similar to: Permission denied by op

> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *

Hi, Running: Freebsd 6.0 I am wondering if it is possible to have acces to loopback ip in a jail. I currently have a server running a jail. In the jail, there is a database and a web server. I would like to be able to have the database only bind on a loopback address and not on the jail's ip. Can this be done and how? Thanks -Cyril

``You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the schg flag (see chflags(1)) on every system binary because while this may temporarily protect the binaries, it prevents an attacker who has broken in from making an easily

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, One quick question: Is it safe and/or sensible to rename the root account, so that the only uid 0 user on a system is something different to root? I can see how this would be effective against external attackers who have no knowledge of the internals of the system as they would spend pointless hours trying to crack a user which doesnt

Any good source to tac_plus server for centos 6? thanks, -- Eero

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to

Hi I'm not going to give the name of the proggy, because there may be Microsith trolls around, If someone wants the name please pm me. I've tried to run this VERY complex test generation proggy under Codeweavers Premium paid, using Xan.... 4.0 absolutely no go...not even an attempt, just balked. I tried it also under PCLinuxOS using Codeweavers and WINE and samo samo... I'm now

Yo All! Well I work on a diverse number of OS's with a diverse number of clients. Some use F-Secure, SecureCRT, PuTTY, SSH.COM. OpenSSH, etc. with a wide variety of versions between each, some from source, some from rpms, etc... Basically a lot of legacy stuff that no one has the time to update. In fact I am working on a couple of OpenSSH config problems in the last few days. Sometimes we

-----BEGIN PGP SIGNED MESSAGE----- Just wondered if anyone had any suggestions about syncing up master.passwd files between multiple machines that didn't involve allowing root login remotely? The users need to be able to log in remotely and own files on the different machines. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP

Currently, the Kbuild core manipulates header search paths in a crazy way [1]. To fix this mess, I want all Makefiles to add explicit $(srctree)/ to the search paths in the srctree. Some Makefiles are already written in that way, but not all. The goal of this work is to make the notation consistent, and finally get rid of the gross hacks. Having whitespaces after -I does not matter since commit

Hi, I recently built my new graphics workstation with the express idea of using Linux, Wine, and an AutoCAD clone called IntelliCAD. http://intellicadms.com/ Running Ubuntu 9.04 (Jaunty) on my old Intel system with Wine works just fine. IntelliCAD functions beautifully. However, when I installed the above on my all-new AMD Phenom II X4 955 system, IntelliCAD simply does not launch. I use: -

Hi, I am Vishwanath, I got one requirement from our clients regarding remote authentication. In which all users info present in remote user database. Currently using openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is

Currently, the Kbuild core manipulates header search paths in a crazy way [1]. To fix this mess, I want all Makefiles to add explicit $(srctree)/ to the search paths in the srctree. Some Makefiles are already written in that way, but not all. The goal of this work is to make the notation consistent, and finally get rid of the gross hacks. Having whitespaces after -I does not matter since commit

The following patchset implements 3 seperate series of changes. External Building ================= Patches 1 through 8 enable to use of klibc's build system while leaving the src tree pristine (and potentially read only). Specifically: - srctree=<Sources for klibc> - objtree=<Ouput directory for klibc> - KLIBCKERNELSRC=<Kernel sources> - KLIBCKERNELOBJ=<Kernel

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

Hi Peter & others. Here are three patches that does the following: #1 - Update kbuild part of klibc so make clean works Adds gzip including a sample kbuild file #2 - Factor out definition of usr/ to two variables #3 - Move kbuild files to reflect location in the kernel As requested in earlier mail I need a bit of guidiance of what you expect from the kernel integrated parts of klibc.