On Wed, Oct 13, 2010 at 8:59 PM, Nick Holland
n...@holland-consulting.net wrote:
On 10/13/10 17:25, Robert wrote:
On Wed, 13 Oct 2010 16:55:18 -0400
Ted Unangst ted.unan...@gmail.com wrote:
can be done about it, and 10 year old quirky PC hardware doesn't
attract a of interest...
As
Brad Tilley brad at 16systems.com writes:
I was experimenting with a program to meet PCI DSS 1.2 password length
and content/complexity requirements and integrating it with login.conf
for users who have shell access to OpenBSD systems. It seems to work as
expected, but I wanted to run my
On Thu, Oct 14, 2010 at 1:52 AM, Jacob Meuser jake...@sdf.lonestar.org
wrote:
On Thu, Oct 14, 2010 at 12:33:34AM +0200, ??? ??? wrote:
% ps -akx | grep usb
B B 8 ?? B DK B B B 0:00.26 (usbtask)
B 7243 p1 B S+ B B B 0:00.01 grep usb
% top -S -n 200 | grep usb
B B 8 root B B
Mettre a jour votre Carte Credit en ligne
Cher Client
Notre salutations Nous Vous Informons Que :Votre Carte Bancaire Sera suspendue
, pour la remarque d'un problC)me administratif .Pour proteger la votre et la
mettre a jour, Cliquez ici , et vous devez bien completer les
On Wed, 13 Oct 2010, Christiano F. Haesbaert wrote:
From: Christiano F. Haesbaert haesba...@haesbaert.org
To: OpenBSD Questions misc@openbsd.org
Date: Wed, 13 Oct 2010 17:17:16
Subject: Re: Wireless Network GUI
I use this silly script for wireless if someone is interested:
Leif Blixt wrote:
Brad Tilley brad at 16systems.com writes:
I was experimenting with a program to meet PCI DSS 1.2 password length
and content/complexity requirements and integrating it with login.conf
for users who have shell access to OpenBSD systems. It seems to work as
expected, but I
Leif Blixt wrote:
Hi!
We have just figured out a different approach, and will discuss our new idea
with our QSA tomorrow. The idea is to completely turn of the possibility to
log in with passwords, and to use SSH key pairs with long and good
passphrases instead. It will lead to more work
Well, I don't think so. You only need to logon to the console when you have
big problems, and we just have set a really long and complicated password for
the root user and stored it away for emergency use in a safe. You still have
the external shell protection by restricting who can access the
Hi!
We have just figured out a different approach, and will discuss our new idea
with our QSA tomorrow. The idea is to completely turn of the possibility to
log in with passwords, and to use SSH key pairs with long and good passphrases
instead. It will lead to more work with administrating
Hi,
On Sat, 14.08.2010 at 23:49:49 -0700, Bryan Irvine sparcta...@gmail.com wrote:
understand. Also, the OP wanted something that he can run on OpenBSD
and Zenoss runs on Linux.
hmmm from my perspective, Zenoss looks like an ordinary Zope
application, and should therefore run on OpenBSD as
Leif Blixt wrote:
Well, I don't think so. You only need to logon to the console when you have
big problems, and we just have set a really long and complicated password for
the root user and stored it away for emergency use in a safe. You still have
the external shell protection by
On Wed, Oct 13, 2010 at 09:09:29AM +, Leif Blixt wrote:
Brad Tilley brad at 16systems.com writes:
I was experimenting with a program to meet PCI DSS 1.2 password length
and content/complexity requirements and integrating it with login.conf
for users who have shell access to OpenBSD
Hi,
On Thu, 03.06.2010 at 23:06:58 +0200, Reyk Floeter r...@openbsd.org wrote:
IPsec. In difference to isakmpd(8), which supports the ISAKMP/Oakley
a.k.a. IKEv1 protocol, iked(8) only supports the IKEv2 protocol at
present. The IKEv2 protocol in RFC 4306 has been simplified and
provides
For 8.5.12 see login.conf man page, look for passwordcheck.
You will have to write (or find) a program that keeps track
of previously used passwords. I just stored a hash of them
in a file and have it check to see if the new password hash
matches any of the old 4 password hashes.
for 8.5.13 see
Stuart VanZee wrote:
For 8.5.12 see login.conf man page, look for passwordcheck.
You will have to write (or find) a program that keeps track
of previously used passwords. I just stored a hash of them
in a file and have it check to see if the new password hash
matches any of the old 4
On Wed, 2010-10-13 at 19:47 -0600, Theo de Raadt wrote:
There has been talk about going thourgh /usr/src/etc and building
machine-dependent (that means architecture-dependent for those of
you who are not on The Team) variations for this.
People who dug into this got scared and didn't
On Thu, Oct 14, 2010 at 10:16:12AM -0400, Brad Tilley wrote:
Stuart VanZee wrote:
For 8.5.12 see login.conf man page, look for passwordcheck.
You will have to write (or find) a program that keeps track
of previously used passwords. I just stored a hash of them
in a file and have it check
Les informations concernant votre compte:
Cher Client de La Banque Postale :
Attention! Votre Compte ` ete limite!
Dans le cadre de nos mesures de sicuriti, nous procedons regulierement `
la virification du bien jtre de nos clients .Postale d'apprendre
recemment Vous ont contacte apres avoir
On 2010-10-13, Robert Halberg robert.halb...@gmail.com wrote:
bios0: vendor Award Software, Inc. version ASUS A7V-E ACPI BIOS
Revision 1002D date 03/08/2001
bios0: ASUSTeK Computer INC. A7V-E
apm0 at bios0: Power Management spec V1.2 (BIOS management disabled)
You could try boot -c, disable
On 2010-10-13, Brad Tilley b...@16systems.com wrote:
Mark Romer wrote:
use passwdqc it is in packages.
in login.conf under default I have:
:minpasswordlen=12:\
:login-tries=4:\
:passwordtries=3:\
:passwordcheck=/usr/local/libexec/passwdqc -3 12
Mark
I've
On 09/15/2010 07:33 PM, li...@telus.net wrote:
I hope it's not inappropriate to ask about VM's in this forum. If anyone
cares to offer some advice, here's what I'm having trouble with:
I've created a virtual computer on Windows Hyper-V Server 2008 R2.
I'm trying to install -current via FTP
On Oct 14 15:18:49, frantisek holop wrote:
hmm, on Thu, Oct 14, 2010 at 03:02:42PM +0200, Jan Stary said that
Snapshots and snapshot packages move forward all the time, unlike
your installed system. If you have a system that provides
libcurses.so.10.0, and (a new version of) a
EuroBSDCon 2011
===
EuroBSDCon is the European technical conference for users and
developers on BSD based systems. The EuroBSDCon 2011 conference
will be held in the Netherlands from thursday 6 october 2011
to sunday 9 october 2011, with tutorials on thursday and friday
and talks on
I'm attempting to setup OpenLDAP, Samba and ypldap on 4.7. OpenLDAP is
up and running along with Samba, and I've used the smbldap tools to
populate the directory.
I'm having trouble getting the full list of LDAP groups with getent.
At first I ran getent group and didn't see any of the LDAP
Brad Tilley wrote:
I created the file /etc/profile to force sh and ksh to logout users
after a certain period of idleness:
$ cat /etc/profile
# Force sh and ksh to logout idle users after 15 minutes
# Prevent normal users from disabling this setting
readonly TMOUT=900
export TMOUT
Any good reason to not do this?
They're not the same shell. I can't think of any security reasons because
I'm not familiar with the code but as far as logs and noise factor I imagine
it would go up or various things might start breaking that depend on csh.
Adam M. Dutko wrote:
Any good reason to not do this?
They're not the same shell.
Yes, I know that part :)
I can't think of any security reasons because
I'm not familiar with the code but as far as logs and noise factor I imagine
it would go up or various things might start breaking that
On Oct 14 15:28:20, Brad Tilley wrote:
Brad Tilley wrote:
I created the file /etc/profile to force sh and ksh to logout users
after a certain period of idleness:
Why do you want to logout idle users?
There is sysutils/idled if you need it.
$ cat /etc/profile
# Force sh and ksh to
Jan Stary wrote:
Why do you want to logout idle users?
There is sysutils/idled if you need it.
I'm experimenting with getting an OpenBSD base system to meet the PCI
DSS requirements. I'm trying to avoid using any software outside the
base system.
rm /bin/csh
cp /bin/ksh /bin/csh
You just
rm /bin/csh
cp /bin/ksh /bin/csh
You just forced your csh users to use ksh. Why do you want them to hate you?
It's just a shell, they'll get over it.
Remove it from /etc/shells instead. Replacing csh with ksh is evil, and
I don't mean that in a good way.
--
Darrin Chandler
On Oct 14 17:01:30, Brad Tilley wrote:
Jan Stary wrote:
Why do you want to logout idle users?
There is sysutils/idled if you need it.
I'm experimenting with getting an OpenBSD base system to meet the PCI
DSS requirements.
Does PCI DSS require you to log users out?
I'm trying to avoid
On Thu, Oct 14, 2010 at 4:01 PM, Brad Tilley b...@16systems.com wrote:
Jan Stary wrote:
Why do you want to logout idle users?
There is sysutils/idled if you need it.
I'm experimenting with getting an OpenBSD base system to meet the PCI
DSS requirements. I'm trying to avoid using any
[IMAGE]
!Promociones Especiales para Grupos!
Mayores informes responda este correo electrsnico con los siguientes
datos.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
Y en breve le haremos llegar la informacisn completa del evento.
O bien comunmquense a nuestros telifonos un
On 10/14/2010 05:08 PM, Darrin Chandler wrote:
rm /bin/csh
cp /bin/ksh /bin/csh
You just forced your csh users to use ksh. Why do you want them to hate you?
It's just a shell, they'll get over it.
Remove it from /etc/shells instead. Replacing csh with ksh is evil, and
I don't mean that
On 10/14/2010 05:13 PM, Jan Stary wrote:
On Oct 14 17:01:30, Brad Tilley wrote:
Jan Stary wrote:
Why do you want to logout idle users?
There is sysutils/idled if you need it.
I'm experimenting with getting an OpenBSD base system to meet the PCI
DSS requirements.
Does PCI DSS require you
[IMAGE]
Duracisn: 10 Horas de entrenamiento.
Presentado por nuestro experto consultor: Lic. Gerardo Coronado L.
!Promociones Especiales para Grupos!
Mayores informes responda este correo electrsnico con los siguientes
datos.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
Y en
On Thu, 14 Oct 2010 18:17:23 -0400
Brad Tilley b...@16systems.com wrote:
On 10/14/2010 05:08 PM, Darrin Chandler wrote:
rm /bin/csh
cp /bin/ksh /bin/csh
You just forced your csh users to use ksh. Why do you want them
to hate you?
It's just a shell, they'll get over it.
Remove
It could be the groups your missing have no members, which fails to output the
group. You can confirm this my adding a user to one of the groups, and see if
the group is displayed. This following change, rather than skipping output of
the group, outputs group with a null list of members.
Regards
On 10/14/2010 06:45 PM, Ben Niccum wrote:
I thought about doing that too. I need to test it more to see what
happens when ksh is the shell and the user executes csh manually. I
suppose ksh will still honor TMOUT in that case.
Brad
Don't mean to complicate things for you, but just thought
Much of the compliance efforts may look good on paper, but have
no impact on actual usage or may be trivially circumvented
or even worse, will likely end up compromising security
in case somebody aiming for hardening manipulates the
system without fully understanding the consequences.
On Thu, Oct 14, 2010 at 2:38 PM, Nigel Taylor
njtay...@asterisk.demon.co.uk wrote:
It could be the groups your missing have no members, which fails to output the
group. You can confirm this my adding a user to one of the groups, and see if
the group is displayed. This following change, rather
2010/10/13 Brad Tilley b...@16systems.com:
That works great. I've tried to do the same to the other default shell
in base (csh). I added 'set autologout=15' to /etc/csh.cshrc and then to
/etc/csh.login as well (I'm turning knobs like a good clueless user).
I then read the csh man page, but
42 matches
Mail list logo
