Displaying 20 results from an estimated 2000 matches similar to: "Re: Re: Re: Bind Overrun Bug and Linux (fwd)"
1998 May 19
7
Bind Overrun Bug and Linux
[mod: Just to show you that people DO get bitten after a bugwarning has
gone out on linux-security..... -- REW]
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
Has anyone been hit with the Bind Inverse Query Buffer Overrun on
their Linux servers? We have had 3 servers attacked using this
expoit and all of the machines had several binaries replaced with
trojan
2006 Feb 18
0
Does your rkhunter do an md5 check?
I rebuilt rkhunter-1.2.8-1.noarch.rpm by using the spec and tgz from
the rkhunter site (www.rootkit.nl). (I rebuilt it using his
instructions.) However rkhunter does not do an md5 check. The box
used to have fedora and each time there were updates it would
complain that the some of the md5's don't match. I contacted the
author using his contact feature on Wednesday but he hasn't
2003 Dec 07
5
possible compromise or just misreading logs
I am not sure if I had a compromise but I am not sure I wanted some other
input.
I noticed in this in my daily security run output:
pc1 setuid diffs:
19c19
< 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003
/usr/X11R6/bin/xscreensaver
---
> 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003
/usr/X11R6/bin/xscreensaver
It was the only file listed and I didn't
1996 Nov 18
1
Chattr +i and securelevel
has anyone played with the securelevel variable in the kernel and the
immutable flags in the ext2 file system?
The only way I have found to change the flag is by
patching sched.c from
int securelevel=0
to int securelevel=1
The sysctrl code seems to allow the setting of the flag
only by init (PID=1) and only upwards (0->1, etc).
The problem is that I haven''t found a way to get
init
2004 Feb 11
5
Question about securelevel
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is possible
by means of "mount -uw /");
- the only way to make
2011 Aug 03
1
[PATCH v2] kinit: Add drop_capabilities support.
This patch adds the ability to kinit to allow the dropping of POSIX
capabilities.
kinit is modified by this change, such that it understands the new
kernel command line "drop_capabilities=" that specifies a comma
separated list of capability names that should be dropped before
switching over to the next init in the boot strap (typically on the root
disk).
When processing capabilities
2004 May 28
2
X & securelevel=3
running (4-Stable)
Hi,
short form question:
how does one run XDM under securelevel>0 ?
long version:
i've searched for an answer on how to run Xfree/Xorg at a securelevel
the X server likes access to /dev/io and some other resources but is not
granted access after security is switched on.
one way of doing it seems to be to start it before setting the securelevel, but
then is doesnt
2006 Mar 01
3
Remote Installworld
I'm currently administering a machine about 1500mi from me with nobody
local to the machine to assist me. Anyways, my only access to this
machine is via SSH, no remote serial console or anything.
When I try to do a "make installworld" I end up with
install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not
permitted
very shortly thereafter. I cannot boot
1998 Jun 14
14
SSH w/ttysnoop
I was wondering if anyone here has or knows how to implement ttysnoop
w/ssh ?
2010 Sep 06
2
MSIX failure
Hi all, I moved from 8.0-RELEASE to last week's -STABLE:
$ uname -v
FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC
and all seems well except my network card is unusable. On boot up:
em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0
em0: Setup
1998 Mar 12
2
FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-98:02 Security Advisory
FreeBSD, Inc.
Topic: security compromise via mmap
Category: core
Module: kernel
Announced: 1998-03-12
Affects:
2004 Sep 29
5
Kernel-loadable Root Kits
Thanks for the module, I think its a good idea to commit it to FreeBSD
for a few reasons:
1) Some folks just prefer more static kernels.
2) Securelevel is a great thing, but can be a pain to do upgrades around
remotely. [A lot of folks use FreeBSD simply because its a breeze to run
remotely].
3) Until someone writes code to add modules to a kernel via /dev/mem and
releases it to the script
2011 Jul 19
4
[PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by
1997 Sep 23
1
C''t Article on Juggernaut
There is a recent article in the German magazine C''t that may be of
interest to those on this list. It describes a cracker program,
Juggernaut, which can hijack telnet sessions. The program is written
specifically to run under Linux. An english translation of the article
is available at:
http://www.ix.de/ct/english/9710142/
It also mentions that they are working on a version of the
2003 May 24
1
ipfirewall(4)) cannot be changed
root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root@vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root@vigilante /root cuaa1# ipfw show
00100 0 0 allow
2004 Jun 12
2
Hacked or not appendice
Hi all again,
I must add, there are no log entries after June 9, 2004. "LKM" message first
apeared June 8, 2004, after this day, there is nothing in /var/messages,
/var/security .....
How could I look for suspicious LKM module ? How could I find it, if the
machine is hacked and I can not believe "ls", "find" etc. commands ?
Peter Rosa
2006 May 04
2
Uselib24/bindz - owned!
So pretty sure one of my boxes has been owned. Just wanted some advise
on what to do next. Obviously, i'll need to nuke the fecker and start
over but it would be really nice to find out how they got in as its a
CentOS 4.3 which is bang up to date.
So i found:
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
7052 apache 25 0 27320 5348 8 R 99.0 0.5
1998 Jun 16
2
masquerading
Following Situation:
Having an intranet-application that needs to know the ip-Address of the
clients before running.
Clients anywere in the Internet with any ip-address.
So I thought about using masquerading the opposite way than normal.
But then anybody could use this application.
Dos anybody know how to make it a little bit more secure, like proofing
the mac-address of the client, or something
2003 May 09
2
Problem installing kernel in single usermode
Hi,
I'm running 4.8-STABLE but I'm having some problems installing a new
kernel.
(in /usr/src make installkernel).
mv /kernel /kernel.old operation not permitted
My securelevel is currently set to -1 (kern_securelevel=-1) and
kern_securelevel_enable="NO"
I have already executed chflags noschg /kernel and /kernel.old (while in
single user mode).
What am I missing?
Thanks.
2009 Mar 25
2
[brussels-dev] displaying promiscuous state for a data link
On 03/25/09 12:30, James Carlson wrote:
> Girish Moodalbail writes:
>
>> bash-3.2# dladm show-link
>> LINK CLASS MTU STATE PROMISC OVER
>> e1000g0 phys 1501 up off --
>> e1000g1 phys 1502 up on --
>>
>
> That (plus or minus some column alignment) seems