Re: add en_US.UTF8 support
Hi, Thank you very much for your reply. Le 2013-04-11 17:54, Stefan Sperling a écrit : Keep in mind that httpd runs in a chroot in /var/www. I run it using chroot with https support (-DSSL flags) I would recommend to run owncloud in the C locale. What do you mean by 'C locale' ? Warm regards, Wesley
Re: add en_US.UTF8 support
Le 2013-04-11 21:51, Stefan Sperling a écrit : On Thu, Apr 11, 2013 at 09:30:51PM +0400, Wesley M.A. wrote: What do you mean by 'C locale' ? The default locale is called the 'C' locale. It is used when you don't configure any locale via LC_CTYPE or LANG. It only supports the ASCII character set. However that doesn't mean that applications cannot use non-ASCII characters if they want to, they just won't get special support from the operating system for this task. Why are you trying to configure a UTF-8 locale? Do you have a special need for this in your use of owncloud? I get this in the admin console (warning log): Error core setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system And at the top : Locale not working This ownCloud server can't set system locale to en_US.UTF-8/en_US.UTF8. This means that there might be problems with certain characters in file names. We strongly suggest to install the required packages on your system to support en_US.UTF-8/en_US.UTF8. Owncloud used : the last 5.0.3 Any idea to fix this ? Again, thank you very much for your time! Cheers, Wesley
Re: add en_US.UTF8 support
Le 2013-04-11 22:29, Stefan Sperling a écrit : When I find time to upgrade to owncloud 5 I will look into this. It is possible that this will fix it: mkdir -p /var/www/usr/share/locale/en_US.UTF-8 cp /usr/share/locale/en_US.UTF-8/LC_CTYPE /var/www/usr/share/locale/en_US.UTF-8/LC_CTYPE But I haven't tested. It works. Again, thank you very much ! Cheers, Wesley
add en_US.UTF8 support
Hi, I run OpenBSD 5.3-current i386 (xbase.tgz included) I install php-5.3 /gd /zip added owncloud 5.0 from owncloud.org I read the faq : 10.20.1 - Configuring the active character set I tried this : export LC_CTYPE=en_US.ISO8859-1 and restart apache same error in Owncloud : setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system Any idea ? Regards, Wesley M.A
Snort, DAQ, and established flow
Hi, I use OpenBSD 5.3-beta kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC I have some questions: 1) If i run this : $(whereis snort) -v # give me : Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! ERROR: Can't find pcap DAQ! Fatal Error, Quitting.. what is missing ? i already tried add p5-Net-Pcap, py-libpcap, same error... 2) i have these rules in my local.rules file : # detect RDP alert tcp $HOME_NET any - any 3389 (msg : traffic rdp; sid:110091) # detect social network : 8minutesDating alert tcp $HOME_NET any - $EXTERNAL_NET $HTTP_PORTS (msg:SOCIAL NET - 8minuteD ating; flow:to_server,established; content:Host\:; pcre:/(Host\:)(\s[a-zA-Z0-9.-]+\.|\s)(8minutedating.c om)\r\n/; sid: 1871000;) RDP Alert works well. But social network alert doesn't work if i let the rule option flow:to_server,established activated. Any idea ? Thank you very much for your help! Cheers, Wesley My snort.conf file : - ipvar HOME_NET 10.100.1.0/24 ipvar EXTERNAL_NET !$HOME_NET ipvar DNS_SERVERS $HOME_NET ipvar SMTP_SERVERS $HOME_NET ipvar HTTP_SERVERS $HOME_NET ipvar SQL_SERVERS $HOME_NET ipvar TELNET_SERVERS $HOME_NET ipvar SSH_SERVERS $HOME_NET ipvar FTP_SERVERS $HOME_NET ipvar SIP_SERVERS $HOME_NET portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,,8899,9080,9090,9091,9443,,11371,5] portvar SHELLCODE_PORTS !80 portvar ORACLE_PORTS 1024: portvar SSH_PORTS 22 portvar FTP_PORTS [21,2100,3535] portvar SIP_PORTS [5060,5061,5600] portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] portvar GTP_PORTS [2123,2152,3386] ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] var RULE_PATH /etc/snort/rules var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_obsolete_alerts config disable_tcpopt_ttcp_alerts config disable_tcpopt_alerts config disable_ipopt_alerts config checksum_mode: all config daq_dir: /usr/local/lib/daq/ config pcre_match_limit: 3500 config pcre_match_limit_recursion: 1500 config detection: search-method ac-split search-optimize max-pattern-len 20 config event_queue: max_queue 8 log 3 order_events content_length config paf_max: 16000 dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so dynamicdetection directory /usr/local/lib/snort_dynamicrules preprocessor normalize_ip4 preprocessor normalize_tcp: ips ecn stream preprocessor normalize_icmp4 preprocessor normalize_ip6 preprocessor normalize_icmp6 preprocessor frag3_global: max_frags 65536 preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180 preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp no, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \ overlap_limit 10, small_segments 3 bytes 150, timeout 180, \ ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \ 161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 6667 6668 6669 \ 7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \ ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7779 \ 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \ 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8899 9080 9090 9091 9443 11371 5 preprocessor stream5_udp: timeout 180 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 preprocessor http_inspect_server: server default \ http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ chunk_length 50 \ server_flow_depth 0 \ client_flow_depth 0 \ post_depth 65495 \ oversize_dir_length 500 \ max_header_length 750 \ max_headers 100 \ max_spaces 0 \ small_chunk_length { 10 5 } \ ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145
openbsd5.3-beta, pf.conf, new keyword : once
Hi, I just see this in the pf.conf manpage: onceCreates a one shot rule that will remove itself from an active ruleset after the first match. In case this is the only rule in the anchor, the anchor will be destroyed automatically after the rule is matched. It is a excellent feature, is it possible to have a example of use ? Cheers, Wesley.
OpenBSD5.3-beta, kernel panic : pf.conf with once option
Hi, I'm running : kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC 2 network cards : bge0 and axe0 pfctl -vf /etc/pf.conf load the ruleset, but just after i do telnet hostname.on.internet 110 this on a workstation, i have a kernel panic on my OpenBSD gateway : uvm_fault(0xd0a51660,0x0, 0, 1) - e Kernel: page fault trap, code=0 Stopped at pf_purge_rule +0x11: mov 0x10(%ebx),%eax my pf.conf : ports_tcp={80 25 443 587 995 21} set skip on lo match out on egress inet from bge0:network to any nat-to egress block log all pass out pass in on bge0 inet proto icmp icmp-type echoreq pass in on bge0 inet proto tcp from bge0:network to any port $ports_tcp pass in on bge0 inet proto tcp from bge0:network to any port 110 once pass in on bge0 inet proto udp from bge0:network to any port domain pass in on bge0 inet proto tcp from bge0:network to any port 22 my dmesg : --- OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.73GHz (GenuineIntel 686-class) 1.73 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,EST,TM2,PERF real mem = 2137059328 (2038MB) avail mem = 2091167744 (1994MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/30/05, BIOS32 rev. 0 @ 0xfd5f0, SMBIOS rev. 2.3 @ 0xe71e0 (61 entries) bios0: vendor FUJITSU // Phoenix Technologies Ltd. version Version 1.05 date 05/30/2005 bios0: FUJITSU SIEMENS LIFEBOOK S7020 acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC SSDT SSDT SSDT SSDT MCFG BOOT acpi0: wakeup devices PCIB(S4) UAR1(S3) MODM(S3) AZAL(S3) EXP1(S4) EXP2(S4) LID_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-6 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (PCIB) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpicpu0 at acpi0: C3, C2, PSS acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PWRB acpiac0 at acpi0: AC unit online acpibat0 at acpi0: CMB1 model CP191240 / CP191241 serial 1 type LION oem Fujitsu acpibat1 at acpi0: CMB2 not present acpidock0 at acpi0: REPL not docked (0) acpivideo0 at acpi0: GFX0 bios0: ROM list: 0xc/0xf200! 0xcf800/0x1000 0xd0800/0x1600 0xdc000/0x4000! cpu0: Enhanced SpeedStep 1730 MHz: speeds: 1733, 1333, 1067, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 drm0 at inteldrm0 Intel 82915GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: msi azalia0: codecs: Realtek ALC260, ATT/Lucent/0x3026, using Realtek ALC260 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: apic 1 int 17 pci1 at ppb0 bus 2 bge0 at pci1 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 (0x4101): apic 1 int 16, address 00:0b:5d:94:e3:23 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: apic 1 int 16 pci2 at ppb1 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: apic 1 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: apic 1 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: apic 1 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: apic 1 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: apic 1 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4 pci3 at ppb2 bus 6 cbb0 at pci3 dev 3 function 0 O2 Micro OZ711MP1 CardBus rev 0x20: apic 1 int 16 iwi0 at pci3 dev 5 function 0 Intel PRO/Wireless 2200BG rev 0x05: apic 1 int 18, address 00:13:ce:60:16:17 TI TSB43AB21 FireWire rev 0x00 at pci3 dev 6 function 0 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 7 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x04: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 ignored
Re: openbsd5.3-beta, pf.conf, new keyword : once
Le 2013-02-22 16:52, Scott McEachern a écrit : On 02/22/13 07:43, Wesley M.A. wrote: Hi, I just see this in the pf.conf manpage: onceCreates a one shot rule that will remove itself from an active ruleset after the first match. In case this is the only rule in the anchor, the anchor will be destroyed automatically after the rule is matched. It is a excellent feature, is it possible to have a example of use ? Cheers, Wesley. Actually it was put in about a year and a half ago: http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/pf.conf.5.diff?r1=1.507;r2=1.508;f=h my fault! Nitpicking aside, thanks for mentioning it... I didn't know about it either until now! ;-) -- Wesley
Re: Snort, DAQ, and established flow
Thank you very much for your answer. I just read man pages... Cheers, Wesley Le 2013-02-22 18:35, Chris Eidem a écrit : Spend more time reading the docs: https://www.snort.org/start/requirements -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DAQ DAQ is the Data-Acquisition API that is necessary to use Snort version 2.9.0 and above. For more information and to download please visit DAQ[1] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Any more chatter about snort is not relevant to this list, take your questions to the snort listserve. [1] http://www.snort.org/downloads/2103 -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Wesley M.A. Sent: Friday, February 22, 2013 5:06 AM To: misc@openbsd.org Subject: Snort, DAQ, and established flow Hi, I use OpenBSD 5.3-beta kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC I have some questions: 1) If i run this : $(whereis snort) -v # give me : Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! ERROR: Can't find pcap DAQ! Fatal Error, Quitting.. what is missing ? i already tried add p5-Net-Pcap, py-libpcap, same error... 2) i have these rules in my local.rules file : # detect RDP alert tcp $HOME_NET any - any 3389 (msg : traffic rdp; sid:110091) # detect social network : 8minutesDating alert tcp $HOME_NET any - $EXTERNAL_NET $HTTP_PORTS (msg:SOCIAL NET - 8minuteD ating; flow:to_server,established; content:Host\:; pcre:/(Host\:)(\s[a-zA-Z0-9.-]+\.|\s)(8minutedating.c om)\r\n/; sid: 1871000;) RDP Alert works well. But social network alert doesn't work if i let the rule option flow:to_server,established activated. Any idea ? Thank you very much for your help! Cheers, Wesley My snort.conf file : - ipvar HOME_NET 10.100.1.0/24 ipvar EXTERNAL_NET !$HOME_NET ipvar DNS_SERVERS $HOME_NET ipvar SMTP_SERVERS $HOME_NET ipvar HTTP_SERVERS $HOME_NET ipvar SQL_SERVERS $HOME_NET ipvar TELNET_SERVERS $HOME_NET ipvar SSH_SERVERS $HOME_NET ipvar FTP_SERVERS $HOME_NET ipvar SIP_SERVERS $HOME_NET portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,,8899,9080,9090,9091,9443,,11371,5] portvar SHELLCODE_PORTS !80 portvar ORACLE_PORTS 1024: portvar SSH_PORTS 22 portvar FTP_PORTS [21,2100,3535] portvar SIP_PORTS [5060,5061,5600] portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] portvar GTP_PORTS [2123,2152,3386] ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] var RULE_PATH /etc/snort/rules var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_obsolete_alerts config disable_tcpopt_ttcp_alerts config disable_tcpopt_alerts config disable_ipopt_alerts config checksum_mode: all config daq_dir: /usr/local/lib/daq/ config pcre_match_limit: 3500 config pcre_match_limit_recursion: 1500 config detection: search-method ac-split search-optimize max-pattern-len 20 config event_queue: max_queue 8 log 3 order_events content_length config paf_max: 16000 dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so dynamicdetection directory /usr/local/lib/snort_dynamicrules preprocessor normalize_ip4 preprocessor normalize_tcp: ips ecn stream preprocessor normalize_icmp4 preprocessor normalize_ip6 preprocessor normalize_icmp6 preprocessor frag3_global: max_frags 65536 preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180 preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp no, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \ overlap_limit 10, small_segments 3 bytes 150, timeout 180, \ ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \ 161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 6667 6668 6669 \ 7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \ ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7779 \ 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \ 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8899 9080 9090 9091 9443 11371 5 preprocessor stream5_udp: timeout 180 preprocessor
Re: Snort, DAQ, and established flow
Please read /usr/local/share/doc/pkg-readmes/snort-2.9.4.0 for OpenBSD-specific Snort documentation. Specifically, the recommended way to start Snort is to use the /etc/rc.d/snort script. The rc.d(8) man page has information about rc.d scripts. Hope this helps, Lawrence You are very funny, i already read /usr/local/share/doc/pkg-readmes/* And the same for : Configure /etc/snort/snort.conf (HOME_NET, EXTERNAL_NET, var...RULES) local.rules file And put pkg_scripts=snort in /etc/rc.conf.local and start it manually with /etc/rc.d/snort start Therefore thank you for your trie. Cheers, Wesley
Re: Snort, DAQ, and established flow
Le 2013-02-22 20:34, Lawrence Teo a écrit : So when you start Snort with the rc.d script, the rc.d script runs snort with -c /etc/snort/snort.conf, so it knows where to find the DAQ modules. If you want to use snort -v without using the config file: snort --daq-dir=/usr/local/lib/daq/ -v Lawrence Thank you very much. Wesley
Re: OpenBSD5.3-beta, kernel panic : pf.conf with once option
Le 2013-02-22 21:41, Mike Belopuhov a écrit : short answer: don't do that. you have to use an anchor. regarding the actual crash -- i'll look at it asap. Thank you very much for your reply, your advice. Wesley
Re: daily.output and ROOTBACKUP
Hi 'man 5 crontab' give : Command output is mailed to the crontab owner It is why you have root emails...(root backups are provided from security scripts (from daily)) Cheers, Wesley Le 2013-02-04 20:03, Peter Bisroev a écrit : Hi All, This is a very minor issue, and I could possibly have missed something in the documentation since I do not see people asking this question on the mailing lists. So if someone could point me in the right direction it would be really appreciated. I am using OpenBSD 5.2 on a number of hosts, and all works great. I have daily.local setup as follows: -- cat /etc/daily.local ROOTBACKUP=1 VERBOSESTATUS=0 -- Normal daily output is not emailed, however because I do have ROOTBACKUP=1 I get daily emails about root backups as shown below: -- OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP 1:31AM up 24 days, 1:40, 0 users, load averages: 0.78, 0.28, 0.15 Backing up root=/dev/rwd0a to /dev/rwd0d: 131527+0 records in 131527+0 records out 1077469184 bytes transferred in 57.954 secs (18591693 bytes/sec) ** /dev/rwd0d ** Last Mounted on / ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1756 files, 26205 used, 490058 free (50 frags, 61251 blocks, 0.0% fragmentation) MARK FILE SYSTEM CLEAN? yes * FILE SYSTEM WAS MODIFIED * -- The reason that I am getting this output makes sense, since the daily manpage states: -- If set to 0, df(1), dump(8), netstat(1), and ruptime(1) are skipped. Consequently, if none of the other commands produce any output, no mail will be sent to root. -- So what would be the correct way to instruct the rootbackup process not to produce output unless something is wrong? Thank you! --peter
add a daemon user
Hi, To add a daemon user like for example _nginx : useradd -L daemon -d /var/empty -s /sbin/nologin -g =uid _nginx Is this enough ? Thank you very much. Cheers, Wesley
Re: add a daemon user
Le 2013-01-29 21:40, jca+o...@wxcvbn.org a écrit : Wesley M.A. open...@e-solutions.re writes: Hi, Hi To add a daemon user like for example _nginx : useradd -L daemon -d /var/empty -s /sbin/nologin -g =uid _nginx Is this enough ? [...] Depends. Your _nginx user will likely serve files, you don't want to put them in /var/empty, which is where other daemons chroot. Do you want to chroot? Why not use the www user? Why not use the devel nginx package, if you need a more recent version? I want to make work mailserv (ie mailserv.github.com) on OpenBSD-5.2 When i install it, _nginx was not created. It is why my question. Thank you. -- Wesley
Re: /var/backups strange behaviour
My mistake ! I undestand better. Thank you very much. Cheers, Wesley Le 2013-01-07 17:07, Otto Moerbeek a écrit : On Mon, Jan 07, 2013 at 04:49:12PM +0400, Wesley wrote: Hi Before do anything, i read this : man 8 daily I just installed a fresh OpenBSD-5.2 and /var/backups : empty I don't understand why backup is enabled in /var/backups. I explain, if i run the script : 'sh /etc/daily', backups is done. (i.e 'ls /var/backups') In the manpage of daily, it will backup only if : ROOTBACKUP Variable is enable (=1) or altroot partition in /etc/fstab Actually none of these 2 statements are present. Any idea ? Thank you very much. Regards, Wesley You are confusing things. ROOTBACKUP and config files backups are rtwo different things. Reading docs (and checking references helps): See security(8) (run by daily(8) as documented) and changelist(5) (referred to by security(8)). -Otto