PAM

[JohnsoBS]

Using the pam_exec function, I am having difficulty retrieving the password
supplied to the pam password prompt. Does anyone know how to get this for
use in scripts?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Need help with dying drive/restoring data

[JohnsoBS]

This may sound peculiar, but take your drive out and put it in the freezer
overnight and then quick as all can be put it in and boot up and get off
what you can. I've used this technique multiple time to great success.

-Original Message-
From: Jonathon McKitrick [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 19, 2004 11:59 PM
To: [EMAIL PROTECTED]
Subject: Need help with dying drive/restoring data



Hi all,

Help!  My laptop drive seems to be dying, and while I did keep backups, the
last one was a bit old.

When I boot up, the drive makes clanking sounds I've never heard before, and
never finishes the load.  I'm going to make a rescue disk, but does anyone
have a strategy for how I could handle the delicate job of getting my
updated data off the drive without making matters worse?  So far, I figure I
will boot the rescue disk and try to mount the filesystems.

jm
-- 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ssh/pam/postgres

[JohnsoBS]

Does anyone know a method I could use to have ssh validate itself first
against postgres also retrieve any other info such as shell, and hom dir.If
postgres fails fallback on another method. pam-pgsql is broken on 5.x and I
can't find a way using pam_exec to achieve any effect I have been looking
for.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Samba 'make install' chokes on textproc/expat2

[JohnsoBS]

Personally, unless one has great need not to, I highly recommend upgrading
to samba3 to start with. The perfomance gains alone I found well worth it.
Plus if you plan to integrate into a network with 2k/XP/2K3, it will greatly
improve compatibility.

-Original Message-
From: W. D. [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 19, 2004 9:18 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Samba 'make install' chokes on textproc/expat2


Can't get Samba 2.2.11 to install.  Has anyone encountered
a problem with textproc/expat2?

Start Here to Find It Fast!(tm) ->
http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

beta4-beta5 diff

[JohnsoBS]

Hello all,
I am currently deployed to sea in the Arabian Gulf and have VERY bad net
connection. This is a request I don't fully expect to be answered but if
someone could send me a diff of the source between beta4 and beta5, I would
greatly appreciate it. I have absolutely no way to do a cvsup or any other
method other than downloading the full src which is really not feasible in
my current location. A diff should fall just into the right size..

Thanks
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: PHP Problem

[JohnsoBS]

You installed the CGI port.. You  need to install the apache module. CGI
doesn't allow embedded php in the page. 

The port you are looking for specifically is /usr/ports/www/mod_php4

Might be worth your while to look at /usr/ports/lang/php4 though. It allows
compilation of php in various forms. cli, mod, and cgi. All have different
functions and ways of using.

-Original Message-
From: digish reshamwala [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 23, 2004 8:59 PM
To: [EMAIL PROTECTED]
Subject: PHP Problem


Hi

I have installed Apache Mod_ssl 1.3.29 first then,
I installed PHP using ports in FreeBSD 5.2.1 as:

cd /usr/ports/www/php4-cgi
make
make install clean

But my PHP doesn't seems to be working, as my simple Hello World program-







doesn't give any output.  It just displays the blank page.

Can u guys help me asap, please??!

thanks a lot,
digish


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Official wallpapers

[JohnsoBS]

I'm all for the greastest FREE OS of all time going all multimedia and all.
If only to put a dent into what linux is becoming and what windows is. I
wouldn't feel UBER L33T anymore if everyone on my block ran it..That's for
sure.. Still 16 boxes running FreeBSD in one closet of my house is still
pretty UBER L33T to at least most of neighbors. 

Go FreeBSD!!!

-Original Message-
From: Alex de Kruijff [mailto:[EMAIL PROTECTED]
Sent: Friday, September 24, 2004 2:57 AM
To: Graham Bentley
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Official wallpapers


On Fri, Sep 24, 2004 at 12:28:03AM +0100, Graham Bentley wrote:
> 
> Nice work . . . 
> 
> But we don't want FreeeBSD going all multimedia . . .
> 
> Do we ?
> 
> :-)

Wy not?

-- 
Alex
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: PHP Problem

[JohnsoBS]

-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 26, 2004 5:45 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: PHP Problem


[EMAIL PROTECTED] wrote:
> You installed the CGI port.. You  need to install the apache module. CGI
> doesn't allow embedded php in the page.

Just for the record:
Unless the FreeBSD port does something really really really bogus, the
above statement is 100% wrong. :-)

Perhaps you are thinking of Perl CGI versus Mod_Perl (sp?) where such a
distinction (I think) does exist.

PHP as CGI and PHP as Module have very minor differences, primarily
related to functions/security that would make no sense in CGI or vice
versa.

EG:
You can't do HTTP Auth via CGI in PHP because, by definition, you'd be
passing the password between applications in an insecure way.

This is not to say that the rest of the post [cut] isn't true -- In 99% of
the cases of using PHP to spew out HTML, you want PHP installed as a
Module.

You may also, as I do, find it incredibly easy to use as a command line
scripting language and thus also want the CGI (or CLI these days) install
as well.

-- 
Like Music?
http://l-i-e.com/artists.htm



For the record, I helped this person in installing the mod_php4 and some
misc extensions and everything worked as wanted. So statement being true or
not, for a newbie it should be assumed at the least. And unless you install
the module, and load it into the httpd.conf for the html interpreter to see
php in the raw, it will not work. You can't load the cgi port of php into
apache.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to make the boot menu just like I want?

[JohnsoBS]

> -Original Message-
> From: Frederick [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 11, 2004 12:34 PM
> To: FreeBSD-questions
> Subject: How to make the boot menu just like I want?
> 
> 
> Dear FreeBSD Team:
> This is Frederick. Is there any table to list the partition 
> number(subtype) or sysid?
> I have two hard disks. The first one install windows, and the 
> second one install freebsd. 
> I first install windows, then install freebsd. I use boot 
> manager to manage my boot.
> 
> The menu shows:
> F1: DOS
> F5: Drive 1
> 
> I want the menu to show like:
> F1: Windows
> F5 Drive 1

The FreeBSD bootloader doesn't have this capability as
far as I am aware of. Your best best is to use the Windows
boot loader, install grub, lilo or some other boot manager that
has user configurable options for just this thing.

> 
> I did something. I changed the subtype in the fdisk, 6, 7, 
> 12, 13, 14...
> but I can't make my menu just like I want.
> 
> So please help me to find the partition number(subtype), or 
> tell me how to do that
> to make the change.
> 
> Please reply me to the following mail address:
> [EMAIL PROTECTED]
> 
> Thanks for your help!
> 
> Frederick.
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Installer

[JohnsoBS]

> -Original Message-
> From: Newton [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 12, 2004 10:15 PM
> To: [EMAIL PROTECTED]
> Subject: Installer
> 
> 
> Dear Friends : I'm a Linux user since 1,999 and I'm really 
> interested in 
> start FreeBSD. OK, it's a new system, different versions and 
> so on. My 
> experience with computers started with Basic, after MS-DOS, 
> Windows and 
> Linux. When I tried Linux, 5 years-ago, partitions, kde, 
> window maker  
> and many of them, were only words. My first fear, was erase 
> my HD. I did 
> it many times, but I knew how to start again or recover. I'm writing 
> these things, cause in these years using Linux, I saw a big 
> evolution , 
> specially the installer. Mandrake, Red Hat, Fedora, Slackware and 
> another, made a goob job and you can do it , almost without problems. 
> But, when I tried FreeBSD installer, I remembered Debian, the worst 
> installer ! Probably another distributions, like Knoppix, Kurumin , 
> Gnoppix to name a few, trying to make the life user easiest ! 
> My first 
> experience with FreeBSD, was 5.0, with a PC Master, brazilian 
> magazine. 
> After many tries, a XFree86 error, when I typed startx, 
> disappointed me 
> again and, I forgot it... On the last month, I downloaded the 2 CDs, 
> 5.2.1, and, the same installer, errors, infinite loops... very 
> disappointing ! I tried many lists, and with some support,to 
> resolve or 
> not, the problems. Again, I format my system and, here I am, with 
> Windows (mainly for games and a problematic usb scanner) and Linux. I 
> need a more stable system. Many people talked me very good about 
> FreeBSD. For me, until now , the biggest deception ! Please, I don't 
> know the FreeBSD objectives, but if you would like that more and more 
> people can use it, CHANGE this installer. Confuse , in one word ! 
> Disappointing ! I tried standard, express, custom , all packages, 
> minimum, all kind of ways... I can't understand a looped 
> install. Almost 
> 2 hours after, an error... My video card is recognized , but when you 
> did post-install, not ! You tried many XFrre86 configs and 
> not When 
> something happens and finally you can start KDE or GNOME or another, 
> DHCP don't run and so on. Please change this installer and trying to 
> better hardware and network configuration ! Until this, I'll 
> never tried 
> FreeBSD again ! Sincerely, Newton - Curitiba - Brazil
> 

Coming from a DOS, then Windows, then god knows how many linux
distributions, I was quite fond of the FreeBSD installer. I find it
straightforward and easy to navigate and get done quickly. First
time I ever installed a FreeBSD system it took me 15 minutes from
putting the cd in, booting it, installing and rebooting back into a 
running OS. Your problems if I am reading what you are saying
correctly seem to stem greatly from X. Well, X is a buggy installer
and should be tackled outside of the FreeBSD installer anyway.
The installer imo is just that. It installs an OS. Anything extra should
done by hand or that applications specific config routines.
The minimal installer FreeBSD uses makes its installing on low end
systems easier and quicker also. I recommened you do a bare minimal
base install, and then hand built or package add everything you require
afterwards. This is how I have done things now for the past 4 years
on everything I have installed it on and have been most happy this way.

Brian Johnson
USS Vicksburg
Currently deployed at sea in Arabian Gulf.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Text-based mail program which handles webmail.

[JohnsoBS]

> -Original Message-
> From: Ben Washington-Yule [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 17, 2004 12:02 PM
> To: [EMAIL PROTECTED]
> Subject: Text-based mail program which handles webmail.
> 
> 
> I have a Yahoomail account and receive messages with Mozilla 
> Mail but I 
> would like to at least try a non-GUI mail program. I have 
> heard of mutt 
> and pine but I am not sure if I can download my webmail 
> (Yahoo) messages 
> with them. I am sure that the information is available on the 
> internet 
> but my research thus far has been for the most part too 
> technical for my 
> understanding but I have deduced that my problem has something to do 
> with pop, whatever that may be.

There is a port called fetch-yahoo or similar. It can be used to download
mail to a local mailbox for reading. Not sure of anything that will read
your wemail directly unless it supports external pop or imap as well. Yahoo
I believe does support pop3 if I remember correctly.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: pf for FreeBSD

[JohnsoBS]

The fact you only have to maintain one OS is one great advantage. One ports
tree, one system to patch for security updates. The learning curve to use
FreeBSD's pf is negligible imo. As long as kernel support is compiled in for
it, and you have the users in your /etc/passwd it just works. Least for me
as I have been using it since it was introduced as a kernel kld, and
sometime shortly after it became a native module to freebsd. Its imo easier
to maintain that say ipfw, as well as faster.

-Original Message-
From: shane mullins [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 2:34 PM
To: Cristi Tauber
Cc: [EMAIL PROTECTED]
Subject: Re: pf for FreeBSD


Why not just run OpenBSD if you want to use pf?  I use both Free and 
OpenBSD.  But, pf is much easier to set up on OpenBSD.  Just install 
OpenBSD, enable routing, enable pf in rc.conf and you are done.

Shane




- Original Message - 
From: "Cristi Tauber" <[EMAIL PROTECTED]>
To: "FreeBSD Question" <[EMAIL PROTECTED]>
Sent: Tuesday, September 28, 2004 12:54 AM
Subject: pf for FreeBSD


>hello folks,
>i want to install the packet filter for FreeBSD so i recompile the
> kernel with the options :
>
> device  bpf
> options PFIL_HOOKS
> options RANDOM_IP_ID
>
> and installed pf from ports ( i did a cvsup before installing to
> get the latest ports). Now my dilemma is ... in pf start script ... i
> have to enter a prefix ... but what prefix, 'cause after installing and
> rebooting  the modules that I want to load are still in source
> directory . I installed pf with
>
>   make  WITH_ALTQ=yes
>   make install
>
>  after a deinstall I can't install it anymore, the install
> crashes with the error that is allready installed !!
>
>   What can I do ??/
>
>Cristi
>
>
>
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]" 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: FTP command line syntax

[JohnsoBS]

Try ncFTP. GREAT commandline client with resume and more features..

-Original Message-
From: Steve Suhre [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 5:42 PM
To: [EMAIL PROTECTED]
Subject: Re: FTP command line syntax





Thanks, wish I could say the same I'm running 4.6 on this machine. The 
man pages in 4.6 give the syntax so I assumed it would work. I tried 
"fetch" also and got a parsing error. I'll try grabbing a newer version of 
ftp and/or fetch and see if that works.



At 09:12 AM 9/28/2004, you wrote:
>In the last episode (Sep 28), Steve Suhre said:
> > I need to set up a cron job that will fetch a file using ftp and a
> > password. I've tried several versions of the commands as described in
> > the man page and the Auto-Fetch section but I'm getting an error that
> > makes me think I'm missing something...
> >
> > If I use the suggested syntax:
> >
> > ftp ftp://user:[EMAIL PROTECTED]/path
> >
> > I get:Can't locate or login to host `user'
>
>Works for me:
>
>   $ ftp ftp://doesnt:[EMAIL PROTECTED]/path
>   Connected to ftp.gftp.netscape.com.
>   220-35
>   220 ftpnscp.newaol.com FTP server (SunOS 5.8) ready.
>   331 Password required for doesnt.
>   530 Login incorrect.
>   ftp: Login failed.
>   ftp: Can't connect or login to host `ftp.netscape.com'
>   221 Goodbye.
>   $
>
>What version of FreeBSD are you running?
>
>--
> Dan Nelson
> [EMAIL PROTECTED]



---
Steve Suhre
Antero web technologies
719.634.8161
[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Platforms

[JohnsoBS]

An athlon XP is i386.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, October 01, 2004 1:36 PM
To: [EMAIL PROTECTED]
Subject: Platforms


Dear FreeBSD staff member,

I have no idea what all these platforms mean, I am especially confused by
the following 
statement: 

"operating system for x86 compatible (including Pentium and Athlon), amd64
compatible 
(including Opteron, Athlon 64"

And when I look to the left in the menu, I don't see x86 as a category. I am
currently 
employing an AMD Athlon XP 2200+ as a processor so I have no idea how to
proceed. What 
platform should I use for the processor I am using?

Thank you in advance, I am looking forward to using your OS =)

Regards,

Jimmy Koeman
Kaelthun Morganthis
Angelfeet Industries
Lead Artist
Creative Division
282.90.AC.00.82
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Are there step-by-step VMWare instructions? (giving up)

[JohnsoBS]

> -Original Message-
> From: bsdfsse [mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 02, 2004 4:54 PM
> To: Christian Hiris
> Cc: [EMAIL PROTECTED]
> Subject: Re: Are there step-by-step VMWare instructions? (giving up)
> 
> 
> 
>  > Oct  2 06:28:24 matrix010 kernel: ad0: TIMEOUT - READ_DMA 
> retrying (2 
> retries left) LBA=171871667
>  > Oct  2 06:28:24 matrix010 kernel: ad0: WARNING - READ_DMA no 
> interrupt but good status
> 
> 
> Those are the same errors I am getting!
> 
> It's somewhat of a relief to see other people getting the 
> same error, at 
> least now we know it isn't me doing something silly.
> 
> thx!

I've been getting this for a while now to. I only have it with my 160GB and
greater disk. I have researched and it seems to be a problem with 48bit
addressing above 137GB. Its an older board without bios support to read it
properly. I only have the problem on the higher LBA addresses to. I have had
it FAR FAR less since beta4 though.
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Booting to CD and the handing off to HD

[JohnsoBS]

Seems you could just mount all the filesystems but /var and /tmp as
readonly, set secure level to max, dump all logs to a new log daily, start a
new log and do checks on the old logs. That would be my route. Or run a
diskless server, or even a live cd of the setup install.

> -Original Message-
> From: Nathan Kinkade [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 05, 2004 6:13 PM
> To: Cristobal Miguelo
> Cc: [EMAIL PROTECTED]
> Subject: Re: Booting to CD and the handing off to HD
> 
> 
> On Mon, Oct 04, 2004 at 09:23:31PM -0700, Cristobal Miguelo wrote:
> > > > On Sun, Oct 03, 2004 at 08:58:05PM -0700, Cristobal 
> Miguelo wrote:
> > > > Hello,
> > > > 
> > > > I'm going to be working on a firewall box where I want 
> to boot to
> > > > CD and run an integrity check on the Hard Drive.  If the Hard
> > > > Drive checks out OK, I want the CD to then hand off to the hard
> > > > drive and boot the hard drive.
> > > > 
> > > > Is that possible?   What man pages and/or web pages 
> should I read
> > > > to make it happen?
> > > > 
> > > > Thanks!
> > > > Cristobal
> > > 
> > >
> > > Well, you could certainly mount the harddisk partitions 
> somewhere in
> > > the filesystem while running under the CDROM booted kernel.
> > > However, I seriously doubt if you could change the 
> running kernel to
> > > that from the harddisk.  Why not just reboot to the harddisk after
> > > you have finished your diagnostics with the CDROM?
> > > 
> > > Nathan
> > > 
> > >
> >
> > Thanks for the response!
> > 
> > I would like to have it completely automated:
> > 
> > The machine goes down at 4am for the check and boots to cd, 
> then the cd
> > controls the hand-off to the hard drive.  I'd like to have the BIOS
> > setup to only boot the cd and if the HD checks out ok, boot 
> up the HD. 
> > That way there is a slim chance that any security breach will last
> > beyond one night on my machine.  I seriously doubt a security breach
> > will occur, but I want to close every door imaginable.
> > 
> > Anything else that could be done?
> > 
> > Thx
> > -C
> > 
> 
> What is the reason that you find it necessary to reboot the 
> machine to a
> CDROM every morning?  Are you sure that there isn't a way to run your
> checks while booted to the harddisk?  I am fairly sure that you will
> never find a way to have the BIOS selectively boot either the CDROM or
> the HD based on some OS specific factor, such as a successful check of
> the HD.  I have a feeling that there may be a better way to accomplish
> your goal without a reboot to CDROM every morning.  Will you tell the
> list more about what you are trying to accompish?
> 
> Nathan
> -- 
> PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Protecting SSH from brute force attacks

[JohnsoBS]

> -Original Message-
> From: Dave McCammon [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 08, 2004 4:46 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Protecting SSH from brute force attacks
> 
> 
> 
> --- Vulpes Velox <[EMAIL PROTECTED]> wrote:
> 
> > On Thu, 7 Oct 2004 15:15:25 -0700 (PDT)
> > Luke <[EMAIL PROTECTED]> wrote:
> > 
> > > There are several script kiddies out there hitting
> > my SSH server
> > > every day.  Sometimes they attempt to brute-force
> > their way in
> > > trying new logins every second or so for hours at
> > a time.  Given
> > > enough time, I fear they will eventually get in.
> > > Is there anything I can do to hinder them?
> > > 
> > > I'd like to ban the IP after 50 failed attempts or
> > something.  I'd
> > > heard that each failed attempt from a source was
> > supposed to make
> > > the daemon respond slower each time, thus limiting
> > the usefulness of
> > > brute force attacks, but I'm not seeing that
> > behavior.
> > 
> > I forget where in /etc it is, but look into setting
> > up something that
> > allows a certian number of failed logins before
> > locking that IP/term
> > out for a few minutes and if it is constantly
> > from the same place
> > look into calling their ISP or the like.
> > 
> > Or in a few cases, like I have done in a few cases,
> > and a deny from
> > any to any for that chunk of the net...
> > 
> > man login.conf for more info :)
> > ___
> 
> Following the advice from here:
> http://isc.sans.org//diary.php?date=2004-09-11.
> 
> What I did was to only allow access to one machine
> through my firewall for the ssh connections (ipfw
> limit). 2 per source address.
> And, for that one machine, I changed the sshd port to
> a different number. 
> I was getting the same brute force attacks but they
> have dropped to nil since.
> 
> 
I run my public sshd in a jail and close all other ports. I also delete
every binary minus the tools needed to ssh into the host and other jails I
have setup. I ssh to my jail ip's internally and nat ports as needed from
the external. I am pretty secure even if they do gain access to the public
sshd, and I think once they do if ever break into that, the box is fairly
well still secure.

> 
> 
>   
> ___
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: 4.10 startup sequencing

[JohnsoBS]

> -Original Message-
> From: Gary Aitken [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 17, 2004 6:31 PM
> To: FreeBSD Questions
> Subject: 4.10 startup sequencing
> 
> 
> Hello all,
> 
> Since 4.10 doesn't use /etc/rc.d to merge standard and local startup
> sequencing, I'm wondering what the right way is to get a daemon to
> start up before one of the standard daemons.  Specifically, I would
> like to start a milter before sendmail.  I know it will work if
> started afterwards, or at least it seems to, but I would like to get
> rid of the WARNING message posted to the console at startup because
> the socket isn't present when sendmail starts.
> 
> I don't see a way to do this short of modifying /etc/rc.
> Is there a better way, or should I just live with the warning until
> upgrading to 5.x, where /etc/rc.d and /usr/local/etc/rc.d sequencing
> hints are merged?
> 
> Gary


You could remove all the startup scripts from rc.conf and put them in
numbered order in /usr/local/etc/rc.d

010.milter
020.sendmail
030.etc
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: The release of 5.3

[JohnsoBS]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 17, 2004 8:41 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: The release of 5.3
> 
> 
> 
> I don't see how they can possible consider the "Release" of 
> an O/S version 
> when perhaps the most widely-available NIC (em) doesn't work. 

Um, what the hell. em the most widely used? I hardly would
consider the gigabit eth driver most intel chips the most widely
used. rl, ed, fxp by far seem to be the majority of the share I
have observed. In fact, I didn't even know the em driver till you
mentioned it. Being a network admin and dealing with many and 
various machines, I see quite a few nics. And as long as the cards 
work under project-evil which I have heard a feeling they (correct
me if I am wrong please so I can update my own list of known to 
work hardware), seems fair enough to go to release.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Recover lost ttyps

[JohnsoBS]

> -Original Message-
> From: Andreas Widerøe Andersen [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 18, 2004 11:30 AM
> To: [EMAIL PROTECTED]
> Subject: Recover lost ttyps
> 
> 
> Hi,
> Is there a simple way (as root) to recover lost ttyps?
> 
> Example: I'm rebuilding some ports and while this is done the 
> ADSL line is 
> disconnected. A few seconds later I'm back online, but the 
> ttyp0 is lost 
> and I'm now logged in as root on ttyp1.
> 
> ---
> 
> Andreas Wideroe Andersen <[EMAIL PROTECTED]>
> Mobile: (+47) 90 92 61 21
> http://www.filmshooting.com  

For future reference I recommend screen. It can keep disconnected sessions
open, and when you relogin, you can do a "screen -r" to recover the session.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: feasible w/ samba?

[JohnsoBS]

> -Original Message-
> From: stheg olloydson [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 18, 2004 6:38 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: feasible w/ samba?
> 
> 
> it was said:
> 
> >What this would essentially be attempting to achieve is to 
> have a way 
> >for a geographically spread out network allow people to 
> easily access 
> >their home directories and shares no matter where they logged using 
> >local servers acting as time-delayed proxies...all the user login 
> >information, user home directory data, user shared data 
> >directories...it's a lot of duplicated information out there, but it 
> >would fix the problem with authentication and home directory 
> >information being temporarily inaccessible when a link is 
> down between
> 
> >building locations.  No matter what building they were in, 
> they would 
> >have access to that building's copy of their home directory; 
> the next 
> >day, logging into a different building, they'd get their information 
> >again.
> 
> Hello,
> 
> What you have here is a hardware, not software, problem. The 
> root cause
> is the unreliable connectivity between buildings. To ensure 
> all network
> resources are always available, use redundant fiber-optic connections
> and set your routing such that you can reach buildingX from buildingY
> via buildingZ, as well as directly.
> Then you can (although it may be heresy on this list) avoid 
> using FBSD.
> Your simplest solution is to use Windows built-in Roaming 
> Profiles. The
> feature exists to accomplish the exact task of making the user's
> resources (including desktop config) available on the login
> workstation. 
> Doing things this way has to benefits your proposed solution does not.
> First, you guarantee all net segments are reachable at all 
> times, which
> is the root of your problem. This solves that problem and prevents
> future ones being caused by this. Second, admin is greatly simplified.
> Your way requires too many bits that need looking after. The long-term
> cost of this solution will be greater than running the fiber.
> Finally, you should look into Kerberos for a single sign-on solution.
> Windows and AD both support it.
> 
> HTH,
> 
> Stheg
> 

Samba has support for roaming profiles and works quite well. Also,
integration 
with ldap and kerberos is pretty well documented and allows for a single
point 
of authentication. Not quite a full blown Active Directory solution, but
would 
more than accomplish all that is wanted.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Python Issue

[JohnsoBS]

> -Original Message-
> From: John Koepke [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 18, 2004 8:18 PM
> To: [EMAIL PROTECTED]
> Subject: Python Issue
> 
> 
> Hey all,
>  I have asked this before but this time I am subscribed to the
> list.  I current have a PHP script that runs various Python scripts. 
> It checks to see if they are running, by doing a ps -ax -w -w | grep
> and the script name.  But for some reason Python shows just (python)
> if you do a ps.  It doesn't show that anything is running but
> (python).  I can only assume that this is some sort of patch or
> setting when python was installed.
>  Other than just downloading the python source and re-building my
> box, is there a way to fix this issue?
> 
> Python 2.3.4_2 (installed via the PortsTree)
> PhP 4 (Installed Via the Ports Tree)
> 
> Any help would be GREATLY appreciated.
> 
> John

If it was me, I would have the scripts themselves creater a pid file, and 
query the pid file for the pid it last used and see if that pid is active
and 
being used by python.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: 5.3-STABLE ????

[JohnsoBS]

> -Original Message-
> From: Vonleigh Simmons [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 19, 2004 4:19 AM
> To: [EMAIL PROTECTED]
> Subject: Re: 5.3-STABLE 
> 
> 
> Sorry, forgot to add that I did do a cvsup before the make buildworld.
> 
> > The relationship between the most commonly used CVS tags and OS
> > versions is like this at the moment:
> snip...
> > RELENG_5_25.2.1-RELEASE-p11
> > RELENG_5_35.3-RC1 (not official yet)
> 
>   Sorry to hijack the thread. My box is running 5.2, and 
> I'd like to 
> upgrade it to 5.2.1. Problem is that the server is in a colo 
> so I only 
> have SSH access to it; because of this I can't drop into single user 
> mode.
> 
>   So far I grabbed the stable sup file, changed it to 
> RELENG_5_2. After 
> that I ran
> # make -j4 buildworld
> # make -j4 buildkernel
> 
>   But I'm not sure how to continue since I don't have 
> single user mode. 
> Anyone have any pointers, as the handbook doesn't say what to do in 
> this case.
> 
> Vonleigh Simmons
> 


Its not required to go to single user mode. I usually NEVER do in fact. Just
skip and continue on. Make very sure you follow the mergemaster steps
though.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: ifconfig alias: File Exists

[JohnsoBS]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 24, 2004 5:13 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: ifconfig alias: File Exists
> 
> 
> In a message dated 10/19/04 3:51:33 PM Eastern Daylight Time, 
> [EMAIL PROTECTED] 
> writes:
> >> # ifconfig fxp0 alias 200.46.204.9
> >> ifconfig: ioctl (SIOCAIFADDR): File exists
> >> 
> >> when I know for a fact that it hasn't been configured?
> >
> > you should use a netmask of 255.255.255.255 for ipv4 aliases.
> >
> > ifconfig fxp0 alias 200.46.204.9 netmask 255.255.255.255
> 
> >Is that new?  You are right, that fixed it, but didn't think 
> I had to do 
> >that before :(
> You get it because the guy who maintains ifconfig didn't have 
> the foresight
> to realize the "alias" should imply a host mask, and also 
> that the guy who
> coded the kernel code didn't think that assuming a host mask was 
> reasonable.
> 
> Welcome to open source. Love it and live with it.
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 

To assume makes an ass out of u and me. Ok, that out of the way, the config
you assume should be coded into ifconfig and kernel is not 100% going to be
used all the time. In fact I have multiple nets and have multiple netmask
assigned on the one machine. If you actually READ "man ifconfig" it states
that this should be set to what you assume it should be. It helps when
people don't attack things they don't fully understand cause for many it
might be a person's first view at what you are bashing. Unfortunately also,
many people aren't smart enough to get a second opinion or to try beyond
there first try or someone person's like yourselfs comments.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: ifconfig alias: File Exists

[JohnsoBS]

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, October 25, 2004 4:59 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: ifconfig alias: File Exists


In a message dated 10/24/04 11:18:14 AM Eastern Daylight Time,
[EMAIL PROTECTED] writes:

> >Is that new?  You are right, that fixed it, but didn't think 
> I had to do 
> >that before :(
> You get it because the guy who maintains ifconfig didn't have 
> the foresight
> to realize the "alias" should imply a host mask, and also 
> that the guy who
> coded the kernel code didn't think that assuming a host mask was 
> reasonable.
> 
> Welcome to open source. Love it and live with it.
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 

>To assume makes an ass out of u and me. Ok, that out of the way, the config
>you assume should be coded into ifconfig and kernel is not 100% going to be
>used all the time. In fact I have multiple nets and have multiple netmask
>assigned on the one machine. If you actually READ "man ifconfig" it states
>that this should be set to what you assume it should be. It helps when
>people don't attack things they don't fully understand cause for many it
>might be a person's first view at what you are bashing. Unfortunately also,
>many people aren't smart enough to get a second opinion or to try beyond
>there first try or someone person's like yourselfs comments.

As for the "assume" thing, speak for yourself. Your implication that there
should
be no defaults is quite asinine. 
 
If it doesn't work with no netmask specified, then its broken. Its not
unreasonable
to assume that if no netmask is provided, then a host mask (for an alias) is
intended. 
In the absence of a netmask, the only "assumption" thats reasonable is a 
host mask. 
 
There are lots of "assumptions" made by ifconfig. It "assumes" that you only
want the interface to have one address (as if you submit an address to 
an interface that already has one it explicitly deletes the other). Its not 
unreasonable to assume that, nor would it be unreasonable to assume that
the intention was to add an alias. It would certainly be safer.
 
And I "understand" it a lot better than you do. In today's world, "assuming"

the natural mask (which is what ifconfig has done since the beginning of
time)
is wrong most of the time. Just because someone back in the 1970s decided 
to do it that way doesn't make it correct. One of the basic properties of a
default setting is that it should work 

 I find it very wrong to assume anything on a network interface. Assumptions
on
anything that could open up a security hole are very dangerous. ifconfig has
a far
greater ability than many things to open up security wholes that may get
around
an improperly setup firewall.  I agree that some assumptions can easily be
made
and should be but not here.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: perl vs php round 1

[JohnsoBS]

> -Original Message-
> From: Gert Cuykens [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 26, 2004 8:50 AM
> To: Giorgos Keramidas
> Cc: [EMAIL PROTECTED]
> Subject: Re: perl vs php round 1
> 
> 
> ok i will try my best not to use any bad words but sometimes they are
> really needed to say something :)
> 
> For example what do you say if you are writing a poem to your
> girlfriend and suddenly your pc crashes. I bet i would sound something
> like (*&%^(@%([EMAIL PROTECTED]&*!^%&[EMAIL PROTECTED]
> 
> 

Its also good to stay on topic. And topposting is bad in this list. Please
cut
any text not needed for responce out and post at the appropriate points in
the list to answer or ask questions.


"In the best possible future, there will be, no war, no famine, no crime, no

sickness, no oppression, no fear, no limits, no shame... and nothing to do."
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: 7520 Chipset support in 4.x

[JohnsoBS]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 30, 2004 9:13 PM
> To: [EMAIL PROTECTED]
> Subject: Re: 7520 Chipset support in 4.x
> 
> 
> > > Many of the new MBs from such tiny vendors as Dell and Supermicro
> > > are based on the 7520, and word is that FreeBSD 4.x 
> doesn't support
> > > it. Is support forthcoming?
> > 
> > We have 2 Dell PowerEdge 1850 servers which have the e7520 
> chipset. They
> > hang consistently in 4.10-RELEASE and below whenever there 
> is high network
> > or disk utilization. We have not been able to get any 
> debugging info.
> > After upgrading to 4.10-STABLE a couple of weeks ago, they 
> no longer hang,
> > but they are _really_ slow to perform network and disk operations.
> > 
> > They work fine in FreeBSD 5.3, but unfortunately our 
> applications do not
> > run without recompiling. We do not want to change our environment to
> > support different binaries for different machines, and we 
> don't want to
> > use 5.X in production until it is STABLE.
> > 
> > I want to echo the above question. Are there patches available or
> > forthcoming to fix the problems with the e7520?
> > 
> > Thanks,
> > 
> > -
> > Rob Watt
> 
> I think that we can imply from the lack of response on this 
> subject that 4.x
> is not really still supported, since just about all of the 
> new motherboards
> for Intel processors from leaders Dell and Supermicro are 
> based on the 
> 7520. So, ironically, in order to use the newer, faster 
> processors with 
> FreeBSD, you have to use the newer, slower version of the O/S. Yikes!

Considering 4.x kept getting tweaked all the way to 4.10 where 4.10 is
benched even faster than 4.9 in my experiences with the OS, I find it
reasonable to assume that new code that hasn't fully matured and been fully
adopted by mass may be slower. As in your previous post on the subject, I
find it no where near as slow as you have stated. For one who couldn't
figure out how to compile without the witness options and various other
debug stuff into the kernel and base system, it prolly would be slower.
After I took this stuff out of the build my benches were greatly improved,
but alas, not to 4.10 speeds. Given time and mass acceptance of the OS which
will adopt more coders and patches from people not yet using the OS I would
expect it to speed up even more. When you do such a radical swing in
codebases and haven't fully tested them, you should expect it.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: difference between releases

[JohnsoBS]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 08, 2004 2:56 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: difference between releases
> 
> 
> In a message dated 11/8/04 5:46:59 AM Eastern Standard Time, 
> [EMAIL PROTECTED] writes:
> >Releases are fixed points in time.  They are marked on their 
> respective 
> branch
> >of development and that's it.  A x.y-RELEASE version is 
> effectively a 
> symbolic
> >name for a specific moment in time.
> Wow, thats what a "snapshot" used to be. How discouraging.

A -RELEASE is a specific point in time when the code is deemed ready.
Afterwards it goes back into development until the next -RELEASE. Between is
snapshots of usually STABLE code.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: DHCP & nameservers

[JohnsoBS]

Edit /sbin/dhclient-script and comment out the

make_resolve_conf() {

}

This will take out the portion of the script that edits resolve.conf

"People will accept your idea much more readily if you tell 
them Benjamin Franklin said it first." 

> -Original Message-
> From: Andrew Smith [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 13, 2004 7:26 AM
> To: [EMAIL PROTECTED]
> Subject: DHCP & nameservers
> 
> 
> I'm using my FreeBSD box as the gateway machine for my cable modem. 
> Obviously the cable modem side has to be set as DHCP, which 
> automaticlly 
> sets the DNS nameservers in resolve.conf.
> 
> However I am running a caching name server on the box, and 
> would like to 
> have resolve.conf only point to local host.  Is there any way 
> to keep DHCP 
> from updating resolve.conf?
> 
> Thanks in advance,
> 
> Andrew 
> 
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"