Re: sshd logging with key-only authentication
On Thu, 8 Jul 2010, Glen Barber wrote:
I've been seeing quite a bit of ssh bruteforce attacks which appear to be
dictionary-based. That's fine; I have proper measures in place, such as
key-only access, bruteforce tables for PF, and so on; though some of the
attacks are delaying login attempts, bypassing the bruteforce rules, but that
isn't the reason for this post.
What caught my interest is if I attempt to log in from a machine where I do
not have my key or an incorrect key, I see nothing logged in auth.log about a
failed login attempt. If I attempt with an invalid username, as expected, I
see 'Invalid user ${USER} from ${IP}.'
I'm more concerned with ssh login failures with valid user names. Looking at
crypto/openssh/auth.c, allowed_user() returns true if the user is not in
DenyUsers or DenyGroups, exists in AllowUsers or AllowGroups (if it is not
empty), and has an executable shell. I'm no C hacker, but superficially it
looks like it can never meet a condition where the user is valid but the key
is invalid to trigger a log entry.
Is this a bug in openssh, or have I overlooked something in my configuration?
With LogLevel VERBOSE, you should get entries like
sshd[88595]: Failed publickey for root from 130.95.13.18 port 41256 ssh2
Is that what you're after?
David Adam
zanc...@ucc.gu.uwa.edu.au
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd logging with key-only authentication
On Thu, 8 Jul 2010, Glen Barber wrote:
On 7/8/10 10:24 PM, David Adam wrote:
On Thu, 8 Jul 2010, Glen Barber wrote:
What caught my interest is if I attempt to log in from a machine
where I do not have my key or an incorrect key, I see nothing logged
in auth.log about a failed login attempt. If I attempt with an
invalid username, as expected, I see 'Invalid user ${USER} from
${IP}.'
I'm more concerned with ssh login failures with valid user names.
Looking at crypto/openssh/auth.c, allowed_user() returns true if the
user is not in DenyUsers or DenyGroups, exists in AllowUsers or
AllowGroups (if it is not empty), and has an executable shell. I'm
no C hacker, but superficially it looks like it can never meet a
condition where the user is valid but the key is invalid to trigger
a log entry.
Is this a bug in openssh, or have I overlooked something in my
configuration?
With LogLevel VERBOSE, you should get entries like
sshd[88595]: Failed publickey for root from 130.95.13.18 port 41256 ssh2
Is that what you're after?
Sort of, but do I really need to set verbose logging to find that valid users
are used in SSH attacks? root is an obvious target, which in my scenario is
not allowed. I'm concerned about more specific, allowed users.
It's just an example I pulled out of the logs. You won't get that message
for users listed in DenyUsers, although you will get spaff if the denied
user attempts password authentication.
To me, verbose SSH logging doesn't seem like too big a burden,
particularly if coupled with tools like sshit/sshdeny or logwatch. I
encourage you to experiment; you could even try patching sshd to emit the
relevant log lines at a lower debug level if you want.
David Adam
UCC Wheel Group
zanc...@ucc.gu.uwa.edu.au
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: 7.1 new install halts on BTX error
On Mon, 2 Mar 2009, John Baldwin wrote: On Wednesday 28 January 2009 10:13:46 pm David Adam wrote: I upgraded my 7.0 system to 7.1-RELEASE with freebsd-update only to find that it no longer boots correctly, instead crashing with a BTX backtrace. If I break to the loader prompt and use 'ls /boot', I also get a backtrace. snip I wonder if your stack is growing into the heap (the GPT stuff made the loader a bit bigger). You can try something like this: Hi John, I tired -CURRENT when the previous changes were committed (see my previous email on Mar 1). I can confirm that -CURRENT with that patch applied now boots fine on my system. Thanks, David Adam zanc...@ucc.gu.uwa.edu.au ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
7.1 new install halts on BTX error
I upgraded my 7.0 system to 7.1-RELEASE with freebsd-update only to find that it no longer boots correctly, instead crashing with a BTX backtrace. If I break to the loader prompt and use 'ls /boot', I also get a backtrace. A new install of 7.1 on this hardware using a separate SCSI card and drive array also leads to a BTX backtrace. I have copied this below as the first (most repeatable) error and also included the other problems. A fresh install of 7.0 works fine. FreeSBIE 1.0, based on FreeBSD 5.3, also boots fine and will happily list the contents of the original drive's /boot in the loader, although refuses to load the kernel. The FreeBSD 7.1 install CD also boots and allows me to install over FTP. I have run into BTX problems on this machine before under -CURRENT (see http://lists.freebsd.org/pipermail/freebsd-current/2008-October/089460.html ). Dmesg from 7.0 in http://www.freebsd.org/cgi/query-pr.cgi?prp=125769-1-txtn=/patch.txt A new install of 7.1-RELEASE on separate disks leads to this backtrace: int=000d err=1840 efl=00010207 eip=0511 eax=04551364 ebx= ecx=00495cae edx=00495cae esi=0009 edi=0001 ebp= esp=00495cae cs=002b ds=0033 es=0033fs=0033 gs=0033 ss=0033 cs:eip=17 00 00 00 00 00 00 0c-00 00 00 00 00 00 00 b9 ae 5c 49 00 00 00 00 b9-ae 5c 49 00 00 00 00 c8 ss:esp=43 18 3c 01 74 08 3c 04-0f 85 e4 00 00 00 0f b6 43 19 88 86 94 00 00 00-c7 46 30 00 00 00 00 3c BTX error on boot with the 7.0 partition that has been upgraded to 7.1: int=000d err= efl=00010a92 eip=0430 eax=ff4c ebx=6c94 ecx=0001 edx=0080 esi=0001 edi=9416 ebp= esp=0008f8b4 cs=002b ds=0033 es=002bfs=0033 gs=0033 ss=0033 cs:eip=6c 7f 94 48 00 00 00 00-0f af c1 47 00 00 00 00 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ss:eip=2b 00 00 00 33 00 00 00-00 0c 04 00 5f ad 08 04 00 00 00 00 0f 00 00 00-00 00 00 00 24 1c 06 00 BTX halted If I break to the loader prompt and try 'ls /boot', I get this backtrace: int=0006 err= efl=00010203 eip=00040c08 eax=00c6 ebx=0008 ecx=eb00 edx=00c6 esi=0004 edi=00c2 ebp= esp=0008f8b4 cs=002b ds=0033 es=002bfs=0033 gs=0033 ss=0033 cs:eip=8f 49 40 00 94 49 00 cb-00 00 04 00 00 00 fc 07 80 00 00 00 04 00 00 00-94 49 00 00 00 00 00 00 ss:eip=00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 BTX halted Any thoughts or suggestions? I will stay on 7.0 for now but have a fairly large supply of spare drives so I can test new installs if required. Thanks, David Adam zanc...@ucc.gu.uwa.edu.au ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: can not wake on lan after halt -p (or shutdown -p now) on releng_7 and releng_7_0
On Fri, 10 Oct 2008, Pyun YongHyeon wrote: On Fri, Oct 10, 2008 at 11:41:59AM +0800, David Adam wrote: On Mon, 6 Oct 2008, Georgi Iovchev wrote: I have a shutdown problem. I have a machine with gigabyte GA-G33M-DS2R motherboard. Integrated network card is Realtek 8111B. I can not wake the computer after I shutdown it from FreeBSD. It is a dualboot system - windows xp and freebsd. If I shutdown the computer from windows - later I can wake it up with magic packet. Even if i shutdown the machine on the boot menu with the power button - than later I can wake on lan. The only situation where I CANNOT wake it is when I shutdown the machine from freebsd (halt -p). First I tested with 7.0-RELEASE-p5 amd64 (RELENG_7_0) and than I upgraded to 7.1 PRERELASE amd64 (RELENG_7). I also tested with two network cards - the integrated one Realtek 8111B and another one Intel PRO1000PT PCI-E with WOL enabled. With both nics and both freebsd versions the situation is the same - after shutdown from bsd the computer is not able to wake on lan. The indication on the switch port says that after shut down there is active link. I have a similar problem with an Intel SR1200 Pentium 3-class system, using fxp(4) cards, although I haven't yet tried the `halt -p` command. fxp(4) should be taught to support WOL. Also note, not all fxp(4) hardwares support WOL. Both of the fxp(4) interfaces on my development system certainly support WOL, so although I'm no kernel programmer I'd be more than happy to test patches or provide developer access. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can not wake on lan after halt -p (or shutdown -p now) on releng_7 and releng_7_0
On Mon, 6 Oct 2008, Georgi Iovchev wrote: I have a shutdown problem. I have a machine with gigabyte GA-G33M-DS2R motherboard. Integrated network card is Realtek 8111B. I can not wake the computer after I shutdown it from FreeBSD. It is a dualboot system - windows xp and freebsd. If I shutdown the computer from windows - later I can wake it up with magic packet. Even if i shutdown the machine on the boot menu with the power button - than later I can wake on lan. The only situation where I CANNOT wake it is when I shutdown the machine from freebsd (halt -p). First I tested with 7.0-RELEASE-p5 amd64 (RELENG_7_0) and than I upgraded to 7.1 PRERELASE amd64 (RELENG_7). I also tested with two network cards - the integrated one Realtek 8111B and another one Intel PRO1000PT PCI-E with WOL enabled. With both nics and both freebsd versions the situation is the same - after shutdown from bsd the computer is not able to wake on lan. The indication on the switch port says that after shut down there is active link. I have a similar problem with an Intel SR1200 Pentium 3-class system, using fxp(4) cards, although I haven't yet tried the `halt -p` command. I was discussing WoL with a colleague recently and he suggested that on some Linux systems he needed to use `ethtool -s eth0 wol g` on every boot to maintain the WoL status. From the ethtool(1) manpage: wol p|u|m|b|a|g|s|d... Set Wake-on-LAN options. Not all devices support this. g Wake on MagicPacket(tm) From my reading, this might be necessary if the driver clears the flag during initialisation of the card. kern/83807 was filed to fix this issue for sis(4), but was never committed. However, work is apparently being done in 8-CURRENT to support exposing the WoL settings to ifconfig: see http://wiki.freebsd.org/WakeOnLan . Until that work lands in a release, I think we're out of luck. (Another administrator has also suggested that, on Linux at least, using the 'ifdown' command will destroy WoL status, but I don't think that's an issue here.) Hope that helps. I'm sure any contributions to the effort to add driver support will be appreciated. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: should looking at an interface with 'ifconfig' trigger a ?change ?
On Fri, 8 Aug 2008, Oliver Fromme wrote: Andrew Thompson wrote: ifconfig will cause the media status to be read from the hardware at which time the link change is generated as it is different to the stored value. Shouldn't that be considered a security flaw? After all, you can perform ifconfig $IF inside a jail to list the interface configuration, but you're not allowed to make any changes. Given your description above, it means that it is possible to modify the interface configuration (cause a failover) from within a jail. That's not good. I think that needs to be fixed, or at the very least it needs to be properly documented. I can't see how this is a security flaw. The link is already down; ifconfig is merely updating the OS' knowlege of the link status to be closer to reality. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] Which one is best MTA for me?
On Tue, 28 Aug 2007, David Magda wrote: On Aug 28, 2007, at 13:46, Clayton Milos wrote: I use qmail with vpopmail not because it's necessarily the best MTA but because I know it backwards. I've patched it and tweaked it so it runs like lightning but all the patching and tweaking tought me the guts of how it runs. If something goes wrong (which has happened two or three times) I can get the system back up in a flash, often before people realized that anything did go wrong. What happens if you win the lottery and decide to leave your place of employment? What does the organization do when the next person comes in and there's this high-specialized set up? On the upside, you're now irreplaceable and can't be fired. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND Configuration
On Fri, 29 Jun 2007, Torfinn Ingolfsen wrote: On Thu, 28 Jun 2007 23:17:59 -0700 Jeremy Chadwick [EMAIL PROTECTED] wrote: Pick a fake domain for yourself (such as home.lan or something that won't be used on the Internet; a fake TLD is the way to go). FWIW, '.local' is preferred by many these days. Example: machine.mydomain.local Off-topic, but this is a bad idea if you intend to run mDNS, also known as Rendezvous/Bonjour (Rendejour!) or Avahi, on your network. See http://www.avahi.org/wiki/AvahiAndUnicastDotLocal for more. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd. UseDNS no ignored?
On Wed, 29 Nov 2006, Dmitry Pryanishnikov wrote: I'm still wondering why OpenSSH is _so_ inferior to SSH.COM's ssh2 (which is also open-source)? Is it really open-source? I couldn't find any reference to source downloads or licensing terms on http://www.ssh.com/. It mentions OpenSSH as an open-source alternative. In the later product the following line in /usr/local/etc/ssh2/sshd2_config: ResolveClientHostName no _actually_ prevents DNS reverse lookups by the sshd2 (just checked it, my test machine has ssh2-nox11-3.2.9.1_5 installed from ports). It's not the only option which present in ssh2 while absent in OpenSSH, second very useful one is: AuthInteractiveFailureTimeout 10 which make SSH-password-guessing robots to give up after the first attempt ;) You might like to suggest these features to the OpenSSH developers! http://www.openssh.com/report.html Of course, when space is at a premium, Dropbear is the answer to your SSH questions. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
On Tue, 21 Nov 2006, Mark Hennessy wrote:
I have a new system that has FreeBSD 6.1 on it to replace a system with
FreeBSD 4.11 being put out of service.
I want to keep to using local root passwords only, but export other users'
logins over NIS. It acts presently as an NIS slave server.
The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
then 6.1.
All other machines are running FreeBSD 4.11.
A weird thing started to happen with the new machine. Only on this new
machine, the local root password doesn't work and only the root password
of the NIS master server will work to attain root. Perhaps something
needs to be changed somewhere to make the local root password work again?
Here's the /etc/nsswitch.conf from the master server:
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
Here's the /etc/nsswitch.conf from the slave server:
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
They both appear to be set to defaults.
I tried changing group and passwd to include 'files', I also tried
changing group_compat and passwd_compat to include 'files', but no
positive change.
Mark,
Careful here.
The line needs to read 'files nis', not 'nis files' - if you used the
latter, try switching it around so that the local /etc/passwd is checked
for root logins before NIS is consulted.
As I understand the man page, you want to change the {group,passwd}_compat
lines, not the {group,passwd} lines themselves.
I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers. They
are served by NIS as clients and all of their local root passwords work
fine.
From nsswitch.conf(5):
The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
imported from the NetBSD Project, where it appeared first in NetBSD 1.4.
The NIS section of the handbook contains no mention of nsswitch.conf(5),
so I'm not actually sure that it's required for system authentication.
David Adam
[EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
On Wed, 22 Nov 2006, Mark Hennessy wrote:
David Adam [EMAIL PROTECTED] wrote:
On Tue, 21 Nov 2006, Mark Hennessy wrote:
I have a new system that has FreeBSD 6.1 on it to replace a system with
FreeBSD 4.11 being put out of service.
I want to keep to using local root passwords only, but export other users'
logins over NIS. It acts presently as an NIS slave server.
The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
then 6.1.
All other machines are running FreeBSD 4.11.
A weird thing started to happen with the new machine. Only on this new
machine, the local root password doesn't work and only the root password
of the NIS master server will work to attain root. Perhaps something
needs to be changed somewhere to make the local root password work again?
snip
I tried changing group and passwd to include 'files', I also tried
changing group_compat and passwd_compat to include 'files', but no
positive change.
Mark,
Careful here.
The line needs to read 'files nis', not 'nis files' - if you used the
latter, try switching it around so that the local /etc/passwd is checked
for root logins before NIS is consulted.
As I understand the man page, you want to change the {group,passwd}_compat
lines, not the {group,passwd} lines themselves.
I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers. They
are served by NIS as clients and all of their local root passwords work
fine.
From nsswitch.conf(5):
The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
imported from the NetBSD Project, where it appeared first in NetBSD 1.4.
The NIS section of the handbook contains no mention of nsswitch.conf(5),
so I'm not actually sure that it's required for system authentication.
I'm a bit unsure about it myself.
I tried exactly what you suggested, putting files on the compat line and
before nis for both passwd and groups on the NIS slave server only, and no
go. Perhaps it is the master server that actually controls this? I don't
know. Any further advice would be greatly appreciated.
Just to clarify - you're running a single NIS master, and you're having
this problem on a new NIS client? Or is it a NIS slave server as well? I
don't think that this should affect things, but I just wanted to clear up
the nomenclature.
Hmm, odd. I don't know if you have to restart any services to pick up
changes in nsswitch.conf, but I doubt it.
However, re-reading the manpage reminded me that nsswitch doesn't actually
control authentication in many cases - PAM handles this, on Linux at any
rate.
Someone (quite possibly me) has kicked the cable out of my FreeBSD box, so
I can't check this at the moment, but you may well need to edit something
in /etc/pam.d. In particular, if you have NIS as sufficient, it'll take
precedence over pam_unix (i.e., files).
Cheers,
David Adam
[EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error applying libarchive.patch
On Thu, 9 Nov 2006, Simon Biber wrote: I tried installing FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive The patch failed. Am I doing something wrong? Is it not designed for my system? Correct. http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc notes that this only affects systems built from the 6-STABLE branch after 2006-09-05 05:23:51 UTC. oz# uname -a FreeBSD oz.caah.org 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu Oct 12 07:40:47 EST 2006 root@:/usr/obj/usr/src/sys/GENERIC i386 You're running 6.1-RELEASE, which does not fit this criteria. Your system is not vulnerable to the exploit. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whither cvsup11?
On Thu, 26 Oct 2006, Vivek Khera wrote: Did cvsup11 go away? I went to do my weekly cvsup of sources/ports and it is coming up host not found. It was very convenient since it happened to be in the same data center as me, making roundtrip packet times in the 5ms range :-) My last update from it was last week on the 19th. Vivek, Someone mentioned this a little while back: http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/103814 David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: very serious compiling issue
On Thu, 26 Oct 2006, Matt Smith wrote: Hey guys, I got a band new install of FreeBSD that will not compile. Stop code while compiling UnrealIRCD follows: snip gcc -I../include -I/usr/home/khawkins/Unreal3.2/extras/regexp/include -I/usr/hom e/khawkins/Unreal3.2/extras/c-ares/include -pipe -g -O2 -funsigned-char -fno-str ict-aliasing -DZIP_LINKS -export-dynamic -fPIC -DPIC -shared -DDYNAMIC_LINKING -o m_tkl.so m_tkl.c m_tkl.c: In function `_m_tkl': m_tkl.c:2187: internal compiler error: Segmentation fault: 11 Please submit a full bug report, with preprocessed source if appropriate. See URL:http://gcc.gnu.org/bugs.html for instructions. *** Error code 1 Stop in /usr/home/khawkins/Unreal3.2/src/modules. *** Error code 1 Stop in /usr/home/khawkins/Unreal3.2/src. *** Error code 1 Stop in /usr/home/khawkins/Unreal3.2. $ Is there something up with the FreeBSD download? Internal compiler errors in GCC are hardware problems in almost all cases. Check your CPU temperature, and the state of your RAM. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bad pte panic, no dump :(
On Wed, 28 Jun 2006, Larry Rosenman wrote: Greetings, FreeBSD/amd64 6.1-STABLE (June 18, 18:44 US/Central), running on Intel EM64T Xeons. got a one-off bad pte panic, and when it tried to dump to a gmirror slice, it hung. I've seen this, too, on FreeBSD 6.1-PRERELEASE #6: Thu Feb 9 01:01:54 WST 2006 i386. It only appears to occur under load, so I suspect a hardware problem. I am taking this server offline in the next few weeks to try and track it down. Hope it doesn't happen again! David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: prerelease
On Wed, 8 Mar 2006, Sam Stein wrote: So prerelease is stable now...? Why exactly.. (There's always one.) http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#RELEASE-CANDIDATE David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: OK - I'm stumped - where IS stable? Sorry if it seems like a dumb question but I looked in the handbook...
Mitch, On Mon, 2 Jan 2006, Mitch (Bitblock) wrote: From: Mitch \(Bitblock\) [EMAIL PROTECTED] Date: Sun, 1 Jan 2006 16:15:57 -0800 Sender: [EMAIL PROTECTED] The handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current- stable.ht ml#STABLE) references ftp://snapshots.jp.FreeBSD.org/pub/FreeBSD/snapshots/ - which doesn't seem to contain any 6.0 files newer than 2004? The main FTP site doesn't contain a branches folder for anything past 4.0-stable. Are formal stable releases not available for 6.0 yet? Just the current daily snapshots? [Mitch says:] Thanks to both of you for your reply - so basically, it seems that what was once documented... (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.ht ml) is no longer maintained? Should I point this out to someone on a doc list or something? Where CURRENT could be buggy and was not yet reviewed / fully tested, and STABLE was given an extra level of QA has at some point been abandoned then? Or are the CVS branches still in existence, but there is just no longer an ftp'able repository? My reason for looking at this is that I have some hardware which worked in 5.4, but does not in 6.0 RELEASE 0, so I thought I'd try to test bootable STABLE snapshots periodically to see if the problem gets fixed. The handbook seems to specifically state that STABLE branch should be able to be downloaded and installed like any normal RELEASE, but what you are saying is that I have to patch a 6.0 RELEASE now - does the stable code branch exist? Or am I likely to find unworkable snapshots? The handbook document should point to ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/ instead (I think there's a problem report with a patch under review). Yes, the -STABLE branch exists. That's how you would patch a 6.0-RELEASE system: using cvsup(1) to follow the STABLE branch changes. You'll probably want ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/Dec_2005/6.0-STABLE-SNAP010-i386-disc1.iso or ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/Dec_2005/6.0-STABLE-SNAP010-i386-bootonly.iso (long URLs, may wrap). Generally speaking, the snapshots will work. Yes, you should be able to just download and install them. However, because they're taken from a continually-moving branch, and aren't subject to a code freeze and rigorous review, they might have minor issues. It's unlikely, but if a snapshot explodes your computer, steals your children and wipes your credit cards, You Have Been Warned. I hope you have some luck with the snapshots - what hardware specifically isn't working? This list or freebsd-questions@freebsd.org may be able to help you. Cheers, David Adam [EMAIL PROTECTED] (FreeBSD paradise.ucc.gu.uwa.edu.au 6.0-STABLE FreeBSD 6.0-STABLE #5) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Release Schedule for 2006
Uwe, On Sun, 18 Dec 2005, Uwe Laverenz wrote: On Sat, Dec 17, 2005 at 06:44:48PM -0500, Kris Kennaway wrote: It looks like in the course of writing your long email you forgot to describe any of the problems you are having. I don't know his exact problems either, but I could name you a few examples that currently reduce the fun of using FreeBSD: - The sound sytem is broken in FreeBSD in all 5.x and 6 versions, and I would like to listen to a few mp3-files from time to time. If I was at work and I got a comment or a phone call like this, I would usually sigh heavily and, in a voice dripping with sarcasm, ask the exact same question that I'm going to ask you: How exactly is it broken? Actually, you should probably take it to -questions. snip other fairly vague descriptions - Keeping the system and the ports up to date gets more and more time consuming and risky (especially when compared to an apt-get update apt-get upgrade). For example, the last devel/pear update in the ports crashed my PHP installations on 2 development machines (still no clue how to fix this). I don't use PEAR, but wasn't there something in UPDATING about it? David Adam [EMAIL PROTECTED] UCC Wheel Member (who does plenty with apt, too, and will stick with the ports system thank you very much.) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache2, mod_python and nss_ldap: Coredump...
I can't help with most of your problem, but... On Thu, 10 Nov 2005, Johan Ström wrote: Is there any way to check if a lib is strip'd/got debug symbols or not? file(1) will tell you. /usr/obj/usr/src/lib/libmagic/compress.o: ELF 32-bit LSB relocatable, Intel 80386, version 1 (FreeBSD), not stripped strip(1) the file, and it becomes... /usr/obj/usr/src/lib/libmagic/compress.o: ELF 32-bit LSB relocatable, Intel 80386, version 1 (FreeBSD), stripped David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Advice sought on upgrading from 4.11-R to 5.4...
Brad, On Wed, 28 Sep 2005, Brad Knowles wrote: However, it would be nice if mergemaster could be made to automatically accept changes that occur only in the comments of the files it is trying to merge. That way, many fewer fluff changes would be presented during the merge process, and people would be left with needing to confirm changes regarding only actual functional code. It's been mentioned on this list before, but sysutils/etcmerge can often provide a much faster way of bringing your system up to spec. Takes a bit of getting used to, but definitely worthwhile. David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 router solicitation not being received
Mark, On Thu, 11 Aug 2005, Mark Andrews wrote: I have a problem in that the router solicitations are not being received by my FreeBSD IPv6 router unless I enable promiscuous mode on the tx0 interface. This causes delays to autoconf for other IPv6 boxes on the net until the periodic router announcement is sent. This leads me to believe that either the multicast hash function is wrong or the request for multicast reception on the interface is not getting through to the driver. rtadvd tx0 is running so theoretically it should be getting through. Anyone aware of any issues in this area? Yes the kernel is a bit old and needs to be updated. I have had similar problems with tx(4) on FreeBSD 6.0-BETA2, but unfortunately haven't had time to follow it up yet. (Just a headsup that this problem may still exist.) Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple consumers of /dev/dsp
Josef, On Thu, 21 Jul 2005, Josef Karthauser wrote: In the past I'm sure that we supported the mixing of audio in the kernel so that multiple applications could open /dev/dsp at the same time. Was this a function of the audio card driver, or of the audio subsystem? Currently on my new machine I don't get any mixing, and applications fail to open /dev/dsp if it's already open by something. The current hardware is: FreeBSD Audio Driver (newpcm) Installed devices: pcm0: Intel ICH4 (82801DB) at io 0xee00, 0xe000 irq 9 bufsz 16384 kld snd_ich (1p/1r/0v channels duplex default) Am I imagining that this use to the case or isn't it enabled by default? It's not on by default, AFAIK, but setting a couple of sysctls will allow you to have more than one program playing sound at once. # sysctl hw.snd.pcm0.vchans=4 # sysctl hw.snd.maxautovchans=4 Check out http://www.freebsd.org/doc/handbook/sound-setup.html#AEN8582 (the section titled 'Utilizing Multiple Sound Sources'). Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Atapicam problems
On Tue, 19 Jul 2005, John Van Sickle wrote: Anyone? Or is there another mailing list I should try? John, I'm afraid I can't help you myself, but you might want to try [EMAIL PROTECTED] Hope you have more luck there! David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD64 + Nvidia Display Card
Brett, On Wed, 13 Jul 2005, Brett Wildermoth wrote: I assume I am not the only one who is in this predicament. I have just bought seven AMD 64s with NVIDIA PCI-X graphics. With 5.4 I can get everything bar the network and X to work, with 6.0 I can get the network to work also. However no matter what I do I can't get X to work. Why doesn't NVIDIA make a graphics driver for FreeBSD AMD64. They make one for Linux x86-64 and one for FreeBSD-x86. I don't have an AMD64, but I can understand your frustration - I'm sure there are many others in the same boat (or who will be soon). I assume part of the reason is that it just adds an extra QA load to their Linux/FreeBSD team - although NVIDIA's stuff seems to be fairly portable, it's yet another architecture to get hardware for, test and build for, and so on. Hopefully, a bit of community pressure will encourage NVIDIA to provide the resources that you need - I know that I continue to buy their cards for my (rather inconsequential) uses because of their excellent FreeBSD support (in some cases, I've got higher FPS under FreeBSD than Windows). Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: UFS2 partition with negative used space
(The mail to this node is rather slow, so I'm sure someone else will have replied by now.) On Fri, 10 Jun 2005, Jean-Yves Lefort wrote: Filesystem SizeUsed Avail Capacity Mounted on /dev/ad0s1e989M-46M956M-5%/var/tmp Any hints? Yep: delete some files on /var/tmp. :-) If you're asking 'how can I have negative disk space?', you might want to read newfs(8) and tunefs(8), particularly the sections dealing with the -m flag. Basically, FreeBSD reserves 8% of the disk by default for maintenance reasons: it prevents fragmentation, among other things. The super-user can override these limitations, but it's a bad idea for any length of time. (I think I'm going to tell other Windows people that it just shows how much more efficient BSD is with your disk space.) Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: UFS2 partition with negative used space
Filesystem SizeUsed Avail Capacity Mounted on /dev/ad0s1e989M-46M956M-5% /var/tmp /me reads again. Whoa. In that case, I have no idea. Sorry for the spam. Yep: delete some files on /var/tmp. :-) [blah blah blah] Glad to know my words are appreciated, anyway. David Adam [EMAIL PROTECTED] UCC Wheel Member ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (SOLVED) 5.4RELEASE: problem with my ST34311A UDMA666 controller
Subhro, On Sat, 28 May 2005, Subhro wrote: This is not something new or unexpected. Windows are Linux run happily on a lot of garbage grade hardware. But FreeBSD is very fussy about hardware. Thats the reason why a Linux box CAN create strange situations due to hardware. But a FreeBSD box would not even be ready to boot up if it does not find everything in tiptop condition. Actually, I'm not so sure. I have had at least one case where FreeBSD (in safe mode) has been the only thing that will boot with a dodgy HDD installed. Linux (a 2.4 kernel, admittedly) and Windows both refused to start. I was rather glad, too, because it was the only way I could get data off that disk! Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron stops silently
Phil, On Fri, 27 May 2005, Phil Brennan wrote: Since updating our server to 5.4-STABLE, I've noticed a very strange problem with cron. Sometimes it just decides to stop, for no apparent reason. It stops at different times, it doesn't seem to be affected by any particular cronjob. There are no messages about this in any logfile, it just stops running and I have to start it manually. Obviously this is a major PITA. Can anyone help me to debug this problem further? I really don't know where to look. Searches of all freebsd mailing lists have turned up with nothing. I've only got access to a FreeBSD 4.11 machine at the moment, but have you tried the -x debug flags listed under cron(8)? (4.11 doesn't have rcNG, so I can't tell you where it's started or whether you'll need to redirect output, but I'm sure a bit of diggin around will show you.) Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Creating a mini install disk, for particular needs
On Wed, 11 May 2005, Chris Phillips wrote: We need a fairly painless way, to roll out a fresh install onto some random i386 hardware we have lying around (there's a plentiful supply), for any new users, who require a basic functioning GUI, with access to graphical email client, web browser 'rdesktop' (for the windows applications, that they are all hooked on). What I'd love to be able to do, is to create a FreeBSD (it's my favorite) CD, that contains all that I need for these basic systems. Either, set up so that the install is automated, with just the minimal of setup, or so that it's got all the packages that I want can all be installed straight off the CD (perhaps by choosing the All Packages option). Is what I've described actually possible? Would anyone be willing or able, to guide me toward a good resource that I can get reading? It would be very cool, if I could do this for our company. More bums on seats, for FreeBSD :) Chris, If you do want install CD (the other posters so far have looked at thin-client stuff), you might want to check out FreeSBIE and its customisation scripts. It's very straightforward to build a custom CD with things like RDesktop, and comes with a built-in installer (although it does require some extra work to get things like the source and ports trees). www.freesbie.org Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox port
On Fri, 18 Feb 2005, Dick Davies wrote: Is there a fix for the firefox advisory that portaudit keeps popping up? === firefox-1.0_7,1 has known vulnerabilities: = web browsers -- window injection vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/b0911985-6e2a-11d9-9557-000a95bc6fae.html = Please update your ports tree and try again. *** Error code 1 Yes, it was fixed by https://bugzilla.mozilla.org/show_bug.cgi?id=103638. This was backported to the Aviary branches, so Firefox 1.0.1 (due out some time next week - localisations are supposed to be finished by Monday) should have the fix. Not long now :-) Cheers, David Adam [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
