similar to: OpenBSM questions

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this

I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call

After testing the beta of CentOS 5, i was a little surprised to notice that the display manager part of the prefdm file in /etc/X11 was exactly like in CentOS 4 / RHEL4 and previous versions including RH9. it reads like this (added line numbers for reference): 14 # Run preferred X display manager 15 preferred= 16 if [ -f /etc/sysconfig/desktop ]; then 17 . /etc/sysconfig/desktop 18 if [

FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is

Trying to set up ltsp and their instructions are outdated for this setup. this is what I am referencing... http://ltsp.mirrors.tds.net/pub/ltsp/docs/ltsp-4.1-en.html#AEN984 Anyway, KDM is display manager and I am only getting grey screen with X # ps aux|grep kdm root 4275 0.0 0.0 3036 864 ? Ss Jul01 0:00 /usr/bin/kdm -nodaemon per the instructions... /etc/X11/xdm/Xaccess

On a FreeBSD 5.0 the behaviour of screen when connecting to other users sessions have changed. Previously: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX with such a message Current: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3.

How would i allow xwindows and xdmcp through would it be ACCEPT net -> fw all 117 and ACCEPT net -> fw all 6000:6100 ? and for that matter how would i stop x traffic from leaving the fw machine? REJECT fw -> net all 6000:6100 ?

From: Rodrigo Barbosa <rodrigob at suespammers.org> > rcS.d is not a runlevel. It is the equivalent of rc.sysinit on other > distributions/flavors or, should I say, and expansion of that idea. Correct, that's why I said "before" the run-levels at boot. But you still need to know about it. > 0 - Halt > 1 - Single User > 2 - Multi User (No NFS) > 3 - Multi

A few weeks back Robert Watson announced the merge of these features from 7 back into 6-STABLE. I hadn't seen any updates and was curious as to the status. Us 6-STABLE users are curious to test it out. Thanks. --A

does any one know which /etc/pam.d file I'll need to edit to get pam_mount to work with x windows? Thanks

On Wed, 2 Jan 2002, John Hay wrote: > Well I can accept your argument for -stable, although bigger changes has > gone in -stable in the past, but what about -current? My -current boxes > also still claim: "sshd version OpenSSH_2.9 FreeBSD localisations > 20011202" And this is the problem, if we don't have -current upgraded > we have little chance in getting wrinkles

From: Rodrigo Barbosa <rodrigob at suespammers.org> > There is nothing wrong with using X11 at runlevel 3. The only thing > that can't be present is a display manager (KDM, XDM, GDM etc). That's _exactly_ what I'm talking about. Run-level 3 starts xdm. Several Linux distros use 2 for multi-user, 3 for multi-user w/X. Run-level 2 as multi-user w/o networking or w/o NFS was

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org

FreeBSD version: 5.1-RELEASE Hi, I'm quite new to FreeBSD. I've check list archives and read a handbook, but I didn't find solution to my problem and I hope this is not off-topic. I've installed 5.1-RELEASE, enabled ACLs on the filesystems and I wanted to test MAC features. I'm also new to MAC, so perhaps this is some my mistake. When I enable mac_biba or mac_lomac (in

Or how to avoid the whirlwind. Greetings everyone. I observe the coding of lighdm is well under way and I'm thinking the pressure to meet the releases of 11.11 is probably going to build without bounds. Is there time now to consider the inclusion of some of the more offbeat use cases? 1: Headless(no monitor, keyboard, or monitor) 2: True headless(no video card) but Xvfb. 3: No X but only