Displaying 20 results from an estimated 25 matches for "gawollman".
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
...N patches and MIT Kerberos,
although Kerberos is not actually configured on this server.) A
work-around is to disable aes128-cbc in sshd_config, but it would be
nice not to have my logs spammed with this. Currently running
openssh-portable-6.2.p2_3,1, and I think it started with upgrade to
6.2.
-GAWollman
2005 Jul 02
3
packets with syn/fin vs pf_norm.c
Hi,
First of all, I know that not dropping SYN/FIN isn't really a big deal, it
just makes no sense. But since it doesn't make any sense, I don't see
the reason why not to discard them.
I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've
read some other posts on google and as far as I can tell, clearly invalid
packets (like packets with SYN/RST set) is
2005 Jan 18
1
Kerberos ticket passing
howdie,
Has anyone got a successful kerberos ticket passing solution setup
with OpenSSH on BSD 5.3 ?
---
Gareth Hopkins
Server Operations
UUNET South Africa
2013 Feb 10
0
Interpreting "vmstat -z" output
...0, 33513,134423, 0
[...]
How should I interpret the failure count for "64 Bucket" and "128
Bucket"? Does it represent a problem, or something that needs to be
tuned? There are no obvious tunables, but the code is not exactly
transparent. No other zones show failures.
-GAWollman
2013 Oct 15
0
How to unstick ZFS resilver?
...y
/(this->bp = (struct buf *)args[1]->ccb_h.periph_priv.entries[1].ptr) && start_time[this->bp] && (timestamp - start_time[this->bp]) > TOO_SLOW/
{
@[strjoin("da", lltostr(args[0]->unit_number))] = count();
start_time[this->bp] = 0;
}
-GAWollman
2003 Apr 15
2
outdated timezone info
Just upgraded 4.7 to 4.8 stable.
Hoped that timezone info will be up to date, but it still isn't though files
in /usr/share/zoneinfo show new dates.
For instance daylight saving time settings are outdated in Europe/Vilnius
file.
I'll try to recompile those files from sources got fom
ftp://elsie.nci.nih.gov/pub/ but it would be nice to have updated info for
the next release of freebsd or
2010 Dec 15
5
Allegations regarding OpenBSD IPSEC
Some of you probably already read this:
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Interesting...I wonder what is the impact of all this on FreeBSD code.
We may very well suppose that any government or corporation funded code
can theoretically have some kind of backdoor inside.
--Andy
2007 Jul 14
2
OpenBSM questions
Hello
I have some issues with OpenBSM which i cannot resolve, so i decided to
ask there.
1) I found some bugs in the auditreduce utility and created patch for it
- http://www.freebsd.org/cgi/query-pr.cgi?pr=114534.
Please, someone from freebsd team - take it, i think its better to fix
this before next release.
2) I found that when i`m using XDM as login manager with OpenBSM, all my
audit
2003 Dec 07
5
possible compromise or just misreading logs
I am not sure if I had a compromise but I am not sure I wanted some other
input.
I noticed in this in my daily security run output:
pc1 setuid diffs:
19c19
< 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003
/usr/X11R6/bin/xscreensaver
---
> 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003
/usr/X11R6/bin/xscreensaver
It was the only file listed and I didn't
2003 Nov 04
1
Veractiy and FreeBSD
I'm trying to get veracity (http://www.rocksoft.com/veracity/), a tripwire
replacement, working on FreeBSD 5.x. When I try and create a snapshot I get
the following error for files sitting on my root partition:
-- snip snip --
csh.logout
E: Error opening binary (B) stream of file
"/etc/csh.logout".
(OS error message="File is on the procfs (/proc)
2013 May 12
2
Reinstalling boot blocks on a ZFS-only system
So, I've long known and it makes sense that when you're booted from a ZFS volume, you can't mess with the boot-loader. And, I know a few months ago I had a set of commands I would use when booted from a CD that would initialize the network and copy the "release/boot" from somewhere else so that I could install bootblocks and boot-loaders from more recent code. Sadly, I
2003 Jul 28
10
IPSec
Hi All,
I need to configure a VPN between a FreeBSD-4.8 box and
a Linux (FreeS/WAN) box.
In the Linux side, the network administrator installed FreeS/WAN
with RSA authentication without IKE support.
Does anybody knows if is possible to make my FreeBSD box
connect a VPN with the Linux box?
If so, could point me to a documentation about how to install
IPSec with RSA authentication and how to make
2013 Jun 26
4
portupgrade(1) | portmaster(8) -- which is more effective for large upgrade?
Greetings,
I haven't upgraded my tree(s) for awhile. My last attempt to rebuild after an updating
src && ports, resulted in nearly installing the entire ports tree, which is why I've
waited so long. Try as I might, I've had great difficulty finding something that will
_only_ upgrade what I already have installed, _and_ respect the "options" used during the
original
2004 Jan 14
4
mtree vs tripwire
Hi all.
This might seem really naive, but can mtree be used effectively as
a native-to-core-OS tripwire equivalent? Would it be as efficient in
terms of time-to-run and resource requirements?
What sort of pitfalls should I be aware of?
Has anyone here done this? If so, would you care to share your
scripts/techniques?
Thanks,
Dave
--
______________________
2004 Nov 24
2
5-STABLE softupdates issue?
Greetings,
out of fun and to investigate claims about alleged bgfsck resource
hogging (which I could not reproduce) posted to
news:de.comp.os.unix.bsd, I pressed the reset button on a live FreeBSD
5-STABLE system.
Upon reboot, fsck -p complained about an unexpected softupdates
inconsistency on the / file system and put me into single user mode, the
manual fsck / then asked me to agree to
2005 Jul 19
2
Adding OpenBSD sudo to the FreeBSD base system?
Aloha!
(I've Googled around a bit, but failed to find much previous posts about
this though I'm sure it has been discussed...)
Have anybody (in core etc) considered adding a sudo implementation to
thr FreeBSD base system. At least for me, sudo is an important part of
implementing good security policy in FreeBSD.
Yes, it is available as a port, but in a similar fashion of for example,
2005 Mar 07
2
New entropy source proposal.
Hi.
I've been playing a bit with "use sound card as an entropy source" idea.
This simple program does what I wanted:
http://people.freebsd.org/~pjd/misc/sndrand.tbz
The program is very simple, it should be run with two arguments:
% sndtest /dev/dspW 1048576 > rand.data
This command will generate 1MB of random data.
With my sound card:
pcm0: <Intel ICH3 (82801CA)>
2003 Sep 24
4
unified authentication
Howdy list,
Sorry if this is a frequently discussed topic,
or an off-topic question, but I couldn't find much
info about my question by performing quick searches
in the archives, and my question is pretty tightly
related to security...
Background:
===========
I have a number of FreeBSD machines. Most are 4.x,
but a few are 5.x (mainly the testing/devel machines).
I also have a single Red
2005 May 13
1
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:09.htt Security Advisory
The FreeBSD Project
Topic: information disclosure when using HTT
Category: core
Module: sys
Announced:
2005 Oct 02
11
Repeated attacks via SSH
Everyone:
We're starting to see a rash of password guessing attacks via SSH
on all of our exposed BSD servers which are running an SSH daemon.
They're coming from multiple addresses, which makes us suspect that
they're being carried out by a network of "bots" rather than a single attacker.
But wait... there's more. The interesting thing about these attacks
is that