Re: Fail2ban alternative for OpenBSD

On Mon, Oct 30, 2017 at 3:27 PM, Kamil Cholewiński wrote: > > I am wondering since years why the hell people left SSH port open to > > the word? > > Because I trust OpenSSH. > > Yeah, It is pretty secure. I trust too. great work from OpenBSD. -- cat /etc/motd Thank you

Re: Traffic filtering

Op 30-10-2017 om 22:37 schreef x9p: > >> I use the blocklists from emergingthreats.net. Is already in a format >> that  Works wonderfully. >> >> http://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules > > Good to use HTTPS to avoid someone tampering with the list via DNS/etc.. So use

Re: Traffic filtering

I use the blocklists from emergingthreats.net. Is already in a format that  Works wonderfully. http://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules Good to use HTTPS to avoid someone tampering with the list via DNS/etc.. Just fetch them through a cron job, include them in pf.conf

Re: Traffic filtering

I use these lists myself: http://sysctl.org/cameleon/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://hosts-file.net/ad_servers.txt https://mirror1.malwaredomains.com/files/justdomains

Re: Traffic filtering

Op 30-10-2017 om 21:50 schreef greg...@airmail.cc: > Hi, > I'm new to this area, but I would like to filter some traffic. > The goal is to keep people secure while web browsing, not to censure. > And also enable better privacy, mainly stop "malware" and > tracking/ads as restrictively as possible.

Traffic filtering

Hi, I'm new to this area, but I would like to filter some traffic. The goal is to keep people secure while web browsing, not to censure. And also enable better privacy, mainly stop "malware" and tracking/ads as restrictively as possible. I have 3 questions, in case someone here has the time to

pkg_info fails for non-installed packages when PKG_CACHE is set to a directory the current user can't write to

Oct 27 snapshot, amd64. When PKG_CACHE is set: $ cat /etc/profile export PKG_CACHE=/var/cache/pkg To a directory the current user lacks write access to: $ touch /var/cache/pkg/somefile touch: /var/cache/pkg/somefile: Permission denied Trying to call pkg_info

Re: OT: Upload and Download to/from an OpenBSD host

Je 2017-10-30 20:23, Mihai Popescu skribis: Hi, I am trying to setup a solution on an OpenBSD computer, where i want to upload and then download large volume of data. I was using ftpd daemon to do this, but I wonder if there is another way to do this, regarding speed of transfer. Sometimes I

Re: OT: Upload and Download to/from an OpenBSD host

On Mon, Oct 30, 2017 at 09:23:51PM +0200, Mihai Popescu wrote: > Hi, > > I am trying to setup a solution on an OpenBSD computer, where i want > to upload and then download large volume of data. I was using ftpd > daemon to do this, but I wonder if there is another way to do this, > regarding

OT: Upload and Download to/from an OpenBSD host

Hi, I am trying to setup a solution on an OpenBSD computer, where i want to upload and then download large volume of data. I was using ftpd daemon to do this, but I wonder if there is another way to do this, regarding speed of transfer. Sometimes I was in situations to upload and then download

Huawei E372 UMTS Stick

Does anyone know if the above device ist supported by OpenBSD? The special feature of it: it seems to support UMTS frequecies used in Europe and America (includig U.S.A.) Thanks for any hint Rodrigo.

Xen based VPS / OpenBSD 6.2 / OpenVPN 2.4.4 => Slow download speed after upgrade

Xen based VPS / OpenBSD 6.2 / OpenVPN 2.4.4 => Slow download speed after upgrade Dear OpenBSD Community, we are operating an OpenVPN server on OpenBSD. A few days ago we upgraded to OpenBSD 6.2 and we are now

Re: mandoc output paper size

[Buggerit, dropped the list so sent again.] On 10/30/17 12:38, Jan Stary wrote: Hi Ingo, hi Mike, See below for what i committed to -current. It would be quite welcome if Jan could test on his multi-tray printer that the printer actually selects the right paper for different -Opaper= options

Re: Fail2ban alternative for OpenBSD

Hello all, My I add my 2 cents ... I had the same problematic some months ago, so I develop log2table ( http://vincentdelft.be/post/post_20170517) Which has the same idea of fail2ban. It's a python script with no specific requirements, except some entries in doas.conf. The added value is that

Re: Need to swap partitions: /tmp amd /usr

On 2017-10-30, "Jay Hart" wrote: > Below is currently how I have my disk laid out partition wise. I have a > feeling I need to swap > /tmp and /usr in order to gain additional space for /usr. > > What is the best way to go about that? * Drop into single user mode. * Unmount

Re: Fail2ban alternative for OpenBSD

On Mon, 30 Oct 2017, Zbyszek Żółkiewski wrote: > that’s naive, did you trusted it when there were weak ssh keys > generated back few years ago ? I am not here to teach anyone about > good practices, but having ssh closed is just common-sense. It was Debian's screwup, not

Re: CUPS and AVAHI (bloatware)

Patch: add "--disable-avahi --disable-dbus" to configure. I hope the package maintainers will consider the opportunity to make their task easier, by applying the above and thus removing a shitload of dependencies that are both functionally unnecessary and a security hazard. End-of-thread.

Re: CUPS and AVAHI (bloatware)

Hi, gwes wrote on Mon, Oct 30, 2017 at 01:43:03AM -0400: > The last time AVAHI got installed on one of my systems > the installer started it immediately. > Avahi then proceeded to scribble on that system's > network configuration and confuse other systems on > that subnet. That doesn't sound

Re: Fail2ban alternative for OpenBSD

that’s naive, did you trusted it when there were weak ssh keys generated back few years ago ? I am not here to teach anyone about good practices, but having ssh closed is just common-sense. _ Zbyszek Żółkiewski > Wiadomość napisana przez Kamil Cholewiński w dniu >

Re: mandoc output paper size

Hi Ingo, hi Mike, > See below for what i committed to -current. It would be quite > welcome if Jan could test on his multi-tray printer that the printer > actually selects the right paper for different -Opaper= options > now, and that there are no errors or warnings. For each of a3.pdf, a4.pdf,

Re: CUPS and AVAHI (bloatware)

Hi, Rupert Gallagher wrote on Mon, Oct 30, 2017 at 06:11:45AM -0400: > Ingo, we must not install 100MB of unwanted optional software. > Since when OpenBSD joined the bandwagon of bloatware? Since 1995. Sure, OpenBSD tends to avoid installing stuff that is never needed, but avoiding to install

Re: mandoc output paper size

Hi Mike, Mike Williams wrote on Mon, Oct 30, 2017 at 10:32:46AM +: > On 10/29/17 19:40, Ingo Schwarze wrote: >> Mike Williams wrote on Sun, Oct 29, 2017 at 10:26:08AM +: >>> If the media size is important for a page then there >>> should be a PS setpagedevice call like the following: >>

Re: desync: scheduling fib reload

Hi Theo, On Sun, Oct 29, 2017 at 11:45:54AM -0600, Theo de Raadt wrote: > > Yes, on the route socket. It is unreasonable for the kernel to > maintain an infinite number of route change messages, so about 9 years > ago we developed this scheme of marking the situation for userland to > handle.

Re: CUPS and AVAHI (bloatware)

Does ports@ no longer exist? > > On Oct 30, 2017 at 5:59 AM,wrote: > > > On Mon, Oct 30, 2017 at 06:36:38AM -0400, Rupert Gallagher wrote: > The > openbsd decision to make cups package dependent from avahi is > opaque. > Where can we read this decision? What

Re: mandoc output paper size

Hi Ingo, On 10/29/17 19:40, Ingo Schwarze wrote: Hi Mike, hi Jan, Mike Williams wrote on Sun, Oct 29, 2017 at 10:26:08AM +: If the media size is important for a page then there should be a PS setpagedevice call like the following: [...] Basically don't rely on DSC comments to do media

Re: Fail2ban alternative for OpenBSD

Je 2017-10-29 02:20, x9p skribis: Hi, Coming from the Linux world, I wonder if there is a better alternative to fail2ban, already being used in OpenBSD servers by the majority. cheers. x9p Hello, jca imported sshlockout from dragonflybsd. It's in security/sshlockout. It's dead simple,

Re: CUPS and AVAHI (bloatware)

On Mon, Oct 30, 2017 at 06:36:38AM -0400, Rupert Gallagher wrote: > The openbsd decision to make cups package dependent from avahi is > opaque. Where can we read this decision? What is the evidence that > supported it? Is this evidence still relevant? Why, oh why, the > package maintainer(s) of

Re: CUPS and AVAHI (bloatware)

On Mon, Oct 30, 2017 at 06:11:45AM -0400, Rupert Gallagher wrote: > Ingo, we must not install 100MB of unwanted optional software. > Since when OpenBSD joined the bandwagon of bloatware? It's happened ever since you chose not to do anything about it. It's your choice. If you really need to get

Re: CUPS and AVAHI (bloatware)

noth --> both Sent from ProtonMail Mobile On Mon, Oct 30, 2017 at 11:36 AM, Rupert Gallagher wrote: >> being critical of decisions made > You don't get to make the decisions, >> since you aren't doing the work I can do the work. As a matter of fact, I >> build my servers

Re: CUPS and AVAHI (bloatware)

+1 Sent from ProtonMail Mobile On Mon, Oct 30, 2017 at 6:43 AM, gwes wrote: > The last time AVAHI got installed on one of my systems the installer started > it immediately. Avahi then proceeded to scribble on that system's network > configuration and confuse other systems on

Re: CUPS and AVAHI (bloatware)

> being critical of decisions made > You don't get to make the decisions, since you aren't doing the work I can do the work. As a matter of fact, I build my servers from scratch, from the firmware all the way up to the automatic configuration of clients. It is hell, but I get what I need, and

Re: CUPS and AVAHI (bloatware)

Ingo, we must not install 100MB of unwanted optional software. Since when OpenBSD joined the bandwagon of bloatware? Sent from ProtonMail Mobile On Sun, Oct 29, 2017 at 9:26 PM, Ingo Schwarze wrote: > Hi, gwes wrote on Sun, Oct 29, 2017 at 03:40:48PM -0400: > On 10/26/17

Re: Fail2ban alternative for OpenBSD

> I am wondering since years why the hell people left SSH port open to > the word? Because I trust OpenSSH.

Re: Fail2ban alternative for OpenBSD

First of all, SSH access should be blocked - I am wondering since years why the hell people left SSH port open to the word? Seriously smallest VPC+openvpn cost $5 monthly… _ Zbyszek Żółkiewski > Wiadomość napisana przez Peter Hessler w dniu > 30.10.2017, o godz. 10:35: >

Re: Fail2ban alternative for OpenBSD

On 2017 Oct 30 (Mon) at 11:06:02 +0200 (+0200), Gregory Edigarov wrote: :On 29.10.17 03:20, x9p wrote: :> :> Coming from the Linux world, I wonder if there is a better alternative to :> fail2ban, already being used in OpenBSD servers by the majority. :> :I suggest you NEVER use such "solutions".

Re: Fail2ban alternative for OpenBSD

On Mon, 30 Oct 2017, Gregory Edigarov wrote: > On 29.10.17 03:20, x9p wrote: >> >> Coming from the Linux world, I wonder if there is a better alternative >> to fail2ban, already being used in OpenBSD servers by the majority. >> > I suggest you NEVER use such "solutions". It's

Re: Fail2ban alternative for OpenBSD

On 29.10.17 03:20, x9p wrote: Coming from the Linux world, I wonder if there is a better alternative to fail2ban, already being used in OpenBSD servers by the majority. I suggest you NEVER use such "solutions". It's security by obscurity model, and therefore a bad very very bad thing. You'd

Re: 5-button wheeled mouse and X

on Sunday 29 October 2017 at 22:13, Daniel Jakots wrote: > On Sun, 29 Oct 2017 11:37:45 -0400, gwes wrote: > > On 10/25/17 07:20, Cág wrote: > > > Natasha Kerensikova wrote: > > > > > >> it started as a bug report: it have a 5-button mouse with a wheel, > > >> even though I don't

Re: Need to swap partitions: /tmp amd /usr

On Sun, 29 Oct 2017, Jay Hart wrote: > Good Evening Fellow OpenBSDers, > > Below is currently how I have my disk laid out partition wise. I have a > feeling I need to swap > /tmp and /usr in order to gain additional space for /usr. > > What is the best way to go about that?