...of freezing ports - why?
Whenever we are waiting for the new release of FreeBSD, now is 8.3, ports are
frozen. There are no updates and in case of 8.3 coming release is time about
three months. Could someone explain, please why is this freezing very
important because soon after release came
Ports are frozen, a snapshot of the ports tree is made for use on their
build boxes to make packages for the mirrors. Assuming no issues have been
discovered on the build servers (broken ports that need to be fixed) it
will be packaged with 8.3-RELEASE. I'm probably missing several important
On Tuesday 17 April 2012 09:43:50 Mark Felder wrote:
Ports are frozen, a snapshot of the ports tree is made for use on their
build boxes to make packages for the mirrors. Assuming no issues have been
discovered on the build servers (broken ports that need to be fixed) it
will be packaged with
For the first time, a customer is asking me for root access to said
customer's servers.
Obviously, I must comply. At the same time, I cannot continue be
accountable for those servers.
Is this that simple and clear cut?
Assuming that I'll be asked to continue administering said servers, I guess
On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
Customer + root@server == !go; :-)
Obviously, I must comply. At the same time, I cannot continue be
accountable for those servers.
Fully correct. Check
On 29/12/2011 09:01, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
Obviously, I must comply. At the same time, I cannot continue be
accountable for those servers.
Is this that simple and clear cut?
Assuming that I'll be asked to
On Thursday 29 December 2011, Damien Fleuriot wrote:
[snip]
sudo su - or sudo sh and the customer gets a native root shell
which does *not* log commands !
[snip]
Say the customer can sudo commands located in
/usr/local/libexec/CUSTOMER/
All he has to do is write a simple link to sh/bash,
-Original Message-
From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-
questi...@freebsd.org] On Behalf Of Polytropon
Sent: Thursday, December 29, 2011 9:58 AM
To: Carl Johnson
Cc: freebsd-questions@freebsd.org
Subject: Re: OT: Root access policy
On Thu, 29 Dec
On 12/29/11 10:58 AM, Polytropon wrote:
On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
Customer + root@server == !go; :-)
Obviously, I must comply. At the same time, I cannot continue be
On Thu, 29 Dec 2011 11:23:31 +0100, Damien Fleuriot wrote:
On 12/29/11 10:58 AM, Polytropon wrote:
On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote:
Obviously, I must comply. At the same time, I cannot continue be
accountable for those servers.
Fully correct. Check the contract you
On Thu, Dec 29, 2011 at 10:01 AM, Irk Ed irked7...@gmail.com wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
Are we talking about jail(8)- or server-level root access?
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
On Thu, 29 Dec 2011 09:15:45 -0800, Carl Johnson wrote:
Damien Fleuriot m...@my.gd writes:
On 12/29/11 10:58 AM, Polytropon wrote:
On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
snip
Damien Fleuriot m...@my.gd writes:
On 12/29/11 10:58 AM, Polytropon wrote:
On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
snip
Assuming that I'll be asked to continue administering said servers, I
On Dec 29, 2011, at 4:01 AM, Irk Ed wrote:
For the first time, a customer is asking me for root access to said
customer's servers.
Obviously, I must comply. At the same time, I cannot continue be
accountable for those servers.
Is this that simple and clear cut?
Assuming that I'll be
Hello list,
My question is regarding official maillist smtp servers. I'm trying to
subscribe on security-notifications, but (for some reasons) our
outgoing MX has no PTR record and mx1.freebsd.org rejects my message:
Reporting-MTA: dns; xxx
Arrival-Date: Mon, 16 Aug 2010 17:18:39 +0400
On 19/08/2010 07:54, Jeff Laine wrote:
So, the question is: do the freebsd.org maillist servers follow SPF
records or PTR record is mandatory?
The PTR is mandatory. The vast majority of SMTP senders without proper
PTR records are zombie machines spreading spam. Anyone running a real
mail
Personal Use Program
Here's how it works...
WFRG loves wood flooring. We develop many unique wood flooring products,
several of which have become our personal favorites. We are so excited about
these favorites that we would like to share them with you. And what better way
to do so than to
Personal Use Program
Here's how it works...
WFRG loves wood flooring. We develop many unique wood flooring products,
several of which have become our personal favorites. We are so excited about
these favorites that we would like to share them with you. And what better way
to do so than to
Now FreeBSD with a unique wood floor, that is a very exciting prospect!
Olivier
I know, I know, don't feed them, but I think it is the right time tio
offer beasty a new home! :))
___
freebsd-questions@freebsd.org mailing list
All:
The install.cfg mechanism is pretty wicked.
Unfortunately, there doesn't seem to be a really efficient way
to provide new clients (or class of clients) an install.cfg
without rebuilding an MFSROOT image.
At least with pxeboot(8), in TFTP-only-mode, using
dhcpd.conf(5) client{}
On 21/04/10 21:59, Brian A. Seklecki (CFI NOC) wrote:
All:
The install.cfg mechanism is pretty wicked.
Unfortunately, there doesn't seem to be a really efficient way
to provide new clients (or class of clients) an install.cfg
without rebuilding an MFSROOT image.
Possibly a
Attention: freebsd-questions@freebsd.org
A policy-violation was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The policy-violation was reported to be:
SCR files not allowed per Company security policy
Please
I'm running FBSD7 stable and I can't find out why policy kit won't run even
though I have it enabled in rc.conf:
dbus_enable=YES
hald_enable=YES
polkitd_enable=YES
I can see dbus and hald but not polkitd nor do I see any error messages.
Strange
Hi all,
I have a server running 6.2-stable that experiences mbuf leakage
if I perform policy routing with ipfilter. This is independent of the
hardware as I have moved the disk to a different machine with different
MB, NICs etc and had the same result.
The server is running quagga, postfix
20
port or find the wrong line in ipfw fwd rules?
Best regards,
Narek
-Original Message-
From: Julian Elischer [mailto:[EMAIL PROTECTED]
Sent: Monday, July 30, 2007 2:02 AM
To: Narek Gharibyan
Subject: Re: Policy - based Routing problem Need help
Narek Gharibyan wrote:
Yes your written
that.
Best regards,
Narek
-Original Message-
From: Julian Elischer [mailto:[EMAIL PROTECTED]
Sent: Monday, July 30, 2007 2:02 AM
To: Narek Gharibyan
Subject: Re: Policy - based Routing problem Need help
Narek Gharibyan wrote:
Yes your written rules are correct, You think exactly
I want
Hi all,
I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
and 2 LAN connections. I need to do a policy-based routing. All I need that
packets coming from one ISP interface return to that interface (incoming
connections' source based routing) and the other hand do a IP
On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
and 2 LAN connections. I need to do a policy-based routing. All I need that
packets coming from one ISP interface return to that interface (incoming
I have some question about password policy in FreeBSD:
1. Administrator can enforce password expire in /etc/login.conf
Is there any tool that can check when the password will expire for the
users?
2. Any good way to enforce minimum password length and other
restriction(like password need
Patrick Dung wrote:
I have some question about password policy in FreeBSD:
1. Administrator can enforce password expire in /etc/login.conf
Is there any tool that can check when the password will expire for the
users?
2. Any good way to enforce minimum password length and other
restriction
).
The user can use password A, then user change to password B and then
change back to password A...
Regards
Patrick
--- Manolis Kiagias [EMAIL PROTECTED] wrote:
Patrick Dung wrote:
I have some question about password policy in FreeBSD:
1. Administrator can enforce password expire in /etc
Patrick, good day.
Sat, Jun 30, 2007 at 10:12:59AM -0700, Patrick Dung wrote:
1. Administrator can enforce password expire in /etc/login.conf
In the /etc/master.passwd. login.conf has the fields, but does
not implement the functionality, if the manpage is right:
=
RESERVED CAPABILITIES
Me again. Forgot to finish the sentence, sorry.
Sat, Jun 30, 2007 at 11:59:49PM +0400, Eygene Ryabinkin wrote:
1. Administrator can enforce password expire in /etc/login.conf
In the /etc/master.passwd. login.conf has the fields, but does
not implement the functionality, if the manpage is
The attachment(s) from the following e-mail was removed due to CI Investments'
e-mail policy.
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 15 Mar 2007 23:40:18 -0500
Subject: STATUS
The following violations were detected:
--- Scan information follows ---
Virus Name: [EMAIL
Jason C. Wells wrote:
Where is the policy regarding compatibility between releases documented?
I recall reading once upon a time that FreeBSD won't break compatibility
for the duration of a major point release. If a third party wrote
software for 6.0 it would be perfectly compatible with 6.1
Erik Norgaard wrote:
Jason C. Wells wrote:
Where is the policy regarding compatibility between releases documented?
I recall reading once upon a time that FreeBSD won't break
compatibility for the duration of a major point release. If a third
party wrote software for 6.0 it would
community
might employee POLA in this regard, this sure seems like the kind of
policy issue that would be written into our release engineering
documents. (I couldn't find it.)
Looks like you want to read this:
http://www.freebsd.org/portmgr/policies.html
POLA is an ideal, it may
Jason C. Wells writes:
Ports astonish me more often than FreeBSD to be sure. If one
uses a port that was built on a 6.0 system, can one trust that no
bit rot will occur by the time 6.9 rolls around.
If you mean Is it guaranteed a binary built under x.0 will
run, even with
Where is the policy regarding compatibility between releases documented?
I recall reading once upon a time that FreeBSD won't break compatibility
for the duration of a major point release. If a third party wrote
software for 6.0 it would be perfectly compatible with 6.1, 6.2
I'm PXE booting systems using the dhcprelay feature on a PIX 525 running
7.1(2). The TFTP process of retrieval of /tftoboot/pxeboot works fine,
however once loaded NFS mount requests to the server fail per the
following messages. In my config, all layer 4-7 packet inspection
features are
This is my supfile:
*default host=cvsup1.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default tag=RELENG_6_0
*default delete use-rel-suffix
src-all
*default tag=.
ports-all
doc-all
I have been using it like this for years, obviously changing to the latest
Mike Loiterman wrote:
This is my supfile:
*default host=cvsup1.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default tag=RELENG_6_0
*default delete use-rel-suffix
src-all
*default tag=.
ports-all
doc-all
I have been using it like this for years, obviously
On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote:
Mike Loiterman wrote:
This is my supfile:
*default host=cvsup1.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default tag=RELENG_6_0
*default delete use-rel-suffix
src-all
*default tag=.
Erik Trulsson mailto:[EMAIL PROTECTED] wrote:
On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote:
Mike Loiterman wrote:
This is my supfile:
*default host=cvsup1.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default tag=RELENG_6_0
*default
On 3/14/06, Mike Loiterman [EMAIL PROTECTED] wrote:
Erik Trulsson mailto:[EMAIL PROTECTED] wrote:
On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote:
Mike Loiterman wrote:
Is it advisable to sync my source to RELEASE, but to CURRENT for
ports? Typically, I upgade my ports a few
On Tue, 14 Mar 2006 08:35:46 -0600, Mike Loiterman
[EMAIL PROTECTED] said:
Erik Trulsson mailto:[EMAIL PROTECTED] wrote:
[snip]
Is it advisable to sync my source to RELEASE, but to CURRENT for
ports? Typically, I upgade my ports a few days after they get
updated so I'm always running the
is it correct / useful / polite to close a thread marking it as
[solved] or something like this, or it's just a waste of time / space
/ ?
I think it could be useful, so other people wanting to help don't
waste time trying to give further advices, and people needing help in
that subject
On 12/15/05, Dan O'Connor [EMAIL PROTECTED] wrote:
I'd like to see a wrap-up post, with '[solved]' in the subject, and
including what the working solution actually is; that way, someone
searching the mailing list archives can quickly home-in on the
solution...
Yes, this is pretty much what I
On Wednesday 14 December 2005 18:33, Dan O'Connor wrote:
is it correct / useful / polite to close a thread marking it as
[solved] or something like this, or it's just a waste of time / space
/ ?
I think it could be useful, so other people wanting to help don't
waste time trying to
Hi list,
just a little question about how to behave on the list(s):
is it correct / useful / polite to close a thread marking it as
[solved] or something like this, or it's just a waste of time / space
/ ?
I think it could be useful, so other people wanting to help don't
waste
Hi list,
just a little question about how to behave on the list(s):
is it correct / useful / polite to close a thread marking it as
[solved] or something like this, or it's just a waste of time / space
/ ?
I think it could be useful, so other people wanting to help don't
waste time trying
On 2005-12-13 13:41, Pietro Cerutti [EMAIL PROTECTED] wrote:
Hi list,
just a little question about how to behave on the list(s):
is it correct / useful / polite to close a thread marking it as
[solved] or something like this, or it's just a waste of time / space
/ ?
I think it could
Hi,
I'm trying to move from Linux to FreeBSD, but the most difficult part in
this change it seems to be the transition from iproute2 to ipfw to make
policy routing, this case works on Linux but I'm still not able to get it
works on FreeBSD.
Net1: 192.168.0.0/25
Net2: 192.168.0.128/25
Hi,
I'm not so convinced of that - after a cvsup of ports overnight, this
remains:
# ll /usr/ports/security/tripwire/files/twpol.txt
-rw-r--r-- 1 root wheel 20651 Mar 5 2002 /usr/ports/security/tripwire/fi
les/twpol.txt
Well, just to prove me wrong I updated ports again and:
# ll
FYI-
The policy file looks to be updated for 5.x systems now. Tripwire's back.
Bret
Bret Walker wrote:
Does anyone know where I can find a good Tripwire policy file for 5.4?
I installed tripwire-2.3.1.2_3 from ports, but the default policy file
throws a lot of errors. I think it's
The policy file looks to be updated for 5.x systems now. Tripwire's back.
I'm not so convinced of that - after a cvsup of ports overnight, this
remains:
# ll /usr/ports/security/tripwire/files/twpol.txt
-rw-r--r-- 1 root wheel 20651 Mar 5 2002
/usr/ports/security/tripwire/files
Does anyone know where I can find a good Tripwire policy file for 5.4?
I installed tripwire-2.3.1.2_3 from ports, but the default policy file
throws a lot of errors. I think it's tailored to 4.x.
Thanks,
Bret
smime.p7s
Description: S/MIME Cryptographic Signature
The following message sent by this account has violated system policy:
From: freebsd-questions@freebsd.org
To: [EMAIL PROTECTED]
Date: Wed, 18 May 2005 10:17:10 +0200
Subject: unknown
The following violations were detected:
--- Scan information follows ---
Virus Name: [EMAIL PROTECTED]
File
The following message sent by this account has violated system policy:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Wed, 16 Jun 2004 09:29:51 +0200
Subject: warning
The following violations were detected:
--- Scan information follows ---
Virus Name: [EMAIL PROTECTED]
File Attachment
Hi guys
Suppose my FreeBSD machine is a router/firewall for a small private network
and I use transparent proxying. ipnat.conf looks like this :
rdr fxp0 192.168.0.254/32 port 80 - 192.168.0.254 port 8000 tcp
rdr fxp0 0/0 port 80 - 192.168.0.254 port 3128 tcp
map dc0 192.168.0.0/24 -
] wrote:
Hi,
I am trying to setup policy but I keep on getting all these in
my log files.
postfix/policy-spf[15755]: : testing: stripped
[EMAIL PROTECTED], stripped [EMAIL PROTECTED]
postfix/policy-spf[15755]: : SPF :
smtp_comment
Hi,
I am trying to setup policy but I keep on getting all these in my log files.
postfix/policy-spf[15755]: : testing: stripped [EMAIL PROTECTED], stripped [EMAIL
PROTECTED]
postfix/policy-spf[15755]: : SPF :
smtp_comment
?.doc
??.doc
.doc
So maybe this is your problem.
best regards,
Robert
On Sun, 30 May 2004 01:43:54 +0300
Lefteris Tsintjelis [EMAIL PROTECTED] wrote:
Hi,
I am trying to setup policy but I keep on getting all
routing which is easily done on
linux with
policy routing but i didn't found a similar function on bsd. My network
layout look like this, remember this network is running in one box.
internet---firewalljail(69.10.3.3)
| internaljail-0(192.168.19.1
Hello,
I'm trying to build a solid tripwire policy file. So far I have only found
one resource to use:
http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html
Though this seems to be a good one it is written for 4.6. I'm not sure if
this is a problem or not.
So my questions are: How
65 matches
Mail list logo