search for: hawkeyd

...s should I be aware of? Has anyone here done this? If so, would you care to share your scripts/techniques? Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/

I hope this isn't too off topic, but I'd like a quick solution to a problem. I have a small network behind a NAT firewall (FreeBSD of course) and I'd like to block/redirect all traffic from the internal network to the local mail server (same box as firewall) in order to prevent direct smtp requests to the outside world (mainly virus/trokan programs). I think I have it right in this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL vulnerabilities in ASN.1 parsing Category: crypto Module: openssl Announced:

In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries or tools under /bin or /sbin actually use that problem code? The recent XDR fixes the xdrmem_getlong_aligned(), xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() functions, but it is difficult to know what uses these (going backwards manually).

I seem to remember seeing somewhere (on this list/on the web -- don't remember) that there was some ``Snort-like'' software that was available under the BSD license. Unfortunately, I'm unable to find any information about such software. Was I dreaming, or can anybody else jog my memory? :) Kind regards, Devon H. O'Dell

Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1)

Is there any reason why releases have EoL dates after only 12 months? While it's clear that some sort of EoL is important, I can't think of any security advisories recently which weren't accompanied by patches for all the security branches, even those which are no longer officially supported. Colin Percival

Hello Folks, Just a status on upcoming advisories. FreeBSD-SA-03:15.openssh This is in final review and should be released today. Fixes for this issue entered the tree on September 24. I apologize for the delay in getting this one out. FreeBSD-SA-03:16.filedesc A reference counting bug was discovered that could lead to kernel memory disclosure or a system panic.

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

There's been an ongoing discussion (started by Colin Percival's recent work on nologin) about environment-poisoning attacks via "login -p". I thought I saw a way to address this, but the more I learn, the uglier this looks. Maybe some of the good folks who read freebsd-security can puzzle this one out: Problem: login -p can be used to propagate environment flags in order to

Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to

This affects only 3.7p1 and 3.7.1p1. The advice to leave PAM disabled is far from heartening, nor is the semi-lame blaming the PAM spec for implementation bugs. I happen to like OPIE for remote access. Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1

From bugtraq :-( >-----BEGIN PGP SIGNED MESSAGE----- > >Sendmail, Inc., and the Sendmail Consortium announce the availability >of sendmail 8.12.9. It contains a fix for a critical security >problem discovered by Michal Zalewski whom we thank for bringing >this problem to our attention. Sendmail urges all users to either >upgrade to sendmail 8.12.9 or apply a patch for

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

Hi all, please, is there some utility/command/... to list all installed kernel modules ? Peter Rosa

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and