NOW I AM REALLY PISSED OFF!
At first I wanted to title this "DOS attack performed by SuSE" or
"Sabotage performed by SuSE", but I managed it to cool down a bit, so I
hopefully don't hit the wrong guy(s), but someone's got to be blamed and
flamed, since this is a neverending story. I don't know if it's the team
working on WINE or SuSE team compiling the packages for the distro, I
assume it's both of them at the end.
What they allow themselves is a pure sabotage and because it repeats in
several distributions (I can remember at least the last 4-5) I can't
believe that is an act of ignorance or a minor failure:
I have never in my life had anything to do with ISDN and I don't have
any hardware for this shit and I am even less interested in getting it,
but SuSE is FORCING me to install ISDN packages, nevertheless. I ALWAYS
deselect this crap and set it to "tabu", but the first time the system s
allowed to automatically install a packet I happen to need (e.g. bttv in
my case), it IGNORES any settings from installation time and installs
all things I do not need: capi4linux, a bunch of isdn packages, formerly
even "gnokii". Have you ever noticed that even if you deselect
capi4linux, there are still packages required by it? Story background: I
use wine sometimes and want it in my computer. Now, some brainless
idiot(s) have set the package requirements so that you can't dodge,
you'll get shot down anyway. Do they have something against smoothly
running systems? Mine was OK, then I let the system automatically
install packages needed for my TV card, and what happens? My computer
hangs while trying to unload ISDN modules on reboot, and can't reboot
any more!!! The only thing that helped was he reset button. After
reboot, I saw there was a new entry in runlevel editor - you guess -
"ISDN" and it was ON!!! I'm lucky this happened in my test machine and
not in one of the servers I have running SuSE, but I am still VERY
What now? I don't believe that SuSE people are a bunch of idiots,
because they have done many good things and hopefully will keep on doing
them further. I don't believe it HAS to be this way, because other
distributions don't do this to me/us. I don't believe they haven't
noticed this, because this repeats for years, so what remains? Nothing I
can think of but pure ignorance. This is not the only one thing that
made me jump over to gentoo, but this is the only one that made me write
this letter already three times ago, but every time till now I cooled
down and trashed the mails. Now I won't. I have payed 90 EUR for the
shit and I WANT IT WORKING PROPERLY! Don't you, wouldn't you, too?
Dr. Nihad Mujkanovic
I'm just playing a bit with IBM's SSP
( http://www.research.ibm.com/trl/projects/security/ssp/ ) and GCC
3.4.1. Since OpenBSD, Gentoo and others already ship with it, i wonder
what do the SuSE security people think about SSP? Will SuSE support it
in the future and if not, why? Is SSP really such an improvement as
some say it is?
I've got one or two questions egarding those still missing critical
Suse 9.1, Apache2, mod_php
1. AFAIS, in Suse 9.1, most modules can be found in
/usr/lib/php/extensions. Would it be sufficient to download PHP 4.3.10
from php.net, compile and install it into a different directory
(--prefix), to get rid of the bugs? AFAIS, (un)serialize() and
(un)pack() are part of the PHP core.
2. To "get back" to SuSe RPMs, is it sufficient to install the Suse
apache2-mod_php-4 RPM as soon as it is available? (And perhaps to
manually remove the install directoty from step 1 above). The RPM
should overwrite /usr/lib/apache2-prefork/libphp4.so and all other
newly installed files, I presume?
Thanks for all comments - even if those questions *are* a little dumb,
I fear. :)
Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection.
1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts
2. Is there a simular way for VSFTP
I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts?
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
i install in server web and firewall suse linux professional or openbsd.
I find in openbsd some security settings and security applications very useful that i don't find in suse 9.1:
1) Apache in chroot by default
Is possible to have in suse the possibility to chroot apache with an option in /etc/sysconfig/apache2 like dhcp or
named? Now to have apache2 in chroot i use modsecurity ( that i must compile in to the system).
A very useful application is systrace, with this application is possible to execute the services with the possibilty to
control the system calls. Is possible to use it in suse linux?
Cristian Del Carlo
> Er, a vulnerablility that hasn't been discovered isn't a danger to
anyone > and doesn't need protecting against! I'm not sure what you mean
I would sure hope that this is NOT the views of the Novell/SuSE team...
> Not that many I suspect. SSP is unlikely to make a vulnerability
> unexploitable, just harder to exploit. If I were penetration testing a
> machine I knew to be using SSP I'd just craft my exploit accordingly.
> Sometimes SSP/Stackguard/Stackshield/et al make it impossible to
> vulnerability, but that is far from guaranteed. More likely the
> just needs to try harder.
> You appear to be under the impression that these sorts of tools offer
> genuine protection. They don't. They sometimes downgrade a code
> exploit into a denial of service (because the "protected" program will
> still crash when its buffer is overflowed), but in general they just
> the attacker to work harder.
But when dealing with script kiddies, any delay or difficulties you can
cause very well may make the difference. In general, anything that one
can do to increase the security of an information system under their
control is a good thing. And any tools the vendors can provide us only
helps to increase the security posture of our systems.
Downgrading a local / remote compromise (or code execution exploit) to a
denial of service is a great step forward. It could mean the difference
of joe hacker crashing your system or having your shadow file - which
would you prefer? I personally would prefer that my system be crashed
than having to deal with a security incident.
> Mail interface giving you shit huh ;)
Yeah... freaking windoze for mail.. ugh.
> Do you say that at work? From the addy I see Military, and I
> know you guys have some Windows boxes somewhere, unless they
> were finally taken out. scares me when the Army uses Windows....
> Or any other team who protects.
I couldn't agree with you more on that. I admin Beowulf clusters, so my
exposure to windows is pretty much only for e-mail and the like.
However, I am very vocal about the security (or lack thereof) of
windows. Nice thing about being a contractor ;)
> And lose my uptime???????? That bastard better hope he
> grabs the shadow file, at least that way I have one IP
> in the logs instead of 300 a second. Then I can retaliate.
> What's he going to do, say he was rooting me and I attacked
> him ?
Well, in our environment, data loss or a root compromise would be much
worse than the cluster's head node being offline for a few minutes. I'd
rather reboot a downed system than have to explain to the government
folks why someone in Korea or another unfriendly has their data.
Downtime is much easier to explain in many environments than a system
compromise. And often the data which is on a system is far more
important than maintaining a 99.999999999999% uptime.
I have some questions concerning the backup of a cyrus imap server:
Do you have any hints how to backup a Cyrus IMAP Server in general?
I found two basic solutions, none of which seem perfect:
a) stop the server, backup /var/lib/... AND THE CONFIG FILES, restart
b) make a snapshot of the filesystem (e.g. following the cyrus wiki)
Solution b) seems a little much for a simple backup, but i don't want
to stop my IMAP Server during the backup.
So my questions are:
Are there better solutions? There must be, hm?
How long does Cyrus have to be down during backup? Do you have any
Mit freundlichen Grüßen
Bitte beachten Sie unsere neuen Adressdaten! Vielen Dank.
Feilner IT Linux & GIS
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092
mail mfeilner(a)feilner-it.net web http://www.feilner-it.net
I would like to update the php package on a old SuSe 7.3 box.
Because there are no further updates available I decided to download the
newest version 4.3.10.
I have never updated php in these constellation.
Is there a reason why I should not do this or could this be a problem?
Thanks for any hints
I am trying to follow IDEALx's "Samba3-LDAP PDC Howto" and am having
difficulty with the PAM configuration portion of this because i am trying to
install on SuSE Linux Enterprise Server 9 and SuSE does not use the
pam_stack.so module so there is no catchall system-auth file to edit as the
Since there is not a system-auth file, i wonder would it be sufficient to do
the necessary edit's to the /etc/pam.d/samba file? I know in some cases the
/etc/pam.d/other file is used, when a specific config file for a service is
not found in the /etc/pam.d directory.
Can someone with a better understanding of the pam configuration, tell me
which config files (lacking the system-auth file) in the /etc/pam.d
directory are needed to make the overall setup work? And are the changes to
these files the same as would have occured in the system-auth file?