Yeah it sucks, the miscreants run 24/7 365. My guess is home systems
are targeted a lot because there's only an 'IT Dept' of one.
Lots of good stuff in base and the ports collection. mtree can be
extended to check file integrity for anything you've modified and
other local stuff (something I need
On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds wrote:
> [...]
> Perhaps I should separate the router and 'everything else'
> roles, so that the router only has builtin OpenBSD software on it, no
> packages.
Strongly encourage you to get a separate box to run the router and
firewall on. (Ted, if yo
On Sat, Aug 16, 2014 at 1:52 AM, Scott Bonds wrote:
> On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
>> While a long way from perfect, tools such as "chkrootkit" and "rkhunter"
>> might shed some light on your situation.
>> As Giancarlo said, check every machine that's closely inte
On August 16, 2014 12:09:32 AM CEST, Paul de Weerd wrote:
>On Fri, Aug 15, 2014 at 11:51:53PM +0200, Paul de Weerd wrote:
>| At any rate, this changes that to allow world readable files (still
>| not taking world writable files). We can't check S_IWOTH over tftp,
>| we should probably assume 0777
On August 15, 2014 11:51:53 PM CEST, Paul de Weerd wrote:
>On Fri, Aug 15, 2014 at 06:55:49PM +0200, Alexander Hall wrote:
>| On 08/15/14 16:22, Paul de Weerd wrote:
>| >On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
>| >| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
> wrote:
On 2014-08-15, Paul de Weerd wrote:
> What you could do is use the -r option to tftpd(8) to hand out a new
> file to each client that connects. Or just periodically (like, every
> hour or every minute, depending on the load of your tftp server)
> replace it with a new random file.
How about mak
DOH! - I had left a line referring to vhid (i.e. carp) in there - worked ok
when that was out.
From: stur...@hotmail.com
To: misc@openbsd.org
Subject: RE: troubleshooting carp
Date: Fri, 15 Aug 2014 17:58:06 -0400
OK, this is wrecking my head. As previously mentioned I have TWO
firewalls
OK, this is wrecking my head. As previously mentioned I have TWO
firewalls, both with a total of 8 em-ports (2 x quad-cards). -Some of the
ports are forfuture use and thus not configured and don't have a corr
corresponding carp. So far it has really been:em0 - carp0 - internal LANem1 -
pfsync0 - pf
On Fri, Aug 15, 2014 at 11:51:53PM +0200, Paul de Weerd wrote:
| At any rate, this changes that to allow world readable files (still
| not taking world writable files). We can't check S_IWOTH over tftp,
| we should probably assume 0777 for files transferred that way. But,
| if you're trusting the
On Sat, Aug 16, 2014 at 09:31:03AM +1200, worik wrote:
> I do not use sound on my machine. I am new to OpenBSD and in examining
> the running system I see sndio is running.
>
> I see it is started in /etc/rc, but the FAQ suggests that this file
> should not be edited.
>
> What is the proper way
On Fri, Aug 15, 2014 at 06:55:49PM +0200, Alexander Hall wrote:
| On 08/15/14 16:22, Paul de Weerd wrote:
| >On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| >| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
wrote:
| >| >> Is it safe to generate some randomness in /tftpboot/et
rc.conf or rc.conf.local
sndio=NO
On Fri, Aug 15, 2014 at 5:31 PM, worik wrote:
> I do not use sound on my machine. I am new to OpenBSD and in examining
> the running system I see sndio is running.
>
> I see it is started in /etc/rc, but the FAQ suggests that this file
> should not be edited.
I do not use sound on my machine. I am new to OpenBSD and in examining
the running system I see sndio is running.
I see it is started in /etc/rc, but the FAQ suggests that this file
should not be edited.
What is the proper way to turn it off?
Worik
--
Why is the legal status of chardonnay diff
Before I blocked all of China, I saw something very similar on an ssh
honeypot I run.
Every few hours or so, I'd get the following:
http://sprunge.us/OGfE
Seemed totally automated.
J. Stuart McMurray
On Fri, Aug 15, 2014 at 1:51 PM, Josh Grosse wrote:
> On 2014-08-15 12:38, Mihai Popescu wr
* Denis Fondras [2014-08-15 21:20]:
> Here is the first patch towards adding RPKI/ROA support to OpenBGPd.
>
> It aims at renaming variables & functions to prepare the ground for
> bigger changes. Is it OK ?
No.
These changes have nothing to do with RPKI (in fact they are complete
noops, no eff
Hi,
Here is the first patch towards adding RPKI/ROA support to OpenBGPd.
It aims at renaming variables & functions to prepare the ground for
bigger changes. Is it OK ?
Denis
diff -u bgpd.orig/control.c bgpd/control.c
--- bgpd.orig/control.c Fri Aug 15 18:21:53 2014
+++ bgpd/control.c Fri A
Why not just set up a recurring Paypal donation? Even $20/mo should
help, if enough people do it.
-James Shupe
On Fri 15/08 19:17, Antoine Jacoutot wrote:
> > Actually missing! Is it just my system or...
>
> Nah, that's not needed.
>
> > Still scratching my head...
>
> Yeah sorry, I have no other idea for now...
Still debugging... I tried to revert to hplip 3.14.1 (adapting the port
from 5.5), but the b
On 2014-08-15 12:38, Mihai Popescu wrote:
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were screwe
This is from the Electricity thread but seems on point:
> Dear Misc,
>
> In re electricity, please do one of the following:
>
> 1.Send money.
> 2.Convince OTHER PEOPLE to send money.
This next bit is important, and is being overlooked again:
> 3.Stop summoning the Good Idea Fairy t
previously on this list Scott Bonds contributed:
> I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
> running any public services AFAIK...I've configured the ones I'm running
> on it (like unbound) to only respond to local requests. Then again, I
> haven't tested those ports
> Actually missing! Is it just my system or...
Nah, that's not needed.
> Still scratching my head...
Yeah sorry, I have no other idea for now...
--
Antoine
On Fri 15/08 17:39, Antoine Jacoutot wrote:
> > D [15/Aug/2014:17:06:30 +0200] [CGI]
> > /usr/local/share/cups/drivers/pscript5.dll: No such file or directory
>
> Well, that does not look good :-)
Actually missing! Is it just my system or...
>
> > D [15/Aug/2014:17:06:55 +0200] [Job 2] GPL Gho
On 08/15/14 16:22, Paul de Weerd wrote:
On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
wrote:
| >> Is it safe to generate some randomness in /tftpboot/etc/random.seed
| >for
| >> clients that PXE boot?
| >
| >I do not even kno
On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
> While a long way from perfect, tools such as "chkrootkit" and "rkhunter"
> might shed some light on your situation.
> As Giancarlo said, check every machine that's closely interconnected, not
> just the one compromised server you've n
> On June 29, there was a 5.5-stable update to www/owncloud to release
> 6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were screwed!
On 2014-08-15 10:39, Scott Bonds wrote:
...I'm running owncloud and a bunch of other (no doubt less secure)
software
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
If you are looking for possible attack surfaces, this may have been on
On 14-08-15 10:01 AM, Scott Bonds wrote:
I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
running any public services AFAIK...I've configured the ones I'm running
on it (like unbound) to only respond to local requests. Then again, I
haven't tested those ports from another mach
On Fri, Aug 15, 2014 at 05:15:22PM +0200, Alessandro DE LAURENZIS wrote:
> See below, after a couple of "Print test page" failures (reported as "No
> profiles specified in PPD" in the web interface).
>
> I also deleted and reinstalled (from ports) hplip-common, hplip and
> hplip-gui.
> D [15/Aug/
On Fri, Aug 15, 2014 at 11:42:32AM -0300, Giancarlo Razzolini wrote:
> Don't forget to check your own machine, not just your OpenBSD server.
> It's more often than not the point of origin of the attack. If your
> machine is compromised, reinstalling your server won't do anything,
> since they'll re
I can confirm that with my patch, my HP printer is now working over USB as well.
Alessandro could you re-install your printer under cups and enable debug in
cups (you can do that from the web iface) then send the output of
/var/log/cups/error_log
Thanks.
--
Antoine
On 15-08-2014 11:39, Scott Bonds wrote:
> I thought I was being reasonably careful: ssh disabled for root,
> key-only login on my admin account, following stable, etc...then again,
> I'm running owncloud and a bunch of other (no doubt less secure)
> software. Perhaps I should separate the router an
Ok, thanks for confirming (and Chris and Adam). And while I have you
here, thank you for all of your contributions to OpenBSD, its amazing to
me the scope and quality of what y'all have built.
I thought I was being reasonably careful: ssh disabled for root,
key-only login on my admin account, f
On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
wrote:
| >> Is it safe to generate some randomness in /tftpboot/etc/random.seed
| >for
| >> clients that PXE boot?
| >
| >I do not even know if that file will be read... is it?
|
On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
wrote:
>> Is it safe to generate some randomness in /tftpboot/etc/random.seed
>for
>> clients that PXE boot?
>
>I do not even know if that file will be read... is it?
IIRC, it is tried but deemed unsafe (0555) and therefore isn't used, but cause
On 15/08/14(Fri) 14:37, Alessandro DE LAURENZIS wrote:
> On Fri 15/08 14:07, Antoine Jacoutot wrote:
> > On Fri, Aug 15, 2014 at 01:34:08PM +0200, Alessandro DE LAURENZIS wrote:
> > > On Fri 15/08 13:26, Antoine Jacoutot wrote:
> > > > You are still seeing this with the patch I sent yesterday???
>
On 2014-08-15, Theo de Raadt wrote:
>> Is it safe to generate some randomness in /tftpboot/etc/random.seed for
>> clients that PXE boot?
>
> I do not even know if that file will be read... is it?
I would hope so since pxeboot complains about its absence:
>> OpenBSD/amd64 PXEBOOT 3.23
boot>
ca
On Fri 15/08 14:07, Antoine Jacoutot wrote:
> On Fri, Aug 15, 2014 at 01:34:08PM +0200, Alessandro DE LAURENZIS wrote:
> > On Fri 15/08 13:26, Antoine Jacoutot wrote:
> > > You are still seeing this with the patch I sent yesterday???
> >
> > As I said (see the end of my previous e-mail), this is o
On Fri, Aug 15, 2014 at 8:08 AM, Eric Furman
wrote:
> On Fri, Aug 15, 2014, at 02:02 AM, Bernte wrote:
> > On 14/08/14 16:14, Nicolai wrote:
> > > On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote:
> > >> Could you please just clarify: I have money and I want that to go to
> the
> > >> OpenB
On Fri, Aug 15, 2014 at 06:04:56AM -0600, Theo de Raadt wrote:
| > Is it safe to generate some randomness in /tftpboot/etc/random.seed for
| > clients that PXE boot?
|
| I do not even know if that file will be read... is it?
Yes, it is. Twice, in fact:
Aug 15 14:13:34 tuna tftpd[14711]: 192.16
On Fri, Aug 15, 2014, at 02:02 AM, Bernte wrote:
> On 14/08/14 16:14, Nicolai wrote:
> > On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote:
> >> Could you please just clarify: I have money and I want that to go to the
> >> OpenBSD project. I would like as much as possible to make it there (fro
On Fri, Aug 15, 2014 at 01:34:08PM +0200, Alessandro DE LAURENZIS wrote:
> On Fri 15/08 13:26, Antoine Jacoutot wrote:
> > You are still seeing this with the patch I sent yesterday???
>
> As I said (see the end of my previous e-mail), this is obtained with an
> unpatched CUPS port.
>
> Should I r
Here are the newest numbers i can provide for a full build from source.
/usr/src >900MB
/usr/xenocara >700MB
/usr/obj >900MB
/usr/xobj >500MB
/usr/ports >600MB
/usr/ports/pobj can't be big enought...
On 08/15/14 05:09, Joel Rees wrote:
I'm trying re-learn how to bring a new install up to -stable
> Is it safe to generate some randomness in /tftpboot/etc/random.seed for
> clients that PXE boot?
I do not even know if that file will be read... is it?
> My concern is that this file will be available to everyone on the
> network via TFTP. So does knowing this randomness help "predict" the
>
May I use DUID in my case when I have a USB card reader which has no
flash card in it?
How to fix using DUID for SD1 (fstab with SD1 DUIDs is below) as boot
disk don't mind on any other USB disks, readers (without card, for
instance) connected to the system during boot?
How to make USB SDx s
On Fri 15/08 13:26, Antoine Jacoutot wrote:
> You are still seeing this with the patch I sent yesterday???
As I said (see the end of my previous e-mail), this is obtained with an
unpatched CUPS port.
Should I revert to the patched version again?
--
Alessandro DE LAURENZIS
[mailto:just22@gma
> [...]
> DEBUG: libusb_get_device_list=9
> libusb: 0.019173 debug [libusb_get_device_descriptor]
> libusb: 0.019182 debug [obsd_get_device_descriptor]
> libusb: 0.019187 debug [libusb_get_device_descriptor]
> libusb: 0.019192 debug [obsd_get_device_descriptor]
> libusb: 0.019200 debug [libusb_
On Fri 15/08 11:45, Alessandro DE LAURENZIS wrote:
> On Fri 15/08 10:44, Martin Pieuchot wrote:
> > To get more information could recompile the devel/libusb1 package with
> > DEBUG set? This will produce some verbose output when cups will use it.
This is the output from "/usr/local/libexec/cups/b
On Fri, Aug 15, 2014 at 06:19:34AM +0200, Zoran Kolic wrote:
> I see no recent posts on the subject. Repository
> about 2 weeks ago shows a version 0.2.4.22p0. At
> the moment I cannot find manual for openbsd, on the
> net.
>
> What is prefered way to use it right now? On other
> systems it works
Stan Gammons charter.net> writes:
>
> On 07/29/14 04:01, Stuart Henderson wrote:
> > That's to do with the traffic that the system is handling, you
> > wouldn't normally expect to see all that much fragmented traffic. If
> > there are lots of fragments, are you using pppoe? If so then make sur
On Fri, 15 Aug 2014, Denis Lapshin wrote:
> My fstab has identity for main boot HDD:
>
> 548ac03903a985e9.a / ffs rw 1 1
> 548ac03903a985e9.g /home ffs rw,nodev,nosuid 1 2
> 548ac03903a985e9.d /tmp ffs rw,nodev,nosuid 1 2
> 548ac03903a985e9.f /usr ffs rw,nodev 1 2
> 548ac03903a985e9.e /var ffs rw,n
On Fri 15/08 11:45, Alessandro DE LAURENZIS wrote:
[...]
> > To get more information could recompile the devel/libusb1 package with
> > DEBUG set? This will produce some verbose output when cups will use it.
>
> Could you please detail how to set the DEBUG feature? Something like:
> DEBUG=foo mak
On Fri 15/08 10:44, Martin Pieuchot wrote:
> So apparently your device is correctly listed but you cannot open its
> node. Can you post your dmesg with all these connected device?
Hello Martin,
in order to sort-out a bit the things, I re-made all my trials
disconnecting all the usb devices but t
On 14/08/14(Thu) 17:25, Alessandro DE LAURENZIS wrote:
> On Thu 14/08 17:17, Antoine Jacoutot wrote:
> > > After applying the patch, the printer is still not responding, but the
> > > output of /usr/local/libexec/cups/backend/usb is different:
> > >
> > > root@poseidon:[cups]> sudo /usr/local/libe
On Fri, Aug 15, 2014 at 01:24:02AM -0700, Clint Pachl wrote:
| Is it safe to generate some randomness in /tftpboot/etc/random.seed for
| clients that PXE boot?
|
| My concern is that this file will be available to everyone on the network
| via TFTP. So does knowing this randomness help "predict" t
My fstab has identity for main boot HDD:
548ac03903a985e9.a / ffs rw 1 1
548ac03903a985e9.g /home ffs rw,nodev,nosuid 1 2
548ac03903a985e9.d /tmp ffs rw,nodev,nosuid 1 2
548ac03903a985e9.f /usr ffs rw,nodev 1 2
548ac03903a985e9.e /var ffs rw,nodev,nosuid 1 2
835806792ad105b8.b none swap sw
127.0.0
Is it safe to generate some randomness in /tftpboot/etc/random.seed for
clients that PXE boot?
My concern is that this file will be available to everyone on the
network via TFTP. So does knowing this randomness help "predict" the
PRNG output of the clients that use it?
I read in a de Raadt i
On Fri, 15 Aug 2014 11:37:56 +0400, Denis Lapshin
wrote:
> Is it possible to change or set fixed device names for drives like
> SD0, SD1, SD2, SD3 and so on.
http://www.openbsd.org/faq/faq14.html#DUID
Cheers,
--
Vigdis
Is it possible to change or set fixed device names for drives like SD0,
SD1, SD2, SD3 and so on.
When I boot with connected USB drives like flash sticks, kernel numbered
it starting from SD0, SD1 so the system HDD stand SD2 and kernel can't
mound disk with file system as it should be.
Hello,
my 5 Button Mouse
uhidev2 at uhub3 port 6 configuration 1 interface 0 "Microsoft
Microsoft 5-Button Mouse with IntelliEye(TM)" rev 1.10/3.00 addr 5
works, except the side buttons which should respond to button 6 and 7
are giving the signal for button 5 and 4 which correspond to the
scroll
60 matches
Mail list logo
