From owner-freebsd-security Wed Jan 1 12: 0:40 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 040BF37B401 for ; Wed, 1 Jan 2003 12:00:38 -0800 (PST) Received: from hotmail.com (f13.law10.hotmail.com [64.4.15.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8B1143EC5 for ; Wed, 1 Jan 2003 12:00:37 -0800 (PST) (envelope-from elite_bizkit@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 1 Jan 2003 11:54:30 -0800 Received: from 81.6.242.117 by lw10fd.law10.hotmail.msn.com with HTTP; Wed, 01 Jan 2003 19:54:29 GMT X-Originating-IP: [81.6.242.117] From: "Elite Bizkit" To: freebsd-security@FreeBSD.org Subject: Unable to connect to jail Date: Wed, 01 Jan 2003 19:54:29 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 01 Jan 2003 19:54:30.0240 (UTC) FILETIME=[98F5FE00:01C2B1CF] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wasn't sure whether this is a security issue but it is related somewhat to the jail. I have given my network card an alias using ifconfig_vr0_alias0="inet netmask 0xffffffff". The alias IP is the IP of my jail which is acting as an ftp server but I am unable to ping it from any PC on my LAN apart from the FreeBSD box itself. Have I done something wrong or is this problem common? Any help would be very appreciated. - BiZKiT _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 1 13:49: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95E7637B401 for ; Wed, 1 Jan 2003 13:48:58 -0800 (PST) Received: from hotmail.com (f75.law10.hotmail.com [64.4.15.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3521A43EC5 for ; Wed, 1 Jan 2003 13:48:58 -0800 (PST) (envelope-from elite_bizkit@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 1 Jan 2003 13:42:44 -0800 Received: from 81.6.242.117 by lw10fd.law10.hotmail.msn.com with HTTP; Wed, 01 Jan 2003 21:42:44 GMT X-Originating-IP: [81.6.242.117] From: "Elite Bizkit" To: freebsd-security@FreeBSD.org Subject: Problem solved Date: Wed, 01 Jan 2003 21:42:44 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 01 Jan 2003 21:42:44.0921 (UTC) FILETIME=[B817AA90:01C2B1DE] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The problem regarding the alias of my NIC has been resolved so no need to repond any more. Thanks. - BiZKiT _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 1 13:52: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFE6A37B405 for ; Wed, 1 Jan 2003 13:51:59 -0800 (PST) Received: from hotmail.com (f143.law10.hotmail.com [64.4.15.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7694443EC2 for ; Wed, 1 Jan 2003 13:51:59 -0800 (PST) (envelope-from elite_bizkit@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 1 Jan 2003 13:49:14 -0800 Received: from 81.6.242.117 by lw10fd.law10.hotmail.msn.com with HTTP; Wed, 01 Jan 2003 21:49:13 GMT X-Originating-IP: [81.6.242.117] From: "Elite Bizkit" To: freebsd-security@FreeBSD.org Subject: Removing a Jail Date: Wed, 01 Jan 2003 21:49:13 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 01 Jan 2003 21:49:14.0181 (UTC) FILETIME=[A01C0750:01C2B1DF] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Me again :p Im bulding my Jails using the script in the jail(8) man pages, to resolve the issue of not being able to ping my NIC alias I have changed the IP of the alias and therefore the IP of the jail. Each jail is in a certain folder with its own IP (e.g. /my/jail/10.0.0.1/). First of all, how do I remove current jail? is it as easy as just deleting the folder? Secondly in the script (located in jail(8) man pages) it runs "sh MAKEDEV jail", if I run this script again with a different IP will it have any conflicts because "sh MAKEDEV jail" has already been run? Jail script located in jail(8) man pages: D=/here/is/the/jail cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D -DNO_MAKEDEV_RUN cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel - BiZKiT _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 1 23:46:44 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41DFB37B401 for ; Wed, 1 Jan 2003 23:46:42 -0800 (PST) Received: from mail.npubs.com (npubs.com [207.111.208.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id D506C43EE1 for ; Wed, 1 Jan 2003 23:46:41 -0800 (PST) (envelope-from nielsen@memberwebs.com) From: "Nielsen" To: "Elite Bizkit" , References: Subject: Re: Removing a Jail MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20030102074913.193D143B3EA@mail.npubs.com> Date: Thu, 2 Jan 2003 07:49:13 +0000 (GMT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Me again :p Im bulding my Jails using the script in the jail(8) man pages, > to resolve the issue of not being able to ping my NIC alias I have changed > the IP of the alias and therefore the IP of the jail. Each jail is in a > certain folder with its own IP (e.g. /my/jail/10.0.0.1/). First of all, how > do I remove current jail? is it as easy as just deleting the folder? yes. > Secondly in the script (located in jail(8) man pages) it runs "sh MAKEDEV > jail", if I run this script again with a different IP will it have any > conflicts because "sh MAKEDEV jail" has already been run? No. MAKEDEV operates in the current folder. That's in the jail(8) man pages, you change to the appropriate /dev directory before running 'sh MAKEDEV jail'. Cheers Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 2 1:56:49 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13E9A37B401 for ; Thu, 2 Jan 2003 01:56:46 -0800 (PST) Received: from hotmail.com (f106.law10.hotmail.com [64.4.15.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id C470C43EC2 for ; Thu, 2 Jan 2003 01:56:45 -0800 (PST) (envelope-from elite_bizkit@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 2 Jan 2003 01:56:02 -0800 Received: from 81.6.253.64 by lw10fd.law10.hotmail.msn.com with HTTP; Thu, 02 Jan 2003 09:56:02 GMT X-Originating-IP: [81.6.253.64] From: "Elite Bizkit" To: nielsen@memberwebs.com Cc: freebsd-security@FreeBSD.org Subject: Re: Removing a Jail Date: Thu, 02 Jan 2003 09:56:02 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 02 Jan 2003 09:56:02.0351 (UTC) FILETIME=[289AB3F0:01C2B245] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ah I see, "sh MAKEDEV jail" creates a device inside the jail, so if I run "rm -fr /usr/jail" the device will be removed aswell? - BiZKiT >From: "Nielsen" >To: "Elite Bizkit" >, >Subject: Re: Removing a Jail >Date: Thu, 2 Jan 2003 07:49:13 +0000 (GMT) > > > Me again :p Im bulding my Jails using the script in the jail(8) man >pages, > > to resolve the issue of not being able to ping my NIC alias I have >changed > > the IP of the alias and therefore the IP of the jail. Each jail is >in a > > certain folder with its own IP (e.g. /my/jail/10.0.0.1/). First of >all, how > > do I remove current jail? is it as easy as just deleting the folder? > >yes. > > > Secondly in the script (located in jail(8) man pages) it runs "sh >MAKEDEV > > jail", if I run this script again with a different IP will it have >any > > conflicts because "sh MAKEDEV jail" has already been run? > >No. MAKEDEV operates in the current folder. That's in the jail(8) man >pages, you change to the appropriate /dev directory before running 'sh >MAKEDEV jail'. > >Cheers > >Nate _________________________________________________________________ The new MSN 8 is here: Try it free* for 2 months http://join.msn.com/?page=dept/dialup To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 2 4:38:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55F8737B401 for ; Thu, 2 Jan 2003 04:38:25 -0800 (PST) Received: from hotmail.com (f25.law10.hotmail.com [64.4.15.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12D3043EB2 for ; Thu, 2 Jan 2003 04:38:25 -0800 (PST) (envelope-from elite_bizkit@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 2 Jan 2003 04:32:40 -0800 Received: from 81.6.253.64 by lw10fd.law10.hotmail.msn.com with HTTP; Thu, 02 Jan 2003 12:32:40 GMT X-Originating-IP: [81.6.253.64] From: "Elite Bizkit" To: haupt@outof.ch Cc: freebsd-security@FreeBSD.org Subject: Re: Removing a Jail Date: Thu, 02 Jan 2003 12:32:40 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 02 Jan 2003 12:32:40.0765 (UTC) FILETIME=[0A7EDED0:01C2B25B] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I logged into single user mode (pressing space at prompt then useing boot -s), ran "chflags -R noschg /usr/jail" and got the following message "chflags: not found". I tried "man chflags" but that also returned "man: not found". Are these not available in single user mode? or have I done something wrong? - BiZKiT >From: Emanuel Haupt >To: "Elite Bizkit" >CC: freebsd-security@FreeBSD.org >Subject: Re: Removing a Jail >Date: Thu, 2 Jan 2003 13:17:44 +0100 > >On Thu, 02 Jan 2003 09:56:02 +0000 >"Elite Bizkit" wrote: > > > Ah I see, "sh MAKEDEV jail" creates a device inside the jail, so if I >run > > "rm -fr /usr/jail" the device will be removed aswell? > >usually you can't delete jails just by rm due to there are several files >with 'schg' flags. depending on your security level you have to boot to >single user mode and chflags (man 1 chflags) them in order to be able to >remove it: > >$ chflags -R noschg /your/jaildir >$ rm -rf /your/jaildir > > > > > - BiZKiT > > >emanuel _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 2 6: 7:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06E7037B401 for ; Thu, 2 Jan 2003 06:07:20 -0800 (PST) Received: from datastorm.kicks-ass.org (datastorm.kicks-ass.org [202.22.160.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4305943EA9 for ; Thu, 2 Jan 2003 06:07:18 -0800 (PST) (envelope-from talon@datastorm.kicks-ass.org) Received: from datastorm.kicks-ass.org (forsaken.datastorm.kicks-ass.org [10.0.0.1]) by datastorm.kicks-ass.org (Postfix) with ESMTP id F36C92AB4F; Fri, 3 Jan 2003 01:07:27 +1100 (EST) Message-ID: <3E14479E.5080700@datastorm.kicks-ass.org> Date: Fri, 03 Jan 2003 01:07:26 +1100 From: Talon Organization: Data-Storm Computers User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020622 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Elite Bizkit Cc: haupt@outof.ch, freebsd-security@FreeBSD.org Subject: Re: Removing a Jail References: X-Enigmail-Version: 0.49.5.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Elite Bizkit wrote: | I logged into single user mode (pressing space at prompt then useing | boot -s), ran "chflags -R noschg /usr/jail" and got the following | message "chflags: not found". I tried "man chflags" but that also | returned "man: not found". Are these not available in single user mode? | or have I done something wrong? | | - BiZKiT | | | | |> From: Emanuel Haupt |> To: "Elite Bizkit" |> CC: freebsd-security@FreeBSD.org |> Subject: Re: Removing a Jail |> Date: Thu, 2 Jan 2003 13:17:44 +0100 |> |> On Thu, 02 Jan 2003 09:56:02 +0000 |> "Elite Bizkit" wrote: |> |> > Ah I see, "sh MAKEDEV jail" creates a device inside the jail, so if |> I run |> > "rm -fr /usr/jail" the device will be removed aswell? |> |> usually you can't delete jails just by rm due to there are several |> files with 'schg' flags. depending on your security level you have to |> boot to single user mode and chflags (man 1 chflags) them in order to |> be able to remove it: |> |> $ chflags -R noschg /your/jaildir |> $ rm -rf /your/jaildir |> |> > |> > - BiZKiT |> |> |> emanuel BiZKiT you may need to mount some devices if you are in single user mode Are these questions even relavant to this mailing list. Regards Jason - -- ~ |===================================| ~ | Data-Storm Computers | Powered By | ~ | FreeBSD Rock Stable Performance | ~ |===================================| -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: Signed With GnuPG iD8DBQE+FEedyoJQBYFw6XARAiV4AKCg9eBxl8gr2M1ez+sKQE//5fLIVQCeIQti k/7PusEaLjtBh0HY4IWXdys= =trsw -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 2 9:34:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30E8B37B401 for ; Thu, 2 Jan 2003 09:34:35 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C45E43EC5 for ; Thu, 2 Jan 2003 09:34:34 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.6/8.12.6) with ESMTP id h02HYWQB019001; Thu, 2 Jan 2003 17:34:32 GMT (envelope-from mark@grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.6/8.12.6/Submit) with UUCP id h02HYWUa019000; Thu, 2 Jan 2003 17:34:32 GMT Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.6/8.12.6) with ESMTP id h02HX2Xb077812; Thu, 2 Jan 2003 19:33:03 +0200 (SAST) (envelope-from mark@grondar.org) Message-Id: <200301021733.h02HX2Xb077812@grimreaper.grondar.org> To: htabak@quadtelecom.com Cc: security@freebsd.org From: markm@freebsd.org Subject: Re: Bystander shot by a spam filter. In-Reply-To: Your message of "Sat, 28 Dec 2002 08:45:23 EST." <3E0DAAF3.7090103@quadtelecom.com> Date: Thu, 02 Jan 2003 19:33:02 +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > filter, I've had to send this from another account] Hi This is off-topic for 2 reasons. 1) FreeBSD-security is for intrusion-related (and to a lesser extent DoS-related security issues). Your post is more about spam philosophy, and as such is better suited to a general Anti-Spam list. 2) The "political" aspect of of the tool you mention may be relevant, but not in security. FreeBSD supplies tools, and lets users decide when to use them. A policy list like FreeBSD-ISP _may_ be better suited to this. Also - please don't cross-post to other FreeBSD lists. Particularly to FreeBSD-Questions. > I recently discovered, and quite by accident, that a FreeBSD ported > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > to an unknown number of businesses and individuals on the internet. I'll > probably never have to correspond with most of these people, but I'm a > freelancer -- this may have already cost me a job. [Dear reader, don't > be surprised if you or your clients are also blocked. I strongly suggest > that you check it out.] Please take this up with the SB author and the sites that have chosen to use this tool. You may need to use another From: address. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 3 13:16:32 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 036F237B401 for ; Fri, 3 Jan 2003 13:16:30 -0800 (PST) Received: from jack.clarksys.com (jack.clarksys.com [64.70.36.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70ED743ED1 for ; Fri, 3 Jan 2003 13:16:29 -0800 (PST) (envelope-from max@clarksys.com) Received: (qmail 81950 invoked by uid 504); 3 Jan 2003 21:15:51 -0000 Received: from [209.101.124.143] (HELO minimax) (209.101.124.143) by jack.clarksys.com (qpsmtpd/0.11-dev) with SMTP; 2003-01-03 21:15:48Z From: "Max Clark" To: Subject: Shell access in chroot? Date: Fri, 3 Jan 2003 13:16:27 -0800 Message-ID: <004f01c2b36d$612ecf20$4400060a@minimax> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Spam-Check-By: jack.clarksys.com X-Spam-Status: No, hits=3.1 required=5.0 tests=CARRIAGE_RETURNS,INVALID_MSGID,SPAM_PHRASE_00_01 version=2.41 X-SMTPD: qpsmtpd/0.11-dev, http://develooper.com/code/qpsmtpd/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I would like to set up a box and provide limited shell access to users. Is there a way I could chroot a user on a ssh/telnet session like ftp? If I were to give shell access to users, what kind of local security hardening should I employ? Tips/Suggestions would be greatly appreciated. Thanks in advance, Max To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 3 14:45: 7 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB96437B401 for ; Fri, 3 Jan 2003 14:45:05 -0800 (PST) Received: from deevil.homeunix.org (adsl-34-239-158.bct.bellsouth.net [67.34.239.158]) by mx1.FreeBSD.org (Postfix) with SMTP id C286B43EC2 for ; Fri, 3 Jan 2003 14:45:04 -0800 (PST) (envelope-from deevil@deevil.homeunix.org) Received: (qmail 40818 invoked by uid 1001); 3 Jan 2003 22:46:55 -0000 Date: Fri, 3 Jan 2003 17:46:55 -0500 From: Ken Ebling To: freebsd-security@freebsd.org Subject: Re: Shell access in chroot? Message-ID: <20030103224655.GB40799@deevil.homeunix.org> References: <004f01c2b36d$612ecf20$4400060a@minimax> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004f01c2b36d$612ecf20$4400060a@minimax> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've played with CHRSH (http://www.aarongifford.com/computers/chrsh.html) a bit and found it to be very useful for that purpose, but sometimes a pain to setup. Just pay attention to the directions and write a shell script to install it if you plan on having many users with chrooted shells. Ken On Fri, Jan 03, 2003 at 01:16:27PM -0800, Max Clark wrote: > Hi all, > > I would like to set up a box and provide limited shell access to users. > Is there a way I could chroot a user on a ssh/telnet session like ftp? > > If I were to give shell access to users, what kind of local security > hardening should I employ? Tips/Suggestions would be greatly > appreciated. > > Thanks in advance, > > Max To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 3 16:23:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C265837B405 for ; Fri, 3 Jan 2003 16:23:33 -0800 (PST) Received: from in.flite.net (in.flite.net [207.203.36.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id E884943EE5 for ; Fri, 3 Jan 2003 16:23:32 -0800 (PST) (envelope-from deevil@deevil.homeunix.org) Received: from deevil.homeunix.org (adsl-34-239-158.bct.bellsouth.net [67.34.239.158]) by in.flite.net (8.11.3/8.11.3) with ESMTP id h03NPZo88957 for ; Fri, 3 Jan 2003 18:25:36 -0500 (EST) (envelope-from deevil@deevil.homeunix.org) Message-ID: <3E161BE6.30908@deevil.homeunix.org> Date: Fri, 03 Jan 2003 18:25:26 -0500 From: Ken Ebling User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Shell access in chroot? =?ISO-8859-1?Q?=28Maur=EDcio_de_?= =?ISO-8859-1?Q?f=E9rias=29?= References: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Autoresponder (in Portuguese) mailing the list. Can he be de-activated until the 20th? I know it's OT but receiving his email numerous times/day will suck. =) Mauricio Pegoraro wrote: > Caros, > > estou de férias. Retornarei dia 20/1/2003. > Favor encaminhar assuntos relativos à segurança ou à rede do clicRBS ao Marcelo Lima (ramal 6226). > > Feliz 2003. > > MaurícioWP. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 4 1:28:56 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABD3737B401 for ; Sat, 4 Jan 2003 01:28:54 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D804743ED1 for ; Sat, 4 Jan 2003 01:28:53 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.6/8.12.6) with ESMTP id h049SqQB026107 for ; Sat, 4 Jan 2003 09:28:52 GMT (envelope-from mark@grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.6/8.12.6/Submit) with UUCP id h049Sqvh026106 for FreeBSD-security@freebsd.org; Sat, 4 Jan 2003 09:28:52 GMT Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.6/8.12.6) with ESMTP id h03AnRXb014220 for ; Fri, 3 Jan 2003 12:49:27 +0200 (SAST) (envelope-from mark@grondar.org) Message-Id: <200301031049.h03AnRXb014220@grimreaper.grondar.org> To: FreeBSD-security@freebsd.org From: markm@freebsd.org Subject: Administrativia: The topic. Date: Fri, 03 Jan 2003 12:49:26 +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all (and compliments of the new year!) The preponderance of positive feedback that I have got back about the usefulness of this list has been very heartening. Thank you for your co-operation! There has been a small tendancy to slide towards Question-and-Answer. PLEASE do not do this - this is a _discussion_ list, not a help forum. Remember that Q&A is welcome as long as both the question and the answer are provided and these are submitted for possible inclusion into the FAQ. I plan to go through the archives and find FAQ items. I recall some folks being interested in helping here. Please contact me if you are still interested. I'll be doing this when I get back from vacation in a week or so. Certain questionable topics have also come up. Spam discussion is OK as long as it is security-oriented as well (plain old spam is _not_ a security issue, but a spam flood could be a DoS issue). For it to be discussable here, there needs to be an overwhelming _security_ focus that is of strong relevance to FreeBSD. Spamfighting has its own lists where spam tools and spam policy may be discussed. Ad-hominem attacks are specifically unwelcome. This is also true of other anti-social activities such as trolling, baiting, flaming and so forth. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 4 8:45:21 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A1A137B406 for ; Sat, 4 Jan 2003 08:45:19 -0800 (PST) Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81EF343EC2 for ; Sat, 4 Jan 2003 08:45:18 -0800 (PST) (envelope-from freebsd-security-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198]) by rwcrmhc53.attbi.com (rwcrmhc53) with ESMTP id <2003010416451705300sepn6e>; Sat, 4 Jan 2003 16:45:18 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.6/8.12.6) with ESMTP id h04GjHGZ001659; Sat, 4 Jan 2003 11:45:17 -0500 (EST) (envelope-from freebsd-security-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.6/8.12.6/Submit) id h04GjGW3001656; Sat, 4 Jan 2003 11:45:16 -0500 (EST) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-security-local@be-well.ilk.org using -f To: "Max Clark" Cc: Subject: Re: Shell access in chroot? References: <004f01c2b36d$612ecf20$4400060a@minimax> From: Lowell Gilbert Date: 04 Jan 2003 11:45:16 -0500 In-Reply-To: <004f01c2b36d$612ecf20$4400060a@minimax> Message-ID: <44smw8dftv.fsf@be-well.ilk.org> Lines: 12 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Max Clark" writes: > Hi all, > > I would like to set up a box and provide limited shell access to users. > Is there a way I could chroot a user on a ssh/telnet session like ftp? > > If I were to give shell access to users, what kind of local security > hardening should I employ? Tips/Suggestions would be greatly > appreciated. man jail(8) or for less strenuous uses, chroot(8) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 4 14:44:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FBF237B401 for ; Sat, 4 Jan 2003 14:44:14 -0800 (PST) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DECC43E4A for ; Sat, 4 Jan 2003 14:44:13 -0800 (PST) (envelope-from timothy@voidnet.com) Received: from repose (12-210-146-224.client.attbi.com[12.210.146.224]) by sccrmhc02.attbi.com (sccrmhc02) with SMTP id <20030104224412002000g24ee>; Sat, 4 Jan 2003 22:44:12 +0000 Content-Type: text/plain; charset="us-ascii" From: Eric Timme To: freebsd-security@freebsd.org Subject: solutions for monitoring remote apache logs? Date: Sat, 4 Jan 2003 16:44:10 -0600 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200301041644.10412.timothy@voidnet.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd like to keep track of stuff that happens with my webserver and was=20 wondering of anyone could lend some input as to the solution they use? I= t is=20 just a small LAN, so the server serves a very small amount of webpages, s= o=20 I'd like to keep track of specific IPs and the files they access as well = as=20 times, but god, right now with the default configuration in place I have = hit=20 after hit from code red, nimda, etc, such that any real hits get drowned = out. Is it possible to just ignore all the IIS garbage via Apache, so it never= hits=20 the logs, and if so, how? Also, are there any good solutions for rotating apache logs and emailing = the=20 IIS free logs to myself? The only way to do this I can think of would be= to=20 modify newsyslog to rotate them, and somehow include them in what daily s= ends=20 to me. Please lend your input.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 4 15:37:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 852F637B401 for ; Sat, 4 Jan 2003 15:37:46 -0800 (PST) Received: from monster.schulte.org (monster.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id A196343EA9 for ; Sat, 4 Jan 2003 15:37:45 -0800 (PST) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by monster.schulte.org (Postfix) with ESMTP id 651231FB3B; Sat, 4 Jan 2003 17:37:39 -0600 (CST) Received: from thor.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by monster.schulte.org (Postfix) with ESMTP id 9309C1FB33; Sat, 4 Jan 2003 17:37:38 -0600 (CST) Message-Id: <5.2.0.9.2.20030104172538.065c3190@pop.schulte.org> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sat, 04 Jan 2003 17:36:15 -0600 To: Eric Timme , freebsd-security@FreeBSD.ORG From: Christopher Schulte Subject: Re: solutions for monitoring remote apache logs? In-Reply-To: <200301041644.10412.timothy@voidnet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre8 on monster.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 04:44 PM 1/4/2003 -0600, Eric Timme wrote: >Is it possible to just ignore all the IIS garbage via Apache, so it never >hits >the logs, and if so, how? This is clearly off-topic for -security. Please consider -questions or users@httpd.apache.org for future queries of this nature. Apache (v1.3 and v2) supports conditional logging. See the relevant DOCS for more information. For example: http://httpd.apache.org/docs/logs.html#conditional PS: can we have the updated charter from 2002-10-15 placed on the mailinglists webpage in the handbook? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL C.1.3 -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message