Looks like RO access is still up..
-----Original Message-----
From: Clayton Dukes [mailto:cdukes@xxxxxxxxx]
Sent: Thursday, July 13, 2006 2:14 PM
To: Freeman, Michael
Cc: php-syslog-ng-support@xxxxxxxxxxxxxxxxxxxxx; Claus Lund
Subject: Re: Sourceforge SVN has been hacked!
Lovely...
On 7/13/06, Freeman, Michael <mfreeman@xxxxxxxxxxxx> wrote:
> ( 2006-07-13 09:23:52 - Project CVS Service, Project Shell Service,
> Project Subversion (SVN) Service, SourceForge.net Web Site ) A
recent
> kernel exploit was released that allowed a non admin user to escalate
> privileges on the host pr-shell1. We urge all users who frequent this
> host to change their password immediately and check their project
> group space for any tampering. As a precaution, we have blocked access
> to all project resources by passwo
>
> -----Original Message-----
> From: php-syslog-ng-support-bounces@xxxxxxxxxxxxxxxxxxxxx
> [mailto:php-syslog-ng-support-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf
> Of Clayton Dukes
> Sent: Thursday, July 13, 2006 10:56 AM
> To: php-syslog-ng-support@xxxxxxxxxxxxxxxxxxxxx
> Subject: [Php-syslog-ng-support] V2.9.2 Now Available
>
> Version 2.9.2 is now available at:
> http://php-syslog-ng.gdd.net/current.tgz
>
> Lot's of changes here, so be sure to read the README.
> I've just installed the demo using the installer so I know it works.
> The demo is at http://php-syslog-ng.gdd.net Login/password is
> demo/demo And is generating live (fake) data using the
> scripts/dbgen.pl file Any problems, please let me know!
>
>
> P.S.
> Here's the Readme :-)
>
> /*********************************************************************
> / Release notes for php-syslog-ng 2.9.1:
> I've taken the 2.8 version, fixed a few bugs/annoyances and added an
> install interface.
> To use the installer, just create an empty (writeable) config.php in
> the config/ directory and point your browser to
> http://yourserver/install
>
> I've also added a perl script to generate fake events located at
> scripts/dbgen.pl
>
> Added the Cisco Error Message Database (CEMDB)
> - The CEMDB includes a MySQL table of all cisco errors available
> (~25k entries).
> - It will automatically display more information about any
> Cisco-based event that comes in.
> - Note that you must have javascript enabled for this to display.
> To enable this feature, your config file requires two entries:
> define('CEMDB', 'ON');
> define('CISCO_ERROR_TABLE', 'cemdb');
> These entries are created if you use the installer.
>
> I'm including the dumpfile for the CEMDB stuff - it can be found in
> install/sql/cemdb.sql Note that scripts/cemdb/* is not needed, it's
> there for future updates of the cemdb.
> All you need is the cemdb.sql file in the install directory.
> * You may want to GZIP this file to save space, I'm leaving it
> uncompressed to the installer can use it
> * Someone should write code to automatically uncompress and compress
> it as needed using the installer
> * (I may if I have time)
>
> - Clayton Dukes
> - Lot's-o-props to Michael Freeman for his help on the emd.pl script!
> (mfreeman451@xxxxxxxxx)
> /*********************************************************************
> /
>
> /*********************************************************************
> /
> * Release notes for php-syslog-ng 2.9.2:
> * NEW CONFIG - If you are not using the install utility provided,
> please note that the
> * config/config.php file has changed -- see config.php.dist for an
> example.
> /*********************************************************************
> /
> - Lot's of minor fixes to 2.9.1
> - Added Graphing capability on the main page
> - To enable/disable Graphs, modify config.php
> * Be sure to create a cache directory (jpcache is the default) and
> make it writeable by the web user.
> * You may also want to add a cronjob to clean out the cache on a
> daily basis, like so:
> @daily find /path/to/web/directory/html/jpcache -atime 1 -exec rm -f
> '{}' ';'
> * This will delete files in that directory older then 1 day
> - Please read more about JPGraph here:
> http://www.aditus.nu/jpgraph/pdf/jpgraphddda.pdf
> Specifically, please note that it required GD libs to run!
> - The full JPGRAPH library is included with this distribution located
> under includes/jpgraph It is the standard download - no modifications
> have been made to the source.
>
>
> - Changed the size of host tables in the database from varchar(32) to
> varchar(128) -- my customer has *really* long dns name s and they were
> getting truncated.
> To modify your installation, do the following from mysql:
> * alter table logs modify host varchar(128) default NULL;
> * alter table search_cache modify value varchar(128) default NULL;
> Then, be sure to clear your search cache:
> * delete from search_cache;
>
> - Changed default searches to include only yesterday to today. In
> other words, if you leave the date fields blank on the mai n page and
> click search, it will only search from yesterday until today, not
everything.
> I did this because users at my clie nt site would just click search
> without selecting anything just to see what it does and then complain
> that it was slow :-)
> * To do this, I just modified regularresult.php and changed the
> following:
> $date = get_input('date');
> if (! $date) {
> $date = "yesterday";
> }
> $date2 = get_input('date2');
> if (! $date2) {
> $date = "today";
> }
>
> - A couple of people have asked how to create a password for the admin
> manually through the DB interface, here's how:
> insert into users (username, pwhash) values ('admin',
> MD5("somepassword"));
>
> - Modified reloadcache.php and added:
> $basePath = dirname( __FILE__ );
> include_once "$basePath/../includes/common_funcs.php";
> include_once "$basePath/../config/config.php"; So that I could run a
> cron job every 5 minutes to update the cache:
> 0,5,10,15,20,25,30,35,40,45,50,55 * * * * php
> /www/php-syslog-ng/html/scripts/reloadcache.php >>
> /var/log/reloadcache.log
>
> - Modified dbgen.pl and made it more random -- including random hosts
> now.
> * Also cleaned up the code some in it.
>
> - Modified scripts/syslog2mysql.sh so that it uses syslogadmin instead
> of syslogfeeder (I don't see a need for a separate sy slogfeeder
> account)
>
> - Modified many of the files to use $basePath parameter instead of
> relative paths $basePath = dirname( __FILE__ ); include_once
> "$basePath/../includes/common_funcs.php";
> include_once "$basePath/../config/config.php";
>
> - Modified META refresh tags on login and logout to use JS instead of
> META since it's faster and doesn't try to modify heade r information.
>
> --
> =============================
> Clayton Dukes
> Network Consulting Engineer, Advanced Services Cisco Systems, Inc.
> Office: 919.392.6122
> Fax: : 919.869.1580
> Cell: 813.545.7373
> Email: cdukes@xxxxxxxxx
> MSN: cdukes@xxxxxxxxx
> =============================
>
>
> ----------------------------------------------------------------------
> --
> -
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier Download IBM WebSphere Application Server v.1.0.1 based on
> Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=1216
> 42 _______________________________________________
> Php-syslog-ng-support mailing list
> Php-syslog-ng-support@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/php-syslog-ng-support
>
--
=============================
Clayton Dukes
Network Consulting Engineer, Advanced Services Cisco Systems, Inc.
Office: 919.392.6122
Fax: : 919.869.1580
Cell: 813.545.7373
Email: cdukes@xxxxxxxxx
MSN: cdukes@xxxxxxxxx
=============================
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
|
