similar to: Dovecot/MSQL issue

On 30/06/2019 13:36, Aki Tuomi via dovecot wrote: >> >> Hello, I'm trying to work through an issue that cropped up on a server I've been working on and haven't found a very good workaround. >> >> Dovecot is operating in a jailed environment. >> >> The configuration in dovecot-sql.conf.ext has been set appropriately with the host=127.0.0.1 (which

> > > Hello, I'm trying to work through an issue that cropped up on a server I've been working on and haven't found a very good workaround. > > Dovecot is operating in a jailed environment. > > The configuration in dovecot-sql.conf.ext has been set appropriately with the host=127.0.0.1 (which works from a jailed environment) and when dovecot attempts to auth it

Actually, it seems I may have been wrong in initial assumption that the issue with the client was that it was being identified to mysql as coming from localhost when connecting via tcp. This is what syslog indicated as a reason for the failure but its not the whole picture. As John mentioned I am trying to have dovecot connect over TCP to mysql (not using the socket), and the issue looked like

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is

On 01/07/2019 09:48, lorek via dovecot wrote: > Actually, it seems I may have been wrong in initial assumption that > the issue with the client was that it was being identified to mysql as > coming from localhost when connecting via tcp. > This is what syslog indicated as a reason for the failure but its not > the whole picture. > > As John mentioned I am trying to have

Dear all I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. Does anybody have a

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?

Hi there asterisk goes to 90% cpu usage when trying to authenticate a sip friend using realtime mysql, no other message does appear at cli and asterisk hungs; here some info: *CLI> realtime load sipfriends name 104 Jan 13 11:52:21 DEBUG[8928]: res_config_mysql.c:109 realtime_mysql: MySQL RealTime: Retrieve SQL: SELECT * FROM sipfriends WHERE name = '104' Jan 13 11:52:21 DEBUG[8928]:

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming plenty of disk space, 1GB ram and a dual processor PIII 1.13Ghz

MSQL, not MySQL. I don''t like rails to use COMMIT command. Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to

I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.

Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's

Hi. When we don't have too many IP addresses available and we want to run for example www server inside a jail, but use the same IP address as the main system, we need to actually use an internal IP address and forward http port with firewall from external IP to jail's IP. In that way we know that if somebody breaks into out jail, he cannot run sshd server (we have keys, I know) or any

On 6/26/19 4:50 PM, Rowland penny via samba wrote: > Run: > > pdbedit -i smbpasswd:/var/db/samba4/private/smbpasswd -e > tdbsam:/var/db/samba4/private/passdb.tdb > > Change: > > passdb backend=smbpasswd:/var/db/samba4/private/smbpasswd > > To: > > passdb backend = tdbsam:/var/db/samba4/private/passdb.tdb > > And try again. Thanks. Should I try

I read this (http://www.petur.eu/blog/?p=459) blog post today. It's about that a remote user with root privilegs to a FreeBSD jail & user privileges to the jails host machine can obtain root privileges on the host machine. Can someone confirm if this bugg/exploit works?