ahci and user mount of cdrom
Hello all I am on 8.0-STABLE now, and using the ahci driver. All works likei t should, but i can not mount my cdrom anymore as a regular user. i have this in my sysctl.conf vfs.usermount=1 my /etc/devfs.conf looks like this #CDROM_BURNER permissions permacd00666 #permacd10666 permcd0 0666 #permcd1 0666 permcdrom 0666 #permcdrom1 0666 permpass0 0660 permpass1 0660 permpass2 0660 permpass3 0660 permpass4 0660 permpass5 0660 permpass6 0666 permxpt00660 dmesg list the following atapci0: Marvell 88SX6121 UDMA133 controller port 0xdc00-0xdc07,0xd880-0xd883,0xd800-0xd807,0xd480-0xd483,0xd400-0xd40f mem 0xfe9ffc00-0xfe9f irq 16 at device 0.0 on pci3 atapci0: [ITHREAD] acd0: DVDR LITE-ON DVDRW SHW-160H6S/CS01 at ata2-slave UDMA66 later on in my dmesg i get the following acd0: FAILURE - INQUIRY ILLEGAL REQUEST asc=0x24 ascq=0x00 (probe0:ata0:0:1:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:ata0:0:1:0): CAM Status: SCSI Status Error (probe0:ata0:0:1:0): SCSI Status: Check Condition (probe0:ata0:0:1:0): NOT READY asc:3a,1 (probe0:ata0:0:1:0): Medium not present - tray closed (probe0:ata0:0:1:0): Unretryable error cd0 at ata0 bus 0 scbus8 target 1 lun 0 cd0: LITE-ON DVDRW SHW-160H6S CS01 Removable CD-ROM SCSI-0 device cd0: 66.000MB/s transfers cd0: cd present [329835 x 2048 byte records] my cdrom is attached to the pata port on the mainbord. Regards, Johan ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
RE: Hacked - FreeBSD 7.1-Release
From: Chris H On Tue, December 22, 2009 8:35 am, Andresen, Jason R. wrote: Squirrel wrote: most likely could be some kind of remote code execution or SQLi executed in the context of some php scripts, you should audit php code of your web interface and of the websites you host. also consider the strenght of your passwords, lots of login attempts to ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack maybe). you should also check webmin logs, there are a few bruteforcer for webmin out there, (*hint*) consider the lenght of your average password if it's more than 7-8 characters aplhanumeric with simbols most likely this isn't the case. While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise. That's why there's GREP(1), AWK(1), FIND(1), TAIL(1), and CAT(1) Consider the following... adding the following to your /etc/rc.conf: # SECURITY RELATED syslogd_flags=-ss log_in_vain=YES tcp_keepalive=YES now your log file will /really/ sing (log_in_vain=YES). Of course, unless you have a great deal of time on your hands, visually parsing that noisy log will be quite tedious, and time consuming. So you have a few options... If your running X11, simply run tail in a root window - there are quite a few utilities in ports for doing just this - some that'll only write messages you want to see. You could also create a script out of cron that will only produce messages you are interested in, for example: ~# cat /var/log/messages | ssh will emit any attempt to ssh into your box you can also redirect the messages to a file: ~# cat /var/log/messages | ssh ~/EVIL_DOERS You could also add en entry to PERIODIC(8) that will provide a daily report on any attempts you are interested in. HTH Your solution to excessive noise in the security log is to greatly increase the noise level?!? The point is, if your machine is on the internet, then bots are going to try password attacks on any open port they can find. It's just the sad fact of life on the current internet. Unfortunately, this activity will also make it much more difficult to determine when you are under attack from an actual person, which was my point earlier. It's one that is not going to be easy to solve either, unless you're willing to rewrite SSH to require every connection attempt to pass a Turing test or something. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
ips(4) in toaster mode FreeBSD 7.2
Hi! I'm writing to you because I've seen that you have recently commited patches to the FreeBSD ips(4) driver and perhaps you can shed some light on a problem I've encountered. Here is a description: Recently on one of our servers (IBM xSeries 345 [8760 M1X] with IBM ServeRAID 5i II (Sarasota) RAID controller) ips driver threw a warning about timed-out command and adapter being in toaster mode. After that kernel paniced - see console message below: === Begin of console message === ips0: WARNING: command timeout. Adapter is in toaster mode, resetting to known state ips: io error, status=0x2000c ipsd0: iobuf error 5 ips0: resetting adaptegr_,v ftsh_idso nmea(y) :tiapksed 0usp1 ft[oW R5I TmE(ionftftsese = 1543241728, length=16384)]error = 5 ips0: syncing config Sleeping thread (tid 16, pid 15) owns a non-sleepable lock panic: sleeping thread cpuid = 2 === End of console message === Lines 5 to 7 are two kernel messages mixed together. They say something like this: ips0: resetting adapter, this may take up to 5 minutes g_vfs_done(): ipsd0s1f[WRITE(offset=154321728, length=16384)]error = 5 After displaying the above messages system is completely unresponsive. The only solution is to reboot. Messages come from functions located in files: WARNING: [...]: ips_timeout(): sys/dev/ips/ips.c; resetting adapter, [...]: ips_morpheus_reinit(): sys/dev/ips/ips.c; syncing config: ips_clear_adapter(): sys/dev/ips/ips_commands.c; I have found someone reporting similar problem (ips in toaster mode throwing a warning and kernel panic after that) to freebsd-stable list in Nov 2006: http://lists.freebsd.org/pipermail/freebsd-stable/2006-December/031469.html The difference is that our server was almost idle (Christmas time) compared to the situation described in the above thread (heavy disk usage during backups). I've checked controller status with IBM's tools (IBM ServeRAID Manager) and it's OK. /var/log/messages yields nothing that could lead to problem's explanation. Server is now up and running, but the reason for this panic is still unclear. I'd be grateful for hints. Also I'd like to know if there are any new changes to be commited to ips driver in future. If that's the case then I will wait for them before applying recent changes to our system. Some info about the system: # uname -a FreeBSD xxx.xxx.xxx 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Thu Oct 22 11:01:23 CEST 2009 x...@xxx.xxx.xxx:/usr/obj/usr/src/sys/XSERIES345 i386 # pciconf -lcv [...] i...@pci0:8:2:0:class=0x010400 card=0x02591014 chip=0x01bd1014 rev=0x00 hdr=0x00 vendor = 'Elektronik' device = 'ServeRAID 4/5 Morpheus SCSI RAID Controller' class = mass storage subclass = RAID cap 01[80] = powerspec 2 supports D0 D3 current D0 ServeRAID BIOS/Firmware version: 7.12.02 Kernel config is a GENERIC config without unnecessary drivers and features. I'm able to provide any further information about the system if needed. I also send this e-mail to freebsd-stable with hope that somebody has some ideas on my problem. With regards, Jan Sieka ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sheevaplug questions
Hi Zoran, I have a Sheevaplug but I haven't been able to use the usb serial interface from my FreeBSD box. What I ended up with is using a EEE-PC with Ubuntu and minicomm set up as modem-less connection. I only needed this to set the plug to use a SD card for the main storage and not wear off the internal flash memory and have extra storage. Under normal operation you do not need the serial console since you can connect to it using ssh once the plug boots and acquires an IP using DHCP. The default name is debian or look into the DHCP server log and find the assigned IP. Cheers On Sun, Dec 27, 2009 at 11:00 AM, Zoran Kolic zko...@sbb.rs wrote: Howdy! I ordered sheevaplug box and read as much as I could, regarding controlling this little node from bsd box. Seems that cu works fine on linux, but module should be loaded to enable serial emulation from usb host port to mini usb port on sheevaplug. Does someone use this mini computer and how connects to serial console? Almost all of documetation mentions win and linux. I suppose would be pretty easy to go further with serial line available. Btw, there is freebsd port for this plug already. Would be fine to try it out. Best regards Zoran ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org -- Attos Janus ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ahci and user mount of cdrom
i think, usermount worked only with user owned and writable dir-s, example: mkdir ~/cdrom mount_cd9660 /dev/acd0 ~/cdrom On 12/28/09, Johan Hendriks jo...@double-l.nl wrote: Hello all I am on 8.0-STABLE now, and using the ahci driver. All works likei t should, but i can not mount my cdrom anymore as a regular user. i have this in my sysctl.conf vfs.usermount=1 my /etc/devfs.conf looks like this #CDROM_BURNER permissions permacd00666 #permacd10666 permcd0 0666 #permcd1 0666 permcdrom 0666 #permcdrom1 0666 permpass0 0660 permpass1 0660 permpass2 0660 permpass3 0660 permpass4 0660 permpass5 0660 permpass6 0666 permxpt00660 dmesg list the following atapci0: Marvell 88SX6121 UDMA133 controller port 0xdc00-0xdc07,0xd880-0xd883,0xd800-0xd807,0xd480-0xd483,0xd400-0xd40f mem 0xfe9ffc00-0xfe9f irq 16 at device 0.0 on pci3 atapci0: [ITHREAD] acd0: DVDR LITE-ON DVDRW SHW-160H6S/CS01 at ata2-slave UDMA66 later on in my dmesg i get the following acd0: FAILURE - INQUIRY ILLEGAL REQUEST asc=0x24 ascq=0x00 (probe0:ata0:0:1:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:ata0:0:1:0): CAM Status: SCSI Status Error (probe0:ata0:0:1:0): SCSI Status: Check Condition (probe0:ata0:0:1:0): NOT READY asc:3a,1 (probe0:ata0:0:1:0): Medium not present - tray closed (probe0:ata0:0:1:0): Unretryable error cd0 at ata0 bus 0 scbus8 target 1 lun 0 cd0: LITE-ON DVDRW SHW-160H6S CS01 Removable CD-ROM SCSI-0 device cd0: 66.000MB/s transfers cd0: cd present [329835 x 2048 byte records] my cdrom is attached to the pata port on the mainbord. Regards, Johan ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
A script that modifies /etc/fstab to mount devices via glabel
Hi there, I wrote a script that modifies fstab so that UFS filesystems are mounted via their UFS IDs and swap partitions are labeled with glabel in order to access them that way. It works for me on at least FreeBSD 7.2 and 8.0. Use at your own risk. For swap devices it is neccesary to label the device in order to recognize it later and that requires that swap is turned off briefly. The script requires perl to run. The script is here: http://borderworlds.dk/utils/fstab-glabel.pl Feel free to use it if you find it useful. -- Christian Laursen ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Jailed Service contact IMAPS
Hi All I have two servers, one running apache and squirrelmail in a jail. Squirrelmail on this server is trying to contact dovecot running imaps on port 993 on another server and failing. When I try from another physical machine it works but I would prefer to run this service from within a jail. Can anyone please let me know how to make this work? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Jailed Service contact IMAPS
Peter Fraser wrote: Hi All I have two servers, one running apache and squirrelmail in a jail. Squirrelmail on this server is trying to contact dovecot running imaps on port 993 on another server and failing. When I try from another physical machine it works but I would prefer to run this service from within a jail. Can anyone please let me know how to make this work? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org Have you tried to first do a simple (from within the jail): telnet host 993 Do you get connected? If not, do you have any firewall rules either on the host maintaining the jail or the host you are connecting to? If not, can you do a tcpdump to see what specificly is happening to those packets via (on the host again): tcpdump -i interface host ip of jail and port 993 Do you see packets both leaving your machine and coming back? If not, can you repeat the process above on the host machine maintaining the jail, but not within the jail itself. Are the results the same? The above is a start and should provide enough information as to whether the problem is specific to the jail or the physical host. ~Paul This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Jailed Service contact IMAPS
--On Monday, December 28, 2009 3:43 PM -0500 Peter Fraser petros.fra...@gmail.com wrote: Hi All I have two servers, one running apache and squirrelmail in a jail. Squirrelmail on this server is trying to contact dovecot running imaps on port 993 on another server and failing. When I try from another physical machine it works but I would prefer to run this service from within a jail. Can anyone please let me know how to make this work? Sounds like you have some sort of basic networking problem, a Jail in and of itself won't be blocked. I'd first check to see if you can get a connection from within the jail host server to the IMAPS port on the other machine. Use telnet or opennssl's s_client to see if you can get a connection open. I assume the dovecot server and jail have separate IPs? If so then try the same thing from within the jail. If both of those work then I'd check your PHP setup and make sure that you have the appropriate PHP modules installed, and that they support SSL. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Jailed Service contact IMAPS
Yes I can connect over telnet. If I even do openssl s_client -connect server_ip:993 I can also connect and list my mail. The machine is running FreeBSD 8 by the way. On Mon, Dec 28, 2009 at 9:53 AM, Paul Procacci pproca...@datapipe.com wrote: Peter Fraser wrote: Hi All I have two servers, one running apache and squirrelmail in a jail. Squirrelmail on this server is trying to contact dovecot running imaps on port 993 on another server and failing. When I try from another physical machine it works but I would prefer to run this service from within a jail. Can anyone please let me know how to make this work? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org Have you tried to first do a simple (from within the jail): telnet host 993 Do you get connected? If not, do you have any firewall rules either on the host maintaining the jail or the host you are connecting to? If not, can you do a tcpdump to see what specificly is happening to those packets via (on the host again): tcpdump -i interface host ip of jail and port 993 Do you see packets both leaving your machine and coming back? If not, can you repeat the process above on the host machine maintaining the jail, but not within the jail itself. Are the results the same? The above is a start and should provide enough information as to whether the problem is specific to the jail or the physical host. ~Paul This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 8.0: can't PXE Boot using nvidia nForce4 network card
On Thu, Dec 24, 2009 at 8:33 PM, Pyun YongHyeon pyu...@gmail.com wrote: nfe0: MII without any phy! ^^ Maybe this is the reason why you can't use NFS. If your BIOS has an option that disables management feature of ethernet controller try toggle the feature. Hi, I've disabled the POST Check LAN Cable in the BIOS: But still the same MII without any phy! message. Regards, Olivier ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 8.0: can't PXE Boot using nvidia nForce4 network card
On Mon, Dec 28, 2009 at 10:30:25PM +0100, Olivier Cochard-Labb? wrote:
On Thu, Dec 24, 2009 at 8:33 PM, Pyun YongHyeon pyu...@gmail.com wrote:
nfe0: MII without any phy!
?^^
Maybe this is the reason why you can't use NFS.
If your BIOS has an option that disables management feature
of ethernet controller try toggle the feature.
Hi,
I've disabled the POST Check LAN Cable in the BIOS: But still the
same MII without any phy! message.
Ok, it seems Linux forcedeth driver seems to poke NFE_STATUS
register before accessing PHY. I'm not sure whether this code could
be related with the issue but would you try attached patch?
Regards,
Olivier
Index: sys/dev/nfe/if_nfe.c
===
--- sys/dev/nfe/if_nfe.c (revision 201135)
+++ sys/dev/nfe/if_nfe.c (working copy)
@@ -340,6 +340,7 @@
struct nfe_softc *sc;
struct ifnet *ifp;
bus_addr_t dma_addr_max;
+ uint32_t phystat, phyrestore;
int error = 0, i, msic, reg, rid;
sc = device_get_softc(dev);
@@ -349,6 +350,7 @@
MTX_DEF);
callout_init_mtx(sc-nfe_stat_ch, sc-nfe_mtx, 0);
TASK_INIT(sc-nfe_link_task, 0, nfe_link_task, sc);
+ phyrestore = 0;
pci_enable_busmaster(dev);
@@ -599,6 +601,13 @@
ifp-if_capabilities |= IFCAP_POLLING;
#endif
+ phystat = NFE_READ(sc, NFE_STATUS) NFE_STATUS_RUNNING;
+ if ((phystat NFE_STATUS_RUNNING) != 0) {
+ phystat = ~NFE_STATUS_RUNNING;
+ NFE_WRITE(sc, NFE_STATUS, phystat);
+ phyrestore = 1;
+ }
+
/* Do MII setup */
if (mii_phy_probe(dev, sc-nfe_miibus, nfe_ifmedia_upd,
nfe_ifmedia_sts)) {
@@ -636,8 +645,11 @@
}
fail:
- if (error)
+ if (error) {
+ if (phyrestore != 0)
+ NFE_WRITE(sc, NFE_STATUS, phystat | NFE_STATUS_RUNNING);
nfe_detach(dev);
+ }
return (error);
}
@@ -2744,7 +2756,8 @@
NFE_WRITE(sc, NFE_SETUP_R6, NFE_R6_MAGIC);
/* update MAC knowledge of PHY; generates a NFE_IRQ_LINK interrupt */
- NFE_WRITE(sc, NFE_STATUS, sc-mii_phyaddr 24 | NFE_STATUS_MAGIC);
+ NFE_WRITE(sc, NFE_STATUS, sc-mii_phyaddr NFE_STATUS_PHYSHIFT |
+ NFE_STATUS_PHYVALID | NFE_STATUS_RUNNING);
NFE_WRITE(sc, NFE_SETUP_R4, NFE_R4_MAGIC);
NFE_WRITE(sc, NFE_WOL_CTL, NFE_WOL_MAGIC);
Index: sys/dev/nfe/if_nfereg.h
===
--- sys/dev/nfe/if_nfereg.h (revision 201135)
+++ sys/dev/nfe/if_nfereg.h (working copy)
@@ -137,7 +137,11 @@
#define NFE_PHY_BUSY 0x08000
#define NFE_PHYADD_SHIFT 5
-#define NFE_STATUS_MAGIC 0x14
+#define NFE_STATUS_START 0x0002
+#define NFE_STATUS_LINKUP 0x0004
+#define NFE_STATUS_PHYVALID 0x0004
+#define NFE_STATUS_RUNNING 0x0010
+#define NFE_STATUS_PHYSHIFT 24
#define NFE_R1_MAGIC_1000 0x14050f
#define NFE_R1_MAGIC_10_100 0x16070f
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
RE: Hacked - FreeBSD 7.1-Release
On Mon, December 28, 2009 7:44 am, Andresen, Jason R. wrote: From: Chris H On Tue, December 22, 2009 8:35 am, Andresen, Jason R. wrote: Squirrel wrote: most likely could be some kind of remote code execution or SQLi executed in the context of some php scripts, you should audit php code of your web interface and of the websites you host. also consider the strenght of your passwords, lots of login attempts to ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack maybe). you should also check webmin logs, there are a few bruteforcer for webmin out there, (*hint*) consider the lenght of your average password if it's more than 7-8 characters aplhanumeric with simbols most likely this isn't the case. While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise. That's why there's GREP(1), AWK(1), FIND(1), TAIL(1), and CAT(1) Consider the following... adding the following to your /etc/rc.conf: # SECURITY RELATED syslogd_flags=-ss log_in_vain=YES tcp_keepalive=YES now your log file will /really/ sing (log_in_vain=YES). Of course, unless you have a great deal of time on your hands, visually parsing that noisy log will be quite tedious, and time consuming. So you have a few options... If your running X11, simply run tail in a root window - there are quite a few utilities in ports for doing just this - some that'll only write messages you want to see. You could also create a script out of cron that will only produce messages you are interested in, for example: ~# cat /var/log/messages | ssh will emit any attempt to ssh into your box you can also redirect the messages to a file: ~# cat /var/log/messages | ssh ~/EVIL_DOERS You could also add en entry to PERIODIC(8) that will provide a daily report on any attempts you are interested in. HTH Your solution to excessive noise in the security log is to greatly increase the noise level?!? The point is, if your machine is on the internet, then bots are going to try password attacks on any open port they can find. It's just the sad fact of life on the current internet. Unfortunately, this activity will also make it much more difficult to determine when you are under attack from an actual person, which was my point earlier. It's one that is not going to be easy to solve either, unless you're willing to rewrite SSH to require every connection attempt to pass a Turing test or something. My point here was that by increasing the verbosity, you will more easily be able to grep against login /failures/, and more easily discover dictionary/ brute-force attacks. It's certainly made my job easier, and hasn't required any modifications to our current policies. You /have/ considered PF(4), haven't you? It's /really/ an excellent strategy for securing your network. --Chris H ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Hacked - FreeBSD 7.1-Release
On Mon, Dec 28, 2009 at 4:59 PM, Chris H chr...@1command.com wrote: My point here was that by increasing the verbosity, you will more easily be able to grep against login /failures/, and more easily discover dictionary/ brute-force attacks. It's certainly made my job easier, and hasn't required any modifications to our current policies. You /have/ considered PF(4), haven't you? It's /really/ an excellent strategy for securing your network. --Chris H To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org I use security/denyhosts for this, very simple to setup like 5 minutes if you're a fast reader. There are other options as well that offer similar functionality. -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: A script that modifies /etc/fstab to mount devices via glabel
On Monday 28 December 2009 21:17:41 Christian Laursen wrote: Hi there, I wrote a script that modifies fstab so that UFS filesystems are mounted via their UFS IDs and swap partitions are labeled with glabel in order to access them that way. It works for me on at least FreeBSD 7.2 and 8.0. Use at your own risk. For swap devices it is neccesary to label the device in order to recognize it later and that requires that swap is turned off briefly. The script requires perl to run. The script is here: http://borderworlds.dk/utils/fstab-glabel.pl Feel free to use it if you find it useful. Works as advertised, thank you! It is probably faster to extract the label from glabel status -s node instead of using dumpfs though. - Pieter ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 8.0: can't PXE Boot using nvidia nForce4 network card
On Mon, Dec 28, 2009 at 11:21 PM, Pyun YongHyeon pyu...@gmail.com wrote: Ok, it seems Linux forcedeth driver seems to poke NFE_STATUS register before accessing PHY. I'm not sure whether this code could be related with the issue but would you try attached patch? Allready a patch to try! Thanks for your reactivity! The patch was applyed successfully and new kernel compiled/installed without problem but same error message: FreeBSD 8.0-STABLE #4: Mon Dec 28 23:48:36 CET 2009 r...@debugger.bsdrp.net:/usr/obj/usr/src/sys/GENERIC i386 (...) nfe0: NVIDIA nForce4 CK804 MCP8 Networking Adapter irq 21 at device 10.0 on pci0 nfe0: Lazy allocation of 0x100 bytes rid 0x10 type 3 at 0x8100 nfe0: Reserved 0x100 bytes for rid 0x10 type 3 at 0x8100 nfe0: MII without any phy! device_attach: nfe0 attach returned 6 (...) Trying to mount root from nfs:10.0.0.1:/usr/tftpboot nfs_diskless: no interface ROOT MOUNT ERROR: (...) Regards, Olivier ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 8.0: can't PXE Boot using nvidia nForce4 network card
On Tue, Dec 29, 2009 at 01:22:40AM +0100, Olivier Cochard-Labb? wrote:
On Mon, Dec 28, 2009 at 11:21 PM, Pyun YongHyeon pyu...@gmail.com wrote:
Ok, it seems Linux forcedeth driver seems to poke NFE_STATUS
register before accessing PHY. I'm not sure whether this code could
be related with the issue but would you try attached patch?
Allready a patch to try! Thanks for your reactivity!
The patch was applyed successfully and new kernel compiled/installed
without problem but same error message:
FreeBSD 8.0-STABLE #4: Mon Dec 28 23:48:36 CET 2009
r...@debugger.bsdrp.net:/usr/obj/usr/src/sys/GENERIC i386
(...)
nfe0: NVIDIA nForce4 CK804 MCP8 Networking Adapter irq 21 at device
10.0 on pci0
nfe0: Lazy allocation of 0x100 bytes rid 0x10 type 3 at 0x8100
nfe0: Reserved 0x100 bytes for rid 0x10 type 3 at 0x8100
nfe0: MII without any phy!
device_attach: nfe0 attach returned 6
(...)
Trying to mount root from nfs:10.0.0.1:/usr/tftpboot
nfs_diskless: no interface
ROOT MOUNT ERROR:
(...)
:-(
How about this one? Sorry, I'm just guessing(no hardware, no
documentation).
Regards,
Olivier
Index: sys/dev/nfe/if_nfe.c
===
--- sys/dev/nfe/if_nfe.c(revision 201135)
+++ sys/dev/nfe/if_nfe.c(working copy)
@@ -340,6 +340,7 @@
struct nfe_softc *sc;
struct ifnet *ifp;
bus_addr_t dma_addr_max;
+ uint32_t phystat, phyrestore;
int error = 0, i, msic, reg, rid;
sc = device_get_softc(dev);
@@ -349,6 +350,7 @@
MTX_DEF);
callout_init_mtx(sc-nfe_stat_ch, sc-nfe_mtx, 0);
TASK_INIT(sc-nfe_link_task, 0, nfe_link_task, sc);
+ phyrestore = 0;
pci_enable_busmaster(dev);
@@ -513,6 +515,8 @@
break;
}
+ NFE_READ(sc, NFE_WOL_CTL);
+ NFE_WRITE(sc, NFE_WOL_CTL, 0);
nfe_power(sc);
/* Check for reversed ethernet address */
if ((NFE_READ(sc, NFE_TX_UNK) NFE_MAC_ADDR_INORDER) != 0)
@@ -599,6 +603,14 @@
ifp-if_capabilities |= IFCAP_POLLING;
#endif
+ phystat = NFE_READ(sc, NFE_STATUS) NFE_STATUS_RUNNING;
+ if ((phystat NFE_STATUS_RUNNING) != 0) {
+ phystat = ~NFE_STATUS_RUNNING;
+ NFE_WRITE(sc, NFE_STATUS, phystat);
+ phyrestore = 1;
+ }
+ NFE_WRITE(sc, NFE_PHY_STATUS, 0xf);
+
/* Do MII setup */
if (mii_phy_probe(dev, sc-nfe_miibus, nfe_ifmedia_upd,
nfe_ifmedia_sts)) {
@@ -636,8 +648,11 @@
}
fail:
- if (error)
+ if (error) {
+ if (phyrestore != 0)
+ NFE_WRITE(sc, NFE_STATUS, phystat | NFE_STATUS_RUNNING);
nfe_detach(dev);
+ }
return (error);
}
@@ -2744,7 +2759,8 @@
NFE_WRITE(sc, NFE_SETUP_R6, NFE_R6_MAGIC);
/* update MAC knowledge of PHY; generates a NFE_IRQ_LINK interrupt */
- NFE_WRITE(sc, NFE_STATUS, sc-mii_phyaddr 24 | NFE_STATUS_MAGIC);
+ NFE_WRITE(sc, NFE_STATUS, sc-mii_phyaddr NFE_STATUS_PHYSHIFT |
+ NFE_STATUS_PHYVALID | NFE_STATUS_RUNNING);
NFE_WRITE(sc, NFE_SETUP_R4, NFE_R4_MAGIC);
NFE_WRITE(sc, NFE_WOL_CTL, NFE_WOL_MAGIC);
Index: sys/dev/nfe/if_nfereg.h
===
--- sys/dev/nfe/if_nfereg.h (revision 201135)
+++ sys/dev/nfe/if_nfereg.h (working copy)
@@ -137,7 +137,11 @@
#defineNFE_PHY_BUSY0x08000
#defineNFE_PHYADD_SHIFT5
-#defineNFE_STATUS_MAGIC0x14
+#defineNFE_STATUS_START0x0002
+#defineNFE_STATUS_LINKUP 0x0004
+#defineNFE_STATUS_PHYVALID 0x0004
+#defineNFE_STATUS_RUNNING 0x0010
+#defineNFE_STATUS_PHYSHIFT 24
#defineNFE_R1_MAGIC_1000 0x14050f
#defineNFE_R1_MAGIC_10_100 0x16070f
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
7.2 to 8.0 serial not working
I just upgraded from 7.2-stable to 8.0-stable, same kernel config (with uart), same everything else and now I can't receive more than a few bytes of data from my weather station before it just waits incessantly. Everything worked before, with the same serial port settings, uart device etc. Has anything else changed in the serial interface? I'm using the cuauX devices at 2400 baud. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: 7.2 to 8.0 serial not working
At 09:27 PM 12/28/2009, Wes Morgan wrote: I just upgraded from 7.2-stable to 8.0-stable, same kernel config (with uart), same everything else and now I can't receive more than a few bytes of data from my weather station before it just waits incessantly. Everything worked before, with the same serial port settings, uart device etc. Has anything else changed in the serial interface? I'm using the cuauX devices at 2400 baud. For some low speed apps (1200bps in our case) I found I needed to set hint.uart.0.flags=0x00100 ---Mike ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
