security

$ gpg --allow-non-selfsigned-uid --no-default-keyring --keyring /tmp/tmp.s7YEIIZX --import /tmp/tmp.oVtOGme1 ... gpg: invalid armor header: mQINBF+5ojQBEADSqQjD4h1lOwAGgmz4dK0Zf4JkoJCpQ7jw2B5jigNySdKf1rQN\n gpg: CRC error; DDCBB0 -...

The .zfs snap directory is world readable. Is this not a security concern ? zpool set listsnapshots=on tank

Security can be anything. Currently issues are spread over the forum ?

I notice that after successful installation of KDE on FreeBSD, there are many files linked into the kernal, as shown by the command "kldstat". (1) I wondering where is this configured - what file(s)? I checked /boot/loader.conf and /etc/rc.conf and couldn't find them there. (2) Is there a...

There are several tutorials and guides on how to install OpenVAS on FreeBSD; however, recently OpenVAS was renamed to Greenbone Security Assistant, spread across multiple packages and now no longer fits any of the past setup descriptions. After wading through the documentation myself, I figured...

Stories about ransomware and malware corruption seem to be on the increase. They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million. There is a story in Wired about a theft of RSA SecureID seeds from an air-gapped...

My Thinkpad T480 suspends and resumes successfully and with no problems. However, I noticed that if I hit Ctrl-C a few times during the resume process, I kill X and the screen saver and get a password-free access to the shell. This is a major vulnerability and I hope there is a fix for it. Has...

Hey, I currently work on a project to scan a network and find vulnerabilities which has to be on FreeBSD. So, as a first step, I installed packages of openvas9 and scanned the network by using the web interface. There is also a server on ubuntu to see what openvas will find. On the report...

My system was hacked and crashed How to protect Please step by step

Reports: Intel chips have new security flaws

I'm a little perplexed to have accidentally found that non-root users (even ones denied access to /dev/mixer) can adjust hw.snd.default_unit. I assume non-root users can adjust some other sysctls. I thought sysctl would have been restricted entirely to root. I would appreciate any insight here...

I have (courtesy of fail2ban + nginx) tables of IPs I would like to stop from accessing the server in any way (ssh, web, etc.). When they try to ssh, pf blocks them like it should. When they access the webserver directly, they get blocked. But when they access via a proxy, I have no idea what...

The System Hardening Options presented at install time - if one wished to keep these disabled at install time and then selectively enable them after installing, what is the method for doing so? I am doing a FreeBSD 12 install and was hoping to see instructions on how to do that in the 2.8.4...

I just realized that the mixer can be adjusted by any user and any user can listen to the microphone on my system. Even a sandbox user, unless chrooted or jailed, could spy on me. Is there a way to adjust /dev/dsp permissions so access requires an audio group? Would I use /etc/devfs.conf for...

Looking in my tripwire logs I got: Modified: "/etc/ssl/private" "/etc/ssl/private/server.key" And: Modified object name: /etc/ssl/private/server.key Property: Expected Observed ------------- -----------...

Im new to freebsd and jails, please be patient. according to the freebsd documentation, one should create a cloned loopback for a jail instance. I can't get behind the purpose of creating multiple loopback interfaces. can someone explain me this? Should I create a new lo interface for each...

Good afternoon, I was playing around with login.access. I want to allow a specific machine on the network to be able to connect. The computer's name is cp9043 and the ip address is 192.168.1.15 It doesn't work when I use: +:ALL:192.168.1. +:wheel:console ttyv0 -:ALL:ALL or: +:ALL:192.168.1.15...

When configuring Setkey to add Security Policy Database for AWS tunnels I understand that I should let the kernel know what traffic I want to get encrypted. And so I added my internal network to go to the remote VPC (AWS) network and the other way around. For example: spdadd 25.25.25.64/26...

Hi ! I'm using pkg audit to get report about current "vulnerabilities" for ports and also for FreeBSD base/kernel using that special syntax: pkg audit FreeBSD-11.2_2 && pkg audit FreeBSD-kernel-11.2_2 But it looks like vuln.xml is not anymore updated about FreeBSD SA since 12.0p3/11.2p9 ...

Dear forum, first if all I hope that I'm posting in the correct forum. Please correct me if it's wrong. I noticed that there is a lot of traffic while upgrading ports with portmaster. I do not mean the actual download of source code, rather during the building process. Also, there is almost no...