On Monday, August 7, 2006, at 12:40:40, misc@openbsd.org wrote: > On 2006/08/07 11:46, Philip Olsson wrote: >> Im woundering if there exists a looking glass suitable for public access >> over http that uses the new read only socket in openbgpd ?
> http://null-ptr.net/sw/lg/ works - > besides the mentioned files you will need: > bgpd_flags="-r /var/www/var/run/bgpd.sock" > everything listed in `ldd /usr/sbin/bgpctl' output (ld.so, lib's) > you probably have /var set as nosuid, this means you can't > use ping/traceroute in the jail unless you're willing to relax > that (and you can't use sudo to run them since that too is > setuid). > Might be worth also pointing out some SSH modification here, > http://archives.neohapsis.com/archives/openbsd/2006-04/1811.html > which (I haven't tested, but..) should let you separate webserver > from routers and just forward the RO control socket on, which > makes a certain amount of sense to me, especially on a public > access setup. We have written our own, which also uses id_rsa keys and users on other route-servers. We had to give up with jailing apache cause too much problems happened and now we have the following: http://www.pl-ix.pl/tools.asp (.asp is fake of course, our programmer loves such playing, it's normal PHP file) If anyone want I can send sources or publish it somewhere ;-) -- Sylwester S. Biernacki <[EMAIL PROTECTED]> X-NET, http://www.xnet.com.pl/