Greetings
I think one way to avoid all that is by using network tap, and bonding
two network cards.
To be honest i haven't tried it on a openBSD (bonding two network
cards) but i suppose it should work.If anyone has tried snort with
passive tap and openBSD i would appreciate if they share their
Hello all,
I would like to increase some IPC values on my OpenBSD 3.9 box. These
parameters need to be changed for Squid.
When I look at the current values I receive next result
[EMAIL PROTECTED] [/etc/squid] # ipcs -Q
msginfo:
msgmax: 16384 (max characters in a message)
On Mon, Jun 19, 2006 at 09:43:59AM +0200, Vincent Blondel wrote:
Hello all,
I would like to increase some IPC values on my OpenBSD 3.9 box. These
parameters need to be changed for Squid.
When I look at the current values I receive next result
[EMAIL PROTECTED] [/etc/squid] # ipcs -Q
On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
Looks like a crappy bios (pardon the redundancy,) try
boot boot -c
UKC disable pcibios
UKC quit
this obviously has nothing to do w/ pcibios.
disable ipmi would be a better solution.
i think this was fixed in -current that you
Lawrence Horvath wrote:
Im having alittle trouble with my queues in PF i have the following in
my pf.conf
altq on tl0 cbq bandwidth 100Kb queue {all}
queue all bandwidth 100% {default}
pass out on tl0 from any to any queue all
pass in on tl0 from any to any
however i get the following:
$
On Mon, Jun 19, 2006 at 10:43:10AM +0200, mickey wrote:
On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
Looks like a crappy bios (pardon the redundancy,) try
boot boot -c
UKC disable pcibios
UKC quit
this obviously has nothing to do w/ pcibios.
disable ipmi would
On Sun, Jun 18, 2006 at 09:24:24PM +0100, poncenby wrote:
On 17 Jun 2006, at 11:24, Joachim Schipper wrote:
On Thu, Jun 15, 2006 at 10:47:40PM +0100, poncenby wrote:
quick one for you knowledgeable chaps/chapesses...
If one does not have OpenBSD installed how would one obtain a list of
On Sun, Jun 18, 2006 at 08:49:09PM -0400, Nick Guenther wrote:
On the other hand, realize that no one asked you in the first place,
you provided your list voluntarily (without even being prompted by a
single 'so?'). No one asked you to defend your opinion. Anyway, you
should care why Joachim
On Mon, Jun 19, 2006 at 10:29:06AM +0100, Craig Skinner wrote:
On Mon, Jun 19, 2006 at 10:43:10AM +0200, mickey wrote:
On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
Looks like a crappy bios (pardon the redundancy,) try
boot boot -c
UKC disable pcibios
UKC
Hello,
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to /var/www/mysql would not
be secure too.
The problem could be solved creating pseudo device
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way.
What's not secure about binding to localhost only?
---
On 2006/06/19 11:34, Joachim Schipper wrote:
This has been covered over and over in the archives, but some
highlights:
fvwmthe default, in base: this is not the newest version, as
fvwm switched to GPL. It's quite usable.
It's also lighter on system resources than some people might
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way.
What's
Ok, I also saw these values but which one correspond to those I want ?
Vincent.
[EMAIL PROTECTED] [/root] # sysctl -a |egrep 'seminfo'
kern.seminfo.semmni=10
kern.seminfo.semmns=60
kern.seminfo.semmnu=30
kern.seminfo.semmsl=60
kern.seminfo.semopm=100
kern.seminfo.semume=10
On Monday 19 June 2006 19:09, knitti wrote:
protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
if you use some php stuff (any php sutff ;) and talk to mysql, you can
manipulate the db by sql injection.
And? This has nothing to do with
I'm still not clear on exactly why a domain socket is more secure than a
localhost tcp socket. Faster? Sure, but probably not by an amount that
matters. More secure? I really don't see how in this case.
Okay, why we should it listen to unneded port? Somebody could insensibly
redirect packets.
Hello everybody,
Tec-Note: OpenBSD-3.9 STABLE on amd64
The -ui Switch for pkg_add is a realy wonderfull development but it
needs updated Packages at the FTP.
Just some examples from Software updated using Ports:
Candidates for updating clamav-0.88.2 - clamav-0.88
Candidates for updating
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
On Mon, 19 Jun 2006 13:09:20 +0200
knitti [EMAIL PROTECTED] wrote:
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql
Martynas Venckus wrote:
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
Can you elaborate on this? I don't get it.
On Mon, 19 Jun 2006 13:12:20 +0300 (EEST)
Martynas Venckus [EMAIL PROTECTED] wrote:
Hello,
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to
On 6/18/06, Han Boetes [EMAIL PROTECTED] wrote:
Nick Guenther wrote:
You are angry, understandably.
Why do you assume I am angry? I am not. Don't you know how uncivil
it is to make assumptions on other peoples emotions?
You've put a lot of work into your system and now you're being
told
On Mon, 19 Jun 2006 15:06:53 +0300 (EEST)
Martynas Venckus [EMAIL PROTECTED] wrote:
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would
Nick,
I think you may be correct in your assumption that the HP Kayak implementation
of the AIC 7880 is a bit flaky. I enabled drive-powered termination and even
swapped the drive out for another of a different type, but the problem
remained.
There are no additional terminators in the chain
Hi all,
I've been having a headache using the round-robin with the
sticky-address option. I do have two exit links, and I'm doing load
balancing with the round-robin on the outgoing packets from the internal
net and from my other 2 dmz's. This setup works perfectly with some
exceptions.
On 2006/06/19 13:55, [EMAIL PROTECTED] wrote:
Tec-Note: OpenBSD-3.9 STABLE on amd64
The -ui Switch for pkg_add is a realy wonderfull development but it
needs updated Packages at the FTP.
Just some examples from Software updated using Ports:
Candidates for updating clamav-0.88.2 -
Giancarlo Razzolini [EMAIL PROTECTED] wrote:
Hi all,
[.. cut ..]
Then, when i putted the sticky-address in the main firewall, strange
things happened. The source-tracking states were created, but the
machines, sometimes, were directed to the other link, not the one in the
source-track.
Berk D. Demir wrote:
Giancarlo Razzolini [EMAIL PROTECTED] wrote:
Hi all,
[.. cut ..]
Then, when i putted the sticky-address in the main firewall, strange
things happened. The source-tracking states were created, but the
machines, sometimes, were directed to the other link, not the one
On 2006/06/19 13:55, [EMAIL PROTECTED] wrote:
Tec-Note: OpenBSD-3.9 STABLE on amd64
The -ui Switch for pkg_add is a realy wonderfull development but it
needs updated Packages at the FTP.
Just some examples from Software updated using Ports:
Candidates for updating clamav-0.88.2 -
Then you might tell me why, even with a source track entry set directing
traffic from one internal ip to one specific gateway, the packets
sometimes are redirected to the other gateway?
Because source tracking entries lives with state entries. As soon as the
state between the peers expire,
It`s not so easy to update all machines using the ports
Easy == like pkg_add -ui :-/
I love the OpenBSD package/ports system. 3 developments that I
discovered recently:
1. pkg_add -ui, but it has deficiencies (such as no -stable packages for
sparc64)
2.
On 6/19/06, Alexander Hall [EMAIL PROTECTED] wrote:
Lawrence Horvath wrote:
Im having alittle trouble with my queues in PF i have the following in
my pf.conf
altq on tl0 cbq bandwidth 100Kb queue {all}
queue all bandwidth 100% {default}
pass out on tl0 from any to any queue all
pass in
On Mon, 19 Jun 2006 15:04:06 +0300 (EEST) Martynas Venckus [EMAIL
PROTECTED] wrote:
I'm still not clear on exactly why a domain socket is more secure than a
localhost tcp socket. Faster? Sure, but probably not by an amount that
matters. More secure? I really don't see how in this case.
Hello!
On Mon, Jun 19, 2006 at 08:54:22AM -0700, Lawrence Horvath wrote:
[...]
$ sudo pfctl -ef /etc/pf.conf
Password:
/etc/pf.conf:39: syntax error
/etc/pf.conf:41: syntax error
/etc/pf.conf:43: syntax error
pfctl: Syntax error in config file: pf rules not loaded
$
39: altq on tl0 cbq
Sebastian: you screwed up the attributions. That makes things (more)
confusing. Fix your MUA.
On Mon, Jun 19, 2006 at 05:10:21PM +0200, [EMAIL PROTECTED] wrote:
You can do this the other way round, and make ports use packages
where possible; see FETCH_PACKAGES in bsd.port.mk(5).
Bad idea
Will Maier [2006-06-19, 11:04:00]:
Yes, they are. Packages are built for stable, too, if security
updates are backported to the stable ports tree. What's the problem
here?
note that due to lack of resources, updated -stable packages are only
built for the i386 platform.
you can build your own
Berk D. Demir wrote:
Because source tracking entries lives with state entries. As soon as the
state between the peers expire, your source tracking entry also
disappears by default.
Setting the time out src.track to any value other than zero (0) (whic
is the default value) will tell the
On Mon, Jun 19, 2006 at 05:10:21PM +0200, [EMAIL PROTECTED] wrote:
Or, the other solution, would be enable pkg_add -ui (maybe with another
argument to use Ports) using the Port-system to update.
The interface will use PKG_PATH. After all, using ports is just another
kind of url, similar to
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 19:09, knitti wrote:
protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
ouch, snafu. sorry, I misunderstood. I don't think there's
any practical security
Okay, everything works like a charm.
I chrooted mysql using chroot(8), than created pseudo file, and 2 vnode
disks.
Then mount {vnode disk} /{chroot path}/var/run/mysql mount -f {vnode2
disk} /var/www/var/run/mysql.
Hi,
I have some troubles with a Cisco-Linksys Wireless-G ProtableUSB
Adapter, rev 2.00/0.04, addr 2, MAC/BBP RT2571 (rev 0x03), RF RT2526
After some hours the card go down or the computer crash (kernel panic)
- In dmesg i have this if i don't use the card :
ehci_sync_hc: tsleep() = 35
I was wondering if anyone knew why there had been two versions of
001_sendmail.patch for 3.9.
When the patch was first released, I downloaded it and updated some of
my systems. This was the patch I downloaded:
http://erdelynet.com/downloads/3.9/001_sendmail.patch-ver1
The file from when
Hi all,
I'm trying to apply the latest patch for sendmail and on my make, I get
the following error:
cc -O2 -pipe -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN
-DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE
-DSM_CONF_SHM -DNIS -DTCPWRAPPERS
Monah Baki wrote:
Hi all,
I'm trying to apply the latest patch for sendmail and on my make, I get
the following error:
cc -O2 -pipe -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN
-DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE
-DSM_CONF_SHM -DNIS
PILAR - CAPITAL (y Gran Buenos Aires)ENCOMIENDAS - SOBRES MINI-FLET -
TRAMITES VARIOSMERCADERIA, CAJAS, MUEBLES, ETCServicio puerta a puerta.
Pilar a Capital dde. $ 20.- (puerta a puerta): Consultar otras zonas: Lujan
- Gral Rodriguez y mas Absoluta confianza. Servicio especial a comercios
y
On 6/15/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi, I have tried to follow the source code and and have been unable to add a
variable.
Is there a step by step guide any where?
I want to have a counter (int) and an array[1000] of bytes.
you probably want two sysctls. one using
I have a Soekris net4801 box running as a firewall for a friend of mine that
runs a small business (about 5 employees). The ruleset is quite simple in
that he does not run any internal servers, so I pretty much block all
inbound traffic and allow all traffic back out. For inbound traffic I have
Peter Bako wrote:
I have a Soekris net4801 box running as a firewall for a friend of mine that
runs a small business (about 5 employees). The ruleset is quite simple in
that he does not run any internal servers, so I pretty much block all
inbound traffic and allow all traffic back out. For
RGS
Componentes VEA LAS OFERTAS EN COMPUTACION Y ELECTRONICA
Monitores - Camaras Digitales - MP3 - MP4 - DVD's - Memorias
ENVMOS AL INTERIOR DEL PAMS
Uruguay 390 Cap. Fed. Tel./Fax 011 - 4371-8594
Contactese: [EMAIL PROTECTED]
COMPUTACION - Junio 2006
Codigo Fabricante Producto Dolares
49 matches
Mail list logo
