Hi list,
Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection.
1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts
2. Is there a simular way for VSFTP
I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts?
Matt
SuSE 9.1
---------------------------------
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
I had a discussion with my local LUG and a member had some interesting
threads to share. Basically it showed that SUSE 9.0 is not really a
production level version. For production level use, it is recommended
to go with the Enterprise version of SUSE. Has other people got this
impression? My concern is that my company can't afford to purchase any
more software at this time so would I be better off looking at something
like Debian? I know this is kind of off topic, but basically I am
curious if 9.0 Pro is secure and stable enough for my organization needs.
Thanks,
Eric
--
______________________________________________________________________
Hi there,
i use suse 9.1 on my old laptop to use it as WLAN-Router and isdn dialin
server.
On the laptop runs a dhpcd and prism-wlan-card is included (through
pcmcia). i configured ippp0 as default -route and set dial on demand.
My other laptops get their IP-addresses, routers and nameservers from
dhpcd-server over wireless lan. I configured a firewall for masquarading
(IP-Forward is set), set my internal net to "wlan-....." and the
externet network to ippp0. In yast i set "restart firewall" to true in
the configuration of my provider. This results in restarting the
firewall on every dialin and every shutdown of the isdn-connection.
But i get a problem. After shutdown of isdn, the laptops creates a new
isdn-connection on demand, but the firewall prevent a connection to the
internet and reports "DROP-ILL-TARGET"-Messages. It seems that the
IP-adresses of ippp0 had changed an the firewall doesn't know it. I
found that the firewall was started in ip-up and ip-down script (ip-down
is only a symbolic link to ip-up). I deleted the call to
"start_firewall" in the ip-down section. The firewall only restarts on a
dialin. Now it works. The firewall doesn't prevent my server to use the
new dialin-isdn connection.
Is this a error in the scripts? Do i something wrong?
best regards
Matthias Gottschlich
(I sent this already to "suse-linux-e(a)suse.com", but didn't get any
answer; I just hope, that here someone can give me advice...)
Hi All,
I thought, that everything is just OK with my ip6 settings under my SUSE
9.1, but very recently my firewall started to complain concerning
"ip6table_mangle":
Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter
core team
Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter
core team
Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091
buckets, 32728 max) - 300 bytes per conntrack
Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter
`ip6table_mangle'
I did the changes written by SUSE, how to disable ip6 networking, so in
etc/modprobe.conf stands now:
alias net-pf-10 ipv6
install ipv6 /bin/true
Additionally in my /etc/sysconfig/SuSEfirewall2 is:
FW_IPv6="drop"
FW_IPv6_REJECT_OUTGOING="yes"
Could you please suggest me a way how to block ipv6 completely, but
avoid the above mentioned error message in the same time?!
Do I actually need ip6_tables to be loaded?!
(The machine is a stand-alone PC sometimes with eth0 via ip4, and
sometimes with ppp0 via single dial-up...)
Thanks in advance,
Peli
Hi all, setting up mod_perl-startup.pl on Apache2 (SuSe 9.0) I receive this
message "mis-spelled or defined by a module not include in the server
configuration". What do it want? Before setting up the module, I installed
the mod_perl-startup.pl and www/perl-lib.
Anyone may help me?
Thank a lot
Paolo
To me it is a matter of security, hopefully it is not too off-topic:
I have a suse9.0-box1 which has all my images (photo's i am a
photographer) stored
now I want to sync them with a box2, I am working on (a suse9.0-box2)
but I did some adjustments to most of the images so I don't want images
of box2 overwritten by the ones of box1, only add the images that are
allready on box1 but not yet on box2.
My handbook suggests unison, but I can't figure out howto:
update box2, with leaving altered files untouched, and leave all the
files of box1 untouched
someone suggested svn but I can't get that working.
what I do now is load them to a winXP box use winSCP with has an option
of sync-local or sync-remote, but that's a bit of a hassle.
As de amount of images several gig's I want a reliable way of working.
thanks in advance for any suggestion,
piet
i constantly get annoying autoreplies from paradise support
(paradise_custhelp/com) on the suse security list. i tried to forward
their messages to the list owner, and to some other folks, but to no
avail so far.
when will people learn to configure their mailing clients properly, or
not sign up mail aliases, support addresses to bulk lists?
maybe some more information, hints or even rules *before* letting people
to signup to the lists are actually needed.
cheers, andy.
Re: [suse-security] Why some patches are not inclded in Security Announcement?Are there any replies for this thread? I doubt that Suse is aware of their break of "Security Announcement" claimed in their web site.
Ben
----- Original Message -----
From: Paradise Support
To: goodman.gao(a)163.com
Sent: Thursday, October 14, 2004 2:27 AM
Subject: Re: [suse-security] Why some patches are not inclded in Security Announcement? [Incident:041014-001079]
Suggested Answer
Thank you for contacting us regarding your issue. This has been escalated and you will be contacted shortly.
Discussion Thread
Customer ( goodman) 14/10/2004 11.27 PM
Could you tell me if those patches not liesed in Announcement are minor to importance or severity?
Thanks,
Ben
>On Thu, Oct 14, 2004 at 12:01:35AM -0800, goodman wrote:
> I find some security patches in Suse web page, but no presence in Security >Announcement. Why? Does it break Suse's Security "Announcement"?
>We do not send out announcements for all issues and updates we do.
>Maintenance customers get notifications mails for any update.
>Normal box customers get their updates via YOU.
>We mention unannounced updates in a section of other security announcements.
>Ciao, Marcus
I use "afick" .. Its very simple and gets the job done. Search for
"afick" on freshmeat or sourceforge.
thanks,
ryan
>>> Milind Nanal <milindyn(a)rolta.com> 10/20/2004 4:55:35 AM >>>
I am in the process of migrating my service from RedHat to Suse. I was
sing
tripwire to carry out file level audit on RedHat. I am facing problem
in
setting up the same on Suse 8.2. It is giving Segmentation Fault.
Need your help on this.
Also any alternative file integrity tool for suse may be suggested.
Regards,
Milind
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help(a)suse.com
Security-related bug reports go to security(a)suse.de, not here
Hi!
I use a suse 9.1 professional as server proxy with squid and squidguard .
I have install on that machine clamav to have an antivirus.
Which is the better system to have on-line scanning of the files that users download?
I found this softwares :
http://viralator.sourceforge.net/http://www.aerospacesoftware.com/willowbark-howto.html
But i don't know if they work with suse 9.1 and if they are stable.
Best regards,
Cristian Del Carlo