Re: server name
Hi, From the keyboard of michael Christie, written on Mon, Feb 21, 2005 at 09:31:23PM +1100: I see what you mean, that may not help me as my host name is an ip address running in a jail. There for my host name at the command prompt is 192# if I change the ip to a name in the /etc/rc.conf I do not think the jail will run. A hostname is not an IP-address. For a jail, the hostname is given in the commandline. You should change that for in case you have to restart the jail. Also, you should update /etc/hosts and /etc/rc.conf to refect the changes. This might be needed for e.g. running services like Apache and MySQL. Keep in mind, from man(8) jail: NOTE: If you plan to allow untrusted users to have root access inside the jail, you may wish to consider setting the security.jail.set_hostname_allowed sysctl variable to 0. Please see the management discussion later in this document as to why this may be a good idea. If you do decide to set this variable, it must be set before starting any jails, and once each boot. Grtz, -- Eilko. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: login permission over scp
Hi, From the keyboard of ??, written on Thu, Feb 17, 2005 at 11:42:11AM +0300: i need only secure copy, but must give full user shell to user [EMAIL PROTECTED] on host B. if attaker take control of A, he can shell to [EMAIL PROTECTED] setting /sbin/nologin to shell [EMAIL PROTECTED] scp not work what can i do to reduce permission [EMAIL PROTECTED] You can use rssh from the ports: $ cat /usr/ports/shells/rssh/pkg-descr rssh is a Restricted Secure SHell that allow only the use of sftp or scp. It could be use when you need an account (and a valid shell) in order to execute sftp or scp but when you don't want to give the possibility to log in to this user. WWW: http://www.pizzashack.org/rssh/index.shtml - enigmatyc [EMAIL PROTECTED] $ Grtz, -- Eilko. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security for webserver behind router?
From the keyboard of Ted Mittelstaedt, written on Wed, Jan 19, 2005 at 11:25:00PM -0800: I am running Apache 1.3.33, as you suggest I should. You say as long as Apache is secure; what should I do to be sure that Apache is secure? Nothing, you nor nobody can do this. All you can do is subscribe to the Apache mailing list and if someone discovers a hole in Apache at some point in the future, then you can immediately patch your installation with the inevitable patch that will shortly follow. Don't forget that Apache's nature is offering content. What about unsafe PHP/CGI-scripts? You can secure Apache, but that doesn't help when your webapplication is a big hole to your system. Just my 0.2$c Grtz, -- Eilko. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to get it online
Hi, From the keyboard of Bagus, written on Wed, Dec 22, 2004 at 10:20:21AM -0600: ifconfig fxp0: flags =8802 bradcast, simplex, multicast mtu 1500 options =8VLAN_MTU ether 00:a0:c9:e6:11:b1 media: Ethernet autoselect (100baseTX full-duplex) status:active You don't appear to have an IP-address assigned. Most probably the DHCP- negotiation failed. You don't tell who your ISP is. DHCP-configurations may differ from ISP to ISP. You will have to configure your /etc/dhclient.conf I guess, e.g. with (amongst others) send host-name your-hostname-known-by-ISP. (man 5 dhclient.conf). After configuring it, retyry DHCP: # dhclient fxp0 ping freebsd.org ping: cannot resolve freebsd.org: Host name lookup failure. Right. If DHCP from your cable ISP failes, most probably your /etc/resolve.conf will not be modified/added. And therefor lookups will fail. As an aside, I'm stunned this isn't a FAQ or part of the freebsd manual: How to get your computer online. Really I'd rather not be posting this question to a mailing list. It seems so basic, yet I can't find an answer out there. If anyone has any references, I'd appreciate it. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html Of course, since DHCP configuration may differ from ISP to ISP, I guess it is too much work to add all those to the handbook. Maybe search engines can point you to a proper references. Or, if you name your ISP on this list, someone here might help you. Cheerz, -- Eilko Bos. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]