maybe someone could give me a hint...
I switched from:
which did global virus checking and per user spam checking with Bayes testing
which does global virus and global spam checking BUT NO PER USER spam
checking, so without Bayes testing! :-(
So the rate of unreconised spam did increase.
I fiddled around with options in the /etc/mail/spamassassin/local.cf, but they
were ignored because amavisd-new calls spamassin via perl interface and takes
some SA parameters from the /etc/amavisd.conf (beginning with $sa_).
I tried calling a SUIDed cyrus deliver (without SUID deliver hasn't got the
right: deliver: connect(/var/lib/imap/socket/lmtp) failed: Permission
denied) to user cyrus via .forward and a .procmailrc. The log said that lmtpd
was called, but depending on the syntax of deliver in the .procmailrc the
mail was delivered to the INBOX-file in /var/spool/mail or just vanished!
One example for my .promailrc:
|/usr/lib/cyrus/bin/deliver -e -a david -m user.david
and the .forward:
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"
Could someone give me a hint using sieve or procmail for a per user
Thanks in advance.
Eat, sleep and go running,
Encrypted eMail welcome!
GnuPG/ PGP-Key: 0x57809216. Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
is there any way to specify certain options for sshd only for some domains
or hosts just like you can do it for the openssh client (Host section)?
E.g., I would like to restrict the usage of authorized_keys files to certain
"trusted" domains and disallow it from other domains.
Does anyone know a way to do this?
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: -4054
Hi to all,
I need to execute a command in a remote machine throw ssh, but that
command only can be executed by one user, for example
xpto. This and all other users (except root) cannot execute commands in
the remote machine with ssh except this particular
user for this particular command. Resuming, only the user xpto can execute
only this command with ssh. All others cannot
execute any command.
Any help ?
Any reference ?
Thanks to all in advance
the latest suse security announcement for the dhcp packages doesnt list
any pending problems with the kernel packages.
i was wondering if i have missed anything about ths discussion regarding
the freezes and hangs many people experienced when this kernel updates
was released for the floating point exception problem.
how did people work around the freeze when booting this new kernel, or
does suse have any plans on fixing/rereleasing another kernel that fixes
thanks already for any hints.
OK, id did a complete new installation (same box)
with the same disk-configuration:
/dev/hda2 + /dev/hdb2 als raid1: /dev/md0 = / #root (ext3)
/dev/hda1 = /boot
from original CD SuSe 91prof.
minimal System installed.
all works fine until i upgrade the kernel 2.6.4 to 2.6.5 from
the ftp.suse.com with YOU.
The boot aborts with:
waiting for device /dev/900 to appear ...(short delay ) .... not found....
RAIDs never saved me from a "dilemma",
for me, the always created one !
Just like the first release of tripwire for SuSE 9.0, the recent security
update, 2.3.1-184 segfaults.
[ root@shadow ] ~# rpm -q tripwire
[ root@shadow ] ~# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Software interrupt forced exit: Segmentation Fault
I get the same results on two separate machines, one 2x/P2-333 and one P4-1.7.
Both systems had been using the previous version of tripwire without any
problems, and both are running 9.0. (I haven't purchased 9.1 due to issues I
have with th 2.6 kernel that are outside SuSE's control) I am not going to
update any of my production servers with this borked version of tripwire, so
those are the only two systems tested.
-----BEGIN PGP SIGNED MESSAGE-----
I got not less than 5 autoresponses from vacation type programs for a
single message I posted to this list, on the "Execute a SSH command"
thread. Is that the normal behaviour normal here?
I don't understand how people interested on security can be so careless
with autoresponders :-/ :-O
These are the culprits - I name them so that they can know what is
happening, if they really read the list:
betreff Mailer Dämon - Unknown User
Die Nachricht an t.foecking#kreis-borken.de konnte nicht zugestellt werden. Der Empfänger ist hier unbekannt.
(I know no german, so I have no idea what they are telling me)
Agradecemos sua mensagem e continuamos trabalhando para oferecer um
atendimento cada vez melhor.
(I'm not their client!)
Subject: Delivery Status Notification (Failure)+AFs-Scanned+AF0-
Message, "Re: [suse-security] Execute a SSH command[Scanned]"
Delivery to the following recipients failed.
(a postmaster on the list, as such "postmaster"?)
4) From: suporte#hpg.com.br
Subject: Re: Re: [suse-security] Execute a SSH command
Recebemos seu email e logo entraremos em contato via e-mail. Por favor,
(another one confusing me for a customer, I guess - I know no
5) From: Stefan Orth <SORTH#de.ibm.com>
Subject: Stefan Orth/Germany/IBM is out of the office.
I will be out of the office starting 26.06.2004 and will not return until04.07.2004.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Made with pgp4pine 1.76
-----END PGP SIGNATURE-----
I found a normal file in /dev: "h" on one of my servers:
# ls -al /dev/h
-rw-r--r-- 1 root root 446 Feb 19 14:17 /dev/h
It contains the following text between binary code:
Invalid partition table^@No operating system^@Error loading operating system
Is this from a rootkit or normal to SuSE 9.0?
Thank you for an answer.
I'll give some more informations. Basically we would like to have servers on
primary schools and remotely control/watch them from our main head computer.
Also at off hours video surveillance application runs on them (called
So I guess I'd need somekind of secure connection with all of them (is VPN
the solution?) to configure/maintain them and also to have some sort of
heartbeat mechanism to detect failure at once - especially when used in
security surveillance mode. All servers are basically local servers for
local networks and also connected to Internet through router.
Hope this helps a bit,
thanks in advance,
----- Original Message -----
From: "Lyle Giese" <lyle(a)lcrcomputer.net>
To: "Robert Rozman" <rozman(a)fri.uni-lj.si>
Sent: Sunday, June 27, 2004 4:56 PM
Subject: Re: [suse-security] Recomendations for
surveillance/configuration/heartbeat tool for remote servers
> Off the top of my head, I can think of several products and/or custom perl
> scripts. Nagios is one such package that would ping/poll services and
> report outages. MRTG is one performance reporting package. But I can't
> tell if your network topology/connectivity will support either of these.
> But to really get a flavor for your needs, I am thinking you need to post
> more information. Are these remote servers on one subnet behind one
> or is each on it's own Internet connection behind their own or a shared
> router? Do you have any control over the router or is this in a colo site
> and you have no control over the router controls?
> I am not an expert and you should repost to the list some more information
> if you want a realistic answer.
> ----- Original Message -----
> From: "Robert Rozman" <rozman(a)fri.uni-lj.si>
> To: <suse-security(a)suse.com>
> Sent: Sunday, June 27, 2004 9:01 AM
> Subject: [suse-security] Recomendations for
> surveillance/configuration/heartbeat tool for remote servers
> > Hi,
> > I have a network of servers and I'd like to get some recomendations for
> > selecting the right tools for this task:
> > - I have a series of simple servers connected on the Internet
> > - I'd like to remotely:
> > - control all those servers,
> > - watch their behaviour,
> > - implement somekind of heartbeat function (servers send
> > packets in regular time intervals - if not received -> alarm),
> > - statistics framework for performance analysis
> > - if possible to have secure connections (possibly in software)
> > for other communication ports that other applications use ...
> > I found some tools like Argus, but as newbie I'm not sure if they
> > needs...
> > Any recomendation, idea, pointer to more info would be great,
> > thanks in advance,
> > Robert.
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help(a)suse.com
> > Security-related bug reports go to security(a)suse.de, not here
thanks to Anders Johansson we figured out that
/dev/900 is my /dev/md0.
old-Kernel: 2.6.4-52-default (SuSe 9.1)
/dev/hda1 = boot
/dev/hda3 + /dev/hdb3 = /dev/md0 = / #(root)
After upgrading the Kernel with YOU to 2.6.5-7.--somthing
the box no longer boots.
the boot stops with the message: Waiting for device /dev/900.... not found !
I already did:
mount /dev/md0 /mnt
mount /dev/hd1a /mnt/boot
I restored /boot/ with the files from version 2.6.4
did the same procedure again
and was able to boot int the system.
sure it complains with missing modules....
i restored boot to the version of 2.6.5
same fault again.