Re: risky alias..
the funny thing about su, is that it asks you for a password first. if they already know your password, then your already out of luck. and if you first off log in as root, secondly leave it logged in, then thats too bad for you. if you went to the bathroom, they could just boot -s if they had access sbr ps. on my untrusted system i just deleted su, not like its really going to help but it saves space in the log file On Wed, 25 May 2005, Will H. Backman wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Sent: Wednesday, May 25, 2005 11:14 AM To: misc@openbsd.org Subject: Re: risky alias.. Jason Opperisano wrote: On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: would be easily to get password or something else. if $bad_person has the ability to modify your user's or the system-wide shell initialization files, why exactly would they need to steal your password at that point? -j -- "Brian: Congratulations, Peter. You're the Spalding Gray of crap." --Family Guy i was just thinking that maybe my friend is a bad person or double agent or maybe the janitor is clever and attacks silently in that time when im going to bathroom and in a one time i forget to lock my desktop, then all is lost and disaster is there. Set the immutable flag on all of your files and then change the kernel security level so that they cannot be changed even by root. All kinds of things will break, but then you can leave your system logged on while you walk away.
Re: What to do with zombie ssh connections...tarpit?
a while ago i was interested in a similar idea, i wrote a small program to act as roots shell, then changed roots password to root. one of the first accounts they try is root:root this lead to the totally self automated site http://gnook.org/root/ you can see some of them has many more attempts after root:root while others try it first. I also tried mailing the abuse@ from whois with the logs i collected, but it was a pain to automate and i didn't want to do it manually. ive stopped running root:root instead have settled for guest:guest which gives this http://gnook.org/~guest/ but obviously cant get the same results as guest cant access /var/log/authlog etc. sbr. On Wed, 1 Jun 2005, Myk Taylor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With OpenBSD 3.7 I can finally easily detect and block those annoying ssh scanning zombies with the following pf rule: pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ flags S/SA keep state (max-src-conn-rate 5/60, \ overload flush global) then I can block all IPs in the table (I automatically phase IPs out of the table after a couple days in daily.local). This is all fine and good for my server, but I'd rather tarpit the suckers instead of blocking them outright after 5 connections. It would be easy to rdr them to a tarpit process, but I haven't seen any tarpits on the web that simulate ssh servers. I think ideally there could be a public honeypot server somewhere I could redirect them to, where their IPs and activity could be centrally logged and email could be automatically sent to the abuse@ address in the whois(1) entry. I'm doing this manually for the ~2 zombies daily I discover, but it's a bit tedious. So what's the best solution here? Is there a better way than hacking the sshd source to unconditionally sleep for 20s and return failure? - --myk Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCnpuXBOPsJyAQkeARAkEeAKDEJBfnnr/3DjCYo0SF5wdWW2430wCghEk+ xL7LiYzbnbr5xqkIK5+bCy8= =3rIG -END PGP SIGNATURE-
Re: openbsd list fckery
i think the installer is great, its so simple and straight forward, i could do it with my eyes closed. what do you want gentoo's ? or fedoras. this isn't linux, if you cant handle the installer, your going to have a hard time running the OS. also if you think your really smart by using lots of four letter words, you've got more problems then just your installer. also this isn't a tech support hotline, people are going to help you if they feel like it. sbr
Re: Compile time on old i386
on my p2 350mhz it take about 8 hours on my laptop it takes 51 minutes. id guess around 10 or more hours. sbr. On Sun, 5 Jun 2005, Richard P. Koett wrote: I'm running "make build" on a Pentium 100 with 64M and an old IDE drive. Any guesses as to how long this might take? And, out of curiosity, how fast can a fast i386 box do it?
Re: heal the world, and misc@ [strictly coffeetime reading]
On Fri, 10 Jun 2005, R.Payne wrote: "We are the woorrrld. We are the childrennn..." Put a sock in it already. could someone? its clear that people feel differently about this, and discussing it is proving to be completly counter productive as its just creating more clutter that we had hoped to avoid. there are two facts, #1 people say misc@ is unfriendly. #2 people say misc@ is friendly. we can therefor come to the conclusion that people say a lot fo things. but i hardly think this is the right place to discuss all of them, instead OpenBSD should be the topic of discussion. end of story, thread etc. sbr. -f wrote: hello Rick, and others, i just wanted to say, that you almost enteriley missed my point. i never said leave the young in a bubble, but 40 people yelling at you and calling names is not funny either. i didn't realize all the people here were so strong personalities in their teens, my mistake. only a sith deals in absolutes, to quote a very bad movie. i did not suggest let's make misc into a linux-newbie style lounge. i just wanted to point out that you never know what damage you make. just keep in mind. anyway, have a nice weekend. -f ps. yeah, and all of you ask your dad how many stupid questions/minute you asked him when you were young... did he just slap you: "it's scary bad world out there you fscking idiot! now shut up and code!" ? pps. i just realized my mail could depict me as the local christian from your mall. i am not. ppps. by popular demand i hereby promise i will not teach, none of your kids at least. also i wouldn't let mine near you, probably.
