Re: Security List
On 02/09/11 02:04, SJP Lists wrote: On 9 February 2011 12:37, woolsherpahatwoolsherpa...@gmail.com wrote: On 6 February 2011 05:23, Alessandro Baggialessandro.ba...@gmail.com wrote: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? I use a script which scrapes http://www.openbsd.org/errata48.html daily and emails me the changes as they occur. Shane That sounds pretty cool... any chance you would be willing to share? Okay, I'm probably not doing this the best way, so as embarrassing as this is, it might hopefully get improved by someone... #!/bin/sh # # OpenBSD_errata48.sh # # Check for any changes to the OpenBSD 4.8 Errata list and email # an alert if so. # Move the lastest successful OpenBSD errata grab so that is becomes # the previous successful grab. mv /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt # Use lynx to just output to stdout the text of the OpenBSD Errata # page, without a URL list. Output the status to an error file so # that sending bogus emails due to server being unavailable does not # occur. # # Then filter out everything but the errata detail lines and output # to a temporary file that will only be used if the web server status # is 200 OK. lynx -dump -nolist -error_file=/home/scripts/OBSD_errata48_err.txt \ http://www.openbsd.org/errata48.html | egrep ^ \* ?| ? \ /home/scripts/OpenBSD_errata48_current.txt # Check the error status file to make sure the file was successfully # retrieved. If successful, procede with comparison between the # current and previous errata, to determine whether an email should # be sent. if egrep 200 OK /home/scripts/OBSD_errata48_err.txt then mv /home/scripts/OpenBSD_errata48_current.txt \ /home/scripts/OpenBSD_errata48_latest.txt if ! diff /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt /dev/null then diff /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt \ | egrep ^\ | sed 's/\ //g' \ | tr -d \n | perl -pe 's/\* /\n\n/g' \ | sed 's/ */ /g' \ | mail -s OpenBSD 4.8 Errata! y...@yourdomain.net fi else rm /home/scripts/OpenBSD_errata48_current.txt fi rm /home/scripts/OBSD_errata48_err.txt Why not reuse existing functionality? Add your lynx command (which downloads file) to a crontab; then add filename to /etc/changelist I've sometimes thought it would be nice to have the 'changelist' code extracted from /etc/security to a separate script so user-defined changes could be emailed to users other than root. Coding this is beyond my capabilities. I think this new script would need three parameters: - /etc/changelist [list of files] - /var/backups [dir for .backup and .current files] - root [user to receive email notifications] For an adventurous coder; perhaps /etc/changelist would allow url's to monitor remote webpages.
Re: Security List
On Wed, Feb 9, 2011 at 8:06 AM, Frank Bax f...@sympatico.ca wrote: Why not reuse existing functionality? B Add your lynx command (which downloads file) to a crontab; then add filename to /etc/changelist I've sometimes thought it would be nice to have the 'changelist' code extracted from /etc/security to a separate script so user-defined changes could be emailed to users other than root. B Coding this is beyond my capabilities. B I think this new script would need three parameters: B B B B - /etc/changelist B B B [list of files] B B B B - /var/backups B B B B B [dir for .backup and .current files] B B B B - root B B B B B B B B B [user to receive email notifications] For an adventurous coder; perhaps /etc/changelist would allow url's to monitor remote webpages. probably because in practice root's mail gets redirected to another user, so the need to have that as a separate script is low
Re: Security List
On 6 February 2011 05:23, Alessandro Baggi alessandro.ba...@gmail.com wrote: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? I use a script which scrapes http://www.openbsd.org/errata48.html daily and emails me the changes as they occur. Shane That sounds pretty cool... any chance you would be willing to share?
Re: Security List
On 9 February 2011 12:37, woolsherpahat woolsherpa...@gmail.com wrote: On 6 February 2011 05:23, Alessandro Baggi alessandro.ba...@gmail.com wrote: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? I use a script which scrapes http://www.openbsd.org/errata48.html daily and emails me the changes as they occur. Shane That sounds pretty cool... any chance you would be willing to share? Okay, I'm probably not doing this the best way, so as embarrassing as this is, it might hopefully get improved by someone... #!/bin/sh # # OpenBSD_errata48.sh # # Check for any changes to the OpenBSD 4.8 Errata list and email # an alert if so. # Move the lastest successful OpenBSD errata grab so that is becomes # the previous successful grab. mv /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt # Use lynx to just output to stdout the text of the OpenBSD Errata # page, without a URL list. Output the status to an error file so # that sending bogus emails due to server being unavailable does not # occur. # # Then filter out everything but the errata detail lines and output # to a temporary file that will only be used if the web server status # is 200 OK. lynx -dump -nolist -error_file=/home/scripts/OBSD_errata48_err.txt \ http://www.openbsd.org/errata48.html | egrep ^ \* ?| ? \ /home/scripts/OpenBSD_errata48_current.txt # Check the error status file to make sure the file was successfully # retrieved. If successful, procede with comparison between the # current and previous errata, to determine whether an email should # be sent. if egrep 200 OK /home/scripts/OBSD_errata48_err.txt then mv /home/scripts/OpenBSD_errata48_current.txt \ /home/scripts/OpenBSD_errata48_latest.txt if ! diff /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt /dev/null then diff /home/scripts/OpenBSD_errata48_latest.txt \ /home/scripts/OpenBSD_errata48_previous.txt \ | egrep ^\ | sed 's/\ //g' \ | tr -d \n | perl -pe 's/\* /\n\n/g' \ | sed 's/ */ /g' \ | mail -s OpenBSD 4.8 Errata! y...@yourdomain.net fi else rm /home/scripts/OpenBSD_errata48_current.txt fi rm /home/scripts/OBSD_errata48_err.txt
Re: Security List
On 6 February 2011 05:23, Alessandro Baggi alessandro.ba...@gmail.com wrote: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? I use a script which scrapes http://www.openbsd.org/errata48.html daily and emails me the changes as they occur. Shane
Re: Security List
only openbsd src X. we suck in actually using it. security errata are so rare that there isn't really an established procedure, so don't rely on it too much. I am sure this has been suggested before, but why hasn't the security list been removed from list of mailing lists at http://www.openbsd.org/mail.html? It seems a little disingenuous to me to present announce-security like it is a good source of current security issues when it is in fact not. Speaking of, what is a good place to track any security related issues in Release of Stable? I have been using http://www.openbsd.org/errata.html. --Kevin
Re: Security List
On Mon, Feb 7, 2011 at 12:51 PM, woolsherpahat woolsherpa...@gmail.com wrote: only openbsd src X. we suck in actually using it. security errata are so rare that there isn't really an established procedure, so don't rely on it too much. I am sure this has been suggested before, but why hasn't the security list been removed from list of mailing lists at http://www.openbsd.org/mail.html? It seems a little disingenuous to me to present announce-security like it is a good source of current security issues when it is in fact not. Not only am I sure it has been suggested before, but I'm sure it was more than thoroughly discussed before.
Re: Security List
The last time someone brought up that there could be a bug in that the system did not work in the manner in which it was documented on the website, I believe something mature and well-thought-out like, Oh, yeah, shut up. was the response. On Mon, Feb 7, 2011 at 11:51 AM, woolsherpahat woolsherpa...@gmail.comwrote: only openbsd src X. we suck in actually using it. security errata are so rare that there isn't really an established procedure, so don't rely on it too much. I am sure this has been suggested before, but why hasn't the security list been removed from list of mailing lists at http://www.openbsd.org/mail.html? It seems a little disingenuous to me to present announce-security like it is a good source of current security issues when it is in fact not. Speaking of, what is a good place to track any security related issues in Release of Stable? I have been using http://www.openbsd.org/errata.html. --Kevin
Re: Security List
El 2011-02-07 21.41, patric conant escribis: The last time someone brought up that there could be a bug in that the system did not work in the manner in which it was documented on the website, I believe something mature and well-thought-out like, Oh, yeah, shut up. was the response. You're always complaining. Nice. -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain.
Re: Security List
I haven't been around here long enough, but having a list, even if it isn't currently used a lot isn't a bad thing. The fact that there isn't a lot of security holes in OpenBSD is a testament to how good a job the devs are doing. unfortunately, there are louts on every mailing list (even here). It is unfortunate but it is also a fact of life. The impression I am getting is that we should all do a little of the legwork ourselves BEFORE we bug the mailing lists about it. if it is beyond the level of skill that the person reporting the problem, then by all means, a little help is certainly welcome. its like me, I am getting some help trying to resolve an orca build problem on the PPC branch but it appears that it may be a hardware related issue. not much I can do about that right now. I do have a working VINUX installation on that powerbook G3 and have developed a work around for the dubs bug that makes the machine unresponsive after a random amount of time. I wish I could say the same thing for OpenBSD, but I am not yet familiar enough with its internal working to be more than a hobbyist user at best. btw, the person who was offering me as much help as he did was Super Bisquit. He also has an identical machine and encountered the exact same issues. the machine: a powerbook G3 (750 based CPU). He was going to help me with a freeBSD installation, but that is a far more advanced installation than I am willing to work on right now. For his help, I wish to express my great appreciation for his working with me. I need to dig up a spare HDD so I can keep my current install intact. oh yeah. the issues on installing or compiling for ports both involved random halts of the ATA bus or the random stopping of bm0 (the ethernet interface). the only recovery possible from either state involved a hard reboot and a pram reset. :( Nice OS, but I think the powerbook is just old enough to have some issues. -Eric On Feb 7, 2011, at 1:41 PM, patric conant wrote: The last time someone brought up that there could be a bug in that the system did not work in the manner in which it was documented on the website, I believe something mature and well-thought-out like, Oh, yeah, shut up. was the response. On Mon, Feb 7, 2011 at 11:51 AM, woolsherpahat woolsherpa...@gmail.comwrote: only openbsd src X. we suck in actually using it. security errata are so rare that there isn't really an established procedure, so don't rely on it too much. I am sure this has been suggested before, but why hasn't the security list been removed from list of mailing lists at http://www.openbsd.org/mail.html? It seems a little disingenuous to me to present announce-security like it is a good source of current security issues when it is in fact not. Speaking of, what is a good place to track any security related issues in Release of Stable? I have been using http://www.openbsd.org/errata.html. --Kevin
Re: Security List
2011/2/6 David Walker davidianwal...@gmail.com: ports-security Security announcements for ports and packages. This low volume list receives OpenBSD security advisories concerning the ports tree and packages with more information about the vulnerabilities and patches. henningbullshit/henning
Re: Security List
* Alessandro Baggi alessandro.ba...@gmail.com [2011-02-05 21:44]: Il 05/02/2011 20:35, Henning Brauer ha scritto: * Alessandro Baggialessandro.ba...@gmail.com [2011-02-05 20:33]: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? since 09/01/2001, yeah, a couple. in 2011, no. Ah ok. But the security list concernes the bugs only for OpenBSD Set, or also for ports? only openbsd src X. we suck in actually using it. security errata are so rare that there isn't really an established procedure, so don't rely on it too much. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: Security List
* Alessandro Baggi alessandro.ba...@gmail.com [2011-02-05 20:33]: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? since 09/01/2001, yeah, a couple. in 2011, no. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: Security List
Il 05/02/2011 20:35, Henning Brauer ha scritto: * Alessandro Baggialessandro.ba...@gmail.com [2011-02-05 20:33]: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? since 09/01/2001, yeah, a couple. in 2011, no. Ah ok. But the security list concernes the bugs only for OpenBSD Set, or also for ports? Thanks in advance
Re: Security List
Howdy. Alessandro Baggi wrote: Hi List, i had registered me to the security list: security-annou...@openbsd.org since 9 Genuary 2011, but any email come on my account. Some that had security list subscribtion, can tell me if since 09/01/2001 at today there are mails? From http://www.openbsd.org/mail.html ... Your membership to the OpenBSD mailing lists can also be managed via a web interface at: http://lists.openbsd.org/ ... log in and read the archives or ... Mailing List Archives: These mailing list archives are not managed by the OpenBSD project. Take the time to look at more than one -- each is a little different, and has different search abilities. If you don't find an answer in one, check another. snipped List of Archives /snipped http://www.openbsd.org/mail.html Alessandro Baggi wrote: Ah ok. But the security list concernes the bugs only for OpenBSD Set, or also for ports? security-announce Security announcements. This low volume list receives OpenBSD security advisories and pointers to security patches as they become available. ports-security Security announcements for ports and packages. This low volume list receives OpenBSD security advisories concerning the ports tree and packages with more information about the vulnerabilities and patches. http://www.openbsd.org/mail.html Best wishes.