Reprinted in full with permission of SecurityFocus
- FRONT AND CENTER
- An Introduction to Viruses and Malicious Code, Part Three:
Detecting and Resolving Virus Infections
- A Comparison of iptables Automation Tools
- Know Your Enemy: Honeynets
- A Newbie's Guide to Qmail: a step-by-step guide to downloading,
compiling and installing Qmail
- LINUX VULNERABILITY SUMMARY
- Multiple Vendor routed traceon Vulnerability
- KFM Insecure TMP File Creation Vulnerability
- LINUX FOCUS LIST SUMMARY
- blocking access (Thread)
- Mail Server troubles. (Thread)
- ipchains vs. iptables (Thread)
- Netfilter stateful inspection doubts (Thread)
- SecurityFocus.com Linux Newsletter #25 (Thread)
- Tracking down possible Trinoo_Master hack.. (Thread)
- NEW PRODUCTS FOR LINUX PLATFORM
- PakSecured Linux
- PakSecured Firewall
- NEW TOOLS FOR LINUX PLATFORMS
- Blaster Scan 2.2
- Automatic Security v2.1
- Astaro Security Linux 1.807
- LanKiller v1.0
- SUBSCRIBE/UNSUBSCRIBE INFORMATION
- FRONT AND CENTER
- -------------------
- An Introduction to Viruses and Malicious Code, Part Three:
Detecting and Resolving Virus Infections
No matter how vigilant you are or how many precautions you take, there are
circumstances that can allow a virus infection to occur on your computer
or network. What can you do? In this article, the third and final
installment of Brad Griffin's series looking at viruses and other
malicious code, we will take a step-by-step approach in identifying and
eradicating a virus infection. As well, we will look at a real-life
example of removing a worm from an infected system.
http://www.securityfocus.com/focus/basics/articles/malintro3.html
- A Comparison of iptables Automation Tools
Over the past several years, the use of Linux as a firewall platform has
grown significantly. Linux firewalling code has come a long way since the
time ipfwadm was introduced in kernel 1.2. This article will look at IP
firewalling code in Linux kernel and its configuration via various
interfaces such as GUIs or scripts (written in shell scripting language,
Perl or special configuration language.) Specifically, this article will
offer a brief overview of the means of configuring iptables, and will
offer a brief review of some tools that have been developed to automate
the configuration of iptables.
http://www.securityfocus.com/focus/linux/articles/iptables.html
- Know Your Enemy: Honeynets
For several years the Honeynet Project has been developing the Know Your
Enemy series, which is dedicated to the tools, tactics and motives of the
blackhat community. This article is the latest in the series. Instead of
focusing on blackhats, this paper focuses on Honeynets, specifically: what
a Honeynet is, its value, how to build one and the risks and issues
involved.
http://www.securityfocus.com/focus/ids/articles/kye/honeynet.html
- A Newbie's Guide to Qmail: a step-by-step guide to downloading,
compiling and installing Qmail
This paper by Jay Dyson offers a brief overview of Qmail: what Qmail is,
some of the benefits it offers, prerequisites to the installation of
Qmail, and installation and operation procedures. Additionally, the
articles offers a variety of scripts and other resources to aid in the
installation and operation of Qmail.
http://www.securityfocus.com/templates/forum_message.html?forum=2&head=5
418&id=5418
- BUGTRAQ SUMMARY
- -------------------
- Multiple Vendor routed traceon Vulnerability
BugTraq ID: 2658
Remote: Yes
Date Published: 1998-10-21
Relevant URL:
http://www.securityfocus.com/bid/2658
Summary:
routed is a daemon used to dynamically update network routing tables.
Certain operating systems (including IRIX 3.x up to 6.4 inclusive, Caldera
OpenLinux 1.0 and 1.1) contain a routed version which allows an attacker
to append certain logging data to arbitrary files on the host machine with
root privileges.
routed communicates with other network components via the Routing
Information Protocol (RIPv1 - RFC1058, RIPv2 - RFC1723). This protocol
implements certain commands which can be sent via UDP packets to the
routed service, normally residing on UDP port 520. One of these commands
(listed as obsolete in RFC1058) is "traceon" which turns on certain
debugging features. When this command is passed in conjunction with a
"trace file" name, via RIP to a vulnerable version of routed, certain
trace / debugging information is appended to this file, regardless of
ownership and properties. The file specified for logging this function
could therefore include /dev files, and various other important system
files, and could result in denial of service or data loss when used by an
attacker. An attacker would likely have to spoof the source address in
order to exploit this vulnerability.
- KFM Insecure TMP File Creation Vulnerability
BugTraq ID: 2629
Remote: No
Date Published: 2001-04-18
Relevant URL:
http://www.securityfocus.com/bid/2629
Summary:
KFM is the KDE File Manager, included with version 1 of the KDE base
package in most Linux installations. KFM is designed as a graphical,
easily navigated interface to the Linux Filesystem.
A problem in the KFM package could make it possible for local users to
overwrite any file owned by a user of KFM. This is due to insufficient
checking of previously existing temporary files and directories by the KFM
package.
Upon execution, KFM creates a temporary directory in which to cache
content. This temporary directory is created using a name consisting of
kfm-cache-. An example would be a user with an id of 1000. The
directory would be created using the name kfm-cache-1000. This directory
usually caches a set of predictable files.
KFM does not safely check for the existance of this directory prior to
using it, and upon needing to use one of the predicted files in the
directory, will attempt to place output into the previously made symbolic
link, thus overwriting the contents of the linked file, resulting in data
corruption or loss of data entirely.
- LINUX FOCUS LIST SUMMARY
- ---------------------------------
- blocking access (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3d002001c0ce58$a4af2
700$0d01a8c0@poo
- Mail Server troubles. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3d20010425034605.S10
345@higherplane.net
- ipchains vs. iptables (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3d3AE58BB3.DFC2E209@
erasme.org
- Netfilter stateful inspection doubts (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3d004d01c0cc71$5ecc6
c40$112fd8c1@mahuja
- SecurityFocus.com Linux Newsletter #25 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3dPine.GSO.4.30.0104
231006150.7752-100000@mail
- Tracking down possible Trinoo_Master hack.. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2far
chive.pike%3flist%3d91%26date%3d2001-04-27%26thread%3dt1qu23j50yj.fsf@ke
rmit.wreck.org
- NEW PRODUCTS FOR LINUX PLATFORMS
- ----------------------------------------
- PakSecured Linux
by Paktronix Systems
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/products/1434
Summary:
PakSecured Linux is currently the only complete Policy Routing Operating
System with a broad computing platform base. Based on the Linux OS,
PakSecured Linux runs on all processor families capable of running the
Linux kernel. Policy Routing encompasses Quality of Service (QoS),
Advanced TCP/IP routing of IPv4 and IPv6, IPSec encryption and VPN
structures, Bandwidth Allocation and Traffic Shaping, and Address
Allocation features such as NAT and IP Masquerade. While these features
are available independently in various products, PakSecured Linux
implements the full range of Policy Routing. All of these features are
integrated into a hardened OS distribution designed to operate in hostile
network environments. PakSecured Linux has no desktop or user based
functionality and is specifically targeted at servers with a need for high
security, 24x7 uptime, and which are required to run without operator
intervention. Coupling these needs with the flexibility and power of a
complete Policy Routing structure puts PakSecured Linux into a unique
niche.
- PakSecured Firewall
by Paktronix Systems
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/products/1432
Summary:
Our secure firewall systems connect your networks to the Internet without
worry. The PakSecured Firewall can connect over ISDN, 56K-T1/E1 Frame
Relay/Dedicated, dial-on-demand, and any LAN interface supported under
Linux. We use full Policy Routing Security Structures along with the
standard IPChains/NetFilter stateful packet filtering code to provide full
data level protection for your networks. The advanced modular design of
the runtime firewall permits adding a wide array of enhancement functions
on the fly. Report Generators, Specialized Port Forwarders, and Proxy
Inspection Services are among the enhancements offered. Due to the
extensive customization possible under the modular setup we can design and
build an optimal solution for your specific scenario.
- NEW TOOLS FOR LINUX PLATFORMS
- ------------------------------------
- Blaster Scan
by polos
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/1891
Summary:
Blaster Scan is a TCP port scanner. It can extract users exploiting vrfy
or expn, check anonymous access on FTP, check brute force on FTP and POP3,
extract daemons' versions, and scan for CGI bugs. It also has a SYN port
scan, the ability to ping hosts to scan, and to do a subnet scan. This
version includes the options to save logs and extract users with finger
too.
- Automatic Security
by Holden Karau <holden@vv.carleton.ca>
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/2017
Summary:
Automatic Security is an expect script which tracks security notices on
securityfocus.com and will download and test new updates when they are
released. If your system is vunerable the script will notify you through
its log so that you can install the patch as soon as possible. Patching is
not automatic for safety reasons.
- Astaro Security Linux
by Astaro AG, info@astaro.de>
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/1831
Summary:
Astaro Security Linux is a new firewall solution. It does stateful
inspection, packet filtering, content filtering, virus scanning, VPN with
IPSec, and much more. With its Web-based management tool and the ability
to pull updates over the Internet, it it is pretty easy to manage. It is
based on a special hardened Linux 2.4 distribution where most daemons are
running in change-roots and are protected by capabilities.
- LanKiller
by Rogala Software
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/2015
Summary:
Lankiller is a simple libpcap and libnet based tool which demonstrates how
simple is to kill all TCP connections in a LAN network.It just sniffs
packets and sends spooffed RST packets back.
- SUBSCRIBE/UNSUBSCRIBE INFORMATION
- -------------------------------------
- How do I subscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE FOCUS-LINUX Lastname, Firstname
You will receive a confirmation request message to which you will have
to respond.
- How do I unsubscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE FOCUS-LINUX
If your email address has changed e-mail aleph1@securityfocus.com and I
will manually remove you.
- How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET FOCUS-LINUX NOMAIL
To turn back on e-mail delivery use the command:
SET FOCUS-LINUX MAIL
- Is the list available in a digest format?
Yes. The digest generated once a day.
- How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
an then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET FOCUS-LINUX DIGEST
- How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET FOCUS-LINUX NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
- I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send e-mail from
the appropiate address or e-mail the moderator to be unsubscribed
manually.