 
            I happen to like apache 1.3 and see no problems with the 2.4 kernel. The SA version in stable is 2.2 so it's quite out of date. Then there is exim using version 3.36. The thing I like about stable is that the security patches happen first in stable. Having been hacked once, I tend to be a bit more conservative these days (*and by the way, I've also been seeing a lot of those scripted hack attacks). At least where my "production" software is concerned. At home I run testing/unstable. Not sure how I accomplished that, but there it is.
* I've added some code to my firewall rules to read in my personal blacklisted ipaddresses from a file and make drop rules out of it.
Now I need to write a little script to put in cron to scan my logs once a day and extract ip-addresses that are attempting to login and add them to the blacklist and restart the firewall.
something like:
MYADDR=xxx.xxx.xxx.xxx BLACKLIST=/etc/blacklist.txt FWSCRIPT=/etc/init.d/firewall.sh
cat /var/log/auth.log |grep -i failed\ password | cut -d\ -f11 |uniq > nuiq.txt if [ -e nuiq.txt ] then while read ipaddr do if [ $ipaddr ne $MYADDR ] ; then echo $ipaddr >> $BLACKLIST fi done < nuiq.txt $FWSCRIPT restart fi
My only problem here is sometimes I need to use 'cut -d\ -f11' and sometimes 'cut -d\ f12'. Sometimes I have to do both in the same file. So I guess it's time to pull out the sed pocket reference I have and learn something in there to help. It's because of the way the date is being posted to the log file: Oct 9 ... Oct 10 ... So I get one extra delimiter when the date has one digit. I'd also like to be able to skip the saving of the list to a file step. Alas my script skill are insufficient for the task. Also I might soon need to use a case or some other control method to ignore perhaps a half a dozen ipaddresses or even a range of ipaddresses for other users of the system.
Brian
-----Original Message----- From: Jeremy Turner
I said the heck with it and pinned my server on sarge. It'll be the new stable soon enough. I can't stand SA 2.4 or whatever is in stable, same with 2.4 kernel, Apache 1.3, etc.
Jeremy
-- Jeremy Turner [email protected] Linux Tips and News! ---> http://linuxwebguy.com
 
            Brian, since this is a Debian system, why not use apt-pinning for Spam Assassin to get the version from testing? What does Spam Assassin depend on? If it doesn't need the latest and greatest of a bunch of pkgs., then you shouldn't have much problem. e.g. if it depends on Python, but doesn't need the latest. http://www.agnula.org/download/demudi/apt_pinning/view http://jaqque.sbih.org/kplug/apt-pinning.html
Brian Densmore wrote:
I happen to like apache 1.3 and see no problems with the 2.4 kernel. The SA version in stable is 2.2 so it's quite out of date. Then there is exim using version 3.36. The thing I like about stable is that the security patches happen first in stable. Having been hacked once, I tend to be a bit more conservative these days (*and by the way, I've also been seeing a lot of those scripted hack attacks). At least where my "production" software is concerned. At home I run testing/unstable. Not sure how I accomplished that, but there it is.
<snip>
Brian
-----Original Message----- From: Jeremy Turner
I said the heck with it and pinned my server on sarge. It'll be the new stable soon enough. I can't stand SA 2.4 or whatever is in stable, same with 2.4 kernel, Apache 1.3, etc.
Jeremy
 
            On Mon, Oct 25, 2004 at 05:54:17PM -0500, Brian Kelsay wrote:
Brian, since this is a Debian system, why not use apt-pinning for Spam Assassin to get the version from testing? What does Spam Assassin depend on? If it doesn't need the latest and greatest of a bunch of pkgs., then you shouldn't have much problem. e.g. if it depends on Python, but doesn't need the latest. http://www.agnula.org/download/demudi/apt_pinning/view http://jaqque.sbih.org/kplug/apt-pinning.html
Or, for that matter, if it can use i386 packages, why not pull a newer spamassassin out of http://www.backports.org?


