Re: Partitions
On Sat, Jul 01, 2006 at 09:39:28PM +0200, Joachim Schipper wrote:
Yes, but /etc/rc doesn't:
# prune quickly with one rm, then use find to clean up /tmp/[lq]*
# (not needed with mfs /tmp, but doesn't hurt there...)
(cd /tmp rm -rf [a-km-pr-zA-Z]*
find . ! -name . ! -name lost+found ! -name quota.user \
! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
Well spotted, solved:
$ diff /etc/rc /etc/rc.orig
450,451c450,451
(cd /tmp rm -rf [a-km-pr-uw-zA-Z]*
find . ! -name . ! -name lost+found ! -name vi.recover ! -name
quota.user \
---
(cd /tmp rm -rf [a-km-pr-zA-Z]*
find . ! -name . ! -name lost+found ! -name quota.user \
Why I started doing this is because one night when I was working at an
ISP, I found an SSH zombie had gotten onto one of our DNS servers
(sales:qwerty).
While /tmp and /home were mounted noexec, /var wasn't, so the zombie
compiled its own list driven sshd in /var/tmp and went scanning for more
hosts.
I thought that if /var/tmp was a symlink to /tmp, there would be no need
to repartition the disk and it would stop users messing about with their
own executables in /var/tmp.
--
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Encryption and Compression with ipsecctl?
On Fri, Jun 30, 2006 at 04:43:21PM -0500, Todd T. Fries wrote: IPcomp is known broken for at least two years, perhaps longer. Do not use it. What makes you say that? I can't find any mention of this in the man pages, on openbsd.org, or misc's archives.
Re: Ports and BSD.MP question
Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? Did this happened to other people too? On what OpenBSD versions? How did they solve this?
Re: Ports and BSD.MP question
Gabriel George POPA wrote: Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? Did this happened to other people too? On what OpenBSD versions? How did they solve this? I must say yes. :) Sometimes firefox crashs. What pages are related? Are there javascripts on the websites? Or so many pictures? Have you installed extensions or plugins? If yes, list of them. -- Adam PAPAI D i g i t a l Influence http://www.digitalinfluence.hu E-mail: [EMAIL PROTECTED] Phone: +36 30 33-55-735 (Hungary) Phone: +49 176-67264167 (Germany)
Re: Encrypting files
On Sun, Jul 02, 2006 at 02:14:59AM +0200, Rico Secada wrote: Hi I have been thinking about encrypting some private files on my laptop, in case it gets stolen. I have no prior experience in this field. I have been thinking about using mcrypt with blowfish, but is this a good way to go about? Are there a better alternative? And is blowfish the best way to encrypt it? Please bear with me if these questions are ignorent. There are many solutions; not mentioned yet is gnupg, which has quite a few bells and whistles you don't need but is otherwise a rather solid program (or so I used to think; there have been a few vulnerabilities in the past month or two). However, svnd is probably the most convenient if you are running -current. Do remember to remove the original files; rm -P, as suggested, works. Joachim
Re: Ports and BSD.MP question
I use Mozilla 1.7.12. Help-About-About Plug-ins sais I have no plugins installed. And yes, indeed. It crashes especially on www.yahoo.com (when running javascripts) and when there are a lot of pictures. I really don't know what to do... Once I lost my bookmarks. There was a moment when I lost some e-mails, stuff like this. Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? Did this happened to other people too? On what OpenBSD versions? How did they solve this? I must say yes. :) Sometimes firefox crashs. What pages are related? Are there javascripts on the websites? Or so many pictures? Have you installed extensions or plugins? If yes, list of them.
Re: Encrypting files
Joachim Schipper wrote: On Sun, Jul 02, 2006 at 02:14:59AM +0200, Rico Secada wrote: Hi I have been thinking about encrypting some private files on my laptop, in case it gets stolen. I have no prior experience in this field. I have been thinking about using mcrypt with blowfish, but is this a good way to go about? Are there a better alternative? And is blowfish the best way to encrypt it? Please bear with me if these questions are ignorent. There are many solutions; not mentioned yet is gnupg, which has quite a few bells and whistles you don't need but is otherwise a rather solid program (or so I used to think; there have been a few vulnerabilities in the past month or two). However, svnd is probably the most convenient if you are running -current. Do remember to remove the original files; rm -P, as suggested, works. A users tmp files should be encrypted as well. Setting TMPDIR to point into an encrypted filesystem may be enough, assuming that the application(s) respect TMPDIR. /Sigfred
Re: Ports and BSD.MP question
On Sun, Jul 02, 2006 at 12:17:09PM +0300, Gabriel George POPA wrote: Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? - Mozilla/Firefox [x] Did this happened to other people too? On what OpenBSD versions? How did they solve this? Yep. On all. Change the port to produce a debug version, make sure that you have at least 2GiB of ram/swap and start mozilla/firefox in gdb. (It will be slow as hell...) Now reproduce the crash, get a bt full and start diging in the code. Create patch, send it to [EMAIL PROTECTED] Then go to their bugtracker, do a good search on the issue and you will find that exactly the same bug was discovered back in 2003 (with a patch), but until now nobody fixed it. The whole process will decrease your opinion about the most secure browser by 400% Just my experience Tobias
Message (Your message dated Sun, 2 Jul 2006 11:12:08 +0900...)
Your message dated Sun, 2 Jul 2006 11:12:08 +0900 with subject Returned mail: see transcript for details has been submitted to the moderator of the PALEOLIM list: Thomas J. Whitmore [EMAIL PROTECTED].
Re: Encrypting files
On Sun, Jul 02, 2006 at 12:00:34PM +0200, Sigfred H?versen wrote: Joachim Schipper wrote: On Sun, Jul 02, 2006 at 02:14:59AM +0200, Rico Secada wrote: Hi I have been thinking about encrypting some private files on my laptop, in case it gets stolen. I have no prior experience in this field. I have been thinking about using mcrypt with blowfish, but is this a good way to go about? Are there a better alternative? And is blowfish the best way to encrypt it? Please bear with me if these questions are ignorent. There are many solutions; not mentioned yet is gnupg, which has quite a few bells and whistles you don't need but is otherwise a rather solid program (or so I used to think; there have been a few vulnerabilities in the past month or two). However, svnd is probably the most convenient if you are running -current. Do remember to remove the original files; rm -P, as suggested, works. A users tmp files should be encrypted as well. Setting TMPDIR to point into an encrypted filesystem may be enough, assuming that the application(s) respect TMPDIR. Yes, indeed, I should have pointed that out. Thoroughly wiping the filesystem /tmp resides on (at boot?) works, too. However, many important files may be kept elsewhere; for instance, vim uses .filename.swp for swap files, and while this certainly has advantages, it does not make for optimal security... All in all, svnd is probably the most convenient option; any other option requires a lot of work. Note that, on other systems, a huge problem is that files may be written to swap at any time unless the memory was specifically allocated not to allow this (certain high-security programs, like gnupg, do this for at least part of the memory; but editors typically don't). This means that the swap partition(s) also need periodic overwriting. However, OpenBSD uses encrypted swap by default, at least on more-or-less recent versions. Joachim
Boost OpenBSD security - Zophie for 3.9
Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ -- Pozdrawienia/Regards Tomasz Zielinski 5 sierpnia o6 CESARIA EVORA w Gdyni. Koncert z morzem w tle w ramach festiwalu GLOBALTICA! Spotkania Kultur wiata! http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fcesaria.htmlsid=805
Re: Boost OpenBSD security - Zophie for 3.9
On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ -- Pozdrawienia/Regards Tomasz Zielinski I normally don't take the bait, but this one is so cute... After reading through the diffs: (not supplied for added obfusication?) - add a new sysctl to the kernel. - patch some userland tools. - If this sysctl is set, supress certain information. Rocket sience! Even the dumbest scriptkiddie could just compile and run these tools from the original OpenBSD sources. Probably the whole Polish Underground Group profess OpenBSD OS as a religion is a big subtle joke? If so, well done and thanks for the good laugh :) Tobias
pf + altq syntax check plz
I am configuring altq pf for the first time , have a few problems here ..
well i need to traffic shape between diffrent protocols as you can see in my
pf.conf
now i am stuck confused what to do next as i have built this file with
diffrent ref from web.
the im is the most common Instant messengers protocoles can you tell me how to
make it right ?
also when running hte file as it is i get pfctl: SIOCGIFMTU: Device not
configured error.
what does this mean ?
thanks
extad=192.168.0.6/32
chadd=10.0.0.6/32
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
nat on $extif inet from $intad - $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state
regards
*B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$
ntpd gps clock
Is there any way to run a my gps pps (pulse per second) clock off of obsd-current with Mills' ntpd? So far the gps is hooked up to a machine running nbsd, but I'd like to consolidate things. -wolfgang -- Wolfgang S. Rupprechthttp://www.wsrcc.com/wolfgang/
Re: pf + altq syntax check plz
On 7/2/06, S t i n g r a y [EMAIL PROTECTED] wrote:
I am configuring altq pf for the first time , have a few problems here ..
well i need to traffic shape between diffrent protocols as you can see in my
pf.conf
now i am stuck confused what to do next as i have built this file with
diffrent ref from web.
the im is the most common Instant messengers protocoles can you tell me how to
make it right ?
also when running hte file as it is i get pfctl: SIOCGIFMTU: Device not
configured error.
what does this mean ?
thanks
extad=192.168.0.6/32
chadd=10.0.0.6/32
scrub in all
altq on extif hfsc bandwidth 500Kb \
altq on $extif hfsc bandwidth 500Kb
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
nat on $extif inet from $intad - $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state
regards
*B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$
That's your immediate answer for the immediate problem at hand. There
is probably a lot more problems. Maybe you should start with priq and
cbq first.
Re: pf + altq syntax check plz
On Jul 2, 2006, at 11:38 AM, S t i n g r a y wrote:
I am configuring altq pf for the first time , have a few
problems here ..
well i need to traffic shape between diffrent protocols as you can
see in my pf.conf
now i am stuck confused what to do next as i have built this file
with diffrent ref from web.
the im is the most common Instant messengers protocoles can you
tell me how to make it right ?
also when running hte file as it is i get pfctl: SIOCGIFMTU: Device
not configured error.
what does this mean ?
That error means it doesn't recognize the device you've referenced.
In your altq line you have extif which does not exist in any of the
macros you've listed.
extad=192.168.0.6/32
chadd=10.0.0.6/32
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
nat on $extif inet from $intad - $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state
First, I would stop using hfsc and just use priority queueing
(priq). All you're trying to do is prioritize services. HFSC is an
advanced algorithm that is certainly overkill for your use. You
don't list your devices, so I'm going to pretend you're using em
(4). Here is a revised version of yours that should work (not
tested), with a bonus tossed in for free (ack prioritization). I've
removed IM protocols; they are easy enough for you to insert them
once you understand the concepts and know *which* IM protocols you
wish to prioritize.
# Define our macros
ext_if=em0
int_if=em1
extadd=192.168.0.6
chadd=10.0.0.6
www_ports={ http, https }
mail_ports={ pop3, pop3s, imap, imaps, smtp }
# Normalization
scrub in all
# Queueing
altq on $ext_if priq bandwidth 500Kb queue { other, mail, www, dns,
ack }
queue other priq(default)
queue mail priority 2
queue www priority 3
queue dns priority 5
queue ack priority 6
# Translation
rdr on $int_if proto tcp from ($int_if:network) to any port http -
$chadd port 8080
nat on $ext_if inet from ($int_if:network) to any - $chadd
# Filtering
block in on $ext_if all
pass out on $ext_if inet proto { icmp, udp } all keep state queue other
pass out on $ext_if inet proto tcp all keep state queue(other, ack)
pass out on $ext_if inet proto { tcp, udp } from any to any port
domain keep state queue dns
pass out on $ext_if inet proto tcp from ($int_if:network) to any port
$www_ports keep state queue www
pass out on $ext_if inet proto tcp from ($int_if:network) to any port
$mail_ports keep state queue mail
HTH.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
Re: Encrypting files
Bear in mind that if you're serious about keeping plaintext away from people who you don't want to see it, this could get quite tricky. What happens if an application generates temporary files? What happens if an application swaps? What happens if an application crashes and dumps core? What happens if the kernel crashes and dumps core? What happens if you accidentally copy and past some content into your shell, thereby logging it into your .history? Certain editors (vim for sure, probably emacs too) can encrypt your files on the fly. I don't use that feature, but if you do, make sure they handle temp files properly, etc. Be very careful - just because your long-term, bulk storage is encrypted there is no guarantee that you haven't left plaintext anywhere. And that's not even taking into account that the thief might just put trojan horses all over your laptop before letting you have it back. Think of how often you hear of windows machines being turned into spambots with keyloggers. Just because it seems to be mostly windows machines doesn't mean it can't happen. *NIX makes it easy for even a moderately competent programmer to write a trivial keylogger. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Encrypting files
On Sun, Jul 02, 2006 at 10:57:42AM -0600, Chris Kuethe wrote: Bear in mind that if you're serious about keeping plaintext away from people who you don't want to see it, this could get quite tricky. What happens if an application generates temporary files? What happens if an application swaps? What happens if an application crashes and dumps core? What happens if the kernel crashes and dumps core? Well, in that case, you are usually sufficiently alerted to clean out the relevant parts of the disk. (Note that the case where you do not have administrator access is not relevant, as root can read your files any time you can, anyway.) What happens if you accidentally copy and past some content into your shell, thereby logging it into your .history? Certain editors (vim for sure, probably emacs too) can encrypt your files on the fly. I don't use that feature, but if you do, make sure they handle temp files properly, etc. Be very careful - just because your long-term, bulk storage is encrypted there is no guarantee that you haven't left plaintext anywhere. But this is still good advice; a crashing kernel is not very believable, but such mundane mistakes are likely to provide at least snippets of information. More importantly, a file like ~/.viminfo contains quite a bit of information. I *suppose* vim handles encrypted files in a sane fashion, but I am not sure. And that's not even taking into account that the thief might just put trojan horses all over your laptop before letting you have it back. Think of how often you hear of windows machines being turned into spambots with keyloggers. Just because it seems to be mostly windows machines doesn't mean it can't happen. *NIX makes it easy for even a moderately competent programmer to write a trivial keylogger. If you do *that*, however, you are just being stupid. Wipe and reinstall; if the data is important, preserve that - but no binaries or somesuch. Joachim
Re: Encrypting files
On 7/2/06, Chris Kuethe [EMAIL PROTECTED] wrote: Bear in mind that if you're serious about keeping plaintext away from people who you don't want to see it, this could get quite tricky. And that's not even taking into account that the thief might just put trojan horses all over your laptop before letting you have it back. Think of how often you hear of windows machines being turned into spambots with keyloggers. Just because it seems to be mostly windows machines doesn't mean it can't happen. *NIX makes it easy for even a moderately competent programmer to write a trivial keylogger. This is a good thread! I have some questions though: How can you make a keylogger on UNIX? I thought that UNIX segmented it's memory spaces, unlike Windows which has the problem of a global key trampoline (I'm sorry, I read this somewhere once and do not remember exactly what it was called). I suppose if you replaced the kernel than you could do this but I don't think that's what was meant. How do you choose between svnd and vnd devices? I'm guessing the type of the device is determined by whether you do `vnconfig svnd...` or `vnconfig vnd` but the manpage doesn't explicitly say this. -Nick
Re: Boost OpenBSD security - Zophie for 3.9
On 7/2/06, Tobias Ulmer [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ -- Pozdrawienia/Regards Tomasz Zielinski I normally don't take the bait, but this one is so cute... After reading through the diffs: (not supplied for added obfusication?) - add a new sysctl to the kernel. - patch some userland tools. - If this sysctl is set, supress certain information. Rocket sience! Even the dumbest scriptkiddie could just compile and run these tools from the original OpenBSD sources. Probably the whole Polish Underground Group profess OpenBSD OS as a religion is a big subtle joke? If so, well done and thanks for the good laugh :) If it is a subtle joke I sure like the screenshots of the install.
Re: Encrypting files
On Sun, Jul 02, 2006 at 02:56:03PM -0400, Nick Guenther wrote: I have some questions though: How can you make a keylogger on UNIX? I thought that UNIX segmented it's memory spaces, unlike Windows which has the problem of a global key trampoline (I'm sorry, I read this somewhere once and do not remember exactly what it was called). I suppose if you replaced the kernel than you could do this but I don't think that's what was meant. I think this was meant. man wskbd tells a little about the keyboard and the routines for this are in /sys/dev/wscons I think. Because you have the source, can recompile and the code is written with KISS in mind you'll be able to patch something up. However if you do you should check your morals, they come back to haunt you if you abuse them. Running a default kernel compiled by deraadt directly from the CD-ROM should ensure that no keylogger of any sort is installed in the kernel. There really isn't much reason to compile your own kernel unless you add your own stuff or want to change something. -peter -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Patent jeopardizes IETF syslog standard
On 7/1/06, J.C. Roberts [EMAIL PROTECTED] wrote: On Fri, 30 Jun 2006 12:54:14 +0300, Alexey E. Suslikov [EMAIL PROTECTED] wrote: Patent jeopardizes IETF syslog standard. Read here http://trends.newsforge.com/article.pl?sid=06/06/28/2320232 This sucks. It's no different than what Cisco did with their HSRP patent to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly identical to the crap Cisco put out years ago in their IPR claim. https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=724 The end result is we have CARP, a patent busting implementation that is far better than either of the originals... Will they never learn? Anyone in the mood for slog ? Isn't syslog just like... send random data on port 514 to whoever and they record it? How can you possibly patent that? That would be like patenting talking. -Nick
Re: Encrypting files
On 7/2/06, Peter Philipp [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2006 at 02:56:03PM -0400, Nick Guenther wrote: I have some questions though: How can you make a keylogger on UNIX? I thought that UNIX segmented it's memory spaces, unlike Windows which has the problem of a global key trampoline (I'm sorry, I read this somewhere once and do not remember exactly what it was called). I suppose if you replaced the kernel than you could do this but I don't think that's what was meant. I think this was meant. man wskbd tells a little about the keyboard and the routines for this are in /sys/dev/wscons I think. Because you have the source, can recompile and the code is written with KISS in mind you'll be able to patch something up. However if you do you should check your morals, they come back to haunt you if you abuse them. Running a default kernel compiled by deraadt directly from the CD-ROM should ensure that no keylogger of any sort is installed in the kernel. There really isn't much reason to compile your own kernel unless you add your own stuff or want to change something. Ah, okay, thank you! I see a lot go across on this list only half-explained, which is good for those who know what is going on but not for newbies like me. It's nice that this list is the sort of place where you are expected to use your own morals instead of blindly following the no hacking is bad! mantra. For the record, I was just curious, I'm not actually planning on bugging my systems. -Nick
Re: Encrypting files
On Sun, Jul 02, 2006 at 02:56:03PM -0400, Nick Guenther wrote: On 7/2/06, Chris Kuethe [EMAIL PROTECTED] wrote: Bear in mind that if you're serious about keeping plaintext away from people who you don't want to see it, this could get quite tricky. And that's not even taking into account that the thief might just put trojan horses all over your laptop before letting you have it back. Think of how often you hear of windows machines being turned into spambots with keyloggers. Just because it seems to be mostly windows machines doesn't mean it can't happen. *NIX makes it easy for even a moderately competent programmer to write a trivial keylogger. This is a good thread! I have some questions though: How can you make a keylogger on UNIX? I thought that UNIX segmented it's memory spaces, unlike Windows which has the problem of a global key trampoline (I'm sorry, I read this somewhere once and do not remember exactly what it was called). I suppose if you replaced the kernel than you could do this but I don't think that's what was meant. UNIX offers some very nice things, including ptys, ttys, and pipes. ptys were made for the explicit purpose of allowing programs to send and receive stuff to a tty-like interface, but with a program on the other end (instead of a terminal). You are right that reading keystrokes out of kernel memory is not trivial, and impossible without superuser priviliges, but if you already are the user whose keystrokes you want to snoop, it's not very difficult. How do you choose between svnd and vnd devices? I'm guessing the type of the device is determined by whether you do `vnconfig svnd...` or `vnconfig vnd` but the manpage doesn't explicitly say this. That's correct, you will want to name a complete device, though - so vnconfig svnd0 (...). Joachim
Re: Encrypting files
On Sun, Jul 02, 2006 at 09:34:50PM +0200, Peter Philipp wrote: On Sun, Jul 02, 2006 at 02:56:03PM -0400, Nick Guenther wrote: I have some questions though: How can you make a keylogger on UNIX? I thought that UNIX segmented it's memory spaces, unlike Windows which has the problem of a global key trampoline (I'm sorry, I read this somewhere once and do not remember exactly what it was called). I suppose if you replaced the kernel than you could do this but I don't think that's what was meant. I think this was meant. man wskbd tells a little about the keyboard and the routines for this are in /sys/dev/wscons I think. Because you have the source, can recompile and the code is written with KISS in mind you'll be able to patch something up. However if you do you should check your morals, they come back to haunt you if you abuse them. Running a default kernel compiled by deraadt directly from the CD-ROM should ensure that no keylogger of any sort is installed in the kernel. Well, provided the BIOS (or equivalent) cannot be flashed from the kernel, yes. Of course, worrying about this requires raging paranoia. But from a quick look, flashing the BIOS and combining it with an attack like the recent Blue Pill http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html (and elsewhere, but this one looks pretty complete) method would make for a *very* nasty rootkit. Just rewriting the kernel that is loaded by the bootloader would also be nasty, and potentially undetectable from software, too - but that's old news, and I have a vague notion that the above could likely be done in fewer instructions, which means that it's easier to put in what limited space is available. Of course, if you have people who can do this and are willing to invest the time to actually do it after you, be glad you're running OpenBSD, be careful with ports and new code, and remember - it's not paranoia if they really are out to get you. There really isn't much reason to compile your own kernel unless you add your own stuff or want to change something. Of course, that's still true. Joachim
Re: Encrypting files
On Sun, Jul 02, 2006 at 03:59:41PM -0400, Nick Guenther wrote: On 7/2/06, Peter Philipp [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2006 at 02:56:03PM -0400, Nick Guenther wrote: How can you make a keylogger on UNIX? I think this was meant. (...) Ah, okay, thank you! I see a lot go across on this list only half-explained, which is good for those who know what is going on but not for newbies like me. It's nice that this list is the sort of place where you are expected to use your own morals instead of blindly following the no hacking is bad! mantra. For the record, I was just curious, I'm not actually planning on bugging my systems. Note that, under certain circumstances, it can make sense to bug your own systems, and in most (all?) jurisdictions it is legal if the users are warned beforehand. This can make sense if you run a shell provider, and d00m10rd_t3h_1337 is running another ssh scan, for instance... Plus, you need at least a high-level theoretical knowledge of an attack to be able to adequately defend yourself from it. Joachim
Re: starting Apache in SSL mode
On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote: On Tue, Jun 27, 2006 at 04:34:19PM +0200, FTP wrote: On Tue, Jun 27, 2006 at 03:55:16PM +0200, FTP wrote: On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote: SSL certificates for a hostname requires a unique IP address. Are you trying to do virtual name hosting with https? On 6/27/06, FTP [EMAIL PROTECTED] wrote: On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote: On 6/26/06, FTP [EMAIL PROTECTED] wrote: Hi there, I was trying to start Apache in SSL mode and I did follow the http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued apachectl startssl and everything went fine. Now, when I point to the https://IP-address from my server I get an unable to connect error! What did I do wrong? In the ssl_engine_log I get: Configuring server new.host.name:443 for SSL protocol. This server has no domain assigned. Did I do something wrong in the certs? no, but you probably neglected to edit /var/www/conf/httpd.conf B appropriately (ServerName and NameVirtualHost come to mind, as well as the appropriate name-specific parts of the SSL config in the same file). ssl_engine_log probably won't give you the info you need here; take a look at your access_log and error_log. -- [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key Thanks for your reply. Well, the error_log doesn't get any message. Also, the regular http does show the web page without having the IP address in the http.conf file. Why doesn't this work with SSL as well? Certs etc. are in the correct path. Thanks George the weird thing is that I don't anything in the logs! No errors - nothing! some more ifo: when trying curl https://localhost I get the follwing: curl: (60) Failed to connect to ::1: Connection refused More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. if I issue curl -k https://localhost instead, I do get the page. Could it be due to the self-signed cert? Thanks George even more info: when I try to access the site via lynx I do get an SSL error message moaning that I have a self-signed cert. After accepting this, the page gets dispalyed. So it looks like the problem is with the CA? How do I correct that? I found the a reference in manual/mod/mod_ssl/ssl_faq.html#ToC24 but mentions a sign.sh script wich isn't present in the OBSD package. Thanks George any chance to draw some attention to the above? Thanks
Re: Boost OpenBSD security - Zophie for 3.9
On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote: On 7/2/06, Tobias Ulmer [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ I normally don't take the bait, but this one is so cute... After reading through the diffs: (not supplied for added obfusication?) - add a new sysctl to the kernel. - patch some userland tools. - If this sysctl is set, supress certain information. Rocket sience! Even the dumbest scriptkiddie could just compile and run these tools from the original OpenBSD sources. Probably the whole Polish Underground Group profess OpenBSD OS as a religion is a big subtle joke? If so, well done and thanks for the good laugh :) If it is a subtle joke I sure like the screenshots of the install. However, note that the page is quite frank about what is being done, from the web page quoted above: - kern.zophie.privacy This setting is responsible for process privacy in finger, last, netstat, ps, users, w, and who. Value 1 turns on this feature. This, obviously, still doesn't make it very useful (if only because, even after you've mounted everything noexec, you still have top, and so on and so forth) - but the above should be enough to arouse suspicion. Joachim
Re: Encrypting files
On Sun, Jul 02, 2006 at 10:25:35PM +0200, Joachim Schipper wrote: Well, provided the BIOS (or equivalent) cannot be flashed from the kernel, yes. Of course, worrying about this requires raging paranoia. But from a Paranoia isn't necessarily a bad thing. It motivates people to seek true or possible points of compromise in a system. Motivation is the key in productivity and security. -peter
Re: Boost OpenBSD security - Zophie for 3.9
At 22:35 2006-07-02, you wrote: On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote: On 7/2/06, Tobias Ulmer [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ I normally don't take the bait, but this one is so cute... After reading through the diffs: (not supplied for added obfusication?) - add a new sysctl to the kernel. - patch some userland tools. - If this sysctl is set, supress certain information. Rocket sience! Even the dumbest scriptkiddie could just compile and run these tools from the original OpenBSD sources. Probably the whole Polish Underground Group profess OpenBSD OS as a religion is a big subtle joke? If so, well done and thanks for the good laugh :) If it is a subtle joke I sure like the screenshots of the install. However, note that the page is quite frank about what is being done, from the web page quoted above: - kern.zophie.privacy This setting is responsible for process privacy in finger, last, netstat, ps, users, w, and who. Value 1 turns on this feature. This, obviously, still doesn't make it very useful (if only because, even after you've mounted everything noexec, you still have top, and so on and so forth) - but the above should be enough to arouse suspicion. Joachim Process privacy itself is done in kernel so top other tools (like lsof for example) will not work. Ps, users, w who are pathed to not show other users that are in this is independent with process privacy. You may find OpenBSD that is on screenshots here: http://nicram.sytes.net/openbsd/openbsd-3.9-i386-zophie.iso It is extactly same OpenBSD. yes it is very easy to make it on Your own :) This is how KISS apps should be made, even when they change something in kernel :) Best Regards
Re: Patent jeopardizes IETF syslog standard
* Nick Guenther [EMAIL PROTECTED] [060702 15:58]: On 7/1/06, J.C. Roberts [EMAIL PROTECTED] wrote: On Fri, 30 Jun 2006 12:54:14 +0300, Alexey E. Suslikov [EMAIL PROTECTED] wrote: Patent jeopardizes IETF syslog standard. Read here http://trends.newsforge.com/article.pl?sid=06/06/28/2320232 This sucks. It's no different than what Cisco did with their HSRP patent to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly identical to the crap Cisco put out years ago in their IPR claim. https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=724 The end result is we have CARP, a patent busting implementation that is far better than either of the originals... Will they never learn? Anyone in the mood for slog ? Isn't syslog just like... send random data on port 514 to whoever and they record it? How can you possibly patent that? That would be like patenting talking. -Nick I hold the patent on talking. Watch for a battery of law suits forthcoming. Sorry, couldn't resist. Laugh people. Jim
How to get a (working) screen editor inside bsd.rd?
I've got a RAIDFrame system for which I'm building a custom bsd.rd. That's basically fine - I understand how /usr/src/distrib works and how crunchgen is used to add files (like raidctl) to instbin on the kernel ramdisk. So I figure that as long as I'm at it, I'd like to have a real screen editor as well. That doesn't seem to work, though. I've gotten the build process to incorporate either (n)vi or ee by using CRUNCHSPECIAL directives, and that seems to go OK. But after booting into the new bsd.rd, any attempt to use the editors segfaults. Because ee is small, I also tried compiling it statically and using a straight COPY with it rather than building it into instbin. That segfaults the same way. Is there some terminal or screen related issue I'm not understanding here that's causing the editors to fail? I notice both of them use some version of curses. Thanks, Todd
Re: A little script to remove packages don't needed
I changed a couple of things:
a) Now there's a license notice (template from
/usr/src/share/misc/license.template). Nothing important, just to be
sure.
b) All packages which you didn't want to delete are saved to a file,
so you will not have to answer n in future runs (to check the full
list of packages just do: sudo rm /etc/pkg_check.conf).
c) If, in a run, packages were deleted, a new run is suggested,
because maybe there are packages which were *only* used by those
packages.
Again, feedback is useful :)
#!/bin/ksh
# Copyright (c) 2006 AndrC)s Delfino [EMAIL PROTECTED]
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
function move_cursor_up {
tput up dl 0
}
function check_for_packages {
for package in $( ls /var/db/pkg ); {
echo Checking for $package
if ! { test -a /var/db/pkg/$package/+REQUIRED_BY || {
package_name=$( echo $package | sed s/-[^-]\{1,\}$// ); grep -qs
$package_name /etc/pkg_check.conf; } } then
move_cursor_up
echo -n No package depends on $package, would you like to
delete it? YES/n
while true; do
read answer
case $answer in
YES )
sudo pkg_delete $package
let deleted_packages = 1
break
;;
n )
echo $package_name
/etc/pkg_check.conf
break
;;
* )
echo -n 'YES/n '
;;
esac
done
else
move_cursor_up
fi
}
}
while true; do
check_for_packages
if ! let deleted_packages; then
break
fi
let deleted_packages = 0
echo -n \nIt's possible that there are packages which were only used
by any of the deleted ones, would you like to run pkg_check again? y/n
while true; do
read answer
case $answer in
y )
echo
break
;;
n )
break 2
;;
* )
echo -n 'y/n '
;;
esac
done
done
Re: Encrypting files
On Sun, 2 Jul 2006 10:57:42 -0600 Chris Kuethe [EMAIL PROTECTED] wrote: Bear in mind that if you're serious about keeping plaintext away from people who you don't want to see it, this could get quite tricky. After a bout of homocidal paranoia and time spent wondering just what to do with several hundred pounds of tin foil... Crypted data is good. It will stop snooping office workers and common laptop thieves. But if some organization wants your data, they could trick it out of you (keyloggers, et al.) Or more crude physical methods. I once advocated some insane crypto here, which was indeed silly of me. I have seen the light. svnd is a fantastic _practical and real_ solution. I'm happy that there is such a fantastic OS for me to run... though I wonder what I will do 60 years down the line. Anyhow, thanks for the great OS guys. When can I buy the next release? =) Travers
Re: Patent jeopardizes IETF syslog standard
On Sun, 2 Jul 2006 18:55:46 -0400, Jim Razmus [EMAIL PROTECTED] wrote: * Nick Guenther [EMAIL PROTECTED] [060702 15:58]: On 7/1/06, J.C. Roberts [EMAIL PROTECTED] wrote: On Fri, 30 Jun 2006 12:54:14 +0300, Alexey E. Suslikov [EMAIL PROTECTED] wrote: Patent jeopardizes IETF syslog standard. Read here http://trends.newsforge.com/article.pl?sid=06/06/28/2320232 This sucks. It's no different than what Cisco did with their HSRP patent to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly identical to the crap Cisco put out years ago in their IPR claim. https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=724 The end result is we have CARP, a patent busting implementation that is far better than either of the originals... Will they never learn? Anyone in the mood for slog ? Isn't syslog just like... send random data on port 514 to whoever and they record it? How can you possibly patent that? That would be like patenting talking. -Nick I hold the patent on talking. Watch for a battery of law suits forthcoming. Sorry, couldn't resist. Laugh people. Jim Jim, I really wish I could laugh about it... -I put my time and effort into getting the VRRP crap settled Cisco (i.e. Robert Bar), so we could just use a standard protocol -and no, I'm not the only human being around here that wasted their time and effort on this particular problem. Think about the time/effort/planing the developers put into making CARP such that it gets around the Cisco patent... Don't misunderstand me, CARP is an amazingly innovative and extremely useful implementation of a redundancy protocol. It's technically better than HSRP or any of the versions of VRRP but the problems till stands that it is not an official protocol, which simply means adoption and inter operability will suffer to some degree. Frivolous patents have a cost to those who fight them. jcr -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org
Re: Patent jeopardizes IETF syslog standard
Don't misunderstand me, CARP is an amazingly innovative and extremely useful implementation of a redundancy protocol. It's technically better than HSRP or any of the versions of VRRP but the problems till stands that it is not an official protocol, which simply means adoption and inter operability will suffer to some degree. You are wrong. It is officially free and unencumbered. Now if you wish to redeclare the word official to mean because some corporate people playing politics have dictated it be so, fine, be that way. But when you do so you are doing two things: 1. Limiting yourself. 2. Giving them the power to do it again. I suppose that is your choice. Keep saying that the Man is right.
Re: Patent jeopardizes IETF syslog standard
On Sun, 2 Jul 2006 15:52:57 -0400, Nick Guenther [EMAIL PROTECTED] wrote: On 7/1/06, J.C. Roberts [EMAIL PROTECTED] wrote: On Fri, 30 Jun 2006 12:54:14 +0300, Alexey E. Suslikov [EMAIL PROTECTED] wrote: Patent jeopardizes IETF syslog standard. Read here http://trends.newsforge.com/article.pl?sid=06/06/28/2320232 This sucks. It's no different than what Cisco did with their HSRP patent to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly identical to the crap Cisco put out years ago in their IPR claim. https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=724 The end result is we have CARP, a patent busting implementation that is far better than either of the originals... Will they never learn? Anyone in the mood for slog ? Isn't syslog just like... send random data on port 514 to whoever and they record it? How can you possibly patent that? That would be like patenting talking. -Nick Basically you are correct about *current* syslog implementations. The two goals of the syslog standard work being done are (1) defining a message format and (2) providing a secure transport of said messages. In short, secure inter-operability of syslog across various systems. No one knows what's in the sealed patent application at the moment since it has not been publicly released but considering the guys claiming the patent have been involved in the syslog standards process, you can reasonably certain some degree of dishonesty and corruption are involved. JCR -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org
NTP timedelta sensor support in snapshot
Hi, I'm running a snapshot from 29.06.2006 on a soekris net4801 board. I also recently bought a Globalsat BU-353 USB GPS receiver. When I attach the receiver to the soekris board the kernel reports the following: uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 I then add the following lines to /etc/ntpd.conf: sensor * sensor uplcom0 But when ntpd starts it doesn't say anything about a found sensor. Should the GPS receiver work with ntpd as it is or does it need a specialized driver to handle it properly? I'd appreciate any input. I've tried to search the archives for any hints but I can't seem to find any. The dmesg of the soekris board is below and also the ntpd.conf I'm using. OpenBSD 3.9-current (GENERIC) #930: Thu Jun 29 22:21:06 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133787648 (130652K) avail mem = 115347456 (112644K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 6 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c6:66:5c nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c6:66:5d nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c6:66:5e nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 1: SILICONSYSTEMS INC 128MB wd0: 1-sector PIO, LBA, 124MB, 254208 sectors wd0(pciide0:0:1): using PIO mode 4, DMA mode 2 geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered isa0 at gscpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask fbe5 netmask ffe5 ttymask ffe7 pctr: no performance counters in CPU uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 arplookup: unable to enter address for 84.231.224.1 arplookup: unable to enter address for 84.231.224.1 uplcom0: at uhub0 port 1 (addr 2) disconnected ucom0 detached uplcom0 detached uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 uplcom0: at uhub0 port 1 (addr 2) disconnected ucom0 detached uplcom0 detached uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 And my /etc/ntpd.conf: # $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $ # sample ntpd configuration file, see ntpd.conf(5) # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers servers pool.ntp.org #sensor uplcom0 sensor * sensor uplcom0
Re: pf isakmpd: NAT through encryption interface?
On Wed, 28 Jun 2006, Stephen Bosch wrote: Hi, Roy: Roy Morris wrote: Yes it does work! I guess I better hold on to these two boxes I have. Seems they are the only ones that do! lol I have A. clients on each end behind a vpn/pf box B. enc0 binat from internal client to public IP of other side client C. /etc/hostname.if alias for the binat IP D. isakmpd.conf uses public IP (A) for phase 1, and (B internal client nat) for phase 2 I've had a closer look at this... In my case, the other peer expects a private IP on my internal network. Your directions involve an alias. Do I need this alias? Can I not just nat on the encryption interface like so? nat on $enc_if from $internal_ip to $remote_internal_ip - $private_nat_address? This is really confusing me. -Stephen- If you do nat on $enc_if your incoming packets will not match an existing IPSEC flow and will never get routed to your enc0 interface in the first place. man ipsec shows a flow diagram of how packets move in the kernel -Matt-
Re: NTP timedelta sensor support in snapshot
I'm running a snapshot from 29.06.2006 on a soekris net4801 board. I also recently bought a Globalsat BU-353 USB GPS receiver. When I attach the receiver to the soekris board the kernel reports the following: uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 I then add the following lines to /etc/ntpd.conf: sensor * sensor uplcom0 But when ntpd starts it doesn't say anything about a found sensor. Should the GPS receiver work with ntpd as it is or does it need a specialized driver to handle it properly? I'd appreciate any input. I've tried to search the archives for any hints but I can't seem to find any. There are pieces you need which are not commited yet. For instance, to turn a serial port into a ntp time sensor. Wait a bit longer please.
