FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs part 2
hi i read FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs and have question about this workaround: /bin/rm /sbin/mksnap_ffs isn't better to do: /bin/chmod u-s /sbin/mksnap_ffs i think that suid flag is dangerous on this program not program as is and when suid flag is down program is clear for everyone except root if is dangerous program, so erase it isn't good workaround, because every user can compile mksnap_ffs from source but suid flag can give only root thank and bye -- The ancient Greeks' concept of a ``personal daemon'' was similar to the modern concept of a ``guardian angel'' --- ``eudaemonia'' is the state of being helped or protected by a kindly spirit. As a rule, UNIX systems seem to be infested with both daemons and demons. [Evi Nemeth] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
newsyslog.conf in 5.x and bz2
hi can i change compression type from bzip2 to gzip when syslog rotate files? i can't find it nowhere. i know that bzip2 is better, but i need gzip. thank and bye -- The ancient Greeks' concept of a ``personal daemon'' was similar to the modern concept of a ``guardian angel'' --- ``eudaemonia'' is the state of being helped or protected by a kindly spirit. As a rule, UNIX systems seem to be infested with both daemons and demons. [Evi Nemeth] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
saving kernel output
hi all is another way to save kernel output without dumb terminal or old PC/XT till boot ? i read serialconsole-setup in handbook, but i think way without serial console for example something like dmesg, but if kernel fails i want have saved output too thank and bye -- - Radko Keves ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to access cr_ruid in ucred struct with kvm_read
hi all
i try to access cr_ruid field of ucred struct with kvm_read like this:
(rewrited example from cyellow-0.01.tar.gz - tools/listprocs.c
original doesn't work too)
[...]
LIST_HEAD(proclist, proc);
int main(int argc, char **argv)
{
int i;
char *buf;
kvm_t *kd;
struct proc *p_ptr, p;
struct ucred cred;
struct proclist allproc;
char errbuf[_POSIX2_LINE_MAX];
struct nlist nl[] = { { NULL }, { NULL }, };
nl[0].n_name = allproc;
kd = kvm_openfiles(NULL,NULL,NULL,O_RDONLY,errbuf);
if(!kd) {
fprintf(stderr,ERROR: %s\n,errbuf);
exit(-1);
}
if(kvm_nlist(kd,nl) 0) {
fprintf(stderr,ERROR: %s\n,kvm_geterr(kd));
exit(-1);
}
if(!nl[0].n_value) {
fprintf(stderr,ERROR: allproc not found (very weird...)\n);
exit(-1);
}
kvm_read(kd,nl[0].n_value, allproc, sizeof(struct proclist));
printf(PID\tUID\n\n);
for(p_ptr = allproc.lh_first; p_ptr; p_ptr = p.p_list.le_next) {
kvm_read(kd,(unsigned long)p_ptr, p, sizeof(struct proc));
kvm_read(kd,(unsigned long)p.p_ucred, cred, sizeof(struct
ucred));
printf(%d\t%d\n, p.p_pid, cred-cr_ruid);
}
if(kvm_close(kd) 0) {
fprintf(stderr,ERROR: %s\n,kvm_geterr(kd));
exit(-1);
}
[...]
and have found this error messages:
1, storage size of `cred' isn't known
(struct ucred cred;)
2, sizeof applied to an incomplete type
( kvm_read(kd,(unsigned long)p.p_ucred, cred, sizeof(struct ucred));)
my questions:
1, can anybody help me with this problem, how to access cr_ruid ?
2, is retyping pointer to unsigned long addr okay ?
3, is better way to access this structure without kernel module ?
of course original package i attache
thanks
--
bye
-
R
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=278021+0+archive/2002/freebsd-current/20020825.freebsd-current
;), Tue, Jul 15, 2003 at 02:55:24PM +0300, Administrator Assistant said that
Hello, Radko!
I have the same trouble on my hosting machine. All was ok until... I don't know
what... The same:
Jul 15 14:22:00 lena /usr/sbin/cron[768]: (operator) CMD (/usr/libexec/save-
entropy)
Jul 15 14:22:26 lena kernel: drop session, too many entries
Jul 15 14:23:22 lena syslogd: restart
Jul 15 14:23:22 lena syslogd: kernel boot file is /boot/kernel/kernel
I have tried to do:
/sbin/ipfw add 1500 allow log tcp from any to ${ip} dst-port 80 limit src-addr 4
but I think it doesn't help here... In fact without log options it reboots...
Tried to double count of:
# cat /etc/sysctl.conf | grep dyn_max
net.inet.ip.fw.dyn_max=8192
But it's also how I see doesn't help...
# uname -rs
FreeBSD 5.0-RELEASE
IF YOU HAVE SOLVED THIS PROBLEM OR KNOW WHO CAN, PLEASE FORWARD THIS MAIL TO
HIM AND MAIL ME BACK YOUR ANSWER!
P.S. Please mail this to freebsd mailing list too...
--
With best regards, Maksims Korzanovs aka TiM
[EMAIL PROTECTED]
hi
do you try to read mailing list ?
-
D. Penev [EMAIL PROTECTED], 20 Aug 2002:
this kernel message means that you have reached the limit of sessions
per ipfw rule that was set with limit option.
-
-
and now my part :)
for example:
ipfw add 4300 allow all from any to me setup limit src-addr 4
-
part of man:
If the ruleset includes one or more rules with the keep-state or limit
option, then ipfw assumes a stateful behaviour, i.e. upon a match
it will create dynamic rules matching the exact parameters (addresses and
ports) of the matching packet.
These dynamic rules, which have a limited lifetime, are checked at
the first occurrence of a check-state, keep-state or limit rule, and
are typically used to open the firewall on-demand to legitimate traffic
only.
See the STATEFUL FIREWALL and EXAMPLES Sections below for more
information on the stateful behaviour of ipfw.
-
again part of man:
Dynamic rules expire after some time, which depends on the status
of the flow and the setting of some sysctl variables. See Section SYSCTL
VARIABLES for more details. For TCP sessions, dynamic rules can be
instructed to periodically send keepalive packets to refresh the
state of the rule when it is about to expire.
...
A first and efficient way to limit access (not using dynamic rules)
is the use of the following rules:
ipfw add allow tcp from any to any established
ipfw add allow tcp from net1 portlist1 to net2 portlist2 setup
ipfw add allow tcp from net3 portlist3 to net3 portlist3 setup
...
ipfw add deny tcp from any to any
-
If you use dynamic rules don't forget use:
ipfw add check-state
--
have a nice day
-
R
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
disk traffic
hi all i have big disk traffic from users and i need reduce it so this is my question: Is disk traffic adjustable for each user (with login.conf or sysctl or i don't know how ? ) Not memory in generally i use: FreeBSD 5.0-CURRENT #4: Fri Jan 31 14:32:34 CET 2003 i386 and disks: WDC WD400BB-00CLB0 [77545/16/63] at ata2-master UDMA100 -- thank bye - R To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
setting up ldap client
hi all i want set up ldap client, but don't know how i can't found good document (for example how set up pam ... ) can anybody help me ? thank and bye -- R To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
question about imap
hi all my imapd can't authorize me can anybody help me? #cat /etc/pam.d/imap authrequiredpam_unix.so but without pam too :( imap version (last cvsup from ports:) ): imap-wu-2001a,1 for example user test with right password: #cat /var/log/messages [...] Oct 7 20:36:11 kripel imapd[55059]: Login failed user=test auth=test host=localhost [127.0.0.1] Oct 7 20:36:14 kripel inetd[2905]: /usr/local/libexec/imapd[55059]: exit status 0x100 Oct 7 20:39:58 kripel imapd[55713]: Login failed user=test auth=test host=localhost [127.0.0.1] Oct 7 20:40:01 kripel inetd[2905]: /usr/local/libexec/imapd[55713]: exit status 0x100 [...] #cat /etc/inetd.conf | grep imap imap4 stream tcp nowait root/usr/local/libexec/imapdimapd for example with: squirrelmail outlook [...] thank and bye -- 20:40 up 2 days, 3:14, 15 users, load averages: 0,00 0,05 0,05 -- FreeBSD 5.0-CURRENT #16: root@kripel:/usr/src/sys/i386/compile/angel -- powered by rado -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: chkrootkit help
;), Mon, Oct 07, 2002 at 11:47:15AM -0700, Riley said that Hi all, hi (Let me know if this belongs in -questions) I could sure use some help interpreting this. A 4.6.2-RELEASE-p2 system (running bind 8.3.3-REL and sendmail 8.12.3) started getting syslog messages like: try run latest sendmail with patch :) and upgrade your box /kernel: file: table is full i know it :) along with related messages, then a core dump. (syslog for this date is below.) I took this as a side effect of a recent spamassassin install/upgrade (2.41) and increased kern.maxfiles to 8192 and max.vnodes to 16384. As the system my kern.maxfiles is set to: 65536 and max.vnodes to 8662 and try to set up /etc/login.conf see: man login.conf and all section of files :) for users started to recover for fun I ran chkrootkit which came back with this: try compile lsof is better for ports Checking `bindshell'... INFECTED (PORTS: 114) uf audionews port A few minutes later and ever since chkrootkit returns: Checking `bindshell'... not infected netstat -an doesn't show anything on 114 and nothing unusual. try: telnet localhost 114 but it can't help you cvsup #cd /usr/src/usr.sbin/named #make make install make clean and restart named The system is on a dmz with ports 25, 53 and 110 mapped through. Running chkrootkit on the firewall reported this: Checking `bindshell'... not infected Checking `lkm'... not tested: can't exec ./chkproc try to recompile linux ksec that's good for adreses of system calls or run: #nm kernel | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' | sort to see you syscalls adreses :) Checking `rexedcs'... not found Checking `sniffer'... xl0 is not promisc xl2 is not promisc I'm not sure what to think about can't exec ./chkproc. Also the xl1 interface is not reported in the output and is the dmz interface that the above machine is on. ifconfig shows: xl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 10.100.100.1 netmask 0xff00 broadcast 10.100.100.255 inet6 fe80::260:8ff:fe31:e4b0%xl1 prefixlen 64 scopeid 0x2 ether 00:60:08:31:e4:b0 media: Ethernet autoselect (10baseT/UTP) status: active Any comments would be greatly appreciated. Thanks, Riley That which does not kill us makes us stranger. --Kimchi Oct 7 03:13:56 aji sendmail[91248]: g97A2rnm091248: SYSERR(root): collect: I/O error on connection from [203.48.40.139], from=[EMAIL PROTECTED] Oct 7 08:45:13 aji /kernel: file: table is full Oct 7 08:45:14 aji last message repeated 38 times Oct 7 08:46:27 aji last message repeated 35 times Oct 7 09:14:05 aji sendmail[93085]: g97G8Xnm093085: SYSERR(root): collect: I/O error on connection from adsl-63-rev-addr, from=[EMAIL PROTECTED] Oct 7 09:22:17 aji /kernel: file: table is full Oct 7 09:22:20 aji last message repeated 17 times Oct 7 09:23:21 aji last message repeated 16 times Oct 7 09:23:23 aji sendmail[93320]: g97GEKpG093112: SYSERR(UID0): [EMAIL PROTECTED]... openmailer(local): pipe (to mailer): Too many open files in system someone play with you :) Oct 7 09:23:25 aji sendmail[93112]: g97GEKpI093112: SYSERR(root): Cannot open hash database /etc/mail/aliases.db: Too many open files in system Oct 7 09:23:22 aji inetd[93322]: /etc/spwd.db: Too many open files in system Oct 7 09:23:28 aji inetd[93322]: pop3/tcp: root: no such user Oct 7 09:25:42 aji /kernel: file: table is full Oct 7 09:25:43 aji last message repeated 4 times Oct 7 09:29:58 aji /kernel: file: table is full Oct 7 09:30:44 aji last message repeated 107 times Oct 7 09:30:53 aji /kernel: pid 93340 (cron), uid 0: exited on signal 11 (core dumped) ajajaja To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-security in the body of the message bye -- 20:57 up 2 days, 3:31, 4 users, load averages: 0,00 0,00 0,00 -- FreeBSD 5.0-CURRENT #16: root@kripel:/usr/src/sys/i386/compile/angel -- powered by rado -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
question about login.conf
hi all i try to set minimum of password lenght but have problem: #cat /etc/login.conf [...] rado:\ :ignorenologin:\ :mixpasswordcase=true:\ :passwd_format=blf:\ :minpasswordlen=6:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr /local/bin /usr/X11R6/bin ~/bin:\ :cputime=infinity:\ [...] #cat /etc/auth.conf auth_list = passwd #cat /etc/pam.d/passwd passwordsufficient pam_unix.so no_warn try_first_pass #cat /etc/master.passwd | grep rado rado:(password):1001:1:rado:0:0:Radko Keves:/export/home/rado:/usr/local/bin/bash #cap_mkdb /etc/login.conf relogin as user rado: rado$passwd Changing local password for rado Old Password: (my old password) New Password: (empty) Retype New Password: (empty) rado$ it change my password to empty but i don't know why can anybody help me ? thank and bye -- 17:20 up 12 days, 20 hrs, 5 users, load averages: 1,16 1,12 1,15 -- FreeBSD 5.0-CURRENT #15: root@kripel:/usr/src/sys/i386/compile/angel -- powered by rado -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: NFS Problems FreeBSD -- Solaris
;), Thu, Sep 19, 2002 at 05:58:43PM +, Weston M. Price said that hi all i have several problem but with IPv6 my box and solaris box was comunicationg with IPv6 but nfs not ;( try to set IPs in IPv4 format not IPv6 or hostname for example mount not for kripel.studnet.sk but 193.87.12.67 and so on Hello, I am attempting to mount a few directories from my Solaris machine(s) to my FreeBSD workstation. nfsd is clearly running on Solaris and the sharing the directories is not a problem. When I attempt to mount the directories on FreeBSD I get the following error: damascus:/usr/wmprice: RPCMNT: clnt_create: RPC: Program not registered that's it send me your /etc/exports if i'm wrong replace hostnames and get there IPv4 adreses A simple ps -x | egrep shows that nfsiod is running ps -x | egrep nfsiod 98 ?? I 0:00.00 nfsiod -n 4 99 ?? I 0:00.00 nfsiod -n 4 100 ?? I 0:00.00 nfsiod -n 4 101 ?? I 0:00.00 nfsiod -n 4 I have this configured to begin at startup. So, what am I doing wrong? This would seem to me to be a pretty simple procedure. Any help would be appreciated. Weston To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message\ bye -- 17:08 up 3 days, 19:49, 16 users, load averages: 0,15 0,07 0,02 -- FreeBSD 5.0-CURRENT #15: root@kripel:/usr/src/sys/i386/compile/angel -- powered by [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
