similar to: exploiting kernel

``You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the schg flag (see chflags(1)) on every system binary because while this may temporarily protect the binaries, it prevents an attacker who has broken in from making an easily

Good evening, I was finish the FreeBSD4.9 installation from CD, and only do some edit with the /etc/rc.firewall, /etc/rc.conf, /boot/defaults/loader.conf, and recompiling the kernel to support my ext2 backup harddisk, with sndcard support too. This's a old laptop (ibm380z), i have chkrootkit warning after all finished, i attached my uname -a, dmesg, pkg_info and chkrootkit result, please

Hi, I'm running 4.8-STABLE but I'm having some problems installing a new kernel. (in /usr/src make installkernel). mv /kernel /kernel.old operation not permitted My securelevel is currently set to -1 (kern_securelevel=-1) and kern_securelevel_enable="NO" I have already executed chflags noschg /kernel and /kernel.old (while in single user mode). What am I missing? Thanks.

Dear All , In sysinstall , there are menu items to install packages from release DVD . In bsdinstall , there is NO such package installation menu items . Another problem is there is no any available information about this subject in the Handbook installation pages ( at least I could not find any one one ) . Is there any such available information link , and is there any possibility to include

Hello there, I was hoping that maybe one of you guys could help me out with a problem I'm experiencing with tinc1.0pre7. First, I'll start with my configuration, after that I'll explain my problem. Background ---------- This is a simple, client-server situation on a private network. Both machines run the same Debian Woody 3.0 testing installation and both have identical packages

Hello. We have a webserver using FreeBSD, we read about tunning kern.ipc.somaxconn (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-kernel-limits.html) so the OS can handle all the connections. Is there a way to know how many connections are established in a certain moment?. I know about netstat(1) but is there any other command that we can use to know the exact amount of

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the

I am a newbie trying to get the most current Stable version of FreeBSD running. I have been using CVS to update my system, but things don't work after an update. For example KDE 3.1 (from KDE 3.0) doesn't start using startkde. I am looking for instructions on the best way to Install the lastest version of FreeBSD-Stable and how to Upgrade the system in the future. Thanks.

Howdy, I may be approaching this problem entirely wrong, or not. Was hoping for a little guidance one way or the other. I've got this AS/400 with gobs of unused file storage on it that I want to share across as a file server to a FreeBSD box. The AS/400 side of things supports NFS and kinda pretends to be a Unix like machine in this role. Users will be booting from diskless clients

Greetings list, As a newbie to security I would like to ask any recommendation that the list might have. We are about to "install" a new box with 4.9 stable to the nice and innocent internet world. :-P The box has no services running expect apache and we telnet to it via SSH. Main function of this box will be graphing various interfaces via rrdtool. So, I would like to ask if there is

I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE. But, chfn,

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Hi, Hi I'm using redhat 9 I've got samba working and I have users onj the system accessing the shares, Can anyone recomend a programme that can tell me whch users have got files open on my samba box Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Iwan Davies Server Support and Development Technician Cyngor Sir Ceredigion County Council IT Section Finance iwandav@ceredigion.gov.uk

Hey all, I've submitted a fix for chkrootkit port, to solve the false positives on FreeBSD 5 and higher: http://www.freebsd.org/cgi/query-pr.cgi?pr=55919 The topic, btw, should be "Teach security/chkrootkit about FreeBSD 5", but it's not my first typo today. Maintainer, please approve. Authors, please see if you can include the changes. I also fixed a minor bug in chk_vdir.

Hi! Running chkrootkit on newly installed FreeBSD 5.0 got: -cut- Checking `basename'... not infected Checking `biff'... not infected Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `cron'... not infected Checking `date'... INFECTED -cut- Checking `ls'... INFECTED -cut- Checking `ps'... INFECTED Checking `pstree'... not found -cut- What does it

Good morning all; Whils't running chkrootkit 0.42 on one of my 4.7-REL boxen it reported : <snip> Checking 'biff'...not infected ]: not found [: -ne: argument expected Checking 'chfn'...not infected ]: not found [: -ne: argument expected <snip> I've been unable to locate any information ref. the " ]: not found " and " [: -ne: argument

I have an admin machine, and a backup server which does backups. The backup server has IPMI so I can do lights-out admin, and I want to allow this from the admin machine only. IPMI is completely unfirewalled, and so it must have a different class C than working networks.... this is just how it is. I''ve set the IPMI IP on the backup server to 192.168.10.4, and created a virtual

Hi there. I''m trying to wrap my head around puppet and its parlance and need some guidance... 2 Questions: 1) I have done some puppet stuff on a new server and would like to hear whether I have done things "the right way" 2) I want to build on top of that and am not sure how... Question 1 ========== We don''t normally host static websites for people, but have been

Hallo. I am new to FreeBSD and i wanted to ask something since systems security is what interests me the most. Does freebsd have an automated update system like redhat has ? Also where can i find a list with patches for all local - remote holes and bugs of FreeBSD 4.9 ? Thank you very much for your time ! Best Regards A. Stamatis

Is anyone currently working on updating the Kerberos documentation in the Handbook? if so, I'd like to help. If not, I'm hoping to find someone who can get me up to speed on the FreeBSD docbook extensions :-) -T -- "The truly paranoid administrator may wish to place motion detectors in the air ducts." - Practical UNIX & Internet Security, 2nd Edition