Re: [Newbie] OpenBSD HTTP proxy
On Mon, Oct 08, 2007 at 10:00:34PM -0400, Jeremy Huiskamp wrote: > On 8-Oct-07, at 8:43 PM, Lars Noodin wrote: > > >Tony Bruguier wrote: > >... > >>I would like to install an HTTP proxy. > >... > > > >Squid is recommended. Read the directions carefully and you will have > >to make one or two changes to the configuration. > > > >Have squid listen localhost and then tunnel to get to it. > > What's the point of getting squid involved? Putty does SOCKS > proxying does it not? > > Jeremy Yep. There is no need for any proxy software if he can just ssh -D with putty and configure his browser to use that.
Re: How to track port updates in stable?
On Fri, Aug 03, 2007 at 06:35:51PM -0500, Todd Pytel wrote: > I don't spend as much time following OpenBSD as I used to, so perhaps > I'm missing something. But there used to be a ports-security mailing > list used for announcing updated ports. That list doesn't exist any > more, or at least doesn't appear to have had anything posted to it in a > very long time. Is there some other official way to track changes to > ports? Absent that, has anyone come up with a simple hack to feed to > cron to accomplish the same thing? > > --Todd I think the easiest is: If you must use ports: regularly cvs update or cvs up your local ports tree and run the /usr/ports/infrastructure/build/out-of-date script to find things to update. If you use packages (recommended) just make sure $PKG_PATH is set and pkg_add -ui. It will prompt you to install any updated versions.
Re: a cd "key"
On Fri, May 18, 2007 at 08:47:21PM +1000, Timothy Wilson wrote: > Had you thought about mounting certain areas as read only? > For example, /etc, /local can be mounted as read only. When you want > to make changes, such as installing a new package or whatever, just > remount the file systems read/write. > You can also use jails. > > Timothy I think the point is that if someone roots your machine because you are running a vulnerable service, they can't really install rootkits and things if your binaries are on a filesystem that CAN'T be remounted r/w. If you just mount your harddisks (or portions like /etc) ro and someone roots your box, they just re-mount it, install rootkit, then re-mount back ro. Does nothing really.
Re: pkg_add -u question
On Sun, May 06, 2007 at 04:28:45PM +0200, Cabillot Julien wrote: > pkg_add -ui > Ah. Thanks. Seems the man page should be changed to be more clear. "If no pkgname is given and -u is combined with -i, pkg_add will..." > On 5/6/07, Clint M. Sand <[EMAIL PROTECTED]> wrote: > > > > man pkg_add states: > > > > -u Update the given pkgname(s), and anything it depends upon. > > If no pkgname is given, pkg_add will update all installed packages. > > This relies on PKG_PATH to figure out the new package names. > > > > However if I run -u with no package name, it tells me a list of possible > > candidates, but doesn't actually update anything. I have to manually do > > each one. Am I doing something wrong or is this expected for some > > reason? > > > > (on i386) > > # dmesg | head -1 > > OpenBSD 4.1-stable (GENERIC) #0: Sat May 5 21:34:13 EDT 2007 > > # echo $PKG_PATH ftp://ftp.nyc.openbsd.org/pub/OpenBSD/4.1/packages/i386/ > > # pkg_add -u > > Candidates for updating autossh-1.2g -> autossh-1.3 > > Candidates for updating bzip2-1.0.3 -> bzip2-1.0.4 > > Candidates for updating cdrtools-2.01 -> cdrtools-2.01p0 > > Looking for updates: complete > > # > > > > > > Any ideas? > > > > > > > -- > Julien Cabillot
pkg_add -u question
man pkg_add states: -u Update the given pkgname(s), and anything it depends upon. If no pkgname is given, pkg_add will update all installed packages. This relies on PKG_PATH to figure out the new package names. However if I run -u with no package name, it tells me a list of possible candidates, but doesn't actually update anything. I have to manually do each one. Am I doing something wrong or is this expected for some reason? (on i386) # dmesg | head -1 OpenBSD 4.1-stable (GENERIC) #0: Sat May 5 21:34:13 EDT 2007 # echo $PKG_PATH ftp://ftp.nyc.openbsd.org/pub/OpenBSD/4.1/packages/i386/ # pkg_add -u Candidates for updating autossh-1.2g -> autossh-1.3 Candidates for updating bzip2-1.0.3 -> bzip2-1.0.4 Candidates for updating cdrtools-2.01 -> cdrtools-2.01p0 Looking for updates: complete # Any ideas?
Re: OpenBSD 4.1 Torrents
On Sat, May 05, 2007 at 12:43:34PM +0200, Justin Smith wrote: > >Just out of curiosity... > > > Is it logical to use an OS for the intense focus on security and > > correctness, yet download the binaries from a random person on a mailing > > list instead of any official source with reasonable file integrity > > checking process in place? > > From: > > http://toolbar.netcraft.com/site_report?url=ftp.openbsd.org > > Site http://ftp.openbsd.org > > Reverse DNS openbsd.sunsite.ualberta.ca > > Netblock OwnerIP address OS Web Server Last changed > > University of Alberta 1030 General Services Building Edmonton > CA129.128.5.191 Solaris Apache/1.3.34 Unix PHP/4.4.2 > mod_perl/1.27 17-Apr-2007 > > What a security!! > > FYI: > > "Trojaned version of OpenSSH package has been found to reside on > ftp.openbsd.org's server." > > http://www.mavetju.org/unix/openssh-trojan.php > http://www.openssh.org/txt/trojan.adv > > Are you remember? > > -- > JS Yes but it's still an "official" source. It's a static server that has some level of attention by an admin team. Contrast that with whatever guy puts up a torrent tracker and posts on a mailing list. Getting from the solaris box at www. and "hey man download openbsd from me" is not the same thing.
Re: OpenBSD 4.1 Torrents
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote: > Probably everyone knows already, but I just wanted to get the word out > that there are OpenBSD 4.1 torrents now on the torrent site: > > http://openbsd.somedomain.net/index.php?version=4.1 > > So far they are mostly just the files off of the CDs, but as I get > synced up, the package torrents will update. > > l8rZ, > -- > andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] > > BOFH excuse of the day: The Borg tried to assimilate your system. > Resistance is futile. Just out of curiosity... Is it logical to use an OS for the intense focus on security and correctness, yet download the binaries from a random person on a mailing list instead of any official source with reasonable file integrity checking process in place? Seems odd that people would use OpenBSD because they trust the code, yet download the binaries from random torrents on the internet.
Re: cvs or cvsup
On Wed, Mar 21, 2007 at 10:59:22AM +0100, Stefan Sperling wrote: > On Wed, Mar 21, 2007 at 01:39:51AM -0700, Kernel Monkey wrote: > > I've been using the cvsup client to update my sources. What is the > > difference between cvs and cvsup when updating sources? > > > > Is one better than the other? > > There is no easy answer. > It depends on what you want. > > + cvsup is much faster. It's optimized for getting as much > out of your bandwidth as it can. > See http://www.cvsup.org/howsofast.html > + cvsup can copy the whole OpenBSD CVS repository, not just > check out working copies. You can even add local branches to > the repo and commit on them! See the development(7) man page > from FreeBSD for a nice guide written by Matthew Dillon himself > on how to do this. > - cvsup does not provide encryption > - cvsup only works on i386 > + cvsup is written in modula3 (yes, this is a +, but just > because I am familiar with the cm3 compiler from work, > ie. the existence of modula3 and killer apps that use it > have been paying some of my rent. Keep them coming! :-P) > > - cvs is slower > + cvs can do diffs and view logs, and using the nifty cvsdo utility > from the cvsutils port you can even diff new files you've added > + cvs provides encryption over ssh > - but many anoncvs mirrors probably sync using sup/cvsup, so the > encrypted distribution channel provided by anoncvs does not go all > the way up to the master server anyway... :-( This may or may not > cancel out the benefit of encryption for you. > + cvs works on all arches Great points but one to add: *cvs is part of base, cvsup is yet another port/package I have to install and maintain. > > -- > stefan > http://stsp.in-berlin.de PGP Key: 0xF59D25F0
Re: stupid question re kernal build make install
On Wed, Mar 14, 2007 at 04:34:02PM -0500, Jacob Yocom-Piatt wrote: > Clint M. Sand wrote: > >I know this is a dumb question but make install on a kernel build does: > > > >rm -f /obsd > >ln /bsd /obsd > >cp bsd /nbsd > >mv /nbsd /bsd > > > > > >But I can't see the reasoning here. Why do we copy it then move it > >rather than just copying it straight to /bsd? > > > > > > > to prevent a poorly timed "act of god" from making the system unbootable. Thx. Makes sense. Many times the explaination is the simple one. I was overcomplicating things. Cheers.
stupid question re kernal build make install
I know this is a dumb question but make install on a kernel build does: rm -f /obsd ln /bsd /obsd cp bsd /nbsd mv /nbsd /bsd But I can't see the reasoning here. Why do we copy it then move it rather than just copying it straight to /bsd?
Re: new tool: openportd
On Sun, Oct 22, 2006 at 03:55:39AM -0700, Kian Mohageri wrote: > On 10/22/06, Steffen Wendzel <[EMAIL PROTECTED]> wrote: > > > > > > You normaly have different open ports > > > > pf(4) makes this a minor issue. No offense, but what you have there (in the > example specifically) is no better than a "limited" (if you consider ability > to reboot or kill ssh "limited") version of rexec/rsh. The way you > authenticate is obscured a bit, but not secured. > > A neat project, I'll give you that. But I don't recommend it on a > production server. > > -- > Kian Mohageri Not to mention anyone on your network can sniff the "key", replay attacks, oh and running a daemon that is able to listen on all ports that is not from openbsd base... Authpf would allow you only open connections only to people who can authenticate, which cannot be easiliy sniffed and replayed such as with "port knocking".
Re: bsdstats.org WOW
On Thu, Oct 19, 2006 at 12:04:45AM -0600, Breen Ouellette wrote: > Miod Vallat wrote: > >>For historical reference, info taken from bsdstats.org: > >> > >[...] > > > >What is the point discussing completely bogus so-called statistics? > > At best, I would suggest that some are proud to be OpenBSD users. > > At worst, I would say that being an OpenBSD user gives some people an > excuse to ego stroke. Call it ego masturbation, if you will. Stats like > this are the porn they use to get off. > > The reality is probably somewhere in the middle, but it is no different > than cheering for a sports team. Whether or not the stats are accurate, > some people seem to feel a need to cheer on the work of others in an > attempt to claim a piece of the fame for themselves. > > I really seem to be on a roll this month. I'm sure I'll insult at least > a couple dozen people with these comments. :) > > Breeno This might be true if a goal of OpenBSD was to be the most widely used OS. It's not. Next month FreeBSD might be the most widely used. Using your logic we should be sad. Who cares. OpenBSD is not for everyone and we like it that way.
Re: MAC -> IP -> MAC
On Sat, Jun 03, 2006 at 12:10:55AM +0100, Gaby vanhegan wrote: > From thinking about it more, it's just simpler to track which IP > address belongs to which login, and then when that user tries to > login on a second client, the first one is barred access. This only > allows one IP address per client. It does mean that the the IP > tracking software needs to know a little more about the IP address > that it created, and requires to be a bit more actively managed. > So all I have to do is *TRY* to login as you on another machine and your original legit connection is dropped? Think about this.
Re: "ssh" attacks
If these attempts all come from the same source, why not filter that ip at the gateway level. What legit use does this person have on your network on any port, much less ssh? On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote: > Expect I was not clear. > > Someone is attacking address 1, address 2, address 3, those > address are all blocked with respect to ssh. , but because he > is attacking those addresses, I want to stop an expected attack > on address 4. I never want to pass ssh on address 1, address 2 > or address 3 ever, I want to use the information that someone > was trying to ssh to those address to identify person as > an attacker. > > > -Original Message- > From: Matthias Kilian [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 31, 2006 3:02 PM > To: Peter Fraser > Cc: misc@openbsd.org > Subject: Re: "ssh" attacks > > On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote: > > block in on Outsize proto tcp port ssh flags S/SA > > state (max-src-conn-rate 100/10, overload flush global) > > > > This does not work. One gets a message that keeping state on > > a blocked run makes no sense. > > See the example on overload at > http://www.openbsd.org/faq/pf/filter.html#stateopts > > Basically, you pass and just block verything from in a > separate rule. > > Ciao, > Kili
Re: Symantec firewalls
On Thu, Apr 06, 2006 at 08:56:44AM +0300, Gabriel George POPA wrote: >Hello, > > I've heard a lot about those Symantec firewall machines (that cost > something around 15000$-3$). In fact I don't know many details, just > that customers are pleased to give the money and say that they're safe > behing that Symantec machine. Of course, I encountered people that were > very happy with these systems, but I think they never had a major attack > or something. Just out of curiosity, can OpenBSD do what Symantec does? > Is Symantec's encryption better than that included in OpenBSD (I must > mention that I live in Europe, maybe US export laws apply)? Does > Symantec worth all this money? > On the other hand, I was thinking that maybe, just maybe, Symantec > uses a modified version of OpenSSL on these machines. Is this possible? > > > > Thanks a lot, > > > George POPA Apples and Oranges. The Symantec firewall appliance is built on what was Raptor. Its proxy based. They have custom proxies for just about any service you'll pass through it. There's also tons of other things it does such as network AV scanning, content filtering, SSL VPN, etc.. OpenBSD/PF does things Symantec can't. And visa versa. It all depends on your requirements. The symantec appliance is more of an all in one box to accomplish a bunch of different things in one machine primarily from small business or remote offices. In large environments that dont' require any of this other stuff, OpenBSD will kick its ass. Granted, you can run many different proxies on OpenBSD as well as (free) AV scanning and VPN technolgoies but Symantec has an advantage here in that these components are integrated together so that packets are only opened once, and all of these operations are done then versus seperate products manually combined on one install. So, in environments where you'd actually turn all those featuers on, Symantec might be faster. However for most people that wont use all that clutter on their gateway, OpenBSD/PF will blow it away. The Symantec "appliance" is based on redhat with all the OpenSSL/OpenSSH you'd expect on a redhat box. Have I mentioned it depends on your requirements?
Re: Security tools
On Wed, Mar 15, 2006 at 12:31:06PM +, Gaby vanhegan wrote: > Hi, > > I'm running 3.6 (yes, due for an upgrade) and I keep getting hit by > My questions are: > > 1. How do I find out their attack vector? I have had a nessus scan > performed on the machine, but it did not present any security (I can > supply on request). I've checked the security releases in > security.html and there are no pertinent ones for httpd. Snort has > provided little useful information (I can provide access to the snort > logs if required). > >From http://www.openbsd.org/errata36.html 009: SECURITY FIX: January 12, 2005 All architectures httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, causing a buffer overflow. This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
Re: Did my -stable upgrade work?
On Sun, Mar 12, 2006 at 09:42:50PM -0600, Mike Loiterman wrote: > How can I tell if my -stable binary upgrade was successful? > check the last modified timestamps on the userland binaries. they should all be the day you compiled. chances are it didn't finish and you'll see some dates from when you installed -release. > I have done "make obj && make build" but after several hours, the machine > seems locked up. What should the last few lines of output be? I can't ssh > in, and the keyboard is non-fucntional from the console. Should the build > return me to a prompt, reboot, what? This doesn't seem right. The FAQ just > ends by saying "This may take a while..." > > -- > Mike Loiterman > grantADLER > Tel: 630-302-4944 > Fax: 773-442-0992 > Email: [EMAIL PROTECTED] > PGP Key: 0xD1B9D18E
Re: thttpd with php
Sorry, I did not read like an idiot. Maybe this is more helpful. http://halplant.com:88/server/thttpd_FAQ.html#PHP On Sun, Feb 19, 2006 at 09:40:33AM -0500, Clint M. Sand wrote: > On Sun, Feb 19, 2006 at 03:31:47PM +0200, Kiraly Zoltan wrote: > > Anyone use thttpd webserver with PHP in OpenBSD? > > > > I don't know exactly what need to do to run this webserver with PHP in > > OpenBSD. Exist a documentation which explain ? > > > > Thanks ! > > $ cd /usr/ports/ > $ make search key=thttpd > Port: thttpd-2.25b > Path: www/thttpd > Info: tiny/turbo/throttling HTTP server > Maint: Jakob Schlyter <[EMAIL PROTECTED]> > Index: www > L-deps: > B-deps: > R-deps: > Archs: any > > > Just install the port or package. > > http://www.openbsd.org/ports.html > http://www.openbsd.org/3.8_packages/i386/thttpd-2.25b.tgz-long.html
Re: thttpd with php
On Sun, Feb 19, 2006 at 03:31:47PM +0200, Kiraly Zoltan wrote: > Anyone use thttpd webserver with PHP in OpenBSD? > > I don't know exactly what need to do to run this webserver with PHP in > OpenBSD. Exist a documentation which explain ? > > Thanks ! $ cd /usr/ports/ $ make search key=thttpd Port: thttpd-2.25b Path: www/thttpd Info: tiny/turbo/throttling HTTP server Maint: Jakob Schlyter <[EMAIL PROTECTED]> Index: www L-deps: B-deps: R-deps: Archs: any Just install the port or package. http://www.openbsd.org/ports.html http://www.openbsd.org/3.8_packages/i386/thttpd-2.25b.tgz-long.html
Re: httpd question - solved
On Sat, Feb 04, 2006 at 07:07:52PM -0500, Dave Feustel wrote: > On Saturday 04 February 2006 16:57, L. V. Lammert wrote: > > On Sat, 4 Feb 2006, Dave Feustel wrote: > > > > > I am now starting httpd at boot. It reports that it cannot > > > determine the fully qualified domain name and listens to > > > only 127.0.0.1. How can I set the ip address to which httpd > > > listens to the address assigned to me by verizon's dhcp server? > > > > > ahh, .. httpd.conf & ifconfig?? > > > > Lee > > I started httpd successfully after I commented out the change > I had made to the email address for the server administrator > (which apparently set off DNS requests - a bad thing for a server > with no name) and set ServerName to the ip address assigned to > my computer. > > I will have to update ServerName each time I get a new IP address. > > Dave Feustel i have been running apache on openbsd since 2.9 on a dynamic IP and have never had to do any of this. #grep ServerName /var/www/conf/httpd.conf ServerName neotrance.dyndns.org
Re: windows -> pf -> inet -> pf -> ftpd [not working]
To even begin to get help on this, you'd need to submit the pf rules on those obsd boxen. On Thu, Jan 19, 2006 at 05:36:02PM -0500, Price, Joe wrote: > I have a problem that when a Windows client tries to connect to this ftp > site, windows explorer returns 'The operation timed out'. > > > > The setup is, windows box behind a openbsd PF (NAT enabled) through the > public internet to another openbsd PF (NAT enabled) which has a rdr rule > to redirect to another openbsd machine behind it running ftpd. > > > > I'm assuming the problem exists on one of the firewalls, or both.. Is > this something that ftp-proxy can fix? > > > > I know the ftp works because I can connect to it form the far end's > openbsd box, just seems that I can't go through two NATs of PFs or > something like that. > > > > Any help is appreciated. > > > > Thanks!
Re: errata 001_perl.patch
On Thu, Jan 12, 2006 at 04:13:23PM -0800, Ted Unangst wrote: > if you're installing a package that's going to exploit a bug in perl, > why are you installing it? > my point is that if you want to install packages at all you need the perl binary. That is in response so someone suggesting you do not need perl at all. I think you are missinterpreting. > On 1/12/06, Clint M. Sand <[EMAIL PROTECTED]> wrote: > > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote: > > > I doubt you need perl at all on a box like that. You can also > > > consider to simply remove all the perl on that system. > > > > > > > > > # Han > > > > The pkg_* tools are perl. Even though its a firewall he may need to > > install/remove/maintain pkg's of some sort.
Re: errata 001_perl.patch
On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote: > I doubt you need perl at all on a box like that. You can also > consider to simply remove all the perl on that system. > > > # Han The pkg_* tools are perl. Even though its a firewall he may need to install/remove/maintain pkg's of some sort.
Re: What does this error message mean?
man rc.conf On Sun, Jan 01, 2006 at 11:50:01PM -0600, Jim Mays wrote: > How do you turn off Sendmail? What starts it in obsd? (Like where is > the equivalent of /etc/rc2.d? > > Jim > > Daniel Ouellet wrote: > >Jim Mays wrote: > > > >>Jan 1 23:05:16 balrog sm-msp-queue[1531]: k024U2n0023755: timeout > >>waiting for input from localhost.cimsolve.com during client greeting > >> > >>Anyone tell me what sm-msp-queue is and what input it is waiting for? > >> > > > > > >May be are you using spew or the like as a spam filter and can't connect > >to it by any chance right now? > > > >Just a thought.
Re: #define failure opportunity
On Tue, Nov 29, 2005 at 06:12:29PM -0600, Qv6 wrote: > > Has any company ever approached the openssh dev team and offered to buy > a support contract from them? Did they refuse? > > Come to think of it, why doesn't the openssh team sell support contracts > to companies that want it? Or maybe they already do. > You don't need to be an official OpenSSH developer to start a company that supports OpenSSH. Start one that focuses on it. Hell, www.opensshsupport.com is even available. I bet some of these companies already support this in some capacity http://www.openbsd.org/support.html Less complaining, more doing.
Re: Portmap non-local set / unset attempt
On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote: > > > People keep yammering this bullshit about "Security is a process". > > > Bullshit! Lies! It's about paying attention to the frigging details > > > when they are right in front of your face. And it is very clear other > > > vendors do not pay attention to the details, considering the work I > > > did here was talked about all over BUGTRAQ back in that month. No > > > wonder these vendors and their blogboys have to have this "Security is > > > a process" mantra to protect themselves from looking bad. > > > > > > > > > "Security is a process" is intended to mean 2 things. One is that the > > idea that you can "set and forget" anything and think it's somehow > > "secure" is a joke. To "secure" a network includes at a minimum, keeping > > up with vendor patches for example. Processes like patch management help > > keep systems secure. It does not say "Security is ONLY a process". > > > > Secondly, it is meant to refute the moronic idea that some admins seem > > to have is that buying any product makes you "secure". Prevelant is the > > idea for example that if you have a "firewall" then you are now "secure". > > Or, "I have Norton AntiVirus so now my PC is secured". > > No, no no. > > You are playing the same semantic games that avoid responsibility at > the ENGINEERING and PRODUCT DEVELOPMENT STAGES. > > It's so very very Microsoft. > > Just like the air-conditioning technicians I keep firing because they > can't read schematics and charts. > > Which is why I now know MORE about air-conditioners than most of the > technicians who come here. > > The phrase, and everything you said, is all excuses for the vendors. > > It IS POSSIBLE to set something up and have it be secure and NOT TOUCH > IT, because many people have OpenBSD machines running older releases > running without any modification for YEARS now, RISK FREE, without > having to update ANY THING. No, you can put an openbsd box up and leave it for years with root login enabled and password for a password. It takes more than correct code. It's correct code plus correct usage. I think the GOBBLES sshd exploit is proof enough that "set and forget" is not "risk free". Security is everything you've ever said, plus a process.
Re: Portmap non-local set / unset attempt
On Thu, Sep 22, 2005 at 02:02:13PM -0600, Theo de Raadt wrote: > People keep yammering this bullshit about "Security is a process". > Bullshit! Lies! It's about paying attention to the frigging details > when they are right in front of your face. And it is very clear other > vendors do not pay attention to the details, considering the work I > did here was talked about all over BUGTRAQ back in that month. No > wonder these vendors and their blogboys have to have this "Security is > a process" mantra to protect themselves from looking bad. > "Security is a process" is intended to mean 2 things. One is that the idea that you can "set and forget" anything and think it's somehow "secure" is a joke. To "secure" a network includes at a minimum, keeping up with vendor patches for example. Processes like patch management help keep systems secure. It does not say "Security is ONLY a process". Secondly, it is meant to refute the moronic idea that some admins seem to have is that buying any product makes you "secure". Prevelant is the idea for example that if you have a "firewall" then you are now "secure". Or, "I have Norton AntiVirus so now my PC is secured".
Re: back and neck pain
On Thu, Aug 18, 2005 at 07:24:56PM -0400, [EMAIL PROTECTED] wrote: > A friend told me about you- i have a' spondie'-l4-l5, that surgey helped a > little, and 10 mos. later my car fell off the jacks, breaking my back-burst > fracture of t-12, and aggrivating the 'spondie'. I have a lot of pain and > percocets have helped, can you help me? man neckpain(1)
Re: About DNS
On Sun, Aug 14, 2005 at 09:49:12PM +0200, Mike Henker wrote: > Thanks James, I don t have the file you talked about but I will create > it (resolve.conf) with the info you explained. > resolv.conf not resolve.conf
Re: pkg_add -r question?
On Sat, Jul 30, 2005 at 04:45:55PM -0500, L. V. Lammert wrote: > After experimenting with pkg_add -r on a 3.6 -> 3.7 upgrade, it is > **NICE**!! > > One question, however, .. is there a way to use the *OLD* package name, > instead of the *NEW* package name? pkg_add would then query PKG_PATH for an > updated version? The way it works now, it seems like you must manually > compare the old packages & new packages, build the list of new packages by > name, before using pkg_add -r. > > Lee /usr/ports/infrastructure/build/out-of-date
Re: 005_libz.patch - fails to change directory
On Fri, Jul 22, 2005 at 08:00:50PM -0600, Todd C. Miller wrote: > In message <[EMAIL PROTECTED]> > so spake Uwe Dippel (udippel): > > > Strange, we had the same thing with the last patch. > > Looks like the main ftp mirror is not updating. I've left a > message but it may not get fixed for a while... > > - todd Any update on this? 003, 004, 005 all seem to still have the incorrect path.
Re: sniffer
On Tue, Jul 19, 2005 at 11:28:08AM -0500, eric wrote: > On Tue, 2005-07-19 at 17:20:43 +0300, [EMAIL PROTECTED] proclaimed... > > > I need to sniff a network segment and I need to sniff both headers and > > data. Because tcpdump captures only headers its unsuitable for the task. > > I saw that ports has ettercap and sniffit but I didn' get around to > > testing them to see if they will do the job I need. Can anyone recommend > > other tools that will do the work? > > Go read the manpage for tcpdump. Then go get tcpshow or something similar. You don't need tcpshow. See -X for tcpdump.
Re: Easiest way to include PHP in a release
On Sun, Jul 03, 2005 at 06:30:10PM -0400, Robert Jacobs wrote: > Hello, > > I want to make an OpenBSD release that includes php right from install > (like perl is included). I am > not very good with makefiles and stuff, so I am seeking advice for the > easiest way to do this. > > Is there a way to include the binary into the usr/src, the OpenBSD > port of php, package, or > simply way to make the makefile from sources? > > I apologize for the noobish nature of this question, but I need to be > able to do this and do not > know how and am having little success finding information about this. > > > Thanks, > Rob http://www.openbsd.org/faq/faq4.html#site
Re: snort homedir ?
On Sun, Jun 19, 2005 at 03:17:48PM +0200, mess-mate wrote: > Hi, > i've installed snort and created the user/group snort. > Since snort runs as a daemon a homdir is not necessary, isn't ? > How can i remove / setup the user snort without a homedir ( > /home/snort)? > The homedir was setted-up automatically by 'adduser'. > Thanks in advance > Isn't this a question for a snort list? You can use vipw to change the snort users home dir to /sbin/nologin if not required. > mess-mate > -- > A horse! A horse! My kingdom for a horse! > -- Wm. Shakespeare, "Henry VI"
Re: phpbb
On Fri, Jun 17, 2005 at 02:23:23PM -0500, Matthew S Elmore wrote: > This question has been beaten to death. (I was the one of the ones doing > the beating). > Anyone care to share a procmail line to destroy any message with "how do I" "chroot" and "mysql and php"? Next time this question is asked on the list i'm going to kill someone. I mean, a simple google of "mysql php openbsd chroot" gives you everything you'd need. Since when did we stop inforcing STFU and STFA/Google. Bah. *glitch* *fall over*
Re: Problem compiling wget from ports
On Sun, Jun 05, 2005 at 11:09:23PM +0200, Federico Giannici wrote: > I have a problem compiling wget from the ports. > Here is the final part of the "make" output: > > cc -O2 -pipe -DINET6 -o wget cmpt.o connect.o cookies.o fnmatch.o ftp.o > ftp-basic.o ftp-ls.o ftp-opie.o hash.o headers.o host.o html-parse.o > html-url.o http.o init.o log.o main.o gen-md5.o gnu-md5.o netrc.o > progress.o rbuf.o recur.o res.o retr.o safe-ctype.o snprintf.o url.o > utils.o version.o -L/usr/local/lib > connect.o(.text+0x1dd): In function `connect_to_one': > : undefined reference to `__errno' > connect.o(.text+0x1eb): In function `connect_to_one': > : undefined reference to `__errno' > connect.o(.text+0x1f7): In function `connect_to_one': > : undefined reference to `__errno' > connect.o(.text+0x219): In function `connect_to_one': > : undefined reference to `__errno' > connect.o(.text+0x235): In function `connect_to_one': > : undefined reference to `__errno' > connect.o(.text+0x259): more undefined references to `__errno' follow > collect2: ld returned 1 exit status > gmake[1]: *** [wget] Error 1 > gmake[1]: Leaving directory > `/usr/ports/net/wget/w-wget-1.8.2/wget-1.8.2/src' > gmake: *** [src] Error 2 > *** Error code 2 > > Stop in /usr/ports/net/wget (line 1769 of > /usr/ports/infrastructure/mk/bsd.port.mk). > > > The system is an i386 installed with an almost final 3.7 (the kernel was > the same of the release one) and then I made an Upgrade from the > official 3.7 CD when arrived. > > A lot of other ports compiled without any problem. > > Any hints? > > > Thanks. > > -- > ___ > __ >|- [EMAIL PROTECTED] >|ederico Giannici http://www.neomedia.it > ___ You didn't mention if ou also upgraded your ports tree to 3.7-release or just the base binaries and Kernel.
Re: xwindows screen resolution
On Fri, May 27, 2005 at 09:39:54AM +0300, Alari Kask wrote: > C hel kenal pC$eval, N, 2005-05-26 kell 21:19, kirjutas Gregory L. > Magnusson: > > Hello all, > > I am wondering how to set the screen resolution for x-windows. How does > > one cycle through the different resolutions? Change resolutions? I have > > loaded kde and cannot change out of "640x480" mode. My xorg.conf file > > contains muliple modes including: > > > > Depth 24 > > Modes "1024x768" "800x600" "1600x1400" > > > > Greg Magnusson > > > > You have to set DefaultDepth 24 in your configfile, and the correct > frequencys for your monitod (HorizSync, Vertrefresh) you can probably > find them by searching google.On the modes line, the mode you would like > to use as the default should come first. > A reccomendation:Use X -configure to create a new configfile, on some > hardware it detects the right syncs on your monitor and so on, you can > alter it later to fit your needs (resolution, depth, etc.) Also, this question has nothing to do with OpenBSD.
