Displaying 20 results from an estimated 200 matches similar to: "Chattr +i and securelevel"
2004 May 28
2
X & securelevel=3
running (4-Stable)
Hi,
short form question:
how does one run XDM under securelevel>0 ?
long version:
i've searched for an answer on how to run Xfree/Xorg at a securelevel
the X server likes access to /dev/io and some other resources but is not
granted access after security is switched on.
one way of doing it seems to be to start it before setting the securelevel, but
then is doesnt
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1)
2004 Feb 11
5
Question about securelevel
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is possible
by means of "mount -uw /");
- the only way to make
1998 Mar 12
2
FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-98:02 Security Advisory
FreeBSD, Inc.
Topic: security compromise via mmap
Category: core
Module: kernel
Announced: 1998-03-12
Affects:
2004 Sep 29
5
Kernel-loadable Root Kits
Thanks for the module, I think its a good idea to commit it to FreeBSD
for a few reasons:
1) Some folks just prefer more static kernels.
2) Securelevel is a great thing, but can be a pain to do upgrades around
remotely. [A lot of folks use FreeBSD simply because its a breeze to run
remotely].
3) Until someone writes code to add modules to a kernel via /dev/mem and
releases it to the script
2003 May 09
2
Problem installing kernel in single usermode
Hi,
I'm running 4.8-STABLE but I'm having some problems installing a new
kernel.
(in /usr/src make installkernel).
mv /kernel /kernel.old operation not permitted
My securelevel is currently set to -1 (kern_securelevel=-1) and
kern_securelevel_enable="NO"
I have already executed chflags noschg /kernel and /kernel.old (while in
single user mode).
What am I missing?
Thanks.
2003 May 24
1
ipfirewall(4)) cannot be changed
root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root@vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root@vigilante /root cuaa1# ipfw show
00100 0 0 allow
2004 Dec 16
2
Strange command histories in hacked shell server
Hi,
Sorry for cross posting.
I have with FreeBSD 5.3-stable server which serves as a public shell server.
FreeBSD public.ub.mng.net 5.3-STABLE FreeBSD 5.3-STABLE #6: Wed Nov 24
15:55:36 ULAT 2004 tsgan@public.ub.mng.net:/usr/obj/usr/src/sys/PSH i386
It has ssh and proftp-1.2.10 daemons.
However it was hacked and I'm trying to analyze it and having some
difficulties.
Machine is
1998 May 23
7
Re: Re: Re: Bind Overrun Bug and Linux (fwd)
> > systems which no longer seem to have this. This file contained an archive of
> > the trojan''s that were inserted into the compromised system - does anybody know
> > what is in these trojans?
>
> Check the Linux RootKit ... (LRK)..
>
> Typically LRK to use config-files.. (and typically LRK-users to place
> files in /dev.. find /dev -type f | grep -v
2006 Mar 01
3
Remote Installworld
I'm currently administering a machine about 1500mi from me with nobody
local to the machine to assist me. Anyways, my only access to this
machine is via SSH, no remote serial console or anything.
When I try to do a "make installworld" I end up with
install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not
permitted
very shortly thereafter. I cannot boot
2010 Sep 06
2
MSIX failure
Hi all, I moved from 8.0-RELEASE to last week's -STABLE:
$ uname -v
FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC
and all seems well except my network card is unusable. On boot up:
em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0
em0: Setup
2000 Dec 18
0
FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:77 Security Advisory
FreeBSD, Inc.
Topic: Several vulnerabilities in procfs
Category: core
Module: procfs
Announced: 2000-12-18
2004 Jun 07
1
freebsd-security Digest, Vol 61, Issue 3
On Sat, 29 May 2004 12:00:52 -0700 (PDT),
<freebsd-security-request@freebsd.org> wrote:
Hello !
Today i see in snort logs :
[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566
TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:
2011 Nov 16
1
Starting X11 with kernel secure level greater than -1/0.
Hi, is there any chance (if yes, how to do this?) to use the xf86
driver which "provides access to the memory and I/O ports of a
VGA board and to the PCI configuration registers for use by
the X servers when running with a kernel security level greater
than 0" in FreeBSD*?
Then it will be possible to start X environment with a kernel
secure level > 0, right? Normally it is impossible
1996 Nov 14
1
Security hole in Debian 1.1 dosemu package
In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos
setuid root. This is a serious security hole which can be exploited
to gain access to any file on the system.
Package: dosemu
Version: 0.64.0.2-9
------- start of cut text --------------
$ cat /etc/debian_version
1.1
$ id
uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom)
[quinlan:~]$ ls -al
1997 May 25
5
signing syslog files with PGP
I am thinking about writing some sort of deamon which signs syslog
files with PGP.
This should help dedecting unauthorised changes in the syslog files.
What I have in mind works as follows:
Whenever a new line is added to a syslog file the existing syslog file
checked against the privious made signature. If the file passes this
test, the new line(s) is/are added. Then a new signature is
2006 Dec 06
2
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:25.kmem Security Advisory
The FreeBSD Project
Topic: Kernel memory disclosure in firewire(4)
Category: core
Module: sys_dev
Announced:
2008 Feb 01
3
swapping on centos 5.1
Hi all,
I used to use centos 4.5 on an AMD 4800+ with 2GIG ram.
Now I use centos 5.1 on AMD 6400+ with 4GIG RAM.
The system responsiveness is different between the two.
I noticed that centos 5.1 seems to be swapping programs out
of memory at times resulting in slowness (perceived by me).
I played with swappiness (/proc/sys/vm/) setting to 10, then 1 then 0.
Still resulted in the same perceived
2012 Sep 19
0
schg flags from installworld
On Tue 2012-09-18 (23:31), Gareth de Vaux wrote:
> Looking at /usr/src/share/mk/bsd.prog.mk and /usr/src/share/mk/bsd.lib.mk -
> bins and libs get installed with schg if PRECIOUSPROG and PRECIOUSLIB are
> set respectively in their makefiles, both of which can be overridden by
> setting NO_FSCHG, presumably in /etc/make.conf.
>
> Without this doing jail maintenance/upgrades is a
2006 Jan 26
7
strange problem with ipfw and rc.conf
Hi all:
I have strange probelm with rc.conf. I set up ipfw
(compiled into kernel) on freebsd-5.4 and it doesn't
seem to load ipfw rulesets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations
here is my rc.conf:
host# more /etc/rc.conf