Re: [Full-Disclosure] FreeBSD Security AdvisoryFreeBSD-SA-03:14.arp [REVISED]
The following patch has been verified to apply to FreeBSD 5-CURRENT, 4.9-PRERELEASE, and 4.8 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch.asc patch assume you didn't apply the original patch? patch /var/tmp/arp.patch Hmm... Looks like a new-style context diff to me... The text leading up to this was: -- |Index: sys/netinet/if_ether.c |=== |RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v |retrieving revision 1.104 |retrieving revision 1.104.2.1 |diff -c -p -r1.104 -r1.104.2.1 |*** sys/netinet/if_ether.c 4 Mar 2003 23:19:52 - 1.104 |--- sys/netinet/if_ether.c 23 Sep 2003 20:08:42 - 1.104.2.1 -- Patching file sys/netinet/if_ether.c using Plan A... Hunk #1 failed at 918. 1 out of 1 hunks failed--saving rejects to sys/netinet/if_ether.c.rej done -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What minimum version to support broadcom 5703?
What minimum version of FBSD to I need to support the Broadcom 5703X? gig card? I did notice that 4.5 supports earlier ones, and found a patch to stable for the 5702. I applied that patch to my 4.5 sources, and volia! fbsd boots and sees the devices! (but with a bogus mac addy and it really didn't work) so, I copied ~current/src/sys/dev/bge to my 4.5 sources and, well, it doesn't even compile. so, do I have to go to 4.7 to get it to work -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: can't fetch no more
Date: Sun, 5 Dec 2004 05:21:22 +0800 (CST) To: [EMAIL PROTECTED] this is a bit out of the blue, I just cvsuped port tree on fbsd5.3, and want to install fluxbox-devel, but all of a sudden, I found my system can't fetch the tar ball no more, it went through all the mirror sites and reported file not found. I have to d/l the source myself. Is there anything I missing? TFC = Best Regards, Tsu-Fan Cheng Thats right. nothing I could figure out hot to fix it. FTP_PASSIVE_MODE=no, yes, si, non, neight nothing. fetch -vv ftp://ftp.netscape.com/Welcome just drops connections anything that needs to do a ft 'fetch' in 5.3 won't ever work again until its fixed. Tried adding FETCH_CMD=wget -c to make.conf, no go. thats broken (they broke 'FETCH_CMD' a while back, executes 'do-fetch' for some reason. yes, by doing FET_CME=echo $@ I get do-fetch -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Nagios Jail
hmm we have it working, let me see how. Albert Shih wrote: Hi all. I'm trying to install a nagios server in a jail. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Nagios Jail
Try nagios 3.03. I think they will do the trick. Bjoern A. Zeeb wrote: On Wed, 17 Dec 2008, Albert Shih wrote: Hi, I'm trying to install a nagios server in a jail. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Nagios Jail
Works here (tm). doublecheck these sysctl's: security.jail.socket_unixiproute_only: 1 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 1 Albert Shih wrote: Le 18/12/2008 à 05:46:18-0500, Michael Scheidell a écrit Try nagios 3.03. I think they will do the trick. I'm using nagios 3.06 ... and it's not working. Thanks for your answer. Regards. JAS -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
listserver problems?
might be generic listserver issues, but I noticed that at least on freebsd-jail list, it does NOT strip out dkim/domainkeys signatures. that might not be to bad, but it does 'mung' the headers, so dkim signed email passed through freebsd mailing list server comes back as a forged signature. whoever is working on the listservers can contact me for assistance on it. maybe just a postfix header IGNORE rule would strip it back out. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Nagios Jail
What plugin versions are you running? Im running latest also. pkg_info | grep nagios Albert Shih wrote: Le 18/12/2008 à 05:46:18-0500, Michael Scheidell a écrit Try nagios 3.03. I think they will do the trick. I'm using nagios 3.06 ... and it's not working. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: listserver problems?
Nikola Lečić wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Three objections to your DKIM signature: Thanks! the value of the great freebsd community! Been doing this since '83, and you will never find a more informed, more willing to help group out there anywhere. Thanks Nikola -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Nagios Jail
Andy Greenwood wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Albert Shih wrote: Hi all. I'm trying to install a nagios server in a jail. I've a problem with check_ping. only thing I see on mine is I have ipv6 disabled: (also, with_fping, with_netsnmp, with_mysql) all others disabled. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with ezjail: Manually restarted jails don't come up again
I installed the jail utilities (forgot which ones) has a 'jkill' utility. I then added a /etc/rc.conf.d/ezjail with a pre-stop() command that calls a jkill. then all works fine. Frank Steinborn wrote: Hi folks, I have a strange problem on my 7.1-RELEASE with ezjail here. I have 5 jails configured with ezjail, and they run flawlessy - they come up on boot without problems. However, if i stop a jail (via /usr/local/etc/rc.d/ezjail.sh stop jail) and then want to restart it via the rc-script, it stalls here: # /usr/local/etc/rc.d/ezjail.sh start mldonkey.local Configuring jails:. Starting jails: If I check with jls and 'pgrep -lfj jid', i see that there are processes inside the hanging jail running, including /etc/rc. I guess the jails are hanging somewhere in the boot-process, and i guess it's /etc/rc. I even doubt that this is an ezjail-only problem, but this is just a guess. Any hints? Thanks, Frank ___ freebsd-j...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors * Finalist 2009 Network Products Guide Hot Companies _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
something broke last night. www.freebsd.org offline?
none of my freebsd systems can surf to www.freebsd.org anymore. host www.freebsd.org www.freebsd.org has address 69.147.83.33 www.freebsd.org has IPv6 address 2001:4f8:fff6::21 www.freebsd.org mail is handled by 0 . mx1.slpowers.com.ionspam.net# host -t a www.freebsd.org www.freebsd.org has address 69.147.83.33 lynx does this (as an example): socket failed: family 28 addr 2001:4f8:fff6::21 port 80. I don't have any of our servers or workstations compiled WITH_IPV6 running 7.1 amd64, running 7.1 i386, running 6.4 i386. telnet www.freebsd.org 80 Trying 69.147.83.33... on macos. just hangs. telnet www.freebsd.org 80 Trying 2001:4f8:fff6::21... Trying 69.147.83.33... on freebsd 6.4 i386 just hangs -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: something broke last night. www.freebsd.org offline?
Steve Bertrand wrote: Michael Scheidell wrote: none of my freebsd systems can surf to www.freebsd.org anymore. ah. I see problem.. you didn't look up the host I documented. freebsd.org is different then www.freebsd.org host freebsd.org freebsd.org has address 69.147.83.40 freebsd.org has IPv6 address 2001:4f8:fff6::28 freebsd.org mail is handled by 10 mx1.freebsd.org. tryWWW.FREEBSD.ORG Can you provide: # netstat -rn # ifconfig I seriously doubt thats it.. I can get to the world. I could do this on 40 different systems. host -t a www.freebsd.org www.freebsd.org has address 69.147.83.33 $ host www.freebsd.org www.freebsd.org has address 69.147.83.33 www.freebsd.org has IPv6 address 2001:4f8:fff6::21 netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default204.89.241.1 UGS 0 45058027 con0 127.0.0.1 127.0.0.1 UH 015108lo0 204.89.241 link#2 UC 00 con0 204.89.241.1 00:0f:34:87:cc:e0 UHLW20 con0 1199 204.89.241.2 00:06:b1:06:08:39 UHLW194936 con0 1004 204.89.241.135 00:06:b1:06:08:39 UHLW1 7050 con0580 204.89.241.236 00:14:22:1f:18:64 UHLW1 51 con0 1084 204.89.241.239 00:14:22:1f:18:64 UHLW1 5369 con0868 ifconfig aux0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 options=3bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU ether 00:22:19:50:24:9e media: Ethernet autoselect (none) status: no carrier con0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=3bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU inet 204.89.241.240 netmask 0xff00 broadcast 204.89.241.255 ether 00:22:19:50:24:9c media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 bct# from whois: Tech FAX Ext.: Tech Email:no.valid.em...@worldnic.com Name Server:NS1.ISC-SNS.NET Name Server:NS2.ISC-SNS.COM Name Server: not my cache: this is direct from the horses mouth: host www.freebsd.org NS1.ISC-SNS.NET Using domain server: Name: NS1.ISC-SNS.NET Address: 72.52.71.1#53 Aliases: www.freebsd.org has address 69.147.83.33 www.freebsd.org has IPv6 address 2001:4f8:fff6::21 www.freebsd.org mail is handled by 0 . host www.freebsd.org NS2.ISC-SNS.COM Using domain server: Name: NS2.ISC-SNS.COM Address: 38.103.2.1#53 Aliases: www.freebsd.org has address 69.147.83.33 www.freebsd.org has IPv6 address 2001:4f8:fff6::21 www.freebsd.org mail is handled by 0 . bct# I have no issues here: pearl# telnet -6 freebsd.org 80 Trying 2001:4f8:fff6::28... Connected to freebsd.org. Escape character is '^]'. ... pearl# telnet freebsd.org 80 Trying 69.147.83.40... Connected to freebsd.org. Escape character is '^]'. ah. I see problem.. you didn't look up the host I documented. freebsd.org is different then www.freebsd.org host freebsd.org freebsd.org has address 69.147.83.40 freebsd.org has IPv6 address 2001:4f8:fff6::28 freebsd.org mail is handled by 10 mx1.freebsd.org. looks like if you Also, after a quick look, it would be handy if you could flush your DNS cache and try again. The IPs I get for FreeBSD.org are different than those in your example. Perhaps they changed, and your DNS has not updated yet. Steve -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: something broke last night. www.freebsd.org offline?
looks up now. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
