Can I compile sendmail simply through the ports collection?
Hi, I was wondering if I can simply recompile sendmail from the ports collection for FreeBSD 7.1 server. I need to recompile the sendmail on the server to add Cyrus SASL2 support. The instructions on FreeBSD point to src /usr/src/usr.sbin/sendmail which doesn't exist and I was wondering if I could simply recompile using the ports collection. Here is the instructions about compiling the Cyrus sasl2 support: http://www.freebsd.org/doc/handbook/smtp-auth.html Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Anyone familiar with authsmtp service and Sendmail.
I am trying to configure my sendmail to send out the emails generated locally on the server using the authsmtp service. But all their documentations and all my tweaking has been completely useless. I get the following errors in the log: Sep 18 00:03:25 zara sm-mta[58380]: STARTTLS=client, relay=mail.authsmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Sep 18 00:03:35 zara sm-mta[58380]: o8I43OdE058378: to=, delay=00:00:11, xdelay=00:00:11, mailer=relay, pri=30260, relay=mail.authsmtp.com. [62.13.128.188], dsn=5.0.0, stat=Service unavailable Here is the content of my freebsd.mc divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3.4.1 2009/04/15 03:14:26 kensmith Exp $') OSTYPE(freebsd6) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') define(`SMART_HOST', `[mail.authsmtp.com]')dnl dnl FEATURE(`authinfo')dnl define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') define(`confBIND_OPTS', `WorkAroundBroken') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl Please help as I am going crazy I just can't get it to work! Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Bind Sendmail to an IP address
Hi, I have a Freebsd 7.2 installation and using Sendmail for the SMTP service. This server has two public interfaces and different IP addresses. I need to have sendmail configured so that the outbound emails are sent using a certain IP address (SPF rules). I have tried the following without any success: DAEMON_OPTIONS(`Addr=x.y.z.i')dnl Any help or suggestions would be greatly appriciated. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Sendmail SMTP server outgoing email rate
Hi, Is there a way that I could configure sendmail so that I could control the rate of outgoing emails? For example if there are 2 outbound emails destined for Yahoo.com server then they would be sent one connection at a time so that it is not flooding their server. Also, is there a limit on the incoming connection for sendmail? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
What happened to the colors in VIM 7.2?
It looks like the color schemas in VIM 7.2 are missing? Any ideas? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Sendmail client configuration to connect to ISP's SMTP server
What configuration do I need to set in my freebsd.submit.mc in order to connect to the ISP's SMTP server? The ISP is blocking all the emails unless it goes through their mail server, so I need my FreeBSD box to connect to the ISP's SMTP server for outbound emails. The client also needs to be authenticated as well. Please help Thanks Afi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sendmail client configuration to connect to ISP's SMTP server
> On Sun, 2009-12-27 at 01:13 +0100, Polytropon wrote: > > On Sat, 26 Dec 2009 17:50:39 -0600, Lane Holcombe wrote: > > > Check out SMART_HOST in /usr/src/contrib/sendmail/cf/README > > > > I'm using the SMART_HOST functionality, too. But there's > > no authentification (username + password). The relay I'm > > using - my ISP's - seems to be happy with a valid IP from > > their range. > > > > > See if /usr/ports/mail/sendmail-sasl is what you need > > My ISP requires authentication, so I had to install that port and then > add the "AuthInfo" line in /etc/mail/access > > My ISP is only using plain authentication, but sasl will work for more > exotic needs, I understand. > > But, of course, if it ain't broke then don't try to fix it :) > > lane > ~ The bikeshed should be orange for this to work properly ... > So does the SMART_HOST work with gmail as well? Can someone post a sample mc file? Many thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD 6.3 installation hacked
My server installation of FreeBSD 6.3 is hacked and I am trying to find out how they managed to get into my Apache 2.0.61. This is what I see in my http error log: [Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting down [Mon Sep 21 02:00:14 2009] [notice] Apache/2.0.61 (FreeBSD) PHP/5.2.5 mod_jk/1.2.25 configured -- resuming normal operations wget: not found Can't open perl script "/tmp/shit.pl": No such file or directory wget: not found Can't open perl script "zuo.txt": No such file or directory curl: not found Can't open perl script "zuo.txt": No such file or directory lwp-download: not found Can't open perl script "zuo.txt": No such file or directory lynx: not found Can't open perl script "zuo.txt": No such file or directory zuo.txt 11 kB 56 kBps wget: not found Can't open perl script "/tmp/shit.pl": No such file or directory wget: not found Can't open perl script "zuo.txt": No such file or directory curl: not found Can't open perl script "zuo.txt": No such file or directory lwp-download: not found Can't open perl script "zuo.txt": No such file or directory lynx: not found Can't open perl script "zuo.txt": No such file or directory zuo.txt 11 kB 107 kBps Died at zuo.txt line 20. GET: not found Can't open perl script "zuo.txt": No such file or directory wget: not found Can't open perl script "zuo.txt": No such file or directory curl: not found Can't open perl script "zuo.txt": No such file or directory lwp-download: not found Can't open perl script "zuo.txt": No such file or directory lynx: not found Can't open perl script "zuo.txt": No such file or directory zuo.txt 11 kB 108 kBps Died at zuo.txt line 20. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 6.3 installation hacked
I found a script in /tmp directory which could have been uploaded using php or Java. How would they execute the code in /tmp directory? I couldn't figure it out. Thanks - Original Message From: Leandro Quibem Magnabosco To: Aflatoon Aflatooni Cc: freebsd-questions@freebsd.org Sent: Tuesday, September 22, 2009 8:51:05 AM Subject: Re: FreeBSD 6.3 installation hacked Aflatoon Aflatooni escreveu: > My server installation of FreeBSD 6.3 is hacked and I am trying to find out > how they managed to get into my Apache 2.0.61. > This is what I see in my http error log: > > [Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting down > [Mon Sep 21 02:00:14 2009] [notice] Apache/2.0.61 (FreeBSD) PHP/5.2.5 > mod_jk/1.2.25 configured -- resuming normal operations > wget: not found > Can't open perl script "/tmp/shit.pl": No such file or directory > wget: not found > Can't open perl script "zuo.txt": No such file or directory > curl: not found > Can't open perl script "zuo.txt": No such file or directory > lwp-download: not found > Can't open perl script "zuo.txt": No such file or directory > lynx: not found > Can't open perl script "zuo.txt": No such file or directory > zuo.txt 11 kB 56 kBps > ... It does not look they entered using any apache bug. Probably you had a world writable directory and they managed to access it by ftp (or any other way) and sent a file containing commands to it. Once it is there, they've 'called' the file using apache to execute whatever was in there (probably binding a shell to some port) in order to get access to the box. -- Leandro Quibem Magnabosco. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
hardening guideline for Freebsd 7.2
Hi, Is there a hardening guideline for Freebsd 7.2? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
changing port options in Freebsd
What is the best way to change an option on an installed port? should I deinstall and then reinstall with the updated options on the port? Also what was the command to change the options through make? Thanks in advance ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Whic mail server?
Hi, I am running a server that is acting as the mail server for only internal users (about 50 users). Currently we are running Sendmail, but reading on other discussions I noticed that qmail and other programs are suggested. I am wondering if qmail is thought to be better than sendmail. Is there a matrix of features and functionalities that would compare the different mail servers? Any suggestions on spam filters like spam-assassin? Thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Whic mail server?
Thanks, I am running Sendmail on FreeBSD and it is working. I have worked with Sendmail for years and have configured and using it successfully, but with sendmail there is so many things that you could configure you are not sure if you have it configured correctly. I generate my sendmail.cf using m4 and it works, but I find that there are always new changes that you need to stay on top of. Is there a recommended mc file for running a Sendmail mail server? I am also using procmail as well. Thanks - Original Message From: Saifi Khan To: freebsd-questions@FreeBSD.ORG Sent: Monday, September 28, 2009 7:38:06 AM Subject: Re: Whic mail server? On Sun, 27 Sep 2009, Aflatoon Aflatooni wrote: > Hi, > I am running a server that is acting as the mail server for only internal > users (about 50 users). Currently we are running Sendmail, but reading on > other discussions I noticed that qmail and other programs are suggested. > I am wondering if qmail is thought to be better than sendmail. Is there a > matrix of features and functionalities that would compare the different mail > servers? > Any suggestions on spam filters like spam-assassin? > > > Thank you > Hello Aflatoon Aflatooni: Are you running Sendmail on FreeBSD ? If yes, what issue are you facing ? and what did you read ? thanks Saifi. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
usenet configuration
Can someone point me to what software I need to install in order to provide a usenet service for internal users? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: usenet configuration
What is needed in order to run nntp? How does nntp connect to other news servers? Where do you define the news groups that the server would subscribe to? Any pointers or suggested configuration? Thanks - Original Message From: Lowell Gilbert To: Aflatoon Aflatooni ; freebsd-questions@freebsd.org Sent: Thursday, October 1, 2009 10:12:56 AM Subject: Re: usenet configuration Odhiambo Washington writes: > On Thu, Oct 1, 2009 at 4:21 PM, Aflatoon Aflatooni > wrote: > >> Can someone point me to what software I need to install in order to provide >> a usenet service for internal users? > > > > cd /usr/ports > make search key=usenet Or better yet, "nntp". I think cnews is still the standard server software, but there are a bunch of alternatives that might be easier for a small installation. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
migrating users from one machine to another machine
What is the best way of migrating users from one machine (FreeBSD 6.3) to a new machine (FreeBSD 7.2)? I need to migrate their user account settings (shell, password, expiry etc) and also their data that they have in their directories. Many thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
php5 error in FreeBSD 7.2
Hi, I am getting the following error in php5: Internal pcre_fullinfo() error I have tried rebuilding, but it doesn't seem to help. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: php5 error in FreeBSD 7.2
So I did find a thread about this and the used the following solution to fix
the problem:
- Edit /usr/ports/lang/php5/Makefile and add the following line to the
configuration arguments:
--with-pcre-regex
So your Makefile should have:
CONFIGURE_ARGS= \
--with-layout=GNU \
--with-config-file-scan-dir=${PREFIX}/etc/php \
--disable-all \
--enable-libxml \
--with-libxml-dir=${LOCALBASE} \
--with-pcre-regex \
--enable-reflection \
--program-prefix=""
Aflatoon
- Original Message ----
From: Aflatoon Aflatooni
To: freebsd-questions@freebsd.org
Sent: Friday, October 2, 2009 11:45:08 AM
Subject: php5 error in FreeBSD 7.2
Hi,
I am getting the following error in php5:
Internal pcre_fullinfo() error
I have tried rebuilding, but it doesn't seem to help.
Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: php5 error in FreeBSD 7.2
- Original Message
> From: Glen Barber
> To: Aflatoon Aflatooni
> Cc: freebsd-questions@freebsd.org
> Sent: Friday, October 2, 2009 5:22:48 PM
> Subject: Re: php5 error in FreeBSD 7.2
>
> Hi,
>
> On Fri, Oct 2, 2009 at 8:50 PM, Aflatoon Aflatooni wrote:
> > So I did find a thread about this and the used the following solution to
> > fix
> the problem:
> >
> > - Edit /usr/ports/lang/php5/Makefile and add the following line to the
> configuration arguments:
> > --with-pcre-regex
> >
> > So your Makefile should have:
> > CONFIGURE_ARGS= \
> > --with-layout=GNU \
> > --with-config-file-scan-dir=${PREFIX}/etc/php \
> > --disable-all \
> > --enable-libxml \
> > --with-libxml-dir=${LOCALBASE} \
> > --with-pcre-regex \
> > --enable-reflection \
> > --program-prefix=""
> >
>
> Alternatively, installing devel/php5-pcre should do the trick.
>
> HTH.
>
> --
> Glen Barber
That is the first thing that I tried but it wouldn't work and therefore my
original question.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: php5 error in FreeBSD 7.2
- Original Message > From: Glen Barber > To: Aflatoon Aflatooni > Cc: freebsd-questions@freebsd.org > Sent: Friday, October 2, 2009 7:44:39 PM > Subject: Re: php5 error in FreeBSD 7.2 > > On Fri, Oct 2, 2009 at 5:51 PM, Aflatoon Aflatooni wrote: > > > > That is the first thing that I tried but it wouldn't work and therefore my > original question. > > > > True, but you didn't say what you tried rebuilding. :-) > > > -- > Glen Barber It is strange but PHP is extra slow. I am not too familiar with PHP, can anyone point me to what I should look at? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Apache20 port on FreeBSD 7.2 does a core dump
Hi, I am getting a lot of core dumps and Apache20 freezing. I have installed the porting using the following make: make WITHOUT_MODULES="ssl status speling imap auth_dbm auth_digest dav dav_fs cern_meta cgi include" install any suggestions as to how I might find out what is causing the problem and the core dumps. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache20 port on FreeBSD 7.2 does a core dump
> Aflatoon Aflatooni writes: > > > I am getting a lot of core dumps and Apache20 freezing. > > I have installed the porting using the following make: > > > > make WITHOUT_MODULES="ssl status speling imap auth_dbm auth_digest dav > > dav_fs > cern_meta cgi include" install > > > > any suggestions as to how I might find out what is causing the problem and > > the > core dumps. > > The first thing I'd try is re-including the excluded modules. > If you no longer get the crashes, you can start narrowing in on which > one is involved. If you still get the crashes, you'll have to start > looking at the core files. > > I'm assuming you're not used to using a debugger on a core file, > on the theory that you would have done that already if you were > comfortable with it. > I originally had them included and I was getting the core dumps, but I removed them because I don't need them and I am still getting the core dumps. This is a production box and it would be hard to have debugger turned on. I don't know if it would be helpful, but PHP is also really slow on this machine. I know that PHP would cause a dump in the php.core file and not apache.core. How do I inspect the core file to find out which module caused it? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache20 port on FreeBSD 7.2 does a core dump
> On Sat, 3 Oct 2009 13:38 -, aaflatooni wrote: > > >> Aflatoon Aflatooni writes: > >> > >>> I am getting a lot of core dumps and Apache20 freezing. > >>> I have installed the porting using the following make: > >>> > >>> make WITHOUT_MODULES="ssl status speling imap auth_dbm auth_digest dav > dav_fs > >> cern_meta cgi include" install > >>> > >>> any suggestions as to how I might find out what is causing the problem > >>> and > the > >> core dumps. > >> > >> The first thing I'd try is re-including the excluded modules. > >> If you no longer get the crashes, you can start narrowing in on which > >> one is involved. If you still get the crashes, you'll have to start > >> looking at the core files. > >> > >> I'm assuming you're not used to using a debugger on a core file, > >> on the theory that you would have done that already if you were > >> comfortable with it. > >> > > > > I originally had them included and I was getting the core dumps, but I > > removed > them because I don't need them and I am still getting the core dumps. > > > > This is a production box and it would be hard to have debugger turned on. > > I don't know if it would be helpful, but PHP is also really slow on this > machine. I know that PHP would cause a dump in the php.core file and not > apache.core. > > > > How do I inspect the core file to find out which module caused it? > > > > Thanks > > > > > > Have you any special php5 modules loaded. I had a problem with I want to > recall > three or more extensions that would cause apache2X to dump core or halt in > doing > > any further actions upon request. > > If the above is the case you can disable some or all of your php5-extensions > in > local/etc/php/extensions.ini to test it out. > > Best of luck. Thanks, I followed your suggestion and removed all but the necessary modules from the extensions.ini. I will have to wait and see if it helps the core dumps. So at this time I have the following in the extensions: extension=gd.so extension=mcrypt.so extension=mysql.so extension=simplexml.so extension=spl.so extension=mysqli.so extension=session.so extension=tokenizer.so extension=xml.so PHP is still slow though! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache20 port on FreeBSD 7.2 does a core dump
> > On Sat, 3 Oct 2009 13:38 -, aaflatooni wrote: > > > > >> Aflatoon Aflatooni writes: > > >> > > >>> I am getting a lot of core dumps and Apache20 freezing. > > >>> I have installed the porting using the following make: > > >>> > > >>> make WITHOUT_MODULES="ssl status speling imap auth_dbm auth_digest dav > > dav_fs > > >> cern_meta cgi include" install > > >>> > > >>> any suggestions as to how I might find out what is causing the problem > > >>> and > > > the > > >> core dumps. > > >> > > >> The first thing I'd try is re-including the excluded modules. > > >> If you no longer get the crashes, you can start narrowing in on which > > >> one is involved. If you still get the crashes, you'll have to start > > >> looking at the core files. > > >> > > >> I'm assuming you're not used to using a debugger on a core file, > > >> on the theory that you would have done that already if you were > > >> comfortable with it. > > >> > > > > > > I originally had them included and I was getting the core dumps, but I > removed > > them because I don't need them and I am still getting the core dumps. > > > > > > This is a production box and it would be hard to have debugger turned on. > > > I don't know if it would be helpful, but PHP is also really slow on this > > machine. I know that PHP would cause a dump in the php.core file and not > > apache.core. > > > > > > How do I inspect the core file to find out which module caused it? > > > > > > Thanks > > > > > > > > > > Have you any special php5 modules loaded. I had a problem with I want to > recall > > three or more extensions that would cause apache2X to dump core or halt in > doing > > > > any further actions upon request. > > > > If the above is the case you can disable some or all of your > > php5-extensions > in > > local/etc/php/extensions.ini to test it out. > > > > Best of luck. > > > Thanks, > I followed your suggestion and removed all but the necessary modules from the > extensions.ini. I will have to wait and see if it helps the core dumps. > > So at this time I have the following in the extensions: > extension=gd.so > extension=mcrypt.so > extension=mysql.so > extension=simplexml.so > extension=spl.so > extension=mysqli.so > extension=session.so > extension=tokenizer.so > extension=xml.so > > PHP is still slow though! > Just an update: I still get the httpd.core dumps and PHP5 is visibly slower. Nothing has helped the situation. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Daily run reports
Hi, I am wondering what process generates the following reports: security run output daily run output monthly run output In my FreeBSD 6.3 I had these reports emailed to root, but I haven't recieved them in my new installation of FreeBSD 7.2. Can I also get a similar report generated for Tripwire? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Multihome on FreeBSD 7.2
Hi, I have a DELL server with dual port nic card on it. The NICs are connected to the same VLAN. I would like to configure the server so that both NIC cards are redundant that if one goes down the second one would pick up and continue. So I would need both ports to be configured with the same IP addresses of the server. Is there something that I need to configure or add to /etc/rc.conf? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Security blocking question
Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security blocking question
- Original Message > From: Gary Gatten > To: Adam Vande More ; Aflatoon Aflatooni > > Cc: freebsd-questions@freebsd.org > Sent: Fri, October 9, 2009 5:53:10 PM > Subject: RE: Security blocking question > > I might also add, if it's only a handful that have legitimate access > requirements, maybe black hole all ip's from locations (countries, etc.) > they'll never be in. We see a lot of bad traffic from well, certain > countries and we simply null route them. Or if I feel like playing a > bit I'll route them to a tar-pit and honey pot just to see what they do. > Pretty entertaining sometimes! :) > > My experience has been that honeypot is good to catch internal hackers. I have also noticed that we get dictionary attacks from zombies in North America. I have managed to capture a Perl script that they use and it just retransmits the command from the IP of the server that have the Perl script installed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security blocking question
> > > > Is there a way that I could configure the server so that if there are for > example X attempts from an IP address then for the next Y hours all the SSH > requests would be ignored from that IP address? There are only a handful of > people who have access to that server. > > Yes. > > In pf.conf: > > table persist > > [...] > > block drop in log quick on $ext_if from > > [...] > > pass in on $ext_if proto tcp \ > from any to $ext_if port ssh \ > flags S/SA keep state \ > (max-src-conn-rate 3/30, overload flush global) > > plus you'll need to add a cron job to clear old entries out of the > ssh-bruteforce > table after a suitable amount of time has passed. Use expiretable to do > that. Note: in practice I've found that it's a *really good idea* to > implement > a SSH whitelist of addresses that will never be bruteforce blocked like this > -- > it's very easy to lock yourself out even if everything you're doing is > entirely > legitimate. Coding that is left as an exercise for the reader. > What is the best way of testing the PF rule? Is there a quick way to mimic a brute force? Is there a way that I could review the content of the table through pfctl -s all Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security blocking question
> Aflatoon Aflatooni wrote:
> >>> Is there a way that I could configure the server so that if there are for
> >> example X attempts from an IP address then for the next Y hours all the
> >> SSH
> requests would be ignored from that IP address? There are only a handful of
> people who have access to that server.
> >>
> >> Yes.
> >>
> >> In pf.conf:
> >>
> >> table persist
> >>
> >> [...]
> >>
> >> block drop in log quick on $ext_if from
> >> [...]
> >>
> >> pass in on $ext_if proto tcp \
> >> from any to $ext_if port ssh \
> >> flags S/SA keep state \
> >> (max-src-conn-rate 3/30, overload flush global)
> >>
> >> plus you'll need to add a cron job to clear old entries out of the
> ssh-bruteforce
> >> table after a suitable amount of time has passed. Use expiretable to do
> >> that. Note: in practice I've found that it's a *really good idea* to
> implement a SSH whitelist of addresses that will never be bruteforce blocked
> like this -- it's very easy to lock yourself out even if everything you're
> doing
> is entirely legitimate. Coding that is left as an exercise for the reader.
> >>
> >
> > What is the best way of testing the PF rule? Is there a quick way to mimic
> > a
> brute force? Is there a way that I could review the content of the table
> through
> pfctl -s all
>
> To test, you need access to a machine not in your whitelist from where you
> can try ssh'ing into the protected machine several times in rapid sequence.
> 3 times in 30s sounds quite fast, but it is actually not to hard to achieve
> accidentally, especially if you use tools like rsync over SSH transport. You
> should have a login concurrently from some other IP or on the console,
> otherwise
> you will lock yourself out.
>
> To see what IPs have been added to the ssh-bruteforce table and when and what
> traffic has been blocked:
>
> # pfctl -vv -t ssh-bruteforce -T show
>
> To manually delete an IP from the ssh-bruteforce table:
>
> # pfctl -t ssh-bruteforce -T delete 12.34.56.78
>
> As noted elsewhere in this thread, instead of using expiretable, you can run
> this
> out of cron to expire addresses over a day old from the ssh-bruteforce
> blocklist:
>
> # pfctl -t ssh-bruteforce -T expire 86400
>
> The pfctl(8) man page is pretty illuminating.
>
> Cheers,
>
> Matthew
>
Thanks,
I have the following in my pf.conf:
ext_if="bge0"
# Public Services -- smtp, http, pop3s
tcpPubServices = "{ 25, 80, 995 }"
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set limit { states 1, frags 5000 }
#set loginterface none
set optimization normal
set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
set skip on lo0
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all
pass out all
block in log all
table { }
block in quick from to any
pass in on $ext_if inet proto tcp from any to any port $tcpPubServices flags
S/SA synproxy state
pass in on $ext_if inet proto tcp from any to any port ssh modulate state
(source-track rule max-src-nodes 8 max-src-conn 8 max-src-conn-rate 3/60
overload flush global)
And I have tried to make a lot of ssh connections to the box and killing them
with ctrl-c or bad-password but nothing gets added to the table. There isn't
anything in the log either. How would I go about figuring out what is wrong?
Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
