ld help a lot.
best ruleset i could find right now:
http://entropy.pl/misc/systrace/bin_ksh
... but you probably won't need all this syscalls.
- Lukasz Sztachanski
--
0x01A3E654 // 7832 E59C B733 9E6F CB54 6327 DFC1 161E 01A3 E654
*new keys*
http://entropy.pl
http://entropy.pl/?blog
All my users have chrooted shell/sftp
accounts - no problems so far :)
- Lukasz Sztachanski
[1] http://monkey.org/~dugsong/openbsd/stsh-1.1.tar.gz
--
0x01A3E654 // 7832 E59C B733 9E6F CB54 6327 DFC1 161E 01A3 E654
*new keys*
http://entropy.pl
http://entropy.pl/?blog
in a long time.
> > > not even on sparc64.
> >
> > then you are very lucky, imho.
> >
then you're both doing smth wrong:
mysql Ver 12.22 Distrib 4.0.27, for unknown-openbsd3.8 (i386)
Uptime: 94 days 17 hours 17 min 50 sec
~26 databases( mostly evil
oticeably effective.
Maybe this [1] will give you some hints( it covers DCC setup).
- Lukasz Sztachanski
[1] http://flakshack.com/anti-spam/wiki/index.php
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
http://entropy.pl/?blog
gt; very much!
>
yes, it is, but it's pointless. Name doesn't matter too much, unlike uid.
In case of, i.e. sshd you can use PermitRootLogin directive.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
http://entropy.pl/?blog
D/3.8/packages/`uname -m`/pfstat-1.7.tgz
check out FAQ to avoid such questions.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
> I need to
> be able to log into my server remotely.
>
openssh is in baseXX.tgz.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
; and `fdisk' floppy drive, maybe.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
mely usefull.
>
> Best regards,
>
this can be done with hosts_access(5). Afair, user@ restricting needs
identd on client side( well, that's quite obvious).
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
lem on one of my servers - on
others, those settings are sufficient.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://entropy.pl
for devices which doesn't have any
special driver.
Actually, you can't do much with it - e.g. my digital camera is recognized
as ugen0, and i can use it only with `driver independent' libgphoto(
which uses own protocols and drivers to access digicam trough generic usb
driver).
pache2. That's why I compiled
> from source.
>
> I could try installing mysql from the ports tree and then install PHP5.
> However, compiling from source should work.
>
did you use --enable-cli while compiling php*? Probably, the most
conveniet will be changing from --with-apxs=/usr/sbin/apxs to
--with-apxs2=/path/to/apxs2 in ports/www/php5/core/Makefile.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
the OpenBSD site to verify that this is true.
People always talk about numbers, but the most importat is approach. I
truly belive, that it's imposible to build anything secure on
foundations of MS platform.
Recently i've wrote simple application using random numbers; i was
disappoint
shutdown, (ie. pressing the power off button)?
>
no, if you've got partitions mounted in `rw' mode.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
;
authlog shows: date host sshd[pid]: subsystem request for sftp
after( obviously) succesfull login, and lastcomm(1) gives some info too.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile).
>
i had same error yesterday; today, i've synced -current, and everything
is all right.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7
uilt against new ones.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
vsync.de.openbsd.org,
> cvsync.openbsd.se.
>
as far as i see, main machine( anoncvs1.ca.openbsd.org) has locked up ;)
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
ys ?
> > > >
> > > >
./MAKEDEV ptyX; ttyflags -a
( X stands for a figure).
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
On Sun, Dec 18, 2005 at 08:04:25PM +0100, Hans-Joerg Hoexer wrote:
> On Sun, Dec 18, 2005 at 06:58:22PM +0100, Lukasz Sztachanski wrote:
> > ipsecadm(8) isn't new ;) Probably ipsecctl isn't `mature' enough to
> > handle such setup. Imho, you'll have to use i
ndle such setup. Imho, you'll have to use isakmpd- actually web is
full of tutorials and examples of isakmpd configurtion; plus, it's very
flexible and configurable.
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
> group..)
>
> Just "used" OpenBSD for 10 minutes and destroed it... that makes me sad ;-)
>
boot OpenBSD in single user mode and change root password or search for
changes( maybe /var/backups will help).
P.S. remember to mount root partition in r/w( or even mou
her usefull extensions.
- Lukasz Sztachanski
[1] afair, http://mutt-ng.berlios.de
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
licy for
non-fork()`ing and non-set*id()`ing application is considerably safer
for its usability?
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
up the ruleset
looking through syscalls and changing `eq' to `match'; for example
cleaning up fsread's on libs or font dirs and fs{read,write,rename} on
cache/download dir, and so on...
- Lukasz Sztachanski
--
0x058B7133 // 16AB 4EBC 29DA D92D 8D
ted
NICs; incoming traffic is received from all aggregated NICs, which
requires support from switch, but doesn't break trunk(4)'s usability.
failover can be fully functional without switch support, and `none' just
disables traffic without destroying device.
(un)fortunately, i'
uiressl directive:
SSLrequiressl
ErrorDocument 403 http://domainname.tld/ssl_required.html
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://szati.entropy.pl
match, you can always initiate connection from PocketPC
while listening out traffic using p0f and add this fingerprint to pf.os
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://rudy
atter of
pf`s traffic normalization.
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://rudy.mif.pg.gda.pl/~szati/szati.asc
> is outputting.. 'pfctl: Cannot allocate memory.'
>
google tells me, that this issue is quite well discused; after all you
can try to split this file into smaller chunks.
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
stributing 1k accounts via
ldap); probably i`ll try to import this patch to 3_7 or 3_8.
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://rudy.mif.pg.gda.pl/~szati/szati.asc
On Sat, Aug 13, 2005 at 07:16:59PM +0200, Smonek wrote:
> Hello,everybody!
hi,
> I have one question : When : Interface groups in PF ?
when?:) in -current, actually in -beta, try latest snapshot and search
archives for Henning`s announce for more details.
--
Lukasz Sztac
background, exists( and is it covered by $PATH).
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://rudy.mif.pg.gda.pl/~szati/szati.asc
pf.conf(5)).
--
Lukasz Sztachanski
...proud user of C8H10N4O2 :)
http://szati.blogspot.com
http://rudy.mif.pg.gda.pl/~szati/szati.asc
34 matches
Mail list logo
