This is obviously not the intent. The intent is to have software that
is reasonably crafted by software engineers. Not some slapped together
turd with peanuts from different development teams.
I agree it shouldn't be slapped together but you strike upon an interesting
debate... Should
http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
on/story-e6frfro0-1225882656490
Companies who release IT products with security vulnerabilities
should be open to claims for compensation by consumers, apparently.
Illegal to run without antivirus
On Tue, Jun 22, 2010 at 01:23:14PM -0400, Adam M. Dutko wrote:
This is obviously not the intent. The intent is to have software that
is reasonably crafted by software engineers. Not some slapped together
turd with peanuts from different development teams.
I agree it shouldn't be
Marco Peereboom wrote:
Microsoft spends $10B on RD. That is nearly the ENTIRE budget of NASA.
They are the classic example of organizations that are completely out of
control and rely entirely on some process that is good enough. Anyone
who has written code that directly interacts with their
One hangover :)
On Tue, 22 Jun 2010 13:24:43 -0500, Chris Bennett
ch...@bennettconstruction.biz wrote:
Marco Peereboom wrote:
Microsoft spends $10B on RD. That is nearly the ENTIRE budget of
NASA.
They are the classic example of organizations that are completely out
of
control and rely
On Tue, 22 Jun 2010 12:55:10 -0500
Marco Peereboom sl...@peereboom.us wrote:
Getting a bunch of kids from college with some degree or another
or outsourcing code is a recipe for disaster. If the developers have no
vested interest in the success of the code a project will nearly always
fail.
How come the university acting as proxy, got so much of OpenBSDs DARPA
grant? What was the justification?
Graft, influence trading, and patronage are institutionalized in the
relationship between universities, research grants, and the government
in the US to roughly the same level as anywhere
http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
on/story-e6frfro0-1225882656490
Companies who release IT products with security vulnerabilities
should be open to claims for compensation by consumers, apparently.
Illegal to run without antivirus ... disconnection
Illegal to run without antivirus ... disconnection of vulnerable
computers. A much needed kick up the arse for software makers or just
bat-shit insane? Coming soon...
I tend to agree with your last comment.
begin article summary
Idiotic politicians with no business setting arbitrary rules
On Tue, 22 Jun 2010 14:52:30 +1000, mark hellewell wrote:
http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
on/story-e6frfro0-1225882656490
Companies who release IT products with security vulnerabilities
should be open to claims for compensation by consumers
Is it too early for Friday humor? If not, here are some clowns worth
watching:
http://www.youtube.com/watch?v=VjfaCoA2sQk
Hello All,
I am a little bit out of subject but please allow me to ask you about feeds of
security issues.
Thank you
On Wed, 17 Feb 2010 20:05:47 +0100
Jean-Francois jfsimon1...@gmail.com wrote:
Hello All,
I am a little bit out of subject but please allow me to ask you about
feeds of security issues.
http://www.undeadly.org has it and the errata pages are of course updated.
I just have a cron
On Wed, 17 Feb 2010 20:05 +0100, Jean-Francois jfsimon1...@gmail.com
wrote:
Hello All,
I am a little bit out of subject but please allow me to ask you about
feeds of
security issues.
Thank you
I read this page and the links off of it:
http://www.openbsd.org/errata.html
to ask you about
feeds of
security issues.
Thank you
I read this page and the links off of it:
http://www.openbsd.org/errata.html
--
Jim
are on this practice. I haven't ever set up VLANs on anything
large or serious, and do not claim to know the security implications,
other than switch/interface misconfiguration possibly getting one into
trouble, and awareness of (but no experience with) tools like dsniff.
There is quite a bit
are on this practice. I haven't ever set up VLANs on anything
large or serious, and do not claim to know the security implications,
other than switch/interface misconfiguration possibly getting one into
trouble, and awareness of (but no experience with) tools like dsniff.
They're fine if you know how
what the thoughts of the
list are on this practice. I haven't ever set up VLANs on anything
large or serious, and do not claim to know the security implications,
other than switch/interface misconfiguration possibly getting one into
trouble, and awareness of (but no experience with) tools like
what the thoughts of the
list are on this practice. I haven't ever set up VLANs on anything large
or serious, and do not claim to know the security implications, other
than switch/interface misconfiguration possibly getting one into
trouble, and awareness of (but no experience with) tools like
Just remember that VLAN separation is a misnomer. The VLAN tag
is inserted in the Ethernet Frame,
http://upload.wikimedia.org/wikipedia/commons/2/23/TCPIP_802.1Q.jpg
There isn't anything magical about an 802.1q tag.
It is possible to overload a switches CAM table which effectively
turns them
--- On Tue, 2/16/10, Corey clinge...@gmail.com wrote:
From: Corey
clinge...@gmail.com
Subject: VLANs and security (was:network performance
problems)
To: misc@openbsd.org
Received: Tuesday, February 16, 2010, 8:54
PM
I did put all interfaces
(in,out,pfsync,management) through VLANs in
msk0
Not directly about OpenBSD, but worth reading:
http://blogs.techrepublic.com.com/security/?p=3007
Dear Commonwealth Bank of Australia Customer,
You have 1 unread Message!
Click here to resolve the problem
Thank You.
* Please do not reply to this email, as your reply will not be received.
This is an
automatic notification of new security messages.
Sincerely,
Commonwealth Bank of Australia
Marco Peereboom sl...@peereboom.us wrote:
Never mind no one verifying any of the keys or anything else that SSL
spits out. I am talking to you firefox!
That's pretty strange coming from the guy who complained the loudest
about recent Firefox releases that actually try to enforce the chain
of
On Thu, 26 Nov 2009 14:45:32 + (UTC)
Christian Weisgerber wrote:
Marco Peereboom sl...@peereboom.us wrote:
Never mind no one verifying any of the keys or anything else that SSL
spits out. I am talking to you firefox!
That's pretty strange coming from the guy who complained the
Like everyone verifies SSL.. right?
2009/11/21 Samuel Baldwin recursive.for...@gmail.com:
2009/11/21 AG computing.acco...@googlemail.com:
Depends on whether one trusts the NSA or not.
That's the nice thing about open source software; we don't have to,
because we can verify their code or
Maybe if it was readable. I'll argue it was written by the NSA to make
it unreadable for mere mortals so that they can sneak in all their
sicrit backdoors!
Never mind no one verifying any of the keys or anything else that SSL
spits out. I am talking to you firefox!
On Wed, Nov 25, 2009 at
Pfff, you know damn well that reading the OpenSSL doc should be enough to
get a grasp at how things work ...
Gilles
On Wed, Nov 25, 2009 at 02:53:19PM -0600, Marco Peereboom wrote:
Maybe if it was readable. I'll argue it was written by the NSA to make
it unreadable for mere mortals so that
On Wed, Nov 25, 2009 at 10:04:59PM +0100, Gilles Chehade wrote:
OpenSSL doc
parse error
--Good luck verifying the mathematics yourself, though.
No small statement, that
On Sat, Nov 21, 2009 at 05:42:48PM -0500, Samuel Baldwin wrote:
2009/11/21 AG computing.acco...@googlemail.com:
Depends on whether one trusts the NSA or not.
That's the nice thing about open source software;
Nick Guenther kou...@gmail.com wrote:
Like, obviously the NSA's mandate is spying
Actually, that's only half the NSA's mandate. The other half is
protecting the US government from spying.
--
Christian naddy Weisgerber na...@mips.inka.de
On Sat, Nov 21, 2009 at 05:42:48PM -0500, Samuel Baldwin wrote:
2009/11/21 AG computing.acco...@googlemail.com:
Depends on whether one trusts the NSA or not.
That's the nice thing about open source software; we don't have to,
because we can verify their code or mathematics ourselves.
On 2009 Nov 21 (Sat) at 17:42:48 -0500 (-0500), Samuel Baldwin wrote:
:2009/11/21 AG computing.acco...@googlemail.com:
: Depends on whether one trusts the NSA or not.
:
:That's the nice thing about open source software; we don't have to,
:because we can verify their code or mathematics ourselves.
I am now adding to the noise.
c'mon folks, stop this. there are ways to insert holes into any O/S
that allows loading of firmware blobs. how many end users have torn
one apart to see what it really does?
IO processors have access to your data at a very intimate level,
think about it
then
google we are talking to you!
On Sun, Nov 22, 2009 at 09:02:19AM -0700, Diana Eichert wrote:
I am now adding to the noise.
c'mon folks, stop this. there are ways to insert holes into any O/S
that allows loading of firmware blobs. how many end users have torn
one apart to see what it really
Date: Sat, 21 Nov 2009 23:07:31 -0600
From: j...@fixedpointgroup.com
To: misc@openbsd.org
Subject: Re: Security via the NSA?
can [sic] we stop these dumb posts about the NSA and windows [sic] 7?
Only if you stop these dumb posts asking others to stop their dumb posts.
Sincerely,
IRT
That just means NoSuchUser is well hidden!! :)
On 11/21/09, Henning Brauer lists-open...@bsws.de wrote:
* AG computing.acco...@googlemail.com [2009-11-21 23:41]:
Depends on whether one trusts the NSA or not.
right, of course the NSA gets commit access and peer review rules
don't apply.
On Sun, Nov 22, 2009 at 8:51 AM, bofh goodb...@gmail.com wrote:
That just means NoSuchUser is well hidden!! :)
rather, henning must be running badfinger.
-pk
On 11/21/09, Henning Brauer lists-open...@bsws.de wrote:
* AG computing.acco...@googlemail.com [2009-11-21 23:41]:
Depends on
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam doug_mi...@yahoo.com wrote:
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
NSA also helped Linux with SElinux. As long as OpenBSD remains open source,
I don't see the problem.
Felipe Alfaro Solana wrote:
On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam doug_mi...@yahoo.com wrote:
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
NSA also helped Linux with SElinux. As long as OpenBSD remains open
2009/11/21 AG computing.acco...@googlemail.com:
Depends on whether one trusts the NSA or not.
That's the nice thing about open source software; we don't have to,
because we can verify their code or mathematics ourselves.
--
Samuel Baldwin - logik.li
On Sat, Nov 21, 2009 at 5:32 PM, AG computing.acco...@googlemail.com wrote:
Felipe Alfaro Solana wrote:
On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam doug_mi...@yahoo.com wrote:
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
* AG computing.acco...@googlemail.com [2009-11-21 23:41]:
Depends on whether one trusts the NSA or not.
right, of course the NSA gets commit access and peer review rules
don't apply. right.
henn...@cvs:2$ finger nsa
finger: nsa: no such user.
hmm.
--
Henning Brauer, h...@bsws.de,
On Sat, Nov 21, 2009 at 11:32 PM, AG computing.acco...@googlemail.comwrote:
Felipe Alfaro Solana wrote:
On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam doug_mi...@yahoo.com
wrote:
Will OpenBSD be the next to be 'helped'?
Doug Milam wrote:
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
Only if they Paypal some $$$ to http://www.openbsd.org/donations.html :)
On 11/21/2009 6:01 PM, Henning Brauer wrote:
henn...@cvs:2$ finger nsa
finger: nsa: no such user.
hmm.
Perhaps they use a less obvious user name, like 'henning'...
Doug Milam wrote:
Will OpenBSD be the next to be 'helped'?
http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
can we stop these dumb posts about the NSA and windows 7? it's really
not related to openbsd.
spend less time being preoccupied with the fact that
, he's describing near-term measures to improve
the security of cloud computing:
Much of this would result from care on the part of cloud computing
providers--choosing more secure operating systems such as Open BSD
and Solaris--and keeping those systems carefully configured.
ciao
On 2009-11-12, David Taveras d3taveras3...@gmail.com wrote:
Hi,
On Wed, Nov 11, 2009 at 9:38 PM, Jason Dixon ja...@dixongroup.net wrote:
There are plenty of L7 tools in OpenBSD base and ports/packages to help
you reach your goals. It's up to you to deploy and configure them
properly for
I love OpenBSD focused security in many areas, and in the ones not
included in base there are always options in packages.
However specifically speaking about the options to complement as an
application level firewall seems it is truly underestimated the way I
see it:
What is the option for a web
On Wed, Nov 11, 2009 at 09:25:45PM -0600, David Taveras wrote:
I love OpenBSD focused security in many areas, and in the ones not
included in base there are always options in packages.
However specifically speaking about the options to complement as an
application level firewall seems
Indeed, mod_security is only currently available for apache-1.3. But I
think the lack of modsecurity-2.x is only because nobody has stepped up
to complete the port, not because of any technical hurdles.
As i said, modsecurity 2 is only compatible with apache2, otherwise I
would be able
Hi,
On Wed, Nov 11, 2009 at 9:38 PM, Jason Dixon ja...@dixongroup.net wrote:
There are plenty of L7 tools in OpenBSD base and ports/packages to help
you reach your goals. It's up to you to deploy and configure them
properly for your environment. Just a few off the top of my head:
relayd(8)
Hello Theo,
On Wed, Nov 11, 2009 at 10:15 PM, Theo de Raadt dera...@cvs.openbsd.org wrote:
Well perhaps more people should have gotten upset when Apache started
adding contract law language to their copyright notice.
Yes, I understand the fundamentals of this decision which in turn
gives us an
On the bright side, because this list houses some of the best
brainpower anywhere I have all but two of the requirements
finished (yes, the easy ones) and one of the two left I'm sure
I can handle on my own.
Would you mind sharing any non-confidential OpenBSD-related
questions/answers of the
Elliott Barrere wrote:
What is the preferred procedure for changing files that are watched by
the security script (i.e. present in /etc/changelist)?
vi, emacs, $EDITOR, whatever.. :-)
I have a few boxes cloned from one and I would like to change SSH keys
and other sensitive files
Matthew Weigel
I don't, I'm afraid, and a quick Google (which could have
answered some
of your other questions) suggests that it's come up before
both on misc@
and elsewhere. I know you don't want to hear about how the
PCI DSS is
wrong, but in this case their wrongness is, I think, the
Stuart VanZee wrote:
The last is 8.5.13 locking users out after 6 failed login
attempts. Quite frankly I find this to be a pretty stupid
requirement as it causes a built in denial of service. I see
how creating a custom Authentication style would allow me to
do this (in spite of my
On 22 October 2009 c. 22:58:53 Stuart VanZee wrote:
The last is 8.5.13 locking users out after 6 failed login
attempts. Quite frankly I find this to be a pretty stupid
requirement as it causes a built in denial of service. I see
how creating a custom Authentication style would allow me to
do
The company I work for is having their yearly Payment Card Industry
(PCI) assessment and while I believe that OpenBSD is the most secure
OS going, I am having some problems proving it. Here are some of
the issues I need to figure out.
8.5.9For a sample of system components, obtain and
Hi
I think everything you want is in login.conf(5).
You may need an external program to do 8.5.12.
On Wed, Oct 21, 2009 at 09:16:33AM -0400, Stuart VanZee wrote:
The company I work for is having their yearly Payment Card Industry
(PCI) assessment and while I believe that OpenBSD is the most
On 21 October 2009 c. 17:16:33 Stuart VanZee wrote:
The company I work for is having their yearly Payment Card Industry
(PCI) assessment and while I believe that OpenBSD is the most secure
OS going, I am having some problems proving it. Here are some of
the issues I need to figure out.
I'm
On Wed, Oct 21, 2009 at 8:16 AM, Stuart VanZee stua...@datalinesys.com
wrote:
The company I work for is having their yearly Payment Card Industry
(PCI) assessment and while I believe that OpenBSD is the most secure
OS going, I am having some problems proving it. Here are some of
the issues I
Stuart VanZee wrote:
The company I work for is having their yearly Payment Card Industry
(PCI) assessment and while I believe that OpenBSD is the most secure
OS going, I am having some problems proving it. Here are some of
the issues I need to figure out.
8.5.9For a sample of system
What is the preferred procedure for changing files that are watched by
the security script (i.e. present in /etc/changelist)?
I have a few boxes cloned from one and I would like to change SSH keys
and other sensitive files but the script seems to be changing them
back
is
modified, the diff is mailed to root, but the file is *not* reverted.
I believe you'll have to look further to find what is happening - it's
not the stock security script.
paulm
On 22/10/2009, at 11:24 AM, Elliott Barrere wrote:
What is the preferred procedure for changing files that are watched
Dear Esteemed Customer,
You have one new security message from ANZ Internet Banking
Sign in
This is an outbound only message, any queries sent to this email address
cannot be answered.
Kind regards,
) Copyright Australia and New Zealand Banking Group Limited ABN 11 005
357 522, 1996-2009
Bank of
America Higher Standards
Customer
using a laptop for Online Banking
Online
Banking Alert
Remember:
Always look for your
SiteKey before you
Sign In ?
SiteKey Confirmation
Due to our recent upgrade of all online accounts,it is of utmost
necessity for all Bank of
Dear Member,
Your CUA Member Number and Web Access Code (WAC) has been locked
temporarily due to many unsuccessful login attempts.
You are kindly advised to Logon to Web Banker and follow the instructions
on your screen.
The data submitted will be transmitted over an SSL encrypted connection
Access denied
Your internet banking has been locked due to three consecutive failures
of the banking security check.
To unlock your BMO internet banking, please activate your account below :
Unlock Your BMO Internet Banking
) 2009 Bank of Montreal.
Hi,
On Thu, 30.04.2009 at 11:21:50 -0600, Bob Beck b...@openbsd.org wrote:
The best place to get OpenBSD is from an official CD set, produced in
a secured location
FWIW, I have what I think are official CDs, and they contain OS code
dated 2009-02-28 22:41 UTC. This means the official
Just wanting a second opinion.
I was investigating why I and a fair few others were occasionally being
redirected to eBay or seeing seemingly random sites when going to common
places like Google, Twitter, etc. Turned out to be caused by the combination
of a few things, one of which was the
e.g. ftp://mirrors.nic.funet.fi/ftp.openbsd.org/pub/OpenBSD/
I'll make a bulk check of the mirrors that haven't got 4.5 yet
sometime soon and remind them to update their rsync inclusion
lists. I'll give it a bit longer because some are probably
still trying to fetch the release.
And
rembrandt rembra...@jpberlin.de writes:
:words:
Here's a nickel, kid. Buy yourself a better tinfoil hat.
//art
Mike Belopuhov wrote:
C'mon, ftp.kd86.com was delisted from the ftp.html page on Mon Apr 6.
Can you just stop bashing Wim? It doesn't make anyone happier (except
Theo probably).
+1
Or maybe we should rush searching the whole fscking
internet for the incorrect OpenBSD mirrors?
e.g.
On 2009-05-05, Lars Nooden lars.cura...@gmail.com wrote:
Mike Belopuhov wrote:
Or maybe we should rush searching the whole fscking
internet for the incorrect OpenBSD mirrors?
e.g. ftp://mirrors.nic.funet.fi/ftp.openbsd.org/pub/OpenBSD/
I'll make a bulk check of the mirrors that haven't got
On Mon, May 04, 2009 at 01:38:16PM -0600, Bob Beck wrote:
Look dude, that ftp site made something available before any of the
second level mirrors were even opened up to other sites to retreive
it. Deliberate action was taken to release something early without
mirroring it from a
On Mon, May 04, 2009 at 01:38:16PM -0600, Bob Beck wrote:
Look dude, that ftp site made something available before any of the
second level mirrors were even opened up to other sites to retreive
it. Deliberate action was taken to release something early without
mirroring it from a
2009/5/5 Mischa Diehm m...@mailq.de:
On Mon, May 04, 2009 at 01:38:16PM -0600, Bob Beck wrote:
Look dude, that ftp site made something available before any of the
second level mirrors were even opened up to other sites to retreive
it. Deliberate action was taken to release something
C'mon, ftp.kd86.com was delisted from the ftp.html page on Mon Apr 6.
Can you just stop bashing Wim? It doesn't make anyone happier (except
Theo probably). Or maybe we should rush searching the whole fscking
internet for the incorrect OpenBSD mirrors? Chill out, dudes.
On Thu, Apr 30, 2009 at
Look dude, that ftp site made something available before any of the
second level mirrors were even opened up to other sites to retreive
it. Deliberate action was taken to release something early without mirroring it
from a credible source. Judging by the contents, not all of it was exactly
On Thu, 30 Apr 2009 11:21:50 -0600 Bob Beck b...@openbsd.org wrote:
Users are cautioned about rogue ftp sites claiming to have
OpenBSD.
The best place to get OpenBSD is from an official CD set,
produced in a secured location
It has come to our attention that some ftp
2009/5/1 Bob Beck b...@openbsd.org:
Print
Pro forma invoice
Date: 01.05.2009
For
GANDI SAS
15, place de la Nation
F-75011 Paris
France
RCS Paris B. 423 093 459
SIRET 423 093 459 00034
APE 6311Z - Capital de 7.622EUR
NTVA FR 81 423 093 459
fact...@gandi.net Customer
Bob Beck
On Thu, Apr 30, 2009 at 6:21 PM, Bob Beck b...@openbsd.org wrote:
The best place to get OpenBSD is from an official CD set, produced
in
a secured location
Received my official CD set today, thank you all for your hard work!
Steph
Jean-Francois wrote:
Hi All,
My question is in two parts.
First considering the default install, assuming that one box should be
only used for exapample as a firewall, how good is the security level ?
what kind of rating system are you looking for?
My answer is, better than anything else
access to the results? If that's the case,
wouldn't we be going back to the only two known remote holes since
no one knows about the other stuff?
On your other question - if you hang a root shell off port 80, without
password requirements, what happens? Is that a security issue caused
by openbsd
Hi,
First considering the default install, assuming that one box should be
only used for exapample as a firewall, how good is the security level ?
I mean I know there are only 2 remote holes in 10 years, but my qustion
is do we have any experience about the level of security such as studies
To quote someone a lot smarter than me:
Program testing can be used to show the presence of bugs, but
never to show their absence! -- Edsger Dijkstra, [1972]
That should answer your question.
# Han
Hi
This is clear and I truly agree, now maybe not everyone will be capable
of breaking into the default system openbsd (this was my first question)
and evade from chroot (my second question) therefore the other way
around to ask about that concern would be which probability do you
estimate for
of
security in openbsd.
On your other question - if you hang a root shell off port 80, without
password requirements, what happens? Is that a security issue caused
by openbsd, or by someone ignorant of how to set up security? Now,
Sorry but that is not intended to be done, only the standard
that it was tested against known thtreats. Security is as good as
the admin behind it. The choice of OS is also driven by the admin and
his associated skills.
Thanks for this clarification, agree, however the question is rather 'if
the web server is compromized, is the OS safe due to chroot' ? By OS I
mean
is the security level ?
what kind of rating system are you looking for?
I intend to use the box as a simple firewall so I do not intend to have
possible break into. The simple task is NAT rule
My answer is, better than anything else, but even that would require
massive amounts of qualifications
On Sun, Apr 26, 2009 at 11:08 PM, Jean-Francois jfsimon1...@gmail.com wrote:
This is just to have the taste of how good is the actual achievement of
security in openbsd.
Well, reading from the archives, that should give you a fairly good taste.
Sorry please tell me how to proceed
You need to understand that you're asking questions for which there is
no specific answer.
I think Nick's first response to your question answered it best -
OpenBSD would be better than anything else.
If you were to ask specific, detailed questions about specific attack
vectors, then specific
FRLinux wrote:
On Sun, Apr 26, 2009 at 11:08 PM, Jean-Francois
jfsimon1...@gmail.com wrote:
This is just to have the taste of how good is the actual
achievement of
security in openbsd.
Well, reading from the archives, that should give you a
fairly good taste.
Sorry please tell me
2009/4/14 LeRoy, Ted tle...@lsisolutions.com
Hello folks,
I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
Syslog server up and receiving data. I'd like to have the system be
pretty secure, and I'd like to monitor its security via a simple script
that runs daily
. Each
machine stores its files up in the HOME directory of its associated
user.
Now, as this is a fully automated process, I cannot enter a password, so
I naturaly though about using a passwordless SSH keys. (I suppose the
passwordlessness of the key could arguably be a security issue, and I'd
I'm currently setting up a remote backup solution
based on rdiff-backup. Basically, each computer
to be backed up regularly connects to the centralized
backup server, and sends the modifications. This is
done in a crontab.
Are you also using sshd_config's ForceCommand and a specific custom
On Tue, Apr 14, 2009 at 04:59:28PM +1000, Olivier Mehani wrote:
I'm wondering, however, if there were any security risks introduced by
specifically using the host key instead of one generated specifically
for that purpose and, if so, what they were.
Personally I like using user keys instead
701 - 800 of 1390 matches
Mail list logo
