search for: inorganic5

...by mail2.redhat.com with SMTP; 10 May 1998 17:28:56 -0000 Received: from localhost (jlewis@localhost) by tarkin.fdt.net (8.8.5/8.8.5) with SMTP id NAA10982 for <linux-security@redhat.com>; Sun, 10 May 1998 13:28:33 -0400 Date: Sun, 10 May 1998 13:28:32 -0400 (EDT) From: Jon Lewis <jlewis@inorganic5.fdt.net> Approved: alex@yuriev.com X-Sender: jlewis@tarkin.fdt.net To: linux-security@redhat.com Subject: Re: [linux-security] Re: Lightning fast attacks? In-Reply-To: <19980509150412.4582741B09@spike.porcupine.org> Message-ID: <Pine.LNX.3.95.980510132042.436n-100000@tarkin.fdt.net>...

While logging in via ssh (versions 1.2.17 and 1.2.12) under Linux 2.0, I found that limits weren''t being set (as shown by the output of "limit" (tcsh) or "ulimit -a" (bash). Since /etc/profile, /etc/csh.cshrc, and /etc/limits were ignored, I made /etc/sshrc and put "ulimit" statements in it. However, I was unable to limit the number of processes this way,

...d, at least not that I have seen. I think it is a wonderful intro into system security, but it should be made clear that it is not intended as a "fix-all". Just my two cents. -- Jason Welman -----Original Message----- From: David Gale <dgale@datapex.com> To: Jon Lewis <jlewis@inorganic5.fdt.net> Cc: twiztah <twiztah@ANARCHY.MAXHO.COM>; Kent Crispin <kent@songbird.com>; linux-security@redhat.com <linux-security@redhat.com> Date: Wednesday, July 15, 1998 2:15 AM Subject: [linux-security] Re: RedHat 5.X Security Book >On Sun, 12 Jul 1998, Jon Lewis wrote: &g...

On Tue, 14 Jul 1998, cfb wrote: > The main problem seems to be with the way that debian starts bind using > the script /etc/init.d/bind. I thought it would be really neat to just > change the #!/bin/sh at the top of the script to something like : > #!/usr/sbin/chroot /chroot-dns/ /bin/sh > or > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

---------- Forwarded message ---------- Date: Tue, 30 Jun 1998 15:10:47 +0800 From: David Luyer <luyer@UCS.UWA.EDU.AU> To: BUGTRAQ@NETSPACE.ORG Subject: Serious Linux 2.0.34 security problem I just saw this mentioned on linux-kernel and confirmed it; #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int

I''ve been poking around my system, and realized that having a tftp server would be handy. (I''m working with cisco routers, which have the capability to up and download configuration images via tftp.) However, I''m not content with the usual tftpd that comes with Linux. The whole "specify each directory you want" scheme is cock-eyed to me. I''d prefer

RH4.2 Linux Intel Last night I got three of these log messages: Two in a row, one a bit later. May 8 00:35:15 osg-gw imapd[4307]: warning: can''t get client address: Connectio n reset by peer May 8 00:35:15 osg-gw imapd[4307]: refused connect from unknown Now, I have imapd blocked to non-local users using tcpd wrappers, so tcpd is trying to find the address of the remote machine (all

-----BEGIN PGP SIGNED MESSAGE----- Hi everyone - Someone I''m working with has a requirement to map ethernet card addresses to unique IP addresses, and then have a Linux IP masquerade server know of this mapping list and not allow any data to pass from any ethernet card that a) it doesn''t know about, or b) isn''t assigned the right IP. Ideally it would also log this

Greetings all, I''m forwarding a copy of an email I sent reporting attempted break-ins on my main server, earth.terran.org. I am forwarding this because I think it is relevant that folks watch for this kind of activity in their logs to catch people who "try doorknobs" in the middle of the night. After sending this email, I sent a talk request to the user, who was still logged

...from tarkin.fdt.net (@209.212.128.45) by mail2.redhat.com with SMTP; 6 Jul 1998 03:44:25 -0000 Received: from localhost (jlewis@localhost) by tarkin.fdt.net (8.8.5/8.8.5) with SMTP id XAA13121; Sun, 5 Jul 1998 23:40:15 -0400 Date: Sun, 5 Jul 1998 23:40:15 -0400 (EDT) From: Jon Lewis <jlewis@inorganic5.fdt.net> X-Sender: jlewis@tarkin.fdt.net Reply-To: Jon Lewis <jlewis@inorganic5.fdt.net> To: Linux mailing list user <linux@windows95.sucks.eu.org> cc: Annex <annex@thing.annexgrp.org>, linux-security@redhat.com Subject: [linux-security] Re: Serious Linux 2.0.34 security proble...

Someone I was speaking with this evening claimed they have installed the latest named rpms yet they are still getting exploited daily and being hacked. Do the latest rpm''s for the named 4.9.x stuff fix all the root exploits or is this person just an idiot who probably has holes elsewhere in the system?

[mod: This discussion has been going on "offline" with an occasional CC to linux-security. By the time I got around to do another "moderation round" this one was the latest. Everyone is keeping good context, so I think you all will be able to follow the discussion. --REW] >>>>> <seifried@seifried.org> writes: >> The only thing I can see coming out