Hi everyone.
I'm participating in development of some security-centric product, one part of
which performs compliance checks upon target server's OS. The main purpose of
this checks is to find possible misconfigurations which are widely considered
as insecure or deprecated (e.g password login by
>On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote:
>> Matt Dawson wrote:
>>
>>> My first thought when I saw this was "ego over ethics," which says more
>>> about Theo than FreeBSD.
>>
>> Totally.
>>
>> I know Theo has a reputation for being 'difficult', but in my opinion,
>> this outburst really
Hello, Pawel!
On 00:02 10-Jan 2014 Pawel Jakub Dawidek wrote:
> Now that you added casper to the game, I'd move gethostbyname2() until
> after we enter the sandbox and open system.dns service, but before we
> limit the service to only reverse lookups. It does process network
> packets after all.
Ross Wheeler написав(ла):
I overcame these conflicting requirements with a 2-step process. They
"authorised" user first browsed to a website which asked their
username and password. When entered correctly, it opened a hole in the
firewall to allow that IP to their network. A timer ran every 15
Jeremy Chadwick написав(ла):
The above looks like sshguard.
Yes, several people have pointed this out. Thanks!
I've personally never trusted something that *automatically* adjusts firewall
rules based on data read from text
logs or packets coming in off the Internet. The risks involved are in
Neil Neely написав(ла):
I haven't explored this issue enough to speak with any authority - but
once upon a time I had an app doing tons of ipfw rule add/removes all
the time and we had no end of performance and stability problems on
that box (this would have been in 4.x or so timeline I expect)
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv
понеділок 10 липень 2006 13:50, Brian Candler написав:
> Well, it's probably worth send-pr'ing it.
The rcmdsh() is taken from OpenBSD, I think, and has no room for the stderr.
One would need to reimplement something like rcmdsh2() first :-)
> I'd first test whether rsh itself forwards stderr pro
On Monday 10 July 2006 10:17, Simon L. Nielsen wrote:
= Actually it is, but it would obviously be a stupid idea to do so any
= place where privileged ports are required...
It would be. But where they are NOT required, it is stupid to check the
geteuid() inside the client's rcmd :-)
Thank you ver
The manual page says, that rcmd() is only to be used by root's processes.
On other OSes (Solaris, AIX), trying to call rcmd() without being root simply
fails.
FreeBSD, however, tries to be helpful and invokes rcmdsh in this case, which
is inefficient and leaves the stderr's filedescriptor (fd2p
вівторок 27 червень 2006 15:05, Pawel Worach написав:
> > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun 8" amd64
> > system attempts to connect to a bogus port (like ) hang instead of
> > failing with "Connection refused" immediately, as they on other systems.
>
> Using sysctl net.
wing is an excellent doco on the matter:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html
I got it cranking on production and it works like a charm.
Cheers,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROT
n order to load the rulesets, once I
> did that, I can access the box from remote locations
>
> [...]
> ipfilter_rules="/etc/ipf.rules"
Hi,
Your rc.conf looks for ipf.rules instead of ipfw.rules files. Adding the
missing "w" may solve your problem.
Mikhail.
13 matches
Mail list logo
