Re: SSL working with nginx, not with httpd. Any ideas?

2015-03-14 Thread Ezequiel Garzon 
Hi, Hugo!

 Are yuo sure that's right? I don't see the ssl keyword anywhere in the
 docs

I see what you're saying... I'm using 5.6-release, which is really not 
recommended for httpd as it's moving quite fast. I wonder if that would 
fix it.

 You also seem to be missing TLS certificate/key is you're going to use 
 TLS.

I'm using the default files, /etc/ssl/private/server.key and 
/etc/ssl/server.crt. I failed to mention that under (Ubuntu) Chrome I get 
a green lock. By now I'm pretty sure I'm missing the intermediate 
certificate.

Thanks for looking into it!

Best,

Ezequiel

SSL working with nginx, not with httpd. Any ideas?

2015-03-14 Thread Ezequiel Garzon 
Greetings! For some reason I'm able to set up SSL support for my domain 
using nginx, but not httpd. I have combined my certificates like this:

# cat ssl.crt sub.class1.server.ca.pem ca.pem  /etc/ssl/server.crt

However, if I stop nginx and start httpd I get:

$ curl -I https://ezequiel-garzon.net 
curl: (60) SSL certificate problem: unable to get local issuer 
certificate

I have attempted to write a minimal config file at /etc/httpd.config:

server defaults {listen on egress ssl port 443}

Any ideas on what I'm doing wrong? Thanks for your help!

Cheers,

Ezequiel

Re: DigitalOcean's BSD debut is FreeBSD only

2014-12-22 Thread Ezequiel Garzon 
I should mention that RamNode offers OpenBSD -release without the
need to upload any images: you can choose OpenBSD i386 or amd64
from the pre-loaded CD images for KVM servers. I have to run `cd
/dev  ./MAKEDEV all` after installation, though [*], to avoid
getting daily insecurity reports. (Thanks, Benjamin!)

Cheers!

Ezequiel

[*] https://www.marc.info/?l=openbsd-miscm=141768511309276w=2

Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.

2014-12-04 Thread Ezequiel Garzon 
 chgrp operator /dev/X

Thanks. I tried it but I now get

Disk /dev/X is user root, group operator, permissions brw---.

Clearly I can just let it be, but it's puzzling, particularly as it 
happens right after a fresh install. Any other suggestions will be 
welcome.

Thanks again,

Ezequiel

Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.

2014-12-04 Thread Ezequiel Garzon 
 how about MAKEDEV(8)?  
 cd /dev  ./MAKEDEV all

Thanks, Ben! That took care of everything in one fell swoop. I first
fixed it manually with chgrp operator, as recommended by Mike, and
reverting to 644, as pointed out by Miod. It is interesting I need
to do this under KVM but not under VirtualBox (5.6-release for i386
in both cases).

Many thanks to everybody for your time.

Best regards,

Ezequiel

Disk /dev/X is user root, group wheel, permissions brw-r-----.

2014-12-03 Thread Ezequiel Garzon 
Greetings! I'm trying to take care of the warnings I get in my daily 
insecurity output, and the one persisting is:

Disk /dev/X is user root, group wheel, permissions brw-r-.

where X is basically all of fd[0-9]*, rd*, sd*, vnd* and wd*. I tried 
chmod 600, as suggested somewhere on the Internet, but I simply got

Disk /dev/X is user root, group wheel, permissions brw---.

Any suggestions as to what this message is telling me? More 
generally, is it normal to get these warnings from a fresh install? I'm 
on 5.6-release, having simply enabled the nsd, httpd and spamd flags 
under /etc/rc.local.config. I ran

chown root:kmem /dev/mem
chown root:kmem /dev/kmem

to comply with the warnings

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
dev/kmem: 
gid (2, 0)
dev/mem: 
gid (2, 0)
mtree special: exit code 2

I'm using an i386 virtual machine with KVM. Below is my dmesg output. 
Thanks in advance for any pointers.

Best regards,

Ezequiel

OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: QEMU Virtual CPU version (cpu64-rhel6) (GenuineIntel 686-class) 3.31 GHz
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,LONG,SSE3,CX16,LAHF,PERF
real mem  = 267927552 (255MB)
avail mem = 251097088 (239MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046, SMBIOS 
rev. 2.4 @ 0xec0 (10 entries)
bios0: vendor Seabios version 0.5.1 date 01/01/2007
bios0: Red Hat KVM
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP SSDT APIC SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8c00 0xc9000/0x800 0xc9800/0x2200
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00
pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK
wd0: 16-sector PIO, LBA48, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 0, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: QEMU, QEMU DVD-ROM, 0.12 ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 0
uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: apic 0 int 11
piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x03: apic 0 int 9
iic0 at piixpm0
iic0: addr 0x1c 0f=00 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 
06=2978 07=2978
iic0: addr 0x1d 0f=00 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 
06=2978 07=2978
iic0: addr 0x4c 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 
00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978
iic0: addr 0x4d 3e=d1 48=d1 4a=d1 4e=d1 fc=d1 fe=d1 words 00=2978 01=2978 
02=2978 03=2978 04=2978 05=2978 06=2978 07=2978
iic0: addr 0x4e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 3e=d1 
48=d1 4a=d1 4e=d1 fc=d1 fe=d1 words 00=2978 01=2978 02=2978 03=2978 04=2978 
05=2978 06=2978 07=2978
vga1 at pci0 dev 2 function 0 Cirrus Logic CL-GD5446 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 Qumranet Virtio Network rev 0x00: Virtio 
Network Device
vio0 at virtio0: address 00:16:3c:0e:65:13
virtio0: apic 0 int 11
virtio1 at pci0 dev 4 function 0 Qumranet Virtio Memory rev 0x00: Virtio 
Memory Balloon Device
viomb0 at virtio1
virtio1: apic 0 int 11
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: density unknown
fd1 at fdc0 drive 1: density unknown
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1
nvram: invalid checksum
uhidev0 at uhub0 port 1 configuration 1 interface 0 QEMU 0.12.1 QEMU USB 
Tablet rev 2.00/0.00 addr 2
uhidev0: iclass 3/0
uhid0 at uhidev0: input=6, output=0, feature=0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root

Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.

2014-12-03 Thread Ezequiel Garzon 
 It must be root.operator and the mode must NOT include user-readable,
 user-writable, or group-readable.

Thanks, Mike, but isn't that achieved by chmod 600? And yet I get

Disk /dev/X is user root, group wheel, permissions brw---.

in the next daily insecurity output. Maybe I don't know what operator 
means in this context. Does it mean root user?

Thanks and cheers,

Ezequiel

Malformed request shuts down httpd

2014-11-28 Thread Ezequiel Garzon 
Hello! I know a lot is happening to httpd lately, so maybe this is not 
an issue anymore. I've noticed that a malformed HTTP request such as

$ printf 'GET /file\r\n\r\n'| nc myhost 80

doesn't just silently fail, but rather shuts down httpd. My 
/etc/httpd.conf is minimal:

server default {listen on egress port 80}

Has anybody else tried this?

Thanks and cheers,

Ezequiel

Re: Malformed request shuts down httpd

2014-11-28 Thread Ezequiel Garzon 
Thanks for all the replies. Ville, I'm using -release, on the i386 
architecture... inside a VPS. I can gather from the replies that indeed 
httpd is changing quite fast right now, so it doesn't seem very useful 
to report on -release. (In fact, apologies for my question a few days 
ago on the Last-Modified header: I can see in the -current changelog 
that it has already been implemented.) Maybe I'll roll up my sleeves 
and learn how to have a -current system.

Thanks, Stuart, too. I didn't now my malformed example was not 
malformed after all! 

Cheers,

Ezequiel