Re: [Newbie] OpenBSD HTTP proxy
On Mon, Oct 08, 2007 at 10:00:34PM -0400, Jeremy Huiskamp wrote: On 8-Oct-07, at 8:43 PM, Lars Noodin wrote: Tony Bruguier wrote: ... I would like to install an HTTP proxy. ... Squid is recommended. Read the directions carefully and you will have to make one or two changes to the configuration. Have squid listen localhost and then tunnel to get to it. What's the point of getting squid involved? Putty does SOCKS proxying does it not? Jeremy Yep. There is no need for any proxy software if he can just ssh -D with putty and configure his browser to use that.
Re: How to track port updates in stable?
On Fri, Aug 03, 2007 at 06:35:51PM -0500, Todd Pytel wrote: I don't spend as much time following OpenBSD as I used to, so perhaps I'm missing something. But there used to be a ports-security mailing list used for announcing updated ports. That list doesn't exist any more, or at least doesn't appear to have had anything posted to it in a very long time. Is there some other official way to track changes to ports? Absent that, has anyone come up with a simple hack to feed to cron to accomplish the same thing? --Todd I think the easiest is: If you must use ports: regularly cvs update or cvs up your local ports tree and run the /usr/ports/infrastructure/build/out-of-date script to find things to update. If you use packages (recommended) just make sure $PKG_PATH is set and pkg_add -ui. It will prompt you to install any updated versions.
Re: a cd key
On Fri, May 18, 2007 at 08:47:21PM +1000, Timothy Wilson wrote: Had you thought about mounting certain areas as read only? For example, /etc, /local can be mounted as read only. When you want to make changes, such as installing a new package or whatever, just remount the file systems read/write. You can also use jails. Timothy I think the point is that if someone roots your machine because you are running a vulnerable service, they can't really install rootkits and things if your binaries are on a filesystem that CAN'T be remounted r/w. If you just mount your harddisks (or portions like /etc) ro and someone roots your box, they just re-mount it, install rootkit, then re-mount back ro. Does nothing really.
pkg_add -u question
man pkg_add states: -u Update the given pkgname(s), and anything it depends upon. If no pkgname is given, pkg_add will update all installed packages. This relies on PKG_PATH to figure out the new package names. However if I run -u with no package name, it tells me a list of possible candidates, but doesn't actually update anything. I have to manually do each one. Am I doing something wrong or is this expected for some reason? (on i386) # dmesg | head -1 OpenBSD 4.1-stable (GENERIC) #0: Sat May 5 21:34:13 EDT 2007 # echo $PKG_PATH ftp://ftp.nyc.openbsd.org/pub/OpenBSD/4.1/packages/i386/ # pkg_add -u Candidates for updating autossh-1.2g - autossh-1.3 Candidates for updating bzip2-1.0.3 - bzip2-1.0.4 Candidates for updating cdrtools-2.01 - cdrtools-2.01p0 Looking for updates: complete # Any ideas?
Re: pkg_add -u question
On Sun, May 06, 2007 at 04:28:45PM +0200, Cabillot Julien wrote: pkg_add -ui Ah. Thanks. Seems the man page should be changed to be more clear. If no pkgname is given and -u is combined with -i, pkg_add will... On 5/6/07, Clint M. Sand [EMAIL PROTECTED] wrote: man pkg_add states: -u Update the given pkgname(s), and anything it depends upon. If no pkgname is given, pkg_add will update all installed packages. This relies on PKG_PATH to figure out the new package names. However if I run -u with no package name, it tells me a list of possible candidates, but doesn't actually update anything. I have to manually do each one. Am I doing something wrong or is this expected for some reason? (on i386) # dmesg | head -1 OpenBSD 4.1-stable (GENERIC) #0: Sat May 5 21:34:13 EDT 2007 # echo $PKG_PATH ftp://ftp.nyc.openbsd.org/pub/OpenBSD/4.1/packages/i386/ # pkg_add -u Candidates for updating autossh-1.2g - autossh-1.3 Candidates for updating bzip2-1.0.3 - bzip2-1.0.4 Candidates for updating cdrtools-2.01 - cdrtools-2.01p0 Looking for updates: complete # Any ideas? -- Julien Cabillot
Re: OpenBSD 4.1 Torrents
On Sat, May 05, 2007 at 12:43:34PM +0200, Justin Smith wrote: Just out of curiosity... Is it logical to use an OS for the intense focus on security and correctness, yet download the binaries from a random person on a mailing list instead of any official source with reasonable file integrity checking process in place? From: http://toolbar.netcraft.com/site_report?url=ftp.openbsd.org Site http://ftp.openbsd.org Reverse DNS openbsd.sunsite.ualberta.ca Netblock OwnerIP address OS Web Server Last changed University of Alberta 1030 General Services Building Edmonton CA129.128.5.191 Solaris Apache/1.3.34 Unix PHP/4.4.2 mod_perl/1.27 17-Apr-2007 What a security!! FYI: Trojaned version of OpenSSH package has been found to reside on ftp.openbsd.org's server. http://www.mavetju.org/unix/openssh-trojan.php http://www.openssh.org/txt/trojan.adv Are you remember? -- JS Yes but it's still an official source. It's a static server that has some level of attention by an admin team. Contrast that with whatever guy puts up a torrent tracker and posts on a mailing list. Getting from the solaris box at www. and hey man download openbsd from me is not the same thing.
Re: OpenBSD 4.1 Torrents
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote: Probably everyone knows already, but I just wanted to get the word out that there are OpenBSD 4.1 torrents now on the torrent site: http://openbsd.somedomain.net/index.php?version=4.1 So far they are mostly just the files off of the CDs, but as I get synced up, the package torrents will update. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: The Borg tried to assimilate your system. Resistance is futile. Just out of curiosity... Is it logical to use an OS for the intense focus on security and correctness, yet download the binaries from a random person on a mailing list instead of any official source with reasonable file integrity checking process in place? Seems odd that people would use OpenBSD because they trust the code, yet download the binaries from random torrents on the internet.
Re: cvs or cvsup
On Wed, Mar 21, 2007 at 10:59:22AM +0100, Stefan Sperling wrote: On Wed, Mar 21, 2007 at 01:39:51AM -0700, Kernel Monkey wrote: I've been using the cvsup client to update my sources. What is the difference between cvs and cvsup when updating sources? Is one better than the other? There is no easy answer. It depends on what you want. + cvsup is much faster. It's optimized for getting as much out of your bandwidth as it can. See http://www.cvsup.org/howsofast.html + cvsup can copy the whole OpenBSD CVS repository, not just check out working copies. You can even add local branches to the repo and commit on them! See the development(7) man page from FreeBSD for a nice guide written by Matthew Dillon himself on how to do this. - cvsup does not provide encryption - cvsup only works on i386 + cvsup is written in modula3 (yes, this is a +, but just because I am familiar with the cm3 compiler from work, ie. the existence of modula3 and killer apps that use it have been paying some of my rent. Keep them coming! :-P) - cvs is slower + cvs can do diffs and view logs, and using the nifty cvsdo utility from the cvsutils port you can even diff new files you've added + cvs provides encryption over ssh - but many anoncvs mirrors probably sync using sup/cvsup, so the encrypted distribution channel provided by anoncvs does not go all the way up to the master server anyway... :-( This may or may not cancel out the benefit of encryption for you. + cvs works on all arches Great points but one to add: *cvs is part of base, cvsup is yet another port/package I have to install and maintain. -- stefan http://stsp.in-berlin.de PGP Key: 0xF59D25F0
stupid question re kernal build make install
I know this is a dumb question but make install on a kernel build does: rm -f /obsd ln /bsd /obsd cp bsd /nbsd mv /nbsd /bsd But I can't see the reasoning here. Why do we copy it then move it rather than just copying it straight to /bsd?
Re: stupid question re kernal build make install
On Wed, Mar 14, 2007 at 04:34:02PM -0500, Jacob Yocom-Piatt wrote: Clint M. Sand wrote: I know this is a dumb question but make install on a kernel build does: rm -f /obsd ln /bsd /obsd cp bsd /nbsd mv /nbsd /bsd But I can't see the reasoning here. Why do we copy it then move it rather than just copying it straight to /bsd? to prevent a poorly timed act of god from making the system unbootable. Thx. Makes sense. Many times the explaination is the simple one. I was overcomplicating things. Cheers.
Re: new tool: openportd
On Sun, Oct 22, 2006 at 03:55:39AM -0700, Kian Mohageri wrote: On 10/22/06, Steffen Wendzel [EMAIL PROTECTED] wrote: You normaly have different open ports pf(4) makes this a minor issue. No offense, but what you have there (in the example specifically) is no better than a limited (if you consider ability to reboot or kill ssh limited) version of rexec/rsh. The way you authenticate is obscured a bit, but not secured. A neat project, I'll give you that. But I don't recommend it on a production server. -- Kian Mohageri Not to mention anyone on your network can sniff the key, replay attacks, oh and running a daemon that is able to listen on all ports that is not from openbsd base... Authpf would allow you only open connections only to people who can authenticate, which cannot be easiliy sniffed and replayed such as with port knocking.
Re: bsdstats.org WOW
On Thu, Oct 19, 2006 at 12:04:45AM -0600, Breen Ouellette wrote: Miod Vallat wrote: For historical reference, info taken from bsdstats.org: [...] What is the point discussing completely bogus so-called statistics? At best, I would suggest that some are proud to be OpenBSD users. At worst, I would say that being an OpenBSD user gives some people an excuse to ego stroke. Call it ego masturbation, if you will. Stats like this are the porn they use to get off. The reality is probably somewhere in the middle, but it is no different than cheering for a sports team. Whether or not the stats are accurate, some people seem to feel a need to cheer on the work of others in an attempt to claim a piece of the fame for themselves. I really seem to be on a roll this month. I'm sure I'll insult at least a couple dozen people with these comments. :) Breeno This might be true if a goal of OpenBSD was to be the most widely used OS. It's not. Next month FreeBSD might be the most widely used. Using your logic we should be sad. Who cares. OpenBSD is not for everyone and we like it that way.
Re: MAC - IP - MAC
On Sat, Jun 03, 2006 at 12:10:55AM +0100, Gaby vanhegan wrote: From thinking about it more, it's just simpler to track which IP address belongs to which login, and then when that user tries to login on a second client, the first one is barred access. This only allows one IP address per client. It does mean that the the IP tracking software needs to know a little more about the IP address that it created, and requires to be a bit more actively managed. So all I have to do is *TRY* to login as you on another machine and your original legit connection is dropped? Think about this.
Re: ssh attacks
If these attempts all come from the same source, why not filter that ip at the gateway level. What legit use does this person have on your network on any port, much less ssh? On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote: Expect I was not clear. Someone is attacking address 1, address 2, address 3, those address are all blocked with respect to ssh. , but because he is attacking those addresses, I want to stop an expected attack on address 4. I never want to pass ssh on address 1, address 2 or address 3 ever, I want to use the information that someone was trying to ssh to those address to identify person as an attacker. -Original Message- From: Matthias Kilian [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 31, 2006 3:02 PM To: Peter Fraser Cc: misc@openbsd.org Subject: Re: ssh attacks On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote: block in on Outsize proto tcp port ssh flags S/SA state (max-src-conn-rate 100/10, overload bad_hosts flush global) This does not work. One gets a message that keeping state on a blocked run makes no sense. See the example on overload at http://www.openbsd.org/faq/pf/filter.html#stateopts Basically, you pass and just block verything from bad_hosts in a separate rule. Ciao, Kili
Re: Symantec firewalls
On Thu, Apr 06, 2006 at 08:56:44AM +0300, Gabriel George POPA wrote: Hello, I've heard a lot about those Symantec firewall machines (that cost something around 15000$-3$). In fact I don't know many details, just that customers are pleased to give the money and say that they're safe behing that Symantec machine. Of course, I encountered people that were very happy with these systems, but I think they never had a major attack or something. Just out of curiosity, can OpenBSD do what Symantec does? Is Symantec's encryption better than that included in OpenBSD (I must mention that I live in Europe, maybe US export laws apply)? Does Symantec worth all this money? On the other hand, I was thinking that maybe, just maybe, Symantec uses a modified version of OpenSSL on these machines. Is this possible? Thanks a lot, George POPA Apples and Oranges. The Symantec firewall appliance is built on what was Raptor. Its proxy based. They have custom proxies for just about any service you'll pass through it. There's also tons of other things it does such as network AV scanning, content filtering, SSL VPN, etc.. OpenBSD/PF does things Symantec can't. And visa versa. It all depends on your requirements. The symantec appliance is more of an all in one box to accomplish a bunch of different things in one machine primarily from small business or remote offices. In large environments that dont' require any of this other stuff, OpenBSD will kick its ass. Granted, you can run many different proxies on OpenBSD as well as (free) AV scanning and VPN technolgoies but Symantec has an advantage here in that these components are integrated together so that packets are only opened once, and all of these operations are done then versus seperate products manually combined on one install. So, in environments where you'd actually turn all those featuers on, Symantec might be faster. However for most people that wont use all that clutter on their gateway, OpenBSD/PF will blow it away. The Symantec appliance is based on redhat with all the OpenSSL/OpenSSH you'd expect on a redhat box. Have I mentioned it depends on your requirements?
Re: Security tools
On Wed, Mar 15, 2006 at 12:31:06PM +, Gaby vanhegan wrote: Hi, I'm running 3.6 (yes, due for an upgrade) and I keep getting hit by snip My questions are: 1. How do I find out their attack vector? I have had a nessus scan performed on the machine, but it did not present any security (I can supply on request). I've checked the security releases in security.html and there are no pertinent ones for httpd. Snort has provided little useful information (I can provide access to the snort logs if required). From http://www.openbsd.org/errata36.html 009: SECURITY FIX: January 12, 2005 All architectures httpd(8) 's mod_include module fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer, causing a buffer overflow. This would require enabling the XBitHack directive or server-side includes and making use of a malicious document.
Re: Did my -stable upgrade work?
On Sun, Mar 12, 2006 at 09:42:50PM -0600, Mike Loiterman wrote: How can I tell if my -stable binary upgrade was successful? check the last modified timestamps on the userland binaries. they should all be the day you compiled. chances are it didn't finish and you'll see some dates from when you installed -release. I have done make obj make build but after several hours, the machine seems locked up. What should the last few lines of output be? I can't ssh in, and the keyboard is non-fucntional from the console. Should the build return me to a prompt, reboot, what? This doesn't seem right. The FAQ just ends by saying This may take a while... -- Mike Loiterman grantADLER Tel: 630-302-4944 Fax: 773-442-0992 Email: [EMAIL PROTECTED] PGP Key: 0xD1B9D18E
Re: thttpd with php
Sorry, I did not read like an idiot. Maybe this is more helpful. http://halplant.com:88/server/thttpd_FAQ.html#PHP On Sun, Feb 19, 2006 at 09:40:33AM -0500, Clint M. Sand wrote: On Sun, Feb 19, 2006 at 03:31:47PM +0200, Kiraly Zoltan wrote: Anyone use thttpd webserver with PHP in OpenBSD? I don't know exactly what need to do to run this webserver with PHP in OpenBSD. Exist a documentation which explain ? Thanks ! $ cd /usr/ports/ $ make search key=thttpd Port: thttpd-2.25b Path: www/thttpd Info: tiny/turbo/throttling HTTP server Maint: Jakob Schlyter [EMAIL PROTECTED] Index: www L-deps: B-deps: R-deps: Archs: any Just install the port or package. http://www.openbsd.org/ports.html http://www.openbsd.org/3.8_packages/i386/thttpd-2.25b.tgz-long.html
Re: httpd question - solved
On Sat, Feb 04, 2006 at 07:07:52PM -0500, Dave Feustel wrote: On Saturday 04 February 2006 16:57, L. V. Lammert wrote: On Sat, 4 Feb 2006, Dave Feustel wrote: I am now starting httpd at boot. It reports that it cannot determine the fully qualified domain name and listens to only 127.0.0.1. How can I set the ip address to which httpd listens to the address assigned to me by verizon's dhcp server? ahh, .. httpd.conf ifconfig?? Lee I started httpd successfully after I commented out the change I had made to the email address for the server administrator (which apparently set off DNS requests - a bad thing for a server with no name) and set ServerName to the ip address assigned to my computer. I will have to update ServerName each time I get a new IP address. Dave Feustel i have been running apache on openbsd since 2.9 on a dynamic IP and have never had to do any of this. #grep ServerName /var/www/conf/httpd.conf ServerName neotrance.dyndns.org
Re: windows - pf - inet - pf - ftpd [not working]
To even begin to get help on this, you'd need to submit the pf rules on those obsd boxen. On Thu, Jan 19, 2006 at 05:36:02PM -0500, Price, Joe wrote: I have a problem that when a Windows client tries to connect to this ftp site, windows explorer returns 'The operation timed out'. The setup is, windows box behind a openbsd PF (NAT enabled) through the public internet to another openbsd PF (NAT enabled) which has a rdr rule to redirect to another openbsd machine behind it running ftpd. I'm assuming the problem exists on one of the firewalls, or both.. Is this something that ftp-proxy can fix? I know the ftp works because I can connect to it form the far end's openbsd box, just seems that I can't go through two NATs of PFs or something like that. Any help is appreciated. Thanks!
Re: errata 001_perl.patch
On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote: I doubt you need perl at all on a box like that. You can also consider to simply remove all the perl on that system. # Han The pkg_* tools are perl. Even though its a firewall he may need to install/remove/maintain pkg's of some sort.
Re: errata 001_perl.patch
On Thu, Jan 12, 2006 at 04:13:23PM -0800, Ted Unangst wrote: if you're installing a package that's going to exploit a bug in perl, why are you installing it? my point is that if you want to install packages at all you need the perl binary. That is in response so someone suggesting you do not need perl at all. I think you are missinterpreting. On 1/12/06, Clint M. Sand [EMAIL PROTECTED] wrote: On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote: I doubt you need perl at all on a box like that. You can also consider to simply remove all the perl on that system. # Han The pkg_* tools are perl. Even though its a firewall he may need to install/remove/maintain pkg's of some sort.
Re: What does this error message mean?
man rc.conf On Sun, Jan 01, 2006 at 11:50:01PM -0600, Jim Mays wrote: How do you turn off Sendmail? What starts it in obsd? (Like where is the equivalent of /etc/rc2.d? Jim Daniel Ouellet wrote: Jim Mays wrote: Jan 1 23:05:16 balrog sm-msp-queue[1531]: k024U2n0023755: timeout waiting for input from localhost.cimsolve.com during client greeting Anyone tell me what sm-msp-queue is and what input it is waiting for? May be are you using spew or the like as a spam filter and can't connect to it by any chance right now? Just a thought.
Re: #define failure opportunity
On Tue, Nov 29, 2005 at 06:12:29PM -0600, Qv6 wrote: Has any company ever approached the openssh dev team and offered to buy a support contract from them? Did they refuse? Come to think of it, why doesn't the openssh team sell support contracts to companies that want it? Or maybe they already do. You don't need to be an official OpenSSH developer to start a company that supports OpenSSH. Start one that focuses on it. Hell, www.opensshsupport.com is even available. I bet some of these companies already support this in some capacity http://www.openbsd.org/support.html Less complaining, more doing.
Re: Portmap non-local set / unset attempt
On Thu, Sep 22, 2005 at 02:02:13PM -0600, Theo de Raadt wrote: snip People keep yammering this bullshit about Security is a process. Bullshit! Lies! It's about paying attention to the frigging details when they are right in front of your face. And it is very clear other vendors do not pay attention to the details, considering the work I did here was talked about all over BUGTRAQ back in that month. No wonder these vendors and their blogboys have to have this Security is a process mantra to protect themselves from looking bad. Security is a process is intended to mean 2 things. One is that the idea that you can set and forget anything and think it's somehow secure is a joke. To secure a network includes at a minimum, keeping up with vendor patches for example. Processes like patch management help keep systems secure. It does not say Security is ONLY a process. Secondly, it is meant to refute the moronic idea that some admins seem to have is that buying any product makes you secure. Prevelant is the idea for example that if you have a firewall then you are now secure. Or, I have Norton AntiVirus so now my PC is secured.
Re: Portmap non-local set / unset attempt
On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote: People keep yammering this bullshit about Security is a process. Bullshit! Lies! It's about paying attention to the frigging details when they are right in front of your face. And it is very clear other vendors do not pay attention to the details, considering the work I did here was talked about all over BUGTRAQ back in that month. No wonder these vendors and their blogboys have to have this Security is a process mantra to protect themselves from looking bad. Security is a process is intended to mean 2 things. One is that the idea that you can set and forget anything and think it's somehow secure is a joke. To secure a network includes at a minimum, keeping up with vendor patches for example. Processes like patch management help keep systems secure. It does not say Security is ONLY a process. Secondly, it is meant to refute the moronic idea that some admins seem to have is that buying any product makes you secure. Prevelant is the idea for example that if you have a firewall then you are now secure. Or, I have Norton AntiVirus so now my PC is secured. No, no no. You are playing the same semantic games that avoid responsibility at the ENGINEERING and PRODUCT DEVELOPMENT STAGES. It's so very very Microsoft. Just like the air-conditioning technicians I keep firing because they can't read schematics and charts. Which is why I now know MORE about air-conditioners than most of the technicians who come here. The phrase, and everything you said, is all excuses for the vendors. It IS POSSIBLE to set something up and have it be secure and NOT TOUCH IT, because many people have OpenBSD machines running older releases running without any modification for YEARS now, RISK FREE, without having to update ANY THING. No, you can put an openbsd box up and leave it for years with root login enabled and password for a password. It takes more than correct code. It's correct code plus correct usage. I think the GOBBLES sshd exploit is proof enough that set and forget is not risk free. Security is everything you've ever said, plus a process.
Re: back and neck pain
On Thu, Aug 18, 2005 at 07:24:56PM -0400, [EMAIL PROTECTED] wrote: A friend told me about you- i have a' spondie'-l4-l5, that surgey helped a little, and 10 mos. later my car fell off the jacks, breaking my back-burst fracture of t-12, and aggrivating the 'spondie'. I have a lot of pain and percocets have helped, can you help me? man neckpain(1)
Re: About DNS
On Sun, Aug 14, 2005 at 09:49:12PM +0200, Mike Henker wrote: Thanks James, I don t have the file you talked about but I will create it (resolve.conf) with the info you explained. resolv.conf not resolve.conf
Re: pkg_add -r question?
On Sat, Jul 30, 2005 at 04:45:55PM -0500, L. V. Lammert wrote: After experimenting with pkg_add -r on a 3.6 - 3.7 upgrade, it is **NICE**!! One question, however, .. is there a way to use the *OLD* package name, instead of the *NEW* package name? pkg_add would then query PKG_PATH for an updated version? The way it works now, it seems like you must manually compare the old packages new packages, build the list of new packages by name, before using pkg_add -r. Lee /usr/ports/infrastructure/build/out-of-date
Re: 005_libz.patch - fails to change directory
On Fri, Jul 22, 2005 at 08:00:50PM -0600, Todd C. Miller wrote: In message [EMAIL PROTECTED] so spake Uwe Dippel (udippel): Strange, we had the same thing with the last patch. Looks like the main ftp mirror is not updating. I've left a message but it may not get fixed for a while... - todd Any update on this? 003, 004, 005 all seem to still have the incorrect path.
Re: Easiest way to include PHP in a release
On Sun, Jul 03, 2005 at 06:30:10PM -0400, Robert Jacobs wrote: Hello, I want to make an OpenBSD release that includes php right from install (like perl is included). I am not very good with makefiles and stuff, so I am seeking advice for the easiest way to do this. Is there a way to include the binary into the usr/src, the OpenBSD port of php, package, or simply way to make the makefile from sources? I apologize for the noobish nature of this question, but I need to be able to do this and do not know how and am having little success finding information about this. Thanks, Rob http://www.openbsd.org/faq/faq4.html#site
Re: snort homedir ?
On Sun, Jun 19, 2005 at 03:17:48PM +0200, mess-mate wrote: Hi, i've installed snort and created the user/group snort. Since snort runs as a daemon a homdir is not necessary, isn't ? How can i remove / setup the user snort without a homedir ( /home/snort)? The homedir was setted-up automatically by 'adduser'. Thanks in advance Isn't this a question for a snort list? You can use vipw to change the snort users home dir to /sbin/nologin if not required. mess-mate -- A horse! A horse! My kingdom for a horse! -- Wm. Shakespeare, Henry VI