Re: Password Security
So, does it mean that Windows 2003 Server provides more Password Level Security with Unauthorized Access? And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? On 11/22/06, Jerry McAllister [EMAIL PROTECTED] wrote: On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. jerry Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: To which port GPG belongs?
On 11/22/06, Svein Halvor Halvorsen [EMAIL PROTECTED] wrote: VeeJay wrote: I have this Help Instructions from a Step-by-Step for Apache installation On a side note, you would probably want to install Apache via ports. Svein Halvor If I will install from the Port, how can I configure to add module or disable modules? Like if I want to enable following modules, how can I do them VIA Ports? I Just copy the part of text from this Step-by-Step guide I am using - Compiling and installing the software In this step we will configure, compile, and install the Apache web server as follows: ./configure \ --prefix=/usr/local/apache2 \ --with-mpm=prefork \ --disable-charset-lite \ --disable-include \ --disable-env \ --disable-setenvif \ --disable-status \ --disable-autoindex \ --disable-asis \ --disable-cgi \ --disable-negotiation \ --disable-imap \ --disable-actions \ --disable-userdir \ --disable-alias \ --disable-so make su umask 022 make install chown -R root:sys /usr/local/apache2 - If we can configure in Port, so where it could be done and how? and if its in a file, where it would be placed? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: check_disk_smb: another nagios problem
I tried that: define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb -H $HOSTADDRESS$ -s public -w 85% -c 95% } But I still have a CRITICAL error in nagios (Access Denied) On the samba server I have this in log.smbd: [2006/11/23 11:34:26, 0] auth/auth_domain.c:domain_client_validate(242) domain_client_validate: unable to validate password for user -H in domain MIAGE to Domain controller CASTOR. Error was NT_STATUS_NO_SUCH_USER. On Wednesday 22 November 2006 20:37, Jeremy Johnston wrote: I had problems with this at first then I added -w 85% -c 95% to the command_line and it works great now. Thierry Lacoste wrote: There is something weird about check_disk_smb from nagios-plugins-1.4.3,1 on FreeBSD 6.1-RELEASE-p10. From the command line (pwd is /usr/local/libexec/nagios) the switches work as expected: # ./check_disk_smb -H 194.214.13.140 -s public -u guest -p Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public One has the same result without the switches: ./check_disk_smb 194.214.13.140 public guest Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public But the second form is the only way I can make it work within nagios define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb $HOSTADDRESS$ public guest } If I introduce the switches (e.g like below) I have all sorts of errors (invalid warning threshold, Access denied, etc ...) depending on the order of the arguments. define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb -H $HOSTADDRESS$ -s public -u guest -p } Is anybody else seeing this? Have I done something wrong? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.x hangs on AMD64 again
Kris Kennaway wrote: On Sat, Nov 11, 2006 at 11:15:54AM -0800, Chris wrote: If your system is hanging then you need to configure additional debugging to figure out the cause. Read the chapter on kernel debugging the developers handbook; without this information no developer can help you. Kris P.S. In my testing SMP amd64 is quite stable even under exceptionally heavy loads, so it's either something related to your hardware or your particular workload. Hadn't considered that a user level debugging solution. I'll give it a try. ... That is indeed almost always failing hardware. Hello. I think I'm having the same problems. I'm running 6.1(latest patch set)/amd64 on a dual-core Opteron Acer server with SCSI disks and it is hanging completely and suddenly. Checking the hardware was the first thing I did, but it really seems ok (unless it's the second core on the processor). I checked, among the others: the HDs with the vendor's tools, RAM with MemTest86+ and the CPU with different stress tools. If anyone can suggest other diagnostics I'd be happy to comply. I compiled the kernel with debug info, but that's totally useless, since it won't dump anything, just hang there; I don't think even DDB would help, since even the keyboard is not working at that time. If I'm missing something, I'd be glad to be directed to any pointer. The box features an em NIC on board, but since it shows a lot of problems, I removed that driver from the kernel (it's not possible to turn it off in the BIOS, though) and put in a different add-on card. I had some shared IRQs, but managed to solve that issue (even if I think it should not matter). Next, I'll try to disable SMP as soon as I can and see if it helps. Of course upgrading to 6.2 should be attempted, but since this is a production server and 6.2 is still at RC1... bye Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Is GNATS down?
I submitted a PR a few days ago and haven't heard anything related to the matter ever since. I was supposed to get a confirmation email once the PR had been filed. P.S. Please CC me, I'm not subscribed to this list. -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrade Question
Graham Bentley wrote: You've confused STABLE with RELEASE. 6.2 has not reached RELEASE. 6-STABLE is the latest these changes worked fine in CURRENT (right now, aka 7) and have been MFCed (merged from current) so that more people can try them out, which right now corresponds to the version of FreeBSDthat is just about to be released which also happens to be called6.2-RC1 (release candidate 1)). When 6.2 is ready to go, a new RELEASE branch is created (6.2-RELEASE) which only gets security fixes. So, if I want the 'latest version' that 'isnt a work in progress' (or at least tested to the point where it is know to be working correctly in the majority of scenarios) always use the RELEASE branches ? Correct. There are situations where you would *consider* -STABLE even in a production box, but they are rare. Some examples: 1) You have some brand new hardware which is only supported on -STABLE. I do my best to avoid this by rarely if ever following the bleeding edge of hardware development, but that's not always possible. 2) Some serious bug, which wasn't caught before, crops up with a piece of hardware, and the fix is only in -STABLE. Obviously, the nearer that -STABLE is to the next release version, the smaller the risk that you are taking. For example, I would have far fewer qualms about running 6.2-RC1 (or even any of its -BETA predecessors), than I would about switching to -STABLE mid-way between release cycles. At the point of a release cycle starting, -STABLE will have had as much testing as it's ever going to (except for the release cycle itself). If I did have to run -STABLE on some production machine, then I would be *very* conservative about how I upgraded it. I would only try upgrading to a newer -STABLE if there was an actual problem which I believed would be fixed; and I would fix all security issues using patches, as far as possible, not by cvsup-ing. And the second the next -RELEASE came along, I'd be on to it. Of course, if you have the time and less-critical machines then running -STABLE is a good thing as you would be contributing to the debugging effort. But you will have to be prepared to deal with things breaking now and again, so a familiarity with how to upgrade and downgrade (as well as the time) are very helpful. hth, --Alex PS I'm a very conservative upgrader; I still have 5.4 on all my production boxes and am just waiting for 6.2. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is GNATS down?
Vlad Galu [EMAIL PROTECTED] wrote: I submitted a PR a few days ago and haven't heard anything related to the matter ever since. I was supposed to get a confirmation email once the PR had been filed. I'm also still waiting for the confirmation mail of a PR (update for www/privoxy) I filed three days ago trough the website. For the first time I used the patch upload thingy and I read about some encoding problems a while ago, but I got the Thank You screen so I assume it should at least appear partly broken? Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
FreeBSD 6.1 RELEASE ia64
After downloading and burning FreeBSD 6.1 RELEASE ia64 CD-s from your ftp, I've try to install it and sysinstall don't boot. Please help me to solve this problem. Thanks Mac OS X 10.4.6 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay [EMAIL PROTECTED] wrote: On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, 23 Nov 2006 09:56:23 +0100 VeeJay [EMAIL PROTECTED] wrote: So, does it mean that Windows 2003 Server provides more Password Level Security with Unauthorized Access? Where is this presumption coming from? Windows OS suffer from the same difficulty protecting from physical intrusion that any other OS does. And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? On 11/22/06, Jerry McAllister [EMAIL PROTECTED] wrote: On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Getting Qmail Ezmlm To Work
757575Hi; I installed qmail from source because of problems with the port. I installed vpopmail from port okay. I installed ezmlm-idx from port; however, it doesn't appear to communicate with one or both of the other two programs. I can issue commands from the command prompt to create a list, add members, etc...all that works fine. But if I try to subscribe by email, nothing happens. That's why I think there's a communication problem between programs. Perhaps what I need to do is compile ezmlm from port and specify the location/installation for qmail and/or vpopmail? Please advise. Also, if you would be so kind (since I had major problems with this with the openldap port), if you can please provide the command to build ezmlm-idx. TIA, Rachel Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help... Installing from Port
Hi If I will install Apache2 from the Port, how can I configure to add module or disable modules? Like if I want to enable following modules, how can I do them VIA Ports? Please find below the text from this Step-by-Step guide I am using. But that procedure is for manually downloading the archive, checking signatures and then configuring But how can I use Port system to get the same results? - Compiling and installing the software In this step we will configure, compile, and install the Apache web server as follows: ./configure \ --prefix=/usr/local/apache2 \ --with-mpm=prefork \ --disable-charset-lite \ --disable-include \ --disable-env \ --disable-setenvif \ --disable-status \ --disable-autoindex \ --disable-asis \ --disable-cgi \ --disable-negotiation \ --disable-imap \ --disable-actions \ --disable-userdir \ --disable-alias \ --disable-so make su umask 022 make install chown -R root:sys /usr/local/apache2 - If we can configure in Port, so where it could be done and how? and if its in a file, where it would be placed? -- -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rescuing mangled RAID5 array
Hello again, On 14 Nov 2006, at 18:30, Greg Eden wrote: I'm trying to recover data from a broken RAID5 array (drive removed whilst array was rebuilding!). [snip] I'm trying dd if=/dev/da1s1d of=/raid2/rescueimage I'm trying not to equate lack of response to lack of chance of receovery! However... After 4 days dd eventually successfully created a 1.5TB image file of the trashed partition, so i can work on it without causing further damage. I successfully attached it with mdconfig. Running fsck_ufs on the resultant /dev/md0 causes fsck_ufs to eventually crash out with: UNKNOWN FILE TYPE I=42151497 UNEXPECTED SOFT UPDATE INCONSISTENCY CLEAR? yes fsck_ufs: bad inode number 42158080 to nextinode during Phase 1. Is there anyway to get around this so fsck can continue? Thanks in advance. Greg. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
VeeJay wrote: On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? Not much. Default FreeBSD install has two more places where one can influence booting with console access - boot blocks and loader. To disable the access to OK prompt of boot blocks create file /boot.config with '-n'. To disable access to loader put autoboot_delay=-1 and beastie_disable=YES into /boot/loader.conf. You can also instead put password=... into it and the loader will then require password to allow access to it. Michal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
syslog not forwarding ftp.info to loghost
hello i have a configuration with a few jails. all jail's syslog is logging into the host system's syslog via 127.0.0.2:514/udp. however the FTP's syslog is not sending the ftp.info messages to theo host system, but all the other messags(auth/authpriv) are sent correctly. this is the jail's syslog.conf: --- chop here --- # $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.* @127.0.0.2 *.err;kern.warning;auth.notice;mail.crit/dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work ftp.info @127.0.0.2 # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log --- chop here --- i have played with putting the *.* @ elsewhere, but it didn't help, also tried to specifically forward ftp.info to loghost, that neither helped, even tried to remove xferlog from here, because of the duplicate ftp.info speficiation, nor that helped. what am i doing wrong here? how could i make this work? i'd like to also have the xferlog in my host system. i'm using 6.1-RELEASE-p10 Bye, Gergely Czuczy mailto: [EMAIL PROTECTED] -- Weenies test. Geniuses solve problems that arise. pgpIWRtjVJs38.pgp Description: PGP signature
Re: Password Security
On Thu, Nov 23, 2006 at 09:56:23AM +0100, VeeJay wrote: So, does it mean that Windows 2003 Server provides more Password Level Security with Unauthorized Access? And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? You just go to fixit mode - where you are running from the CD and not the installed OS and then rewrite any file that limits your access and then reboot again. jerry On 11/22/06, Jerry McAllister [EMAIL PROTECTED] wrote: On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. jerry Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, Nov 23, 2006 at 10:45:19AM +0100, VeeJay wrote: On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. As I said, you can beat that by removing the system battery or flash memory. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? The only real security is to totally prevent access. If that machine is in a place where you do not trust those who can touch it, then it is insecure. jerry -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sources version file?
ive searched the archives over the past 2 weeks or so unsuccessfully for this tidbit, which i have seen mentioned here before. so, i re-ask: what is the path/filename of the sources file that says what version of the cvs sources have been downloaded? thanks, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sources version file?
On 2006-11-23 09:46, Jonathan Horne [EMAIL PROTECTED] wrote: ive searched the archives over the past 2 weeks or so unsuccessfully for this tidbit, which i have seen mentioned here before. so, i re-ask: what is the path/filename of the sources file that says what version of the cvs sources have been downloaded? In CVS each file has its owwn revision number. Thus, there is no tree-wide version number. In general, you can refer to the date of the last commit you have updated to. This is not so easy or useful for mixed version trees, where you have all the commits up to, for instance, date A but have manually applied the patch B to the tree (from another date, B). Why do you want to find out this tree-wise revision? Perhaps there is some other way to obtain the information you are after... - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
You might consider a safe with A/C from Black Box. Expensive, but an option for you. On Tuesday 21 November 2006 19:41, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Java JRE (latest) | Mozilla 2
Hey group. I'm using the latest Firefox2 (non-linux) and have the latest diablo-jre15 port installed. I'm finding that the plugin for firefox causes firefox to freeze consistently. For example, when accessing myspace, as soon as I click on Myspace's mail link firefox will freeze immediately everytime. When I turn javascript off in firefox then all works fine (except to send mail in myspace you have to have javascript enabled). I tried the FreeBSDfoundations JRE package but it said it required a past version javawrapper. Is there a more stable version of JRE in ports thats more stable? Michael - Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sources version file?
On Thu, November 23, 2006 16:46, Jonathan Horne wrote: ive searched the archives over the past 2 weeks or so unsuccessfully for this tidbit, which i have seen mentioned here before. so, i re-ask: what is the path/filename of the sources file that says what version of the cvs sources have been downloaded? # egrep REVISION|BRANCH /usr/src/sys/conf/newvers.sh REVISION=5.4 BRANCH=RELEASE-p22 RELEASE=${REVISION}-${BRANCH} Cheers Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sources version file?
Giorgos Keramidas wrote: On 2006-11-23 09:46, Jonathan Horne [EMAIL PROTECTED] wrote: ive searched the archives over the past 2 weeks or so unsuccessfully for this tidbit, which i have seen mentioned here before. so, i re-ask: what is the path/filename of the sources file that says what version of the cvs sources have been downloaded? Do you mean After I have cvsup'ed /usr/src, how can I tell what version of FreeBSD is there? If so, the answer is I don't know, but I'm sure someone will, but that question makes sense, whereas your current one doesn't really, as Giorgos has explained. hth, --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Java JRE (latest) | Mozilla 2
probsd org wrote: Hey group. I'm using the latest Firefox2 (non-linux) and have the latest diablo-jre15 port installed. I'm finding that the plugin for firefox causes firefox to freeze consistently. For example, when accessing myspace, as soon as I click on Myspace's mail link firefox will freeze immediately everytime. When I turn javascript off in firefox then all works fine (except to send mail in myspace you have to have javascript enabled). I tried the FreeBSDfoundations JRE package but it said it required a past version javawrapper. java and javascript are completely unrelated(*) so updating Java is unlikely to fix a problem if it's source is, as you think, javascript. --Alex (*) It is quite possible for java and javascript to interact, and this has been an area of great inconsistency and numerous timing bugs in many, many browsers over the years, but nothing you've said points to java being used at all. Firefox2 lets you disable java (as opposed to javascript) so you could try that and see if that helps, but it seems like a shot in the dark with too little info to me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sources version file?
On Thursday 23 November 2006 10:38, Gelsema, P (Patrick) - FreeBSD wrote: /usr/src/sys/conf/newvers.sh ah yes, thats the one i was looking for!! thanks! cheers, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: processes not getting fair share of available disk I/O (was: Re: TCP parameters and interpreting tcpdump output )
hw.ata.wc=3D3D0 ^^^ Make my hard drive go rally slow please (just in case I crash) :) =20 Slower, yes, but not *that* slow. =20 Normal ls : 0.032 second. Two processes using same disk, multiply by two, so 0.064 second. Maybe the multiplier is more than 2, call it 10x, so 0.32 second. But I'm seeing a factor of over 9100x. Humour me and turn it back on, then see what happens. Where is the knob to turn the write cache on/off on a per-drive basis in FreeBSD? I can do this in NetBSD, but the only knob I can find in FreeBSD affects all drives, and requires a reboot. Humour me and read the Subject line. The ls does not get its fair share of disk I/O. Both times are with the disk's write cache in write-through mode. I'm not comparing times with the write cache in different modes. I'm comparing ls by itself against ls competing with cp. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RAID
On 11/22/06, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Thanks, could you introduce a cost effective SATA model for me one? Jeff Hinrichs - DMT wrote: On 11/22/06, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Does FreeBSD support newer SATA RAID Controller? What software to make RAID 1? or someone know which SATA RAID Controller can support hardware mirror? -- *Rithy Ray, RCSA* Chief Executive Officer Web: www.rithy4u.net http://www.rithy4u.net Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Phone: (855) 12 403 001 -- This message has been scanned for viruses and dangerous content by rithy4uSpamAppliance, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Newer RAID controllers -- Yes, see the h/w compat listing on the freebsd site Software RAID 1 - easy, gmirror. see http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html for more Pretty much any controller that supports FreeBSD supports mirroring. -- *Rithy Ray, RCSA* Chief Executive Officer Web: www.rithy4u.net http://www.rithy4u.net Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Phone: (855) 12 403 001 -- This message has been scanned for viruses and dangerous content by rithy4uSpamAppliance, and is believed to be clean. That really depends on the application and your server hardware. I've used Highpoint cards with success. Others are quite pleased with 3ware products and there are others. I would suggest you research some possibilities and then query the group for feedback on the particular models you are condidering. -- Jeff Hinrichs Dundee Media Technology, Inc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: processes not getting fair share of available disk I/O (was: Re: TCP parameters and interpreting tcpdump output )
Here's another oddity: With one process reading from ad4, crunching data, writing to ad2: 4 usersLoad 0.31 0.47 0.67 Nov 23 10:05 Mem:KBREALVIRTUAL VN PAGER SWAP PAGER Tot Share TotShareFree in out in out Act 52356336482872 6952 104604 count All 20103244120 1344905k 8148 pages1 8450 zfod Interrupts Proc:r p d s wCsw Trp Sys Int Sof Flt 21 cow1251 total 1 1 40 706 8736 472 1528 34 8489 188356 wire 1000 0: clk 53816 act 1: atkb 5.9%Sys 0.0%Intr 0.0%User 92.0%Nice 2.0%Idl 1669272 inact41 3: sio1 |||||||||| 100624 cache 4: sio0 ===- 3980 free7: ppc0 daefr stray 7 Namei Name-cacheDir-cache 29 prcfr 128 8: rtc Calls hits% hits% 2 react19 10: ohc 153 151 99 pdwak 3 11: fwo 2602 pdpgs 14: ata Disks ad2 ad4 ad6 ad8 ad10 cd0 pass0 intrn60 15: ata KB/t128 63.27 0.00 16.62 0.00 0.00 0.00218624 buf tps 3019 0 3 0 0 011 dirtybuf MB/s 3.77 1.15 0.00 0.05 0.00 0.00 0.0010 desiredvnodes % busy 49 3 0 2 0 0 0 995 numvnodes 621 freevnodes Same as above, but add a cp from ad10 to ad6: 4 usersLoad 0.63 0.53 0.68 Nov 23 10:05 Mem:KBREALVIRTUAL VN PAGER SWAP PAGER Tot Share TotShareFree in out in out Act 52108336482624 6952 106240 count All 20102684120 1345038k 8148 pages 3783 zfod Interrupts Proc:r p d s wCsw Trp Sys Int Sof Fltcow1412 total 1 1 1 40 1432 3981 412 1896 102 3783 193108 wire 1000 0: clk 53580 act 1: atkb 6.6%Sys 0.8%Intr 0.0%User 40.0%Nice 52.7%Idl 1663056 inact40 3: sio1 |||||||||| 102268 cache 4: sio0 ===+ 3972 free7: ppc0 daefr stray 7 Namei Name-cacheDir-cache prcfr 128 8: rtc Calls hits% hits% 3 react 112 10: ohc pdwak 105 11: fwo 5229 pdpgs 14: ata Disks ad2 ad4 ad6 ad8 ad10 cd0 pass0 intrn27 15: ata KB/t126 60.34 128 0.00 128 0.00 0.00217024 buf tps 14 753 053 0 013 dirtybuf MB/s 1.70 0.41 6.57 0.00 6.57 0.00 0.0010 desiredvnodes % busy 22 2 100 0 6 0 0 995 numvnodes 621 freevnodes Suspend the data crunching process, and just the cp gives this: 4 usersLoad 0.52 0.51 0.67 Nov 23 10:05 Mem:KBREALVIRTUAL VN PAGER SWAP PAGER Tot Share TotShareFree in out in out Act 52172336482688 6952 102596 count All 20108844120 1345232k 8148 pages zfod Interrupts Proc:r p d s wCsw Trp Sys Int Sof Fltcow1347 total 1 1 41 1273 239 1712 93 223736 wire 1000 0: clk 53644 act 1: atkb 3.0%Sys 0.6%Intr 0.0%User 0.0%Nice 96.4%Idl 1635616 inact 7 3: sio1 |||||||||| 99632 cache 4: sio0 =+ 2964 free7: ppc0 daefr stray 7 Namei Name-cacheDir-cache prcfr 128 8: rtc Calls hits% hits% react 105 10: ohc pdwak 106 11: fwo 5241 pdpgs 14: ata Disks ad2 ad4 ad6 ad8 ad10 cd0 pass0 intrn 1 15: ata KB/t 54.40 0.00 128 0.00 128 0.00 0.00209184 buf tps 1 053 053 0 0 5
Re: Help... Installing from Port
VeeJay wrote: Hi If I will install Apache2 from the Port, how can I configure to add module or disable modules? Like if I want to enable following modules, how can I do them VIA Ports? Please find below the text from this Step-by-Step guide I am using. But that procedure is for manually downloading the archive, checking signatures and then configuring But how can I use Port system to get the same results? snip make install chown -R root:sys /usr/local/apache2 - If we can configure in Port, so where it could be done and how? and if its in a file, where it would be placed? go to the apache2 dir in your portstree ( generally /usr/ports/www/apache2/ ) run 'make config' to set options, if the specific options aren't there: copy the Makefile to Makefile.orig and add the '--enable-OPTION' and '--disable-OPTION' with the other compile options. Not sure though: but aren't a lot of those options also settable in the apache config file ? it might be a better idea to check that out first, so if you ever change your mind about a setting you don't have to recompile your intire apache2 port. -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RAID
On 11/22/06, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Thanks, could you introduce a cost effective SATA model for me one? Jeff Hinrichs - DMT wrote: On 11/22/06, Office of CEO- rithy4u.NET [EMAIL PROTECTED] wrote: Does FreeBSD support newer SATA RAID Controller? What software to make RAID 1? or someone know which SATA RAID Controller can support hardware mirror? -- *Rithy Ray, RCSA* Chief Executive Officer Web: www.rithy4u.net http://www.rithy4u.net Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Phone: (855) 12 403 001 -- This message has been scanned for viruses and dangerous content by rithy4uSpamAppliance, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Newer RAID controllers -- Yes, see the h/w compat listing on the freebsd site Software RAID 1 - easy, gmirror. see http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html for more Pretty much any controller that supports FreeBSD supports mirroring. -- *Rithy Ray, RCSA* Chief Executive Officer Web: www.rithy4u.net http://www.rithy4u.net Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Phone: (855) 12 403 001 -- This message has been scanned for viruses and dangerous content by rithy4uSpamAppliance, and is believed to be clean. That really depends on the application and your server hardware. I've used Highpoint cards with success. Others are quite pleased with 3ware products and there are others. I would suggest you research some possibilities and then query the group for feedback on the particular models you are condidering. -- Jeff Hinrichs Dundee Media Technology, Inc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I am currently running the Highpoint RocketRaid 454 (ATA RAID, they offer SATA as well). I am very happy with it and Highpoint. The only caveat is that it takes a little bit of time to support new releases, but not a long wait. Antonio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW NFS
Well I tried something similar to your ipfw add xxx allow udp from ${client} to ${server} ${nfsports} keep-state ipfw add 300 allow udp from 10.0.0.2 to 10.0.0.1 2049,111,1022 setup keep-state (it differs from your line for the setup option). It ddidn't worked at all. Afterwards, following Cuck's advise, I had a go at modifying the ipfw firewall in the nfs client 10.0.0.2 (no firewall for the time being on the nfs server 10.0.0.1) and added towards the end of the list, immediatedly before the very laste line denying everything else 5 allow ip from 10.0.0.1 to 10.0.0.2 51000 allow ip from 10.0.0.2 to 10.0.0.1 65535 deny ip from any to any It seemed to works partially! I mean that I could mount_nfs the share in the client, surfing the directories, reading and writing files in the share, BUT ... out of the blue, after some minutes the client freezed and I had to reboot :-( brutally turning off and on the box. Help please Vittorio Alle 05:25, giovedì 23 novembre 2006, Ian Smith ha scritto: vittorio [EMAIL PROTECTED] wrote: I have two FreeBSD 6.1 boxes one of which (IP 10.0.0.1) is an NFS server and the other one (IP 10.0.0.2) is, among other things, an NFS client sharing directories with the NFS server. It all works correctly and I can mount_nfs all the directories from the server. BUT, I'm now trying to use an IPFW firewall both on the server and on the client. My simple aim is to setup connections between the 10.0.0.1 server and the 10.0.0.2 client ** only **; no connections should be possible with other clients! Now I've tried the poor documentation I could find googling with the keywords freebsd ipfw nfs to no avail, I cannot mount_nfs any share on te client because something goes wrong with RPC. Concentrating on the client side (no ipfw for the moment on teh server) I tried the following ipfw add 300 allow ip from 10.0.0.1 2049,111,1022 to 10.0.0.2 via fxp0 setup keep-state OR ipfw add 300 allow ip from 10.0.0.1 to 10.0.0.2 2049,111,1022 via fxp0 setup keep-state OR ipfw add 300 allow ip from 10.0.0.1 2049,111,1022 to me via fxp0 setup keep-state OR ipfw add 300 allow ip from 10.0.0.1 to me 2049,111,1022 via fxp0 setup keep-state If I disable the firewall it all goes smootly. Firstly, what Chuck and Bill said .. but some further points .. Secondly, you don't specify port numbers with 'allow ip', which covers tcp, udp and raw ip packets also; you want 'allow udp' here, unless of course you're using NFS over TCP as well, where you'd need 'allow tcp'. Note also that 'setup' only applies to TCP connections. Thirdly, if you do want to use stateful rules on the client, you'll do better doing them on your _outbound_ connections, something like: ipfw add xxx allow udp from ${client} to ${server} ${nfsports} keep-state If it were me I'd concentrate on the server side firewall rules (and /etc/exports allowed hosts) both for allowing desired and disallowing undesired connections, so not having to worry much about what client/s may or may not be doing. 'man ipfw' is actually pretty good documentation, though there is a fair bit to absorb there. I still read it before bedtime now and again :) Ciao, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: processes not getting fair share of available disk I/O (was: Re: TCP parameters and interpreting tcpdump output )
On Thu, Nov 23, 2006 at 09:35:08AM +, Dieter wrote: hw.ata.wc=3D3D0 ^^^ Make my hard drive go rally slow please (just in case I crash) :) =20 Slower, yes, but not *that* slow. =20 Normal ls : 0.032 second. Two processes using same disk, multiply by two, so 0.064 second. Maybe the multiplier is more than 2, call it 10x, so 0.32 second. But I'm seeing a factor of over 9100x. Humour me and turn it back on, then see what happens. Where is the knob to turn the write cache on/off on a per-drive basis in FreeBSD? I can do this in NetBSD, but the only knob I can find in FreeBSD affects all drives, and requires a reboot. Yes, I think you need to do it globally at boot time. Humour me and read the Subject line. The ls does not get its fair share of disk I/O. Both times are with the disk's write cache in write-through mode. I'm not comparing times with the write cache in different modes. I'm comparing ls by itself against ls competing with cp. Your cp is going to be running synchronously, i.e. spend a lot of time waiting on the disk to perform the writes. This may well be the cause of your problem. Once we have established whether or not it is the cause, we can proceed to whether this behaviour can be improved. Kris pgpE51nuG6KrV.pgp Description: PGP signature
Re: 6.x hangs on AMD64 again
On Thu, Nov 23, 2006 at 12:08:30PM +0100, Andrea Venturoli wrote: I compiled the kernel with debug info, but that's totally useless, since it won't dump anything, just hang there; I don't think even DDB would help, since even the keyboard is not working at that time. Come on, you didn't even try it? :) Kris pgp9YfNAleZ2e.pgp Description: PGP signature
Re: Help... Installing from Port
Frank Staals wrote: VeeJay wrote: If I will install Apache2 from the Port, how can I configure to add module or disable modules? If we can configure in Port, so where it could be done and how? and if its in a file, where it would be placed? go to the apache2 dir in your portstree ( generally /usr/ports/www/apache2/ ) run 'make config' to set options, if the specific options aren't there: copy the Makefile to Makefile.orig and add the '--enable-OPTION' and '--disable-OPTION' with the other compile options. For apache22 make show-options gives you instructions. It is highly unlikely you would need to do anything to the Makefile. You can place the configuration options in /etc/make.conf, or in /usr/local/etc/pkgtools.conf if you use portupgrade, exactly as any other port. For example, I use the following in pkgtools.conf in the MAKE_ARGS section: 'apache-2*' = [ 'WITHOUT_IPV6=1', 'WITH_AUTH_MODULES=1', 'WITH_LDAP_MODULES=1', 'WITH_MISC_MODULES=1', 'WITH_PROXY_MODULES=1', 'WITH_THREADS_MODULES=1', 'WITH_SUEXEC_MODULES=1', 'WITH_DBM=bdb', 'WITH_BERKELEYDB=FreeBSD', ], Not sure though: but aren't a lot of those options also settable in the apache config file ? it might be a better idea to check that out first, so if you ever change your mind about a setting you don't have to recompile your intire apache2 port. AFAIK, You can use the apache config file to leave out a module which you have compiled, but you can't make use of a module which you haven't compiled. --Alex PS Simply reading /usr/ports/apache22/Makefile would have answered your question about how to set which modules to use. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.1 RELEASE ia64
On Thu, Nov 23, 2006 at 01:13:32PM +0100, markoco wrote: After downloading and burning FreeBSD 6.1 RELEASE ia64 CD-s from your ftp, I've try to install it and sysinstall don't boot. Please help me to solve this problem. Thanks Mac OS X 10.4.6 You seem to be confused about what kind of hardware you have :) Mac OS X doesn't run on ia64 machines, so perhaps you really wanted the i386 or amd64 versions of FreeBSD if your intention was to run FreeBSD on that machine. Kris pgp6F7AUcr0lN.pgp Description: PGP signature
Re: Java JRE (latest) | Mozilla 2
Alex Zbyslaw [EMAIL PROTECTED] wrote: probsd org wrote: Hey group. I'm using the latest Firefox2 (non-linux) and have the latest diablo-jre15 port installed. I'm finding that the plugin for firefox causes firefox to freeze consistently. For example, when accessing myspace, as soon as I click on Myspace's mail link firefox will freeze immediately everytime. When I turn javascript off in firefox then all works fine (except to send mail in myspace you have to have javascript enabled). I tried the FreeBSDfoundations JRE package but it said it required a past version javawrapper. java and javascript are completely unrelated(*) so updating Java is unlikely to fix a problem if it's source is, as you think, javascript. --Alex (*) It is quite possible for java and javascript to interact, and this has been an area of great inconsistency and numerous timing bugs in many, many browsers over the years, but nothing you've said points to java being used at all. Firefox2 lets you disable java (as opposed to javascript) so you could try that and see if that helps, but it seems like a shot in the dark with too little info to me. OK, it looks like it's a javascript issue. With JAVA loaded myspace works fine. With javascript loaded firefox freezes. I'm guessing this is myspace's issue. - Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Nov 23, 2006, at 7:57 AM, Gregory Carvalho wrote: You might consider a safe with A/C from Black Box. Expensive, but an option for you. On Tuesday 21 November 2006 19:41, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Being able to Kensington lock the machine so that it can't be opened (thinking of Dells), you can prevent physical access to a large degree (only have to worry about people that can screw up the lock), and prevent people from taking the drive OR resetting the CMOS jumper, giving people access to the BIOS without a password (one thing that many people haven't mentioned about security so far). -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
creating a broken graid3 array?
Is it possible to create a (degraded) graid3 array with only two (or one less than the planned total) providers? I'm asking since I would like to move from my current one-disk setup to a three-disk raid3 array, but I'd like the disk currently in use to be a member of the array and I don't have anywhere to conveniently back up the data already there. I'd like to create a degraded graid3 array with the two new components, copy the data from the current disk to the array, and then add the current disk in to the array. If that's not a possibility, can anyone suggest a way to get the same end result? Thanks, JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
Being able to Kensington lock the machine so that it can't be opened (thinking of Dells), you can prevent physical access to a large degree (only have to worry about people that can screw up the lock), and prevent people from taking the drive OR resetting the CMOS jumper, giving people access to the BIOS without a password (one thing that many people haven't mentioned about security so far). -Garrett Sorry to disappoint you, but Kensington locks can easily be unlocked, using a toilet paper roll, pen, and tape. We tried this at work because my collegue protected his flat screen with it, but forgot his key at home on the day we moved to a new office. We needed a bit longer, thou... The video is wmv, but I didn't find a version in another format (but mplayer can play it): http://www.toool.nl/kensington623.wmv I wonder if the data on this machine is as sensitive as this thread suggests it... ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating a broken graid3 array?
On 11/23/06, John Nielsen [EMAIL PROTECTED] wrote: Is it possible to create a (degraded) graid3 array Maybe you'll be able to create graid3 with md0 as the third member (based on sparse file for example) and later emulate a failure (md0 disappears) and insert your hard drive. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating a broken graid3 array?
John, On 11/23/06, John Nielsen [EMAIL PROTECTED] wrote: Is it possible to create a (degraded) graid3 array with only two (or one less than the planned total) providers? I'm asking since I would like to move from my current one-disk setup to a three-disk raid3 array, but I'd like the disk currently in use to be a member of the array and I don't have anywhere to conveniently back up the data already there. I'd like to create a degraded graid3 array with the two new components, copy the data from the current disk to the array, and then add the current disk in to the array. If that's not a possibility, can anyone suggest a way to get the same end result? while i know close to nothing about raid, here is what i think: 1. you have no backup ( otherwise you could pull it off ) 2. you are trying to achieve your goal through a tricky method ( me thinks anyways :-) is the loss of your data worth less than the cost of an extra hd? if so, buy another hd. if not, make a clean install? and assuming a 3 hd raid setup, would it not be wise to have a spare hd anyway? what's the point? regards, usleep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On 11/23/06, Bill Moran [EMAIL PROTECTED] wrote: On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay [EMAIL PROTECTED] wrote: On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare. Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating a broken graid3 array?
is the loss of your data worth less than the cost of an extra hd? if so, buy another hd. if not, make a clean install? should read: is the cost of an extra hd less than the value of your data/install? if so, buy another hd. if not, make a clean install? regards, usleep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How RAID 10 works (was: Re: Password Security)
PMFJI On Thu 23 Nov 23:08, VeeJay wrote: Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? With a four disk RAID 10 array you would need two (or more) drives and it would have to be the right two in order to read _all_ of the data. See: http://www.techtutorials.net/tutorials/hardware/raid.shtml RAID 10 is near the bottom. Cheers, Nick. -- Elves are wonderful. They provoke wonder. Elves are marvellous. They provoke marvels. Elves are fantastic. They create fantasies. Elves are glamorous. They project glamour. Elves are enchanting. They weave enchantment. Elves are terrific. They beget terror. No-one ever said elves are _nice_. Elves are _bad_. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help... Installing from Port
On 11/23/06, Frank Staals [EMAIL PROTECTED] wrote: VeeJay wrote: Hi If I will install Apache2 from the Port, how can I configure to add module or disable modules? Like if I want to enable following modules, how can I do them VIA Ports? Please find below the text from this Step-by-Step guide I am using. But that procedure is for manually downloading the archive, checking signatures and then configuring But how can I use Port system to get the same results? snip make install chown -R root:sys /usr/local/apache2 - If we can configure in Port, so where it could be done and how? and if its in a file, where it would be placed? go to the apache2 dir in your portstree ( generally /usr/ports/www/apache2/ ) run 'make config' to set options, if the specific options aren't there: copy the Makefile to Makefile.orig and add the '--enable-OPTION' and '--disable-OPTION' with the other compile options. Not sure though: but aren't a lot of those options also settable in the apache config file ? it might be a better idea to check that out first, so if you ever change your mind about a setting you don't have to recompile your intire apache2 port. -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi When I give make config command I get error as follow: # make config === No options to configure I have also tried --enable-OPTION and --disable-OPTION... but didn't had any luck :( -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, 23 Nov 2006 23:08:18 +0100 VeeJay [EMAIL PROTECTED] wrote: On 11/23/06, Bill Moran [EMAIL PROTECTED] wrote: On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay [EMAIL PROTECTED] wrote: On 11/23/06, Olivier Nicole [EMAIL PROTECTED] wrote: And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare. Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? Your logic escapes me. If someone were to physically break in to the machine to steal your data, why would they only take some of the drives? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, 23 Nov 2006 17:47:26 -0500 Bill Moran [EMAIL PROTECTED] wrote: Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? Your logic escapes me. If someone were to physically break in to the machine to steal your data, why would they only take some of the drives? And to add to it, just in case this comes up next: if the drives are attached to some kind of external controller, of course one takes that too. Even easier if you steal a geom based software-raid10. just put the drives into a freebsd box and the volume appears (if glabel is also used). Otherwise you'll have to do some juggling, but surely no rocket sience. -- | /\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | | \ / campaign against |0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | | XHTML in email |.the next sentence is true. | | / \ and news | .the previous sentence was a lie.| signature.asc Description: PGP signature
Re: creating a broken graid3 array?
On Thursday 23 November 2006 17:10, [EMAIL PROTECTED] wrote: is the loss of your data worth less than the cost of an extra hd? if so, buy another hd. if not, make a clean install? should read: is the cost of an extra hd less than the value of your data/install? if so, buy another hd. if not, make a clean install? I have backups of the data that can't be reproduced. I just don't have room for some of the larger files (CD ISO's, DVD rips, etc). It would be inconvenient to lose the data but far from catastrophic. One goal of this exercise is to get some redundancy, but at least as important are the goals of learning more about something I haven't used before (graid3) and getting a larger volume on a limited budget. Besides, trickery is where the fun comes in. :) I appreciate the response, though. It's a point I might have raised myself. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating a broken graid3 array?
On Thursday 23 November 2006 16:00, Andrew Pantyukhin wrote: On 11/23/06, John Nielsen [EMAIL PROTECTED] wrote: Is it possible to create a (degraded) graid3 array Maybe you'll be able to create graid3 with md0 as the third member (based on sparse file for example) and later emulate a failure (md0 disappears) and insert your hard drive. That's the thought I had as well after I posted. I'll probably give that a try once I'm ready to get started. Thanks, JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mouse
Hi, I am trying to install a Fbsd 6.1 in a desktop with an optical mouse. The xorg.conf file has /dev/sysmouse and protocol auto, but I it is not working. Regi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mouse
On Thu, 23 Nov 2006 22:20:50 -0200 Reginaldo Tavares [EMAIL PROTECTED] wrote: I am trying to install a Fbsd 6.1 in a desktop with an optical mouse. The xorg.conf file has /dev/sysmouse and protocol auto, but I it is not working. do you have moused running? (i.e., is your mouse running on the text-based virtual console?) if it is, then run xorgcfg, take all the defaults and it'll/should just work. _ {Beto|Norberto|Numard} Meijome Unix is user friendly. However, it isn't idiot friendly. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
1. Password on BIOS Knowing that it is enought to remove the battery in order to remove the BIOS password. 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. You can also consider to remove the CD and floppy drives. Modern machines can boot from USB CD when needed. 3. Put the password on Single User mode. Right. 4. Encrypt your hard disk. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Continued Crashing of Mozilla FF
Im using FreeBSD6.2-PRERELEASE with the latest version of Mozilla FF via ports ... Quite frequently when i try to download a file FF will hang then close itself down, no crash handling etc appears it simply closes itself .. .core file is 50meg so a URL is provided if anyone wishes to view it. http://shinjitsu.no-ip.org/ff.core ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Continued Crashing of Mozilla FF
Warren Liddell wrote: Im using FreeBSD6.2-PRERELEASE with the latest version of Mozilla FF via ports ... Quite frequently when i try to download a file FF will hang then close itself down, no crash handling etc appears it simply closes itself .. .core file is 50meg so a URL is provided if anyone wishes to view it. http://shinjitsu.no-ip.org/ff.core Check out this PR to see if it's the same issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=105589 If it is the same issue, could you /please/ post a follow up so the maintainers know that it's affecting more users than just me? Thanks, Micah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port redirection with natd and ipfw
[Fratiman Vladut] This is because u try to access an ip that have same ip like your gateway, but from internal lan, so packets are sends to gateway but cannot be redirected back to the http server according with redirect rules. To resolve this situation, configure a simple dns server on your gateway, and make a zone with your domain pointed to the internal ip. Then configure the computers clients to ask your dns server. This is easily done via dhcp. Your dns server need to be configured to forward request's for unknow domains to the autoritarive public dns servers. -- Best regards, Fratiman [Russell Wood] I had a similar setup once and used Split DNS with BIND. So, if you requested example.com on 192.168.0.0/24 then you'd get the internal IP, otherwise you got the external IP. Regards, Russell Wood Thanks guys, But Split DNS does not work in my case. Because I have different services on different machines, and the dns will map one name (and all ports associated to it) to one machine. Is there any solution that will work without using split dns? Thanks, -- Nilton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Subject: Re: Ezmlm Port Okay Or Junk?
On Wed, 22 Nov 2006 09:04:06 - Graham Bentley [EMAIL PROTECTED] wrote: I have noticed that quite alot of ports are broken on 6.2 but then again I only loaded it a few days ago and havent updated the tree (thinking this is the 'latest' version - flawed?) Mind explaining the problems you see in detail? I've been tracking the latest ports and kernel from 6.-RELEASE to , well, stable :) and I haven't noticed anything broken .. _ {Beto|Norberto|Numard} Meijome If you find a solution and become attached to it, the solution may become your next problem. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password Security
On Thu, 23 Nov 2006 08:25:20 -0500 Bill Moran [EMAIL PROTECTED] wrote: So, does it mean that Windows 2003 Server provides more Password Level Security with Unauthorized Access? Where is this presumption coming from? Windows OS suffer from the same difficulty protecting from physical intrusion that any other OS does. Precisely - MS makes a very strong (and valid) point of saying that once 'the bad guys' have physical access to your box, the machine is owned. The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about hacking into someone's machine via Firewire. And even if it was an exploit, neither the researcher/hacker nor MS would consider it security issue, because to use this FW attack you need physical access... ie, you've lost the battle already, it's just a matter of picking your method of breaking in. In short, secure the box both physically and network / services-wise as much as possible. Best, _ {Beto|Norberto|Numard} Meijome UFOs are for real: the Air Force doesn't exist. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Knowing if someone really stole someone else's code
Hi, It's been almost three years since I started using opensource software, specifically FreeBSD. I'm glad that I'm learning a lot of things from it. Things that I'm sure I would never have learned if I haven't entered this so called opensource world. Things that I can say, have positively affected my life in a certain way. HALT!!! Before you proceed reading, let me just tell you.. If in anyway you feel, that this email, with such a catchy subject line, have completely gotten your attention and consumed at least 10 seconds of your most precious time that you think should have been spent for answering other freebsd related questions worth answering hence the list title freebsd-questions, my deepest appologies. If by the looks of it you may have noticed that this email is not properly broken down into paragraphs or it contains MIME or was submitted in an HTML format that would really annoy you, or this should have been sent into -anyotherlist instead... appologies as well. I have tried my best not to sound like a troll, I've seen the netiquette RFCs, read a lot of how to ask good questions, where to ask it, came across the words like just fucking google it, rtfm, bikesheds, flaming, apple vs. orange, that doofus thread, avoid saying you're a n00b.. etc. etc. still I can't help but ask this: If I download a program source code with, let's say BSD license, and compile it. How does one know if I really stole his code? If someone sue me, will the court require me to provide the source code for my program and compare it to what he's claiming is the original code? If this is the case, what if I really have my own version of the source code, but when I compile it, it runs a lot slower than his program, so I just use his program instead. And when the court ask me to show my source code, I would instead give my slower version of the source code. Will the court just let someone do the benchmark just to find out if what I gave was really the source code for my program? Thanks. -jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port redirection with natd and ipfw
On Sat, Nov 18, 2006 at 09:12:30PM -0200, Nilton Volpato wrote: Hi, I'm using a computer with FreeBSD as a gateway and NAT for a private LAN. Let's say the gateway has external.com as external address, and 192.168.0.1 as internal address, so that the LAN is 192.168.0.0/24. I'm doing a number of port redirects in the gateway, for svn, http, https, ssh, etc using natd. However, these port redirects do not work from inside the LAN. For instance, if I point my browser to http://external.com and I'm in the LAN, then it will not work. I can't use the internal address of the web server because none of the links will work on the web page. In summary, I want that my port redirections work also when I try to connect to the gateway's external address from inside the LAN. I'm using a minimal ipfw configuration to try to solve this. This is the default configuration. 00050 divert 8668 ip4 from any to any via vr0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any I tried to add: 00060 divert 8668 ip4 from 192.168.0.0/24 to external.com expecting that it would send the packets from LAN to natd, which would apply the port redirections. But it did not work. How can I solve this? Thanks, -- Nilton What I do in these circumstances is put a line in /etc/hosts on the machines on the LAN eg: 192.168.0.1 external.com If you've got a standard host.conf then it gets picked up before bind. Whilst it means you don't connect to the external interface of external.com it has the same effect and you can browse your site etc. No fancy firewall rules required either. HTH. -- Frank echo f r a n k @ e s p e r a n c e - l i n u x . c o . u k | sed 's/ //g' ---PGP keyID: 0x10BD6F4B--- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Knowing if someone really stole someone else's code
Sorry if I sound rude, but did you ever read the BSD license? http://www.freebsd.org/copyright/freebsd-license.html It says in the first sentence: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met... I'd say you can use BSD licensed code for your own projects as long as you provide the copyright message (with is stated below the part I quoted above ;). Which is, by the way, a reason for several producers of WLAN routers to switch from Linux to *BSD: They can alter the source code, compile it, ship their own devices with it, without having to provide the source code. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]