openSUSE Security September 2004

security@lists.opensuse.org

133 participants
117 discussions

by MB

Hi list, Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection. 1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts 2. Is there a simular way for VSFTP I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts? Matt SuSE 9.1 --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we.

17 years, 6 months

SUSE 9.0 Pro Production Quality?

by Eric Kahklen

I had a discussion with my local LUG and a member had some interesting threads to share. Basically it showed that SUSE 9.0 is not really a production level version. For production level use, it is recommended to go with the Enterprise version of SUSE. Has other people got this impression? My concern is that my company can't afford to purchase any more software at this time so would I be better off looking at something like Debian? I know this is kind of off topic, but basically I am curious if 9.0 Pro is secure and stable enough for my organization needs. Thanks, Eric -- ______________________________________________________________________

17 years, 7 months

Automated kernel updates

by Andreas Haupt

Hello, I plan to recheck SuSE's security updates before installing them on the machines. "Normal" packages are easy. I just imitate an update mirror with just links in it. If a link exists the corresponding patch will be installed. This way I can use SuSE's online_update. Kernel updates on the other hand should just be installed when the system is going down. Furthermore I want the last working kernel not to be deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on. Does anyone have such a system installed at his/her site? Otherwise there is some work to do for me... Can you give me some advises on the implementation? Thanks in advance Andreas -- | Andreas Haupt | E-Mail: andreas.haupt(a)hmi.de | Hahn-Meitner-Institut (DN) | WWW: | Glienicker Straße 100 | Phone: +49/30/8062-2597 | 14109 Berlin | Fax: +49/30/8062-2096

17 years, 9 months

[Genera] Rules for firewall?

by Rikard Johnels

Hi all! I dont know if this is the right list, but here goes. I am fairly new to firewalling and iptables. I have a setup as follows: firewall: red eth0 external interface (adsl, dhcp) yellow eth1 dmz interface green eth2 internal interface On dmz is a combined server running web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server I only want web/ftp to be available from red All other services is for green (and yellow) network I have several machines on green (So i guess i want NAT there) One Linux server with NFS Three linux ones running gnomemeeting amsn and licq Two windows ones running Netmeeting, MSN, ICQ All machines run bittorrent, limewire and dc++ I want ssh access to all boxes I want to be able to run all communicationservices from arbitrary box. All internal boxes shall use time/ dns/ outgoing mail om the dmz server The firewall is to be locked down for user login only via ssh. Anything to be done is sudo'ne (note to self, find out how to lock ssh to userlogin only) But i want access from red to firewall so i can "jump" to green and yellow if needed. I want as full access as possible from green to red I have read the SuSEFirewall2 docs in /usr/share/docs/packages/SuSEFirewall2 but i cant figure it out.. What so set, what to add/remove.. Any pointers on where to start learning? Any pointers on how to set it up? -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rikjoh(a)norweb.se Web : http://www.rikjoh.com Mob : +46 735 05 51 01 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >

17 years, 9 months

How to lock p2p comunication

by Paolo Santancini

Hi all, I have a SuSe 8.2 distribution with SuSeFirewall2 set up succesfully. I would like to know How can I lock the peer to peer comunications from a port to a port? I tried to modify the script of the firewall adding custom iptables rules, but nothing to do. Someone may help me? Thanks Paolo

17 years, 9 months

Martian source (How to ignore in logs)

by b＠rry.co.za

Hello All, How do I get SuSE 9.1 (SuSEfirewall2) to ignore martian source messages and not log them? I have a valid reason to have martian source on my two nics and the messages they are logging is wasting huge amounts of logfile and making it difficult to spot real traffic... Any help greatly appreciated

17 years, 9 months

Cyrus Mailserver POP3 /IMAP secure password authentication

by Andrei Bintintan

Hi to all, I'm using a Suse 9.1 OS, I have setup a Postfix + Cyrus mailserver. Everything runs well, I can connect with pop3 and imap, also with SSL(pop3s and imapds). Now, out clients are mailny windows based systems. I want to know how I have to setup cyrus to make the "log in using secure password authentication" available. I want only that the password is sent secure and not the whole pop3 connection. I succeded authentication with the smtp connection but not with the pop3 connection. When I try to connect from Outlook express I receive the following error: Unable to logon to the server using Secure Password Authentication. Account: 'Andy makla', Server: '192.168.0.17', Protocol: POP3, Server Response: '.', Port: 995, Secure(SSL): Yes, Error Number: 0x800CCC18 In the logs I find only this: Sep 30 03:51:36 makla master[8867]: about to exec /usr/lib/cyrus/bin/pop3d Sep 30 03:51:36 makla pop3[8867]: executed Sep 30 03:51:36 makla pop3[8867]: accepted connection Sep 30 03:51:36 makla master[8536]: process 8867 exited, status 0 Hope you can help. Best regards. Andy.

17 years, 9 months

re: time

by Ben

Thankyou all for your help. I think this is not really a security question so ill leave it alone and work it out myself. Thanks again for everything you gut's are awesome im off for the weekend, got a gentoo to tackle. Yours...Ben :) -- Using Opera's revolutionary e-mail client: http://www.opera.com/m2/

17 years, 9 months

re: new time

by Ben

Hey There ya go!. Is my time fixed now, It should be (i hope) Yours...Ben :) :D -- Using Opera's revolutionary e-mail client: http://www.opera.com/m2/

17 years, 9 months

dangerous ms files

by b＠rry.co.za

(forwarded from dansguardian list - From: proxy(a)barendse.to) This is from a message on another mailing list but i guess it is of interest for this list too: Microsoft have apparently expanded their list of "High-risk file types" with the release of Windows XP SP2. The new list of high-risk dangerous attachments they have added are: .ade .adp .app .asp .bas .bat .cer .chm .cmd .com .cpl .crt .csh .exe .fxp .hlp .hta .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .msc .msi .msp .mst .ops .pcd .pif .prf .prg .pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh

17 years, 9 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security September 2004