Re: chrooted sftponly - how ?
On Mon, Sep 18, 2006 at 03:23:37PM +0200, Bambero wrote: Hello Is there any good way to setup chrooted sftp-server without shell access ? I tried scponly but it's not secure enough (I heard), there is no port for openbsd, and I had problems to set it up. Second way is rssh, but compilation fails becouse of worexp. Now I'm using ftpd but I want to change it becouse of text/plain passwords. Any suggestions ? use stsh[1]; if you want to simplify rulesets, you can just change the code to inherit policy(-i). All my users have chrooted shell/sftp accounts - no problems so far :) - Lukasz Sztachanski [1] http://monkey.org/~dugsong/openbsd/stsh-1.1.tar.gz -- 0x01A3E654 // 7832 E59C B733 9E6F CB54 6327 DFC1 161E 01A3 E654 *new keys* http://entropy.pl http://entropy.pl/?blog
Re: Opinion of MySQL 5.xx on OpenBSD 3.9...
On Thu, Sep 07, 2006 at 01:57:19PM +0200, Edgars wrote: Same here, a lot of problems since 3.7. :( Because of that, two client servers was migrated to freebsd :/ -Original message- From: Toni Mueller [EMAIL PROTECTED] Date: Thu, 7 Sep 2006 13:09:09 +0300 To: misc@openbsd.org Subject: Re: Opinion of MySQL 5.xx on OpenBSD 3.9... Hello, On Thu, 22.06.2006 at 12:49:22 +0200, Henning Brauer [EMAIL PROTECTED] wrote: I haven't seen stability problems with mysql on OpenBSD in a long time. not even on sparc64. then you are very lucky, imho. then you're both doing smth wrong: mysql Ver 12.22 Distrib 4.0.27, for unknown-openbsd3.8 (i386) Uptime: 94 days 17 hours 17 min 50 sec ~26 databases( mostly evil bulletin boards). - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl http://entropy.pl/?blog
Re: Question regarding mailserver setup
On Tue, Sep 05, 2006 at 12:58:31PM +0200, Jonas Thambert wrote: Hi, Im using postfix,amavisd,clamav,spamassassin on a OpenBSD 3.9 server. The setup works great. The problem I have is that I would like to use Razor or Pyzor. I tried and installed razor but it doesnt seem to work very well. On another Linux server I have Pyzor and it catches almost all spam I get. What is the best anti-spam solution to use for OpenBSD? as for me, greylisting seems to the most efficient( spamd or postgrey); i also use razor and dcc, but they aren't noticeably effective. Maybe this [1] will give you some hints( it covers DCC setup). - Lukasz Sztachanski [1] http://flakshack.com/anti-spam/wiki/index.php -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl http://entropy.pl/?blog
Re: Alternative superuser aside from root
On Tue, Aug 08, 2006 at 03:54:45PM +0800, Tito Mari Francis Esca?o wrote: Is it possible to replace root with another username as superuser? This could make the system very secure because when it comes to BSD/Unix/Linux, the root is the most coveted user account. That is, hackers would all be barking the wrong tree if the real superuser is actually another username. I installed and use OpenBSD 3.9 as Internet gateway in our company, installed it via floppy disk. If it's possible, can you pls give me pointers how to do it? Thank you very much! yes, it is, but it's pointless. Name doesn't matter too much, unlike uid. In case of, i.e. sshd you can use PermitRootLogin directive. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl http://entropy.pl/?blog
Re: install pfstat
On Sat, Apr 29, 2006 at 04:29:12PM +0700, riwanlky wrote: hi, I am trying to install pfstat in my OpenBSD 3.8 box, I am new in Unix-like OS, I need to know how to compile the pfstat. Many thanks in advance. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/`uname -m`/pfstat-1.7.tgz check out FAQ to avoid such questions. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: OpenSSH Server
On Thu, Apr 27, 2006 at 02:56:30AM -0600, David B. wrote: 3.8 on sparc64. How do I determine if OpenSSH is installed on my box? (command line only, no X11), find /usr/{bin,sbin} -name ssh\* ? and whether it's a server versus a client? I'm getting to the stage where I need to be able to log into my server remotely. openssh is in baseXX.tgz. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: mount floppy drive
On Mon, Apr 17, 2006 at 06:24:28AM -0600, David B. wrote: hi, hate to bother on such a silly problem, but when I try to mount_msdos /dev/fd0c I get a 'device not configured' error. (...) Any other ideas? `dmesg|grep ^fd' and `fdisk' floppy drive, maybe. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: network/mask in AllowUsers (sshd_config)
On Fri, Apr 14, 2006 at 12:24:33PM +0200, Dick Visser wrote: Hi guys Is there any way of configuring networks in sshd_config's AllowUsers? You can put in user, [EMAIL PROTECTED], but no [EMAIL PROTECTED]/mask. Having networks in AllowUsers would be extremely usefull. Best regards, this can be done with hosts_access(5). Afair, user@ restricting needs identd on client side( well, that's quite obvious). - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: ulimit, maxproc/openfiles limits
On Thu, Apr 06, 2006 at 12:00:28AM +0200, Jonathan Glaschke wrote: (...) prevent one user of the login class default to stop my hole system. Would it be nice to change this per default to achieve the ideal of being secure by default? Has such a high kern.maxfiles disadvantages? Did i miss something? (...) Well, it's not a security hole, it's a default behaviour ;) You could also complain, that we don't have disk quota per default and users can DoS(tm) system. Nevertheles, i've run into this problem on one of my servers - on others, those settings are sufficient. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: Bluetooth in OpenBSD
On Wed, Apr 05, 2006 at 10:36:52AM +0100, [EMAIL PROTECTED] wrote: root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 ugen0 at uhub1 port 1 ugen0: Broadcom Belkin Bluetooth Device, rev 1.10/0.01 , addr2 syncing disks... ugen(4) is a generic usb driver, for devices which doesn't have any special driver. Actually, you can't do much with it - e.g. my digital camera is recognized as ugen0, and i can use it only with `driver independent' libgphoto( which uses own protocols and drivers to access digicam trough generic usb driver). - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl
Re: problem compiling PHP5
On Thu, Mar 16, 2006 at 04:37:15PM -0900, Damien Hull wrote: Here's what I've got 1. OpenBSD 3.8 2. Apache 2 3. MySQL 5 (Static Libraries) 4. PHP5 PROBLEM 1. Configured PHP with apxs2 and --with-mysql=/usr/local/mysql 2. make works fine. No error message. 3. make install can't find libphp5.so 4. I configured without MySQL support and everything works. I also did a test with PHP4. Same problem. If I add mysql support it can't find libphp4.so. What's going on here and how do I fix the problem? I installed the ports tree and didn't see apache2. That's why I compiled from source. I could try installing mysql from the ports tree and then install PHP5. However, compiling from source should work. did you use --enable-cli while compiling php*? Probably, the most conveniet will be changing from --with-apxs=/usr/sbin/apxs to --with-apxs2=/path/to/apxs2 in ports/www/php5/core/Makefile. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Safety of a shutdown when no user could log in
On Thu, Jan 26, 2006 at 09:44:28AM -0300, Andris Delfino wrote: What I'm trying to ask is this: if a user turns on the computer, and can't log in, is it safe to power off the computer without using halt, there are always `logged in' users( i.e. daemon users) ;) or shutdown, (ie. pressing the power off button)? no, if you've got partitions mounted in `rw' mode. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
On Fri, Jan 27, 2006 at 01:42:13AM +1100, Shane J Pearson wrote: ~~~ OpenBSD by hahiss How is it that OpenBSD is able to be so secure by design with so few resources and yet all of Microsoft's resources cannot stem the tide of security problems that impact everyone, including those of us who do not use Microsoft programs? Nash: First, I should say that OpenBSD includes a relatively small subset of the functionality that is included in Windows. You could argue if you consider `solitaire' as `functionality', then yes ;) As far as i know, MS doesn't provide reliable software for network services, OpenBSD does. that Microsoft should follow the same model for Windows that the OpenBSD Org follows for their OS. The problem is that users really want an OS that includes support for rich media content and for hardware devices, what? MS doesn't write drivers for all devices; if there would be a bug in NVidia`s Windows driver, then NVidia would be the one, who`s blame. Moreover, Windows `built-in' drivers are usually bad and give low performance, and minimum of functionality. etc. So while OpenBSD has done a good job of hardening their kernel, they don't seem to also audit important software that are used commonly by customers, such as PHP, Perl, etc. for security vulnerabilities. At yeah, and MS should audit and be responsible for every foo.bar available for windows ;) Microsoft we're focusing on the entire software stack, from the Hardware Abstraction Layer in Windows, all the way through the memory manager, network stack, file systems, UI and shell, Internet Explorer, Internet Information Services, compilers (C/C++, .NET), Microsoft Exchange, Microsoft Office, Microsoft SQL Server and much, much more. If a software company's goal is to secure customers, you have to secure the entire stack. Simply hardening one component, regardless of how important it is, does not solve real customer problems. OpenBSD provides in base system substitutes for almost all that software. First and foremost, OpenBSD's designed for other type of users; author of that opinion surely isn't that type. Second, it is not completely accurate to say that OpenBSD is more secure. If you compare vulnerability counts just from the last 3 months, OpenBSD had 79 for November, December and January compared to 11 for Microsoft (and that includes one each for Office and Exchange - so really 9 for all versions of Windows). I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true. People always talk about numbers, but the most importat is approach. I truly belive, that it's imposible to build anything secure on foundations of MS platform. Recently i've wrote simple application using random numbers; i was disappointed, when i've had to port it to windows and linux, and i saw the results. - Lukasz Sztachanski P.S. i know, that openbsd isn't perfect, but it's the only reasonable choice. -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: SSH, sftp-server subsystem not logging to utmp ?
On Mon, Jan 23, 2006 at 11:10:16PM +0200, turha turha wrote: users are added, I'm guessing sftp-server doesn't inherit this functionality from ssh either, so is there any place to adjust the behavior ? or am I supposed to use some other tool to monitor sftp usage ? authlog shows: date host sshd[pid]: subsystem request for sftp after( obviously) succesfull login, and lastcomm(1) gives some info too. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel
On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote: /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct initializer /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for `trm_pci_ca') *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). i had same error yesterday; today, i've synced -current, and everything is all right. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: CVSync servers not syncing?
On Fri, Jan 20, 2006 at 01:31:06PM +0100, Matthias Kilian wrote: Hi, is there some problem with the main CVSync? It seems that at least some of the main CVSync servers don't sync since yesterday, about 21:00 GMT. I tried anoncvs{1,3}.usa.openbsd.org, cvsync.de.openbsd.org, cvsync.openbsd.se. as far as i see, main machine( anoncvs1.ca.openbsd.org) has locked up ;) - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Number of PTYs
On Thu, Jan 05, 2006 at 05:41:41PM +0200, Kim Onnel wrote: -bash-3.00# ls /dev/ptyp ptyp0 ptyp6 ptypC ptypI ptypO ptypU ptypa ptypg ptypm ptyps ptypy ptyp1 ptyp7 ptypD ptypJ ptypP ptypV ptypb ptyph ptypn ptypt ptypz ptyp2 ptyp8 ptypE ptypK ptypQ ptypW ptypc ptypi ptypo ptypu ptyp3 ptyp9 ptypF ptypL ptypR ptypX ptypd ptypj ptypp ptypv ptyp4 ptypA ptypG ptypM ptypS ptypY ptype ptypk ptypq ptypw ptyp5 ptypB ptypH ptypN ptypT ptypZ ptypf ptypl ptypr ptypx -bash-3.00# ls /dev/pty* | wc -l 62 -bash-3.00# I dont understand anything :) -bash-3.00# sysctl kern.tty.maxptys kern.tty.maxptys=992 -bash-3.00# If they're 992, how can they run out ? What can i do to increase ptys ? ./MAKEDEV ptyX; ttyflags -a ( X stands for a figure). - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: VPN in OpenBSD 3.8, how to use new tools?
On Sun, Dec 18, 2005 at 06:13:33PM +0100, Miroslav Kubik wrote: Hello everybody Because in OpenBSD 3.8 are new tools which help to set up a VPN via IPSEC, I have a question if there exist some documentation with examples except man pages. I mean something like guide which is easy to understand. I'm trying to implement this kind of VPN, for clients situated outside of my LAN network with preshared passkeys. LAN - OpenBSD - internet - vpn clients I need to provide access for vpn clients to my LAN. Problem is that not of all my VPN clients have public IPs. Is there any helpful documentation especially with description new OpenBSD tools, ipsecadm, ipsecctl? Thank you very much for any help. MK ipsecadm(8) isn't new ;) Probably ipsecctl isn't `mature' enough to handle such setup. Imho, you'll have to use isakmpd- actually web is full of tutorials and examples of isakmpd configurtion; plus, it's very flexible and configurable. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: VPN in OpenBSD 3.8, how to use new tools?
On Sun, Dec 18, 2005 at 08:04:25PM +0100, Hans-Joerg Hoexer wrote: On Sun, Dec 18, 2005 at 06:58:22PM +0100, Lukasz Sztachanski wrote: ipsecadm(8) isn't new ;) Probably ipsecctl isn't `mature' enough to handle such setup. Imho, you'll have to use isakmpd- actually web is full of tutorials and examples of isakmpd configurtion; plus, it's very flexible and configurable. what's wrong with vpn(8)? This question should be directed to preceding person rather than me: he asked for ``some documentation with examples except man pages'' ;) As for me, OpenBSD's man pages are always sufficient. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: root / wheel login incorrect ??
On Sat, Dec 17, 2005 at 11:12:40AM +0100, Stefan Wvhrer wrote: Hi, .. I gotta very confusing problem running OpenBSD. I've installed OpenBSD at a mashine and where able to do anything I wanted to ( just have added an user in the wheel group an another in the user group ) Then I tried to log in from network as root via ssh. Didn't work since I've forgotten to allow root-login in sshd_config. As I wanted to locally log in as root to change the configuration file - it doesn't work.. I wasn't able to log in any more .. even not locally.. Login: root Password: Login incorrect ... tried it a few times without any success... I really didn't forget my password. I've searched for any solutions in the internet a whole day. I tried empty password, I tried Root instead of root no success. The user in the wheel group - same story. Only the user in the user group works. WTF?? (I cannot su or /usr/bin/login for root with that user, since it is not in the wheel group..) Just used OpenBSD for 10 minutes and destroed it... that makes me sad ;-) boot OpenBSD in single user mode and change root password or search for changes( maybe /var/backups will help). P.S. remember to mount root partition in r/w( or even mount -a) while in single user mode. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: browser security - restricted user
On Wed, Dec 14, 2005 at 10:48:28AM -0800, Bob Smith wrote: Just a thought: sudo -u $some_restricted_user $your_preffered_browser ? good that you brought this up; i been wondering about this too. does it help? if so how come there isnt a default non-privileged user created for, say, firefox when the pkg is installed? like there is for bitlbee (_bitlbee) or tcpdump (_tcpdump)? ... yeah, and create separate user for every 3-rd party package, that had security holes in the past ;) Why people are so afraid of systrace, especially as creating policy for non-fork()`ing and non-set*id()`ing application is considerably safer for its usability? - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Recommendations for another POP3/IMAP/SMTP mail reader client?
On Thu, Dec 15, 2005 at 01:34:29AM +0100, viq wrote: Well, I'm trying to go the other way - from using KMail to finally make myself configure mutt ;) or try mutt-ng [1]. It's patched version of mutt, that supports nntp, sidebar and other usefull extensions. - Lukasz Sztachanski [1] afair, http://mutt-ng.berlios.de -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: browser security
On Wed, Dec 14, 2005 at 11:50:53AM -0500, Will H. Backman wrote: Anyone dare try making a systrace policy for firefox? and where's difficulty in writting such policy? It's 20'' of work: use ``wizard'' or automatic policy generation, and then clean up the ruleset looking through syscalls and changing `eq' to `match'; for example cleaning up fsread's on libs or font dirs and fs{read,write,rename} on cache/download dir, and so on... - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Ethernet Trunking
On Tue, Nov 29, 2005 at 11:03:28PM +0400, Bruno Carnazzi wrote: Hi all, I'm looking at the link aggregation feature (man trunk(4)) of OpenBSD 3.8. In my case, I'd like to use it on Ethernet interfaces : should the switch be configured in a special way or is it level-2 transparent ? I mostly use Cisco 2950 switches... What are the differences between 'round-robin' and 'none' protocol ? I've read this : http://www.onlamp.com/pub/a/bsd/2005/10/20/openbsd_3_8.html?page=1. This let me think that the configuration shown is a kind of ARP load balancing (1 IP@ for 2 MAC@). Am I right or it is something else (Virtual MAC@ or...) ? From my experience, trunk(4) doesn't require support from switches. In case of round-robin, outgoing traffic is distributed through aggregated NICs; incoming traffic is received from all aggregated NICs, which requires support from switch, but doesn't break trunk(4)'s usability. failover can be fully functional without switch support, and `none' just disables traffic without destroying device. (un)fortunately, i'm not experienced in Cisco's hardware ;) - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Protecting directory of Apache hosted website with SSL?
On Tue, Sep 27, 2005 at 02:22:40AM -0500, eric wrote: On Tue, 2005-09-27 at 17:01:44 +1000, Luke Fogarty proclaimed... I have a basic webpage running on Apache 1.3, I have setup the site with the needed CA's etc and can run the whole webpage under HTTPS/Secure, but I only want to use HTTPS/SSL for /cgi-bin/ I'm happy for the rest to run over normal HTTP. You'd set up two different web servers; one on 80/tcp and one on 443/tcp. Then modify your links as necessary. ... and additionaly per directory SSLrequiressl directive: Directory /cgi-bin SSLrequiressl ErrorDocument 403 http://domainname.tld/ssl_required.html /Directory -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://szati.entropy.pl
Re: pOf
On Mon, Sep 19, 2005 at 09:27:10PM +1000, Steve Murdoch wrote: Is there any way of limiting access to pptpd from pocket pc clients ? I cant find any fingerprints for pocket pc in pf.os ? I see: 32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 If it doesn't match, you can always initiate connection from PocketPC while listening out traffic using p0f and add this fingerprint to pf.os -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc
Re: Nmap -O... will it be fixed some day?
On Fri, Sep 16, 2005 at 01:12:06PM +0200, Wijnand Wiersma wrote: I have seen this too, but that was a long time ago, I never actually run nmap anymore :-) Maybe it has something to do with some nics? doesn't think so; try to disable pf ;) Probably it's a matter of pf`s traffic normalization. -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc
Re: pfctl: Cannot allocate memory.
On Sat, Sep 10, 2005 at 11:50:29PM -0400, Mike Spenard wrote: Openbsd 3.7 Memory: Real: 16M/33M act/tot Free: 55M Swap: 0K/512M used/tot Trying to load a table from a file that is 21megs and pfctl -t spamd -Tr you`re putting into table whole internet? :~) -f file.txt is outputting.. 'pfctl: Cannot allocate memory.' google tells me, that this issue is quite well discused; after all you can try to split this file into smaller chunks. -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc
Re: 3.7 ,xdm and fluxbox
On Mon, Aug 15, 2005 at 06:22:33PM +0200, Smonek wrote: I install fluxbox on OpenBSD 3.7 . In My rc.conf I add xdm= and configured my Xsession file (/etc/X11/xdm/Xsession fi xterm fluxbox fi Fluxbox starting but no have background firstable, use local XSession file( ~/.xsession). startfluxbox(1) is much more flexible then just fluxbox(1). first one uses ~/.fluxbox/startup or theme config file, second one uses only theme config file. Anyway, check your $PATH and make sure that program, which is used for setting background, exists( and is it covered by $PATH). -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc
Re: syslogd-capabilities
On Fri, Jul 08, 2005 at 11:49:16AM +0200, M. Schatzl wrote: In this case, its a script scanning for invalid ssh-logins invoked by auth.info. It then appends the IP to a lockout-table via pfctl. there are other, better solutions, like stateful tracking and overloading( pf.conf(5)). -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc