similar to: Security updates

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

Hello, I recently did a 'make world' to update my base system due to the realpath bug. After that finished, I noticed that I still had the following statically compiled binaries laying around that did not get updated during a 'make world'. I track 4-STABLE. /usr/bin/miniperl /sbin/mount_kernfs /sbin/mount_devfs /sbin/modunload /sbin/modload /sbin/ft /stand/boot_crunch /stand/find

I'm not sure where else to ask about this, so please excuse me if this is the wrong forum. In trying to remove a 'nodump' flag on a directory with the 'chflags' command I have noticed that the 'nonodump' flag does not function. I see an open PR for the problem: o [2003/01/09] i386/46912 johan chflags nonodump fails I was wondering when this might be dealt with? Else is

Today I install FreeBSD release 4.8 on a machine for the first time. This is on a new machine so it could easily have as yet undetected hardware faults. I observe the 'dmesg' gives startup information not only for the latest boot but also information generated in a number of previous boots. I've not seen this with earlier FreeBSD realeases including 4.7. Is it normal for FreeBSD

Why there is a weekly script that rebuilds the locate database when: >>> WARNING >>> Executing updatedb as root. This WILL reveal all filenames >>> on your machine to all login users, which is a security risk. Is there a way to put dates on the periodic scripts report output for those who redirect the reports to files instead of mail messages? There is no easy

Just upgraded 4.7 to 4.8 stable. Hoped that timezone info will be up to date, but it still isn't though files in /usr/share/zoneinfo show new dates. For instance daylight saving time settings are outdated in Europe/Vilnius file. I'll try to recompile those files from sources got fom ftp://elsie.nci.nih.gov/pub/ but it would be nice to have updated info for the next release of freebsd or

Hello all, On my system, some users have expire day user settings. I write a (python) script then parse the: 7.th selection in the master.passwd blabla:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:1064005200:xxxx:xxxx:xxxx:xxxx How can I conver the number like 1064005200 to human readable date format ? Or, there is a way to collect the information from a command interactively ? Regards, Murat Ustuntas

what the heck is # ls -li /usr/\@LongLink 3 ---------- 1 root wheel 111 Jan 1 1970 /usr/@LongLink randy

Hi, first i must tell you, that my english is not the best, i hav learned my english from manpages and documentation. Please excuse this. I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting to the w3 through an DSL/ATM-Connection. Now i know the stateful handling of firewall-rules under linux with iptables.In the second i have understand that FreeBSD comes with the netfilter-extensions.

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

Hey *, as I sweat through another day of crap dealing with an all-in-one box (firewall, IDS, AVS, report generating, soon to be a VPN server) I'm wondering if someone has started a project to put some freeware together in some semblance of sanity on a FBSD box. There's basically nothing that this box does that a combo of IPFW (or another bsd filter), snort, ntop, and some other freeware

Derek Ragona wrote: >> I tried to implement a similar scheme in my hosts.allow on a FreeBSD >> 5.2.1 server. But when I try to test it from an IP outside my LAN, it >> still allows ssh logins. I even put in a line in hosts.allow to >> explicitly deny the IP I was ssh'ing from, but it still let me in. >> The behavior gives the appearance that TCP wrappers

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

After 'make install', this appears: lqqqqqqqq samba configuration options qqqqqqqqqk x x x Please select desired options: x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x [ ] syslog With syslog support x x x x [ ] ssl With ssl support x x x x [ ] ldap With LDAP2 support x x x x [ ]

I'm still kind of hung up looking for some definitive answers on this issue. Perhaps you guys can help me out? Frank Date: Mon, 29 Sep 2003 17:55:33 -0500 (CDT) From: "F. Even" <freebsdlists@elitists.org> Subject: re: upgrading 4.0 to stable To: freebsd-questions@freebsd.org Message-ID: <20030929225533.81D352FE@elitists.org> Content-Type: text/plain; charset=iso-8859-1

I have a grown list of IPs that I am "deny ip from ###.### to any". Infected machines, hackers, etc.. Is there a way to have this list outside of rc.firewall and just read it in?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel

Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD use the MIT implementation? I got an email from CERT about this. See the attached message below. -- Daniel Rudy >From - Sat Sep 04 03:22:15 2004 X-UIDL: a8f31551eb03ca144862bddc8ccce266 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:12.jailroute Security Advisory The FreeBSD Project Topic: Jailed processes can manipulate host routing tables Category: core Module: kernel

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this