--- Log opened Tue Dec 14 00:00:25 2004 00:05 -!- madtux [~mike@200.91.101.98] has quit ["leaving"] 00:44 < mnemoc> rxr: what do you think about subscribing a robot to freshmeat? and do daily reports of updated known packages? 00:45 < mnemoc> or web reporting 00:47 < jsaw> re 00:47 < mnemoc> re jsaw 00:47 < jsaw> rxr: dbus hast gtk-sharp bindings, but they should be optional. 00:47 < rxr> mnemoc: interesting idea in conjunction with the [D] tag parsing download tracker 00:47 < jsaw> hi mnemoc 00:48 < rxr> jsaw: it failed on my athlon due to no gtk-sharp available 00:48 < mnemoc> jsaw: gtk-sharp or gtk-sharp-2 ? 00:48 < jsaw> hmm, lemma see 00:49 < mnemoc> i wanted to update to gtk-sharp-2 because it will deprecate gtk-sharp 00:49 < mnemoc> but it seem to have many dependentant 00:49 < rxr> [OT] why does internet mp3 streams of radio sound so awful? I mean this is a 128kB mp3 - those I can normally listen quite well without getting mad due to artifacts - but this streams are full of distortions, artifacts and so on that I nearly get headache 00:49 < jsaw> rxr: obviously the dbus configure script is too dump... 00:49 < rxr> mnemoc: I would not call it many dependencies ... 00:50 < rxr> jsaw: I had no deeper look 00:50 < mnemoc> s/many// 00:50 < jsaw> rxr: there are config switches, eg. --enable-mono, --enable-gtk etc. 00:50 < rxr> btw - my configure fix for findutils was applied by the maintainer ... 00:50 < rxr> ;-) 00:50 < mnemoc> jsaw: does it look for gtk-sharp.pc or gtk-sharp-2.0.pc? 00:51 < rxr> I bet gtk-sharp.pc 00:51 < mnemoc> rxr: didn't he fixed his autoconf? 00:51 < jsaw> mnemoc: neither. 00:52 < jsaw> it seems to simply start building... :( 00:52 < mnemoc> :p 00:52 < jsaw> cd dbus-0.22; grep gtk-sharp -> nothing 00:52 < jsaw> cd dbus-0.22/mono; grep gtk-sharp * 00:52 < jsaw> Makefile.am: $(CSC) --unsafe --target exe -L . -r dbus-sharp.dll -pkg:gtk-sharp -o test-dbus-sharp.exe $(TEST_DBUS_SHARP_FILES) 00:52 < jsaw> Makefile.in: $(CSC) --unsafe --target exe -L . -r dbus-sharp.dll -pkg:gtk-sharp -o test-dbus-sharp.exe $(TEST_DBUS_SHARP_FILES) 00:53 < jsaw> *getting het up* 00:53 < rxr> mnemoc: it was a bug the findutils people written themslef into the configure.in ... 00:53 < mnemoc> oh 00:53 < rxr> mnemoc: look at my patch - I fix both configure and configure.in 00:53 < mnemoc> aha 00:54 < rxr> since I intend to get t2 more known by sending as much patches as possible upstream 00:54 < mnemoc> good idea 00:54 < rxr> this will also result in cleaner t2 packages with less patches to rediff in t2 ;-) 00:55 < mnemoc> we may automate that too fixing [A]s or adding an [R] as the mail address to report patch additions :) 00:55 < mnemoc> optionallly of course 01:03 < CIA-9> jsaw * r5073 /trunk/package/network/dbus/dbus.conf: 01:03 < CIA-9> * build gtk-sharp/mono bindings of dbus only if resp. pkgs exist 01:03 < CIA-9> (UNTESTED) 01:03 < jsaw> rxr: ^--- 01:04 < mnemoc> gtk# will be the next pain maintaining packages :\ 01:05 < jsaw> 2B fun | !2B fun 01:06 < mnemoc> true 01:06 < jsaw> hehe 01:07 < rxr> mnemoc: yeah - an the mono once are yours ;-) 01:07 < jsaw> It's rather syntax error I'd guess... 01:07 * rxr puh 01:07 < rxr> (2B or ^2B) fun or so ;-) 01:08 < mnemoc> :) 01:08 < rxr> I found the next osx bug ... 01:08 < mnemoc> true fun :D 01:09 < jsaw> rxr: that could be a nice t-shirt, front T2, back: (2B or ^2B) fun 01:09 < rxr> when one starts an applicaton and then expose's to e.g. the view the whole desktop whiel the app is still lunching the app window will show up normally - although all the other windows are move off the desktop .. 01:09 < mnemoc> i think i'll have to add gtk-sharp2 as a new package and start the serie :) 01:09 < rxr> jsaw: clifford is already promoting the 2B stuff ... 01:09 < jsaw> oh 01:09 < jsaw> didn't know this. 01:10 < mnemoc> you wont be forgiven 01:10 < jsaw> cu later, have to hide... 01:10 < rxr> grep the rock lurker for this 01:11 < rxr> much fun hiding jsaw 01:11 < rxr> don't let the lab rats snack on you 01:11 < mnemoc> :) 02:03 * rxr in bed - n8 all 02:20 < martin_> re hi 02:20 < martin_> anyone here? 09:31 -!- rxr [~rene@p213.54.218.157.tisdip.tiscali.de] has joined #t2 09:31 -!- Topic for #t2: T2 | The system development environment | GNU Auto* considered harmful 09:31 -!- Topic set by rxr [] [Fri Dec 10 03:06:40 2004] 09:31 [Users #t2] 09:31 [ _Ragnar__] [ daja77] [ martin_] [ nullslack] [ rxr ] [ valentin] 09:31 [ CIA-9 ] [ jsaw ] [ mnemoc ] [ nzg ] [ sparc-kly] 09:31 -!- Irssi: #t2: Total of 11 nicks [0 ops, 0 halfops, 0 voices, 11 normal] 09:31 -!- Channel #t2 created Sun Aug 8 21:15:33 2004 09:31 -!- [freenode-info] why register and identify? your IRC nick is how people know you. http://freenode.net/faq.shtml#nicksetup 09:31 -!- Irssi: Join to #t2 was synced in 11 secs 09:31 < rxr> damn t-com DSL crap 09:32 < rxr> bla 09:32 < rxr> so 09:32 < rxr> damn 09:32 < rxr> need to copy my connection tracker for this damn DSL outages ... 10:45 < rxr> re 11:08 -!- _Ragnar__ is now known as _Ragnar_ 11:15 < martin_> rxr ... 11:16 < rxr> martin_: yes 11:17 < martin_> he he 11:17 < martin_> t-com :) 11:17 < martin_> aehm, do you go to 21c3? 11:18 < rxr> nno 11:18 < martin_> it's for free. or u not in berlin? 11:20 < rxr> I'm not in berlin - I wanted to enjoy real life ... 11:20 < rxr> for free due to tfh sponsoring ? 11:20 < martin_> i hope 11:22 < martin_> so, i must drive to my tfh. fuck, i have not enough time ... 11:22 < martin_> cul rxr 14:53 < mnemoc> what's a tfh? 14:53 < jsaw> roughly a technical university 14:54 < jsaw> (re) 14:54 < mnemoc> re jsaw 14:55 < mnemoc> tfh is a kind of educational institution or one specific educational institution? 14:55 < jsaw> tfh = technische (technical) fachhochschule (university of applied sciences) 14:56 < mnemoc> thanks 14:57 < jsaw> or polytechnic, guess that's also the way it's called in chile? 14:57 < mnemoc> similar 14:58 < mnemoc> how many years a career in a tfh takes? 14:59 < jsaw> The FH's are a bit more industry oriented. I'm not sure, but I think the duration is not that much different than a university. 15:00 < jsaw> The difference of a FH and a university here in Germany are only the fact, that a university has a broader spectrum of topic... 15:00 < jsaw> topics 15:00 < mnemoc> here, that broader spectrum includes engineering :) 15:01 < jsaw> from technical to non-technical stuff. one part alone is a FH. 15:01 < mnemoc> technical _institutes_' careers are 2/3 of university here 15:02 < mnemoc> and cft 'technical formation (instruction) centers' are 1/4 of university 15:04 < jsaw> well, fh's here do have a more tight plan. There's some kind of fight between FH's and universities because universities do not take FH's serious. Though the certifactes are identical. 15:04 < mnemoc> oh 15:05 < jsaw> On the othere - due to higher business orientation - there are courses which are shorter. Guess, these are also 2/3. 15:05 < jsaw> OTOH even 15:07 < jsaw> laptop battery low, back in a few minutes. 15:18 < rxr> re 15:19 < mnemoc> re rxr 15:20 < rxr> hi mnemoc and jsaw 15:38 < rxr> did I already mentioned today that explicit selection copy as in OSX or Windows sucks ... 15:41 < mnemoc> explicit selection copy of what? 15:41 < rxr> oh my god: 15:41 < rxr> http://www.rocklinux.net/submaster/data//2004/12/1011573604725.patch 15:42 < rxr> mnemoc: that you have to press Ctrl-C or AppleKey-C ... 15:42 < rxr> even after days od using OSX I forget to copy the selectoin every third time 15:44 < rxr> oh my god - looking thru submaster I really wonder if the contributing and voting people know what they do ... 15:45 < rxr> .oO 15:45 < rxr> Alejandro Mery: 15:45 < rxr>         * openldap updated (2.2.17->2.2.19) 15:45 < rxr>   15:45 < mnemoc> :) 15:45 < rxr> (fake) this is not stable!! please don't update such vital packages to non-stable versions... or tell me why you need it ;) 15:45 < mnemoc> fake voted against it :\ 15:45 < jsaw> re 15:45 < rxr> Alejandro Mery: 15:45 < rxr>         * openvpn updated to beta branch (1.6.0 -> 2.0-beta15) 15:45 < rxr> (fake) 2.0rc1 is out! mind updating to that? 15:46 < rxr> *lol* 15:46 < rxr> mnemoc: but your updates are not what I wondered about - I wondered about other discussion - e.g. about the lib64 ones ... 15:47 < rxr> oh - my this is a trash deposit - I shoudl stop looking into it ... 15:48 < rxr> what the heck?: 15:48 < rxr> Clifford Wolf: 15:48 < rxr>         Disable gcc java compiler on default 15:48 < rxr> and I'm a braindead person causing regressions and just removing features ... 15:48 < rxr> ehrm - and the patch even disables CHILL ... 15:48 < mnemoc> :D 15:50 < rxr> please remind me never to look into this thing - it causes an headache over ehre ... 15:50 < rxr> here even 15:53 < rxr> just running a testbuild of a maildir update 15:53 < rxr> maildrop even 15:57 < rxr> hm- the rock svn is also again very slow ... 15:57 < martin_> re 15:57 < rxr> hi martin_ 15:58 < rxr> hm - strange I wonder why the rock maildir packages does not cuase shared files with courier-imap ... 15:58 < rxr> usr/bin/deliverquota: courier-imap maildrop 15:58 < rxr> !> usr/bin/maildirmake: courier-imap maildrop 15:59 < rxr> !> usr/share/man/man1/maildirmake.1: courier-imap maildrop 15:59 < jsaw> ... 16:00 < rxr> maybe they do not know yet ... 16:00 < mnemoc> not-yet-tested-update? 16:07 < martin_> http://nexus.tfh-berlin.de/~bsdforum/sys/ 16:13 < CIA-9> rene * r5074 /trunk/package/mail/maildrop/ (deliverquota.patch maildrop.conf maildrop.desc): 16:13 < CIA-9> * updated maildrop (1.6.3 -> 1.7.0) and moved the shared file adaptions 16:13 < CIA-9> out of a patch into the maildrop.conf using the INSTALL_WRAPPER 16:13 < rxr> oh - forgot to change the maintainer 16:17 < rxr> martin_: nice that our new decent server seems to be online ;-) 16:17 < rxr> (is it that good to post the link here into the wild?) 18:27 -!- madtux [~mike@200.91.101.100] has joined #t2 18:27 < madtux> hi 18:31 < rxr> hi madtux 18:32 < madtux> hello rxr 18:32 < madtux> so last night i "evaluated" FC-3 as i heard they suppored selinux on full dekstop enviroment 18:32 < madtux> what a waste of time :( 18:33 < madtux> FC2 sucked... BIG time.. and it hasn't changed 18:33 < rxr> yeah - thats it about Fedora Core ;-) 18:40 < nullslack> madtux, what the first step if you feel that there's something fishy with ur sever? 18:40 < madtux> define fishy 18:41 < nullslack> ifconfig and ip is missing or maybe the path has been altered 18:41 < madtux> mm.. 18:41 < madtux> did u ask "find" ? 18:42 < madtux> nullslack: imho both ifconfig and ip should be in /sbin 18:42 < madtux> question are u root ? 18:43 < nullslack> nope...and the ssh login is slow compared before....worst thing is ifconfig and ip is there after i re-login 18:43 < madtux> a normal user should exec them unless they use the full path.. yet won't have much to do 18:43 < madtux> nullslack: mmm... 18:43 < madtux> would u please check if u get an answer when u try to ssh to port 122 on ur box? 18:44 < madtux> i think you are been / have been rootkited 18:44 < nullslack> btw, our net connection was loss with a dns error 18:44 < nullslack> 122? 18:44 < madtux> yeah .. nmap won't show it active 18:45 < madtux> just try it.. several "crackers" use port 122 to create an ssh backdoor 18:45 < madtux> i would suggest check for a rootkit on the box 18:45 < madtux> ckrootkit 18:46 < nullslack> yeah...i was thinking about that also...but how will i preserve the evidence? 18:46 < nullslack> or the first step when you get hacked 18:47 < madtux> if you were rootktted already then the evidence is cleaned up already 18:47 < nullslack> what do u mean? 18:47 < madtux> but maybe there is a /dev/aix file with ur passwords in plan text 18:47 < madtux> or there is a file called /var/lib/games/.src ? 18:47 < madtux> directory i ment 18:47 < madtux> note the "." on the path 18:48 < madtux> if ur server was hacked is probable that the logs and evicences were cleaned - removed 18:48 < nullslack> hmmm....i can't put the server off-line...is changing the root password ok already? or is there an other way he can get through? 18:49 < madtux> in most of the cases changing the root password won't change a thing 18:49 < nullslack> so...i can't trace where it came from? 18:49 < nullslack> what would you suggest? 18:49 < madtux> look for the root kit for now.. and most important.. DON'T reboot the server 18:50 < madtux> no its very probable that you can't.. u don't have any IDS systems on that box? 18:50 < nullslack> yes...i didn't reboot it...no ids ;( 18:51 < nullslack> then clean the rootkit? 18:51 < madtux> ok _DON'T_ reboot... 18:51 < madtux> well if you were rootkitted then some applications have probably replaced.. some of then are often: 18:51 < nullslack> is it possible that he is logged-in and can monitor what i'm doing on the server? or our net connections? 18:51 < madtux> openssh, rsync, coreutils, inittools 18:51 < madtux> yes its possible. 18:52 < madtux> now i'm just make an assumptiong 18:52 < madtux> -q 18:52 < nullslack> -q 18:52 < madtux> did u find a anything in /var/lib/games/ ? 18:52 < madtux> -g as in assumption 18:52 < madtux> :) 18:52 < nullslack> lemme check 18:52 < madtux> check for a ".src" directory 18:53 < madtux> ok for any .* directory in /usr/local/ 18:54 < nullslack> .src dir? in /? 18:55 < madtux> is there a .src in / ?! 18:55 < madtux> 0_o 18:55 < nullslack> i found authlogfail.unsort and deniedlog.unsort in /tmp with recent timestamp 18:55 < nullslack> i found this in / %{tmpdir} 18:56 < madtux> show me 18:57 < nullslack> empty 18:57 < madtux> now i'm a bit confused... is there a /.src directory? 18:57 < madtux> oh ok its empty 18:57 < madtux> what about the authlogfail.unsort and deniedlog.unsort ? 18:57 < madtux> are they empty? 18:57 < nullslack> yes 18:57 < nullslack> how to find .src dir? 18:58 < madtux> do u get any segmentation faults when u run ls or so? 18:58 < nullslack> is netstat included in the changed files 18:58 < madtux> could be 18:58 < nullslack> no... 18:58 < madtux> nullslack: wise advice.. change make backup NOW 18:59 < nullslack> backup? 18:59 < madtux> i mean make a backup now 18:59 < madtux> of the server 18:59 < nullslack> how 18:59 < nullslack> cp -a? 18:59 < nullslack> or something? 18:59 < madtux> oh geez.. 18:59 < madtux> you are not a sysadmin are u ? 18:59 < madtux> be honest i want to help you. 18:59 < nullslack> not really experienced 18:59 < madtux> ok 19:00 < madtux> is this server online right now? 19:00 < nullslack> yes 19:00 < mnemoc> rehi 19:00 < madtux> ok... try scping o rsyncing the critical server files FROM a machine in ur lan.. not from another server 19:01 -!- c4y0 [~c4y0@200.75.68.67] has joined #t2 19:01 < c4y0> hi! =) 19:01 < nullslack> ok...so the main thing to do is re-install the server right? 19:01 < madtux> hello c4y0 19:02 < nullslack> because it is safer that way 19:02 < madtux> if you are not an expirenced sysadmin it will be alot easier and quicker for you to just back up and reinstall 19:02 < madtux> but of course reinstall and add some good firewalls, check for vulnerabilities on ur daemons, install ids systems 19:03 < madtux> u know do at least the security basics on the box.. else they will hack u again 19:03 < madtux> rxr: perhaps u have something to say on this? 19:03 < nullslack> i know...i have been trying to tell them that we need to replace the server...because it is not updated 19:04 < madtux> nullslack: it is critical to make security updates 19:04 < rxr> madtux: no ;-) 19:04 < madtux> else that kind of things happen 19:04 < madtux> rxr: am i doing ok? ;0 19:04 < madtux> :) 19:05 < nullslack> they trusted the guy who installed the OS...but he hasn't given us an update of their distro 19:05 < nullslack> i was planning to make an image backup...any suggestions? 19:05 < madtux> suggestion... 19:06 < nullslack> is there anything i could still find if i do that 19:06 < madtux> there is a very minimal possibility to find evidences 19:06 < nullslack> so i'm pretty lost right now ;( 19:07 < madtux> ok lets see is this box using IDE hd's or scsi? 19:07 < nullslack> scsi 19:07 < madtux> DOH! 19:07 < nullslack> ? 19:08 < madtux> try copying important file with rsync o scp to another box 19:08 < madtux> i would suggest /etc /home /root /var if you don't know exactly what to backup 19:08 < madtux> or if u have enough space just copy the whole thing 19:08 < mnemoc> scp to backup those? outch 19:10 < madtux> mnemoc: have u read all the conversation? 19:10 < madtux> perhapos rsync over an ssh tunnel is better 19:10 < madtux> mnemoc: btw I'm doing great thanks for asking, and you? 19:11 < mnemoc> rehi hi! =) hello c4y0 19:11 < mnemoc> great too, thanks for asking :) 19:11 < madtux> mmm... u are using xchatr?! 19:11 < nullslack> hmmm....i just want to know how the attacker got in...i saw a local ip trying to connect to ssh 19:11 < mnemoc> me??? 19:11 < mnemoc> i have only read parts of it 19:12 < madtux> nullslack: ok lets begging with the basics ask wikipedia what a rootkit is :) 19:12 < madtux> i will come back in 30 minutes. 19:12 < madtux> mnemoc, c4y0 you guys please feel free to jump in and help .. as u are sysadmins too 19:13 < mnemoc> nullslack: first rule, never panic. with a reboot you can loose all your data 19:15 < nullslack> what do u mean loose all my data? 19:15 < mnemoc> you don't know if he set a bomb in your init scripts 19:15 < mnemoc> do you? 19:16 < nullslack> ic..thnx 19:17 < mnemoc> _while_ you copy your data to a safe place try to find what is he doing in this moment 19:17 < nullslack> this is my first time dealing with a server that's been hacked...and sad part of it...i'm not the one who installed and configured it ;( 19:18 < madtux> nullslack: its ok.. those kind of things are the one that make one become a great sysamin and then make u evolutionate into a security consultant.. and then there is the big bucks 19:18 < mnemoc> your first goal must be backup the whole machine without showing the bad guy you know he got in 19:19 < mnemoc> your seconf goal must be to find what he did 19:19 < mnemoc> and the third _how_ he did it 19:19 < mnemoc> don't hunt him if you don't know who is stronger 19:21 < mnemoc> nullslack: madtux gets _big_ bucks thanks to that experience :) 19:34 < nullslack> mnemoc, without showing how he got in? how? 19:34 < nullslack> madtux, thnx 19:35 < nullslack> im getting the imp logs on another machine 19:35 < nullslack> important 19:35 < mnemoc> nullslack: without acting _against_ him 19:36 < mnemoc> _copy_ as much as you can 19:36 < nullslack> ic...i just want to find out how he got in. i'm just curious ;) 19:37 < nullslack> i was planning to do real security...but they wouldn't understand... 19:37 < mnemoc> your have to trace him back 19:38 < nullslack> not really that...i mean what vulnerability did he exploited in able to get in 19:51 < mnemoc> do you have apps running as root? 19:51 < mnemoc> do you have users with shell account? 19:52 < mnemoc> chkrootkit (on t2) can audit your machine looking for rootkits 19:54 * madtux relax, sits back and listen to master mnemoc give security advice :) 19:55 < mnemoc> madtux has been cracked more times than me :) 19:56 < mnemoc> he has _more_ experience, and as he is back he can give you more advices :) 19:56 < madtux> mnemoc: well when i took linuxlabs infraestructure it was quite insecure 19:56 < mnemoc> so the one how must listen is me 19:57 < nullslack> hmmm...no rootkits 19:57 < nullslack> i've runned chkrootkit and rkhunter 19:57 < madtux> mnemoc: btw that last statement feel like a low punch 19:57 < mnemoc> which statement? 19:57 < madtux> 13:03 < mnemoc> madtux has been cracked more times than me :) 19:58 < madtux> ah well.. 19:58 < mnemoc> you have more machines and more clients than i 19:58 < mnemoc> times vs. % 19:58 < mnemoc> you win 19:59 < madtux> nullslack: well if they already replaced ur binaries i spossible that thenselves removed the rootkit srcs 19:59 < madtux> not sure.. hackers have never managed to progress that much in my case. 20:05 < nullslack> hmmm...i'm just wondering...i have tried 'which ifconfig' and 'which ip' but with negative results...is it possible that the path was not inherited during an ssh login 20:06 < madtux> no. 20:06 < mnemoc> o_O 20:06 < madtux> nullslack: did u already check /sbin ? 20:07 < madtux> did u run a 'find -name ifconfig' in / 20:07 < madtux> ? 20:07 < madtux> as root of course. 20:07 < madtux> btw can see what does 'uptime' tell you? 20:08 < madtux> mnemoc: query 20:09 < nullslack> it's there in /sbin 20:09 < nullslack> uptime yields 30 days with 3 users? 20:09 < madtux> ok then what is ur problem? 20:09 < nullslack> 3 users? 20:09 < mnemoc> o_O 20:09 < madtux> run finger 20:09 < madtux> or 'w' 20:10 < nullslack> ok finger shows it 20:11 < madtux> :) 20:12 < nullslack> hmmm...weird...really! i tried it! i run 'ip' and 'ifconfig' and it says "command not found" ;) 20:13 < mnemoc> echo $PATH 20:13 < madtux> nullslack: ls -la /sbin/ip 20:13 < madtux> nullslack: ls -la /sbin/ifconfig 20:13 < madtux> they are probably symlinks 20:13 < madtux> :) 20:13 < madtux> mnemoc: what do u think? 20:14 < nullslack> no...they are working right now 20:14 < nullslack> i could run both already 20:14 < madtux> nullslack: u are not helping me too much to help to be able to help u 20:15 < mnemoc> analysis forense is an art :) 20:15 < madtux> .oO( entro la hora del sueno de medio dia) 20:15 < madtux> mnemoc: its easier when i have access to the box :) 20:16 < nullslack> madtux, oh sorry...i mean they're not symlinks 20:16 < mnemoc> forensic* 20:16 < mnemoc> file /sbin/ip 20:16 < nullslack> mnemoc, not symlink 20:16 < mnemoc> check your aliases too 20:19 < nullslack> it's weird when you ssh to a box then cannot execute 'ip' and 'ifconfig' when by default they are there. then just by exitting then re-logging the 2 works fine ;( 20:19 < nullslack> sorry for upsetting you 20:19 < madtux> u are not upsetting 20:19 < madtux> nullslack: i have 2 more questions 20:19 < nullslack> sure 20:19 < mnemoc> ssh and getty trigger diferente scripts to init bash 20:19 < madtux> 1. When u ssh u are login as root or as a normal user and then using 'su'? 20:20 < nullslack> as root 20:20 < mnemoc> .bashrc vs. .bash_profile vs. .profile 20:20 < madtux> 2. Are u by any chance running redhat, fedora, mandrake suse or conective in that box? 20:20 < nullslack> modified mandrake 20:20 < mnemoc> outch 20:20 < madtux> i always hated mandrake.. 20:20 < nullslack> me too 20:21 < madtux> nullslack: basically what u have to do is run the comands witht he absolute path 20:21 < madtux> at least those located at /sbin and /usr/sbin 20:21 < madtux> :) 20:21 < madtux> normal behavier in those systems. 20:22 < nullslack> madtux, i have been running the commands for almost a year now without absolute path ;) 20:22 < nullslack> madtux, oh sorry! 20:22 < madtux> did u update anything? 20:22 < nullslack> nope 20:22 < nullslack> i just log-in because our users are getting dns errors on their browsers 20:23 < mnemoc> even openssh has done remote-explotable fixes in the last year 20:23 < madtux> nullslack: u were ssh'ing to this box all this time? 20:23 < nullslack> yes 20:23 < madtux> how long has this system been on? 20:23 < nullslack> 30 days 20:23 < nullslack> uptime? 20:24 < mnemoc> was it installed 30 days ago? 20:24 < madtux> :) 20:24 < nullslack> last year 20:25 < nullslack> 30 days uptime 20:25 < nullslack> because we rebooted it 20:25 < madtux> yes i ment when was it installed.. 20:26 < madtux> no updates in a year 20:26 < madtux> scary 20:26 < nullslack> yes...because it's a modified distro.. wherein getting an rmp update from the sites would break it ;( damn! 20:27 < nullslack> they wouldn't listen 20:27 < mnemoc> advice: start building a t2 to use it's place, move the data and replace it 20:28 < mnemoc> you can't expect to trace a machine abandoned for a year 20:28 < mnemoc> worse if it's a mdk 20:29 < nullslack> mnemoc, i've been pushing to replace it with slackware before.. 20:29 < madtux> heck i would rather use an unpatched windows 98 as firewall than a mdk box 20:29 < nullslack> management call 20:29 * daja77 remembering madtux love for mdk 20:30 < mnemoc> :) 20:30 < mnemoc> who can love mdk? 20:30 < madtux> nullslack: ok 20:30 < nullslack> and i've been pushing that they let us IT group concentrate on security and the system administration not the operation! 20:30 < madtux> daja77: oh yeah just as much as u love that mother board u had when u meet me 20:31 < madtux> mnemoc: i can tell you who loves it.. CyBuX 20:31 < mnemoc> :\ 20:31 < madtux> seriously 20:31 < mnemoc> nullslack: after a break in you have more chances to get listened 20:31 < nullslack> give us some training...and allow us to do our job as systems admin 20:32 < nullslack> mnemoc, but i still haven't got any evidence that i've been compromised 20:32 < mnemoc> and remember a server needs _atleast_ weekly maintainment 20:32 < nullslack> chkrootkit and rkhunter...for rootkits 20:33 < mnemoc> nullslack: after he get root access mr. badguy _will_ remove every evidence that he got in 20:34 < mnemoc> and set a backdoor to get back easier whenever he wants 20:35 < mnemoc> something as simple as his pubkey on root's .ssh/ can be a hard to find backdoor :) 20:35 < nullslack> ic...i'll still keep digging...thanx for the help 20:46 -!- mnemoc [~amery@200.75.27.29] has quit [Read error: 60 (Operation timed out)] 20:47 < nullslack> thnx madtux ;) 20:48 < madtux> nullslack: there is nothing to thank me for :) 20:49 -!- mnemoc [~amery@200.75.27.55] has joined #t2 20:49 < rxr> welcome back mnemoc 20:49 < nullslack> madtux, for being patient...and for not flaming me ;) 20:50 < rxr> well - this is a friendly channel *g* 20:50 < nullslack> hi rxr 20:51 < mnemoc> :) 20:51 < madtux> nullslack: well i have been at ur cituation before so i know how it feels. besides anyone one that knows me for a while like rxr or mnemoc can tell i'm not such a bad guy... i can be nice sometimes 20:52 < mnemoc> a very nice guy when he is not the attacker :) 20:52 < rxr> haha 20:53 < daja77> ask him if he is a teddy bear 20:53 < mnemoc> or barney :p 20:53 * madtux hits mnemoc's head with owl pink notebook 20:54 < mnemoc> outch 20:54 < mnemoc> OT: owl is not here to see you took her notebook 20:54 < madtux> i'm NO ONE'S teddy bear.. and definitly barney isn't even to be counted.. mnemoc please put me away from your private secual fantasies with barney 20:55 < daja77> :) 20:55 < madtux> mnemoc: it doesn't matter u were here to feel it it in ur head 20:55 < daja77> j/k 20:55 < madtux> :) 20:55 < mnemoc> hehe 20:55 < madtux> see now u made me look like if i was an aggresive guy with nullslack 20:55 < madtux> u are evil 20:56 < madtux> mnemoc: and the whole "attacker" no one has proves that has ever been attacked by me :) 20:56 < mnemoc> does it needs to be proved? 20:57 < madtux> wel then how can u state that i make a attacks when u can't probe that i have done it or have the skills to do so ? :) 20:58 < mnemoc> any good security advisor has to 'know' how the bad guys do their job ;) and test how far can they go without getting noticed :) 20:59 < madtux> well i'm just a package updater :) 20:59 < madtux> ;-) 20:59 < madtux> anyways i will con tinue selinux stuff later today 21:00 < madtux> rxr: second week of march 2005 is a good time for to go to berlin? 21:00 < madtux> for me* 21:01 < rxr> hm - it will still be a bit cold ;-) No idea if this is fine for you ... *g* 21:02 < madtux> cold = snow? 21:02 < daja77> perhaps 21:02 < daja77> but not necessarily 21:02 < madtux> mountains for snow boarding near? 21:03 < daja77> no 21:03 < madtux> ah :( 21:03 < rxr> I do not think you will have snow at that time - the changes are under 5% I would estimate ... 21:03 < rxr> but arround or less than 10"C 21:04 < madtux> 10"C is ok for me 21:04 < madtux> 48"C is a nightmare to me 21:04 < madtux> rxr: cold is not the problem for me 21:04 < mnemoc> 31C here outside the office, here +2 or +3 21:05 < madtux> rxr: btw my question wasn't really meaning like.. how is the weather like.. but it was an idirect way to say something like.. can i visit you? 21:05 < madtux> 18"C in the office.. 23"C outside :) 21:05 < rxr> I should be around at that time - feel free to come over? ;-) 21:06 < rxr> just let me look up the CeBIT dates ... 21:06 < madtux> rxr: what is CeBIT ? 21:06 < madtux> rxr: before visiting u i intend to be here: http://chemnitzer.linux-tage.de/ 21:07 < mnemoc> isn't CeBIT an expo for big fishes? 21:07 < daja77> yep 21:07 < daja77> biggest worldwide 21:08 < rxr> 10 to 16 March is CeBIT ... 21:08 < rxr> at that time I'm most probably in Hannover 21:08 < madtux> Hannover... capchaos lives there.. :) 21:09 < madtux> define big fishes 21:09 < madtux> alan cox, rms, linus, mnemoc ? 21:09 < mnemoc> big corporations which own the real world 21:09 < madtux> that kind of people 21:09 < madtux> oh i see 21:09 -!- c4y0 [~c4y0@200.75.68.67] has quit ["BitchX-1.0c20cvs -- just do it."] 21:18 -!- martin_ [~martin@brln-d9ba1e49.pool.mediaWays.net] has quit [Read error: 110 (Connection timed out)] 22:23 < mnemoc> rxr: ping 22:56 < rxr> pong 22:57 < rxr> ouhm - 30 minutes latency :-( 22:59 < mnemoc> :) 22:59 < mnemoc> query =) 23:00 -!- madtux [~mike@200.91.101.100] has quit [Read error: 110 (Connection timed out)] 23:04 < rxr> it is -2.5°C here ... 23:04 < mnemoc> 27C here 23:05 < rxr> °C 23:05 < rxr> hm 23:05 < rxr> did you see the real degree symbol in one of the lines above ? 23:07 < mnemoc> yes 23:07 < rxr> oh my is this appl terminal broken ... 23:07 < rxr> apple even 23:07 < rxr> in which line? 23:07 < rxr> or in both? 23:07 -!- martin_ [~martin@brln-d9ba094b.pool.mediaWays.net] has joined #t2 23:08 < mnemoc> the first has an "A before 23:08 < mnemoc> the second is fine but with white background 23:08 < rxr> °C 23:08 < rxr> hm 23:08 < mnemoc> ä°ree;C 23:09 < mnemoc> Ä* 23:13 < rxr> I think I should not try post delivery mail filtering - this kind of sucks ... 23:14 < mnemoc> OT: do you know if fefe's tinyldap is alive? 23:18 < rxr> ouhm - just ask so many questions I can not answer today :-( 23:21 < mnemoc> :( 23:21 < rxr> the tinyldap page does not look that bad - just a bit old ... 23:22 * mnemoc checking it out 23:24 < mnemoc> GETTING.STARTED file is one month old only :) 23:33 < rxr> oh --- Log closed Wed Dec 15 00:00:26 2004