Displaying 20 results from an estimated 700 matches similar to: "[patch] LOCKED_PASSWD_STRING for FreeBSD"
2006 May 26
3
Integrating ProPolice/SSP into FreeBSD
Hi,
first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.
I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.
It is available here :
http://tataz.chchile.org/~tataz/FreeBSD/SSP/
Everything is explained on the web page, but I will repeat some
informations here.
2006 May 09
1
xmalloc symbol in libssh
Hi list,
(Please Cc: me in your replies because I'm not subscribed to this list.)
While trying to build lukemftpd staticaly on FreeBSD, I got a link-time
error. Libssh.a indeed provides the "xmalloc" symbol (I suppose there
are more). I wonder if this is whether intentional or not. It is a
very common function name, and I think it would be worth renaming
it to something like
2007 Dec 25
3
ProPolice/SSP in 7.0
Hi there,
I'm still running 6.2 on various servers without any tweaks (GENERIC
kernel, binary updates via freebsd-update etc.) but lots of ports
(apache, postgresql, diablo-jdk etc.) and would like to use stack
smashing protection in order to harden my boxes and avoid many potential
exploits.
I've known about ProPolice/SSP for a while now (from the Gentoo world)
and am aware that
2005 May 23
2
How to setup IPSec tunnel between FreeBSD and Linux systems...?
Hi,
I am trying to setup ipsec tunnel between Freebsd
(host1) and Linux (host2) systems.And I also
interested in executing some ipsec test cases( Like
TAHI conformance test suite) on the same connection.
Please, suggest me some details regarding this setup
and Specify any materials which can be obtained from
from any locations(site)..
I have enabled IPSec support for FreeBSD (4.11
Release) and
2005 Sep 22
2
Tunnel-only SSH keys
Hello.
I once read somewhere that it's possible to limit SSH pubkeys to
'tunnel-only'. I can't seem to find any information about this
in any of the usual places.
I'm going to be deploying a few servers in a couple of days and
I'd like them to log to a central server over an SSH tunnel (using
syslog-ng) however I'd like to prevent actual logins (hence
2005 Mar 09
0
[djm@cvs.openbsd.org: OpenSSH 4.0 released]
----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> -----
Subject: OpenSSH 4.0 released
From: Damien Miller <djm@cvs.openbsd.org>
Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST)
To: announce@openbsd.org
X-Original-To: jeremie@le-hen.org
Delivered-To: tataz@tataz.chchile.org
X-Loop: announce@openbsd.org
Precedence: list
OpenSSH 4.0 has just been released. It will be available
2005 Jul 29
1
booting gbde-encrypted filesystem
Hello,
I think there was already a thread on this. I just
want to raise the question again if anyone has successfully
booted an gdbe-encrypted filesystem (everything encrypted except
the bootloader). The passphrase is entered at the bootloader prompt
or embedded in the bootloader.
I appreciate any tips.
Thanks,
- ronnel
2008 Jan 16
5
xen backup
hi
I am trying to stop the application running in the VM from the host
machine.....that means by typing some command in the host machine, (script
or using some API''s or sending some signal to VM from the host), i want stop
application running in the VM.......is there any way to do this.....if
anybody know this please help me.......
I want this because......I want to take VM consistent
2005 Dec 11
1
geli or gbde encryption of slices
Hello,
I was playing around with geli an gbde after last EuroBSDCon.
I liked the idea of encrypting my data which resides in /home/$user.
Since this is a "single" user laptop i intended to encrypt the
whole /home partition. Well no problems with that. But i wanted
the lockfile or keyfile on a seperate usb disc. Which would be
mounted or used during boot of the system. I also used
2005 Oct 23
2
Is it feasible to cross-build compat5x binary?
Hi folks,
I think we need to update compat5x binary to fix FreeBSD-SA-05:21.openssl,
but will the binaries built by ``make universe'' be identical with actual
build on Alpha, Sparc64, etc? (Yes, I'm volunteering to do the work iff
they are identical ;-)
Cheers,
--
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
2003 Oct 23
2
New overhead and MPU features in HTB
I just wanted to inform that there is new patch
donated by Walter Karshat which implements packet overhead
and MPU computations to the rate table.
See diff for details on arguments. No tc binary available
yet at I have to compile it on system with older glibc
(not everyone use 2.3.2).
-------------------------------
Martin Devera aka devik
Linux kernel QoS/HTB maintainer
2003 Sep 18
0
hexadecimal fwmark and fwmark mask
Hi list,
I''m new to this list, I just subscribed because I have some ackward
about IPRoute2.
First, while playing with NetFilter'' "MARK" target, I met a weird
behaviour once I tried to use this marks in the RPDB : the packets
where successfully marked, but it seemed that RPDB didn''t succed in
matching them (for those who already know the answer, I only used
2005 May 26
1
export the graphical result of bwplot()
Dear all,
Maybe somebody can help me to understand my problem:
Inside a R script, I try to export the graphic results of 'bwplot' in some
jpeg files.
The data source ('main') is a mix of numeric and factor values
the "analysis_bwplot()" contains the loops (i and j) and calls the
"analysis_var_var_bwplot()" method.
"analysis_var_var_bwplot()" uses
2003 May 19
5
FreeBSD firewall block syn flood attack
Hello,
I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and
the internet. The servers are being attacked with syn floods and go down
multiple times a day.
The 7 servers belong to a client, who runs redhat.
I am trying to find a way to do some kind of syn flood protection inside the
firewall.
Any suggestions would be greatly appreciated.
--
Ryan James
ryan@mac2.net
2008 Jan 21
5
denyhosts-like app for MySQLd?
Hi all,
?Is there any app like denyhosts[1] but intended for MySQLd service?
We have a mysql ports (3306) opened for remote connections, and
obviously the /var/db/mysql/machine_name.log is full of these kind of
entries:
...........
936012 Connect Access denied for user 'user'@'85.19.95.10' (using
password: YES)
936013 Connect Access denied for user
2005 Aug 18
4
Closing information leaks in jails?
Hello,
I'm wondering about closing some information leaks in FreeBSD jails from
the "outside world".
Not that critical (depends on the application), but a simple user, with
restricted devfs in the jail (devfsrules_jail for example from
/etc/defaults/devfs.rules) can figure out the following:
- network interfaces related data, via ifconfig, which contains
everything, but the
2003 Jun 04
1
Non-Executable Stack Patch
I was wondering if there's any non-executable stack patch for
FreeBSD's kernel.
I searched in google but all I got was some questions in
freebsd-security back from 2001 and an answer saying someone
heard about a project like this, but no information at all.
Is there any patch like PaX or Openwall available for FreeBSD?
I dont want to discuss if its useless or not since there're a
2005 Jul 21
7
FW: Adding OpenBSD sudo to the FreeBSD base system?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I really do not agree with adding it to the base system.
Just because you guys use sudo does not mean other people do.
In fact many people do not have a use for sudo at all.
Not every one gives out root accounts. You are only adding another utility
In that can possibly be used to escalate privileges.
Every time I secure a system I spend some time
2006 Nov 21
12
Setting ACLs
This is possibly the dumbest question I have asked ever, but how do you
set ACLs on files within a ZFS filesystem?
Trying to use setfacl(1) diverts me to the acl(5) manpage; well, I know
that I need to use NFSv4 style ACLs, but where is the utility to do so?
This is on Solaris 10 Update 2.
Thanks,
Ceri
--
That must be wonderful! I don''t understand it at all.
2003 Sep 25
2
unexpected change in "locked account" behaviour
I just ran into what I'd describe as an unexpected side-effect. I don't
think it's necessarily a bug, and I don't need any assistance in working
around it, but this information might be useful to others for
troubleshooting.
This was using OpenSSH built under Solaris 2.5.1, and running under
2.5.1 or 8.
The symptom was that after upgrading from 3.7.1p1 to 3.7.1p2, some
accounts