search for: gawollman

...N patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently running openssh-portable-6.2.p2_3,1, and I think it started with upgrade to 6.2. -GAWollman

Hi, First of all, I know that not dropping SYN/FIN isn't really a big deal, it just makes no sense. But since it doesn't make any sense, I don't see the reason why not to discard them. I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've read some other posts on google and as far as I can tell, clearly invalid packets (like packets with SYN/RST set) is

howdie, Has anyone got a successful kerberos ticket passing solution setup with OpenSSH on BSD 5.3 ? --- Gareth Hopkins Server Operations UUNET South Africa

...0, 33513,134423, 0 [...] How should I interpret the failure count for "64 Bucket" and "128 Bucket"? Does it represent a problem, or something that needs to be tuned? There are no obvious tunables, but the code is not exactly transparent. No other zones show failures. -GAWollman

...y /(this->bp = (struct buf *)args[1]->ccb_h.periph_priv.entries[1].ptr) && start_time[this->bp] && (timestamp - start_time[this->bp]) > TOO_SLOW/ { @[strjoin("da", lltostr(args[0]->unit_number))] = count(); start_time[this->bp] = 0; } -GAWollman

Just upgraded 4.7 to 4.8 stable. Hoped that timezone info will be up to date, but it still isn't though files in /usr/share/zoneinfo show new dates. For instance daylight saving time settings are outdated in Europe/Vilnius file. I'll try to recompile those files from sources got fom ftp://elsie.nci.nih.gov/pub/ but it would be nice to have updated info for the next release of freebsd or

Some of you probably already read this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 Interesting...I wonder what is the impact of all this on FreeBSD code. We may very well suppose that any government or corporation funded code can theoretically have some kind of backdoor inside. --Andy

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

I'm trying to get veracity (http://www.rocksoft.com/veracity/), a tripwire replacement, working on FreeBSD 5.x. When I try and create a snapshot I get the following error for files sitting on my root partition: -- snip snip -- csh.logout E: Error opening binary (B) stream of file "/etc/csh.logout". (OS error message="File is on the procfs (/proc)

So, I've long known and it makes sense that when you're booted from a ZFS volume, you can't mess with the boot-loader. And, I know a few months ago I had a set of commands I would use when booted from a CD that would initialize the network and copy the "release/boot" from somewhere else so that I could install bootblocks and boot-loaders from more recent code. Sadly, I

Hi All, I need to configure a VPN between a FreeBSD-4.8 box and a Linux (FreeS/WAN) box. In the Linux side, the network administrator installed FreeS/WAN with RSA authentication without IKE support. Does anybody knows if is possible to make my FreeBSD box connect a VPN with the Linux box? If so, could point me to a documentation about how to install IPSec with RSA authentication and how to make

Greetings, I haven't upgraded my tree(s) for awhile. My last attempt to rebuild after an updating src && ports, resulted in nearly installing the entire ports tree, which is why I've waited so long. Try as I might, I've had great difficulty finding something that will _only_ upgrade what I already have installed, _and_ respect the "options" used during the original

Hi all. This might seem really naive, but can mtree be used effectively as a native-to-core-OS tripwire equivalent? Would it be as efficient in terms of time-to-run and resource requirements? What sort of pitfalls should I be aware of? Has anyone here done this? If so, would you care to share your scripts/techniques? Thanks, Dave -- ______________________

Greetings, out of fun and to investigate claims about alleged bgfsck resource hogging (which I could not reproduce) posted to news:de.comp.os.unix.bsd, I pressed the reset button on a live FreeBSD 5-STABLE system. Upon reboot, fsck -p complained about an unexpected softupdates inconsistency on the / file system and put me into single user mode, the manual fsck / then asked me to agree to

Aloha! (I've Googled around a bit, but failed to find much previous posts about this though I'm sure it has been discussed...) Have anybody (in core etc) considered adding a sudo implementation to thr FreeBSD base system. At least for me, sudo is an important part of implementing good security policy in FreeBSD. Yes, it is available as a port, but in a similar fashion of for example,

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced:

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that