Re: PPPoE and static IP block
On 11/11/05, Joe S <[EMAIL PROTECTED]> wrote: > > >> SBC equipment with an OpenBSD box. Get the WAN IP from SBC's tech, or > > > this is trivial to do. I run SBC static and use OpenBSD for PPPoE and > pf. > > This *should* be simple, but it's not. SBC no longer provides WAN IPs > for home users that want static. > > You get a a single block of "sticky" IPs. According to SBC Tier 2 > support, I can't do what I want without the Netopia. Tier 2 is probably misinformed, I don't think the "sticky" IPs have anything to do with the Netopia. After sitting with an SBC tech for an hour while he tried to troubleshoot a "sticky" IP and account issue I believe the IP just gets associated with the PPPoE account. After all, they do support other routers for their service and the Netopia isn't anything special. You have full access to your router after the account is setup, just grab the WAN IP from the router and test with an OpenBSD box. Greg
Re: ssh brute force attacks
On Sat, Nov 12, 2005 at 01:14:08AM +, Stuart Henderson wrote: > On 2005/11/12 01:11:02, Joachim Schipper wrote: > > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep > > > state > > > (max-src-conn-rate 3/10, overload flush) > > > > This sort of thing is really popular, but I don't see the point. > > See pf.conf(5) about max-src-conn, and compare it with max-src-states. That's true. Sorry, should have RTFMP. Regardless, while this makes the attack more difficult, the added difficulty doesn't amount to much. Hubs will allow sniffing easily, and switches can usually be degraded to hubs. Methinks a combination of sniffing the return traffic (SYN/ACK) and forging the response is enough (this is assuming the spoofed host does not return a RST for nonsense SYN/ACKs - I'm fairly certain that there's a way around that too, most likely just racing the gateway, but that would complicate matters unnecessarily). I'm thinking of a couple of hosts, attached to a hub (or 'hubbable' switch). If this attack really doesn't work, well, I'll be happy to learn something new and/or Read Some More FMP... but in the meanwhile, I can live with the log entries. (Of course, the real Braindead Error above was me seemingly thinking that dropping the default gateway would help. Instead, drop some other, more interesting host.) Joachim
Re: ssh brute force attacks
On 11/11/05, J Moore <[EMAIL PROTECTED]> wrote: > > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep > > > state > > > (max-src-conn-rate 3/10, overload flush) > > > > which only works with OpenBSD >= 3.7 ( and my server is 3.5 :-( ) > > > Just out of curiosity, why haven't you upgraded? Because when I installed the server, I used the only OpenBSD CDs I had (v3.5) whereas current version was 3.7... and I don't really know if it is difficult or not to upgrade, and since the server is in production, I'm frightened to break it :-( So I never did it ! Maybe I first should try on a simple PC, before the server... > Let me guess... it's on a Soekris box, and you don't enjoy re-learning > an obtuse task every 6 months? No no, you loose : it's an old 1U Dell server :-) Fabien
Re: ports out-of-date question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Nov 10, 2005 at 12:40:46PM -0600, Denny White wrote: Okay Andy, I appreciate the info. If you have time, can you answer one more question? Could I alleviate this discrepancy by pkg_delete all installed packages and also deleting all of /usr/ports/distfiles, and then reinstall packages? And yes, On Nov 11 Jacob Meuser contributed the following: I'm not Andy, but I do have a moment to answer ... As Andy said, sometimes snapshot packages lag behind userland snapshots. So installing packages might or might not make a difference. If the packages are newer than the base snapshot, then it probably will at least take care of libc and libpthread "out of date" reports. There's no need to delete everything in /usr/ports/distfiles. That definitely won't make a difference, and if you build ports, you will probably be redownloading some of those files. -- <[EMAIL PROTECTED]> Thanks for the reply and info, Jacob. I cvsup'd new src, deinstalled all packages, rebuilt everything, and then started adding packages. Initially, it showed several packages needing updating when I ran ./out-of-date, so I ran pkg_add -u and it took care of all except: devel/gettext # expat.4.0 -> expat.5.0 Maybe with this it's as you say, package is lagging behind userland, but it's a site better than before, if you read the list of files in the original message. I'm not an obsd programmer/developer, and the cvsup/rebuild stuff was just for learning purposes. Definitely not being done on a pro- duction box. Probably won't be doing it again, following current, that is. I'll be doing a new install when I get my 3.8 cd's, and from then on, I'll just be updating that. Thanks again for the help. Denny White GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A iD8DBQFDdc7Oy0Ty5RZE55oRAqKNAKCskO5vtEpaR2lFhoF3K0RVRm8x5ACfQ2TT 4+aP1+2NsaLTAagOPe+9VpE= =14Jl -END PGP SIGNATURE-
machdep.allowaperture for remote x
Hi I apologise if this has been answered before but googling for related info and scouring sysctl-related man pages has not been fruitful so far. I have a headless server box (sparc64) from which I want to run a diskless client (i386). I want the client to have its own X server but run X apps on the server box. I am basing the diskless machine's distribution on LTSP. My question is... as I am not intending to run an X Server on my headless box but I do want to run X Clients, do I agree to the installation question (on the sparc64 box) Do you expect to run the X Window System? [yes] With yes or no? Cheers and thanks in advance. -Penfold
Re: identd - what am I missing
On Fri, 11 Nov 2005, J.D. Bronson wrote: > I am running 3.8 and on a single machine with no pf or nat... > > I disabled identd in inetd.conf. > I issued a kill -1 on the identd process. ^ identd process or inetd process ? After a change in inetd.conf you want to kill -HUP the latter, inetd. If you see an identd running than you may either see something spawned by inetd or a standalone identd which is not ran from inetd. In that case you'll need to kill identd and/or remove it from your rc startup. Dw.
Re: machdep.allowaperture for remote x
Michael Quaintance <[EMAIL PROTECTED]> wrote: > My question is... as I am not intending to run an X Server on my > headless box but I do want to run X Clients, do I agree to the > installation question (on the sparc64 box) > > Do you expect to run the X Window System? [yes] > > With yes or no? With "no". As you already realized, this only sets the machdep.allowaperture sysctl, which in turn is only required for the X11 server. -- Christian "naddy" Weisgerber [EMAIL PROTECTED]
Re: ssh brute force attacks
On 11/11/05, stan <[EMAIL PROTECTED]> wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password for root. > > Any sugestions as to how to deal with this? Change the port ssh is > listening on maybe? > > -- > U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong > Terror > - New York Times 9/3/1967 > > Hey, As daft as it sounds, have youtried using OS fingerprinting to block linux hosts on ports 22. I had the same problem, and this fixed it for sure ;). Great until you need to connect using a linux box. Best Regards Edd
Re: identd - what am I missing
At 06:08 AM 11/12/2005, you wrote: > I disabled identd in inetd.conf. > I issued a kill -1 on the identd process. ^ identd process or inetd process ? After a change in inetd.conf you want to kill -HUP the latter, inetd. If you see an identd running than you may either see something spawned by inetd or a standalone identd which is not ran from inetd. In that case you'll need to kill identd and/or remove it from your rc startup. Dw. Thanks...but I did that (was a typo). I just dont understand why (when identD is disabled in inetd.conf) that the machine does not immediately respond back with CONNECTION REFUSED - but sits for 5-8 seconds. As a better fix for now, I simply added a block RST into pf.conf and basically accomplished the same thing. -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: Anyone tried a sun fire X2100 server yet?
> > cpu0: AMD Opteron(tm) Processor 148, 1005.28 MHz > > 1Ghz? So slow? :-) It's cheaper and shows the superiority of low-tech cgi more clearly ;) http://undeadly.org/cgi?action=article&sid=20051112002121&pid=1&mode=flat (yes, Will, 3.8-release and -stable work fine) Daniel
Re: machdep.allowaperture for remote x
> I apologise if this has been answered before but googling for related > info and scouring sysctl-related man pages has not been fruitful so far. > > I have a headless server box (sparc64) from which I want to run a > diskless client (i386). I want the client to have its own X server but > run X apps on the server box. I am basing the diskless machine's > distribution on LTSP. > > My question is... as I am not intending to run an X Server on my > headless box but I do want to run X Clients, do I agree to the > installation question (on the sparc64 box) > > Do you expect to run the X Window System? [yes] > > With yes or no? This option is only needed for running the X server.
Re: PPPoE and static IP block
On Fri, 11 Nov 2005, Joe S wrote: > >> SBC equipment with an OpenBSD box. Get the WAN IP from SBC's tech, or > > this is trivial to do. I run SBC static and use OpenBSD for PPPoE and pf. > > This *should* be simple, but it's not. SBC no longer provides WAN IPs > for home users that want static. > Huh? Ever heard of traceroute? > You get a a single block of "sticky" IPs. According to SBC Tier 2 > support, I can't do what I want without the Netopia. > Of course they're going to say that - that's the script provided. > Perhaps a bridging PF box is the way to go... > Could be, but some of the 'routeers' they provide are so brain dead that they would be completely useless for normal operations. Lee
Re: ssh brute force attacks
Joachim Schipper wrote: > > See pf.conf(5) about max-src-conn, and compare it with > > max-src-states. > > That's true. Sorry, should have RTFMP. > > Regardless, while this makes the attack more difficult, the added > difficulty doesn't amount to much. Hubs will allow sniffing easily, > and switches can usually be degraded to hubs. Perhaps I missed something in this thread, but what are you talking about? This is why you run SSH and not telnet--so that traffic sniffing doesn't reveal the contents of the packets. Also, quality manageable switches can (and should) be configured so that overloading their MAC table is pretty much impossible. > Methinks a combination of sniffing the return traffic (SYN/ACK) and > forging the response is enough (this is assuming the spoofed host does > not return a RST for nonsense SYN/ACKs - I'm fairly certain that > there's a way around that too, most likely just racing the gateway, > but that would complicate matters unnecessarily). Again I'm not certain what you are getting at here. Perhaps it's too early and I'm missing something, but this is another reason why one would run OpenBSD as the TCP stack does a lot of bounds checking and randomization which makes these attacks more difficult. In addition to this, SSH performs cryptographic session integrity. As for the gateway, it really has little to do with an SSH session between two hosts. > I'm thinking of a couple of hosts, attached to a hub (or 'hubbable' > switch). > > If this attack really doesn't work, well, I'll be happy to learn > something new and/or Read Some More FMP... but in the meanwhile, I can > live with the log entries. > > (Of course, the real Braindead Error above was me seemingly thinking > that dropping the default gateway would help. Instead, drop some > other, more interesting host.)
Re: Accounting with "ac" in /etc/monthly
On Thu, Nov 10, 2005 at 06:56:46AM +0100, Andreas Bihlmaier wrote: > Hello misc@, > > a question that bugged me for quite a while: > > Why is the accounting in /etc/monthly? > I reffer to these (commented out) lines: > > #echo "" > #echo "Doing login accounting:" > #ac -p | sort -nr +1 > # > #echo "." > > If I uncomment them (as suggested in "Absolute OpenBSD" to get some basic > accounting (or just to find out HOW much time I spend in front of the screen). > > I get a report ever month, BUT now the problem: > > The way I read "man 8 ac" it states > > The default wtmp file will increase without bound unless it is truncated. > It is normally truncated by the daily scripts run by cron(8), which re- > name and rotate the wtmp files, keeping a week's worth of data on hand. > No login or connect time accounting is performed if /var/log/wtmp does > not exist. > > note that the man page was a little confusing here, since it sounds like the /etc/daily script controls wtmp size. rather newsyslog does this. i have just committed a fix to the page to clarify that. > Doesn't this mean that I only get accounting for the last week of the month? > Shouldn't the lines above moved to /etc/weekly? > Did I miss something, or is this the intended behavior (for what reason)? > that's right. i just moved the ac(8) stuff from /etc/monthly to /etc/weekly. of course you could also adjust newsyslog to rotate wtmp less often. jmc
Re: ath0: bogus xmit rate 0x0
Alexandre wrote: On the other hand, I can't use OFDM54 and use the 802.11g feature. What if you leave the media on autoselect but specify mode 11g in your /etc/hostname.ath0 file?? Sevan
Re: OpenBSD Desktop Document
On 11/8/05, Joe S <[EMAIL PROTECTED]> wrote: > > In general, this is a good start. One more piece of advice, try not to > make the document too narrative, but rather just put in what the user > needs to know to get a desktop working. One piece of advice, take a look at gentoo's install docs. Just enough handholding, but with enough background explanation so that a user knows what's going on. -Tai
selecting a wireless networking card
Hi misc, Please mind my stupidity for asking this. I'm trying to replace my 802.11b wireless card with the 802.11g card on my openbsd box. I think im going to go with either the ath driver or ral since I want it to run on hostap mode. However, I just bought a D-Link G520 (Hardware rev: b3) and it turned out to be not supported by OpenBSD 3.8. So, I think I'm going to go with Linksys WMP54G v4 since they pretty much only sell D-Link or Linksys in here. What I would like to know is, if there's any of you who bought the Linksys WMP54G v4 and it worked on OpenBSD box in hostap mode, can you please let me know how would you identify if it's a version 4? Is it really written on the box? Because the store pretty much don't know anything about it. Thanks in advance for your help, I just don't wanna get another wireless card that wont work in my box. -Reza
Re: OpenBSD Desktop Document
I have to agree, Gentoo's install docs are some of the best out there and will allow just about anybody to install OpenBSD. On 11/12/05, bofh <[EMAIL PROTECTED]> wrote: > > On 11/8/05, Joe S <[EMAIL PROTECTED]> wrote: > > > > In general, this is a good start. One more piece of advice, try not to > > make the document too narrative, but rather just put in what the user > > needs to know to get a desktop working. > > > > One piece of advice, take a look at gentoo's install docs. Just enough > handholding, but with enough background explanation so that a user knows > what's going on. > > -Tai > > -- - Derek Tracy [EMAIL PROTECTED] -
51� Feira do Livro de Porto Alegre
Veja comentarios e os livros no WWW.SUBMARINO.COM.BR clicando [IMAGE] Veja comentarios e os livros no WWW.SUBMARINO.COM.BR clicando Veja comentarios e os livros no WWW.SUBMARINO.COM.BR clicando
Re: selecting a wireless networking card
Reza Muhammad wrote: Hi misc, Please mind my stupidity for asking this. I'm trying to replace my 802.11b wireless card with the 802.11g card on my openbsd box. I think im going to go with either the ath driver or ral since I want it to run on hostap mode. However, I just bought a D-Link G520 (Hardware rev: b3) and it turned out to be not supported by OpenBSD 3.8. So, I think I'm going to go with Linksys WMP54G v4 since they pretty much only sell D-Link or Linksys in here. What I would like to know is, if there's any of you who bought the Linksys WMP54G v4 and it worked on OpenBSD box in hostap mode, can you please let me know how would you identify if it's a version 4? Is it really written on the box? Because the store pretty much don't know anything about it. Thanks in advance for your help, I just don't wanna get another wireless card that wont work in my box. -Reza When I bought mine the version was on the box. It's not obvious, but it's located on a small sticker along with serial number, etc. -- Darrin Chandler [EMAIL PROTECTED] http://www.stilyagin.com/
routing over IPSEC tunnel
Hello, I have an IPSEC tunnel on OpenBSD3.8 to a cisco3000 concentrator. I am able to successfully reach several subnets through the tunnel, however one of the sites I need to reach through the tunnel is in the range of 50.0.0.0/8. So I setup a flow to it in my /etc/isakmpd/ipsec.conf file, but when I try to access one of the addresses in that range traffic gets sent out over my public IP and default route to the internet instead of through the tunnel. I am assuming this is because 50.0.0.0/8 is not an internal IP range. I have no control over the remote site's IP scheme so I can't change that. Is there any way to route access to these IP's over my enc0 device? Thanks, -Matt-
Re: Accounting with "ac" in /etc/monthly
> On Thu, Nov 10, 2005 at 06:56:46AM +0100, Andreas Bihlmaier wrote: > > Hello misc@, > > > > a question that bugged me for quite a while: > > > > Why is the accounting in /etc/monthly? > > I reffer to these (commented out) lines: > > > > #echo "" > > #echo "Doing login accounting:" > > #ac -p | sort -nr +1 > > # > > #echo "." > > > > If I uncomment them (as suggested in "Absolute OpenBSD" to get some basic > > accounting (or just to find out HOW much time I spend in front of the > > screen). > > > > I get a report ever month, BUT now the problem: > > > > The way I read "man 8 ac" it states > > > > The default wtmp file will increase without bound unless it is truncated. > > It is normally truncated by the daily scripts run by cron(8), which re- > > name and rotate the wtmp files, keeping a week's worth of data on hand. > > No login or connect time accounting is performed if /var/log/wtmp does > > not exist. > > > > > > note that the man page was a little confusing here, since it sounds like > the /etc/daily script controls wtmp size. rather newsyslog does this. i > have just committed a fix to the page to clarify that. > > > Doesn't this mean that I only get accounting for the last week of the month? > > Shouldn't the lines above moved to /etc/weekly? > > Did I miss something, or is this the intended behavior (for what reason)? > > > > that's right. i just moved the ac(8) stuff from /etc/monthly to > /etc/weekly. of course you could also adjust newsyslog to rotate wtmp > less often. > Thank you, one more thing I don't have to change from the base install :) That is the reason I just love OpenBSD over Linux, the base installs are way less work to "adapt". Basically add packages, configure X, some more ~/.config_files and done. Instead of find working boot kernel, compile working kernel, recompile (perhaps working kernel) find userland software that is in sync with each other Regards, ahb
DNS attack?
I am starting to see TONS of these things in my pflog Nov 12 19:50:58.030904 rule 48/(match) block in on tun0: 63.219.179.130.13519 > 65.x.x.169.53: 47505+[|domain] Nov 12 19:51:08.037007 rule 48/(match) block in on tun0: 63.219.179.130.13519 > 65.x.x.169.53: 59022+[|domain] I have a block of static IPs - but nothing is running on the .169 IP and I dont understand this sorta thing. PF is doing its job just fine...I guess I am looking for what these mean and if anyone knows what this is. Usually all the IPs that are hitting me have no rDNS and are all over the world -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: DNS attack?
On Sat, 12 Nov 2005 20:15:18 -0600 "J.D. Bronson" <[EMAIL PROTECTED]> wrote: > I am starting to see TONS of these things in my pflog > > Nov 12 19:50:58.030904 rule 48/(match) block in on tun0: > 63.219.179.130.13519 > 65.x.x.169.53: 47505+[|domain] > > Nov 12 19:51:08.037007 rule 48/(match) block in on tun0: > 63.219.179.130.13519 > 65.x.x.169.53: 59022+[|domain] > > I have a block of static IPs - but nothing is running on the .169 IP > and I dont understand this sorta thing. PF is doing its job just > fine...I guess I am looking for what these mean and if anyone knows > what this is. Why don't you use the options that tcpdump provides to decode what the queries are? Have a look at the "-v" option in tcpdump(8) (you will probably need to increase -s too). -d
Re: routing over IPSEC tunnel
Never mind, I found the solution and it is working properly now. I am using an ifconfig alias on my dc0 interface as part of our internal subnet. I just added a route from the 50.x.x.x/xx subnet to that internal ip alias on my dc0 and now traffic is routed over the enc0 interface. Thanks anyways! -Matt- I have an IPSEC tunnel on OpenBSD3.8 to a cisco3000 concentrator. I am able to successfully reach several subnets through the tunnel, however one of the sites I need to reach through the tunnel is in the range of 50.0.0.0/8. So I setup a flow to it in my /etc/isakmpd/ipsec.conf file, but when I try to access one of the addresses in that range traffic gets sent out over my public IP and default route to the internet instead of through the tunnel. I am assuming this is because 50.0.0.0/8 is not an internal IP range. I have no control over the remote site's IP scheme so I can't change that. Is there any way to route access to these IP's over my enc0 device?
Re: ssh brute force attacks
On Sat, Nov 12, 2005 at 12:04:38PM +0100, the unit calling itself Fabien Germain wrote: > On 11/11/05, J Moore <[EMAIL PROTECTED]> wrote: > > > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep > > > > state > > > > (max-src-conn-rate 3/10, overload flush) > > > > > > which only works with OpenBSD >= 3.7 ( and my server is 3.5 :-( ) > > > > > Just out of curiosity, why haven't you upgraded? > > Because when I installed the server, I used the only OpenBSD CDs I had > (v3.5) whereas current version was 3.7... and I don't really know if > it is difficult or not to upgrade, and since the server is in > production, I'm frightened to break it :-( So I never did it ! Maybe > I first should try on a simple PC, before the server... I'm the same way - I do not look forward to spending an afternoon upgrading a box, and then manually hacking through the config files checking for changes. After 30 minutes of this mind-numbing minutae, I usually start making mistakes which leads to more time consumed. Getting a "practice box" is what I did in the beginning. Then after a while you find some use for the "practice box", and then hate to take it down :) It's what they call a "vicious cycle" I think :) Anyway - most upgrades are not so bad, but I've found if I get more than 2 releases behind a fresh install is usually the best medicine. Jay
Building a bootable CF w/ a RAM-disk kernel
The readme file in flashboot contains an overview of building the ram-disk kernel. What it doesn't explain is how to install the kernel on the CF, or prepare the CF for booting the kernel. There must be some documentation out there that describes these steps, but I'm having no luck finding it. Can someone provide a pointer to a good reference? Thanks, Jay
Re: selecting a wireless networking card
Thanks for the help. I guess I'll have to check the store myself. It'll be too risky buying online. If I still can't get it right, I might as well order from kd85. Thanks again :) > When I bought mine the version was on the box. It's not obvious, but > it's located on a small sticker along with serial number, etc. > > -- > Darrin Chandler > [EMAIL PROTECTED] > http://www.stilyagin.com/
Re: Building a bootable CF w/ a RAM-disk kernel
man -k boot there are two manpages that will be especially useful. read them, pay attention to the see also section... or read the installer scripts to see how they work. or read the makefiles for the floppy disk images. On 12/11/05, J Moore <[EMAIL PROTECTED]> wrote: > The readme file in flashboot contains an overview of building the > ram-disk kernel. What it doesn't explain is how to install the kernel on > the CF, or prepare the CF for booting the kernel. > > There must be some documentation out there that describes these steps, > but I'm having no luck finding it. Can someone provide a pointer to a > good reference? > > Thanks, > Jay > > -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Accounting with "ac" in /etc/monthly
On Sat, Nov 12, 2005 at 04:21:38PM +0001, Jason McIntyre wrote:
> On Thu, Nov 10, 2005 at 06:56:46AM +0100, Andreas Bihlmaier wrote:
> > Hello misc@,
> >
> > a question that bugged me for quite a while:
> >
> > Why is the accounting in /etc/monthly?
> > I reffer to these (commented out) lines:
> >
> > #echo ""
> > #echo "Doing login accounting:"
> > #ac -p | sort -nr +1
> > #
> > #echo "."
> >
> > If I uncomment them (as suggested in "Absolute OpenBSD" to get some basic
> > accounting (or just to find out HOW much time I spend in front of the
> > screen).
> >
> > I get a report ever month, BUT now the problem:
> >
> > The way I read "man 8 ac" it states
> >
> > The default wtmp file will increase without bound unless it is truncated.
> > It is normally truncated by the daily scripts run by cron(8), which re-
> > name and rotate the wtmp files, keeping a week's worth of data on hand.
> > No login or connect time accounting is performed if /var/log/wtmp does
> > not exist.
> >
> >
>
> note that the man page was a little confusing here, since it sounds like
> the /etc/daily script controls wtmp size. rather newsyslog does this. i
> have just committed a fix to the page to clarify that.
>
> > Doesn't this mean that I only get accounting for the last week of the month?
> > Shouldn't the lines above moved to /etc/weekly?
> > Did I miss something, or is this the intended behavior (for what reason)?
> >
>
> that's right. i just moved the ac(8) stuff from /etc/monthly to
> /etc/weekly. of course you could also adjust newsyslog to rotate wtmp
> less often.
>
> jmc
wtmp is rotated every 7 days by newsyslog. It's the same frequency
has /etc/weekly but they are totally unrelated events.
If someone wants to use "ac" in /etc/{weekly,monthly}, he _has_ to
change the wtmp entry in newsyslog.conf.
The not proper method but the easyest is to make the log rotate an
hour after the scripts are run. That way you know you have almost
the right amount of data for "ac" at the time the script is running.
For weekly something like: $W6D4
For monthly: $M1D6
(I did not test. If "ac" is to be run before updatedb in weekly,
it is easier to guess when it will be run than after updatedb.)
The proper method would be to run "ac" at the same time wtmp is
rotated. (Either weekly/monthly rotates the file or newsyslog runs
a command to mail an "ac" report.)
--
Hugo Villeneuve <[EMAIL PROTECTED]>
http://EINTR.net/
Re: Hardware RAID
On 11/10/05, Jason Dixon <[EMAIL PROTECTED]> wrote: > > There are a number of examples and projects online. The Soekris > lists are a fountain of good information. Personally, I like the > flashdist project. > > http://www.nmedia.net/~chris/soekris/ > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net Flashdist is quick and easy. One important thing to remember, however, is stated right on their homepage: "It is designed to install a minimal version of OpenBSD with features for networking". The last time I used flashdist, the bits that were stripped out included utilities for user management, cron, and some other stuff I would have very much liked to have available, but which I hadn't read the instructions thoroughly enough to have configured into the system originally. It's kinda a pain to install some of those pieces after the initial installation is done and the router is up and running, so make sure to configure what you want to have in yout system as you're running the flashdist scripts. -Josh
Re: Building a bootable CF w/ a RAM-disk kernel
On Sat, Nov 12, 2005 at 10:17:20PM -0700, the unit calling itself Chris Kuethe wrote: > man -k boot > > there are two manpages that will be especially useful. read them, pay > attention to the see also section... which two?... biosboot & installboot for my architecture? > or read the installer scripts to see how they work. > or read the makefiles for the floppy disk images. Where would I find these? > On 12/11/05, J Moore <[EMAIL PROTECTED]> wrote: > > The readme file in flashboot contains an overview of building the > > ram-disk kernel. What it doesn't explain is how to install the kernel on > > the CF, or prepare the CF for booting the kernel. > > > > There must be some documentation out there that describes these steps, > > but I'm having no luck finding it. Can someone provide a pointer to a > > good reference? > > > > Thanks, > > Jay > > > > > > > -- > GDB has a 'break' feature; why doesn't it have 'fix' too?
