similar to: comments on handbook chapter

> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *

Hi, Running: Freebsd 6.0 I am wondering if it is possible to have acces to loopback ip in a jail. I currently have a server running a jail. In the jail, there is a database and a web server. I would like to be able to have the database only bind on a loopback address and not on the jail's ip. Can this be done and how? Thanks -Cyril

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, One quick question: Is it safe and/or sensible to rename the root account, so that the only uid 0 user on a system is something different to root? I can see how this would be effective against external attackers who have no knowledge of the internals of the system as they would spend pointless hours trying to crack a user which doesnt

i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

Hi, [I have added freebsd-security to recipient list as I consider this issue a security risk] Paul Schenkeveld wrote: > Hello, > > On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote: >> Hi, >> >> Does anyone know if there are any plans to bring >> pf boot-time protection (ie. /etc/rc.d/pf_boot and >> related config files) from NetBSD to FreeBSD

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

is there a way to save special flags in freebsd when using rsync? for example dd# ls -lo init -r-xr-xr-x 1 root wheel schg 711744 Mar 12 18:51 init dd# file has flag schg when i just use rsync it copy that file and loses that flag -- http://alexus.org/

I'm currently administering a machine about 1500mi from me with nobody local to the machine to assist me. Anyways, my only access to this machine is via SSH, no remote serial console or anything. When I try to do a "make installworld" I end up with install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not permitted very shortly thereafter. I cannot boot

-----BEGIN PGP SIGNED MESSAGE----- Just wondered if anyone had any suggestions about syncing up master.passwd files between multiple machines that didn't involve allowing root login remotely? The users need to be able to log in remotely and own files on the different machines. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP

https://bugzilla.samba.org/show_bug.cgi?id=3988 Summary: -a collides with --flags Product: rsync Version: 2.6.8 Platform: x86 OS/Version: FreeBSD Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: rsync@oldach.net QAContact:

I am cleaning up my 4-STABLE system. After a fresh installworld, I am looking at files that did not get touched by the install. Is it safe to remove all such files? In particular, I am looking at /usr/libexec/lib-elf.so.1, which has the schg flag set. I am afraid to remove this for fear of making my system unbootable. Could somebody please reassure me that it is ok to noschg and remove this old

Is anyone currently working on updating the Kerberos documentation in the Handbook? if so, I'd like to help. If not, I'm hoping to find someone who can get me up to speed on the FreeBSD docbook extensions :-) -T -- "The truly paranoid administrator may wish to place motion detectors in the air ducts." - Practical UNIX & Internet Security, 2nd Edition

Fresh install of 10.0 BETA3 #0 r257580 on amd64 using ZFS on root option, After install is complete Handbook install option launched from Final Configuration dialog fails with: Could not install package en-freebsd-doc (/usr/libexec/bsdinstall/docsinstall: pkg_add: not found) Network is available. /j

Hi! I'm quite new to the list, but searching the archive and PRs didn't show me anything on the matter. According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one should config DNS server by adding: ----- _kerberos IN TXT EXAMPLE.ORG. ----- This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.". This is right, because RFC 1035 allows up to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:13.sendmail Security Advisory The FreeBSD Project Topic: Race condition in sendmail Category: contrib Module: contrib_sendmail Announced:

I am trying to get m"dot"s^-1 in a x-axis label for a publication ready graph. I can get ms^-1 with no problem, but I can't get the symbol for the "dot" to work. I am have tried the following: plot(x,y,xlab=expression(paste("Target Velocity (",ms^-1,")")),ylab="Passage Probability",ylim=c(0,1)) which works fine. I tried changing to:

Hi *, it seems rsync with --fileflags isn't able to work on (already) hardlinked and immutable ("schg") files on FreeBSD. The following scripts will create a simple example for this behaviour: -------------------------------------------------------------- #! /bin/sh # # set -x DIR="/var/tmp/rsync_$(date +%s)/" mkdir "${DIR}/" # Preparing dir_A mkdir

I'm not sure where else to ask about this, so please excuse me if this is the wrong forum. In trying to remove a 'nodump' flag on a directory with the 'chflags' command I have noticed that the 'nonodump' flag does not function. I see an open PR for the problem: o [2003/01/09] i386/46912 johan chflags nonodump fails I was wondering when this might be dealt with? Else is