errors: rsa, ssl?
Hello Can somebody help, to identify these errors please? 140072142312768:error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid:../crypto/rsa/rsa_pss.c:88: 140072142312768:error:1417B07B:SSL routines:tls_process_cert_verify:bad signature:../ssl/statem/statem_lib.c:504: I found a reference, that says that it is a problem with the code! I have bot been able to repair the system yet. thanks
Re: nxserver on OpenBSD
I can imagine. Will give tigervnc a try. I have started towards compiling x2go for OpenBSD. Its running into trivial issues like compilation failures ( https://github.com/ArcticaProject/nx-libs/issues/1044). Will see how it goes. Thank you -S On Thu, Mar 24, 2022 at 2:49 PM Stuart Henderson wrote: > On 2022-03-24, Sandeep Gupta wrote: > > Hello, > > > > I am looking for an nxserver for openBSD. It seems all the well know > > solutions -- NoMachine, OpenNX, nxserver. The only one which is actively > > worked on is X2GO. Just wanted to confirm if OpenBSD has support for any > of > > the nxserver solutions or is there plan/intend to support one. > > Seems your best bet would be to run an NX server on Linux as a proxy as > suggested in > > > https://x2go-user.x2go.narkive.com/NUuuZlc7/compile-and-run-x2go-server-in-openindiana-freebsd > > If you can use a different protocol, tigervnc is in packages (and was an > absolute pain to get to build!). > > >
Re: growfs on an encrypted softraid0
Hi, If rsync isn't working correctly, I would just use a cpio(1) to copy things between the two folders. I haven't used it for years, but in the days of mixed unix (AIX, SCO Xenix, SCO Unix), cpio always "just worked". You can do it in a pipe, so there's no intermediate storage. IIRC, you bump up the block size to get faster speeds. It should handle long paths correctly. You could perhaps do the same thing with "tar", but "tar" historically had issues with long path names and I haven't used it for so many years, I am sure it's been resolved. tar -cf - . | (cd some_folder; tar -xvf -) Cheers, Steve W. On 24/03/2022 5:38 a.m., Leo Unglaub wrote: Hey friends, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) Having my email server down for 3 days is not really a good option for obvious reasons. I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. Do you have any ideas what i can do in this case? Thanks and greetings Leo OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4177379328 (3983MB) avail mem = 4034740224 (3847MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to
Re: growfs on an encrypted softraid0
Hey, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. correct... you can growfs a FS within an encrypted partition, but can not grow the encrypted partition. great, so at least i read the code right :) Does someone know if there is a patch around that maybe is waiting for reviews that would add the functionality of growing an encrypted partition itself? Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) well, you might want to have a chat with your service provider. There's nothing "super fast" about 500g in three days (though my VPS on my primary web/mail server also brags about SSDs...and the slowest disk performance I have seen in decades. I have a note-to-self in the .profile that a sysupgrade takes 15 minutes to keep me from freaking out during upgrades. Other systems I have with them have more expected performance. *shrug*) I spinned up the same server with Alpine Linux on it (LUKS with ext4) and there the 500gb got copied in around 37 minutes. I pupolated the 500gb with 1mb files with random content in them. So the disc speed seams fine. This is propobly something on OpenBSD, but i an not complaining about the speed. OpenBSD is fast enought in most cases. Just out of interrest, i tried the same with async+noatime and softdep+noatime and there was not that much difference. (around 30 minutes difference to no mount options other than default) I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. what? where? I'm not seeing what you are refering to here. Also a quick web search isn't showing a problem, but I am seeing a lot of people using rsync to back up dovecot maildir servers. (if totally off-topic to OpenBSD, please advise me off-list) If you use normal maildir for storage rsync is perfect. But i am using a feature called SIS (single instance storage). This is build into dovecot and available in the OpenBSD port of the software. This basically extracts attachments of emails and stores them externally. If you have the same attachment in multiple emails dovecot uses hard links. If you have for example people who mail you with always the same horrible pictures in email signatures then this reduces the disc usage a lot! Up to 80% less disc usage in some scenarios. The problem with rsync is, that as soon as you sync from one partition to another all hard links get copied as normal files. The hard linking only works on the same partition. So as soon as i use rsync the 500GB become around 1400GB. Move everything you can with rsync, then deal with your maildir separately. I've used "imapsync" before on a 30,000 user e-mail system -- first run took a day or more, final system-down cutover run took time, but we were down only a few hours (this was over a decade ago, don't hold me to the numbers). dovecot has a "dsync" tool. Haven't used it, but it would be worth a look at, I think. I think thats a good idea. I am going to solve this outside of OpenBSD on the protocol level. Maybe use a second server, migrate via imap and then switch the servers back. Something like that. Thanks for all the replies on and off list! Thanks and greetings! Leo
Re: growfs on an encrypted softraid0
Dnia Thu, Mar 24, 2022 at 09:56:25AM -0400, Nick Holland napisał(a): > On 3/24/22 8:38 AM, Leo Unglaub wrote: > > Hey friends, > > > > i have a 500GB drive that is fully encrypted using a softraid with > > raidlevel C. It works perfectly. But now the drive is getting full and i > > have to grow it. This server is running in the Hetzner Cloud and > > resizing the drive is supported to 10TB. > > > > With an unencrypted partition this works well in OpenBSD. I can use > > disklabel and growfs to enlarge the drive, but that does not work with > > an encrypted partition. > > correct... you can growfs a FS within an encrypted partition, but can not > grow the encrypted partition. > > > Do you have any recommendations on what the best way forward is in this > > case? I tried adding a new 1TB drive and copying all the files over and > > just remounting it. But even with the super fast M2. SSD drives in there > > it took more than 3 days to finish. (lots of small files, its my email > > server) > > well, you might want to have a chat with your service provider. There's > nothing "super fast" about 500g in three days (though my VPS on my primary > web/mail server also brags about SSDs...and the slowest disk performance I > have seen in decades. I have a note-to-self in the .profile that a > sysupgrade takes 15 minutes to keep me from freaking out during upgrades. > Other systems I have with them have more expected performance. *shrug*) > > > Having my email server down for 3 days is not really a good option for > > obvious reasons. > > might be fun. :) > > though if you are worried about just your incoming mail, spinning up a > secondary MX and letting it spool your mail while your primary is down > would be an option. > > > I also tried doing an initial copy and then using rsync, but because > > dovecot (imap server from ports) uses a lot of hardlinks rsync is not > > working correctly even with the hard link option (bugs are described in > > the rsync man page) and openrsync does not support handling them. > > what? where? I'm not seeing what you are refering to here. > Also a quick web search isn't showing a problem, but I am seeing a lot > of people using rsync to back up dovecot maildir servers. (if totally > off-topic to OpenBSD, please advise me off-list) > > > Do you have any ideas what i can do in this case? > > Thanks and greetings > > well... like any HW migration, divide and conquer. > Move the static stuff first live, then move the changing stuff last. > > Move everything you can with rsync, then deal with your maildir separately. > I've used "imapsync" before on a 30,000 user e-mail system -- first run > took a day or more, final system-down cutover run took time, but we were > down only a few hours (this was over a decade ago, don't hold me to the > numbers). > > dovecot has a "dsync" tool. Haven't used it, but it would be worth a > look at, I think. > > Nick. > > > > Leo > > > >> OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 > >> > >> r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > >> real mem = 4177379328 (3983MB) > >> avail mem = 4034740224 (3847MB) > >> random: good seed from bootblocks > >> mpath0 at root > >> scsibus0 at mpath0: 256 targets > >> mainbus0 at root > >> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries) > >> bios0: vendor Hetzner version "2017" date 11/11/2017 > >> bios0: Hetzner vServer > >> acpi0 at bios0: ACPI 1.0 > >> acpi0: sleep states S5 > >> acpi0: tables DSDT FACP APIC HPET > >> acpi0: wakeup devices > >> acpitimer0 at acpi0: 3579545 Hz, 24 bits > >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > >> cpu0 at mainbus0: apid 0 (boot processor) > >> cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04 > >> cpu0: > >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN > >> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB > >> 64b/line 16-way L2 cache > >> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > >> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > >> cpu0: smt 0, core 0, package 0 > >> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > >> cpu0: apic clock running at 1000MHz > >> cpu1 at mainbus0: apid 1 (application processor) > >> cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04 > >> cpu1: > >>
Re: growfs on an encrypted softraid0
On 3/24/22 8:38 AM, Leo Unglaub wrote: Hey friends, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. correct... you can growfs a FS within an encrypted partition, but can not grow the encrypted partition. Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) well, you might want to have a chat with your service provider. There's nothing "super fast" about 500g in three days (though my VPS on my primary web/mail server also brags about SSDs...and the slowest disk performance I have seen in decades. I have a note-to-self in the .profile that a sysupgrade takes 15 minutes to keep me from freaking out during upgrades. Other systems I have with them have more expected performance. *shrug*) Having my email server down for 3 days is not really a good option for obvious reasons. might be fun. :) though if you are worried about just your incoming mail, spinning up a secondary MX and letting it spool your mail while your primary is down would be an option. I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. what? where? I'm not seeing what you are refering to here. Also a quick web search isn't showing a problem, but I am seeing a lot of people using rsync to back up dovecot maildir servers. (if totally off-topic to OpenBSD, please advise me off-list) Do you have any ideas what i can do in this case? Thanks and greetings well... like any HW migration, divide and conquer. Move the static stuff first live, then move the changing stuff last. Move everything you can with rsync, then deal with your maildir separately. I've used "imapsync" before on a 30,000 user e-mail system -- first run took a day or more, final system-down cutover run took time, but we were down only a few hours (this was over a decade ago, don't hold me to the numbers). dovecot has a "dsync" tool. Haven't used it, but it would be worth a look at, I think. Nick. Leo OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4177379328 (3983MB) avail mem = 4034740224 (3847MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255
growfs on an encrypted softraid0
Hey friends, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) Having my email server down for 3 days is not really a good option for obvious reasons. I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. Do you have any ideas what i can do in this case? Thanks and greetings Leo OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4177379328 (3983MB) avail mem = 4034740224 (3847MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 96:00:00:31:1f:b5 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00
Desktops and laptops status of firewall and FDE
Hi, Do you guys have an approach, a software to periodically monitor status of endpoint machines, laptops, desktops where the requirement is to have full disk encryption and firewall enabled, and appropriately configured? Machines would be OpenBSD and Linux. I guess MacOS too, but that is less relevant I think. -- Regards, Mikolaj
Re: nxserver on OpenBSD
On 2022-03-24, Sandeep Gupta wrote: > Hello, > > I am looking for an nxserver for openBSD. It seems all the well know > solutions -- NoMachine, OpenNX, nxserver. The only one which is actively > worked on is X2GO. Just wanted to confirm if OpenBSD has support for any of > the nxserver solutions or is there plan/intend to support one. Seems your best bet would be to run an NX server on Linux as a proxy as suggested in https://x2go-user.x2go.narkive.com/NUuuZlc7/compile-and-run-x2go-server-in-openindiana-freebsd If you can use a different protocol, tigervnc is in packages (and was an absolute pain to get to build!).
