Re: Since SquirrelMail Looks Like It Will Never Be Supported Again...

2013-08-31 Thread Paul Schmehl
--On August 31, 2013 8:35:27 AM +0100 Frank Leonhardt 
freebsd-...@fjl.co.uk wrote:



On 30/08/2013 22:20, Tim Daneliuk wrote:

SquirrelMail seems to be forever on hold because of an incompatibility
with PHP 5.  So I am going to have to replace it as our Webmail
interface.


I'm a bit confused about this - you seem to be saying that Squirrelmail
won't work on PHP 5? I've been running it on PHP 5 for years and it's
being maintained to support changes for the latest 5.4 and 5.5 releases.



The port has been marked BROKEN for quite a while.  The release that 
resolves problems with PHP 5.4 and above has not yet been released.  The 
fixes have been in nightly snapshots since May 2013, but the final release 
(which would update the FreeBSD port) has never been available and still 
isn't.


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Why doesn't this work?

2013-06-27 Thread Paul Schmehl
echo Testing, testing, testing |/usr/bin/tee -a /var/log/httpd-access.log 
|/usr/bin/logger -t base_http_access /var/log/testing.log


This writes to the httpd-access.log but does not write to 
/var/log/testing.log.  I'm probably reading the man page incorrectly, but I 
thought this should work.  For some reason absolutely nothing is being 
passed from tee to logger.


What am I missing?

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


FBSD 9.1.0 - make buildworld running for 1.5 hours???

2013-03-01 Thread Paul Schmehl
I'm running make buildworld on a quad processor quad core box with 16GB of 
ram, and it's been running already for more than an hour and a half.  Has 
world really gotten that huge?  Good lord!  Good thing we have 
freebsd-update!


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: 3 TB disk troubles

2013-02-14 Thread Paul Schmehl
--On February 14, 2013 6:33:31 AM -0600 Scott Bennett benn...@cs.niu.edu 
wrote:



 The confusing thing is that the kernel says it's a 3 TB device,
but the utility programs say otherwise.
 Thanks for your reply, though.  I may have to take the device back
to the store I bought it and ask them to demonstrate to me that it
actually works for them as a 3 TB drive.  Sigh.



What utilities are you referring to?  If it's fdisk and bsdlabel, those can 
only see 2TB no matter how big the disk is.  What does gpart show tell 
you?


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at mp.cs.niu.edu   *
**
* A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army.   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org




--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


RE: How to add unused space to an existing install

2013-02-07 Thread Paul Schmehl

--On February 6, 2013 5:21:39 PM -0600 dte...@freebsd.org wrote:





-Original Message-
From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-
questi...@freebsd.org] On Behalf Of Paul Schmehl
Sent: Wednesday, February 06, 2013 9:59 AM
To: FreeBSD Questions List
Subject: How to add unused space to an existing install

I have a FreeBSD 8.3 RELEASE box that we recently discovered only has
part of the disk being used.  This box has four 1TB drives in RAID 5,
and df only shows 500MB of disk available.

fdisk shows this:
# fdisk -p
# /dev/mfid0
g c364602 h255 s63
p 1 0xa5 63 1562363771
a 1

When I run the fdisk editor in sysinstall I see this:

Disk name:  mfid0  FDISK Partition
Editor
DISK Geometry:  364602 cyls/255 heads/63 sectors = 5857331130 sectors
(2860024MB)

Offset   Size(ST)End Name  PType   Desc  Subtype
Flags

 0 63 62- 12 unused0
63 1562363771 1562363833  mfid0s1  8freebsd  165
1562363834 4294981702 5857345535- 12 unused0

I want to capture all that unused space and add it to the server.

fstab has this:
# cat /etc/fstab
# DeviceMountpoint  FStype  Options Dump
Pass#
/dev/mfid0s1b   noneswapsw  0   0
/dev/mfid0s1a   /   ufs rw  1   1
/dev/mfid0s1e   /home   ufs rw  2   2
/dev/mfid0s1d   /tmpufs rw  2   2
/dev/mfid0s1f   /usrufs rw  2   2
/dev/mfid0s1g   /varufs rw  2   2
/dev/acd0   /cdrom  cd9660  ro,noauto   0   0

When I try to create a new slice using fdisk, it doesn't seem to work.


Did you try something like:

echo p 2 165 * * | sudo fdisk -f- /dev/mfid0

??


Thank you for your detailed and informative answer.

I did not.  I'm a neophyte in the disk world.  I've always used sysinstall 
to setup partitions and mount points.




Afterward fdisk -p should show something like...

# /dev/mfid0
g c364602 h255 s63
p 1 0xa5 63 1562363771
p 2 0xa5 num num
a 1

And then you'll have /dev/mfid0s2 which you can do-with what you like
(directly newfs the slice or create BSD partitions underneath that to
further sub-divide into as many as 8 smaller units, /dev/mfid0s2[a-h]).



I've been doing some more research on this problem, and I've discovered 
that bsdlabel has a 2 to the 32nd limit on disk size.  It appears I have to 
use gpart instead.  Is that not correct?





If I move to the label editor, I get this:

 FreeBSD Disklabel Editor

Disk: mfid0 Partition name: mfid0s1 Free: 0 blocks (0MB)

Part  Mount  Size Newfs   Part  Mount  Size Newfs
  -   -     -   -
mfid0s1a  none   2000MB *
mfid0s1d  none  65536MB *
mfid0s1e  none   4096MB *
mfid0s1b  swap65536MB SWAP
mfid0s1f  none  10240MB *
mfid0s1g  none601GB *

As you can see mfid0s1g is 601GB, and according to fstab that's /var.

Yet df -h shows:

# df -h
Filesystem   SizeUsed   Avail Capacity  Mounted on
/dev/mfid0s1a1.9G726M1.0G41%/
devfs1.0k1.0k  0B   100%/dev
/dev/mfid0s1e3.9G 38M3.5G 1%/home
/dev/mfid0s1d 62G6.6M 57G 0%/tmp
/dev/mfid0s1f9.7G7.5G1.4G84%/usr
/dev/mfid0s1g582G 39G496G 7%/var

So apparently I'm not creating this new slice?  It should be
/dev/mfid0s1h, correct?



Let's not confuse slices (DOS partitions) with disklabels (BSD
partitions).


OK.  I've clearly done that.  As I say, I'm a neophyte in the disk geometry 
and configuration field.




DOS partitions are (maximum 4 per disk):

mfid0s1
mfid0s2
mfid0s3
mfid0s4

(according to your fdisk -p output, you're mfid0 disk is currently only
using mfid0s1)

BSD partitions are (maximum 8 per slice aka DOS partition):

mfid0s1a
mfid0s1b
mfid0s1c
mfid0s1d
mfid0s1e
mfid0s1f
mfid0s1g
mfid0s1h

(according to your sysinstall output, you're mfid0s1 slice has 5 BSD
partitions -- a, e, d, f, and g)



I see.




How to I recapture the remaining 2+TB of space that's not being used?



The easiest way to use your extra space is to not adjust one of those 5
BSD partitions, but instead create a new DOS partition (mfid0s2 as
previously discussed above). However, if you *really* want to grow an
existing BSD partition, this can be done (very carefully).



I'm all for taking the easy way out. :-)



First, you'll want to save the output of disklabel -r mfid0s1 to a text
file.

Next, you'll have to re-fdisk mfid0 so that the first slice covers the
entire disk. Of course, re-mastering the slices does not affect the data,
but it _will_ wipe out the BSD partition map (the disklabels; in other
words, after

How to add unused space to an existing install

2013-02-06 Thread Paul Schmehl
I have a FreeBSD 8.3 RELEASE box that we recently discovered only has part 
of the disk being used.  This box has four 1TB drives in RAID 5, and df 
only shows 500MB of disk available.


fdisk shows this:
# fdisk -p
# /dev/mfid0
g c364602 h255 s63
p 1 0xa5 63 1562363771
a 1

When I run the fdisk editor in sysinstall I see this:

Disk name:  mfid0  FDISK Partition 
Editor
DISK Geometry:  364602 cyls/255 heads/63 sectors = 5857331130 sectors 
(2860024MB)


Offset   Size(ST)End Name  PType   Desc  Subtype 
Flags


0 63 62- 12 unused0
   63 1562363771 1562363833  mfid0s1  8freebsd  165
1562363834 4294981702 5857345535- 12 unused0

I want to capture all that unused space and add it to the server.

fstab has this:
# cat /etc/fstab
# DeviceMountpoint  FStype  Options DumpPass#
/dev/mfid0s1b   noneswapsw  0   0
/dev/mfid0s1a   /   ufs rw  1   1
/dev/mfid0s1e   /home   ufs rw  2   2
/dev/mfid0s1d   /tmpufs rw  2   2
/dev/mfid0s1f   /usrufs rw  2   2
/dev/mfid0s1g   /varufs rw  2   2
/dev/acd0   /cdrom  cd9660  ro,noauto   0   0

When I try to create a new slice using fdisk, it doesn't seem to work.  If 
I move to the label editor, I get this:


FreeBSD Disklabel Editor

Disk: mfid0 Partition name: mfid0s1 Free: 0 blocks (0MB)

Part  Mount  Size Newfs   Part  Mount  Size Newfs
  -   -     -   -
mfid0s1a  none   2000MB *
mfid0s1d  none  65536MB *
mfid0s1e  none   4096MB *
mfid0s1b  swap65536MB SWAP
mfid0s1f  none  10240MB *
mfid0s1g  none601GB *

As you can see mfid0s1g is 601GB, and according to fstab that's /var.

Yet df -h shows:

# df -h
Filesystem   SizeUsed   Avail Capacity  Mounted on
/dev/mfid0s1a1.9G726M1.0G41%/
devfs1.0k1.0k  0B   100%/dev
/dev/mfid0s1e3.9G 38M3.5G 1%/home
/dev/mfid0s1d 62G6.6M 57G 0%/tmp
/dev/mfid0s1f9.7G7.5G1.4G84%/usr
/dev/mfid0s1g582G 39G496G 7%/var

So apparently I'm not creating this new slice?  It should be /dev/mfid0s1h, 
correct?


How to I recapture the remaining 2+TB of space that's not being used?

--
Paul Schmehl (pa...@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/infosecurity/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: freebsd-update patches custom /boot/kernel/kernel which it should not

2013-01-02 Thread Paul Schmehl
--On January 2, 2013 6:45:50 PM +0100 andreas scherrer 
ascher...@gmail.com wrote:



Hi

This can be considered a follow up to the message How to keep
freebsd-update from trashing custom kernel? sent to this list by Brett
Glass on August 13th 2012 (see [1]). Unfortunately there is no solution
to the problem in that thread (or I cannot see it).

I am running currently running 9.0-RELEASE-p4 and freebsd-update
recommends to update to p5. It states:

-
The following files will be updated as part of updating to 9.0-RELEASE-p5:
/boot/kernel/kernel
snip
-

And from experience this is what it will do: replace /boot/kernel/kernel
which is my custom kernel with a GENERIC kernel.

As it seems that freebsd-update works by comparing a hash of
/boot/kernel/kernel with the GENERIC kernel's hash I checked the md5 and
sha1 hash of /boot/kernel/kernel and /boot/GENERIC/kernel. They differ
(see [3]).

So why is freebsd-update going to overwrite my custom kernel? And how
can I prevent it from doing so?



Read man (5) freebsd-update.conf.  Particularly the COMPONENTS portion that 
explains how to update world without changing kernel.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: freebsd-update patches custom /boot/kernel/kernel which it should not

2013-01-02 Thread Paul Schmehl
--On January 2, 2013 8:18:38 PM +0100 andreas scherrer 
ascher...@gmail.com wrote:



on 2.1.13 19:15  Paul Schmehl said the following:

--On January 2, 2013 6:45:50 PM +0100 andreas scherrer

And from experience this is what it will do: replace /boot/kernel/kernel
which is my custom kernel with a GENERIC kernel.

As it seems that freebsd-update works by comparing a hash of
/boot/kernel/kernel with the GENERIC kernel's hash I checked the md5 and
sha1 hash of /boot/kernel/kernel and /boot/GENERIC/kernel. They differ
(see [3]).

So why is freebsd-update going to overwrite my custom kernel? And how
can I prevent it from doing so?



Read man (5) freebsd-update.conf.  Particularly the COMPONENTS portion
that explains how to update world without changing kernel.


Thanks for pointing this out. I might change my freebsd-update.conf to
not update the kernel. But still I believe this to be more of a kludge
than a solution: in my opinion the handbook suggests that a custom
kernel should be detected and left alone. But at the same time a GENERIC
kernel in /boot/GENERIC should be patched.

http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html
-


That needs to be updated.


However, freebsd-update will detect and update the GENERIC kernel in
/boot/GENERIC (if it exists), even if it is not the current (running)
kernel of the system.
-

Furthermore if I remove the kernel option from the COMPONENTS in
freebsd-update.conf I think I will not get the kernel source patches
anymore, right? Which in turn means I have to get them via some other
mechanism, no?



See UpdateIfUnmodified in the man page.  You can specify a regex pattern 
that prevents the kernel from being modified but still downloads the 
sources.


Or you can simply pull source from svn, which I think would be my preferred 
method.  Once you've made the first pull, you can use svn to pull all the 
kernel updates subsequent to that first pull and then buildkernel as you 
normally do.




From the same link as above to the handbook:

-
Unless the default configuration in /etc/freebsd-update.conf has been
changed, freebsd-update will install the updated kernel sources along
with the rest of the updates.
-

I think something does not add up here but I can't get my head around it
(yet?).



The Handbook is out of date.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: freebsd-update patches custom /boot/kernel/kernel which it should not

2013-01-02 Thread Paul Schmehl
--On January 2, 2013 1:46:25 PM -0600 Paul Schmehl 
pschmehl_li...@tx.rr.com wrote:



--On January 2, 2013 8:18:38 PM +0100 andreas scherrer
ascher...@gmail.com wrote:


on 2.1.13 19:15  Paul Schmehl said the following:

--On January 2, 2013 6:45:50 PM +0100 andreas scherrer

And from experience this is what it will do: replace
/boot/kernel/kernel which is my custom kernel with a GENERIC kernel.

As it seems that freebsd-update works by comparing a hash of
/boot/kernel/kernel with the GENERIC kernel's hash I checked the md5
and sha1 hash of /boot/kernel/kernel and /boot/GENERIC/kernel. They
differ (see [3]).

So why is freebsd-update going to overwrite my custom kernel? And how
can I prevent it from doing so?



Read man (5) freebsd-update.conf.  Particularly the COMPONENTS portion
that explains how to update world without changing kernel.


Thanks for pointing this out. I might change my freebsd-update.conf to
not update the kernel. But still I believe this to be more of a kludge
than a solution: in my opinion the handbook suggests that a custom
kernel should be detected and left alone. But at the same time a GENERIC
kernel in /boot/GENERIC should be patched.

http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html
-


That needs to be updated.


However, freebsd-update will detect and update the GENERIC kernel in
/boot/GENERIC (if it exists), even if it is not the current (running)
kernel of the system.
-

Furthermore if I remove the kernel option from the COMPONENTS in
freebsd-update.conf I think I will not get the kernel source patches
anymore, right? Which in turn means I have to get them via some other
mechanism, no?



See UpdateIfUnmodified in the man page.  You can specify a regex pattern
that prevents the kernel from being modified but still downloads the
sources.



I wasn't thinking when I wrote this.  Freebsd-update pulls *binary* copies 
of files, so you're not ever going to get the src files to rebuild your 
kernel from freebsd-update.  You need to pull those in using svn.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can't get start_precmd to do *anything*

2012-12-20 Thread Paul Schmehl
--On December 19, 2012 11:07:27 PM + Chris Rees utis...@gmail.com 
wrote:


Here's the current invocation:

start_precmd=pads_agent_ck4fifo()


Lose the parentheses in the above line (this isn't C :) )


Well, doh!

I'll figure out how to read some day.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Can't get start_precmd to do *anything*

2012-12-19 Thread Paul Schmehl
I'm working on an rc.d init script for a port, and I am clearly in need of 
a clue.


I have a daemon that requires that a FIFO exist before it will start.  The 
FIFO is defined in the daemon's conf file.  I could just point that out to 
the user using warn, but I thought it would be nicer to simply take care 
of it programmatically.


So I created this:

start_precmd=${name}_ck4fifo()

${name}_ch4fifo()
{
 . ${pads_agent_conf}
 echo Checking to see if ${PADS_FIFO} exists..
 if [ ! -p ${PADS_FIFO} ]; then
   echo ${PADS_FIFO} did not exist.  Creating it now.
   `/usr/bin/mkfifo ${PADS_FIFO}
 else
   echo ${PADS_FIFO} already exists.
 fi
}

When I run the init script with rc_debug enabled, it calls the 
start_precmd, but absolutely nothing happens.  I don't even get the echos.


# /usr/local/etc/rc.d/pads_agent onestart
/usr/local/etc/rc.d/pads_agent: DEBUG: checkyesno: pads_agent_enable is set 
to YES.
/usr/local/etc/rc.d/pads_agent: DEBUG: run_rc_command: start_precmd: 
pads_agent_ck4fifo()

Starting pads_agent.
/usr/local/etc/rc.d/pads_agent: DEBUG: run_rc_command: doit: 
/usr/local/bin/sguil-sensor/pads_agent.tcl -D -c 
/usr/local/etc/sguil-sensor/pads_agent.conf
[root@buttercup4 /usr/ports/security/sguil-sensor-update/sguil-sensor]# 
Error: Unable to read 
/var/data/nsm/sguil-sensor/buttercup4.utdallas.edu/pads.fifo


I even tried this but got the same result.

${name}_ch4fifo()
{
   warn You must create PADS_FIFO before starting ${name}.
   warn Set PADS_FIFO in the ${pads_agent_conf} file.
}

The warn messages aren't in the messages file either, which is expected 
behavior.


What the heck is going on here?  Is something wrong with rc.subr on this 
host?  Am I missing something?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can't get start_precmd to do *anything*

2012-12-19 Thread Paul Schmehl
--On December 19, 2012 10:47:56 PM + Chris Rees utis...@gmail.com 
wrote:



On 19/12/2012, Paul Schmehl pschmehl_li...@tx.rr.com wrote:

I'm working on an rc.d init script for a port, and I am clearly in need
of a clue.

I have a daemon that requires that a FIFO exist before it will start.
The FIFO is defined in the daemon's conf file.  I could just point that
out to the user using warn, but I thought it would be nicer to simply
take care of it programmatically.

So I created this:

start_precmd=${name}_ck4fifo()


Is this a copy/paste error, or is your function actually called
_ck4fifo or _ch4fifo?



Both, but I fixed it and nothing changed.


${name}_ch4fifo()


I'm surprised sh isn't choking on this, you can't use ${name} in a
function name.  Indirecting it is a waste of processing time, if I'm
honest; just use

start_precmd=pads_agent_prestart

pads_agent_prestart()
{
 do_something
}



OK, I've done that.  Still no change. {{{sigh}}}

Here's the current invocation:

start_precmd=pads_agent_ck4fifo()

pads_agent_ck4fifo()
{
   . ${pads_agent_conf}
   if [ ! -p ${PADS_FIFO} ]; then
   `/usr/bin/mkfifo ${PADS_FIFO}`
   fi
   echo Checking for ${PADS_FIFO}
   if [ -p ${PADS_FIFO} ]; then
   echo ${PADS_FIFO} exists.
   return 0
   else
   echo I tried to create ${PADS_FIFO} and failed.
   echo You will need to create it manually before starting 
${name}.

   return 1
   fi
}

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Dialog on some ports looks odd

2012-12-13 Thread Paul Schmehl
--On December 13, 2012 1:51:16 AM -0800 Dan Mahoney, System Admin 
d...@prime.gushi.org wrote:



Hey there,

Can people confirm some brokenness to me?

When I'm on a system over SSH, I find that doing the following:

cd /usr/ports/mail/alpine; make config

looks fine, but

cd /usr/ports/mail/opendkim; make config

seems to corrupt the headings and not display correctly, the OK/Cancel
buttons get mangled (it may or may not work on the system console).

Could I get some confirmation before I do a send-pr?



Confirmed.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Somewhat OT: Is Full Command Logging Possible?

2012-12-07 Thread Paul Schmehl

--On December 7, 2012 10:23:56 AM +0100 Fleuriot Damien m...@my.gd wrote:



On Dec 6, 2012, at 9:20 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote:


--On December 6, 2012 1:19:00 PM -0600 Tim Daneliuk
tun...@tundraware.com wrote:


I understand this.  Even the organization in question understands
this.  They are not trying to *prevent* any kind of access.  All
they're trying to do *log* it.  Why?  To meet some obscure
compliance requirement they have to adhere to in order to
remain in business.

rant
I know all of this is silly but that's our future when you
let Our Fine Government regulate pretty much anything.
/rant



I sent this last night, but for some reason it never showed up.

/usr/ports/security/sudoscript

I believe this will meet your requirements.



I'm sorry to say it won't.
Nothing will prevent a user from removing sudoscript's FIFO once he gets
root privileges.



Well, sure, but, if someone logs in and sudos to root, that will be logged 
by sudoscript.  If the logging then ceases, that would be cause for 
disciplinary action up to and including dismissal.


Not all problems can be solved with technology.
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Somewhat OT: Is Full Command Logging Possible?

2012-12-06 Thread Paul Schmehl
--On December 6, 2012 1:19:00 PM -0600 Tim Daneliuk tun...@tundraware.com 
wrote:


I understand this.  Even the organization in question understands
this.  They are not trying to *prevent* any kind of access.  All
they're trying to do *log* it.  Why?  To meet some obscure
compliance requirement they have to adhere to in order to
remain in business.

rant
I know all of this is silly but that's our future when you
let Our Fine Government regulate pretty much anything.
/rant



I sent this last night, but for some reason it never showed up.

/usr/ports/security/sudoscript

I believe this will meet your requirements.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Somewhat OT: Is Full Command Logging Possible?

2012-12-05 Thread Paul Schmehl
--On December 5, 2012 7:01:21 PM -0600 Tim Daneliuk tun...@tundraware.com 
wrote:



On 12/05/2012 06:35 PM, Kurt Buff wrote:

On Wed, Dec 5, 2012 at 3:48 PM, Tim Daneliuk tun...@tundraware.com
wrote:

On 12/05/2012 05:44 PM, Kurt Buff wrote:


On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk tun...@tundraware.com
wrote:


I am working with an institution that today provides limited privilege
escalation
on their servers via very specific sudo rules.  The problem is that
the administrators can do 'sudo su -'.


snip


sudo is misconfigured.

man 5 sudoers and man 8 visudo



Kurt



I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're
saying.  Are you suggesting that there is a way to configure
sudo so that if someone does 'sudo su -' to become an admin,
sudo can be made to log every command they execute thereafter?


No, I'm saying that sudo should not be configured to allow 'sudo su -'.

Since you say that the users are provided limited privilege
escalation on their servers via very specific sudo rules, it seems to
me that one of three things is going wrong:

o- Something is wrong with the configuration of sudoers if they can su
to root when they shouldn't be able to do so

o- Someone has misconceived what limited privilege escalation on
their servers via very specific sudo rules actually means, and
deliberately has it configured to allows users to su to root

o- The users' accounts are already root equivalent, which, depending
on the version and configuration of sudo, might give them the ability
to sudo to root regardless of the contents of the sudoers file (see,
for instance, the screen in FreeBSD when you perform 'cd
/usr/ports/security/sudo' and then 'make config')

Kurt


Oh, OK, I wasn't being clear:

- *Some* users are granted the ability to do sudo su -  These
   are the sysadmins.

- All other user are given selective ability to run only a few
   things via sudo.  This varies by department and is controlled
   through a combination of sudo rules and central LDAP group
   membership control.  This is necessary because, for example,
   some DBAs need this when installing a particular client.



Install security/sudoscript.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Unexepected results when piping syslog to a fifo

2012-11-29 Thread Paul Schmehl
I'm working on a project which requires that I pipe a remote syslog to a 
fifo so a daemon can parse the results.  After some googling I *thought* 
that I had figured out how to configure syslog to do this.  Here's the 
syslog.conf entry:


+ hostname.utdallas.edu
*.* | cat  /var/run/program/program.fifo

This seems to work for one syslog message.  The rest go to 
/var/log/messages.


So I tried this:
+ hostname.utdallas.edu
*.* | tail -f  /var/run/program/program.fifo

But that seems to do the same thing.

I want these messages to be piped to the fifo *only* and not show up in 
local logs.  What's the secret sauce for this?


--
Paul Schmehl (pa...@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/infosecurity/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: csup to svn

2012-11-21 Thread Paul Schmehl
--On November 21, 2012 11:10:28 AM -0500 Fbsd8 fb...@a1poweruser.com 
wrote:



I use packages for all my ports.
But some times I have to use ports make files because I need to change
the default configuration.

I use a custom csup script to just download the desired single port.

Since the CVSup/Csup service is being phased out as of February 28, 2013,
How can I duplicate this function using svn?



cd /usr/ports/category
svn co svn://svn.freebsd.org/ports/head/category/port

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: csup to svn

2012-11-21 Thread Paul Schmehl
--On November 21, 2012 6:04:00 PM + Steve O'Hara-Smith 
at...@sohara.org wrote:



On Wed, 21 Nov 2012 12:52:14 -0500
Fbsd8 fb...@a1poweruser.com wrote:


You missed to whole point of my question.
I don't want to maintain the WHOLE ports tree.
I only want to download selected single port.
My current ports tree only has 2 ports, apache22 and php5.
So your reply did not answer my question.
Thanks any how.


This works

svn co svn://svn0.us-east.freebsd.org/ports/head/www/apache22 .

If you do it in /usr/ports/www/apache22 then the port winds up in a
sane place.


No!  This will create an apache22 port in /usr/ports/www/apache22/apache22!

You want to checkout the port while you're in the category directory.

IOW, cd /usr/ports/www  svn co blah blah blah

If you want to do a category, cd /usr/ports/  svn co 
svn://svn.freebsd.org/ports/head/www



Once you have it you can do svn up in /usr/ports/www/apache22

to update it.

This will probably become intolerably clumsy for more than a
handful of ports.




--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: csup to svn

2012-11-21 Thread Paul Schmehl

--On November 21, 2012 5:49:07 PM -0500 Fbsd8 fb...@a1poweruser.com wrote:


Paul Schmehl wrote:

--On November 21, 2012 6:04:00 PM + Steve O'Hara-Smith
at...@sohara.org wrote:


On Wed, 21 Nov 2012 12:52:14 -0500
Fbsd8 fb...@a1poweruser.com wrote:


You missed to whole point of my question.
I don't want to maintain the WHOLE ports tree.
I only want to download selected single port.
My current ports tree only has 2 ports, apache22 and php5.
So your reply did not answer my question.
Thanks any how.


This works

svn co svn://svn0.us-east.freebsd.org/ports/head/www/apache22 .

If you do it in /usr/ports/www/apache22 then the port winds up in a
sane place.


No!  This will create an apache22 port in
/usr/ports/www/apache22/apache22!

You want to checkout the port while you're in the category directory.

IOW, cd /usr/ports/www  svn co blah blah blah

If you want to do a category, cd /usr/ports/  svn co
svn://svn.freebsd.org/ports/head/www


Once you have it you can do svn up in /usr/ports/www/apache22

to update it.

This will probably become intolerably clumsy for more than a
handful of ports.






Yeap thats the ticket. I tested this and it works also

svn co svn://svn.freebsd.org/ports/head/misc/ytree /usr/ports/misc/ytree

Don't have to change into target directory.


Another question

csup has category called base that checkouts all the pieces parts
making up the ports make environment.

svn has no category called base

What is base called in svn category?




svn co svn://svn.freebsd.org/base/release/8.3.0 /usr/src

for example.

To see the various branches, go to the svnweb site. 
http://svnweb.freebsd.org/


In general, the checkout command will pull whatever you ask for and put it 
where you tell it to and save date in a .svn directory which then allows 
you to run svn up from then on (unless you delete the .svn directory 
structure) to upgrade your sources.













--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: csup to svn

2012-11-21 Thread Paul Schmehl

--On November 21, 2012 8:11:05 PM -0500 Fbsd8 fb...@a1poweruser.com wrote:


snip


csup has category called base that checkouts all the pieces parts
making up the ports make environment. IE Files in /usr/ports directory

svn has no category called base

What is base called in svn category?




svn co svn://svn.freebsd.org/base/release/8.3.0 /usr/src

for example.

To see the various branches, go to the svnweb site.
http://svnweb.freebsd.org/

In general, the checkout command will pull whatever you ask for and put
it where you tell it to and save date in a .svn directory which then
allows you to run svn up from then on (unless you delete the .svn
directory structure) to upgrade your sources.



The base you have referenced in svn means kernel source.
The ports cvup has category named base.

There is no category named base in the svn ports category list.

Doing a cvup for category base builds the following
# /usr/ports ls
.cvsignore  GIDsLEGAL   Mk  Tools
CHANGES KNOBS   MOVED   README  UIDs
COPYRIGHT   LASTCOMMIT.txt  MakefileTemplates   UPDATING

How do I do same thing using svn?



What was base is now head.  To tell it to download only the files in head 
use:


svn co svn://svn.freebsd.org/ports/head /usr/ports svn_depth_files = 1








Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Question about find - excluding directories

2012-10-14 Thread Paul Schmehl
I want to use find to locate files that don't belong to a certain user but 
should belong to that user.  But there are subdirectories I want to exclude.


I have tried using this, but it doesn't work:

find /path/to/dir -type d ! -uid num \( -type d ! -name dirname -prune \)

If I leave off the part in parentheses, it finds all the files I'm looking 
for but also files in the subdirs I'm not interested in.


If I add the parentheses, it doesn't find any files at all.

This is FreeBSD 8.3 RELEASE.

So how can I find these files without descending into directories I'm not 
interested in?


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


What replaces csup?

2012-09-17 Thread Paul Schmehl
Now that we're switching to svn, is there a utility analogous to csup for 
fetching source?  Is that utility available for 8.3?  (I'm assuming 
subversion will become part of base in 9.x.)


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Problems with ssl certs

2012-09-17 Thread Paul Schmehl
I'm setting up a new server and plan on migrating a Wordpress blog to it. 
Right now the server does not resolve with DNS, because the server I'm 
migrating from is still up and running.  (I'm in the setup and configure 
stage.)


I've got Wordpress installed and working with apache22, mysql 5.4, php 5.5 
and suphp.  I've migrated some of the blog over and installed some plugins 
I need.


One of the plugins is the Wordpress jetpack.  I can't figure out how to get 
this plugin to active.


This is the error message I'm getting:

Your website needs to be publicly accessible to use Jetpack: 
site_inaccessible


Error Details: The Jetpack server was unable to communicate with your site 
[IXR -32300: transport error: http_request_failed SSL certificate problem, 
verify that the CA cert is OK. Details: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]


I assume this is a problem with the site's self-signed cert not verifying 
through curl.  I cat'd the cert into the ca-certfile, but it still doesn't 
work, so maybe I'm wrong.


Here's the path for the ca file:
# curl-config --ca
/usr/local/share/certs/ca-root-nss.crt

I cat'd both the site's cert and the Jetpack site's cert into the 
ca-root-nss.crt file.  I think Jetpack is using php-curl.  I have the 
php-curl extension installed.


Is there a way to get this self-signed cert working?  Or am I going to have 
to buy a cert?


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: What replaces csup?

2012-09-17 Thread Paul Schmehl
--On September 17, 2012 11:23:09 PM + Walter Hurry 
walterhu...@gmail.com wrote:



On Mon, 17 Sep 2012 09:45:23 -0500, Paul Schmehl wrote:


Now that we're switching to svn, is there a utility analogous to csup
for fetching source?  Is that utility available for 8.3?  (I'm assuming
subversion will become part of base in 9.x.)


9.1-RC1 here. Subversion is still in ports at the moment.



Does csup use subversion now?  Or do we need to use something else to fetch 
source?


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: What replaces csup?

2012-09-17 Thread Paul Schmehl
--On September 17, 2012 8:42:33 PM -0400 Robert Huff roberth...@rcn.com 
wrote:




Paul Schmehl writes:


 Does csup use subversion now?  Or do we need to use something
 else to fetch source?


As I understand it, for the average user c(vs)up and subversion
serve the same function using different methods (both in terms of
identifying what files need to be fetched and actually fetching
them).  At this level of discussion they are mutually exclusive.
I have switched from csup to subversion for ports and docs.
After modest preparation it was essentially painless.



Are these modest preparations documented somewhere?

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Problems with ssl certs

2012-09-17 Thread Paul Schmehl
--On September 17, 2012 5:31:25 PM -0700 Kurt Buff kurt.b...@gmail.com 
wrote:



On Mon, Sep 17, 2012 at 5:13 PM, Paul Schmehl pschmehl_li...@tx.rr.com
wrote:

I'm setting up a new server and plan on migrating a Wordpress blog to it.
Right now the server does not resolve with DNS, because the server I'm
migrating from is still up and running.  (I'm in the setup and configure
stage.)

I've got Wordpress installed and working with apache22, mysql 5.4, php
5.5 and suphp.  I've migrated some of the blog over and installed some
plugins I need.

One of the plugins is the Wordpress jetpack.  I can't figure out how to
get this plugin to active.

This is the error message I'm getting:

Your website needs to be publicly accessible to use Jetpack:
site_inaccessible

Error Details: The Jetpack server was unable to communicate with your
site [IXR -32300: transport error: http_request_failed SSL certificate
problem, verify that the CA cert is OK. Details: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]

I assume this is a problem with the site's self-signed cert not verifying
through curl.  I cat'd the cert into the ca-certfile, but it still
doesn't work, so maybe I'm wrong.

Here's the path for the ca file:
# curl-config --ca
/usr/local/share/certs/ca-root-nss.crt

I cat'd both the site's cert and the Jetpack site's cert into the
ca-root-nss.crt file.  I think Jetpack is using php-curl.  I have the
php-curl extension installed.

Is there a way to get this self-signed cert working?  Or am I going to
have to buy a cert?


I could be off base here, and you may already have thought of this,
but is the cert tied to the IP address or the name of the server? If
it's tied to the name, and you're accessing it via the IP address,
it's been my experience that the cert will throw an error. Vice versa,
too.



That did not change a thing.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Problems with ssl certs

2012-09-17 Thread Paul Schmehl
--On September 17, 2012 7:22:44 PM -0700 Kurt Buff kurt.b...@gmail.com 
wrote:



On Mon, Sep 17, 2012 at 5:55 PM, Paul Schmehl pschmehl_li...@tx.rr.com
wrote:


--On September 17, 2012 5:31:25 PM -0700 Kurt Buff kurt.b...@gmail.com
wrote:


On Mon, Sep 17, 2012 at 5:13 PM, Paul Schmehl pschmehl_li...@tx.rr.com
wrote:


I'm setting up a new server and plan on migrating a Wordpress blog to
it. Right now the server does not resolve with DNS, because the server
I'm migrating from is still up and running.  (I'm in the setup and
configure stage.)

I've got Wordpress installed and working with apache22, mysql 5.4, php
5.5 and suphp.  I've migrated some of the blog over and installed some
plugins I need.

One of the plugins is the Wordpress jetpack.  I can't figure out how to
get this plugin to active.

This is the error message I'm getting:

Your website needs to be publicly accessible to use Jetpack:
site_inaccessible

Error Details: The Jetpack server was unable to communicate with your
site [IXR -32300: transport error: http_request_failed SSL certificate
problem, verify that the CA cert is OK. Details: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]

I assume this is a problem with the site's self-signed cert not
verifying through curl.  I cat'd the cert into the ca-certfile, but it
still doesn't work, so maybe I'm wrong.

Here's the path for the ca file:
# curl-config --ca
/usr/local/share/certs/ca-root-nss.crt

I cat'd both the site's cert and the Jetpack site's cert into the
ca-root-nss.crt file.  I think Jetpack is using php-curl.  I have the
php-curl extension installed.

Is there a way to get this self-signed cert working?  Or am I going to
have to buy a cert?



I could be off base here, and you may already have thought of this,
but is the cert tied to the IP address or the name of the server? If
it's tied to the name, and you're accessing it via the IP address,
it's been my experience that the cert will throw an error. Vice versa,
too.



That did not change a thing.


Hmm. Using the loopback address?



Um, no.  I'm accessing the site from my house over the web.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Best file system for a busy webserver

2012-08-16 Thread Paul Schmehl
Does anyone have any opinions on which file system is best for a busy 
webserver (7 million hits/month)?  Is anyone one system noticeably better 
than any other?


Just curious.  I'm getting ready to setup a new box running FreeBSD 9, and 
since I'm starting from scratch, I'm questioning all my previous 
assumptions.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Best file system for a busy webserver

2012-08-16 Thread Paul Schmehl
--On August 16, 2012 6:02:57 PM +0100 Steve O'Hara-Smith st...@sohara.org 
wrote:



On Thu, 16 Aug 2012 10:45:25 -0500
Paul Schmehl pschmehl_li...@tx.rr.com wrote:


Does anyone have any opinions on which file system is best for a busy
webserver (7 million hits/month)?  Is anyone one system noticeably
better  than any other?


That's an average of about 3 hits per second. If it's static pages
then pretty much anything will handle it easily (but please don't use
FAT). If it's dynamic then the whole problem is more complex than a
simple page rate. If that load is bursty it may make a difference too.



Thanks for the reply.  It's a combination.  There are many static pages, 
but there is also a php-mysql forum that generates pages on the fly.  It 
accounts for about half of the traffic.  I've always used ufs but am 
wondering if switching to zfs would make sense.


This stats page might answer some of your questions: 
http://www.stovebolt.com/stats/


Basically traffic is steady but it's busiest in the evenings (US time zones)


Other considerations may come into play - how big is this
filesystem (number of files, maximum number of entries in a directory,
volume of data) ? Are there many users needing to be protected from each
other ? What about archives ? snapshots ? growth ? churn ? uptime
requirements, disaster recovery time ?


I don't even know where to begin.  There's about 15G of data on the server.

Maybe this will help answer your questions:
# sysctl -a | grep file
kern.maxfiles: 12328
kern.bootfile: /boot/kernel/kernel
kern.maxfilesperproc: 11095
kern.openfiles: 492
kern.corefile: %N.core
kern.filedelay: 30
p1003_1b.mapped_files: 1

last pid: 40369;  load averages:  0.01,  0.03,  0.00 
up 104+09:33:44 13:14:49

137 processes: 1 running, 136 sleeping
CPU:  0.7% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.2% idle
Mem: 229M Active, 6108M Inact, 1056M Wired, 15M Cache, 828M Buf, 514M Free
Swap: 16G Total, 28K Used, 16G Free

The system is not being stressed.

If by users, you means shell accounts, there's two, so that's not really an 
issue.  The site has grown organically over the years from a few hundred 
hits a month to the now 6-8 million hits (depends on the time of year and 
the weather - mechanics are usually out in the garage if it's sunny and on 
the computer when it's not).


Uptime is not an issue.  The owners have repeatedly said if the site is 
down for two days they don't care.  (The forum users don't feel that way 
though!)  We've had one disaster (hard drive failure and raid failed 
while I was on vacation), and it took about 36 hours to get back online, 
but that was 10 years ago.  The site doesn't go down - it's running on 
FreeBSD. :-)


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Best file system for a busy webserver

2012-08-16 Thread Paul Schmehl
--On August 16, 2012 9:42:30 PM +0100 Steve O'Hara-Smith st...@sohara.org 
wrote:



I don't even know where to begin.  There's about 15G of data on the
server.


OK I would say there's no pressing reason to consider ZFS for this
purpose. You'd save a bit of time in crash recovery with no fsck going on,
and perhaps the checksum mechanism would give some peace of mind - but
really in 15GB silent corruption is a very slow process - now if it were
15TB ...



Thanks.


last pid: 40369;  load averages:  0.01,  0.03,  0.00
up 104+09:33:44 13:14:49
137 processes: 1 running, 136 sleeping
CPU:  0.7% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.2% idle
Mem: 229M Active, 6108M Inact, 1056M Wired, 15M Cache, 828M Buf, 514M
Free Swap: 16G Total, 28K Used, 16G Free


OTOH you have plenty of memory lying around doing nothing much
(6108M inactive) so you can easily support ZFS if you want to play with
it's features (the smooth integration of volume management and filesystem
is rather cool).



It's hard, nowadays, to buy a server that's too small for our needs.  Most 
of them are way overspec'd for what this server does.  Which is a nice 
luxury to have.



It sounds like you have backups or at least some means of restoring
the site in the event of disaster so that's all good.


Yes, daily, and the servers are always configured in RAID1.


If there was a
pressing need to be able to get back up fairly quickly and easily I'd be
suggesting ZFS in RAID1 with a hot swap bay in which a third disc goes,
attached as a third mirror, periodically split it off the mirror take
it off site, and replace it with the one that's been off site.

There's really nothing here that's pushing you in any particular
direction for a filesystem, at 15GB if performance ever becomes a problem
a RAID1 of SSDs with UFS would make it fly probably into the hundreds of
hits per second range.


Thanks for the input, Steve.  I appreciate it.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: On-access AV scanning

2012-07-27 Thread Paul Schmehl
--On July 27, 2012 11:43:08 AM +0100 Daniel Bye 
freebsd-questi...@slightlystrange.org wrote:



Are there any current options available to support on-access antivirus
scanning on FreeBSD?



Clamav.

I did some testing several years ago with ClamAV, Sophos and McAfee 
(scanning incoming mail), and ClamAV was comparable to McAfee in detection 
rates - over 98%.


If you run the daemon you have on access scanning.  Seems like that would 
satisfy the policy.


It's in ports, so it should be easy to install and keep up to date.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Apache vs. nginx

2012-07-17 Thread Paul Schmehl

Thanks, Chuck.  That's very useful input.

--On July 17, 2012 10:40:30 AM -0700 Chuck Swiger cswi...@mac.com wrote:


On Jul 17, 2012, at 7:40 AM, Paul Schmehl wrote:

I'm the admin for a small hobby website (Stovebolt.com - about 7 million
hits/mo).  We're fixin to buy a new server, and since I have to start
from scratch (install FreeBSD and all the needed ports), I'm wondering
if anyone on this list has switched from Apache to nginx.

If you have, what has your experience been like?  Was the change
relatively easy?  (I'm not intimidated by technical details.  I've been
running FreeBSD on these servers for about 12 years now.)  Was the
performance better?  (We've not been having any problems with Apache to
this point.) Is there sufficient support from addon apps to run a site
with a php-driven forum?


I've compared them; since I know Apache...rather well, switching to nginx
didn't strike me as a useful change at any of the sites for which I've
setup or managed their webservers.  You have to invoke external scripts
like a PHP forum via FastCGI (what nginx calls ngx_http_fastcgi_module);
using and tuning FastCGI separately from the webserver itself definitely
has some advantages, but those same advantages can be obtained in Apache
by using mod_fcgi instead of using mod_php directly.

Apache is bulkier per process than nginx but has more modules and config
options available for it; nginx seems to have been tuned more for server
farms hosting a lot of low-volume vanity domains, so it has minimal
overhead, implements IP-based and name-based virtual hosting eloquently,
implements bandwidth rate controls as a core functionality, etc.

I cannot recall encountering a circumstance where the base performance of
the webserver itself turned out to be the primary criterion for website
performance; sites are almost always constrained by bandwidth and/or the
performance of the dynamic scripts, database backend, etc-- and not by
the webserver's ability to serve static resources.

Regards,




--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


My tribute to Dennis Ritchie

2011-10-19 Thread Paul Schmehl
/calendar/calendars/calendar.music:04/14	Ritchie Blackmore 
(Deep Purple, Rainbow) is born, 1945

/usr/src/usr.bin/m4/NOTES:  Kernighan, Brian W. and Dennis M. Ritchie,

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Bouncing Email

2011-09-28 Thread Paul Schmehl
--On September 28, 2011 11:00:58 AM -0700 Chuck Swiger cswi...@mac.com 
wrote:



On Sep 28, 2011, at 5:08 AM, Gene wrote:

This is probably (ok... IS) off topic, so if anyone knows of a list
dealing  with policyd-weight please just point me at it.




The mailing list has been inactive for some time now.  The developer 
considers the software feature complete.


http://www.policyd-weight.org/faq.html
http://www.policyd-weight.org/

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: My server is under attack (I think)

2011-08-19 Thread Paul Schmehl
--On August 19, 2011 11:01:21 AM -0400 Mark Moellering m...@msen.com 
wrote:



I keep seeing a flood of messages when I run dmesg -a that look like this:

mail sshd[1831]: warning: /etc/hosts.allow, line 2: can't verify
hostname: getaddrinfo(ip223.hichina.com, AF_INET) failed

Is there anything I should be doing to make sure the server isn't
compromised?  It is a mail server running postfix / dovecot
I have pf set up and am also running a program called sshguard.
I am kind of at a loss.  It looks like I am under attack but I don't know
what to do about it.  Any help is greatly appreciated

Thanks in advance


As others have pointed out, this is routine probing by internet jerks.  You 
have several choices.  You can restrict access to ssh to specific IPs or 
netblocks.  You can ignore it and chalk it up to being on the internet. 
Or, if the people that have access to your server are sophisticated enough 
that's it's not too much hassle explaining it, you can run ssh on some 
other port.


I chose options 1  2 for a server I maintain.  I'd prefer option 3, but I 
don't want to have to explain it to the owners.  They're not very tech 
savvy.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread Paul Schmehl

--On August 15, 2011 2:04:27 PM -0400 alexus ale...@gmail.com wrote:


I personally leaning towards that these headers are being modified and
that there is no spam leaving my box (I may be wrong of couse)

here is what I did to come up with that thought

I sent myself an email



The tcpdump command that Chuck gave you is all you need.  *If* all traffic 
exits your network through your box, you will see anything going to port 25 
*anywhere*.  That should tell you quickly what the problem is, if there is 
one.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: 2020: Will BSD and Linux be relevant anymore?

2011-07-19 Thread Paul Schmehl

--On July 19, 2011 8:18:41 AM +0200 Konrad Heuer kheu...@gwdg.de wrote:

In 2020 *I* won't be relevant any more.  :-)

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


RE: Lennart Poettering: BSD Isn't Relevant Anymore

2011-07-18 Thread Paul Schmehl

--On July 18, 2011 2:44:15 PM -0500 Gary Gatten ggat...@waddell.com wrote:


snip

I've always been curious why Linux seemed to take off so fast when
other FOSS / non Winblow$ OS's were available for some time with not much
traction; OS/2, BeOS, *nix with X11, etc.

Not just on the desktop, but servers as well.  Supported versions of
Linux such as RHEL, Suse, etc. seem to have made more headway into the
enterprise computing environment in the last ten years than *BSD did in
the last 30.


From my personal experience - which is relatively limited - it seems
applications just work on Linux?  When I need to compile an app, it
takes a few mins on Linux - but may take me a few weeks on FBSD.
Granted someone more knowledgeable with FBSD, Compilers, etc. could do
it much faster than I.


Anyway, if someone has a brief explanation of why Linux has apparently
triumphed (in so far as installed base, desktop penetration, etc.) where
so many others have failed (including IBM with OS/2) I'd be interested in
hearing those thoughts.



I'll hazard a guess.  Linux was new and shiny and all the rage when 
computer science really took off in the higher ed field.  So geeks wanted 
to use it, but to do so at that time you had to be a bit of a coder.  So 
the number of people hacking on it and submitting changes ballooned. 
Basically, anyone who wanted to submit a change could, but Linux kept the 
base kernel code management to prevent major mistakes.


Then all their friends wanted it too, but they couldn't code.  So the push 
for ease of use began.  That was the genesis of projects such as kde and 
gnome and the drive behind getting things like flash and cutting edge 
drivers working in Linux.


Meanwhile, the *BSDs were those old stogdy OSes that nobody was using 
any more, so there was no great incentive for geeks to check it out and use 
it.  Remember the old saw, Unix is user friendly.  It's just picky about 
who its friends are.?


So Linux was becoming more user friendly and gaining all sorts of GUI 
crud that made it easier for non-geeks to be admins while the BSDs were 
still rolling down the tried and true path of development that required 
that you actually understand the innards if you really wanted to be an 
admin.


Linux hasn't triumphed, BTW, it's merely in ascendancy right now.  It 
could well go by the wayside if a major problem erupts and doesn't get 
resolved quickly.


In short, some people chase the newest shiniest thing.  Others prefer to 
stick with what works.  Often, the newest shiniest folks, after they've 
gained some wisdom, move to the other camp.  So you could well see a 
resurgence of BSD as Linux admins who've grown tired of its quirks but have 
gained some unix skills start moving back toward the BSD side.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Lennart Poettering: BSD Isn't Relevant Anymore

2011-07-18 Thread Paul Schmehl


On 07/17/2011 04:10, Jerry wrote:

While I usually consider Slashdot nothing more than a bunch of
juveniles ranting against Microsoft; however, I did find this rather
interesting post this morning.

Lennart Poettering: BSD Isn't Relevant Anymore

http://bsd.slashdot.org/story/11/07/16/0020243/Lennart-Poettering-BSD-I
snt-Relevant-Anymore

Interestingly enough, a great deal of it is true. It might be
interesting to know how others feel about it. Obviously, asking that
question on this forum is like playing against a stacked deck; however,
it still might prove interesting.


I thought it was one of the funniest threads I've read in a long time.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Problems with sshd

2011-07-15 Thread Paul Schmehl
I manage a small hobby website for some friends.  The system has been 
running fine for quite a while, but suddenly the owners are having 
problems using WinSCP to transfer files to the server.  The only thing 
that has changed recently is their internet service, and I'm inclined to 
think that's the cause.  They are using a Verizon hotspot, whatever that 
is.  (They live in the country, and options for internet service are 
limited.)


But I'm the thorough sort, so I've enabled verbose logging and been 
googling for possible causes.  One thing I've noticed is that their IP 
address changes quite frequently, but this snippet from the log shows that 
it also happens with the same IP.  (I changed the username to protect 
their privacy.)


Checking the archived logs, which go back several months, the error: 
ssh_msg_send: write entry appears occasionally whenever they login using 
WinSCP, so I assume it's some incompatibility about the program that rears 
its ugly head from time to time.  I suspect it has no significance wrt 
this particular problem.


Any thoughts on possible things to check for would be most welcome.

Jul 15 07:19:33 www sshd[55490]: subsystem request for sftp
Jul 15 07:30:03 www sshd[55529]: Accepted keyboard-interactive/pam for 
user from 166.248.39.94 port 40850 ssh2

Jul 15 07:30:03 www sshd[55544]: subsystem request for sftp
Jul 15 07:39:56 www sshd[55564]: error: ssh_msg_send: write
Jul 15 07:43:14 www sshd[55570]: error: ssh_msg_send: write
Jul 15 07:46:39 www sshd[55596]: Accepted keyboard-interactive/pam for 
user from 166.248.39.94 port 40851 ssh2

Jul 15 07:46:40 www sshd[55608]: subsystem request for sftp
Jul 15 07:49:31 www sshd[55610]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27437 ssh2

Jul 15 07:49:32 www sshd[55613]: subsystem request for sftp
Jul 15 07:56:59 www sshd[55634]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27436 ssh2

Jul 15 07:57:00 www sshd[55637]: subsystem request for sftp
Jul 15 08:26:15 www sshd[55751]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27440 ssh2

Jul 15 08:26:15 www sshd[55755]: subsystem request for sftp
Jul 15 08:30:59 www sshd[55779]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 48390 ssh2

Jul 15 08:30:59 www sshd[55782]: subsystem request for sftp
Jul 15 08:47:07 www sshd[55852]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27446 ssh2

Jul 15 08:47:07 www sshd[55855]: subsystem request for sftp
Jul 15 09:01:26 www sshd[55897]: error: ssh_msg_send: write
Jul 15 10:55:48 www sshd[56416]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27426 ssh2

Jul 15 10:55:49 www sshd[56419]: subsystem request for sftp
Jul 15 11:44:02 www sshd[56579]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27449 ssh2

Jul 15 11:44:03 www sshd[56595]: subsystem request for sftp
Jul 15 11:48:22 www sshd[56615]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27433 ssh2

Jul 15 11:48:22 www sshd[56618]: subsystem request for sftp
Jul 15 11:51:24 www sshd[56624]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 51389 ssh2

Jul 15 11:51:24 www sshd[56627]: subsystem request for sftp
Jul 15 12:04:22 www sshd[56717]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27430 ssh2

Jul 15 12:04:22 www sshd[56720]: subsystem request for sftp
Jul 15 12:08:35 www sshd[56725]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 51383 ssh2

Jul 15 12:08:36 www sshd[56728]: subsystem request for sftp
Jul 15 12:11:55 www sshd[56755]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 51361 ssh2

Jul 15 12:11:56 www sshd[56758]: subsystem request for sftp
Jul 15 12:36:39 www sshd[56855]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 21268 ssh2

Jul 15 12:36:39 www sshd[56858]: subsystem request for sftp
Jul 15 12:44:02 www sshd[56863]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27452 ssh2

Jul 15 12:44:02 www sshd[56879]: subsystem request for sftp
Jul 15 12:49:20 www sshd[56904]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27454 ssh2

Jul 15 12:49:20 www sshd[56907]: subsystem request for sftp
Jul 15 12:53:25 www sshd[56918]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27424 ssh2

Jul 15 12:53:25 www sshd[56921]: subsystem request for sftp
Jul 15 12:57:42 www sshd[56951]: Accepted keyboard-interactive/pam for 
user from 166.248.39.172 port 27425 ssh2

Jul 15 12:57:42 www sshd[56954]: subsystem request for sftp

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
When intelligence argues with stupidity and bias,
intelligence is bound to lose; intelligence has limits,
but stupidity and bias have none

Re: Easiest desktop BSD distro

2011-03-30 Thread Paul Schmehl
--On March 30, 2011 9:49:02 AM -0600 Chad Perrin per...@apotheon.com 
wrote:



On Tue, Mar 29, 2011 at 02:45:27PM -0500, Jason Hsu wrote:

I want to learn BSD.  I find that the best way to familiarize myself
with a distro is to adopt it as my main distro (for web browsing,
email, word processing, etc.).


A word of caution -- as you have probably noticed in responses already:



What a delightful answer.  I especially liked As vi is to Notepad, so 
FreeBSD is to

Ubuntu or Mint, I think;

My compliments on a job very well done.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Easiest desktop BSD distro

2011-03-29 Thread Paul Schmehl
--On March 29, 2011 2:23:48 PM -0700 Chip Camden 
sterl...@camdensoftware.com wrote:



Quoth William Brown on Wednesday, 30 March 2011:


On 30/03/2011, at 07:15, Chip Camden wrote:

 So what do you recommend as my first desktop BSD distro?  What
 desktop BSD distro is so easy to use that even Paris Hilton or
 Jessica Chicken of the Sea Simpson can handle it?

 To each their own, but I wouldn't want a system that Paris Hilton could
 handle any more than I'd want a vehicle that a four-year-old can drive.

There is something to be said for the keep it simple principle however.


Yes, but keep it simple need not mean do everything for you.  Often,
a simpler design means more choices, and more choices means more
responsibility and more steps to completion.


I totally agree.  However, there are different degrees of choices.  For 
example, an installer that says, Now it's time to partition your disk.  Go 
do that, and when you finish, I'll return you to this screen for the next 
step. is demonstrably different from one that says, Now it's time to 
partition your disk.  Would you like me to use these displayed defaults? 
Or would you like to make your own decisions?  Then, once you've selected 
option 2 it says, What would you like to name this partition? (note, you 
MUST have a root partition, represented by /.


The former is not user friendly.  The latter is more so.  Yes, you can go 
to the Handbook and read about partitions, and you can google about them 
and learn more, but the first time you install FreeBSD and you're staring 
at that screen, it's daunting for some folks.


It might even be useful to have an initial screen that offers options such 
as Experienced User, Minimal Prompts, Familiar User, Additional Prompts 
and First Time User, Walk me through it step by step.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: sguil-client startup problem

2011-03-18 Thread Paul Schmehl

--On March 17, 2011 4:30:31 PM +0100 d.sch...@rn.rabobank.nl wrote:


I have a question regarding the installation and startup of sguil-client
on a 8.2 Generic OS. It seems that my installation requires an iwidget
extension when run with tclsh8.4 and receives an error when running
wish8.4:

Error in startup script: can't read 0: no such variable while executing
Exec /usr/local/bin/wish8.4 $0 $@  line 5.

I have all the required packages , I suppose
(tclX-8.4,tcl-8.4,tcllib,tcltls,tk8.4,ictl-3), also the iwidget extension
is installed... Strangely  enough also version 8.5 is present on the
system, could that be a problem. Hopefully , there is someone who has
experienced the same or better yet, has an answer to my problem...



Apparently the default tcl install is now 8.5.  Looks like I'm going to 
have to update the ports.


You *may* be able to fix your problem by editing the sguil.tk file, 
although I'm not sure what other impacts that might have.  The script calls 
wish8.4 explicitly, but that probably doesn't exist on your system.  Change 
it to 8.5 and see if that fixes the problem.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSDPAN support for Module::Build?

2011-03-14 Thread Paul Schmehl
--On March 14, 2011 3:07:01 PM -0400 Richard Morse remo...@partners.org 
wrote:



Hi! Is there any BSDPAN support for Module::Build? Is there a package I
can install that will add it? Documentation on the web for BSDPAN is
remarkably limited...



cd to /usr/ports
type make search name=Module-Build

/usr/ports/devel/p5-Module-Build

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Upgrading 7.1 to 7.3, use 7.2 as a safe step?

2011-02-25 Thread Paul Schmehl
--On February 25, 2011 1:39:47 PM -0800 Nerius Landys nlan...@gmail.com 
wrote:



For me, time can be spared, but errors should be avoided at all costs.
I have upgraded FreeBSD before, for example 7.0 - 7.1.  I use the
buildworld/buildkernel procedure.
I now have a 7.1 system.  Should I upgrade to 7.2 and then to 7.3, or
is it safe to go directly from 7.1 to 7.3?



I have upgraded several times across major versions without any problems. 
(5.x to 6.x, 6.x to 7.x).  Each time I simply changed the supfile to the 
version I wanted to upgrade to, fetched the files and rebuilt world and 
kernel.  After those are complete, I run a portupgrade -a to sync all the 
ports with the new sources.


Note that this is *not* the way to do it if you absolutely must avoid 
problems, however slight the risk.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: script help

2011-02-15 Thread Paul Schmehl
--On February 15, 2011 12:57:12 PM +0300 Peter Andreev 
andreev.pe...@gmail.com wrote:



Use of xargs on many files will be much faster than find...exec
construction

find / -type f -name copyright.htm | xargs sed -i .bak -e 's/2010/2011/g'



I believe you, but can you explain why this is true?  What makes xargs 
faster than exec?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-09 Thread Paul Schmehl
--On February 9, 2011 1:31:45 PM -0500 Alfredo Perez 
alfredo...@gmail.com wrote:



Sorry for my question

But if I am reading correclty, you can run Freebsd as host,
install virtuabox and then run Mac OS X as guest?



No.  Mac OS X is the host.  FreeBSD is a guest virtual machine.

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
When intelligence argues with stupidity and bias,
intelligence is bound to lose; intelligence has limits,
but stupidity and bias have none.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
I'm trying to setup a FreeBSD VM in Virtualbox.  The host OS is Mac OS X 
10.6.6.  I'm already running Windows 7 64 bit with no problems.  When you 
setup a new VM, you get a first time startup scenario that asks you to 
point to a file (iso usually) that contains the setup program for the OS. 
Then, when you boot the machine, setup begins.


That's not working for me.  I've tried both the disc iso and the dvd iso 
without success.  I haven't tried it, but I assume that if I burned the iso 
and popped it in a box that I would get the setup menu and be able to 
install the OS.


Is there some kind of trick required to get this working inside VB?

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
--On February 9, 2011 2:01:46 AM +0900 Hyogeol Lee hyogeol...@gmail.com 
wrote:





I'm trying to setup a FreeBSD VM in Virtualbox.  The host OS is Mac OS X
10.6.6.  I'm already running Windows 7 64 bit with no problems.  When you
setup a new VM, you get a first time startup scenario that asks you to
point to a file (iso usually) that contains the setup program for the OS.
Then, when you boot the machine, setup begins.

That's not working for me.  I've tried both the disc iso and the dvd iso
without success.  I haven't tried it, but I assume that if I burned the
iso
and popped it in a box that I would get the setup menu and be able to
install the OS.

Is there some kind of trick required to get this working inside VB?




Did you try 8.1-i386 ?


I have failed to install 8.1-i386 under OSX VB. But 8.1-amd64 works fine
for me.



I tried amd since it's a 64 bit machine.

I've attached a screenshot of the vm.  It's hung at this point and will not 
go any further.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
--On February 8, 2011 10:24:47 AM -0600 Adam Vande More 
amvandem...@gmail.com wrote:



On Tue, Feb 8, 2011 at 9:33 AM, Paul Schmehl
pschmehl_li...@tx.rr.comwrote:


I'm trying to setup a FreeBSD VM in Virtualbox.  The host OS is Mac OS X
10.6.6.  I'm already running Windows 7 64 bit with no problems.  When you
setup a new VM, you get a first time startup scenario that asks you to
point to a file (iso usually) that contains the setup program for the
OS. Then, when you boot the machine, setup begins.

That's not working for me.  I've tried both the disc iso and the dvd iso
without success.  I haven't tried it, but I assume that if I burned the
iso and popped it in a box that I would get the setup menu and be able to
install the OS.

Is there some kind of trick required to get this working inside VB?



What's the difference between a disk iso and a dvd iso?


My assumption is that the former is in CD format and the latter is in DVD 
format.  I wouldn't think a vm would care either way.  It should be able to 
read both.



 From the VM's
settings page, chose storage.  Make sure the virtual DVD drive has the
correct iso.  Start the VM.  If you can't find the iso in the drop down
list it means you have to add it to the storage manager.  You could also
put the disc in the drive and and tell the VM to use the drive.



The iso was listed as secondary IDE, so I made it primary.  No difference. 
I then tried booting with ACPI disabled due to the errors I was seeing, but 
that made no difference either.  The system is booting, but when it gets to 
md0: Preloaded image /boot/mfsroot 4194304 bytes at 0x80e6aa98 it 
stops and goes no further.



It's not anymore complicated than that really.  If that doesn't work, I'd
start looking at the disc and see if works.


I'm not using a disc.  I'm using an iso file.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
--On February 8, 2011 12:00:23 PM -0600 Paul Schmehl 
pschmehl_li...@tx.rr.com wrote:




I've attached a screenshot of the vm.  It's hung at this point and will
not go any further.


Screenshot may be found here:

http://www.utdallas.edu/~pauls/FBSD81VM.tiff

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
--On February 8, 2011 8:14:19 PM +0200 George Liaskos 
geo.lias...@gmail.com wrote:



The system is booting, but when it gets to

md0: Preloaded image /boot/mfsroot 4194304 bytes at 0x80e6aa98
it stops and goes no further.


Try enabling IO APIC under System  Motherboard.


That solved the problem.  Thank you very much!

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD 8.1 as a Virtualbox Guest OS

2011-02-08 Thread Paul Schmehl
--On February 8, 2011 8:41:14 PM + Matthew Seaman 
m.sea...@infracaninophile.co.uk wrote:



On 08/02/2011 15:33, Paul Schmehl wrote:

I'm trying to setup a FreeBSD VM in Virtualbox.  The host OS is Mac OS X
10.6.6.  I'm already running Windows 7 64 bit with no problems.  When
you setup a new VM, you get a first time startup scenario that asks you
to point to a file (iso usually) that contains the setup program for the
OS. Then, when you boot the machine, setup begins.


Works for me on much the same kit.  As I recall, you need to play with
the CPU etc. settings a bit to find some combination that will boot.
Let's see...

   OS Type  FreeBSD (64 bit)
   As much RAM as you want
   One CPU
 Enable PAE/NX
   VT-x/AMD-V Enabled
   Nested Paging Enabled
 Enable IO APIC

^^^

That was the critical piece.  Once I did that the old familiar setup 
routine came up.  I'm installing now.  Thanks for everyone's help.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: newsyslog.conf and Apache log files

2010-10-07 Thread Paul Schmehl
--On Thursday, October 07, 2010 16:08:23 -0400 Robert Huff roberth...@rcn.com 
wrote:




Joe Auty writes:


 I have the following entry for dealing with my Apache log files:

 /var/log/httpd/* 644  2 *  $M1D0 GBJ
 /var/run/httpd.pid 30

 Unfortunately, this has created these big long log files such as the
 following:

 httpderror_log.2.bz2.2.bz2.2.bz2.1.bz2.1.bz2.1.bz2.0.bz2

 How can I prevent these dumb log file names from being created?


This is what I use:

/var/log/httpd-access.log   640  5 *$W0D04 Z 
/var/run/httpd.pid
/var/log/httpd-error.log640  5 *$W0D00 Z 
/var/run/httpd.pid
/var/log/rewrite_log640  5 *$W0D00 Z 
/var/run/httpd.pid


And this is the results:
# ls -lsa /var/log/httpd-*
279520 -rw-r-  1 root  wheel  286062450 Oct  7 16:09 
/var/log/httpd-access.log
26352 -rw-r-  1 root  wheel   26960261 Oct  3 04:00 
/var/log/httpd-access.log.0.gz
26720 -rw-r-  1 root  wheel   27332026 Sep 26 04:00 
/var/log/httpd-access.log.1.gz
37984 -rw-r-  1 root  wheel   38845050 Sep 19 04:00 
/var/log/httpd-access.log.2.gz
25632 -rw-r-  1 root  wheel   26214452 Sep  5 04:00 
/var/log/httpd-access.log.3.gz
24800 -rw-r-  1 root  wheel   25364090 Aug 29 04:00 
/var/log/httpd-access.log.4.gz
23568 -rw-r-  1 root  wheel   24116870 Aug 22 04:00 
/var/log/httpd-access.log.5.gz
 1472 -rw-r-  1 root  wheel1477939 Oct  7 16:07 
/var/log/httpd-error.log
  122 -rw-r-  1 root  wheel 124058 Oct  3 00:00 
/var/log/httpd-error.log.0.gz
  140 -rw-r-  1 root  wheel 141619 Sep 26 00:00 
/var/log/httpd-error.log.1.gz
  224 -rw-r-  1 root  wheel 198696 Sep 19 00:00 
/var/log/httpd-error.log.2.gz
  150 -rw-r-  1 root  wheel 153353 Sep  5 00:00 
/var/log/httpd-error.log.3.gz
  138 -rw-r-  1 root  wheel 139720 Aug 29 00:00 
/var/log/httpd-error.log.4.gz
  114 -rw-r-  1 root  wheel 116124 Aug 22 00:00 
/var/log/httpd-error.log.5.gz
   80 -rw-r--r--  1 root  wheel  80066 Oct  6 18:47 
/var/log/httpd-ssl_request.log


# ls -lsa /var/log/rewrite_log*
194672 -rw-r-  1 root  wheel  199225770 Oct  7 16:07 /var/log/rewrite_log
17856 -rw-r-  1 root  wheel   18260862 Oct  3 00:00 
/var/log/rewrite_log.0.gz
18448 -rw-r-  1 root  wheel   18873604 Sep 26 00:00 
/var/log/rewrite_log.1.gz
26288 -rw-r-  1 root  wheel   26899244 Sep 19 00:00 
/var/log/rewrite_log.2.gz
17536 -rw-r-  1 root  wheel   17935781 Sep  5 00:00 
/var/log/rewrite_log.3.gz
16896 -rw-r-  1 root  wheel   17278330 Aug 29 00:00 
/var/log/rewrite_log.4.gz
16048 -rw-r-  1 root  wheel   16402215 Aug 22 00:00 
/var/log/rewrite_log.5.gz


Your problem appears to be caused by file globbing.  Since you use httpd/*, 
every file will be rotated, even ones that were previously rotated.  So, 
newsyslogd keeps appending more and more bzs to the end of the filenames, just 
as you've told it to do.




My advice would be to not use syslog.  It's bee a while since I
fixed this problen, but I remember reading Apache has ... issues
... with rotating logs using syslog/newsyslog.  Instead I use
sysutils/cronolog with:



None here, and I've been rotating apache logs since 1.3.1* (now at 2.2.16 with 
numerous upgrades in between) using newsyslog without every seeing the problem 
that you describe.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: LibreOffice?

2010-10-05 Thread Paul Schmehl
--On Monday, October 04, 2010 21:50:27 -0700 Caleb Stein caleb.st...@me.com 
wrote:



When can we expect it in the ports?


Sure.  Just submit the port as usual.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Any awk gurus on the list?

2010-08-23 Thread Paul Schmehl
--On Friday, August 20, 2010 17:24:55 -0700 Randal L. Schwartz 
mer...@stonehenge.com wrote:



Paul == Paul Schmehl pschmehl_li...@tx.rr.com writes:


Paul Yes, I know I could do this easily in Perl.  I'm doing this to try
Paul and improve my understanding of awk.

To what end?

Every modern system that can run awk can also run Perl.  Why not
concentrate on Perl?


Three reasons.  Perl is too easy (for this particular problem.)  :-)
Perl isn't part of the base system for FreeBSD.

# ls -lsa /usr/bin/perl
0 lrwxr-xr-x  1 root  wheel  25 Jul 29 22:53 /usr/bin/perl - 
/usr/local/bin/perl5.12.1


# ls -lsa /usr/bin/awk
134 -r-xr-xr-x  2 root  wheel  135472 Jul  4  2008 /usr/bin/awk

It never hurts to learn new things, especially things that might get you out of 
a jam when a system isn't working as expected and you have access to a limited 
number of tools to solve the problem.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Any awk gurus on the list?

2010-08-20 Thread Paul Schmehl
I'm trying to figure out how to use awk to parse values from a string of 
unknown length and unknown fields using awk, from within a shell script, and 
write those values to a file in a certain order.


Here's a typical string that I want to parse:

alert ip 
[50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/6,173.0.0.0/8,174.0.0.0/7,176.0.0.0/5,184.0.0.0/6] 
any - $HOME_NET any (msg:ET POLICY Reserved IP Space Traffic - Bogon Nets 2; 
classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; 
threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:10;)


What I want to do is extract the value after sid:, the value after 
reference: and the value after msg: and insert them into a file that would 
look like this:


2002750 || ET POLICY Reserved IP Space Traffic - Bogon Nets 2 || 
url,www.cymru.com/Documents/bogon-list.html


Yes, I know I could do this easily in Perl.  I'm doing this to try and improve 
my understanding of awk.  I *think* I've figured out that the right approach is 
to use an associative array, and this command:


#  awk '!/#/ { for (i=1; i=NF; i++) { if ( $i ~ /sid/) {mtcmsg[sid]=$i; print 
mtcmsg[sid]}}}'  /usr/local/etc/snort/rules/mtc.rules.test


prodcues this data:
sid:299913;
sid:52123;
sid:3001441;
sid:1444;
sid:2008120;
sid:5001684;
sid:2001683;
sid:22466;
sid:2002750;
sid:303;
sid:29232;
sid:2232;
sid:300;
sid:2003070;
sid:2003484;
sid:2003603;
sid:3104;
sid:28;

So it appears (at least to me) that I'm on the right path, but I thought I'd 
query the awk gurus on the list.  Is there a better way to approach this?


The standard FS breaks the msg into multiple fields, which is unacceptable.  So 
my thinking is that I would need to do somthing like this (pseudocode)


!/#/; FS=; {if ( $i ~ /sid/) then use tr to stip the sid: and ; and 
insert the result into an element named sid

if ($i ~ /reference/) then ditto into an element named ref
if $i ~ /msg/) then ditto into an element named msg)
then print array[sid] || array[msg] ||  array[ref]  resulting file.}

But when I add an FS to the script, I get odd results:

#  awk '!/#/ { FS=;; for (i=1; i=NF; i++) { if ( $i ~ /sid/) 
{mtcmsg[sid]=$i; print mtcmsg[sid]}}}'  
/usr/local/etc/snort/rules/mtc.rules.test

sid:299913;
sid:52123
sid:3001441
sid:1444
sid:2008120
sid:5001684
sid:2001683
sid:22466
sid:2002750
sid:303
sid:29232
sid:2232
sid:300
sid:2003070
sid:2003484
sid:2003603
sid:3104
sid:28

Why is the first value indented and not stripped of the semi-colon?

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD equivalent of Linux's free(1)?

2010-08-18 Thread Paul Schmehl
--On Wednesday, August 18, 2010 14:14:25 -0400 Aleksandr Miroslav 
alexmiros...@gmail.com wrote:



On Wed, Aug 18, 2010 at 1:41 PM, RW rwmailli...@googlemail.com wrote:

Is there any particular reason you want to know? Free memory isn't a
very meaningful concept in FreeBSD.


I have a webserver that had it's Apache killed this morning. The box
itself had been stable for several years, as well as the Apache
instance. The error that I saw in /var/log/messages was something along
the following:

pid 1234 (httpd), uid 100, was killed: out of swap space

So I went to check what was eating up the swap,

The problem itself was tracked down fairly easily, someone had added a
shelt script to cron (/home/user/foo.sh) and had mistakenly put the full
path to the script into the script itself -- essentially creating a
forkbomb.

But while I was in the middle of debugging this and noticed that line
from the logfile, I spent more time than necessary trying to figure out
exactly how much swap/memory was being used, and who was using it.


man (8) pstat

pstat -s -m
Device  1M-blocks UsedAvail Capacity
/dev/ad8s1b  81920 8191 0%

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo (a moderate opinion)

2010-07-30 Thread Paul Schmehl
--On Friday, July 30, 2010 14:06:07 +1000 Ian Smith smi...@nimnet.asn.au 
wrote:



In freebsd-questions Digest, Vol 321, Issue 11, Message: 20
On Thu, 29 Jul 2010 12:20:24 -0500 Paul Schmehl pschmehl_li...@tx.rr.com
wrote:   --On Thursday, July 29, 2010 11:03:07 -0400 Jerry McAllister
jerr...@msu.eduwrote:
  
   Actually, the OP said logo and made no mention of mascott.
   I am the one way back in this thread that introduced the difference
   of BSDie mascot and round thing logo in this thread.
   I assumed the OP meant the BSDie mascot and proceeded in that
   direction.   But, it is possible that the OP really did mean
   that sex toy than made him uncomfortable for religious reasons.
   I haven't heard my assumption corrected by him though.
 
  Well, I guess I'm old fashioned.  I had no idea that was a sex toy, nor
would Iknow how to use it.
 
  Anybody care to explain?  :-)
 
  Oh, and the absolute best part of this never-ending thread has been the
  Agnostix, Atheistix, JeesuX back and forth.  Had me rolling in the aisle
  several times.
 
  Now about that sex toy..

It's a girl thing, Paul.  Or rather, a girls thing .. and no, I didn't
forget an apostrophe.  Hope that helps.



Somewhere in the distant past I remember stumbling across benwa.


  It is as useless to argue with those who have
  renounced the use of reason as to administer
  medication to the dead. Thomas Jefferson

Indeed, as this thread has demonstrated to excess (sure, pot, kettle :)

Maybe we should go with an image of the ToothFairy .. at least that's an
imaginary being that (almost) everyone over the age of seven KNOWS is an
imaginary friend - or foe, as preferred.



Cue the anti-ToothFairy crowd.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo (a moderate opinion)

2010-07-29 Thread Paul Schmehl
--On Thursday, July 29, 2010 11:03:07 -0400 Jerry McAllister jerr...@msu.edu 
wrote:


Actually, the OP said logo and made no mention of mascott.
I am the one way back in this thread that introduced the difference
of BSDie mascot and round thing logo in this thread.
I assumed the OP meant the BSDie mascot and proceeded in that
direction.   But, it is possible that the OP really did mean
that sex toy than made him uncomfortable for religious reasons.
I haven't heard my assumption corrected by him though.



Well, I guess I'm old fashioned.  I had no idea that was a sex toy, nor would I 
know how to use it.


Anybody care to explain?  :-)

Oh, and the absolute best part of this never-ending thread has been the 
Agnostix, Atheistix, JeesuX back and forth.  Had me rolling in the aisle 
several times.


Now about that sex toy..

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo (a moderate opinion)

2010-07-29 Thread Paul Schmehl
--On Thursday, July 29, 2010 14:34:49 -0400 Jerry McAllister jerr...@msu.edu 
wrote:



On Thu, Jul 29, 2010 at 12:20:24PM -0500, Paul Schmehl wrote:


--On Thursday, July 29, 2010 11:03:07 -0400 Jerry McAllister
jerr...@msu.edu wrote:

 Actually, the OP said logo and made no mention of mascott.
 I am the one way back in this thread that introduced the difference
 of BSDie mascot and round thing logo in this thread.
 I assumed the OP meant the BSDie mascot and proceeded in that
 direction.   But, it is possible that the OP really did mean
 that sex toy than made him uncomfortable for religious reasons.
 I haven't heard my assumption corrected by him though.


[clipped]




Now about that sex toy..



Anything with about any shape, usually with some bumps that can --
well, use your imagination!



Ah.  Now I see the problem.  No imagination

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo

2010-07-27 Thread Paul Schmehl
--On Monday, July 26, 2010 18:20:48 -0600 Chad Perrin per...@apotheon.com 
wrote:



On Mon, Jul 26, 2010 at 01:24:21PM -0500, Paul Schmehl wrote:

--On Saturday, July 24, 2010 00:24:46 -0600 Chad Perrin
per...@apotheon.com wrote:

 When this is the way someone starts a discussion about wanting to use a
 new OS, I tend to believe there is no genuine interest in using the OS in
 question.

When this is the way one answers a simple question, I tend to believe
there's no genuine interest in dialog.  I am therefore left to wonder who
really is the intolerant one.  One cannot claim to be tolerant while
demonstrating intolerance any more than one can claim to be educated
without every having read a book.


How perspicacious of you.  I'll quote myself basically saying exactly
that -- that I am not particularly interested in dialog with someone
who, I'm sure, has already made up his or her mind:

In any case, I didn't claim to be tolerant.  In fact, I very
specifically said I was sure someone would accuse me of intolerance, and
went on to explain that I am guilty of intolerance of those who are
intolerant themselves.  Why are you just repeating what I have said, but
in the tone of an accusation?  How intolerant are *you* today?



We can let the readers decide that.  (Not that it matters to me one way or the 
other.)


The man asked a simple question.  You then launched into a lengthy diatribe 
against intolerance, and you continue to lash out at anyone who takes issue 
with your responses.  I made no value judgments about you.  I simply parroted 
your own words.  Yet you rise up in self-righteous anger in response.


Then you cement your apparent ntolerance of any criticism with pot, kettle, 
black.  Perhaps the mote in your eye is obscuring the mite in others.




It's amazing to me the ridicule heaped upon the man for asking a question.
Would it have been too difficult to simply answer the question, as the
first response did?  No, we have to attack the man for having beliefs that
are different from our own.  Because we're so enlightened?  Or because we
are even more ignorant than we suppose he is?


I *did* answer the question before heaping ridicule on someone who, as I
stated, I believe had already made up his or her mind, and had no genuine
interest in dialog in the first place.



So now that you know you were wrong, will you apologize?  (I'm not holding my 
breath.)


At a minimum, get some help for the anger issues.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo

2010-07-27 Thread Paul Schmehl
--On Tuesday, July 27, 2010 15:49:47 -0500 Reid Linnemann 
lr...@cs.okstate.edu wrote:



On final analysis, I think the OP should abandon any desire for
FreeBSD in favor of this: http://pudge.net/jesux/


Sheesh.  Now I really have seen everything.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo

2010-07-26 Thread Paul Schmehl
--On Saturday, July 24, 2010 00:24:46 -0600 Chad Perrin per...@apotheon.com 
wrote:


When this is the way someone starts a discussion about wanting to use a
new OS, I tend to believe there is no genuine interest in using the OS in
question.


When this is the way one answers a simple question, I tend to believe there's 
no genuine interest in dialog.  I am therefore left to wonder who really is the 
intolerant one.  One cannot claim to be tolerant while demonstrating 
intolerance any more than one can claim to be educated without every having 
read a book.


It's amazing to me the ridicule heaped upon the man for asking a question. 
Would it have been too difficult to simply answer the question, as the first 
response did?  No, we have to attack the man for having beliefs that are 
different from our own.  Because we're so enlightened?  Or because we are even 
more ignorant than we suppose he is?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: BSD logo

2010-07-26 Thread Paul Schmehl

--On Monday, July 26, 2010 14:06:17 -0700 David Brodbeck g...@gull.us wrote:


On Mon, July 26, 2010 11:24 am, Paul Schmehl wrote:

When this is the way one answers a simple question, I tend to believe
there's no genuine interest in dialog.


Well, I hate to break it to you, but people who are trying to make a
religious point aren't interested in dialog, anyway.  In fact, it's pretty
well impossible to have a dialog with them that gets anywhere.  You can't
have a sensible debate when the other person's fallback response is always
it's god's will, so it's beyond our understanding and we can't question
it, and you're an evil person for not agreeing with me.  These people
have been taught from a young age that logic is evil and will lead them
down the road to hell, so logical arguments are lost on them.



The assumptions and bias in that statement are so broad as to defy description.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: rmconfig from all ports tree

2010-07-22 Thread Paul Schmehl
--On Thursday, July 22, 2010 02:21:59 +0200 claudiu vasadi 
claudiu.vas...@gmail.com wrote:



Hi Greg,

Thanks for the rmconfig-recursive. I did not know about it.


Nor did I.  And it begs the question - is there a way to find out what all the 
make targets are in /usr/ports?  Is this documented anywhere?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Updating

2010-06-30 Thread Paul Schmehl
--On Sunday, June 27, 2010 11:51 AM -0400 Grant Peel gp...@thenetnow.com 
wrote:



Hi all,

What would be the prefered method of upgrading servers from freebsd 6.x
to 8.x ?

Fresh install and reload users data, rebuild ports etc?



This is the best and easiest method.


Upgrade direct from 6.x to 8.x?



This can be done, but you would have to rebuild all your ports and will 
likely run into issues that have to be resolved.



Upgrade sequentially from 6.x to 7.x to 8.x?



Way too much hassle.  If you're going to chose the upgrade route, bite 
the bullet and go directly to 8.  Then deal with the ports issues that 
arise after rebuilding them all.


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: dbus_enable and hald_enable

2010-06-08 Thread Paul Schmehl

--On Tuesday, June 08, 2010 23:29:38 +0200 Polytropon free...@edvax.de wrote:


If you ask what HAL and DBUS actually *ARE*, I'm not sure what
to answer - to me, they are both useless. :-)



hald is an interface between devices and programs.  It listens for 
attachment/detachment of input devices (keyboard, mouse, etc.) and informs 
listening programs of those events.


dbus is an interprocess communication system that allows programs to connect to 
and exchange messages with other programs.  It allows the kernel, for example, 
to interact with your desktop.  Rather than you interacting directly with the 
kernel, dbus acts as a middle man, controlling the communications between the 
two and only allowing you to perform actions which are considered safe or 
reasonable.


The two work together, for example, to let your desktop know when you connect a 
new mouse or type on your keyboard.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Apache web server being attacked

2010-05-18 Thread Paul Schmehl

--On Tuesday, May 18, 2010 18:00:16 +0800 Aiza aiz...@comclark.com wrote:


Has anyone seen this junk hitting their apache web servers or have any
different explanation of what this means?


Any webserver on the internet will see that crap.  Generally it's preceded by a 
syn scan to identify hosts listening on port 80, then everything but the 
kitchen sink shows up.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: I can't execute a script in crontab

2010-05-18 Thread Paul Schmehl
--On Tuesday, May 18, 2010 21:52:43 +0300 Yavuz Maşlak 
yavuz.mas...@netiletisim.net wrote:



I use freebsd7.2

I wish to send a file using crontab as periodic. I have a script to send the
file.
When I am root, I can execute my script, but I can't execute the script using
crontab.
How can I run it ?

cat myscript
/usr/bin/scp -i /root/.ssh/id_rsa.pub /root/cpfile
r...@192.168.10.9:/var/cpfile



Either make the script executable or cron it like this:

*   *  *  *  *  /bin/sh /path/to/myscript

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: If you died tomorrow, what would you like your loved ones to know?

2010-05-14 Thread Paul Schmehl
--On Friday, May 14, 2010 10:02:11 +0200 MentoMori-Global 
i...@mentomoriglobal.com wrote:



MentoMori
If you died tomorrow, what would you like your loved ones to know?



I would want them to know that they are on their own now.  I'm pretty sure they 
will have already figured that out.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Elegant way to hack port source

2010-03-23 Thread Paul Schmehl
--On Friday, March 19, 2010 19:02:45 -0400 Greg Larkin glar...@freebsd.org 
wrote:


Here's something else that I've found really useful as a port creator,
maintainer and troubleshooter.  If I want to make some additional
changes to a source file that is patched by a file stored in
files/patch-, I'll do this:

make patch  # extracts source and patches files
cd work/foobar/...
# Now make additional edits in patched file, leaving the
# .orig file alone
cd ../back/to/port/directory
make makepatch

The makepatch target recurses through the work/foobar directory and
creates diffs for all file.ext/file.ext.orig pairs.  It writes them to
the files/ directory with the patch- prefix on each so the patch target
processes them.

The only thing to watch out for here, is that makepatch has its own file
naming convention that doesn't always mirror the port creator's.  For
instance, some ports have patch files named patch-aa, patch-ab, etc.
 The makepatch target will recreate them with filenames based on the
directory and filename of the file to be patched during the build.

Hope that helps,


Man, does it ever.  Thanks for that.

Which brings me to an obvious question.  Where can I go to find out what all of 
the make targets are?  Is it in /usr/ports/Mk/?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: VirtualBox from the command line

2010-03-19 Thread Paul Schmehl

--On Friday, March 19, 2010 11:46:51 +0800 Aiza aiz...@comclark.com wrote:



Why don't virtual box GUI start in vga mode?



VirtualBox is in ports and installs as an application like Firefox.

Here's a screenshot of it running on my workstation:
http://www.utdallas.edu/~pauls/VirtualBox_on_FreeBSD.png

And here's a shot of the menu item in KDE4:
http://www.utdallas.edu/~pauls/VirtualBox_menu_KDE4.png

It's the second item from the top, because it's a recently used program.  It 
also appears in the System menu on KDE4.  However you create icons to launch 
programs in your window manager, that's how you would create one to start 
VirtualBox.  It has to start as an X11 program, not a commandline (terminal) 
program.



Is this telling me that I have to have Xorg and some
desktop running before VirtualBox's gui will function?



Yes.  VirtualBox is a GUI program designed to run alternative OSes inside the 
native OS.  (There may be a commandline version that I'm not familiar with.)



Are the scripts provided by vboxtool the only way to have
command line control of VirtualBox?
http://vboxtool.sourceforge.net/

See talk about vboxweb as alternate VirtualBox manager.
http://vboxweb.blogspot.com/
Does not look like this is out of development yet.
Anybody using this?



Well, clearly I'm using the GUI version.  I also use it on Mac Snow Leopard. 
It beats the hell out of VMware or having to run Windows natively.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: VirtualBox from the command line

2010-03-19 Thread Paul Schmehl

--On Friday, March 19, 2010 08:44:48 +0800 Aiza aiz...@comclark.com wrote:


Does VirtualBox launch from the FBSD command line?
Is there a package for it in the pkg system?


It's in ports.  I don't know if there's a package for it, but I suspect there 
is, and it's probably older than the ports version.


It's an application.  Just like Firefox.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Elegant way to hack port source

2010-03-19 Thread Paul Schmehl
--On Friday, March 19, 2010 13:01:30 -0700 Charlie Kester 
corky1...@comcast.net wrote:


Whenever I modify a port like this, I usually make a copy of it under
root's home directory and install it from there.  That way, I can keep
my copy of the portstree in complete synch with the official one, and
there's no need to worry about updates quashing my changes.  It also
provides a quick-and-dirty way to see which ports I've modified.



To the O.P.:

How about submiting the patch to the community so it can be added by the port 
maintainer?  If it actually fixes a bug in the software you can't be the only 
one would benefit from the patch.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Elegant way to hack port source

2010-03-19 Thread Paul Schmehl

--On Friday, March 19, 2010 17:04:17 -0400 Alejandro Imass a...@p2ee.org 
wrote:


To the O.P.:

How about submiting the patch to the community so it can be added by the
port maintainer?  If it actually fixes a bug in the software you can't be
the only one would benefit from the patch.



That was going to be my next question, but I am currently debugging to
see why this common fix I've used in Linux is not not working on FBSD.


Ports can throw you for a loop if you're used to building from source.  Others 
have given you good instructions on how to fix the problem, but here's a brief 
overview:


1) Go in to the port directory
2) Type make clean to remove any work directories
3) Type make extract - this extracts the tarball into the working directories 
that FreeBSD expects to find

4) Type make patch to apply any patches that the port maintainer has included
5) Enter the directory where the problem source file is - usually 
work/portname-version/some subdir

6) Copy it to filename.c.orig
7) Edit filename.c to include your changes
8) Diff the two files and put the resulting patch file in portdir/files (Note: 
If the file in question is already being patched by the port, you will need to 
apply your diff to file as well as the edits in the existing patch - doing that 
is not an exercise for the faint of heart.  If that's the case here, respond 
and folks will help you sort it out.)
9) Edit the patch file (now in portdir/files) so that the first two lines 
point to the actual location of the file in the working directories.  (For 
example, if the working directory has a subdir named sc, and your file is in 
there, the first two lines of the patch would be edited thus:
from filename.c to src/filename.c and from filename.c.orig to 
src/filename.c.orig

10) Return to the portdir and type make clean
11) Type make extract and then make patch - if it works, you should be able to 
do the install - if it doesn't work, post the errors here and we'll figure it 
out


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Elegant way to hack port source

2010-03-19 Thread Paul Schmehl
--On Friday, March 19, 2010 15:01:27 -0700 Charlie Kester 
corky1...@comcast.net wrote:


Again, no need for the separate 'make extract' step.
In fact, I'd go straight to 'make build' or 'make install' here, and
skip the separate 'make patch' too.



Thanks, Charles.  You taught me something today. :-)

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Anybody uses VMWare on FreeBSD?

2010-03-18 Thread Paul Schmehl

--On Wednesday, March 17, 2010 13:28:45 -0700 Yuri y...@rawbw.com wrote:


I can't build it, I am getting the following errors. And message to
freebsd-emulation@ from 02/10 was never answered.



Don't bother.  VirtualBox is eminently better and free.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: FreeBSD and vmware

2010-03-18 Thread Paul Schmehl
--On Wednesday, March 17, 2010 21:34:43 +0100 Erik Norgaard 
norga...@locolomo.org wrote:



Hi:

I have a dual boot Windows/FreeBSD which I use for work, I just tried today
to create a virtual machine with vmware on windows to start up the installed
FreeBSD.

This works except for three problems:

- The disk device is renamed, I suppose I can just dublicate the entries in
the fstab, the devices not found won't be mounted, I'll get an error but
problem solved?

- I can't see the network devices from vmware

- I can't start xwindows, no monitor is found

Any clues?



Yes.  Use VirtualBox.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Irritating delay in mouse in kde4

2010-03-18 Thread Paul Schmehl
--On Wednesday, March 17, 2010 12:49:02 -0600 Warren Block wbl...@wonkity.com 
wrote:



On Wed, 17 Mar 2010, Paul Schmehl wrote:


I recently upgraded from FreeBSD 7.2 STABLE to 8.0 STABLE.  I also upgraded
from KDE3 to KDE4 and rebuilt all my ports.  Everything seems to work fine
except the mouse.  There is an irritating delay that I can't seem to get rid
of.  For example, if I mouse to the address line in Firefox and begin typing
in a url, nothing happens until I move the mouse.  Then, suddenly, what I
typed will appear in the address bar.

If I'm working in a shell, for example running portupgrade, nothing happens
until I move the mouse.  Then suddenly portupgrade will start working.

Has anyone seen this type of behavior?  Have any idea what the cause might
be  or where to look to troubleshoot the issue?


Do you have an AllowEmptyInput line in xorg.conf?  If so, remove it.

If you need to disable HAL input device detection, use
   Option AutoAddDevices false

-Warren Block * Rapid City, South Dakota USA



Perfect!  That was the answer.  Thanks, Warren.  As usual you are quite helpful.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Virtualbox on Freebsd

2010-03-18 Thread Paul Schmehl
--On Thursday, March 04, 2010 13:15:02 -0600 Paul Schmehl 
pschmehl_li...@tx.rr.com wrote:



I'm trying to build it from ports right now and running into all sorts of
issues with qt4 stuff.



After rebuilding all my ports (portupgrade -af) and fixing the problems 
encountered, VirtualBox is working perfectly.  I am now running 64 bit Windows 
7 in VirtualBox on my 8 STABLE workstation.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Irritating delay in mouse in kde4

2010-03-17 Thread Paul Schmehl
I recently upgraded from FreeBSD 7.2 STABLE to 8.0 STABLE.  I also upgraded 
from KDE3 to KDE4 and rebuilt all my ports.  Everything seems to work fine 
except the mouse.  There is an irritating delay that I can't seem to get rid 
of.  For example, if I mouse to the address line in Firefox and begin typing in 
a url, nothing happens until I move the mouse.  Then, suddenly, what I typed 
will appear in the address bar.


If I'm working in a shell, for example running portupgrade, nothing happens 
until I move the mouse.  Then suddenly portupgrade will start working.


Has anyone seen this type of behavior?  Have any idea what the cause might be 
or where to look to troubleshoot the issue?


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Upgrade to 8.0 STABLE and KDE 4 - minor problems

2010-03-11 Thread Paul Schmehl
I just upgraded my workstation from 7.2 STABLE to 8.0 STABLE.  I decided to 
make the leap and upgrade to KDE 4 as well.  After sorting out some issues, 
everything is working except for a couple of weird things.  I'm using two 19 
montiors and a virtual display of 3360x1050.  That's working fine, but my 
desktop background only appears on display 1.  Display 2 has the default blue 
background with the circles.


Also, the screensaver only runs in display 2.  Very weird.  I've poked around 
some, but I haven't found anywhere that I can set those to display on both 
screens.


Can anyone give me a hint where to look?

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Virtualbox on Freebsd

2010-03-04 Thread Paul Schmehl
I'm trying to build it from ports right now and running into all sorts of 
issues with qt4 stuff.


--On Wednesday, March 03, 2010 20:50:32 -0500 Glen Barber 
glen.j.bar...@gmail.com wrote:



Hi,

Chris Hill wrote:

On Wed, 3 Mar 2010, Thomas Lawrence wrote:

   Hello Guys and Gals,
   Can you clear something up for me.
   Is it possible to install the closed source version of Virtualbox on
   Freebsd8.

Glen Barber posted this...

http://www.mail-archive.com/freebsd-questions@freebsd.org/msg217302.html

...last summer. I have not tried it, just saying it's there.



It is a (horribly outdated) pkg_add(1) installer.  I haven't had a chance
to update it yet; hopefully this weekend now that my attention has been
drawn to it.

For the record, it is not the closed-source version.  It is
emulators/virtualbox before it was repocopied to
emulators/virtualbox-ose-*.

Regards,




--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Virtualbox on Freebsd

2010-03-04 Thread Paul Schmehl
--On Thursday, March 04, 2010 17:12:26 -0500 Kevin Wilcox 
kevin.wil...@gmail.com wrote:



On 4 March 2010 14:15, Paul Schmehl pschmehl_li...@tx.rr.com wrote:


I'm trying to build it from ports right now and running into all sorts of
issues with qt4 stuff.


This doesn't exactly inspire confidence when it comes time for me to
do my next round of updates.

I remember running into an issue with qt when building Virtualbox but
I *believe* a forced removal of everything qt related and letting it
start the process from scratch fixed the issue.

I'll keep better notes next time :-\


I'm running portupgrade now.  (It's been a while.)  If that doesn't fix it, 
I'll try to forced deletion of everything qt and see if that fixes it.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: discrepancies in disk usage between df and du

2010-02-12 Thread Paul Schmehl
You have a file locking problem.  du shows disk in use, but df shows disk 
committed.  Use lsof to identify the file that has disk space reserved but 
no longer exists.  man (8) lsof


--On February 12, 2010 5:39:44 PM -0300 Fernan Aguero 
fernan.agu...@gmail.com wrote:



Hi,

I have a box (7.2-STABLE, amd64) that is currently showing some disk
usage problems. It all started with apache generating huge logs from
one of the mod_perl applications that is undergoing testing. So the
/var partition was getting full.

We removed all logs that were causing the problem, but even though du
shows some 700 Mb of usage, df shows that the disk is full (-1.5 Gb):

[fer...@omega ~] sudo du -hc -d1 /var/
Password:
2.0K/var/.snap
423M/var/account
6.0K/var/at
2.0K/var/audit
 18K/var/backups
4.0K/var/crash
6.0K/var/cron
 53M/var/db
2.0K/var/empty
2.0K/var/heimdal
219M/var/log
 14M/var/mail
4.0K/var/msgs
 48K/var/named
2.0K/var/preserve
 44K/var/run
2.0K/var/rwho
 16K/var/spool
 76K/var/tmp
 24K/var/yp
2.0K/var/games
710M/var/
710Mtotal

[fer...@omega ~] df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/mirror/gm0s1f 18G 18G   -1.5G   109%/var

I've been googling around, and I understand why df and du might be
reporting disk usage differently. However, I can't solve this issue
and reclaim unused disk space ... applications (apache, mod_perl) are
prevented to write to /var and this is causing us problems.

We've already tried rebooting the box, restarting the syslog,
newsyslog daemons, to no avail. df keeps showing 100% disk usage
(-1.5 Gb of remaining disk space) in all cases. We've even rebooted
the box with all apache instances turned off in rc.conf ... i.e.
without any but the most basic services running (sshd) ...

This box is essentially a web server, no other services are being run.

Any suggestions as to what to try next?

Thanks in advance,




Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: PASSWORD LOST!!

2010-02-08 Thread Paul Schmehl
--On February 8, 2010 12:53:22 PM -0600 Eric Petersen 
er...@andersonbrothers.biz wrote:



Hey guys,

I have a web/ftp server loaded with FreeBSD. This was done a couple of
years back. Since then the person or persons that did the original
install have gone out of business and cannot be found.

Currently I have an issue logging into the ftp. I hooked a monitor up to
the server and I'm getting filesystem full errors and since I don't
have a password to get in I cannot have it fixed by someone that knows
UNIX. I have made numerous attempts to contact the person that installed
on a personal level. But I'm getting the impression he has moved with no
forwarding.



Without a password, you need physical access to the server in order to fix 
the problem.  It sounds like you have that, since you said you hooked up a 
monitor to it.


Here's the steps you can take to retrieve the password.

Shut the server down by hitting the power button.  Then turn it back on 
and watch the prompts when it's booting up.  Chose single user mode.  Then 
follow these steps:


# The system will print out Enter full pathname of shell or RETURN for 
/bin/sh:

# Hit enter to get a prompt
# Type fsck -p
# Type mount -a
# Type passwd
You'll be prompted for the password twice.  This is the root password, so 
it will give you full access to the system.
# Type exit to return to normal operation.  Write the password down and 
lock it up in the company safe.


Surely you have professional Unix support available in Sioux City?

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: simulating dnsdomain

2010-01-20 Thread Paul Schmehl
--On January 21, 2010 12:10:20 AM -0500 Aryeh M. Friedman 
aryeh.fried...@gmail.com wrote:



I have an application that needs to reliably get the fully qualified dns
name for the localhost (3rd party app so I don't want to change it
unless I have to) currrently it calls dnsdomainname which is in
linux is an alias for hostname --fqdn but FreeBSD does not have that
option set... how can I simulate this?


ln -s /bin/hostname /bin/dnsdomainname

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Link to File for JDK16 tzupdater-1_3_21-2009p.zip

2010-01-19 Thread Paul Schmehl
--On Tuesday, January 19, 2010 11:39:21 -0600 Diego Montalvo 
dmonta...@gmail.com wrote:




Been trying to install /usr/ports/java/jdk16 and get an error stating
need to place tzupdater-1_3_21-2009p.zip into
/usr/ports/distfiles... have gone to sun and file is no longer there,
and have searched internet for it but to no avail.

Does someone have link where I can download the file? or can someone
email me the file?

Thanks,
Diego
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


http://java.sun.com/javase/downloads/index.jsp#timezone

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


UTF-16 decoder

2010-01-11 Thread Paul Schmehl
Can anyone point me to an online or unix utility that decodes utf-16 to ascii? 
Or unicode?  My google searches have been nonproductive.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: upgraded to 8, no mouse is broken

2009-12-12 Thread Paul Schmehl
--On December 12, 2009 10:31:59 AM -0600 Polytropon free...@edvax.de 
wrote:


The FreeBSD OS, on the other hand, follows approach (a) and
aids the user with (b) - the defaults are intendedly and
wisely chosen, so they usually don't cause problems, because
they don't assume something stupid, like The user will want
to have a web server included, and enabled by default. :-)



Or the user can't possibly maintain the server without a GUI 
interface..


I have FreeBSD servers that have 30 ports installed.  My desktop has 714. 
It should be up to me what runs on the box, not the manufacturer.  I don't 
need a ton of cruft to run a single application that does some sort of 
task for me.  Even the webservers I maintain have less than 60 ports 
installed.


Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: upgraded to 8, no mouse is broken

2009-12-11 Thread Paul Schmehl
--On Friday, December 11, 2009 07:59:00 -0600 Glen Barber 
glen.j.bar...@gmail.com wrote:


I suppose this falls under the works for me category - I haven't
ever used HAL on FreeBSD.



I have, and I would say that it's not quite ready for primetime.  So I'm back 
to manual configuration and happy about it.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Root exploit for FreeBSD

2009-12-10 Thread Paul Schmehl
--On Thursday, December 10, 2009 08:41:41 -0600 Anton Shterenlikht 
me...@bristol.ac.uk wrote:





From my information security manager:


FreeBSD isn't much used within the University (I understand) and has a
(comparatively) poor security record. Most recently, for example:


http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.ht
ml



Please pass this to your information security manager:


From one information security manager to another, you're an idiot.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Root exploit for FreeBSD

2009-12-10 Thread Paul Schmehl
 an account.)  We have 
just about every OS you can imagine, including some you wouldn't believe 
still exist.


I'm starting to wonder if the security manager really said what Anton 
claims he said, or Anton is filtering his perceptions through the anger he 
feels at being restricted in his ability to operate freely.  If the latter 
is the case, you'd better adjust to it.  It's the world of the future. 
You can do whatever you want at home, but on the corporate network you 
either follow the rules or lose your access.


Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


RE: Xorg - no mouse and no keyboard

2009-12-07 Thread Paul Schmehl
--On Saturday, December 05, 2009 11:49:04 -0600 Warren Block 
wbl...@wonkity.com wrote:


Try manually configuring mouse and keyboard in xorg.conf again, but only
with AutoAddDevices Off, no AllowEmptyInput line.  The xorg.conf man
page says If AllowEmptyInput is on, devices using the kbd, mouse, or
vmmouse driver are ignored.



Warren, thanks.  This solved my problem.  I have no idea why hald stopped 
working, but I was able to overcome the problem by manually configuring the 
mouse and keyboard in xorg.conf and adding Option AutoAddDevices Off to the 
ServerFlags section.


--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson  
___

freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Xorg - no mouse and no keyboard

2009-12-04 Thread Paul Schmehl
I had a working Xorg config, and everything was fine.  Then my monitors
crapped out.  I got new ones and installed them.  No I have no mouse and no
keyboard in Xorg.  I've tried disabling hald and dbus and manually
configuring them.  That doesn't work either.  What sort of troubleshooting
steps do I need to take to figure out why they're not working and get them
working again?

 

Mouse and keyboard work find at the console.  It's only in X that they don't
work.  I'm running 7.2-STABLE FreeBSD 7.2-STABLE #13.  I've uninstalled and
reinstalled xf86-input-keyboard, xf86-input-mouse and the radeonhd driver to
no avail.  I've searched the web for answers but haven't found any.

 

Here's some stuff from the Xorg.0.log:

 

# grep -i mouse /var/log/Xorg.0.log

(==) RADEONHD(0): Silken mouse enabled

(II) config/hal: Adding input device Optical USB Mouse

(II) LoadModule: mouse

(II) Loading /usr/local/lib/xorg/modules/input//mouse_drv.so

(II) Module mouse: vendor=X.Org Foundation

(**) Optical USB Mouse: Device: /dev/ums1

(==) Optical USB Mouse: Protocol: Auto

(**) Optical USB Mouse: always reports core events

(==) Optical USB Mouse: Emulate3Buttons, Emulate3Timeout: 50

(**) Optical USB Mouse: ZAxisMapping: buttons 4 and 5

(**) Optical USB Mouse: Buttons: 9

(**) Optical USB Mouse: Sensitivity: 1

(II) XINPUT: Adding extended input device Optical USB Mouse (type: MOUSE)

(**) Optical USB Mouse: (accel) keeping acceleration scheme 1

(**) Optical USB Mouse: (accel) filter chain progression: 2.00

(**) Optical USB Mouse: (accel) filter stage 0: 20.00 ms

(**) Optical USB Mouse: (accel) set acceleration profile 0

(II) Optical USB Mouse: SetupAuto: hw.iftype is 5, hw.model is 0

(II) Optical USB Mouse: SetupAuto: protocol is SysMouse

(II) config/hal: removing device Optical USB Mouse

(II) UnloadModule: mouse

(II) config/hal: Adding input device PS/2 Mouse

(**) PS/2 Mouse: Device: /dev/psm0

(==) PS/2 Mouse: Protocol: Auto

(**) PS/2 Mouse: always reports core events

(==) PS/2 Mouse: Emulate3Buttons, Emulate3Timeout: 50

(**) PS/2 Mouse: ZAxisMapping: buttons 4 and 5

(**) PS/2 Mouse: Buttons: 9

(**) PS/2 Mouse: Sensitivity: 1

(II) XINPUT: Adding extended input device PS/2 Mouse (type: MOUSE)

(**) PS/2 Mouse: (accel) keeping acceleration scheme 1

(**) PS/2 Mouse: (accel) filter chain progression: 2.00

(**) PS/2 Mouse: (accel) filter stage 0: 20.00 ms

(**) PS/2 Mouse: (accel) set acceleration profile 0

(II) PS/2 Mouse: SetupAuto: hw.iftype is 3, hw.model is 0

(II) PS/2 Mouse: SetupAuto: protocol is PS/2

(II) PS/2 Mouse: ps2EnableDataReporting: succeeded

 

No, I don't have a PS/2 Mouse.  I have no idea why hald is removing my USB
mouse and replacing it with a non-existent one.

 

]# grep -i keyboard /var/log/Xorg.0.log

(II) Cannot locate a core keyboard device.

(II) Initializing built-in extension XKEYBOARD

(II) config/hal: Adding input device Microsoft Natural Keyboard Elite

(**) Microsoft Natural Keyboard Elite: always reports core events

(**) Microsoft Natural Keyboard Elite: Protocol: standard

(**) Microsoft Natural Keyboard Elite: XkbRules: xorg

(**) Microsoft Natural Keyboard Elite: XkbModel: microsoft

(**) Microsoft Natural Keyboard Elite: XkbLayout: fr

(**) Microsoft Natural Keyboard Elite: XkbOptions: terminate:ctrl_alt_bksp

(**) Microsoft Natural Keyboard Elite: CustomKeycodes disabled

(II) XINPUT: Adding extended input device Microsoft Natural Keyboard Elite
(type: KEYBOARD)

(II) config/hal: Adding input device AT Keyboard

(**) AT Keyboard: always reports core events

(**) AT Keyboard: Protocol: standard

(**) AT Keyboard: XkbRules: xorg

(**) AT Keyboard: XkbModel: microsoft

(**) AT Keyboard: XkbLayout: fr

(**) AT Keyboard: XkbOptions: terminate:ctrl_alt_bksp

(**) AT Keyboard: CustomKeycodes disabled

(II) XINPUT: Adding extended input device AT Keyboard (type: KEYBOARD)

 

No, I have no idea why hal is adding an AT keyboard after installing my real
keyboard.  But disabling hal and dbus and adding input devices to the
xorg.conf file doesn't change a thing.

 

Paul Schmehl (pschmehl_li...@tx.rr.com)

In case it isn't already obvious, my opinions

are my own and not those of my employer

 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


RE: Xorg - no mouse and no keyboard

2009-12-04 Thread Paul Schmehl
 -Original Message-
 From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-
 questi...@freebsd.org] On Behalf Of Colin Albert
 Sent: Friday, December 04, 2009 3:29 PM
 Cc: 'Free BSD Questions list'
 Subject: Re: Xorg - no mouse and no keyboard
 
 
 Have you tried adding AutoAddDevices false to your xorg.conf?
 
 Section ServerFlags
 Option AutoAddDevices false
 EndSection
 
 I had to do that until the latest hal update in order to get my
 wireless
 usb mouse and keyboard to work under X. Otherwise your settings for
 mouse and keyboard have no effect after X org 7.4.


I should have posted my xorg.conf file.  Yes, I have that in ServerFlags.

Here's my current xorg.conf:

Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section ServerFlags
Option DontZap No
Option AllowEmptyInput No
Option AutoAddDevices No
EndSection

Section Files
ModulePath   /usr/local/lib/xorg/modules
FontPath /usr/local/lib/X11/fonts/misc/
FontPath /usr/local/lib/X11/fonts/TTF/
FontPath /usr/local/lib/X11/fonts/OTF
FontPath /usr/local/lib/X11/fonts/Type1/
FontPath /usr/local/lib/X11/fonts/100dpi/
FontPath /usr/local/lib/X11/fonts/75dpi/
FontPath /usr/local/lib/X11/fonts/bitstream-vera/
FontPath /usr/local/lib/X11/fonts/TrueType/
EndSection

# Make flash work correctly
Section Extensions
Option Composite Off
EndSection

Section Module
Load  GLcore
EndSection

Section DRI
Group 0
Mode  0660
EndSection

Section Monitor
Identifier   Monitor0
VendorName   Dell Computer
ModelNameDELL 2009W
HorizSync30.0 - 83.0
VertRefresh  56.0 - 75.0
Option  DPMS
EndSection

Section Monitor
Identifier   left
EndSection

Section Monitor
Identifier   right
Option   RightOf left
EndSection

Section Device
Identifier  Card0
Driver  radeonhd
VendorName  ATI Technologies Inc
BoardName   RV610
Option  Monitor-DVI-I_1/digital left
Option  Monitor-DVI-I_2/digital right
BusID   PCI:1:0:0
EndSection

Section Screen
Identifier Screen0
Device Card0
MonitorMonitor0
SubSection Display
Virtual 3360 1050
EndSubSection
EndSection

Section InputDevice
Identifier  Keyboard0
Driver  kbd
EndSection

Section InputDevice
Identifier  Mouse0
Driver  mouse
Option  Protocol auto
Option  Device /dev/sysmouse
Option  ZAxisMapping 4 5 6 7
EndSection

And here's the one I had that was working:

Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
EndSection

Section ServerFlags
Option DontZap No
EndSection

Section Files
ModulePath   /usr/local/lib/xorg/modules
FontPath /usr/local/lib/X11/fonts/misc/
FontPath /usr/local/lib/X11/fonts/TTF/
FontPath /usr/local/lib/X11/fonts/OTF
FontPath /usr/local/lib/X11/fonts/Type1/
FontPath /usr/local/lib/X11/fonts/100dpi/
FontPath /usr/local/lib/X11/fonts/75dpi/
FontPath /usr/local/lib/X11/fonts/bitstream-vera/
FontPath /usr/local/lib/X11/fonts/TrueType/
EndSection

# Make flash work correctly
Section Extensions
Option Composite Off
EndSection

Section Module
Load  GLcore
EndSection

Section DRI
Group 0
Mode  0660
EndSection

Section Monitor
Identifier   Monitor0
VendorName   Dell Computer
ModelNameDELL 2009W
HorizSync30.0 - 83.0
VertRefresh  56.0 - 75.0
Option  DPMS
EndSection

Section Monitor
Identifier   left
EndSection

Section Monitor
Identifier   right
Option   RightOf left
EndSection

Section Device
Identifier  Card0
Driver  radeonhd
VendorName  ATI Technologies Inc
BoardName   RV610
Option  Monitor-DVI-I_1/digital left
Option  Monitor-DVI-I_2/digital right
BusID   PCI:1:0:0
EndSection

Section Screen
Identifier Screen0
Device Card0
MonitorMonitor0
SubSection Display
Virtual 3360 1050
EndSubSection
EndSection

Paul Schmehl (pschmehl_li...@tx.rr.com)
In case it isn't already obvious, my opinions
are my own and not those of my employer




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


RE: Xorg - no mouse and no keyboard

2009-12-04 Thread Paul Schmehl
/hal: Adding input device AT Keyboard
(**) AT Keyboard: always reports core events
(**) AT Keyboard: Protocol: standard
(**) AT Keyboard: XkbRules: xorg
(**) AT Keyboard: XkbModel: pc105
(**) AT Keyboard: XkbLayout: us
(**) AT Keyboard: CustomKeycodes disabled
(II) XINPUT: Adding extended input device AT Keyboard (type: KEYBOARD)

There are no errors and only one warning in the log:

# egrep '(EE|WW)' /var/log/Xorg.0.log
   (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(II) Loading extension MIT-SCREEN-SAVER
(WW) RADEONHD(0): RHDCSInit: No CS for R600 and up yet.

On Monday I'm going to try the radeon and ati drivers and see if they do 
any good.  I might also install the radeonhd-devel port to see it that 
helps.  I've completely rebuilt the xorg meta port to no avail.


If anyone has tips for troubleshooting this (logs to look at, utilities to 
run, etc.), I'd be very thankful.  All the Windows users at work are 
harassing me because I can't get Xorg working.


Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Effing HAL

2009-10-30 Thread Paul Schmehl
--On Friday, October 30, 2009 10:11:57 -0500 Adam Vande More 
amvandem...@gmail.com wrote:


Well that particular entry isn't necessary as noted by the next one in
UPDATING.


I suppose I should have highlighted this portion of the entry - Server 1.5.3 
also really wants to configure its input devices via hald. - which goes 
directly to the issue the OP wrote about - namely that he was caught by 
surprise by the fact that hald is now used for configuring devices and his old 
xorg.conf file would no longer work as expected.


That really was my point.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


  1   2   3   4   5   6   7   8   9   10   >