From: herauthon <her...@gm...> - 2009-01-28 17:14:33
|
Kerry, *sol* > using symlinks to add more space *sol* > adding an extra disk which holds system files *Your answered all of my questions and i have one to add.* *what about an option at install to choose* 1. normal logpart size 2. 80% logpart size (adding the 20% to /usr/local or /var/ipcop ) (is it a mal-practise?) What do you think about this? Sincerely, 2009/1/13 <ipc...@li...> > Send IPCop-user mailing list submissions to > ipc...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/ipcop-user > or, via email, send a message with subject or body 'help' to > ipc...@li... > > You can reach the person managing the list at > ipc...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of IPCop-user digest..." > > > Today's Topics: > > 1. Re: malware taking data - PC Flank (David Taylor) > 2. Re: logpartition size (Kerry Erb) > 3. Re: malware taking data - PC Flank (George) > 4. Re: logpartition size (G.W. Haywood) > 5. Re: malware taking data - PC Flank (John Edwards) > 6. Re: malware taking data - PC Flank (Rainer Zocholl) > 7. Re: 1.4.21 mkflash System, Backup Sets Not Being Filled In (Olaf) > 8. Re: 1.4.21 mkflash System, Backup Sets Not Being Filled In > (Harry Goldschmitt) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 12 Jan 2009 19:06:27 +1300 > From: David Taylor <dav...@pa...> > Subject: Re: [IPCop-user] malware taking data - PC Flank > To: ipc...@li... > Message-ID: <93E95C00C9644C7EBF44318F935155FE@bigfrank07> > Content-Type: text/plain; charset=us-ascii > > John Michaels wrote: > > Recently when wandering around the Internet, I came across the > > website - PC Flank (http://www.pcflank.com/) which apparently tested > > firewalls. > > > > One test in particular caught me eye : to see if malware could > > download information from my machine without the firewall stopping > > it. You supplied a message and it tried to get it out. > > > > I tried the test and IPCop failed to stop the pseudo-attack. > > > > Is there any way of patching IPCop to prevent a real attack of this > > form? > > > > Thanks > > You mean their "Leaktest"? > IPCop does not do outbound. That is something done on the actual computer > you are using. > Your pc wanted to get onto the net and send stuff. IPCop is made to stop > attacks from Red to Green, not information going from Green to Red, which > is > what the leaktest.exe does, so the leaktest "failed" because IPCop is not > made to stop this kind of information at all. Your PC started the > conversation, so it is allowed... > IPCop is working as designed. > > -- > Dave Taylor > > > > > ------------------------------ > > Message: 2 > Date: Mon, 12 Jan 2009 00:14:12 -0600 (CST) > From: "Kerry Erb" <ke...@ke...> > Subject: Re: [IPCop-user] logpartition size > To: her...@gm... > Cc: ipc...@li... > Message-ID: <754...@ke...> > Content-Type: text/plain;charset=iso-8859-1 > > On Sun, January 11, 2009 20:08, herauthon wrote: > > Dear Enlisted and fanatics, > > > > I am using IPCop quite some time now > > Since version 1.4.0 > > Good! > > > > > So, now its time to add some options > > and features and therefor i have this > > question. > > What addons or features are you considering? > > > > Is it possible to reduce the size > > of the LOG partition a bit > > so more is available for installed > > features. > > Not unless you do a full backup of the system, repartition manually, then > restore from the backup > <or> > an easier way may be to use symbolic links to the log partition. I have > done this in order to us the Update Accelerator addon on some boxes. You > may have to modify the httpd.conf file to allow for symbolic links, > depending on what you want to do. > <or> > If you have a spare disk drive, you can partition and format it and mount > it into an existing filesystem or copy files and use it to replace one of > the other mountpoints. > > Some work is required in any case. > > > > > And - actually Question II > > - is there an addon > > package called IPCOP > > that will convert an existing > > Linux BOX into an IPCop box? > > Yes, it is called IPCOP and it installed from CD and will completely > replace (or convert) whatever OS is on the box with IPCOP. > (I'm pulling my tongue from my cheek now) > > > * i am aware of the security > > implications - i assume that > > the installer will remove all > > items unwanted for the service. > > I think you are asking if there is a "package" that will install that can > be added to an existing distribution that will do what IPCOP does. Most > will agree that this is not a good idea for a firewall since the other > packages etc on the distribution provide a larger attack surface that > cannot necessarily be controlled by IPCOP, not to mention other conflicts > and stability issues. > > Of course, most of what IPCOP does can be done on most Linux distributions > using iptables, squid, dnsmasq etc. > > Keeping out of the security debate regarding all-in-one boxes, there are > varying functional degrees of distros out there. Do some research on them > and see which ones meet all or most of your needs. > > http://en.wikipedia.org/wiki/List_of_Linux_router_or_firewall_distributions > > > > > thank u for your time > > > > > Kerry > > > > > > ------------------------------ > > Message: 3 > Date: Mon, 12 Jan 2009 07:58:00 +0000 > From: George <cap...@gm...> > Subject: Re: [IPCop-user] malware taking data - PC Flank > To: ipc...@li... > Message-ID: <200...@gm...> > Content-Type: text/plain; charset="iso-8859-1" > > On Monday 12 January 2009 06:06:27 David Taylor wrote: > > John Michaels wrote: > > > Recently when wandering around the Internet, I came across the > > > website - PC Flank (http://www.pcflank.com/) which apparently tested > > > firewalls. > > > > > > One test in particular caught me eye : to see if malware could > > > download information from my machine without the firewall stopping > > > it. You supplied a message and it tried to get it out. > > > > > > I tried the test and IPCop failed to stop the pseudo-attack. > > > > > > Is there any way of patching IPCop to prevent a real attack of this > > > form? > > > > > > Thanks > > > > You mean their "Leaktest"? > > IPCop does not do outbound. That is something done on the actual > computer > > you are using. > > Your pc wanted to get onto the net and send stuff. IPCop is made to stop > > attacks from Red to Green, not information going from Green to Red, which > > is what the leaktest.exe does, so the leaktest "failed" because IPCop is > > not made to stop this kind of information at all. Your PC started the > > conversation, so it is allowed... > > IPCop is working as designed. > > > > Malware is not the province of IPCop but your ant-virus regime. > > -- > Geo > > > > ------------------------------ > > Message: 4 > Date: Mon, 12 Jan 2009 09:17:57 +0000 (GMT) > From: "G.W. Haywood" <ge...@ju...> > Subject: Re: [IPCop-user] logpartition size > To: ipc...@li... > Message-ID: > <Pin...@ma...> > Content-Type: TEXT/PLAIN; charset=US-ASCII > > Hi there, > > On Mon, 12 Jan 2009 herauthon wrote: > > > I am using IPCop quite some time now Since version 1.4.0 > > So, now its time to add some options and features... > > If you say so. :) > > > Is it possible to reduce the size of the LOG partition a bit so more > > is available for installed features. > > Yes, it's certainly possible. There are tools which you can find with > a Google search which can change the sizes of partitions. Before you > do anything like that on a machine in which that you've invested a lot > of time, I'd recommend that you become very familiar with partitions, > partition tables, boot sectors and such - preferably by experimenting > with a few old drives so that when you mess up it won't matter. You > need to become familiar with the distinctions between accessing the > devices and the partitions, and with using tools like 'dd' to read and > write disc sectors directly without the benefit of the protection that > the operating system provides. Be careful. A single mistake when you > play with things like this may irretrievably trash a system. > > > And - actually Question II - is there an addon package called IPCOP > > that will convert an existing Linux BOX into an IPCop box? > > No, and I don't think it would make much sense to try to do it that > way. The existing IPCop installer simply deletes everything on the > existing disc - whatever it is - and starts from scratch. > > If you want to 'harden' and existing Linux box that's a very different > matter. It can be done fairly easily but as you know there will still > be more security issues in a machine which has all the cruft typically > available on a Linux box than there will be on a system which has been > designed from the ground up as a firewall. If you want to investigate > the use of iptables for securing an ordinary Linux box check out Rusty > Russell's Really Quick Guide To Packet Filtering: > > http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-5.html > > (and the rest of that document:). > > -- > > 73, > Ged. > > > > ------------------------------ > > Message: 5 > Date: Mon, 12 Jan 2009 12:01:52 +0000 > From: John Edwards <jo...@co...> > Subject: Re: [IPCop-user] malware taking data - PC Flank > To: David Taylor <dav...@pa...> > Cc: ipc...@li... > Message-ID: <200...@co...> > Content-Type: text/plain; charset=us-ascii > > On Mon, Jan 12, 2009 at 07:06:27PM +1300, David Taylor wrote: > > John Michaels wrote: > >> Recently when wandering around the Internet, I came across the > >> website - PC Flank (http://www.pcflank.com/) which apparently tested > >> firewalls. > >> > >> One test in particular caught me eye : to see if malware could > >> download information from my machine without the firewall stopping > >> it. You supplied a message and it tried to get it out. > >> > >> I tried the test and IPCop failed to stop the pseudo-attack. > >> > >> Is there any way of patching IPCop to prevent a real attack of this > >> form? > >> > >> Thanks > > > > You mean their "Leaktest"? > > IPCop does not do outbound. That is something done on the actual > computer > > you are using. > > Your pc wanted to get onto the net and send stuff. IPCop is made to stop > > attacks from Red to Green, not information going from Green to Red, which > is > > what the leaktest.exe does, so the leaktest "failed" because IPCop is > not > > made to stop this kind of information at all. Your PC started the > > conversation, so it is allowed... > > IPCop is working as designed. > > Very true. > > But I should mention there is the Block Outgoing Traficc ("BOT") > addon if you want to restrict outgoing traffic. > > Also there is are some addons for the Squid web proxy that can > control what websites can be visited by address or content. > > It seems a silly test to me - "Oh no you can send information > out to the Internet". Without details (protocol, port number, > packet type, etc) of what they are testing, it is useless. > > -- > #---------------------------------------------------------# > | John Edwards Email: jo...@co... | > #---------------------------------------------------------# > > > > ------------------------------ > > Message: 6 > Date: 12 Jan 2009 19:13:00 +0100 > From: Use...@zo... (Rainer Zocholl) > Subject: Re: [IPCop-user] malware taking data - PC Flank > To: ipc...@li... > Message-ID: <Ath...@zo...> > Content-Type: text/plain; charset=US-ASCII > > cap...@gm...(George) 12.01.09 07:58 > > Once upon a time "George " shaped the electrons to say... > > >On Monday 12 January 2009 06:06:27 David Taylor wrote: > >> John Michaels wrote: > >>> Recently when wandering around the Internet, I came across the > >>> website - PC Flank (http://www.pcflank.com/) which apparently > >>> tested firewalls. > >>> > >>> One test in particular caught me eye : to see if malware could > >>> download information from my machine without the firewall stopping > >>> it. You supplied a message and it tried to get it out. > >>> > >>> I tried the test and IPCop failed to stop the pseudo-attack. > >>> > >>> Is there any way of patching IPCop to prevent a real attack of this > >>> form? > >>> > >>> Thanks > >> > >> You mean their "Leaktest"? > >> IPCop does not do outbound. That is something done on the actual > >> computer you are using. > >> Your pc wanted to get onto the net and send stuff. IPCop is made to > >> stop attacks from Red to Green, not information going from Green to > >> Red, which is what the leaktest.exe does, so the leaktest "failed" > >> because IPCop is not made to stop this kind of information at all. > >> Your PC started the conversation, so it is allowed... > >> IPCop is working as designed. > > > > >Malware is not the province of IPCop but your ant-virus regime. > > If you install BOT > Block ALL outgoing traffic > allow only HTTP via Proxy > install dans guard or similar > it might be much more complicate to download something. > > > > To be complete secure i would recommand 3m of armored concrete, > best between power plug and socket! :-) > > Rainer---<=====> Vertraulich > // Key-ID:38F34C59 > // > <=====>--------------ocholl, Kiel, Germany ------------ > > > > > ------------------------------ > > Message: 7 > Date: Tue, 13 Jan 2009 15:19:09 +0100 > From: Olaf <mai...@ba...> > Subject: Re: [IPCop-user] 1.4.21 mkflash System, Backup Sets Not Being > Filled In > To: Harry Goldschmitt <ha...@hg...> > Cc: ipc...@li... > Message-ID: <496...@ba...> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Harry Goldschmitt wrote: > > I just set up a new flash system at 1.4.21. When I create a backup > > set via the web interface, nothing ever appears in the backup set > > table on the web page. The backup sets and the corresponding .time > > files exist and seem to be in the right format. > > > > > You mean the files are there in /home/httpd/html/backup/ but do not show > up in the GUI? > The files (and directory) belong to nobody:nobody? > > > Olaf > > > > ------------------------------ > > Message: 8 > Date: Tue, 13 Jan 2009 06:55:09 -0800 > From: Harry Goldschmitt <ha...@hg...> > Subject: Re: [IPCop-user] 1.4.21 mkflash System, Backup Sets Not Being > Filled In > To: Olaf <mai...@ba...> > Cc: ipc...@li... > Message-ID: <p06240801c5925a9ff871@[192.168.0.9]> > Content-Type: text/plain; charset="us-ascii" ; format="flowed" > > At 3:19 PM +0100 1/13/09, Olaf wrote: > >Harry Goldschmitt wrote: > >>I just set up a new flash system at 1.4.21. When I create a backup > >>set via the web interface, nothing ever appears in the backup set > >>table on the web page. The backup sets and the corresponding .time > >>files exist and seem to be in the right format. > >> > >> > >You mean the files are there in /home/httpd/html/backup/ but do not > >show up in the GUI? > >The files (and directory) belong to nobody:nobody? > > > > > >Olaf > > Yes, exactly. > > BTW, I did a diff between a working system's backup.cgi and the > broken ones. They are identical. Can you think of any other files > that might be involved? I was thinking of exploring file permission > and ownership differences for each file and directory in the system > via a shell script. > > Harry > > > > ------------------------------ > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > > ------------------------------ > > _______________________________________________ > IPCop-user mailing list > IPC...@li... > https://lists.sourceforge.net/lists/listinfo/ipcop-user > > > End of IPCop-user Digest, Vol 32, Issue 13 > ****************************************** > -- I'll carry your books, I'll carry a tune, I'll carry on, carry over, carry forward, Cary Grant, cash & carry, Carry Me Back To Old Virginia, I'll even Hara Kari if you show me how, but I will *not* carry a gun. -- Hawkeye, M*A*S*H <to be dedicated to the confusion of thoughts> |