Hi list, I need information about secure partitions, I have HD 40G, I like a web server an mail server. I saw that web master partitions yours disk with var/, boot/, home/, I like to know what directorys create and how I can asing size for this? If someone can help me, I will Thank full Thanks, Ricardo _________________________________________________________________ Envíe y reciba su correo de Hotmail desde el móvil: http://mobile.msn.com
Although I'm not a suse expert all I did was make a partition called /cryptomaniac and have it format it as reiser FS instead of ext2. Added the password, and now when suse boots it asks for the password. I wouldn't make any of the "important" partitions crytped though. Maybe someone else has. I wouldn't know though. On Monday 29 April 2002 11:57 am, you wrote:
Hi list, I need information about secure partitions, I have HD 40G, I like a web server an mail server. I saw that web master partitions yours disk with var/, boot/, home/, I like to know what directorys create and how I can asing size for this? If someone can help me, I will Thank full
Thanks, Ricardo
_________________________________________________________________ Envíe y reciba su correo de Hotmail desde el móvil: http://mobile.msn.com
-- Leave the Constitution Alone. http://members.osb.net/phil
I need information about secure partitions, I have HD 40G, I like a web server an mail server. I saw that web master partitions yours disk with var/, boot/, home/, I like to know what directorys create and how I can asing size for this? If someone can help me, I will Thank full
Read some documentation on how setting up a secure webserver... http://www.suse.de/en/support/howto/secure_webserv/index.html Best regards, Thomas
* Ricardo Javier Aranibar León wrote on Mon, Apr 29, 2002 at 18:57 +0000:
I saw that web master partitions yours disk with var/, boot/, home/, I like to know what directorys create and how I can asing size for this?
I do not understand you well. If you ask about how large I would recommend partitions, then you're on the wrong list and second for any size combination you should find someone who tells exactly this combination is the correct only one :) On public servers you shouldn't have private and/or sensitive data if possible. So your concern shouldn't be security but safety, and you may wish to setup a disk mirror (RAID-1) and do regulary backups as always. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hi folks, there will be an update from Suse for mod_frontpage ? http://securitytracker.com/alerts/2002/Mar/1003767.html We have a lot webhosters as customers, and they need mod_frontpage. Thx Ernesto
On Tue, 30 Apr 2002, Ernesto Fries wrote:
Hi folks,
Hi. :)
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity. It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100. This bug is fixed in SuSE 8.0. Bye, Thomas -- Thomas Biege <thomas@suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.
* Thomas Biege wrote on Thu, May 02, 2002 at 15:57 +0200:
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity.
It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100.
But that means that exploiting a cgi-bin script in a typical configuration gives the intruder access to any regular user (who have typical UID >= 100). Then the intruder can change their path to contain /tmp/trojaned_ssh/ and put a ssh binary here to get access to the keys or whatever! For me it sounds like high severity. And for me it sounds like mod_frontpage wants still to be set up setuid=0 which is bad by itself... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Steffen Dettmer wrote:
* Thomas Biege wrote on Thu, May 02, 2002 at 15:57 +0200:
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity.
It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100.
But that means that exploiting a cgi-bin script in a typical configuration gives the intruder access to any regular user (who have typical UID >= 100). Then the intruder can change their path to contain /tmp/trojaned_ssh/ and put a ssh binary here to get access to the keys or whatever!
For me it sounds like high severity.
Steffen is absolutely right when pointing out the CGI-BIN scripts. For me it sounds like high severity too. Ciao, Michael.
hi, is it enough to copy mod_frontpage.so from suse 8.0 thx Ernesto ----- Original Message ----- From: "Thomas Biege" <thomas@suse.de> To: "Ernesto Fries" <efries@mesh-server.com> Cc: <suse-security@suse.com>; <security@suse.de> Sent: Thursday, May 02, 2002 3:57 PM Subject: Re: [suse-security] mod_frontpage
On Tue, 30 Apr 2002, Ernesto Fries wrote:
Hi folks,
Hi. :)
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity.
It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100. This bug is fixed in SuSE 8.0.
Bye, Thomas -- Thomas Biege <thomas@suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.
On Mon, 6 May 2002, Ernesto Fries wrote:
hi,
is it enough to copy mod_frontpage.so from suse 8.0
Hm, dunno. What about installing the RPM file from 8.0?
thx Ernesto
----- Original Message ----- From: "Thomas Biege" <thomas@suse.de> To: "Ernesto Fries" <efries@mesh-server.com> Cc: <suse-security@suse.com>; <security@suse.de> Sent: Thursday, May 02, 2002 3:57 PM Subject: Re: [suse-security] mod_frontpage
On Tue, 30 Apr 2002, Ernesto Fries wrote:
Hi folks,
Hi. :)
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity.
It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100. This bug is fixed in SuSE 8.0.
Bye, Thomas -- Thomas Biege <thomas@suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.
Bye, Thomas -- Thomas Biege <thomas@suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.
participants (7)
-
Ernesto Fries -
Michael Ströder -
phil -
Ricardo Javier Aranibar León -
Steffen Dettmer -
Thomas Biege -
Thomas Föcking