similar to: Removable media security in FreeBSD

After testing the beta of CentOS 5, i was a little surprised to notice that the display manager part of the prefdm file in /etc/X11 was exactly like in CentOS 4 / RHEL4 and previous versions including RH9. it reads like this (added line numbers for reference): 14 # Run preferred X display manager 15 preferred= 16 if [ -f /etc/sysconfig/desktop ]; then 17 . /etc/sysconfig/desktop 18 if [

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

Trying to set up ltsp and their instructions are outdated for this setup. this is what I am referencing... http://ltsp.mirrors.tds.net/pub/ltsp/docs/ltsp-4.1-en.html#AEN984 Anyway, KDM is display manager and I am only getting grey screen with X # ps aux|grep kdm root 4275 0.0 0.0 3036 864 ? Ss Jul01 0:00 /usr/bin/kdm -nodaemon per the instructions... /etc/X11/xdm/Xaccess

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit

I'm interested in crafting firewall rules that throttle connections that have lasted more than a certain amount of time. (Most such connections are P2P traffic, which should be given a lower priority than other connections and may constitute network abuse.) Alas, it doesn't appear that FreeBSD's IPFW can keep tabs on how long a connection has been established. Is there another firewall

I need to build up a few servers and routers, and am wondering how FreeBSD 9.1 is shaping up. Will it be likely to be more stable and robust than 9.0-RELEASE? Are there issues that will have to wait until 9.2-RELEASE to be fixed? Opinions welcome. --Brett Glass

I would like to request that some useful work on networking be MFCed from -CURRENT to -STABLE in time for the release of FreeBSD 6.3. In particular, I'd like to see some of the Netgraph nodes which are new or which have seen extensive development brought in -- ng_nat and ng_car in particular. Bringing in the latest version of ng_nat would allow more flexible in-kernel NAT, while ng_car (which

How would i allow xwindows and xdmcp through would it be ACCEPT net -> fw all 117 and ACCEPT net -> fw all 6000:6100 ? and for that matter how would i stop x traffic from leaving the fw machine? REJECT fw -> net all 6000:6100 ?

In the next month or two I've got to upgrade a number of servers that are currently on an EOL'd version of 4-STABLE. I foresee that I'll have very limited time to do full OS upgrades on these systems in the coming several years, so I want to make sure I bring them onto an extended-life branch. Right now 4.11 has the furthest projected EOL date (Jan 31 2007), and the projected EOL

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

I haven't seen much on the lists lately regarding the status of FreeBSD 6.2, so I'd like to ask the Release Engineering team for their thoughts and projections. The calendar on the public "Release Engineering" page hasn't been updated since November, and those of us who await 6.2-RELEASE need to have some idea of what to expect. I don't know about everyone else, but

I'm running Wine release 20011004 and have created the floppy and CDs drives for my floppy, CD and CDRW. I am automounting the devices. 1. I've noticed that if I don't have a floppy or CD in the drive wine ignores it and even if I insert a disk later the app (notepad) never sees it. 2. I have two CDs, one a Creative DVD and the other a Plextor CDRW, and I've created the

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

From: Rodrigo Barbosa <rodrigob at suespammers.org> > rcS.d is not a runlevel. It is the equivalent of rc.sysinit on other > distributions/flavors or, should I say, and expansion of that idea. Correct, that's why I said "before" the run-levels at boot. But you still need to know about it. > 0 - Halt > 1 - Single User > 2 - Multi User (No NFS) > 3 - Multi

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

What does mean this bizarre msgid? maillog: Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>, size=1737, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] -- Nikolaj I. Potanin, SA http://www.drweb.ru ID

does any one know which /etc/pam.d file I'll need to edit to get pam_mount to work with x windows? Thanks

From: Rodrigo Barbosa <rodrigob at suespammers.org> > There is nothing wrong with using X11 at runlevel 3. The only thing > that can't be present is a display manager (KDM, XDM, GDM etc). That's _exactly_ what I'm talking about. Run-level 3 starts xdm. Several Linux distros use 2 for multi-user, 3 for multi-user w/X. Run-level 2 as multi-user w/o networking or w/o NFS was