Re: rc.local mystery executables
On Fri, Aug 15, 2014 at 5:53 PM, Josh Grosse wrote: > On 2014-08-15 10:39, Scott Bonds wrote: > >> ...I'm running owncloud and a bunch of other (no doubt less secure) >> software > > > On June 29, there was a 5.5-stable update to www/owncloud to release 6.0.4 > to fix a security issue. Change/modifying /etc requires root privileges. Here we haven't only a bugged software, but some other serious issue. Ownlcoud should run with web server privileges. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Openbsd Routing/NAT Internet Issues
On Wed, Mar 26, 2014 at 12:10 PM, Zé Loff wrote: > Are you forwarding packets between interfaces? > $ sysctl net.inet.ip.forwarding modem is responding (to internal LAN, I suppose), so it must enabled, -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Openbsd Routing/NAT Internet Issues
On Wed, Mar 26, 2014 at 4:28 AM, Wong Peter wrote: Hi > *Routing Table* (route show | more) > Destination Gateway Flags Interface > default 175.13.8.127.254 UGS tun0 > 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0 should'n be your default gateway your external modem, 192.168.1.254? What is this pppoe?
Re: route show
2010/12/20 lilit-aibolit : > I have a little problem with "route show" command. netstat -nr > after I type this command and press Enter on first machine - all is done: > But if I do it on second machine, output in console and terminal is > very-very slow, try `netstat -nr', could be a dns problem. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: smtpd IP log
On Mon, Oct 19, 2009 at 6:21 PM, Philippe NICOLAS wrote: > Anyway is it possible for smtpd to log the IP of the remote server in the > maillog as sendmail did it ? I was asking for the same thing. It's not useful, it's fundamental for any mail server admin. to know: who got our mail, when and with wich answer. Thanks a lot -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: FTP public
On 8/3/09 9:49 PM, Yamidt Henao wrote:
I cant publish a ftp server using the pf, my ftp server used autenticacion,I
have in pf:
#1:
rdr on $ext_if proto tcp from any to ($ext_if) port { ftp-data } ->
port ftp-data
#2:
rdr on $ext_if proto tcp from any to ($ext_if) port { ftp } ->
port ftp
man ftp-proxy
--
Cristiano Deana - FreeCRIS
"Ho iniziato a usare FreeBSD perche' m$ usava me. ed e' spiacevole"
Re: pf table update-daemon? Does it exist?
On 6/29/09 9:58 AM, Rod Whitworth wrote: http://ossec.net/ it's EXACTLY what you want. They don't say they do pf on their webpage. Yes, it does. A default installation use a standard "firewall_up" on server side, in while in the client it use pf, or iptable or whatever O.S. is supporting. Without personalization it works well, detecting scans (analyzing logs) and put the attacking ip in a "ossec_fwtable". After some minutes those ip's will removed from there. What you have to do in your of is a simple table persist block in quick from to any block out quick from any to Of course, you MUST put YOUR ip's in a white list. ;) -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: pf table update-daemon? Does it exist?
On Mon, Jun 29, 2009 at 9:23 AM, M. Feenstra wrote: Does something like this exist? Or maybe, is there a better way of dealing with this? http://ossec.net/ it's EXACTLY what you want. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Problem with pf/nat (bug?) and aliases in internal interface
On 5/18/09 9:46 AM, Stuart Henderson wrote:
As a test, can you try it without using the 192.168.20.1-192.168.20.10
address range format, and see if that behaves any better? You can use
this instead: {192.168.20.0/29 192.168.20.8/31 192.168.20.10}
I already tried with 192.168.21.1, 192.168.21.2 and with a table.
Nothing change in nat rules.
--
Cristiano Deana - FreeCRIS
"Ho iniziato a usare FreeBSD perche' m$ usava me. ed e' spiacevole"
Re: pf bug
On 5/8/09 1:24 PM, Karl-Heinz Wild wrote: Hi, This seems to me not valid. from pf.conf(5) : Ranges of addresses are specified by using the `-' operator. For instance: ``10.1.1.10 - 10.1.1.12'' means all addresses from 10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10, 10.1.1.11, and 10.1.1.12. You can check with with first lan it works: @0 nat on bnx0 inet from 192.168.20.1 - 192.168.20.10 to any -> xxx.yyy.zzz.1 [ Evaluations: 45772 Packets: 73607 Bytes: 55360324 States: 293 ] [ Inserted: uid 0 pid 12206 State Creations: 2359 ] @1 nat on bnx0 inet from 192.168.20.11 - 192.168.20.20 to any -> xxx.yyy.zzz.2 [ Evaluations: 35350 Packets: 31082 Bytes: 21419423 States: 299 ] [ Inserted: uid 0 pid 12206 State Creations: 2787 ] @2 nat on bnx0 inet from 192.168.20.21 - 192.168.20.30 to any -> xxx.yyy.zzz.3 [ Evaluations: 27629 Packets: 772 Bytes: 143711 States: 25] [ Inserted: uid 0 pid 12206 State Creations: 225 ] @3 nat on bnx0 inet from 192.168.20.31 - 192.168.20.40 to any -> xxx.yyy.zzz.4 [ Evaluations: 25463 Packets: 41233 Bytes: 29462072 States: 208 ] [ Inserted: uid 0 pid 12206 State Creations: 2249 ] Second LAN: @26 nat on bnx0 inet from 192.168.21.11 - 192.168.21.20 to any -> xxx.yyy.zzz.27 [ Evaluations: 20Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 12206 State Creations: 0 ] -- Cristiano Deana - FreeCRIS "Ho iniziato a usare FreeBSD perche' m$ usava me. ed e' spiacevole"
pf bug
Hi,
i think this is a pf's bug:
short description:
internal interface with two different ip's in two different lans:
192.168.20.254/24
192.168.21.254/24
They're used as gateway from the two lans.
nat rules: every 10 ip's use a different public ip.
everithing works fine for the first lan, with the second one pf doesn't
match the right rule(1) but similar rule for the other lan(2).
this is only true for NAT RULES, if i use a similar rule for filtering
(3,4) they perfectly match the right one.
(1)
nat on $ext_if from $lan_pri_01 -> $ip_pub_01
(2)
nat on $ext_if from $lan_pri_26 -> $ip_pub_26
(3)
pass in log quick on {192.168.20.254} from 192.168.20.0/24 to any flags
S/SA keep state
(4)
pass in log quick on {192.168.21.254} from 192.168.21.0/24 to any flags
S/SA keep state
lan_pri_01="{ 192.168.20.01 - 192.168.20.10 }"
lan_pri_26="{ 192.168.21.01 - 192.168.21.10 }"
it seems nat rule use only the last octet to match it.
thanks in advance
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
Problem with pf/nat (bug?) and aliases in internal interface
Scenario: int_if with two ip addresses in two differents lans (192.168.20.254, 192.168.21.254). more aliases in the external interfaces nat rules: every 10 internals ip use an external address for the nat. everything works fine, except for the second internal ip address. ip from 192.168.21.0/24 are natted with rules of net 192.168.20.0/24 machines from internal lan use .20.254 or .21.254 as a gateway. p.s. both of them works, but second ones use wrong nat. # uname -mprs OpenBSD 4.4 amd64 Intel(R) Xeon(R) CPU 5110 @ 1.60GHz # pfctl -vsr pass in log quick on bnx1 inet from 192.168.20.0/24 to any flags S/SA keep state [ Evaluations: 61921 Packets: 370618Bytes: 216808002 States: 4230 ] [ Inserted: uid 0 pid 12418 State Creations: 23774 ] pass in log quick on bnx1 inet from 192.168.21.0/24 to any flags S/SA keep state [ Evaluations: 628 Packets: 13136 Bytes: 10432453States: 117 ] [ Inserted: uid 0 pid 12418 State Creations: 202 ] # pfctl -vvsn | grep -A2 -e '@0' -e '@24' -e '@25' @0 nat on bnx0 inet from 192.168.20.1 - 192.168.20.10 to any -> xxx.xxx.xxx.1 [ Evaluations: 34016 Packets: 57999 Bytes: 23576755States: 803 ] [ Inserted: uid 0 pid 12418 State Creations: 5402 ] @24 nat on bnx0 inet from 192.168.20.241 - 192.168.20.254 to any -> xxx.xxx.xxx.25 [ Evaluations: 1079 Packets: 3353 Bytes: 1489982 States: 79] [ Inserted: uid 0 pid 12418 State Creations: 179 ] @25 nat on bnx0 inet from 192.168.21.1 - 192.168.21.10 to any -> xxx.xxx.xxx.26 [ Evaluations: 793 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 12418 State Creations: 0 ] -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Problem with pf/nat (bug?) and aliases in internal interface
Scenario: int_if with two ip addresses in two differents lans (192.168.20.254, 192.168.21.254). more aliases in the external interfaces nat rules: every 10 internals ip use an external address for the nat. everything works fine, except for the second internal ip address. ip from 192.168.21.0/24 are natted with rules of net 192.168.20.0/24 machines from internal lan use .20.254 or .21.254 as a gateway. p.s. both of them works, but second ones use wrong nat. # uname -mprs OpenBSD 4.4 amd64 Intel(R) Xeon(R) CPU 5110 @ 1.60GHz # pfctl -vsr pass in log quick on bnx1 inet from 192.168.20.0/24 to any flags S/SA keep state [ Evaluations: 61921 Packets: 370618Bytes: 216808002 States: 4230 ] [ Inserted: uid 0 pid 12418 State Creations: 23774 ] pass in log quick on bnx1 inet from 192.168.21.0/24 to any flags S/SA keep state [ Evaluations: 628 Packets: 13136 Bytes: 10432453States: 117 ] [ Inserted: uid 0 pid 12418 State Creations: 202 ] # pfctl -vvsn | grep -A2 -e '@0' -e '@24' -e '@25' @0 nat on bnx0 inet from 192.168.20.1 - 192.168.20.10 to any -> xxx.xxx.xxx.1 [ Evaluations: 34016 Packets: 57999 Bytes: 23576755States: 803 ] [ Inserted: uid 0 pid 12418 State Creations: 5402 ] @24 nat on bnx0 inet from 192.168.20.241 - 192.168.20.254 to any -> xxx.xxx.xxx.25 [ Evaluations: 1079 Packets: 3353 Bytes: 1489982 States: 79] [ Inserted: uid 0 pid 12418 State Creations: 179 ] @25 nat on bnx0 inet from 192.168.21.1 - 192.168.21.10 to any -> xxx.xxx.xxx.26 [ Evaluations: 793 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 12418 State Creations: 0 ] -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Foreign ip address in routing table?
2009/2/25 Claudio Jeker : > man netstat(1) and look what the flags mean. > UGHD, up, gateway, host, dynamic. This route got created because of an > ICMP control packet or TCP PMTU and is normaly only valid for a certain > time. Thanks, Claudio. I knew it was "DYNAMIC", i didn't know how it was created. probably squid? -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Foreign ip address in routing table?
Hi, i have a proxy server (4.4 amd64 + squid) with foreign ip addresses in routing table. example: # uname -a OpenBSD proxy.cs.intra 4.4 GENERIC#1021 i386 # netstat -nr -f inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default192.168.1.224 UGS 472 184498495 -48 bge0 74.205.126.204 192.168.1.224 UGHD 0 184417595 - L 48 bge0 127/8 127.0.0.1 UGRS 00 3320448 lo0 127.0.0.1 127.0.0.1 UH 1 146690 3320448 lo0 192.168.1/24 link#1 UC 10 -48 bge0 192.168.1.224 00:0f:20:8b:a0:00 UHLc 20 -48 bge0 224/4 127.0.0.1 URS00 3320448 lo0 why "74.205.126.204" is there? -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: what does ${RELEASEPATH} mean in the upgrade FAQ?
On Mon, Nov 3, 2008 at 9:26 AM, Siju George <[EMAIL PROTECTED]> wrote:
> I plan to upgrade from 4.3 to 4.4 using bsd.rd.
> I read the upgrade FAQ and came across this variable
> ${RELEASEPATH}
> What does this mean?
It's well commented in the faq:
export RELEASEPATH=/usr/rel # where you put the files
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
Re: can't change password with passwd comand
On Nov 21, 2007 10:48 AM, Kafriki <[EMAIL PROTECTED]> wrote: > ok here is a user with full details: (this is in plain text, hope it's more > readable) > > cat.cat:$2a$07$aYgatzjxAULHQmmZkjmvteGEaO8Ie8geMoUfhl7AAzKi.WeRhuoA6:10006:20::0:0:Pussy > Cat:/smbhome/student_homedirs/cat.cat:/bin/ksh Don't paste "a user" but line 24's user -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: removing a list of users
On Nov 15, 2007 7:06 PM, Piet Slaghekke <[EMAIL PROTECTED]> wrote: > while: Expression Syntax. are you using ksh shell? if not: # ksh # while read uid; do userdel $uid; done < userlist.txt -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Max clients of OpenSSH
2007/10/16, Bibby <[EMAIL PROTECTED]>: > Where/How can i set the max client number of OpenSSH? I don't know, but you can do it using pf. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: SSH brute force attacks no longer being caught by PF rule
2007/7/2, Steve B <[EMAIL PROTECTED]>: > I'm the one who started this thread. If I can block them for an hour without > a table that would be even better.. I was using the file to store the IP's > as they were identified by the rule and had been planning to use the > expiretable package to start clearing the table via Cron. Currently I just > do it manually about once a week or so. I've read the man page for > pf.confbut did not see how I could block them for a set period of > time. Could > someone elaborate on how this is done? expiretable: http://expiretable.fnord.se/ -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: can not install binaries with pkg_add
2007/7/2, Alden Pierre <[EMAIL PROTECTED]>: >> > You probably didn't export PKG_PATH into your environment: Here is all of my exported variables from my .profile. env | grep PKG_PATH comes back with the ftp site I have set in my .profile. PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/ export EDITOR FCEDIT MAIL PATH TERM PKG_PATH is that root's .profile? how do you login as root? using su? or su -? if that's your normal user profile you can use 'sudo pkg_add -i screen' if it's root's profile use sudo -i -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Dell 1950 under OpenBSD
2007/4/2, carlopmart <[EMAIL PROTECTED]>: Somebody have test it this Dell server under OpenBSD 4.0? this server use SAS or SATA disk with PERC 5/i controller, are they supported under OpenBSD 4.0? yes. supported with mfi(4) driver, manageable by bioctl(8) utility -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
squid and OBSD 4
Hi, i have a openbsd 4 box with squid-transparent. it seems like it have poors performance. investigating with `top' i saw squid using only 90M of ram, why? How can i use better my box resource? (Xeon CPU with 4GB of ram) top: PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 27010 _squid 20 87M 90M sleeppoll 9:01 0.05% squid -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Problem routing 10.x.x.x networks through a firewall
2007/1/30, John Brahy <[EMAIL PROTECTED]>: I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Does your(s) router(s) know the route to reach 10.1.1.0/24 ? On your router(s) you must have something like route add -net 10.1.1.0/24 10.1.3.2 -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Max memory in OpenBSD (4.0)
2006/12/23, Clint Pachl <[EMAIL PROTECTED]>: > i tried with 4.0 i386 and amd64 and it seems i have no luck to see all > my memory (4G). From http://www.openbsd.org/plus40.html "Implemented separate pmap for PAE i386 machines, allows for support for machines with more than 4G RAM. Not enabled by default." Hi Clint, now i'm using amd64. i usually use freebsd, with have pae option for i386 and no limit for amd64, so i hoped was the same for openbsd. following my dmesg. thank in advance. OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3488907264 (3407136K) avail mem = 2990874624 (2920776K) using 22937 buffers containing 349097984 bytes (340916K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries) bios0: Dell Inc. PowerEdge 1950 ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) (DELL PE 01B3 ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.48 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type PCI mpbios: bus 8 is type PCI mpbios: bus 9 is type PCI mpbios: bus 10 is type PCI mpbios: bus 11 is type PCI mpbios: bus 12 is type PCI mpbios: bus 13 is type PCI mpbios: bus 14 is type PCI mpbios: bus 15 is type PCI mpbios: bus 16 is type PCI mpbios: bus 17 is type PCI mpbios: bus 18 is type PCI mpbios: bus 19 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 ioapic1 at mainbus0 apid 3 pa 0xfec8, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 3 ioapic2 at mainbus0 apid 4 pa 0xfec81000, version 20, 24 pins ioapic2: misconfigured as apic 0, remapped to apid 4 ioapic3 at mainbus0 apid 5 pa 0xfec82000, version 20, 24 pins ioapic3: misconfigured as apic 0, remapped to apid 5 pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x12 ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x12 pci1 at ppb0 bus 6 ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01 pci2 at ppb1 bus 7 ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01 pci3 at ppb2 bus 8 ppb3 at pci3 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc2 pci4 at ppb3 bus 9 bnx0 at pci4 dev 0 function 0 "Broadcom BCM5708" rev 0x11: apic 2 int 16 (irq 5), address 00:15:c5:e9:08:bc brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 5 ppb4 at pci2 dev 1 function 0 "Intel 6321ESB PCIE" rev 0x01 pci5 at ppb4 bus 10 ppb5 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01 pci6 at ppb5 bus 11 ppb6 at pci6 dev 1 function 0 "Intel S21154AE/BE PCI-PCI" rev 0x00 pci7 at ppb6 bus 12 fxp0 at pci7 dev 4 function 0 "Intel 8255x" rev 0x0d, i82550: apic 3 int 0 (irq 5), address 00:02:b3:d9:96:9a inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci7 dev 5 function 0 "Intel 8255x" rev 0x0d, i82550: apic 3 int 1 (irq 11), address 00:02:b3:d9:96:9b inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 ppb7 at pci0 dev 3 function 0 "Intel 5000 PCIE" rev 0x12 pci8 at ppb7 bus 1 ppb8 at pci8 dev 0 function 0 "Intel IOP333 PCIE-PCIX" rev 0x00 pci9 at ppb8 bus 2 mfi0 at pci9 dev 14 function 0 "Dell PERC 5" rev 0x00: apic 4 int 14 (irq 6) mfi0: logical drives 1, version 5.0.1-0030, 256MB RAM scsibus0 at mfi0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 69376MB, 69376 cyl, 64 head, 32 sec, 512 bytes/sec, 142082048 sec total ppb9 at pci8 dev 0 function 2 "Intel IOP333 PCIE-PCIX" rev 0x00 pci10 at ppb9 bus 3 ppb10 at pci0 dev 4 function 0 "Intel 5000 PCIE" rev 0x12 pci11 at ppb10 bus 13 ppb11 at pci11 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci12 at ppb11 bus 14 ppb12 at pci0 dev 5 function 0 "Intel 5000 PCIE" rev 0x12 pci13 at ppb12 bus 15 ppb13 at pci0 dev 6 function 0 "Intel 5000 PCIE" rev 0x12 pci14 at ppb13 bus 16 ppb14 at pci0 dev 7 function 0 "Intel 5000 PCIE" rev 0x12 pci15 at ppb14 bus 17 pchb1 at pci0 dev 16 function 0 "Intel 5000 Error Reporting" rev 0x12 pchb2 at pci0 dev 16 function 1 "Intel 5000 Error Reporting" rev 0x12 pchb3 at pci0 dev 16 function 2 "Intel 5000 Error Reporting" rev 0x12 pchb4 at pci0 dev 17 function 0 "Intel 5000 Reserved" rev 0x12 pchb5 at pci0 dev 19 function 0 "Intel 5000 Rese
Max memory in OpenBSD (4.0)
Hi all, i can't find any reference about max memory in openbsd, only some questions about it (from me and others). i tried with 4.0 i386 and amd64 and it seems i have no luck to see all my memory (4G). i also tried the patch who someone post the link but it doesn't work. so, just two question: 1) how much memory can i use with openbsd? 2) is there any patch to see all? thanks -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: How can I view rule numbers under OpenBSD 4.0?
2006/12/19, C. L. Martinez <[EMAIL PROTECTED]>: > pfctl -vvsr > verbose, verbose, show, rules. Refer to pfctl(8). saruman:~# pfctl -wsr NOT wsr but vvsr (v v s r) Refer to pfctl(8). -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
4.0 and 4GB ram?
Hi, i have a system (dell 1950) with 4GB ram. OpenBSD (amd64) only detects: real mem = 3488907264 (3407136K) avail mem = 2990874624 (2920776K) bios detects all 4 GB's. kernel is GENERIC.MP. Is it possible to use all available memory? tnx in advance, Cris. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Why Sendmail?
2006/11/23, Conrad Winchester <[EMAIL PROTECTED]>: I do have one question though and I apologize if people always ask this: At the end of the install I asked whether I want to run sshd and ntpd by default - very nice BUT why am I not given the option to turn off Sendmail at this point? I NEVER use sendmail and for an OS that prides itself on being as minimal as possible I would have thought giving you the option to not run sendmail would also be there right from the start. Any system needs a MTA running, at least to manage email from nightly/weekly/monthly check. So, default MUST be "mta running" (you can choose to stop it). Why sendmail? Why not? p.s. i usually use another MTA -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
[4.0] if_bnx.c Firmware synchronization timeout
Hi, i have a system (Dell 1950) with 4.0 release. At boot time (during starting network) i randomly (maybe once every 3 boot) i got: bnx1: /usr/src/sys/dev/pci/if_bnx.c(2271): Firmware synchronization timeout! msg_data = 0x01030007 kernel: type 1061382 trap, code=6871 and system stop. In attach my dmesg. Any hint? tnx in advance. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.boot]
4.0 Packages. bad URL
From http://www.openbsd.org/faq/faq15.html#PkgFind following URLs: In the package lists on the OpenBSD website: http://www.openbsd.org/4.0_packages/";>Packages for OpenBSD 4.0 but: http://www.openbsd.org/4.0_packages/ Not Found The requested URL /4.0_packages/ was not found on this server. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: nagios plugin: isakmpd
2006/8/15, Jacob Yocom-Piatt <[EMAIL PROTECTED]>: does anyone on list have a nagios plugin that will check the status of isakmpd on an openbsd machine? Hi, I used ike-scan (http://www.nta-monitor.com/tools/ike-scan/) to check if a vpn is up. Then a shell script exiting with 0,1 or 2 status if vpn is ok, unknow status or down. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: protocole defination in ALTQ ?
2006/7/25, S t i n g r a y <[EMAIL PROTECTED]>: now my question how does pf inderstand what smtp or www protocole is ? less /etc/services how can i include custom protocoles ? like yahoo messenger, 5001 or msn messenger 1863 ? using 5001 and 1863 -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Doubts about OpenBSD security.
2006/6/21, Joco Salvatti <[EMAIL PROTECTED]>: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. http://www.darkwing.com/idled/ So the attacker could enter in single user mode, without the need for the root password, /etc/ttys: - console "/usr/libexec/getty Pc" vt220 off secure + console "/usr/libexec/getty Pc" vt220 off insecure I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. create a new user "admin", with same uid/gid of root. change root shell to /sbin/nologin "root" will login only from single user with a password in normal administration you can `su - admin' with a different password from root. and, about load kernel modules: securelevel(7) -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: some commands running very slow in 3.9 ?
2006/5/12, S t i n g r a y <[EMAIL PROTECTED]>: how can i find whats wrong ? check your dns configuration and try: UseDNS=no in your sshd_config arp -na if it's fast means your dns have some problems -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: 3.9, su command: bug or feature?
2006/5/2, Otto Moerbeek <[EMAIL PROTECTED]>: See su(1): It is not sufficient to change a user's /etc/passwd entry to add them to the ``wheel'' group; they must explicitly be listed in /etc/group. Yes, i have seen. The 'strange' thing, IMHO is: # grep ^%wheel /etc/sudoers %wheel ALL=(ALL) NOPASSWD: ALL `sudo' works correctly(?). btw, it was just curiosity, i usually use FreeBSD, where i don't need to be listed in /etc/group to use `su'. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: 3.9, su command: bug or feature?
2006/5/2, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > $ id cris > uid=1000(cris) gid=0(wheel) groups=0(wheel) Probably would have essentially identical behavior on any BSD/Linux. No, in FreeBSD if your group is '0' then you (obviously) are in the 'wheel' group -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
3.9, su command: bug or feature?
Hi, i'm new on OpenBSD. I just installed 3.9 (one week ago sources) and i got this: $ uname -rs OpenBSD 3.9 $ su Password: you are not in group wheel Sorry $ whoami cris $ id cris uid=1000(cris) gid=0(wheel) groups=0(wheel) $ grep cris /etc/passwd cris:*:1000:0:Cristiano Deana:/home/cris:/bin/ksh $ grep wheel /etc/group wheel:*:0:root Notes: * 'sudo' correctly found me in 'wheel' group * if i add 'cris' in /etc/group at wheel's line it works * adding 'cris' user i have choosen 'wheel' group, not a different group and then added to wheel Thanks in advance for explanations. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
