security

  1. C

    Problem with login.access

    Good afternoon, I was playing around with login.access. I want to allow a specific machine on the network to be able to connect. The computer's name is cp9043 and the ip address is 192.168.1.15 It doesn't work when I use: +:ALL:192.168.1. +:wheel:console ttyv0 -:ALL:ALL or: +:ALL:192.168.1.15...
  2. T

    Freebsd Racoon setkey configuration?

    When configuring Setkey to add Security Policy Database for AWS tunnels I understand that I should let the kernel know what traffic I want to get encrypted. And so I added my internal network to go to the remote VPC (AWS) network and the other way around. For example: spdadd 25.25.25.64/26...
  3. simplerezo

    pkg audit / vuln.xml / no more updates for base system and kernel ??

    Hi ! I'm using pkg audit to get report about current "vulnerabilities" for ports and also for FreeBSD base/kernel using that special syntax: pkg audit FreeBSD-11.2_2 && pkg audit FreeBSD-kernel-11.2_2 But it looks like vuln.xml is not anymore updated about FreeBSD SA since 12.0p3/11.2p9 ...
  4. H

    Solved Portmaster - unknown traffic

    Dear forum, first if all I hope that I'm posting in the correct forum. Please correct me if it's wrong. I noticed that there is a lot of traffic while upgrading ports with portmaster. I do not mean the actual download of source code, rather during the building process. Also, there is almost no...
  5. mod3777

    FreeBSD and security mitigations

    Hows FreeBSD security mitigations? I am new to FreeBSD and I am very satisfied with this system, until, a guy who runs HBSD and OpenBSD told me: " I don't know of any Linux distro which doesn't use PIC, PIE, and at least stack-protector-strong. The state of userland exploit mitigations in...
  6. D

    Remote code execution on almost all Intel processors: this is again the Management Engine fault

    Persecuted by further discoveries of gaps in the mechanism of speculative instruction execution, Intel discovered that its chips are vulnerable to attack on the other hand - the infamous Management Engine remote management subsystem. This computer-in-computer, which can have complete control...
  7. G

    How do I know a CVE has been fixed for FreeBSD

    Package www/firefox returned so many CVE's from pkg aud -F. So how can I know that all those CVE are patched or not. Some of them are *RESERVED*. Say status of CVE-5863; CVE-2018-5156 etc. from various web sources of cve.mitre & NVD. From FreshPorts-VuXML says an older version is vulnerable...
  8. G

    Use of Capsicum with Firefox

    Message from firefox-60.0.2,1 , after update/install, Some features available on other platforms are not implemented: - Native audio (OSS backend is incomplete, doesn't support WebRTC) - Encrypted Media Extensions (requires Widevine CDM binary) - Process sandboxing (requires Capsicum backend) -...
  9. B

    Mount two firewalls

    I want to mount a firewall. I have the idea of that my traffic could be "sniffered" by somebody. So I will ask for how to mount a firewall, here, on my desktop installation but also on another equipment. Besides, I want to know what else can I do for making the most miserable the attack of a...
  10. nielsk

    logging what root is doing

    Hi, new audit-requirements came up (yeah EU-GDPR and its requirement for acccountability who did when what when dealing with personal data) and now I try to figure out, how I can log what the root-user is doing, especially when an admin is doing sudo su. As I noticed certain commands like "cd"...
  11. B

    Virus & Security

    I write this with the objective of talk about security and viruses in FreeBSD. Once i read in a page about this OS the steps for installing an antivirus. Since that i started to think: how much security this system have? But, if we consider that this system could be configurable to be more...
  12. SirDice

    DDoS amplifications through memcached

    Using databases/memcached is a popular method to speed up high performance websites. But apparently not everybody protects it properly and allows it to be accessible from the internet. New research discovered these open services are abused in a similar fashion to DNS and NTP amplification...
  13. Maelstorm

    PE Executable Debugger/Disassembler (i386/amd64)?

    I am looking for a debugger or disassembler for Windows PE format executables, something similar to objdump. I'm taking a class in computer forensics and the research project that my team is working on is reverse engineering malware. We have the malware (it's not hard to find). For obvious...
  14. asv0

    BIBA/MLS compartmentalization hell

    Good evening, I'm experiencing something which is making me doubting completely about my understanding of compartments through BIBA and MLS models. I've used colours and bold style in the attempt to make the following grade:compartments declarations more readable. I'm working in /home/shared #...
  15. L

    PF Communication between fail2ban and pf fails

    EDIT: the problem is solved Hello, i had used Debian at the last several years and i'm very new to FreeBSD. I tryed to port my configuration for fail2ban from my Debian machines to FreeBSD (with the modification due the firewall has changed). In my testing phase i have found out that the...
  16. ronaldlees

    Open Source Review Security

    So, we've all accepted the "many eyes" theory of open source, and we assume that those eyes find many defects and fix them, hence increasing security. But, inside of many very important security sectors (especially in the U.S.) - that line of reasoning is said not to work. To paraphrase a few...
  17. fullauto2012

    Login Process

    I want to wrote a 2 factor authentication script that runs after PAM authentication that texts my phone a random 6 digit number and waits for 60 seconds for me to type in the result... I have it all basically writen in my head, but I cannot for the life of me find any literature as to where to...
  18. rigoletto@

    Intel bug incoming.

    Intel Bug Incoming. EDIT: It seems sh!t will get pretty serious: Intel's CEO Just Sold a Lot of Stock UPDATE: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign
  19. nixdmon

    Unable to change user umask

    Hi All, I've been trying to change umask of a local user. I've looked around for instructions, and tried adding umask in .login_conf in user's home directory. me:\ :umask=002: Also ran cap_mkdb .login_conf after modification. umask remains 022, unchanged. In addition, I've changed...
  20. timypcr

    OpenSSH Update for PCI Compliance

    According to our third-party PCI scanner (conducted by Trustwave) current OpenSSH version is no longer supported. The version of OpenSSH detected is no longer supported by the vendor. No further security patches or upgrades will be released by the vendor for this version, and the vendor will...
Top