Re: policy...

On Tuesday 17 April 2012 09:43:50 Mark Felder wrote: > Ports are frozen, a snapshot of the ports tree is made for use on their > build boxes to make packages for the mirrors. Assuming no issues have been > discovered on the build servers (broken ports that need to be fixed) it > will be packaged wi

Re: policy...

Ports are frozen, a snapshot of the ports tree is made for use on their build boxes to make packages for the mirrors. Assuming no issues have been discovered on the build servers (broken ports that need to be fixed) it will be packaged with 8.3-RELEASE. I'm probably missing several important

policy...

...of "freezing" ports - why? Whenever we are waiting for the new release of FreeBSD, now is 8.3, ports are "frozen". There are no updates and in case of 8.3 coming release is time about three months. Could someone explain, please why is this "freezing" very important because soon after release

RE: OT: Root access policy

> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Polytropon > Sent: Thursday, December 29, 2011 9:58 AM > To: Carl Johnson > Cc: freebsd-questions@freebsd.org > Subject: Re: OT: Root acce

Re: OT: Root access policy

On Thu, 29 Dec 2011 09:15:45 -0800, Carl Johnson wrote: > Damien Fleuriot writes: > > > On 12/29/11 10:58 AM, Polytropon wrote: > >> On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote: > >>> For the first time, a customer is asking me for root access to said > >>> customer's servers. > >> > > >

Re: OT: Root access policy

On Thu, Dec 29, 2011 at 10:01 AM, Irk Ed wrote: > For the first time, a customer is asking me for root access to said > customer's servers. Are we talking about jail(8)- or server-level root access? -cpghost. -- Cordula's Web. http://www.cordula.ws/

Re: OT: Root access policy

Damien Fleuriot writes: > On 12/29/11 10:58 AM, Polytropon wrote: >> On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote: >>> For the first time, a customer is asking me for root access to said >>> customer's servers. >> >>> Assuming that I'll be asked to continue administering said servers, I g

Re: OT: Root access policy

On Dec 29, 2011, at 4:01 AM, Irk Ed wrote: > For the first time, a customer is asking me for root access to said > customer's servers. > > Obviously, I must comply. At the same time, I cannot continue be > accountable for those servers. > > Is this that simple and clear cut? > > Assuming that

Re: OT: Root access policy

On Thursday 29 December 2011, Damien Fleuriot wrote: [snip] > "sudo su -" or "sudo sh" and the customer gets a native root shell > which does *not* log commands ! [snip] > Say the customer can sudo commands located in > /usr/local/libexec/CUSTOMER/ > > All he has to do is write a simple link to

Re: OT: Root access policy

On Thu, 29 Dec 2011 11:23:31 +0100, Damien Fleuriot wrote: > On 12/29/11 10:58 AM, Polytropon wrote: > > On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote: > >> Obviously, I must comply. At the same time, I cannot continue be > >> accountable for those servers. > > > > Fully correct. Check the cont

Re: OT: Root access policy

On 12/29/11 10:58 AM, Polytropon wrote: > On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote: >> For the first time, a customer is asking me for root access to said >> customer's servers. > > Customer + root@server == !go; :-) > > > >> Obviously, I must comply. At the same time, I cannot contin

Re: OT: Root access policy

On 29/12/2011 09:01, Irk Ed wrote: > For the first time, a customer is asking me for root access to said > customer's servers. > > Obviously, I must comply. At the same time, I cannot continue be > accountable for those servers. > > Is this that simple and clear cut? > > Assuming that I'll be as

Re: OT: Root access policy

On Thu, 29 Dec 2011 04:01:42 -0500, Irk Ed wrote: > For the first time, a customer is asking me for root access to said > customer's servers. Customer + root@server == !go; :-) > Obviously, I must comply. At the same time, I cannot continue be > accountable for those servers. Fully correct. Ch

OT: Root access policy

For the first time, a customer is asking me for root access to said customer's servers. Obviously, I must comply. At the same time, I cannot continue be accountable for those servers. Is this that simple and clear cut? Assuming that I'll be asked to continue administering said servers, I guess I

Re: freebsd.org maillist mx discard policy

On 19/08/2010 07:54, Jeff Laine wrote: > So, the question is: do the freebsd.org maillist servers follow SPF > records or PTR record is mandatory? > The PTR is mandatory. The vast majority of SMTP senders without proper PTR records are zombie machines spreading spam. Anyone running a real mail

freebsd.org maillist mx discard policy

Hello list, My question is regarding official maillist smtp servers. I'm trying to subscribe on "security-notifications", but (for some reasons) our outgoing MX has no PTR record and mx1.freebsd.org rejects my message: >Reporting-MTA: dns; xxx >Arrival-Date: Mon, 16 Aug 2010 17:18:39 +0400 (

Re: WFRG Personal Use Policy

Now FreeBSD with a unique wood floor, that is a very exciting prospect! Olivier I know, I know, don't feed them, but I think it is the right time tio offer beasty a new home! :)) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/ma

WFRG Personal Use Policy

Personal Use Program Here's how it works... WFRG loves wood flooring. We develop many unique wood flooring products, several of which have become our personal favorites. We are so excited about these favorites that we would like to share them with you. And what better way to do so than to offe

WFRG Personal Use Policy

Personal Use Program Here's how it works... WFRG loves wood flooring. We develop many unique wood flooring products, several of which have become our personal favorites. We are so excited about these favorites that we would like to share them with you. And what better way to do so than to offe

Re: PXE + sysinstall(8) install.cfg: DHCP Attribute to map install config/policy to system MAC?

On 21/04/10 21:59, Brian A. Seklecki (CFI NOC) wrote: All: The install.cfg mechanism is pretty wicked. Unfortunately, there doesn't seem to be a really efficient way to provide new clients (or class of clients) an install.cfg without rebuilding an MFSROOT image. Possibly a T

PXE + sysinstall(8) install.cfg: DHCP Attribute to map install config/policy to system MAC?

All: The install.cfg mechanism is pretty wicked. Unfortunately, there doesn't seem to be a really efficient way to provide new clients (or class of clients) an install.cfg without rebuilding an MFSROOT image. At least with pxeboot(8), in TFTP-only-mode, using dhcpd.conf(5) client{}

policy-violation found in sent message ""

Attention: freebsd-questions@freebsd.org A policy-violation was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The policy-violation was reported to be: SCR files not allowed per Company security policy Please

Policy Kit - Not running

I'm running FBSD7 stable and I can't find out why policy kit won't run even though I have it enabled in rc.conf: dbus_enable="YES" hald_enable="YES" polkitd_enable="YES" I can see dbus and hald but not polki

freebsd6.2-stable + ipfilter + policy routing mbuf leak

Hi all, I have a server running 6.2-stable that experiences mbuf leakage if I perform policy routing with ipfilter. This is independent of the hardware as I have moved the disk to a different machine with different MB, NICs etc and had the same result. The server is running quagga, postfix and

Re: Policy - based Routing problem Need help

FTP. it doesn't do that. Best regards, Narek -Original Message- From: Julian Elischer [mailto:[EMAIL PROTECTED] Sent: Monday, July 30, 2007 2:02 AM To: Narek Gharibyan Subject: Re: Policy - based Routing problem Need help Narek Gharibyan wrote: Yes your written rules ar

RE: Policy - based Routing problem Need help

ow it take place via 20 port or find the wrong line in ipfw fwd rules? Best regards, Narek -Original Message- From: Julian Elischer [mailto:[EMAIL PROTECTED] Sent: Monday, July 30, 2007 2:02 AM To: Narek Gharibyan Subject: Re: Policy - based Routing problem Need help Narek Ghariby

Re: Policy Based Routing problem help me

On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote: > I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection > and 2 LAN connections. I need to do a policy-based routing. All I need that > packets coming from one ISP interface return to that interface

Policy Based Routing problem help me

Hi all, I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection and 2 LAN connections. I need to do a policy-based routing. All I need that packets coming from one ISP interface return to that interface (incoming connections' source based routing) and the other hand do

Re: password againg and other policy enforcement

Me again. Forgot to finish the sentence, sorry. Sat, Jun 30, 2007 at 11:59:49PM +0400, Eygene Ryabinkin wrote: > > 1. Administrator can enforce password expire in /etc/login.conf > > In the /etc/master.passwd. login.conf has the fields, but does > not implement the functionality, if the manpage

Re: password againg and other policy enforcement

Patrick, good day. Sat, Jun 30, 2007 at 10:12:59AM -0700, Patrick Dung wrote: > 1. Administrator can enforce password expire in /etc/login.conf In the /etc/master.passwd. login.conf has the fields, but does not implement the functionality, if the manpage is right: = RESERVED CAPABILITIES

Re: password againg and other policy enforcement

). The user can use password A, then user change to password B and then change back to password A... Regards Patrick --- Manolis Kiagias <[EMAIL PROTECTED]> wrote: > Patrick Dung wrote: > > I have some question about password policy in FreeBSD: > > > > 1. Administrator

Re: password againg and other policy enforcement

Patrick Dung wrote: > I have some question about password policy in FreeBSD: > > 1. Administrator can enforce password expire in /etc/login.conf > Is there any tool that can check when the password will expire for the > users? > > 2. Any good way to enforce minimum pass

password againg and other policy enforcement

I have some question about password policy in FreeBSD: 1. Administrator can enforce password expire in /etc/login.conf Is there any tool that can check when the password will expire for the users? 2. Any good way to enforce minimum password length and other restriction(like password need at

CI INVESTMENTS' e-mail policy - Action Taken

The attachment(s) from the following e-mail was removed due to CI Investments' e-mail policy. From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 15 Mar 2007 23:40:18 -0500 Subject: STATUS The following violations were detected: --- Scan information follows --- Virus Name: [

Re: Compatibility Between Releases Policy

Jason C. Wells writes: > Ports astonish me more often than FreeBSD to be sure. If one > uses a port that was built on a 6.0 system, can one trust that no > bit rot will occur by the time 6.9 rolls around. If you mean "Is it guaranteed a binary built under x.0 will run, even with rema

Re: Compatibility Between Releases Policy

community might employee POLA in this regard, this sure seems like the kind of policy issue that would be written into our release engineering documents. (I couldn't find it.) Looks like you want to read this: http://www.freebsd.org/portmgr/policies.html POLA is an ideal, it m

Re: Compatibility Between Releases Policy

Erik Norgaard wrote: Jason C. Wells wrote: Where is the policy regarding compatibility between releases documented? I recall reading once upon a time that FreeBSD won't break compatibility for the duration of a major point release. If a third party wrote software for 6.0 it wou

Re: Compatibility Between Releases Policy

Jason C. Wells wrote: Where is the policy regarding compatibility between releases documented? I recall reading once upon a time that FreeBSD won't break compatibility for the duration of a major point release. If a third party wrote software for 6.0 it would be perfectly compatible wit

Compatibility Between Releases Policy

Where is the policy regarding compatibility between releases documented? I recall reading once upon a time that FreeBSD won't break compatibility for the duration of a major point release. If a third party wrote software for 6.0 it would be perfectly compatible with 6.1, 6.2 and on.

pxeboot(8) NFS code breaks PIX/ASA policy

I'm PXE booting systems using the "dhcprelay" feature on a PIX 525 running 7.1(2). The TFTP process of retrieval of /tftoboot/pxeboot works fine, however once loaded NFS mount requests to the server fail per the following messages. In my config, all layer 4->7 packet "inspection" features a

RE: Ports upgrade policy

On Tue, 14 Mar 2006 08:35:46 -0600, "Mike Loiterman" <[EMAIL PROTECTED]> said: > Erik Trulsson wrote: [snip] > >>> Is it advisable to sync my source to RELEASE, but to CURRENT for > >>> ports? Typically, I upgade my ports a few days after they get > >>> updated so I'm alw

Re: Ports upgrade policy

On 3/14/06, Mike Loiterman <[EMAIL PROTECTED]> wrote: > Erik Trulsson wrote: > > On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote: > >> Mike Loiterman wrote: > >>> Is it advisable to sync my source to RELEASE, but to CURRENT for > >>> ports? Typically, I upgad

RE: Ports upgrade policy

Erik Trulsson wrote: > On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote: >> Mike Loiterman wrote: >>> This is my supfile: >>> >>> *default host=cvsup1.FreeBSD.org >>> *default base=/usr >>> *default prefix=/usr >>> *default release=cvs >>> *default tag=R

Re: Ports upgrade policy

On Tue, Mar 14, 2006 at 04:18:13AM -0400, Duane Whitty wrote: > Mike Loiterman wrote: > >This is my supfile: > > > >*default host=cvsup1.FreeBSD.org > >*default base=/usr > >*default prefix=/usr > >*default release=cvs > >*default tag=RELENG_6_0 > >*default delete use-rel-suffix > > > >src-al

Re: Ports upgrade policy

Mike Loiterman wrote: This is my supfile: *default host=cvsup1.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs *default tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. ports-all doc-all I have been using it like this for years, obviously cha

Ports upgrade policy

This is my supfile: *default host=cvsup1.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs *default tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. ports-all doc-all I have been using it like this for years, obviously changing to the latest rele

Re: Policy on the list

> > Hi list, > just a little question about how to behave on the list(s): > > is it correct / useful / polite to close a thread marking it as > [solved] or something like this, or it's just a waste of time / space > / ? > > I think it could be useful, so other people wanting to help don't >

Re: Policy on the list [solved]

On Wednesday 14 December 2005 18:33, Dan O'Connor wrote: > > is it correct / useful / polite to close a thread marking it as > > [solved] or something like this, or it's just a waste of time / space > > / ? > > > > I think it could be useful, so other people wanting to help don't > > waste tim

Re: Policy on the list

On 12/15/05, Dan O'Connor <[EMAIL PROTECTED]> wrote: > > I'd like to see a wrap-up post, with '[solved]' in the subject, and > including what the working solution actually is; that way, someone > searching the mailing list archives can quickly home-in on the > solution... Yes, this is pretty much

Re: Policy on the list

is it correct / useful / polite to close a thread marking it as [solved] or something like this, or it's just a waste of time / space / ? I think it could be useful, so other people wanting to help don't waste time trying to give further advices, and people needing help in that subject can

Re: Policy on the list

On 2005-12-13 13:41, Pietro Cerutti <[EMAIL PROTECTED]> wrote: > Hi list, > just a little question about how to behave on the list(s): > > is it correct / useful / polite to close a thread marking it as > [solved] or something like this, or it's just a waste of time / space > / ? > > I think i

Policy on the list

Hi list, just a little question about how to behave on the list(s): is it correct / useful / polite to close a thread marking it as [solved] or something like this, or it's just a waste of time / space / ? I think it could be useful, so other people wanting to help don't waste time trying to

IPFW policy routing...

Hi, I'm trying to move from Linux to FreeBSD, but the most difficult part in this change it seems to be the transition from iproute2 to ipfw to make policy routing, this case works on Linux but I'm still not able to get it works on FreeBSD. Net1: 192.168.0.0/25 Net2: 192.16

Re: Tripwire Policy File and 5.4

Hi, > I'm not so convinced of that - after a cvsup of ports overnight, this > remains: > > # ll /usr/ports/security/tripwire/files/twpol.txt > -rw-r--r-- 1 root wheel 20651 Mar 5 2002 /usr/ports/security/tripwire/fi > les/twpol.txt Well, just to prove me wrong I updated ports again and: #

Re: Tripwire Policy File and 5.4

> > The policy file looks to be updated for 5.x systems now. Tripwire's back. I'm not so convinced of that - after a cvsup of ports overnight, this remains: # ll /usr/ports/security/tripwire/files/twpol.txt -rw-r--r-- 1 root wheel 20651 Mar 5 2002 /usr/ports/securit

Re: Tripwire Policy File and 5.4

FYI- The policy file looks to be updated for 5.x systems now. Tripwire's back. Bret Bret Walker wrote: > Does anyone know where I can find a good Tripwire policy file for 5.4? > > I installed tripwire-2.3.1.2_3 from ports, but the default policy file > throws a lot of erro

Tripwire Policy File and 5.4

Does anyone know where I can find a good Tripwire policy file for 5.4? I installed tripwire-2.3.1.2_3 from ports, but the default policy file throws a lot of errors. I think it's tailored to 4.x. Thanks, Bret smime.p7s Description: S/MIME Cryptographic Signature

Policy Violation

The following message sent by this account has violated system policy: From: freebsd-questions@freebsd.org To: [EMAIL PROTECTED] Date: Wed, 18 May 2005 10:17:10 +0200 Subject: unknown The following violations were detected: --- Scan information follows --- Virus Name: [EMAIL PROTECTED] File

Policy Violation

The following message sent by this account has violated system policy: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 16 Jun 2004 09:29:51 +0200 Subject: warning The following violations were detected: --- Scan information follows --- Virus Name: [EMAIL PROTECTED] File Attachment

Policy-based transparent proxying

Hi guys Suppose my FreeBSD machine is a router/firewall for a small private network and I use transparent proxying. ipnat.conf looks like this : rdr fxp0 192.168.0.254/32 port 80 -> 192.168.0.254 port 8000 tcp rdr fxp0 0/0 port 80 -> 192.168.0.254 port 3128 tcp map dc0 192.168.0.0/24 -> x.x.x.x

Re: Policy filtering with postfix

s is your problem. > > best regards, > Robert > > On Sun, 30 May 2004 01:43:54 +0300 > Lefteris Tsintjelis <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I am trying to setup policy but I keep on getting all these "" in > > my log fi

Re: Policy filtering with postfix

?.doc ?.doc ??.doc .doc So maybe this is your problem. best regards, Robert On Sun, 30 May 2004 01:43:54 +0300 Lefteris Tsintjelis <[EMAIL PROTECTED]> wrote: > Hi, > > I am trying to setup policy but I keep

Policy filtering with postfix

Hi, I am trying to setup policy but I keep on getting all these "" in my log files. postfix/policy-spf[15755]: : testing: stripped [EMAIL PROTECTED], stripped [EMAIL PROTECTED] postfix/policy-spf[15755]: : SPF : sm

Internal Policy Routing

ecial routing which is easily done on linux with "policy routing" but i didn't found a similar function on bsd. My network layout look like this, remember this network is running in one box. internet---firewalljail(69.10.3.3) | interna

Tripwire Policy File

Hello, I'm trying to build a solid tripwire policy file. So far I have only found one resource to use: http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html Though this seems to be a good one it is written for 4.6. I'm not sure if this is a problem or not. So my question