Re: Scrotwm does not play nice with some apps
On Wed, Apr 15, 2009 at 00:46, Edd Barrett wrote: > Hi, > > On Tue, Apr 14, 2009 at 8:42 PM, Bryan wrote: >> I've had some issues with a few apps that work in fluxbox, but refuse >> to work in scrotwm. > > I have seen the same with some apps also. > >> >> The other issue is with mplayer GUI, gmplayer. B Attempting to start it >> in scrotwm shows the control box, and the movie box, then gmplayer >> crashes with "Mplayer interrrupted by signal 11 in module: unknown >> -Mplayer crashed by bad usage of CPU/FPU/RAM" B Again, this doesn't >> happen in fluxbox. > > Known bug. > >> >> I love scrotwm, and while the gmplayer issue isn't a big deal, the >> fact that the same java app can function in one desktop, and not in >> another was odd enough for me to ask if someone has had this issue in >> the past. > > Thats a java bug, see the port named "wmname". > > By the way, this probably should have gone on misc@ Okay, I built and installed wmname from ports. I went in and started maptools, and on the first try, it works... YAY!!! Shutdown Maptools, and re-started it, gray screen... boo... I am assuming that it is an applications issue. I can reproduce it on my laptop as well, and it has an intel graphics card. The box I'm trying it on right now has nVidia under the hood (yes, I know, I messed up). I only use this once a week, so switching to Fluxbox is a minor, minor inconvenience...
Re: ACPI on VIA iDot 3500
On Tue, 14 Apr 2009 10:49:10 -0600 Theo de Raadt
wrote:
> > So I've recently installed 4.4 on a new via idot pc3500-g
> > motherboard, which is all great, but I note that ACPI isn't
> > working. Is there anything helpful I can contribute to getting it
> > working on this system?
> >
> > Or do dmesg notes like 'pcibios0: bad IRQ table checksum' suggest
> > that the system is pretty much braindead? I've included a dmesg
> > below, but no acpidump, given how big it is.
> >
> > Once again, thanks in advance...
> >
> > - Ruan
> >
> > OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
> > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51
> > GHz cpu0:
> > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3
> > cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 1005023232 (958MB)
> > avail mem = 963248128 (918MB)
> > mainbus0 at root
> > bios0 at mainbus0: AT/286+ BIOS, date 10/13/08, BIOS32 rev. 0 @
> > 0xf9a60, SMBIOS rev. 2.4 @ 0xf (31 entries)
> > bios0: vendor Phoenix Technologies, LTD version "FDd" date
> > 10/13/2008 bios0: PC1 PC3500G
> > apm0 at bios0: Power Management spec V1.2 (slowidle)
> > apm0: AC on, battery charge unknown
>
> There is a heuristic which selects apm on some machines instead of
> acpi. A few machines unfortunately fall into this set
> unintentionally, but there is nothing we can do about it at this time.
>
The fact you guys were able to even develop a heuristic to do a
reasonable job guessing between apm and acpi (mutex) is by itself
amazing. Doing the required poking and probing without a lot of
poorly built systems (many) croaking is even more amazing.
Ruan, you might want to note, the heuristic/mutex Theo mentioned is
available in -current 4.5 snapshots, but you're only running 4.4.
If you want to test out the the new heuristics stuff, you'll need to
grab the latest snapshot from ftp and install it.
--
J.C. Roberts
Re: make build fails
On Wed, Apr 15, 2009 at 02:16:59AM +0100, Richie wrote: > Hello all, > in make build i have this error: > > (a lot of output) > pack.so pp_sort.so|tsort -q` > cd /usr/src/gnu/usr.bin/perl/obj && exec make > "makefile", line 952: Need an operator > ... [snip] > ... someone have a clue about it ? Clue? First a guess: Either you are attempting to build -current starting with -release, or, you are updating -current after some months. Why this guess? All of the perl changes listed in the Following -current FAQ. If my guess is correct, start with that document, and follow the instructions therein.
make build fails
Hello all, in make build i have this error: (a lot of output) pack.so pp_sort.so|tsort -q` cd /usr/src/gnu/usr.bin/perl/obj && exec make "makefile", line 952: Need an operator "makefile", line 953: Need an operator "makefile", line 956: Need an operator "makefile", line 957: Need an operator "makefile", line 958: Need an operator Fatal errors encountered -- cannot continue *** Error code 1 Stop in /usr/src/gnu/usr.bin/perl (line 73 of /usr/src/gnu/usr.bin/perl/Makefile.bsd-wrapper). *** Error code 1 Stop in /usr/src/gnu/usr.bin (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src/gnu (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src (line 73 of Makefile). # someone have a clue about it ? Tks a lot
Re: Scrotwm does not play nice with some apps
Hi, On Tue, Apr 14, 2009 at 8:42 PM, Bryan wrote: > I've had some issues with a few apps that work in fluxbox, but refuse > to work in scrotwm. I have seen the same with some apps also. > > The other issue is with mplayer GUI, gmplayer. B Attempting to start it > in scrotwm shows the control box, and the movie box, then gmplayer > crashes with "Mplayer interrrupted by signal 11 in module: unknown > -Mplayer crashed by bad usage of CPU/FPU/RAM" B Again, this doesn't > happen in fluxbox. Known bug. > > I love scrotwm, and while the gmplayer issue isn't a big deal, the > fact that the same java app can function in one desktop, and not in > another was odd enough for me to ask if someone has had this issue in > the past. Thats a java bug, see the port named "wmname". By the way, this probably should have gone on misc@ -- Best Regards Edd Barrett (Freelance software developer / technical writer / open-source developer) http://students.dec.bournemouth.ac.uk/ebarrett
Re: error : pkg add phpMyAdmin
On Wed, Apr 15, 2009 at 12:24 AM, Jean-Francois wrote: > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: session_start() [ href='function.session-start'>function.session-start]: > open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission > denied (13) in /phpMyAdmin/libraries/session.inc.php on line 87 > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: > open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission > denied (13) in Unknown on line 0 > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: Failed to write > session data (files). Please verify that the current setting of > session.save_path is correct () in Unknown on line 0 > > I made the sym link as stated - did I miss something ? Man, have you at least looked at the output of pkg_add?!? The error message is pretty clear... $ pkg_info -M php5-core [...] "Don't forget that the default OpenBSD httpd is chrooted into /var/www by default, so you may need to create support directories such as /var/www/tmp for PHP to work correctly." -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
Re: error : pkg add phpMyAdmin
On Wed, 15 Apr 2009, Jean-Francois wrote: > It looks like right after installing there is a problem : > > at http:///phpMyAdmin/index.php : a red line with > "phpMyAdmin - Erreur" > "Erreur lors du do?=marrage de la session, veuillez vo?=rifier les erreurs > indiquo?=es par PHP ou dans le fichier to?=moin du serveur web, et configurer > PHP > correctement." > > Then from apache error log : > > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: session_start() [ href='function.session-start'>function.session-start]: > open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission > denied (13) in /phpMyAdmin/libraries/session.inc.php on line 87 > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: > open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission > denied (13) in Unknown on line 0 > [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: Failed to write > session data (files). Please verify that the current setting of > session.save_path is correct () in Unknown on line 0 > > I made the sym link as stated - did I miss something ? > What are basic tests to find the root ? > any idea ? You need to give write permissions to your webserver on the /var/www/tmp directory. -- Antoine
Re: error : pkg add phpMyAdmin
It looks like right after installing there is a problem : at http:///phpMyAdmin/index.php : a red line with "phpMyAdmin - Erreur" "Erreur lors du do?=marrage de la session, veuillez vo?=rifier les erreurs indiquo?=es par PHP ou dans le fichier to?=moin du serveur web, et configurer PHP correctement." Then from apache error log : [Wed Apr 15 00:17:04 2009] [error] PHP Warning: session_start() [function.session-start]: open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission denied (13) in /phpMyAdmin/libraries/session.inc.php on line 87 [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: open(/tmp//sess_kt447gtf9i2qj3f74b3jve2abdf8fgi8, O_RDWR) failed: Permission denied (13) in Unknown on line 0 [Wed Apr 15 00:17:04 2009] [error] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 I made the sym link as stated - did I miss something ? What are basic tests to find the root ? any idea ? Thank you. Le mardi 14 avril 2009 23:54:50, vous avez C)crit : > Thanks for that hint, it helped. > > Rgs, > JF > > Le mardi 14 avril 2009 23:29:51 Matthew Clarke, vous avez C)crit : > > Tue, Apr 14, 2009 at 06:14:35PM +0200, Jean-Francois may have written: > > > Hello, > > > Can you please help me with this : > > > > > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > > > Can't install php5-gd-5.2.6: lib not found X11.11.1 > > > > phpMyAdmin needs php5 and the php5 GD extension. There are two versions > > of that extension, one that needs X libraries and one that doesn't. By > > default, pkg_add is picking the one that needs those libraries. > > > > > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > > > t1lib-5.1.0p1, png-1.2.28 > > > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > > > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > > > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > > > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > > > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > > > > > FYI box is 4.4 fresh install, i386, working as a server, so graphic > > > support. > > > > I'll assume here you meant "no graphic support", and by that you mean > > that you did not install the X sets. Since pkg_add picked the GD > > extension package that needs X libraries, you get the error. > > > > Use: > > > > $ sudo pkg_add -i phpMyAdmin > > > > and pkg_add will recognize that there are two versions of the php5 GD > > extension package available and ask you which one to install. Use the > > one whose name includes "no_x11". > > > > Alternatively, you can install package php5-gd-5.2.6-no_x11.tgz manually > > first, then install phpMyAdmin. > > > > Matt.
Re: error : pkg add phpMyAdmin
Thanks for that hint, it helped. Rgs, JF Le mardi 14 avril 2009 23:29:51 Matthew Clarke, vous avez icrit : > Tue, Apr 14, 2009 at 06:14:35PM +0200, Jean-Francois may have written: > > Hello, > > Can you please help me with this : > > > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > > Can't install php5-gd-5.2.6: lib not found X11.11.1 > > phpMyAdmin needs php5 and the php5 GD extension. There are two versions > of that extension, one that needs X libraries and one that doesn't. By > default, pkg_add is picking the one that needs those libraries. > > > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > > t1lib-5.1.0p1, png-1.2.28 > > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > > > FYI box is 4.4 fresh install, i386, working as a server, so graphic > > support. > > I'll assume here you meant "no graphic support", and by that you mean that > you did not install the X sets. Since pkg_add picked the GD extension > package that needs X libraries, you get the error. > > Use: > > $ sudo pkg_add -i phpMyAdmin > > and pkg_add will recognize that there are two versions of the php5 GD > extension package available and ask you which one to install. Use the one > whose name includes "no_x11". > > Alternatively, you can install package php5-gd-5.2.6-no_x11.tgz manually > first, then install phpMyAdmin. > > Matt.
Re: Easiest Way to Encrypt /home
On Tue, Apr 14, 2009 at 01:51:59PM -0700, new_guy wrote: > I've begun using OpenBSD on portable computers/laptops. I want to guard > against theft. I can't stand the thought of some crook pawing my laptop and > someone looking over my personal files... pictures of my family, my taxes, > etc... it keeps me awake at night. > > I set the option to configure swap in sysctl.conf and I'd like to now > encrypt /home (where I keep all of my personal files). I've googled, but > nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the > original one). I can reinstall and re-partition if necessary, but I'd rather > not compile a custom kernel... any tips? no need for custom kernel, read mount_vnd(8). you can also run this script at boot to mount your /home after getting correct password from user: #!/bin/sh # mount crypto partition COUNTER=0 MAX_TRIES=3 SALT=/crypto/home.slt IMG=/crypto/home.img ROUNDS=2 MOUNT_PNT=/home DISK=svnd0 PART=c MOUNT_OPTS="rw,nodev,nosuid,softdep" if [ ! -f $IMG -o ! -f $SALT ]; then echo "[-] $IMG or $SALT not found" exit fi #echo while [ $COUNTER -lt $MAX_TRIES ] do sleep $(($COUNTER*2)) echo "[+] Mounting $MOUNT_PNT" /sbin/vnconfig -K $ROUNDS -S $SALT $DISK $IMG /sbin/fsck -y /dev/$DISK$PART /sbin/mount -o $MOUNT_OPTS /dev/$DISK$PART $MOUNT_PNT if [ $? != 0 ] ; then /sbin/vnconfig -u $DISK COUNTER=$(($COUNTER+1)) else echo "[+] Success." exit#normal exit point fi done echo "[-] Failure."
Re: error : pkg add phpMyAdmin
Tue, Apr 14, 2009 at 06:14:35PM +0200, Jean-Francois may have written: > > Hello, > Can you please help me with this : > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > Can't install php5-gd-5.2.6: lib not found X11.11.1 phpMyAdmin needs php5 and the php5 GD extension. There are two versions of that extension, one that needs X libraries and one that doesn't. By default, pkg_add is picking the one that needs those libraries. > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > t1lib-5.1.0p1, png-1.2.28 > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > FYI box is 4.4 fresh install, i386, working as a server, so graphic support. I'll assume here you meant "no graphic support", and by that you mean that you did not install the X sets. Since pkg_add picked the GD extension package that needs X libraries, you get the error. Use: $ sudo pkg_add -i phpMyAdmin and pkg_add will recognize that there are two versions of the php5 GD extension package available and ask you which one to install. Use the one whose name includes "no_x11". Alternatively, you can install package php5-gd-5.2.6-no_x11.tgz manually first, then install phpMyAdmin. Matt. -- "With your own code to haunt you, who needs users?" -- Maarten Wiltink
Re: Recommendations on a daily script to check syslog (or other) server security
On 2009-04-14, LeRoy, Ted wrote:
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
you might be interested to check out the "# send log file notifications,
if necessary" in root's crontab.
there are a few things in ports for log analysis too. for example,
sec and swatch.
Re: error : pkg add phpMyAdmin
On 2009-04-14, Jean-Francois wrote: > Hello, > Can you please help me with this : > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > Can't install php5-gd-5.2.6: lib not found X11.11.1 > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > t1lib-5.1.0p1, png-1.2.28 > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > FYI box is 4.4 fresh install, i386, working as a server, so graphic support. > > Thanks. > J-F > > personally i'd just install xbase. but there is another possibility. there's also a php5-gd-...-no_x11, try "pkg_add -i php5-gd". i don't remember what the tradeoff is, probably something with font support (maybe it will make it suck, maybe it will totally break it, either way i don't know whether that's a problem for phpMyAdmin). we distribute freetype in the xbase tarball; it doesn't make sense to put it in base, but having to install ports to run X would be much less acceptable than having to install parts of X to run some ports.
Easiest Way to Encrypt /home
I've begun using OpenBSD on portable computers/laptops. I want to guard against theft. I can't stand the thought of some crook pawing my laptop and someone looking over my personal files... pictures of my family, my taxes, etc... it keeps me awake at night. I set the option to configure swap in sysctl.conf and I'd like to now encrypt /home (where I keep all of my personal files). I've googled, but nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the original one). I can reinstall and re-partition if necessary, but I'd rather not compile a custom kernel... any tips? -- View this message in context: http://www.nabble.com/Easiest-Way-to-Encrypt--home-tp23047778p23047778.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Recommendations on a daily script to check syslog (or other)server security
Ingo, Jean-Francois, Gilbert Fernandes, Ted Unangst, Cesary Morga, Joe
Gidi, and Matheus Weber da Conceicao, (hope I didn't miss anyone)
Thank you all for your patience and guidance. I'll look at apropos(1),
daily(8), and security(8) in the man pages and try to utilize them more.
Last was a cool command to learn.
Sincerely,
Ted
-Original Message-
From: Ingo Schwarze [mailto:schwa...@usta.de]
Sent: Tuesday, April 14, 2009 4:11 PM
To: LeRoy, Ted
Cc: misc@openbsd.org
Subject: Re: Recommendations on a daily script to check syslog (or
other)server security
Hi Ted,
LeRoy, Ted wrote on Tue, Apr 14, 2009 at 03:28:51PM -0400:
> I'm pretty new to OpenBSD and BSD in general,
In that case, welcome, but don't forget to read the fine manuals.
Have a look at apropos(1) in particular.
> but I have an OpenBSD Syslog server up and receiving data.
> I'd like to have the system be pretty secure, and I'd like to
> monitor its security via a simple script that runs daily.
Did you read daily(8) and security(8)?
Besides, OpenBSD is secure by default. Most people trying to
make it more secure will typically end up making it less secure.
Beginners will almost certainly rather break than improve security
when trying to tweak anything.
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
You could put part of this into /etc/daily.local,
but most of it does not look useful.
In particular, pay attention not to copy the contents of
files like /var/log/secure and /var/log/authlog into
world-readable files.
Besides, if you want a different logging layout, use
syslog.conf(5) and newsyslog(8) rather than cat(1).
But probably, you should first try to understand and get used
to the standard layout before tweaking it. Chances are, there
is no need for tweaking, and you will just screw it up.
> Can some of you BSD pro's out there recommend some additions or
changes
> or other things that should be checked to help ensure the system isn't
> compromised?
I'm working on improvements of daily/weekly/monthly right now.
Of course, i cannot promise that there will be any result - and
that the other developers will like it. Please be patient for
some days or weeks and stay tuned...
> Is there a way to see who has logged into the system over a given
period
> for example? Who only tells me who's logged in when the command is
run.
Did you look at "SEE ALSO" in who(1)?
Check out last(1) and /var/log/authlog.
> My sincere apologies if this isn't the right list for this query.
> Please direct me to the proper are if that's the case.
The list is right, but please try a bit harder to find answers
yourself before posting, using the manual, the FAQ on the OpenBSD
website and the mailing list archives.
Yours,
Ingo
Re: Recommendations on a daily script to check syslog (or other) server security
Hi Ted,
LeRoy, Ted wrote on Tue, Apr 14, 2009 at 03:28:51PM -0400:
> I'm pretty new to OpenBSD and BSD in general,
In that case, welcome, but don't forget to read the fine manuals.
Have a look at apropos(1) in particular.
> but I have an OpenBSD Syslog server up and receiving data.
> I'd like to have the system be pretty secure, and I'd like to
> monitor its security via a simple script that runs daily.
Did you read daily(8) and security(8)?
Besides, OpenBSD is secure by default. Most people trying to
make it more secure will typically end up making it less secure.
Beginners will almost certainly rather break than improve security
when trying to tweak anything.
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
You could put part of this into /etc/daily.local,
but most of it does not look useful.
In particular, pay attention not to copy the contents of
files like /var/log/secure and /var/log/authlog into
world-readable files.
Besides, if you want a different logging layout, use
syslog.conf(5) and newsyslog(8) rather than cat(1).
But probably, you should first try to understand and get used
to the standard layout before tweaking it. Chances are, there
is no need for tweaking, and you will just screw it up.
> Can some of you BSD pro's out there recommend some additions or changes
> or other things that should be checked to help ensure the system isn't
> compromised?
I'm working on improvements of daily/weekly/monthly right now.
Of course, i cannot promise that there will be any result - and
that the other developers will like it. Please be patient for
some days or weeks and stay tuned...
> Is there a way to see who has logged into the system over a given period
> for example? Who only tells me who's logged in when the command is run.
Did you look at "SEE ALSO" in who(1)?
Check out last(1) and /var/log/authlog.
> My sincere apologies if this isn't the right list for this query.
> Please direct me to the proper are if that's the case.
The list is right, but please try a bit harder to find answers
yourself before posting, using the manual, the FAQ on the OpenBSD
website and the mailing list archives.
Yours,
Ingo
Re: Recommendations on a daily script to check syslog (or other) server security
On Tue, Apr 14, 2009 at 3:28 PM, LeRoy, Ted wrote:
> Hello folks,
>
> I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
> Syslog server up and receiving data. I'd like to have the system be
> pretty secure, and I'd like to monitor its security via a simple script
> that runs daily.
>
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
>
> Can some of you BSD pro's out there recommend some additions or changes
> or other things that should be checked to help ensure the system isn't
> compromised?
Have you looked at /etc/daily?
> Is there a way to see who has logged into the system over a given period
> for example? Who only tells me who's logged in when the command is run.
last
fail to compile mod_perl 2.0.4 for Apache2
I'm trying to add mod_perl 2.0.4 compiled from source to an apache2 installation that's visible on a private network for testing. Installation is failing miserably at make test. as advised in the INSTALL file, I'm doing: perl Makefile.PL MP_APXS=/usr/local/sbin/apxs2 then sudo make && make test Here's an excerpt: In file included from Base64.xs:24: /home/test/packages/mod_perl-2.0.4/xs/modperl_xs_typedefs.h:67: error: syntax error before '*' token /home/test/packages/mod_perl-2.0.4/xs/modperl_xs_typedefs.h:67: warning: data definition has no type or storage class *** Error code 1 Stop in /home/test/packages/mod_perl-2.0.4/WrapXS/APR/Base64 (line 92 of /usr/share/mk/sys.mk). *** Error code 1 Stop in /home/test/packages/mod_perl-2.0.4/WrapXS/APR (line 461 of Makefile). *** Error code 1 Stop in /home/test/packages/mod_perl-2.0.4/WrapXS (line 461 of Makefile). *** Error code 1 Stop in /home/test/packages/mod_perl-2.0.4 (line 679 of Makefile). any pointers greatly appreciated. regards
Re: Recommendations on a daily script to check syslog (or other) server security
> Hello folks,
>
> I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
> Syslog server up and receiving data. I'd like to have the system be
> pretty secure, and I'd like to monitor its security via a simple script
> that runs daily.
>
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
>
> Can some of you BSD pro's out there recommend some additions or changes
> or other things that should be checked to help ensure the system isn't
> compromised?
>
> Is there a way to see who has logged into the system over a given period
> for example? Who only tells me who's logged in when the command is run.
>
> My sincere apologies if this isn't the right list for this query.
> Please direct me to the proper are if that's the case.
>
> Thanks!
>
> Ted
I'm hardly a BSD pro, but I'd encourage you to read the man pages for
daily(8) and security(8) if you haven't already done so.
--
Joe Gidi
j...@entropicblur.com
Re: Recommendations on a daily script to check syslog (or other) server security
LeRoy, Ted wrote: > Can some of you BSD pro's out there recommend some additions or changes > or other things that should be checked to help ensure the system isn't > compromised? For log monitoring try logsentry. > Is there a way to see who has logged into the system over a given period > for example? Who only tells me who's logged in when the command is run. Try last. -- Cezary Morga "The conventional view serves to protect us from the painful job of thinking." (John Kenneth Galbraith)
Re: Recommendations on a daily script to check syslog (or other) server security
Hello...
w = show who is logged on
last -5 = show listing of last logged in users (the -5 parameters will show
the last 5 logged in users)
Cya
On Tue, Apr 14, 2009 at 4:28 PM, LeRoy, Ted wrote:
> Hello folks,
>
> I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
> Syslog server up and receiving data. I'd like to have the system be
> pretty secure, and I'd like to monitor its security via a simple script
> that runs daily.
>
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
>
> Can some of you BSD pro's out there recommend some additions or changes
> or other things that should be checked to help ensure the system isn't
> compromised?
>
> Is there a way to see who has logged into the system over a given period
> for example? Who only tells me who's logged in when the command is run.
>
> My sincere apologies if this isn't the right list for this query.
> Please direct me to the proper are if that's the case.
>
> Thanks!
>
> Ted
>
>
--
Matheus
Scrotwm does not play nice with some apps
I've had some issues with a few apps that work in fluxbox, but refuse
to work in scrotwm. I am wanting to join my friends on Maptools
(http://www.rptools.net/), and while it does run, the screen is all
gray. I am unable to see any part of the interface. The interesting
thing is that I can run my mouse through the gray square and the
application boxes in the gray square are there, because the app gives
me the option of resizing them. When I start fluxbox, maptools starts
and the interface comes up in the correct manner. I'm using java
1.5.0_16-p9 from the March 31st snapshot, with scrotwm 0.9.2, and
fluxbox 0.9.15.1.
The other issue is with mplayer GUI, gmplayer. Attempting to start it
in scrotwm shows the control box, and the movie box, then gmplayer
crashes with "Mplayer interrrupted by signal 11 in module: unknown
-Mplayer crashed by bad usage of CPU/FPU/RAM" Again, this doesn't
happen in fluxbox.
I love scrotwm, and while the gmplayer issue isn't a big deal, the
fact that the same java app can function in one desktop, and not in
another was odd enough for me to ask if someone has had this issue in
the past. I've included a dmesg, for whatever good it will do. I
have the laptop in question with me at work, so if anyone has ideas
that I can try, or if they need an output from a specific file, please
feel free to do so...
Regards,
Bryan
OpenBSD 4.5-current (GENERIC.MP) #23: Tue Mar 31 10:06:25 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz ("GenuineIntel"
686-class) 1.50 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem = 1063272448 (1014MB)
avail mem = 1019768832 (972MB)
User Kernel Config
UKC> disable azail\^H \^H\^H \^Hlia
78 azalia* disabled
UKC> exit
Continuing...
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/11/08, BIOS32 rev. 0 @
0xffa10, SMBIOS rev. 2.4 @ 0xf7180 (45 entries)
bios0: vendor Dell Inc. version "A09" date 07/11/2008
bios0: Dell Inc. Inspiron 1520
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP HPET APIC MCFG SLIC BOOT SSDT
acpi0: wakeup devices PCI0(S3) PCIE(S4) USB1(S0) USB2(S0) USB3(S0)
USB4(S0) USB5(S0) EHC2(S0) EHCI(S0) AZAL(S3) RP01(S3) RP02(S3)
RP03(S3) RP04(S3) RP05(S3) RP06(S3) LID_(S3) PBTN(S4) MBTN(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz ("GenuineIntel"
686-class) 1.50 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 3 (PCIE)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 11 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 12 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3
acpicpu1 at acpi0: C3
acpitz0 at acpi0: critical temperature 87 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "DELL 00" serial 170 type LION oem "pan"
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0613092b0600092b
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1500 MHz (1388 mV): speeds: 1500, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel GM965 Host" rev 0x0c
pchb0: cannot reserve EPBAR
pchb0: cannot reserve MCHBAR
pchb0: cannot reserve DMIBAR
vga1 at pci0 dev 2 function 0 "Intel GM965 Video" rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 11)
drm0 at inteldrm0
"Intel GM965 Video" rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2
int 20 (irq 10)
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2
int 21 (irq 9)
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2
int 22 (irq 7)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel 82801H HD Audio" rev 0x02 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: apic 2
int 16 (irq 0)
pci1 at ppb0 bus 11
ppb1 at
Recommendations on a daily script to check syslog (or other) server security
Hello folks,
I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
Syslog server up and receiving data. I'd like to have the system be
pretty secure, and I'd like to monitor its security via a simple script
that runs daily.
Here's what I have in the script at the present time:
{ uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
/var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
/var/log/router ; } > daily-log.txt
Can some of you BSD pro's out there recommend some additions or changes
or other things that should be checked to help ensure the system isn't
compromised?
Is there a way to see who has logged into the system over a given period
for example? Who only tells me who's logged in when the command is run.
My sincere apologies if this isn't the right list for this query.
Please direct me to the proper are if that's the case.
Thanks!
Ted
Re: error : pkg add phpMyAdmin
Hi, I totally agree. I think I just missed it from where the info is available either in the man pages or directly in the FAQ itself. Le mardi 14 avril 2009 20:17:30, vous avez icrit : > On Tue, 14 Apr 2009, Jean-Frangois SIMON wrote: > > Hi, > > That's why i asked the man ref / link, i could'nt find anything. > > > > But i see some do not understand what being patient with begininers mean. > > > > It's only few months i now use this system but it's really not easy > > thought theres a lot of documentations sometimes it's not easy to find > > where, is'nt it ?! > > Common, it has nothing to do with being a beginner. > Did you read the FAQ, i.e Frequently Asked Questions? > > You call me impatient but you have been using this system "only few > months". How much time should I wait? A couple of years? > > This pissed me off because there are very talented people writing very > fine documentation and there are other people translating it into most > major languages. I'm sorry but there is no excuse not to read or at > least refer to the FAQ when you encounter an issue. People give their > time for this.
Re: error : pkg add phpMyAdmin
Jean-Frangois SIMON wrote: > Hi, > That's why i asked the man ref / link, i could'nt find anything. > > But i see some do not understand what being patient with begininers mean. Get used to it. Honestly :) > It's only few months i now use this system but it's really not easy > thought theres a lot of documentations sometimes it's not easy to find > where, is'nt it ?! No. It's all here: http://www.openbsd.org/faq/index.html. -- Cezary Morga "Indecision may or may not be my problem." (Jimmy Buffett)
Re: Re : error : pkg add phpMyAdmin
On Tue, 14 Apr 2009, Jean-Frangois SIMON wrote: > Hi, > That's why i asked the man ref / link, i could'nt find anything. > > But i see some do not understand what being patient with begininers mean. > > It's only few months i now use this system but it's really not easy > thought theres a lot of documentations sometimes it's not easy to find > where, is'nt it ?! Common, it has nothing to do with being a beginner. Did you read the FAQ, i.e Frequently Asked Questions? You call me impatient but you have been using this system "only few months". How much time should I wait? A couple of years? This pissed me off because there are very talented people writing very fine documentation and there are other people translating it into most major languages. I'm sorry but there is no excuse not to read or at least refer to the FAQ when you encounter an issue. People give their time for this. -- Antoine
Re : error : pkg add phpMyAdmin
Hi, That's why i asked the man ref / link, i could'nt find anything. But i see some do not understand what being patient with begininers mean. It's only few months i now use this system but it's really not easy thought theres a lot of documentations sometimes it's not easy to find where, is'nt it ?! Regards. 2009/4/14, Antoine Jacoutot : > On Tue, 14 Apr 2009, Jean-Francois wrote: > >> Hello, >> Can you please help me with this : >> >> $ sudo pkg add phpMyAdmin-2.11.7.1.tgz >> Can't install php5-gd-5.2.6: lib not found X11.11.1 >> Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, >> t1lib-5.1.0p1, png-1.2.28 >> Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- >> core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 >> Can't install php5-gd-5.2.6: lib not found Xpm.8.0 >> Can't install php5-gd-5.2.6: lib not found freetype.16.1 >> Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 >> >> FYI box is 4.4 fresh install, i386, working as a server, so graphic >> support. > > Not again! > Can't people read?? > > When buying something you don't know how it works. Do you wait someone > to come home and fix it for you or do you read the manual? > > -- > Antoine
Re: error : pkg add phpMyAdmin
Jean-Francois wrote: > >Did you install de xbase44.tgz packages? > > I guess no, I did not install X, I run console. > This is a server. Is it mandatory for this package ? > phpMyAdmin requires X ? xbase44.tgz doesn't contain complete X system, but it do contain X libraries required by some graphic-related packages, like php5-gd. -- Cezary Morga "The average, healthy, well-adjusted adult gets up at seven-thirty in the morning feeling just plain terrible." (Jean Kerr)
Re: error : pkg add phpMyAdmin
Hi >Did you set PKG_PATH correctly so that pkg_add can fetch dependencies ? No, I just use the standard configuration out of the box, which until now installed most packages without any problem. >Did you install de xbase44.tgz packages? I guess no, I did not install X, I run console. This is a server. Is it mandatory for this package ? phpMyAdmin requires X ? Thanks >> Hello, >> Can you please help me with this : >> >> $ sudo pkg add phpMyAdmin-2.11.7.1.tgz >> Can't install php5-gd-5.2.6: lib not found X11.11.1 >> Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, >> t1lib-5.1.0p1, png-1.2.28 >> Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- >> core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 >> Can't install php5-gd-5.2.6: lib not found Xpm.8.0 >> Can't install php5-gd-5.2.6: lib not found freetype.16.1 >> Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 >> >> FYI box is 4.4 fresh install, i386, working as a server, so graphic >support. >> >> Thanks. >> J-F
Re: ACPI on VIA iDot 3500
> So I've recently installed 4.4 on a new via idot pc3500-g motherboard,
> which is all great, but I note that ACPI isn't working. Is there
> anything helpful I can contribute to getting it working on this
> system?
>
> Or do dmesg notes like 'pcibios0: bad IRQ table checksum' suggest that
> the system is pretty much braindead? I've included a dmesg below, but
> no acpidump, given how big it is.
>
> Once again, thanks in advance...
>
> - Ruan
>
> OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3
> cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
> real mem = 1005023232 (958MB)
> avail mem = 963248128 (918MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 10/13/08, BIOS32 rev. 0 @
> 0xf9a60, SMBIOS rev. 2.4 @ 0xf (31 entries)
> bios0: vendor Phoenix Technologies, LTD version "FDd" date 10/13/2008
> bios0: PC1 PC3500G
> apm0 at bios0: Power Management spec V1.2 (slowidle)
> apm0: AC on, battery charge unknown
There is a heuristic which selects apm on some machines instead of
acpi. A few machines unfortunately fall into this set unintentionally,
but there is nothing we can do about it at this time.
Re: error : pkg add phpMyAdmin
On Tue, 14 Apr 2009 18:14:35 +0200 "Jean-Francois" wrote: > Hello, > Can you please help me with this : > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > Can't install php5-gd-5.2.6: lib not found X11.11.1 ^^ > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, > php5-core-5.2.6, t1lib-5.1.0p1, png-1.2.28 > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > FYI box is 4.4 fresh install, i386, working as a server, so graphic > support. > > Thanks. > J-F rtfm it's in the faq you dont have xbase44.tgz installed - Robert
Re: error : pkg add phpMyAdmin
On Tue, 14 Apr 2009, Jean-Francois wrote: > Hello, > Can you please help me with this : > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > Can't install php5-gd-5.2.6: lib not found X11.11.1 > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > t1lib-5.1.0p1, png-1.2.28 > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > FYI box is 4.4 fresh install, i386, working as a server, so graphic support. Not again! Can't people read?? When buying something you don't know how it works. Do you wait someone to come home and fix it for you or do you read the manual? -- Antoine
Re: error : pkg add phpMyAdmin
Jean-Francois wrote: > Hello, > Can you please help me with this : > > $ sudo pkg add phpMyAdmin-2.11.7.1.tgz > Can't install php5-gd-5.2.6: lib not found X11.11.1 > Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, > t1lib-5.1.0p1, png-1.2.28 > Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- > core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 > Can't install php5-gd-5.2.6: lib not found Xpm.8.0 > Can't install php5-gd-5.2.6: lib not found freetype.16.1 > Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 > > FYI box is 4.4 fresh install, i386, working as a server, so graphic > support. Looks like you're missing xbase44.tgz. -- Cezary Morga "If everything seems under control, you're not going fast enough" (Mario Andretti)
Re: error : pkg add phpMyAdmin
On Tue, 14 Apr 2009 18:14:35 +0200, Jean-Francois wrote ... > Can't install php5-gd-5.2.6: lib not found X11.11.1 > FYI box is 4.4 fresh install, i386, working as a server, so graphic support. I assume "so graphic" means "no graphic" You need to install the X libraries. Based on your lack of experience, , I recommend you follow the step-by-step instructions for installing xbase44.tgz in FAQ 4.10.
Re: Padlock accelerated SHA on Via C7
> Has anybody been able to get Padlock accelerated SHA1 working on a C7 > or is this not currently possible? It isn't worth using it. The overhead is too high.
error : pkg add phpMyAdmin
Hello, Can you please help me with this : $ sudo pkg add phpMyAdmin-2.11.7.1.tgz Can't install php5-gd-5.2.6: lib not found X11.11.1 Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6, t1lib-5.1.0p1, png-1.2.28 Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5- core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28 Can't install php5-gd-5.2.6: lib not found Xpm.8.0 Can't install php5-gd-5.2.6: lib not found freetype.16.1 Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6 FYI box is 4.4 fresh install, i386, working as a server, so graphic support. Thanks. J-F
FW: FW: raidctl -vF component0 raid0
Hi Alexis,
No, I didnt try building from source...I think this is something I should
try although having a skim over I'm not seeing what's different but I will
have a detailed look over this late. I am going to start this again with a
different machine hopefully tomorrow just to make sure this isn't hardware
related
Many Thanks
Chris
-Original Message-
From: Alexis de BRUYN [mailto:ale...@de-bruyn.fr]
Sent: 14 April 2009 16:10
To: Chris Harries
Cc: misc@openbsd.org
Subject: Re: FW: raidctl -vF component0 raid0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Chris,
Did you try to build your system as describe in the FAQ (5.3 - Building
OpenBSD from source, http://www.openbsd.org/faq/faq5.html#Bld), instead
of your following steps ?
>>> Patch source tree to 4.4 PATCH:
>>> cd /usr/src
>>> mount /dev/cd0a /mnt
>>> tar -zxvpf /mnt/src.tar.gz -C /usr/src ./sys
>>> umount /mnt
>>> cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_4 -P src
>>>
>>> Create new kernel with patches:
>>> cd /usr/src
>>> cvs -d anon...@anoncvs.uk.openbsd.org:/cvs up -Pd
>>> make -k cleandir
>>> rm -rf /usr/obj/*
>>> make obj
>>>
>>>
>>> cd /usr/src/etc/mtree
>>> install -c -o root -g wheel -m 660 special /etc/mtree
>>> install -c -o root -g wheel -m 444 4.4BSD.dist /etc/mtree
>>> mtree -qdef /etc/mtree/4.4BSD.dist -p / -u
>>> cd /usr/src/etc
>>> env DESTDIR=/ make distrib-dirs
>>>
>>> cd /usr/src/sys/arch/sparc64/conf/
>>> config GENERIC
>>> cd ../compile/GENERIC
>>> make clean && make depend && make
>>> cp /bsd /bsd.old
>>> cp bsd /bsd
>>> chown root:wheel /bsd
>>> reboot
>>>
>>> cd /usr/src/
>>> make build
>>> cd /dev
>>> cp /usr/src/etc/etc.sparc64/MAKEDEV ./
>>> ./MAKEDEV all
>>>
>>> Sysmerge
>>> reboot
>>>
Did you also try your whole steps on another machine?
Chris Harries a icrit :
> Ok well a d e f g h I are all RAID in disklabel
>
> I did newfs for all parts and raidctl -A root raid brings back;
> Raid0: Autoconfigure: Yes
> Raid0: Root: Yes
>
> So that's seams present and correct. I am guessing I make it autoconfig
then
> do newfs on the parts? But then I guess it doesn't matter which way round
it
> happens does it? Well I did it after newfs and it displayed same output.
>
> And..ermmm yes :( missed that typo out, it should say i386 but you guessed
> that correctly :)
>
> Chris
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Alexis de BRUYN
> Sent: 02 April 2009 21:44
> To: Chris Harries
> Cc: misc@openbsd.org
> Subject: Re: FW: raidctl -vF component0 raid0
>
>>From raidctl(8) :
> "-A root dev
> [snip]
> All components of the set must be of type RAID in the disklabel.
> [Snip]
> the RAID set must have its `a' partition (aka raid[0..n]a) set up.
> "
>
>>> raidctl -A root raid0
>>>
>>> At this point, everything seams as expected
>>>
>>> Create radi0's partitions:
>>> Disklabel -E raid0
>>>
> [snip]
>>> Create the new filesystems:
>>> For x in a d e f g h I; do newfs raid0${x}; done
>>>
>>> Seams to work fine.
>
> Now that your components are of type RAID, you must create your
> filesystems before making the RAID set auto-configurable:
>
> raidctl -A root raid0
>
> and then:
>
> For x in a d e f g h I; do newfs raid0${x}; done
>
> I also noticed:
>
>>> Install 4.4 i386 on to sd0
> [snip]
>>> cd /usr/src/sys/arch/sparc64/conf/
> [snip]
>>> cp /usr/src/etc/etc.sparc64/MAKEDEV ./
>
> Wrong copy/paste?
>
> Chris Harries a icrit :
>> Good call, did that, Still same problem, hangs at same place.
>>
>> All seams correct now:
>>
>> # disklabel -E raid0
>> Initial label editor (enter '?' for help at any prompt)
>>> p
>> OpenBSD area: 0-1952459648; size: 1952459648; free: 719334272
>> #size offset fstype [fsize bsize cpg]
>> a: 104857600RAID
>> b: 4194304 10485760swap
>> c: 19524596480 unused 0 0
>> d:104857600 14680064RAID
>> e: 1048576000119537664RAID
>> f: 20971520 1168113664RAID
>> g: 2097152 1189085184RAID
>> h: 20971520 1191182336RAID
>> i: 20971520 1212153856RAID
>>
>> Noticed this in dmesg, not sure if at the half way point reboot though
> it's
>> anything to worry about.
>>
>> Kernelized RAIDframe activated
>> cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
>> SENSE KEY: Not Ready
>> ASC/ASCQ: Medium Not Present
>> raid0 at root: (RAID Level 1) total number of sectors is 1952459648
> (953349
>> MB) as root
>> softraid0 at root
>> softraid0: sd0d can not read metadata version 1847620201, expected 3
>> softraid0: sd1d can not read metadata version 8, expected 3
>> softraid0: raid0a can not read metadata version 8, expected 3
>> softraid0: raid0d can not read metadata version 8, expected 3
>> softraid0: raid0e can not read metadata version 8, expected 3
>> softraid0: raid0f can not read
Re: Padlock accelerated SHA on Via C7
A comparsion with more recient install.
OpenBSD 4.5-current (GENERIC) #48: Sun Apr 12 23:43:52 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA C7-M Processor 1200MHz ("CentaurHauls" 686-class) 1.20 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
#openssl speed -evp sha1
OpenSSL 0.9.8k 25 Mar 2009
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
sha1 3565.64k11436.53k20987.73k35455.68k45853.06k
#openssl speed sha1
OpenSSL 0.9.8k 25 Mar 2009
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
sha1 3086.19k 8664.70k25114.28k35501.20k52151.53k
Re: FW: raidctl -vF component0 raid0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Chris,
Did you try to build your system as describe in the FAQ (5.3 - Building
OpenBSD from source, http://www.openbsd.org/faq/faq5.html#Bld), instead
of your following steps ?
>>> Patch source tree to 4.4 PATCH:
>>> cd /usr/src
>>> mount /dev/cd0a /mnt
>>> tar -zxvpf /mnt/src.tar.gz -C /usr/src ./sys
>>> umount /mnt
>>> cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_4 -P src
>>>
>>> Create new kernel with patches:
>>> cd /usr/src
>>> cvs -d anon...@anoncvs.uk.openbsd.org:/cvs up -Pd
>>> make -k cleandir
>>> rm -rf /usr/obj/*
>>> make obj
>>>
>>>
>>> cd /usr/src/etc/mtree
>>> install -c -o root -g wheel -m 660 special /etc/mtree
>>> install -c -o root -g wheel -m 444 4.4BSD.dist /etc/mtree
>>> mtree -qdef /etc/mtree/4.4BSD.dist -p / -u
>>> cd /usr/src/etc
>>> env DESTDIR=/ make distrib-dirs
>>>
>>> cd /usr/src/sys/arch/sparc64/conf/
>>> config GENERIC
>>> cd ../compile/GENERIC
>>> make clean && make depend && make
>>> cp /bsd /bsd.old
>>> cp bsd /bsd
>>> chown root:wheel /bsd
>>> reboot
>>>
>>> cd /usr/src/
>>> make build
>>> cd /dev
>>> cp /usr/src/etc/etc.sparc64/MAKEDEV ./
>>> ./MAKEDEV all
>>>
>>> Sysmerge
>>> reboot
>>>
Did you also try your whole steps on another machine?
Chris Harries a icrit :
> Ok well a d e f g h I are all RAID in disklabel
>
> I did newfs for all parts and raidctl -A root raid brings back;
> Raid0: Autoconfigure: Yes
> Raid0: Root: Yes
>
> So that's seams present and correct. I am guessing I make it autoconfig then
> do newfs on the parts? But then I guess it doesn't matter which way round it
> happens does it? Well I did it after newfs and it displayed same output.
>
> And..ermmm yes :( missed that typo out, it should say i386 but you guessed
> that correctly :)
>
> Chris
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Alexis de BRUYN
> Sent: 02 April 2009 21:44
> To: Chris Harries
> Cc: misc@openbsd.org
> Subject: Re: FW: raidctl -vF component0 raid0
>
>>From raidctl(8) :
> "-A root dev
> [snip]
> All components of the set must be of type RAID in the disklabel.
> [Snip]
> the RAID set must have its `a' partition (aka raid[0..n]a) set up.
> "
>
>>> raidctl -A root raid0
>>>
>>> At this point, everything seams as expected
>>>
>>> Create radi0's partitions:
>>> Disklabel -E raid0
>>>
> [snip]
>>> Create the new filesystems:
>>> For x in a d e f g h I; do newfs raid0${x}; done
>>>
>>> Seams to work fine.
>
> Now that your components are of type RAID, you must create your
> filesystems before making the RAID set auto-configurable:
>
> raidctl -A root raid0
>
> and then:
>
> For x in a d e f g h I; do newfs raid0${x}; done
>
> I also noticed:
>
>>> Install 4.4 i386 on to sd0
> [snip]
>>> cd /usr/src/sys/arch/sparc64/conf/
> [snip]
>>> cp /usr/src/etc/etc.sparc64/MAKEDEV ./
>
> Wrong copy/paste?
>
> Chris Harries a icrit :
>> Good call, did that, Still same problem, hangs at same place.
>>
>> All seams correct now:
>>
>> # disklabel -E raid0
>> Initial label editor (enter '?' for help at any prompt)
>>> p
>> OpenBSD area: 0-1952459648; size: 1952459648; free: 719334272
>> #size offset fstype [fsize bsize cpg]
>> a: 104857600RAID
>> b: 4194304 10485760swap
>> c: 19524596480 unused 0 0
>> d:104857600 14680064RAID
>> e: 1048576000119537664RAID
>> f: 20971520 1168113664RAID
>> g: 2097152 1189085184RAID
>> h: 20971520 1191182336RAID
>> i: 20971520 1212153856RAID
>>
>> Noticed this in dmesg, not sure if at the half way point reboot though
> it's
>> anything to worry about.
>>
>> Kernelized RAIDframe activated
>> cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
>> SENSE KEY: Not Ready
>> ASC/ASCQ: Medium Not Present
>> raid0 at root: (RAID Level 1) total number of sectors is 1952459648
> (953349
>> MB) as root
>> softraid0 at root
>> softraid0: sd0d can not read metadata version 1847620201, expected 3
>> softraid0: sd1d can not read metadata version 8, expected 3
>> softraid0: raid0a can not read metadata version 8, expected 3
>> softraid0: raid0d can not read metadata version 8, expected 3
>> softraid0: raid0e can not read metadata version 8, expected 3
>> softraid0: raid0f can not read metadata version 8, expected 3
>> softraid0: raid0g can not read metadata version 8, expected 3
>> softraid0: raid0h can not read metadata version 8, expected 3
>> softraid0: raid0i can not read metadata version 8, expected 3
>> root on raid0a
>> filesystem type 19 not known.. assuming ffs
>> WARNING: / was not properly unmounted
>> swapmount: no device
>> raid0: Error re-writing parity!
>>
>> Chris
>>
>> -Original Message-
>> From: Alexis de BRUYN [mailto:ale...@de-bruyn.fr]
>> Sent: 02 April 2009 14
Re: -stable 4.4 - a bunch of config problems
* J.C. Roberts [2009-04-14 16:55]: > grunk@ --seems there's a problem with your cvs - noted below. > $ cvs -d$CVSROOT co -rOPENBSD_4_4 xenocara/Makefile > The authenticity of host 'anoncvs.de.openbsd.org (131.188.40.91)' can't > be established. RSA key fingerprint is > fc:94:b0:c1:e5:b0:98:7c:58:43:99:76:97:ee:9f:b7. Are you sure you want > to continue connecting (yes/no)? yes Warning: Permanently added > 'anoncvs.de.openbsd.org,131.188.40.91' (RSA) to the list of known > hosts. exec request failed on channel 0 > cvs [checkout aborted]: end of file from server (consult above messages > if any) > > In short, the server is broken _OR_ it does not have the xenocara tree. > Alexander von Gernler (grunk@) runs that server, so I've cc'd him. The server hung for some reason -- I am just having it fsck'd, and I will bring it up again in a few hours, after I've checked it. Best, grunk
Re: -stable 4.4 - a bunch of config problems
grunk@ --seems there's a problem with your cvs - noted below. On Tue, 14 Apr 2009 11:21:06 +0200 "soko.tica" wrote: > > You'll hate me for saying this but... dump GNOME. > > You'll hate me even more for saying this but... try cwm (in Xbase) > > and/or scrotwm (in ports/x11/scrotwm or possibly as a package?) > > > > After you're done hating me, you'll love all the screen space. > > I will not hate you, but until present I was not able to find the way > to add keyboard layouts that I need for desktop in some of the window > managers - specifically some of the Latin > Serbian/Bosnian/Croatian/Slovenian as well as the Serbian Cyrillic. > > Remapping by wscons, I guess, won't work ( I haven't tried it), since > it would probably lead me into various problems that I wouldn't be > able to solve, for instance, in creating .pdf from .odt. Besides, I > need those keyboard layouts only in desktop and don't want them > elsewhere. > > If there is a way to do it that you can tell me, I'd be very grateful. > I don't mind for desktop background, at present I can't disable it in > GNOME for I get the following: > === > Unable to start the settings manager 'gnome-settings-daemon'. > Without the GNOME settings manager running, some preferences may not > take effect. This could indicate a problem with Bonobo, or a non-GNOME > (e.g. KDE) settings manager may already be active and conflicting with > the GNOME settings manager. > === Your example of having problems creating a PDF from an Open Office ODT file does not make any sense to me. Typically speaking, configuring the wscons(4) driver through wsconsctl (8) would not work for you simply because we do not have keyboard mappings for the languages you mentioned above. Normally, with wscons (4) you'd configure it like this: # wsconsctl keyboard.encoding=uk To find a full list of supported mappings, you need to look at pckbd(4) for details. If you are dealing with files which have file names using special characters from various languages, it might be worth your time to build (and submit) keyboard mappings for wscons. This would allow you at least some degree of "easy" access to your files from a default virtual terminal (i.e. CTRL-ALT-F1 and etc. without X running). In pckbd(8) I do see Slovenian listed, but I do not know the requirements for the other languages you listed. Good Reading: pckbd(8) wsconsctl(8) wsconscfg(8) wsconsctl.conf(5) wsfontload(8) As you probably guessed, using wscons configuration is obviously *not* the way easily switched language support is being done inside of X desktop environments like Gnome, KDE and others. Though X does talk to your keyboard *through* wscons, X is actually doing so through it's own keyboard driver kbd(8). Needless to say, the default X keyboard driver kbd(8) is a front-end for wscons. If you look at the output of the following: $ sudo kbd -l You'll basically see the list of supported mappings from pckbd(8). The way the desktop environments like Gnome and KDE do their language magic is basically through xmodmap(8). In short, what they've done is create new keyboard maps at the "X level" (rather than at the system level), and use xmodmap to load the desired mapping. Needless to say, this approach only gives you access to the keyboard mapping and/or language support when you're running X. Since both Gnome and KDE are absolute beasts when it comes to size, functionality, and bloat, you would probably have better luck figuring out the xmodmap magic used by studying a more simple desktop like XFCE. Once you figure out the xmodmap magic they are using to give language/keyboard support, you could use it with cwm and/or scrotwm. If you come from working in the environment of massive GUI "desktops" like MS-Windows, MacOS, KDE, Gnome, and others, it will take some time for you to get used to the minimalist approach of cwm and scrotwm. If you stick with it, you'll eventually be far faster and far better off. > > There is no .xinitrc in my /home. How can I create it? > The default xinitrc file for the system is located in: /etc//X11/xinit/xinitrc You can copy the system xinitrc to your home directory as ~/.xinitrc and modify your copy without affecting the default one for the whole system. > Regarding xenocara cvs update, is there anything in the command that I > do wrong? I can't see how anoncvs.de.openbsd.org is without xenocara, > since all other servers are mirroring it. > === > # cd /usr/xenocara/ > # export cvsroot=anon...@anoncvs.de.openbsd.org:/cvs > # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd > ^CKilled by signal 2. > cvs [update aborted]: received interrupt signal > # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd xenocara > ^Ccvs [update aborted]: received interrupt signal > Killed by signal 2. > # cd /usr > # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd xenocara > ^Ccvs [update aborted]: received interrupt signal > Killed
Padlock accelerated SHA on Via C7
Hi All,
Has anybody been able to get Padlock accelerated SHA1 working on a C7
or is this not currently possible?
The CPU has the capability:
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA C7 Processor 1800MHz ("CentaurHauls" 686-class) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
..but on http://www.openbsd.org/crypto.html only the C3 processor is
listed, which doesnt have SHA1.
Speed with and without -evp is the same:
#openssl speed -evp sha1
type 16 bytes 64 bytes256 bytes 1024 bytes
8192 bytes
sha1 5182.12k16114.78k37209.11k55274.13k
65219.75k
#openssl speed sha1
type 16 bytes 64 bytes256 bytes 1024 bytes
8192 bytes
sha1 5200.49k16100.77k36993.16k55122.71k
64871.91k
Many thanks!
Re: Installing Apache PHP/Mysql support
Jean-Francois wrote: > Hi All, > > Both pkg installed, links made, and after reboot, command line works : > > $ php -i > phpinfo() > PHP Version => 5.2.6 > > but .php page shows only source code in firefox ? Have you done everything mentioned in pkg_info -M php5-core? Especially the /var/www/conf/modules/php5.conf symlink? Seems AddType or LoadModule is missing in your Apache configuration. -- Cezary Morga "Would those of you in the cheaper seats clap your hands? And the rest of you, if you'll just rattle your jewelry." (John Lennon)
Re: Installing Apache PHP/Mysql support
For some reason the link creation did not work. Now problem is solved. Le mardi 14 avril 2009 16:11:17, vous avez icrit : > Hi All, > > Both pkg installed, links made, and after reboot, command line works : > > $ php -i > phpinfo() > PHP Version => 5.2.6 > > but .php page shows only source code in firefox ? > > One insight please ? > > Le mardi 14 avril 2009 13:56:32, vous avez icrit : > > Dnia wtorek, 14 kwietnia 2009, Jean-Francois napisa3: > > > Now I saw there are many packages php5 and mysql, however it's not > > > clear for me which ones to install and the conf files that need to be > > > modified, the chrooted directories where some files might be copied to > > > etc ... > > > > Install whichever packages you need. For PHP5+MySQL php5-core and > > php5-mysql should suffice (mysql-server should be installed as a > > dependency if it's not installed already). > > > > These packages are prepared for OpenBSD's chrooted Apache however you may > > need to create some additional directories (like tmp for example) within > > chroot. The post-install message will tell you what to do.
Re: Low power OpenBSD machine
On Tue, Apr 14, 2009 at 12:00 AM, Mic J wrote: > What about the Intel Atom, there is a version targeted for kind of > embedded systems. > Think its called z5xx or something. > > Its a x86, so i suppose its well supported? > > i'm buying 1 soonish, board, with no fan, 2GB ram , and a case. or you could wait for the soon-to-arrive ARM Cortex A8? At least, that's what I'm waiting for. -jf -- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
Re: Low power OpenBSD machine
Tim Hume wrote: > > Hi, > > My current PC is not very healthy. I am considering building a new low > power consumption machine. I want something a bit more powerful than a > Soekris, but it doesn't have to be the fastest machine around. I will > be using the machine for web browsing, Email, managing my digital > photos and so on. The main requirement is that the machine is quiet > and has a low power consumption so I can leave it on all the time. > I highly recommend the newer Intel Celeron processors. They only use about 30 watts and that's when they are working hard. They stay cool and are very quiet. I use Asus or Gigabyte mother boards. If you dislike Intel, then try AMD Semprons. They are not quite as power efficent (45 watts), but they are just as quiet and a bit cooler IMO. I have several of these systems, they work really well and can be built for less than 200 dollars in the United States of America ;) (case, mobo, power supply, ram, cpu, hdd, etc) < $200.00 USD -- View this message in context: http://www.nabble.com/Low-power-OpenBSD-machine-tp23022564p23040201.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: -stable 4.4 - a bunch of config problems
On Tue, Apr 14, 2009 at 11:21:06AM +0200, soko.tica wrote: > Remapping by wscons, I guess, won't work ( I haven't tried it), since > it would probably lead me into various problems that I wouldn't be > able to solve, for instance, in creating .pdf from .odt. Besides, I > need those keyboard layouts only in desktop and don't want them > elsewhere. Take a look at setxkbmap. > If there is a way to do it that you can tell me, I'd be very grateful. > I don't mind for desktop background, at present I can't disable it in > GNOME for I get the following: > === > Unable to start the settings manager 'gnome-settings-daemon'. > Without the GNOME settings manager running, some preferences may not > take effect. This could indicate a problem with Bonobo, or a non-GNOME > (e.g. KDE) settings manager may already be active and conflicting with > the GNOME settings manager. > === Is it installed (ports/x11/gnome/settings-daemon) ? > There is no .xinitrc in my /home. How can I create it? This is explained in the FAQ: http://www.openbsd.org/faq/faq11.html#StartingX
Re: Installing Apache PHP/Mysql support
Hi All, Both pkg installed, links made, and after reboot, command line works : $ php -i phpinfo() PHP Version => 5.2.6 but .php page shows only source code in firefox ? One insight please ? Le mardi 14 avril 2009 13:56:32, vous avez icrit : > Dnia wtorek, 14 kwietnia 2009, Jean-Francois napisa3: > > Now I saw there are many packages php5 and mysql, however it's not clear > > for me which ones to install and the conf files that need to be modified, > > the chrooted directories where some files might be copied to etc ... > > Install whichever packages you need. For PHP5+MySQL php5-core and > php5-mysql should suffice (mysql-server should be installed as a dependency > if it's not installed already). > > These packages are prepared for OpenBSD's chrooted Apache however you may > need to create some additional directories (like tmp for example) within > chroot. The post-install message will tell you what to do.
Re: Security considerations for login with an SSH host key
On Tue, Apr 14, 2009 at 04:59:28PM +1000, Olivier Mehani wrote: > I'm wondering, however, if there were any security risks introduced by > specifically using the host key instead of one generated specifically > for that purpose and, if so, what they were. Personally I like using user keys instead. They are easy to generate. You can have more than one such key per machine and tie each key to a forced command on the server. You can run processes as normal users instead of root. The list goes on. The only drawback is spending a few seconds generating keys. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG dwchand...@stilyagin.com | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: How to find my USB?
On Sat, Apr 11, 2009 at 1:29 AM, Juan Jimenez Galdos wrote: > Ok, thank you very much Alexander, Jacek :). > > A question: if i need to download a package with the dependences, is there a > command? is there in OpenBSD a cache with the packages? > > Thank you very much again. For OpenBSD 4.5/i386, when you are using ftp mirror ftp://ftp5.usa.openbsd.org See this page for the complete list of FTP mirrors: http://www.openbsd.org/ftp.html # export PKG_PATH='ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.5/packages/i386/' # pkg_add ee-1.4.6 (To add the ee text editor and any packages it may require.) -- Jacek Artymiak http://devGuide.net
Re: ACPI on VIA iDot 3500
you have apm instead. if you don't want that try disabling it that
should enable acpi.
On Tue, Apr 14, 2009 at 08:38:53AM +0100, Ruan Kendall wrote:
> So I've recently installed 4.4 on a new via idot pc3500-g motherboard,
> which is all great, but I note that ACPI isn't working. Is there
> anything helpful I can contribute to getting it working on this
> system?
>
> Or do dmesg notes like 'pcibios0: bad IRQ table checksum' suggest that
> the system is pretty much braindead? I've included a dmesg below, but
> no acpidump, given how big it is.
>
> Once again, thanks in advance...
>
> - Ruan
>
> OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3
> cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
> real mem = 1005023232 (958MB)
> avail mem = 963248128 (918MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 10/13/08, BIOS32 rev. 0 @
> 0xf9a60, SMBIOS rev. 2.4 @ 0xf (31 entries)
> bios0: vendor Phoenix Technologies, LTD version "FDd" date 10/13/2008
> bios0: PC1 PC3500G
> apm0 at bios0: Power Management spec V1.2 (slowidle)
> apm0: AC on, battery charge unknown
> acpi at bios0 function 0x0 not configured
> pcibios0 at bios0: rev 3.0 @ 0xf/0xc7e4
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc6c0/288 (16 entries)
> pcibios0: bad IRQ table checksum
> pcibios0: PCI BIOS has 16 Interrupt Routing table entries
> pcibios0: PCI Exclusive IRQs: 5 10 11
> pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237A ISA" rev 0x00)
> pcibios0: PCI bus #4 is the last bus
> bios0: ROM list: 0xc/0xec00
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "VIA P4M900 Host" rev 0x00
> pchb1 at pci0 dev 0 function 1 "VIA P4M900 Host" rev 0x00
> pchb2 at pci0 dev 0 function 2 "VIA P4M900 Host" rev 0x00
> pchb3 at pci0 dev 0 function 3 "VIA P4M900 Host" rev 0x00
> pchb4 at pci0 dev 0 function 4 "VIA P4M900 Host" rev 0x00
> "VIA P4M900 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured
> pchb5 at pci0 dev 0 function 6 "VIA P4M900 Security" rev 0x00
> pchb6 at pci0 dev 0 function 7 "VIA P4M900 Host" rev 0x00
> ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "VIA Chrome9 HC IGP" rev 0x01
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> agp0 at vga1: v3, aperture at 0xd000, size 0x1000
> drm at vga1 unsupported
> ppb1 at pci0 dev 2 function 0 "VIA P4M900 PCI-PCI" rev 0x80: irq 5
> pci2 at ppb1 bus 2
> ppb2 at pci0 dev 3 function 0 "VIA P4M900 PCI-PCI" rev 0x80: irq 5
> pci3 at ppb2 bus 3
> pciide0 at pci0 dev 15 function 0 "VIA VT8237A SATA" rev 0x80: DMA
> pciide0: using irq 11 for native-PCI interrupt
> wd0 at pciide0 channel 0 drive 0:
> wd0: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> wd1 at pciide0 channel 1 drive 0:
> wd1: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors
> wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
> pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x07: DMA,
> channel 0 configured to compatibility, channel 1 configured to
> compatibility
> wd2 at pciide1 channel 0 drive 1:
> wd2: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
> wd2(pciide1:0:1): using PIO mode 4, DMA mode 2
> pciide1: channel 1 disabled (no drives)
> uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0xa0: irq 10
> uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0xa0: irq 11
> uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0xa0: irq 10
> uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0xa0: irq 11
> ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 10
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
> viapm0 at pci0 dev 17 function 0 "VIA VT8237A ISA" rev 0x00
> iic0 at viapm0
> spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
> spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5
> pchb7 at pci0 dev 17 function 7 "VIA VT8251 VLINK" rev 0x00
> pchb8 at pci0 dev 19 function 0 "VIA VT8237A PCI-PCI" rev 0x00
> ppb3 at pci0 dev 19 function 1 "VIA VT8237A PCI-PCI" rev 0x00
> pci4 at ppb3 bus 4
> em0 at pci4 dev 4 function 0 "Intel PRO/1000MT (82545EM)" rev 0x01:
> irq 11, address 00:07:e9:11:55:6e
> vr0 at pci4 dev 14 function 0 "VIA RhineII-2" rev 0x8d: irq 10,
> address 00:1a:4d:1f:14:d5
> ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 13: OUI
> 0x004063, model 0x0034
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uh
Re: Installing Apache PHP/Mysql support
Dnia wtorek, 14 kwietnia 2009, Jean-Francois napisa3: > Now I saw there are many packages php5 and mysql, however it's not clear > for me which ones to install and the conf files that need to be modified, > the chrooted directories where some files might be copied to etc ... Install whichever packages you need. For PHP5+MySQL php5-core and php5-mysql should suffice (mysql-server should be installed as a dependency if it's not installed already). These packages are prepared for OpenBSD's chrooted Apache however you may need to create some additional directories (like tmp for example) within chroot. The post-install message will tell you what to do. -- Pozdrawiam, Cezary Morga "Would those of you in the cheaper seats clap your hands? And the rest of you, if you'll just rattle your jewelry." (John Lennon)
Re: matching ipv6 esp traffic
this has been fixed in openbsd 4.5 On Sun, Apr 12, 2009 at 05:48:54PM +0200, Florian Obser wrote: > Hi, > > I'm trying to secure my wlan access point with ipsec. > > Apparently I cannot match ipv6 esp traffic. This is on 4.4 > > I build a simplified setup with qemu, ipsec-gw and ipsec-client: > > - ipsec-gw > > [r...@ipsec-gw:~]# cat /etc/ipsec.conf > ike passive esp from 10.12.32.235 to 10.12.32.236 > ike passive esp from 2001:db8::1 to 2001:db8::2 > > [r...@ipsec-gw:~]# cat /etc/pf.conf > pass log on enc0 > block in log on em0 > pass out log on em0 > # allow link-local multicast for neighbor solicitation / neighbor > advertisement > pass in on em0 proto icmp6 to FF02::/16 > pass in on em0 proto tcp from any to em0 port ssh > pass in log on em0 proto udp from any to em0 port isakmp > pass in log on em0 proto esp from any to em0 > > [r...@ipsec-gw:~]# ipsecctl -s all > FLOWS: > flow esp in from 10.12.32.236 to 10.12.32.235 peer 10.12.32.236 srcid > 10.12.32.235/32 dstid 10.12.32.236/32 type use > flow esp out from 10.12.32.235 to 10.12.32.236 peer 10.12.32.236 srcid > 10.12.32.235/32 dstid 10.12.32.236/32 type require > flow esp in from 2001:db8::2 to 2001:db8::1 peer 2001:db8::2 srcid > 2001:db8::1/128 dstid 2001:db8::2/128 type use > flow esp out from 2001:db8::1 to 2001:db8::2 peer 2001:db8::2 srcid > 2001:db8::1/128 dstid 2001:db8::2/128 type require > > SAD: > esp tunnel from 2001:db8::1 to 2001:db8::2 spi 0x20d8f195 auth > hmac-sha2-256 enc aes > esp tunnel from 10.12.32.235 to 10.12.32.236 spi 0x6335527f auth > hmac-sha2-256 enc aes > esp tunnel from 10.12.32.236 to 10.12.32.235 spi 0xa90135ff auth > hmac-sha2-256 enc aes > esp tunnel from 2001:db8::2 to 2001:db8::1 spi 0xd9956a4e auth > hmac-sha2-256 enc aes > > - ipsec-client > > [r...@ipsec-client:~]# cat /etc/pf.conf > pass all > > [r...@ipsec-client:~]# cat /etc/ipsec.conf > ike esp from 10.12.32.236 to 10.12.32.235 > ike esp from 2001:db8::2 to 2001:db8::1 > > [r...@ipsec-client:~]# ipsecctl -s all > FLOWS: > flow esp in from 10.12.32.235 to 10.12.32.236 peer 10.12.32.235 srcid > 10.12.32.236/32 dstid 10.12.32.235/32 type use > flow esp out from 10.12.32.236 to 10.12.32.235 peer 10.12.32.235 srcid > 10.12.32.236/32 dstid 10.12.32.235/32 type require > flow esp in from 2001:db8::1 to 2001:db8::2 peer 2001:db8::1 srcid > 2001:db8::2/128 dstid 2001:db8::1/128 type use > flow esp out from 2001:db8::2 to 2001:db8::1 peer 2001:db8::1 srcid > 2001:db8::2/128 dstid 2001:db8::1/128 type require > > SAD: > esp tunnel from 2001:db8::1 to 2001:db8::2 spi 0x20d8f195 auth > hmac-sha2-256 enc aes > esp tunnel from 10.12.32.235 to 10.12.32.236 spi 0x6335527f auth > hmac-sha2-256 enc aes > esp tunnel from 10.12.32.236 to 10.12.32.235 spi 0xa90135ff auth > hmac-sha2-256 enc aes > esp tunnel from 2001:db8::2 to 2001:db8::1 spi 0xd9956a4e auth > hmac-sha2-256 enc aes > > > --- > > loaded rules: > > [r...@ipsec-gw:~/pf]# pfctl -vv -s rules | egrep -v 'Evaluations|Inserted' > @0 pass log on enc0 all flags S/SA keep state > @1 block drop in log on em0 all > @2 pass out log on em0 all flags S/SA keep state > @3 pass in on em0 inet6 proto tcp from any to fe80::5652:ff:fe3d:e648 port > = ssh flags S/SA keep state > @4 pass in on em0 inet6 proto tcp from any to 2001:db8::1 port = ssh flags > S/SA keep state > @5 pass in on em0 inet6 proto ipv6-icmp from any to ff02::/16 keep state > @6 pass in on em0 inet proto tcp from any to 10.12.32.235 port = ssh flags > S/SA keep state > @7 pass in log on em0 inet6 proto udp from any to fe80::5652:ff:fe3d:e648 > port = isakmp keep state > @8 pass in log on em0 inet6 proto udp from any to 2001:db8::1 port = isakmp > keep state > @9 pass in log on em0 inet6 proto esp from any to fe80::5652:ff:fe3d:e648 > keep state > @10 pass in log on em0 inet6 proto esp from any to 2001:db8::1 keep state > @11 pass in log on em0 inet proto udp from any to 10.12.32.235 port = > isakmp keep state > @12 pass in log on em0 inet proto esp from any to 10.12.32.235 keep state > > === > > pinging ipv4 (this is working): > > [r...@ipsec-client:~]# ping -c 1 ipsec-gw > PING ipsec-gw (10.12.32.235): 56 data bytes > 64 bytes from 10.12.32.235: icmp_seq=0 ttl=255 time=0.950 ms > --- ipsec-gw ping statistics --- > 1 packets transmitted, 1 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 0.950/0.950/0.950/0.000 ms > > [r...@ipsec-gw:~]# tcpdump -nlp -i em0 not port ssh > tcpdump: listening on em0, link-type EN10MB > 16:33:44.585647 esp 10.12.32.236 > 10.12.32.235 spi 0xA90135FF seq 11 len > 132 > 16:33:44.585955 esp 10.12.32.235 > 10.12.32.236 spi 0x6335527F seq 11 len > 132 > > > [r...@ipsec-gw:~]# tcpdump -nlp -i enc0 not port ssh > tcpdump: listening on enc0, link-type ENC > 16:33:44.585838 (authentic,confidential): SPI 0xa
Re: Installing Apache PHP/Mysql support
On Tue, 14 Apr 2009 11:40:59 +0200 "Jean-Francois" wrote: > Hi All, > > I don't want to bother you with that matter. > > Could one tell me where clear up to date infos are available > regarding how to mount the PHP support for my website hosted on > OpenBSD machine. > > Actually web infos are just small how to which do not give any more > informations. Further some tell you that the difficulty comes from > the chroot wichi you might disable, which is not at all what I want > to do. > > Now I saw there are many packages php5 and mysql, however it's not > clear for me which ones to install and the conf files that need to be > modified, the chrooted directories where some files might be copied > to etc ... > > Just link where info are available should help me. > > Thanks for support. > JF http://www.google.com http://marc.info/?l=openbsd-misc - Robert
Canada immigration
WARNING: contains undecipherable part Received: from unicornia896a8 (adsl-83-135-192-81.adsl2.iam.net.ma [81.192.135.83]) by mail.cashcom.ma (Postfix/TrioOS) with ESMTP id C63CA1200ADCE for ; Tue, 14 Apr 2009 10:00:42 + (WET) From: "Agence Casa ElFirdaous" To: Subject: Canada immigration Date: Tue, 14 Apr 2009 11:58:45 +0200 MIME-Version: 1.0 X-Security: message sanitized on shear.ucar.edu See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.147 $Date: 2004-10-02 11:16:26-07 Content-Type: text/plain; charset="us-ascii" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MS-TNEF-Correlator: D67849FBE0A2614284D66D50471F1152047D2300 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Message-Id: <20090414100042.c63ca1200a...@mail.cashcom.ma> X-Converted-To-Plain-Text: from multipart/mixed by demime 1.01d X-Converted-To-Plain-Text: Alternative section used was text/plain The debate is no longer about whether Canada should remain open to immigration. That debate became moot when Canadians realized that low birth rates and an aging population would eventually lead to a shrinking populace. Baby bonuses and other such incentives couldn't convince Canadians to have more kids, and demographic experts have forecasted that a Canada without immigration would pretty much disintegrate as a nation by 2050. Download the attached file to know about the required forms. The sender of this email got this article from our side and forwarded it to you. The original file name is IMM_Forms_E01.rar and compressed by WinRAR no virus found. Use WinRAR to decompress the file. [demime 1.01d removed an attachment of type application/ms-tnef which had a name of winmail.dat]
Re: openntpd on openbsd on esx
On 2009-04-14, Clifford Bailey wrote: > I'm trying to run a couple of ntp servers using openntpd on openbsd > 4.2 running as a vm on a vmware esx server. My problem is that the > machines never seem to become completely stable. They become > syncronised, but in 24 hours they may lose syncronisation 2 or 3 > times. > > I was wondering whether anyone on the list has been successful running > an ntp server in this way, or is this a known issue with ntp on > virtualised platforms? Is there anyway of tweaking the install to make > it more reliable? you could run NTP client on the ESX host, upgrade the guest OS, build a custom kernel with vmt(4), and use vmt's timedelta sensor as ntpd's source. this should help keeping sync, but I don't know how the precision will be.
Installing Apache PHP/Mysql support
Hi All, I don't want to bother you with that matter. Could one tell me where clear up to date infos are available regarding how to mount the PHP support for my website hosted on OpenBSD machine. Actually web infos are just small how to which do not give any more informations. Further some tell you that the difficulty comes from the chroot wichi you might disable, which is not at all what I want to do. Now I saw there are many packages php5 and mysql, however it's not clear for me which ones to install and the conf files that need to be modified, the chrooted directories where some files might be copied to etc ... Just link where info are available should help me. Thanks for support. JF
Re: -stable 4.4 - a bunch of config problems
> You'll hate me for saying this but... dump GNOME. > You'll hate me even more for saying this but... try cwm (in Xbase) > and/or scrotwm (in ports/x11/scrotwm or possibly as a package?) > > After you're done hating me, you'll love all the screen space. I will not hate you, but until present I was not able to find the way to add keyboard layouts that I need for desktop in some of the window managers - specifically some of the Latin Serbian/Bosnian/Croatian/Slovenian as well as the Serbian Cyrillic. Remapping by wscons, I guess, won't work ( I haven't tried it), since it would probably lead me into various problems that I wouldn't be able to solve, for instance, in creating .pdf from .odt. Besides, I need those keyboard layouts only in desktop and don't want them elsewhere. If there is a way to do it that you can tell me, I'd be very grateful. I don't mind for desktop background, at present I can't disable it in GNOME for I get the following: === Unable to start the settings manager 'gnome-settings-daemon'. Without the GNOME settings manager running, some preferences may not take effect. This could indicate a problem with Bonobo, or a non-GNOME (e.g. KDE) settings manager may already be active and conflicting with the GNOME settings manager. === There is no .xinitrc in my /home. How can I create it? Regarding xenocara cvs update, is there anything in the command that I do wrong? I can't see how anoncvs.de.openbsd.org is without xenocara, since all other servers are mirroring it. === # cd /usr/xenocara/ # export cvsroot=anon...@anoncvs.de.openbsd.org:/cvs # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd ^CKilled by signal 2. cvs [update aborted]: received interrupt signal # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd xenocara ^Ccvs [update aborted]: received interrupt signal Killed by signal 2. # cd /usr # cvs -d anon...@anoncvs.de.openbsd.org:/cvs up -Pd xenocara ^Ccvs [update aborted]: received interrupt signal Killed by signal 2. # === Regarding privoxy /var/log/privoxy/logvile was owned by root, group _privoxy, permissions 644. I chowned it to owner _privoxy, but firefox still can't use it. == $ ps auxww | grep privoxy _privoxy 15523 0.0 0.2 1076 1640 ?? Is 8:22AM0:00.02 /usr/local/sbin/privoxy --user _privoxy /etc/privoxy/config $ ps auxww | grep privoxy _privoxy 15523 0.0 0.2 1076 1640 ?? Is 8:22AM0:00.02 /usr/local/sbin/privoxy --user _privoxy /etc/privoxy/config $ cat /var/log/privoxy/logfile Apr 14 08:22:37.943 Privoxy(857c1c00) Info: Privoxy version 3.0.8 Apr 14 08:22:37.943 Privoxy(857c1c00) Info: Program name: /usr/local/sbin/privoxy Apr 14 08:22:38.006 Privoxy(857c1c00) Info: Listening on port 8118 for local connections only $ === I guess it could be something with DNS. I'm behind NAT firewall. === $ cat /etc/hosts # $OpenBSD: hosts,v 1.11 2002/09/26 23:35:51 krw Exp $ ... # ::1 localhost.mynet.my6net localhost 127.0.0.1 localhost.mynet.my6net localhost ::1 ljubinko.mynet.my6net ljubinko 127.0.0.1 ljubinko.mynet.my6net ljubinko 172.16.1.67 ljubinko.mynet.my6net $ cat /etc/resolv.conf search mynet.my6net nameserver 172.16.2.111 nameserver 172.16.3.111 lookup file bind
Re: openntpd on openbsd on esx
Clifford Bailey wrote: Hi, I'm trying to run a couple of ntp servers using openntpd on openbsd 4.2 running as a vm on a vmware esx server. My problem is that the machines never seem to become completely stable. They become syncronised, but in 24 hours they may lose syncronisation 2 or 3 times. I was wondering whether anyone on the list has been successful running an ntp server in this way, or is this a known issue with ntp on virtualised platforms? Is there anyway of tweaking the install to make it more reliable? Guests are very sensitive to stuff like the VMware host using CPU frequency scaling due to load, since it will make all guests run at different speeds when it changes, so the general hint is not even run ntp to synch the guest clocks, but rather use VMWare tools to do it, and sync the hosts using ntp. Given that, running ntp servers on guests is even less likely to be a good idea.
Re: openntpd on openbsd on esx
never run ntpd inside a virtual machine. Run it on the host. http://kb.vmware.com/KanisaPlatform/Publishing/329/1420_f.SAL_Public.html http://support.ntp.org/bin/view/Support/KnownOsIssues#Section_9.2.2.1. On 2009 Apr 14 (Tue) at 09:37:38 +0100 (+0100), Clifford Bailey wrote: :Hi, : :I'm trying to run a couple of ntp servers using openntpd on openbsd :4.2 running as a vm on a vmware esx server. My problem is that the :machines never seem to become completely stable. They become :syncronised, but in 24 hours they may lose syncronisation 2 or 3 :times. -- Vital papers will demonstrate their vitality by spontaneously moving from where you left them to where you can't find them.
openntpd on openbsd on esx
Hi, I'm trying to run a couple of ntp servers using openntpd on openbsd 4.2 running as a vm on a vmware esx server. My problem is that the machines never seem to become completely stable. They become syncronised, but in 24 hours they may lose syncronisation 2 or 3 times. I was wondering whether anyone on the list has been successful running an ntp server in this way, or is this a known issue with ntp on virtualised platforms? Is there anyway of tweaking the install to make it more reliable? If not, I will move the box onto some real hardware, but I only want to do that if it's the only way. Thanks in advance! Cliff. My Config listen on x.x.x.x servers 0.uk.pool.ntp.org Sample log output = Apr 12 22:52:39 ntpserver ntpd[20679]: clock is now synced ... Apr 13 02:12:36 ntpserver ntpd[20679]: clock is now unsynced Apr 13 02:16:24 ntpserver ntpd[20679]: clock is now synced ... Apr 13 16:37:48 ntpserver ntpd[20679]: clock is now unsynced Apr 13 16:41:31 ntpserver ntpd[20679]: clock is now synced Apr 13 16:45:17 ntpserver ntpd[14714]: adjusting local clock by 0.033747s Apr 13 19:52:58 ntpserver ntpd[14714]: adjusting local clock by 0.111834s Apr 13 21:02:28 ntpserver ntpd[14714]: adjusting local clock by 0.061884s Apr 13 21:10:01 ntpserver ntpd[14714]: adjusting clock frequency by 12.048466 to 87.819750ppm Apr 13 22:19:45 ntpserver ntpd[14714]: adjusting clock frequency by -14.207114 to 73.612636ppm Apr 14 00:13:08 ntpserver ntpd[14714]: adjusting local clock by 0.034559s Apr 14 01:09:51 ntpserver ntpd[14714]: adjusting local clock by 0.038054s Apr 14 01:15:35 ntpserver ntpd[14714]: adjusting clock frequency by 8.482591 to 82.095227ppm Apr 14 03:00:43 ntpserver ntpd[14714]: adjusting clock frequency by 10.570668 to 92.665895ppm
Re: Low power OpenBSD machine
On Mon, Apr 13, 2009 at 12:52:23PM -0400, Nick Holland wrote: [...] > a PIII-class system with an i810 chipset will probably come in below 30W > when idle. (Other chipsets may, too...but I put the Wattmeter on a 500MHz > PIII with an i810 chipset, with both a real disk and a flash disk, and it > came in at under 30W when CPU was idle). That is consistent with my findings - the dual PIII/550 on an Intel L440GX server board I use as home server clocks in at about 50W idle with two HDs. Even the HP Kayak XU800 (dual PIII/866) I have only uses some 60W idle, but peaks much higher than the Intel. So, PIIIs can still go a long way, but I would not vouch for them matching a suitable laptop set-up. [...] > Get a wattmeter. Great investment... True, that. :-) Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Intel 5100AGN in 4.5?
On Tue, Apr 14, 2009 at 3:02 AM, wrote: > OpenBSD 4.5 Release has support for Intel WiFi Link 5000 Series > adapters. See http://www.openbsd.org/45.html > D'oh, that was the one place I didn't think to look. Thanks. -Nick
Re: Security considerations for login with an SSH host key
> I'm currently setting up a remote backup solution > based on rdiff-backup. Basically, each computer > to be backed up regularly connects to the centralized > backup server, and sends the modifications. This is > done in a crontab. Are you also using sshd_config's ForceCommand and a specific custom sudo recipe. GroupMatch can be of use, too. Regards -Lars
ACPI on VIA iDot 3500
So I've recently installed 4.4 on a new via idot pc3500-g motherboard,
which is all great, but I note that ACPI isn't working. Is there
anything helpful I can contribute to getting it working on this
system?
Or do dmesg notes like 'pcibios0: bad IRQ table checksum' suggest that
the system is pretty much braindead? I've included a dmesg below, but
no acpidump, given how big it is.
Once again, thanks in advance...
- Ruan
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
real mem = 1005023232 (958MB)
avail mem = 963248128 (918MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/13/08, BIOS32 rev. 0 @
0xf9a60, SMBIOS rev. 2.4 @ 0xf (31 entries)
bios0: vendor Phoenix Technologies, LTD version "FDd" date 10/13/2008
bios0: PC1 PC3500G
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 3.0 @ 0xf/0xc7e4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc6c0/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 16 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237A ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xec00
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA P4M900 Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA P4M900 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA P4M900 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA P4M900 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA P4M900 Host" rev 0x00
"VIA P4M900 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured
pchb5 at pci0 dev 0 function 6 "VIA P4M900 Security" rev 0x00
pchb6 at pci0 dev 0 function 7 "VIA P4M900 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA Chrome9 HC IGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: v3, aperture at 0xd000, size 0x1000
drm at vga1 unsupported
ppb1 at pci0 dev 2 function 0 "VIA P4M900 PCI-PCI" rev 0x80: irq 5
pci2 at ppb1 bus 2
ppb2 at pci0 dev 3 function 0 "VIA P4M900 PCI-PCI" rev 0x80: irq 5
pci3 at ppb2 bus 3
pciide0 at pci0 dev 15 function 0 "VIA VT8237A SATA" rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0:
wd1: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x07: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd2 at pciide1 channel 0 drive 1:
wd2: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd2(pciide1:0:1): using PIO mode 4, DMA mode 2
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0xa0: irq 10
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0xa0: irq 11
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0xa0: irq 10
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0xa0: irq 11
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8237A ISA" rev 0x00
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5
pchb7 at pci0 dev 17 function 7 "VIA VT8251 VLINK" rev 0x00
pchb8 at pci0 dev 19 function 0 "VIA VT8237A PCI-PCI" rev 0x00
ppb3 at pci0 dev 19 function 1 "VIA VT8237A PCI-PCI" rev 0x00
pci4 at ppb3 bus 4
em0 at pci4 dev 4 function 0 "Intel PRO/1000MT (82545EM)" rev 0x01:
irq 11, address 00:07:e9:11:55:6e
vr0 at pci4 dev 14 function 0 "VIA RhineII-2" rev 0x8d: irq 10,
address 00:1a:4d:1f:14:d5
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 13: OUI
0x004063, model 0x0034
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "VIA UHCI root hub" rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pck
Security considerations for login with an SSH host key
Hello all, I'm currently setting up a remote backup solution based on rdiff-backup. Basically, each computer to be backed up regularly connects to the centralized backup server, and sends the modifications. This is done in a crontab. On the backup server, there is one user per backed-up machine. Each machine stores its files up in the HOME directory of its associated user. Now, as this is a fully automated process, I cannot enter a password, so I naturaly though about using a passwordless SSH keys. (I suppose the passwordlessness of the key could arguably be a security issue, and I'd be happy to know about other possible solutions, if any.) I first thought about generating a specific key for that purpose. I then realized each of these hosts already had one, which is generated during the first boot. I finally decided to implement my system using /etc/ssh/ssh_host_rsa_key as the private key used to authenticate to the backup server. This file is only readable by root, but as cron runs as root, that should be no problem (not tested yet, I'm currently setting everything up). I'm wondering, however, if there were any security risks introduced by specifically using the host key instead of one generated specifically for that purpose and, if so, what they were. Thanks for you insight (: -- Olivier Mehani PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Re: Intel 5100AGN in 4.5?
OpenBSD 4.5 Release has support for Intel WiFi Link 5000 Series adapters. See http://www.openbsd.org/45.html Damien
Re: Low power OpenBSD machine
Nico Meijer wrote: Hi Timothy, Is it possible to build something like I describe which uses under 30 Watts, and if so, what hardware would people recommend? I am very happy with several mini-itx systems, both from VIA and from Jetway. For instance, a VIA VB7002 with 1.5Ghz C7-D CPU and 2Gb of RAM cost me 89 euro's, including 19% VAT. I've built a few Jetways too, and the AES-crypto/RNGs on the Via C7s are quite handy also. running my not-fanless C7 in apm -C mode makes it very cool indeed, I assume it does draw very little power unless I hit it very hard.
