On 18 juil. 2018, at 22:25, Grzegorz Junka wrote:
>
> I am interested what security precaution FreeBSD is trying to do here. Is the
> sshd server receiving an ssh login request from an IP, that can't be resolved
> back to a domain in the reverse DNS (PTR) record for that IP?
this is quite usua
Hi,
You can ignore them totally (you should), and if you can't, make sure you limit
possibility of brute force attack on your sshd:
- configure a firewall to stop them
- and/or activate blacklistd on sshd
- and/or change listening port of sshd
I get thousands of these every day, won't kill you
On 14 mai 2015, at 16:13, jungle Boogie wrote:
> On 14 May 2015 at 06:08, Mark Felder wrote:
>>
>> TLS 1.0 is dead and is even now banned in new installations according to
>> the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
>> by *any* HTTPS site now.
>
>
> Here, here! W
On 14 mai 2015, at 12:02, Ian Smith wrote:
> Well, I can't reach https://forums.freebsd.org/ at all at the moment, my
> (admittedly ancient, on 8.2) SeaMonkey now consistenly reports:
>
> "Data Transfer Interrupted
> The connection to forums.freebsd.org has terminated unexpectedly. Some
> data
On 13 mai 2015, at 23:18, Anders Gulden Olstad wrote:
> Qualys report chain issues
that's pretty odd, because I've checked too just after sending my reply to the
list (message id a2d58ccb-8b0a-40ff-9ed1-89b698a83...@patpro.net), and Qualys
reported no issues at all about the chain. That was abo
(cc ehaupt@ about the core dump of latest bash port)
On 29 sept. 2014, at 09:34, Кулешов Алексей wrote:
> Right. Okay then, here it is:
>
> # pkg remove bash
> ... change 'bash' to 'sh' in bashcheck ...
> # sh bashcheck
> Not vulnerable to CVE-2014-6271 (original shellshock)
> Not vulnerable to
On 29 sept. 2014, at 09:09, Kuleshov Aleksey wrote:
> There is a repository https://github.com/hannob/bashcheck with convenient
> script to check for vulnerabilities.
>
> % sh bashcheck
> Vulnerable to CVE-2014-6271 (original shellshock)
> Vulnerable to CVE-2014-7169 (taviso bug)
> Not vulnera
On 27 oct. 2013, at 22:50, Andrei wrote:
> On Sun, 27 Oct 2013 22:33:56 +0100
> Dag-Erling Smørgrav wrote:
>
>> Andrei writes:
>>> In /etc/pam.d/sshd from:
>>> authrequiredpam_unix.so no_warn
>>> try_first_pass to:
>>> auth required pam_unix.so no_warn try_first_
On 7 janv. 2013, at 15:55, Mike Tancsa wrote:
> If you or anyone else can point me to any other interesting resources
> about the world of audit, I would love to see it. I guess some
> interesting stuff is going in the 10 branch as well.
You might want to subscribe to it's a very low
traffic ML
Hi all,
As I understand it, ZFS includes a feature allowing to trigger an antivirus
scan when a file system write is issued. The proper hook seems to exist only on
Solaris. Is there any plan to activate this feature on FreeBSD ?
thanks, and happy new year ;)
patpro
smime.p7s
Description: S/MI
On 06 janv. 2013, at 23:46, Mike Tancsa wrote:
> Hi,
> Thanks for the reply! Where can I find setaudit ?
you might find some useful info here too:
http://forums.freebsd.org/showthread.php?t=23716
patpro
smime.p7s
Description: S/MIME cryptographic signature
On 06 janv. 2013, at 23:46, Mike Tancsa wrote:
> Thanks for the reply! Where can I find setaudit ?
here: http://people.freebsd.org/~csjp/setaudit.c
patpro
smime.p7s
Description: S/MIME cryptographic signature
On 06 janv. 2013, at 23:11, Mike Tancsa wrote:
> But if I make a simple php script to try and connect out, again, pflog0
> blocks it and logs it, but it does not show up in the audit logs
>
> 17:07:46.518501 rule 433/0(match): block out on em0: 64.7.xx.xx.36528 >
> 8.8.8.8.25: Flags [S], seq 1724
Hi,
Not sure if it's a real security issue, or if it's a feature.
ZFS allows the admin to create noexec volumes, so that users won't be able to
execute binaries sitting on these volume. But as soon as one of these binaries
is available on a snapshot, it becomes available for the user to execute:
On 30 déc. 2011, at 14:10, Fabian Wenk wrote:
> Hello Patrick
>
> On 29.12.2011 21:06, Patrick Proniewski wrote:
>>>> No updates needed to update system to 8.1-RELEASE-p7.
>>>>
>>>> # uname -r 8.1-RELEASE-p5
>
>> I have rebooted (twice).
On 29 déc. 2011, at 19:56, Xin Li wrote:
>> No updates needed to update system to 8.1-RELEASE-p7.
>>
>> # uname -r 8.1-RELEASE-p5
>>
>> any idea?
>
> Have you restarted your system? I *think* it should say -p6 there
> because this batch does not change kernel (last batch did change
> kernel bu
Hello,
On 23 déc. 2011, at 16:36, FreeBSD Security Advisories wrote:
> 3) To update your vulnerable system via a binary patch:
>
> Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
> the i386 or amd64 platforms can be updated via the freebsd-update(8)
> utility:
>
> # fre
On 17 juil. 2011, at 12:14, Robert Watson wrote:
> Just catching up on back e-mail, and bumped into this thread. Did you file
> PRs for these bugs? As Stacey mentions, the trustedbsd-audit mailing list is
> where most discussion of OpenBSM takes place. It's generally pretty quiet,
> but ther
On 29 juin 2011, at 17:11, Lev Serebryakov wrote:
> Even more, such command doesn't show anything about user login via
> ssh:
>
> auditreduce -m AUE_login /dev/auditpipe0 | praudit
>
> Yes, I have "lo" class enabled for all users, and, yes,
>
> auditreduce -r USER /dev/auditpipe0 | praudit
>
>
On 29 juin 2011, at 16:23, Lev Serebryakov wrote:
> Hello, Patrick.
> You wrote 29 июня 2011 г., 16:26:44:
>
>> I do, almost (I've not finished my settup, but I'm auditing a production
>> server).
>> May be you'll find this interesting:
>> http://forums.freebsd.org/showthread.php?t=23716#9
> It
On 29 juin 2011, at 12:59, Lev Serebryakov wrote:
> auditreduce doesn't filter events by date (-b/-a/-d options with any
> arguments produces empty output), it doesn't merge files properly and
> doesn't pick up files automagically, as Solaris' one does. It doesn't
> have -C/-M/-O functionality of
Hello,
On 02 mai 2011, at 00:55, George Sanders wrote:
> BUT, I suspect there are a LOT of possible IPs that google will use to pop
> mail
> from us ...
You are right about that. According to my pop logs, my servers have encounter
about 1000 different IPs from google (920 actually).
Domain n
On 22 janv. 10, at 08:50, kalin m wrote:
how is it possible that if i have these rules below in pf.conf if i
do:
telnet that.host.org 25
i get:
Trying xx.xx.xx.xx...
Connected to that.host.org.
Escape character is '^]'.
... etc ...
quite strange.
What does `pfctl -s all` retur
This will provide the greatest relief against drive-by ssh probes,
which
are pretty much background radiation these days. Some may decry it as
'security by obscurity', but who cares when it works so effectively :)
against script kiddies and bots, obscurity is good.
http://en.wikipedia.org/w
On 17 juil. 08, at 08:24, Jason Stone wrote:
Is anyone else nervous trusting all his programs to have access to
all his files? Is there already a reasonable solution to this
problem?
It makes me nervous for, say, Firefox and its plugins to be able to
read and write every file I own, wheth
On 9 nov. 06, at 09:17, mal content wrote:
man jail(8)
A full jail is quite extreme, don't you think? Besides, it'd be
tricky to allow
a jailed program to write to ~/.mozilla and /tmp.
a full jail is for beginners ;)
You can jail a program with only minimum /dev/ and libs, like it was
d
On 2 juin 06, at 10:57, Kenyeres Márton wrote:
www kernel: mac_bsdextended: 80:80 request 256 on
0:0 failed.
$ find -inum 256 /
I'm not sure it's an inode, it might be a rule number (like for a
firewall in fact). But it's just a guess.
And may be the file name is to be found in apache's
On 27 mai 2006, at 15:51, Ian G wrote:
On which versions of FreeBSD is it now possible to
un-reserve ports?
host$ sysctl net.inet.ip.portrange.reservedhigh=0
According to freebsd web site, it has first came with 5.1R (http://
www.freebsd.org/releases/5.1R/relnotes-i386.html). By the way,
28 matches
Mail list logo
