[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Webalyser
- Subject: Re: [cobalt-users] Webalyser
- From: Larry Smith <lesmith@xxxxxxxxx>
- Date: Mon Dec 16 11:05:57 2002
- Organization: ECSIS.NET
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
OK, short answer to the long problem:
Leave /usr/lib/authenticate alone (leave mode settings)
and CHANGE /usr/bin/gcc to mode 222 (read only all)
This means that the compiler will no longer work - so you need to remember
this when doing any installs, etc, but can easily change the mode to execute,
run the install/whatever, then change the mode back. If the script cannot
compile, it cannot work - and the same applies to many, many of the rootkits
and script kiddys. I have used this technique for many years to "foil" the
scripters. Just make a habit of changing cc/gcc back whenever you actually
"work" on the box.
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx
INRE Re: [cobalt-users] Webalyser:
> Sorry for the top post, but seems as if no one is reading my post..
>
> Go search for what I've posted in November, I do believe there is an answer
> to your problem, but not a fix... Has something to do with
> "/usr/lib/authenticate"...
>
> Go to that link and see if you can figure out more then me.. All I know is
> I remove the setuid bit and it doesn't work, I add it back in and it works
> but makes box vulnerable to raqfuck...
>
> Here is the link from my November post:
> http://list.cobalt.com/pipermail/cobalt-users/2002-November/081974.html
>
> BTW, to work around the prob, I just edited the webalizer.pl file and had
> it remove the .htaccess files, so the stats are just wide open (no
> name/pass required to view), but nothing bad in there, right?
>
> -Jamie-
> http://w-c.net
> WebConnection.Net, Inc.
> In a mad world, only the mad are sane...
>
>
> ----- Original Message -----
> From: "Andy Jacobs"
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Monday, December 16, 2002 1:44 PM
> Subject: RE: [cobalt-users] Webalyser
>
> > > -----Original Message-----
> > > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Brian N. Smith
> > > Sent: 15 December 2002 23:49
> > > To: cobalt-users@xxxxxxxxxxxxxxx
> > > Subject: Re: [cobalt-users] Webalyser
> > >
> > > > Anyone got any more ideas? I have no idea why this has happened.
> > > >
> > > > Andy
> > > > ---
> > >
> > > rm -f /home/sites/*/web/stats/.htaccess
> > > /etc/cron.daily/webalizer.pl
> > >
> > > Give that a try.
> >
> > Tried that but after running webalizer.pl I'm back to the same point with
> > the user/password being rejected.
> >
> > Cheers
> >
> > Andy
> > ---
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users