video cam with room view for FreeBSD Skype
Hello, To do normal Skype session (face2face) I'm using a USB video cam mounted on top of the lid of my laptop which is good supported by the pwc kernel module: Mar 5 09:39:57 current kernel: ugen4.2: Philips at usbus4 Mar 5 09:39:57 current kernel: pwc0: Philips product 0x0329, class 0/0, rev 1.10/0.03, addr 2 on usbus4 Mar 5 09:39:58 current kernel: pwc0: This camera is equipped with a Sony CCD sensor + TDA8787 (32) I would like to have a bigger model to do the same with a group of colleagues on my side, i.e. put the cam 3-4 meter away from the table. Does someone knows a good model for doing that, wall or table mounted and with a long USB cable, and supported in FreeBSD 8-CURRENT? Thx matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e g...@unixarea.de - w http://www.unixarea.de/ Solidarity with the imperialistic Israel? Not in my name! ¿Solidaridad con el imperialismo de Israel? ¡No en mi nombre! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, Mar 5, 2010 at 6:14 AM, Pongthep Kulkrisada ptkris...@gmail.com wrote: The problem is that ``flash viewer'' is not installed. Shockwave/Adobe/Macromedia flash viewers are not shipped with FBSD CD. I'm running OpenSolaris/x86 as guest in VirtualBox on FreeBSD/amd64 for that, since Adobe provides a Flash plugin for this platform. It's not an ideal solution and pretty heavy on resources, but at least it works for the very rare occasions I absolutely need Flash support (I usually tend to avoid sites that depend exclusively on Flash anyway). It looks very bad for browsing web without flash viewer. I tried installing from ports. - opera-linuxplugins-10.10. - linux-f10-flashplugin-10.0 - f4l-0.2.1.4 (I guess it stands for ``flash for linux''.) But they do not fix the problem. Anyone who can fix this problem please point me out. Thanks, Pongthep Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* Polytropon (free...@edvax.de) wrote: Do you have compat7x installed? No I don't. If you already updated to OS 8.0, you should update your ports tree, too, and use the current ports. I always csup the SELECTED port tree but not all. Just installing isn't enough, there's some configuration work to be done. I don't know kinda GUI, so I don't know how to configure it. Please point me to some tutorial. By the way, you may be interested in checking how gnash (a GNU based Flash implementation) or swfdec may fit your needs. I shall check. Sure. Maybe the handbook can help here: http://www.freebsd.org/doc/handbook/desktop-browsers.html See 6.2.3 for detailed information. Okay, but I don't want to install firefox. I'm much familiar with opera esp. mouse gesturing. The handbook says very little about Opera. * Sabine Baer (bae...@t-online.de) wrote: I have installed emulators/linux_base-f10, www/linux-opera-10.10 and linux-f10-flashplugin-10.0r45 on a 7.2 FreeBSD an can now look at and listen to flash movies on youtube and other sites. This seems very likely. But I have already done exactly what you described (but on FBSD 8.0). Still not OK. I can not even start linux-opera. For you diagnostic, When starting from console, it complains ... % linux-opera shm_allow_removed is disable, set OPERA_NUM_XSHM to 0 to disable shared memory. ERROR: ld.so: object 'libjvm.so' from LD_PRELOAD cannot be preloaded: ignored. ERROR: ld.so: object 'libawt.so' from LD_PRELOAD cannot be preloaded: ignored. /usr/local/share/linux-opera/bin/opera: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory % * Robert Bonomi (bon...@mail.r-bonomi.com) wrote: needless to say, you have to have linux emulation build int (or kdloaded) in your kernel. *and* the linux emulation package ( name is {mumble}-fc10, for 'Fedora Core 10' ) installed. *then* you can install the other packages. I have selected linux emulation since I installed it from CD. And it is still enabled in /etc/rc.conf. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Perl 5.8 - 5.10 On Current Production System
On Thu, Mar 4, 2010 at 6:13 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: However, when I run: portupgrade -o lang/perl5.10 -f perl-5.8\.* I get this problem: --- Upgrading 'perl-5.8.9_3' to 'perl-5.10.1' (lang/perl5.10) --- Building '/usr/ports/lang/perl5.10' === Cleaning for perl-5.10.1 === perl-5.10.1 conflicts with installed package(s): perl-5.8.9_3 They install files into the same place. Please remove them first with pkg_delete(1). *** Error code 1 I supposed I could do a forced manual removal of perl, but isn't that what the '-f' arg in the portupgrade is supposed to do? You got bitten by an ill-considered change introduced after the UPDATING instructions were written. To work around it, you need to set DISABLE_CONFLICTS when rebuilding the port, eg like this: # portupgrade -m DISABLE_CONFLICTS=yes -o lang/perl5.10 -f perl-5.8\.* THANK YOU! This is *exactly* what was holding me up from upgrading to Perl 5.10. Please feel free to complain volubly about this: it's hand-holding for newbies which annoys and incoveniences the vastly larger number of non-newbies (ie. anyone who has been using the ports for more than a few weeks.) Cheers, Matthew -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automated kernel crash reporting system
On Thu, 4 Mar 2010, sean connolly wrote: Automatic reporting would end up being a mess given that panics can be caused by hardware problems. Having an autoreport check if memtest was run before it reports, or having it only run with -CURRENTmight be useful. Hi Sean, Dan, et al: I'm not sure I agree with this view. For releases, it's true that many reported panics are a result of bad hardware. However, on active development branches, especially -CURRENT, that's not the case. An automated scheme to track bug reports and find common themes could be incredibly valuable in the development environment. And, to be honest, even if a fair number of reports are due to hardware failures, these often have common themes themselves, so it would be quite educational to be able to reason about panics on a large scale. Not to mention using it to identify potentially flakey hardware that users could then be warned about :-). Collecting crash reports is widespread in industry for both operating systems and applications for these reasons. Certainly, the crashinfo summary gathered on recent FreeBSD versions is an excellent starting point for building such a system. If we were to move ahead with it, we'd need to pay very close attention to scrubbing potentially sensitive information from panic reports, however. Robert Sean From: jhell jh...@dataix.net To: Dan Naumov dan.nau...@gmail.com Cc: FreeBSD Hackers freebsd-hack...@freebsd.org; freebsd-questions@freebsd.org Sent: Thu, March 4, 2010 8:06:50 AM Subject: Re: Automated kernel crash reporting system On Thu, 4 Mar 2010 07:09, dan.naumov@ wrote: Hello I noticed the following on the FreeBSD website: http://www.freebsd.org/projects/ideas/ideas.html#p-autoreport Has there been any progress/work done on the automated kernel crash reporting system? The current ways of enabling and gathering the information required by developers for investigating panics and similar issues are unintuitive and user-hostile to say the least and anything to automate the process would be a very welcome addition. - Sincerely, Dan Naumov Hi Dan, I am assuming that the output of crashinfo_enable=YES is not what you are talking about is it ? are you aware of it ? The info contained in the crashinfo.txt.N is pretty informative for developers, maybe your talking about another way of submitting it ? Regards, -- jhell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-hack...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd install from floppy
On Wed, Mar 03, 2010 at 01:33:52PM +0100, Piotr Lukawski wrote: Dears, I need to install Freebsd 8.0 using floppy and then ftp, but there are no floppy images in +ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/mentioned in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html I tried so install Freebsd 7 using availiable floppy (successful) and update it to 8.0 (after 3 days finally error and now now whole /usr directory so I am stacked). Could you please produce install floppy images for Freebsd 8.0? Please please please. I have no power to do the install of 7, upgrade and fail again :-( Thanks in adavance. Piotr ___ Yes, I definitly vote for the release of floppy images too! In my case its the SCSI-CD drives what do not allow me to boot from a CD. It might be old fashioned, but its very easy just to boot the floppy and then install all over ftp! I guess there are still a couple of systems (old +laptops, servers) which require it. Thanks herb langhans -- sprachtraining langhans herbert langhans, warschau http://www.langhans.com.pl herbert dot raimund at gmx dot net +0048 603 341 441 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On 03/05/10 12:00, Pongthep Kulkrisada wrote: * Polytropon (free...@edvax.de) wrote: Do you have compat7x installed? No I don't. If you already updated to OS 8.0, you should update your ports tree, too, and use the current ports. I always csup the SELECTED port tree but not all. Just installing isn't enough, there's some configuration work to be done. I don't know kinda GUI, so I don't know how to configure it. Please point me to some tutorial. By the way, you may be interested in checking how gnash (a GNU based Flash implementation) or swfdec may fit your needs. I shall check. Sure. Maybe the handbook can help here: http://www.freebsd.org/doc/handbook/desktop-browsers.html See 6.2.3 for detailed information. Okay, but I don't want to install firefox. I'm much familiar with opera esp. mouse gesturing. The handbook says very little about Opera. * Sabine Baer (bae...@t-online.de) wrote: I have installed emulators/linux_base-f10, www/linux-opera-10.10 and linux-f10-flashplugin-10.0r45 on a 7.2 FreeBSD an can now look at and listen to flash movies on youtube and other sites. This seems very likely. But I have already done exactly what you described (but on FBSD 8.0). Still not OK. I can not even start linux-opera. For you diagnostic, When starting from console, it complains ... % linux-opera HI ! I tested the process of installing firefox/opera and flash plugin. Everything run on my system FreeBSD 8, even though I did not stress browser plugin. Here's all the step that I took to make the flash plugin work for firefox and opera (basically I followed the handbook). --- Installed /usr/ports/emulators/linux_base-f10 --- kldload linux --- mount linprocfs --- installed /usr/ports/www/linux-f10-flashplugin10/ (--- installed /usr/ports/www/nspluginwrapper) (--- ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so /usr/local/lib/browser_plugins/ ) (--- as normal user I executed nspluginwrapper ... etc) --- installed ___NATIVE FREEBSD version___ of Opera [/usr/ports/www/opera] --- installed /usr/ports/www/opera-linuxplugins/. d shm_allow_removed is disable, set OPERA_NUM_XSHM to 0 to disable shared memory. ERROR: ld.so: object 'libjvm.so' from LD_PRELOAD cannot be preloaded: ignored. ERROR: ld.so: object 'libawt.so' from LD_PRELOAD cannot be preloaded: ignored. /usr/local/share/linux-opera/bin/opera: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory % * Robert Bonomi (bon...@mail.r-bonomi.com) wrote: needless to say, you have to have linux emulation build int (or kdloaded) in your kernel. *and* the linux emulation package ( name is {mumble}-fc10, for 'Fedora Core 10' ) installed. *then* you can install the other packages. I have selected linux emulation since I installed it from CD. And it is still enabled in /etc/rc.conf. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Thousands of ssh probes
My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can't install kde3
Hello, I try to install kde3 after fresh install FreeBSD 8.0 and freebsd-update to FreeBSD 8.0 p2 on i386 athlon-xp 1660 MHz, but with no success. Here is the output: # cd /usr/ports/x11/kde3 # make install clean === Installing for kde-3.5.10_3 === kde-3.5.10_3 depends on executable: kjumpingcube - found === kde-3.5.10_3 depends on executable: kdessh - found === kde-3.5.10_3 depends on executable: kword - found === kde-3.5.10_3 depends on executable: kget - not found ===Verifying install for kget in /usr/ports/net/kdenetwork3 === Installing for kdenetwork-3.5.10_2 === kdenetwork-3.5.10_2 depends on file: /usr/local/bin/moc - found === kdenetwork-3.5.10_2 depends on executable: kopete - not found ===Verifying install for kopete in /usr/ports/net-im/kopete === Building for kdenetwork-kopete-0.12.8_3 Making all in libkopete gmake[1]: Entering directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete' Making all in private gmake[2]: Entering directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete/private' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete/private' Making all in ui gmake[2]: Entering directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete/ui' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete/ui' Making all in . gmake[2]: Entering directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete' gmake[2]: Nothing to be done for `all-am'. gmake[2]: Leaving directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete' Making all in avdevice gmake[2]: Entering directory `/usr/ports/net-im/kopete/work/kdenetwork-3.5.10/kopete/libkopete/avdevice' /bin/sh /usr/local/bin/libtool --silent --tag=CXX --mode=compile c++ -DHAVE_CONFIG_H -I. -I../../.. -I../../../kopete/protocols/gadu/libgadu -I/usr/local/include -I/usr/local/include -DKDE_NO_COMPAT -DQT_NO_COMPAT -DQT_NO_CAST_ASCII -DQT_NO_ASCII_CAST -I../../../kopete/libkopete -I../../../kopete/libkopete -I../../../kopete/libkopete/avdevice -I../../../kopete/libkopete/ui -I../../../kopete/libkopete/ui -I../../../kopete/libkopete/private -I../../../kopete/libkopete/ui -I/usr/local/include -I/usr/local/include -D_THREAD_SAFE -pthread -DQT_THREAD_SUPPORT -I/usr/local/include -I/usr/local/include -I/usr/local/include -D_GETOPT_H -D_THREAD_SAFE -D_LARGE_FILES=1 -Wno-long-long -Wundef -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -O2 -fno-strict-aliasing -pipe -fomit-frame-pointer -mtune=native -march=athlon-xp -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -MT videodevice.lo -MD -MP -MF .deps/videodevice.Tpo -c -o videodevice.lo videodevice.cpp In file included from /usr/local/include/linux/videodev.h:17, from videodevice.h:61, from videodevice.cpp:27: /usr/local/include/linux/videodev2.h:67: error: declaration does not declare anything /usr/local/include/linux/videodev2.h:72: error: declaration does not declare anything videodevice.cpp: In member function 'void Kopete::AV::VideoDevice::enumerateMenu()': videodevice.cpp:70: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'Kopete::AV::pixel_format Kopete::AV::VideoDevice::setPixelFormat(Kopete::AV::pixel_format)': videodevice.cpp:800: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'int Kopete::AV::VideoDevice::selectInput(int)': videodevice.cpp:863: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'int Kopete::AV::VideoDevice::setInputParameters()': videodevice.cpp:909: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'float Kopete::AV::VideoDevice::getBrightness()': videodevice.cpp:1465: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'float Kopete::AV::VideoDevice::getContrast()': videodevice.cpp:1535: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'float Kopete::AV::VideoDevice::getSaturation()': videodevice.cpp:1605: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'float Kopete::AV::VideoDevice::getWhiteness()': videodevice.cpp:1675: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'float Kopete::AV::VideoDevice::getHue()': videodevice.cpp:1745: warning: comparison between signed and unsigned integer expressions videodevice.cpp: In member function 'bool
8.0-RELEASE-p2 Isn't There?
I did manage to get freebsd-update to run, after a sort. Now my system identifies as FreeBSD heaven 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan 5 16:02:27 UTC 2010 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 When I go to the ftp server to do any sort of updates (like using sysinstall to install the kernel source so I can install pwcbsd via ports), it tells me that 8.0-RELEASE-p2 isn't on the server (doesn't matter which one I choose). Will there be any issues if, via sysinstall, I set the release to any (as suggested in the dialog box in sysinstall when it fails to find an FTP server with the proper release)? freebsd-update also has issues retrieving the proper stuff (it updated the release, grabbed some files and then errors out): freebsd-update -r 8.0-RELEASE-p2 upgrade Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 8.0-RELEASE from update4.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. The following components of FreeBSD seem to be installed: kernel/generic world/base world/dict world/doc world/games world/manpages The following components of FreeBSD do not seem to be installed: src/base src/bin src/cddl src/contrib src/crypto src/etc src/games src/gnu src/include src/krb5 src/lib src/libexec src/release src/rescue src/sbin src/secure src/share src/sys src/tools src/ubin src/usbin world/catpages world/info world/proflibs Does this look reasonable (y/n)? y Fetching metadata signature for 8.0-RELEASE-p2 from update4.FreeBSD.org... failed. Fetching metadata signature for 8.0-RELEASE-p2 from update5.FreeBSD.org... failed. Fetching metadata signature for 8.0-RELEASE-p2 from update2.FreeBSD.org... failed. No mirrors remaining, giving up. -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. signature.asc Description: OpenPGP digital signature
Can't install kde4
Hello, I try to install kde4 (and kde3 in erlier post) after fresh install FreeBSD 8.0 and freebsd-update to FreeBSD 8.0 p2 on i386 athlon-xp 1660 MHz, but with no success. Here is the output: # cd /usr/ports/x11/kde4 # make install clean === Installing for kde4-4.3.5 === kde4-4.3.5 depends on package: kdeaccessibility=4 - found === kde4-4.3.5 depends on package: kdeadmin=4 - not found ===Verifying install for kdeadmin=4 in /usr/ports/sysutils/kdeadmin4 === Installing for kdeadmin-4.3.5 === kdeadmin-4.3.5 depends on file: /usr/local/kde4/share/apps/system-config-printer-kde/system-config-printer-kde.py - not found ===Verifying install for /usr/local/kde4/share/apps/system-config-printer-kde/system-config-printer-kde.py in /usr/ports/print/system-config-printer-kde === system-config-printer-kde-4.3.5_2 depends on executable: system-config-printer - not found ===Verifying install for system-config-printer in /usr/ports/print/system-config-printer === Building for system-config-printer-1.0.16_1 Making all in po gmake[1]: Entering directory `/usr/ports/print/system-config-printer/work/system-config-printer-1.0.16/po' gmake[1]: Nothing to be done for `all'. gmake[1]: Leaving directory `/usr/ports/print/system-config-printer/work/system-config-printer-1.0.16/po' gmake[1]: Entering directory `/usr/ports/print/system-config-printer/work/system-config-printer-1.0.16' xmlto man -o man man/system-config-printer.xml xmlto: /usr/ports/print/system-config-printer/work/system-config-printer-1.0.16/man/system-config-printer.xml does not validate (status 3) xmlto: Fix document syntax or use --skip-validation option I/O error : Attempt to load network entity http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd /usr/ports/print/system-config-printer/work/system-config-printer-1.0.16/man/system-config-printer.xml:3: warning: failed to load external entity http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd; http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd; ^ I/O error : Attempt to load network entity http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd warning: failed to load external entity http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd; validity error : Could not load the external subset http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd; Document /usr/ports/print/system-config-printer/work/system-config-printer-1.0.16/man/system-config-printer.xml does not validate gmake[1]: *** [man/system-config-printer.1] Error 13 gmake[1]: Leaving directory `/usr/ports/print/system-config-printer/work/system-config-printer-1.0.16' gmake: *** [all-recursive] Error 1 *** Error code 1 Stop in /usr/ports/print/system-config-printer. *** Error code 1 Stop in /usr/ports/print/system-config-printer-kde. *** Error code 1 Stop in /usr/ports/sysutils/kdeadmin4. *** Error code 1 Stop in /usr/ports/sysutils/kdeadmin4. *** Error code 1 Stop in /usr/ports/x11/kde4. *** Error code 1 Stop in /usr/ports/x11/kde4. # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can't install octave
Hello, I try to install octave (kde3, kde4 in erlier post) after fresh install FreeBSD 8.0 and freebsd-update to FreeBSD 8.0 p2 on i386 athlon-xp 1660 MHz, but with no success. I forgot to add that I csup-ed the ports tree today. Here is the output: # make install clean === octave-3.2.4 depends on executable: gnuplot - found === octave-3.2.4 depends on file: /usr/local/bin/gperf - found === octave-3.2.4 depends on executable: gsed - found === octave-3.2.4 depends on executable: dvips - found === octave-3.2.4 depends on executable: gmake - found === octave-3.2.4 depends on executable: gcc44 - found === octave-3.2.4 depends on file: /usr/local/bin/perl5.10.1 - found === octave-3.2.4 depends on file: /usr/local/bin/autoconf-2.62 - found === octave-3.2.4 depends on shared library: fftw3 - found === octave-3.2.4 depends on shared library: glpk.27 - found === octave-3.2.4 depends on shared library: hdf5 - found === octave-3.2.4 depends on shared library: umfpack.1 - found === octave-3.2.4 depends on shared library: qhull - found === octave-3.2.4 depends on shared library: arpack - found === octave-3.2.4 depends on shared library: qrupdate - found === octave-3.2.4 depends on shared library: fftw3f - found === octave-3.2.4 depends on shared library: fftw3 - found === octave-3.2.4 depends on shared library: ftgl - found === octave-3.2.4 depends on shared library: fltk - not found ===Verifying install for fltk in /usr/ports/x11-toolkits/fltk === Building for fltk-1.1.9_2 === making src === Compiling filename_list.cxx... filename_list.cxx: In function 'int fl_filename_list(const char*, dirent***, int (*)(dirent**, dirent**))': filename_list.cxx:59: error: invalid conversion from 'int (*)(const dirent**, const dirent**)' to 'int (*)(const void*, const void*)' filename_list.cxx:59: error: initializing argument 4 of 'int scandir(const char*, dirent***, int (*)(dirent*), int (*)(const void*, const void*))' *** Error code 1 Stop in /usr/ports/x11-toolkits/fltk/work/fltk-1.1.9/src. *** Error code 1 Stop in /usr/ports/x11-toolkits/fltk/work/fltk-1.1.9. *** Error code 1 Stop in /usr/ports/x11-toolkits/fltk. *** Error code 1 Stop in /usr/ports/math/octave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 03/05/10 06:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. signature.asc Description: OpenPGP digital signature
Re: Thousands of ssh probes
On Fri, Mar 5, 2010 at 2:54 PM, John j...@starfire.mn.org wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Look at security/blocksshd and security/denyhosts Also changing SSH to a non-standard port helps - a lot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Thousands of ssh probes
John writes: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? There are several solutions in the ports system; I use security/denyhosts. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote: On 03/05/10 06:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 2010-03-05 13:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? I use the pf firewall with sshguard. You'll see from the daily security how well it blocks :-) /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re[2]: Thousands of ssh probes
Hello John, I would suggest you just block ssh acces for everyone. But, to allow acces for yourself - you could install wonderfull utility = 'knock-knock'. It listen on specified ports (they could be closed), and, on receiving p= redefined knock-knock (for example - 2 knocks in 9000 tcp port, one knock t= o 8000 port, one at 27145 tcp port and final at 29000 udp port) it dynamica= lly inserts rule in за (шт my case, ipfw) ruleset, which allows acc= ess for host which knocks http://www.marksanborn.net/linux/add-port-knocking- to-ssh-for-extra-security/ Friday, March 5, 2010, 3:26:04 PM, you wrote: On Fri, Mar 05, 2010 at 07:03:53AM -0600, Progr= ammer In Training wrote: On 03/05/10 06:54, John wrote: My nightly security logs have thousand= s upon thousands of ssh probes in them. One day, over 6500. nb= sp;This is enough that I can actually feel it in my network performance. = nbsp;Other than changing ssh to a non-standard port - is there a way t= o deal with these? Every day, they originate from several diffe= rent IP addresses, so I can't just put in a static firewall rule. n= bsp;Is there a way to get ssh to quit responding to a port or a way = to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then = allow only from certain, trusted IPs? Ah, I should have added that I travel a fair am= ount, and often have to get to my systems via hotel WiFi or Air= card, so it's impossible to predict my originating IP address= in advance. If that were not the case, this would be an excell= ent suggestion. -- Yours In Christ, PIT Emails are not formal business letters, wha= tever businesses may want. Original content copyright under the OWLnb= sp;[1]http://owl.apot heon.org Please do not CC me. If I'm posting to a li= st it is because I am subscribed. -- Best regards, Anton= ;[2]mailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 References 1. 3Dhttp://owl.apotheon.org/ 2. 3Dmailto:an...@sng.by; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automated kernel crash reporting system
On Thursday 04 March 2010 8:50:56 am sean connolly wrote: Hi Dan, Automatic reporting would end up being a mess given that panics can be caused by hardware problems. Having an autoreport check if memtest was run before it reports, or having it only run with -CURRENTmight be useful. That's not quite true. Many hardware failure-type panics look the same (a machine check exception panic, an NMI due to a hardware error (this has a unique panic message), or panics in pmap_remove*() on x86 cover the vast majority of them). My previous employer actually did track panics using a script like crashinfo, and I was able to categorize known panics by looking for signatures in stack backtraces or other panic messages. From: jhell jh...@dataix.net To: Dan Naumov dan.nau...@gmail.com Cc: FreeBSD Hackers freebsd-hack...@freebsd.org; freebsd- questi...@freebsd.org Sent: Thu, March 4, 2010 8:06:50 AM Subject: Re: Automated kernel crash reporting system On Thu, 4 Mar 2010 07:09, dan.naumov@ wrote: Hello I noticed the following on the FreeBSD website: http://www.freebsd.org/projects/ideas/ideas.html#p-autoreport Has there been any progress/work done on the automated kernel crash reporting system? The current ways of enabling and gathering the information required by developers for investigating panics and similar issues are unintuitive and user-hostile to say the least and anything to automate the process would be a very welcome addition. - Sincerely, Dan Naumov Hi Dan, I am assuming that the output of crashinfo_enable=YES is not what you are talking about is it ? are you aware of it ? The info contained in the crashinfo.txt.N is pretty informative for developers, maybe your talking about another way of submitting it ? Regards, -- jhell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-hack...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org -- John Baldwin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to get hints of software installed by Ports ?
Hi, I installed some software from ports today , and it outputs some useful information when finished. e.g where its config file is Due to some mistakes , i lost these important information , how do i see it again ? Is there any tricks to show out it directly ? I don't want to install it again .. Any ideas will appreciate ;-) -- Best Regards, Aaron Lewis - PGP: 0xA476D2E9 irc: A4r0n on freenode ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to get hints of software installed by Ports ?
On Friday 05 March 2010 16:20:36 Aaron Lewis wrote: Hi, I installed some software from ports today , and it outputs some useful information when finished. e.g where its config file is Due to some mistakes , i lost these important information , how do i see it again ? Is there any tricks to show out it directly ? I don't want to install it again .. Any ideas will appreciate ;-) pkg_info -D ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
[SOLVED] Re: How to get hints of software installed by Ports ?
Jonathan McKeown wrote: On Friday 05 March 2010 16:20:36 Aaron Lewis wrote: Hi, I installed some software from ports today , and it outputs some useful information when finished. e.g where its config file is Due to some mistakes , i lost these important information , how do i see it again ? Is there any tricks to show out it directly ? I don't want to install it again .. Any ideas will appreciate ;-) pkg_info -D ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks Jonathan , it helps. -- Best Regards, Aaron Lewis - PGP: 0xA476D2E9 irc: A4r0n on freenode ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xorg, xdm, desktop env
On Thu, Mar 04, 2010 at 05:57:45PM -0600, Programmer In Training wrote: On 03/04/10 17:43, Warren Block wrote: On Fri, 5 Mar 2010, Polytropon wrote: snip As far as I know, earlier X installations came with the tab window manager - twm. This doesn't seem to be the case anymore. twm is still enabled by default as part of the x11/xorg-apps port. I can confirm that, and I too have problems with XDM despite having 'exec wmaker' in my .xinitrc in my home directory (sometimes XDM will kick me out to the login, sometimes it will just take me to a blank session wherein I can do nothing). I'd like to use XDM and have it start on boot so I'm interested in the outcome of this. If you read the manpage for xdm(1) you will see that the script that is run on login is ~/.xsession Try putting exec wmaker in there. To run xdm from boot, you have to edit /etc/ttys and then: # kill -HUP 1 Look at this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-xdm.html Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [SOLVED] Re: How to get hints of software installed by Ports ?
On 03/05/10 15:28, Aaron Lewis wrote: Jonathan McKeown wrote: On Friday 05 March 2010 16:20:36 Aaron Lewis wrote: Hi, I installed some software from ports today , and it outputs some useful information when finished. e.g where its config file is Due to some mistakes , i lost these important information , how do i see it again ? Is there any tricks to show out it directly ? I don't want to install it again .. Any ideas will appreciate ;-) pkg_info -D ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks Jonathan , it helps. Hi you can directly inspect the contents of these files (located in the port folder) --- pkg-message --- pkg-descr for the ports that have them (for example cat /usr/ports/www/firefox/pkg-message) I am not aware of any other sources of useful informations. Maybe almost everything else is sent only to the stdout/stderr ? d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Mar 5, 2010, at 8:26 AM, John wrote: On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote: On 03/05/10 06:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. Way back about 10 years ago, I was playing around with IPFW a lot. I wrote a script to update IPFW from changes made to a MySql db. It was a just for fun project, that turned out to be rather useful I have some developers that I managed who like you were road warriors. They logged in to the https web page w/ their username and password which grabbed their IP address and stored it in a table on with their login id. The script called fud (for firewall update daemon) connected to the db and ran a query to check for any rule changes. If there were it would apply them to the rule set and clear the change flag. Using this combination I was able to allow ssh access only to the necessary ip addresses. I kind of scrapped it when VPNs became easier to deploy and I have no idea where this set of scripts are now, but it would be rather trivial to build a new version. If anyone thinks it's worth revisiting hit me off list. Cheers, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://www.linkedin.com/in/mikelking http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Perl 5.8 - 5.10 On Current Production System
Matthew Seaman m.sea...@infracaninophile.co.uk writes: You got bitten by an ill-considered change introduced after the UPDATING instructions were written. To work around it, you need to set DISABLE_CONFLICTS when rebuilding the port, eg like this: # portupgrade -m DISABLE_CONFLICTS=yes -o lang/perl5.10 -f perl-5.8\.* Please feel free to complain volubly about this: it's hand-holding for newbies which annoys and incoveniences the vastly larger number of non-newbies (ie. anyone who has been using the ports for more than a few weeks.) It has occurred to me that teaching portupgrade to handle this would be a Simple Matter of Programming. Maybe even a strategy as simple as adding the variable to the make command lines automatically any time '-o' is specified. I wonder whether I could write that change without actually learning ruby... -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't install octave
On 01/-10/-28163 20:59, Zbigniew Komarnicki wrote: I try to install octave (kde3, kde4 in erlier post) after fresh install FreeBSD 8.0 and freebsd-update to FreeBSD 8.0 p2 on i386 athlon-xp 1660 MHz, but with no success. I forgot to add that I csup-ed the ports tree today. If I try to rebuild x11-toolkits/fltk, I get the same error. My last build of fltk was done before the last commit to that port. The commit was based on this problem report: http://www.freebsd.org/cgi/query-pr.cgi?pr=143638 From the description of that pr: Note that fltk also has the problem of linking against its older version, so you have to deinstall the old version to do a successful build. I have not tested that as I am in no immediate need to rebuild fltk. HTH, Jan Henrik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: video cam with room view for FreeBSD Skype
Matthias Apitz wrote: Hello, To do normal Skype session (face2face) I'm using a USB video cam mounted on top of the lid of my laptop which is good supported by the pwc kernel module: Mar 5 09:39:57 current kernel: ugen4.2: Philips at usbus4 Mar 5 09:39:57 current kernel: pwc0: Philips product 0x0329, class 0/0, rev 1.10/0.03, addr 2 on usbus4 Mar 5 09:39:58 current kernel: pwc0: This camera is equipped with a Sony CCD sensor + TDA8787 (32) I would like to have a bigger model to do the same with a group of colleagues on my side, i.e. put the cam 3-4 meter away from the table. Does someone knows a good model for doing that, wall or table mounted and with a long USB cable, and supported in FreeBSD 8-CURRENT? Thx matthias In the past I've had reasonable succes using a standard camcorder over firewire to do things like this. It's been a few years though. If using firewire isn't an issue for you, I'd be happy to delve into my pile of notes and see if I can find you something of a howto. The advantage of a firewire camera is in the much more standardized protocol between PC and camera. Bas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Perl 5.8 - 5.10 On Current Production System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 15:22:05, Lowell Gilbert wrote: Matthew Seaman m.sea...@infracaninophile.co.uk writes: You got bitten by an ill-considered change introduced after the UPDATING instructions were written. To work around it, you need to set DISABLE_CONFLICTS when rebuilding the port, eg like this: # portupgrade -m DISABLE_CONFLICTS=yes -o lang/perl5.10 -f perl-5.8\.* Please feel free to complain volubly about this: it's hand-holding for newbies which annoys and incoveniences the vastly larger number of non-newbies (ie. anyone who has been using the ports for more than a few weeks.) It has occurred to me that teaching portupgrade to handle this would be a Simple Matter of Programming. Maybe even a strategy as simple as adding the variable to the make command lines automatically any time '-o' is specified. I wonder whether I could write that change without actually learning ruby... Probably it's easy enough to do that, but only at the cost of completely turning off the otherwise valuable conflicts checking mechanism. You'ld actually want to be informed of any conflicts /except/ the ones you always get in this sort of operation between the port being replaced and the port replacing it. The fundamental problem is that conflicts checking has been moved to way too early in the sequence -- it even blocks you from downloading the tarballs for any port that conflicts with what you have installed. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRJG0ACgkQ8Mjk52CukIxqrwCgiP3cq3jDDcJzRYIycSGD3FpL SIsAn1cWMmeFinU6C9UTWdlJWb0LcTxC =+Ede -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Port/package install preview
Hi, is it possible to do a real preview with portupgrade? I want to see all ports that would be installed/upgraded when installing a particular port. The --noexecute option doesn't really show me a lot. How would this be done with packages? pkg_add would have to download all packges first to be able to calculate all dependencies, or can it operate on an index file? Anselm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote: On Mar 5, 2010, at 8:26 AM, John wrote: On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote: On 03/05/10 06:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. Way back about 10 years ago, I was playing around with IPFW a lot. I wrote a script to update IPFW from changes made to a MySql db. It was a just for fun project, that turned out to be rather useful I have some developers that I managed who like you were road warriors. They logged in to the https web page w/ their username and password which grabbed their IP address and stored it in a table on with their login id. The script called fud (for firewall update daemon) connected to the db and ran a query to check for any rule changes. If there were it would apply them to the rule set and clear the change flag. Using this combination I was able to allow ssh access only to the necessary ip addresses. I kind of scrapped it when VPNs became easier to deploy and I have no idea where this set of scripts are now, but it would be rather trivial to build a new version. If anyone thinks it's worth revisiting hit me off list. Maybe I'll have to learn how to do a VPN from FreeBSD One thought that occurs to me is that pf tables would provide a direct API without having to hit a database. I think I really like this. I may have to implement it for pf. It should be really easy with CGI and calls to pfctl. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Anton == Anton an...@sng.by writes: AntonBut, to allow acces for yourself - you could install wonderfull Antonutility = 'knock-knock'. Port knocking is false security. It's equivalent to adding precisely two bytes (per knock, which can't be too close or far apart or numerous) to the key length. Are you really thinking that increasing your key length from 2048 to 2050 helps? The right solution is proper ssh key management, and intrusion detection, and if you insist on having password access, use one-time passwords and/or strength checks. If you don't like your logfiles filling up, don't run ssh on port 22. I like 443, because corporate firewalls tend to pass that... :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automated kernel crash reporting system
On Fri, Mar 5, 2010 at 1:19 PM, Robert Watson rwat...@freebsd.org wrote: On Thu, 4 Mar 2010, sean connolly wrote: Automatic reporting would end up being a mess given that panics can be caused by hardware problems. Having an autoreport check if memtest was run before it reports, or having it only run with -CURRENTmight be useful. I too, disagree with this. Surely most attention would be given to the most often recurring problems across varied hardware. If a new -RELEASE is tagged and suddenly there is an influx of very similar automated crash reports across a wide selection of hardware, some conclusions can be reached. - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to get hints of software installed by Ports ?
Jonathan == Jonathan McKeown j.mcke...@ru.ac.za writes: Jonathan pkg_info -D I like pkg_info -DL 'port*', because it also shows *where* things got installed... sometimes, I can't find the conf files. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote: Anton == Anton an...@sng.by writes: AntonBut, to allow acces for yourself - you could install wonderfull Antonutility = 'knock-knock'. Port knocking is false security. It's equivalent to adding precisely two bytes (per knock, which can't be too close or far apart or numerous) to the key length. Are you really thinking that increasing your key length from 2048 to 2050 helps? The right solution is proper ssh key management, and intrusion detection, and if you insist on having password access, use one-time passwords and/or strength checks. If you don't like your logfiles filling up, don't run ssh on port 22. I like 443, because corporate firewalls tend to pass that... :) Yes - that's exactly what I used to do, and exactly why I used to do it, but now I'm thinking of actually implement https. -- John Lind j...@starfire.mn.org The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries. - Winston Churchill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't install octave
On 03/05/2010 16:24, Jan Henrik Sylvester wrote: On 01/-10/-28163 20:59, Zbigniew Komarnicki wrote: I try to install octave (kde3, kde4 in erlier post) after fresh install FreeBSD 8.0 and freebsd-update to FreeBSD 8.0 p2 on i386 athlon-xp 1660 MHz, but with no success. I forgot to add that I csup-ed the ports tree today. If I try to rebuild x11-toolkits/fltk, I get the same error. My last build of fltk was done before the last commit to that port. The commit was based on this problem report: http://www.freebsd.org/cgi/query-pr.cgi?pr=143638 From the description of that pr: Note that fltk also has the problem of linking against its older version, so you have to deinstall the old version to do a successful build. I have not tested that as I am in no immediate need to rebuild fltk. There has been one more commit on that port: http://www.freebsd.org/cgi/cvsweb.cgi/ports/x11-toolkits/fltk/files/patch-src_filename_list.cxx.diff?r1=1.4;r2=1.5;f=h That one looks suspicious because (__FreeBSD_version = 73) make the clauses before obsolete. Before that commit, the condition was true for 8-STABLE and 9-CURRENT, but not for 8.0-RELEASE or 7-ANYTHING. The commit was supposed to fix 7.3-RELEASE (and probably 7-STABLE) but changed the behavior for 8.0-RELEASE, too, which probably has not been intended. I guess, (__FreeBSD_version = 73) should be replaced by (__FreeBSD_version = 73 __FreeBSD_version 79). The patch attached fixes the build for me on 8.0-RELEASE. (I have included the maintainer, gahr@, in Cc). Cheers, Jan Henrik diff -u x11-toolkits/fltk/files/patch-src_filename_list.cxx.orig x11-toolkits/fltk/files/patch-src_filename_list.cxx --- x11-toolkits/fltk/files/patch-src_filename_list.cxx.orig2010-02-25 14:36:59.0 +0100 +++ x11-toolkits/fltk/files/patch-src_filename_list.cxx 2010-03-05 16:39:03.0 +0100 @@ -14,7 +14,7 @@ #ifndef HAVE_SCANDIR int n = scandir(d, list, 0, sort); -#elif defined(__hpux) || defined(__CYGWIN__) -+#elif defined(__hpux) || defined(__CYGWIN__) || (defined(__FreeBSD__) (__FreeBSD_version = 96 || (__FreeBSD_version = 800501 __FreeBSD_version 90) || (__FreeBSD_version = 73))) ++#elif defined(__hpux) || defined(__CYGWIN__) || (defined(__FreeBSD__) (__FreeBSD_version = 96 || (__FreeBSD_version = 800501 __FreeBSD_version 90) || (__FreeBSD_version = 73 __FreeBSD_version 79))) // HP-UX, Cygwin define the comparison function like this: int n = scandir(d, list, 0, (int(*)(const dirent **, const dirent **))sort); #elif defined(__osf__) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
John == John j...@starfire.mn.org writes: John Yes - that's exactly what I used to do, and exactly why I used to do John it, but now I'm thinking of actually implement https. Rent more than one IP. :) I have a block of 8 for exactly that reason. It allows me to run sshd on 443 *and* https on a different 443, and a mailer on one 25 and a high-mx mail spamtrap on another port 25. stonehenge.com mail is handled by 5 blue.stonehenge.com. stonehenge.com mail is handled by 666 spamtrap.stonehenge.com. The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Mar 5, 2010, at 10:44 AM, John wrote: On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote: On Mar 5, 2010, at 8:26 AM, John wrote: Way back about 10 years ago, I was playing around with IPFW a lot. I wrote a script to update IPFW from changes made to a MySql db. It was a just for fun project, that turned out to be rather useful I have some developers that I managed who like you were road warriors. They logged in to the https web page w/ their username and password which grabbed their IP address and stored it in a table on with their login id. The script called fud (for firewall update daemon) connected to the db and ran a query to check for any rule changes. If there were it would apply them to the rule set and clear the change flag. Using this combination I was able to allow ssh access only to the necessary ip addresses. I kind of scrapped it when VPNs became easier to deploy and I have no idea where this set of scripts are now, but it would be rather trivial to build a new version. If anyone thinks it's worth revisiting hit me off list. Maybe I'll have to learn how to do a VPN from FreeBSD One thought that occurs to me is that pf tables would provide a direct API without having to hit a database. I think I really like this. I may have to implement it for pf. It should be really easy with CGI and calls to pfctl. -- There's probably a dozen ways to slice it now. I went with php, mysql and ipfw, just because that was the theme back then. I also found it handy to be able to login into the system and manually enter the ip addressing if necessary. I would definitely add some better logging than I did back then. Hmmm giving me an idea for another article on BSDNews.net... ;-) cheers, m! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting MFS from Secondary Partition
Fbsd1 writes: There is hard coded logic that is stopping you from doing what you want. Looks like you are SOL. Me thinks you are absolutely correct. I was only hoping I was doing something wrong and a slight syntax change would make it work. Thank you and thanks to Maciej Milewski m...@dat.pl for his suggestion. I have one last trick up my sleve before giving up completely on this idea. Maybe I can hijack one of the rc.x scripts to cause it to spew a memory disk image of the mfsboot code on to the freshly-unmounted /dev/ad0 device during a reboot. Since the goal is to completely rebuild the system anyway, this would be the last gasp of the present system as it gets ready to reboot, hopefully with mfsbsd and all hard drives dismounted. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 15:44:39, John wrote: Maybe I'll have to learn how to do a VPN from FreeBSD One thought that occurs to me is that pf tables would provide a direct API without having to hit a database. I think I really like this. I may have to implement it for pf. It should be really easy with CGI and calls to pfctl. There's already a mechanism whereby you can connect into a PF firewall and have it open up extra access for you, all controlled by ssh keys. See: http://www.openbsd.org/faq/pf/authpf.html Not only that, but you can dynamically block brute force attempts to crack SSH passwords using just PF -- no need to scan through auth.log or use an external database. You need something like this in pf.conf: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if from ssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) This adds IPs to the ssh-bruteforce table if there are too frequent attempts to connect from them (more than 3 within 30 seconds in this case) and so blocks all further access. You need to run a cron job to clear out old entries from the ssh-bruteforce table or it will grow continually over time: */12 * * * */sbin/pfctl -t ssh-bruteforce -T expire 86400 /dev/null 21 Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRKtwACgkQ8Mjk52CukIyodQCfZ42OO6DstB5TFCY49uP0KaZl Y+wAn3sBhwad03EGKioC7vBhcqE2vHvP =awJ9 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Port/package install preview
On 03/05/10 16:43, Anselm Strauss wrote: Hi, is it possible to do a real preview with portupgrade? I want to see all ports that would be installed/upgraded when installing a particular port. The --noexecute option doesn't really show me a lot. How would this be done with packages? pkg_add would have to download all packges first to be able to calculate all dependencies, or can it operate on an index file? Anselm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Hello ! Take a look at the 'ports' manpage and you will find a mean on how to get useful information on the ports collection (configuring building discover dependencies etc..) : http://www.freebsd.org/cgi/man.cgi?query=portsapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html Examples * fetch-list Show list of files to be fetched in order to build the port. * run-depends-list, build-depends-list Print a list of all the compile and run dependencies, and dependencies of those dependencies, by port directory. etc... d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 15:51:52, Randal L. Schwartz wrote: The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. Having an IPv6-only high-mx seems to terminally confuse most spambots... Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRLEAACgkQ8Mjk52CukIw//gCfS3MaEN0c+8gaHqS8RbQq/Nsz KtEAnRb5oIrwk4DGMR4uzfB+tO5mh/sp =Duju -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't install octave
On 2010-Mar-05, 16:47, Jan Henrik Sylvester wrote: There has been one more commit on that port: http://www.freebsd.org/cgi/cvsweb.cgi/ports/x11-toolkits/fltk/files/patch-src_filename_list.cxx.diff?r1=1.4;r2=1.5;f=h That one looks suspicious because (__FreeBSD_version = 73) make the clauses before obsolete. Before that commit, the condition was true for 8-STABLE and 9-CURRENT, but not for 8.0-RELEASE or 7-ANYTHING. The commit was supposed to fix 7.3-RELEASE (and probably 7-STABLE) but changed the behavior for 8.0-RELEASE, too, which probably has not been intended. Good catch! Fixed, thanks! -- Pietro Cerutti The FreeBSD Project g...@freebsd.org PGP Public Key: http://gahr.ch/pgp pgpVMSdqSmWYD.pgp Description: PGP signature
Re: Flash viewer for FBSD
* daniele (gl...@live.com) wrote: HI ! I tested the process of installing firefox/opera and flash plugin. Everything run on my system FreeBSD 8, even though I did not stress browser plugin. Here's all the step that I took to make the flash plugin work for firefox and opera (basically I followed the handbook). --- Installed /usr/ports/emulators/linux_base-f10 --- kldload linux --- mount linprocfs --- installed /usr/ports/www/linux-f10-flashplugin10/ (--- installed /usr/ports/www/nspluginwrapper) (--- ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so /usr/local/lib/browser_plugins/ ) (--- as normal user I executed nspluginwrapper ... etc) --- installed ___NATIVE FREEBSD version___ of Opera [/usr/ports/www/opera] --- installed /usr/ports/www/opera-linuxplugins/. Still does NOT work! I also tried deinstalling all stuffs, which were installed in the previous sessions. And then I tried installing them again as followings (excerpted from handbook). emulator/linux_base-f10 www/linux-f10-flashplugin10 www/nspluginwrapper # ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so /usr/local/lib/browser_plugins/ % nspluginwrapper -v -a -i (normal user) # mount -t linprocfs linproc /usr/compat/linux/proc www/opera (native FBSD) www/opera-linuxplugins Again, it still does NOT work! (Note that only missing from the previous session is ``kldload linux'', which was loaded at boot time.) Or the problem is that I cvsup(ed) from 7.1 to 7.2 and then csup(ed) to 8.0. Some libraries are probably not updated??? But ``make install'' success, so libraries should not be problems. I don't know. FBSD should make it simpler than this. Some Linux distros, flash plug-ins are installed in default configuration. But I shall not go back to Linux, anyway. :-) Actually, I only want to study Unix console, C language and some administrations. In GUI world, I only want to point and click. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes: Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote: The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. Matthew Having an IPv6-only high-mx seems to terminally confuse most spambots... Oooh! And arpnetworks gives me a /48 in 6 for free. I could have thousands of them. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Port/package install preview
That gives me some static information on the ports requirements. But I would like a preview of what rests to be done. Some ports have a lot of dependencies, most of them are already installed. Can ports also incorporate the current state of installed packages? On Fri, Mar 5, 2010 at 5:01 PM, daniele gl...@live.com wrote: On 03/05/10 16:43, Anselm Strauss wrote: Hi, is it possible to do a real preview with portupgrade? I want to see all ports that would be installed/upgraded when installing a particular port. The --noexecute option doesn't really show me a lot. How would this be done with packages? pkg_add would have to download all packges first to be able to calculate all dependencies, or can it operate on an index file? Anselm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Hello ! Take a look at the 'ports' manpage and you will find a mean on how to get useful information on the ports collection (configuring building discover dependencies etc..) : http://www.freebsd.org/cgi/man.cgi?query=portsapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html Examples * fetch-list Show list of files to be fetched in order to build the port. * run-depends-list, build-depends-list Print a list of all the compile and run dependencies, and dependencies of those dependencies, by port directory. etc... d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On 03/05/10 17:12, Pongthep Kulkrisada wrote: * daniele (gl...@live.com) wrote: HI ! I tested the process of installing firefox/opera and flash plugin. Everything run on my system FreeBSD 8, even though I did not stress browser plugin. Here's all the step that I took to make the flash plugin work for firefox and opera (basically I followed the handbook). --- Installed /usr/ports/emulators/linux_base-f10 --- kldload linux --- mount linprocfs --- installed /usr/ports/www/linux-f10-flashplugin10/ (--- installed /usr/ports/www/nspluginwrapper) (--- ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so /usr/local/lib/browser_plugins/ ) (--- as normal user I executed nspluginwrapper ... etc) --- installed ___NATIVE FREEBSD version___ of Opera [/usr/ports/www/opera] --- installed /usr/ports/www/opera-linuxplugins/. Still does NOT work! I also tried deinstalling all stuffs, which were installed in the previous sessions. And then I tried installing them again as followings (excerpted from handbook). emulator/linux_base-f10 www/linux-f10-flashplugin10 www/nspluginwrapper # ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so /usr/local/lib/browser_plugins/ % nspluginwrapper -v -a -i (normal user) # mount -t linprocfs linproc /usr/compat/linux/proc www/opera (native FBSD) www/opera-linuxplugins Again, it still does NOT work! (Note that only missing from the previous session is ``kldload linux'', which was loaded at boot time.) Or the problem is that I cvsup(ed) from 7.1 to 7.2 and then csup(ed) to 8.0. Some libraries are probably not updated??? But ``make install'' success, so libraries should not be problems. I don't know. FBSD should make it simpler than this. Some Linux distros, flash plug-ins are installed in default configuration. But I shall not go back to Linux, anyway. :-) Actually, I only want to study Unix console, C language and some administrations. In GUI world, I only want to point and click. Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org hmmm... :-/ is at least now the web browser opera working ? d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:12:11, Randal L. Schwartz wrote: Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes: Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote: The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. Matthew Having an IPv6-only high-mx seems to terminally confuse most spambots... Oooh! And arpnetworks gives me a /48 in 6 for free. I could have thousands of them. :) Thousands? Try billions. Sagans and sagans. More than the maximum possible number of hosts on the IPv4 internet. Muha ha Ha! Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRL5MACgkQ8Mjk52CukIzRQQCglZbgUd+Or9l/EQaBCUMoE2DN oE4Anjq34Oi7OOSgfFGn8/Znu9KAoWHU =XQGR -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: how to reset high scores on gnome games
Aryeh M. Friedman aryeh.fried...@gmail.com writes: See subject See /usr/ports/games/gnome-games/pkg-install -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Port/package install preview
On Fri, 5 Mar 2010, Anselm Strauss wrote: is it possible to do a real preview with portupgrade? I want to see all ports that would be installed/upgraded when installing a particular port. The --noexecute option doesn't really show me a lot. It shows what portupgrade would do, which is nothing if that port isn't already installed. If you're looking at installing a new port, portinstall may act differently. But I prefer to just cd to the port directory and do 'make missing'. 'make fetch-list' will show the fetch commands. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Port/package install preview
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:14:12, Anselm Strauss wrote: That gives me some static information on the ports requirements. But I would like a preview of what rests to be done. Some ports have a lot of dependencies, most of them are already installed. Can ports also incorporate the current state of installed packages? I think 'portmaster -n' is probably your best bet for this. Ports certainly does take account of what has already been installed either from ports or packages -- remember that a package is basically an installed port: once the bits have hit the disk platter it doesn't matter whether they came from a local compilation or were downloaded as a package tarball. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRMPYACgkQ8Mjk52CukIwj/gCdEhI27ylg1bFV62vXsw4odbfE RJkAn1EJXo1TIkWTxz6qxJOusjBfdcRt =aDm9 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
mikel king wrote: Way back about 10 years ago, I was playing around with IPFW a lot. I wrote a script to update IPFW from changes made to a MySql db. It was a just for fun project, that turned out to be rather useful I have some developers that I managed who like you were road warriors. They logged in to the https web page w/ their username and password which grabbed their IP address and stored it in a table on with their login id. The script called fud (for firewall update daemon) connected to the db and ran a query to check for any rule changes. If there were it would apply them to the rule set and clear the change flag. Using this combination I was able to allow ssh access only to the necessary ip addresses. We use a similar approach but only rely on tcpwrappers. Here's what we do (simplified obfuscated slightly), just for reference (or, maybe commentary :-D ) On server: [505] Fri 05.Mar.2010 10:21:37 [ad...@foo][~] cat /etc/hosts.allow | grep sshd # Wrapping sshd(8) is not normally a good idea, but if you sshd: /var/tmp/skyangel.ip : allow sshd: all : deny On skyangel: [13] Fri 05.Mar.2010 10:22:56 [ad...@skyangel][~] sudo crontab -l |grep dhcp @reboot /usr/local/bin/php -q /root/scripts/dhcp.php * */4*** /usr/local/bin/php -q /root/scripts/dhcp.php dhcp.php uses lynx to dump a server-side HTTPS page and sends a secret in the URI. Server-side page is able to decrypt this and determine it's really skyangel, then writes the connecting IP addy to /var/tmp/skyangel.ip. KDK ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Port/package install preview
On 03/05/10 17:14, Anselm Strauss wrote: That gives me some static information on the ports requirements. But I would like a preview of what rests to be done. Some ports have a lot of dependencies, most of them are already installed. Can ports also incorporate the current state of installed packages? On Fri, Mar 5, 2010 at 5:01 PM, daniele gl...@live.com mailto:gl...@live.com wrote: On 03/05/10 16:43, Anselm Strauss wrote: Hi, is it possible to do a real preview with portupgrade? I want to see all ports that would be installed/upgraded when installing a particular port. The --noexecute option doesn't really show me a lot. How would this be done with packages? pkg_add would have to download all packges first to be able to calculate all dependencies, or can it operate on an index file? Anselm ___ freebsd-questions@freebsd.org mailto:freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org mailto:freebsd-questions-unsubscr...@freebsd.org Hello ! Take a look at the 'ports' manpage and you will find a mean on how to get useful information on the ports collection (configuring building discover dependencies etc..) : http://www.freebsd.org/cgi/man.cgi?query=portsapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html http://www.freebsd.org/cgi/man.cgi?query=portsapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html Examples * fetch-list Show list of files to be fetched in order to build the port. * run-depends-list, build-depends-list Print a list of all the compile and run dependencies, and dependencies of those dependencies, by port directory. etc... d Well, I don't know if there's already some pre-packaged tool to retrieve the information you need. In the worst case, I suppose one should set up a script that makes use of that static information + the information provided by pkg_info to reach the goal... but that's just a guess d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pf overload for SMTP (was: Thousands of ssh probes)
On Fri, Mar 05, 2010 at 04:01:32PM +, Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 15:44:39, John wrote: Maybe I'll have to learn how to do a VPN from FreeBSD One thought that occurs to me is that pf tables would provide a direct API without having to hit a database. I think I really like this. I may have to implement it for pf. It should be really easy with CGI and calls to pfctl. There's already a mechanism whereby you can connect into a PF firewall and have it open up extra access for you, all controlled by ssh keys. See: http://www.openbsd.org/faq/pf/authpf.html Not only that, but you can dynamically block brute force attempts to crack SSH passwords using just PF -- no need to scan through auth.log or use an external database. You need something like this in pf.conf: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if from ssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) This adds IPs to the ssh-bruteforce table if there are too frequent attempts to connect from them (more than 3 within 30 seconds in this case) and so blocks all further access. You need to run a cron job to clear out old entries from the ssh-bruteforce table or it will grow continually over time: */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 86400 /dev/null 21 Cheers, Matthew Is there any reason one couldn't do something similar for SMTP? Maybe a little wider sample window, like 10/300? Or would you end up blocking too any things that you don't mean to block? Anyone played with this for SMTP? -- John Lind j...@starfire.mn.org The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries. - Winston Churchill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, Mar 5, 2010 at 5:12 PM, Pongthep Kulkrisada ptkris...@gmail.com wrote: Or the problem is that I cvsup(ed) from 7.1 to 7.2 and then csup(ed) to 8.0. If you csup, you update only /usr/src (or /usr/ports). Have you actually updated the system and the ports as well? FBSD should make it simpler than this. It should. But what can we do if Adobe doesn't even acknowledge our existence and refuses to provide a FreeBSD version of their Flash player? Some Linux distros, flash plug-ins are installed in default configuration. But I shall not go back to Linux, anyway. :-) Sure, Linux has a bigger market share, so they get enough love from Adobe... though I understand that Flash support for Linux/x86-64 isn't all that good either (?). Actually, I only want to study Unix console, C language and some administrations. In GUI world, I only want to point and click. As said, if all else breaks, try running OpenSolaris (or a Linux distro) as a guest OS inside VirtualBox. This way, you have the best of both worlds. Thanks, Pongthep -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf overload for SMTP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:35:07, John wrote: Is there any reason one couldn't do something similar for SMTP? Maybe a little wider sample window, like 10/300? Or would you end up blocking too any things that you don't mean to block? Anyone played with this for SMTP? You can do this with SMTP, but I'm not sure quite how useful it would be given the different usage patterns for e-mail. (I've applied it quite happly for FTP servers, for example) If you want to do some pf-level antispam stuff, then look at spamd -- in the ports as obspamd to prevent confusion with SpamAssassin's spamd. http://www.openbsd.org/cgi-bin/man.cgi?query=spamdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html This implements greylisting, greytrapping and teergrube against addresses blacklisted as spam sources. Last I checked it only worked on IPv4 though. It's a fairly light-weight means of eliminating quite a lot of spam, but it should be used in conjunction with other MTA mediated anti-spam techniques, for example SpamAssassin Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuRNOEACgkQ8Mjk52CukIzcGACePJLeg/yorVq8vpVA6Nr7WBbI FksAn0hkNVrOo/m9o5gClh7J7zGoWdvU =JW5l -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Hi, Am 05.03.10 17:01, schrieb Matthew Seaman: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if fromssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overloadssh-bruteforce flush global) that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds. That means you will also block users they are allowed to connect. Gruss, Matthias -- Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning. -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* daniele (gl...@live.com) wrote: hmmm... :-/ is at least now the web browser opera working ? Yes it is working. Thanks for your prompt response. Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* daniele (gl...@live.com) wrote: hmmm... :-/ is at least now the web browser opera working ? [edit]Yes, it is working but without flash. [/edit] Thanks for your prompt response. Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Fri, Mar 05, 2010 at 05:54:50PM +0100, Matthias Fechner wrote: Hi, Am 05.03.10 17:01, schrieb Matthew Seaman: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if fromssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overloadssh-bruteforce flush global) that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds. That means you will also block users they are allowed to connect. OK - that's good to know - but I'm not using subversion at this time, and this is working nicely so far. I've already picked off one hacker. # pfctl -t ssh-bruteforce -T show No ALTQ support in kernel ALTQ related functions disabled 218.56.61.114 Mar 5 10:40:05 elwood sshd[18452]: Invalid user test from 218.56.61.114 Mar 5 10:40:10 elwood sshd[18457]: Invalid user admin from 218.56.61.114 Apparently got him on the third attempt, just as advertised. -- John Lind j...@starfire.mn.org The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries. - Winston Churchill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:54:50, Matthias Fechner wrote: Hi, Am 05.03.10 17:01, schrieb Matthew Seaman: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if fromssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overloadssh-bruteforce flush global) that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds. That means you will also block users they are allowed to connect. Yes. Almost all of the time I use this I've also had a ssh-whitelist table -- addresses that will never be blocked in this way. Like this: table ssh-bruteforce persist table ssh-whitelist const { \ 81.187.76.160/29 \ 2001:8b0:151:1::/64 \ } persist block drop in log quick on $ext_if from ssh-bruteforce pass in on $ext_if proto tcp \ from ssh-whitelist to $ext_if port ssh \ flags S/SA keep state pass in on $ext_if proto tcp \ from !ssh-whitelist to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAkuROYMACgkQ8Mjk52CukIwA7ACfcngE3ZsQmRAoTY7sW9aqXfLv IW8Al1Pl4OaGfWbytHAYrfqnWYpNs40= =Yg12 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On Fri, Mar 05, 2010 at 05:04:03PM +, Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:54:50, Matthias Fechner wrote: Hi, Am 05.03.10 17:01, schrieb Matthew Seaman: table ssh-bruteforce persist [...near the top of the rules section...] block drop in log quick on $ext_if fromssh-bruteforce [...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overloadssh-bruteforce flush global) that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds. That means you will also block users they are allowed to connect. Yes. Almost all of the time I use this I've also had a ssh-whitelist table -- addresses that will never be blocked in this way. Like this: table ssh-bruteforce persist table ssh-whitelist const { \ 81.187.76.160/29 \ 2001:8b0:151:1::/64 \ } persist block drop in log quick on $ext_if from ssh-bruteforce pass in on $ext_if proto tcp \ from ssh-whitelist to $ext_if port ssh \ flags S/SA keep state pass in on $ext_if proto tcp \ from !ssh-whitelist to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) Ah. I see. That's clever. Rather than overriding the bruteforce list, which would require getting rid of quick, you use whitelist to prevent things from ever going into the bruteforce table. Nice! I have just switched to pf from ipfw, so I am still learning the nuances and style points. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* C. P. Ghost (cpgh...@cordula.ws) wrote: If you csup, you update only /usr/src (or /usr/ports). Have you actually updated the system and the ports as well? % uname -a FreeBSD bsdhost.localdomain 8.0-STABLE FreeBSD 8.0-STABLE #0: Tue Dec 1 19:12:37 ICT 2009 r...@bsdhost.localdomain:/usr/obj/usr/src/sys/GENERIC i386 But port tree is very large. I only update the followings. ports-base ports-archivers ports-audio ports-devel ports-dns ports-editors ports-emulators ports-ftp ports-graphics ports-lang ports-mail ports-misc ports-net ports-security ports-sysutils ports-www I reinstall only some ports, which I considerd important. It should. But what can we do if Adobe doesn't even acknowledge our existence and refuses to provide a FreeBSD version of their Flash player? Sad... Sure, Linux has a bigger market share, so they get enough love from Adobe... though I understand that Flash support for Linux/x86-64 isn't all that good either (?). They will tend to FreeBSD some day, much better. IMHO, the best OS is FreeBSD. The best OS with GUI is OS-X. Both are BSDs. As said, if all else breaks, try running OpenSolaris (or a Linux distro) as a guest OS inside VirtualBox. This way, you have the best of both worlds. I don't want to. Even now I have 2 OSes installed, I still hate it. In fact, 90% I boot of FreeBSD (at home). Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: video cam with room view for FreeBSD
Message: 23 Date: Fri, 05 Mar 2010 16:33:43 +0100 From: Bas v.d. Wiel b...@kompasmedia.nl Subject: Re: video cam with room view for FreeBSD Skype Cc: freebsd-questions@freebsd.org Message-ID: 4b912457.5040...@kompasmedia.nl Content-Type: text/plain; charset=ISO-8859-1; format=flowed SNIP! In the past I've had reasonable succes using a standard camcorder over firewire to do things like this. It's been a few years though. If using firewire isn't an issue for you, I'd be happy to delve into my pile of notes and see if I can find you something of a howto. The advantage of a firewire camera is in the much more standardized protocol between PC and camera. Bas USB cameras are starting to implement a standard protocol as well: http://en.wikipedia.org/wiki/USB_video_device_class (Shortened to UVC) It is apparently a requirement for USB and Vista certification. From the Wikipedia page: FreeBSD Not implemented yet, there are patches available which make Linux kernel USB mediadrivers work in userspace by using an asynchronous USB interface. It's the first OS allowing to have an entire highspeed USB driver in userland. Regards, James Phillips __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Hi, Am 05.03.2010 18:10, schrieb John: I have just switched to pf from ipfw, so I am still learning the nuances and style points. I switched now to security/sshguard-pf. It works perfectly and blocks also via pf. Blocking is working there with: table sshguard persist block in log quick proto tcp from sshguard to any label ssh bruteforce probability 85% So I let 15% of the pakets through in the hope that will slow down this brute force attacks and I can protect in this step other hosts. Hopefully the attacker keeps then longer in my tarpit. Bye Matthias -- Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning. -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, Mar 5, 2010 at 6:12 PM, Pongthep Kulkrisada ptkris...@gmail.com wrote: * C. P. Ghost (cpgh...@cordula.ws) wrote: If you csup, you update only /usr/src (or /usr/ports). Have you actually updated the system and the ports as well? % uname -a FreeBSD bsdhost.localdomain 8.0-STABLE FreeBSD 8.0-STABLE #0: Tue Dec 1 19:12:37 ICT 2009 r...@bsdhost.localdomain:/usr/obj/usr/src/sys/GENERIC i386 So your system is approx. 4 months old, despite you cvsup-ping? As said, if all else breaks, try running OpenSolaris (or a Linux distro) as a guest OS inside VirtualBox. This way, you have the best of both worlds. I don't want to. Even now I have 2 OSes installed, I still hate it. In fact, 90% I boot of FreeBSD (at home). That's understandable. I boot FreeBSD/amd64 almost exclusively too. Only when I absolutely need Flash (and I very seldom do), I fire up VirtualBox on FreeBSD with a little OpenSolaris installation. Since this OpenSolaris guest lives in a single VirtualBox disk image, it doesn't clutter up my FreeBSD system, contrary to the whole Linux compat shims and RPMs needed to run the linux flash plugin. Of course, it's all a matter of personal tastes, likes and dislikes. I'd rather have a native flash plugin for FreeBSD/amd64 too (Firefox and Opera), but this is unlikely in the near future, knowing the miserable track record of Adobe's FreeBSD support. ;-) Thanks, Pongthep Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd install from floppy
Illoai, Thanks a lot! Your solution works - system is up and running now :-) However, in such a case I really cannot understand why nobody can change just one parameter and put the file in a proper place in ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/ . It can simplify life for many people. Thanks again for your help. Take care, Piotr On 4 March 2010 05:51, ill...@gmail.com ill...@gmail.com wrote: On 3 March 2010 07:33, Piotr Lukawski plukaw...@googlemail.com wrote: Dears, I need to install Freebsd 8.0 using floppy and then ftp, but there are no floppy images in ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/ ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/ mentioned in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html I tried so install Freebsd 7 using availiable floppy (successful) and update it to 8.0 (after 3 days finally error and now now whole /usr directory so I am stacked). Could you please produce install floppy images for Freebsd 8.0? Please please please. I have no power to do the install of 7, upgrade and fail again :-( Thanks in adavance. Piotr Have you tried installing 8.0-RELEASE from your 7.x floppies? I have heard rumour that it is possible by just changing the release name under View/Set Various Installation Options. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Thousands of ssh probes Friday, March 5, 2010 1:54 PM From: John j...@starfire.mn.org To: freebsd-questions@freebsd.org My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? -- John Lind j...@starfire.mn.org * Hi John, I'm using pf as a firewall on FreeBSD. I used this handy website: http://www.bgnett.no/~peter/pf/en/bruteforce.html and especially this part: max-src-conn is the number of simultaneous connections you allow from one host. In this example, I've set it at 100, in your setup you may want a slightly higher or lower value. max-src-conn-rate is the rate of new connections allowed from any single host, here 15 connections per 5 seconds. Again, you are the one to judge what suits your setup. I then looked at ssh itself. Key-based authentication only is what I'm allowing on my network now and I have put the AllowUsers directive in my sshd_config. At the moment I'm so paranoid that I'm reading into this Mandatory Access Control part of the handbook as well. Good luck,Dino ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, 5 Mar 2010, Pongthep Kulkrisada wrote: Or the problem is that I cvsup(ed) from 7.1 to 7.2 and then csup(ed) to 8.0. Some libraries are probably not updated??? But ``make install'' success, so libraries should not be problems. I don't know. When you upgrade from 7.x to 8.x, it's necessary to rebuild *all* ports. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Replies interspersed On 3/5/10, John j...@starfire.mn.org wrote: On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote: On 03/05/10 06:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. I've been in that same boat. I eventually came to the decision to: Install PPTP server software, accepting connections from any IP. Once connected with PPTP, edit the sshd rule in pf to allow sshd connections. Optionally reconnect for sshd only. It's worked well. -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/2010 16:12:11, Randal L. Schwartz wrote: Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes: Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote: The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. Matthew Having an IPv6-only high-mx seems to terminally confuse most spambots... Oooh! And arpnetworks gives me a /48 in 6 for free. I could have thousands of them. :) Thousands? Try billions. Sagans and sagans. More than the maximum possible number of hosts on the IPv4 internet. Muha ha Ha! I'd think we might have to increase the size of the container for /etc/rc.conf to do that, though? At any rate, that'd be a lot of ifconfig to read/edit/etc. KDK ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Calculating kernel/user/idle time
What's the proper way to calculate kernel/user/idle time? I know the raw values come from sysctl kern.cp_time, but these values need to be massaged based on the number of CPUs and so on. Can someone explain briefly what the algorithm is calculating the final percentages representing these times. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd install from floppy
On 5 March 2010 13:51, Piotr Lukawski plukaw...@googlemail.com wrote: On 4 March 2010 05:51, ill...@gmail.com ill...@gmail.com wrote: On 3 March 2010 07:33, Piotr Lukawski plukaw...@googlemail.com wrote: Dears, I need to install Freebsd 8.0 using floppy and then ftp, but there are no floppy images . . . Could you please produce install floppy images for Freebsd 8.0? Please please please. I have no power to do the install of 7, upgrade and fail again :-( Have you tried installing 8.0-RELEASE from your 7.x floppies? I have heard rumour that it is possible by just changing the release name under View/Set Various Installation Options. Illoai, Thanks a lot! Your solution works - system is up and running now :-) However, in such a case I really cannot understand why nobody can change just one parameter and put the file in a proper place in ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/8.0-RELEASE/floppies/. It can simplify life for many people. I'm glad it worked for you. :) I'm not aware of why the floppy images are no longer being generated, however, just repackaging the 7.x floppies is probably not the best idea: you can select a couple of options under 7.x that will likely break an 8.x install (I'm under the impression that Dangerously Dedicated disks do this). -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, 5 Mar 2010 18:54:40 +0100 C. P. Ghost cpgh...@cordula.ws articulated: Of course, it's all a matter of personal tastes, likes and dislikes. I'd rather have a native flash plugin for FreeBSD/amd64 too (Firefox and Opera), but this is unlikely in the near future, knowing the miserable track record of Adobe's FreeBSD support. ;-) There are dozens of utility programs available for Windows that I would love to have available on FreeBSD; however, that just is not going to happen. I have personally contacted the authors of several of these programs and have been told that they have no intention in investing countless time and money on a product that they would never be able to make a profit on. My absolute favorite password manager/generator RoboForm, said that they would probably never invest in a *.nix version. They couldn't see how they could generate a profit doing so. Plus, I was told that due to the number of 'flavors' that *.nix/BSD comes in, writing and support would be enormous. However, they said they would keep it in mind. Adobe, a commercial entity, obviously feels that the cost of supporting the FreeBSD community is not a financially prudent business venture. In the finally analysis, it is their product to do with as they see fit, unless the socialist EC starts to stick their fascist nose into someone else's business. Adobe never stated that they would support FreeBSD; at least as far as I can tell. That would sort of eliminate any pseudo Breach of Contract accusation against them. -- Jerry ges...@yahoo.com |=== |=== |=== |=== | Fortune favors the lucky. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Calculating kernel/user/idle time
In the last episode (Mar 05), Peter Steele said: What's the proper way to calculate kernel/user/idle time? I know the raw values come from sysctl kern.cp_time, but these values need to be massaged based on the number of CPUs and so on. Can someone explain briefly what the algorithm is calculating the final percentages representing these times. They shouldn't need to be massaged. Just sample the values at two intervals, and your percentages can be calculated by dividing each delta by the sum of the deltas (since the sum equals the total CPU usage over the interval, by definition). If you want to calculate per-cpu usage, use the kern.cp_times sysctl instead. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 05/03/2010 13:26, John wrote: Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. What about the option of vpn access ? Mike Woods Full of squishy cynicism ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
It looks very bad for browsing web without flash viewer. I think it looks great - no ads !!! Hurray !!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting MFS from Secondary Partition
Martin McCormick wrote: Fbsd1 writes: There is hard coded logic that is stopping you from doing what you want. Looks like you are SOL. Me thinks you are absolutely correct. I was only hoping I was doing something wrong and a slight syntax change would make it work. Thank you and thanks to Maciej Milewski m...@dat.pl for his suggestion. I have one last trick up my sleve before giving up completely on this idea. Maybe I can hijack one of the rc.x scripts to cause it to spew a memory disk image of the mfsboot code on to the freshly-unmounted /dev/ad0 device during a reboot. Since the goal is to completely rebuild the system anyway, this would be the last gasp of the present system as it gets ready to reboot, hopefully with mfsbsd and all hard drives dismounted. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org just dd the image to what ever drive you want ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Tim == Tim Judd taj...@gmail.com writes: Tim I've been in that same boat. I eventually came to the decision to: Tim Install PPTP server software, accepting connections from any IP. Whoa. Here we are, talking about making it *more* secure, and you go the other direction http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol In short, you can't take anyone seriously who suggests PPTP when talking about security. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
amd64 won't install on Core Duo
The amd64 arch installer for 8.0-RELEASE fails to start on a ThinkPad T60 with an Intel Centrino Core Duo. What am I doing wrong? error message: CPU doesn't support long mode -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgppIKPpWPaUa.pgp Description: PGP signature
Re: amd64 won't install on Core Duo
On 3/5/2010 6:28 PM, Chad Perrin wrote: The amd64 arch installer for 8.0-RELEASE fails to start on a ThinkPad T60 with an Intel Centrino Core Duo. What am I doing wrong? error message: CPU doesn't support long mode You have a CPU that does not have 64-bit extensions. You need to install the i386 version. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
Randal L. Schwartz wrote: Tim == Tim Judd taj...@gmail.com writes: Tim I've been in that same boat. I eventually came to the decision to: Tim Install PPTP server software, accepting connections from any IP. Whoa. Here we are, talking about making it *more* secure, and you go the other direction http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol In short, you can't take anyone seriously who suggests PPTP when talking about security. Especially since rolling out OpenVPN and your own little CA to issue yourself and your 10 best friends certificates is pretty easy. I find it easier to wrap my head around than something like IPSEC for supporting a trusted server on trusted network attached to by laptops that wander around in sometimes sleazy parts of the Internet model. Just make sure you've kept up to date with your SSL libraries. :-) --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, Mar 5, 2010 at 5:02 PM, Graham Bentley ad...@cpcnw.co.uk wrote: It looks very bad for browsing web without flash viewer. I think it looks great - no ads !!! Hurray !!! Bingo! If the OP wants M$-like flash support, then . . . well . . . use M$ (and its friend$). It's not really fair to complain about the admirable work of fBSD devs. Keep in mind that they volunteer their time. If fBSD (or anything else) is not suiting your needs, either fix it or go somewhere else. I'm sure the fBSD community would welcome a hack that gets m$-like flash support ;-) I find it a relief not to have those damn flash ads/nonsense flashing in front of me. FWIW - I did use gnash for a while and it wasn't too bad. Although, ny needs may not be comparable to the OP's. He really hasn't made that clear. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: amd64 won't install on Core Duo
On Fri, Mar 05, 2010 at 06:30:48PM -0600, Tim Daneliuk wrote: On 3/5/2010 6:28 PM, Chad Perrin wrote: The amd64 arch installer for 8.0-RELEASE fails to start on a ThinkPad T60 with an Intel Centrino Core Duo. What am I doing wrong? error message: CPU doesn't support long mode You have a CPU that does not have 64-bit extensions. You need to install the i386 version. Oh, crap, you're right. I was thinking 64b, but it's 32b instruction set dual core. My mistake. Please disregard my brain-dead question. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpDOrtAoR8ll.pgp Description: PGP signature
[SOLVED] Re: How to get hints of software installed by Ports ?
Randal L. Schwartz wrote: Jonathan == Jonathan McKeown j.mcke...@ru.ac.za writes: Jonathan pkg_info -D I like pkg_info -DL 'port*', because it also shows *where* things got installed... sometimes, I can't find the conf files. :) Yeah , that helps. -- Best Regards, Aaron Lewis - PGP: 0xA476D2E9 irc: A4r0n on freenode ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 05/03/10 13:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? This is a frequent question on the list, search the archives. Basically there are few things that you can do: 1. limit the access to a range of IPs, for example, even if you travel a lot you go to al limited number of countries, why permit access from other continents? 2. limit access to certain users, there is no need to allow games or root user to authenticate via ssh. Use AllowUsers or AllowGroups to restrict access to real users. 3. limit the amount of concurrent non-authenticated connections, number of failed attempts and similar. 4. prohibit password authentication. If the problem is that these attacks consume significant bandwidth then moving your service to a different port may be a good solution, but if your concern is security, then the above is more effective. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [ fbsd_questions ] tar(1) vs. msdos_fs: a death_spiral ?
spellberg_robert wrote: greetings, all --- i confess that this one has me flummoxed. the short question: does tar(1) spit_up when extracting onto an msdos_fs hard_drive ? [ i tried the mailing_list archives tar AND msdos, for -questions, -chat, -bugs, -newbies, -performance ] [ other research as indicated ] i have no problem using tar(1) on ufs. large files, small files; if i am on ufs, everything is fine. i have been creating tarballs from medium_size msdos_fs drives, also. this worked fine. i would check them by extracting into a ufs root_point. no problem. this week, i tried to do something new. i wanted to take a tarball, already on ufs, that was created from an msdos_fs drive and extract it onto an msdos_fs drive. this, to me, actually seems like a reaasonable idea; but, what do i know ? well, it starts out just fine, but, it rapidly degenerates into what is, normally, infinite_loop land. when ps(1) says cpu_% of 1%, 2%, 5%; ok, it is an active process. in about ten minutes, tar(1) enters 90% cpu. after 20 minutes, 99%. i does not matter if X_windows is running. foreground or background process, no difference. it seems to be working correctly because the error_file is always of zero_size. i suspect that if i left it alone, after a few days, it would finish. some details [ everything is ufs, using 8kB/1kB, except /mnt, which is clustered as indicated; of course, the tarball is not named ball, nor is the path, to the tarball, named path, but, then, you knew that ]. mkdir /path_c mkdir /path_c/88_x mkdir /path_d mkdir /path_d/88_x mount -v -t msdos /dev/ad1s1 /mnt [ fat_32, about 6_GB, 4_KB cluster, the c:\ drive, primary partition. ] cd /mnt ( tar cvplf /path_c/99_ball.tar . /path_c/90_cvpl.out ) /path_c/91_cvpl.err[ real time 16m 07s, exit_status 0 ] cd / ; umount /mnt mount -v -t msdos /dev/ad1s5 /mnt [ fat_32, about 12_GB, 8_KB cluster, the d:\ drive, extended partition. ] cd /mnt ( tar cvplf /path_d/99_ball.tar . /path_d/90_cvpl.out ) /path_d/91_cvpl.err[ real time 20m 15s, exit_status 0 ] cd / ; umount /mnt cd /path_c/88_x ( tar xvplf ../99_ball.tar ../92_xvpl.out ) ../93_xvpl.err [ real time 08m 11s; exit_status 0 ] diff ../9[02]* [ exit_status 0; the tables_of_contents are the same ] ls -l ..[ visually inspect the error_files to be of zero_size - verified ] cd /path_d/88_x ( tar xvplf ../99_ball.tar ../92_xvpl.out ) ../93_xvpl.err [ real time 12m 37s; exit_status 0 ] diff ../9[02]* [ exit_status 0; the tables_of_contents are the same ] ls -l ..[ visually inspect the error_files to be of zero_size - verified ] [ note that this approach works; it is a good excuse to refill my coffee_cup. ] [ physically replace the source hard_drive w/ 80_GB capacity, 32_KB cluster, primary_partition only, virgin hard_drive. this destination hard_drive was fdisked and formated yesterday_morning; this drive was scandisked yesterday for 12 hours, using the thorough option, it has zero bad clusters [ i wanted to eliminate the drive as the problem ] ]. mount -v -t msdos /dev/ad1s1 /mnt mkdir /mnt/path_cc cd/mnt/path_cc ( tar xvplf /path_c/99_ball.tar ../92_xvpl.out ) ../93_xvpl.err[ started this at 18:05_utc, it is now about 21:35_utc; the toc_file, from the 8_minute extraction above, has 87517 lines in it; the current toc_file has only 12667 lines. ] [ this is the second hard_drive i have tried this on, this week; i will probably kill the process as xterm is being updated about 8 seconds apart, now. ] on the first hard_drive [ i have not done this on the second drive, yet ] i noted that i had a successful extraction on the ufs drive. not being the smartest person around, i had, what i thought to be, a --brilliant-- idea, what if i try a recursive copy of the successful extraction ? this is interesting; the recursive copy started_out like gang_busters, then, just like the extraction, slowly bogged_down to 99%_cpu. hmmm..., two different msdos_fs hard_drives, two different normally_reliable utilities, same progressive_hogging of the cpu. this makes me wonder about the msdos_fs hard_drive, which is, rapidly, becoming the only remaining common factor. ok. i tried the mailing lists. right now, i am web_page searching; tar(1) seems to be slow in some situations, but, i have not, yet,
Is there a way to know how much memory is currently allocated?
Does FreeBSD malloc library provide any API way to know how many bytes are currently allocated by the current process? Memory image size isn't adequate, since it's always much larger because of various reasons, like an extra-memory allocated for the needs of malloc library itself an also due to non-freed blocks, which are left allocated by the library. Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
On Fri, 5 Mar 2010 23:02:36 -, Graham Bentley ad...@cpcnw.co.uk wrote: It looks very bad for browsing web without flash viewer. I think it looks great - no ads !!! Hurray !!! I may politely add that exactly this is the reason I removed a working Flash support from my system. I rather like to see empty plug-in content boxes instead of being annoyed by Flash stuff that is mainly used for advertising. Have you noticed that Flash has taken the place of animated GIFs, adding sound and providing nothing that couldn't be done using existing standards? I'm sure you have. A growing part of today's web designers seem to have accepted Flash as a replacement for valid HTML, and even for invalid HTML. Have you ever heared of a modern web browser that forces you to install, let's say, a plugin for viewing JPG images, and this plugin is only available for an arbitrary chosen subset of operating systems, and loaded with patents and other cripple-stuff? And it forces you to have an up-to-date computer, of course, with an expensive OS (free OSes are out of scope already). And all the clever web designers now replace their working sites with JPG - even the text is given as a JPG image. And it is assumed that you have the plugin installed. And of course, there's a new version of the plugin every year. All this just to view a JPG image. Could you imagine such a stupid situation? It's so idiotic, but it's the reality. That's the situation with Flash. And as I have experienced it, I can honestly say that I'm fine without Flash. I may review my opinion, if given some reason to do so. But as it has already been mentioned, that's a very individual decision, based upon likes and dislikes. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 3/5/2010 7:44 PM, Erik Norgaard wrote: On 05/03/10 13:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? This is a frequent question on the list, search the archives. Basically there are few things that you can do: 1. limit the access to a range of IPs, for example, even if you travel a lot you go to al limited number of countries, why permit access from other continents? 2. limit access to certain users, there is no need to allow games or root user to authenticate via ssh. Use AllowUsers or AllowGroups to restrict access to real users. 3. limit the amount of concurrent non-authenticated connections, number of failed attempts and similar. 4. prohibit password authentication. If the problem is that these attacks consume significant bandwidth then moving your service to a different port may be a good solution, but if your concern is security, then the above is more effective. BR, Erik I solved this problem a slightly different way with dynamic TCP wrapper control: http://www.tundraware.com/Software/tperimeter/ -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* Warren Block (wbl...@wonkity.com) wrote: When you upgrade from 7.x to 8.x, it's necessary to rebuild *all* ports. Thanks for your suggestion, but it does not seem likely. All operating systems can always distinguish the system and packages. For instance, gcc is tightly coupled with the system, it will be upgraded automatically while upgrading the system. Some people only use console, they should rebuild all ports relating to their work. They do not have to rebuild KDE or GNOME, for example. I myself, after upgrading the system, I always rebuild MOST of textual ports like vim, fetchmail, apache, etc and all ports required by them. For GUI application, I keep updating ONLY web browser because the old version is usually prone to vulnerability issues. If it is not enough, please tell me. :-) Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* daniele (gl...@live.com) wrote: Dont worry I wanted to try to help for what I can. I installed the plugin this morning and I was curious. Thank you again for your kind. It's strange though. The plugin is there. I dont know if there's a kind of log somewhere to see if it sees it. I also don't know. :-( The last option I am thinking of in this respect is this : From the opera web browser interface find the menu tools and select it then - preferences - advanced Look at the content menu. Enable plugins item must be activated and then the plug-in options must show at least this path /usr/local/lib/npapi/symlinks/linux-opera and also inform that it finds the flash plugin. let me know ! But for the moment I can not think of anything more :-/ The followings are all enabled. animated images sound in Web pages JavaScript Java plug-ins JavaScript Options... blank path Java Options... blank path Plug-in Options... Detected plug-ins are blank Plug-in path are as followings. /usr/local/share/opera/plugins/ /usr/local/lib/npapi/symlinks/opera/ /usr/local/lib/npapi/symlinks/linux-opera/ Thanks, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
On 3/5/10, Randal L. Schwartz mer...@stonehenge.com wrote: Tim == Tim Judd taj...@gmail.com writes: Tim I've been in that same boat. I eventually came to the decision to: Tim Install PPTP server software, accepting connections from any IP. Whoa. Here we are, talking about making it *more* secure, and you go the other direction http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol In short, you can't take anyone seriously who suggests PPTP when talking about security. Randal, It's not meant as the solution for remote access. It's only a stopgap so you can ssh into your router and add the remote IP. Then disconnect from the VPN you've configured, PPTP or not, and use SSH. And the fact that I haven't (yet) seen random bots try vpn will keep my logs clean. I'm sorry, I respect Randal very much, but.. A) ..wikipedia? that's informative and useful, but not authoritative in any way. B) It's connected for maybe 5 minutes at most. While connected, your ssh session is still encrypted while you add the current remote IP. I stand by my statements. The other way (which requires a cron job) is to setup your roaming laptop with a dyndns address (or similar service) and have your router re-load it's firewall config periodically for any possible IPv4/IPv6 address changes to be picked up. I haven't done this to finish yet. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
That was just the quick summary. Google for PPTP security and you'll see a top link from Bruce Schneier who basically says no way to it. Sent from my iPhone, so blame Steve Jobs for any speeling misteaks. On Mar 5, 2010, at 9:20 PM, Tim Judd taj...@gmail.com wrote: ..wikipedia? that's informative and useful, but not authoritative in any way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xorg, xdm, desktop env
On 03/05/10 08:46, Frank Shute wrote: snip If you read the manpage for xdm(1) you will see that the script that is run on login is ~/.xsession Try putting exec wmaker in there. To run xdm from boot, you have to edit /etc/ttys and then: # kill -HUP 1 Look at this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-xdm.html Regards, Thank you kind sir. Now to figure out how to set the ~/.xsession file up automatically upon account creation (not an issue now, but might be later). -- Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscribed. signature.asc Description: OpenPGP digital signature
RE: Calculating kernel/user/idle time
They shouldn't need to be massaged. Just sample the values at two intervals, and your percentages can be calculated by dividing each delta by the sum of the deltas (since the sum equals the total CPU usage over the interval, by definition). If you want to calculate per-cpu usage, use the kern.cp_times sysctl instead. That's the detail I was missing, needing to take two samples. That should solve the problem I was having. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
In freebsd-questions Digest, Vol 300, Issue 10, Message: 6 On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman m.sea...@infracaninophile.co.uk wrote: On 05/03/2010 15:51:52, Randal L. Schwartz wrote: The spamtrap is a shiny object for spam, and anything that goes there gets blocked for an hour from hitting the low port. I presented this at a conference once. Having an IPv6-only high-mx seems to terminally confuse most spambots... I understand why IPv6 would confuse them, but don't follow why higher numbered MXs would be more attractive to them in the first place? Are they assuming a 'secondary' MX will be more likely to accept spam? cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xorg, xdm, desktop env
On Sat, 06 Mar 2010 00:10:56 -0600, Programmer In Training p...@joseph-a-nagy-jr.us wrote: On 03/05/10 08:46, Frank Shute wrote: snip If you read the manpage for xdm(1) you will see that the script that is run on login is ~/.xsession Try putting exec wmaker in there. To run xdm from boot, you have to edit /etc/ttys and then: # kill -HUP 1 Look at this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-xdm.html Regards, Thank you kind sir. A small addition: In order to be able to use X with an initialisation file even when not using XDM (i. e. starting X by startx) AND not having to maintain two startup files (.xsession and .xinitrc) AND furthermore incorporating shell settings for the shell of choice (default: the C shell), you can use this approach: ~/.xsession #!/bin/csh source ~/.cshrc exec ~/.xinitrc It incorporates the shell settings and then continues running as .xinitrc - so xdm can pick this up. If you run startx, .xsession isn't used, but .xinitrc is used. So this script contains what you want to automate, e. g. ~/.xinitrc #!/bin/sh [ -f ~/.xmodmaprc ] xmodmap ~/.xmodmaprc xrandr --fb 1400x1050 xrandr --size 1400x1050 xsetroot -solid rgb:3b/4c/7a xset b 100 1000 15 xset r rate 250 30 xset s off xset -dpms exec wmaker The #!/bin/sh at the beginning isn't needed, according to the documentation. Now to figure out how to set the ~/.xsession file up automatically upon account creation (not an issue now, but might be later). You can use /usr/share/skel for the templates, it will be used by the adduser program. Create dot.xsession in this directory and modify it according to your default settings. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Flash viewer for FBSD
* C. P. Ghost (cpgh...@cordula.ws) wrote: On Fri, Mar 5, 2010 at 6:12 PM, Pongthep Kulkrisada ptkris...@gmail.com wrote: % uname -a FreeBSD bsdhost.localdomain 8.0-STABLE FreeBSD 8.0-STABLE #0: Tue Dec 1 19:12:37 ICT 2009 r...@bsdhost.localdomain:/usr/obj/usr/src/sys/GENERIC i386 So your system is approx. 4 months old, despite you cvsup-ping? I don't know what do you mean. Normally, FBSD issues new STABLE RELEASE once a year (approx). Whenever new release or new branch is available, I shall do either wget iso images, or cvsup/csup and buildworld. The time between RELEASEs, there are patches. But FBSD teams stated that those patches are not well tested comparing to RELEASE. So I do not update the system until new STABLE RELEASE is available again. That's understandable. I boot FreeBSD/amd64 almost exclusively too. Only when I absolutely need Flash (and I very seldom do), I fire up VirtualBox on FreeBSD with a little OpenSolaris installation. Since this OpenSolaris guest lives in a single VirtualBox disk image, it doesn't clutter up my FreeBSD system, contrary to the whole Linux compat shims and RPMs needed to run the linux flash plugin. I did not install VirtualBox like VM Ware. I only use dual boot FBSD and Windows. I think many times to install VM Ware. But I am too lazy to do it. ;-p 1. In my opinion UFS2 is much more superior than NTFS. I'm not quite sure if UFS2 can reside in NTFS very well. (in case Windows is a host OS, and FBSD is a guest OS.) 2. My friend also suggests me that host OS can share device drivers to guest OS. I'm not sure, anybody can confirm this? if so, we can install FBSD on any laptops and use shared drivers from host OS (Windows or OS-X). Normally I only use console. My life with FBSD is not so colorful (excepted syntax highlighting in vim editor). I also have KDE installed. But I don't use it as much as console. Whenever I need flash (not often). I use my other computer (I have 2 computers) or reboot Windows. Cheers, Pongthep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org