how to log rdr rules in PF?
Hi all, How can I log rdr rules in PF? I've seen my question appear in the archieves, but I haven't seen an anwser. These are my rules: rdr pass inet proto tcp from to any \ port smtp -> 127.0.0.1 port 8025 rdr pass inet proto tcp from ! to any \ port smtp -> 127.0.0.1 port 8025 when I use "rdr pass log inet..." pfctl -nf pf.conf gives a syntax error: pf.conf:35: syntax error Anyone? Regards, Jasper
Re: how to log rdr rules in PF?
Huzeyfe Onal schreef:
Hi,
which OpenBSD version do you use?
man pf.conf says;
rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
[ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ] [ "tagged" string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] ]
Hi Huzeyfe,
Thanks for your reply. Im using OpenBSD 3.6
my man pf.conf says:
rdr-rule = [ "no" ] "rdr" [ "pass" ] [ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] ]
I guess this anwsers my question. Allthough logging would have helped me
today, I don't consider it worthy of upgrading. My servers are 400km away...
Regards,
Jasper
Re: how to log rdr rules in PF?
Theo de Raadt schreef: Regarding running 3.6: I guess this anwsers my question. Allthough logging would have helped me today, I don't consider it worthy of upgrading. My servers are 400km away... If I publically gave all of you 10 reasons why you should not run code that old, would you upgrade? Maybe...
upgrade halted
After nummerous advices on the list that I should upgrade, I decided to try remote upgrading. At the folowing step: Reboot on the new kernel: This might be a tempting step to skip, but it should be done now, as usually, the new kernel will run old userland apps (such as the soon to be important reboot!), but often a new userland will NOT work on the old kernel. something went wrong. I issued a reboot. And when the system came back up, SSH didn't recognize any of my passwords. All the services seem to be running though. I even have unchrooted access through FTP. I'm in wheel group but have no access as root with FTP. Already checked ftpusers, but root is hashed (yes, I know this is wrong). Either I forgot the password, or something has changed. Any hints? Did I do something wrong? Is there a fix? Or do I have to travel 400 km? Regards, Jasper
Re: upgrade halted
Oliver Peter schreef: On Wed, Apr 19, 2006 at 04:22:06PM +0200, Jasper Bal wrote: After nummerous advices on the list that I should upgrade, I decided to try remote upgrading. AFAIK you're running an 3.6 system, right? Did you directly go from 3.6 to 3.9? 3.6 to 3.7 root isn't able to login via ftp. Generic. I changed that. Any hints? Did I do something wrong? Is there a fix? Or do I have to travel 400 km? Have you got a chance to connect via a serial terminal? No. Please give us further informations how you did the update. old version, new version, source update, generic kernel etc I was running 3.6 stable. I removed my packages. I removed the g++ compiler. I downloaded the install files for 3.7. I replaced bsd and bsd.rd. I installed new firmware. Then I issued a reboot. The rest is history. MvG Jasper
Re: upgrade halted
Nick Holland schreef: and then log in (or have them disable PF or ...). You can also look at /var/log/authlog for clues as to why you can't log in as you wish now. Nick. Thanks Nick. Look what I found in authlog: Apr 19 16:09:17 Speculum sshd[15678]: User jabal not allowed because shell /usr/local/bin/tcsh does not exist This is probably stupid, but I removed the tcsh pkg. I did think about possible difficulties logging in without, but i didn't think long enough. All my users use tcsh. Root uses csh. If I could only remember the password... Jasper
Re: upgrade halted
Stuart Henderson schreef: On 2006/04/19 16:22, Jasper Bal wrote: something went wrong. I issued a reboot. And when the system came back up, SSH didn't recognize any of my passwords. All the services seem to be running though. I even have unchrooted access through FTP. I'm in wheel group but have no access as root with FTP. Can you upload a ~/.ssh/authorized_keys for some user in wheel? Yes I can. Will connecting trough RSA/DSA not give the same problem with tcsh? See my response to Nick Holland. Jasper
sendmail causing high load
Hi all, My isp blocks traffic on port 25. So i decided to experiment on adding a listening port for sendmail. I added port 53, because this is never blocked. I added the following line in sendmail.cf: OOPort=53. I killed -1 sendmail. And then all my connections timed out. Ping gives a 80% loss. Are there that many wild dns requests? The box doesn't run his own dns-server, nor is it registered as one. I'm running OpenBSD 3.7 on this one. Any thoughts? Kind regards, Jasper
Re: sendmail causing high load
Jasper Bal schreef: Hi all, My isp blocks traffic on port 25. So i decided to experiment on adding a listening port for sendmail. I added port 53, because this is never blocked. I added the following line in sendmail.cf: OOPort=53. I killed -1 sendmail. And then all my connections timed out. Ping gives a 80% loss. Are there that many wild dns requests? The box doesn't run his own dns-server, nor is it registered as one. I'm running OpenBSD 3.7 on this one. Any thoughts? After my colocator fixed the switch, I was able to watch statistics on data traffic. There was minimal traffic, so no DOS attack ;-) Requested a reboot and everything was fine again. Port 53 didn't work properly so i used 26 instead. Now it works fine. Probably a dangling bit somewhere. Kind regards, Jasper
webmail
Anyone using webmail on OpenBSD? What's good, what's not? Jasper
dhcpd seems not to bind to interface
Hi all, I have dhcpd running on interface xl0: $>ps aux | grep dhcpd _dhcp 6850 0.0 0.2 632 1020 ?? Is 3:24PM0:00.01 dhcpd xl0 xl0 is 1 of three interfaces on a gateway with ip forwarding enabled. 1 interface services an internet line. 1 interface (dc0) services network 192.168.2/24. xl0 services network 192.168.1/24. My problem is that most of the time DHCP requests from network 2 are answered by the gateway (thales) with a network 1 address. I made a tcpdump of a typical DHCP process for the MAC adress involved (00:19:66:75:68:bf). Now in this case you see both thales and device 192.168.2.254 (some fritzbox) making DHCP offers. Eventually you see the request setteling for address 192.168.2.6, which is desired but circumstantial. In my opinion thales should not have made it's offer (192.168.1.90) since the requesting device (xccube) is on a different network and therefor other device. $>sudo tcpdump -i xl0 -vvv -s 1500 '((port 67 or port 68) and (udp[38:4] = 0x19667568bf))' tcpdump: listening on xl0, link-type EN10MB 16:21:53.149948 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x9cf53d1c vend-rfc1048 DHCP:DISCOVER T116:1 CID:1.0.25.102.117.104.191 RQ:192.168.1.15 HN:"xccube" VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO VO:220.0 (ttl 64, id 33544, len 328) 16:21:53.150850 192.168.2.254.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0x9cf53d1c Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:OFFER SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 14904,len 328) 16:21:53.151374 thales.mercatortrading.nl.bootps > 192.168.1.90.bootpc: [udp sum ok] xid:0x9cf53d1c Y:192.168.1.90 S:thales.mercatortrading.nl vend-rfc1048 DHCP:OFFER SID:thales.mercatortrading.nl LT:43200 SM:255.255.255.0 DN:"thales.mercatortrading.nl" DG:thales.mercatortrading.nl NS:google-public-dns-a.google.com,google-public-dns-b.google.com RN:21600 RB:37800 [tos 0x10] (ttl 16, id 0, len 345) 16:21:56.145577 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x9cf53d1c vend-rfc1048 DHCP:REQUEST CID:1.0.25.102.117.104.191 RQ:192.168.2.6 SID:192.168.2.254 HN:"xccube" T81:0,120,25443,30050,25902 VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO VO:220.1.0 (ttl 64, id 33593, len 341) 16:21:56.146466 thales.mercatortrading.nl.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0x9cf53d1c flags:0x8000 S:thales.mercatortrading.nl ether 00:19:66:75:68:bf vend-rfc1048 DHCP:NACK MSG:"requested address not available" [tos 0x10] (ttl 16, id 0, len 328) 16:21:56.146758 192.168.2.254.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0x9cf53d1c Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:ACK SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 14950, len 328) 16:22:00.145563 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x9cf53d1c vend-rfc1048 DHCP:REQUEST CID:1.0.25.102.117.104.191 RQ:192.168.2.6 SID:192.168.2.254 HN:"xccube" T81:0,120,25443,30050,25902 VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO VO:220.1.0 (ttl 64, id 33602, len 341) 16:22:00.146482 192.168.2.254.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0x9cf53d1c Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:ACK SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 15009, len 328) 16:22:00.146535 thales.mercatortrading.nl.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0x9cf53d1c flags:0x8000 S:thales.mercatortrading.nl ether 00:19:66:75:68:bf vend-rfc1048 DHCP:NACK MSG:"requested address not available" [tos 0x10] (ttl 16, id 0, len 328) 16:22:06.474639 192.168.2.254.bootps > 255.255.255.255.bootpc: [udp sum ok] xid:0xfb3941a6 C:192.168.2.6 Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:ACK SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 15021, len 328) 16:22:06.497490 192.168.2.6.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x3bb5802a C:192.168.2.6 vend-rfc1048 DHCP:INFORM CID:1.0.25.102.117.104.191 HN:"xccube" VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO+252 VO:220.1.0 (ttl 64, id 33628, len 328) 16:22:09.489187 192.168.2.6.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x3bb5802a secs:768 C:192.168.2.6 vend-rfc1048 DHCP:INFORM CID:1.0.25.102.117.104.191 HN:"xccube" VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO+252 VO:220.1.0 (ttl 64, id 33677, len 328) An arp lookup for ip 192.168.2.6 shows xccube indeed is on device dc0 and not xl0 $>arp 192.168.2.6 ? (192.168.2.6) at 00:19:66:75:68:bf on dc0 The tcpdump was taken on interface xl0 (i.e. -i xl0). So it seems something is forwarding the traffic to the xl0 interface. I guess that is actually what ip forwarding means. Does anyone have any tho
Re: dhcpd seems not to bind to interface
Op 12/5/2012 7:50 PM, Martin Pelikan schreef: Did you make sure you don't have any bridge accidentally between those two subnets (two cards going into the same switch or VLAN). Especially in buildings with complex wiring this mistake can easily happen. Local broadcast (255.255.255.255) packets are never forwarded to different interfaces (if not in a bridge). Hi Martin, Facepalm... Thank you for your reply. Turns out interfaces dc0, xl0 and both subnets all came together on the same switch. The memories are starting to come back now. It was a long time ago in a galaxy far, far away. I was tired of mixing up the interfaces. Shoved everything in the switch. Made a mental note I should setup a VLAN for this. Forgot this within the hour. Anyway, the tcpdump on xl0 is now quit. This is a tcpdump on the dc0 interface with the -n and -e options you suggested: $>sudo tcpdump -n -e -i dc0 -vvv -s 1500 '((port 67 or port 68) and (udp[38:4] = 0x19667568bf))' tcpdump: listening on dc0, link-type EN10MB 22:38:08.282731 00:19:66:75:68:bf ff:ff:ff:ff:ff:ff 0800 343: 192.168.2.6.68 > 255.255.255.255.67: [udp sum ok] xid:0x2b6e0b3f C:192.168.2.6 vend-rfc1048 DHCP:REQUEST CID:1.0.25.102.117.104.191 HN:"xccube" T81:0,120,25443,30050,25902 VC:77.83.70.84.32.53.46.48 PR:SM+DN+DG+NS+WNS+WNT+WSC+RD+SR+249+VO VO:220.1.0 (ttl 64, id 41874, len 329) 22:38:08.283711 7c:4f:b5:93:47:b8 ff:ff:ff:ff:ff:ff 0800 342: 192.168.2.254.67 > 255.255.255.255.68: [udp sum ok] xid:0x2b6e0b3f C:192.168.2.6 Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:ACK SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 6765, len 328) 22:38:10.822393 7c:4f:b5:93:47:b8 ff:ff:ff:ff:ff:ff 0800 342: 192.168.2.254.67 > 255.255.255.255.68: [udp sum ok] xid:0xca7dd1a6 C:192.168.2.6 Y:192.168.2.6 S:192.168.2.254 ether 00:19:66:75:68:bf vend-rfc1048 DHCP:ACK SID:192.168.2.254 LT:4294967295 SM:255.255.255.0 DG:192.168.2.254 NS:192.168.2.254 (ttl 64, id 6766, len 328) Thanks again! Cheers, Jasper
problems with pear DB.php
Hi all, Installed a clean OBSD 4.4 stable. Installed php5, pear and pear-DB. All from packages. I then made a test script to see if httpd, php and mysql are running correctly. When i add require'DB.php'; the script won't work trough apache. When i put it through php directly i get no errors or warnings. When i comment //require'DB.php'; it works fine. Tried starting apache like httpd -u in rc.conf, but this makes no difference. Besides, pear is stored in /var/www/pear. Serverroot is /var/www. So chroot should not be a problem anyway. Any ideas anyone? Regards, Jasper
boot halts halfway after fresh install, bsd.rd boots fine...
As I was able to pull the dmesg with a serial console and found a floppy
after turning upside down the entire office, I now give you, as
promised, the dmesg in question. First one is regular boot. It halts at
"agp0 at vga1:". I found an old 4x/2x AGP videocard and switched it with
the one present. Same difference. I also immediately installed a second
copy of 4.4 on the second disk. Again, same difference. bsd.rd boots
fine. dmesg included.
Any ideas? Don't know where to start.
Kind regards,
Jasper
>> OpenBSD/i386 BOOT 3.02
boot>
booting hd0a:/bsd: 6238560+1041588 [52+319712+302630]=0x7896c4
entry point at 0x200120
[ using 622768 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2008 OpenBSD. All rights reserved.
http://www.OpenBSD.org
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
cpu0: disabling processor serial number
real mem = 133722112 (127MB)
avail mem = 120881152 (115MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/14/00, BIOS32 rev. 0 @ 0xfd80c,
SMBIOS rev. 2.2 @ 0xf0940 (54 entries)
bios0: vendor Phoenix Technologies LTD version "4.06.25 PN" date 01/14/2000
bios0: Hewlett Packard HP NetServer
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC BOOT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8000 0xc8000/0x5800 0xcd800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 GZ" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1:
>> OpenBSD/i386 BOOT 3.02
boot>
boot> AT S7=45 S0=0 L
boot> boot hd0a:/bsd.rd
booting hd0a:/bsd.rd: 5155412+901212 [52+196192+181801]=0x6230e4
entry point at 0x200120
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2008 OpenBSD. All rights reserved.
http://www.OpenBSD.org
OpenBSD 4.4 (RAMDISK_CD) #857: Tue Aug 12 17:31:49 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
cpu0: disabling processor serial number
real mem = 133722112 (127MB)
avail mem = 122728448 (117MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/14/00, BIOS32 rev. 0 @ 0xfd80c,
SMBIOS rev. 2.2 @ 0xf0940 (54 entries)
bios0: vendor Phoenix Technologies LTD version "4.06.25 PN" date 01/14/2000
bios0: Hewlett Packard HP NetServer
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC BOOT
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
bios0: ROM list: 0xc/0x8000 0xc8000/0x5800 0xcd800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 GZ" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 4 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom
removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
wd0 at pciide0 channel 1 drive 0:
wd0: 16-sector PIO, LBA, 114473MB, 234441648 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 "Intel 82371AB USB" rev 0x01: irq 11
"Intel 82371AB Power" rev 0x02 at pci0 dev 4 function 3 not configured
ahc0 at pci0 dev 5 function 0 "Adaptec AIC-7895" rev 0x04: irq 10
ahc0: Host Adapter Bios disabled. Using default SCSI device parameters
scsibus1 at ahc0: 16 targets, initiator 7
sd0 at scsibus1 targ 0 lun 0: SCSI2
0/direct fixed
sd0: 8678MB, 11474 cyl, 5 head, 309 sec, 512 bytes/sec, 17773524 sec total
ahc1 at pci0 dev 5 function 1 "Adaptec AIC-7895" rev 0x04: irq 10
ahc1: Host Adapter Bios disabled. Using default SCSI device parameters
scsibus2 at ahc1: 16 targets, initiator 7
fxp0 at pci0 dev 6 function 0 "Intel 8255x" rev 0x08, i82559: irq 11,
address 00:e0:18:c3:18:2b
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
Re: dmesg reporting wrong CPU
Daniel Bolgheroni schreef:
Hi,
my dmesg is reporting a wrong CPU.
OpenBSD 4.5-beta (GENERIC) #1676: Tue Feb 10 07:49:40 MST 2009
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 769
MHz
(...)
Actually it's a Celeron. Is this expected?
Actually, a Celeron is a Pentium on wich the cache didn't work all that
well after baking the chip. Intel then shut down most of the cache and
packaged it as a Celeron. So maybe its in the chip, not the driver?
Can't imagine it would give you any problems.
Jasper
Re: OpenBSD AMD64 4.4 install hangs at boot (softraid0 at root) on Intel Q9550, 8GB RAM, 1TB WD
Motherboard : Asus Intel P45 1600 FSB 4x DDR2 Core 2 Duo ATX P5Q-E RAM : OCZ TechnologyDDR2 PC2-6400 800MHz 8GB Quad Kit (OCZ2G8008GQ) Hard Drive : 1TB WD1001FALS SATA 7200RPM 32MB HDD Bare drive CPU : INTEL Core 2 Quad Q9550 BX80569Q95502.83ghz Maybe you could try the i386 distribution? http://www.openbsd.org/amd64.html MvG, Jasper
Re: boot halts halfway after fresh install, bsd.rd boots fine...
To finish what i started and for the record.
Owain Ainsworth wrote:
>boot -c
>disable agp
>
>Alternatively, could you try and boot -current on that machine? Quite
>some things have changed in that area.
Installed -current from snapshot. The problem remains, but has a new
name: intelagp
boot -c works fine. Tested 3 different video cards. They all worked.
Wich makes me beleave the problem is in the agp bus driver. The machine
is a HP E60 netserver from 1999. Made the disable permanent with
config(8). Because it's just an old rusty junkbox for testing I don't
really mind the agp problem. In case a developer is interested, i've
included some dmesges:
>> OpenBSD/i386 BOOT 3.02
boot> boot
booting hd0a:/bsd: 6019356+1059784 [52+335888+318217]=0x7601a8
entry point at 0x200120
[ using 654532 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved.
http://www.OpenBSD.org
OpenBSD 4.5-beta (GENERIC) #1685: Sun Feb 15 21:05:40 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem = 133722112 (127MB)
avail mem = 121044992 (115MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/14/00, BIOS32 rev. 0 @ 0xfd80c,
SMBIOS rev. 2.2 @ 0xf0940 (54 entries)
bios0: vendor Phoenix Technologies LTD version "4.06.25 PN" date 01/14/2000
bios0: Hewlett Packard HP NetServer
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC BOOT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: disabling processor serial number
cpu0: apic clock running at 100MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8000 0xc8000/0x5800 0xcd800/0x800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
intelagp0 at pchb0
>> OpenBSD/i386 BOOT 3.02
boot> boot
booting hd0a:bsd.rd: 5184724+918896 [52+204416+189284]=0x6325d0
entry point at 0x200120
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved.
http://www.OpenBSD.org
OpenBSD 4.5-beta (RAMDISK_CD) #1083: Sun Feb 15 21:21:00 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem = 133722112 (127MB)
avail mem = 122679296 (116MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/14/00, BIOS32 rev. 0 @ 0xfd80c,
SMBIOS rev. 2.2 @ 0xf0940 (54 entries)
bios0: vendor Phoenix Technologies LTD version "4.06.25 PN" date 01/14/2000
bios0: Hewlett Packard HP NetServer
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC BOOT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: disabling processor serial number
cpu0: apic clock running at 100MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
bios0: ROM list: 0xc/0x8000 0xc8000/0x5800 0xcd800/0x800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 4 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom
removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
wd0 at pciide0 channel 1 drive 0:
wd0: 16-sector PIO, LBA, 114473MB, 234441648 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 "Intel 82371AB USB" rev 0x01: apic 0 int
19 (irq 11)
"Intel 82371AB Power" rev 0x02 at pci0 dev 4 function 3 not configured
ahc0 at pci0 dev 5 function 0 "Adaptec AIC-7895" rev 0x04: apic 0 int 18
(irq 10)
ahc0: Host Adapter Bios disabled. Using default SCSI device parameters
scsibus1 at ahc0: 16 targets, initiator 7
sd0 at scsibus1 targ 0 lun 0: SCSI2
0/direct fixed
sd0: 8678MB, 512 bytes/sec, 17773524 sec total
ahc1 at pci0 dev 5 function 1 "Adaptec AIC-7895" rev 0x04: apic 0 int 18
(irq 10)
ahc1: Host Adapter
Re: Security issue, damn I've been hacked
Who said the french have no sense of humor? Thank you Jean-Francois for a healthy laugh in the morning! JB Jean-Francois schreef: Hi All, It looks like my server running since few days has already been hacked. It looks like a new user called 'daemon' ID 1 and a new group daemon. User's full name 'The devil itself' First time I find out evidence of hack on my server, however it's only one month running !! It looks like ntpd was the entry daemon connected to other than ntp site but I'm not sure. I am not sure at all about this, maybe one has changed the daemon. After I checked the adresses that this daemon connected to, they were very strange as webservers content (blogs, default page 'It works' and so one ... I guess ntp servers shall not act like this). Please find enclosed the ntpd server md5 print, one could check if /usr/sbin/ntpd (OpenBSD 4.4) has the same print ? md5 print of ntpd daemon (/usr/sbin) on my OpenBSD 4.4 : a0c8961d5818b438ecbfd6c40be47a5f Thanks for your kind help. __ NOD32 3875 (20090220) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
