Re: Let's Encrypt

You would ideally create a certbot user that has just the permissions it needs. It has a fairly decent security history. So it's probably not the worst to run as root in a limited manner. On Mon, Sep 9, 2019, 5:52 PM Victor Sudakov wrote: > Trond Endrestøl wrote: > > > > #minute hour

Re: OpenSSH HPN

On Tue, Nov 10, 2015 at 11:59 PM, John-Mark Gurney wrote: > > > > If you have a trusted network, why not just use nc? Defense in depth for starters. The ipfw how to guide I learned from years ago, started with the statement that a firewall should be a shield in front of machines that don't nee

Re: NTP security hole CVE-2013-5211?

On Mar 20, 2014 9:21 PM, "Brett Glass" wrote: > > At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote: > >> Starting from these lines in my /etc/ntp.conf file: >> >> server 0.freebsd.pool.ntp.org iburst >> server 1.freebsd.pool.ntp.org iburst >> server 2.freebsd.pool.ntp.org iburst >> >> I resolved e

Re: any interest in tripwire commercial?

On Tue, Nov 30, 2010 at 7:01 AM, Michael Scheidell wrote: > Any interest in Tripwire Commercial version? Maybe > I have a client who wants to allow their enterprise tripwire console to be > able to monitor the servers that do the real work (the freebsd servers) as > well as the token windows ser

Re: online cheksum verification for FreeBSD

On Thu, 2010-03-11 at 19:20 +0100, Elmar Stellnberger wrote: > Giancarlo Rubio schrieb: > > rodando nos 2 servidores!!! > > > Could anyone help me in how to obtain online cheksums for FreeBSD? Um, most FreeBSD users compile from source with a custom /etc/make.conf file.

Re: online cheksum verification for FreeBSD

On Thu, 2010-03-11 at 09:13 -0800, Roger Marquis wrote: > Elmar Stellnberger wrote: > > I believe it would be highly desireable to have an online md5sum > > verification for FreeBSD as this is already implemented by checkroot > > This is not difficult to do on a per-host basis using integrit, c

Re: openssh concerns

On Mon, 2009-10-05 at 12:46 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX wrote: > > Granted, if somebody is not specifically targeting you and is just scanning > > ranges to find sshd on 22 they will pass you right up since that port will > > be closed. > > The port change was intended only to avoid th

Re: Freebsd auto locking users (minor correction

On Sun, 2008-09-14 at 11:12 +0100, Robert Watson wrote: > On Sat, 13 Sep 2008, mouss wrote: > > > > and the other side has its proponents of course: > > > > http://lopsa.org/node/29 This should be http://lopsa.org/node/295 -- "... all the modern inconveniences ..."