[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Cube3 DNS problem
- Subject: Re: [cobalt-users] Cube3 DNS problem
- From: Christopher Jay Manders <Chris.Manders@xxxxxxxxxxxxxxxx>
- Date: Thu Sep 27 04:09:03 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Steve,
> [admin admin]$ mail cobalt@xxxxxx
> Subject: Test
> test
> Cc:
> [admin admin]$ cobalt@xxxxxxxxx User unknown
> /home/sites/home/users/admin/dead.letter... Saved message in
> /home/sites/home/users/admin/dead.letter
>
This might be due to sendmail thinking that the machine is to accept mail for
the domain name, but the username is (obviously) not on the localhost. You can
change that by editing your sendmail.cf file and uncommenting the Dj$w.foo.com
line and changing it to be the complete FQDN name of the host (like wow.foo.com)
and restarting sendmail. Also, make sure the domain name only is not listed in
the sendmail.cw (or localhostnames) file. Instead, it is best to have only the
FQDN name in there, if anything at all.
That will force the machine to look for the MX record on the net, or the DNS
resolvable domain name A record.
>
> This is really weird.
>
> AND NOW A DUMB QUESTION
> I know I have to switch off TELNET and install SSH, but I have not any clues
> about the whole picture - what exactly do I need to do
Edit /etc/inetd.conf and put a # in fromnt of the telnetd line and do a 'killall
-HUP inetd'
> - I'm fairly sure
> that I can D/L and install the SSH package from the cobalt site, but what
> else do I need to do to complete securing my servers?
>
Anything unused in /etc/inetd.conf can be #ed out and inetd restarted.
Also, I would add lines to /etc/hosts.allow and deny. See TCP Wrappers to see
the options there are alot of cool tricks to use there, if you want data on
people probing you...
portsentry is a good package to do something for notifying you of probes, etc.
tripwire is a good thing to do BEFORE it is ever on the Internet, assuring you
have a nice clean database.
See www.SANS.org for more, or www.cert.org.
I hope these help.
Cheers!
Christopher
>
> Can anyone point me in the right direction.
>
> best regards
> Steve
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
> Sent: 25 September 2001 00:25
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Cube3 DNS problem
>
> I assume you have your DNS fixed!
> I did 'dig' on www.mep.ch, mep.ch, and mail.mep.ch and they show NOERROR
> I did http on mep.ch and www.mep.ch and they work.
> THEN!
> I did telnet mep.ch and it worked.
> I did telenet mep.ch 25 and it worked.
> So, it's obvious that by now your Qube3 is HACKED!
> For crying-out-loud PLEASE install SSH and turn telnet OFF!
>
> Gerald
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users