Send cobalt-users mailing list submissions to
cobalt-users@xxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://list.cobalt.com/mailman/listinfo/cobalt-users
or, via email, send a message with subject or body 'help' to
cobalt-users-request@xxxxxxxxxxxxxxx
You can reach the person managing the list at
cobalt-users-admin@xxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more
specific
than "Re: Contents of cobalt-users digest..."
Today's Topics:
1. Re: setting up secure admin panel - RaQ3 (Gerald Waugh)
2. RE: Re:Apache Chunked Vulnerability and Cobalt
servers (Paul Jacobs)
3. Re: Re:Apache Chunked Vulnerability and Cobalt
servers (Paul Jacobs)
4. Re: Re:Apache Chunked Vulnerability and Cobalt servers
(Gerald Waugh)
5. Networking startup scripts altered - tripwire (Cody
Watkins)
6. Re: Re:Apache Chunked Vulnerability and Cobalt
servers (Mailing Lists)
7. AllowChmod is deprecated (Patrick Agee)
8. Re: Networking startup scripts altered - tripwire (Rick
Ewart)
9. New Version of Security-2.0.1-13323.pkg ? (Michael
Gabriel)
10. Re: AllowChmod is deprecated (Gerald Waugh)
11. Re: Re:Apache Chunked Vulnerability and Cobalt servers
(Gerald Waugh)
12. RE: setting up secure admin panel - RaQ3 (Charlie
Summers)
13. Re: Re:Apache Chunked Vulnerability and Cobalt
servers (Mailing Lists)
14. Re: RE: setting up secure admin panel - RaQ3 (Mailing
Lists)
--__--__--
Message: 1
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: Front Street Networks LLC
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] setting up secure admin panel -
RaQ3
Date: Sat, 22 Jun 2002 12:46:34 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
On Saturday 22 June 2002 10:19 am, Simon Pierce wrote:
> So the fact that it drops from HTTPS to HTTP is okay?
NO! NO! NO! IT IS NOT OK
I made a mistake, you didn't actually state what the problem was
in your
orignial post, so I did not catch the fact that it dropped into
http....
did you try a different browser? To eliminat an issue with your
current
browser.
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site
Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203
--__--__--
Message: 2
Date: Sat, 22 Jun 2002 09:58:06 -0700
To: cobalt-users@xxxxxxxxxxxxxxx
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt
servers
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
At 11:11 AM 6/21/2002, you wrote:
>If you are interested in high-end security then you
>shouldn't use Linux at all. Use OpenBSD instead.
>Peter
Let's not start that holy war shall we....
> >Thanks, but I'd venture to bet that I might be a notch
> >higher on the security ladder than you may give me
> >credit for.. But nonetheless, I do own two of these
> >little jokers and I'm tired of dealing with
> >Cobalt/SUN's lack of communication and urgency when it
> >comes to security issues.. (we're just now getting GCC
> >and zlib updated on these boxes..? It's been three
> >months (or more) since those vulnerabilities were
> >announced..) I had them updated on my other machines
> >-1 day- after the vulnerabilities were announced, 1
> >short DAY..! But I'm _not_ about to go whacking on
> >little boy blue because he has this nasty habit of
> >going tits up when you go mucking with things under
> >the hood.. Esp if you still allow customers to use the
> >GUI's -which is the whole point of the "appliance"
> >thing to start with, isn't it.? I sure didn't buy
> >them (at top price $2800+ three years ago) for their
> >fine hardware specs.. Not even at that time..
> >
> >Little blue is only 2 of my entire fleet (I've sold
> >off the others), of which only one is used for
> >production and that's just because they make it easy
> >to offer ASP and FP to those users who _must_ have
> >those services (and I personally consider both
> >services a security risk and that's why I keep them
> >segregated from other users/machines).. I can then
> >easily accommodate those users without poising my
> >other Linux systems - Instead, I've spent the last
> >year deploying several hardened systems that left
> >these little boxes behind long ago... On my other
> >hardened systems, the focus is on;
> >
> >1 - Kernel security (2.4.18) as well as kernel ACL.
> >2 - OpenSSH/BIND/ProFTP run from chroot jail.
> >3 - Striped Linux libraries for better performance.
> >4 - GCC 3.1 for improved performance
> >5 - GLIBC 3.0.3
> >6 - And running IPTables which is so much better then
> >IPChains -but requires the 2.4 kernel.
> >
> >Trust me, I'm no little house wife doing this on the
> >side for a hobby... This is how I make my living and
> >put a roof over my head.. and have done so since '95..
> >
> >
> >> Actually, if you want to do something
> >> _productive,_ stop shaking trees (or
> >> fists) and ask politely if anything is being done to
> >> deal with this issue.
> >> Has anyone bothered to actually contact anyone at
> >> Sun and ask if there's
> >> anything in the works?
> >
> >Yes, several of us, as well as the guys from UK2 whom
> >have a whole fleet of RaQ3's (see notes from yesterday
> >morning on security list).. But sadly (typically)
> >Cobalt's reply was "we'll get back to you and let you
> >know.." -and yet we (and the masses) still sit here
> >waiting for the "official" word that the issue is even
> >being ack much less a release of the updated software
> >which truly wouldn't (shouldn't) take more than a day
> >to get out the door -even with good QT.. Instead, I
> >spent yesterday needlessly watching each (Cobalt) box
> >by the min to ensure it's not come under attack
> >(again)..
> >
> >When one is DoS'd by this little number (hell forget
> >the issue now of possible remote exploits that CERT
> >claims is in the wild) - but when one is DoS'd you'll
> >find _nothing_ in any of the logs pointing to the
> >attacker. The only thing you'll find is one line in
> >the error log noting a parent/child segment fault
> >-then the box (and all it's services) dies a slow
> >death over the next 5-10 mins.. The only solution is a
> >simply reboot.. But I'm not real keen on having to sit
> >and watch my boxes 24/7 and reboot them every time
> >some ghoul wants to post some chunked data against
> >Apache esp when there's a fix available from most all
> >other vendors except Cobalt/SUN...
> >
> >> Or are we all too busy
> >> running around in little
> >> circles bemoaning how unfair life is?
> >
> >Please, save it for someone else.. I'm going to go
> >ahead and give the upgrade a spin on the _non_
> >production box this eve, which I know I can perform on
> >any other box, just not confident on doing so on
> >little blue without blowing out the GUI.. But seeing
> >how we've yet to even have _confirmation_ of the issue
> >and/or a fix is in the works from Cobalt/SUN, I guess
> >those of us seriously concerned (and/or previously
> >effected) have no other choice but to bit the bullet
> >and give it a spin...
> >
> >I think the time has come to setup another (hardened)
> >Linux box and deploy ASP/FP on it, so I can finally
> >chuck little blue on E-Bay once and for all - would
> >you possibly be interested..? I'll seriously sell it
> >to you after (around) the first of Aug/Sep -after I've
> >had time to deploy another system and get my current
> >users migrated over to the real thing.. because these
> >two little blue boxes are def heading for E-Bay.. I
> >don't have any more time to spare sitting around
> >playing with Cobalt/SUN any-longer.. Nor can I sadly
> >say that the last three years was a good ride.. It
> >wasn't..
> >
> >Cheers!
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Yahoo! - Official partner of 2002 FIFA World Cup
> >http://fifaworldcup.yahoo.com
> >
> >_______________________________________________
> >cobalt-users mailing list
> >cobalt-users@xxxxxxxxxxxxxxx
> >To Subscribe or Unsubscribe, please go to:
> >http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> >
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
--__--__--
Message: 3
Date: Sat, 22 Jun 2002 10:01:25 -0700
To: cobalt-users@xxxxxxxxxxxxxxx
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt
servers
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
At 11:41 AM 6/21/2002, you wrote:
>At 1:26 PM -0400 6/21/02, Chad is rumored to have typed:
>
> > Thanks, but I'd venture to bet that I might be a notch
> > higher on the security ladder than you may give me
> > credit for..
>
> You'd have to be. The only thing I give you credit for is
portraying
>Chicken Little.
>
> > I think the time has come to setup another (hardened)
> > Linux box and deploy ASP/FP on it, so I can finally
> > chuck little blue on E-Bay once and for all - would
> > you possibly be interested..?
>
> Hardly...I'm quite particular about with whom I do
business.
Hey, I can speak to that!..... you are a stubborn on fart :)
Is your picture on the slam dunk site at
http://www.haggis.nl/~duiker/album.html mine is.
> Can I take it to mean that you will no longer be a
subscriber to this list
>espousing that Cobalts are bad without adding anything
_helpful_ to the
>discussion? Perhaps you and Paul can get together and start
your own
>Cobalt-bashing list, leaving this one to those of us who prefer
to _solve_
>problems instead of griping about them?
>
> Charlie Summers (who only posts messages once to the
list, and won't
> waste time posting to you again at
all)
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
--__--__--
Message: 4
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: Front Street Networks LLC
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt servers
Date: Sat, 22 Jun 2002 13:15:12 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
On Saturday 22 June 2002 12:58 pm, Paul Jacobs wrote:
> At 11:11 AM 6/21/2002, you wrote:
> >If you are interested in high-end security then you
> >shouldn't use Linux at all. Use OpenBSD instead.
> >Peter
>
> Let's not start that holy war shall we....
Let's *trim* our responses shall we.... ;-)
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site
Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203
--__--__--
Message: 5
Date: Sat, 22 Jun 2002 10:17:16 -0700
From: Cody Watkins <codyw@xxxxxxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Networking startup scripts altered -
tripwire
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Hi all,
Another question.
Tripwire alerted me yesterday morning that the following files
checksums
were altered.
The files were:
"/etc/rc.d/rc3.d"
"/etc/rc.d/rc3.d/K05cobalt-networker"
"/etc/rc.d/rc3.d/S55named"
"/etc/rc.d/rc4.d"
"/etc/rc.d/rc4.d/K05cobalt-networker"
"/etc/rc.d/rc4.d/S55named"
"/etc/rc.d/rc5.d"
"/etc/rc.d/rc5.d/K05cobalt-networker"
"/etc/rc.d/rc5.d/S55named"
(all symlinks?)
What could cause these to be altered? Haven't restarted this RaQ4
for 77
days, and no patches installed yesterday, or the day before. The
only thing
i might have done is restart the tivoli backup scheduler which is
used for
backing the server up.
Any help would be appreciated.
Thanks!
Cody Watkins
--__--__--
Message: 6
Date: Sat, 22 Jun 2002 12:18:36 -0500
Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt
servers
From: Mailing Lists <listonly@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
on 6-21-02 11:59 AM, Steve Bassi stated:
>
>> Of course, you always have the option of installing 1.3.26
on your
>> Cobalts, if you'd like. Your GUI will likely break, but hey,
let us know
> how
>> it goes. I'll risk a DoS on this waiting for a security
patch, thanks.
>>
>
> I have put notes up for upgrading on a RAQ 3 and confirm that
the GUI works
> fine .. and does not break.
>
> http://camelbackup.com/
>
>
> Bassi
Steve or Gerald,
If we have php running, been a while since I have done any apache
building,
will I have to recompile php? Or just backup the .so and reinsert
the .php
stuff. Sorry for the lame question.
Dave
--__--__--
Message: 7
From: "Patrick Agee" <pagee@xxxxxxxxxxxxxx>
To: "Cobalt-Users" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Sat, 22 Jun 2002 13:32:47 -0400
Subject: [cobalt-users] AllowChmod is deprecated
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Since installing the latest update from Sun/Cobalt Security
Bundle 4.0.1
"RaQ2-All-Security-4.0.1-13323.pkg" I have been receiving the
errors below
from LogCheck. Not sure what the update did. It showed Install
Successful.
This is on a RaQ2. As I have LogCheck setup to email me with
problems every
hour, I have been receiving the errors below every hour. They
occur usually
every minute or so.
Any help or pointers appreciated.
Jun 22 12:00:26 servername proftpd[14179]: AllowChmod is
deprecated, and
will not work consistantly, use <Limit SITE_CHMOD> instead.
Jun 22 12:00:36 servername proftpd[14208]: AllowChmod is
deprecated, and
will not work consistantly, use <Limit SITE_CHMOD> instead.
Jun 22 12:01:26 servername proftpd[14256]: AllowChmod is
deprecated, and
will not work consistantly, use <Limit SITE_CHMOD> instead.
Jun 22 12:02:31 servername proftpd[14273]: AllowChmod is
deprecated, and
will not work consistantly, use <Limit SITE_CHMOD> instead.
Patrick Agee
pagee@xxxxxxxxxxxxxx
--__--__--
Message: 8
From: "Rick Ewart" <cobalt@xxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-users] Networking startup scripts altered -
tripwire
Date: Sat, 22 Jun 2002 13:38:41 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
If I call correctly, I saw these kick in when I fired up my ASP
admin server
(or added ASP to a site). Cannot really remember which, but it
seemed
triggered by that.... Any chance you did some thing like that?
HTH...
Rick
----- Original Message -----
From: "Cody Watkins" <codyw@xxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Saturday, June 22, 2002 1:17 PM
Subject: [cobalt-users] Networking startup scripts altered -
tripwire
> Hi all,
>
> Another question.
>
> Tripwire alerted me yesterday morning that the following files
checksums
> were altered.
>
> The files were:
> "/etc/rc.d/rc3.d"
> "/etc/rc.d/rc3.d/K05cobalt-networker"
> "/etc/rc.d/rc3.d/S55named"
> "/etc/rc.d/rc4.d"
> "/etc/rc.d/rc4.d/K05cobalt-networker"
> "/etc/rc.d/rc4.d/S55named"
> "/etc/rc.d/rc5.d"
> "/etc/rc.d/rc5.d/K05cobalt-networker"
> "/etc/rc.d/rc5.d/S55named"
>
> (all symlinks?)
>
> What could cause these to be altered? Haven't restarted this
RaQ4 for 77
> days, and no patches installed yesterday, or the day before.
The only
thing
> i might have done is restart the tivoli backup scheduler which
is used for
> backing the server up.
>
> Any help would be appreciated.
>
> Thanks!
>
> Cody Watkins
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
--__--__--
Message: 9
Date: Sat, 22 Jun 2002 19:42:54 +0200
From: Michael Gabriel <mgabriel@xxxxxxxxxxx>
Organization: geekworx
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] New Version of Security-2.0.1-13323.pkg
?
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Will Sun release a new version of Security-2.0.1-13323.pkg or do
we have
to apply it and fix things manually ?
--__--__--
Message: 10
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: Front Street Networks LLC
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] AllowChmod is deprecated
Date: Sat, 22 Jun 2002 13:42:33 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
On Saturday 22 June 2002 01:32 pm, Patrick Agee wrote:
> Since installing the latest update from Sun/Cobalt Security
Bundle 4.0.1
> "RaQ2-All-Security-4.0.1-13323.pkg" I have been receiving the
errors below
> from LogCheck. Not sure what the update did. It showed Install
Successful.
> This is on a RaQ2. As I have LogCheck setup to email me with
problems every
> hour, I have been receiving the errors below every hour. They
occur usually
> every minute or so.
>
> Any help or pointers appreciated.
>
Where have you been? Do you read this list? ;-)
edit /etc/proftpd.conf
find the <Global> Section
Delete the line containing AllowChmod
add these lines
<Limit SITE_CHMOD>
AllowAll
</Limit>
save and thats it....
No need to restart any services
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site
Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203
--__--__--
Message: 11
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: Front Street Networks LLC
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt servers
Date: Sat, 22 Jun 2002 13:50:26 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
On Saturday 22 June 2002 01:18 pm, Mailing Lists wrote:
>
> If we have php running, been a while since I have done any
apache building,
> will I have to recompile php? Or just backup the .so and
reinsert the .php
> stuff. Sorry for the lame question.
>
Not answering for Steve, but
if you are running PHP or FrontPage extensions, I would be very
careful....
I think you have it correct, about backup and reinsert, but you
are "on your
own"
I really think the coblat/sun is going to come out with a patch
momentarily
(don't hold thy breath) But They HAVE to do something and SOON
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site
Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203
785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203
--__--__--
Message: 12
Date: Sat, 22 Jun 2002 13:56:12 -0400
To: <cobalt-users@xxxxxxxxxxxxxxx>
From: Charlie Summers <charlie@xxxxxxxxxx>
Subject: [cobalt-users] RE: setting up secure admin panel -
RaQ3
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
At 10:59 AM -0400 6/22/02, Gavin Nelmes-Crocker is rumored to
have typed:
> Are you doing this on a Mac by any chance as I have seen IE on
a Mac
> doesn't like self signed certs and behaves oddly but on a PC
it should
> work ok
Netscape stumbles over self-signed certs, too, at least the
4.x versions;
pages take for-friggin'-ever to load. The only Mac browser I've
found that
handles them well is Opera.
Charlie
--__--__--
Message: 13
Date: Sat, 22 Jun 2002 13:06:21 -0500
Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and
Cobalt
servers
From: Mailing Lists <listonly@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
on 6-22-02 12:50 PM, Gerald Waugh stated:
> On Saturday 22 June 2002 01:18 pm, Mailing Lists wrote:
>>
>> If we have php running, been a while since I have done any
apache building,
>> will I have to recompile php? Or just backup the .so and
reinsert the .php
>> stuff. Sorry for the lame question.
>>
>
> Not answering for Steve, but
> if you are running PHP or FrontPage extensions, I would be
very careful....
> I think you have it correct, about backup and reinsert, but
you are "on your
> own"
>
> I really think the coblat/sun is going to come out with a
patch momentarily
> (don't hold thy breath) But They HAVE to do something and
SOON
I guess I can wait a bit for the Maytag repair men to get that
out, my
wonder is, will they allow for the fact that some of us have php
running on
Raq3's? Will they allow for that. Almost all of the sites we run
are php.
Dave
--__--__--
Message: 14
Date: Sat, 22 Jun 2002 13:08:39 -0500
Subject: Re: [cobalt-users] RE: setting up secure admin panel -
RaQ3
From: Mailing Lists <listonly@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
on 6-22-02 12:56 PM, Charlie Summers stated:
> At 10:59 AM -0400 6/22/02, Gavin Nelmes-Crocker is rumored to
have typed:
>
>> Are you doing this on a Mac by any chance as I have seen IE
on a Mac
>> doesn't like self signed certs and behaves oddly but on a PC
it should
>> work ok
>
> Netscape stumbles over self-signed certs, too, at least the
4.x versions;
> pages take for-friggin'-ever to load. The only Mac browser
I've found that
> handles them well is Opera.
>
I found that Netscape worked best for our Mac's, but you are
right, for ever
to load. Using a PC to access for us, has been the best choice
using IE,
just tell the pop-up to add it to your trusted list.
Dave
--__--__--
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users
End of cobalt-users Digest