Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.debian.org > debian-user-digest > 07 > 070234.html (Request Expert lists.debian.org Support)

debian-user-digest Digest V2007 #2057

From: <debian-user-digest-request(at)lists.debian.org>
Date: Sun Jul 29 2007 - 13:14:08 EDT


Content-Type: text/plain

debian-user-digest Digest Volume 2007 : Issue 2057

Today's Topics: 

  Re: Disable gnome-power-manager?      [ Mathias Brodala  ]
  Disable gnome-power-manager?          [ Stefan Monnier  ]
  Re: How Debian BTS and its tools can  [ Andrei Popescu  ]
  Re: Disable gnome-power-manager?      [ Alan Ianson  ]
  Re: /bin/login listening?             [ Tyler Smith  ]
  Re: /bin/login listening?             [ Douglas Allan Tutty  ]
  Re: IM on a home debian network       [ John Hasler  ]
  Re: essential services? ssh, nfs?     [ Douglas Allan Tutty 

Date: Sun, 29 Jul 2007 15:56:27 +0200


From: Mathias Brodala <info@noctus.net>


To: debian-user@lists.debian.org


Subject: Re: Disable gnome-power-manager?
Message-ID: <46AC9C8B.1000003@noctus.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";


 boundary="------------enigE3F2F87928717BDC32FF65F5"



This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

--------------enigE3F2F87928717BDC32FF65F5
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


Hi again.



Mathias Brodala, 29.07.2007 15:50:

> Hi Stefan.
>=20


> Stefan Monnier, 29.07.2007 15:25:
>> Now, recent versions of the gnome-desktop-environment depend on
>> gnome-power-management, so it makes it inconvenient to deinstall the
>> gnome-power-management package.  Is there a way to keep it installed b=


ut to

>> deactivate it?
>=20


> I don=E2=80=99t have it installed, but maybe
> /etc/dbus-1/system.d/gnome-power-manager.conf is of help.
Do you need help?X

Apparently, it is not. But README.Debian.gz is:


> GNOME Users: Starting GNOME Power Manager with your GNOME Session
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

>=20


> 1) Add yourself to the powerdev group; this group is created by hal
>    >=3D 0.5.6+cvs20060219-1.
> 2) Open System -> Preferences -> Sessions
> 3) In the Startup Programs tab, click Add
> 4) Type "gnome-power-manager", click OK.
> 5) Log out of your gnome session, and log back in again.

You obviously can do the opposite to disable it.




Regards, Mathias



--=20


debian/rules



--------------enigE3F2F87928717BDC32FF65F5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Do you need more help?X


-----BEGIN PGP SIGNATURE-----


Version: GnuPG v1.4.6 (GNU/Linux)


Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGrJyLYfUFJ3ewsJgRAvc/AJ9gCmOcNgZP202B8BQYQE8kkMK7zQCfS3MV
UIwaKid9etN/Fc6Z8uckLy4=


=UBpp

-----END PGP SIGNATURE-----


--------------enigE3F2F87928717BDC32FF65F5--


Can we help you?X

Date: Sun, 29 Jul 2007 09:25:45 -0400


From: Stefan Monnier <monnier@iro.umontreal.ca>
To: debian-user@lists.debian.org


Subject: Disable gnome-power-manager?


Message-ID: <jwv4pjn9wfb.fsf-monnier+linux.debian.user@gnu.org>
Content-Type: text/plain; charset=us-ascii



Am I the only one who finds the gnome-power-manager to be
fundamentally flawed?  A power daemon needs intrinsically to be
system-global and not specific to a particular login session.
This becomes obvious when there are several logins active at the same time
(on different virtual consoles), typically with different users.



Now, recent versions of the gnome-desktop-environment depend on
gnome-power-management, so it makes it inconvenient to deinstall the
gnome-power-management package.  Is there a way to keep it installed but to
deactivate it?




        Stefan



Date: 29 Jul 2007 13:47:30 GMT


From: Tyler Smith <tyler.smith@mail.mcgill.ca>
To: debian-user@lists.debian.org


Subject: Re: /bin/login listening?


Message-ID: <slrnfapa2p.lgv.tyler.smith@blackbart.mynetwork>



On 2007-07-29, Douglas Allan Tutty <dtutty@porchlight.ca> wrote:

> On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote:
>> On 2007-07-29, Jeff D  wrote:


>  
>> I ran rkhunter again, and then for good measure I aptitude --purged
>> it, reinstalled, and ran again. And then I thought maybe the whole
>> thing was compromised, so I purged it again, installed rkhunter 1.30
>> from sourceforge, and ran again. And I also ran chkrootkit. In all
>> cases they showed nothing happening, except for warning me that some
>> of my /bin executables had been replaced by scripts -- stuff like
>> egrep, fgrep etc.
>> 
>> So perhaps it was just a false positive. I'm going to read up on
>> security stuff now, so maybe I'll have some idea how to proceed the
>> next time.
>> 
>


> Its tricky.  If you have been rooted, you can't trust anything on the
> system, including aptitude.  As for reading, try the package harden-doc.

>



That's what I was thinking. But is there any way a rootkit could
interfere with my downloading and compiling from source? I was hoping
that doing things 'by hand' would limit the possibilities for
compromising the result.


Can't find what you're looking for?X

I will look at harden-doc. I'm working through the Linux how-to
security quick start at the moment.



Thanks,



Tyler
 



Date: Sun, 29 Jul 2007 10:23:39 -0400


From: Celejar <celejar@gmail.com>


To: debian-user@lists.debian.org


Subject: Re: /bin/login listening?

Message-Id: <20070729102339.5b52d252.celejar@gmail.com>
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


On 29 Jul 2007 13:47:30 GMT


Tyler Smith <tyler.smith@mail.mcgill.ca> wrote:


> On 2007-07-29, Douglas Allan Tutty <dtutty@porchlight.ca> wrote:
> > On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote:
> >> On 2007-07-29, Jeff D <fixedored@gmail.com> wrote:
> >  
> >> I ran rkhunter again, and then for good measure I aptitude --purged
> >> it, reinstalled, and ran again. And then I thought maybe the whole
> >> thing was compromised, so I purged it again, installed rkhunter 1.30
> >> from sourceforge, and ran again. And I also ran chkrootkit. In all
> >> cases they showed nothing happening, except for warning me that some
> >> of my /bin executables had been replaced by scripts -- stuff like
> >> egrep, fgrep etc.
> >> 
> >> So perhaps it was just a false positive. I'm going to read up on
> >> security stuff now, so maybe I'll have some idea how to proceed the
> >> next time.
> >> 
> >
> > Its tricky.  If you have been rooted, you can't trust anything on the
> > system, including aptitude.  As for reading, try the package harden-doc.
> >
> 
> That's what I was thinking. But is there any way a rootkit could
> interfere with my downloading and compiling from source? I was hoping
> that doing things 'by hand' would limit the possibilities for
> compromising the result.

In theory, certainly.  Your downloading agent is probably invoking
system libraries, which may be compromised and substituting bad
source.  The system may not even be running your download agent at
all!  Or it may subsequently lie to you and assure you that it's
running the downloaded app when it really isn't.  Whether all this is
at all plausible is a different question.


Don't know where to look next?X
> I will look at harden-doc. I'm working through the Linux how-to
> security quick start at the moment.
> 
> Thanks,
> 
> Tyler

Celejar

--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


Date: Sun, 29 Jul 2007 17:44:18 +0300
From: Andrei Popescu <andreimpopescu@gmail.com>
To: debian-user@lists.debian.org
Subject: Re: How Debian BTS and its tools can be improved (user poll).
Message-ID: <20070729144418.GC8377@think.homenet>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="R+My9LyyhiUvIEro"
Content-Disposition: inline

--R+My9LyyhiUvIEro
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 26, 2007 at 10:49:29AM -0700, Andrew Sackville-West wrote:

> On Thu, Jul 26, 2007 at 03:34:58PM +0000, Oleg Verych wrote:
> > What, on your opinion, can be done better in Debian BTS, reportbug?

>=20

> 1)I agree with kamaraju (sp?) that submitter should be automatically
> subscribed to the bug, or even better, given the option to subscribe
> from within reportbug at submittal time.=20


Or making the subscription as easy as replying to the ACK mail (without=20
and additional ACK, as the reply already verifies that I'm not a=20
computer).

Regards,
Andrei
--=20
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

--R+My9LyyhiUvIEro
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGrKfCqJyztHCFm9kRAiLMAKCpPTB1OgoLHB0VRmwYpD6Nbm9m2wCggKBa
TvSojtssKOaD/LftMFjAUew=
=0iGG
-----END PGP SIGNATURE-----

--R+My9LyyhiUvIEro--



Date: Sun, 29 Jul 2007 09:30:12 -0500
From: John Hasler <jhasler@debian.org>
To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
Message-ID: <877ioji8p7.fsf@toncho.dhh.gt.org>
Content-Type: text/plain; charset=us-ascii


> That's what I was thinking. But is there any way a rootkit could
> interfere with my downloading and compiling from source?


Of course.  They could have trojaned any of the tools you would use.  _No_
software on a rooted box can be trusted.  Including the shell.
-- 
John Hasler



Date: Sun, 29 Jul 2007 09:04:51 -0700
From: Alan Ianson <agianson@gmail.com>
To: debian-user@lists.debian.org
Subject: Re: Disable gnome-power-manager?
Message-Id: <200707290904.51114.agianson@gmail.com>
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Sun July 29 2007 06:25, Stefan Monnier wrote:

> Am I the only one who finds the gnome-power-manager to be
> fundamentally flawed?  A power daemon needs intrinsically to be
> system-global and not specific to a particular login session.
> This becomes obvious when there are several logins active at the same time
> (on different virtual consoles), typically with different users.

>

> Now, recent versions of the gnome-desktop-environment depend on
> gnome-power-management, so it makes it inconvenient to deinstall the
> gnome-power-management package.  Is there a way to keep it installed but to
> deactivate it?


When I install gnome I don't install gnome-desktop-environment. I enter that 
in aptitude and pick the items I want from there. gnome-power-management is 
recommended by gnome-screen-saver so when I install that I temporarily 
disable aptitude from automatically installing recommended packages.

Maybe the long way around but it gets me where I want to be.. :)



Date: 29 Jul 2007 15:56:08 GMT
From: Tyler Smith <tyler.smith@mail.mcgill.ca>
To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
Message-ID: <slrnfaphjv.m57.tyler.smith@blackbart.mynetwork>

On 2007-07-29, Celejar <celejar@gmail.com> wrote:
>> 
>> That's what I was thinking. But is there any way a rootkit could
>> interfere with my downloading and compiling from source? I was hoping
>> that doing things 'by hand' would limit the possibilities for
>> compromising the result.
>

> In theory, certainly.  Your downloading agent is probably invoking
> system libraries, which may be compromised and substituting bad
> source.  The system may not even be running your download agent at
> all!  Or it may subsequently lie to you and assure you that it's
> running the downloaded app when it really isn't.  Whether all this is
> at all plausible is a different question.

>

So if I'm compromised nothing is safe, and the only guaranteed way to
clear this up is to format my harddrive and reinstall. Given that the
only evidence of a problem is a warning about /bin/login listening
from rkhunter, which happened only once, and I have had no other
problems with my net connection or general performance of my laptop,
let alone mysterious withdrawals from my bank account or other signs
of stolen passwords, what should I be doing? 

>From the advice received and what I'm reading, I'm getting two very
different messages - I must reinstall to be 100% certain that I'm
safe, and while I can't be 100% certain I'm safe it's pretty unlikely
that I have a real problem.

What would you do in my situation?

Thanks,

Tyler



Date: Sun, 29 Jul 2007 18:40:05 +0200
From: Mathias Brodala <info@noctus.net>
To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
Message-ID: <46ACC2E5.2090708@noctus.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig6620D8D79CB50A9B1AFF7AB2"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6620D8D79CB50A9B1AFF7AB2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Douglas.

Douglas Allan Tutty, 29.07.2007 18:35:

> Boot the box from something like the install CD, go to a shell, mount
> your / partition ro, noexec.

>=20

> I think the install CD has md5sum installed.  Run:
> 	#md5sum /bin/login.

>=20

> On my i386, I get:

>=20

> 2ee32ff74e474c4d9fc9df6f1460980f /bin/login


You should also tell the exact version of the "login" package you are usi=
ng.
Otherwise this number is useless.

With 1:4.0.18.1-11 on i386 I get this:


> 004a41bb9196f1888bd89c2245910f46  /bin/login



Regards, Mathias

--=20
debian/rules


--------------enig6620D8D79CB50A9B1AFF7AB2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGrMLlYfUFJ3ewsJgRAuspAKCJiZXSV7YferuL8QgLYa+U/gHmIgCeM325
FzSSUe0yGpIN7Ndf6J+ce4Y=
=3bU2
-----END PGP SIGNATURE-----

--------------enig6620D8D79CB50A9B1AFF7AB2--



Date: Sun, 29 Jul 2007 12:35:03 -0400
From: Douglas Allan Tutty <dtutty@porchlight.ca>
To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
Message-ID: <20070729163503.GA9535@titan>
Content-Type: multipart/mixed; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline

--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Jul 29, 2007 at 03:56:08PM +0000, Tyler Smith wrote:
 

> So if I'm compromised nothing is safe, and the only guaranteed way to
> clear this up is to format my harddrive and reinstall. Given that the
> only evidence of a problem is a warning about /bin/login listening
> from rkhunter, which happened only once, and I have had no other
> problems with my net connection or general performance of my laptop,
> let alone mysterious withdrawals from my bank account or other signs
> of stolen passwords, what should I be doing? 
> 
> >From the advice received and what I'm reading, I'm getting two very
> different messages - I must reinstall to be 100% certain that I'm
> safe, and while I can't be 100% certain I'm safe it's pretty unlikely
> that I have a real problem.
> 
> What would you do in my situation?
> 


Try this:

Boot the box from something like the install CD, go to a shell, mount
your / partition ro, noexec.

I think the install CD has md5sum installed.  Run:
	#md5sum /bin/login.

On my i386, I get:

2ee32ff74e474c4d9fc9df6f1460980f /bin/login

If /bin/login is fine, then I'd forget about it.
If it differs, I'd wipe the drive and reinstall; from backups before
your first indication of a problem.  Then examine the difference between
that backup's data and your most recent backup.

Actually, to put your mind at ease, I've attached a file bin-MD5SUMS
which is the output of:

	$md5sum /bin/* > bin-MD5SUMS

Put this onto a floppy and mount it when you boot your install CD.  Then
edit it so that, for example the /bin/login reads /mnt/bin/login.

You can then verify the whole /bin with
	#md5sum -c bin-MD5SUMS

Here's the file, and good luck.

Doug.


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=bin-MD5SUMS

be2bfd8feb6bfb826593c087817be9d5  /bin/arch
72e1a7bbf8478e3dd08693bec6f4c50e  /bin/bash
01fcfa4919953518bbbc97b2637a27ad  /bin/bunzip2
a60f3c2c4dcedeec5b0e6cce4fd777c8  /bin/busybox
01fcfa4919953518bbbc97b2637a27ad  /bin/bzcat
dfaba3a92070a1881dd8ec64a26069a4  /bin/bzcmp
dfaba3a92070a1881dd8ec64a26069a4  /bin/bzdiff
2b11565d85da178b3a1942a22d20c624  /bin/bzegrep
ea97408418bc4c3a77c0048003198acc  /bin/bzexe
2b11565d85da178b3a1942a22d20c624  /bin/bzfgrep
2b11565d85da178b3a1942a22d20c624  /bin/bzgrep
01fcfa4919953518bbbc97b2637a27ad  /bin/bzip2
d231db40e391032509c4c4782653cb6e  /bin/bzip2recover
e243255b6cf3b9403df53cb9cd6176e1  /bin/bzless
e243255b6cf3b9403df53cb9cd6176e1  /bin/bzmore
c12e12da393d90fba841aa678aef5094  /bin/cat
117baf5142bb451a8a0c501cdbf43726  /bin/chgrp
aa1ab822de26dd9d455c8ac9163ba30e  /bin/chmod
b28ba00d8345041e4955ed970ed174ee  /bin/chown
a096cd237ee340b66f84a7867a2da2a7  /bin/cp
901cc68b293e3249a681ab4f396d1cd4  /bin/cpio
a9a89a3beefb30729ea4ae80d6335cb6  /bin/csh
2af9162bd0c10ecd3b77983a56d79f6c  /bin/date
02aec16981ffee391d957a28cd1190af  /bin/dd
53f20746bb14718e54a65b86510bcb82  /bin/df
1c4d91adb9b1fa383247d0334a389975  /bin/dir
5c54d6f8b6af629e4be985f52c21adb6  /bin/dmesg
638cead25982bc413a287e30a6b3fea4  /bin/dnsdomainname
177e77531159a20fbcf741136c02ce05  /bin/echo
73a8a6f1948231171a6586aef43f26a6  /bin/ed
1a1c4e75e82a51bc570350aa22184913  /bin/egrep
28b23332333e80869b5810c4105392c6  /bin/false
01b9524c8e60a5e167132a6e85452cd0  /bin/fgrep
5d3ff43e62be5f980abeb4100a018ff1  /bin/fuser
d274e7a42d015822ea25fb08ed19262c  /bin/grep
df40328a2c30b3dd195ef2f55d60cef4  /bin/gunzip
cd4aee768f1e3db05aac2b3f5a6219ae  /bin/gzexe
df40328a2c30b3dd195ef2f55d60cef4  /bin/gzip
638cead25982bc413a287e30a6b3fea4  /bin/hostname
01c8af0fc0fe16eab70368389a5482bb  /bin/ip
aca6202f58b4e514ac9c0501505c2076  /bin/kernelversion
083ec3e06bc9de75e00fcb6d6292b378  /bin/kill
2f67f424360319c65ab68c27984f4d06  /bin/ln
2ee32ff74e474c4d9fc9df6f1460980f  /bin/login
3a409d2e7d87fa96c89650c6aec35ac7  /bin/ls
8903244917679b8f5a19909e7e5d0fcc  /bin/lsmod
432c653790fe9d2562f0894bb922d46d  /bin/lsmod.modutils
e89d8739e436bf722668b838476d65cb  /bin/lspci
2b71253ac2aa883f6b65cc4d636fe8c8  /bin/mkdir
95887a0809f5a6de47e26d8b60ae28b1  /bin/mknod
641ec128955d32c613c201d45a9bf224  /bin/mktemp
cc51af5002e2d41a84aecb14fc9cbd79  /bin/more
27c66448968d6775d3f61ee07938938c  /bin/mount
dcfe6fa0df8251d56c7f6cd738181003  /bin/mountpoint
0658725a01811e897497f24838c79e75  /bin/mt
0658725a01811e897497f24838c79e75  /bin/mt-gnu
45fc16400d06a4cf9d69c8d619f9104b  /bin/mv
68de2870b06443403332c81022010a24  /bin/nano
f0169e77f969e17e013c295cd74346a6  /bin/nc
f0169e77f969e17e013c295cd74346a6  /bin/netcat
e00b5e934dfa34a968b33cb2566ecdec  /bin/netstat
3aba7c43d7978452e790220b0deb0e4e  /bin/pidof
7001afa26625989c85d05be0d4f93e4e  /bin/ping
d420db19497b56e632756884efd244e9  /bin/ping6
6140d156296de35a86fd154081b00f26  /bin/ps
b7ec22f9d3040fff114acfd4f6d226e7  /bin/pwd
72e1a7bbf8478e3dd08693bec6f4c50e  /bin/rbash
07e433957de1c39329ebd81d61ca44a2  /bin/readlink
bdd022ca8ec797544b3eddb817ce97f5  /bin/rm
34dd0e07f6abdd1531c7c0953752ab1d  /bin/rmdir
68de2870b06443403332c81022010a24  /bin/rnano
1622c90a9570641dd182d0eff4e9d95b  /bin/run-parts
d9be68996d0b87faeb83d1ad8951a481  /bin/sash
1fc6cd13e8a249ec91f7e449f588d6a8  /bin/sed
8501cfbf10055e8d98d82248f8397c08  /bin/setpci
e15427bde126b4204676456a0e304634  /bin/setserial
72e1a7bbf8478e3dd08693bec6f4c50e  /bin/sh
ade32c6b4e49cc3d9c9187b341ab677d  /bin/sleep
8ff11a1d2fa865a1df52f4801b2146ce  /bin/stty
1381ae1ac77b512258657b096522bb6a  /bin/su
ed35991c79e7f27556be284b94a9230e  /bin/sync
3d4ff79b35e99e6d898e1b78d34816fb  /bin/tar
a9a89a3beefb30729ea4ae80d6335cb6  /bin/tcsh
03e5794e352ebc66b02279b1838321a7  /bin/tempfile
dc38f34bdd3f285ea11ebcf806b4c9ad  /bin/touch
8faf4fa090c99faed87c032228319a3d  /bin/true
e85bfe5ccc222ac49fb9093e1234ea0d  /bin/umount
4aae597c9a56e81b9ed4645e07e56e17  /bin/uname
df40328a2c30b3dd195ef2f55d60cef4  /bin/uncompress
91e330c4878314f25300c3300a39ed40  /bin/vdir
5091b25f65a1d8929536c814b314b1c8  /bin/which
df40328a2c30b3dd195ef2f55d60cef4  /bin/zcat
45cde7b4135720aa8404415b34e4dc4b  /bin/zcmp
45cde7b4135720aa8404415b34e4dc4b  /bin/zdiff
7bdd4c28c529181605b96fca78fbd030  /bin/zegrep
7bdd4c28c529181605b96fca78fbd030  /bin/zfgrep
51690321bd9c5b12bb00af25ecccfb66  /bin/zforce
7bdd4c28c529181605b96fca78fbd030  /bin/zgrep
0343bf4b663154853e29d449f9860e87  /bin/zless
f5d294929112a8b11d281fadc62ed4c3  /bin/zmore
85e1a8bc1c27dcf3ca343e34dcae2192  /bin/znew

--SUOF0GtieIMvvwua--


Confused? Frustrated?X

Date: 29 Jul 2007 16:11:55 GMT
From: Tyler Smith <tyler.smith@mail.mcgill.ca>
To: debian-user@lists.debian.org
Subject: essential services? ssh, nfs?
Message-ID: <slrnfapihi.m57.tyler.smith@blackbart.mynetwork>

Hi,

I'm working through the security quick start how to, and I'm not clear
on what services are required and which ones I can safely remove. I'm
running a single laptop, which I connect to the net via wireless at
home or at cafes, and via an ethernet cable at work. 

1) I never login remotely, so I think I can safely do away with
openssh-server? 

tcp6        *:ssh                   *:*       LISTEN     3026/sshd           

2) The how-to suggests that for my setup I don't need anything to do
with NFS - netstat reports rpc.statd and portmap as listening. Can I
just purge nfs-common and portmap?

tcp         *:37381                 *:*       LISTEN     2603/rpc.statd      
tcp         *:sunrpc                *:*       LISTEN     2578/portmap        


3) I have apache installed as a dependency of doc-central. netstat
shows it to be listening to all interfaces. Is there a way to set it
to listen only for local connections? I don't understand this very
well, but it seems I shouldn't need to listen to anyone from the
outside to connect to my docs.

tcp         *:www                   *:*       LISTEN     3826/apache         

4) The only remaining listeners I have are:

tcp         localhost:929           *:*       LISTEN     3721/famd           
tcp         *:auth                  *:*       LISTEN     3661/inetd          
tcp         localhost:smtp          *:*       LISTEN     3385/exim4          

What is auth? Since famd and exim4 are only listening to localhost,
can I conclude they are not a security risk?

Thanks for your help,

Tyler



Date: Sun, 29 Jul 2007 17:40:24 +0100
From: Brad Rogers <brad@fineby.me.uk>
To: debian-user@lists.debian.org
Subject: Re: dumb question about aAdobe Acrobat....
Message-ID: <20070729174024.495465f1@abydos.stargate.org.uk>
Content-Type: multipart/signed; boundary="Sig_cbxvpjr7m.G4ynPyIt=cuVt";
 protocol="application/pgp-signature"; micalg=PGP-SHA1

--Sig_cbxvpjr7m.G4ynPyIt=cuVt
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sat, 28 Jul 2007 21:12:31 -0400
Douglas Allan Tutty <dtutty@porchlight.ca> wrote:

Hello Douglas,


> Sounds like a crazy propriatary scheme.  Whatever happened to sending


Quite probably. =20


> out the Latex of a document.  Recipients can latex it to view it, make
> changes, get it right, then email the latex back.


Because most people are completely unaware of TeX for generating
documents.


> As for printing but not saving an altered pdf, can't you print to file
> (or get your print spooler to do it) so that you have a ps of the pdf?


I've not tried, TBH.  The odd PDF that I've come across that allowed
data entry wasn't the sort of thing I needed to keep a copy of.  I
might play around and see what I can do.

--=20
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"

I am alone there's nobody there
I Look Alone - Buzzcocks

--Sig_cbxvpjr7m.G4ynPyIt=cuVt
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGrML6SXvR9Iq2E38RAqR3AJ4uOTjBHIfgXP/sr34oHdD8uncROgCgirzA
VrCGWRReBb+Onq/0IINAFEM=
=20hD
-----END PGP SIGNATURE-----

--Sig_cbxvpjr7m.G4ynPyIt=cuVt--



Date: Sun, 29 Jul 2007 06:55:06 -0500
From: John Hasler <jhasler@debian.org>
To: debian-user@lists.debian.org
Subject: Re: IM on a home debian network
Message-ID: <87bqdvifvp.fsf@toncho.dhh.gt.org>
Content-Type: text/plain; charset=us-ascii

Ron Johnson wrote:

> What ever happened to diald?


It was obsoleted by the demand-dial feature of pppd which can be configured
with pppconfig.

Doug writes:

> Its an external Courier.  I meant push the button to turn it on.


Why do you turn it off?
-- 
John Hasler



Date: Sun, 29 Jul 2007 12:46:58 -0400
From: Douglas Allan Tutty <dtutty@porchlight.ca>
To: debian-user@lists.debian.org
Subject: Re: essential services? ssh, nfs?
Message-ID: <20070729164658.GB9740@titan>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Jul 29, 2007 at 04:11:55PM +0000, Tyler Smith wrote:

> 
> I'm working through the security quick start how to, and I'm not clear
> on what services are required and which ones I can safely remove. I'm
> running a single laptop, which I connect to the net via wireless at
> home or at cafes, and via an ethernet cable at work. 
> 
> 1) I never login remotely, so I think I can safely do away with
> openssh-server? 


If you don't need it, and a package isn't there to meet a dependancy,
get rid of it.


> 
> tcp6        *:ssh                   *:*       LISTEN     3026/sshd           
> 
> 2) The how-to suggests that for my setup I don't need anything to do
> with NFS - netstat reports rpc.statd and portmap as listening. Can I
> just purge nfs-common and portmap?
> 
> tcp         *:37381                 *:*       LISTEN     2603/rpc.statd      
> tcp         *:sunrpc                *:*       LISTEN     2578/portmap        
> 


Ditto.



> 3) I have apache installed as a dependency of doc-central. netstat
> shows it to be listening to all interfaces. Is there a way to set it
> to listen only for local connections? I don't understand this very
> well, but it seems I shouldn't need to listen to anyone from the
> outside to connect to my docs.
> 
> tcp         *:www                   *:*       LISTEN     3826/apache         
> 


I've never run apache so don't know.


> 4) The only remaining listeners I have are:
> 
> tcp         localhost:929           *:*       LISTEN     3721/famd           
> tcp         *:auth                  *:*       LISTEN     3661/inetd          
> tcp         localhost:smtp          *:*       LISTEN     3385/exim4          
> 
> What is auth? Since famd and exim4 are only listening to localhost,
> can I conclude they are not a security risk?
> 


What do you have uncommented in /etc/inetd.conf?  I don't have anything,
so inetd doesn't start up at boot.

Finally,  as the last defence, do you have a good firewall setup?  I use
shorewall with a default net to all DROP and everything else REJECT,
then open ports as needed in rules.

Doug.



Date: Sun, 29 Jul 2007 12:51:58 -0400
From: Douglas Allan Tutty <dtutty@porchlight.ca>
To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
Message-ID: <20070729165158.GC9740@titan>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Jul 29, 2007 at 06:40:05PM +0200, Mathias Brodala wrote:
 

> You should also tell the exact version of the "login" package you are using.
> Otherwise this number is useless.


Sorry.  Stock, up-to-date Etch.  Aptitude shows it as version
1:4.0.18.1-7.

Doug.

End of debian-user-digest Digest V2007 Issue #2057
**************************************************

Received on Sun Jul 29 13:11:30 2007

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:05:34 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library