Displaying 20 results from an estimated 3000 matches similar to: "Login.Access"
2012 Jun 08
13
Default password hash
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distributions?
Index: etc/login.conf
===================================================================
--- etc/login.conf (revision
2004 Apr 20
10
TCP RST attack
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
----Quote----
"The impact of this vulnerability varies by vendor and application, but in
some deployment scenarios it is rated critical. Please see the vendor
section below for further information. Alternatively contact your vendor
for product specific information.
If exploited, the vulnerability could allow an attacker to create a
2004 Feb 26
2
HEADS UP: OpenSSH 3.8p1
Take the usual precautions when upgrading.
Also note that I have changed some configuration defaults: the server
no longer accepts protocol version 1 nor password authentication by
default. If your ssh client does not support ssh protocol version 2
or keyboard-interactive authentication, the recommended measures are:
1) get a better client
2) get a better client (I mean it)
3) get a better
2013 Mar 13
1
[patch] Incorrect umask in FreeBSD
Normally, in the !UseLogin case on a system with login classes, the
umask is set implicitly by the first setusercontext() call in
do_setusercontext() in session.c. However, FreeBSD treats the umask
differently from other login settings: unless running with the target
user's UID, it will only apply the value from /etc/login.conf, not that
from the user's ~/.login.conf. The patch below
2012 Dec 12
1
How to create Jail in FreeBSD
Operating system virtualization is the most effective way to utilize your system resources, jails let you setup isolated mini-systems. Jails are explains well in handbook however, from practical standpoint of view, the presented material is incomplete.
The post below setup few scrips that follow handbook's 'Application of Jails' article and enhance with few missing features
2017 Jul 24
8
syslog from chrooted environment
I have a somewhat busy sftp server where the users are all chrooted into
their home directory. In order to log all the commands they enter, I
have to create a /dev/log entry and hard link in their home directory so
that syslog works for their commands
Match user *
ForceCommand internal-sftp -f local1 -l verbose
Everything works, but its a bit of a pain if someone restarts syslogd
and forgets
2016 Dec 13
4
pkcs #11/hardware support for server keys/sshd?
Hello,
Is there any support (existing or planned) for host keys/certs being
managed by some hardware device (tpm,hsm,etc..) instead of a flat
file?
thanks,
-Kenny
2013 Jan 06
2
audit events confusion
On a rather full customer web server, I am trying to track down whose
web site script is trying to make outbound network connections when they
should not be. In /etc/security/audit_control, I added to the flags line
dir:/var/audit
flags:lo,aa,-nt
minfree:5
to log failed network connection. When I try an make an outbound
connection to something that is blocked in pf, it seems to sometimes
work.
2007 May 19
2
PAM exec patch to allow PAM_AUTHTOK to be exported.
I figure some one here may find this interesting. I just begun work
on allowing a smb home directory to be automounted upon login.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_exec.c.diff
Type: text/x-patch
Size: 213 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070519/19e6bd01/pam_exec.c.bin
2016 Mar 04
2
Using 'ForceCommand' Option
Lesley Kimmel <lesley.j.kimmel at gmail.com> writes:
> So I probably shouldn't have said "arbitrary" script. What I really
> want to do is to present a terms of service notice (/etc/issue). But I
> also want to get the user to actually confirm (by typing 'y') that
> they accept. If they try to exit or type anything other than 'y' they
> will be
2017 Sep 26
2
tweaking max sessions / scaling
Other than cranking up logging to debug2, is there a way to better tune
logging on a server to see if I am running into max sessions ? On
FreeBSD RELENG11 I am periodically seeing connections being refused-
3way handshake not completing or completing and then FINs.
Typically, I have a hundred or so connections at one time, but they can
bounce up to a few hundred on occasion. Without leaving the
2006 Sep 05
2
http://www.openssl.org/news/secadv_20060905.txt
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada
2004 Jan 16
1
HiFn / FAST_IPSEC question
Hi,
Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip.
hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff
irq 5 at device 0.0 on pci1
hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions
vs
hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0
on pci0
hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions
When it says "n
2008 Aug 15
2
SSH Command Line Password Support
Hello,
I am interested in an ssh that is not interactive in requesting the password, i.e, whereas I can specify the password in the command line when calling SSH.
I have wondered how such a feature has not been included in such a good client, as it seems there are many (and I have searched for this) people require this capability for their scripts/automation.
I understand the possibility of
2012 Sep 21
3
tws bug ? (LSI SAS 9750)
Hi,
I have been trying out a nice new tws controller and decided to enable
debugging in the kernel and run some stress tests. With a regular
GENERIC kernel, it boots up fine. But with debugging, it panics on
boot. Anyone know whats up ? Is this something that should be sent
directly to LSI ?
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi.
I experimented a bit with collecting entropy from the time it takes for
device_attach() to run (in CPU cycles). It seems that those times have
enough variation that we can use it for entropy harvesting. It happens
even before root is mounted, so pretty early.
On the machine I'm testing it, which has minimal kernel plus NIC driver
I see 75 device_attach() calls. I'm being very careful
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
> > X11Forwarding enabled by default.
> I'm not sure I see your point.
With X11Forwarding off by default, one would assume that it is only
enabled on a case-by-case basis for users or groups who
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd:
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
?
(security/openssh-portable, with HPN patches and MIT Kerberos,
although Kerberos is not actually configured on this server.) A
work-around is to disable aes128-cbc in sshd_config, but it would be
nice not to have my logs spammed with this. Currently
2017 Jul 25
3
syslog from chrooted environment
On 7/24/2017 8:39 PM, Nico Kadel-Garcia wrote:
>
> Why are the targets of the hardlinks evaporating on rebooting? Is that
> a FreeBSD'ism?
Its when syslogd stops/starts. The hardlinks need to be recreated for
some reason.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994
2003 Sep 23
3
OpenSSH: multiple vulnerabilities in the new PAM code
This affects only 3.7p1 and 3.7.1p1. The advice to leave
PAM disabled is far from heartening, nor is the semi-lame
blaming the PAM spec for implementation bugs.
I happen to like OPIE for remote access.
Subject: Portable OpenSSH Security Advisory: sshpam.adv
This document can be found at: http://www.openssh.com/txt/sshpam.adv
1. Versions affected:
Portable OpenSSH versions 3.7p1