Re: log monitoring recommendations?

[Timo Myyrä]

Patrick Dohman  writes:

> Any opinions/ideas regarding log monitoring. 
> Preferably something with definable actions.
> Hoping to test/obtain a fail2ban equivalent for BSD
>
> The following utilities were located in openports.se
> hatchet
> logsentry
> logsurfer
> swatch
>
> Regards
> Patrick
>

Check out SEC which is also in the ports.
http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html

Timo

log monitoring recommendations?

[Patrick Dohman]

Any opinions/ideas regarding log monitoring. 
Preferably something with definable actions.
Hoping to test/obtain a fail2ban equivalent for BSD

The following utilities were located in openports.se
hatchet
logsentry
logsurfer
swatch

Regards
Patrick

OpenBSD 6-stable vmd

[R0me0 ***]

Hello misc.

For testing purposes

I compiled kernel with vmd support.

After start the vm -> vmctl start "myvm" -m 512M -i 1 -d disk.img -k /bsd.rd

I created a bridge and added vether0 and tap0

In the vm I have configured an ip 192.168.1.30

If I perform ping from OpenBSD Hypervisor -> ping 192.168.1.30 all packages
are send and received "on the fly"

But if I perform the same step from "myvm", there is no packet loss but the
packets take so long to be send and consecutively replied

I am performing this tests on Linux  running Vmware Workstation 12 .

Is this behavior expected ?

Any directions will be appreciated.

Thank you

myvm dmesg:

OpenBSD 6.0 (RAMDISK_CD) #2100: Tue Jul 26 13:05:59 MDT 2016
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
RTC BIOS diagnostic error 20
real mem = 520093696 (496MB)
avail mem = 502673408 (479MB)
mainbus0 at root
bios0 at mainbus0
acpi at bios0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 14335.74 MHz
cpu0:
FPU,VME,DE,PSE,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,AVX,F1
6C,RDRAND,HV,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT
pvbus0 at mainbus0: OpenBSD
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "OpenBSD VMM PCI Host Bridge" rev 0x00
virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00
viornd0 at virtio0
virtio0: irq 3
virtio1 at pci0 dev 2 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio1
scsibus0 at vioblk0: 2 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 5120MB, 512 bytes/sector, 10485760 sectors
virtio1: irq 5
virtio2 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio2: address fe:e1:ba:d0:d0:94
virtio2: irq 9
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo
com0: console
softraid0 at root
scsibus1 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
WARNING: invalid time in clock chip
WARNING: CHECK AND RESET THE DATE!

openbsd hypervisor :


OpenBSD 6.0-stable (GENERIC.MP) #0: Fri Oct 21 20:07:42 BRST 2016
   root@puffysor.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2130640896 (2031MB)
avail mem = 2061631488 (1966MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 07/02/2015
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3)
S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3)
S12F(S3) S13F(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 3800.69 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLIN
E,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 65MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 3810.50 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLIN
E,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
"PNP0001" at acpi0 not configured
"PNP0303" at acpi0 not configured
"VMW0003" at acpi0 not configured
"PNP0A05" at acpi0 not configured
acpiac0 at acpi0: AC unit online
pvbus0 at mainbus0: VMware
vmt0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI
5/cdrom removab

Re: console mode not allowing login

[jungle Boogie]

Hi Todd,
On 21 October 2016 at 12:58, Todd C. Miller  wrote:
> It sounds like you need to enable getty on the serial port.  To
> login on the serial console you should have a line like the following
> in /etc/ttys:
>
> tty00   "/usr/libexec/getty std.9600" vt220   on  secure
>

That did it! Thanks so much for the simple fix.

>  - todd



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: security(8) doesn't know about mailbox locks

[Philippe Meunier]

Kamil Cholewiński wrote:
>Try using aliases(5) instead

Okay, but still, security(8) ought not to generate bogus warnings
regardless of the method used to forward emails (and there are also
probably other ways that a lock file might end up in /var/mail, using
a .forward file just happens to be the way that made me notice the
problem).

Cheers,

Philippe

Re: console mode not allowing login

[Todd C. Miller]

It sounds like you need to enable getty on the serial port.  To
login on the serial console you should have a line like the following
in /etc/ttys:

tty00   "/usr/libexec/getty std.9600" vt220   on  secure

 - todd

console mode not allowing login

[jungle Boogie]

Hi All,

After my machine is completed booting up and ready for login, I can't
see anymore text in the console. Which also means I can't login to the
machine via console.

# cat /etc/boot.conf
set tty com0
set timeout 60

I'm connecting to the openbsd machine via freebsd with this command:
cu -l /dev/cuaU0 -9600


DHCPREQUEST on bge0 to 255.255.255.255
DHCPACK from 192.168.0.1 (6c:b0:ce:59:cf:bb)
bound to 192.168.0.20 -- renewal in 1800 seconds.
reordering libraries: done.
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
acpidump: RSDT entry 6 is corrupt
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd smtpd sndiod.
starting local daemons: cron.
Fri Oct 21 12:45:19 PDT 2016

The date is the last line printed.

Any suggestions?


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: security(8) doesn't know about mailbox locks

[Kamil Cholewiński]

On Fri, 21 Oct 2016, Philippe Meunier  wrote:
> When cron runs /etc/daily, that script runs df and netstat and the
> output is sent by email to root.  On my system, emails to root are
> forwarded to local user meunier using /root/.forward.  The forwarding
> itself temporarily creates a lock file in /var/mail:

Try using aliases(5) instead

Re: dmidecode and access to /dev/mem denied

[Theo de Raadt]

> Index: securelevel.7
> ===
> RCS file: /cvs/src/share/man/man7/securelevel.7,v
> retrieving revision 1.29
> diff -u -p -r1.29 securelevel.7
> --- securelevel.7   28 Sep 2016 17:58:17 -  1.29
> +++ securelevel.7   21 Oct 2016 15:22:49 -
> @@ -66,7 +66,7 @@ securelevel may no longer be lowered exc
>  .Pa /dev/mem
>  and
>  .Pa /dev/kmem
> -may not be written to
> +may not be read or written to
>  .It
>  raw disk devices of mounted file systems are read-only
>  .It

Actually, it may not be opened.

security(8) doesn't know about mailbox locks

[Philippe Meunier]

Hello,

When cron runs /etc/daily, that script runs df and netstat and the
output is sent by email to root.  On my system, emails to root are
forwarded to local user meunier using /root/.forward.  The forwarding
itself temporarily creates a lock file in /var/mail:

-rw---  1 root wheel 0 Oct 21 23:55 meunier.lock

At the same time, /etc/daily runs /usr/libexec/security.  The
check_mailboxes function in that file loops over all the files in
/var/mail and checks whether the owner of the file matches the name of
the file.  If check_mailboxes happens to be running exactly at the
same time as the system is forwarding /etc/daily's first email, then
check_mailboxes sees meunier.lock, the check for that file fails, and
the result is another email sent to root:

Running security(8):

Checking mailbox ownership.
user meunier.lock mailbox is owned by root

So I think the check_mailboxes function in /usr/libexec/security
should either skip lock files or check them in a different way...

Cheers,

Philippe

Re: dmidecode and access to /dev/mem denied

[Theo de Raadt]

> On 2016-10-21, Kapetanakis Giannis  wrote:
> > Hi,
> >
> > # dmidecode 
> > # dmidecode 3.0
> > Scanning /dev/mem for entry point.
> > /dev/mem: Operation not permitted
> >
> > I guess this is similar to 
> > http://marc.info/?l=openbsd-misc&m=147575799412450&w=2
> >
> > where stu@ said:
> > "Kernel virtual memory access is no longer permitted by the kernel on a
> > normally running system.  The relevant parts of net-snmp will need to be
> > disabled or rewritten"
> 
> sthen@ != stu@
> 
> > Any way to get through that and read DMI entries?
> 
> There is a sysctl kern.allowkmem:
> 
>KERN_ALLOWKMEM
>Allow userland processes access to /dev/kmem.  When running with a
>securelevel(7) greater than 0, this variable may not be changed.
> 

For the simple reason that this is 2016 not 1986, and userland code that
can sniff through the kernel's physical address space is a ridiculous
process.  It needs to die; or have proper device driver interface that
gives it exactly what it needs.

Re: dmidecode and access to /dev/mem denied

[Kapetanakis Giannis]

On 21/10/16 16:54, Stuart Henderson wrote:
> On 2016-10-21, Kapetanakis Giannis  wrote:
>>
>> where stu@ said:
>> "Kernel virtual memory access is no longer permitted by the kernel on a
>> normally running system.  The relevant parts of net-snmp will need to be
>> disabled or rewritten"
> 
> sthen@ != stu@

Sorry for that. Saw the uid on your domain and thought it was the same :)

>> Any way to get through that and read DMI entries?
> 
> There is a sysctl kern.allowkmem:
> 
>KERN_ALLOWKMEM
>Allow userland processes access to /dev/kmem.  When running with a
>securelevel(7) greater than 0, this variable may not be changed.

Thanks for the hint.

Just for the records, since I didn't want to set it permanently I did this in 
/etc/rc.securelevel
if [[ -x /usr/local/sbin/dmidecode ]]; then
/usr/local/sbin/dmidecode > /var/run/dmidecode.boot
fi

G
ps. Maybe this applies?

Index: securelevel.7
===
RCS file: /cvs/src/share/man/man7/securelevel.7,v
retrieving revision 1.29
diff -u -p -r1.29 securelevel.7
--- securelevel.7   28 Sep 2016 17:58:17 -  1.29
+++ securelevel.7   21 Oct 2016 15:22:49 -
@@ -66,7 +66,7 @@ securelevel may no longer be lowered exc
 .Pa /dev/mem
 and
 .Pa /dev/kmem
-may not be written to
+may not be read or written to
 .It
 raw disk devices of mounted file systems are read-only
 .It

Re: dmidecode and access to /dev/mem denied

[Stuart Henderson]

On 2016-10-21, Kapetanakis Giannis  wrote:
> Hi,
>
> # dmidecode 
> # dmidecode 3.0
> Scanning /dev/mem for entry point.
> /dev/mem: Operation not permitted
>
> I guess this is similar to 
> http://marc.info/?l=openbsd-misc&m=147575799412450&w=2
>
> where stu@ said:
> "Kernel virtual memory access is no longer permitted by the kernel on a
> normally running system.  The relevant parts of net-snmp will need to be
> disabled or rewritten"

sthen@ != stu@

> Any way to get through that and read DMI entries?

There is a sysctl kern.allowkmem:

   KERN_ALLOWKMEM
   Allow userland processes access to /dev/kmem.  When running with a
   securelevel(7) greater than 0, this variable may not be changed.

Re: Build a new kernel for apcupsd

[Stuart Henderson]

On 2016/10/21 11:42, lilit-aibolit wrote:
> On 10/20/2016 07:25 PM, Stuart Henderson wrote:
> > On 2016-10-20, lilit-aibolit  wrote:
> > > Hi list.
> > > In recent OpeBSD versions usb devices attached to upd driver.
> > > This is why apcupsd doesn't detect APC USB devices.
> > > 
> > > After installing apcupsd there is statement
> > > how to deal with above situation:
> > > ...
> > > The option with fewest side-effects is to add the following entries to
> > > the table in /sys/dev/usb/usb_quirks.c and build a new kernel:
> > > 
> > > { USB_VENDOR_APC, USB_PRODUCT_APC_UPS, ANY, { UQ_BAD_HID }},
> > > { USB_VENDOR_APC, USB_PRODUCT_APC_UPS5G, ANY, { UQ_BAD_HID }},
> > > 
> > > Alternatively, if you do not use a USB keyboard/mouse, you could simply
> > > disable the upd and uhid drivers. The following line creates a new kernel
> > > with the relevant changes:
> > > 
> > > printf 'disable uhid\ndisable upd\nquit\n' | config -e -o /bsd.no-uhid 
> > > /bsd
> > > ...
> > > Second option isn't suitable because I have usb keyboard
> > > and on very rare occasions it's used to fix something locally.
> > > So regardless of undefined "fewest side-effects" I have to use
> > > first option and build new kernel. I downloaded and extracted
> > > src.tar.gz and sys.tar.gz into /usr/src. Then I modified usb_quirks.c file
> > > and added specified lines into usb_quirks[] table.
> > See the "Build and install a new kernel" step in release(8).
> > 
> > > Then I've read faq5.html and man config but didn't get
> > > a clue how to build new kernel with applied changed in usb_quirks.c file.
> > > 
> > > In config man page there is statement that "Most people save their
> > > backup kernels as //bsd.1/, //bsd.2/, etc." I'd also like to know how to
> > > save my current kernel
> > cp(1)
> > 
> > > and how to switch between new and old ones in case
> > > of some troubles with new kernel.
> > at the boot-loader prompt, you can type "boot bsd.1"
> > 
> > 
> Hi and thanks for your answer.
> I followed steps in release(8) and executed:
> 
> # cd /usr/src/sys/arch/i386/conf/
> # config GENERIC.MP
> # cd ../compile/GENERIC.MP/
> # make clean && make
> 
> However the size of my current kernel
> is exactly the same as just built one:
> 
> # ls -la /bsd
> -rw-r--r--  1 root  wheel  10628645 May  5  2015 /bsd
> # ls -la ./bsd
> -rwxr-xr-x  1 root  wsrc  10628645 Oct 21 11:24 ./bsd
> 
> Is it expected result and new kernel
> includes changes in usb_quirks.c?

You don't give enough information to be able to tell.
Why don't you try it and compare dmesg?

Re: OT: shell / terminal / console / tty / cua / getty

[Martin Schröder]

2016-10-21 12:04 GMT+02:00 Mihai Popescu :
> terminal: physical stuff, keyboard + screen + serial port for
> mainframe connection

Relevant: https://www.jwz.org/blog/2016/10/export-termaaa-60/

> enough. Also a link or a book indication for all this stuff will be
> fine.

We have man pages and wikipedia exists. :-)

Best
   Martin

dmidecode and access to /dev/mem denied

[Kapetanakis Giannis]

Hi,

# dmidecode 
# dmidecode 3.0
Scanning /dev/mem for entry point.
/dev/mem: Operation not permitted

I guess this is similar to 
http://marc.info/?l=openbsd-misc&m=147575799412450&w=2

where stu@ said:
"Kernel virtual memory access is no longer permitted by the kernel on a
normally running system.  The relevant parts of net-snmp will need to be
disabled or rewritten"

Any way to get through that and read DMI entries?

thanks

G

Re: Build a new kernel for apcupsd

[lilit-aibolit]

On 10/20/2016 07:25 PM, Stuart Henderson wrote:

On 2016-10-20, lilit-aibolit  wrote:

Hi list.
In recent OpeBSD versions usb devices attached to upd driver.
This is why apcupsd doesn't detect APC USB devices.

After installing apcupsd there is statement
how to deal with above situation:
...
The option with fewest side-effects is to add the following entries to
the table in /sys/dev/usb/usb_quirks.c and build a new kernel:

{ USB_VENDOR_APC, USB_PRODUCT_APC_UPS, ANY, { UQ_BAD_HID }},
{ USB_VENDOR_APC, USB_PRODUCT_APC_UPS5G, ANY, { UQ_BAD_HID }},

Alternatively, if you do not use a USB keyboard/mouse, you could simply
disable the upd and uhid drivers. The following line creates a new kernel
with the relevant changes:

printf 'disable uhid\ndisable upd\nquit\n' | config -e -o /bsd.no-uhid /bsd
...
Second option isn't suitable because I have usb keyboard
and on very rare occasions it's used to fix something locally.
So regardless of undefined "fewest side-effects" I have to use
first option and build new kernel. I downloaded and extracted
src.tar.gz and sys.tar.gz into /usr/src. Then I modified usb_quirks.c file
and added specified lines into usb_quirks[] table.

See the "Build and install a new kernel" step in release(8).


Then I've read faq5.html and man config but didn't get
a clue how to build new kernel with applied changed in usb_quirks.c file.

In config man page there is statement that "Most people save their
backup kernels as //bsd.1/, //bsd.2/, etc." I'd also like to know how to
save my current kernel

cp(1)


and how to switch between new and old ones in case
of some troubles with new kernel.

at the boot-loader prompt, you can type "boot bsd.1"



Hi and thanks for your answer.
I followed steps in release(8) and executed:

# cd /usr/src/sys/arch/i386/conf/
# config GENERIC.MP
# cd ../compile/GENERIC.MP/
# make clean && make

However the size of my current kernel
is exactly the same as just built one:

# ls -la /bsd
-rw-r--r--  1 root  wheel  10628645 May  5  2015 /bsd
# ls -la ./bsd
-rwxr-xr-x  1 root  wsrc  10628645 Oct 21 11:24 ./bsd

Is it expected result and new kernel
includes changes in usb_quirks.c?

OT: shell / terminal / console / tty / cua / getty

[Mihai Popescu]

Hello,

I was asking long time ago about a terminal here, and I got some good
answers from people who might been using it back in time.

That question was a begining for understanding what is the relation
among all the stuff from the post subject. Please help with some
clarifications if you can. I'm not saying I have no idea about each of
them, but I hardly understand the relation among them.

So, here is what I know or I think I know so far:

shell: software, used for user interraction, commands for the OS,etc.
terminal: physical stuff, keyboard + screen + serial port for
mainframe connection
console: ? stdout, stderr, xconsole? have no idea yet!
tty: software, but that's all i know! maybe to manage a terminal at server side?
cua: software, device for interraction with serial port of the computer
getty: software to manage tty?

Don't bother with OS implementation details, a relation description is
enough. Also a link or a book indication for all this stuff will be
fine.

Thank you very much.

Re: 4th nic for pcengines apu2

[lists]

Fri, 21 Oct 2016 09:32:08 +0200 Marc Peters 
> Am 10/20/16 um 18:26 schrieb Stuart Henderson:
> > 
> > You should find out if they have IPMI.  Standard config on many Supermicros
> > is to have it enabled, sharing the first main network port if you don't have
> > anything plugged into the dedicated one, with the same password on every
> > machine.  You do not want this.
> >   
> 
> Yeah, we have a couple of Supermicros, which have IPMI. Actually, the
> IPMI will share any connected onboard nic, if the dedicated is not
> connected. These machines at least don't have IPMI and i don't know, if
> you can buy any equipped with IPMI.
> 

Hi Marc,

You can use these online resources to locate your motherboard and verify
its capabilities or if there is new BIOS and IPMI firmware respectively:

Supermicro: Motherboard Matrix
http://www.supermicro.com/ResourceApps/MB_matrix.aspx

Supermicro: Firmware List
http://supermicro.com/support/bios/firmware0.aspx

Thomas Krenn Wiki: (Supermicro) Motherboards
https://www.thomas-krenn.com/en/wiki/Category:Motherboards

A basic search for secure IPMI deployment guide will be of good results.

Kind regards,
Anton

Re: Because Theo de Raadt said that the buttons are for idiots?

[Peter Hessler]

The poster is just trolling, and trying to get reactions.  Don't answer.


On 2016 Oct 20 (Thu) at 23:57:26 +0200 (+0200), Alexander Hall wrote:
:On this list, English is the language to use, and Google translate does not
:cut it. I do think I understand what you're after, but have someone help you
:write comprehensible English and try again.
:
:/Alexander
:
:On October 20, 2016 8:11:20 PM GMT+02:00, SOUL_OF_ROOT 55
: wrote:
:>Because nobody answer?
:>
:>2016-10-18 18:45 GMT-02:00 SOUL_OF_ROOT 55 :
:>
:>> Because Theo de Raadt said that the buttons are for idiots?
:>>
:>>  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/
:>> Attic/theo.c?rev=1.125
:>>
:>> Peoples that participate in IRC of openbsd-br suggested for me ask
:>this
:>> here in openbsd misc and for the Theo de Raadt.

Re: 4th nic for pcengines apu2

[Marc Peters]

Am 10/20/16 um 18:26 schrieb Stuart Henderson:
> 
> You should find out if they have IPMI.  Standard config on many Supermicros
> is to have it enabled, sharing the first main network port if you don't have
> anything plugged into the dedicated one, with the same password on every
> machine.  You do not want this.
> 

Yeah, we have a couple of Supermicros, which have IPMI. Actually, the
IPMI will share any connected onboard nic, if the dedicated is not
connected. These machines at least don't have IPMI and i don't know, if
you can buy any equipped with IPMI.