Re: sudoers
igor denisov wrote: > When I run > sudo halt > Sorry, user user is not allowed to execute '/sbin/halt' as root on > my.domain > Why? Do you need to restrict it to LOCAL? Mine works fine with ALL=
Re: Applying patch ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 from the text in 001_sendmail.patch: Apply by doing: cd /usr/src patch -p0 < 001_sendmail.patch And then rebuild and install sendmail: cd gnu/usr.sbin/sendmail make obj make depend make make install note the '<' in the "patch -p0..." line. Maverick wrote: > I run the command to fix the first bug > > patch 001_sendmail.patch > > However it taking more then 15 mins and still staying there. Is there any > thing wrong with what i have been doing? What should i do to apply the patch > for openbsd 3.9 iD8DBQFFRS1DBOPsJyAQkeARAn+KAJ4q2tasJ1uNHvC+M+g1Mgf21D3yNwCdG1gE RiZjC49uIYNWclGqSNRHpVI= =FGO8 -END PGP SIGNATURE-
What to do with zombie ssh connections...tarpit?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With OpenBSD 3.7 I can finally easily detect and block those annoying ssh scanning zombies with the following pf rule: pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ flags S/SA keep state (max-src-conn-rate 5/60, \ overload flush global) then I can block all IPs in the table (I automatically phase IPs out of the table after a couple days in daily.local). This is all fine and good for my server, but I'd rather tarpit the suckers instead of blocking them outright after 5 connections. It would be easy to rdr them to a tarpit process, but I haven't seen any tarpits on the web that simulate ssh servers. I think ideally there could be a public honeypot server somewhere I could redirect them to, where their IPs and activity could be centrally logged and email could be automatically sent to the abuse@ address in the whois(1) entry. I'm doing this manually for the ~2 zombies daily I discover, but it's a bit tedious. So what's the best solution here? Is there a better way than hacking the sshd source to unconditionally sleep for 20s and return failure? - --myk Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCnpuXBOPsJyAQkeARAkEeAKDEJBfnnr/3DjCYo0SF5wdWW2430wCghEk+ xL7LiYzbnbr5xqkIK5+bCy8= =3rIG -END PGP SIGNATURE-
Re: Recommendations for pop3s daemon?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been using mail/solid-pop3d FLAVOR=apop on my LAN. The pop_auth utility is handy for setting up ssh-public-key-like logins. Jeff Simmons wrote: > Finding myself in need of a POP3S daemon, I headed over to the ports tree > to get the old standar UW, and noticed that there are several of the > little devils hiding out in there. > > Anyone have any recommendations? Favorites? Pros and cons? Reasons to use > something other than UW? Any information would be greatly appreciated. > > -- > [EMAIL PROTECTED] Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsFdaBOPsJyAQkeARAv2kAJwIZTqqR+kDkx5+JucnXQbI7ngB/wCfbvdF Gj7eURAUkZB8AVnr6uZas3U= =P/5W -END PGP SIGNATURE-
