openSUSE Security June 2004

security@lists.opensuse.org

112 participants
87 discussions

Per user config for SpamAssassin with amavisd-new and cyrus-imapd
by David Huecking 26 Sep '04

26 Sep '04

Hi folks, maybe someone could give me a hint... I switched from: fetchmail->sendmail->sendmail.milter->Amavis->.forward->procmail->spamc(SpamAssasin)->INBOX which did global virus checking and per user spam checking with Bayes testing to fetchmail->postfix->amavisd-new->perl-spamassassin->cyrus-imapd which does global virus and global spam checking BUT NO PER USER spam checking, so without Bayes testing! :-( So the rate of unreconised spam did increase. I fiddled around with options in the /etc/mail/spamassassin/local.cf, but they were ignored because amavisd-new calls spamassin via perl interface and takes some SA parameters from the /etc/amavisd.conf (beginning with $sa_). I tried calling a SUIDed cyrus deliver (without SUID deliver hasn't got the right: deliver[3876]: connect(/var/lib/imap/socket/lmtp) failed: Permission denied) to user cyrus via .forward and a .procmailrc. The log said that lmtpd was called, but depending on the syntax of deliver in the .procmailrc the mail was delivered to the INBOX-file in /var/spool/mail or just vanished! One example for my .promailrc: :0 fw |/usr/bin/spamc -f |/usr/lib/cyrus/bin/deliver -e -a david -m user.david and the .forward: "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user" Could someone give me a hint using sieve or procmail for a per user SpamAssassin check? Thanks in advance. -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216

2 2

Per domain/host options for sshd?
by Frank Steiner 29 Jul '04

29 Jul '04

Hi, is there any way to specify certain options for sshd only for some domains or hosts just like you can do it for the openssh client (Host section)? E.g., I would like to restrict the usage of authorized_keys files to certain "trusted" domains and disallow it from other domains. Does anyone know a way to do this? Thanks! cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: -4054

4 6

Execute a SSH command
by Joao Reis 13 Jul '04

13 Jul '04

Hi to all, I need to execute a command in a remote machine throw ssh, but that command only can be executed by one user, for example xpto. This and all other users (except root) cannot execute commands in the remote machine with ssh except this particular user for this particular command. Resuming, only the user xpto can execute only this command with ssh. All others cannot execute any command. Any help ? Any reference ? Thanks to all in advance Joao Reis

8 11

what has become of the latest kernel hang/freeze bug?
by Andreas Bittner 04 Jul '04

04 Jul '04

hi there, the latest suse security announcement for the dhcp packages doesnt list any pending problems with the kernel packages. i was wondering if i have missed anything about ths discussion regarding the freezes and hangs many people experienced when this kernel updates was released for the floating point exception problem. how did people work around the freeze when booting this new kernel, or does suse have any plans on fixing/rereleasing another kernel that fixes this bug? thanks already for any hints. cheers andy

15 25

Waiting for device /dev/900 to appear
by Werner Penz 03 Jul '04

03 Jul '04

OK, id did a complete new installation (same box) with the same disk-configuration: /dev/hda2 + /dev/hdb2 als raid1: /dev/md0 = / #root (ext3) /dev/hda1 = /boot from original CD SuSe 91prof. minimal System installed. all works fine until i upgrade the kernel 2.6.4 to 2.6.5 from the ftp.suse.com with YOU. The boot aborts with: raidautorun ... waiting for device /dev/900 to appear ...(short delay ) .... not found.... RAIDs never saved me from a "dilemma", for me, the always created one !

2 1

Latest Tripwire Update Borked
by suse＠rio.vg 02 Jul '04

02 Jul '04

Just like the first release of tripwire for SuSE 9.0, the recent security update, 2.3.1-184 segfaults. [ root@shadow ] ~# rpm -q tripwire tripwire-2.3.1-184 [ root@shadow ] ~# tripwire --check Parsing policy file: /etc/tripwire/tw.pol *** Processing Unix File System *** Performing integrity check... Software interrupt forced exit: Segmentation Fault Abort I get the same results on two separate machines, one 2x/P2-333 and one P4-1.7. Both systems had been using the previous version of tripwire without any problems, and both are running 9.0. (I haven't purchased 9.1 due to issues I have with th 2.6 kernel that are outside SuSE's control) I am not going to update any of my production servers with this borked version of tripwire, so those are the only two systems tested.

1 1

Vacation and out of office autoresponders
by Carlos E. R. 02 Jul '04

02 Jul '04

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I got not less than 5 autoresponses from vacation type programs for a single message I posted to this list, on the "Execute a SSH command" thread. Is that the normal behaviour normal here? I don't understand how people interested on security can be so careless with autoresponders :-/ :-O These are the culprits - I name them so that they can know what is happening, if they really read the list: 1) t.foecking#kreis-borken.de robin1.listas#tiscali.es betreff Mailer Dämon - Unknown User Die Nachricht an t.foecking#kreis-borken.de konnte nicht zugestellt werden. Der Empfänger ist hier unbekannt. (I know no german, so I have no idea what they are telling me) 2) ig-relacionamento#ig.com.br Caro(a) cliente, Agradecemos sua mensagem e continuamos trabalhando para oferecer um atendimento cada vez melhor. (I'm not their client!) 3) postmaster#mavari.be Subject: Delivery Status Notification (Failure)+AFs-Scanned+AF0- Message, "Re: [suse-security] Execute a SSH command[Scanned]" Delivery to the following recipients failed. postmaster#mavari.be (a postmaster on the list, as such "postmaster"?) 4) From: suporte#hpg.com.br Subject: Re: Re: [suse-security] Execute a SSH command Olá, Recebemos seu email e logo entraremos em contato via e-mail. Por favor, aguarde. (another one confusing me for a customer, I guess - I know no portuguese) 5) From: Stefan Orth <SORTH#de.ibm.com> Subject: Stefan Orth/Germany/IBM is out of the office. I will be out of the office starting 26.06.2004 and will not return until04.07.2004. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFA40gQtTMYHG2NR9URAu1QAJ9raU5SykhtKTS6V1Lwoz6gix39SwCdEP3w 3P35IB0BF1MM81GXAXiAw0U= =xtjc -----END PGP SIGNATURE-----

4 5

Found file in /dev: "h"
by Manfred Rebentisch 01 Jul '04

01 Jul '04

Hello, I found a normal file in /dev: "h" on one of my servers: # ls -al /dev/h -rw-r--r-- 1 root root 446 Feb 19 14:17 /dev/h It contains the following text between binary code: Invalid partition table^@No operating system^@Error loading operating system Is this from a rootkit or normal to SuSE 9.0? Thank you for an answer. Manfred

7 12

Re: [suse-security] Recomendations for surveillance/configuration/heartbeat tool for remote servers
by Robert Rozman 30 Jun '04

30 Jun '04

Hi, I'll give some more informations. Basically we would like to have servers on primary schools and remotely control/watch them from our main head computer. Also at off hours video surveillance application runs on them (called "motion"). So I guess I'd need somekind of secure connection with all of them (is VPN the solution?) to configure/maintain them and also to have some sort of heartbeat mechanism to detect failure at once - especially when used in security surveillance mode. All servers are basically local servers for local networks and also connected to Internet through router. Hope this helps a bit, thanks in advance, Robert. ----- Original Message ----- From: "Lyle Giese" <lyle(a)lcrcomputer.net> To: "Robert Rozman" <rozman(a)fri.uni-lj.si> Sent: Sunday, June 27, 2004 4:56 PM Subject: Re: [suse-security] Recomendations for surveillance/configuration/heartbeat tool for remote servers > Off the top of my head, I can think of several products and/or custom perl > scripts. Nagios is one such package that would ping/poll services and > report outages. MRTG is one performance reporting package. But I can't > tell if your network topology/connectivity will support either of these. > > But to really get a flavor for your needs, I am thinking you need to post > more information. Are these remote servers on one subnet behind one router > or is each on it's own Internet connection behind their own or a shared > router? Do you have any control over the router or is this in a colo site > and you have no control over the router controls? > > I am not an expert and you should repost to the list some more information > if you want a realistic answer. > > Lyle > > ----- Original Message ----- > From: "Robert Rozman" <rozman(a)fri.uni-lj.si> > To: <suse-security(a)suse.com> > Sent: Sunday, June 27, 2004 9:01 AM > Subject: [suse-security] Recomendations for > surveillance/configuration/heartbeat tool for remote servers > > > > Hi, > > > > I have a network of servers and I'd like to get some recomendations for > > selecting the right tools for this task: > > - I have a series of simple servers connected on the Internet > > - I'd like to remotely: > > - control all those servers, > > - watch their behaviour, > > - implement somekind of heartbeat function (servers send heartbeat > > packets in regular time intervals - if not received -> alarm), > > - statistics framework for performance analysis > > - if possible to have secure connections (possibly in software) > also > > for other communication ports that other applications use ... > > > > I found some tools like Argus, but as newbie I'm not sure if they satisfy > my > > needs... > > > > Any recomendation, idea, pointer to more info would be great, > > > > thanks in advance, > > > > Robert. > > > > > > > > -- > > Check the headers for your unsubscription address > > For additional commands, e-mail: suse-security-help(a)suse.com > > Security-related bug reports go to security(a)suse.de, not here > > > > >

2 2

Waiting for device /dev/900
by Werner Penz 30 Jun '04

30 Jun '04

Hi again, thanks to Anders Johansson we figured out that /dev/900 is my /dev/md0. old-Kernel: 2.6.4-52-default (SuSe 9.1) /dev/hda1 = boot /dev/hda3 + /dev/hdb3 = /dev/md0 = / #(root) After upgrading the Kernel with YOU to 2.6.5-7.--somthing the box no longer boots. the boot stops with the message: Waiting for device /dev/900.... not found ! I already did: Rescue-System: mount /dev/md0 /mnt mount /dev/hd1a /mnt/boot chroot /mnt mkinitrd lilo Same result. I restored /boot/ with the files from version 2.6.4 did the same procedure again and was able to boot int the system. sure it complains with missing modules.... i restored boot to the version of 2.6.5 mkinitrd lilo same fault again. I stuck

1 1

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security June 2004