Displaying 20 results from an estimated 23 matches for "piechota".
Did you mean:
piechotka
2003 Nov 26
1
perms of /dev/uhid0
I wrote a small app that monitors a Back-UPS ES500 UPS via the uhid0
interface. I want to run the daemon with as little privs as possible.
gastest# ls -l /dev/uhid0
crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0
gastest#
Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop
privs of the daemon yet still be able to read from the device ?
All I am doing is
2005 May 12
1
Do I have an infected init file?
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the
2004 Aug 18
4
chfn, date, chsh INFECTED according to chkrootkit
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn,
2003 Mar 26
7
Multiple Firewalls with ipfilter?
We're supposed to provide redundant firewall service. I'm wondering
if anyone has ever tried to do this and if it's realistic. Basically
2 firewall machines hooked up so if one fails the other will
transparently step in. I've googled it to death without much luck.
The security issue here lies in that the 2 firewalls can't talk to
each other. So if I'm keeping state on
2004 Feb 06
2
IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Hey Guys,
today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default
accept in my kernel config file.
Config & make weren't complaining so, installed the kernel, reboot and there
it was:
>IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging disabled
Another rebuild didn't work out so... I reviewed
2006 Dec 29
2
ssh session from external machine
Hello,
I am having a small problem with the ssh daemon on my freebsd box. I am
using the standard ssh daemon asked at the installation. I am able to acces
my box using ssh from the internal lan network but not from any external
machine. The error code is connection refused. I am using release 6.1 and my
modem firewall permits the inbound traffic on port 22. I also use port
forwarding for sending
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2003 Sep 16
5
boot -s - can i detect intruder
Hi list
Several people have physical access to my FreeBSD box and I have the feeling
that somebody try to get access with boot -s options . Can I log activity
after boot -s option (change user password, install software and etc.).
I use boot -s and change user password, but after reboot i can't find this
atcivity in log files.
The BSD box is shutdown and run again many time at day.
Best
2004 Jan 08
1
Windows 2000 <-> FreeBSD IPsec problem
Hi,
I am trying to setup an IPSEC transport between a Windows 2000 box
and a FreeBSD server for a customer... Both systems are on live
public IP's and packets are not filtered by any intermediate systems
or firewalls/routers in between.
I have the following setup:
Windows 2000 box: 1.1.1.2
FreeBSD Server: 2.2.2.3
(The actual IP's have been changed to above to protect the innocent..)
2003 Mar 27
5
How did I Break ssh?
Every attempt to connect to anything from a new FreeBSD
system results in a "host key verification failed."
ssh 127.0.0.1 even fails this way.
I started with a new FreeBSD4.7 installation and
un-tarred the contents of another 4.7 system to essentially clone
this one.
My tar ball purposefully did not have the /etc/ssh
directory in it so as to not overwrite any of the files in the
2005 Jul 21
7
FW: Adding OpenBSD sudo to the FreeBSD base system?
...tem. Really there is no difference in what you are asking. Just another
program that is not going to get used by everyone.
- -----Original Message-----
From: owner-freebsd-security@freebsd.org
[mailto:owner-freebsd-security@freebsd.org] On Behalf Of Xin LI
Sent: Thursday, July 21, 2005 8:53 AM
To: piechota@argolis.org
Cc: freebsd-security@freebsd.org; Dima Dorfman
Subject: Re: Adding OpenBSD sudo to the FreeBSD base system?
* PGP Signed by an unknown key: 07/21/05 at 08:52:41
On Thu, Jul 21, 2005 at 10:23:33AM -0500, piechota@argolis.org wrote:
> > FWIW, I don't see any reason to include s...
2003 May 02
4
Did i get hacked?
hello,
i have a FreeBSD 4.8-PRERELEASE #0 that i use as a gateway / nat box for
my home.
It also acts as a dns / mail server to the outside world.
I'm using ipf and basically filter for bogus networks on the way in and out.
I allow everything out keeping state,
and allow this in:
pass in proto icmp from any to any icmp-type squench group 200
pass in proto icmp from any to any icmp-type timex
2003 Jul 30
2
Kerberos to file server
Howdy,
I may be approaching this problem entirely wrong, or not. Was hoping for a
little guidance one way or the other.
I've got this AS/400 with gobs of unused file storage on it that I want to
share across as a file server to a FreeBSD box. The AS/400 side of things
supports NFS and kinda pretends to be a Unix like machine in this role.
Users will be booting from diskless clients
2006 Nov 08
2
Sandboxing
Hi.
This is mostly hypothetical, just because I want to see how knowledgeable
people would go about achieving it:
I want to sandbox Mozilla Firefox. For the sake of example, I'm running it
under my own user account. The idea is that it should be allowed to
connect to the X server, it should be allowed to write to ~/.mozilla and
/tmp.
I expect some configurations would want access to audio
2007 Dec 02
6
MD5 Collisions...
Hi everyone,
Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ .
should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :
"
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
been made that its security is in some doubt. The attacks on MD5 are in
the
2006 Sep 06
2
Getting GELI Keys from Floppy
Hello,
i want to encrypt my HDD's with GELI (not the root-fs, though). I want
to do the encryption without password, just with a key. The key should
be stored in a floppy disk, and the read should be read automatically
on boot, from the floppy.
There is a problem here, because GELI initializes _before_ mounting
the disks from /etc/fstab (for obvious reasons, of course). So GELI is
not able
2004 Jul 08
8
Root users shell == no existant shell /bin/bash
I made a mistake setting my shell and have set the root users shell to
/bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this.
The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.
2005 Jul 19
2
Adding OpenBSD sudo to the FreeBSD base system?
Aloha!
(I've Googled around a bit, but failed to find much previous posts about
this though I'm sure it has been discussed...)
Have anybody (in core etc) considered adding a sudo implementation to
thr FreeBSD base system. At least for me, sudo is an important part of
implementing good security policy in FreeBSD.
Yes, it is available as a port, but in a similar fashion of for example,
2004 Feb 11
5
Question about securelevel
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is possible
by means of "mount -uw /");
- the only way to make
2005 Oct 11
10
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:21.openssl Security Advisory
The FreeBSD Project
Topic: Potential SSL 2.0 rollback
Category: contrib
Module: openssl
Announced: 2005-10-11