audit problems

x, non fw or fc messages doesn't get into the log. Furthermore, deleting lo from audit_users and audit_control doesn't stop login messages logging. Is it possible that some other kernel options interfere with AUDIT (e.g. MAC)? Thanks! -- Stanislav Sedov ST4096-RIPE pgpWqlwjOP0ZV.pgp Description: PGP signature

Re: audit problems

ecessary changes are in RELENG_6. > That helped, thanks! -- Stanislav Sedov ST4096-RIPE pgptgcmv0Aa1n.pgp Description: PGP signature

Re: Secure shared web hosting using MAC Framework

ould be able to access their own crontab > Solution: use ufs_acl to give rights to the crontab directory > > - Web users should be able to send emails > Solution: use ufs_acl to give rights to the mail spool > > - Web users shouldn't be able to install binaries but still be able > to install CGi scripts > This is where I do not have a solution. > Has anyone implemented such policy? How will you differ CGI scripts and binaries? Binaries effectively cgi scripts too. -- Stanislav Sedov ST4096-RIPE pgpgNfcpS722q.pgp Description: PGP signature

Re: ports/129037: [patch] [vuxml] graphics/imlib2: fix CVE-2008-5187

nts to spam. This is generated automatically as this PR fixes a security issue. - -- Stanislav Sedov ST4096-RIPE -BEGIN PGP SIGNATURE- iEYEARECAAYFAkkrI5sACgkQK/VZk+smlYEQugCggWHZ+sROzYS9lZLRNpJ652hl +XcAniWPSlgdZKmyoY0fhtd2OuOCKJ8f =noDe -END PGP SIGNATURE- ___

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random

th saved entropy upon boot by /etc/rc.d/initrandom. Only kernel services that rely on arc4random(9) is vulnerable. - -- Stanislav Sedov ST4096-RIPE -BEGIN PGP SIGNATURE- iEYEARECAAYFAkkrI2cACgkQK/VZk+smlYGvrwCfTEuy+4AIk/b6l6bxRX0tcVs0 PZMAniLO3ltjq5232cErhAtB7u5SJI4J =UmVN -

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random

would affect the quality of SSH host keys generated at boot > time by RC? > Nope, userland is unaffected. - -- Stanislav Sedov ST4096-RIPE -BEGIN PGP SIGNATURE- iEUEARECAAYFAkkrI3gACgkQK/VZk+smlYFwWQCXSwYxHbUizxmriBT3pO1E

Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?

le to find hash collisions can speedup the brute-force attack a bit, but this had to be proven first... - -- Stanislav Sedov ST4096-RIPE -BEGIN PGP SIGNATURE- iEYEARECAAYFAklgVukACgkQK/VZk+smlYFurQCeOobQDi6tCbJ9ZeK8V5aUAY3O mMoAoIKvPDKvN1oogSWyGhYln3jCFWgX =NZZk -END PGP SIGNATURE-

Re: FreeBSD Security Advisory FreeBSD-SA-09:02.openssl

hat is the problem with freebsd-update? - -- Stanislav Sedov ST4096-RIPE -BEGIN PGP SIGNATURE- iEYEARECAAYFAklmZQsACgkQK/VZk+smlYHNyACfdUBLAVgdti38rQD/RxVPFMP/ ltwAn2UBfdq0oIZpghltCx1WA1RrJD3l =6VDH -END PGP SIGNATURE- !DSPAM:49666476967001390911012!

Re: ipv6 and ipfw

lity ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall ipv6_firewall_type="UNKNOWN"# IPv6 Firewall type (see /etc/rc.firewall6) ipv6_firewall_quiet="NO" # Set to YES to suppress rule display ipv6_f

Re: OpenSolaris Cryptographic Framework

/project/crypto/ > I beleive none is working on this now. Does it have any benefits over the crypto framework we're using now? -- Stanislav Sedov ST4096-RIPE !DSPAM:49eca4dc967003632114287! ___ freebsd-security@freebsd.org mailing list htt

Re: emacs installs a lot of 777 directories

t; /dev/null) ;\ > ... > 264 find ${INSTALLDIR} -exec chown $${installuser} '{}' ';' > I don't think it's a right thing to do, as it doesn't obey nor SHAREOWN/ SHAREGROUP not SHAREMODE, which all ports are supposed to follow. Exactly f