openSUSE Security November 2005

security@lists.opensuse.org

75 participants
44 discussions

by Dörfler Andreas

hi there, after many trys i hope the list can help me. becuase of security reasons i setup a reverse proxy for multible domains problem is, with the following config i only get the primary domain vhosts on reverse proxy: <VirtualHost *:80> ServerName dummy.domain.de ProxyPass / http://test.domain.lan/ ProxyPreserveHost On CacheDisable / ProxyPassReverse ^/(.*)$ http://test.domain.lan/$1 </VirtualHost> <VirtualHost *:80> ServerName dummy2.domain.de ProxyPass / http://test2.domain.lan/ ProxyPreserveHost On CacheDisable / ProxyPassReverse ^/(.*)$ http://test2.kempten.lan$1 </VirtualHost> /etc/hosts on both servers: 192.168.1.1 test.domain.lan test2.domain.lan vhosts on webserver: <VirtualHost test.domain.lan> User xxx Group xxx ServerAdmin xxx DocumentRoot /srv/www/test/ ServerName test.domain.lan ErrorLog xxx TransferLog xxx ScriptAlias xxx </VirtualHost> <VirtualHost test2.domain.lan> User xxx Group xxx ServerAdmin xxx DocumentRoot /srv/www/test/ ServerName test2.domain.lan ErrorLog xxx TransferLog xxx ScriptAlias xxx </VirtualHost> <VirtualHost www.domain.lan> User xxx Group xxx ServerAdmin xxx DocumentRoot /srv/www/test/ ServerName test.domain.lan ErrorLog xxx TransferLog xxx ScriptAlias xxx </VirtualHost> when i access the pages via test.domain.lan everything ok but when i try it via rev proxy dummy.domain.de i get www.domain.lan page (primary website) and not the from rev proxy requested test.domain.lan well, i can do it with squid too but i have no clue how to configure it for multible domains greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \

16 years, 8 months

Close all ssh sessions

by Miguel ALBUQUERQUE

Hi, How can one force closing an open ssh session ? I want to disconnect a user right after executing a script no waiting for a timeout. Is that possible ? Thanx Miguel Albuquerque Network Administrator CODaLIS SA Chemin de Trèfle-Blanc 18 1228 Plan-Les-Ouates / CH TEL : +41 22 827 30 80 FAX : +41 22 827 30 33 http://www.codalis.ch DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.

16 years, 8 months

Martian source... Need to have route to other networks via internal interface. What to do?

by Sergei Keler

Hi! I have SLES9 and two interfaces eth0 & eth1. eth0 has real ip address like 217.x.x.x eth1 has local ip address 192.168.0.1/24 Default gateway on this system belongs to real ip address network 217.x.x.x via eth0. eth0 is described as External inteface in suse firewall. eth1 is described as Internal one. No NAT etc. Kernel security is on. LAN has several nets like 192.168.x.0/24. Accessing net like 192.168.1.0/24 i got 'martian source' kernel message. I tried to make route to 192.168.1.0/24 via 192.168.0.254 but still have same error log. Where to dig? I dont want to create aliases for each network (it works but too ugly). Is possible the pretty solution for me? Next, what you recommend as linux implementation of Cosco's EIGRP? Ciscos use EiGRP to keep routes between them using 192.168.0.254/24 net. Sergei Keler General DataComm IT-manager tel.: +7(812)325-1085 fax: +7(812)325-1086

16 years, 8 months

SuSE Firewall/Router

by OIivier Grossmann

Hello, i've configured a suse 10.0 base machine with router functionality and a proxyserver (squid). I've activated package forwarding and have two network cards. The problem is i can specify the proxy server or i couldn't - it doesn't matter!! It is important that every client have to specify the proxyserver - only over the proxy! How can I do that? Greet Olivier

16 years, 8 months

Re: [suse-security] SuSEfirewall2 - scripts (SuSE 9.3)

by Robert Uhl

Hi, > There is are 3rd Script "SuSEfirewall2_final" > > The firewall starts in 3 stages > > 1]init > > Description: SuSEfirewall2_init does some basic setup and is the phase 1 > of 3 of the SuSEfirewall initialization > > 2]setup > > Description: SuSEfirewall2_setup does some basic setup and is the phase > 2 of 3 of the SuSEfirewall initialization. > > 3]up and running > > Description: SuSEfirewall2_final does finally set all the firewalling > rules. Phase 3 of 3 of SuSEfirewall setup. > > All 3 scripts call /sbin/SuSEfirewall2 with different parameters. Okay, I think SuSE 9.3 does not really have the 3rd phase anymore since the script SuSEfirewall2_init and SuSEfirewall2_setup tell: ### BEGIN INIT INFO # Provides: SuSEfirewall2_init # Required-Start: $local_fs boot.localnet # Required-Stop: # Should-Stop: $network # Default-Start: B # Default-Stop: # Short-Description: SuSEfirewall2 phase 1 # Description: SuSEfirewall2_init does some basic setup and is the # phase 1 of 2 of the SuSEfirewall initialization ### END INIT INFO and### BEGIN INIT INFO # Provides: SuSEfirewall2_setup # Required-Start: SuSEfirewall2_init $network $local_fs # Should-Start: $ALL # Required-Stop: $local_fs # X-UnitedLinux-Should-Stop: # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 # Short-Description: SuSEfirewall2 phase 2 # Description: SuSEfirewall2_setup does some basic setup and is the # phase 2 of 2 of the SuSEfirewall initialization. ### END INIT INFO # X-SuSE-Dep-Only I just wanted to add that. Here is a locate of the SuSE firewall scripts bash:/etc # locate SuSEfirewall2_ /etc/init.d/boot.d/K11SuSEfirewall2_init /etc/init.d/boot.d/S11SuSEfirewall2_init /etc/init.d/rc3.d/K01SuSEfirewall2_setup /etc/init.d/rc3.d/S21SuSEfirewall2_setup /etc/init.d/rc4.d/K01SuSEfirewall2_setup /etc/init.d/rc4.d/S21SuSEfirewall2_setup /etc/init.d/rc5.d/K01SuSEfirewall2_setup /etc/init.d/rc5.d/S21SuSEfirewall2_setup /etc/init.d/SuSEfirewall2_init /etc/init.d/SuSEfirewall2_setup /etc/preload.d/SuSEfirewall2_final /etc/preload.d/SuSEfirewall2_init /etc/preload.d/SuSEfirewall2_setup /lib/scpm/resource_types/service/status/SuSEfirewall2_final /lib/scpm/resource_types/service/status/SuSEfirewall2_init There is just one SuSEfirewall2_final entry displayed which even calls the SuSEfirewall2_setup script. I can't find any reason to have this file? Does somebody do? Regards, Robert.

16 years, 8 months

SuSEfirewall2

by Robert Uhl

Hi, I am currently dealing with the SuSEfirewall 9.3 and I hope that somebody knows more or figured out more about it then the pour documentation tries to do. I did work quiet a while on the iptables but this SuSE system really does not make a difference in terms of complexity. Sorry. Is there any better documentation about it then you can find in /usr/share/doc/packages/SuSEfirewall2 I found these two scripts e.g.: SuSEfirewall2_init SuSEfirewall2_setup Why does SuSE needs two scripts? Does SuSE plan to change main things on the firewall system in future? Since they did from version to version. Regards, Robert.

16 years, 8 months

Re: [suse-security] SuSE Firewall/Router

by Polarizer

There is an alternative way. One can use Web Proxy Auto Discovery (WPAD) to provide proxy informations to clients. You can reach that aim by dhcp or DNS-HTTP combination. [1] http://wi-fiplanet.webopedia.com/TERM/W/WPAD.html The polarizer http://www.codixx.de/polarizer.html

16 years, 8 months

Re: [suse-security] SuSEfirewall2

by Polarizer

> Is there any better documentation about it then you can find in /usr/share/doc/packages/SuSEfirewall2 Here[1] you'll find a Susefirewall2 documentation. Document is rather old, as Susefirewall2 itself is too. > I found these two scripts e.g.: > > SuSEfirewall2_init > SuSEfirewall2_setup > > Why does SuSE needs two scripts? > There is are 3rd Script "SuSEfirewall2_final" The firewall starts in 3 stages 1]init Description: SuSEfirewall2_init does some basic setup and is the phase 1 of 3 of the SuSEfirewall initialization 2]setup Description: SuSEfirewall2_setup does some basic setup and is the phase 2 of 3 of the SuSEfirewall initialization. 3]up and running Description: SuSEfirewall2_final does finally set all the firewalling rules. Phase 3 of 3 of SuSEfirewall setup. All 3 scripts call /sbin/SuSEfirewall2 with different parameters. [1] http://sourceforge.net/project/showfiles.php?group_id=42064 the polarizer http://www.codixx.de/polarizer.html

16 years, 8 months

Re: [suse-security-announce] SUSE Security Announcement: phpMyAdmin remote code execution (SUSE-SA:2005:066)

by Scott Leighton

On Friday 18 November 2005 5:35 am, Marcus Meissner wrote: > ___________________________________________________________________________ >___ > > SUSE Security Announcement > > Package: phpMyAdmin > Announcement ID: SUSE-SA:2005:066 > Date: Fri, 18 Nov 2005 11:00:00 +0000 Anyone else having a problem after this YOU update? I have three boxes, all of them started crapping out with the following error message when trying to access phpMyAdmin, Fatal error: main(): Failed opening required './' (include_path='.:/usr/share/php') in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70 That file, grab_gobals.lib.php is one that was changed by the YOU update. Commenting out the 'require' on line 70 makes the error go away, but I'm sure that's not really the right solution. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)

16 years, 8 months

Problems with latest SuSE apache2-mod_php5 from SuSE update

by suse＠weberhofer.at

I have encountered a problem with apache2-mod_php5-5.0.3-14.13.i586.rpm on SuSE 9.3. After installing the following mod_rewrite directive does not work anymore: RewriteRule ^(.*)(index|content)\.html myscript.php [PT] The script is no longer executed, but a empty response of (I think) type x-httpd-php is sent back. Rolling back to apache2-mod_php5-5.0.3-14.11.i586.rpm fixes that issuse. Best regards, Johannes Weberhofer -- |--------------------------------- | weberhofer GmbH | Johannes Weberhofer | information technologies, Austria | | phone : +43 (0)1 5454421 0 | email: office(a)weberhofer.at | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |----------------------------------------------------------->>

16 years, 8 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security November 2005