search for: ringlet

Has anyone got the pam_chroot module to successfully work in FreeBSD? I have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and libraries into my chroot, I can chroot -u test -g test /home/test /usr/local/bin/bash and it works perfectly. So now I am trying to get the pam module to work. I added session required pam_chroot.so debug into the

...thing being available for FreeBSD. The only thing I could find that seems to be somewhat close is the ccid project at http://pcsclite.alioth.debian.org/ - yet it says that ACR-38 support is not quite working and occassionally the communication will hang. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I had to translate this sentence into English because I could not read the original Sanskrit. -------------- next part -------------- A n...

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

On the advisory about the realpath problem it says that it was corrected: RELENG_4_8 src/UPDATING 1.73.2.80.2.3 src/lib/libc/stdlib/realpath.c 1.9.14.1 src/sys/conf/newvers.sh 1.44.2.29.2.2 I ran cvsup and when I look at my src/lib/libc/stdlib/realpath.c I see

I have a FreeBSD box acting as a firewall and NAT gateway I would like to set it up to transparently pass IPSec packets -- I have an IPSec VPN client running on another machine, connecting to a remote network. Is there a way to do this? I can't find any hints in the man pages.

...Platform: ix86 URL: http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34019 OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: roam at ringlet.net When the name of a non-existent file is given as the argument to a 'get' or 'put' command, sftp(1) fails to interpret correctly the result of the glob(3) invocation. glob(3) does not return an error (a non-zero exit), yet it does not return any meaningful file names, either,...

Hi, I've been playing around with pam_mysql, and have it working for interactive logins (backed by /etc/passwd entries for uid/gid w/*'d password field) and it works well so far. Looking at the source to the module, it does support password changing. So I put in the following entry in pam.conf: sshd password required pam_mysql.so user=root db=pam table=users crypt=1 However,

Hi The FreeBSD port has been updated for the DoS vulnerability but the version is still the same. See: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/clamav/ David Peall Systems Administrator Western Cape Schools' Network http://www.wcsn.org.za/ PO Box 44460, Claremont 7735, Cape Town Fax +27 (021) 683-6766, Helpdesk +27 (021) 674-9140 > -----Original Message----- > From:

Hello freebsd-security, Apologize if it's offtopic, but: The message digest checksum for bpft4 from ports/net/bpft does not matchs the one printed on the sources page at http://www.freebsd.org/cgi/pds.cgi?ports/net/bpft My digests are 3810114b068f438cc7e8e0b1af745953 from top 6 links. Only last ftp://rusunix.org/pub/FreeBSD/distfiles/bpft4-latest.tgz gave the right cheksum -

Hi, I was looking at the crypt(3) manpage, and I'm having a hard time figuring out what the allowed characters are for the salt in md5 and blowfish encryption. For DES, it clearly states that only numbers, letters and digits may be used. Does anyone know the rules for md5/blowfish salt characters? Thanks, Charles -- Charles Sprickman spork@inch.com

Hi, I can't find any LINT file in the /usr/src/sys/i386/conf at my new 5.1 FreeBSD. Can u help me?

Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?

Hello Folks, The official email address for this list is `freebsd-security@freebsd.org'. Due to convention, there is an email alias for this list: security@freebsd.org, just as there is for hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on. The security@freebsd.org alias has been the source of occassional problems. Several times in the past, postings have been made to

I'm forwarding this to security@, as I'm getting no replies on ipfw@. Hope it's relevant enough for you :( ---Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Erik Paulsen Skålerud Sent: Wednesday, May 28, 2003 1:02 AM To: ipfw@freebsd.org Subject: Question about logging. Sorry for asking this, It's probably been

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

Has xdelta (in ports under misc/xdelta) ever been considered as a means of delivering binary patches for security updates? It seems to be a pretty neat. -- Regards, Michael Nottebrock -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url :

Hi, When deploying a BSD with IPF in at the network perimeter and using rules like these: pass in .. proto tcp ... keep state(strict) it's possible to refuse tcp packets which arrive out of order. This would increase the difficulty doing blind attack resets and blind data injection attack, cause then you'd have to "guess" the exact expected number. Checpoint has a similar

-----BEGIN PGP SIGNED MESSAGE----- Just wondered if anyone had any suggestions about syncing up master.passwd files between multiple machines that didn't involve allowing root login remotely? The users need to be able to log in remotely and own files on the different machines. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP

FreeBSD 5.1-RELEASE Hi, I'm examining Biba and MLS MAC policies and something is not clear for me. Unless I'm doing something wrong, it seems policies are enforced only for reading, but not writing. 1) Biba I've created test file with biba/127 label: $ echo "Message" > file_biba_127.txt $ setfmac biba/127 file_biba_127.txt $ getfmac file_biba_127.txt

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...