Re: OpenBSD 4.2 released Nov 1, 2007
I think I sent out my thanks beforebut what the hell, thanks again for another kick ass release. -- ~Allie D.
Re: inetd needed for basic NAT/Firewall operation?
I have run an OBSD firewall for years and run nothing on it...the only listening port is 22 on one of the internal interfaces. You don't need identd or any of that crap on a firewall...it's forwarding or blocking packets only. -- ~Allie D. On Wed, December 5, 2007 10:58, Andreas Maus wrote: > On Wed, Dec 05, 2007 at 11:49:07AM -0500, Chris Smith wrote: >> Hello, >> >> When using OpenBSD only as a NAT router / Firewall with all of the >> services in inetd.conf commented out is there any need to enable inetd? > Hi Chris. > > The only service that should (or could,depends on your point of view) > be allowed from the internet is IMHO the identd service. > > Blocking this service may cause some delay because some mailers and > irc servers are checking for this service. > > OTOH it may be considered as a security risc to give strangers valid > usernames. (If you need inetd requests from the outside and dont want > to give them valid usernames you can install a other identd, e.g. > oidentd or just a fakeidentd to return an arbitrary username) > >> I believe it's no longer necessary for ftp-proxy and want to make sure >> I'm not missing anything. > I don't run ftp-proxy so I don't know about this, sorry. > > HTH, > > Andreas > > -- > Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of > an 8-bit operating system written for a 4-bit processor by a 2-bit > company who cannot stand 1 bit of competition.
Re: Real men don't attack straw men
Can someone just kill this thread PLEASEonly a few posts were actually good, the rest is filling my inbox Jason Dixon wrote: On Dec 15, 2007, at 6:00 PM, Gilles Chehade wrote: On Sat, Dec 15, 2007 at 04:36:51PM -0500, Richard Stallman wrote: I know of at least four companies I've worked with/for that *rely* on gcc and that would switch to Linux/BSD if gcc was not available on Windows. I am surprised by this statement, because in general I don't expect that very many users would switch to a different operating system just to use GCC. Nonetheless, I would be interested in talking with them to see what they say about this. What you expect (conveniently) is far from what happens to be reality. In the real world, people need their work done and will take the necessary steps to do so. If work involves cross compilation, as an example, and you provide them with a free compiler (as in gratis) that does that job ok, it will be used. If Linux is a prerequisite to this and that you provide them for free (as in gratis), they will install it. When you write code to make gcc work on windows and endorse it, you tell them that there is no need to switch to Linux to get the work done. You are doing precisely what you blame on BSD, except that we provide just a set of Makefiles, and that you actually wrote code to make sure projects will run on a proprietary system and will be used by a broader public. And no, you will not get to talk to the people I worked with. It is not of any interest for me to send them the average troll when they do not care a tiny bit about discussing FSF/GPL and/or BSD philosophy. Live with it, you do encourage people to use proprietary systems by providing them the tools to get their work done without having to ever touch a free system. Richard Stallman is like the wife of a drunk. He is an enabler. Until he comes to this realization and cuts the ties, no progress will be made. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: pf visible bridge/router
It's the same as an invisible bridge except you have IP's on the if's, that's the only diff. Beavis wrote: > Hi all!, > > I've been searching lists with regards to building a Visible > Bridge/Router with PF on OpenBSD. > But most of the material I see are for invisible bridge configs. I > wanted to just to a straight Routing/Bridging on my FW's > (without the use of NAT) > > Any comments or experiences shared will be awesomely appreciated. > > > thanks, > -B
When spammers get whitelisted...
I have had to wipe my spamdb twice in the last month because spammers get past my blacklists (I run the ones that come in spamd.conf) and my greylisting and just hammer a few of my customers. The spam comes from multiple IP's so it's a bitch to block by hand...anyone have any tips on blocking these bastards ???
Re: Real men don't attack straw men
Mayuresh Kathe wrote: > Mr. Stallman, I respect you for what you've managed to achieve as an > individual. > > But, frankly, this thread has really gotten way out of control. > > A few days back everything had kind-a settled down and we got the > impression that the thread had fortunately died, but that's not been > the case, you are struggling hard to lay out your viewpoints which > seem a tad bit twisted from where we look at it. > > Nobody out here is going to listen to what you're going to say, and > you are going to go on and on about how you were justified in labeling > OpenBSD as not compliant with your interpretation of the word "free", > which we don't give a farthing for. > > No offense, but, please, please go away, we really don't want you > here, and on your way out, please take your minions along with you. > > ~Mayuresh +1just go away Richard, you're REALLY annoying. > > On Jan 3, 2008 3:20 PM, Richard Stallman <[EMAIL PROTECTED]> wrote: >> In fact many of the people did expect this when you favorite >> organization lost the battle publically on Reyk's code that your >> friends stole and tried to impose your license on it, and when they >> even tried vainly to go legal by the advice of a un-educated american >> lawyer but finally foun that they have just embarrassed themselves in >> public. >> >> I don't know who or what that refers to. I do know that my favorite >> organization is the Free Softwar Foundation, and I know it has not >> been involved in anything that fits that description. >> >> I suspect this is related to the harsh message Theo sent me a few >> months ago, which rebuked what "you" (was that me? the FSF?) had done. >> He mentioned the name "Reyk" (which I don't recognize) and said it had >> something to do with a license. But he did not go into details. >> The FSF was not involved in the matter. >> >> I could have investigated what he was talking about and determined >> what conduct he had criticized. Then, supposing I wanted to give them >> some advice, I could have asked someone to find the developers' >> addresses, and written to them. Then they might or might not have >> listened to me. >> >> I could have done all that, but I saw no reason to go so far out of my >> way for someone who was treating me rather badly. So I simply told >> him that the FSF was not involved in the matter. >> >> I know that one part of your description events is wrong--the part >> that says, that my "favorite organization" has "lost the battle >> [publicly]". My favorite organization, the FSF, was not involved. If >> any of "my friends" were involved, they did not inform me. >> >> Those errors make me skeptical of the rest of your claims. Did >> someone lose a battle? Did anyone really "steal" anything? I don't >> know, but I won't take your word for it. Did they "try to go legal"? >> If so, was it "vainly"? If they got legal advice, was their lawyer >> "un-educated"? Was the outcome embarrassing for someone? I don't >> know. >> >> Whoever would like to know the answers to these questions would do >> well to check on his own.
ssh complaining about bad file descriptor on 4.3beta.
I'm getting bad file descriptor errors on every ssh connection on a box that I built from source on 4.3 beta last night. Anyone else seeing this as well ? Feb 21 09:54:43 crusty sshd[21741]: error: getsockname failed: Bad file descriptor Wanted to see if anyone else is seeing it as well before I send a bug report.
Re: spamd unnecessarily abrasive?
All I have to say about this thread ishey Theo nice to see you back, I needed some comic relief today. Oh and my feelings about being abrasive towards spammers is fuck 'em, I hate spammers. I wish spamd could shit on their servers but that's not a settable option. Maybe spamd -P would poop on the connecting MTA ;) Bob...can it be done ? -- ~Allie D. On Tue, February 20, 2007 12:23, Theo de Raadt wrote: >> I haven't looked at the implementation in OpenBSD extensively, but at > > Well, perhaps you should, instead of commenting before you do. > >> a basic level there are two portions, the greylist function, and the >> "waste their time" function, yes? I'm talking about bypassing the >> first, not the second. > > Neither cost us. Neither is bypassable. > >> Even in the second case, if the spammer notices they're connecting to >> something that will waste their (bot's) time, they can simply >> disconnect and use the bot's resources to do something else. > > No spam was delivered. Again, what is the problem? > >> Not the >> the spammers really care about wasting resources *that* much since >> they don't have to pay for them (or very little for a bot herd >> compared to "bulletproof hosting"), but it could make them a little >> more efficient. > > No spammers care about wasted resources? I didn't know you were a > spammer, and knew what they cared about. I guess their lack of > wasted resources must be why they retry, like SMP demands. Except > they don't. Perhaps it is not so simple? > >> The history of fighting spam has tended to show that if any form of >> combating spam becomes too effective (and wide-spread), spammers will >> invest effort figuring out how to defeat it. > > You're right. We should not try. > > This whole conversation is totally stupid. You don't use spamd, > yet you want to discuss it. I think you just want to see your words > on mailing lists.
Re: OpenBSD 4.1 Pre-Orders...
Oh hell yea I did.right when it came out on undeadly I ordered -- ~Allie D. On Mon, March 12, 2007 15:01, Darrin Chandler wrote: > Have you got yours yet?! > > http://undeadly.org/cgi?action=article&sid=20070312181549 > > -- > Darrin Chandler | Phoenix BSD Users Group > [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ > http://www.stilyagin.com/darrin/ |
[Fwd: Shipped Order:2007/3/12-13:27:10-21493:]
YES ! It's on it's way !! -- ~Allie D. Original Message Subject: Shipped Order:2007/3/12-13:27:10-21493: From:"OpenBSD Shipping" <[EMAIL PROTECTED]> Date:Thu, April 19, 2007 15:30 To: [EMAIL PROTECTED] -- USPS tracking number 030508313176xx assigned to a shipment as follows: BSD41.0020 Computer Shop/OpenBSD Box 28 Sweet Grass, MT 59484 USA 98072 Software on CDROM Canada50 T-shirts Canada25 US $ TOTAL --> 75 This is the tracking number advice script, letting you know that a package has been or is just about to be mailed to you with a green USPS barcoded tracking label and that progress of the package may be watched by viewing the USPS website: http://www.usps.com/shipping/trackandconfirm.htm and entering in your tracking number. (They may be a delay of a day or two before it first shows up). Packages shipped by this method are not insured by USPS, however we guarantee safe delivery. Typical transit times are 4 to 10 days. Guarantee claims may be initiated after 30 days, should loss in the mail be suspected. However, if one of the rare, but overly long, postal delays interferes with an urgent project of yours, or events arise that increase the urgency of your requirements, do not hesitate to contact us. We have solutions for most any circumstance. This message concerns only one package, and there may, or may not, be other packages sent out for your order. OpenBSD Shipping
Re: OpenBSD 4.1 Released
Thanks to all the developers for your continued hard work and dedication. -- ~Allie D. On Tue, May 1, 2007 07:54, Bob Beck wrote: > > May 1, 2007. > > We are pleased to announce the official release of OpenBSD 4.1. snip...
Re: log rotation
Cronolog...no restart needed. -- ~Allie D. On Tue, May 15, 2007 12:11, John Mendenhall wrote: >> If you don't mind a second or two of down time then you can use >> something like this in newsyslog.conf as a restart command: >> >> "apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start" >> >> The first sleep gives apache a second to finish active requests before >> trying to start again. The second sleep and start is to catch the case >> where the first start fails because apache is still running. > > I have a script which does the following: > > + rotates logs > + calls apachectl stop (twice, with sleep 2 after each call) > + calls apachectl stop and greps the output to make sure it is stopped > (looks for 'not running') > + if I don't find not running, pages me > + run apachectl startssl > > This is all in a wrapper script which then calls awstats > after a successful rotate and restart. > > Works for us. > > JohnM > > -- > john mendenhall > [EMAIL PROTECTED] > surf utopia > internet services
Re: log rotation
I run it on a chrooted server...works fine. ErrorLog "|/usr/local/sbin/cronolog /var/www/logs/%Y/%m/%d/error.log" CustomLog "|/usr/local/sbin/cronolog /var/www/logs/%Y/%m/%d/access.log" combined I don't think there's any more configuration than that. -- ~Allie D. On Tue, May 15, 2007 13:41, Robert Zajda wrote: > But it dont' want to work in chroot. > > On 5/15/07, Allie D. <[EMAIL PROTECTED]> wrote: >> Cronolog...no restart needed. >> -- >> ~Allie D. >> >> >> On Tue, May 15, 2007 12:11, John Mendenhall wrote: >> >> If you don't mind a second or two of down time then you can use >> >> something like this in newsyslog.conf as a restart command: >> >> >> >> "apachectl stop;sleep 1;apachctl start;sleep 10;apachectl start" >> >> >> >> The first sleep gives apache a second to finish active requests >> before >> >> trying to start again. The second sleep and start is to catch the >> case >> >> where the first start fails because apache is still running. >> > >> > I have a script which does the following: >> > >> > + rotates logs >> > + calls apachectl stop (twice, with sleep 2 after each call) >> > + calls apachectl stop and greps the output to make sure it is stopped >> > (looks for 'not running') >> > + if I don't find not running, pages me >> > + run apachectl startssl >> > >> > This is all in a wrapper script which then calls awstats >> > after a successful rotate and restart. >> > >> > Works for us. >> > >> > JohnM >> > >> > -- >> > john mendenhall >> > [EMAIL PROTECTED] >> > surf utopia >> > internet services
Re: SSH brute force attacks no longer being caught by PF rule
3 times in 30 seconds as a src connection rate is pretty conservative and you don't have a connection rate trap. I run max-src-conn 5, max-src-conn-rate 5/5 and nail every one. Of course you'll see the first few attempts, but once they tickle that max-src-conn rule they get shutdown. -- ~Allie D. On Wed, August 8, 2007 10:26, David Newman wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 6/27/07 10:39 PM, Daniel Ouellet wrote: >> Steve B wrote: >>> The rule I've had in my pf.conf file to catch and block forceful SSH >>> attempts no longer appears to be working. I see the entries in my >>> authlog, >>> but the IPs are no longer getting added to my table. I suspect I >>> screwed >>> something up, but so far I am at a loss to see where. Could someone >>> pass >>> another set of eyes over the relevant parts of my pf.conf? >> >> Put quickly as an example, but you can try: >> >> # Define some variable for clarity >> SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" >> >> ## SSH Hackers - blocked IPs >> table persist file "/etc/tables/scanners" >> >> # Block ssh access to bad ssh scanner >> block drop in log quick on $ext_if inet proto tcp \ >>from to any port ssh >> >> # Allow quick valid traffic to ssh but log all attempts as well >> pass in log quick on $ext_if inet proto tcp from ! \ >>to $ext_if port ssh flags S/SA keep state \ >>$SSH_LIMIT >> > > I've added something like this to pf.conf but it's only partially > successful. I would appreciate any clues as to why it's not blocking all > brute-force attempts. > > On an OBSD 4.1 box, here's what I added to pf.conf ($unpro is the > Internet-facing interface): > > # > > # Define limit of ssh connection rates > SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" > # SSH scanners - blocked IPs > table persist > > block drop in log quick on $unpro inet proto tcp \ > from to any port ssh > > > # Allow quick valid traffic to ssh but log all attempts as well > pass in log quick on $unpro inet proto tcp from ! \ >to $unpro port ssh $SSH_LIMIT > > # > > And it appears to be working, at least in part: > > [EMAIL PROTECTED] ~ 501$ sudo pfctl -t scanners -T show >61.146.178.13 >61.189.145.103 >67.76.237.190 >161.200.144.108 >193.254.31.194 > > # > > But some hosts on the protected side of the firewall still report > brute-force ssh login attempts exceeding the 3/30 rate: > > Aug 7 10:16:00 mail sshd[21608]: Invalid user trash from 201.18.81.8 > Aug 7 10:16:08 mail sshd[21610]: Invalid user aaron from 201.18.81.8 > Aug 7 10:16:11 mail sshd[21612]: Invalid user gt05 from 201.18.81.8 > Aug 7 10:16:18 mail sshd[21614]: Invalid user william from 201.18.81.8 > Aug 7 10:16:22 mail sshd[21616]: Invalid user stephanie from 201.18.81.8 > Aug 7 10:16:59 mail sshd[21628]: Invalid user gary from 201.18.81.8 > Aug 7 10:17:07 mail sshd[21632]: Invalid user guest from 201.18.81.8 > Aug 7 10:17:11 mail sshd[21634]: Invalid user test from 201.18.81.8 > Aug 7 10:17:17 mail sshd[21636]: Invalid user oracle from 201.18.81.8 > Aug 7 10:19:24 mail sshd[21717]: Invalid user apache from 201.18.81.8 > Aug 7 10:19:43 mail sshd[21723]: Invalid user lab from 201.18.81.8 > Aug 7 10:19:55 mail sshd[21729]: Invalid user oracle from 201.18.81.8 > Aug 7 10:20:00 mail sshd[21736]: Invalid user svn from 201.18.81.8 > Aug 7 10:20:06 mail sshd[21745]: Invalid user iraf from 201.18.81.8 > Aug 7 10:20:13 mail sshd[21747]: Invalid user swsoft from 201.18.81.8 > Aug 7 10:20:18 mail sshd[21749]: Invalid user production from 201.18.81.8 > Aug 7 10:20:23 mail sshd[21751]: Invalid user guest from 201.18.81.8 > Aug 7 10:20:28 mail sshd[21753]: Invalid user gast from 201.18.81.8 > Aug 7 10:20:34 mail sshd[21755]: Invalid user gast from 201.18.81.8 > Aug 7 10:20:40 mail sshd[21762]: Invalid user oliver from 201.18.81.8 > Aug 7 10:20:45 mail sshd[21767]: Invalid user sirsi from 201.18.81.8 > Aug 7 10:20:50 mail sshd[21769]: Invalid user nagios from 201.18.81.8 > Aug 7 10:20:55 mail sshd[21771]: Invalid user nagios from 201.18.81.8 > Aug 7 10:20:59 mail sshd[21773]: Invalid user nagios from 201.18.81.8 > > Thanks in advance for suggestions as to how to reduce these kind of > login attempts. > > dn > iD8DBQFGufyzyPxGVjntI4IRAty2AJ9WDCqLqkWyhx/KuciGINow6Upb5wCfUuP+ > GfZ8lnaun1QPItnFK5c4MNU= > =tjbD > -END PGP SIGNATURE-
Re: SSH brute force attacks no longer being caught by PF rule
I just had to reply with this info because I already had an attempted brute force in the last hour. All you need to do is make your rule tighter and add a connection rate ratio to start collecting IP's. ( I use logsentry/logcheck) Security Violations =-=-=-=-=-=-=-=-=-= Aug 8 11:48:16 traci sshd[1099]: Failed password for invalid user root from 72.11.128.61 port 42049 ssh2 Aug 8 11:48:17 traci sshd[25952]: Failed password for invalid user root from 72.11.128.61 port 42104 ssh2 Aug 8 11:48:18 traci sshd[2543]: Failed password for invalid user root from 72.11.128.61 port 42149 ssh2 Aug 8 11:48:19 traci sshd[14785]: Failed password for invalid user root from 72.11.128.61 port 42193 ssh2 Aug 8 11:48:20 traci sshd[75]: Failed password for invalid user root from 72.11.128.61 port 42242 ssh2 Unusual System Events =-=-=-=-=-=-=-=-=-=-= Aug 8 11:48:16 traci sshd[1099]: User root from 72.11.128.61 not allowed because not listed in AllowUsers Aug 8 11:48:16 traci sshd[28065]: input_userauth_request: invalid user root Aug 8 11:48:16 traci sshd[1099]: Failed password for invalid user root from 72.11.128.61 port 42049 ssh2 Aug 8 11:48:16 traci sshd[28065]: Received disconnect from 72.11.128.61: 11: Bye Bye Aug 8 11:48:17 traci sshd[25952]: User root from 72.11.128.61 not allowed because not listed in AllowUsers Aug 8 11:48:17 traci sshd[4408]: input_userauth_request: invalid user root Aug 8 11:48:17 traci sshd[25952]: Failed password for invalid user root from 72.11.128.61 port 42104 ssh2 Aug 8 11:48:17 traci sshd[4408]: Received disconnect from 72.11.128.61: 11: Bye Bye Aug 8 11:48:18 traci sshd[2543]: User root from 72.11.128.61 not allowed because not listed in AllowUsers Aug 8 11:48:18 traci sshd[23885]: input_userauth_request: invalid user root Aug 8 11:48:18 traci sshd[2543]: Failed password for invalid user root from 72.11.128.61 port 42149 ssh2 Aug 8 11:48:18 traci sshd[23885]: Received disconnect from 72.11.128.61: 11: Bye Bye Aug 8 11:48:19 traci sshd[14785]: User root from 72.11.128.61 not allowed because not listed in AllowUsers Aug 8 11:48:19 traci sshd[22134]: input_userauth_request: invalid user root Aug 8 11:48:19 traci sshd[14785]: Failed password for invalid user root from 72.11.128.61 port 42193 ssh2 Aug 8 11:48:19 traci sshd[22134]: Received disconnect from 72.11.128.61: 11: Bye Bye Aug 8 11:48:20 traci sshd[75]: User root from 72.11.128.61 not allowed because not listed in AllowUsers Aug 8 11:48:20 traci sshd[12103]: input_userauth_request: invalid user root Aug 8 11:48:20 traci sshd[75]: Failed password for invalid user root from 72.11.128.61 port 42242 ssh2 Aug 8 11:48:20 traci sshd[12103]: Received disconnect from 72.11.128.61: 11: Bye Bye pfctl -t DoS_hosts -T show -v 72.11.128.61 Cleared: Wed Aug 8 11:48:20 2007 In/Block:[ Packets: 6 Bytes: 240 ] In/Pass: [ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass:[ Packets: 0 Bytes: 0 ] -- ~Allie D. On Wed, August 8, 2007 10:26, David Newman wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 6/27/07 10:39 PM, Daniel Ouellet wrote: >> Steve B wrote: >>> The rule I've had in my pf.conf file to catch and block forceful SSH >>> attempts no longer appears to be working. I see the entries in my >>> authlog, >>> but the IPs are no longer getting added to my table. I suspect I >>> screwed >>> something up, but so far I am at a loss to see where. Could someone >>> pass >>> another set of eyes over the relevant parts of my pf.conf? >> >> Put quickly as an example, but you can try: >> >> # Define some variable for clarity >> SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" >> >> ## SSH Hackers - blocked IPs >> table persist file "/etc/tables/scanners" >> >> # Block ssh access to bad ssh scanner >> block drop in log quick on $ext_if inet proto tcp \ >>from to any port ssh >> >> # Allow quick valid traffic to ssh but log all attempts as well >> pass in log quick on $ext_if inet proto tcp from ! \ >>to $ext_if port ssh flags S/SA keep state \ >>$SSH_LIMIT >> > > I've added something like this to pf.conf but it's only partially > successful. I would appreciate any clues as to why it's not blocking all > brute-force attempts. > > On an OBSD 4.1 box, here's what I added to pf.conf ($unpro is the > Internet-facing interface): > > # > > # Define limit of ssh connection rates > SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" > # SSH scanners - blocked IPs > table persist > > block drop in
Qemu + auich = sound ?
Can anyone give me a hint how to get sound working in Qemu ? I'm running an X31 and am starting -soundhw all but I don't think it covers my sound hardware. The precompiled 4.1 package has: pcspk PC speaker sb16Creative Sound Blaster 16 es1370 ENSONIQ AudioPCI ES1370 But my sound device is an auich. Anyone get sound working for an auich device ?
Re: Qemu + auich = sound ?
On Wed, September 12, 2007 10:18, Chris Kuethe wrote: > I'm gonna take a wild guess and say > a) those are the emulated soundcards qemu can present to the guest OS, and > b) qemu should just be able to do OSS audio to the host OS. It's not working out of the box. I'm gonna try and build from ports and see if I can get it to work. > > never tried audio though... *shrug* > > On 9/12/07, Allie D. <[EMAIL PROTECTED]> wrote: >> Can anyone give me a hint how to get sound working in Qemu ? I'm running >> an X31 and am starting -soundhw all but I don't think it covers my sound >> hardware. The precompiled 4.1 package has: >> >> pcspk PC speaker >> sb16Creative Sound Blaster 16 >> es1370 ENSONIQ AudioPCI ES1370 >> >> But my sound device is an auich. Anyone get sound working for an auich >> device ? >> >> > > > -- > GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: qemu speed
I'm bitter because I can't run java on it. I have to use ubuntu with VirtualBox to run some critical work apps that use java :( -- ~Allie D. On Thu, October 4, 2007 15:41, Jacob Yocom-Piatt wrote: > Gerald Thornberry wrote: >> I've never used QEMU so I may be talking out my hat. Looking at the >> docs for it yesterday I remember seeing something about the QEMU >> accelerator. Is that an option here? >> >> "When used as a virtualizer, QEMU achieves near native performances by >> executing the guest code directly on the host CPU. A host driver >> called the QEMU accelerator (also known as KQEMU) is needed in this >> case. The virtualizer mode requires that both the host and guest >> machine use x86 compatible processors." >> >> > > i've found qemu-0.8.2p4 on 4.1-release (i386) to be horribly slow and > some apps don't install correctly when emulating windows xp. it's ok for > viewing ms office documents but doing anything processor or disk > intensive takes an order of magnitude longer than usual. > > would be nice to know if the KQEMU driver is the bottleneck. > > cheers, > jake > >> http://fabrice.bellard.free.fr/qemu/about.html >> >> >> On 10/4/07, Frank Bax <[EMAIL PROTECTED]> wrote: >> >>> Indeed, this is a FoxPro program. I had tried changing the path; and >>> tested it by starting program without using full path to EXE - although >>> the program does startup this way; it still fails at the same point. >>> >>> I also tried QEMU; but was still researching options before bringing >>> speed question here. I've read that it can be a bit slow; but I'm >>> wondering HOW slow? I use the FoxPro program to convert a database >>> from >>> one format to another. Native Win98 on P3-600 the process takes 1:20 >>> (min:sec). On a 2GHz Core2Duo, QEMU takes 6:00 minutes. Is this >>> expected speed? On QEMU/BSD forum, it was suggested I compile from >>> source, so I used ports instead of package, but there was no change to >>> speed of this process. Files are currently inside a virtual disk. Is >>> that fastest for disk i/o? Am I likely to speed it up if I have files >>> on host and access them via samba? Is there another way to access host >>> files from Win98 guest? >>> >>> Frank >>> >>> >>> >>> Richard Toohey wrote: >>> >>>> I do not know much about wine, but the issue interested me ... I've >>>> built from ports and >>>> I am having a look. >>>> >>>> From the manual page, re. the wine configuration file, it has this: >>>> >>>>format: path = >>>>default: C:\WINDOWS;C:\WINDOWS\SYSTEM >>>>Used to specify the path which will be used to find exe- >>>>cutables and .DLL's. >>>> >>>> Can you add C:\ and/or C:\\LIBS to that list and see if it >>>> helps? >>>> >>>> A FLL looks like a FoxPro dynamic link library, so it should count as >>>> a >>>> DLL. >>>> >>>> Back to RTFMing ... >>>> >>>> On 3/10/2007, at 8:27 AM, Joachim Schipper wrote: >>>> >>>> >>>>> On Mon, Oct 01, 2007 at 05:56:46PM -0400, Frank Bax wrote: >>>>> >>>>>> I installed wine-990225p0 from packages on 4.1 and can run simple >>>>>> programs >>>>>> like sol and notepad. I have an old program I'm trying to run; but >>>>>> this >>>>>> program cannot find it's own files unless the current working >>>>>> directory is >>>>>> set to the directory where software was installed. It seems more >>>>>> recent >>>>>> wine versions support 'bat' files which would solve this; but this >>>>>> doesn't >>>>>> seem to work in this version. >>>>>> >>>>>> When I try: >>>>>> wine c://program.exe >>>>>> the software complains that it cannot open LIBS\FOXTOOLS.FLL >>>>>> >>>>>> This file is found at C:\\LIBS\FOXTOOLS.FLL >>>>>> >>>>>> Is there a way to run something like this on wine 990225?: >>>>>> cd >>>>>> program.exe >>>>>> >>>>>> If this is not workable on 990225; do current wine versions work on >>>>>> OpenBSD? >>>>>> >>>>> I'm not sure if there is a way to 'cd' on OpenBSD's version of Wine. >>>>> As >>>>> to porting: more recent Wines do weird things with threads, if I >>>>> understand the issue correctly. In short, don't expect an update >>>>> soon. >>>>> >>>>> Qemu works fine, if you don't need to run a particularly demanding >>>>> program. >>>>> >>>>> Joachim >>>>> >>>>> -- >>>>> TFMotD: inet6 (4) - Internet protocol version 6 family >>>>> >> >> > > > --
Re: OpenBSD 4.0 released Nov 1, 2006
Thanks for an early xmas/Hanukkah present ! -- ~Allie D. On Tue, October 31, 2006 16:15, Theo de Raadt wrote: > Nov 1, 2006. > > We are pleased to announce the official release of OpenBSD 4.0. > This is our 20th release on CD-ROM (and 21st via FTP). We remain > proud of OpenBSD's record of ten years with only a single remote > hole in the default install. As in our previous releases, 4.0 > provides significant improvements, including new features, in nearly > all areas of the system:
Re: Problem when apply 001_httpd.patch
On Thu, November 9, 2006 12:49, Maverick wrote: > Oop > The rest of the post is gone :-( > > The thing that i got back after patch -p0 < 001_httpd.patch is this > > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -- > |Apply by doing: > | cd /usr/src > | patch -p0 < 001_httpd.patch > | > |And then rebuild and install httpd and its modules: > | cd usr.sbin/httpd > | make -f Makefile.bsd-wrapper obj > | make -f Makefile.bsd-wrapper cleandir > | make -f Makefile.bsd-wrapper depend > | make -f Makefile.bsd-wrapper > | make -f Makefile.bsd-wrapper install > | > | > |If httpd had been started, you might want to run > | apachectl stop > |before running "make install", and > | apachectl start > |afterwards. > | > |Index: usr.sbin/httpd/src/main//http_protocol.c > |=== > |RCS file: /cvs/src/usr.sbin/httpd/src/main/http_protocol.c,v > |retrieving revision 1.30 > |retrieving revision 1.30.4.1 > |diff -u -p -r1.30 -r1.30.4.1 > |--- usr.sbin/httpd/src/main//http_protocol.c 11 Feb 2006 19:15:57 - > 1.30 > |+++ usr.sbin/httpd/src/main//http_protocol.c 1 Nov 2006 21:18:38 - > 1.30.4.1 > -- > File to patch: > > I try the 003 patch but it happend to be the same sort of thing. Why do > they > ask me for the file to patch :( > Can you please tell me what i have done wrong here? > > :-( > > Thanks you very much Try and cd /usr/src before trying to patch ;) The patches assume you're patching from that directory. Enjoy... > > > > > > > > Joel Goguen wrote: >> >> I don't see an issue there. It looks like it applied properly. >> Follow the directions it printed out and see that it compiles and >> installs properly :) >> >> On 11/9/06, Maverick <[EMAIL PROTECTED]> wrote: >>> Hi i am trying to apply the 001 patch >>> What i have done is >>> >>> cd /usr/src >>> patch -p0 < 001_httpd.patch >>> >>> and i come back to me as: >>> >>> Hmm... Looks like a unified diff to me... >>> The text leading up to this was: >>> -- >>> |Apply by doing: >>> | cd /usr/src >>> | patch -p0 < 001_httpd.patch >>> | >>> |And then rebuild and install httpd and its modules: >>> | cd usr.sbin/httpd >>> | make -f Makefile.bsd-wrapper obj >>> | make -f Makefile.bsd-wrapper cleandir >>> | make -f Makefile.bsd-wrapper depend >>> | make -f Makefile.bsd-wrapper >>> | make -f Makefile.bsd-wrapper install >>> | >>> -- >>> View this message in context: >>> http://www.nabble.com/Problem-when-apply-001_httpd.patch-tf2603928.html#a7265560 >>> Sent from the openbsd user - misc mailing list archive at Nabble.com. >>> >>> >> >> >> -- >> Joel Goguen >> Bachelor of Computer Science III >> University of New Brunswick >> http://iapetus.dyndns.org/ >> >> >> > > -- > View this message in context: > http://www.nabble.com/Problem-when-apply-001_httpd.patch-tf2603928.html#a7265975 > Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD 4.0 sparc64
I'm running a Blade 150 that I recently upgraded and have no complaints. You need to make a bootable install disk or boot into bsd.rd to get the install going. -- ~Allie D. On Thu, November 9, 2006 23:42, Ikmal Ahmad wrote: > Hi all, > > Based on http://www.openbsd.org.my/sparc64.html, seem that OpenBSD can > install on Sun Blade 100/150 machine. I have this problem when do > disk installation on Blade 100. Below is the error. > > ok boot disk /bsd > Boot device: /[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED],0 File > and args: /bsd > ERROR: Last Trap: Fast Data Access MMU Miss > > Error -256 > ERROR: Last Trap: Fast Data Access MMU Miss > > Error -256 > ok > > I have upgrade OBP to the latest version. Here the OBP info: > > Sun Blade 100 (UltraSPARC-IIe), Keyboard Present > Copyright 2005 Sun Microsystems, Inc. All rights reserved. > OpenBoot 4.17.1, 256 MB memory installed, > > Any idea how to solve this problem. > > -- > Thanks & Regards, > Ikmal aka EvoIVGSR > > http://www.leakage.org/ > http://root.justdied.com/mylife/ > http://www.openbsd.org.my/ > http://mirrors.mybsd.org.my/
Re: Problems applying 002_openssl.patch for OpenBSD 4.0
rm -rf /usr/obj/* and then try again. P.S. I have an error code 71 on one of my boxes on the make install...think my disk is now full of cruft from countless upgrades, it's time to wipe it and start over. -- ~Allie D. On Sun, November 12, 2006 09:28, Andreas Maus wrote: > Hi. > > After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs > src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0 > from openbsd.org/errata.html > > I had no problem applying the patches except for 002_openssl which > stops while "make" with: > > # make > [... snipp ...] > ===> crypto > cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H > -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM > -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2 > -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER > -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC > -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA > -I/usr/src/lib/libssl/crypto/../src > -I/usr/src/lib/libssl/crypto/../src/crypto > -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM > -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM -c > /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o > cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H > -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM > -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2 > -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER > -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC > -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA > -I/usr/src/lib/libssl/crypto/../src > -I/usr/src/lib/libssl/crypto/../src/crypto > -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM > -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM -c > /usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o > cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H > -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM > -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2 > -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER > -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC > -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA > -I/usr/src/lib/libssl/crypto/../src > -I/usr/src/lib/libssl/crypto/../src/crypto > -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM > -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM -c > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function > `RSA_X931_hash_id': > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256' > undeclared (first use in this function) > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each > undeclared identifier is reported only once > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each > function it appears in.) > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384' > undeclared (first use in this function) > /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512' > undeclared (first use in this function) > *** Error code 1 > > Stop in /usr/src/lib/libssl/crypto. > *** Error code 1 > > Stop in /usr/src/lib/libssl. > > All previous commands for this patch ( cd lib/libssl, > make obj make depend make includes ) didn't produce > any errors. > > Can someone give me some hints about this? > > Thanks, > > Andreas. > > -- > Hobbes : Shouldn't we read the instructions? > Calvin : Do I look like a sissy?
Re: MySQL, pulling my hair out
Try this, it works in chrooted Apache ;) Season to taste...
rc.local
### MySQL
rm -R /var/www/var/run/mysql
mkdir -p /var/www/var/run/mysql && \
chown -R _mysql._mysql /var/run/mysql
/usr/local/bin/mysqld_safe --user=_mysql --open-files=1000 -log &
sleep 10
ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock
rc.shutdown
### MySQL
/usr/local/share/mysql/mysql.server stop
--
~Allie D.
On Sun, November 19, 2006 10:50, Otto Moerbeek wrote:
> On Sun, 19 Nov 2006, Gaby Vanhegan wrote:
>
>> I'm really having an incredibly painful time with MySQL on 3.9. Has
>> anybody had a problem getting MySQL 4 or 5 to play happy? I've read
>> these pages:
>>
>> http://www.openbsdsupport.org/mysql.htm
>> http://monkey.org/openbsd/archive/misc/0411/msg03296.html
>> http://marc.theaimsgroup.com/?l=openbsd-misc&m=111881975209858&w=2
>> http://marc.theaimsgroup.com/?l=openbsd-misc&m=111887588311627&w=2
>>
>> And applied it to MySQL 5, both from ports, and the latest 4.x
>> release built from source. I still get the database basically
>> locking under moderate load, or failing to do a mysqlcheck. The
>> errors I get (from the .err file) are along these lines:
>>
>> 061119 18:03:31 [ERROR] /usr/local/libexec/mysqld: Can't find file:
>> './condor5/user.frm' (errno: 9)
>> 061119 18:03:31 [ERROR] /usr/local/libexec/mysqld: Can't find file:
>> './condor5/user_in_group.frm' (errno: 9)
>> 061119 18:03:31 [ERROR] /usr/local/libexec/mysqld: Can't find file:
>> './condor5/user_in_group.frm' (errno: 9)
>> (using 4.x)
>>
>> Or these when doing the suggested mysqlcheck command:
>>
>> mysql.columns_priv OK
>> mysql.db OK
>> mysql.func
>> error: File './mysql/func.MYD' not found (Errcode: 9)
>> mysql.help_category
>> error: File './mysql/help_category.MYD' not found (Errcode: 9)
>> mysql.help_keyword
>> error: File './mysql/help_keyword.MYD' not found (Errcode: 9)
>> mysql.help_relation
>> error: File './mysql/help_relation.MYD' not found (Errcode: 9)
>> mysql.help_topic
>> error: File './mysql/help_topic.MYD' not found (Errcode: 9)
>>
>> I've followed all the instructions on the relevant pages, and
>> instructions form the mail archives but to no avail. I have a theory
>> that it doesn't hold up under the load of dspam using MySQL as it's
>> back end, and I'll be trying that running under something else but
>> for the moment, normal every day databases just stop working after a
>> while. What have you had to do to get MySQL up and running properly?
>
> How do you start mysql? It's essential you start it with the proper
> login class, like:
>
> su -c _mysql root ...
>
> -Otto
>
>>
>> # sysctl kern.maxfiles
>> kern.maxfiles=13666
>> # cat /etc/login.conf
>> ...
>> #
>> # MySQL daemon
>> #
>> _mysql:\
>> :datasize=infinity:\
>> :maxproc=infinity:\
>> :openfiles-cur=2048:\
>> :openfiles-max=8192:\
>> :stacksize-cur=8M:\
>> :localcipher=blowfish,8:\
>> :tc=default:
>> # userinfo _mysql
>> login _mysql
>> passwd *
>> uid 502
>> groups _mysql
>> change NEVER
>> class _mysql
>> gecos MySQL Account
>> dir /nonexistent
>> shell /sbin/nologin
>> expire NEVER
>> # cat /etc/my.cnf | grep files
>> open_files_limit = 2048
>> # dmesg
>> OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar 2 02:37:06 MST 2006
>> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
>> cpu0: Intel(R) Pentium(R) D CPU 2.66GHz ("GenuineIntel" 686-class)
>> 2.68 GHz
>> cpu0:
>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
>> CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,TM2,CNXT-ID
>> real mem = 2146541568 (2096232K)
>> avail mem = 1952505856 (1906744K)
>> using 4278 buffers containing 107429888 bytes (104912K) of memory
>> mainbus0 (root)
>> bios0 at mainbus0: AT/286+(00) BIOS, date 10/30/05, BIOS32 rev. 0 @
>> 0xf0010
>> apm0 at bios0: Power Management spec V1.2
>> apm0: AC on, battery charge unknown
>> apm0: flags 30102 dobusy 0 doidle 1
>> pcibios at bios0 function 0x1a not configured
>> bios0: ROM list: 0xc/0x8000 0xc8000/0x2200
>> mainbus0: Intel MP Specification (Version 1.1) (INTEL
Re: flashdist-20050601 for OpenBSD 3.7
Thanks Chris for all your work on flashdist...it helps me spread the gospel ;)
Re: What's wrong with these pf rules
Try pass in on from... stan([EMAIL PROTECTED])@Sun, Jul 31, 2005 at 01:36:55PM -0400: > I'm testing a new set of carp firewalls, and I've created a test network > off of them on my main network. I've added a route tp this network, but pf > is droping all packets to it. > > I've added rules to pf.conf that look like this: > > pass from any to 170.95.106.128/25 > pass from 170.95.106.128/25 to any > > And the packest are still being droped by rule 0 which is: > > block log all > Which is of course above these new rules in pf.com. This is on a 3.5 > system. > > Cany anyone sugest what I'm doing wrong. > > -- > U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong > Terror > - New York Times 9/3/1967 > -- Allie D. Allnix,LLC. http://www.allnix.net People are beginning to notice you. Try dressing before you leave the house.
Re: Chrooted apache with chrooted ftp - how users can upload websites now?
Read the FAQ..put the users home dirs in /var/www and setup anonyumous ftp yet define the users and it works well. BTW you don't need inetd, just run ftpd as a daemon. Marcin Wilk([EMAIL PROTECTED])@Sat, Nov 05, 2005 at 02:04:18AM +0100: > Hello! > I was searching & i can't find answer. > I got OpenBSD 3.7 with default Apache (chrooted) & i'm using ftp > server fdrom base system enabled by inetd. > I would like to make users not be able to read anything except their > own /home/user folder & /var/www/users/user folder. > How can i do that with such configuration? > Is there any way to do that, or do i have to use some other FTP server? > If i have to use other ftp, what will give features that i need? > > Best Regards > -- Allie D. Allnix,LLC. http://www.allnix.net _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/_/ _/_/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/_/_/ _/ "Locking down your network, one port at a time" You will never amount to much. -- Munich Schoolmaster, to Albert Einstein, age 10
Re: Chrooted apache with chrooted ftp - how users can upload websites now?
Not out of the box you can't. I'd rather run an audited piece of software that's less secure but chroots a user than a band-aid that could open yourself up to other problems. Bob Ababurko([EMAIL PROTECTED])@Fri, Nov 04, 2005 at 08:51:52PM -0500: > Allie D wrote: > >Read the FAQ..put the users home dirs in /var/www and setup anonyumous ftp > >yet define the users and it works well. BTW you don't need inetd, just run > >ftpd as a daemon. > >Marcin Wilk([EMAIL PROTECTED])@Sat, Nov 05, 2005 at 02:04:18AM +0100: > > > >>Hello! > >>I was searching & i can't find answer. > >>I got OpenBSD 3.7 with default Apache (chrooted) & i'm using ftp > >>server fdrom base system enabled by inetd. > >>I would like to make users not be able to read anything except their > >>own /home/user folder & /var/www/users/user folder. > >>How can i do that with such configuration? > >>Is there any way to do that, or do i have to use some other FTP server? > >>If i have to use other ftp, what will give features that i need? > >> > >>Best Regards > >> > > > > > I use scponly for that exact purpose. It is secure and you can chroot > the user to their home directory. > > -Bob > -- Allie D. Allnix,LLC. http://www.allnix.net _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/_/ _/_/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/_/_/ _/ "Locking down your network, one port at a time" Just because the message may never be received does not mean it is not worth sending.
Re: spamdb migration
I have done it...you should be fine. I also dump my whitelisted IP's from my spamdb nightly and have had to whip together a quick shell script with spamdb -a in front of over 1K IP's and that's worked well as an additional method. -- Allie D. Allnix,LLC. http://www.allnix.net PGP Public key: http://www.allnix.net/ads_public_key Rod.. Whitworth said: > For a few weeks I have been running 3.7 release on a lab machine. Love > it! > > It is time for me to change my firewall from 3.6 to get the benefit of > the updates that 3.7 has but I have one little question: > > Can I copy /var/db/spamd to the new install so that I don't lose my > grey/white data but can start using the spamtrap feature? > > I suppose it would not be the end of the world if not but there are > heaps of entries whitelisted that I'd rather not lose and, at any given > moment, there may be a grey that is about to be promoted to white that > would have to jump through the hoops again from the start. > > Thanks, > Rod/ > > From the land "down under": Australia. > Do we look from up over? > > Do NOT CC me - I am subscribed to the list. > Replies to the sender address will fail except from the list-server.
Re: ssh
Why don't you deny root login within ssh, login as a regular user and su ? Seems pretty simple with no mess ;) You can use the venerable sudo as well if you'd like..painlessly. I agree with your theory on using shared accounts...it's bad juju's. -- Allie D. Allnix,LLC. http://www.allnix.net PGP Public key: http://www.allnix.net/ads_public_key Roy Morris said: > Bob Beck wrote: > >>>>What part of the words "Do *NOT* login as root" have you failed to >>>>understand? >>>> >>>> >> >> this is crap. logging in as root is not a sin. we recently >>removed this poopoo advice from OpenBSD anyway. See my rant about >>this in the archives. >> >> -Bob >> >> >> > You would think from an audit point of view, > logging in using a a shared account like root would be > not all that smart. Well is may be poopoo advice, it > remains good practice to not use shared accounts. > > /myshit
Re: Dell HW?
I run SC400's, various laptops (old and new),and desktops (old and new) without any issues. -- Allie D. Allnix,LLC. http://www.allnix.net PGP Public key: http://www.allnix.net/ads_public_key Marco Peereboom said: > I run just about any imaginable server they sell. Works for me tm. > > On May 19, 2005, at 2:10 PM, L. V. Lammert wrote: > >> We have been requested to use Dell HW for some new systems. Any >> recommended models (RM) for: >> >> 1) Gateway/firewall? >> >> 2) SAN? >> >> In the alternative, any to avoid? >> >> Thanks! >> >> Lee
Re: IMAP servers
I have run courier-imap for years... Niclas Sodergard said: > On 5/22/05, Gaby vanhegan <[EMAIL PROTECTED]> wrote: > >> What IMAP servers do people use for email access? I use Dovecot at the >> moment under 3.6, as it supports SSL, Maildir and mbox, but it has some >> problems with indexes. I used to use the stock imapd that came with >> OpenBSD, but that didn't handle Maildir. I'm considering courier-imap, >> but I thought that it didn't have a great security track-record (I may >> be wrong here). >> >> What do you use to do IMAP under OpenBSD? > > I've used Cyrus-IMAP successfully on OpenBSD. It is slightly more > complex to setup than the other ones but it is really fast. There has > been a port circulating on the ports mailinglist but it looks like it > didn't make it for 3.7. > > cheers, > Nickus
Re: djbdns DNS server? Status, Pros and Cons?
I have used djbdns since '02with no issues whatsoever. You'll love the data file structure compared with BIND. Anders Jvnsson said: > Hello folks. > I recently bought a very good book: Mastering FreeBSD and OpenBSD security > They have a chapter dealing with DNS servers and there they mention > djbdns, they think it has some strong point s so I am somewhat curios > about if anybody out there has any viewpoint about using this instead of > BIND, especially since the last version djbdns I found was from 2001??! > I can't believe that it is so good that it is no need to patch it now > and then?
