similar to: jails and sysctl in freebsd 6.0

Updated from ports collection from ver. dovecot-1.0.a3 to 1.0.a4_1. And it wan't work. Here's the log Nov 8 10:51:07 ot-group dovecot: Dovecot v1.0.alpha4 starting up Nov 8 10:51:08 ot-group dovecot: Auth process died too early - shutting down Nov 8 10:51:08 ot-group dovecot: auth(default): Unknown userdb driver 'passdb' Nov 8 10:51:08 ot-group dovecot: child 17872 (auth)

I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there

Hi, i've got this problem with my jail and i'm abolutly lost as in the why of it. I previously posted this on comp.unix.bsd.freebsd.misc but i was advised to send here I was unable to find help on google :( To resume quick, when i'm in a jail, netstat doesn't work properly. Hopefully i have provided sufficient information for anyone willing to help me :p First of all, my system :

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

In http://www.freebsd.org/releases/7.0R/announce.html says Updating Existing Systems > An upgrade of any existing system to FreeBSD 7.0-RELEASE constitutes > a major version upgrade, so no matter which method you use to update > an older system you should reinstall any ports you have installed on > the machine. This will avoid binaries becoming linked to inconsistent > sets

Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

I have an Asus A8V-MX motherboard with an AMD Athlong 64 X2 3800+ CPU and I'm trying to run powerd to keep it cooler/quieter/greener. I'm running -STABLE (6.1-RC) cvsup'ed a couple of days ago, with a kernel config that consists of the SMP sample plus an atapicam device. I'm loading the cpufreq.ko module in /boot/loader.conf. I've attached my dmesg output and sysctl -a

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:06.ipv6 Security Advisory The FreeBSD Project Topic: setsockopt(2) IPv6 sockets input validation error Category: core Module: kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:06.ipv6 Security Advisory The FreeBSD Project Topic: setsockopt(2) IPv6 sockets input validation error Category: core Module: kernel

I've instaled FreeBSD 9 for hosts some jails and setting jail_sysvipc_allow="YES" in host rc.conf, why is security.jail.sysvipc_allowed false in jail? -- BSDCG: BSDA - Digium: dCAP Electrical/Eletronic Engineer http://www.nlink.com.br +55 81 2121-6666 Cel:81 9727-6666

Operating system virtualization is the most effective way to utilize your system resources, jails let you setup isolated mini-systems. Jails are explains well in handbook however, from practical standpoint of view, the presented material is incomplete. The post below setup few scrips that follow handbook's 'Application of Jails' article and enhance with few missing features

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

Hello. My server was hacked. The CPU has been loaded on 99 % by "sh -i" process. I found out that someone has started phpshell through a hole in one of phpbb forums. Also has filled in scripts for flud and spam and "vadim script" in "/tmp". I has made it noexec. Recently has found out the same process. May be i have left again /tmp opened, or other hole may

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

I'm setting up a server environment where I've got a bunch of jails running using aliased IPs on the same interface. I'd like to be able to use ipfw to place limits on the traffic between jails, but I'm running into problems. When I use tcpdump to look at TCP traffic from one jail to another, it shows both the source and destination IP for the packets as being the IP assigned to

On 10 May 2011 16:10, "Jamie Landeg Jones" <jamie@bishopston.net> wrote: > > > It used to confuzzle sysadmins on SUNos when the mount point was > > 0700. The underlying mode disapeared when the mount was made, but it > > was still being enforced. Suddenly no one but root could use say /usr > > even though it was apparently 0755 > > I remember that

On Thu, July 30, 2020 17:23, Robert Marcano wrote: > On 7/30/20 5:00 PM, James B. Byrne via samba wrote: >> FreeBSD-12.1p7 >> Samab-4.10.15 running in FreeBSD Jail >> >> >> I just wish to ensure that my conclusion respecting Samba, FreeBSD Jails, and >> NTP is correct. >> >> 1. Unless configured otherwise Windows domain clients will query and