December 2004 - openSUSE Security - openSUSE Mailing Lists

Suse PAM issues
by Jason Monroe "JC" 16 Dec '04

16 Dec '04

Hello All, I'm curious to know where I might send questions related to PAM configuration issues on SUSE? Thanks, JC

1 0

email after loggin
by Markus Maria Miedaner 16 Dec '04

16 Dec '04

Hi list, that's a pretty good idea. the only thing I am worried about because of my old pc ( ;-( ) is that these log-watchers may slow done the system a little bit. What about the following: edit /ect/hosts.allow and invoke a scirpt everytime the ssh deamon, or what ever protocoll you like, gets acitve to check (eg.: with who or last -n 2 or ....) to see if the loggin was successfull. should look like: sshd: IP : spawn script-whos-there and the script-whos-there should include the mail -s user-XXXX-logged-in I know this may take a few if-then loops but should work... The major drawback currently is that I do not know if hosts.allow allows the use of=20 wildcards for the ip's.=20 This solution worked quiet fine at home-net.... anyway, let me know if that solved your problem / how you solved it.... cu, markus __________________________________________________________ Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min. weltweit telefonieren! http://freephone.web.de/?mc=021201

1 0

pending vulnerabilities ( Squirrelmail )
by Cleo 13 Dec '04

13 Dec '04

hi, in the last SUSE Security Summary Report SUSE-SR:2004:003 I don't see squirrelmail in the pending vulnerabilities or in the list of solved security vulnerabilities When the patch for this vulnerability http://article.gmane.org/gmane.mail.squirrelmail.user/21169 is envisaged ? Thanks. Cleo

1 0

Email after Console-Login
by Kai Pfeiffer 12 Dec '04

12 Dec '04

Hello list, I have a rootserver with remote-console. After I have recognised, that my provider stores the password for the remote-console in plain-text, I'm worried about security. - The bootloader password is set and active. - Singleusermode is not allowed Can someone describe me a simple solution to send me an email after a login-attempt (failed or succeded). The destination of this email should be an account of my email-provider. Thanx Kai Pfeiffer

3 2

What firewall for LAN with ipcop like interface ?
by Robert Rozman 12 Dec '04

12 Dec '04

Hi, I have ipcop (www.ipcop.org) acting as firewall/nat router in my home LAN. I like its easy interface and setup. But would like to add some other things to my EPIA PC running ipcop (video surveillance, VOIP) - and I thought using more general distro would be easier way. I'm Suse fan so I'm curious what app would let me do similar Firewall/NAT router system with easy web interface or other interface under Suse ? Thanks in advance, regards, Rob.

1 0

Best tool to check security ?
by Robert Rozman 12 Dec '04

12 Dec '04

Hi, I wonder what security check up package would you recommend ? Is Nessus the right one, or should I pick something else ? Regards, Rob.

3 2

Re: Where to Deploy Trend Micro viruswall?
by Invalid Addr3ss 11 Dec '04

11 Dec '04

Replying to "Nuno Ferreira" <negocios_online(a)netcabo.pt> The (umm.. NETGEAR 8 Port 10/100 Mbps Ethernet) switch is something I bought 7 years ago when I first started to network my SOHO. Win 95 and 98. So I have always felt compelled to keep it. Ethernet switches allow your Ethernet cards to operate in Full Duplex mode. It's mainly a hub, bridge. I use it as a uplink for others devices, workstations, servers. Keep the work-horse off of the firewall/router, if and when I share *LARGE* files on my LAN. Sending and receiving data at the same time, gets dedicated bandwidth instead of shared bandwidth. Separating systems that have sensitive data from the rest of the network decreases the chances that people will gain access to information they are not authorized to see. There is something about this that eliminates the need for other workstations attached, to examine each packet broadcast on the netwok, I think. For a boring read: http://www.microsoft.com/technet/security/guidance/secmod40.mspx See Figure 2. It's like my basic SOHO. This computer duty is E-mail and Chat only. invalid@addr3ss:~> su - Password: addr3ss:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface link-local * 255.255.0.0 U 0 0 0 eth1 10.0.0.0 * 255.0.0.0 U 0 0 0 eth1 loopback * 255.0.0.0 U 0 0 0 lo default 10.10.2.16 0.0.0.0 UG 0 0 0 eth1 Genmask The netmask for the destination net; '255.255.255.255' for a host destination and '0.0.0.0' for the default route. Flags Possible flags include U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route) Firewall/Router | | Switch / \ / \ Linux XP Don't feel bad, I'm a newbie also. Happy Holidays to all. Invalid Addr3ss On Friday 10 December 2004 03:30, Nuno Ferreira wrote: > Hi. > > I am a newbie in this area, and I found intriging your using of a switch > after the router...can you tell me what´s the use of it? > > Regards > Nuno > > -----Original Message----- > From: Invalid Addr3ss [mailto:invalid_addr3ss@excite.com] > Sent: domingo, 5 de Dezembro de 2004 7:53 > To: suse-security(a)suse.com; focus-virus(a)securityfocus.com > Subject: Where to Deploy Trend Micro viruswall? > > Hello All > > I was wondering where to put a Trend Micro Viruswall in my network. > My basic setup follows below. SOHO > > Internet > > > Cable Modem > > > Firewall/Router > > > Switch > / | \ > / | \ > Linux | XP > > Print Server > > > Printer > > Thanks > > Invalid Addr3ss > -- > Q) What do you get when you mix a spammer with a hacker? > > A) A Spacker

1 0

9.1 ---> 9.2 ???
by Dick Davis 10 Dec '04

10 Dec '04

Hello List, We are contemplating upgrading 9.1 Prof. ----> 9.2 Prof. We had/have several problems with the current 9.1 version, YaST broke after on-line Update, YaST Repair did not really repair, After on-line update the properties for sound files changed form File Type Sound file to File Type Text file. Since this is not a complaint forum I'll restrict myself to mentioning just these but there are many more issues. In short, not a real pleasant experience. Any of these and/or other problems known in version 9.2? How is the security level? Thanks for your response(s) Dick Davis

3 2

KDM howto display last login and logout
by Daniel Wirth 10 Dec '04

10 Dec '04

Dear list, to confirm to customer's security policies, we require to setup kdm to display a users last sucessfull / non-sucessfull login _and_ logout-times. Can anyone provide me with a better idea than posting "last | grep $USER | xmessage" ? Thanks in advance Daniel

1 0

Security Boot X server Issues
by Rodney Wishart Jr. 09 Dec '04

09 Dec '04

Several strange problems have recently appeared when booting my SuSE 9.0 system. The first and most strange is that when typing my password the "*******" no longer appear in the password box, it just remains blank and the cursor does not move. After pulling my hair out for several hours, I realized that if I typed the password in the box anyway and clicked OK everything booted as normal. I can live with this quirk (I'm sure its some new security feature), but where did It come from and how can I change it back so my ******** appear as I type. Additionally, I can no longer shut down my system directly from a user logon session. I can only log off and must shut down from the kde boot screen. Again I would like to change things back to the way they used to be, if I can. Finally, I know this is becoming a long post, I can no longer log on to KDE as root. The screen flashes and I am dumped back to the KDE logon screen and I must logon as a normal user. I know its not advisable to do this but I noticed this after the following problem appeared. Trying "sux -" logged on as a normal user in an xterminal will not alow me to run any x related programs. I continue to get "Xlib: connection to ":0.0" refused by server, Xlib: Protocol not supported by server, "programx": cannot connect to X server :0.0 errors. I know the xhost +local:root workaround, however I would like to get everything back the way it was before this mess started. I believe this was caused by SuSE watcher automatically updating my system with "new and improved" security fixes. I have since disabled automatic updates. Sorry for the long post I would really appreciate any help I could get. Thanks, Rodney

2 2