--- Log opened Tue Dec 14 00:00:25 2004
00:05 -!- madtux [~mike@200.91.101.98] has quit ["leaving"]
00:44 < mnemoc> rxr: what do you think about subscribing a robot to freshmeat? and do daily reports of updated known packages?
00:45 < mnemoc> or web reporting
00:47 < jsaw> re
00:47 < mnemoc> re jsaw
00:47 < jsaw> rxr: dbus hast gtk-sharp bindings, but they should be optional.
00:47 < rxr> mnemoc: interesting idea in conjunction with the [D] tag parsing download tracker
00:47 < jsaw> hi mnemoc
00:48 < rxr> jsaw: it failed on my athlon due to no gtk-sharp available
00:48 < mnemoc> jsaw: gtk-sharp or gtk-sharp-2 ?
00:48 < jsaw> hmm, lemma see
00:49 < mnemoc> i wanted to update to gtk-sharp-2 because it will deprecate gtk-sharp
00:49 < mnemoc> but it seem to have many dependentant
00:49 < rxr> [OT] why does internet mp3 streams of radio sound so awful? I mean this is a 128kB mp3 - those I can normally listen quite well without getting mad due to artifacts - but this streams are full of distortions, artifacts and so on that I nearly get headache
00:49 < jsaw> rxr: obviously the dbus configure script is too dump...
00:49 < rxr> mnemoc: I would not call it many dependencies ...
00:50 < rxr> jsaw: I had no deeper look
00:50 < mnemoc> s/many//
00:50 < jsaw> rxr: there are config switches, eg. --enable-mono, --enable-gtk etc.
00:50 < rxr> btw - my configure fix for findutils was applied by the maintainer ...
00:50 < rxr> ;-)
00:50 < mnemoc> jsaw: does it look for gtk-sharp.pc or gtk-sharp-2.0.pc?
00:51 < rxr> I bet gtk-sharp.pc
00:51 < mnemoc> rxr: didn't he fixed his autoconf?
00:51 < jsaw> mnemoc: neither.
00:52 < jsaw> it seems to simply start building... :(
00:52 < mnemoc> :p
00:52 < jsaw> cd dbus-0.22; grep gtk-sharp -> nothing
00:52 < jsaw> cd dbus-0.22/mono; grep gtk-sharp *
00:52 < jsaw> Makefile.am: $(CSC) --unsafe --target exe -L . -r dbus-sharp.dll -pkg:gtk-sharp -o test-dbus-sharp.exe $(TEST_DBUS_SHARP_FILES)
00:52 < jsaw> Makefile.in: $(CSC) --unsafe --target exe -L . -r dbus-sharp.dll -pkg:gtk-sharp -o test-dbus-sharp.exe $(TEST_DBUS_SHARP_FILES)
00:53 < jsaw> *getting het up*
00:53 < rxr> mnemoc: it was a bug the findutils people written themslef into the configure.in ...
00:53 < mnemoc> oh
00:53 < rxr> mnemoc: look at my patch - I fix both configure and configure.in
00:53 < mnemoc> aha
00:54 < rxr> since I intend to get t2 more known by sending as much patches as possible upstream
00:54 < mnemoc> good idea
00:54 < rxr> this will also result in cleaner t2 packages with less patches to rediff in t2 ;-)
00:55 < mnemoc> we may automate that too fixing [A]s or adding an [R] as the mail address to report patch additions :)
00:55 < mnemoc> optionallly of course
01:03 < CIA-9> jsaw * r5073 /trunk/package/network/dbus/dbus.conf:
01:03 < CIA-9> * build gtk-sharp/mono bindings of dbus only if resp. pkgs exist
01:03 < CIA-9> (UNTESTED)
01:03 < jsaw> rxr: ^---
01:04 < mnemoc> gtk# will be the next pain maintaining packages :\
01:05 < jsaw> 2B fun | !2B fun
01:06 < mnemoc> true
01:06 < jsaw> hehe
01:07 < rxr> mnemoc: yeah - an the mono once are yours ;-)
01:07 < jsaw> It's rather syntax error I'd guess...
01:07 * rxr puh
01:07 < rxr> (2B or ^2B) fun or so ;-)
01:08 < mnemoc> :)
01:08 < rxr> I found the next osx bug ...
01:08 < mnemoc> true fun :D
01:09 < jsaw> rxr: that could be a nice t-shirt, front T2, back: (2B or ^2B) fun
01:09 < rxr> when one starts an applicaton and then expose's to e.g. the view the whole desktop whiel the app is still lunching the app window will show up normally - although all the other windows are move off the desktop ..
01:09 < mnemoc> i think i'll have to add gtk-sharp2 as a new package and start the serie :)
01:09 < rxr> jsaw: clifford is already promoting the 2B stuff ...
01:09 < jsaw> oh
01:09 < jsaw> didn't know this.
01:10 < mnemoc> you wont be forgiven
01:10 < jsaw> cu later, have to hide...
01:10 < rxr> grep the rock lurker for this
01:11 < rxr> much fun hiding jsaw
01:11 < rxr> don't let the lab rats snack on you
01:11 < mnemoc> :)
02:03 * rxr in bed - n8 all
02:20 < martin_> re hi
02:20 < martin_> anyone here?
09:31 -!- rxr [~rene@p213.54.218.157.tisdip.tiscali.de] has joined #t2
09:31 -!- Topic for #t2: T2 | The system development environment | GNU Auto* considered harmful
09:31 -!- Topic set by rxr [] [Fri Dec 10 03:06:40 2004]
09:31 [Users #t2]
09:31 [ _Ragnar__] [ daja77] [ martin_] [ nullslack] [ rxr ] [ valentin]
09:31 [ CIA-9 ] [ jsaw ] [ mnemoc ] [ nzg ] [ sparc-kly]
09:31 -!- Irssi: #t2: Total of 11 nicks [0 ops, 0 halfops, 0 voices, 11 normal]
09:31 -!- Channel #t2 created Sun Aug 8 21:15:33 2004
09:31 -!- [freenode-info] why register and identify? your IRC nick is how people know you. http://freenode.net/faq.shtml#nicksetup
09:31 -!- Irssi: Join to #t2 was synced in 11 secs
09:31 < rxr> damn t-com DSL crap
09:32 < rxr> bla
09:32 < rxr> so
09:32 < rxr> damn
09:32 < rxr> need to copy my connection tracker for this damn DSL outages ...
10:45 < rxr> re
11:08 -!- _Ragnar__ is now known as _Ragnar_
11:15 < martin_> rxr ...
11:16 < rxr> martin_: yes
11:17 < martin_> he he
11:17 < martin_> t-com :)
11:17 < martin_> aehm, do you go to 21c3?
11:18 < rxr> nno
11:18 < martin_> it's for free. or u not in berlin?
11:20 < rxr> I'm not in berlin - I wanted to enjoy real life ...
11:20 < rxr> for free due to tfh sponsoring ?
11:20 < martin_> i hope
11:22 < martin_> so, i must drive to my tfh. fuck, i have not enough time ...
11:22 < martin_> cul rxr
14:53 < mnemoc> what's a tfh?
14:53 < jsaw> roughly a technical university
14:54 < jsaw> (re)
14:54 < mnemoc> re jsaw
14:55 < mnemoc> tfh is a kind of educational institution or one specific educational institution?
14:55 < jsaw> tfh = technische (technical) fachhochschule (university of applied sciences)
14:56 < mnemoc> thanks
14:57 < jsaw> or polytechnic, guess that's also the way it's called in chile?
14:57 < mnemoc> similar
14:58 < mnemoc> how many years a career in a tfh takes?
14:59 < jsaw> The FH's are a bit more industry oriented. I'm not sure, but I think the duration is not that much different than a university.
15:00 < jsaw> The difference of a FH and a university here in Germany are only the fact, that a university has a broader spectrum of topic...
15:00 < jsaw> topics
15:00 < mnemoc> here, that broader spectrum includes engineering :)
15:01 < jsaw> from technical to non-technical stuff. one part alone is a FH.
15:01 < mnemoc> technical _institutes_' careers are 2/3 of university here
15:02 < mnemoc> and cft 'technical formation (instruction) centers' are 1/4 of university
15:04 < jsaw> well, fh's here do have a more tight plan. There's some kind of fight between FH's and universities because universities do not take FH's serious. Though the certifactes are identical.
15:04 < mnemoc> oh
15:05 < jsaw> On the othere - due to higher business orientation - there are courses which are shorter. Guess, these are also 2/3.
15:05 < jsaw> OTOH even
15:07 < jsaw> laptop battery low, back in a few minutes.
15:18 < rxr> re
15:19 < mnemoc> re rxr
15:20 < rxr> hi mnemoc and jsaw
15:38 < rxr> did I already mentioned today that explicit selection copy as in OSX or Windows sucks ...
15:41 < mnemoc> explicit selection copy of what?
15:41 < rxr> oh my god:
15:41 < rxr> http://www.rocklinux.net/submaster/data//2004/12/1011573604725.patch
15:42 < rxr> mnemoc: that you have to press Ctrl-C or AppleKey-C ...
15:42 < rxr> even after days od using OSX I forget to copy the selectoin every third time
15:44 < rxr> oh my god - looking thru submaster I really wonder if the contributing and voting people know what they do ...
15:45 < rxr> .oO
15:45 < rxr> Alejandro Mery:
15:45 < rxr>         * openldap updated (2.2.17->2.2.19)
15:45 < rxr>  
15:45 < mnemoc> :)
15:45 < rxr> (fake) this is not stable!! please don't update such vital packages to non-stable versions... or tell me why you need it ;)
15:45 < mnemoc> fake voted against it :\
15:45 < jsaw> re
15:45 < rxr> Alejandro Mery:
15:45 < rxr>         * openvpn updated to beta branch (1.6.0 -> 2.0-beta15)
15:45 < rxr> (fake) 2.0rc1 is out! mind updating to that?
15:46 < rxr> *lol*
15:46 < rxr> mnemoc: but your updates are not what I wondered about - I wondered about other discussion - e.g. about the lib64 ones ...
15:47 < rxr> oh - my this is a trash deposit - I shoudl stop looking into it ...
15:48 < rxr> what the heck?:
15:48 < rxr> Clifford Wolf:
15:48 < rxr>         Disable gcc java compiler on default
15:48 < rxr> and I'm a braindead person causing regressions and just removing features ...
15:48 < rxr> ehrm - and the patch even disables CHILL ...
15:48 < mnemoc> :D
15:50 < rxr> please remind me never to look into this thing - it causes an headache over ehre ...
15:50 < rxr> here even
15:53 < rxr> just running a testbuild of a maildir update
15:53 < rxr> maildrop even
15:57 < rxr> hm- the rock svn is also again very slow ...
15:57 < martin_> re
15:57 < rxr> hi martin_
15:58 < rxr> hm - strange I wonder why the rock maildir packages does not cuase shared files with courier-imap ...
15:58 < rxr> usr/bin/deliverquota: courier-imap maildrop
15:58 < rxr> !> usr/bin/maildirmake: courier-imap maildrop
15:59 < rxr> !> usr/share/man/man1/maildirmake.1: courier-imap maildrop
15:59 < jsaw> ...
16:00 < rxr> maybe they do not know yet ...
16:00 < mnemoc> not-yet-tested-update?
16:07 < martin_> http://nexus.tfh-berlin.de/~bsdforum/sys/
16:13 < CIA-9> rene * r5074 /trunk/package/mail/maildrop/ (deliverquota.patch maildrop.conf maildrop.desc):
16:13 < CIA-9> * updated maildrop (1.6.3 -> 1.7.0) and moved the shared file adaptions
16:13 < CIA-9> out of a patch into the maildrop.conf using the INSTALL_WRAPPER
16:13 < rxr> oh - forgot to change the maintainer
16:17 < rxr> martin_: nice that our new decent server seems to be online ;-)
16:17 < rxr> (is it that good to post the link here into the wild?)
18:27 -!- madtux [~mike@200.91.101.100] has joined #t2
18:27 < madtux> hi
18:31 < rxr> hi madtux
18:32 < madtux> hello rxr
18:32 < madtux> so last night i "evaluated" FC-3 as i heard they suppored selinux on full dekstop enviroment
18:32 < madtux> what a waste of time :(
18:33 < madtux> FC2 sucked... BIG time.. and it hasn't changed
18:33 < rxr> yeah - thats it about Fedora Core ;-)
18:40 < nullslack> madtux, what the first step if you feel that there's something fishy with ur sever?
18:40 < madtux> define fishy
18:41 < nullslack> ifconfig and ip is missing or maybe the path has been altered
18:41 < madtux> mm..
18:41 < madtux> did u ask "find" ?
18:42 < madtux> nullslack: imho both ifconfig and ip should be in /sbin
18:42 < madtux> question are u root ?
18:43 < nullslack> nope...and the ssh login is slow compared before....worst thing is ifconfig and ip is there after i re-login
18:43 < madtux> a normal user should exec them unless they use the full path.. yet won't have much to do
18:43 < madtux> nullslack: mmm...
18:43 < madtux> would u please check if u get an answer when u try to ssh to port 122 on ur box?
18:44 < madtux> i think you are been / have been rootkited
18:44 < nullslack> btw, our net connection was loss with a dns error
18:44 < nullslack> 122?
18:44 < madtux> yeah .. nmap won't show it active
18:45 < madtux> just try it.. several "crackers" use port 122 to create an ssh backdoor
18:45 < madtux> i would suggest check for a rootkit on the box
18:45 < madtux> ckrootkit
18:46 < nullslack> yeah...i was thinking about that also...but how will i preserve the evidence?
18:46 < nullslack> or the first step when you get hacked
18:47 < madtux> if you were rootktted already then the evidence is cleaned up already
18:47 < nullslack> what do u mean?
18:47 < madtux> but maybe there is a /dev/aix file with ur passwords in plan text
18:47 < madtux> or there is a file called /var/lib/games/.src ?
18:47 < madtux> directory i ment
18:47 < madtux> note the "." on the path
18:48 < madtux> if ur server was hacked is probable that the logs and evicences were cleaned - removed
18:48 < nullslack> hmmm....i can't put the server off-line...is changing the root password ok already? or is there an other way he can get through?
18:49 < madtux> in most of the cases changing the root password won't change a thing
18:49 < nullslack> so...i can't trace where it came from?
18:49 < nullslack> what would you suggest?
18:49 < madtux> look for the root kit for now.. and most important.. DON'T reboot the server
18:50 < madtux> no its very probable that you can't.. u don't have any IDS systems on that box?
18:50 < nullslack> yes...i didn't reboot it...no ids ;(
18:51 < nullslack> then clean the rootkit?
18:51 < madtux> ok _DON'T_ reboot...
18:51 < madtux> well if you were rootkitted then some applications have probably replaced.. some of then are often:
18:51 < nullslack> is it possible that he is logged-in and can monitor what i'm doing on the server? or our net connections?
18:51 < madtux> openssh, rsync, coreutils, inittools
18:51 < madtux> yes its possible.
18:52 < madtux> now i'm just make an assumptiong
18:52 < madtux> -q
18:52 < nullslack> -q
18:52 < madtux> did u find a anything in /var/lib/games/ ?
18:52 < madtux> -g as in assumption
18:52 < madtux> :)
18:52 < nullslack> lemme check
18:52 < madtux> check for a ".src" directory
18:53 < madtux> ok for any .* directory in /usr/local/
18:54 < nullslack> .src dir? in /?
18:55 < madtux> is there a .src in / ?!
18:55 < madtux> 0_o
18:55 < nullslack> i found authlogfail.unsort and deniedlog.unsort in /tmp with recent timestamp
18:55 < nullslack> i found this in / %{tmpdir}
18:56 < madtux> show me
18:57 < nullslack> empty
18:57 < madtux> now i'm a bit confused... is there a /.src directory?
18:57 < madtux> oh ok its empty
18:57 < madtux> what about the authlogfail.unsort and deniedlog.unsort ?
18:57 < madtux> are they empty?
18:57 < nullslack> yes
18:57 < nullslack> how to find .src dir?
18:58 < madtux> do u get any segmentation faults when u run ls or so?
18:58 < nullslack> is netstat included in the changed files
18:58 < madtux> could be
18:58 < nullslack> no...
18:58 < madtux> nullslack: wise advice.. change make backup NOW
18:59 < nullslack> backup?
18:59 < madtux> i mean make a backup now
18:59 < madtux> of the server
18:59 < nullslack> how
18:59 < nullslack> cp -a?
18:59 < nullslack> or something?
18:59 < madtux> oh geez..
18:59 < madtux> you are not a sysadmin are u ?
18:59 < madtux> be honest i want to help you.
18:59 < nullslack> not really experienced
18:59 < madtux> ok
19:00 < madtux> is this server online right now?
19:00 < nullslack> yes
19:00 < mnemoc> rehi
19:00 < madtux> ok... try scping o rsyncing the critical server files FROM a machine in ur lan.. not from another server
19:01 -!- c4y0 [~c4y0@200.75.68.67] has joined #t2
19:01 < c4y0> hi! =)
19:01 < nullslack> ok...so the main thing to do is re-install the server right?
19:01 < madtux> hello c4y0
19:02 < nullslack> because it is safer that way
19:02 < madtux> if you are not an expirenced sysadmin it will be alot easier and quicker for you to just back up and reinstall
19:02 < madtux> but of course reinstall and add some good firewalls, check for vulnerabilities on ur daemons, install ids systems
19:03 < madtux> u know do at least the security basics on the box.. else they will hack u again
19:03 < madtux> rxr: perhaps u have something to say on this?
19:03 < nullslack> i know...i have been trying to tell them that we need to replace the server...because it is not updated
19:04 < madtux> nullslack: it is critical to make security updates
19:04 < rxr> madtux: no ;-)
19:04 < madtux> else that kind of things happen
19:04 < madtux> rxr: am i doing ok? ;0
19:04 < madtux> :)
19:05 < nullslack> they trusted the guy who installed the OS...but he hasn't given us an update of their distro
19:05 < nullslack> i was planning to make an image backup...any suggestions?
19:05 < madtux> suggestion...
19:06 < nullslack> is there anything i could still find if i do that
19:06 < madtux> there is a very minimal possibility to find evidences
19:06 < nullslack> so i'm pretty lost right now ;(
19:07 < madtux> ok lets see is this box using IDE hd's or scsi?
19:07 < nullslack> scsi
19:07 < madtux> DOH!
19:07 < nullslack> ?
19:08 < madtux> try copying important file with rsync o scp to another box
19:08 < madtux> i would suggest /etc /home /root /var if you don't know exactly what to backup
19:08 < madtux> or if u have enough space just copy the whole thing
19:08 < mnemoc> scp to backup those? outch
19:10 < madtux> mnemoc: have u read all the conversation?
19:10 < madtux> perhapos rsync over an ssh tunnel is better
19:10 < madtux> mnemoc: btw I'm doing great thanks for asking, and you?
19:11 < mnemoc> rehi hi! =) hello c4y0
19:11 < mnemoc> great too, thanks for asking :)
19:11 < madtux> mmm... u are using xchatr?!
19:11 < nullslack> hmmm....i just want to know how the attacker got in...i saw a local ip trying to connect to ssh
19:11 < mnemoc> me???
19:11 < mnemoc> i have only read parts of it
19:12 < madtux> nullslack: ok lets begging with the basics ask wikipedia what a rootkit is :)
19:12 < madtux> i will come back in 30 minutes.
19:12 < madtux> mnemoc, c4y0 you guys please feel free to jump in and help .. as u are sysadmins too
19:13 < mnemoc> nullslack: first rule, never panic. with a reboot you can loose all your data
19:15 < nullslack> what do u mean loose all my data?
19:15 < mnemoc> you don't know if he set a bomb in your init scripts
19:15 < mnemoc> do you?
19:16 < nullslack> ic..thnx
19:17 < mnemoc> _while_ you copy your data to a safe place try to find what is he doing in this moment
19:17 < nullslack> this is my first time dealing with a server that's been hacked...and sad part of it...i'm not the one who installed and configured it ;(
19:18 < madtux> nullslack: its ok.. those kind of things are the one that make one become a great sysamin and then make u evolutionate into a security consultant.. and then there is the big bucks
19:18 < mnemoc> your first goal must be backup the whole machine without showing the bad guy you know he got in
19:19 < mnemoc> your seconf goal must be to find what he did
19:19 < mnemoc> and the third _how_ he did it
19:19 < mnemoc> don't hunt him if you don't know who is stronger
19:21 < mnemoc> nullslack: madtux gets _big_ bucks thanks to that experience :)
19:34 < nullslack> mnemoc, without showing how he got in? how?
19:34 < nullslack> madtux, thnx
19:35 < nullslack> im getting the imp logs on another machine
19:35 < nullslack> important
19:35 < mnemoc> nullslack: without acting _against_ him
19:36 < mnemoc> _copy_ as much as you can
19:36 < nullslack> ic...i just want to find out how he got in. i'm just curious ;)
19:37 < nullslack> i was planning to do real security...but they wouldn't understand...
19:37 < mnemoc> your have to trace him back
19:38 < nullslack> not really that...i mean what vulnerability did he exploited in able to get in
19:51 < mnemoc> do you have apps running as root?
19:51 < mnemoc> do you have users with shell account?
19:52 < mnemoc> chkrootkit (on t2) can audit your machine looking for rootkits
19:54 * madtux relax, sits back and listen to master mnemoc give security advice :)
19:55 < mnemoc> madtux has been cracked more times than me :)
19:56 < mnemoc> he has _more_ experience, and as he is back he can give you more advices :)
19:56 < madtux> mnemoc: well when i took linuxlabs infraestructure it was quite insecure
19:56 < mnemoc> so the one how must listen is me
19:57 < nullslack> hmmm...no rootkits
19:57 < nullslack> i've runned chkrootkit and rkhunter
19:57 < madtux> mnemoc: btw that last statement feel like a low punch
19:57 < mnemoc> which statement?
19:57 < madtux> 13:03 < mnemoc> madtux has been cracked more times than me :)
19:58 < madtux> ah well..
19:58 < mnemoc> you have more machines and more clients than i
19:58 < mnemoc> times vs. %
19:58 < mnemoc> you win
19:59 < madtux> nullslack: well if they already replaced ur binaries i spossible that thenselves removed the rootkit srcs
19:59 < madtux> not sure.. hackers have never managed to progress that much in my case.
20:05 < nullslack> hmmm...i'm just wondering...i have tried 'which ifconfig' and 'which ip' but with negative results...is it possible that the path was not inherited during an ssh login
20:06 < madtux> no.
20:06 < mnemoc> o_O
20:06 < madtux> nullslack: did u already check /sbin ?
20:07 < madtux> did u run a 'find -name ifconfig' in /
20:07 < madtux> ?
20:07 < madtux> as root of course.
20:07 < madtux> btw can see what does 'uptime' tell you?
20:08 < madtux> mnemoc: query
20:09 < nullslack> it's there in /sbin
20:09 < nullslack> uptime yields 30 days with 3 users?
20:09 < madtux> ok then what is ur problem?
20:09 < nullslack> 3 users?
20:09 < mnemoc> o_O
20:09 < madtux> run finger
20:09 < madtux> or 'w'
20:10 < nullslack> ok finger shows it
20:11 < madtux> :)
20:12 < nullslack> hmmm...weird...really! i tried it! i run 'ip' and 'ifconfig' and it says "command not found" ;)
20:13 < mnemoc> echo $PATH
20:13 < madtux> nullslack: ls -la /sbin/ip
20:13 < madtux> nullslack: ls -la /sbin/ifconfig
20:13 < madtux> they are probably symlinks
20:13 < madtux> :)
20:13 < madtux> mnemoc: what do u think?
20:14 < nullslack> no...they are working right now
20:14 < nullslack> i could run both already
20:14 < madtux> nullslack: u are not helping me too much to help to be able to help u
20:15 < mnemoc> analysis forense is an art :)
20:15 < madtux> .oO( entro la hora del sueno de medio dia)
20:15 < madtux> mnemoc: its easier when i have access to the box :)
20:16 < nullslack> madtux, oh sorry...i mean they're not symlinks
20:16 < mnemoc> forensic*
20:16 < mnemoc> file /sbin/ip
20:16 < nullslack> mnemoc, not symlink
20:16 < mnemoc> check your aliases too
20:19 < nullslack> it's weird when you ssh to a box then cannot execute 'ip' and 'ifconfig' when by default they are there. then just by exitting then re-logging the 2 works fine ;(
20:19 < nullslack> sorry for upsetting you
20:19 < madtux> u are not upsetting
20:19 < madtux> nullslack: i have 2 more questions
20:19 < nullslack> sure
20:19 < mnemoc> ssh and getty trigger diferente scripts to init bash
20:19 < madtux> 1. When u ssh u are login as root or as a normal user and then using 'su'?
20:20 < nullslack> as root
20:20 < mnemoc> .bashrc vs. .bash_profile vs. .profile
20:20 < madtux> 2. Are u by any chance running redhat, fedora, mandrake suse or conective in that box?
20:20 < nullslack> modified mandrake
20:20 < mnemoc> outch
20:20 < madtux> i always hated mandrake..
20:20 < nullslack> me too
20:21 < madtux> nullslack: basically what u have to do is run the comands witht he absolute path
20:21 < madtux> at least those located at /sbin and /usr/sbin
20:21 < madtux> :)
20:21 < madtux> normal behavier in those systems.
20:22 < nullslack> madtux, i have been running the commands for almost a year now without absolute path ;)
20:22 < nullslack> madtux, oh sorry!
20:22 < madtux> did u update anything?
20:22 < nullslack> nope
20:22 < nullslack> i just log-in because our users are getting dns errors on their browsers
20:23 < mnemoc> even openssh has done remote-explotable fixes in the last year
20:23 < madtux> nullslack: u were ssh'ing to this box all this time?
20:23 < nullslack> yes
20:23 < madtux> how long has this system been on?
20:23 < nullslack> 30 days
20:23 < nullslack> uptime?
20:24 < mnemoc> was it installed 30 days ago?
20:24 < madtux> :)
20:24 < nullslack> last year
20:25 < nullslack> 30 days uptime
20:25 < nullslack> because we rebooted it
20:25 < madtux> yes i ment when was it installed..
20:26 < madtux> no updates in a year
20:26 < madtux> scary
20:26 < nullslack> yes...because it's a modified distro.. wherein getting an rmp update from the sites would break it ;( damn!
20:27 < nullslack> they wouldn't listen
20:27 < mnemoc> advice: start building a t2 to use it's place, move the data and replace it
20:28 < mnemoc> you can't expect to trace a machine abandoned for a year
20:28 < mnemoc> worse if it's a mdk
20:29 < nullslack> mnemoc, i've been pushing to replace it with slackware before..
20:29 < madtux> heck i would rather use an unpatched windows 98 as firewall than a mdk box
20:29 < nullslack> management call
20:29 * daja77 remembering madtux love for mdk
20:30 < mnemoc> :)
20:30 < mnemoc> who can love mdk?
20:30 < madtux> nullslack: ok
20:30 < nullslack> and i've been pushing that they let us IT group concentrate on security and the system administration not the operation!
20:30 < madtux> daja77: oh yeah just as much as u love that mother board u had when u meet me
20:31 < madtux> mnemoc: i can tell you who loves it.. CyBuX
20:31 < mnemoc> :\
20:31 < madtux> seriously
20:31 < mnemoc> nullslack: after a break in you have more chances to get listened
20:31 < nullslack> give us some training...and allow us to do our job as systems admin
20:32 < nullslack> mnemoc, but i still haven't got any evidence that i've been compromised
20:32 < mnemoc> and remember a server needs _atleast_ weekly maintainment
20:32 < nullslack> chkrootkit and rkhunter...for rootkits
20:33 < mnemoc> nullslack: after he get root access mr. badguy _will_ remove every evidence that he got in
20:34 < mnemoc> and set a backdoor to get back easier whenever he wants
20:35 < mnemoc> something as simple as his pubkey on root's .ssh/ can be a hard to find backdoor :)
20:35 < nullslack> ic...i'll still keep digging...thanx for the help
20:46 -!- mnemoc [~amery@200.75.27.29] has quit [Read error: 60 (Operation timed out)]
20:47 < nullslack> thnx madtux ;)
20:48 < madtux> nullslack: there is nothing to thank me for :)
20:49 -!- mnemoc [~amery@200.75.27.55] has joined #t2
20:49 < rxr> welcome back mnemoc
20:49 < nullslack> madtux, for being patient...and for not flaming me ;)
20:50 < rxr> well - this is a friendly channel *g*
20:50 < nullslack> hi rxr
20:51 < mnemoc> :)
20:51 < madtux> nullslack: well i have been at ur cituation before so i know how it feels. besides anyone one that knows me for a while like rxr or mnemoc can tell i'm not such a bad guy... i can be nice sometimes
20:52 < mnemoc> a very nice guy when he is not the attacker :)
20:52 < rxr> haha
20:53 < daja77> ask him if he is a teddy bear
20:53 < mnemoc> or barney :p
20:53 * madtux hits mnemoc's head with owl pink notebook
20:54 < mnemoc> outch
20:54 < mnemoc> OT: owl is not here to see you took her notebook
20:54 < madtux> i'm NO ONE'S teddy bear.. and definitly barney isn't even to be counted.. mnemoc please put me away from your private secual fantasies with barney
20:55 < daja77> :)
20:55 < madtux> mnemoc: it doesn't matter u were here to feel it it in ur head
20:55 < daja77> j/k
20:55 < madtux> :)
20:55 < mnemoc> hehe
20:55 < madtux> see now u made me look like if i was an aggresive guy with nullslack
20:55 < madtux> u are evil
20:56 < madtux> mnemoc: and the whole "attacker" no one has proves that has ever been attacked by me :)
20:56 < mnemoc> does it needs to be proved?
20:57 < madtux> wel then how can u state that i make a attacks when u can't probe that i have done it or have the skills to do so ? :)
20:58 < mnemoc> any good security advisor has to 'know' how the bad guys do their job ;) and test how far can they go without getting noticed :)
20:59 < madtux> well i'm just a package updater :)
20:59 < madtux> ;-)
20:59 < madtux> anyways i will con tinue selinux stuff later today
21:00 < madtux> rxr: second week of march 2005 is a good time for to go to berlin?
21:00 < madtux> for me*
21:01 < rxr> hm - it will still be a bit cold ;-) No idea if this is fine for you ... *g*
21:02 < madtux> cold = snow?
21:02 < daja77> perhaps
21:02 < daja77> but not necessarily
21:02 < madtux> mountains for snow boarding near?
21:03 < daja77> no
21:03 < madtux> ah :(
21:03 < rxr> I do not think you will have snow at that time - the changes are under 5% I would estimate ...
21:03 < rxr> but arround or less than 10"C
21:04 < madtux> 10"C is ok for me
21:04 < madtux> 48"C is a nightmare to me
21:04 < madtux> rxr: cold is not the problem for me
21:04 < mnemoc> 31C here outside the office, here +2 or +3
21:05 < madtux> rxr: btw my question wasn't really meaning like.. how is the weather like.. but it was an idirect way to say something like.. can i visit you?
21:05 < madtux> 18"C in the office.. 23"C outside :)
21:05 < rxr> I should be around at that time - feel free to come over? ;-)
21:06 < rxr> just let me look up the CeBIT dates ...
21:06 < madtux> rxr: what is CeBIT ?
21:06 < madtux> rxr: before visiting u i intend to be here: http://chemnitzer.linux-tage.de/
21:07 < mnemoc> isn't CeBIT an expo for big fishes?
21:07 < daja77> yep
21:07 < daja77> biggest worldwide
21:08 < rxr> 10 to 16 March is CeBIT ...
21:08 < rxr> at that time I'm most probably in Hannover
21:08 < madtux> Hannover... capchaos lives there.. :)
21:09 < madtux> define big fishes
21:09 < madtux> alan cox, rms, linus, mnemoc ?
21:09 < mnemoc> big corporations which own the real world
21:09 < madtux> that kind of people
21:09 < madtux> oh i see
21:09 -!- c4y0 [~c4y0@200.75.68.67] has quit ["BitchX-1.0c20cvs -- just do it."]
21:18 -!- martin_ [~martin@brln-d9ba1e49.pool.mediaWays.net] has quit [Read error: 110 (Connection timed out)]
22:23 < mnemoc> rxr: ping
22:56 < rxr> pong
22:57 < rxr> ouhm - 30 minutes latency :-(
22:59 < mnemoc> :)
22:59 < mnemoc> query =)
23:00 -!- madtux [~mike@200.91.101.100] has quit [Read error: 110 (Connection timed out)]
23:04 < rxr> it is -2.5°C here ...
23:04 < mnemoc> 27C here
23:05 < rxr> °C
23:05 < rxr> hm
23:05 < rxr> did you see the real degree symbol in one of the lines above ?
23:07 < mnemoc> yes
23:07 < rxr> oh my is this appl terminal broken ...
23:07 < rxr> apple even
23:07 < rxr> in which line?
23:07 < rxr> or in both?
23:07 -!- martin_ [~martin@brln-d9ba094b.pool.mediaWays.net] has joined #t2
23:08 < mnemoc> the first has an "A before
23:08 < mnemoc> the second is fine but with white background
23:08 < rxr> °C
23:08 < rxr> hm
23:08 < mnemoc> ä°ree;C
23:09 < mnemoc> Ä*
23:13 < rxr> I think I should not try post delivery mail filtering - this kind of sucks ...
23:14 < mnemoc> OT: do you know if fefe's tinyldap is alive?
23:18 < rxr> ouhm - just ask so many questions I can not answer today :-(
23:21 < mnemoc> :(
23:21 < rxr> the tinyldap page does not look that bad - just a bit old ...
23:22 * mnemoc checking it out
23:24 < mnemoc> GETTING.STARTED file is one month old only :)
23:33 < rxr> oh
--- Log closed Wed Dec 15 00:00:26 2004