search for: ranum

...| possible worlds. A pessimist is sure of it! ----- Forwarded message from beldridg at best.com ----- Delivered-To: firewall-wizards at fraggle.nfr.net Delivered-To: firewall-wizards at nfr.net Date: Thu, 15 Feb 2001 15:09:32 -0800 (PST) From: <beldridg at best.com> To: "Marcus J. Ranum" <mjr at nfr.com> Cc: Darren Reed <darrenr at reed.wattle.id.au>, Crist Clark <crist.clark at globalstar.com>, <capegeo at opengroup.org>, <firewall-wizards at nfr.net>, <miedaner at twcny.rr.com> Subject: Re: [fw-wiz] SecureID vs Certificate...

Good night. I am behind a way so that in my backup share it is possible to only write files in the format of the application that I use to execute the backup routines, for this I searched the internet for a solution that works like Allow Files, however it is Complicated to find. Talking on forums a user informed me that he could use the parameter to follow in smb.conf, however in my tests it did

...s from your main logstream, but put them into either a script directly, or a separate file and have a script run against it. Have the script report the number of these messgaes that you get in a time period (minute, hour, whatever you want) and log that count back into your log stream as Marcus Ranum said in his Artificial Ignorance writeup, the number of times that an uninteresting thing happens can be interesting. If you see a big spike (or drop) is these attempts, it can indicate cause for concern. David Lang On Sat, 18 Mar 2023, Carsten Andrich wrote: > Date: Sat, 18 Mar 2023 13...

...t put them into either a > script directly, or a separate file and have a script run against it. > Have the script report the number of these messgaes that you get in a > time period (minute, hour, whatever you want) and log that count back > into your log stream > > as Marcus Ranum said in his Artificial Ignorance writeup, the number > of times that an uninteresting thing happens can be interesting. > > If you see a big spike (or drop) is these attempts, it can indicate > cause for concern. I run Debian with systemd-journald instead of rsyslog. AFAIK journald...

...t. Any information you could provide on updating a quota in a third party system would be much appreciated. Thanks for you help. Andrew andrew at myinternet.com.au -- "If we don't have time to do it correctly now, will we have time to do it over once it's broken?" http://www.ranum.com/security/computer_security/editorials/dumb/

...great talks and tutorials. An excellent way to get up-to-date with the state of affairs in the UNIX world." David C. Todd, BBN Technologies, 1998 Attendee TRAINING AT A SERIOUS LEVEL Choose from 24 tutorials over three days. Eric Allman, Tom Christiansen, Peter Galvin, Evi Nemeth, and Marcus Ranum are among the superb instructors. OPEN SOURCE SOFTWARE TECHNICAL FORUM The FREENIX track examines open source software's latest developments and most interesting applications. Peer-refereed papers, expert talks, and evening sessions will be led by the likes of Linus Torvalds, Richard Stallman,...

Dear OpenSSH developers, a publicly accessible sshd on port 22 generates a lot of log clutter from unauthenticated connections. For an exemplary host on a university network, sshd accumulates 5~20k log lines on a single day (more than 90% of the total amount of syslog lines). That is despite the host having a restricted configuration (no SSH password authentication, firewall rate limit for

...ing to investigate and clean. For example, I know someone with a rootkit that he can install to flash on an add-in card for a device that has DMA access to main memory. For this reason, I usually recommend on prevention as a first priority, and detection as a second priority. For example, Markus Ranum said he once recompiled ls to reboot if it is run by root. Another trick involves recompiling /bin/sh to check to see if it has a tty (shells spawned by network daemons will generally not). Perhaps there is some way to locate any part of the kernel that performs access control and optionally klog...