Displaying 20 results from an estimated 41 matches for "pentchev".
2004 Jan 13
3
pam_chroot
Has anyone got the pam_chroot module to successfully work in FreeBSD? I
have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and
libraries into my chroot, I can chroot -u test -g test /home/test
/usr/local/bin/bash and it works perfectly. So now I am trying to get the
pam module to work. I added
session required pam_chroot.so debug
into the
2004 Sep 07
1
ACS-38 SmartCard reader
...to suggest anything being available for FreeBSD.
The only thing I could find that seems to be somewhat close is the ccid
project at http://pcsclite.alioth.debian.org/ - yet it says that ACR-38
support is not quite working and occassionally the communication will
hang.
G'luck,
Peter
--
Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
I had to translate this sentence into English because I could not read the original Sanskrit.
-------------- next part -----...
2003 May 28
1
FW: Question about logging.
I'm forwarding this to security@, as I'm getting no replies on ipfw@.
Hope it's relevant enough for you :(
---Original Message-----
From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org]
On Behalf Of Erik Paulsen Skålerud
Sent: Wednesday, May 28, 2003 1:02 AM
To: ipfw@freebsd.org
Subject: Question about logging.
Sorry for asking this, It's probably been
2003 Aug 06
2
Checking realpath file up to date
On the advisory about the realpath problem it says that it was corrected:
RELENG_4_8
src/UPDATING 1.73.2.80.2.3
src/lib/libc/stdlib/realpath.c 1.9.14.1
src/sys/conf/newvers.sh 1.44.2.29.2.2
I ran cvsup and when I look at my src/lib/libc/stdlib/realpath.c I see
2003 Sep 15
1
md5 salt
Hi,
I was looking at the crypt(3) manpage, and I'm having a hard time figuring
out what the allowed characters are for the salt in md5 and blowfish
encryption. For DES, it clearly states that only numbers, letters and
digits may be used.
Does anyone know the rules for md5/blowfish salt characters?
Thanks,
Charles
--
Charles Sprickman
spork@inch.com
2004 Apr 07
5
Changing `security@freebsd.org' alias
Hello Folks,
The official email address for this list is
`freebsd-security@freebsd.org'. Due to convention, there is an email
alias for this list: security@freebsd.org, just as there is for
hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on.
The security@freebsd.org alias has been the source of occassional
problems. Several times in the past, postings have been made to
2004 Feb 06
1
ipfw question
Dear All.
I want to use 'not' for 2 addresses (for both) in ipfw2 rule.
The only way that looks like what I need is
# ipfw add count from IP1 to not IP2,IP3
But does this rule indeed makes what I want? Does it count all
packets destined to addresses other then IP2 AND IP3?!
No other syntax works.
For example more logically correct
not IP2 AND not IP3
or even
not { IP2 or IP3 }
are
2011 Apr 20
4
bad email address
Every time I send a message to this list, I get a bounced email reply
from some Russian exchange server for email address xlino@bvpress.ru.
Is there an admin or a moderator for this list that can remove that
email address from the list?
Rob
2003 Nov 13
2
Apache leaks sensitive info in PHP phpinfo() calls
Hi,
I wanted to get some opinions on this subject before I submit a PR about
it. I don't know if there are any pitfalls with the 'fix' I suggested
and though it best to run it past people here before submitting. If
there's a better place to post this please let me know (freebsd-ports?).
The send-pr output I was about to send explains everything so I'll just
paste it here:
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2003 May 12
4
xdelta files for security patches
Has xdelta (in ports under misc/xdelta) ever been considered as a means of
delivering binary patches for security updates?
It seems to be a pretty neat.
--
Regards,
Michael Nottebrock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url :
2004 Apr 23
2
use keep state(strict) to mitigate tcp issues?
Hi,
When deploying a BSD with IPF in at the network perimeter
and using rules like these:
pass in .. proto tcp ... keep state(strict)
it's possible to refuse tcp packets which arrive out of order.
This would increase the difficulty doing blind attack resets and blind
data injection attack, cause then you'd have to "guess" the exact expected
number. Checpoint has a similar
2003 May 27
4
multihost master.passwd sync
-----BEGIN PGP SIGNED MESSAGE-----
Just wondered if anyone had any suggestions about syncing up master.passwd
files between multiple machines that didn't involve allowing root login
remotely? The users need to be able to log in remotely and own files on the
different machines.
~~
Andy Harrison
ah##@httpsite.com
ICQ: 123472 AIM/Y!: AHinMaine
[full headers for details]
-----BEGIN PGP
2004 Jan 02
1
Questions about MAC
FreeBSD 5.1-RELEASE
Hi,
I'm examining Biba and MLS MAC policies and something is
not clear for me. Unless I'm doing something wrong,
it seems policies are enforced only for reading, but
not writing.
1) Biba
I've created test file with biba/127 label:
$ echo "Message" > file_biba_127.txt
$ setfmac biba/127 file_biba_127.txt
$ getfmac file_biba_127.txt
2004 Feb 26
3
Environment Poisoning and login -p
There's been an ongoing discussion (started by
Colin Percival's recent work on nologin) about
environment-poisoning attacks via "login -p".
I thought I saw a way to address this, but the more I learn,
the uglier this looks. Maybe some of the good folks who read
freebsd-security can puzzle this one out:
Problem: login -p can be used to propagate environment flags
in order to
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to
jail'ed system from the main system (in which is created jail) the
connection is successful, but when i try to connect to jailed system from
anywhere else i get this message:
ssh: connect to host IP_NUMBER port 22: Operation timed out
What can be wrong here? How to solve this problem?
2004 Jan 07
1
keystroke logging
>
>
>What do you recommend for keeping track of user
>activities? For preserving bash histories I followed
>these recommendations:
>
>http://www.defcon1.org/secure-command.html
>
Interesting reading but, as others have noted, of limited use.
Keystroke logging can be disabled by - as others have noted - either
spawning another (perhaps different) shell, using a remote
2004 Sep 01
2
IPFW and icmp
I'm not a master of the internet RFCs, but I do believe icmp messages have
different types.
Now to enable traceroute for IPFW, I might put in a rule like this:
ipfw add pass icmp from any to me
However, how would I make a rule to limit icmp messages to just those used
by traceroute? Can the messages be distinguished as such?
A dynamic rule that exists only for the duration of a traceroute
2003 May 10
4
Down the MPD road
Well, after working through the various options it looked like MPD would be my
best bet here. I've got it sort of working, but there's obviously some
tweaky I'm missing here.
Recap of the scenario:
Full class C of static IPs segmented into 3 networks. Outside, DMZ, Inside.
Trying to get remote Windows users through securely to the Inside.
Remote users have dynamic IPs.
2004 Jun 18
2
4.x, PAM, password facility
Hi,
I've been playing around with pam_mysql, and have it working for
interactive logins (backed by /etc/passwd entries for uid/gid w/*'d
password field) and it works well so far.
Looking at the source to the module, it does support password changing.
So I put in the following entry in pam.conf:
sshd password required pam_mysql.so user=root db=pam table=users crypt=1
However,