=no',
],
}
AFTERINSTALL = {
'databases/mysql41-server' = proc { |origin|
cmd_enable_rc(origin) + ';' + cmd_restart_rc(origin)
},
}
You must set it one time, you can enjoy it every upgrade.
Miroslav Lachman
for better security called Suhosin. After
installation of this extension you have better control of what you want
to disable, or enable.
http://www.hardened-php.net/suhosin/configuration.html
Author of this extension was developer in PHP security team.
Miroslav Lachman
security/rkhunter from ports. It is realy easy to setup and
configure.
I have some local scripts for periodic reports which I plan to submit in
to PR database.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman
on
http://wiki.freebsd.org/Jails
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to [EMAIL PROTECTED]
/../libparse/libparse.a. Stop
Try
cd /usr/src/usr.sbin/ntp
instead of
cd /usr/src/usr.sbin/ntp/ntpd
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to freebsd
just a quick grep -rsn 'date -v-1d'
/etc/periodic and I don't know the logic used in other script to get
yesterday messages.
What do you think about it?
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman
Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:04:34PM +0100, Miroslav Lachman wrote:
Hi,
I see it many times before, but never take a time to post about it.
Scrips in /etc/periodic are grepping logs for yesterday date, but
without specifying year (because some logs do not have year logged
I re-add list to CC.
Gregory Orange wrote:
Hi Miroslav,
I don't know if this message really contributes anything to the list, so
I'll email you directly.
On 17/02/12 01:04, Miroslav Lachman wrote:
I see it many times before, but never take a time to post about it.
Well, thank you
Gary Palmer wrote:
On Thu, Feb 16, 2012 at 02:01:24PM -0500, Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:59:54PM +0100, Miroslav Lachman wrote:
Glen Barber wrote:
On Thu, Feb 16, 2012 at 06:04:34PM +0100, Miroslav Lachman wrote:
Hi,
I see it many times before, but never take a time
to increase verbosity for log files.
I didn't know blacklistd. It seems very interesting. It would be nice if
somebody will port it to FreeBSD.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo
on
FreeBSD release side and should be fixed. Some things we modified on our
installs.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "fr
trusted to run
any checks on them from parent?
The last thing - is it possible to have something like this included as
a part of ports-mgmt/pkg
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/f
Mark Felder wrote on 09/07/2016 23:25:
On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
I am not sure if this is the right list or not. If not, please redirect
me to the right one.
I noticed this post from Mark Felder
https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system
, 11.0-STABLE)
2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1)
CVE Name: CVE-2016-7052
I think it should be
Affects:FreeBSD 11.x
Or should be other versions listed in "Corrected"?
But older FreeBSD versions does not have OpenSSL 1.0.2 in base.
Mirosl
: CVE-2016-10009
WWW:
https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail
://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html
1 problem(s) in the installed packages found.
But there is no advisory on
https://www.freebsd.org/security/advisories.html for this problem.
Is it false alarm? Or did I missed something?
Miroslav Lachman
Miroslav Lachman wrote on 2017/01/03 14:11:
Security entries for base are in VuXML for some time so we are checking
it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
too.
# pkg audit FreeBSD-10.3_15
FreeBSD-10.3_15 is vulnerable:
openssh -- multiple vulnerabilities
CVE
Xin Li wrote on 2017/01/10 08:49:
On 1/6/17 07:36, Miroslav Lachman wrote:
Miroslav Lachman wrote on 2017/01/03 14:11:
Security entries for base are in VuXML for some time so we are checking
it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
too.
# pkg audit FreeBSD
know, is FreeBSD (our WiFi stack + hostapd /
wpa_supplicant) affected?
Yes. it is discussed at current@ with patch
https://lists.freebsd.org/pipermail/freebsd-current/2017-October/067193.html
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
Spectre and Meltdown was patched in FreeBSD 2 months ago and new
vulnerabilities in CPU are about to come.
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
Miroslav Lachman
e?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
led by ssh_config.
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Can somebody commit this easy fix, please?
It is annoying to get false alarms every day in daily security reports.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231054
Kind Regards
Miroslav Lachman
Miroslav Lachman wrote on 2018/08/31 12:24:
Miroslav Lachman wrote on 2018/08/28 00:20
Miroslav Lachman wrote on 2018/08/28 00:20:
Running pkg audit FreeBSD-10.4_11 gives me one vulnerability:
# pkg audit FreeBSD-10.4_11
FreeBSD-10.4_11 is vulnerable:
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
CVE: CVE-2018-14526
WWW:
https://vuxml.FreeBSD.org/freebsd/6bedc863
nly the deployment of the new /
renewed key is run as root through sudo. I don't know certbot well,
acme.sh allows to use shell scripts as hooks for actions like deployment
so it was really simple to separate cert signing and deployment of new cert.
Kind regards
Miroslav Lachman
___
is FreeBSD's own pet so why new SAs are not added there the same
day they are published as SA on
https://www.freebsd.org/security/advisories.html?
It makes base-audit periodic useless.
https://www.freshports.org/security/base-audit/
Kind regards
Miroslav Lachman
://www.freebsd.org/security/advisories.html?
It makes base-audit periodic useless.
https://www.freshports.org/security/base-audit/
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd
Eugene Grosbein wrote on 2019/12/08 12:33:
08.12.2019 16:25, Miroslav Lachman wrote:
https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/
Security researchers found a new vulnerability allowing potential attackers to
hijack VPN
systems including FreeBSD, OpenBSD, macOS, iOS, and
Android.
Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and
IKEv2/IPSec, but the researchers are still testing their feasibility
against Tor.
https://seclists.org/oss-sec/2019/q4/122
--
Miroslav Lachman
eBSD Security Office to publish Advisories in
vuln.xml at the same as on the website? It is FreeBSD's own tool to
handle vulnerabilities but they are not there.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243702
Kind regards
Miroslav Lac
to remotely execute arbitrary
code on affected systems and take full control over them.
[1] https://www.kb.cert.org/vuls/id/782301/
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo
VuXML entry or original SA?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
I don't know who is responsible for adding March entries in to vuxml at
the same time as published it on the website but I really would like to
say THANK YOU.
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https
Eugene Grosbein wrote on 2020/03/09 18:15:
09.03.2020 20:49, Cy Schubert wrote:
On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.f...@quip.cz> wrote:
I don't know if FreeBSD is vulnerable or not. There are main Linux
distros and NetBSD listed in the article.
https://thehackerne
xed in newer patchlevel of FreeBSD 11.4 or it was
not present in 11.x at all?
Kind regards
Miroslav Lachman
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to &qu
companies have already started informing their customers about
these OpenSSL vulnerabilities.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
https://www.openssl.org/news/vulnerabilities.html
Kind regards
Miroslav Lachman
is that it collects and sends data right at the install
time. It is really unexpected to run installed package without user
consent. If you install Apache, MySQL or any other package the command /
daemon is no run by "pkg install" command.
This must be avoided.
Kind regards
Mirosl
;lolwut" reaction was very far from
expected. Trying to neglect the problem, trying to say that FreeBSD is
not responsible for how packages behave in install time and nobody
should be upset that something sends data on install time...
Kind reagards
Miroslav Lachman
8. Entitlement men
On 13/04/2021 06:03, Gordon Tetlow wrote:
On Apr 12, 2021, at 03:21, Miroslav Lachman <000.f...@quip.cz> wrote:
On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-s
On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
secteam. Vuxml entries should be published together with Security
Advisories.
Miroslav Lachman
* [Sun, Apr
; it is not equipped to notify users
of vulnerabilities that we do not have a patch for. Let me think on how we
might support such a thing and discuss with the team.
Will it be published (marked as vulnerable) in vuln.xml so users of
security/base-audit will be notified?
Kind regards
Miroslav
.7
/usr/lib32/libcrypt.so.5
/usr/lib32/librt.so.1
/usr/lib32/libthr.so.3
/var/empty
Log files are not protected.
Kind regards
Miroslav Lachman
On 24 Oct 2023, at 12:19, void wrote:
Hi,
I'd like to set append-only on an arm64 system running stable/14-n265566
(so securelevel=1) but how would
vulnerable in VuXML database.
Kind regards
Miroslav Lachman
-FreeBSD.html
Kind regards
Miroslav Lachman
can Security Team add all past vulnerabilities in to VuXML and
fix process of publishing future SAs that they will never be missed again?
Kind regards
Miroslav Lachman
On 04/05/2023 19:56, Miroslav Lachman wrote:
As was noted on FreeBSD forum [1], there is problem with missing SA
entries
46 matches
Mail list logo