similar to: Re: libc bugs (was Re: Distributions...)

On Thu, 10 May 2018 15:31:23 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > > >From 'man vfs_full_audit' > > > > > > full_audit:facility = FACILITY > > > Log messages to the named syslog(3) facility. > > > > > > See 'man syslog' for the 'facilities' you can use.

On Fri, 11 May 2018 09:14:24 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > You would replace 'FACILITY' with one of the facilities shown in > > 'man syslog' e.g. full_audit:facility = LOG_AUTH > > OK, done. But samba (as stated in previous email) still reply:

Mandi! Rowland Penny via samba In chel di` si favelave... > >From 'man vfs_full_audit' > > full_audit:facility = FACILITY > Log messages to the named syslog(3) facility. > > See 'man syslog' for the 'facilities' you can use. [2018/05/08 17:34:42.388486, 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum): value

>Their is a buffer overrun in /bin/login which has the potential to >allow any user of your system to gain root access. util-linux-2.5-29 >contains a fix for this and is available for Red Hat Linux 4.0 on >all four platforms. We strongly recommend that all of Red Hat 4.0 >usres apply this fix. Does this bug affect the ''login'' that is distributed with shadow

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

Hi, I am almost ready to convert from UW-imap to dovecot 1.0 stable for my imap use. I hacked UW-imap to touch a file in the user's home directory so I can always tell the last time they used imap. My hack looks something like this: if(authenticated) { touchfile = (char *) malloc((strlen (home) + 15); sprintf(touchfile,"%s/.imapd.last",homedir); fd =

On 11 May 2018 at 10:58, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Fri, 11 May 2018 09:14:24 +0200 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > Mandi! Rowland Penny via samba > > In chel di` si favelave... > > > > > You would replace 'FACILITY' with one of the facilities shown in > > >

If it''s any help, here''s a sed script that is reasonably good at pulling out suspicious-looking items generated by various daemons. Fix appropriately... _H* ========== # this should match a buncha different stuff / [Pp]ermi/b ff / PERMI/b ff / [Rr]efuse/b ff / REFUSE/b ff / [Dd]en[yi]/b ff / DEN[YI]/b ff /[Rr]eject/b ff /REJECT/b ff /[Bb]ogus/b ff /[Pp]assw/b ff /PASSW/b ff

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

Phexro <ieure@linknet.kitsap.lib.wa.us> writes: > chroot()''d processes. So, important system calls could be modified thus: Since there are tons of syscalls and new ones appearing all the time, "Fixing" some of them doesn''t seem like a good idea. It seems more reasonbale to deny access to all of them, except for a few specific ones (that can moreover be

[Mod: I am approving this message even though it is just a rehash of known vulnerabilities of DNS. Please in future lets avoid rehashing what was alreadt discussed in probably every single mailing list that deals with UNIX security several years ago? -- alex ] ###### ## ## ###### ## ### ## ## ######

Matt <panzer@dhp.com> writes: > This came from the linux-server list. But reminded me of a something I > wanted to know about. Is there a standard for people to syslog possible > security violations? This would make it easier to find them in huge log > files with swatch or other monitoring tools. Security-related log entries don''t have their own

DearR Users, I have a problem which I think you might be able to help. I have a dataframe which I'm trying to "filter" following different groups I specified. It's a little hard to explain, so here is an example: My dataframe: ESS DHP 1 EPB 22 2 SAB 10 3 SAB 20 4 BOJ 14 5 ERS 28 11 SAB 10 12 SAB 22 13 BOJ 26 20 SAB 10 21 SAB 22 22 BOJ 32 29 SAB 14 30 SAB

----- Forwarded message from Louis Kowolowski <louisk@bend.com> ----- Date: Thu, 28 Aug 2003 11:37:42 -0700 From: Louis Kowolowski <louisk@bend.com> To: freebsd-security@freebsd.org Subject: snort, postgres, bridge User-Agent: Mutt/1.5.4i I've been prowling through the FreeBSD and Snort list archives in search of information on setting up snort on a FreeBSD bridge(4) that logs

I am trying to install swatch via yum but it doesn't recognize swatch as being available. I have tried various naming conventions such as swatch-3 etc but still no go. I have Dags repo in yum.conf and I see it listed there on his webpage. In addition, I did a yum search swatch and still nada. Anyone have an idea as to why it will not install? I'm running CentOS 3.5 Thanks, Ed

I have an init script that after running, causes my terminal not to log out cleanly. Here's what i mean: # /etc/init.d/script restart << this runs fine, returns my shell prompt # exit << When I enter this command, my shell window just stays "stuck" and actually won't close down. Anyone know why this happens?

I'm running CentOS 4.4. I'm trying to install swatch (a log watcher) using CPAN. It's getting hung up on trying to install a dependency, Pod::Simple So before I get too wrapped up in this, I have the following questions: 1. Is there an alternative way to install swatch? I didn't get a hit when I tried yum. 2. I'm not wedded to swatch. Is there another log checker

>>> What uEFI specification version does your system claim to be compliant with?? I'd like to read over the spec for the call to verify things. -- -Gene <<< I've tried to find the relationship between UseDefaultAddress and DHP relays but I couldn't find anything. The use of DHCP relays should be really transparent... Best, Patrick

I would like to use swatch to tail a log file for "PageTurnEvent", and if this is not seen in the past 15 minutes then a restart script should be run. Does anyone know if this is possible with the swatch program?

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of