Xvnc missing font
--- Xvnc Free Edition 4.1.3 - built Mar 27 2012 22:08:04 Copyright (C) 2002-2008 RealVNC Ltd. See http://www.realvnc.com for information on VNC. Underlying X server release 4030, The XFree86 Project, Inc Mon Apr 30 07:30:02 2012 vncext: VNC extension running! vncext: Listening for VNC connections on port 5905 vncext: Listening for HTTP connections on port 5805 vncext: created VNC server for screen 0 error opening security policy file /usr/local/lib/X11/xserver/SecurityPolicy Could not init font path element /usr/local/lib/X11/fonts/Speedo/, removing from list! Could not init font path element /usr/local/lib/X11/fonts/CID/, removing from list! Fatal server error: could not open default cursor font 'cursor' -- anyone know how could i install (what ports) missing files? Ordinary Xorg X server works fine. Seems like vnc port miss some dependencies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: firefox is marked as broken?
On Mon, 30 Apr 2012, Beat Gätzi wrote: On Apr 30, 2012, at 7:01 AM, Jong-Beom Kim wrote: I have installed FreeBSD 9.0 last night and so far, so good except firefox installation. it simply doesn't build with this message. # make install clean ===> firefox-12.0,1 is marked as broken: does not build. *** Error code 1 Stop in /usr/ports/www/firefox. is it just me or is firefox really broken currently? The PGO option is currently marked broken. Please run "make config" and deselect PGO. That message really ought to be more specific, like "does not build with PGO enabled".___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: firefox is marked as broken?
On Mon, 30 Apr 2012, Jong-Beom Kim wrote: I have installed FreeBSD 9.0 last night and so far, so good except firefox installation. it simply doesn't build with this message. # make install clean ===> firefox-12.0,1 is marked as broken: does not build. *** Error code 1 Stop in /usr/ports/www/firefox. is it just me or is firefox really broken currently? Turn off the PGO option. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: firefox is marked as broken?
On Apr 30, 2012, at 7:01 AM, Jong-Beom Kim wrote: > I have installed FreeBSD 9.0 last night and so far, so good except firefox > installation. > > it simply doesn't build with this message. > > # make install clean > ===> firefox-12.0,1 is marked as broken: does not build. > *** Error code 1 > > Stop in /usr/ports/www/firefox. > > is it just me or is firefox really broken currently? The PGO option is currently marked broken. Please run "make config" and deselect PGO. HTH, Beat ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: firefox is marked as broken?
*** Error code 1 Stop in /usr/ports/www/firefox. is it just me or is firefox really broken currently? or maybe it finally got market as such ;) As well as many other browsers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
firefox is marked as broken?
Jong-Beom Kim writes: > I have installed FreeBSD 9.0 last night and so far, so good except firefox > installation. > > it simply doesn't build with this message. > > # make install clean > ===> firefox-12.0,1 is marked as broken: does not build. > *** Error code 1 > > Stop in /usr/ports/www/firefox. > > is it just me or is firefox really broken currently? Works for me on FreeBSD 10.0-CURRENT #0: Sun Mar 11 08:20:02 EDT 2012 amd64 I would have built it within a day or two of the port being released. Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: First character typed lost
On Sun, 29 Apr 2012, Lars Eighner wrote: On Sun, 29 Apr 2012, Warren Block wrote: On a Gateway ML6732 notebook, FreeBSD 9-stable is working great. Video works (i915), sound works, the only thing that isn't quite right is that the first character typed after the FreeBSD kernel loads is lost. After that, it works normally. This makes entering a passphrase more challenging. These are total shots in the dark: 1. It is entirely normal (and generally thought desirable) for the screensaver to swallow the first character when it is running -- see if this is worth further investigation by changing screensavers or disabling it altogether. 2. check /etc/issue to see if there is a trailing ANSI sequence that might eat a character. Interesting suggestions. Turning off legacy USB support in the BIOS as suggested by Adam seems to have fixed it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
firefox is marked as broken?
I have installed FreeBSD 9.0 last night and so far, so good except firefox installation. it simply doesn't build with this message. # make install clean ===> firefox-12.0,1 is marked as broken: does not build. *** Error code 1 Stop in /usr/ports/www/firefox. is it just me or is firefox really broken currently? -- *Kim* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 11:49 PM, Erich Dollansky wrote: > Hi, > > On Monday 30 April 2012 02:02:41 jb wrote: >> Alejandro Imass p2ee.org> writes: >> >> > ... >> > > What you should do right now is to get some recent general or security >> > > cd/dvd >> > > with chkrootkit and rkhunter and run them from that external read-only >> > > media. >> > > I would also suggest that you look over config files of all packages >> > > involved. >> > > jb >> > > >> > >> > Thanks! Will do, but I don't know of any FreeBSD and/or derived >> > distros for security. Or can I use any Linux security distro? I >> > remember reading about some trouble of Linux chkrootkit on FBSD >> >> It looks like you have only one choice with prebuilt rkhunter package only: >> http://www.freebsd.org/releases/9.0R/announce.html >> >> dvd1 >> This contains everything necessary to install the base FreeBSD operating >> system, >> a collection of pre-built packages aimed at getting a graphical workstation >> up >> and running. It also supports booting into a "livefs" based rescue mode. This >> should be all you need if you can burn and use DVD-sized media. >> >> ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/ >> rkhunter-1.3.8_1.tbz 04/18/12 18:56:00 >> >> With regard to verification of config files - you said you got backups >> (those >> pre-incident would be best) and you have the incident-time files, so do a >> diff >> on dirs (in particular /etc and /usr/local/etc) >> > I would burn the backup of these files to an optical disk, start the system > and do a diff as the first step. The system can be started from an USB drive > (take the 9.0 installation image) or DVD. > > Of course, rkhunter can be started in the second step. ran both, found nothing Back to theory on how the http-proxy jail 'swallowed' all the other jails including the basejail. I noticed that jail had a not so old bug in 2010 FBSD 8.0 which The jail(8) utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants. Reference: http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc Given that EzJail uses a single basejail and links/mounts stuff in the child jails it would seem plausible (regression?) that somehow any jail could access other jails' files, or that _maybe_ in an event of crash the nullsfs mounts confuse the system somehow when fsck restores or the journal is recovered. Whatever the cause, it actually happened and I have already ruled out just about anything. It doesn't seem to have been an attack, it surely wasn't me, and EzJail author agrees it was not the EzJail scripts. So maybe nullfs and journaling, or crash + nullfs + journaling, could cause something like this to happen? Maybe journal has some confusion on restoring the nullfs view of the directories or something after bad crash like this one?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
Hi, On Monday 30 April 2012 02:02:41 jb wrote: > Alejandro Imass p2ee.org> writes: > > > ... > > > What you should do right now is to get some recent general or security > > > cd/dvd > > > with chkrootkit and rkhunter and run them from that external read-only > > > media. > > > I would also suggest that you look over config files of all packages > > > involved. > > > jb > > > > > > > Thanks! Will do, but I don't know of any FreeBSD and/or derived > > distros for security. Or can I use any Linux security distro? I > > remember reading about some trouble of Linux chkrootkit on FBSD > > It looks like you have only one choice with prebuilt rkhunter package only: > http://www.freebsd.org/releases/9.0R/announce.html > > dvd1 > This contains everything necessary to install the base FreeBSD operating > system, > a collection of pre-built packages aimed at getting a graphical workstation up > and running. It also supports booting into a "livefs" based rescue mode. This > should be all you need if you can burn and use DVD-sized media. > > ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/ > rkhunter-1.3.8_1.tbz 04/18/1218:56:00 > > With regard to verification of config files - you said you got backups (those > pre-incident would be best) and you have the incident-time files, so do a diff > on dirs (in particular /etc and /usr/local/etc) > I would burn the backup of these files to an optical disk, start the system and do a diff as the first step. The system can be started from an USB drive (take the 9.0 installation image) or DVD. Of course, rkhunter can be started in the second step. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: First character typed lost
On Sun, 29 Apr 2012, Adam Vande More wrote: On Sun, Apr 29, 2012 at 6:04 PM, Warren Block wrote: On a Gateway ML6732 notebook, FreeBSD 9-stable is working great. Video works (i915), sound works, the only thing that isn't quite right is that the first character typed after the FreeBSD kernel loads is lost. After that, it works normally. This makes entering a passphrase more challenging. ... Sometimes ps/2 devices are actually USB ones so I might try fiddling with BIOS USB settings eg legacy mode to see that makes a difference. Maybe try suggesting a different IRQ in device.hints? Just fishing. It does have a Legacy USB Support setting, and turning that off... fixed it! That would never have occurred to me. Thanks!___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: First character typed lost
On Sun, 29 Apr 2012, Warren Block wrote: On a Gateway ML6732 notebook, FreeBSD 9-stable is working great. Video works (i915), sound works, the only thing that isn't quite right is that the first character typed after the FreeBSD kernel loads is lost. After that, it works normally. This makes entering a passphrase more challenging. These are total shots in the dark: 1. It is entirely normal (and generally thought desirable) for the screensaver to swallow the first character when it is running -- see if this is worth further investigation by changing screensavers or disabling it altogether. 2. check /etc/issue to see if there is a trailing ANSI sequence that might eat a character. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: First character typed lost
On Sun, Apr 29, 2012 at 6:04 PM, Warren Block wrote: > On a Gateway ML6732 notebook, FreeBSD 9-stable is working great. Video > works (i915), sound works, the only thing that isn't quite right is that > the first character typed after the FreeBSD kernel loads is lost. After > that, it works normally. This makes entering a passphrase more challenging. > > Any suggestions on what to check? ACPI? atkbd hints? > > Currently it's running 9-stable, but did the same thing with 8.x. Of > course it works normally for the BIOS and boot menu, FreeBSD loader menu, > Windows, and Xubuntu. > > The system is not terribly old, a Pentium Dual T2390, and this is with a > GENERIC kernel. > > sysctl shows > > dev.atkbdc.0.%desc: Keyboard controller (i8042) > dev.atkbdc.0.%driver: atkbdc > dev.atkbdc.0.%location: handle=\_SB_.PCI0.LPCB.PS2K > dev.atkbdc.0.%pnpinfo: _HID=PNP0303 _UID=0 > dev.atkbdc.0.%parent: acpi0 > dev.atkbd.0.%desc: AT Keyboard > dev.atkbd.0.%driver: atkbd > dev.atkbd.0.%parent: atkbdc0 > > dmesg shows > > atkbdc0: port 0x60,0x64 irq 1 on acpi0 > atkbd0: irq 1 on atkbdc0 > kbd0 at atkbd0 > atkbd0: [GIANT-LOCKED] > Sometimes ps/2 devices are actually USB ones so I might try fiddling with BIOS USB settings eg legacy mode to see that makes a difference. Maybe try suggesting a different IRQ in device.hints? Just fishing. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
First character typed lost
On a Gateway ML6732 notebook, FreeBSD 9-stable is working great. Video works (i915), sound works, the only thing that isn't quite right is that the first character typed after the FreeBSD kernel loads is lost. After that, it works normally. This makes entering a passphrase more challenging. Any suggestions on what to check? ACPI? atkbd hints? Currently it's running 9-stable, but did the same thing with 8.x. Of course it works normally for the BIOS and boot menu, FreeBSD loader menu, Windows, and Xubuntu. The system is not terribly old, a Pentium Dual T2390, and this is with a GENERIC kernel. sysctl shows dev.atkbdc.0.%desc: Keyboard controller (i8042) dev.atkbdc.0.%driver: atkbdc dev.atkbdc.0.%location: handle=\_SB_.PCI0.LPCB.PS2K dev.atkbdc.0.%pnpinfo: _HID=PNP0303 _UID=0 dev.atkbdc.0.%parent: acpi0 dev.atkbd.0.%desc: AT Keyboard dev.atkbd.0.%driver: atkbd dev.atkbd.0.%parent: atkbdc0 dmesg shows atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: editor that understands CTRL/B, CTRL/I, CTRL/U
On Sat, Apr 28, 2012 at 08:01:13AM +0200, Polytropon wrote: > On Fri, 27 Apr 2012 18:36:13 -0600, Chad Perrin wrote: > > On Fri, Apr 27, 2012 at 06:00:51PM -0400, Jerry wrote: > > > On Fri, 27 Apr 2012 14:33:29 -0700 David Brodbeck articulated: > > > > > > > >Again, this is one of the reasons credit scoring is becoming so > > > >popular -- it's an almost automatic way to narrow down the pile. > > > >Another method in common use right now is to throw out applications > > > >from anyone who's currently unemployed, and only look at ones who > > > >already have a position and are looking to change jobs. > > > > > > I have been told by several people in HR that the trend to give > > > preference to those all ready working as opposed to the unemployed is > > > based on the philosophy that if no one else will hire them, then why > > > should we. While we could argue whether that logic is flawed, it is > > > never-the-less presently in use. However, it doesn't really pertain to > > > entry level openings. With the glut of individuals entering the job > > > market, for an applicant to not be proficient in the skills being > > > advertised for by the prospective employer is just a waste of time. If > > > the employer is looking for skill "A" and "B", crying to him/her that > > > you have skill "C" is just a waste of both your times. > > > > It *does* pertain to "entry level" positions, because (from what I have > > seen) most "entry level" positions come with an experience requirement of > > at least two years. > > But then this would invalidate "ENTRY level". How exactly is > an applicant supposed to get a job from that "entry level" pool > when he doesn't have previous experience because he simply wants > to ENTER that field of profession? Yes -- that is *exactly* the question that comes up. These are not jobs that are "entry level" in terms of requirements, even if they are "entry level" in terms of pay and actual skill required to do the job to a reasonable level of competence. Consider examples like first-level call center jobs that require a college degree and a couple years expericence, as pretty much the canonical example. In some cases, these jobs may simple be advertised this way so hiring managers can use the lack of "qualified" applicants to help justify offshoring jobs. In other cases, this is just an example of how HR "best practices" have gotten ridiculously out of control, where everybody tries to copy what everyone else is doing because if everyone else is doing it you can't get in trouble for doing the same thing. The end result, of course, is that you only get people with experience who nobody else wants to hire or people who lie well -- but on paper it looks like you went to great lengths to hire the "right" person, and thus you (hopefully) can't be blamed for hiring turkeys. > > > > You speak as though you think they're correctly identifying the skills > > they actually need from their employees. A big part of this entire > > discussion has been about the fact that many "responsible" parties in the > > hiring process are utterly without capacity for correctly identifying the > > skills they actually need to optimally fill the open positions. > > Correct, at least that's my experience. To give you _few_ examples > which are more the norm than exceptions: > > "good MS standart knowledge" > (Yavoll mein Hare Heiny Standart-Leader von Sowercrowd!) > > "programming knowledge in established programming languages, e. g. OS2" > (cc hello.os2, and it's OS/2 with slash) > > "modern Microsoft operating systems (Windows 98 and XP)" > (yes, _very_ modern and current; hey, it's more than 10 years old!) > > "extended basic knowledge" > (so what, basic or extended?) > > "autonomous team-oriented working" > (maybe as a one man team!) > > It's "funny" when you encounter job offers by recruiters and HR > services who _fail_ to properly spell our native language, but > think they are in a positition to place _you_ (as a professional) > into a good job! Okay, it's NOT funny. It's also not funny if you > have to explain to such a "senior consultant permanent placement" > how to open a PDF file containing your application documents, and > it's even worse when they try to trick you to do their work, e. g. > enter all your data again into their (!) HR database. > > As I said, the problem of the unclear expression _what_ skills > actually are needed can make it hard to properly apply for a job. > This problem isn't only present for written application, it's also > there if you get invited to an interview and the guy across the > table is simply asking the wrong questions, or unable to understand > your answers. I think a far worse problem than the failure to understand what skills are needed is the failure to understand things like 1. what skills can be learned easily in a very short period of time so that focus on other necessary skills already existing can be employed in selecting candidates 2. w
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
--As of April 29, 2012 8:11:19 PM +0100, RW is alleged to have said: So, is there any way to *avoid* getting that error? Some way where I can actually use the ports system to keep my stuff up to date? (Even if it doesn't include the manually-installed software?) It think you should be able to prevent the package entries by setting DISABLE_BSDPAN in the environment. --As for the rest, it is mine. Semi-successful: It appears to work for `cpanp` installed modules, but not `cpan` installed modules. And for some reason, p5-CPANPLUS won't install correctly (no errors, it just doesn't actually install the client), so `cpanp` is a `cpan` installed module... (And yes, this is after reinstalling them.) So it looks like it's getting me partway there, but not all the way. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
On Sun, 29 Apr 2012 12:25:39 -0400 Daniel Staal wrote: > So, is there any way to *avoid* getting that error? Some way where I > can actually use the ports system to keep my stuff up to date? (Even > if it doesn't include the manually-installed software?) It think you should be able to prevent the package entries by setting DISABLE_BSDPAN in the environment. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
Alejandro Imass p2ee.org> writes: > ... > > What you should do right now is to get some recent general or security > > cd/dvd > > with chkrootkit and rkhunter and run them from that external read-only > > media. > > I would also suggest that you look over config files of all packages > > involved. > > jb > > > > Thanks! Will do, but I don't know of any FreeBSD and/or derived > distros for security. Or can I use any Linux security distro? I > remember reading about some trouble of Linux chkrootkit on FBSD It looks like you have only one choice with prebuilt rkhunter package only: http://www.freebsd.org/releases/9.0R/announce.html dvd1 This contains everything necessary to install the base FreeBSD operating system, a collection of pre-built packages aimed at getting a graphical workstation up and running. It also supports booting into a "livefs" based rescue mode. This should be all you need if you can burn and use DVD-sized media. ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/ rkhunter-1.3.8_1.tbz04/18/1218:56:00 With regard to verification of config files - you said you got backups (those pre-incident would be best) and you have the incident-time files, so do a diff on dirs (in particular /etc and /usr/local/etc) jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
--As of April 29, 2012 1:36:55 PM -0400, Jerry is alleged to have said: I will have a look at the CPAN module: CGI::Application::Plugin::CompressGzip later today or tomorrow and see if I can make a port of it for you. --As for the rest, it is mine. Sorry, I should have put this in the other email... While I'd thank you for the consideration and effort, I'd consider this time poorly spent: CGI::Application::Plugin::CompressGzip is not the problem, it's just the current showstopper symptom. The problem is the bsdpan system, which tries to integrate CPAN with the ports system. It needs to either: A. Work. or B. Get out of the way. If you want to spend time on this, please rather than create a band-aid, see if you can find the root problem in wherever the bsdpan system is, and submit a patch upstream (to whomever is in charge of that) to fix it. (Or remove it.) It might take a bit longer, but instead of fixing it for *me* *this week,* you'd fix it for *everyone* for quite a bit longer. I'm hoping someone on this list knows some of where that might be, or might even be the person to talk to in order to get it fixed. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 1:15 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >> ... >> And there was a log of a couple of ftp connections the same day this >> happened, the ONLY 3 messages before the reboot at about 6 pm and they >> were NOT from any of our customers. Here are the log entries: >> >> Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: >> host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 >> Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: >> Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname >> Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel >> ... > > What you should do right now is to get some recent general or security cd/dvd > with chkrootkit and rkhunter and run them from that external read-only media. > I would also suggest that you look over config files of all packages involved. > jb > Thanks! Will do, but I don't know of any FreeBSD and/or derived distros for security. Or can I use any Linux security distro? I remember reading about some trouble of Linux chkrootkit on FBSD Thanks, -- Alejandro > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
--As of April 29, 2012 1:36:55 PM -0400, Jerry is alleged to have said: UNTESTED: In the /usr/local/etc/portmanager/pm-020.conf file, add the specific port(s) you are trying to bypass. EXAMPLE: IGNORE|www/tidy| Again, this is untested, but I have used it for other ports that I needed to skip. --As for the rest, it is mine. Yes, that works for *ports.* Unfortunatly, it doesn't appear to work for non-ports that are installed but show up in the ports system. (The bsdpan-* stuff.) (Note: The error I quoted earlier is the very first thing that shows up when I run portmanager - it then goes on to collect installed port data, and notes but skips a couple that I had already put in to be ignored. The error I'm having appears to occur before that step - and interferes with the proper collection of installed port data.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
On Sun, 29 Apr 2012 13:23:23 -0400 Daniel Staal articulated: >--As of April 29, 2012 12:46:52 PM -0400, Jerry is alleged to have >said: > >>> Which would be fine, if annoying, if everything actually was >>> available in Ports. But it's not: I'm using several modules that >>> aren't available from Ports, and of course the modules I'm >>> *developing* aren't available from Ports. >> >> Which specific modules are not available? In the past I had to port a >> few Perl modules into FreeBSD or else install them via CPAN as you >> have done. If it is a simple module, I can show you how to do it or >> make a port for it myself. Also, you should be aware that many >> modules are available in the ports system, but not under the correct >> CPAN name. Don't ask why; I did once and got so much BS that I just >> abandoned the question. > >--As for the rest, it is mine. > >I'm still in early development, so the list is likely to grow as the >project moves along. The main one that's causing me trouble at the >moment is CGI::Application::Plugin::CompressGzip, although I've >noticed that several others of the CGI::Application set that look >interesting and useful aren't in the ports system. And, of course, >there is the modules I'm developing for this project. > >Making ports for each one feels like a band-aid though: It's a >'solution' that's just going to grow in complexity and scope the >longer it goes on, and isn't really fixing anything other than the >individual symptoms. A real solution to me would either be a way to >get "@comment ORIGIN:" to automatically populate in the bsdpan-* >(CPAN) module install process, or a way to get portmanager to ignore >modules installed via that process. UNTESTED: In the /usr/local/etc/portmanager/pm-020.conf file, add the specific port(s) you are trying to bypass. EXAMPLE: IGNORE|www/tidy| Again, this is untested, but I have used it for other ports that I needed to skip. I will have a look at the CPAN module: CGI::Application::Plugin::CompressGzip later today or tomorrow and see if I can make a port of it for you. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
--As of April 29, 2012 12:46:52 PM -0400, Jerry is alleged to have said: Which would be fine, if annoying, if everything actually was available in Ports. But it's not: I'm using several modules that aren't available from Ports, and of course the modules I'm *developing* aren't available from Ports. Which specific modules are not available? In the past I had to port a few Perl modules into FreeBSD or else install them via CPAN as you have done. If it is a simple module, I can show you how to do it or make a port for it myself. Also, you should be aware that many modules are available in the ports system, but not under the correct CPAN name. Don't ask why; I did once and got so much BS that I just abandoned the question. --As for the rest, it is mine. I'm still in early development, so the list is likely to grow as the project moves along. The main one that's causing me trouble at the moment is CGI::Application::Plugin::CompressGzip, although I've noticed that several others of the CGI::Application set that look interesting and useful aren't in the ports system. And, of course, there is the modules I'm developing for this project. Making ports for each one feels like a band-aid though: It's a 'solution' that's just going to grow in complexity and scope the longer it goes on, and isn't really fixing anything other than the individual symptoms. A real solution to me would either be a way to get "@comment ORIGIN:" to automatically populate in the bsdpan-* (CPAN) module install process, or a way to get portmanager to ignore modules installed via that process. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
Alejandro Imass p2ee.org> writes: > ... > And there was a log of a couple of ftp connections the same day this > happened, the ONLY 3 messages before the reboot at about 6 pm and they > were NOT from any of our customers. Here are the log entries: > > Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: > host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 > Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: > Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname > Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel > ... What you should do right now is to get some recent general or security cd/dvd with chkrootkit and rkhunter and run them from that external read-only media. I would also suggest that you look over config files of all packages involved. jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: bsdpan-* ports, portmanager, and "@comment ORIGIN:"
On Sun, 29 Apr 2012 12:25:39 -0400 Daniel Staal articulated: {SNIP} >Which would be fine, if annoying, if everything actually was available >in Ports. But it's not: I'm using several modules that aren't >available from Ports, and of course the modules I'm *developing* >aren't available from Ports. Which specific modules are not available? In the past I had to port a few Perl modules into FreeBSD or else install them via CPAN as you have done. If it is a simple module, I can show you how to do it or make a port for it myself. Also, you should be aware that many modules are available in the ports system, but not under the correct CPAN name. Don't ask why; I did once and got so much BS that I just abandoned the question. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
bsdpan-* ports, portmanager, and "@comment ORIGIN:"
I'm working on developing some stuff in Perl on my box, which works fairly well unless I go to update my system. Anytime I do, I get the following error from portmanager: `rCreateInstalledDbVerifyContentsFile 0.4.1_9 error: "@comment ORIGIN:" not found in /var/db/pkg/bsdpan-$MODULE_NAME` Where $MODULE_NAME is one of the modules I've installed via CPAN, instead of using the FreeBSD ports system. It will advise me to delete the package and then try manually reinstalling it - which works, *if* I install the Ports version. Then running portmanager again will just pick the next module from the list, and go on, until I've uninstalled everything I installed via CPAN and installed it from Ports. Which would be fine, if annoying, if everything actually was available in Ports. But it's not: I'm using several modules that aren't available from Ports, and of course the modules I'm *developing* aren't available from Ports. So, is there any way to *avoid* getting that error? Some way where I can actually use the ports system to keep my stuff up to date? (Even if it doesn't include the manually-installed software?) Or do I just have to avoid anything Perl-related from the Ports system and install everything manually? (Or - likely at that point - find a different OS to work on. It'd be less hassle to switch OSes than to try to make sure *nothing* using Perl is installed from the Ports.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 4:37 AM, Polytropon wrote: > On Sun, 29 Apr 2012 00:26:50 -0700, per...@pluto.rain.com wrote: >> Alejandro Imass wrote: >> >> > 3) the directories were moved at reboot by journal recovery, >> > fsck or something else >> >> I think it's *extremely* unlikely that fsck was involved, because >> it just doesn't do things like that. > > The point is: fsck moving directories "looks different". In > case inodes get "de-connected" (their reference entries on > level n-1 are gone, their data on level n is still present), > fsck will access the lost+found/ directory in the corresponding > partition's root directory (or create it, if not present) and > write _new_ directory entries with the inode as their name, > because that's the only naming information possible (as the > original names on n-1 aren't accessible anymore). So those > directories will have names like #177628676/ and they _can_ > contain subtrees full of data, _including_ names from levels > n+1 and onward. Files also are named #4767667892 and their > names can _maybe_ identified from their content (the "file" > command is helpful, and if they are textfiles containing > a CVS or other revision control system data tag, it's possible > to find out what they've been in their previous life). > > However, as it has been explained, fsck will _not_ do so > unless being _allowed explicitely_ to do that kind of > MODIFICATION to the file system. Flags like -yf can do > that, but they are _not_ the default. This is due to the > fact that _any_ critical modification of file systems > requires the _responsible administrator_ to give permission. > OK, so fsck couldn't have done this. Besides fsck reported the fs as clean so I have to conclude as others have commented that it must have been a mv I've been looking at the logs very carefully and trying to make sense of this. There is a possibility that it could have been an attack because we enabled ftp.proxy so that some clients could upload stuff to their jails using ftp. So I was initially wrong in my assessment because on this particular server we are running a service outside of jails and it's this ftp.proxy that was suppose to be a temporary solution but I guess we never got around to fixing this. The ftp.proxy is started via inetd like so: ftpstream tcp nowait nobody /usr/local/sbin/ftp.proxy ftp.proxy -e And there was a log of a couple of ftp connections the same day this happened, the ONLY 3 messages before the reboot at about 6 pm and they were NOT from any of our customers. Here are the log entries: Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel OK. So let's suppose ftp.proxy is the culprit is there any way the could have done the mv by cracking ftp and ftp.proxy ?? I have of course disabled the ftp and I am now thinking that another possibility or combination by also using the ftp proxy on the http-proxy jail, that is, the jail that swallowed the other jails. The http-proxy jails was also running apache ftp proxy. So the question now becomes: could a break in ftp.proxy coupled with Apache ftp proxy have caused the http-proxy jails to have swallowed all the other jails into it's configuration directory?? -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: portupgrade -cfa status while executing
On Sunday 29 April 2012, dgmm wrote: > When running portupgrade -cfa, is there any way to find out where it's up > to and/ot what is still in the queue to be re-built? Oops. It was obvious really. ls /var/db/pkg -htU ...is good enough for my needs. -- Dave ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
portupgrade -cfa status while executing
When running portupgrade -cfa, is there any way to find out where it's up to and/ot what is still in the queue to be re-built? -- Dave ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, 29 Apr 2012 00:26:50 -0700, per...@pluto.rain.com wrote: > Alejandro Imass wrote: > > > 3) the directories were moved at reboot by journal recovery, > > fsck or something else > > I think it's *extremely* unlikely that fsck was involved, because > it just doesn't do things like that. The point is: fsck moving directories "looks different". In case inodes get "de-connected" (their reference entries on level n-1 are gone, their data on level n is still present), fsck will access the lost+found/ directory in the corresponding partition's root directory (or create it, if not present) and write _new_ directory entries with the inode as their name, because that's the only naming information possible (as the original names on n-1 aren't accessible anymore). So those directories will have names like #177628676/ and they _can_ contain subtrees full of data, _including_ names from levels n+1 and onward. Files also are named #4767667892 and their names can _maybe_ identified from their content (the "file" command is helpful, and if they are textfiles containing a CVS or other revision control system data tag, it's possible to find out what they've been in their previous life). However, as it has been explained, fsck will _not_ do so unless being _allowed explicitely_ to do that kind of MODIFICATION to the file system. Flags like -yf can do that, but they are _not_ the default. This is due to the fact that _any_ critical modification of file systems requires the _responsible administrator_ to give permission. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"