openSUSE Security July 2005

security@lists.opensuse.org

86 participants
58 discussions

Heimdal kerberos on suse 8.2
by Postmaster＠queenelizabeths.derbyshire.sch.uk 01 Aug '05

01 Aug '05

Firstly I apologise if this is the wrong list to ask this question, I have some linux knowledge but have run out of my depth on this, hopefully there is a simple answer that someone will share with me. We have just "upgraded" our main school domain controllers to windows 2003 sp1 (from NT4), I have then upgraded the suse 9.1 boxes to Samba 3.0.14a and Kerberos 0.6, this following the guidance in the samba how-to enables me to use the machines as member servers, allowing single sign on for mail etc. However, our intranet, which is based around apache 1.3 and Mod_auth runs on a suse 8.2 box, although samba 3.0.14a has been rpmed for this Kerberos 0.6 has not, 0.6 is the minimum version for joining a windows 2003 domain. The question is, what can I do now, even if I download the source and compile it, is it likely to work? Ideally I could do with a RPM but 0.4 is the latest available for suse 8.2 that I could find. Could anyone help me out. -- Rob Keeling Network Manager Queen Elizabeth's Grammar School Ashbourne

2 1

removing netcat
by Bill Wilson 31 Jul '05

31 Jul '05

Does anyone remove netcat from their environment? Our security team likes to have netcat removed from SLES 9, however, the yast2 rpm depends on netcat. I am interested to know what functionalities I may lose in administrating the systems. I understand I will not be able to use yast, but I think I can manually update the config files, and do most of everything in command line, right? Thank you. RBW ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

7 11

Re: [suse-security] Re: removing netcat
by m3047＠inwa.net 31 Jul '05

31 Jul '05

I suggest you compile Windows from source and quit bothering us.

1 0

dump issue
by wayne yu 30 Jul '05

30 Jul '05

hi everyone: I need help on the remote backup between hp10.20 and suse9.2. I using dump, this is what I did: /sbin/dump 0u -f jj3:/dev/rmt/1mn / and I got error messages says: DUMP:Poll: protocol failure in circuit setup DUMP:login to tdf03 as root fail. The jj3 is the hp-ux and accecpting the rlogin and ssh, the linux is only accept ssh. I was able to rlogin to jj3 through rlogin without password. Can someone give me some hint on above issue? thanks in advance. Wayne Yu __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 1

Re: [suse-security] removing netcat
by Bill Wilson 29 Jul '05

29 Jul '05

I have no intention to make the discussion as a "security" bashing (i.e our security team), but if anyone considered removing netcat as unreasonable, it was also decided to remove timezone, they also asked to remove util-linux :-), which obviously cannot be removed. It was at that point that I decided no point to reason with them. (This is true, I cannot believe anyone suggest this) Anyway, I was trying to find out whether anyone did remove netcat and so far, for those responded, no one seems to have removed netcat. Thank you for letting me know that I am not the minority. --- François Pinard <pinard(a)iro.umontreal.ca> wrote: > [Bill Wilson] > > > The reason they decided to remove netcat is that > they "found" out > > netcat is hacker's tool via a google search :-). > > Hackers also use `ls' and `cp', you know :-) > Rootkits often replace > `ls', among other tools. So, you might suggest `ls' > be removed as well! > What I really mean here is that some common sense is > needed. `netcat' is > a useful tool for you, just like a flurry of others. > > -- > François Pinard http://pinard.progiciels-bpi.ca > ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

2 1

apache2 patch
by John 28 Jul '05

28 Jul '05

hello all I updated apache2 through YOU. I noticed that nearly no file has been changed except httpd2-prefork I have chrooted apache2 so every time that a apache2-patch comes to surface i check the apache2*.rpm for recent chagnes (in bytes, timestamp) and then copy it to the chrooted area. I noticed that /usr/sbin/httpd2-prefork has new timestamp (22/jul) but the same size (in bytes) with the older one. Can anyone explain to me what does this mean? How the patch has fit in that binary and the size remains the same? Thanks in advance John

7 12

RE: [suse-security] apache2 patch
by Black, Alain 27 Jul '05

27 Jul '05

John, I don't know what's changed in this patch, as I haven't read the release notes for it, but you could run bdiff, sum or cksum to see if there are differences between the to binary files. -Alain. -----Original Message----- From: John [mailto:isofroni@cc.uoi.gr] Sent: Wednesday, July 27, 2005 11:44 AM To: suse-security(a)suse.com Subject: [suse-security] apache2 patch hello all I updated apache2 through YOU. I noticed that nearly no file has been changed except httpd2-prefork I have chrooted apache2 so every time that a apache2-patch comes to surface i check the apache2*.rpm for recent chagnes (in bytes, timestamp) and then copy it to the chrooted area. I noticed that /usr/sbin/httpd2-prefork has new timestamp (22/jul) but the same size (in bytes) with the older one. Can anyone explain to me what does this mean? How the patch has fit in that binary and the size remains the same? Thanks in advance John -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help(a)suse.com Security-related bug reports go to security(a)suse.de, not here

1 0

AW: [suse-security] HTTP/1.1 --> Squid --> HTTP/1.0
by Rasp, Robert 27 Jul '05

27 Jul '05

Hi again, If you take a close look, it might me a security Problem: SQUID protects my WIN-Clients and filters out unwanted content. ..and I'm sorry to say but this list often has questions (discussions) witch have nothing to do with security --> unsubscription Of course I searched the net before I asked this list and of course I found answers. But none of this answers was helpful. So please , if somebody knows where, give me a link where I can find some useful answers. thanks a lot Robert ________________________________ Von: Dieter Bloms [mailto:dieter@bloms.de] Gesendet: Mi 27.07.2005 13:05 An: suse-security(a)suse.com Betreff: Re: [suse-security] HTTP/1.1 --> Squid --> HTTP/1.0 Hi, On Wed, Jul 27, Rasp, Robert wrote: > i'm trying to configure squid for HTTP/1.1. > In the moment every Request from HTTP/1.1 is convertetd to HTTP/1.0 > Does anyboy know how to do this ? is this a security problem ? If not, this is the wrong mailing list Please have a look at the mailing list archive of squid. You will find your question several times (with answers). -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.

1 0

HTTP/1.1 --> Squid --> HTTP/1.0
by Rasp, Robert 27 Jul '05

27 Jul '05

Hello, i'm trying to configure squid for HTTP/1.1. In the moment every Request from HTTP/1.1 is convertetd to HTTP/1.0 Does anyboy know how to do this ? Thanks Robert

2 1

squid guard
by nick 27 Jul '05

27 Jul '05

Where is the best source of squid guard updates? Nick

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security July 2005