similar to: Question about securelevel

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

Am I correct in assuming that if I do a: make OPENSSL_OVERWRITE_BASE=yes install clean in /usr/ports/security/openssl ( after updating my ports tree ) that the port will overwrite the base openssl, thus not requiring the subsequent patch and recompile of the OS to patch this Vulnerability? Dana

My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. What are my options on monitoring activity on my external card? This morning I noticed my DSL modem activity light is blinking non-stop. Looking at /var/log/ don't see anything suspicious. I feel tempted to add "log" to all my ipfw pass rules, but wonder if there isn't a better way. I am mostly concerned

yes unless you use the version as of :> 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) check it out with uname -a if it does not say -p1 it affects you. My guess, you are affected :) cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van:

has anyone played with the securelevel variable in the kernel and the immutable flags in the ext2 file system? The only way I have found to change the flag is by patching sched.c from int securelevel=0 to int securelevel=1 The sysctrl code seems to allow the setting of the flag only by init (PID=1) and only upwards (0->1, etc). The problem is that I haven''t found a way to get init

running (4-Stable) Hi, short form question: how does one run XDM under securelevel>0 ? long version: i've searched for an answer on how to run Xfree/Xorg at a securelevel the X server likes access to /dev/io and some other resources but is not granted access after security is switched on. one way of doing it seems to be to start it before setting the securelevel, but then is doesnt

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

I see that a number of questions are being answered on the new web forum that is now part of the centos site. And the mailing lists So now there are two places to search, both the forum and the mailing list archives. This is just doubles the work required to follow along or find a solution. I know NNTP isn't sexy, it doesn't allow graphics in posts, it doesn't have person

I'm currently administering a machine about 1500mi from me with nobody local to the machine to assist me. Anyways, my only access to this machine is via SSH, no remote serial console or anything. When I try to do a "make installworld" I end up with install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not permitted very shortly thereafter. I cannot boot

. Monday, July 5, 2004 15:50:06 (-08:00hrs UTC) Hello asterisk-users, From the following post: On Mon, 5 Jul 2004, Joe Baptista wrote: > On Mon, 5 Jul 2004, Randy Bush wrote: >> i did not criticize the protocol. remember, my question started >> with >> >> >> i am looking at iax to

Hi all, I moved from 8.0-RELEASE to last week's -STABLE: $ uname -v FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC and all seems well except my network card is unusable. On boot up: em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0 em0: Setup

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:02 Security Advisory FreeBSD, Inc. Topic: security compromise via mmap Category: core Module: kernel Announced: 1998-03-12 Affects:

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call

Thanks for the module, I think its a good idea to commit it to FreeBSD for a few reasons: 1) Some folks just prefer more static kernels. 2) Securelevel is a great thing, but can be a pain to do upgrades around remotely. [A lot of folks use FreeBSD simply because its a breeze to run remotely]. 3) Until someone writes code to add modules to a kernel via /dev/mem and releases it to the script

On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.

On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: > On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >> But the bottom line is the same: in both cases you are executing >> somebody's else code on your computer. > > > your computer is *ALWAYS* executing someone elses code, unless you wrote > every line of code in it, including the BIOS and the firmware of all the >

Hi, poids taille fumeur sexe sport etat 85 184 oui homme 1 malade 65 175 oui homme 1 malade 74 180 oui homme 2 gueri 79 175 oui homme 2 malade 71 165 non homme 3 gueri 80 185 non homme 3 gueri 75 180 non homme 4 malade 69 155 non homme 4 malade 74 168 oui

root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow