages to the list owner, and to some other folks, but to no avail so far. when will people learn to configure their mailing clients properly, or not sign up mail aliases, support addresses to bulk lists? maybe some more information, hints or even rules *before* letting people to signup to the lists are actually needed. cheers, andy.

17 years, 8 months

Re: [suse-security] Why some patches are not inclded in Security Announcement? [Incident:041014-001079]

by goodman

Re: [suse-security] Why some patches are not inclded in Security Announcement?Are there any replies for this thread? I doubt that Suse is aware of their break of "Security Announcement" claimed in their web site. Ben ----- Original Message ----- From: Paradise Support To: goodman.gao(a)163.com Sent: Thursday, October 14, 2004 2:27 AM Subject: Re: [suse-security] Why some patches are not inclded in Security Announcement? [Incident:041014-001079] Suggested Answer Thank you for contacting us regarding your issue. This has been escalated and you will be contacted shortly. Discussion Thread Customer ( goodman) 14/10/2004 11.27 PM Could you tell me if those patches not liesed in Announcement are minor to importance or severity? Thanks, Ben >On Thu, Oct 14, 2004 at 12:01:35AM -0800, goodman wrote: > I find some security patches in Suse web page, but no presence in Security >Announcement. Why? Does it break Suse's Security "Announcement"? >We do not send out announcements for all issues and updates we do. >Maintenance customers get notifications mails for any update. >Normal box customers get their updates via YOU. >We mention unannounced updates in a section of other security announcements. >Ciao, Marcus

17 years, 8 months

Re: [suse-security] Tripwie Segmentation Fault on Suse 8.2

by Ryan McCain

I use "afick" .. Its very simple and gets the job done. Search for "afick" on freshmeat or sourceforge. thanks, ryan >>> Milind Nanal <milindyn(a)rolta.com> 10/20/2004 4:55:35 AM >>> I am in the process of migrating my service from RedHat to Suse. I was sing tripwire to carry out file level audit on RedHat. I am facing problem in setting up the same on Suse 8.2. It is giving Segmentation Fault. Need your help on this. Also any alternative file integrity tool for suse may be suggested. Regards, Milind -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help(a)suse.com Security-related bug reports go to security(a)suse.de, not here

17 years, 8 months

squid and antivirus

by Cristian Del Carlo

Hi! I use a suse 9.1 professional as server proxy with squid and squidguard . I have install on that machine clamav to have an antivirus. Which is the better system to have on-line scanning of the files that users download? I found this softwares : http://viralator.sourceforge.net/ http://www.aerospacesoftware.com/willowbark-howto.html But i don't know if they work with suse 9.1 and if they are stable. Best regards, Cristian Del Carlo

17 years, 8 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security October 2004