theoretically it is possible that modified packages for Linux
distributions are made available in order to create backdoors (e.g.
through a hacked server or mirror, wrong IP routing / DNS resolving, or
simply someone making available manipulated packages at a site under his
I wonder how SuSE and other distros protect themselves against this threat.
A MD5 only offers protection if before updating/installation it is
checked against a list of packages and MD5's.
However, when updating this list, it has to be made sure that the update
comes from a trusted source and that it has not been tampered with.
I have been told that for some Debian packages there is not even a MD5.
At Gentoo I'm unsure if the list update is secure.
Who knows about SuSE (YOU + Yast)?
Thankyou Mehmet four your reply.
Can you be more specific please.
1: what did they actually try to do
2: code is 200 - they may have got something
3: 5480 bytes returned - what were they?
4: or is this another 'bug' - false info message?
Kind Regards - Keith
>somebody try to hack your apache
> Hi All.
> Just found these entries in my apache access_log today.
> Can anyone tell what they are please.
> 126.96.36.199 - - [20/Jul/2004:12:45:47 +0000] "\xa8oL:" 200 5480
> 188.8.131.52 - - [20/Jul/2004:12:46:26 +0000] "\xd0IO:" 200 5480
> 184.108.40.206 - - [20/Jul/2004:12:56:29 +0000] "\xc0\xcdLs" 200 5480
> 220.127.116.11 - - [20/Jul/2004:12:57:53 +0000] "8\xb5Rs" 200 5480
> My static IP address is: 81.168.xxx.xxx
> Kind Regards - Keith Roberts
Just found these entries in my apache access_log today.
Can anyone tell what they are please.
18.104.22.168 - - [20/Jul/2004:12:45:47 +0000] "\xa8oL:" 200 5480
22.214.171.124 - - [20/Jul/2004:12:46:26 +0000] "\xd0IO:" 200 5480
126.96.36.199 - - [20/Jul/2004:12:56:29 +0000] "\xc0\xcdLs" 200 5480
188.8.131.52 - - [20/Jul/2004:12:57:53 +0000] "8\xb5Rs" 200 5480
My static IP address is: 81.168.xxx.xxx
Kind Regards - Keith Roberts
Does SuSE have anything similar to the FreeBSD's periodic daily cron job
that does systems checks such as some basic security that is mailed to
the root alias? I just attended a training on FreeBSD and wondered if
this was something SuSE is doing as well.
/ 2004-07-20 08:11:22 +0200
\ Markus Gaugusch:
> On Jul 20, neodaxus(a)gmx.net <neodaxus(a)gmx.net> wrote:
> >theoretically it is possible that modified packages for Linux
> >distributions are made available in order to create backdoors (e.g.
> >through a hacked server or mirror, wrong IP routing / DNS resolving, or
> >simply someone making available manipulated packages at a site under his
> >I wonder how SuSE and other distros protect themselves against this threat.
> >Who knows about SuSE (YOU + Yast)?
> All SuSE packages are cryptographically signed with the SuSE build key
> (build(a)suse.de). It is automatically installed from the CDs.
> In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to
> install packages that are signed with fully trusted keys, apart from the
> SuSE key.
sure. but part of the question is,
how does SuSE ensure that what they distribute ist not trojaned
because the sources of some upstream package already are trojaned?
well, I think to some degree you have to trust _someone_ .
I like to trust the SuSE people that they know their business,
and do some audits. but knowing about the details how they ensure
integrity of upstream package sources would be nice anyways ...
There were lots of bug fixes in 4.3.5, particularly relating to
multibyte handling, and it looks as if 4.3.8 will be the final
and most stable release of 4.x It would hve been nice to
have had an update to 4.3.5 if not 4.3.8
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1
UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede
kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren
Weitergabe an Dritte ist ausdrücklich untersagt!
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
I've been looking into console based log monitors. I've used xlogmaster among others and they work really well, however, I would prefer a text based monitor that looks into multiple log files (eg messages/snort/http etc) and displays either the entire results or color coded like the shell does for file types of a particular string in the log that you specify. I played around with tenshi, which is written more for gentoo and solaris. Its nice, and has the ability to email you the results. While I could use that, I'd prefer on screen in the console to email because email isn't as secure as we'd like to believe. So what I'm asking is suggestions for these types of monitors. If some of you use tenshi on the SuSE platform, it'd be nice if you posted your init script as only gentoo and solaris ones come with the program.
Secondly, not to do with security but annoying much the same, I have a microsoft explorer mouse hooked up to a 4 port belkin KVM. Every time i switch out of the suse box and back the mouse goes berserk. On 9.0 you could just logout, and log back in and its fixed, however, on 9.1 you have to completely reboot in order to fix the problem. In the log file it reports all day that:
kernel: psmouse.c: Explorer Mouse at isa0060/serio1/input0 lost synchronization, throwing 2 bytes away.
This logs when xdm isn't even started. I figured it was the KVM/cables but why does it work perfectly on reboot, but when virtual connection is severed does it puke?
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
Move your dhcp to your Linux machine, and hand out IP by mac address. Turn
off dhcp on the Linksys.
The DHCP how to and sample conf file get you 90% of the way there.
From: Philip B Cook [mailto:firstname.lastname@example.org]
Sent: Tuesday, July 06, 2004 12:27 AM
Subject: [suse-security] Update BIND9 with new clients
How do I configure BIND9 to update its zone files based upon new clients
assigned an IP address by my Linksys Router.
My router has IP 192.168.1.1
My LINUX machine (fileserver & proxy) is runniing BIND9 is on a fixed
I want BIND9 to act as caching DNS for internet addresses (already done) AND
to provide local (ie 192.168.0.xxx) DNS lookup for my machines.
The LINUX machine also runs SQUID and SAMBA to provide services to the rest
of my Windows network of machines.
Many thanks in advance.