search for: dfmm

just wondering about this. i noticed "make install" installs ssh-keyscan group-writable. is this intentional? openssh-2.5.2p2/Makefile.in, line 168: $(INSTALL) -m 0775 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan chris -- Christopher Linn, <celinn at mtu.edu> | By no means shall either the CEC Staff System Administrator | or MTU be held in any way liable

> ----- Original Message ----- > From: sthaug@nethelp.no > To: freebsd-security@dfmm.org > Subject: Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon > Date: Wed, 11 Oct 2006 18:20:18 +0200 (CEST) > > > > I realize that resources to keep chasing this stuff are in > > limited supply, but if you solicit the opinion of the community, > > I...

How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use

Hi list Several people have physical access to my FreeBSD box and I have the feeling that somebody try to get access with boot -s options . Can I log activity after boot -s option (change user password, install software and etc.). I use boot -s and change user password, but after reboot i can't find this atcivity in log files. The BSD box is shutdown and run again many time at day. Best

Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on MD5 are in the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any interest in using mlock to lock pages in core so that potentially sensitive data won't get swapped out to disk? (GnuPG, for example, does this). There was a thread on this a long time ago, and it degenerated into a discussion of crypto-swap, but the question was never answered. Is there a good reason not to do this? The only one

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recently had some weirdness that maybe someone can help explain. I have a linux box (2.2.18pre21+ext3+freeswan) running openssh 2.2.0p and openssl 0.9.5a. My box crashed mysteriously and then when it started back up, I saw this in the logs: Dec 12 21:45:19 moonchild sshd: Starting sshd: Dec 12 21:45:20 moonchild sshd[509]: Server listening on