similar to: Tunnel-only SSH keys

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering if/where I can get the server side component for freebsd-update. Presumably such a component would build and sign the binary patches and prepare them to be served via HTTP to the freebsd-update client. I need a system for distributing binary updates to a collection of customized FreeBSD machines, jails, and embedded systems.

Hello, I've been playing a bit with the "noexec" flag for filesystems. It can represent a substantial obstacle against the exploitation of security holes. However, I think it's not perfect yet. First thing, an attempt to execute a program from a noexec-mounted filesystem should be logged. It is either a very significant security event, or it can drive nuts an

I have asked this before in -questions but due to a odd security requirement, I need the option to auto lock a normal user's account (root and those in the wheel group must be excluded) after let say, 3, login failures. I know this can cause a DoS issue but I HAVE to have the option of doing it in FreeBSD. Any info is appreciated Thanks. Mike C carlson39@llnl.gov

I'm forwarding this to security@, as I'm getting no replies on ipfw@. Hope it's relevant enough for you :( ---Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Erik Paulsen Skålerud Sent: Wednesday, May 28, 2003 1:02 AM To: ipfw@freebsd.org Subject: Question about logging. Sorry for asking this, It's probably been

These source addresses are likely spoofed, but am still curious whether other FreeBSD admins saw a preponderance of DNS probes originating from Microsoft corp subnets ahead of the recent ISC bind vulnerability announcement? Roger Marquis Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:23 PDT named[...]: client

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I really do not agree with adding it to the base system. Just because you guys use sudo does not mean other people do. In fact many people do not have a use for sudo at all. Not every one gives out root accounts. You are only adding another utility In that can possibly be used to escalate privileges. Every time I secure a system I spend some time

What would be a good POP daemon to use? I know there are a few in the mail ports. Are they any good? What I mean by good is 'secure as possible' (is there really such thing as being totally secure / invulnerable?) Cheers

Hi there, I've been a happy djbdns+tinydns user for many, many years. I want to keep using it, so answers of the form "bletch! Use ISC BIND the way BSD intended" will be ignored :-) Having said that, one annoying consequence of my transition some time ago to using ntpd, rather than just setting the clock once-off with ntpdate as I used to, is that the /etc/rc.d mechanism starts

Just a quick question, My system is quite heavily customised with regard to permissions and MAC labels on system binaries. Is there any way to stop make installworld resetting all my customisation? At the moment I have a set of scripts to set permissions on everything but that's not exactly ideal. Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

I've been making my own custom RHEL / CentOS boot CDs for years, and all of the instructions for such work call out to take a distro's CD, and copy key files from it. Among those files are those that I think are associated with the the SYSLINUX/ISOLINUX project; e.g.: http://mirror.centos.org/centos/6/os/x86_64/images/ http://mirror.centos.org/centos/6/os/x86_64/isolinux/ Two

On 10/13/2015 01:40 PM, Brian Reichert wrote: > On Tue, Oct 13, 2015 at 12:51:07PM -0400, Brian Reichert wrote: >> On Tue, Oct 13, 2015 at 11:42:08AM -0500, Johnny Hughes wrote: >>> The info you are looking at there is for CentOS-7 .. the syslinux for >>> CentOS-6 is here: >>> >>>

On Tue, Oct 13, 2015 at 11:42:08AM -0500, Johnny Hughes wrote: > The info you are looking at there is for CentOS-7 .. the syslinux for > CentOS-6 is here: > > http://vault.centos.org/6.7/os/Source/SPackages/syslinux-4.04-3.el6.src.rpm > > The CentOS team did not modify that source code, we just built it as is. > > That source code produces the syslinux binary used by

On Tue, Oct 13, 2015 at 12:03:00PM -0400, Jonathan Billings wrote: > On Tue, Oct 13, 2015 at 11:38:06AM -0400, Brian Reichert wrote: > > Does anyone have any insight on these topics, or, at the very least, > > a better forum to pursue them? > > The patches used to build the latest syslinux package for CentOS7 are > here: > >

First off, I have to admit that I'm uncertain if this is the appropriate forum; I'd be happy for suggestions about where else to look. I'm doing this work on a stock install of CentOS-7-x86_64-Minimal-1810.iso, with no updates. I'm trying to create an RPM database from a custom set of RPMs. One RPM ('openldap-ltb' from the LDAP Tool Box project (ltb-project.org) has a

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here.

On Tue, Oct 13, 2015 at 03:18:16PM -0500, Johnny Hughes wrote: > On 10/13/2015 01:40 PM, Brian Reichert wrote: > > On Tue, Oct 13, 2015 at 12:51:07PM -0400, Brian Reichert wrote: > >> On Tue, Oct 13, 2015 at 11:42:08AM -0500, Johnny Hughes wrote: > >>> The info you are looking at there is for CentOS-7 .. the syslinux for > >>> CentOS-6 is here: >

http://bugs.freedesktop.org/show_bug.cgi?id=23495 Summary: nouveau KMS produces no output on a Dell 3008WFP monitor Product: xorg Version: unspecified Platform: x86-64 (AMD64) OS/Version: Linux (All) Status: NEW Severity: normal Priority: medium Component: Driver/nouveau AssignedTo: nouveau at

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and