mysqlhotcopy problem on Ubuntu 7.10

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

_______________________________________________
Opennac-devel mailing list
Opennac-devel@...
https://lists.sourceforge.net/lists/listinfo/opennac-devel

Windows GUI news

JUst released v3.0.0.147/26.11.07/SB:

Cannot use "*" in overview->MAC.
Allow change of switch->vlan_id.
Overview: Tickbox to enable patch lookups on the overview? (Speed).
Allow columns to be enabled/disabled, hide most by default for
simplicity.
Enable vlanloc table depending on server variable.
Express Quantum Grid: upgrade to v6.3
Vlan colum titles: Note that default_id is used for emergency recovery.
Server log: scroll to top

FYI, the pending list of issues with this GUI is now managed on
http://freenac.net/en/techguide/pendingwindows

Regards,

Sean

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Source code search function on SF

This allow you to search our sources..
http://sourceforge.krugle.com/kse/files?project=%22OpenNAC%22

Sean

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

PHP security

Hi,

This is worrying, to say the least:

PHP Security From The Inside
By Federico Biancuzzi
Stefan Esser is the founder of both the Hardened-PHP Project and the PHP
Security Response Team (which he recently left). Federico Biancuzzi
discussed with him how the PHP Security Response Team works, why he
resigned from it, what features he plans to add to his own hardening
patch, the interaction between Apache and PHP, the upcoming "Month of
PHP bugs" initiative, and common mistakes in the design of well-known
applications such as WordPress.
http://www.securityfocus.com/columnists/432

Sean

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

dot1x timouts with VMPS

The perl script that handles the VMPS requests (rad2vmps) waits forever
for VMPS answers:

Thu Nov  2 15:25:17 2006 : Debug:   modcall[authorize]: module
"check_mac" returns noop for request 86
Thu Nov  2 15:25:17 2006 : Debug:   modsingle[authorize]: calling eap
(rlm_eap) for request 86
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: EAP packet type response id
18 length 6
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Thu Nov  2 15:25:17 2006 : Debug:   modsingle[authorize]: returned from
eap (rlm_eap) for request 86
Thu Nov  2 15:25:17 2006 : Debug:   modcall[authorize]: module "eap"
returns updated for request 86
Thu Nov  2 15:25:17 2006 : Debug: modcall: leaving group authorize
(returns updated) for request 86
Thu Nov  2 15:25:17 2006 : Debug:   rad_check_password:  Found Auth-Type
EAP
Thu Nov  2 15:25:17 2006 : Debug: auth: type "EAP"
Thu Nov  2 15:25:17 2006 : Debug:   Processing the authenticate section
of radiusd.conf
Thu Nov  2 15:25:17 2006 : Debug: modcall: entering group authenticate
for request 86
Thu Nov  2 15:25:17 2006 : Debug:   modsingle[authenticate]: calling eap
(rlm_eap) for request 86
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: Request found, released
from the list
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: EAP/mschapv2
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: processing type mschapv2
Thu Nov  2 15:25:17 2006 : Debug:   rlm_eap: Freeing handler
Thu Nov  2 15:25:17 2006 : Debug:   modsingle[authenticate]: returned
from eap (rlm_eap) for request 86
Thu Nov  2 15:25:17 2006 : Debug:   modcall[authenticate]: module "eap"
returns ok for request 86
Thu Nov  2 15:25:17 2006 : Debug: modcall: leaving group authenticate
(returns ok) for request 86
Thu Nov  2 15:25:17 2006 : Debug: radius_xlat:  'Required attributes
"Calling-Station-Id" and "NAS-IP-Address" were not found in the
request.'
Thu Nov  2 15:25:17 2006 : Debug:   Processing the post-auth section of
radiusd.conf
Thu Nov  2 15:25:17 2006 : Debug: modcall: entering group post-auth for
request 86
Thu Nov  2 15:25:17 2006 : Debug:   modsingle[post-auth]: calling
check_mac (rlm_perl) for request 86
Thu Nov  2 15:25:17 2006 : Debug: perl_pool: item 0x834a818 asigned new
request. Handled so far: 42
Thu Nov  2 15:25:17 2006 : Debug: found interpetator at address
0x834a818

So:
- a timeout needs to be added (its only a UDP answer, that may never
come) e.g. 200ms
- and a number of retries, e.g. 5
- and a second vmps server IP address
- all paramets should be configurable.

Sean

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Is it possible to use switches other than cisco for freenac?

Hi, Freenac gurus,

I am interesting for this project, but I have one question:

Is it must fro using cisco switches to realize freenac?

In the other words, could it be a possible to assign dynamic vlans
other than vpms in cisco world?

Ok, maybe we could use 802.1x, so this could dynamic vlan assignment?
instead of VPMS?

If it is possible, that will be great!

TIA

Zhou

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

OpenVMPS Logging Function Format String Vulnerability

Hi,

One of the key FreeNAC components (namely OpenVMPS) suffers from a Logging Function Format String
Vulnerability which affects version 1.3 running on Debian 3.0, Slackware 10.0 and Fedora Core 2. See also
the advisory http://www.securityfocus.com/bid/15072/info

The OpenVMPS author solved this problem in the CVS (see
http://vmps.cvs.sourceforge.net/vmps/vmpsd/), but didn't published a patch for the current stable release.

As regards FreeNAC.net, we are providing:

a) An OpenVMPS patch, if you wish to update your OpenVMPS module:
http://www.freenac.net/downloads/openvmps.patch

b) If you are using the FreeNAC virtual appliance please do an "svn update" from /opt/nac to fix this vulnerabilty.

c) For 'tarball' users, an updated tarball will be released next week containing this fix and some new features.

Regards,

the FreeNAC team

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: OpenVMPS security weakness

Great. I'm on the openvmps dev list, but I didn't see any messages. This
shows the importance of communications: making sure your user community
is aware of changes.
We must work more with the OpenVMPS author...

Ok, lets test in development (HO/SB) & rollout (PB/SB).

Sean

> guys, you're TEN MONTH late! 
> this has been fixed in CVS on Thu Dec 29 15:21:20 2005 UTC
> 
> http://vmps.cvs.sourceforge.net/vmps/vmpsd/log.c?view=log
> 
> Revision 1.4 - (view) (download) (annotate) - [select for diffs] 
> Thu Dec 29 15:21:20 2005 UTC (9 months, 3 weeks ago) by dori_seliskar 
> Branch: MAIN 
> CVS Tags: HEAD 
> Changes since 1.3: +2 -3 lines 
> Diff to previous 1.3 
> Format String Vulnerability Fix 
> (http://www.securityfocus.com/bid/15072/info) by Manuel 
> Bouyer < bouyer netbsd org >

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

OpenVMPS security weakness

Just found an exploit for openvmps, 
http://www.securityfocus.com/bid/15072/info

Which of you can do an anaylsis and maybe even come up with a patch? I'm
not sure that the OpenVMPS autor is still actively maintaining.

Regards,

Sean

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Exploit for OpenVMPS 1.3

Hi, I've found the next advisory:

OpenVMPS is affected by a remote format-string vulnerability. The application fails to properly
sanitize user-supplied input before using it as the format specifier in a system-log entry.

Info and the exploit can be found at: http://www.securityfocus.com/bid/15072/info

I've tested the exploit and seems to affect OpenVMPSd v1.3 (the one we use) running on Slackware 10.0,
Debian 3.0 and Fedora Core 2. The exploit failed when I tested it in the development server, since we are
running on a different distro. 

No patches have been released for this vulnerability.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Radius support

Hi, here is a short discussion about all the OpenSource RADIUS servers available to tie in 802.1X support in FreeNAC.

Cistron RADIUS

It is the predecessor of FreeRadius. It is still maintained because lots of people still use it, but it will
not get any major new functionality (SQL, LDAP, etc) as FreeRadius.

ICRADIUS

A variant of Cistron, with MySQL support, and a web-based front end. Not much info available  at the moment
(web site has some technical difficulties).

XtRADIUS

Another Cistron variant, with extension for running external programs for accounting or
authentication. This RADIUS performs authentication using either a radius users file, or the system
password file, or an external script. Documentation is scarce and it doesn't appear to be actively maintained.

OpenRADIUS

Support for LDAP, SQL. The authentication can be fully customizable. Everything is a pluggable,
completely under the control of the administrator. Lacks some documentation though. 

GNU-radius

Authentication schemes somewhat limited (system database, internal database, SQL auth, PAM auth).
Allows for SNMP management. Ability to rewrite RADIUS requests from various NASs to normalize them to a
more understandable format, as well as the ability to completely customize the behavior of radius
authentication and accounting based on NAS and user attributes. Mailing list not very active.

Yard RADIUS

Derived from the original Livingston radius server. It doesn't support MySQL and LDAP.Development seems
not very active at the moment. Doesn't support multi-threading.

JRADIUS

It is not a standalone server, it's a java plugin for FreeRadius which talks to a Java server, allowing you to
write RADIUS handlers in Java.

FreeRadius

Includes a PAM authentication module and Apache authentication modules. Comes with a PHP-based web user
administration tool, support for LDAP, MySQL, PostgreSQL, Oracle, EAP, EAP-MD5, EAP-SIM, EAP-TLS,
EAP-TTLS, EAP-PEAP and Cisco LEAP. Supports proxying, failover and load balancing. Support for writing
own auth modules. Mailing list is pretty active. Documentation can be a pain in the ass though.

There are some others (ie. PowerRadius, WinRadius) but they are not opensource :(

It seems that the best option we have is FreeRadius. Does anyboby have a different point of view?

Héctor

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642