Re: NIS server/client on OpenBSD

[Edd Barrett]

On 2/10/06, Budhi Setiawan [EMAIL PROTECTED] wrote:

 Dear All,

 Can you give me a link HOWTO/FAQ/tutorial to create a NIS
 server/client on OpenBSD.



Found this on google, but dont know how accurate it is.

http://www.openbsdsupport.org/sharedhomes.html

I could have swore it was in the FAQ.

Regards

Edd

QUARANTINED: Returned mail: see transcript for details

[WorkgroupMail Content Filter]

The message Returned mail: see transcript for details from , sent on 
2/10/2006 08:07 was quarantined because it contained either an executable file, 
a batch file or a screen saver file. All of these types of attachments are 
considered security risks. Please consult your mail administrator who can 
release the message.

BSD on x86 and virus

[Siju George]

Hi,

BSD on x86 has also suffered at the hands of these maniac virus
coders, so much so that there are hardly any BSD x86 web servers on
the web that haven't been repeatedly p0wned.

http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html

is the above sentence even remotely true???

Thankyou so much

Kind Regards

Siju

Re: BSD on x86 and virus

[Nick Holland]

Siju George wrote:

Hi,

BSD on x86 has also suffered at the hands of these maniac virus
coders, so much so that there are hardly any BSD x86 web servers on
the web that haven't been repeatedly p0wned.

http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html

is the above sentence even remotely true???


No, that part was pretty clearly tongue-in-cheek sarcasm, poking fun at 
someone else's silly statements in another article.


Anyone who thinks they will evade viruses and not have to worry about 
security by simply running Mac OS(anything, including X) is:

  1) a fool
  2) ignorant of history.
(yes, there are lots of fools in the world)

I'm sure there are at least a few others old enough to remember the days 
when noted computer writers were heard to say things like, I doubt 
there are any real PC-based viruses and I don't think it is even 
possible to write a virus on a PC.  The later was clearly foolish, as 
many of us were using virus-like tricks to modify closed-source programs 
for constructive purposes long before the Mac even existed.  I'm sure I 
wasn't the only one who thought of the possibility of replication of 
such changes.


'course, anyone who thinks they can avoid viruses and not have to worry 
about security by /simply/ running OpenBSD is a step ahead, but still a 
fool...and perhaps too confident of history. :)


The Internet is nothing less than a free-for-all war zone.  Pretend it 
is less, you will get hurt.


Nick.

Re: BSD on x86 and virus

[Lars Hansson]

On Fri, 10 Feb 2006 17:10:41 +0530
Siju George [EMAIL PROTECTED] wrote:

 Hi,
 
 BSD on x86 has also suffered at the hands of these maniac virus
 coders, so much so that there are hardly any BSD x86 web servers on
 the web that haven't been repeatedly p0wned.
 
 http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html
 
 is the above sentence even remotely true???

It's ment to be ironic.

---
Lars Hansson

Re: BSD on x86 and virus

[Martin Schröder]

On 2006-02-10 17:10:41 +0530, Siju George wrote:
 BSD on x86 has also suffered at the hands of these maniac virus
 coders, so much so that there are hardly any BSD x86 web servers on
 the web that haven't been repeatedly p0wned.
 
 http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html

Troll somewhere else, please.

 is the above sentence even remotely true???

Have you even read the entire article?

Hint: http://en.wikipedia.org/wiki/Irony

Best
Martin
-- 
http://www.tm.oneiros.de

Re: BSD on x86 and virus

[Siju George]

On 2/10/06, Martin Schrvder [EMAIL PROTECTED] wrote:
 On 2006-02-10 17:10:41 +0530, Siju George wrote:
  BSD on x86 has also suffered at the hands of these maniac virus
  coders, so much so that there are hardly any BSD x86 web servers on
  the web that haven't been repeatedly p0wned.
 
  http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html

 Troll somewhere else, please.


I never did troll any list in my life :-)
And I never will :-)

Of cource I have asked stupid questions here and have been on the path
of learning since 3.5. So don't worry! it was never ever meant to
troll :-)

  is the above sentence even remotely true???

 Have you even read the entire article?


yes :-) but couldn't make out the sarcasm in it :-(

 Hint: http://en.wikipedia.org/wiki/Irony


Thanks a lot again for the link.

Kind Regards

Siju

Re: NIS server/client on OpenBSD

[Will H. Backman]

Edd Barrett wrote:

On 2/10/06, Budhi Setiawan [EMAIL PROTECTED] wrote:


Dear All,

Can you give me a link HOWTO/FAQ/tutorial to create a NIS
server/client on OpenBSD.





Found this on google, but dont know how accurate it is.

http://www.openbsdsupport.org/sharedhomes.html

I could have swore it was in the FAQ.

Regards

Edd



For some general theory, which makes the man pages easier to understand:
http://docs.sun.com/app/docs/doc/806-4077/6jd6blbd7?a=view

Re: BSD on x86 and virus

[Constantine A. Murenin]

On 10/02/06, Siju George [EMAIL PROTECTED] wrote:
 Hi,

 BSD on x86 has also suffered at the hands of these maniac virus
 coders, so much so that there are hardly any BSD x86 web servers on
 the web that haven't been repeatedly p0wned.

 http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20060209SecurityThroughObscurityThreatenedasMacsBecomeMorePopular.html

 is the above sentence even remotely true???

 Thankyou so much

 Kind Regards

 Siju

How could you just take a passage like that out of the context and
present it as a genuine by-itself idea? Clearly, the author said that
with sarcasm, the passage before this one was

virus writers are an incredibly stupid bunch who understand nothing
but 80x86 machine language, and moreover, that's all they need to know
to hack wreavoc on any operating system. That of course explains why
Windows viruses and worms have been so easily transported to Linux
systems, completely destroying any and all security there.

And to answer you question, yes, the article as a whole does seem to
be true, not just remotely true.

Constantine.

dynamically linked suid binaries - Request for enlightment

[Tilo Stritzky]

Hi list,

while doing some reading on secure software development 
(//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
I came across the advice always link your priviliged binaries
statically.

However a quick check on my system revealed me almost all suid/sgid
programs being dynamically linked (the two exceptions traceroute/traceroute6
startle me even more).

Since the advice makes sense to me (it keeps some rather
complicated machinery out of delicate matters)
I'm wondering why it is not followed on OpenBSD.

Are there other ways to simply 'do this right'?

I would apreciate any pointers for further reading on that matter.

No trolling intended, I'm just curious.

kind regards
tilo

Chase Bank Account Issue #76643JP-M212ax-@

[John P. Ster - - Chase Bank]

С 1 февраля 2004 г. изменяютс089 #1103; тарифы на 
доступ к сети Интернет
по коммутиру091 #1077;мым телефонны099 #1084; 
линиям и на услуги
размещени080 #1103; доменных имен,

Dear Chase client,

Due to concerns, for the safety and integrity of the Chase online banking
community we have issued the following warning message. It has come to
our attention that your account information needs to be confirmed due to
inactive customers, fraud and spoof reports. If you could please take
5-10 minutes out of your online experience and renew your records you
will not run into any future problems with the online service. However,
failure to confirm your records may result in your Chase account
suspension.

Once you have confirmed your Chase account records your internet banking
service will not be interrupted and will continue as normal.

To confirm your Chase bank account records please click here.

Thank you for your time,
Chase Billing Department

*Note - all details are processed automatically by our system  not
manually by service representatives, so you can confidently use your PIN
number without fear of your information being compromised .

Re: Bonehead question...

[B.O.F.H.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hah!  That took awhile, but the duplicate IP question got me
thinking down that path and I found the one-in-a-billion duplicate...

A duplicate _MAC_ address.

Whoa, that was a zebra.  But at least you all got me thinking down
some alternative paths and I was able to put a new NIC in the box.

Everything works now!

Thanks again,

- --
Ed V.

IBM: It's Better 'morrow


Stuart Henderson wrote:
 On 2006/02/09 12:24, B.O.F.H. wrote:
 Network card:

 Marvell Yukon 88E8001/8003/8010, rev 0x13, Marvell Yukon Lite (0x9)
 using the sk0 driver.

 It has an associated PHY of: Marvell Yukon 88E1011 Gigabit PHY, rev.
 5 using the eephy0 device.

 It's attached to port 2 of a Cisco 3524 10/100 switch and
 autodetects at 100baseT full-duplex.

 The other PC is attached to port 4 of the same switch and is in the
 same VLAN group.
 
 That doesn't fit with any of the things I thought of (short nat or
 firewall timeouts or devices having trouble with rfc1323, which I've seen
 on some ADSL routers)...
 
 There aren't any IP address conflicts, I take it? That may cause
 something like this, but I guess you probably would have noticed.
iQIVAwUBQ+zWgafRmhqF/IZAAQqxzg/+ODq4eLXdTg/KoLCDNnkWwDMnIToM+6Fv
+SVJofl9AziNqeGeVS2lR6WlDiaR3hMkcIf3shmjybWOvZqTntwZ4vGwhkyg/Lbq
TfjtU2j5KdAMVjITtrTuemy4aq1llov/k7J4KGAdYWhJano8hftmienelWKqJWJe
sxtSWWU05plU2UHOAOVLvLtMnm1MgGuoLpwV+xhgxgkQNxw297O7B+BsVaX0IoF7
ecYspR4Abi6ftPzvjwMKL3+0LUG2oazFk+3l+8tkVMIB406puyZZsOaHgd1jWFWU
yKk+CqWGykbY6AAMp5uQeeppipp+c+eMTC5fPagAulz6dJ3bNJUW+4WNZuRTDZye
S2zv+y9S3oNtINd4zyTwLpu/t8TgxVa6m8yjxDZAH5YV1ATBGzUZMoxA/4/JFUAd
JcTlPllhc7+ZphR4RYAGZjvP5BXDGCr8uyNETjhwzdaUM4l6N1TRbA8AXrxoOu55
/dlT3S6IO0Za03EjQmn3u73DVLEZ3KQTn36ax40GgixshsrF8Mc7jG+HZjAmpZEA
Rlg34YqomIJedJobdspUwe+uCvXsUB2/yknt1E3U4LTK8cgd14r4PMiH62MVi0Zx
H1zaabpcHo/C+S8ot+nfjnhW6q4695cUGxHYhpRS78lay49ZR9aazDOid3+QVIRZ
7qz+lgbDZKg=
=BQ8w
-END PGP SIGNATURE-

Status of pkg_add -u?

[Will H. Backman]

How functional and safe is pkg_add -u at this point?

Also, I just wanted to say thanks for the hard work on the pkg_* tools.
They just keep getting better.
--
Will Backman - Network Administrator
Coastal Enterprises, Inc.
http://www.ceimaine.org

Re: dynamically linked suid binaries - Request for enlightment

[Otto Moerbeek]

On Fri, 10 Feb 2006, Tilo Stritzky wrote:

 Hi list,
 
 while doing some reading on secure software development 
 (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
 I came across the advice always link your priviliged binaries
 statically.
 
 However a quick check on my system revealed me almost all suid/sgid
 programs being dynamically linked (the two exceptions traceroute/traceroute6
 startle me even more).
 
 Since the advice makes sense to me (it keeps some rather
 complicated machinery out of delicate matters)
 I'm wondering why it is not followed on OpenBSD.
 
 Are there other ways to simply 'do this right'?
 
 I would apreciate any pointers for further reading on that matter.

Read man ld.so. The dynamic linker has special provisions to handle
s/guid programs.  

-Otto

Re: syslogd question

[eric]

On Fri, 2006-02-10 at 10:46:02 -0600, [EMAIL PROTECTED] proclaimed...

 I am setting up an openbsd box to be the catcher for a couple of AIX boxes
 to pitch their log files to.  Using the standard syslogd, I am wondering
 if I can set it up so that each of the AIX boxes gets its own log file on
 the openbsd box.  Something like /var/log/aix1.log and /var/log/aix2.log.

Sure, check out the man page for syslogd.conf(5).

Re: syslogd question

[Nils.Reuvers]

You could setup different facilities on the separate AIX boxes (local1,
local2, local3, etc..)

Then on your openbsd box add the following line to your syslogd.conf

#AIX box 1
local1.*/var/log/aix1.log

#AIX box 2
local2.*/var/log/aix2.log

Don't forget to update the syslogd entry in rc.conf. You must enable the
-u option.

Nils

-Original Message-
From: eric [mailto:[EMAIL PROTECTED] 
Sent: vrijdag 10 februari 2006 19:54
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: syslogd question

On Fri, 2006-02-10 at 10:46:02 -0600, [EMAIL PROTECTED] proclaimed...

 I am setting up an openbsd box to be the catcher for a couple of AIX 
 boxes to pitch their log files to.  Using the standard syslogd, I am 
 wondering if I can set it up so that each of the AIX boxes gets its 
 own log file on the openbsd box.  Something like /var/log/aix1.log and
/var/log/aix2.log.

Sure, check out the man page for syslogd.conf(5).



=
A disclaimer applies to this email and any attachments. 
Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this 
disclaimer.

Re: Status of pkg_add -u?

[Marc Espie]

On Fri, Feb 10, 2006 at 01:18:58PM -0500, Will H. Backman wrote:
 How functional and safe is pkg_add -u at this point?

it is safe.

Functionality depends a lot on the reliability of your package feed,
e.g., if you use a ftp server that is likely to not let you in part of
the time, pkg_add -u will get lost easily.

Re: syslogd question

[jabbott]

On Fri, 10 Feb 2006, eric wrote:

 On Fri, 2006-02-10 at 10:46:02 -0600, [EMAIL PROTECTED] proclaimed...
 
  I am setting up an openbsd box to be the catcher for a couple of AIX boxes
  to pitch their log files to.  Using the standard syslogd, I am wondering
  if I can set it up so that each of the AIX boxes gets its own log file on
  the openbsd box.  Something like /var/log/aix1.log and /var/log/aix2.log.
 
 Sure, check out the man page for syslogd.conf(5).
 

Um, maybe I am missing something but on my box, and the openbsd site there is 
no syslogd.conf man page.  There is a man 5 syslog.conf page and I have read 
it.  Didn't see anything that would apply to this question at all.  I also read 
man 8 syslogd and looked at the -a flag, wondering if that is where I want to 
be.  Is a logging socket the same as a log file?  And even if it is, I don't 
know how I would name the file -- unless it is like snort and uses the ip 
address.

--ja   

-- 

Re: OT: wrt OpenBSD, what's a good laptop

[Stefek Zaba]

The Thinkpads do have a good reputation for xBSD, and I picked up a good 
condition T30 which runs both NetBSD and OpenBSD without major drama, from a 
UK corporate left-over outfit called ITClear - www.itclear.co.uk. They were 
very helpful when the battery didn't charge as it should - sent a second one 
FoC, though it turned out to be a hardware fault which IBM fixed (*well* 
worth getting one with a bit of the manufacturer's warranty still left to run!)


HTH - Stefek

Re: syslogd question

[Stuart Henderson]

On 2006/02/10 10:46, [EMAIL PROTECTED] wrote:
 Or, would it just be easier to throw everything into one file and
 user perl to split out the two logs?

FreeBSD has this, it works in a similar way to the per-program
selectors, I don't know how much work it would be to port across.

grep is another option, of course - even easier than Perl...

Re: syslogd question

[Peter]

--- [EMAIL PROTECTED] wrote:

 On Fri, 10 Feb 2006, eric wrote:
 
  On Fri, 2006-02-10 at 10:46:02 -0600, [EMAIL PROTECTED]
 proclaimed...
  
   I am setting up an openbsd box to be the catcher for a couple of AIX
 boxes
   to pitch their log files to.  Using the standard syslogd, I am
 wondering
   if I can set it up so that each of the AIX boxes gets its own log
 file on
   the openbsd box.  Something like /var/log/aix1.log and
 /var/log/aix2.log.
  
  Sure, check out the man page for syslogd.conf(5).
  
 
 Um, maybe I am missing something but on my box, and the openbsd site
 there is no syslogd.conf man page.  There is a man 5 syslog.conf page
 and I have read it.  Didn't see anything that would apply to this
 question at all.  I also read man 8 syslogd and looked at the -a flag,
 wondering if that is where I want to be.  Is a logging socket the same
 as a log file?  And even if it is, I don't know how I would name the
 file -- unless it is like snort and uses the ip address.

Sounds like you want to set up a remote logging server.  The OpenBSD man
page is surprisingly incomplete in this area so I'm redirecting you over
to the FreeBSD site.

http://www.freebsd.org/cgi/man.cgi?query=syslog.confapropos=0sektion=0manpath=FreeBSD+5.4-RELEASEformat=html

Look for the '+' and '@' signs.

But you could have googled yourself.

Re: Bonehead question...

[B.O.F.H.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Bizarrely enough it was an onboard Marvell/Broadcom from Asus, which
just happened to have the same MAC as a connector's SK-9521 (also
uses the Marvell/Broadcom chip) running in an HP server box.

Not sure if the SK had ever been flashed, but there it was with a
duplicate MAC.

I have to admit, I've heard the Internet legends about such things,
but always figured folks were full of hooey.  Now it's happened to me.

Live and learn I guess.

- --
Ed V.

My Go this amn keyboar oesn't have any 's.


Mike Gould wrote:
 I have to know, what were the two devices with the same MAC. Had they
 been reprogrammed or reflashed somehow?
 
 Mike
 
 
 B.O.F.H. wrote:
iQIVAwUBQ+0CbafRmhqF/IZAAQrm7g/7BiM5xJhAJ7cibBGOqHAsFxUI/LOrBfwd
tD4ceUgl4ffncYzDq0S36RVfX9hrMPulFn199or3nB5gFktrMF6gTwJKNqa7/KBH
o5vqiNGnYn5uOHx3oEm9y0efRvXKMXtRutDl9OElKD4Wp2JHD4kEXnPTjVZznqFG
OLPCBsosw7TQG2dUgqzxho7LTBOhQ5lbGuC47EYe8GuOxu2SKVvW+x4JUPyQQzhg
qA5aByz3AtZLpWDaWF6fUI5C7UzTKNz2H8no1xF6AeEEkp5LGVOkfkMDEmJNKKDW
8SC4uAXGF0yADhfO1v7CEBp7c8iB02S4InwTS3B/EPofOlHtL2yWakDASpABaMHp
4hGDLIqRt308L+XZi29Lzo29kokZ41k+yCuXYRqxS/9JPZjEatdStf3WiInVeDpV
wViWGL3Px4hZABDetZlXM1QU/6a3xHpEL9PDUN+skhnj1jTJKqFzOd/8YYLVdd4N
8YCCssAMv11NfStqaeIvlm4s+sYU9HrVhgBjQPHLtPQDd8ou9JmqeTkE9ZweDR7F
/ba/8HjqlDg22kjX2hvj5dMsdUIsPEJSIJew3MgdIzDv2u0OWQB4PNPZPe0do51S
GKzUfnmMCREMK8EouE1iOg4TIIA/3m+n5k01UZAoJ8ZkhsjtJrNpMku+4I1s8NPj
g65COpmQVug=
=QpPY
-END PGP SIGNATURE-

Re: syslogd question

[Craig Skinner]

On Fri, Feb 10, 2006 at 10:46:02AM -0600, [EMAIL PROTECTED] wrote:
 I am setting up an openbsd box to be the catcher for a couple of AIX boxes to 
 pitch their log files to.  Using the standard syslogd, I am wondering if I 
 can set it up so that each of the AIX boxes gets its own log file on the 
 openbsd box.  Something like /var/log/aix1.log and /var/log/aix2.log.
 
 Or, would it just be easier to throw everything into one file and user perl 
 to split out the two logs?
 
 I did a little googling around and found one page that looked like exactly my 
 answer but it was 404 and not in the google cache.
 
 

I work for an ISP and I think that the best way to handle this is not to
seperate by machine, but by service.

ie: we have a farm of a dozen webservers, another dozen smtp servers, a
bunch of imap servers, dns,..

When a customer needs help, say logging into on of the ftp servers, I
can tail the auth logs  grep for their username. They could hit anyone
of the boxes at a given time, so this way is the only practical
solution.

Also, if a dns zone is not being propagated, I can grep for the zone and
see what all of the servers are doing, with relevant time stamps.

If you need per machine, then just refine your grep.

Craig.

openBSD 3.8 window scaling problem: packets dropped on enc0?

[Christoph Leser]

scp from linux to linux via an ipsec tunnel between openBSD gateway and lancom 
1611+ router fails( hangs) if tcp window scaling is enabled.

This is my setup:

Redhat Linux ES3  --- dc0 openBSD IPSEC dc1  internet - lancom 
1611+ --- Redhat Linux ES4

RHES3 does  
  scp a.a host:/directory
ask for password, and then hangs, given the file is larger that about 
1300 bytes.

  tcpdump on openBSD dc0 and enc0 shows: 

  RHES3 sends SYN with wscale=0, receives SYN with wscale=3
  sends and receives some small packets during negotiation
sends a first full size packet, which I see on dc0, but not on enc0
and hangs, repeating this first packet.

This only happens, when RHES3 is copying data to RHES4.

If RHES3 is copying data from RHES4, it works, but very slow.

The problem can be worked around by setting net.ipv4.tcp_window_scaling=0 on 
RHES3, effectively disabling the window scale feature.

Is this a known problem? Or possibly caused by some sort of misconfiguration?

I will happily provide more details, tcpdumps etc. if you are interested.

I found that Stephen Hemminger claims on Linux World Expo Feb. 2005 that 
openBSD might fail to track state when  window scaling is in effect. See 
http://developer.osdl.org/shemminger/LWE2005_TCP.pdf . 

Re: syslogd question

[Martin Schröder]

On 2006-02-10 10:46:02 -0600, [EMAIL PROTECTED] wrote:
 I am setting up an openbsd box to be the catcher for a couple
 of AIX boxes to pitch their log files to.  Using the standard
 syslogd, I am wondering if I can set it up so that each of the
 AIX boxes gets its own log file on the openbsd box.  Something
 like /var/log/aix1.log and /var/log/aix2.log.

Use syslogng (it's in ports).

Best
Martin
-- 
http://www.tm.oneiros.de

Re: syslogd question

[Mitch Parker]

Craig,

I'm going to second this, even though I don't work at an ISP (however, I do
work with large amounts of syslog data).

If you want to keep things organized, it's better to keep the syslog files
organized by service.

When you've got data coming from a large amount of servers, you want to:

1.  Separate by service (ftp, ssh, mail, auth, etc.).
2.  Use any external processing systems sparingly, and test them heavily for
performance.
3.  Have your scripts separate the machines, if needed, by machine name.  Have
them process syslog data after it's received.

I'm using that setup and approach to handle data from approx. 20 commercial
UNIX machines and various network devices at one location, and 2 OpenBSD 3.8
boxes and a Windows Server 2003 machine at another.  It works very well.

Take care,

Mitch





-Original Message-
From: [EMAIL PROTECTED] on behalf of Craig Skinner
Sent: Fri 2/10/2006 4:45 PM
To: misc@openbsd.org
Subject: Re: syslogd question

On Fri, Feb 10, 2006 at 10:46:02AM -0600, [EMAIL PROTECTED] wrote:
 I am setting up an openbsd box to be the catcher for a couple of AIX boxes
to pitch their log files to.  Using the standard syslogd, I am wondering if I
can set it up so that each of the AIX boxes gets its own log file on the
openbsd box.  Something like /var/log/aix1.log and /var/log/aix2.log.

 Or, would it just be easier to throw everything into one file and user perl
to split out the two logs?

 I did a little googling around and found one page that looked like exactly
my answer but it was 404 and not in the google cache.



I work for an ISP and I think that the best way to handle this is not to
seperate by machine, but by service.

ie: we have a farm of a dozen webservers, another dozen smtp servers, a
bunch of imap servers, dns,..

When a customer needs help, say logging into on of the ftp servers, I
can tail the auth logs  grep for their username. They could hit anyone
of the boxes at a given time, so this way is the only practical
solution.

Also, if a dns zone is not being propagated, I can grep for the zone and
see what all of the servers are doing, with relevant time stamps.

If you need per machine, then just refine your grep.

Craig.

netgear ma521

[Moritz Lutz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi there,
i got an problem here. I got an old laptop 100mhz 10,4. So there is  
no internal network
interface so i want to run an wireless lan card in it (cardbus). But  
i don't get it work. I was
already reading the OpenBSD FAQ but no effect if i plugged in the  
card i got this error


as output of dmesg :

cic_chip_socket_enable: status cpcic_wait_ready: ready never  
happened, status = 0c


maybe someone can help me with this or can give me a link with an  
detail installation.


P.S Sorry for my bad english : more you dont learn on german schools.

mfg eSpo
iD8DBQFD7UEbG9dcSNK/NL4RArQdAJ9Pg6qUJve7MHzurhckkaolOyd4QgCcDA2N
yWpuA5/0iVwl0yAjWPLNzD0=
=aFF1
-END PGP SIGNATURE-

Upgrading 3.6 to 3.8, and compiling -current

[Constantine A. Murenin]

Hello,

At a remote location, I have two boxes that are connected with each
other via a serial cable, and through a router to the internet.

One of the boxes is OpenBSD 3.6, and I'd like to upgrade it to 3.8,
and then compile -current (I want to play with the kernel alongside
sensors.h / lm(4)).

What's the best way to do it?

I guess, wget'ing the bsd.rd from ftp.openbsd.org mirror would be the
best installation media, but then upon reboot should I choose
'upgrade' and do 3.6 - 3.7, then repeat the procedure with 3.7 -
3.8, then cvsup and compile the -current from sources?  Or should I
'install' 3.8, then cvsup -current, and compile?

If I'll choose to install 3.8, then will I be able to leave my
partitioning scheme and contents of my custom partitions intact? Or
will I have to repartition the drive?


tvc:constant {172} df -h ; disklabel wd0 ; fdisk wd0
FilesystemSize   Used  Avail Capacity  Mounted on
/dev/wd0a 250M  35.5M   202M15%/
/dev/wd0p 3.0G   2.0K   2.8G 0%/backup2002
/dev/wd0n 2.0G   2.4M   1.9G 0%/home
/dev/wd0m 7.9G   2.0K   7.5G 0%/mozilla
/dev/wd0o39.4G   5.9G  31.5G16%/share
/dev/wd0d 250M   2.0K   238M 0%/tmp
/dev/wd0g 2.0G   773M   1.1G40%/usr
/dev/wd0h 250M   119M   118M50%/usr/X11R6
/dev/wd0i 3.9G   486M   3.3G13%/usr/local
/dev/wd0e 501M   6.0M   470M 1%/var
/dev/wd0f 501M   304K   476M 0%/var/log
/dev/wd0k1006M   546K   955M 0%/var/mail
/dev/wd0l 250M   2.0K   238M 0%/var/qmail
/dev/wd0j1006M   5.7M   950M 1%/var/www
# using MBR partition 0: type A6 off 63 (0x3f) size 134223012 (0x80014a4)
# /dev/rwd0c:
type: ESDI
disk: ESDI/IDE disk
label: HDS722580VLAT20
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 160836480
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offsetfstype   [fsize bsize   cpg]
  a:   524097   634.2BSD 2048 16384   328   # (Cyl.0*- 519)
  b:  2097648   524160  swap# (Cyl.  520 - 2600)
  c: 1608364800unused0 0# (Cyl.0 - 159559)
  d:   524160  26218084.2BSD 2048 16384   328   # (Cyl. 2601 - 3120)
  e:  1048320  31459684.2BSD 2048 16384   328   # (Cyl. 3121 - 4160)
  f:  1048320  41942884.2BSD 2048 16384   328   # (Cyl. 4161 - 5200)
  g:  4194288  52426084.2BSD 2048 16384   328   # (Cyl. 5201 - 9361)
  h:   524160  94368964.2BSD 2048 16384   328   # (Cyl. 9362 - 9881)
  i:  8388576  99610564.2BSD 2048 16384   328   # (Cyl. 9882 - 18203)
  j:  2097648 183496324.2BSD 2048 16384   328   # (Cyl. 18204 - 20284)
  k:  2097648 204472804.2BSD 2048 16384   328   # (Cyl. 20285 - 22365)
  l:   524160 225449284.2BSD 2048 16384   328   # (Cyl. 22366 - 22885)
  m: 16777152 230690884.2BSD 2048 16384   328   # (Cyl. 22886 - 39529)
  n:  4194288 398462404.2BSD 2048 16384   328   # (Cyl. 39530 - 43690)
  o: 83885760 440405284.2BSD 2048 16384   328   # (Cyl. 43691 - 126910)
  p:  6296787 1279262884.2BSD 2048 16384   328  # (Cyl. 126911
- 133157*)
Disk: wd0   geometry: 10011/255/63 [160826715 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

*0: A60   1  1 - 8354 254 63 [  63:   134223012 ] OpenBSD
 1: 000   0  0 -0   0  0 [   0:   0 ] unused
 2: 000   0  0 -0   0  0 [   0:   0 ] unused
 3: 000   0  0 -0   0  0 [   0:   0 ] unused
tvc:constant {173}



P.S. Is the upgrade really that simple and straightforward on OpenBSD
as it seems to be? :-)

P.P.S. BTW, as you can see I have some free disc space left... Is it
possible to install two versions of OpenBSD on separate slices of one
HDD and multiboot them? Or better and simpler just do the upgrade? :-)

Thanks,
Constantine.

installing with no floppy and no CD, only an ethernet connection

[Julesg]

I want to put up 3.8 on my laptop.

Can I download and run a DOS or Windoz pgm?

I don't think I'm up to a PXE install.,  (It's the TCP scripting that frightens 
me.)

--jg

Re: Upgrading 3.6 to 3.8, and compiling -current

[Stuart Henderson]

On 2006/02/11 02:43, Constantine A. Murenin wrote:
 One of the boxes is OpenBSD 3.6, and I'd like to upgrade it to 3.8,
 and then compile -current (I want to play with the kernel alongside
 sensors.h / lm(4)).

3.8 - current/3.9-beta requires tedious and unnecessary steps.

don't bother, install a snapshot. bsd.rd or tar xzpf should do
nicely (see openbsd.org upgrade guide and 'following -current' for
details - some parts of 'following -current' refer to compiler
changes which you don't need to worry about if you install object
code rather than upgrade from source).

 If I'll choose to install 3.8, then will I be able to leave my
 partitioning scheme and contents of my custom partitions intact? Or
 will I have to repartition the drive?

should be fine intact - you have plenty of space on /usr for the
libs which are now larger since they have debugging information
(and very useful it is too). if you were tighter on space (mainly
in /usr), you would want to make sure softdep is off while you
upgrade.

 P.S. Is the upgrade really that simple and straightforward on OpenBSD
 as it seems to be? :-)

yes, pretty much.

 P.P.S. BTW, as you can see I have some free disc space left... Is it
 possible to install two versions of OpenBSD on separate slices of one
 HDD and multiboot them? Or better and simpler just do the upgrade? :-)

upgrade is probably simpler.

Re: Upgrading 3.6 to 3.8, and compiling -current

[Nick Guenther]

I'm hardly an expert so I hope you get some other opinions but here
are my thoughts:

On 2/10/06, Constantine A. Murenin [EMAIL PROTECTED] wrote:
 At a remote location, I have two boxes that are connected with each
 other via a serial cable, and through a router to the internet.

 One of the boxes is OpenBSD 3.6, and I'd like to upgrade it to 3.8,
 and then compile -current (I want to play with the kernel alongside
 sensors.h / lm(4)).

 What's the best way to do it?

 I guess, wget'ing the bsd.rd from ftp.openbsd.org mirror would be the
 best installation media, but then upon reboot should I choose
 'upgrade' and do 3.6 - 3.7, then repeat the procedure with 3.7 -
 3.8, then cvsup and compile the -current from sources?  Or should I
 'install' 3.8, then cvsup -current, and compile?


The FAQ somewhere suggests of course, starting with a fresh install
is always best.

 If I'll choose to install 3.8, then will I be able to leave my
 partitioning scheme and contents of my custom partitions intact? Or
 will I have to repartition the drive?

The install script does run fdisk and disklabel but there's no reason
you can't simply quit both immediately without making changes. All
installing consists of is untarring the various install sets,
writing some /etc/*.conf files with info from the user, using MAKEDEV
to make various device nodes (not that I really understand what that
means) and--oh--running newfs. I guess it would kill your partitions
then. Probably upgrading is your best bet then, and I'm pretty sure
you can go 3.6-3.8 immediately. Perhaps you could install by hand if
all else fails?


 tvc:constant {172} df -h ; disklabel wd0 ; fdisk wd0
 FilesystemSize   Used  Avail Capacity  Mounted on
...
 /dev/wd0m 7.9G   2.0K   7.5G 0%/mozilla

You have an entire partition for mozilla? I'm curious why (I'm
somewhat a newbie, I like enlightenment).

...
 P.S. Is the upgrade really that simple and straightforward on OpenBSD
 as it seems to be? :-)

Yes.

 P.P.S. BTW, as you can see I have some free disc space left... Is it
 possible to install two versions of OpenBSD on separate slices of one
 HDD and multiboot them? Or better and simpler just do the upgrade? :-)


Of course it's possible to multiboot them, so long as they live on
separate MBR partitions. Then just use
$sudo fdisk -e wd0
flag n #n is 0 or 1, the partition you want to boot from
to switch between each.
But reallly... it's simpler to upgrade.

-Kousu

Re: netgear ma521

[Jonathan Gray]

On Sat, Feb 11, 2006 at 02:42:42AM +0100, Moritz Lutz wrote:
 Hi there,
 i got an problem here. I got an old laptop 100mhz 10,4. So there is  
 no internal network
 interface so i want to run an wireless lan card in it (cardbus). But  
 i don't get it work. I was
 already reading the OpenBSD FAQ but no effect if i plugged in the  
 card i got this error
 
 as output of dmesg :
 
 cic_chip_socket_enable: status cpcic_wait_ready: ready never  
 happened, status = 0c
 
 maybe someone can help me with this or can give me a link with an  
 detail installation.

Sounds like the laptop is too old to support 32 bit CardBus cards.

Provide a full dmesg in future, but what you want to look for
is the presence of cbb(4) in your dmesg.

You might have some luck aquiring an old prism card off ebay,
look for a card without the golden bar on the end, those
are 16bit PCMCIA cards which should work fine.

Re: installing with no floppy and no CD, only an ethernet connection

[Nick Holland]

Julesg wrote:

I want to put up 3.8 on my laptop.

Can I download and run a DOS or Windoz pgm?


you can download lots of DOS and Windows programs.  Few will help you 
with this task, however. :)



I don't think I'm up to a PXE install.,  (It's the TCP scripting that frightens 
me.)


What TCP scripting?  Set up a DHCP server, a TFTP server.  Pretty easy. 
 There's a nice little FAQ entry about it, even.  Kinda cool to watch a 
machine boot nothing :)


If you really don't have a floppy and a CDROM and don't want to do a PXE 
boot, you are pretty well eliminating most of the standard install 
processes.  About all that is left is pull the hard disk out, get an 
adapter to attach to another machine (either via IDE port or via 
USB...picked up a really slick one for $20 recently), install on another 
machine, replace in your laptop, reconfigure the network appropriately.


'course, you could probably get/borrow a USB floppy drive or CDROM drive 
as well.  But taking apart laptops is fun!  (it is the reassembly that 
causes hair loss)


Nick.

missing network driver

[mdcalvi]

I tried to upgrade an old server with 3.8 via a floppy.  It was running 3.7 
with a DB and web server previously.

During the upgrade, it did not detect the NIC.  As it was a test server, I 
tried a re-install rather than an upgrade...same thing.

The 3.7 install disk works so I know it is not a problem with the card or the 
floppy.  I tried pulling the floppy38.fs several times and running a dd to put 
the a couple of known good floppies all with the same results.

Below is the dmesg from the 3.7 server after the rebuild.
Any help would be appreciated.

Thanks, 
Mike Calvi

OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 267 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 670658560 (654940K)
avail mem = 604454912 (590288K)
using 4278 buffers containing 33636352 bytes (32848K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(70) BIOS, date 03/03/00, BIOS32 rev. 0 @ 0xf0530
apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdb2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0d20/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:04:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x5000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage Pro rev 0x5c
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 4 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: IBM-DHEA-38451
wd0: 16-sector PIO, LBA, 8063MB, 16514064 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd1 at pciide0 channel 1 drive 0: WDC WD600BB-32CCB0
wd1: 16-sector PIO, LBA, 57241MB, 117231408 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 Intel 82371AB USB rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 4 function 3 not configured
ahc1 at pci0 dev 6 function 0 Adaptec AIC-7890/1 U2 rev 0x00: irq 11
scsibus0 at ahc1: 16 targets
cd0 at scsibus0 targ 4 lun 0: YAMAHA, CRW4416S, 1.0g SCSI2 5/cdrom removable
tx0 at pci0 dev 9 function 0 SMC 83C170 (EPIC/100) rev 0x06: irq 11 address 
00:e0:29:09:3d:42
qsphy0 at tx0 phy 3: QS6612 10/100 PHY, rev. 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83781D
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef65 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
dkcsum: wd1 matched BIOS disk 81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Re: missing network driver

[Nick Holland]

[EMAIL PROTECTED] wrote:
 I tried to upgrade an old server with 3.8 via a floppy.  It was
 running 3.7 with a DB and web server previously.
 
 During the upgrade, it did not detect the NIC.  As it was a test
 server, I tried a re-install rather than an upgrade...same thing.
 
 The 3.7 install disk works so I know it is not a problem with the
 card or the floppy.  I tried pulling the floppy38.fs several times
 and running a dd to put the a couple of known good floppies all with
 the same results.
...

 OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
...
 tx0 at pci0 dev 9 function 0 SMC 83C170 (EPIC/100) rev 0x06: irq 11 address 
 00:e0:29:09:3d:42
 qsphy0 at tx0 phy 3: QS6612 10/100 PHY, rev. 1

Apparently, the tx driver was replaced for 3.8, and got a new name: epic(4).

The epic(4) driver appears to be in floppy38.fs, bsd.rd and GENERIC.  It
is not in the B or C floppies.

If the the floppy38.fs or bsd.rd are not working properly for you, boot
from either, mount a disk partition, drop a dmesg to that partition,
then boot normally to show us what you are getting on 3.8.

If you try to do a normal upgrade, you will probably have some
difficulties due to the change in the driver name (you might be able to
fix that by copying your hostname.tx0 to hostname.epic0 before the
upgrade media is booted), however a normal install should work fine
(assuming you use the right boot disk).

Regardless...I'd recommend bsd.rd over a boot floppy...

Nick.

Fetching a remote ssh port

[Austin Hook]

I wanted to fetch a remote ssh port into my home computer which is behind
the cable modem and the NAT that the cable system is doing on the address
it's DHCP gave out to me.  That way I could, from any third location, say
from my laptop on the road, ssh into my home computer through the tunnel
that ssh establishes.

I was successful in doing this under the circumstances where I assigned a
spare IP address as a second alias to the machine where I wanted to
establish the remote open end of the tunnel.

First I modified the /etc/ssh/sshd_config in the remote computer so that I
had the parameter:

GatewayPorts clientspecified

instead of the default which is no.

Then I issued a

ssh -R aliasIPaddress:22:localhost:22 [EMAIL PROTECTED]

and left it running.


Then I signed into a third site and did a

ssh [EMAIL PROTECTED]

and after giving my password at my home computer everything worked great.
I could see that as soon as I listed the contents of my home directory, I
was in the home computer rather than the one at the remote site.  That
way I would be able to initiate a connection into my home computer even
though it was behind a NAT.

Now the aliasIPaddress binding is supposed to be optional, and I thought
that instead of using up a IP address at the remote site, it would be nice
to just set up listening on, say, port 435 for ssh and just forward that
particular port to the home machine.

Accordingly I set up listening on two ssh ports in the sshd_config of the
remote machine.

Port 22
Port 435

and I changed the other parameter to:

gatewayPorts yes


Which means, to my understanding, that a forwarded port on any address
would be allowed.

Then I tried:

ssh -R 435:localhost:22 [EMAIL PROTECTED]

The ssh above did connect, but I saw an error message (approx:) remote
port forwarding failed.   And attempts to connect from a third (outside)
site like:

ssh -p 435 [EMAIL PROTECTED]

half worked, but left me at the remote site -- in other words the port
forwarding didn't work, as anticipated by the error message in trying to
set up the tunnel.

All three sites are Intel.  The remoteIP is OpenBSD3.8 and the home
machine is 3.7.

Before I dig into every possible bit of ssh history, configuration and
software setups, it there anyone out there successfully using port
fetching (with -R, as opposed to port forwarding with -L) who could discuss
it a bit with me?

Thanks,

Austin

Re: Fetching a remote ssh port

[Darren Tucker]

On Fri, Feb 10, 2006 at 11:56:37PM -0700, Austin Hook wrote:
 I wanted to fetch a remote ssh port into my home computer which is behind
 the cable modem and the NAT that the cable system is doing on the address
 it's DHCP gave out to me.  That way I could, from any third location, say
 from my laptop on the road, ssh into my home computer through the tunnel
 that ssh establishes.
 
 I was successful in doing this under the circumstances where I assigned a
 spare IP address as a second alias to the machine where I wanted to
 establish the remote open end of the tunnel.
 
 First I modified the /etc/ssh/sshd_config in the remote computer so that I
 had the parameter:
 
 GatewayPorts clientspecified
 
 instead of the default which is no.
 
 Then I issued a
 
 ssh -R aliasIPaddress:22:localhost:22 [EMAIL PROTECTED]

Instead of using an IP alias, you can just do:
$ ssh -R '*::localhost:22' [EMAIL PROTECTED]
and as long as you use an uprivileged port then you won't need root.

 Now the aliasIPaddress binding is supposed to be optional, and I thought
 that instead of using up a IP address at the remote site, it would be nice
 to just set up listening on, say, port 435 for ssh and just forward that
 particular port to the home machine.
 
 Accordingly I set up listening on two ssh ports in the sshd_config of the
 remote machine.

By remote machine do you mean the intermediate machine?  You don't
need to do this.

[...]
 ssh -R 435:localhost:22 [EMAIL PROTECTED]

You don't need the port numbers on both ends of the forward to match
what the sshd is configured for.

 The ssh above did connect, but I saw an error message (approx:) remote
 port forwarding failed.   And attempts to connect from a third (outside)
 site like:

That failed because sshd is already listening on port 435.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.