release and I want to apply all the
errata security patch.
Everything worked well except the 004 patch for Nginx.
I apply the patch without problem, but when I try to recompile:
# rm -rf
/usr/obj/*
# cd /usr/src/
# make -f Makefile.bsd-wrapper obj
/usr/src/usr.sbin/nginx/obj - /usr/obj
Hello,
I just installed a fresh OpenBSD 5.4 release and I want to apply all the
errata security patch.
Everything worked well except the 004 patch for Nginx.
I apply the patch without problem, but when I try to recompile:
# rm -rf
/usr/obj
Hi Blaise,
On Thu, Apr 24, 2014 at 4:03 PM, Blaise Hizded bla...@ovh.fr wrote:
Hello,
I just installed a fresh OpenBSD 5.4 release and I want to apply all the
errata security patch.
Everything worked well except the 004 patch for Nginx.
I apply the patch without problem, but when I try
On 04/24/14 17:38, Pablo Méndez Hernández wrote:
Hi Blaise,
On Thu, Apr 24, 2014 at 4:03 PM, Blaise Hizded bla...@ovh.fr wrote:
Hello,
I just installed a fresh OpenBSD 5.4 release and I want to apply all the
errata security patch.
Everything worked well except the 004 patch for Nginx.
I
On 2014-01-10 Fri 21:12 PM |, Jan Stary wrote:
2 references to hinet (chinese)
What references?
What's hinet and how do you know it is chinese?
intenting to send spam (relay).
How do you know that hinet (whatever it is)
was intenting to send or relay spam?
Hosts in hinet have
On 11 Jan 2014, at 13.36, Craig R. Skinner skin...@britvault.co.uk wrote:
Hosts in hinet have been relentlessly attacking my mail web servers
for over 8 years. I feed them rubbish to play with,
A good technique is to run a geospatially-enabled DNS server that maps AS
numbers to locations
On 10/01/2014, at 06:36, agrquinonez agrquino...@riseup.net wrote:
Short story, long!
I have had 1 OBSD box, with e-mail server (sendmail), 1 web page
(apache), and anonymous ftp server for almost 14 years; upgrading by
clean installations every 6 months, and without problems. I have 2
Hi,
did you disable chroot of the http server?
Regards,
Ville Valkonen
On Jan 10, 2014 8:37 AM, agrquinonez agrquino...@riseup.net wrote:
Short story, long!
I have had 1 OBSD box, with e-mail server (sendmail), 1 web page
(apache), and anonymous ftp server for almost 14 years; upgrading by
On 01/10/14 01:36, agrquinonez wrote:
...
[compromised box]
...
Ideas are going to be really appreciated, because i am not a technical guy.
ok, this is the unpopular answer, but here it is anyway:
Stop. You should not be running your own web and mail server.
Years ago, I used to say that I
On 2014-01-09 Thu 22:36 PM |, agrquinonez wrote:
This time, i installed DokuWiki, and
Running dynamic web content (wikis, etc.)
on the public Internet is a massive risk.
I've seen multi-national companies' websites fail penetration testing,
and they employee teams of skilled developers..
On 2014-01-10 Fri 07:44 AM |, Nick Holland wrote:
On 01/10/14 01:36, agrquinonez wrote:
...
[compromised box]
...
Ideas are going to be really appreciated, because i am not a technical guy.
ok, this is the unpopular answer, but here it is anyway:
Stop. You should not be running your own
On Fri, Jan 10, 2014 at 01:37:36PM +, Craig R. Skinner wrote:
On another box/laptop, try exporting STATIC .html pages from your wiki
copying them to a chrooted .html only public web server.
Personally, I use Perl's Template Toolkit to generate static pages.
On 01/10/2014 04:44 AM, Nick Holland wrote:
On 01/10/14 01:36, agrquinonez wrote:
...
[compromised box]
...
Ideas are going to be really appreciated, because i am not a technical
guy.
ok, this is the unpopular answer, but here it is anyway:
Stop. You should not be running your own web and
Harry Callahan: A man's GOT to know his limitations.
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
agrquinonez
Sent: Friday, January 10, 2014 10:20 AM
To: misc@openbsd.org
Subject: Re: Security
On 01/10/2014 04:44 AM, Nick Holland wrote
I have had 1 OBSD box, with e-mail server (sendmail), 1 web page
(apache), and anonymous ftp server for almost 14 years; upgrading by
clean installations every 6 months, and without problems. I have 2 80GB
hard drives (1 system, 1 /ftp/pub).
This time, i installed DokuWiki, and
On 2014-01-10, agrquinonez agrquino...@riseup.net wrote:
I downloaded it from http://ftp.Openbsd.org; yes, it was checked;
DokuWiki came from pkg_add; password is never used; i do ssh-copy-id and
then ssh key + pass-phrase.
Are password logins *disabled* (and if so, where and how), or do
you
, i installed DokuWiki, and Mailman over 5.3;
How? Using packages?
yes
failing with Mailman.
How exactly?
i could not understand the logic, and security.
I added 2 vhost to the web server. And at this time everything
was going well.
No it wasn't: mailman installation failed in some way
On 01/10/2014 12:33 PM, Stuart Henderson wrote:
On 2014-01-10, agrquinonez agrquino...@riseup.net wrote:
I downloaded it from http://ftp.Openbsd.org; yes, it was checked;
DokuWiki came from pkg_add; password is never used; i do ssh-copy-id and
then ssh key + pass-phrase.
Are password logins
On 01/10/2014 05:37 AM, Craig R. Skinner wrote:
On 2014-01-09 Thu 22:36 PM |, agrquinonez wrote:
This time, i installed DokuWiki, and
Running dynamic web content (wikis, etc.)
on the public Internet is a massive risk.
yes, it is
I've seen multi-national companies' websites fail
On 01/10/2014 05:51 AM, Jiri B wrote:
On Fri, Jan 10, 2014 at 01:37:36PM +, Craig R. Skinner wrote:
On another box/laptop, try exporting STATIC .html pages from your wiki
copying them to a chrooted .html only public web server.
Personally, I use Perl's Template Toolkit to generate static
80GB
hard drives (1 system, 1 /ftp/pub).
This time, i installed DokuWiki, and Mailman over 5.3;
How? Using packages?
yes
failing with Mailman.
How exactly?
i could not understand the logic, and security.
So to be sure: it's not that the installation of the mailman package
How about ftp access, if you're running it, is it anonymous-only
(e.g. ftpd -A) or do regular users have access?
yes, ftpd_flags=USA rc.conf.local
So you have logs of uploads. What's there?
Faced with this type of situation I'd get the machine offline,
put the disk on another (clean)
On Fri, Jan 10, 2014 at 07:44:04AM -0500, Nick Holland wrote:
On 01/10/14 01:36, agrquinonez wrote:
...
[compromised box]
...
Ideas are going to be really appreciated, because i am not a technical guy.
ok, this is the unpopular answer, but here it is anyway:
Stop. You should not be
Short story, long!
I have had 1 OBSD box, with e-mail server (sendmail), 1 web page
(apache), and anonymous ftp server for almost 14 years; upgrading by
clean installations every 6 months, and without problems. I have 2 80GB
hard drives (1 system, 1 /ftp/pub).
This time, i installed DokuWiki,
Hi,
As we (all) use X, I think following video would be interesting for
you :)
http://media.ccc.de/browse/congress/2013/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel.html
Big thanks to Ilja for making X better for everybody.
jirib
On 1/3/14, Jiri B ji...@devio.us wrote:
Hi,
As we (all) use X, I think following video would be interesting for
you :)
http://media.ccc.de/browse/congress/2013/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel.html
Take away quote in regard to Xorg and X privilege
On Fri, Jan 3, 2014 at 8:07 PM, patrick keshishian pkesh...@gmail.comwrote:
On 1/3/14, Jiri B ji...@devio.us wrote:
Hi,
As we (all) use X, I think following video would be interesting for
you :)
/No/Go boil my head in a cauldron brimming with rancid rhino rectal
fluid, while surrounded by little blue sexually aroused smurfs chanting,
Great is Willie Wonker of the Chocolate Factory Dynasty!!
Running security(8):
Checking root sh paths, umask values:
/etc/profile /root/.profile
Root
...@britvault.co.uk -
Date: Tue, 17 Dec 2013 01:56:49 + (GMT)
From: Charlie Root r...@britvault.co.uk
To: r...@britvault.co.uk
Subject: teak.britvault.co.uk daily insecurity output
Running security(8):
Checking root sh paths, umask values:
/etc/profile /root/.profile
Root sh startup files do not set
/11/13, sven falempin sven.falem...@gmail.com wrote:
Subject: Re: Weard security report
To: t...@openbsd.org t...@openbsd.org
Received: Thursday, 7 November, 2013, 3:49 AM
On Wed, Nov 6, 2013 at 11:43 AM,
Alexander Hall alexan...@beard.se
wrote:
Joerg Sonnenberger jo
have some security-related questions; admittedly of a rather elemental
nature. I hope that is not a problem.
The first question I wanted to ask, is what is the opinion of people on
this list, concerning an ideal umask for general use? I have not
changed the root umask on my own system
2013/9/8 Petrus petr...@gmail.com:
My third question is a little more sensitive. I have read about claims
in the media recently that there may not be any form of cryptography in
existence which is unbreakable by...certain parties. Given that I am
less than a novice in the subject myself, I
Petrus petr...@gmail.com wrote:
I got the subject of the message I just sent wrong.
My apologies; it was intended to be some general
questions. I simply hit reply to thread, as a means
of automatically providing the address in the send
field.
Please don't. You implicitely add various reference
Hi,
reading a news post
http://www.phoronix.com/scan.php?page=news_itempx=MTM3ODA
it turned out that there might be a number of security issues with xorg on
linux (really ? Lol ). I wonder how that affects the openbsd xorg. Can
anyone with more insight share his knowledge ?
Jan
Thanks Paul for this information. OpenBSD developers are fast as lightning.
Great !
internet access or they'll do
what other unnamed ISPs are currently doing *ahem*comast*ahem* and tell
you how much data you can use, what mail ports are open - nevermind if you
use any third party mail servers, what times of the day you get more
bandwidth, etc.
Learning how to setup your own security
On 02/14/13 18:20, Daniel Bertrand wrote:
I was wondering what your stance is about the constant hack attempts on
machines on our ISP networks.. I see CONSTANT scanning for ports from all over
the world, mostly from Italy, Russia, and China.
Everyone does. You can find lists of IP ranges on
Changes by: lan...@cvs.openbsd.org 2012/12/31 01:41:27
Modified files:
security/nss : Makefile distinfo
Log message:
Update to nss-3.14.1.with.ckbi.1.93, which explicitely distrusts
TURKTRUST Mis-issued Intermediate CA 1 TURKTRUST Mis-issued
Intermediate CA 2.
(added in #768547
On Mon, Dec 31, 2012 at 01:41:27AM -0700, Landry Breuil wrote:
CVSROOT: /cvs
Module name: ports
Changes by: lan...@cvs.openbsd.org 2012/12/31 01:41:27
Modified files:
security/nss : Makefile distinfo
Log message:
Update to nss-3.14.1.with.ckbi.1.93, which explicitely
Hello. I have three computers. Each computer gets internet from its own
wireless device, and they communicate with each other over a 1000mb
ethernet switch. None of the computers therefore do ip forwarding. I use
the lan for X11 forwarding, file sharing, and ssh.
I would like to use SSL for
On 2012-09-20, Mathieu Simon mathieu@gmail.com wrote:
G'day
This is my first post to this list - so bear with me...
OpenBSD has not yet replaced BIND with NSD + Unbound, but NSD 3.2.9 is
enabled in 5.1 builds. This version has at least 2 known CVE's that
have been fixed with upstream
Am 21.09.2012 14:51, schrieb Stuart Henderson:
CVE-2012-2979 isn't relevant as it's a non-standard
build option that we don't use.
Good to know, thanks.
I have not found a patch for in 5.1 erratas so far.
I've just committed a fix for CVE-2012-2978 to 5.1-stable,
but I don't have time to
G'day
This is my first post to this list - so bear with me...
OpenBSD has not yet replaced BIND with NSD + Unbound, but NSD 3.2.9 is
enabled in 5.1 builds. This version has at least 2 known CVE's that
have been fixed with upstream releases:
3.2.12:
Fix for VU#624931 CVE-2012-2978: NSD denial of
installing software precompiled using pkg_add -r
ftp://ftp.openbsd.org/../openvpn-version.tgz
How to see if there are update/security fix for openvpn?
From Ports ml?
Thanks in advance.
On 09/01/2012 07:26 AM, Tomas Bodzar wrote:
On Fri, Aug 31, 2012 at 6:06 PM
mailto:alessandro.ba...@gmail.com wrote:
Hi list,
sorry for late, but you are talking about update, and I've a
question about this.
I'm installing software precompiled using pkg_add -r
ftp://ftp.openbsd.org/../openvpn-version.tgz
How to see if there are update/security fix
On Tue, Sep 18, 2012 at 11:06 AM, Alessandro Baggi
alessandro.ba...@gmail.com wrote:
ah, sorry
but when run pkg_add -a -u I must give also
ftp://ftp.openbsd.org/pathamd64repo/... ?
http://www.openbsd.org/faq/faq15.html#Easy
and read about PKG_PATH in pkg_add(1)
-u Update the
://ftp.openbsd.org/../**openvpn-version.tgzftp://ftp.openbsd.org/
../openvpn-version.tgz
How to see if there are update/security fix for openvpn?
From Ports ml?
Thanks in advance.
On 09/01/2012 07:26 AM, Tomas Bodzar wrote:
On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
semarie-open
Hi list,
sorry for late, but you are talking about update, and I've a question
about this.
I'm installing software precompiled using pkg_add -r
ftp://ftp.openbsd.org/../openvpn-version.tgz
How to see if there are update/security fix for openvpn?
From Ports ml?
Thanks in advance
, for ports too),
which is OPENBSD_5_1.
But, I saw that the last security updates for ports go to OPENBSD_5_2
and not to OPENBSD_5_1.
Any examples ? The probleme may not be present in 5.1.
databases/postgresql
version 9.1.4 (in OPENBSD_5_1) is vulnerable to CVE-2012-3488
On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:
On 2012-08-30, Sébastien Marie semarie-open...@latrappe.fr wrote:
I not used all pervious ports, and some are used in safe usage (like
using postgresql ports, but not for server). It just a question to known
what follow,
On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
semarie-open...@latrappe.fr wrote:
On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:
On 2012-08-30, Sébastien Marie semarie-open...@latrappe.fr wrote:
I not used all pervious ports, and some are used in safe usage (like
using
security updates for ports go to OPENBSD_5_2
and not to OPENBSD_5_1.
Any examples ? The probleme may not be present in 5.1.
databases/postgresql
version 9.1.4 (in OPENBSD_5_1) is vulnerable to CVE-2012-3488 and
CVE-2012-3489
CVE-2012-3488 : insecure use of xslt (xslt is in contrib, so
, for ports too),
which is OPENBSD_5_1.
But, I saw that the last security updates for ports go to OPENBSD_5_2
and not to OPENBSD_5_1.
Any examples ? The probleme may not be present in 5.1.
[...]
I find freshbsd.org a little misleading, in that it won't list some
patches that were
On 2012-08-30, Sébastien Marie semarie-open...@latrappe.fr wrote:
I not used all pervious ports, and some are used in safe usage (like using
postgresql ports, but not for server). It just a question to known what
follow, in order to keep updated...
really, in order to keep updated,
Hi,
I currently follow STABLE branch for openbsd (and so, for ports too), which is
OPENBSD_5_1.
But, I saw that the last security updates for ports go to OPENBSD_5_2 and not
to OPENBSD_5_1.
According to the FAQ (http://www.openbsd.org/faq/faq15.html#PortsSecurity),
only the current and last
Le Wed, 29 Aug 2012 09:59:46 +0200,
Sebastien Marie semarie-open...@latrappe.fr a écrit :
Hello,
I currently follow STABLE branch for openbsd (and so, for ports too),
which is OPENBSD_5_1.
But, I saw that the last security updates for ports go to OPENBSD_5_2
and not to OPENBSD_5_1.
Any
field in
in etc/security SCCS diff 5.14.
Here is Keith's original implementation:
echo Checking for turned-off accounts with valid shells:
awk -F: length(\$2) != 13 \$10 ~ /.*sh$/ \
{ print \user \ \$1 \ account turned off with valid shell.\ } \
/etc/master.passwd
Yours,
Ingo
On 4/25/2012 5:11 PM, Stuart Henderson wrote:
On 2012-04-24, Tylerdisc...@gmail.com wrote:
Hi,
Is there a way to create logins that are only accessed via
authorized_keys so that security(8) doesn't complain about them every day?
The general goal is to disable remote root login via SSH
On Thu, May 3, 2012 at 2:16 PM, Tyler Morgan tyl...@tradetech.net wrote:
On 4/25/2012 5:11 PM, Stuart Henderson wrote:
On 2012-04-24, Tylerdisc...@gmail.com wrote:
My problem is security(8) complains about this every day:
Login admin is off but still has a valid shell and alternate access
On Thu, May 03, 2012 at 02:48:14PM -0400, Mike Erdely wrote:
FYI: For a test, I added foo with useradd(8) and bar with adduser(8):
# grep -E (foo|bar) /etc/master.passwd
foo:*:1002:1002::0:0::/home/foo:/bin/ksh
bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh
Looks like useradd does
this. The check in security is there for a reason. If
you want to bypass it, it might be better to have to do it manually.
The inconsistancy is annoying though, as is the *-trick,
which I believe is merely a way to make it seem like a password while it
is not.
/Alexander
On Thu, May 3, 2012 at 5:43 PM, Alexander Hall ha...@openbsd.org wrote:
I'm not sure about this. The check in security is there for a reason. If you
want to bypass it, it might be better to have to do it manually.
The inconsistancy is annoying though, as is the *-trick, which
I
On 05/04/12 00:06, Mike Erdely wrote:
On Thu, May 3, 2012 at 5:43 PM, Alexander Hallha...@openbsd.org wrote:
I'm not sure about this. The check in security is there for a reason. If you
want to bypass it, it might be better to have to do it manually.
The inconsistancy is annoying though
Alexander Hall ha...@openbsd.org wrote:
On 05/04/12 00:06, Mike Erdely wrote:
On Thu, May 3, 2012 at 5:43 PM, Alexander Hallha...@openbsd.org
wrote:
I'm not sure about this. The check in security is there for a
reason. If you
want to bypass it, it might be better to have to do it manually
Mike Erdely [m...@erdelynet.com] wrote:
FYI: For a test, I added foo with useradd(8) and bar with adduser(8):
# grep -E (foo|bar) /etc/master.passwd
foo:*:1002:1002::0:0::/home/foo:/bin/ksh
bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh
Looks like useradd does the right thing and
On 5/3/2012 9:31 PM, Chris Cappuccio wrote:
Mike Erdely [m...@erdelynet.com] wrote:
FYI: For a test, I added foo with useradd(8) and bar with adduser(8):
# grep -E (foo|bar) /etc/master.passwd
foo:*:1002:1002::0:0::/home/foo:/bin/ksh
bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh
On Tuesday, May 1, 2012 18:36 CEST, Martin SchrC6der mar...@oneiros.de
wrote:
2012/5/1 llemike...@aol.com llemike...@aol.com:
security-announce
This list is not used.
Did I miss something? Was it announced on another list?
This has been discussed before: Patches are not announced
2012/5/2 Sebastian Reitenbach sebas...@l00-bugdead-prods.de:
On Tuesday, May 1, 2012 18:36 CEST, Martin SchrC6der mar...@oneiros.de
wrote:
But citing the 5.1 Announce E-Mail:
...
Security patch announcements are sent to the security-annou...@openbsd.org
mailing list. For information
On Wed, May 02, 2012 at 11:44, Martin SchrC6der wrote:
2012/5/2 Sebastian Reitenbach sebas...@l00-bugdead-prods.de:
On Tuesday, May 1, 2012 18:36 CEST, Martin SchrC6der mar...@oneiros.de
wrote:
But citing the 5.1 Announce E-Mail:
...
Security patch announcements are sent to the security
Dear Put your name here, ;-)
Using 5.0 I have now installed the two patches issued:
1) BIND patch from 01/12/2011
2) libcrypto patch from 23/04/12
What I cannot understand is that I have been registered
on the following mailing lists since 5 April 2012:
misc
tech
security
2012/5/1 llemike...@aol.com llemike...@aol.com:
security-announce
This list is not used.
Did I miss something? Was it announced on another list?
This has been discussed before: Patches are not announced.
Best
Martin
Martin,
Aaaa! I see. So I didn't miss anything.
Thanks for the swift response.
Mike
American Express Alert - Personal Security Key Reset
For your security:
Dear American Express member,
To protect your account(s), we need you to re-authenticate your account
by updating your Pers onal Security Key
On 2012-04-24, Tyler disc...@gmail.com wrote:
Hi,
Is there a way to create logins that are only accessed via
authorized_keys so that security(8) doesn't complain about them every day?
The general goal is to disable remote root login via SSH and allow an
unprivileged admin user access via
Hi,
Is there a way to create logins that are only accessed via
authorized_keys so that security(8) doesn't complain about them every day?
The general goal is to disable remote root login via SSH and allow an
unprivileged admin user access via key files and pass phrases (and
then sudo or su
On 4/24/2012 12:54 PM, Stefan Johnson wrote:
On Tue, Apr 24, 2012 at 2:24 PM, Tyler disc...@gmail.com
mailto:disc...@gmail.com wrote:
Hi,
Is there a way to create logins that are only accessed via
authorized_keys so that security(8) doesn't complain about them
every day
On Apr 16, 2012, at 8:06 PM, Stuart Henderson wrote:
On 2012-04-16, ZC) Loff zel...@zeloff.org wrote:
It is hard to guess what you need from the scarce information you
provide.
I'm sorry... On hindsight, that was _very_ little information.
I'm running 5.0, with postfix as an MTA,
for every user, etc. Every thing from here on down
has either 700 (folders) or 600 (files) permissions. on the machine in
question, and the exact messages you see in your daily security emails?
Running security(8): Checking mailbox ownership. user vmail mailbox is
drwx--, group vmail If I chmod 600
of the virtual domains,
and inside that one for every user, etc. Every thing from here on down
has either 700 (folders) or 600 (files) permissions. on the machine in
question, and the exact messages you see in your daily security emails?
Running security(8): Checking mailbox ownership. user vmail
, and
inside that one for every user, etc. Every thing from here on down has
either 700 (folders) or 600 (files) permissions.
on the machine in question, and the exact messages you see in your
daily security emails?
Running security(8):
Checking mailbox ownership. user vmail mailbox is
drwx
On 2012-04-16, ZC) Loff zel...@zeloff.org wrote:
It is hard to guess what you need from the scarce information you
provide.
I'm sorry... On hindsight, that was _very_ little information.
I'm running 5.0, with postfix as an MTA, delivering mail for two virtual
domains (maildir). Courier is
Hi,
Zi Loff wrote on Thu, Apr 12, 2012 at 10:43:32AM +0100:
security(8) complains about the permissions of my postfix's virtual
hosts maildir, I assume because of the directory mode bit. I once found
a patch to /usr/libexec/security that fixed it, but I can't seem to find
it anywhere now
Hopefully a quick one:
security(8) complains about the permissions of my postfix's virtual
hosts maildir, I assume because of the directory mode bit. I once found
a patch to /usr/libexec/security that fixed it, but I can't seem to find
it anywhere now.
IIRC, it was a small fix to
nag
Hello,
What is the point of running OpenBSD (or any other OS) in a virtual
environment? What do you get or why would someone need to do it ?
Thanks.
Test stuff for example. I'm running a virtual network with 3 OpenBSD
routers (ospf) in VMware right now to test redundancy and different
setups.
// Johan
2012/3/25 Mihai Popescu mih...@gmail.com:
Hello,
What is the point of running OpenBSD (or any other OS) in a virtual
environment? What do
Hi!
I've recently installed OpenBSD 5.0/i386 on a
virtualized root-server (Linux-KVM, dmesg below).
Installation was fine.
Now I'm dropped from multiuser to the shell,
usually a couple of seconds after login
with the message:
init: kernel security level changed from 1 to 0
No error messages
paystation
You have 1 new Security Message Alert !
Resolution Center: Click-to-Resolve
Thank you for using Fast Charge Payment Gateway !
)2012 Fast Charge. All rights reserved.
Please do not reply to this e-mail
On 7-12-2011 17:16, Visa Security Measures wrote:
Dear Customer, VISA,
For security reasons, your credit card has been blocked.
As a result of unusual activity, we see that someone has used
your credit card without your permission, for your protection, we
blocked the credit card.
Your
understood David's concern (please correct me if wrong) was
that he was simply mindful of the security limitations of using *only*
authpf (and not then also an ipsec tunnel as you're suggesting). It is
true (or at least it's my understanding) that for some purposes,
sometimes people use only authpf
On 9 September 2011 15:13, David Walker davidianwal...@gmail.com wrote:
I have some idea IPsec might be useful so I do a search and this comes
up (first cab off the rank) ...
http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
From that (apparently old) article:
Note that if you
ropers rop...@gmail.com writes:
Is this (still) true/required? (Why?)
Or is it complete nonsense?
If intense development was happening in that area at the time, it may
have made sense. But it's been some years and it's almost certainly no
longer relevant.
- P
--
Peter N. M. Hansteen, member
On 21 September 2011 00:59, Peter N. M. Hansteen pe...@bsdly.net wrote:
ropers rop...@gmail.com writes:
Is this (still) true/required? (Why?)
Or is it complete nonsense?
If intense development was happening in that area at the time, it may
have made sense. But it's been some years and it's
connection is ssh, thus it's encrypted and
packet sniffing is useless.
Your second connection could be the ipsec tunnel. Again, it's encrypted
and packet sniffing is useless.
The way I understood David's concern (please correct me if wrong) was
that he was simply mindful of the security limitations
On Wed, 21 Sep 2011 01:38:28 +0200, ropers wrote:
snip part that isn't relevant to this message
1. Legit user authenticates with authpf.
2. After authentication, PF (if thusly configured) just allows that IP
full access to various and sundry services it otherwise blocks.
3. While the legit user
Hi Marian.
On 10/09/2011, Marian Hettwer m...@kernel32.de wrote:
I'd say SSH tunnels are still in.
Cool.
No. IP spoofing won't help them script kiddy at all.
To successfully authenticate via authpf, you need a valid ip adress for
responses.
With a fake source ip, the script kiddy won't
security features.
It should not yet be used in production networks.
I might try and get IPsec up first anyway and stop being so ambitious.
- if you will be communicating with other machines in the same subnet,
they will send return traffic directly rather than via the router,
i.e
Hi.
I'm using some old gear that doesn't support WPA or better (WEP only).
Until I get around to that what are my options security wise?
Here's the machines:
inet - OpenBSD - CPE AP - USB - OpenBSD - desktops
The AP is some Cisco or something. Like those WRT54s and whatnot.
I notice it has
On Fri, Sep 9, 2011 at 11:33 AM, David Walker davidianwal...@gmail.com wrote:
Hi.
I'm using some old gear that doesn't support WPA or better (WEP only).
Until I get around to that what are my options security wise?
Here's the machines:
inet - OpenBSD - CPE AP - USB - OpenBSD - desktops
On 09/09/11 05:33, David Walker wrote:
Hi.
I'm using some old gear that doesn't support WPA or better (WEP only).
Until I get around to that what are my options security wise?
define security :)
Here's the machines:
inet - OpenBSD - CPE AP - USB - OpenBSD - desktops
The AP is some
Thank you Thomas.
On 09/09/2011, Tomas Bodzar tomas.bod...@gmail.com wrote:
http://www.openbsd.org/faq/pf/authpf.html
At first glance that looks really cool (well it still looks cool) but
I'm not sure it's what I'm after.
As far as I can tell the authentication is secure and ties a ruleset
to
501 - 600 of 1390 matches
Mail list logo
