Freshnet.org

Denyhost backport for Debian Sarge

DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

If you’ve ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc…) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn’t it be better to automatically prevent that attacker from continuing to gain entry into your system?

Other info at  DenyHost site

Debs here

A (ugly) script for monitoring mysql replication

Mysql replication (if you can name “replication” a asynchronous stuff) it’s a nice thing…
But sometimeit have a problem
This is a simpe ugly script to monitoring slave status and sending a mail if slave stop in some way
I put this shi^H^H^script in a */10 cron.d file (but work also from command line)
—————————————————————————————————————

#!/usr/bin/perl -w

## On a slave server, check to see that the slave hasn’t stopped.

use strict;
use DBIx::DWIW;
use Mail::Mailer;

my $from_address = “SOMEALERTADRESS@YOUR.SITE”;
my $to_address = “ALERTREEPICIENTADDRESS@FOO.SITE”;
my $body;
my $subject;

open(LOG, “grep mysql /var/log/syslog|tail|”) || die “can’t fork tail: $!”;
while ( ) {
$body .= $_;
}

my $conn = DBIx::DWIW->Connect(
DB => “mysql”,
User => “ADMINUSER”,
Pass => “ADMINPASSWORD”,
Host => “localhost”,
) or exit;

my $info = $conn->Hash(”SHOW SLAVE STATUS”);

if (exists $info->{Slave_SQL_Running} and $info->{Slave_SQL_Running} and $info->{Slave_IO_Running} eq ‘Yes’)
{

# Se funziona esco dallo script
# If no prob exit from script

exit 0;

}

# Creo il body della mail
# Write mail body from logs
open(LOG, “grep mysql /var/log/syslog|tail|”) || die “can’t fork tail: $!”;
while ( ) {
$body .= $_;
}
## Testo i vari tipi di problema
## Check the prob and send a mail whit subject==problem type
## Mando una mail contentente il log e come soggetto l’errore
#
#
if (exists $info->{Slave_SQL_Running} and $info->{Slave_SQL_Running} eq ‘No’)
{
warn “slave SQL thread has stopped\n”;
$subject = “slave SQL thread has stopped\n”;
}
elsif (exists $info->{Slave_IO_Running} and $info->{Slave_IO_Running} eq ‘No’)
{
warn “slave IO thread has stopped\n”;

$subject = “slave IO thread has stopped\n”;
}
elsif (exists $info->{Slave_Running} and $info->{Slave_Running} eq ‘No’)
{
warn “slave has stopped\n”;
$subject = “slave has stopped\n”;}

my $mailer = Mail::Mailer->new();
$mailer->open({ From => $from_address,
To => $to_address,
Subject => $subject,
})
or die “Can’t open: $!\n”;
print $mailer $body;
$mailer->close();
—————————————————————————————————-

NB Sorry for my poor english
NBB Sorry for my poor perl

nmap 4.10 debs for Debian Sarge and Ubuntu Dapper

From: Fyodor
Date: Tue, 13 Jun 2006 13:54:29 -0700

Hello everyone,

I am pleased to announce the release of Nmap 4.10. The 10 Google SoC
students are hard at work and have already produced some interesting
patches. And I’m itching to make some big changes as well. So I
decided to produce a release before destabalizing the tree with all of
this development work. Especially since 4.10 includes many important
changes that deserve to go out ASAP. For example, we have integrated
all of your version detection submissions (about a thousand) for Q1,
bringing the DB up to 3,441 signatures representing 401 protocols!
The output format has been changed a bit to allow multiple ignored
port states. So if you scan a machine with thousands of ports in both
the filtered and closed states, your terminal will no longer be
flooded with pages of output. Meanwhile the ICMP rate limit detection
algorithms have been tweaked for better performance. Oh, and we’re
putting out a call for ASCII artists. ./configure for details. Read
on for dozens of other changes.

Packages backported from Debian SID for

• Debian Sargre
• Ubuntu Dapper-amd64
• Ubuntu Dapper

Gaim 2.0beta3 for Ubuntu Dapper

Last Gaim beta

Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, Novell GroupWise Messenger, Lotus Sametime, and Zephyr networks.

Gaim users can log in to multiple accounts on multiple IM networks simultaneously. This means that you can be chatting with friends on AOL Instant Messenger, talking to a friend on Yahoo Messenger, and sitting in an IRC channel all at the same time.

A quite insane backport from Debian experimental source

Deb here, have nice messaging

Nmap 4.0.3 debs for Debian Sarge, Ubuntu Breezy and Dapper

Fyodor fyodor_at_insecure.org Date: Mon, 24 Apr 2006 11:19:59 -0700Hello everyone,
…
I am also pleased to report that Nmap 4.03 is now available. It is
mostly a bug and portability fix release, though it does have a few
new features as well.

Packages backported from Debian SID for

• Debian Sarge
• Ubuntu Breezy
• Ubuntu Breezy-amd64
• Ubuntu Dapper

nmap-4.0.3 full release notes

Firefox 1.5.0 for Ubuntu Breezy amd64

Backport from Ubuntu Dapper

Debs here

rkhunter 1.2.8 for Debian Sarge and Ubuntu Breezy

Rootkit Hunter scans your system for known and unknown rootkits, backdoors, sniffers and exploits.

Some of the tests it does:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary filesBackport from SID, deb here
Rootkit Hunter homepage