similar to: chroot() as non-root user?

Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if

Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if

I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1. I'm sending him the diffs to integrate into his distribution. I'd also like to submit them to someone with FreeBSD for consideration, and hopefully inclusion as a port or whatever you prefer. Who could I send them to, or what would you prefer me to do with regard to FreeBSD? Thanks, Rich Murphey

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, are there any plans to allow FreeBSD jails to bind to more than one IP address? My scenario (virtual hosting) : 3 front-end hosts with 2 interfaces each, one on the public network, the other on a private subnet. 1 back-end host, providing NFS mounts for the front-ends. This scenarion is not uncommon in ISP environments, usually with a big

Hello, What do you recommend for keeping track of user activities? For preserving bash histories I followed these recommendations: http://www.defcon1.org/secure-command.html They include using 'chflags sappnd .bash_history', enabling process accounting, and the like. My goal is to "watch the watchers," i.e. watch for abuse of power by SOC people with the ability to view

All, I've decided to publish something I threw together. I recently installed NUT and found it to be a hassle to switch between the CGIs for web access. I created some HTML to provide an easy way to go between the CGIs easily and quickly. It uses the exact same color scheme that the default CGIs use. I would very much appreciate any input. I am open to having this included with the main

All, I've decided to publish something I threw together. I recently installed NUT and found it to be a hassle to switch between the CGIs for web access. I created some HTML to provide an easy way to go between the CGIs easily and quickly. It uses the exact same color scheme that the default CGIs use. I would very much appreciate any input. I am open to having this included with the main

There is malware that names the files .crypt A novel solution here https://isc.sans.edu/diary/Novel+method+for+slowing+down+Locky+on+Samba+server+using+fail2ban/20805 though it seems locky specific I use this non-samba solution in cron.hourly. Pretty awful, but it works for malware that I know about. I have fast drives, so updatedb only takes a few seconds. #!/bin/sh updatedb wait 20 if

Hi. Here you can find patches with changes to gmirror(8) and graid3(8): http://people.freebsd.org/~pjd/patches/gmirror.7.patch http://people.freebsd.org/~pjd/patches/graid3.patch The patches does the following: - Significant synchronization speed improvement. Now many parallel synchronization I/O requests can be used instead of only one before. Many people requested this. - Close race

I seem to have NUT all working with my R3000XR, except for the CGIs. The webserver's all properly configured and upsstats.cgi *runs*, but doesn't yield any useful output - no values are displayed, every value is replaced by [error: Invalid argument]. Apache is not logging any resulting errors, and there doesn't seem to be a lot of useful documentation on the CGIs to troubleshoot

ZFS works really stable on FreeBSD, but I''m biggest problem is how to control ZFS memory usage. I''ve no idea how to leash that beast. FreeBSD has a backpresure mechanism. I can register my function so it will be called when there are memory problems, which I do. I using it for ARC layer. Even with this in place under heavy load the kernel panics, because memory with KM_SLEEP

Hi. I''m happy to inform that the ZFS file system is now part of the FreeBSD operating system. ZFS is available in the HEAD branch and will be available in FreeBSD 7.0-RELEASE as an experimental feature. Commit log: Please welcome ZFS - The last word in file systems. ZFS file system was ported from OpenSolaris operating system. The code in under CDDL license. I''d

Hi. I've no response from so@ in this topic, probably because leak of time, so I'll try here. Here is a patch that I'm planing to commit: http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch It adds two new sysctls: security.bsd.hardlink_check_uid security.bsd.hardlink_check_gid If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users are not

Hi. I''ve almost all file system functions working. I started to run some heavy file system regression tests. They work. fsx wasn''t able to break my port, but the test you can find here: http://people.freebsd.org/~kan/fsstress.tar.gz broke it. My kernel panics on this assertion (zfs_dir.c): 749: mutex_exit(&dzp->z_lock); 750: 751: error =

Hi. I''m working on getting the most recent ZFS to the FreeBSD''s CVS. Because of the huge amount of changes, I decided to work on ZFS regression tests, so I''m more or less sure nothing broke in the meantime. (Yes, I know about ZFS testsuite, but unfortunately I wasn''t able to port it to FreeBSD, it was just too much work. I''m afraid it is too

I''m CCing zfs-discuss at opensolaris.org, as this doesn''t look like FreeBSD-specific problem. It looks there is a problem with block allocation(?) when we are near quota limit. tank/foo dataset has quota set to 10m: Without quota: FreeBSD: # dd if=/dev/zero of=/tank/test bs=512 count=20480 time: 0.7s Solaris: # dd if=/dev/zero of=/tank/test bs=512 count=20480 time: 4.5s

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful

Tuning should not be done in general and Best practices should be followed. So get very much acquainted with this first : http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide Then if you must, this could soothe or sting : http://www.solarisinternals.com/wiki/index.php/ZFS_Evil_Tuning_Guide So drive carefully. -r

Hi. I noticed that when non-64bit variable is given as a second argument to atomic_add_64() function, the result is invalid. I found few places where such situation occurs. I wonder how this got unnoticed with ztest, which fails on me within a few seconds (after I started to use Solaris atomic operations) on assertions. Maybe this only doesn''t work when compiled with gcc? Not sure, but