LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: October 14th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for mason, cpio, dia, masqmail, shorewall, tcpdump, openvpn, up-imapproxy, ethereal, weex, py2play, graphviz, xloadimage, xli, xine-lib, hylafax, Ruby, SVG, hexlix player, uw-imap, openssl, thunderbird, binutils, and libuser. The distributors include Debian, Gentoo, and Red Hat.


EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information

LEARN MORE:
http://www.guardiandigital.com/products/software/community/esl.html


System Accounting
Dave Wreski

It is very important that the information that comes from syslog not be compromised. Making the files in /var/log readable and writable by only a limited number of users is a good start.

Be sure to keep an eye on what gets written there, especially under the auth facility. Multiple login failures, for example, can indicate an attempted break-in.

Where to look for your log file will depend on your distribution. In a Linux system that conforms to the "Linux Filesystem Standard", such as Red Hat, you will want to look in /var/log and check messages, mail.log, and others.

You can find out where your distribution is logging to by looking at your /etc/syslog.conf file. This is the file that tells syslogd (the system logging daemon) where to log various messages.

You might also want to configure your log-rotating script or daemon to keep logs around longer so you have time to examine them. Take a look at the logrotate package on recent Red Hat distributions. Other distributions likely have a similar process.

If your log files have been tampered with, see if you can determine when the tampering started, and what sort of things appeared to be tampered with. Are there large periods of time that cannot be accounted for? Checking backup tapes (if you have any) for untampered log files is a good idea.

Intruders typically modify log files in order to cover their tracks, but they should still be checked for strange happenings. You may notice the intruder attempting to gain entrance, or exploit a program in order to obtain the root account. You might see log entries before the intruder has time to modify them.

You should also be sure to separate the auth facility from other log data, including attempts to switch users using su, login attempts, and other user accounting information.

If possible, configure syslog to send a copy of the most important data to a secure system. This will prevent an intruder from covering his tracks by deleting his login/su/ftp/etc attempts. See the syslog.conf man page, and refer to the @ option.

Finally, log files are much less useful when no one is reading them. Take some time out every once in a while to look over your log files, and get a feeling for what they look like on a normal day. Knowing this can help make unusual things stand out.

Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New mason packages fix missing init script
  6th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120537
 
  Debian: New cpio packages fix several vulnerabilities
  7th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120548
 
  Debian: New dia packages fix arbitrary code execution
  8th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120550
 
  Debian: New masqmail packages fix several vulnerabilities
  8th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120551
 
  Debian: New shorewall packages fix firewall bypass
  8th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120552
 
  Debian: New tcpdump packages fix denial of service
  9th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120555
 
  Debian: New openvpn packages fix denial of service
  9th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120556
 
  Debian: New up-imapproxy packages fix arbitrary code execution
  9th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120557
 
  Debian: New ethereal packages fix several vulnerabilities
  9th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120558
 
  Debian: New tcpdump packages fix denial of service
  9th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120559
 
  Debian: New weex packages fix arbitrary code execution
  10th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120561
 
  Debian: New py2play packages fix arbitrary code execution
  10th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120562
 
  Debian: New graphviz packages fix insecure temporary file
  10th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120563
 
  Debian: New xloadimage packages fix arbitrary code execution
  10th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120568
 
  Debian: New xli packages fix arbitrary code execution
  10th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120570
 
  Debian: New Ruby packages fix safety bypass
  11th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120571
 
  Debian: New uw-imap packages fix arbitrary code execution
  11th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120572
 
  Debian: New Ruby 1.6 packages fix safety bypass
  11th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120573
 
  Debian: New xine-lib packages fix arbitrary code execution
  12th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120583
 
  Debian: New Ruby 1.8 packages fix safety bypass
  13th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120589
 
  Debian: New hylafax packages fix insecure temporary files
  13th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120590
 
   Gentoo
  Gentoo: Ruby Security bypass vulnerability
  6th, October, 2005

Ruby is vulnerable to a security bypass of the safe level mechanism.

http://www.linuxsecurity.com/content/view/120539
 
  Gentoo: Dia Arbitrary code execution through SVG import
  6th, October, 2005

Improperly sanitised data in Dia allows remote attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120540
 
  Gentoo: RealPlayer, Helix Player Format string vulnerability
  7th, October, 2005

RealPlayer and Helix Player are vulnerable to a format string vulnerability resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120549
 
  Gentoo: xine-lib Format string vulnerability
  8th, October, 2005

xine-lib contains a format string error in CDDB response handling that may be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120553
 
  Gentoo: Weex Format string vulnerability
  8th, October, 2005

Weex contains a format string error that may be exploited by malicious servers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120554
 
  Gentoo: uw-imap Remote buffer overflow
  11th, October, 2005

uw-imap is vulnerable to remote overflow of a buffer in the IMAP server leading to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120575
 
  Gentoo: OpenSSL SSL 2.0 protocol rollback
  12th, October, 2005

When using a specific option, OpenSSL can be forced to fallback to the less secure SSL 2.0 protocol.

http://www.linuxsecurity.com/content/view/120586
 
   Red Hat
  RedHat: Important: thunderbird security update
  6th, October, 2005

An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120541
 
  RedHat: Low: binutils security update
  11th, October, 2005

An updated binutils package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120578
 
  RedHat: Low: libuser security update
  11th, October, 2005

Updated libuser packages that fix various security issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120579
 
  RedHat: Moderate: util-linux and mount security update
  11th, October, 2005

Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120580
 
  RedHat: Moderate: ruby security update
  11th, October, 2005

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120581
 
  RedHat: Moderate: openssl security update
  11th, October, 2005

Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120582
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.