similar to: Syslog facility in Linux

On Fri, 11 May 2018 13:17:52 -0700 Jeremy Allison <jra at samba.org> wrote: > On Fri, May 11, 2018 at 09:56:47PM +0200, Timur I. Bakeyev via samba > wrote: > > > > > Fixing it in both ways is easy, but it would be nice to hear from > > the developers, why did they choose such a limited set of syslog > > facilities. > > I don't know. The limited

Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1)

On 11 May 2018 at 23:53, Jeremy Allison <jra at samba.org> wrote: > On Fri, May 11, 2018 at 09:33:15PM +0100, Rowland Penny via > samba-technical wrote: > > On Fri, 11 May 2018 13:17:52 -0700 > > Jeremy Allison <jra at samba.org> wrote: > > > > > On Fri, May 11, 2018 at 09:56:47PM +0200, Timur I. Bakeyev via samba > > > wrote: > > >

The following code is a first attempt at a simple but flexible suid wrapper which checks argv[] and environment. It might introduce new security holes or have other bugs; using 1 as a general failure exit value may be the wrong thing to do. The wrapper reads a configuration file named /etc/wrapper.cfg; see the comments in wrapper.c for the file''s format. Flame, comment, or use at will.

Hey everyone, I'm hoping someone can point me in the right direction. I'm running a 6.1 box with mac_bsdextended compiled. I've created my ugidfw rules, and all seems well in the universe. I've got rules set up so the web process uid 80 and gid 80 can only read uid 1010 and gid 1010 owned files. When the web server tries to do something else, it throws an error such as:

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

On Thu, 10 May 2018 15:31:23 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > > >From 'man vfs_full_audit' > > > > > > full_audit:facility = FACILITY > > > Log messages to the named syslog(3) facility. > > > > > > See 'man syslog' for the 'facilities' you can use.

On Fri, 11 May 2018 09:14:24 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > You would replace 'FACILITY' with one of the facilities shown in > > 'man syslog' e.g. full_audit:facility = LOG_AUTH > > OK, done. But samba (as stated in previous email) still reply:

I've just upgraded to 2.1.0p2 on my solaris 8 boxes (now it survives a little longer, thanks!). But, I'm seeing "scp not found" where before it was fine. configure --prefix=/opt/local --with-random-/dev/random (the entropy generator is still broken), and in the past I had no problems with scp, but AFAIK something's broken in 2.1.0. Is anyone else seeing anything similar?

Mandi! Rowland Penny via samba In chel di` si favelave... > >From 'man vfs_full_audit' > > full_audit:facility = FACILITY > Log messages to the named syslog(3) facility. > > See 'man syslog' for the 'facilities' you can use. [2018/05/08 17:34:42.388486, 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum): value

On 11 May 2018 at 10:58, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Fri, 11 May 2018 09:14:24 +0200 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > Mandi! Rowland Penny via samba > > In chel di` si favelave... > > > > > You would replace 'FACILITY' with one of the facilities shown in > > >

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

Hi, I am almost ready to convert from UW-imap to dovecot 1.0 stable for my imap use. I hacked UW-imap to touch a file in the user's home directory so I can always tell the last time they used imap. My hack looks something like this: if(authenticated) { touchfile = (char *) malloc((strlen (home) + 15); sprintf(touchfile,"%s/.imapd.last",homedir); fd =

This is to announce the availability of portable OpenSSH-2.1.0p2. This is a bug-fix release, addressing the following issues: - X authentication works again (thanks to Markus Friedl) - Don't touch utmp if utmpx is in use - Fix SIGCHLD problems on AIX and HPUX (Thanks to Tom Bertelson) - HPUX compile fixes (Thanks to Lutz Jaenicke) - Accept an empty shell in /etc/passwd - SunOS4 compile fixes.

This is to announce the availability of portable OpenSSH-2.1.0p2. This is a bug-fix release, addressing the following issues: - X authentication works again (thanks to Markus Friedl) - Don't touch utmp if utmpx is in use - Fix SIGCHLD problems on AIX and HPUX (Thanks to Tom Bertelson) - HPUX compile fixes (Thanks to Lutz Jaenicke) - Accept an empty shell in /etc/passwd - SunOS4 compile fixes.

----- Forwarded message from Louis Kowolowski <louisk@bend.com> ----- Date: Thu, 28 Aug 2003 11:37:42 -0700 From: Louis Kowolowski <louisk@bend.com> To: freebsd-security@freebsd.org Subject: snort, postgres, bridge User-Agent: Mutt/1.5.4i I've been prowling through the FreeBSD and Snort list archives in search of information on setting up snort on a FreeBSD bridge(4) that logs

I was testing the Linux port of 2.1.0p2 and noticed that the F-Secure SSH client for Windows 4.0 couldn't successfully connect using its secure file-transfer facility. The server log reported that authentication was successful, then the log left off with a semi-cryptic "subsystem request for sftp" line. After that, nothing. Poking around the source, I found this little routine in

Hello, I have just compiled openssh version 2.1.0p2 n irix 6.5.5 an encounterd the following 'problem'. On IRIX there are 3 abi's (Application Binary Interface). o32) The old 32-bit ABI which was standard on IRIX 5 systems n64) The 64-bit ABI n32) The new high performance 32-bit ABI On IRIX the libraries are installed as follows: /usr/lib) For the o32 libraries

The 2.1.0p2 and 2.1.0p3 RPMS try to fall back to the r* commands in /usr/kerberos/bin. I'm not sure under which distribution that path is valid, but it just gives an error on my machines (RedHat 6.1 and 6.2). It's no big deal to tweak the SRPM and build my own packages, but it does make me wonder if the fallback path should be configurable. -- Jason L Tibbitts III - tibbs at uh.edu -

Folks; I couldn't find anything on my archive of the mailing list on this, and it may just be my mis-understanding, but: When I "ssh machine1 -l user1" as user2 on machine2, if user2 has the same uid on machine1, then user2's name ends up in lastlog, instead of user1's. This is a bit disconcerting when user2 is root, and root isn't allowed to remotely log in on