similar to: More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering if/where I can get the server side component for freebsd-update. Presumably such a component would build and sign the binary patches and prepare them to be served via HTTP to the freebsd-update client. I need a system for distributing binary updates to a collection of customized FreeBSD machines, jails, and embedded systems.

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

Hi expeRts, I would like to calculate weighted mean by two factors. My code is as follows: R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")], re$meta.sales.lkm[, c("size", "yr")], function(x) weighted.mean(x[,1], x[,2])) The result is as follows: R> tmp size: micro yr: 1994 [1] 1.090

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

Hi all again, I must add, there are no log entries after June 9, 2004. "LKM" message first apeared June 8, 2004, after this day, there is nothing in /var/messages, /var/security ..... How could I look for suspicious LKM module ? How could I find it, if the machine is hacked and I can not believe "ls", "find" etc. commands ? Peter Rosa

Just a quick question, My system is quite heavily customised with regard to permissions and MAC labels on system binaries. Is there any way to stop make installworld resetting all my customisation? At the moment I have a set of scripts to set permissions on everything but that's not exactly ideal. Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F

freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

Ok, I've googled for 15+ minutes, and have yet to find a usable answer, so I'm going to annoy everyone and ask here. I have, in my posession, a creative VoIP blaster. I have installed the fobbit LKM and I can see the device. Can I use it with asterisk in any meaningful way, shape, or form? I'd love to be able to buy an IP phone, ATA, or FXO card, but lack the funds at the moment

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

Hello everyone, I want to get a 1km by lkm grid raster image using my csv data. If I call latitude=a, longitude=b and preciptation=c. a<-(1,2,3,4,5) b<-(6,7,8,9,10) c<-(10,20, 30,40, 50) Then I found an example in r help which goes like pts = read.table("file.csv",......) library(sp) library(rgdal) proj4string(pts)=CRS("+init=epsg:4326") # set it to lat-long pts =

I am inquiring on the list if anybody knows if the latest plus kernel includes the fixes for MD RAID-1 where it didn't pass down the BIO_RW_SYNC flag on cloned bios. This bug was discovered in December by the DRBD project and patches were posted by Lars Ellenberg from that project to the LKM which were then merged into the 2.6.19 kernel. The bug causes severe performance penalties for

Well, I *tried* to CC: freebsd-security... I'm forwarding this to get around the "posting from wrong address" filter. -------- Original Message -------- Subject: Re: FW:FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 04:42:48 -0800 From: Colin Percival <cperciva@freebsd.org> To: Jonathan Weiss <tomonage2@gmx.de> CC: freebsd-security@freebsd.org, FreeBSD-Hackers

The mailing list detained my email because I posted from the wrong address... hoepfully it will get through this time. -------- Original Message -------- Subject: Re: Fwd: FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 05:35:32 -0800 From: Colin Percival <cperciva@freebsd.org> To: Devon H. O'Dell <dodell@sitetronics.com> CC: mike@sentex.net, freebsd-security@freebsd.org,

Hello, I've been playing a bit with the "noexec" flag for filesystems. It can represent a substantial obstacle against the exploitation of security holes. However, I think it's not perfect yet. First thing, an attempt to execute a program from a noexec-mounted filesystem should be logged. It is either a very significant security event, or it can drive nuts an

Am 24.04.2006 um 23:17 schrieb Colin Percival: > cperciva 2006-04-24 21:17:02 UTC > > FreeBSD src repository > > Modified files: > sys/amd64/amd64 mp_machdep.c > sys/i386/i386 mp_machdep.c > Log: > Adjust dangerous-shared-cache-detection logic from "all shared data > caches are dangerous" to "a shared L1 data cache is

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't