From owner-freebsd-isp Sun Jul 15 3:41:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id 6700D37B403 for ; Sun, 15 Jul 2001 03:41:29 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 98EDA27E9C5 for ; Sun, 15 Jul 2001 14:41:27 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id 0E20D43994 for ; Sun, 15 Jul 2001 14:40:08 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 824415EBB for ; Sun, 15 Jul 2001 14:40:08 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 60A75CCC9 for ; Sun, 15 Jul 2001 14:40:07 +0400 (MSD) Date: Sun, 15 Jul 2001 14:40:06 +0400 (MSD) From: Alexey Zakirov X-X-Sender: Cc: Subject: Re: Background processes limiting In-Reply-To: <001701c10ce1$52a05a20$9653949f@lv> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=KOI8-R Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 14 Jul 2001, [windows-1257] Matīss Elsbergs wrote: > >Giving them a limit of 5 would mean 4 background processes, since there > >shell would use the 5th... I dont know if there is another way, but this > >seems like a simply answer :P > > yeah, that was the first thing that came into my mind.. > > But 4 bg processes roughly for free shell users means 4 eggdrops.. Or BXses, > or something like that - very nice for user, but a hell for a old crappy BSD > box. Giving shell access does NOT mean giving access to internet for user. We've run public shell boxes (free web hosting) for 3 years and I didn't get any DoS from such users. Yes, we use jail(8) widely and after logging into system user can't do anything like eggdrops because it is 172.16... net. Just a overlapped jail. So we don't care about amount of processes those users run. BTW if you want to run a shell box you definitly need the patch from PR/18209 (http://www.FreeBSD.org/cgi/query-pr.cgi?pr=18209). *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 7:17:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id A39CA37B401 for ; Sun, 15 Jul 2001 07:17:42 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1997 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 15 Jul 2001 09:16:21 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sun, 15 Jul 2001 09:16:14 -0500 (CDT) From: James Wyatt To: Kal Torak Cc: =?iso-8859-1?Q?Mat=EEss?= Elsbergs , Marc Veldman , freebsd-isp@freebsd.org Subject: Re: Background processes limiting In-Reply-To: <3B512528.BD0C9C21@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 15 Jul 2001, Kal Torak wrote: > James Wyatt wrote: > > I have seen such things done in .logout scripts, but usually users can > > remove the .logout file to prevent the action. One approach might be to > > have a script run from cron that finds processes with a PPID of "1" > > (parent now init) and owned by a regular login user and kills them. > > Another might be to look for regular-user process without an associated > > tty device. Hope this helps... - Jy@ > > Why not just make .logout owned by root? Only give the users group read > access... That should work, just have a killall -m . -9 or something > like that in there... > > Then just have your cron job running every so often to clean up anything > that might of somehow slipped though the cracks... If the file is owned by root, but in a directory owned by joe.user, then Joe can easily 'rm' the file himself. I liked the idea of using a .logout, but having a cron job 1) ensure the few processes missed by ".logout"s get caught and addressed, 2) report users who have removed or altered their .logout files, and 3) regenerate any altered or deleted .logout files. Too bad there isn't a syste-wide .logout file something like /etc/logout to match the /etc/profile for logins. (or is there?) - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 9:30:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp3.xs4all.nl (smtp3.xs4all.nl [194.109.127.132]) by hub.freebsd.org (Postfix) with ESMTP id CFFD537B401 for ; Sun, 15 Jul 2001 09:30:26 -0700 (PDT) (envelope-from freebsd@lurkie.xs4all.nl) Received: from lurkie.xs4all.nl (lurkie.xs4all.nl [194.109.236.164]) by smtp3.xs4all.nl (8.9.3/8.9.3) with ESMTP id SAA24036; Sun, 15 Jul 2001 18:30:16 +0200 (CEST) Received: (from freebsd@localhost) by lurkie.xs4all.nl (8.11.4/8.11.4) id f6FGUFA55800; Sun, 15 Jul 2001 18:30:15 +0200 (CEST) (envelope-from freebsd) Date: Sun, 15 Jul 2001 18:30:15 +0200 From: Marc Veldman To: Ryan Masse Cc: James Wyatt , Kal Torak , =?iso-8859-1?Q?Mat=EEss_Elsbergs?= , freebsd-isp@freebsd.org Subject: Re: Background processes limiting Message-ID: <20010715183015.A55771@lurkie.xs4all.nl> References: <00a401c10d49$6c093140$3200a8c0@Home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00a401c10d49$6c093140$3200a8c0@Home>; from mail@max-info.net on Sun, Jul 15, 2001 at 12:15:22PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jul 15, 2001 at 12:15:22PM -0400, Ryan Masse wrote: > has anyone checked out 'man chflags' > > you could easily to a chflags schg .logout in the users dir which would only > allow the root user to modify, delete etc. even though the file would still > be owned by joe.user. There is such a thing as /etc/csh.logout. -- Marc Veldman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 10:54:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id 2DF1637B401 for ; Sun, 15 Jul 2001 10:54:35 -0700 (PDT) (envelope-from alson@mediadesign.nl) Received: (qmail 26262 invoked by uid 1002); 15 Jul 2001 17:54:28 -0000 Date: Sun, 15 Jul 2001 19:54:28 +0200 From: Alson van der Meulen To: freebsd-isp@freebsd.org Subject: Re: Background processes limiting Message-ID: <20010715195428.C10123@md2.mediadesign.nl> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.18i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jul 15, 2001 at 09:16:14AM -0500, James Wyatt wrote: > On Sun, 15 Jul 2001, Kal Torak wrote: > > James Wyatt wrote: > > > I have seen such things done in .logout scripts, but usually users can > > > remove the .logout file to prevent the action. One approach might be to > > > have a script run from cron that finds processes with a PPID of "1" > > > (parent now init) and owned by a regular login user and kills them. > > > Another might be to look for regular-user process without an associated > > > tty device. Hope this helps... - Jy@ > > > > Why not just make .logout owned by root? Only give the users group read > > access... That should work, just have a killall -m . -9 or something > > like that in there... > > > > Then just have your cron job running every so often to clean up anything > > that might of somehow slipped though the cracks... > > If the file is owned by root, but in a directory owned by joe.user, then > Joe can easily 'rm' the file himself. I liked the idea of using a .logout, man chflags... look at schg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 15:48:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id 45E9137B401 for ; Sun, 15 Jul 2001 15:48:08 -0700 (PDT) (envelope-from jan@digitaldaemon.com) Received: (qmail 15625 invoked from network); 15 Jul 2001 22:46:24 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 15 Jul 2001 22:46:24 -0000 Message-ID: <3B521D2D.8000203@digitaldaemon.com> Date: Sun, 15 Jul 2001 18:46:05 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.1) Gecko/20010607 Netscape6/6.1b1 X-Accept-Language: en-us MIME-Version: 1.0 To: FreeBSD ISP Subject: rblsmtpd Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! Anyone notice any problems in using rblsmtpd with ORBS? Just this afternoon between sending two messages I seem to have trouble relaying messages. After I disabled /usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org -rblackholes.mail-abuse.org -rdialups.mail-abuse.org -rrelays.mail-abuse.org Everything went well again... Any ideas? Jan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 15:53: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sex-lies-video.tape.net (sex-lies-video.tape.net [216.115.128.64]) by hub.freebsd.org (Postfix) with SMTP id 7F82737B405 for ; Sun, 15 Jul 2001 15:52:57 -0700 (PDT) (envelope-from gerry@intersurf.com) Received: (qmail 31893 invoked from network); 15 Jul 2001 17:52:54 -0500 Received: from sex-lies-video.tape.net (HELO taz.intersurf.com) (216.115.128.64) by sex-lies-video.tape.net with SMTP; 15 Jul 2001 17:52:54 -0500 X-PGP-Fingerprint: 6126 058A 37ED 2035 A28B 7ADB D205 DD4D 0F36 40D2 Message-Id: <5.1.0.14.2.20010715174948.04a0bfa0@127.0.0.1> X-Sender: gerry@mail.intersurf.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 15 Jul 2001 17:52:28 -0500 To: FreeBSD ISP From: Gerry Subject: Re: rblsmtpd In-Reply-To: <3B521D2D.8000203@digitaldaemon.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS servers is set to return positive results for EVERY query, therefore blocking ALL mail. You probably want to remove ORBS from your configuration. G At 17:46 7/15/2001, Jan Knepper wrote: >Hi! > >Anyone notice any problems in using rblsmtpd with ORBS? >Just this afternoon between sending two messages I seem to have trouble >relaying messages. After I disabled > >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org -rrelays.mail-abuse.org > >Everything went well again... >Any ideas? > >Jan > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 15:57:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id C287237B401 for ; Sun, 15 Jul 2001 15:57:07 -0700 (PDT) (envelope-from jan@digitaldaemon.com) Received: (qmail 16058 invoked from network); 15 Jul 2001 22:55:24 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 15 Jul 2001 22:55:24 -0000 Message-ID: <3B521F48.3000908@digitaldaemon.com> Date: Sun, 15 Jul 2001 18:55:04 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.1) Gecko/20010607 Netscape6/6.1b1 X-Accept-Language: en-us MIME-Version: 1.0 To: Gerry Cc: FreeBSD ISP Subject: Re: rblsmtpd References: <5.1.0.14.2.20010715174948.04a0bfa0@127.0.0.1> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks! I figured it was something like that. Will have to figure out what to do now than! Thanks! Jan Gerry wrote: > ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS > servers is set to return positive results for EVERY query, therefore > blocking ALL mail. You probably want to remove ORBS from your > configuration. > > G > > At 17:46 7/15/2001, Jan Knepper wrote: > >> Hi! >> >> Anyone notice any problems in using rblsmtpd with ORBS? >> Just this afternoon between sending two messages I seem to have >> trouble relaying messages. After I disabled >> >> /usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org >> -rblackholes.mail-abuse.org -rdialups.mail-abuse.org >> -rrelays.mail-abuse.org >> >> Everything went well again... >> Any ideas? >> >> Jan >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 16: 3:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id 2E27C37B401 for ; Sun, 15 Jul 2001 16:03:17 -0700 (PDT) (envelope-from enno.davids@metva.com.au) Received: (from enno@localhost) by metva.com.au id JAA28980; Mon, 16 Jul 2001 09:02:40 +1000 (EST) From: Enno Davids Message-Id: <200107152302.JAA28980@metva.com.au> Subject: Re: rblsmtpd In-Reply-To: <5.1.0.14.2.20010715174948.04a0bfa0@127.0.0.1> from Gerry at "Jul 15, 1 05:52:28 pm" To: gerry@intersurf.com (Gerry) Date: Mon, 16 Jul 2001 09:02:39 +1000 (EST) Cc: freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org | ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS | servers is set to return positive results for EVERY query, therefore | blocking ALL mail. You probably want to remove ORBS from your | configuration. | | G | | At 17:46 7/15/2001, Jan Knepper wrote: | >Hi! | > | >Anyone notice any problems in using rblsmtpd with ORBS? | >Just this afternoon between sending two messages I seem to have trouble | >relaying messages. After I disabled | > | >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org | >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org -rrelays.mail-abuse.org | > | >Everything went well again... | >Any ideas? | > | >Jan | > Didn't the RBL people also announce they were going to start charging for access to their servers? It might be worth checking if you still have access there too.... Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 16:16:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id 07B0937B401 for ; Sun, 15 Jul 2001 16:16:37 -0700 (PDT) (envelope-from jan@digitaldaemon.com) Received: (qmail 16671 invoked from network); 15 Jul 2001 23:08:13 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 15 Jul 2001 23:08:13 -0000 Message-ID: <3B522249.2080106@digitaldaemon.com> Date: Sun, 15 Jul 2001 19:07:53 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.1) Gecko/20010607 Netscape6/6.1b1 X-Accept-Language: en-us MIME-Version: 1.0 To: Enno Davids Cc: Gerry , freebsd-isp@FreeBSD.ORG Subject: Re: rblsmtpd References: <200107152302.JAA28980@metva.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yeah, as a matter in fact now I have this problem I started looking at http://www.mail-abuse.org/ and just read the line about zone transfers and other new limitation that I was not aware of. Not too funny by the way. Is any of you using any form of efficient mail filtering? And if so what? rblsmtpd has worked great so far, but I guess the internet will become more and more commercial... Thanks! Jan Enno Davids wrote: >| ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS >| servers is set to return positive results for EVERY query, therefore >| blocking ALL mail. You probably want to remove ORBS from your >| configuration. >| >| G >| >| At 17:46 7/15/2001, Jan Knepper wrote: >| >Hi! >| > >| >Anyone notice any problems in using rblsmtpd with ORBS? >| >Just this afternoon between sending two messages I seem to have trouble >| >relaying messages. After I disabled >| > >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org -rrelays.mail-abuse.org >| > >| >Everything went well again... >| >Any ideas? >| > >| >Jan >| > > >Didn't the RBL people also announce they were going to start charging for >access to their servers? It might be worth checking if you still have access >there too.... > > >Enno. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 16:56:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.mc.maricopa.edu (imap.mc.maricopa.edu [140.198.72.62]) by hub.freebsd.org (Postfix) with ESMTP id 588C637B401 for ; Sun, 15 Jul 2001 16:56:56 -0700 (PDT) (envelope-from jimr@mail.mc.maricopa.edu) Received: from mail.mc.maricopa.edu ([127.0.0.1]) by mail.mc.maricopa.edu (Netscape Messaging Server 4.15) with ESMTP id GGJH6T06.513 for ; Sun, 15 Jul 2001 16:56:53 -0700 Disposition-Notification-To: From: "James Mcminn" To: freebsd-isp@FreeBSD.ORG Message-ID: <1e0982157e.2157e1e098@mail.mc.maricopa.edu> Date: Sun, 15 Jul 2001 16:56:53 -0700 X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: Test X-Accept-Language: en Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Please excuse this test I need to verify for a school assignment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 17: 7:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by hub.freebsd.org (Postfix) with SMTP id 1BD5E37B401 for ; Sun, 15 Jul 2001 17:07:27 -0700 (PDT) (envelope-from troy@psknet.com) Received: (qmail 10539 invoked by uid 85); 16 Jul 2001 00:07:19 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-0.95 (uvscan: v4.1.20/v4143. . Clean. Processed in 0.268928 secs); 16 Jul 2001 00:07:19 -0000 X-Qmail-Scanner-Mail-From: troy@psknet.com via voyager.psknet.com X-Qmail-Scanner-Rcpt-To: freebsd-isp@FreeBSD.ORG X-Qmail-Scanner: 0.95 (No viruses found. Processed in 0.268928 secs) Received: from abyss.dashit.net (HELO abyss) (gunk@63.171.251.250) by voyager.psknet.com with SMTP; 16 Jul 2001 00:07:19 -0000 From: "Troy Settle" To: Subject: RE: rblsmtpd Date: Sun, 15 Jul 2001 20:07:18 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <3B522249.2080106@digitaldaemon.com> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ORBS gone (no big deal for me), but MAPS going to a fee structure for service is troublesome. The fees aren't that bad, but having to come up with an Annual subscription for 2k users in just 2 weeks? That's pushing it. I've asked about monthly subscriptions, but haven' received a response yet. Hopefully they'll work with me on it. -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jan Knepper ** Sent: Sunday, July 15, 2001 7:08 PM ** To: Enno Davids ** Cc: Gerry; freebsd-isp@FreeBSD.ORG ** Subject: Re: rblsmtpd ** ** ** Yeah, as a matter in fact now I have this problem I started looking at ** http://www.mail-abuse.org/ and just read the line about zone transfers ** and other new limitation that I was not aware of. Not too funny ** by the way. ** ** Is any of you using any form of efficient mail filtering? And if so what? ** ** rblsmtpd has worked great so far, but I guess the internet will become ** more and more commercial... ** ** Thanks! ** Jan ** ** ** ** Enno Davids wrote: ** ** >| ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS ** >| servers is set to return positive results for EVERY query, therefore ** >| blocking ALL mail. You probably want to remove ORBS from your ** >| configuration. ** >| ** >| G ** >| ** >| At 17:46 7/15/2001, Jan Knepper wrote: ** >| >Hi! ** >| > ** >| >Anyone notice any problems in using rblsmtpd with ORBS? ** >| >Just this afternoon between sending two messages I seem to ** have trouble ** >| >relaying messages. After I disabled ** >| > ** >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org ** >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org ** -rrelays.mail-abuse.org ** >| > ** >| >Everything went well again... ** >| >Any ideas? ** >| > ** >| >Jan ** >| > ** > ** >Didn't the RBL people also announce they were going to start ** charging for ** >access to their servers? It might be worth checking if you ** still have access ** >there too.... ** > ** > ** >Enno. ** > ** > ** >To Unsubscribe: send mail to majordomo@FreeBSD.org ** >with "unsubscribe freebsd-isp" in the body of the message ** > ** > ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 18: 2:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id E752837B401 for ; Sun, 15 Jul 2001 18:02:11 -0700 (PDT) (envelope-from ryan@sasknow.com) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id TAA27882; Sun, 15 Jul 2001 19:00:43 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 15 Jul 2001 19:00:43 -0600 (CST) From: Ryan Thompson To: James Wyatt Cc: Kal Torak , =?iso-8859-1?Q?Mat=EEss?= Elsbergs , Marc Veldman , freebsd-isp@FreeBSD.ORG Subject: Re: Background processes limiting In-Reply-To: Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org James Wyatt wrote to Kal Torak: > On Sun, 15 Jul 2001, Kal Torak wrote: > > Why not just make .logout owned by root? Only give the users group read > > access... That should work, just have a killall -m . -9 or something > > like that in there... > > > > Then just have your cron job running every so often to clean up anything > > that might of somehow slipped though the cracks... > > If the file is owned by root, but in a directory owned by joe.user, > then Joe can easily 'rm' the file himself. I liked the idea of using a > .logout, but having a cron job 1) ensure the few processes missed by > ".logout"s get caught and addressed, 2) report users who have removed > or altered their .logout files, and 3) regenerate any altered or > deleted .logout files. I simply put "schg uunlnk /home/$user/.logout" into our automated user creation scripts after the skel files are copied. Works like a charm. If you want to do this in past-tense to an existing user base (this assumes all user accounts are off of a common home directory--repeat this step for alternate home roots) 1) Create a suitable .logout file that fits your purposes. I'll assume it is named .logout, in the current working directory Use the following slick little command: apply 'install -c -m 0555 -o 0 -g 0 -f uunlnk .logout' /home/*/ That will install a copy of the file .logout from the current directory, everyone read/exec, owned by root:wheel, user unlink flag set, into each directory off of /home/. Fun, huh? If everyone already has .logout files and you just want to set the flags: chflags uunlnk /home/*/.logout Depending on the number of users, these commands may take a while to complete, so be warned ;-) If you want to allow your users to customize their .logout files, have the default .logout script exec something like ~/dot.logout at a suitable time during the script. If you only want to allow certain people to do this (say, staff members, with UID < 1000), just wrap the call to dot.logout in an if statement: if [ $UID -lt 1000 ]; then # Call user defined logout ~/dot.logout fi Some shells recognize system-wide logout files... But the above approach ensures that the user can not override system default logout conditions. > Too bad there isn't a syste-wide .logout file something like > /etc/logout to match the /etc/profile for logins. (or is there?) - Jy@ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 20: 5:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 5ED4637B407 for ; Sun, 15 Jul 2001 20:05:23 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id UAA20582; Sun, 15 Jul 2001 20:50:08 -0600 (MDT) Date: Sun, 15 Jul 2001 20:50:08 -0600 (MDT) From: "Forrest W. Christian" To: Troy Settle Cc: freebsd-isp@FreeBSD.ORG Subject: RE: rblsmtpd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can you discuss the pricing on here? I sent them a note and haven't heard back from them yet (suspect they are swamped). On Sun, 15 Jul 2001, Troy Settle wrote: > Date: Sun, 15 Jul 2001 20:07:18 -0400 > From: Troy Settle > To: freebsd-isp@FreeBSD.ORG > Subject: RE: rblsmtpd > > > ORBS gone (no big deal for me), but MAPS going to a fee structure for > service is troublesome. The fees aren't that bad, but having to come up > with an Annual subscription for 2k users in just 2 weeks? That's pushing > it. I've asked about monthly subscriptions, but haven' received a response > yet. Hopefully they'll work with me on it. > > -- > Troy Settle > Pulaski Networks > 540.994.4254 - 866.477.5638 > http://www.psknet.com > > > ** -----Original Message----- > ** From: owner-freebsd-isp@FreeBSD.ORG > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jan Knepper > ** Sent: Sunday, July 15, 2001 7:08 PM > ** To: Enno Davids > ** Cc: Gerry; freebsd-isp@FreeBSD.ORG > ** Subject: Re: rblsmtpd > ** > ** > ** Yeah, as a matter in fact now I have this problem I started looking at > ** http://www.mail-abuse.org/ and just read the line about zone transfers > ** and other new limitation that I was not aware of. Not too funny > ** by the way. > ** > ** Is any of you using any form of efficient mail filtering? And if so what? > ** > ** rblsmtpd has worked great so far, but I guess the internet will become > ** more and more commercial... > ** > ** Thanks! > ** Jan > ** > ** > ** > ** Enno Davids wrote: > ** > ** >| ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS > ** >| servers is set to return positive results for EVERY query, therefore > ** >| blocking ALL mail. You probably want to remove ORBS from your > ** >| configuration. > ** >| > ** >| G > ** >| > ** >| At 17:46 7/15/2001, Jan Knepper wrote: > ** >| >Hi! > ** >| > > ** >| >Anyone notice any problems in using rblsmtpd with ORBS? > ** >| >Just this afternoon between sending two messages I seem to > ** have trouble > ** >| >relaying messages. After I disabled > ** >| > > ** >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org > ** >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org > ** -rrelays.mail-abuse.org > ** >| > > ** >| >Everything went well again... > ** >| >Any ideas? > ** >| > > ** >| >Jan > ** >| > > ** > > ** >Didn't the RBL people also announce they were going to start > ** charging for > ** >access to their servers? It might be worth checking if you > ** still have access > ** >there too.... > ** > > ** > > ** >Enno. > ** > > ** > > ** >To Unsubscribe: send mail to majordomo@FreeBSD.org > ** >with "unsubscribe freebsd-isp" in the body of the message > ** > > ** > > ** > ** > ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org > ** with "unsubscribe freebsd-isp" in the body of the message > ** > ** > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 20:26:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsat.halenet.com.au (joe.halenet.com.au [203.37.141.114]) by hub.freebsd.org (Postfix) with ESMTP id 4FC6337B406 for ; Sun, 15 Jul 2001 20:26:25 -0700 (PDT) (envelope-from timbo@halenet.com.au) Received: (from root@localhost) by mailsat.halenet.com.au (8.11.1/8.11.1) id f6G3QDV00978; Mon, 16 Jul 2001 13:26:13 +1000 (EST) (envelope-from timbo@halenet.com.au) Received: from temp19 (temp23.halenet.com.au [203.37.141.123]) by mailsat.halenet.com.au (8.11.1/8.11.1av) with SMTP id f6G3QBS00959; Mon, 16 Jul 2001 13:26:12 +1000 (EST) (envelope-from timbo@halenet.com.au) Message-ID: <00e901c10da7$192a8100$6500a8c0@halenet.com.au> From: "Tim McCullagh" To: "Forrest W. Christian" , "Troy Settle" Cc: References: Subject: Re: rblsmtpd Date: Mon, 16 Jul 2001 13:26:26 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All Are these the lines that we need to remove from our sendmail .mc conf files until we can sort out the pricing issues? FEATURE(dnsbl,`rbl.maps.vix.com',`Rejected - see http://www.mail-abuse.org/rbl/' )dnl FEATURE(dnsbl,`dul.mail-abuse.org',`Dialup - see http://www.mail-abuse.org/dul/' )dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Open Relay - see http://www.mail-abuse.or g/rss/')dnl FEATURE(dnsbl,`input.orbs.org',`Open Relay - see http://www.orbs.org/')dnl Are there any others? What other options do we have? Thanks in advance Tim ----- Original Message ----- From: "Forrest W. Christian" To: "Troy Settle" Cc: Sent: Monday, 16 July 2001 12:50 Subject: RE: rblsmtpd > Can you discuss the pricing on here? I sent them a note and haven't > heard back from them yet (suspect they are swamped). > > > On Sun, 15 Jul 2001, Troy Settle wrote: > > > Date: Sun, 15 Jul 2001 20:07:18 -0400 > > From: Troy Settle > > To: freebsd-isp@FreeBSD.ORG > > Subject: RE: rblsmtpd > > > > > > ORBS gone (no big deal for me), but MAPS going to a fee structure for > > service is troublesome. The fees aren't that bad, but having to come up > > with an Annual subscription for 2k users in just 2 weeks? That's pushing > > it. I've asked about monthly subscriptions, but haven' received a response > > yet. Hopefully they'll work with me on it. > > > > -- > > Troy Settle > > Pulaski Networks > > 540.994.4254 - 866.477.5638 > > http://www.psknet.com > > > > > > ** -----Original Message----- > > ** From: owner-freebsd-isp@FreeBSD.ORG > > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jan Knepper > > ** Sent: Sunday, July 15, 2001 7:08 PM > > ** To: Enno Davids > > ** Cc: Gerry; freebsd-isp@FreeBSD.ORG > > ** Subject: Re: rblsmtpd > > ** > > ** > > ** Yeah, as a matter in fact now I have this problem I started looking at > > ** http://www.mail-abuse.org/ and just read the line about zone transfers > > ** and other new limitation that I was not aware of. Not too funny > > ** by the way. > > ** > > ** Is any of you using any form of efficient mail filtering? And if so what? > > ** > > ** rblsmtpd has worked great so far, but I guess the internet will become > > ** more and more commercial... > > ** > > ** Thanks! > > ** Jan > > ** > > ** > > ** > > ** Enno Davids wrote: > > ** > > ** >| ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS > > ** >| servers is set to return positive results for EVERY query, therefore > > ** >| blocking ALL mail. You probably want to remove ORBS from your > > ** >| configuration. > > ** >| > > ** >| G > > ** >| > > ** >| At 17:46 7/15/2001, Jan Knepper wrote: > > ** >| >Hi! > > ** >| > > > ** >| >Anyone notice any problems in using rblsmtpd with ORBS? > > ** >| >Just this afternoon between sending two messages I seem to > > ** have trouble > > ** >| >relaying messages. After I disabled > > ** >| > > > ** >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org > > ** >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org > > ** -rrelays.mail-abuse.org > > ** >| > > > ** >| >Everything went well again... > > ** >| >Any ideas? > > ** >| > > > ** >| >Jan > > ** >| > > > ** > > > ** >Didn't the RBL people also announce they were going to start > > ** charging for > > ** >access to their servers? It might be worth checking if you > > ** still have access > > ** >there too.... > > ** > > > ** > > > ** >Enno. > > ** > > > ** > > > ** >To Unsubscribe: send mail to majordomo@FreeBSD.org > > ** >with "unsubscribe freebsd-isp" in the body of the message > > ** > > > ** > > > ** > > ** > > ** > > ** To Unsubscribe: send mail to majordomo@FreeBSD.org > > ** with "unsubscribe freebsd-isp" in the body of the message > > ** > > ** > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > The Innovation Machine Ltd. P.O. Box 5749 > http://www.imach.com/ Helena, MT 59604 > Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 > ---------------------------------------------------------------------- > Protect your personal freedoms - visit http://www.lp.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 22: 7:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by hub.freebsd.org (Postfix) with SMTP id E6F0C37B401 for ; Sun, 15 Jul 2001 22:07:40 -0700 (PDT) (envelope-from troy@psknet.com) Received: (qmail 28746 invoked by uid 85); 16 Jul 2001 05:07:39 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-0.95 (uvscan: v4.1.20/v4143. . Clean. Processed in 0.39008 secs); 16 Jul 2001 05:07:39 -0000 X-Qmail-Scanner-Mail-From: troy@psknet.com via voyager.psknet.com X-Qmail-Scanner-Rcpt-To: forrestc@imach.com,freebsd-isp@FreeBSD.ORG X-Qmail-Scanner: 0.95 (No viruses found. Processed in 0.39008 secs) Received: from abyss.dashit.net (HELO abyss) (gunk@63.171.251.250) by voyager.psknet.com with SMTP; 16 Jul 2001 05:07:39 -0000 From: "Troy Settle" To: "Forrest W. Christian" Cc: Subject: RE: rblsmtpd Date: Mon, 16 Jul 2001 01:07:38 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org When/if I here anything, I'll try to remember to post back to the list. What I offered them, was to pay $150/month per 1000 users. Annually, this is more money, but as a small ISP struggling to get profitable (we're close after just 9 months), it's much easier to absorb the cost. -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com ** -----Original Message----- ** From: Forrest W. Christian [mailto:forrestc@imach.com] ** Sent: Sunday, July 15, 2001 10:50 PM ** To: Troy Settle ** Cc: freebsd-isp@FreeBSD.ORG ** Subject: RE: rblsmtpd ** ** ** Can you discuss the pricing on here? I sent them a note and haven't ** heard back from them yet (suspect they are swamped). ** ** ** On Sun, 15 Jul 2001, Troy Settle wrote: ** ** > Date: Sun, 15 Jul 2001 20:07:18 -0400 ** > From: Troy Settle ** > To: freebsd-isp@FreeBSD.ORG ** > Subject: RE: rblsmtpd ** > ** > ** > ORBS gone (no big deal for me), but MAPS going to a fee structure for ** > service is troublesome. The fees aren't that bad, but having ** to come up ** > with an Annual subscription for 2k users in just 2 weeks? ** That's pushing ** > it. I've asked about monthly subscriptions, but haven' ** received a response ** > yet. Hopefully they'll work with me on it. ** > ** > -- ** > Troy Settle ** > Pulaski Networks ** > 540.994.4254 - 866.477.5638 ** > http://www.psknet.com ** > ** > ** > ** -----Original Message----- ** > ** From: owner-freebsd-isp@FreeBSD.ORG ** > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jan Knepper ** > ** Sent: Sunday, July 15, 2001 7:08 PM ** > ** To: Enno Davids ** > ** Cc: Gerry; freebsd-isp@FreeBSD.ORG ** > ** Subject: Re: rblsmtpd ** > ** ** > ** ** > ** Yeah, as a matter in fact now I have this problem I started ** looking at ** > ** http://www.mail-abuse.org/ and just read the line about ** zone transfers ** > ** and other new limitation that I was not aware of. Not too funny ** > ** by the way. ** > ** ** > ** Is any of you using any form of efficient mail filtering? ** And if so what? ** > ** ** > ** rblsmtpd has worked great so far, but I guess the internet ** will become ** > ** more and more commercial... ** > ** ** > ** Thanks! ** > ** Jan ** > ** ** > ** ** > ** ** > ** Enno Davids wrote: ** > ** ** > ** >| ORBS is gone (as of 6/1/2001)... at least one of the ** (former) ORBS ** > ** >| servers is set to return positive results for EVERY ** query, therefore ** > ** >| blocking ALL mail. You probably want to remove ORBS from your ** > ** >| configuration. ** > ** >| ** > ** >| G ** > ** >| ** > ** >| At 17:46 7/15/2001, Jan Knepper wrote: ** > ** >| >Hi! ** > ** >| > ** > ** >| >Anyone notice any problems in using rblsmtpd with ORBS? ** > ** >| >Just this afternoon between sending two messages I seem to ** > ** have trouble ** > ** >| >relaying messages. After I disabled ** > ** >| > ** > ** >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org ** > ** >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org ** > ** -rrelays.mail-abuse.org ** > ** >| > ** > ** >| >Everything went well again... ** > ** >| >Any ideas? ** > ** >| > ** > ** >| >Jan ** > ** >| > ** > ** > ** > ** >Didn't the RBL people also announce they were going to start ** > ** charging for ** > ** >access to their servers? It might be worth checking if you ** > ** still have access ** > ** >there too.... ** > ** > ** > ** > ** > ** >Enno. ** > ** > ** > ** > ** > ** >To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** >with "unsubscribe freebsd-isp" in the body of the message ** > ** > ** > ** > ** > ** ** > ** ** > ** ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** - Forrest W. Christian (forrestc@imach.com) AC7DE ** ---------------------------------------------------------------------- ** The Innovation Machine Ltd. P.O. Box 5749 ** http://www.imach.com/ Helena, MT 59604 ** Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ** ---------------------------------------------------------------------- ** Protect your personal freedoms - visit http://www.lp.org/ ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 15 22: 9: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 6981937B403 for ; Sun, 15 Jul 2001 22:08:58 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id WAA20842; Sun, 15 Jul 2001 22:53:36 -0600 (MDT) Date: Sun, 15 Jul 2001 22:53:36 -0600 (MDT) From: "Forrest W. Christian" To: Tim McCullagh Cc: Troy Settle , freebsd-isp@FreeBSD.ORG Subject: Re: rblsmtpd In-Reply-To: <00e901c10da7$192a8100$6500a8c0@halenet.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 16 Jul 2001, Tim McCullagh wrote: > What other options do we have? www.orbl.org www.ordb.org - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 2:39:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id ABA1637B401 for ; Mon, 16 Jul 2001 02:39:26 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15M4on-000JPM-00; Mon, 16 Jul 2001 10:37:33 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15M4ou-0006Yu-00; Mon, 16 Jul 2001 10:37:40 +0100 Date: Mon, 16 Jul 2001 10:37:40 +0100 From: Paul Robinson To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010716103740.C37477@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Fri, Jul 13, 2001 at 04:37:37PM -0400 X-Scanner: exiscan *15M4on-000JPM-00*$AK$uVaDBwDcVXt/EB.zs08EV.* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 13, Bart Silverstrim wrote: > > If somebody finds a hold in FTPD and you want to patch it, you're going to > have serious downtime no matter what; I wouldn't trust binaries afterwards. > In a small ISP setting where I was (or in the place I'm working in now, if > it would be possible) I'd rather do a full reinstall of the OS or get spare > hardware and set up a replacement server to cycle in, depending on the > damage. Otherwise you could be leaving back doors open. Let me get this right.... you're sitting there one day, and you get a message from ProFTPd-announce. They have a patch for an obscure, difficult to exploit buffer overflow in the current release that your site is running. They expect this news to hit BUGTRAQ in about 4 hours time. You would reinstall the entire machine as opposed to patch the program? Thank God you don't work for me. If you have the patch, patch up. In addition where the *hell* is your MD5 database that you should have taken before the machine was connected to an external network, thereby ensuring that none of your binaries are compromised? Why aren't you running cryto-signed binaries a la Trusted? Why are you taking up valuable time reinstalling a probably uncompromised host? All I have to say is to quote from a book of quotes meant for MBA students - "Treat your time like somebody is paying for it. Because somebody is". > Also with a RO media, if a hacker gets in, it does enhance security...how do > you trojan a system you can't modify? The damage would occur to things like How do you trojan a system where only binaries compiled with your compiler can execute? How do you trojan a system without detection with RO MD5 databases? As for trojaning a system with a software-only write lock (including jumpers on hard disks or maybe !gasp! a read only mount!)... purr-lease.... I'm really not trying to start a flame war here, but I really don't think people have thought through what is effective protection for a computer system connected to the Internet in the modern world. Or rather, the ideas they have are valid for the Internet in 1998, maybe 1999, but not with the current tools available, right now, in 2001. It just doesn't make sense, and nothing I've read on this thread so far has convinced me otherwise. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 3:39:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from finland.ispro.net.tr (finland.ispro.net.tr [217.21.68.1]) by hub.freebsd.org (Postfix) with ESMTP id C050D37B406 for ; Mon, 16 Jul 2001 03:39:45 -0700 (PDT) (envelope-from kadi@ispro.net.tr) Received: from writer01 (joke.ispro.net.tr [212.174.120.249]) (authenticated) by finland.ispro.net.tr (8.11.4/8.11.2) with ESMTP id f6GAeNc55563 for ; Mon, 16 Jul 2001 13:40:23 +0300 (EEST) (envelope-from kadi@ispro.net.tr) Message-ID: <028701c10de3$fa337c60$1c02a8c0@ispro.net.tr> From: "zafer kadi" To: Subject: Date: Mon, 16 Jul 2001 13:42:04 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0281_01C10DFD.1950D7A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0281_01C10DFD.1950D7A0 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0281_01C10DFD.1950D7A0 Content-Type: text/html; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable
 
------=_NextPart_000_0281_01C10DFD.1950D7A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 7:25:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c-serv1.sopris.net (ns.sopris.net [208.44.82.2]) by hub.freebsd.org (Postfix) with ESMTP id B43B537B403 for ; Mon, 16 Jul 2001 07:25:10 -0700 (PDT) (envelope-from dale2@sopris.net) Received: from AHRENS (c-serv3.sopris.net [208.44.82.9]) by c-serv1.sopris.net (8.9.3/8.9.3) with SMTP id IAA10232; Mon, 16 Jul 2001 08:24:27 -0600 (MDT) (envelope-from dale2@sopris.net) Message-ID: <005201c10e03$aff53ce0$7301000a@AHRENS> From: "FreeBSD" To: "Jan Knepper" , "Enno Davids" Cc: "Gerry" , References: <200107152302.JAA28980@metva.com.au> <3B522249.2080106@digitaldaemon.com> Subject: Re: rblsmtpd Date: Mon, 16 Jul 2001 08:29:02 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We use Postini, www.postini.com to filter email for spam and viruses. It is reasonably priced and about 90% effective. Dale ----- Original Message ----- From: "Jan Knepper" To: "Enno Davids" Cc: "Gerry" ; Sent: Sunday, July 15, 2001 5:07 PM Subject: Re: rblsmtpd > Yeah, as a matter in fact now I have this problem I started looking at > http://www.mail-abuse.org/ and just read the line about zone transfers > and other new limitation that I was not aware of. Not too funny by the way. > > Is any of you using any form of efficient mail filtering? And if so what? > > rblsmtpd has worked great so far, but I guess the internet will become > more and more commercial... > > Thanks! > Jan > > > > Enno Davids wrote: > > >| ORBS is gone (as of 6/1/2001)... at least one of the (former) ORBS > >| servers is set to return positive results for EVERY query, therefore > >| blocking ALL mail. You probably want to remove ORBS from your > >| configuration. > >| > >| G > >| > >| At 17:46 7/15/2001, Jan Knepper wrote: > >| >Hi! > >| > > >| >Anyone notice any problems in using rblsmtpd with ORBS? > >| >Just this afternoon between sending two messages I seem to have trouble > >| >relaying messages. After I disabled > >| > > >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org > >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org -rrelays.mail-abuse.or g > >| > > >| >Everything went well again... > >| >Any ideas? > >| > > >| >Jan > >| > > > > >Didn't the RBL people also announce they were going to start charging for > >access to their servers? It might be worth checking if you still have access > >there too.... > > > > > >Enno. > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 10:43: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id 1088737B406; Mon, 16 Jul 2001 10:42:57 -0700 (PDT) (envelope-from matt-l@pacbell.net) Received: from fire (1Cust227.tnt1.pasadena.ca.da.uu.net [63.28.226.227]) by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id KAA22920; Mon, 16 Jul 2001 10:42:55 -0700 (PDT) Message-ID: <001b01c10e1d$e1d4e1b0$6503c23f@XGforce.com> Reply-To: "matt" From: "matt" To: , Cc: "FreeBSD-ISP" Subject: router question Date: Mon, 16 Jul 2001 10:36:41 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does anyone know if there's a inbound T1 line with RJ45 connector will work with my FreeBSD box without connecting to a CISCO router first? In another word, hook FreeBSD box directly to the T1's RJ45. Or i have to buy a CISCO router to have the T1 RJ45 connect to it, then from router to a switch, and then to FreeBSD? ====================================== WWW.XGFORCE.COM The Next Generation Load Balance and Fail Safe Server Clustering Software for the Internet. ====================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 10:49: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sunmail.evertek.net (evertek.net [167.142.171.47]) by hub.freebsd.org (Postfix) with ESMTP id 3CF1F37B401 for ; Mon, 16 Jul 2001 10:48:55 -0700 (PDT) (envelope-from jbumsted@evertek.net) Received: from ibmtp (st253.evertek.net [207.177.63.253]) by sunmail.evertek.net (8.9.3+Sun/8.9.3) with SMTP id MAA05903 for ; Mon, 16 Jul 2001 12:46:20 -0500 (CDT) From: "Jamie Bumsted" To: Subject: RE: router question Date: Mon, 16 Jul 2001 12:45:42 -0500 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C10DF5.3960AC30" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C10DF5.3960AC30 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit >Does anyone know if there's a inbound T1 line with RJ45 >connector will work with my FreeBSD box without >connecting to a CISCO router first? In another word, >hook FreeBSD box directly to the T1's RJ45. Yes you could do this, but only if you have a DTE/DCE T-1 card in your FreeBSD box. The RJ-45 does not imply ethernet. >Or i have to buy a CISCO router to have the T1 RJ45 >connect to it, then from router to a switch, and then to >FreeBSD? You could do this, or you could go directly from the router's ethernet port to the FreeBSD box. ------=_NextPart_000_000E_01C10DF5.3960AC30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

>Does = anyone know if=20 there's a inbound T1 line with RJ45

>connector = will work=20 with my FreeBSD box without

>connecting = to a CISCO=20 router first? In another word,

>hook = FreeBSD box=20 directly to the T1's RJ45.

       &nbs= p;   =20 Yes you could do this, but only if you have a DTE/DCE T-1 card in your = FreeBSD=20 box.  The RJ-45 does not imply ethernet. 

>Or i have = to buy a=20 CISCO router to have the T1 RJ45

>connect to = it, then=20 from router to a switch, and then to

>FreeBSD?

       &nbs= p;  =20 You could do this, or you could go directly from the router's ethernet = port to=20 the FreeBSD box.

 

 

------=_NextPart_000_000E_01C10DF5.3960AC30-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 10:50:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from zero.namba1.com (zero.namba1.com [64.75.169.20]) by hub.freebsd.org (Postfix) with ESMTP id 9811037B401; Mon, 16 Jul 2001 10:50:13 -0700 (PDT) (envelope-from aaron@namba1.com) Received: from [134.173.120.17] by zero.namba1.com (NTMail 5.02.0001/QC8568.34.ce8cdec7) with ESMTP id qiibaaaa for freebsd-hackers@freebsd.org; Mon, 16 Jul 2001 07:50:07 -1000 From: "Aaron Namba" To: "matt" , , Cc: "FreeBSD-ISP" Subject: RE: router question Date: Mon, 16 Jul 2001 10:49:44 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <001b01c10e1d$e1d4e1b0$6503c23f@XGforce.com> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Depends of course on whether you need routing... -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of matt Sent: Monday, July 16, 2001 10:37 AM To: freebsd-hackers@freebsd.org; freebsd-net@freebsd.org Cc: FreeBSD-ISP Subject: router question Does anyone know if there's a inbound T1 line with RJ45 connector will work with my FreeBSD box without connecting to a CISCO router first? In another word, hook FreeBSD box directly to the T1's RJ45. Or i have to buy a CISCO router to have the T1 RJ45 connect to it, then from router to a switch, and then to FreeBSD? ====================================== WWW.XGFORCE.COM The Next Generation Load Balance and Fail Safe Server Clustering Software for the Internet. ====================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 10:52:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from zero.namba1.com (zero.namba1.com [64.75.169.20]) by hub.freebsd.org (Postfix) with ESMTP id 74A3C37B401 for ; Mon, 16 Jul 2001 10:52:14 -0700 (PDT) (envelope-from aaron@namba1.com) Received: from [134.173.120.17] by zero.namba1.com (NTMail 5.02.0001/QC8568.34.ce8cdec7) with ESMTP id siibaaaa for freebsd-isp@freebsd.org; Mon, 16 Jul 2001 07:52:12 -1000 From: "Aaron Namba" To: "Jamie Bumsted" , Subject: RE: router question Date: Mon, 16 Jul 2001 10:51:49 -0700 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002A_01C10DE5.50CC6950" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_002A_01C10DE5.50CC6950 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sorry about that. I assumed that an RJ-45 did imply ethernet, i.e. the T-1 had already gone through a CSU/DSU or something. -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jamie Bumsted Sent: Monday, July 16, 2001 10:46 AM To: freebsd-isp@freebsd.org Subject: RE: router question >Does anyone know if there's a inbound T1 line with RJ45 >connector will work with my FreeBSD box without >connecting to a CISCO router first? In another word, >hook FreeBSD box directly to the T1's RJ45. Yes you could do this, but only if you have a DTE/DCE T-1 card in your FreeBSD box. The RJ-45 does not imply ethernet. >Or i have to buy a CISCO router to have the T1 RJ45 >connect to it, then from router to a switch, and then to >FreeBSD? You could do this, or you could go directly from the router's ethernet port to the FreeBSD box. ------=_NextPart_000_002A_01C10DE5.50CC6950 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Sorry=20 about that. I assumed that an RJ-45 did imply ethernet, i.e. the T-1 had = already=20 gone through a CSU/DSU or something.
-----Original Message-----
From:=20 owner-freebsd-isp@FreeBSD.ORG = [mailto:owner-freebsd-isp@FreeBSD.ORG]On=20 Behalf Of Jamie Bumsted
Sent: Monday, July 16, 2001 = 10:46=20 AM
To: freebsd-isp@freebsd.org
Subject: RE: router = question

>Does = anyone know if=20 there's a inbound T1 line with RJ45

>connector will work=20 with my FreeBSD box without

>connecting to a=20 CISCO router first? In another word,

>hook = FreeBSD box=20 directly to the T1's RJ45.

       &nbs= p;   =20 Yes you could do this, but only if you have a DTE/DCE T-1 card in your = FreeBSD=20 box.  The RJ-45 does not imply ethernet. 

>Or i = have to buy a=20 CISCO router to have the T1 RJ45

>connect = to it, then=20 from router to a switch, and then to

>FreeBSD?

       &nbs= p;  =20 You could do this, or you could go directly from the router's ethernet = port to=20 the FreeBSD box.

 

 

------=_NextPart_000_002A_01C10DE5.50CC6950-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 10:55:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-d02.mx.aol.com (imo-d02.mx.aol.com [205.188.157.34]) by hub.freebsd.org (Postfix) with ESMTP id DBAD437B408 for ; Mon, 16 Jul 2001 10:55:27 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-d02.mx.aol.com (mail_out_v31.7.) id n.116.1b97948 (3964) for ; Mon, 16 Jul 2001 13:55:18 -0400 (EDT) From: Bsdguru@aol.com Message-ID: <116.1b97948.28848486@aol.com> Date: Mon, 16 Jul 2001 13:55:18 EDT Subject: Re: router question To: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 07/16/2001 1:44:19 PM Eastern Daylight Time, matt-l@pacbell.net writes: > Does anyone know if there's a inbound T1 line with RJ45 > connector will work with my FreeBSD box without > connecting to a CISCO router first? In another word, > hook FreeBSD box directly to the T1's RJ45. > You can do this with either a card with a CSU/DSU on it or with V.35 cards and external CSUs. The cisco is replaced with either. We use cards from etinc (www.etinc.com) with V.35 interfaces and Adtran CSU/DSUs. Very reliable. Bryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 11:15:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail5.carolina.rr.com (fe5.southeast.rr.com [24.93.67.52]) by hub.freebsd.org (Postfix) with ESMTP id A60C037B403; Mon, 16 Jul 2001 11:15:24 -0700 (PDT) (envelope-from khayman@carolina.rr.com) Received: from carolina.rr.com ([168.215.135.201]) by mail5.carolina.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Mon, 16 Jul 2001 14:15:22 -0400 Message-ID: <3B532F3A.95B68A8E@carolina.rr.com> Date: Mon, 16 Jul 2001 14:15:22 -0400 From: khayman X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Aaron Namba Cc: matt , freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, FreeBSD-ISP Subject: Re: router question References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org also, just because it terminates in RJ45 (and are you sure it's rj45, or does the male connector just look like it) does not mean that it is ethernet. Our cisco 7200 series routers have cards in them with what looks like rj45 ports (female). They are actually rj48 (different pin-outs i think) and are integrated csu/dsu's that'll take that connector off a channelized t1. Its actually a serial interface. I would say in all likelihood, the answer to your question is "no". You need something that'll take the serial signal off the t1 and convert it to ethernet at layer2. Unless of course you have a csu/dsu in your fBSD box. hope this helps. Aaron Namba wrote: > > Depends of course on whether you need routing... > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of matt > Sent: Monday, July 16, 2001 10:37 AM > To: freebsd-hackers@freebsd.org; freebsd-net@freebsd.org > Cc: FreeBSD-ISP > Subject: router question > > Does anyone know if there's a inbound T1 line with RJ45 > connector will work with my FreeBSD box without > connecting to a CISCO router first? In another word, > hook FreeBSD box directly to the T1's RJ45. > > Or i have to buy a CISCO router to have the T1 RJ45 > connect to it, then from router to a switch, and then to > FreeBSD? > > ====================================== > WWW.XGFORCE.COM > The Next Generation Load Balance and > Fail Safe Server Clustering Software > for the Internet. > ====================================== > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 11:23:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by hub.freebsd.org (Postfix) with ESMTP id 9525637B406; Mon, 16 Jul 2001 11:23:33 -0700 (PDT) (envelope-from rbraun@apple.com) Received: from apple.com (A17-129-100-225.apple.com [17.129.100.225]) by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id LAA11845; Mon, 16 Jul 2001 11:23:33 -0700 (PDT) Received: from scv3.apple.com (scv3.apple.com) by apple.com (Content Technologies SMTPRS 4.2.1) with ESMTP id ; Mon, 16 Jul 2001 11:23:26 -0700 Received: from ibook (il0204a-dhcp65.apple.com [17.202.45.193]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id LAA01529; Mon, 16 Jul 2001 11:23:26 -0700 (PDT) Date: Mon, 16 Jul 2001 11:21:55 -0700 X-Mailer: Apple Mail (2.402) Mime-Version: 1.0 (Apple Message framework v402) Cc: Aaron Namba , matt , freebsd-hackers@freebsd.org, freebsd-net@freebsd.org, FreeBSD-ISP Message-Id: <7059E29D-7A17-11D5-B921-003065AD81C0@ibook.apple.com> Content-Transfer-Encoding: 7bit In-Reply-To: <3B532F3A.95B68A8E@carolina.rr.com> Content-Type: text/plain; format=flowed; charset=us-ascii Subject: Re: router question From: Rob Braun To: khayman Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Several companies, one of which is LanMedia Corporation (LMC), sell PCI cards that handle T1s and include an integrated CSU/DSU. So, yes, you can terminate a T1 on your PC. Find one of these cards and you're all set. I believe FreeBSD already has a driver for the LMC cards. Rob On Monday, July 16, 2001, at 11:15 AM, khayman wrote: > also, just because it terminates in RJ45 (and are you sure it's rj45, or > does the male connector just look like it) does not mean that it is > ethernet. Our cisco 7200 series routers have cards in them with what > looks like rj45 ports (female). They are actually rj48 (different > pin-outs i think) and are integrated csu/dsu's that'll take that > connector off a channelized t1. Its actually a serial interface. > > I would say in all likelihood, the answer to your question is "no". You > need something that'll take the serial signal off the t1 and convert it > to ethernet at layer2. Unless of course you have a csu/dsu in your fBSD > box. > > hope this helps. > > Aaron Namba wrote: >> >> Depends of course on whether you need routing... >> >> -----Original Message----- >> From: owner-freebsd-isp@FreeBSD.ORG >> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of matt >> Sent: Monday, July 16, 2001 10:37 AM >> To: freebsd-hackers@freebsd.org; freebsd-net@freebsd.org >> Cc: FreeBSD-ISP >> Subject: router question >> >> Does anyone know if there's a inbound T1 line with RJ45 >> connector will work with my FreeBSD box without >> connecting to a CISCO router first? In another word, >> hook FreeBSD box directly to the T1's RJ45. >> >> Or i have to buy a CISCO router to have the T1 RJ45 >> connect to it, then from router to a switch, and then to >> FreeBSD? >> >> ====================================== >> WWW.XGFORCE.COM >> The Next Generation Load Balance and >> Fail Safe Server Clustering Software >> for the Internet. >> ====================================== >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-hackers" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 14:56:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id 4270837B403 for ; Mon, 16 Jul 2001 14:56:28 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds10m132.sarvers.com [216.37.208.132]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id ; Mon, 16 Jul 2001 17:56:16 -0400 Message-ID: <00a701c10e42$2075b560$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: "Paul Robinson" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> Subject: Re: gcc on production server Date: Mon, 16 Jul 2001 17:56:09 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Let me get this right.... you're sitting there one day, and you get a > message from ProFTPd-announce. They have a patch for an obscure, difficult > to exploit buffer overflow in the current release that your site is running. > They expect this news to hit BUGTRAQ in about 4 hours time. You would > reinstall the entire machine as opposed to patch the program? The majority of people out there *probably* find out about exploits from bugtraq or securityfocus or other sites at about the same time or later as the kidd3z out there get scripts to exploit the holes, or they are becoming better known. I know of a system that is sitting on the Internet where part of it's job is to have intrusion monitoring and logging just to see what's out there...believe me, that little obscure site gets plenty of probe attempts to it (lately mainly DNS and RPC probes are showing up). Now, I'm thinking that often those patches, the bad holes that people can root or take advantage of your site through, someone out there discovered it somehow. Maybe, if you're lucky, it was a coder that found the bug, and you can get to it in time from the notice in the lists. If you're unlucky, as I suspect that many many people out there are, you find out about it (or even become one of the initial "discoverers" of the exploit) by coming in to work one day and having thirty messages waiting for you about why your site now is the homepage for "F* THE US GOVERNMENT.COM" or some other such crap, or why your site is attempting to probe ibm.com. From that standpoint, I'd have to say that usually means someone rooted your box, and has probably taken steps via a r00tkI7 of making it a royal pain for you to do anything besides reinstall to fix it; even with AIDE or Tripwire I'd be paranoid about running the machine "dirty". So in that case, yes, I'd rather reinstall. In your scenario, the one that unless I see or hear of other statistics that show that scenario more common than the kind I just outlined I'll consider to be less common an occurance for now, then no, I'd rather not reinstall, a patch is all that's called for. People who work for companies that are big enough to have admins that can, as part of daily routine, monitor security lists for every bit of software that they're running and can take the time to do patches as needed are indeed fortunate. Some of us have to make due with limited resources and time, and do what we can to make things work. Out of curiosity, how big is the company you own/work for? From your description of the server racks it must be a pretty big operation. Usually big corporations seem to have a bureacracy in place that either works well for a department or forces people to use what's there for other reasons, regardless of how well it works or how appropriate an alternative may be. But there's always exceptions. Because I have found myself in established networks that could probably use some tweaking in some areas, but instead have to make what we have work. For me, one of my initial "tech" jobs was at a mom-and-pop size ISP. Limited budget. Very limited. Something that happens when a rural ISP starts up from a computer repair and BBS business. Because of the limited size and budget, we got creative with how to use resources. On a suggestion, we started using Linux for some services, and it saved us time and money. If my boss were closed minded to new ideas, as he was really much more closely aquainted with Windows and WinNT than anything that looked like the command-line beast Linux, they'd still be paying through the nose for whatever licensing it would take to get extra copies of NT running various services. When we had an idea for something, no matter how farfetched, he entertained the idea and we'd take some time to see if it was feasible. We did some things that made life a bit easier, and many other ideas didn't pan out for the things we needed to do. That's fine. One idea was putting the boot/sys information on a CD for certain (notice I'm not saying all?) applications...like hosting at other sites, or running servers that have a more "static" purpose. So when you say > Thank God you don't work for me. I'm afraid I would say "Thank God I don't work for you." I'm all for solid leadership and vision, but I also think that entertaining an idea for certain applications may actually prove to be beneficial in the long run for a business or organization. > If you have the patch, patch up. In addition where the *hell* is your MD5 > database that you should have taken before the machine was connected to an > external network, thereby ensuring that none of your binaries are > compromised? On a ZIP disk for the server I have at the moment, passworded and locked away in a safe, if you really would like to know. Like I tried to say before, the CD idea was for certain types of servers in certain situations. And besides that, on that type of system, what are they going to trojan if the whole filesystem is RO? And if you know your binaries have been compromised, you still have to replace them. It still takes time. Unless I'm totally missing something here. >Why aren't you running cryto-signed binaries a la Trusted? Why > are you taking up valuable time reinstalling a probably uncompromised > host? If the system WAS compromised, the "safe admin" wouldn't consider anything "probably uncompromised" in terms of binaries being replaced. They got in to the system somehow, and you never know if the bugger that got in is doing something you didn't expect or think of to compromise you again or leave back doors. >All I have to say is to quote from a book of quotes meant for MBA > students - "Treat your time like somebody is paying for it. Because somebody > is". Or "leave the system vulnerable unknowingly and they can keep paying and paying and paying." > How do you trojan a system where only binaries compiled with your compiler > can execute? How do you trojan a system without detection with RO MD5 > databases? As for trojaning a system with a software-only write lock > (including jumpers on hard disks or maybe !gasp! a read only mount!)... > purr-lease.... I've been referring to the idea of CD RO, not HD RO. I'm largely unfamiliar with using that technique; another poster brought it up and I was asking about it. I apologize for confusion of the context. You're right about the RO MD5 databases. Or at least trying without getting caught with something wrong. Unless the k1dd33 gets in for stealing information. If they stole a user account, or is a valid user (as I believe some FBI statistic report said the majority of "hacking" attacks are, but don't quote me on that) getting even, then they can still steal data from the machine or alter things. I'm pretty sure that in the race of security, there's ALWAYS a way to get around it for someone trying hard enough with time. How common is using the MD5-executable only method of setting up a machine? Is there a HOWTO on it? How many FreeBSD people on the list are using this technique? > I'm really not trying to start a flame war here, but I really don't think > people have thought through what is effective protection for a computer > system connected to the Internet in the modern world. I'm not trying to build a flame war either; I'd like to make that clear right here. It would hardly be worth the time I took responding to this if it degenerates into a flamewar, so please let's not let it do that. I like having my ideas challenged (honest!). Why? Because which is worse; having an idiotic idea that you're corrected on and feel embarassed for a little while for looking like an idiot, or having an idiotic idea and never being corrected until it bites you on the butt? Me, I'd rather be told (and given solid reasons for) why an idea is too far off to ever be feasible. But I already know of one thing that it would work for...demos (*cough*demolinux*cough*). So my idea from a few years ago can't be *all* bad. You're right on the points you made. And I also mentioned the ideas in business thing earlier...unlike what appears to come out of Redmond sometimes, ideas coming from employees trying to find ways to solve a problem that's not always "in the box" are a good source of "innovation"...and saving small businesses enough money to throw a pizza party for the employees :-) I agree that people don't consider security as much today with machines on the Internet. But there's more to factor in than incompetance or laziness. There's a legitimate problem with time in businesses...where I am, I'm in charge of buying, setting up, maintaining, inventorying, and repairing about 300 systems in five buildings without any tech staff. Oh, and phone tech support for them. It's a legitimate problem when places don't have money to hire more people to delegate certain tasks. And we make the best with what we can. Yes, there are many paper admins out there ("I got my MSCE! Yay!"), and there are many incompetant admins out there, but there are people working in places where politics and user attitudes and staffing/money constraints quell the "inner techie" of those who in their heart of hearts know there's a better way to do something with a little more time and resources...but lose out when other forces require them to act otherwise, especially when there's a constant thump of users at the door crying "make it go." It's a balance of practicality; a lot of people don't fix something unless or until they absolutely have to because there's not extra staff time to do it (or any of a myriad of other reasons). There's lots of things people *should* do and know they should do, but don't, as foolish as the result may be. You sound as if you have a solid implementation of policies and procedures, and a lot of money and resources to back that up. That's great. And I already know you'd never consider me as an employee, so I won't even ask about a job :-) But you might want to give some thought to where or how something like that could work, rather than why it wouldn't work for your setup. One last quick note; to anyone responding to this (if anyone chooses to) PLEASE don't quote the ENTIRE THING!! It's getting way to big! Out of courtesy, please snip it down to the relevant parts you want to comment on, and I apologize to people who think the time it took to download this message was a waste of connect time...but I thank you for taking the time to read down to the last sentence. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 15:26:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 42EA237B406 for ; Mon, 16 Jul 2001 15:26:53 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 714 invoked from network); 16 Jul 2001 22:26:31 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 16 Jul 2001 22:26:31 -0000 Message-ID: <011301c10e46$66da80e0$0d00a8c0@alexus> From: "alexus" To: Subject: out of entropy Date: Mon, 16 Jul 2001 18:26:47 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm sorry in advance for a cross posting, I just need to resolve this issue a.s.a.p. I'm using FreeBSD 4.3-RELEASE and latest version of bind 9 su-2.05# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST box.nexgen.com dnssec-keygen: failed to generate key box.nexgen.com/157: out of entropy su-2.05# any ideas why? and how do i get around it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 15:37:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.solveinteractive.com [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 6C27637B401 for ; Mon, 16 Jul 2001 15:37:11 -0700 (PDT) (envelope-from rch@acidpit.org) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.4/8.11.3) id f6GMYi590029 for freebsd-isp@FreeBSD.ORG; Mon, 16 Jul 2001 18:34:44 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Mon, 16 Jul 2001 18:34:43 -0400 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010716183443.A89953@acidpit.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010716103740.C37477@jake.akitanet.co.uk>; from paul@akita.co.uk on Mon, Jul 16, 2001 at 10:37:40 +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jul 16, 2001, Paul Robinson wrote: > > They expect this news to hit BUGTRAQ in about 4 hours time. You would > reinstall the entire machine as opposed to patch the program? Sometimes, that can be the safest way to insure you have clean binaries. To answer the majority of your complaints, I'm summing it all up right here. You are making the assumption that everyone is running the latest greatest releases available. You also assume that we all have the luxory of assembling, and installing the machines on our network. Some of us do actually inherit this crap. Upgrading them, while would be a dream come true for me, isn't always a possibility. I agree with what you're saying, but you have to realize that no matter how badly some of us want to do something, we just can't... -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 19:44:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from Gandalf.org (adsl-nrp8-C8B73BF7.sao.terra.com.br [200.183.59.247]) by hub.freebsd.org (Postfix) with ESMTP id A2F3937B405 for ; Mon, 16 Jul 2001 19:41:47 -0700 (PDT) (envelope-from secu@terra.com.br) Received: from localhost (localhost [127.0.0.1]) by Gandalf.org (8.10.2/8.10.2) with ESMTP id f6H2e7001668 for ; Mon, 16 Jul 2001 23:40:07 -0300 Date: Mon, 16 Jul 2001 23:40:06 -0300 (BRT) From: X-X-Sender: To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe secu@terra.com.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 20: 4: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from black.purplecat.net (ns1.purplecat.net [209.16.228.148]) by hub.freebsd.org (Postfix) with ESMTP id F01FB37B401 for ; Mon, 16 Jul 2001 20:02:16 -0700 (PDT) (envelope-from pbrezny@purplecat.net) Received: from test (ci377160-a.ashvil1.nc.home.com [24.15.65.26]) by black.purplecat.net (8.8.8/8.8.8) with SMTP id XAA00194 for ; Mon, 16 Jul 2001 23:04:57 -0400 (EDT) (envelope-from pbrezny@purplecat.net) Reply-To: From: "Peter Brezny" To: Subject: apache ssl and frontpage. Date: Mon, 16 Jul 2001 23:01:55 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm working on getting a new install working with mod-ssl and front page. Is it better to install the modssl port and apply the front page extensions, or install the front page port and add mod-ssl? Has anyone written a how to on this? TIA Peter Brezny purplecat.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 20:51:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 31E4437B40B for ; Mon, 16 Jul 2001 20:51:52 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 2560 invoked from network); 17 Jul 2001 03:51:30 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 17 Jul 2001 03:51:30 -0000 Message-ID: <002b01c10e74$1901ad20$0100a8c0@alexus> From: "alexus" To: , References: Subject: Re: apache ssl and frontpage. Date: Mon, 16 Jul 2001 23:53:53 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2479.0006 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i'd suggest you to install everything from source apache+ssl+frontpage and etc ----- Original Message ----- From: "Peter Brezny" To: Sent: Monday, July 16, 2001 11:01 PM Subject: apache ssl and frontpage. > I'm working on getting a new install working with mod-ssl and front page. > > Is it better to install the modssl port and apply the front page extensions, > or install the front page port and add mod-ssl? > > Has anyone written a how to on this? > > TIA > > Peter Brezny > purplecat.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 21: 6: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from vcnet.com (mail.vcnet.com [209.239.239.15]) by hub.freebsd.org (Postfix) with SMTP id 9AF8437B403 for ; Mon, 16 Jul 2001 21:05:59 -0700 (PDT) (envelope-from jpr@vcnet.com) Received: (qmail 92312 invoked by uid 1001); 17 Jul 2001 04:05:59 -0000 Date: Mon, 16 Jul 2001 21:05:59 -0700 From: Jon Rust To: freebsd-isp@freebsd.org Subject: Re: apache ssl and frontpage. Message-ID: <20010716210559.C71482@mail.vcnet.com> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from pbrezny@purplecat.net on Mon, Jul 16, 2001 at 11:01:55PM -0400 X-Operating-System: http://www.freebsd.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jul 16, 2001 at 11:01:55PM -0400, Peter Brezny wrote: > I'm working on getting a new install working with mod-ssl and front page. > > Is it better to install the modssl port and apply the front page extensions, > or install the front page port and add mod-ssl? > > Has anyone written a how to on this? improved mod_frontpage has a step-by-step. Unfortunately, it doesn't work with 1.3.19, only 1.3.17. But it works well. http://home.edo.uni-dortmund.de/~chripo/ jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 21: 7:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 0B9A537B406 for ; Mon, 16 Jul 2001 21:07:17 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 2725 invoked from network); 17 Jul 2001 04:06:54 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 17 Jul 2001 04:06:54 -0000 Message-ID: <001d01c10e76$3fd15de0$0100a8c0@alexus> From: "alexus" To: "Jon Rust" , References: <20010716210559.C71482@mail.vcnet.com> Subject: Re: apache ssl and frontpage. Date: Tue, 17 Jul 2001 00:09:17 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2479.0006 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sure it does it works w/ .19 and .20 fine.. it says somewhere in README ----- Original Message ----- From: "Jon Rust" To: Sent: Tuesday, July 17, 2001 12:05 AM Subject: Re: apache ssl and frontpage. > On Mon, Jul 16, 2001 at 11:01:55PM -0400, Peter Brezny wrote: > > I'm working on getting a new install working with mod-ssl and front page. > > > > Is it better to install the modssl port and apply the front page extensions, > > or install the front page port and add mod-ssl? > > > > Has anyone written a how to on this? > > improved mod_frontpage has a step-by-step. Unfortunately, it doesn't > work with 1.3.19, only 1.3.17. But it works well. > > http://home.edo.uni-dortmund.de/~chripo/ > > jon > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 16 22:53:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail13.sdc1.sfba.home.com (femail13.sdc1.sfba.home.com [24.0.95.140]) by hub.freebsd.org (Postfix) with ESMTP id 28DBA37B40C for ; Mon, 16 Jul 2001 22:53:29 -0700 (PDT) (envelope-from btdang@home.com) Received: from home.com ([24.248.85.196]) by femail13.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010717055328.MJRM20529.femail13.sdc1.sfba.home.com@home.com> for ; Mon, 16 Jul 2001 22:53:28 -0700 Message-ID: <3B53D411.77601E49@home.com> Date: Mon, 16 Jul 2001 22:58:41 -0700 From: Bruce Dang Organization: Boys & Girls Clubs X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-isp@FreeBSD.ORG Subject: Re: apache ssl and frontpage. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You might want to fetch the newest apache, modssl, and fpext (look @ modssl.org). Read the README/INSTALL and configure them properly, it is not really hard. I don't the ordering would matter much. Bruce Dang www.tbug.org Peter Brezny wrote: > > I'm working on getting a new install working with mod-ssl and front page. > > Is it better to install the modssl port and apply the front page extensions, > or install the front page port and add mod-ssl? > > Has anyone written a how to on this? > > TIA > > Peter Brezny > purplecat.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 4:19:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id B1D3537B401 for ; Tue, 17 Jul 2001 04:19:39 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15MSsY-000J7x-00; Tue, 17 Jul 2001 12:19:03 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15MSsj-000DgC-00; Tue, 17 Jul 2001 12:19:13 +0100 Date: Tue, 17 Jul 2001 12:19:13 +0100 From: Paul Robinson To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010717121913.J27087@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00a701c10e42$2075b560$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Mon, Jul 16, 2001 at 05:56:09PM -0400 X-Scanner: exiscan *15MSsY-000J7x-00*$AK$yhVcuPB.9zPXUkiv7t7GF/* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 16, Bart Silverstrim wrote: Firstly, can I suggest that you use more paragraph breaks. Your mail was bordering on unreadable due to the big mass of text. ;-) > besides reinstall to fix it; even with AIDE or Tripwire I'd be paranoid > about running the machine "dirty". So in that case, yes, I'd rather You're talking about something completely different. I'm not talking about a proven exploitation. I'm not talking about the case where there is direct evidence that your machine has been compromised. I'm talking about you keeping your daemons patched up to date. And if you are honestly stating that there are fewer patches released for software you run over say, a year, than the number of times you get rootkitted in a year, again I thank God you don't work anywhere near any equipment I operate. > People who work for companies that are big enough to have admins that can, > as part of daily routine, monitor security lists for every bit of software > that they're running and can take the time to do patches as needed are > indeed fortunate. Some of us have to make due with limited resources and We're less than 10 people and have a full-time security officer. > time, and do what we can to make things work. Out of curiosity, how big is > the company you own/work for? From your description of the server racks it > must be a pretty big operation. Usually big corporations seem to have a Not really, we have less than half a dozen permanently connected hosts. I have worked in very large sites with 100's of machines, but I like it here where things are nice and small. :-) The plan is within 12 months to move to a larger operation as we grow, but I doubt we'll ever need more than about 20 servers. Sites that operate more than that, generally, are inefficient and bloated, IME. Depends on what you're trying to do I suppose. > bureacracy in place that either works well for a department or forces people > to use what's there for other reasons, regardless of how well it works or > how appropriate an alternative may be. But there's always exceptions. > Because I have found myself in established networks that could probably use > some tweaking in some areas, but instead have to make what we have work. Build it Once and Walk Away. You should put the time and effort in at the design stage to try and get things to work well. If you spend 4 months designing and then a weekend implementing, you will find things to be a lot more stable and better suited to the app than 2 months rushed gradual implementing based on a design put together in a weekend. > ideas didn't pan out for the things we needed to do. That's fine. One idea > was putting the boot/sys information on a CD for certain (notice I'm not > saying all?) applications...like hosting at other sites, or running servers > that have a more "static" purpose. So when you say I agree with that, I'm just trying to get across to you that from a security point of view, it's a dead end. From an ease of upgrade point of view, it's great. From a point of view of being able to ensure that a customer site is running a given distro, it's a good idea. We actually use it so that a disk goes into a box, it boots off the CD, and does a custom install on the first IDE drive in the machine. As for security, all I have to say is "why bother?" just use the tools provided. > I'm afraid I would say "Thank God I don't work for you." I'm all for solid > leadership and vision, but I also think that entertaining an idea for > certain applications may actually prove to be beneficial in the long run for > a business or organization. Ho, ho, ho. Look, I've worked in a variety of sites, on a variety of applications. If you knew what some of our products were, and how they were developed you would realise I'm open to new approaches. However, we also know about security. As a company, we know a lot about security. You would not comprehend how much time and effort we as a company have spent understanding security applications from both sides of the fence. As well as running a small ISP, an IT consultancy, a computer retail operation and a publishing and graphic design company, we run a security audit and penetration testing company. We get paid $10k's to advise other companies on their security policy. We have never told them to move to read-only media as a security measure. This is not because we're not "open to new ideas". It's because we've seen it, done it, played with it, broken it, stamped on it, trashed it, written reports on it, and got paid to consider it. And the simple truth is that you will improve security and lower administrative costs by using standard installs, but using the tools provided for the security measures that are appropriate for the organisation. And the worst security risk on a network is the admin who thinks he knows about security and won't listen to what we're saying. It's their choice, their board of directors paying for the advise. If they want to use RO media, than that again, is their choice, but their administrative costs will rise, and it's attacking security from the wrong angle. > On a ZIP disk for the server I have at the moment, passworded and locked > away in a safe, if you really would like to know. Like I tried to say What the HELL is doing there? It should be on a CD, in the drive of the machine, being checked on a daily basis automatically. Or at least, that's what databases like that are there for. > before, the CD idea was for certain types of servers in certain situations. > And besides that, on that type of system, what are they going to trojan if > the whole filesystem is RO? And if you know your binaries have been > compromised, you still have to replace them. It still takes time. Unless > I'm totally missing something here. Now I see the reason why the first you know about being rootkitted is when customers start complaining, or you get mail from the admins at ibm.com... The point about all these measures is that you are supposed to be able to detect a compromise. Not prevent it. Being able to detect but not prevent is FAR more useful than thinking you can prevent (which you can never do) but are never able to detect. You're assuming an implicit trust in a piece of software on the IDE controller that says "no, I think I'm read only". > If the system WAS compromised, the "safe admin" wouldn't consider anything > "probably uncompromised" in terms of binaries being replaced. They got in > to the system somehow, and you never know if the bugger that got in is doing > something you didn't expect or think of to compromise you again or leave > back doors. The point about using MD5, signed executables, etc. is to detect compromise. The idea of being able to *very* quickly patch your daemons is about prevention. > I've been referring to the idea of CD RO, not HD RO. I'm largely unfamiliar > with using that technique; another poster brought it up and I was asking > about it. I apologize for confusion of the context. Fair enough. I've got confused in this criss-crossing of threads as well. I thought you were referring to HDD RO. CD RO is more realistic, but then you still have rising admin costs, etc. and you start to have real problems if your servers are in a co-location facility 3,000 miles away. ;-) > information. If they stole a user account, or is a valid user (as I believe > some FBI statistic report said the majority of "hacking" attacks are, but > don't quote me on that) getting even, then they can still steal data from If you give or sell shell accounts, expect to get compromised one day. The guy who does the security audits here reckons that given a shell on any machine, he'll eventually get root. And he's proved himself right every time. :-) > the machine or alter things. I'm pretty sure that in the race of security, > there's ALWAYS a way to get around it for someone trying hard enough with > time. Absolutely, which is why detection is IMHO better than attempted prevention. > How common is using the MD5-executable only method of setting up a machine? > Is there a HOWTO on it? How many FreeBSD people on the list are using this > technique? Well, all the TrustedBSD stuff is being merged at the moment into 5.0, and there has been something like $1.2 million awarded by the DoD to be spent on improving this functionality in FreeBSD, to bring it up to DoD specs. So, at the moment, it requires a lot of messing around, but we should see over the next 12 months it become more common place, and for more docs to appear. > an idiotic idea that you're corrected on and feel embarassed for a little > while for looking like an idiot, or having an idiotic idea and never being > corrected until it bites you on the butt? Me, I'd rather be told (and given Agreed, and the more we have this argument, the more I'm starting to wane to your point of view, and I can see what you're attempting to state. I just don't feel that the time and effort spent in implementing it will neccesarily give you an improvement in security in the long run, and that the admin costs can get out of control on larger sites. Therefore, I would advise that detection is a better method of protecting against compromise for the majority of applications. > solid reasons for) why an idea is too far off to ever be feasible. But I > already know of one thing that it would work for...demos > (*cough*demolinux*cough*). So my idea from a few years ago can't be *all* > bad. You're right on the points you made. Yeah, that sort of application would suit it, but more for reasons of ease of distribution, which if a factor, I have already stated is a reasonable case for bootable CD implementations. > And I also mentioned the ideas in business thing earlier...unlike what > appears to come out of Redmond sometimes, ideas coming from employees trying > to find ways to solve a problem that's not always "in the box" are a good > source of "innovation"...and saving small businesses enough money to throw a > pizza party for the employees :-) We just spend Friday afternoons in the pub instead of pizza partys. ;-) > You sound as if you have a solid implementation of policies and procedures, Ohhh, no. Don't go that far. We're fumbling as much as you are. Perhaps we've just tried more things than most. > and a lot of money and resources to back that up. That's great. And I Not at all. Quite limited on fiscal budgets, just plenty of talent and time on our hands. ;-) > already know you'd never consider me as an employee, so I won't even ask > about a job :-) But you might want to give some thought to where or how > something like that could work, rather than why it wouldn't work for your > setup. Well, like I say, I'm seeing your point, slowly. And I wouldn't neccessarily dismiss you as an employee. Providing you were female, good looking, could give good shoulder massages, etc. :-) I'm starting to calm down now, and I can see your point. > One last quick note; to anyone responding to this (if anyone chooses to) > PLEASE don't quote the ENTIRE THING!! It's getting way to big! Out of It was a biggie, and I'm suggesting we bring this thread to a close with a quick summary of where we are. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 5:27:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-72.n01.orldfl01.us.ra.verio.net [157.238.210.72]) by hub.freebsd.org (Postfix) with ESMTP id 59E4C37B401 for ; Tue, 17 Jul 2001 05:27:18 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f6HCC2982439; Tue, 17 Jul 2001 08:12:02 -0400 (EDT) (envelope-from bill) Date: Tue, 17 Jul 2001 08:10:26 -0400 From: Bill Vermillion To: Paul Robinson Cc: Bart Silverstrim , freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010717081025.A82350@wjv.com> Reply-To: bv@wjv.com References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> <20010717121913.J27087@jake.akitanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717121913.J27087@jake.akitanet.co.uk>; from paul@akita.co.uk on Tue, Jul 17, 2001 at 12:19:13PM +0100 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 17, 2001 at 12:19:13PM +0100, Paul Robinson thus sprach: > On Jul 16, Bart Silverstrim wrote: [just one or two minor comments here] > > People who work for companies that are big enough to have admins > > that can, as part of daily routine, monitor security lists for > > every bit of software that they're running and can take the time > > to do patches as needed are indeed fortunate. Some of us have to > > make due with limited resources and I've heard people mutter about trying to keep up with all the security lists, and then I point them to SANS. www.sans.org. Subscribe to their lists and you'll have 95+% of your security monitoring done for you. Sort of a one-stop place. I've had peopel thank me for pointing them out. > Build it Once and Walk Away. You should put the time and effort in > at the design stage to try and get things to work well. If we could get more people to believe in 'design' or even just a bit of planning!. > The point about all these measures is that you are supposed to > be able to detect a compromise. Not prevent it. Being able to > detect but not prevent is FAR more useful than thinking you can > prevent (which you can never do) but are never able to detect. > You're assuming an implicit trust in a piece of software on the > IDE controller that says "no, I think I'm read only". I'd surely not trust software for that. I try not to work in IDE mode and a great many SCSI devices have pins to make the device read only in HW. > > If the system WAS compromised, the "safe admin" wouldn't > > consider anything "probably uncompromised" in terms of binaries > > being replaced. They got in to the system somehow, and you never > > know if the bugger that got in is doing something you didn't > > expect or think of to compromise you again or leave back doors. > The point about using MD5, signed executables, etc. is to detect > compromise. The idea of being able to *very* quickly patch your > daemons is about prevention. > > How common is using the MD5-executable only method of setting up > > a machine? Is there a HOWTO on it? How many FreeBSD people on > > the list are using this technique? I missed part of this thread, and I'm not sure exactly what this paragraph refers to explicitly, but one way to do this is to get TCT. TCT - The Coroners Toolkit - written by Weistse Venema and Dan Farmer. Turn it loose and after it's done you'll have a complete set of MD5's for everthing on your system. Put that away somewhere OFF the machine and you'll have a way to check what has been compromised. A decent over-view but I'd really have like to seen the slides that went with the text. From the README. ---- ------------------ NOTE: If you've just been broken into and are desperate for help, read the "help-when-broken-into" file. The Coroner's Toolkit (TCT) - a Brief Introduction TCT is a collection of tools - some large, some small, some in perl, some in C - that are all either oriented towards gathering or analyzing forensic data on a Unix system. There is no single task or ultimate goal that they are directed to, but if there was a theme it'd be an effort towards the reconstruction of the past - determining as much as possible what happened with a static snapshot of a system. Most of the tools are oriented towards data collection rather than analysis - a good use of the toolkit could be for a relative neophyte in Unix forensic security to send the data to someone who does know something and can further analyze the output. (Do NOT send it to us, however! ;-)) Note that by default we don't gather *ALL* data - unallocated blocks of disks (let alone the entire contents of your media!) and raw memory are not touched by default... where would you put the results, for starters? So, as a general overview: A quick start for the impatient may be found in the "quickstart" file. The most current version of TCT may be found at both: http://www.fish.com/forensics/ http://www.porcupine.org/forensics/ To install TCT read the "INSTALL" file. A list of the contents of TCT may be found in the "MANIFEST" file. A copyright notice is in the "COPYRIGHT" file; additional copyrights might be included in individual source code files (especially look at the C source code files, which are mostly covered by IBM's open source license, in the file "LICENSE".) A general overview of the toolkit may be found in the "README" file in the "docs" subdirectory. More about TCT's design methodology and philosophy can be found in the "design-notes" file in the same directory. We hope that you enjoy this and find our work useful to you! Dan Farmer & Wietse Venema August 1st, 2000 p.s. There's a mailing list (with on-line archive) for sharing experiences. To subscribe, send a message to majordomo@porcupine.org with body (not subject): subscribe tct-users. The list will reject mail from non-members so it is unlikely to catch UCE. To unsubscribe, send mail with as body (not subject): unsubscribe tct-users. p.p.s. Some unpolished, unfinished, and perhaps not very useful tools and notes are in the "extras" subdirectory; feel free to check them out, but caveat emptor. -------------------- It's worth a look at as a minimum. I found it's quite interesting and was surprise at how much erased data could actually be recovered. Once you see that you really want to have a system that zeroes all blocks when you rm a file. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 5:58: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by hub.freebsd.org (Postfix) with SMTP id BCAE437B405 for ; Tue, 17 Jul 2001 05:57:53 -0700 (PDT) (envelope-from troy@psknet.com) Received: (qmail 98889 invoked by uid 85); 17 Jul 2001 12:57:52 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-0.95 (uvscan: v4.1.20/v4143. . Clean. Processed in 0.430171 secs); 17 Jul 2001 12:57:52 -0000 X-Qmail-Scanner-Mail-From: troy@psknet.com via voyager.psknet.com X-Qmail-Scanner-Rcpt-To: forrestc@imach.com,freebsd-isp@FreeBSD.ORG X-Qmail-Scanner: 0.95 (No viruses found. Processed in 0.430171 secs) Received: from abyss.dashit.net (HELO abyss) (gunk@63.171.251.250) by voyager.psknet.com with SMTP; 17 Jul 2001 12:57:52 -0000 From: "Troy Settle" To: "Forrest W. Christian" Cc: Subject: RE: rblsmtpd Date: Tue, 17 Jul 2001 08:57:51 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I saw a post on another list that MAPS will accept monthly payments (total/12), but I've not been able to verify this with for myself. -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Forrest W. Christian ** Sent: Sunday, July 15, 2001 10:50 PM ** To: Troy Settle ** Cc: freebsd-isp@FreeBSD.ORG ** Subject: RE: rblsmtpd ** ** ** Can you discuss the pricing on here? I sent them a note and haven't ** heard back from them yet (suspect they are swamped). ** ** ** On Sun, 15 Jul 2001, Troy Settle wrote: ** ** > Date: Sun, 15 Jul 2001 20:07:18 -0400 ** > From: Troy Settle ** > To: freebsd-isp@FreeBSD.ORG ** > Subject: RE: rblsmtpd ** > ** > ** > ORBS gone (no big deal for me), but MAPS going to a fee structure for ** > service is troublesome. The fees aren't that bad, but having ** to come up ** > with an Annual subscription for 2k users in just 2 weeks? ** That's pushing ** > it. I've asked about monthly subscriptions, but haven' ** received a response ** > yet. Hopefully they'll work with me on it. ** > ** > -- ** > Troy Settle ** > Pulaski Networks ** > 540.994.4254 - 866.477.5638 ** > http://www.psknet.com ** > ** > ** > ** -----Original Message----- ** > ** From: owner-freebsd-isp@FreeBSD.ORG ** > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jan Knepper ** > ** Sent: Sunday, July 15, 2001 7:08 PM ** > ** To: Enno Davids ** > ** Cc: Gerry; freebsd-isp@FreeBSD.ORG ** > ** Subject: Re: rblsmtpd ** > ** ** > ** ** > ** Yeah, as a matter in fact now I have this problem I started ** looking at ** > ** http://www.mail-abuse.org/ and just read the line about ** zone transfers ** > ** and other new limitation that I was not aware of. Not too funny ** > ** by the way. ** > ** ** > ** Is any of you using any form of efficient mail filtering? ** And if so what? ** > ** ** > ** rblsmtpd has worked great so far, but I guess the internet ** will become ** > ** more and more commercial... ** > ** ** > ** Thanks! ** > ** Jan ** > ** ** > ** ** > ** ** > ** Enno Davids wrote: ** > ** ** > ** >| ORBS is gone (as of 6/1/2001)... at least one of the ** (former) ORBS ** > ** >| servers is set to return positive results for EVERY ** query, therefore ** > ** >| blocking ALL mail. You probably want to remove ORBS from your ** > ** >| configuration. ** > ** >| ** > ** >| G ** > ** >| ** > ** >| At 17:46 7/15/2001, Jan Knepper wrote: ** > ** >| >Hi! ** > ** >| > ** > ** >| >Anyone notice any problems in using rblsmtpd with ORBS? ** > ** >| >Just this afternoon between sending two messages I seem to ** > ** have trouble ** > ** >| >relaying messages. After I disabled ** > ** >| > ** > ** >| >/usr/local/bin/rblsmtpd -rrbl.maps.vix.com -rmanual.orbs.org ** > ** >| >-rblackholes.mail-abuse.org -rdialups.mail-abuse.org ** > ** -rrelays.mail-abuse.org ** > ** >| > ** > ** >| >Everything went well again... ** > ** >| >Any ideas? ** > ** >| > ** > ** >| >Jan ** > ** >| > ** > ** > ** > ** >Didn't the RBL people also announce they were going to start ** > ** charging for ** > ** >access to their servers? It might be worth checking if you ** > ** still have access ** > ** >there too.... ** > ** > ** > ** > ** > ** >Enno. ** > ** > ** > ** > ** > ** >To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** >with "unsubscribe freebsd-isp" in the body of the message ** > ** > ** > ** > ** > ** ** > ** ** > ** ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** - Forrest W. Christian (forrestc@imach.com) AC7DE ** ---------------------------------------------------------------------- ** The Innovation Machine Ltd. P.O. Box 5749 ** http://www.imach.com/ Helena, MT 59604 ** Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ** ---------------------------------------------------------------------- ** Protect your personal freedoms - visit http://www.lp.org/ ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 6: 0:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from norad.inetu.net (norad.inetu.net [209.235.223.59]) by hub.freebsd.org (Postfix) with ESMTP id 7A0C737B401 for ; Tue, 17 Jul 2001 06:00:13 -0700 (PDT) (envelope-from dev@wserv8.inetu.net) Received: from wserv8.inetu.net (dopey.inetu.org [209.235.223.3]) by norad.inetu.net (8.9.3/8.9.3) with ESMTP id JAA12937 for ; Tue, 17 Jul 2001 09:03:53 -0400 (EDT) Message-ID: <3B5438A1.B7A54A1D@wserv8.inetu.net> Date: Tue, 17 Jul 2001 09:07:45 -0400 From: Dev X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We have been having a problem for the last 24-36 hours on our network. We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) Servers have started to be inaccessible through our router (and sometimes through other servers). The ARP table in our router will show an INCOMPLETE next to the Arp entry which is having trouble. These problems surface about every 30 minutes and servers will go down about every 4 hours. This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux servers). In total, about 20-30 servers. Does anyone have any ideas on what we can check? While our network is largely flat, we do route blocks of addresses directly to servers, our arp table in our router is fairly small (about 500 entries). Any help would be greatly appreciated. We have tried a lot, but cannot figure out what is causing the problem. We did not have this problem before, and many of the servers affected have been running for 1-2 years without any problems. We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR routers. Thanks. -Dev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 6:55:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from EXCHANGE.bwalk.com (exchange.bwalk.com [139.142.15.70]) by hub.freebsd.org (Postfix) with ESMTP id D2B1B37B406 for ; Tue, 17 Jul 2001 06:55:08 -0700 (PDT) (envelope-from adam@suitesystems.com) Received: by EXCHANGE.bwalk.com with Internet Mail Service (5.5.2653.19) id ; Tue, 17 Jul 2001 07:54:50 -0600 Message-ID: <493DE418616E9D48A5DB8E9FAAE1A8CF028EA410@EXCHANGE.bwalk.com> From: Adam Serediuk To: "'freebsd-isp@freebsd.org'" Subject: RE: out of entropy Date: Tue, 17 Jul 2001 07:54:43 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Use the urandom device, not random. dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n HOST box.nexgen.com -----Original Message----- From: alexus [mailto:ml@db.nexgen.com] Sent: Monday, July 16, 2001 4:27 PM To: Undisclosed-Recipient:;@FreeBSD.ORG Subject: out of entropy I'm sorry in advance for a cross posting, I just need to resolve this issue a.s.a.p. I'm using FreeBSD 4.3-RELEASE and latest version of bind 9 su-2.05# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST box.nexgen.com dnssec-keygen: failed to generate key box.nexgen.com/157: out of entropy su-2.05# any ideas why? and how do i get around it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 7: 3:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.hostorama.com (208-128-72-15.ipv4.intur.net [208.128.72.15]) by hub.freebsd.org (Postfix) with SMTP id 8241637B406 for ; Tue, 17 Jul 2001 07:03:15 -0700 (PDT) (envelope-from eric@ericwalters.com) Received: (qmail 44917 invoked from network); 17 Jul 2001 14:24:33 -0000 Received: from unknown (HELO netmon1) (12.45.139.50) by 0 with SMTP; 17 Jul 2001 14:24:33 -0000 From: "Eric Walters" To: "Dev" , Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network Date: Tue, 17 Jul 2001 09:03:13 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <3B5438A1.B7A54A1D@wserv8.inetu.net> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have seen this problem on Cisco switches in the past. Do you have any hubs plugged into the switches or have them cascaded with cross-over cables or anything? Have you checked the MAC Address table on the switches to make sure the entries are still there? I would suspect the switches first. Have you done any router or switch code upgrades recently? -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dev Sent: Tuesday, July 17, 2001 8:08 AM To: freebsd-isp@freebsd.org Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network We have been having a problem for the last 24-36 hours on our network. We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) Servers have started to be inaccessible through our router (and sometimes through other servers). The ARP table in our router will show an INCOMPLETE next to the Arp entry which is having trouble. These problems surface about every 30 minutes and servers will go down about every 4 hours. This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux servers). In total, about 20-30 servers. Does anyone have any ideas on what we can check? While our network is largely flat, we do route blocks of addresses directly to servers, our arp table in our router is fairly small (about 500 entries). Any help would be greatly appreciated. We have tried a lot, but cannot figure out what is causing the problem. We did not have this problem before, and many of the servers affected have been running for 1-2 years without any problems. We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR routers. Thanks. -Dev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 7:24:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nt-mail.inetu.net (nt-mail.inetu.net [209.235.240.9]) by hub.freebsd.org (Postfix) with ESMTP id 6A42737B403 for ; Tue, 17 Jul 2001 07:24:38 -0700 (PDT) (envelope-from dev@wserv8.inetu.net) Received: from wserv8.inetu.net (wserv8.inetu.net [209.235.192.124]) by nt-mail.inetu.net (8.9.3/8.9.3) with ESMTP id KAA60752 for ; Tue, 17 Jul 2001 10:34:51 -0400 (EDT) Date: Tue, 17 Jul 2001 10:31:45 -0400 (EDT) From: "dev.org" To: freebsd-isp@freebsd.org Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Eric, Thank you. We have Bay303 and 310's where our servers are connected. These switches uplink to our main Bay 350 which uplinks to our CAT where our routers are connected. We do use crossover cables. This problem is not limited to a single switch, but accross both 303 and 310 switches. Most of this stuff has been working fine for quite some time. Thanks so much. :) -Dev On Tue, 17 Jul 2001, Eric Walters wrote: > I have seen this problem on Cisco switches in the past. Do you have any > hubs plugged into the switches or have them cascaded with cross-over cables > or anything? Have you checked the MAC Address table on the switches to make > sure the entries are still there? I would suspect the switches first. Have > you done any router or switch code upgrades recently? > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dev > Sent: Tuesday, July 17, 2001 8:08 AM > To: freebsd-isp@freebsd.org > Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our > network > > > > We have been having a problem for the last 24-36 hours on our network. > > We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) > > Servers have started to be inaccessible through our router (and > sometimes > through other servers). > > The ARP table in our router will show an INCOMPLETE next to the Arp > entry > which is having trouble. > > These problems surface about every 30 minutes and servers will go down > about every 4 hours. > > This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux > servers). In total, about 20-30 servers. > > Does anyone have any ideas on what we can check? While our network is > largely flat, we do route blocks of addresses directly to servers, our > arp > table in our router is fairly small (about 500 entries). > > Any help would be greatly appreciated. We have tried a lot, but cannot > figure out what is causing the problem. We did not have this problem > before, and many of the servers affected have been running for 1-2 years > > without any problems. > > We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR > routers. > > Thanks. > -Dev > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 7:50:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nt-mail.inetu.net (nt-mail.inetu.net [209.235.240.9]) by hub.freebsd.org (Postfix) with ESMTP id 0175737B403 for ; Tue, 17 Jul 2001 07:50:00 -0700 (PDT) (envelope-from dev@wserv8.inetu.net) Received: from wserv8.inetu.net (wserv8.inetu.net [209.235.192.124]) by nt-mail.inetu.net (8.9.3/8.9.3) with ESMTP id LAA63102 for ; Tue, 17 Jul 2001 11:00:13 -0400 (EDT) Date: Tue, 17 Jul 2001 10:57:07 -0400 (EDT) From: "dev.org" To: freebsd-isp@FreeBSD.ORG Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network FOLLOWUP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for everyone's help so far. We have discovered our arp timeout was not set on our router (default to 4 hours). Every 4 hours the problematic servers drop off the network with incomplete ARP entries. We have changed our timeout to 0 for no timeout while we look at the problem. Does anyone have any suggestions on why ARP entries would not be updated in the router just on FreeBSD servers? They are scattered around our network, and only UNIX servers (FreeBSD in particular) are having trouble sending new ARP replies? -Dev On Tue, 17 Jul 2001, dev.org wrote: > > > Dear Eric, > > Thank you. > > We have Bay303 and 310's where our servers are connected. > > These switches uplink to our main Bay 350 which uplinks to our CAT where > our routers are connected. > > We do use crossover cables. This problem is not limited to a single > switch, but accross both 303 and 310 switches. > > Most of this stuff has been working fine for quite some time. > > Thanks so much. :) > > -Dev > > On Tue, 17 Jul 2001, Eric Walters wrote: > > > I have seen this problem on Cisco switches in the past. Do you have any > > hubs plugged into the switches or have them cascaded with cross-over cables > > or anything? Have you checked the MAC Address table on the switches to make > > sure the entries are still there? I would suspect the switches first. Have > > you done any router or switch code upgrades recently? > > > > > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dev > > Sent: Tuesday, July 17, 2001 8:08 AM > > To: freebsd-isp@freebsd.org > > Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our > > network > > > > > > > > We have been having a problem for the last 24-36 hours on our network. > > > > We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) > > > > Servers have started to be inaccessible through our router (and > > sometimes > > through other servers). > > > > The ARP table in our router will show an INCOMPLETE next to the Arp > > entry > > which is having trouble. > > > > These problems surface about every 30 minutes and servers will go down > > about every 4 hours. > > > > This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux > > servers). In total, about 20-30 servers. > > > > Does anyone have any ideas on what we can check? While our network is > > largely flat, we do route blocks of addresses directly to servers, our > > arp > > table in our router is fairly small (about 500 entries). > > > > Any help would be greatly appreciated. We have tried a lot, but cannot > > figure out what is causing the problem. We did not have this problem > > before, and many of the servers affected have been running for 1-2 years > > > > without any problems. > > > > We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR > > routers. > > > > Thanks. > > -Dev > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 7:51:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.hostorama.com (208-128-72-15.ipv4.intur.net [208.128.72.15]) by hub.freebsd.org (Postfix) with SMTP id 2A14137B403 for ; Tue, 17 Jul 2001 07:51:26 -0700 (PDT) (envelope-from eric@ericwalters.com) Received: (qmail 45427 invoked from network); 17 Jul 2001 15:12:43 -0000 Received: from unknown (HELO netmon1) (12.45.139.50) by 0 with SMTP; 17 Jul 2001 15:12:43 -0000 From: "Eric Walters" To: "dev.org" , "Eric Walters" Cc: Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network Date: Tue, 17 Jul 2001 09:51:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Any recent IOS upgrades on the routers or switches? I would begin by making sure the MAC address shows up in on the proper port on the switch it is plugged into. Once that is verified make sure the uplink switch shows that MAC address on the uplink port. Is the uplink port a true uplink or is it a cross-over? If am pretty sure the problem will end up being on the switch end and not the router. What is your CAT, 4000,5000 etc...? -----Original Message----- From: dev.org [mailto:dev@wserv8.inetu.net] Sent: Tuesday, July 17, 2001 9:15 AM To: Eric Walters Cc: freebsd-isp@FreeBSD.ORG Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network Dear Eric, Thank you. We have Bay303 and 310's where our servers are connected. These switches uplink to our main Bay 350 which uplinks to our CAT where our routers are connected. We do use crossover cables. This problem is not limited to a single switch, but accross both 303 and 310 switches. Most of this stuff has been working fine for quite some time. Thanks so much. :) -Dev On Tue, 17 Jul 2001, Eric Walters wrote: > I have seen this problem on Cisco switches in the past. Do you have any > hubs plugged into the switches or have them cascaded with cross-over cables > or anything? Have you checked the MAC Address table on the switches to make > sure the entries are still there? I would suspect the switches first. Have > you done any router or switch code upgrades recently? > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dev > Sent: Tuesday, July 17, 2001 8:08 AM > To: freebsd-isp@freebsd.org > Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our > network > > > > We have been having a problem for the last 24-36 hours on our network. > > We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) > > Servers have started to be inaccessible through our router (and > sometimes > through other servers). > > The ARP table in our router will show an INCOMPLETE next to the Arp > entry > which is having trouble. > > These problems surface about every 30 minutes and servers will go down > about every 4 hours. > > This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux > servers). In total, about 20-30 servers. > > Does anyone have any ideas on what we can check? While our network is > largely flat, we do route blocks of addresses directly to servers, our > arp > table in our router is fairly small (about 500 entries). > > Any help would be greatly appreciated. We have tried a lot, but cannot > figure out what is causing the problem. We did not have this problem > before, and many of the servers affected have been running for 1-2 years > > without any problems. > > We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR > routers. > > Thanks. > -Dev > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 7:52:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nt-mail.inetu.net (nt-mail.inetu.net [209.235.240.9]) by hub.freebsd.org (Postfix) with ESMTP id 909A837B401 for ; Tue, 17 Jul 2001 07:52:38 -0700 (PDT) (envelope-from dev@wserv8.inetu.net) Received: from wserv8.inetu.net (wserv8.inetu.net [209.235.192.124]) by nt-mail.inetu.net (8.9.3/8.9.3) with ESMTP id LAA63376; Tue, 17 Jul 2001 11:02:43 -0400 (EDT) Date: Tue, 17 Jul 2001 10:59:37 -0400 (EDT) From: "dev.org" To: Eric Walters Cc: freebsd-isp@FreeBSD.ORG Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I will find out about upgrades, but I do not think any have been done. I think we use a cross-over cable, but I will check on that as well. Our cat is a 6509. On Tue, 17 Jul 2001, Eric Walters wrote: > Any recent IOS upgrades on the routers or switches? I would begin by making > sure the MAC address shows up in on the proper port on the switch it is > plugged into. Once that is verified make sure the uplink switch shows that > MAC address on the uplink port. Is the uplink port a true uplink or is it a > cross-over? If am pretty sure the problem will end up being on the switch > end and not the router. What is your CAT, 4000,5000 etc...? > > -----Original Message----- > From: dev.org [mailto:dev@wserv8.inetu.net] > Sent: Tuesday, July 17, 2001 9:15 AM > To: Eric Walters > Cc: freebsd-isp@FreeBSD.ORG > Subject: RE: HELP NEEDED. :) ARP problems - ARP incomplete showing up on > our network > > > Dear Eric, > > Thank you. > > We have Bay303 and 310's where our servers are connected. > > These switches uplink to our main Bay 350 which uplinks to our CAT where > our routers are connected. > > We do use crossover cables. This problem is not limited to a single > switch, but accross both 303 and 310 switches. > > Most of this stuff has been working fine for quite some time. > > Thanks so much. :) > > -Dev > > On Tue, 17 Jul 2001, Eric Walters wrote: > > > I have seen this problem on Cisco switches in the past. Do you have any > > hubs plugged into the switches or have them cascaded with cross-over > cables > > or anything? Have you checked the MAC Address table on the switches to > make > > sure the entries are still there? I would suspect the switches first. > Have > > you done any router or switch code upgrades recently? > > > > > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dev > > Sent: Tuesday, July 17, 2001 8:08 AM > > To: freebsd-isp@freebsd.org > > Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our > > network > > > > > > > > We have been having a problem for the last 24-36 hours on our network. > > > > We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) > > > > Servers have started to be inaccessible through our router (and > > sometimes > > through other servers). > > > > The ARP table in our router will show an INCOMPLETE next to the Arp > > entry > > which is having trouble. > > > > These problems surface about every 30 minutes and servers will go down > > about every 4 hours. > > > > This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux > > servers). In total, about 20-30 servers. > > > > Does anyone have any ideas on what we can check? While our network is > > largely flat, we do route blocks of addresses directly to servers, our > > arp > > table in our router is fairly small (about 500 entries). > > > > Any help would be greatly appreciated. We have tried a lot, but cannot > > figure out what is causing the problem. We did not have this problem > > before, and many of the servers affected have been running for 1-2 years > > > > without any problems. > > > > We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR > > routers. > > > > Thanks. > > -Dev > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 8: 7: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 334EC37B406 for ; Tue, 17 Jul 2001 08:07:06 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 5941 invoked from network); 17 Jul 2001 15:06:40 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 17 Jul 2001 15:06:40 -0000 Message-ID: <005601c10ed2$1cdc5f90$0d00a8c0@alexus> From: "alexus" To: Subject: jail Date: Tue, 17 Jul 2001 11:06:52 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org first 3 steps is in man jail says D=/here/is/the/jail cd /usr/src make world DESTDIR=$D su-2.05# D=/usr/src/jail/ su-2.05# cd /usr/src su-2.05# pwd /usr/src su-2.05# make world DESTDIR=$D make: don't know how to make world. Stop su-2.05# what am i missin? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 8:13:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.solveinteractive.com [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 2AC1A37B401 for ; Tue, 17 Jul 2001 08:13:41 -0700 (PDT) (envelope-from rch@acidpit.org) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.4/8.11.3) id f6HFBCr92287 for freebsd-isp@FreeBSD.ORG; Tue, 17 Jul 2001 11:11:12 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Tue, 17 Jul 2001 11:11:12 -0400 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: OT: Product Search Message-ID: <20010717111112.A92268@acidpit.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry for the off-topic post. I'm looking or products similar to the SnapGear devices, except, I don't need all of those features. Really, just looking for one that will do nat, and dhcp. Yes, I know full well this can be done with FreeBSD, but that's not really an option here, as it's for a family member out of state. Any help/ideas would be appreciated thanks. -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 8:32:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id 9FD6F37B403 for ; Tue, 17 Jul 2001 08:32:49 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 3F72A27EA0B; Tue, 17 Jul 2001 19:32:45 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id DD6AD43908; Tue, 17 Jul 2001 19:32:29 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 646605F45; Tue, 17 Jul 2001 19:32:28 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 16A83CCE9; Tue, 17 Jul 2001 19:32:28 +0400 (MSD) Date: Tue, 17 Jul 2001 19:32:27 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: alexus Cc: Subject: Re: jail In-Reply-To: <005601c10ed2$1cdc5f90$0d00a8c0@alexus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001, alexus wrote: > su-2.05# D=/usr/src/jail/ > su-2.05# cd /usr/src > su-2.05# pwd > /usr/src > su-2.05# make world DESTDIR=$D > make: don't know how to make world. Stop > su-2.05# > > what am i missin? make buildworld? *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 9:14:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id EC22737B403 for ; Tue, 17 Jul 2001 09:14:05 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 6435 invoked from network); 17 Jul 2001 16:13:47 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 17 Jul 2001 16:13:47 -0000 Message-ID: <002b01c10edb$7cefedd0$0d00a8c0@alexus> From: "alexus" To: "Alexey Zakirov" Cc: References: Subject: Re: jail Date: Tue, 17 Jul 2001 12:13:59 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org make buildworld isn't this will upgrade my 4.3R to 5.0C? ----- Original Message ----- From: "Alexey Zakirov" To: "alexus" Cc: Sent: Tuesday, July 17, 2001 11:32 AM Subject: Re: jail > On Tue, 17 Jul 2001, alexus wrote: > > > su-2.05# D=/usr/src/jail/ > > su-2.05# cd /usr/src > > su-2.05# pwd > > /usr/src > > su-2.05# make world DESTDIR=$D > > make: don't know how to make world. Stop > > su-2.05# > > > > what am i missin? > > make buildworld? > > *** WBR, Alexey Zakirov (frank@agava.com) > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 9:30: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 7452237B407 for ; Tue, 17 Jul 2001 09:30:02 -0700 (PDT) (envelope-from cdf.lists@fxp.org) Received: by peitho.fxp.org (Postfix, from userid 1501) id 0F6A21360E; Tue, 17 Jul 2001 12:30:00 -0400 (EDT) Date: Tue, 17 Jul 2001 12:30:00 -0400 From: Chris Faulhaber To: alexus Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail Message-ID: <20010717123000.B28649@peitho.fxp.org> References: <005601c10ed2$1cdc5f90$0d00a8c0@alexus> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="vGgW1X5XWziG23Ko" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <005601c10ed2$1cdc5f90$0d00a8c0@alexus>; from ml@db.nexgen.com on Tue, Jul 17, 2001 at 11:06:52AM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --vGgW1X5XWziG23Ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 17, 2001 at 11:06:52AM -0400, alexus wrote: > first 3 steps is in man jail says > D=3D/here/is/the/jail > cd /usr/src > make world DESTDIR=3D$D > =20 > su-2.05# D=3D/usr/src/jail/=20 > su-2.05# cd /usr/src > su-2.05# pwd > /usr/src > su-2.05# make world DESTDIR=3D$D > make: don't know how to make world. Stop > su-2.05# =20 >=20 > what am i missin? >=20 The system sources? --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --vGgW1X5XWziG23Ko Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjtUaAgACgkQObaG4P6BelCCsACfTtimAGNkcB+sgR81LaAaXrwV AeQAn2BxqiyvhzrT0Pu/gblS/b51PURe =2TQz -----END PGP SIGNATURE----- --vGgW1X5XWziG23Ko-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 9:56: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id 0430137B401 for ; Tue, 17 Jul 2001 09:55:59 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 7065A27EA10 for ; Tue, 17 Jul 2001 20:55:56 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id B93D643AA1 for ; Tue, 17 Jul 2001 20:54:34 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id BF0C55F51 for ; Tue, 17 Jul 2001 20:54:29 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 8542ECCE6 for ; Tue, 17 Jul 2001 20:54:29 +0400 (MSD) Date: Tue, 17 Jul 2001 20:54:29 +0400 (MSD) From: Alexey Zakirov X-X-Sender: Cc: Subject: Re: jail In-Reply-To: <002b01c10edb$7cefedd0$0d00a8c0@alexus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001, alexus wrote: > make buildworld > > isn't this will upgrade my 4.3R to 5.0C? it just build a new system (not install it). So I'm use a following script to update my jails: make hierarchy DESTDIR=$INSTALLATION_PATH make install DESTDIR=$INSTALLATION_PATH cd $INSTALLATION_PATH rm -rf boot dev lkm mnt modules proc root sys cat $WORK/delete.lst | xargs chflags 0 cat $WORK/delete.lst | xargs rm -rf cat $WORK/noworld.lst | xargs chflags 0 cat $WORK/noworld.lst | xargs chmod o-rwx cat $WORK/nosuid.lst | xargs chflags 0 cat $WORK/nosuid.lst | xargs chmod ug-s *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 10:28:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-56.n01.orldfl01.us.ra.verio.net [157.238.210.56]) by hub.freebsd.org (Postfix) with ESMTP id 223FF37B401 for ; Tue, 17 Jul 2001 10:28:24 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f6HHSFn83817; Tue, 17 Jul 2001 13:28:15 -0400 (EDT) (envelope-from bill) Date: Tue, 17 Jul 2001 13:28:06 -0400 From: Bill Vermillion To: Robert Hough Cc: freebsd-isp@FreeBSD.ORG Subject: Re: OT: Product Search Message-ID: <20010717132806.I82350@wjv.com> Reply-To: bv@wjv.com References: <20010717111112.A92268@acidpit.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717111112.A92268@acidpit.org>; from rch@acidpit.org on Tue, Jul 17, 2001 at 11:11:12AM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 17, 2001 at 11:11:12AM -0400, Robert Hough thus sprach: > Sorry for the off-topic post. > I'm looking or products similar to the SnapGear devices, except, I > don't need all of those features. I'll make an off-topic reply. Just what is a 'SnapGear device'? My ESP is particularly ineffective this afternoon. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 10:30:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 5025437B401 for ; Tue, 17 Jul 2001 10:30:32 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2653.19) id ; Tue, 17 Jul 2001 13:47:17 -0400 Message-ID: From: "Drew J. Weaver" To: "'bv@wjv.com'" , Robert Hough Cc: freebsd-isp@FreeBSD.ORG Subject: RE: OT: Product Search Date: Tue, 17 Jul 2001 13:47:15 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C10EE8.843A7670" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C10EE8.843A7670 Content-Type: text/plain; charset="iso-8859-1" We're ISP not ESP =) -Drew -----Original Message----- From: Bill Vermillion [mailto:bill@wjv.com] Sent: Tuesday, July 17, 2001 1:28 PM To: Robert Hough Cc: freebsd-isp@FreeBSD.ORG Subject: Re: OT: Product Search On Tue, Jul 17, 2001 at 11:11:12AM -0400, Robert Hough thus sprach: > Sorry for the off-topic post. > I'm looking or products similar to the SnapGear devices, except, I > don't need all of those features. I'll make an off-topic reply. Just what is a 'SnapGear device'? My ESP is particularly ineffective this afternoon. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C10EE8.843A7670 Content-Type: text/html; charset="iso-8859-1" RE: OT: Product Search

We're ISP not ESP =)

-Drew


-----Original Message-----
From: Bill Vermillion [mailto:bill@wjv.com]
Sent: Tuesday, July 17, 2001 1:28 PM
To: Robert Hough
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: OT: Product Search


On Tue, Jul 17, 2001 at 11:11:12AM -0400, Robert Hough thus sprach:
> Sorry for the off-topic post.

> I'm looking or products similar to the SnapGear devices, except, I
> don't need all of those features.

I'll make an off-topic reply.  Just what is a 'SnapGear device'?

My ESP is particularly ineffective this afternoon.

--
Bill Vermillion -   bv @ wjv . com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C10EE8.843A7670-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 10:34:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.volant.org (dickson.phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (Postfix) with ESMTP id D3AB137B401 for ; Tue, 17 Jul 2001 10:34:36 -0700 (PDT) (envelope-from patl@phoenix.volant.org) Received: from asimov.phoenix.volant.org ([205.179.79.65] helo=asimov) by phoenix.volant.org with esmtp (Exim 1.92 #8) id 15MYjz-0004aw-00; Tue, 17 Jul 2001 10:34:35 -0700 Date: Tue, 17 Jul 2001 10:34:33 -0700 From: PM Lashley To: Alexey Zakirov Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail Message-ID: <552500000.995391273@asimov> In-Reply-To: References: X-Mailer: Mulberry/2.1.0b2 (SunOS/SPARC Demo) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========553337516==========" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==========553337516========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Tuesday, July 17, 2001 20:54:29 +0400 Alexey Zakirov = wrote: > On Tue, 17 Jul 2001, alexus wrote: > >> make buildworld >> >> isn't this will upgrade my 4.3R to 5.0C? > > it just build a new system (not install it). > > So I'm use a following script to update my jails: > > make hierarchy DESTDIR=3D$INSTALLATION_PATH > make install DESTDIR=3D$INSTALLATION_PATH > cd $INSTALLATION_PATH > rm -rf boot dev lkm mnt modules proc root sys > cat $WORK/delete.lst | xargs chflags 0 > cat $WORK/delete.lst | xargs rm -rf > cat $WORK/noworld.lst | xargs chflags 0 > cat $WORK/noworld.lst | xargs chmod o-rwx > cat $WORK/nosuid.lst | xargs chflags 0 > cat $WORK/nosuid.lst | xargs chmod ug-s So exactly which files do you have listed in each of the '.lst' files? Also, a nit - I'd like to point out that the above six lines would be more=20 efficient using redirection instead of cat and pipes. E.g., xargs chflags 0 < $WORK/delete.lst xargs rm -rf < $WORK/delete.lst etc. -Pat --==========553337516========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUdyoACgkQncYNbLD8wuOM2QCg5kyc/BgSa6/w0nYFhw8OqnFy MhgAoIDz5zjYpR1PXr5urz6SlkazFogw =rI2a -----END PGP SIGNATURE----- --==========553337516==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 10:39:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.solveinteractive.com [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id EA97D37B403 for ; Tue, 17 Jul 2001 10:39:28 -0700 (PDT) (envelope-from rch@acidpit.org) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.4/8.11.3) id f6HHaxW92707 for freebsd-isp@FreeBSD.ORG; Tue, 17 Jul 2001 13:36:59 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Tue, 17 Jul 2001 13:36:59 -0400 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: Re: OT: Product Search Message-ID: <20010717133659.A92688@acidpit.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drew.weaver@thenap.com on Tue, Jul 17, 2001 at 13:47:15 -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 17, 2001, Drew J. Weaver wrote: > > We're ISP not ESP =) Bill Vermillion wrote: > > > I'll make an off-topic reply. Just what is a 'SnapGear device'? > > > > My ESP is particularly ineffective this afternoon. Baah, sorry http://www.snapgear.com/ -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 11:31: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 807F637B401 for ; Tue, 17 Jul 2001 11:30:52 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id MAA26882; Tue, 17 Jul 2001 12:29:24 -0600 (MDT) Date: Tue, 17 Jul 2001 12:29:23 -0600 (MDT) From: "Forrest W. Christian" To: Dev Cc: freebsd-isp@FreeBSD.ORG Subject: Re: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our network In-Reply-To: <3B5438A1.B7A54A1D@wserv8.inetu.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You are probably being attacked. Make sure you have ICMP_BANDLIM in the kernel. Look for "Limiting .... response" messages in the syslog. increase your NMBCLUSTERS. The max recommended is 32768. I usually use 32767. When this is happening see what netstat -m shows., or look at an output of a machine which has shown this symptom and look at the max values. On Tue, 17 Jul 2001, Dev wrote: > Date: Tue, 17 Jul 2001 09:07:45 -0400 > From: Dev > To: freebsd-isp@FreeBSD.ORG > Subject: HELP NEEDED. :) ARP problems - ARP incomplete showing up on our > network > > > We have been having a problem for the last 24-36 hours on our network. > > We have about 350 servers (50% FreeBSD, 50% NT/2000 and a few Linux) > > Servers have started to be inaccessible through our router (and > sometimes > through other servers). > > The ARP table in our router will show an INCOMPLETE next to the Arp > entry > which is having trouble. > > These problems surface about every 30 minutes and servers will go down > about every 4 hours. > > This problem seems to affect ONLY FreeBSD servers (and 2 Cobalt/Linux > servers). In total, about 20-30 servers. > > Does anyone have any ideas on what we can check? While our network is > largely flat, we do route blocks of addresses directly to servers, our > arp > table in our router is fairly small (about 500 entries). > > Any help would be greatly appreciated. We have tried a lot, but cannot > figure out what is causing the problem. We did not have this problem > before, and many of the servers affected have been running for 1-2 years > > without any problems. > > We use 3COM and Intel NIC's, Nortel switches (303, 310) and a 7206VXR > routers. > > Thanks. > -Dev > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 11:50:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id 184CB37B401 for ; Tue, 17 Jul 2001 11:49:35 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 4353027EA14; Tue, 17 Jul 2001 22:49:29 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id 808C843A9C; Tue, 17 Jul 2001 22:48:33 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 0E8735F72; Tue, 17 Jul 2001 22:48:33 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id D7A00CCE6; Tue, 17 Jul 2001 22:48:32 +0400 (MSD) Date: Tue, 17 Jul 2001 22:48:32 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: PM Lashley Cc: Subject: Re: jail In-Reply-To: <552500000.995391273@asimov> Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-224132887-995395712=:78628" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-224132887-995395712=:78628 Content-Type: TEXT/PLAIN; charset=US-ASCII On Tue, 17 Jul 2001, PM Lashley wrote: > > make install DESTDIR=$INSTALLATION_PATH > > cd $INSTALLATION_PATH > > rm -rf boot dev lkm mnt modules proc root sys > > cat $WORK/delete.lst | xargs chflags 0 > > cat $WORK/delete.lst | xargs rm -rf > > cat $WORK/noworld.lst | xargs chflags 0 > > cat $WORK/noworld.lst | xargs chmod o-rwx > > cat $WORK/nosuid.lst | xargs chflags 0 > > cat $WORK/nosuid.lst | xargs chmod ug-s > > So exactly which files do you have listed in each of the '.lst' files? Sorry if this can't be appropriate for this list but I've administered public shell boxes for 3 years and I think those AREN'T important files for public shell/web hosting so I've attached those lists. > Also, a nit - I'd like to point out that the above six lines would be more > efficient using redirection instead of cat and pipes. E.g., have you ever tried to rm(1) about 1 m files? Most of shells have a pretty small buffers for it's command line arguments. And more - it's classic. *** WBR, Alexey Zakirov (frank@agava.com) --0-224132887-995395712=:78628 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="noworld.lst" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="noworld.lst" Li9iaW4vZGYNCi4vdXNyL2Jpbi9pcGNzDQouL3Vzci9iaW4vc3lzdGF0DQou L3Vzci9iaW4vdG9wDQouL3Vzci9iaW4vdm1zdGF0DQouL3Vzci9iaW4vbmV0 c3RhdA0KLi91c3IvbGliZXhlYy9mdHBkDQouL3Vzci9saWJleGVjL3RlbG5l dGQNCi4vdXNyL2xpYmV4ZWMvZmluZ2VyZA0KLi91c3Ivc2Jpbi9pbmV0ZA0K --0-224132887-995395712=:78628 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="nosuid.lst" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="nosuid.lst" Li91c3IvYmluL3NzaA0KLi91c3IvYmluL2Noc2gNCi4vdXNyL2Jpbi9jaGZu DQouL3Vzci9iaW4vY2hwYXNzDQouL3Vzci9iaW4vd3JpdGUNCi4vdXNyL2Jp bi9tYW4NCi4vdXNyL2Jpbi9sb2dpbg0KLi91c3IvYmluL3Nsb2dpbg0K --0-224132887-995395712=:78628 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="delete.lst" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="delete.lst" Li9iaW4vY2hpbw0KLi9iaW4vZGYNCi4vYmluL3JjcA0KLi9iaW4vcm1haWwN Ci4vYmluL3N5bmMNCi4vYm9vdA0KLi9tb2R1bGVzDQouL3NiaW4vYWRqa2Vy bnR6DQouL3NiaW4vYXRtDQouL3NiaW4vYmFkc2VjdA0KLi9zYmluL2NhbWNv bnRyb2wNCi4vc2Jpbi9jY2Rjb25maWcNCi4vc2Jpbi9jbHJpDQouL3NiaW4v Y29tY29udHJvbA0KLi9zYmluL2RoY2xpZW50DQouL3NiaW4vZGhjbGllbnQt c2NyaXB0DQouL3NiaW4vZGlza2xhYmVsDQouL3NiaW4vZG1lc2cNCi4vc2Jp bi9kdW1wDQouL3NiaW4vZHVtcGZzDQouL3NiaW4vZHVtcG9uDQouL3NiaW4v ZmFzdGJvb3QNCi4vc2Jpbi9mYXN0aGFsdA0KLi9zYmluL2ZkaXNrDQouL3Ni aW4vZm9yZV9kbmxkDQouL3NiaW4vZnNjaw0KLi9zYmluL2ZzZGINCi4vc2Jp bi9mc2lyYW5kDQouL3NiaW4vZnQNCi4vc2Jpbi9oYWx0DQouL3NiaW4vaWZj b25maWcNCi4vc2Jpbi9pbG1pZA0KLi9zYmluL2lwNmZ3DQouL3NiaW4vaXBm DQouL3NiaW4vaXBmc3RhdA0KLi9zYmluL2lwZncNCi4vc2Jpbi9pcG1vbg0K Li9zYmluL2lwbmF0DQouL3NiaW4va2dldA0KLi9zYmluL2tsZGxvYWQNCi4v c2Jpbi9rbGRzdGF0DQouL3NiaW4va2xkdW5sb2FkDQouL3NiaW4vbWtub2QN Ci4vc2Jpbi9tb2Rsb2FkDQouL3NiaW4vbW9kdW5sb2FkDQouL3NiaW4vbW91 bnQNCi4vc2Jpbi9tb3VudF9jZDk2NjANCi4vc2Jpbi9tb3VudF9kZXZmcw0K Li9zYmluL21vdW50X2V4dDJmcw0KLi9zYmluL21vdW50X2ZkZXNjDQouL3Ni aW4vbW91bnRfa2VybmZzDQouL3NiaW4vbW91bnRfbGlucHJvY2ZzDQouL3Ni aW4vbW91bnRfbWZzDQouL3NiaW4vbW91bnRfbXNkb3MNCi4vc2Jpbi9tb3Vu dF9uZnMNCi4vc2Jpbi9tb3VudF9udGZzDQouL3NiaW4vbW91bnRfbnVsbA0K Li9zYmluL21vdW50X253ZnMNCi4vc2Jpbi9tb3VudF9wb3J0YWwNCi4vc2Jp bi9tb3VudF9wcm9jZnMNCi4vc2Jpbi9tb3VudF9zdGQNCi4vc2Jpbi9tb3Vu dF91bWFwDQouL3NiaW4vbW91bnRfdW5pb24NCi4vc2Jpbi9tb3VudGQNCi4v c2Jpbi9uYXRkDQouL3NiaW4vbmV3ZnMNCi4vc2Jpbi9uZXdmc19tc2Rvcw0K Li9zYmluL25leHRib290DQouL3NiaW4vbmZzZA0KLi9zYmluL25mc2lvZA0K Li9zYmluL25vcy10dW4NCi4vc2Jpbi9waW5nDQouL3NiaW4vcGluZzYNCi4v c2Jpbi9xdW90YWNoZWNrDQouL3NiaW4vcmR1bXANCi4vc2Jpbi9yZWJvb3QN Ci4vc2Jpbi9yZXN0b3JlDQouL3NiaW4vcm91dGUNCi4vc2Jpbi9yb3V0ZWQN Ci4vc2Jpbi9ycmVzdG9yZQ0KLi9zYmluL3J0cXVlcnkNCi4vc2Jpbi9ydHNv bA0KLi9zYmluL3NhdmVjb3JlDQouL3NiaW4vc2h1dGRvd24NCi4vc2Jpbi9z bGF0dGFjaA0KLi9zYmluL3NwcHBjb250cm9sDQouL3NiaW4vc3RhcnRzbGlw DQouL3NiaW4vc3dhcG9uDQouL3NiaW4vc3lzY3RsDQouL3NiaW4vdHVuZWZz DQouL3NiaW4vdW1vdW50DQouL3NiaW4vdmludW0NCi4vdXNyL2Jpbi9jcnVu Y2hnZW4NCi4vdXNyL2Jpbi9jcnVuY2hpZGUNCi4vdXNyL2Jpbi9jdQ0KLi91 c3IvYmluL2Rvc2NtZA0KLi91c3IvYmluL2ZzdGF0DQouL3Vzci9iaW4vZ2Ri cmVwbGF5DQouL3Vzci9iaW4vZ2Ric2VydmVyDQouL3Vzci9iaW4vaWJjczIN Ci4vdXNyL2Jpbi9pcGNzDQouL3Vzci9iaW4vam95DQouL3Vzci9iaW4va2V5 aW5mbw0KLi91c3IvYmluL2xpbnV4DQouL3Vzci9iaW4vbG9jaw0KLi91c3Iv YmluL2xwDQouL3Vzci9iaW4vbHBxDQouL3Vzci9iaW4vbHByDQouL3Vzci9i aW4vbHBybQ0KLi91c3IvYmluL21vZHN0YXQNCi4vdXNyL2Jpbi9uZXRzdGF0 DQouL3Vzci9iaW4vbmZzc3RhdA0KLi91c3IvYmluL3Bhd2QNCi4vdXNyL2Jp bi9xdW90YQ0KLi91c3IvYmluL3Jsb2dpbg0KLi91c3IvYmluL3JzaA0KLi91 c3IvYmluL3Nhc2MNCi4vdXNyL2Jpbi9zcGVybCoNCi4vdXNyL2Jpbi9zdWlk cGVybA0KLi91c3IvYmluL3N5c3RhdA0KLi91c3IvYmluL3RvcA0KLi91c3Iv YmluL3V1Y3ANCi4vdXNyL2Jpbi91dWxvZw0KLi91c3IvYmluL3V1bmFtZQ0K Li91c3IvYmluL3V1cGljaw0KLi91c3IvYmluL3V1c2NoZWQNCi4vdXNyL2Jp bi91dXN0YXQNCi4vdXNyL2Jpbi91dXRvDQouL3Vzci9iaW4vdXV4DQouL3Vz ci9iaW4vdm1zdGF0DQouL3Vzci9iaW4vd2FsbA0KLi91c3IvYmluL3lwY2hm bg0KLi91c3IvYmluL3lwY2hwYXNzDQouL3Vzci9iaW4veXBjaHNoDQouL3Vz ci9iaW4veXBwYXNzd2QNCi4vdXNyL2dhbWVzDQouL3Vzci9saWIvbGliKl9w LmENCi4vdXNyL2xpYmRhdGEvZG9zY21kDQouL3Vzci9saWJkYXRhL2Rvc2Nt ZC9lbXNkcml2LnN5cw0KLi91c3IvbGliZGF0YS9kb3NjbWQvcmVkaXIuY29t DQouL3Vzci9saWJkYXRhL21zZG9zZnMNCi4vdXNyL2xpYmRhdGEvbXNkb3Nm cy9rb2kyZG9zDQouL3Vzci9saWJkYXRhL3N0YWxsaW9uDQouL3Vzci9saWJk YXRhL3N0YWxsaW9uLzI2ODEuc3lzDQouL3Vzci9saWJkYXRhL3N0YWxsaW9u L2Nkay5zeXMNCi4vdXNyL2xpYmV4ZWMvYm9vdHBkDQouL3Vzci9saWJleGVj L2Jvb3RwZ3cNCi4vdXNyL2xpYmV4ZWMvY29tc2F0DQouL3Vzci9saWJleGVj L2dldHR5DQouL3Vzci9saWJleGVjL2xwcg0KLi91c3IvbGliZXhlYy9scHIv bHBmDQouL3Vzci9saWJleGVjL2xwci9ydQ0KLi91c3IvbGliZXhlYy9scHIv cnUvYmpjLTI0MC5zaC5zYW1wbGUNCi4vdXNyL2xpYmV4ZWMvbHByL3J1L2tv aTJhbHQNCi4vdXNyL2xpYmV4ZWMvbWtuZXRpZA0KLi91c3IvbGliZXhlYy9u YW1lZC14ZmVyDQouL3Vzci9saWJleGVjL250YWxrZA0KLi91c3IvbGliZXhl Yy9wcHBvZWQNCi4vdXNyL2xpYmV4ZWMvcmJvb3RkDQouL3Vzci9saWJleGVj L3Jldm5ldGdyb3VwDQouL3Vzci9saWJleGVjL3JleGVjZA0KLi91c3IvbGli ZXhlYy9ybG9naW5kDQouL3Vzci9saWJleGVjL3JwYy5ycXVvdGFkDQouL3Vz ci9saWJleGVjL3JwYy5yc3RhdGQNCi4vdXNyL2xpYmV4ZWMvcnBjLnJ1c2Vy c2QNCi4vdXNyL2xpYmV4ZWMvcnBjLnJ3YWxsZA0KLi91c3IvbGliZXhlYy9y cGMuc3ByYXlkDQouL3Vzci9saWJleGVjL3JzaGQNCi4vdXNyL2xpYmV4ZWMv c2VuZG1haWwNCi4vdXNyL2xpYmV4ZWMvc20uYmluDQouL3Vzci9saWJleGVj L3RmdHBkDQouL3Vzci9saWJleGVjL3V1Y3ANCi4vdXNyL2xpYmV4ZWMvdXVj cC91dWNpY28NCi4vdXNyL2xpYmV4ZWMvdXVjcC91dXhxdA0KLi91c3IvbGli ZXhlYy91dWNwZA0KLi91c3IvbGliZXhlYy92Zm9udGVkcHINCi4vdXNyL2xp YmV4ZWMveHRlbmQNCi4vdXNyL2xpYmV4ZWMveXBwd3VwZGF0ZQ0KLi91c3Iv bGliZXhlYy95cHhmcg0KLi91c3Ivc2Jpbi9JUFhyb3V0ZWQNCi4vdXNyL3Ni aW4vYWMNCi4vdXNyL3NiaW4vYWNjdG9uDQouL3Vzci9zYmluL2FsYXcydWxh dw0KLi91c3Ivc2Jpbi9hbWQNCi4vdXNyL3NiaW4vYW1xDQouL3Vzci9zYmlu L2FuY29udHJvbA0KLi91c3Ivc2Jpbi9hcG0NCi4vdXNyL3NiaW4vYXBtY29u Zg0KLi91c3Ivc2Jpbi9hcG1kDQouL3Vzci9zYmluL2F0bWFycGQNCi4vdXNy L3NiaW4vYmFkMTQ0DQouL3Vzci9zYmluL2Jvb3QwY2ZnDQouL3Vzci9zYmlu L2Jvb3RwYXJhbWQNCi4vdXNyL3NiaW4vYm9vdHBlZg0KLi91c3Ivc2Jpbi9i b290cHRlc3QNCi4vdXNyL3NiaW4vYnR4bGQNCi4vdXNyL3NiaW4vYnVybmNk DQouL3Vzci9zYmluL2NhbGxib290ZA0KLi91c3Ivc2Jpbi9jZGNvbnRyb2wN Ci4vdXNyL3NiaW4vY2hrcHJpbnRjYXANCi4vdXNyL3NiaW4vY29uZmlnDQou L3Vzci9zYmluL2N0bQ0KLi91c3Ivc2Jpbi9jdG1fZGVxdWV1ZQ0KLi91c3Iv c2Jpbi9jdG1fcm1haWwNCi4vdXNyL3NiaW4vY3RtX3NtYWlsDQouL3Vzci9z YmluL2N1cnNvcg0KLi91c3Ivc2Jpbi9kaXNrcGFydA0KLi91c3Ivc2Jpbi9k dG1mZGVjb2RlDQouL3Vzci9zYmluL2VkcXVvdGENCi4vdXNyL3NiaW4vZmFp dGhkDQouL3Vzci9zYmluL2ZkY29udHJvbA0KLi91c3Ivc2Jpbi9mZGZvcm1h dA0KLi91c3Ivc2Jpbi9mZHdyaXRlDQouL3Vzci9zYmluL2ZpeG1vdW50DQou L3Vzci9zYmluL2ZvbnRlZGl0DQouL3Vzci9zYmluL2ZzaW5mbw0KLi91c3Iv c2Jpbi9nNzExY29udg0KLi91c3Ivc2Jpbi9naWZjb25maWcNCi4vdXNyL3Ni aW4vZ2lmY29uZmlnDQouL3Vzci9zYmluL2hsZnNkDQouL3Vzci9zYmluL2li Y3MyDQouL3Vzci9zYmluL2lmbWNzdGF0DQouL3Vzci9zYmluL2lvc3RhdA0K Li91c3Ivc2Jpbi9pcGZzdGF0DQouL3Vzci9zYmluL2lwZnRlc3QNCi4vdXNy L3NiaW4vaXBtb24NCi4vdXNyL3NiaW4vaXBuYXQNCi4vdXNyL3NiaW4vaXBy ZXNlbmQNCi4vdXNyL3NiaW4vaXBzZW5kDQouL3Vzci9zYmluL2lwdGVzdA0K Li91c3Ivc2Jpbi9pc2RuZA0KLi91c3Ivc2Jpbi9pc2RuZGVidWcNCi4vdXNy L3NiaW4vaXNkbmRlY29kZQ0KLi91c3Ivc2Jpbi9pc2RubW9uaXRvcg0KLi91 c3Ivc2Jpbi9pc2RudGVsDQouL3Vzci9zYmluL2lzZG50ZWxjdGwNCi4vdXNy L3NiaW4vaXNkbnRyYWNlDQouL3Vzci9zYmluL2lzcGN2dA0KLi91c3Ivc2Jp bi9qYWlsDQouL3Vzci9zYmluL2tiZGNvbnRyb2wNCi4vdXNyL3NiaW4va2Jk bWFwDQouL3Vzci9zYmluL2tjb24NCi4vdXNyL3NiaW4va2VybmJiDQouL3Vz ci9zYmluL2tleWFkbWluDQouL3Vzci9zYmluL2tleXNlcnYNCi4vdXNyL3Ni aW4va2dtb24NCi4vdXNyL3NiaW4va2d6aXANCi4vdXNyL3NiaW4va3ZtX21r ZGINCi4vdXNyL3NiaW4vbGludXgNCi4vdXNyL3NiaW4vbG9hZGZvbnQNCi4v dXNyL3NiaW4vbHBjDQouL3Vzci9zYmluL2xwZA0KLi91c3Ivc2Jpbi9scHRj b250cm9sDQouL3Vzci9zYmluL2xwdGVzdA0KLi91c3Ivc2Jpbi9tYWlsd3Jh cHBlcg0KLi91c3Ivc2Jpbi9tYW5jdGwNCi4vdXNyL3NiaW4vbWFwLW1ib25l DQouL3Vzci9zYmluL21jb24NCi4vdXNyL3NiaW4vbWVtY29udHJvbA0KLi91 c3Ivc2Jpbi9tZXJnZW1hc3Rlcg0KLi91c3Ivc2Jpbi9taXhlcg0KLi91c3Iv c2Jpbi9tay1hbWQtbWFwDQouL3Vzci9zYmluL21sZDZxdWVyeQ0KLi91c3Iv c2Jpbi9tbHhjb250cm9sDQouL3Vzci9zYmluL21vdXNlZA0KLi91c3Ivc2Jp bi9tcHRhYmxlDQouL3Vzci9zYmluL21yaW5mbw0KLi91c3Ivc2Jpbi9tcm91 dGVkDQouL3Vzci9zYmluL210ZXN0DQouL3Vzci9zYmluL210cmFjZQ0KLi91 c3Ivc2Jpbi9uYW1lZA0KLi91c3Ivc2Jpbi9uYW1lZC1ib290Y29uZg0KLi91 c3Ivc2Jpbi9uYW1lZC5yZWxvYWQNCi4vdXNyL3NiaW4vbmFtZWQucmVzdGFy dA0KLi91c3Ivc2Jpbi9uZGMNCi4vdXNyL3NiaW4vbmRwDQouL3Vzci9zYmlu L25nY3RsDQouL3Vzci9zYmluL25naG9vaw0KLi91c3Ivc2Jpbi9uc3VwZGF0 ZQ0KLi91c3Ivc2Jpbi9udHBkDQouL3Vzci9zYmluL250cGRhdGUNCi4vdXNy L3NiaW4vbnRwZGMNCi4vdXNyL3NiaW4vbnRwdGltZQ0KLi91c3Ivc2Jpbi9u dHB0aW1lc2V0DQouL3Vzci9zYmluL250cHRyYWNlDQouL3Vzci9zYmluL3Bh Yw0KLi91c3Ivc2Jpbi9wY2NhcmRjDQouL3Vzci9zYmluL3BjY2FyZGQNCi4v dXNyL3NiaW4vcGNpY29uZg0KLi91c3Ivc2Jpbi9waW02ZGQNCi4vdXNyL3Ni aW4vcGltNnNkDQouL3Vzci9zYmluL3BpbTZzdGF0DQouL3Vzci9zYmluL3Bt YXBfKg0KLi91c3Ivc2Jpbi9wbnBpbmZvDQouL3Vzci9zYmluL3BvcnRtYXAN Ci4vdXNyL3NiaW4vcHBwDQouL3Vzci9zYmluL3BwcGN0bA0KLi91c3Ivc2Jp bi9wcHBkDQouL3Vzci9zYmluL3BwcHN0YXRzDQouL3Vzci9zYmluL3ByZWZp eA0KLi91c3Ivc2Jpbi9wcm9jY3RsDQouL3Vzci9zYmluL3BzdGF0DQouL3Vz ci9zYmluL3F1b3QNCi4vdXNyL3NiaW4vcXVvdGFvZmYNCi4vdXNyL3NiaW4v cXVvdGFvbg0KLi91c3Ivc2Jpbi9yYXJwZA0KLi91c3Ivc2Jpbi9yZXBxdW90 YQ0KLi91c3Ivc2Jpbi9yaXA2cXVlcnkNCi4vdXNyL3NiaW4vcm10DQouL3Vz ci9zYmluL3JuZGNvbnRyb2wNCi4vdXNyL3NiaW4vcm91dGU2ZA0KLi91c3Iv c2Jpbi9ycGMubG9ja2QNCi4vdXNyL3NiaW4vcnBjLnN0YXRkDQouL3Vzci9z YmluL3JwYy51bW50YWxsDQouL3Vzci9zYmluL3JwYy55cHBhc3N3ZGQNCi4v dXNyL3NiaW4vcnBjLnlwdXBkYXRlZA0KLi91c3Ivc2Jpbi9ycGMueXB4ZnJk DQouL3Vzci9zYmluL3JyZW51bWQNCi4vdXNyL3NiaW4vcnRhZHZkDQouL3Vz ci9zYmluL3J0cHJpbw0KLi91c3Ivc2Jpbi9ydHNvbGQNCi4vdXNyL3NiaW4v cndob2QNCi4vdXNyL3NiaW4vc2Nvbg0KLi91c3Ivc2Jpbi9zY3NwZA0KLi91 c3Ivc2Jpbi9zZW5kbWFpbA0KLi91c3Ivc2Jpbi9zZXRrZXkNCi4vdXNyL3Ni aW4vc2dzYw0KLi91c3Ivc2Jpbi9zaWNvbnRyb2wNCi4vdXNyL3NiaW4vc2xp cGxvZ2luDQouL3Vzci9zYmluL3Nsc3RhdA0KLi91c3Ivc2Jpbi9zcGtydGVz dA0KLi91c3Ivc2Jpbi9zcHJheQ0KLi91c3Ivc2Jpbi9zdGxsb2FkDQouL3Vz ci9zYmluL3N0bHN0YXRzDQouL3Vzci9zYmluL3N2cjQNCi4vdXNyL3NiaW4v c3dhcGluZm8NCi4vdXNyL3NiaW4vdGNwZGNoaw0KLi91c3Ivc2Jpbi90Y3Bk bWF0Y2gNCi4vdXNyL3NiaW4vdGNwZHVtcA0KLi91c3Ivc2Jpbi90Y3BzbGlj ZQ0KLi91c3Ivc2Jpbi90aW1lZA0KLi91c3Ivc2Jpbi90aW1lZGMNCi4vdXNy L3NiaW4vdHJhY2Vyb3V0ZQ0KLi91c3Ivc2Jpbi90cmFjZXJvdXRlNg0KLi91 c3Ivc2Jpbi90cnB0DQouL3Vzci9zYmluL3R6c2V0dXANCi4vdXNyL3NiaW4v dWxhdzJhbGF3DQouL3Vzci9zYmluL3VzYmQNCi4vdXNyL3NiaW4vdXNiZGV2 cw0KLi91c3Ivc2Jpbi91dWNoaw0KLi91c3Ivc2Jpbi91dWNvbnYNCi4vdXNy L3NiaW4vdmlkY29udHJvbA0KLi91c3Ivc2Jpbi92aWRmb250DQouL3Vzci9z YmluL3ZuY29uZmlnDQouL3Vzci9zYmluL3Z0MjIwa2V5cw0KLi91c3Ivc2Jp bi92dHRlc3QNCi4vdXNyL3NiaW4vd2F0Y2gNCi4vdXNyL3NiaW4vd2ljb250 cm9sDQouL3Vzci9zYmluL3dpcmUtdGVzdA0KLi91c3Ivc2Jpbi93bGNvbmZp Zw0KLi91c3Ivc2Jpbi93b3JtY29udHJvbA0KLi91c3Ivc2Jpbi94bnRwZA0K Li91c3Ivc2Jpbi94bnRwZGMNCi4vdXNyL3NiaW4veHRlbg0KLi91c3Ivc2Jp bi95cF9ta2RiDQouL3Vzci9zYmluL3lwYmluZA0KLi91c3Ivc2Jpbi95cGlu aXQNCi4vdXNyL3NiaW4veXBwb2xsDQouL3Vzci9zYmluL3lwcHVzaA0KLi91 c3Ivc2Jpbi95cHNlcnYNCi4vdXNyL3NiaW4veXBzZXQNCi4vdXNyL3NiaW4v emR1bXANCi4vdXNyL3NiaW4vemljDQouL3Vzci9zYmluL3p6eg0KLi91c3Iv c2hhcmUvZXhhbXBsZXMvRnJlZUJTRF92ZXJzaW9uDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9GcmVlQlNEX3ZlcnNpb24vRnJlZUJTRF92ZXJzaW9uLmMNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL0ZyZWVCU0RfdmVyc2lvbi9NYWtlZmlsZQ0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvRnJlZUJTRF92ZXJzaW9uL1JFQURNRQ0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvYXRhcGkNCi4vdXNyL3NoYXJlL2V4YW1w bGVzL2F0YXBpL2J1cm5hdWRpbw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvYXRh cGkvYnVybmRhdGENCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2F0bQ0KLi91c3Iv c2hhcmUvZXhhbXBsZXMvYXRtL05PVEVTDQouL3Vzci9zaGFyZS9leGFtcGxl cy9hdG0vUkVBRE1FDQouL3Vzci9zaGFyZS9leGFtcGxlcy9hdG0vU3RhcnR1 cA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvYXRtL2F0bS1jb25maWcuc2gNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2F0bS9hdG0tc29ja2V0cy50eHQNCi4vdXNy L3NoYXJlL2V4YW1wbGVzL2F0bS9jcGNzLWRlc2lnbi50eHQNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2F0bS9mb3JlLW1pY3JvY29kZS50eHQNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2F0bS9zc2NmLWRlc2lnbi50eHQNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL2F0bS9zc2NvcC1kZXNpZ24udHh0DQouL3Vzci9zaGFyZS9l eGFtcGxlcy9ib290Zm9ydGgNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2Jvb3Rm b3J0aC9SRUFETUUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2Jvb3Rmb3J0aC9i b290LjR0aA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvYm9vdGZvcnRoL2ZyYW1l cy40dGgNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2Jvb3Rmb3J0aC9sb2FkZXIu cmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2Jvb3Rmb3J0aC9tZW51LjR0aA0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvYm9vdGZvcnRoL21lbnVjb25mLjR0aA0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvYm9vdGZvcnRoL3NjcmVlbi40dGgNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2N2cw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv Y3ZzL2NvbnRyaWINCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9jb250cmli L1JFQURNRQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvY2xt ZXJnZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvY2xuX2hp c3QNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9jb250cmliL2NvbW1pdF9w cmVwDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9jdnMydmVu ZG9yDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9jdnNfYWNs cw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvY3ZzY2hlY2sN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9jb250cmliL2N2c2NoZWNrLm1h bg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvY3ZzaGVscC5t YW4NCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9jb250cmliL2Rlc2NlbmQu bWFuDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9lYXN5LWlt cG9ydA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvaW50cm8u ZG9jDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9sb2cNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9jb250cmliL2xvZ19hY2N1bQ0KLi91 c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL2NvbnRyaWIvbWZwaXBlDQouL3Vzci9z aGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9yY3MtdG8tY3ZzDQouL3Vzci9z aGFyZS9leGFtcGxlcy9jdnMvY29udHJpYi9yY3MybG9nDQouL3Vzci9zaGFy ZS9leGFtcGxlcy9jdnMvY29udHJpYi9yY3Nsb2NrDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9jdnMvY29udHJpYi9zY2NzMnJjcw0KLi91c3Ivc2hhcmUvZXhh bXBsZXMvY3ZzL2V4YW1wbGVzDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMv cGNsLWN2cw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL3BjbC1jdnMvSU5T VEFMTA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL3BjbC1jdnMvTkVXUw0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzL3BjbC1jdnMvUkVBRE1FDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9jdnMvcGNsLWN2cy9wY2wtY3ZzLWx1Y2lkLmVs DQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnMvcGNsLWN2cy9wY2wtY3ZzLXN0 YXJ0dXAuZWwNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9wY2wtY3ZzL3Bj bC1jdnMuZWwNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2cy9wY2wtY3ZzL3Bj bC1jdnMudGV4aW5mbw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvY3ZzdXANCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2N2c3VwL1JFQURNRQ0KLi91c3Ivc2hhcmUv ZXhhbXBsZXMvY3ZzdXAvY3ZzLXN1cGZpbGUNCi4vdXNyL3NoYXJlL2V4YW1w bGVzL2N2c3VwL2RvYy1zdXBmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9j dnN1cC9nbmF0cy1zdXBmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnN1 cC9wb3J0cy1zdXBmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnN1cC9z ZWN1cmUtY3ZzLXN1cGZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2c3Vw L3NlY3VyZS1zdGFibGUtc3VwZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv Y3ZzdXAvc2VjdXJlLXN1cGZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2N2 c3VwL3N0YWJsZS1zdXBmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnN1 cC9zdGFuZGFyZC1zdXBmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9jdnN1 cC93d3ctc3VwZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZHJpdmVycw0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvZHJpdmVycy9SRUFETUUNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2RyaXZlcnMvbWFrZV9kZXZpY2VfZHJpdmVyLnNoDQou L3Vzci9zaGFyZS9leGFtcGxlcy9kcml2ZXJzL21ha2VfcGNpX2RyaXZlLnNo DQouL3Vzci9zaGFyZS9leGFtcGxlcy9kcml2ZXJzL21ha2VfcHNldWRvX2Ry aXZlci5zaA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjDQouL3Vzci9zaGFy ZS9leGFtcGxlcy9ldGMvUkVBRE1FLmV4YW1wbGVzDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9ldGMvYWxpYXNlcw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRj L2FtZC5tYXANCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9hcG1kLmNvbmYN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9hdXRoLmNvbmYNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2V0Yy9ic2Qtc3R5bGUtY29weXJpZ2h0DQouL3Vzci9z aGFyZS9leGFtcGxlcy9ldGMvY3JvbnRhYg0KLi91c3Ivc2hhcmUvZXhhbXBs ZXMvZXRjL2NzaC5jc2hyYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2Nz aC5sb2dpbg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2NzaC5sb2dvdXQN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9kZWZhdWx0cw0KLi91c3Ivc2hh cmUvZXhhbXBsZXMvZXRjL2RlZmF1bHRzL3JjLmNvbmYNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL2V0Yy9kaGNsaWVudC5jb25mDQouL3Vzci9zaGFyZS9leGFt cGxlcy9ldGMvZGlza3RhYg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2Rt LmNvbmYNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9mYnRhYg0KLi91c3Iv c2hhcmUvZXhhbXBsZXMvZXRjL2Z0cHVzZXJzDQouL3Vzci9zaGFyZS9leGFt cGxlcy9ldGMvZ2V0dHl0YWINCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9n cm91cA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2hvc3QuY29uZg0KLi91 c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2hvc3RzDQouL3Vzci9zaGFyZS9leGFt cGxlcy9ldGMvaG9zdHMuYWxsb3cNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0 Yy9ob3N0cy5lcXVpdg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2hvc3Rz LmxwZA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL2luZXRkLmNvbmYNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9sb2NhdGUucmMNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL2V0Yy9sb2dpbi5hY2Nlc3MNCi4vdXNyL3NoYXJlL2V4YW1w bGVzL2V0Yy9sb2dpbi5jb25mDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMv bWFpbC5yYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL21ha2UuY29uZg0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL21hbnBhdGguY29uZmlnDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9ldGMvbW9kZW1zDQouL3Vzci9zaGFyZS9leGFt cGxlcy9ldGMvbW90ZA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL25ldHN0 YXJ0DQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvbmV0d29ya3MNCi4vdXNy L3NoYXJlL2V4YW1wbGVzL2V0Yy9uZXdzeXNsb2cuY29uZg0KLi91c3Ivc2hh cmUvZXhhbXBsZXMvZXRjL3BhbS5jb25mDQouL3Vzci9zaGFyZS9leGFtcGxl cy9ldGMvcGNjYXJkLmNvbmYuc2FtcGxlDQouL3Vzci9zaGFyZS9leGFtcGxl cy9ldGMvcGNjYXJkX2V0aGVyDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMv cGhvbmVzDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcHJpbnRjYXANCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9wcm9maWxlDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9ldGMvcHJvdG9jb2xzDQouL3Vzci9zaGFyZS9leGFtcGxlcy9l dGMvcmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy9yYy5hdG0NCi4vdXNy L3NoYXJlL2V4YW1wbGVzL2V0Yy9yYy5kZXZmcw0KLi91c3Ivc2hhcmUvZXhh bXBsZXMvZXRjL3JjLmRpc2tsZXNzMQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv ZXRjL3JjLmRpc2tsZXNzMg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL3Jj LmZpcmV3YWxsDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcmMuaTM4Ng0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL3JjLmlzZG4NCi4vdXNyL3NoYXJl L2V4YW1wbGVzL2V0Yy9yYy5uZXR3b3JrDQouL3Vzci9zaGFyZS9leGFtcGxl cy9ldGMvcmMucGNjYXJkDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcmMu cmVzdW1lDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcmMuc2VyaWFsDQou L3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcmMuc2h1dGRvd24NCi4vdXNyL3No YXJlL2V4YW1wbGVzL2V0Yy9yYy5zdXNwZW5kDQouL3Vzci9zaGFyZS9leGFt cGxlcy9ldGMvcmVtb3RlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvcnBj DQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvc2VjdXJpdHkNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2V0Yy9zZXJ2aWNlcw0KLi91c3Ivc2hhcmUvZXhhbXBs ZXMvZXRjL3NoZWxscw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvZXRjL3NrZXku YWNjZXNzDQouL3Vzci9zaGFyZS9leGFtcGxlcy9ldGMvc3lzbG9nLmNvbmYN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2V0Yy90dHlzDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9maW5kX2ludGVyZmFjZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv ZmluZF9pbnRlcmZhY2UvTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVz L2ZpbmRfaW50ZXJmYWNlL1JFQURNRQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv ZmluZF9pbnRlcmZhY2UvZmluZF9pbnRlcmZhY2UuYw0KLi91c3Ivc2hhcmUv ZXhhbXBsZXMvaWJjczINCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2liY3MyL1JF QURNRQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvaWJjczIvaGVsbG8udXUNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2lzZG4NCi4vdXNyL3NoYXJlL2V4YW1wbGVz L2lzZG4vRkFRDQouL3Vzci9zaGFyZS9leGFtcGxlcy9pc2RuL092ZXJ2aWV3 DQouL3Vzci9zaGFyZS9leGFtcGxlcy9pc2RuL1JFQURNRQ0KLi91c3Ivc2hh cmUvZXhhbXBsZXMvaXNkbi9ST0FETUFQDQouL3Vzci9zaGFyZS9leGFtcGxl cy9pc2RuL1Jlc291cmNlcw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvaXNkbi9p c2RuZF9hY2N0DQouL3Vzci9zaGFyZS9leGFtcGxlcy9rbGQNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2tsZC9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBs ZXMva2xkL2NkZXYNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2tsZC9jZGV2L01h a2VmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9rbGQvY2Rldi9SRUFETUUN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2tsZC9jZGV2L21vZHVsZQ0KLi91c3Iv c2hhcmUvZXhhbXBsZXMva2xkL2NkZXYvbW9kdWxlL01ha2VmaWxlDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9rbGQvY2Rldi9tb2R1bGUvY2Rldi5jDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9rbGQvY2Rldi9tb2R1bGUvY2Rldi5oDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9rbGQvY2Rldi9tb2R1bGUvY2Rldm1vZC5jDQou L3Vzci9zaGFyZS9leGFtcGxlcy9rbGQvY2Rldi90ZXN0DQouL3Vzci9zaGFy ZS9leGFtcGxlcy9rbGQvY2Rldi90ZXN0L01ha2VmaWxlDQouL3Vzci9zaGFy ZS9leGFtcGxlcy9rbGQvY2Rldi90ZXN0L3Rlc3RjZGV2LmMNCi4vdXNyL3No YXJlL2V4YW1wbGVzL2tsZC9zeXNjYWxsDQouL3Vzci9zaGFyZS9leGFtcGxl cy9rbGQvc3lzY2FsbC9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv a2xkL3N5c2NhbGwvbW9kdWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9rbGQv c3lzY2FsbC9tb2R1bGUvTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVz L2tsZC9zeXNjYWxsL21vZHVsZS9zeXNjYWxsLmMNCi4vdXNyL3NoYXJlL2V4 YW1wbGVzL2tsZC9zeXNjYWxsL3Rlc3QNCi4vdXNyL3NoYXJlL2V4YW1wbGVz L2tsZC9zeXNjYWxsL3Rlc3QvTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1w bGVzL2tsZC9zeXNjYWxsL3Rlc3QvY2FsbC5jDQouL3Vzci9zaGFyZS9leGFt cGxlcy9saWJ2Z2wNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xpYnZnbC9NYWtl ZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbGlidmdsL2RlbW8uYw0KLi91 c3Ivc2hhcmUvZXhhbXBsZXMvbGttDQouL3Vzci9zaGFyZS9leGFtcGxlcy9s a20vTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9SRUFETUUN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9taXNjDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9sa20vbWlzYy9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBs ZXMvbGttL21pc2MvUkVBRE1FDQouL3Vzci9zaGFyZS9leGFtcGxlcy9sa20v bWlzYy9tb2R1bGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9taXNjL21v ZHVsZS9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbGttL21pc2Mv bW9kdWxlL21pc2NjYWxsLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9t aXNjL21vZHVsZS9taXNjbW9kLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xr bS9taXNjL3Rlc3QNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9taXNjL3Rl c3QvTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9taXNjL3Rl c3QvdGVzdG1pc2MuYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbGttL3N5c2Nh bGwNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxsL01ha2VmaWxl DQouL3Vzci9zaGFyZS9leGFtcGxlcy9sa20vc3lzY2FsbC9SRUFETUUNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxsL21vZHVsZQ0KLi91c3Iv c2hhcmUvZXhhbXBsZXMvbGttL3N5c2NhbGwvbW9kdWxlL01ha2VmaWxlDQou L3Vzci9zaGFyZS9leGFtcGxlcy9sa20vc3lzY2FsbC9tb2R1bGUvbXljYWxs LmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxsL21vZHVsZS9u ZXdzeXNjYWxsLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxs L3Rlc3QNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxsL3Rlc3Qv TWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL2xrbS9zeXNjYWxsL3Rl c3QvdGVzdHN5c2NhbGwuYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbWRvYw0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvbWRvYy9leGFtcGxlLjENCi4vdXNyL3No YXJlL2V4YW1wbGVzL21kb2MvZXhhbXBsZS4zDQouL3Vzci9zaGFyZS9leGFt cGxlcy9tZG9jL2V4YW1wbGUuNA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbWV0 ZW9yDQouL3Vzci9zaGFyZS9leGFtcGxlcy9tZXRlb3IvUkVBRE1FDQouL3Vz ci9zaGFyZS9leGFtcGxlcy9tZXRlb3IvcmdiMTYuYw0KLi91c3Ivc2hhcmUv ZXhhbXBsZXMvbWV0ZW9yL3JnYjI0LmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVz L21ldGVvci90ZXN0LW4uYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvbWV0ZW9y L3l1dnBrLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL21ldGVvci95dXZwbC5j DQouL3Vzci9zaGFyZS9leGFtcGxlcy9wZXJmbW9uDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9wZXJmbW9uL01ha2VmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxl cy9wZXJmbW9uL1JFQURNRQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvcGVyZm1v bi9wZXJmbW9uLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3BvcnRhbA0KLi91 c3Ivc2hhcmUvZXhhbXBsZXMvcG9ydGFsL1JFQURNRQ0KLi91c3Ivc2hhcmUv ZXhhbXBsZXMvcG9ydGFsL3BvcnRhbC5jb25mDQouL3Vzci9zaGFyZS9leGFt cGxlcy9wcGkNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3BwaS9NYWtlZmlsZQ0K Li91c3Ivc2hhcmUvZXhhbXBsZXMvcHBpL3BwaWxjZC5jDQouL3Vzci9zaGFy ZS9leGFtcGxlcy9wcHANCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3BwcC9jaGFw LWF1dGgNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3BwcC9pc2RuZC5yYw0KLi91 c3Ivc2hhcmUvZXhhbXBsZXMvcHBwL2xvZ2luLWF1dGgNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL3BwcC9wcHAuY29uZi5pc2RuDQouL3Vzci9zaGFyZS9leGFt cGxlcy9wcHAvcHBwLmNvbmYuc2FtcGxlDQouL3Vzci9zaGFyZS9leGFtcGxl cy9wcHAvcHBwLmNvbmYuc3Bhbi1pc3ANCi4vdXNyL3NoYXJlL2V4YW1wbGVz L3BwcC9wcHAuY29uZi5zcGFuLWlzcC53b3JraW5nDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9wcHAvcHBwLmxpbmtkb3duLnNhbXBsZQ0KLi91c3Ivc2hhcmUv ZXhhbXBsZXMvcHBwL3BwcC5saW5rZG93bi5zcGFuLWlzcA0KLi91c3Ivc2hh cmUvZXhhbXBsZXMvcHBwL3BwcC5saW5rZG93bi5zcGFuLWlzcC53b3JraW5n DQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcHAvcHBwLmxpbmt1cC5zYW1wbGUN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL3BwcC9wcHAubGlua3VwLnNwYW4taXNw DQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcHAvcHBwLmxpbmt1cC5zcGFuLWlz cC53b3JraW5nDQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcHAvcHBwLnNlY3Jl dC5zYW1wbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3BwcC9wcHAuc2VjcmV0 LnNwYW4taXNwDQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcHAvcHBwLnNlY3Jl dC5zcGFuLWlzcC53b3JraW5nDQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcmlu dGluZw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvcHJpbnRpbmcvUkVBRE1FDQou L3Vzci9zaGFyZS9leGFtcGxlcy9wcmludGluZy9kaWFibG8taWYtbmV0DQou L3Vzci9zaGFyZS9leGFtcGxlcy9wcmludGluZy9ocGRmDQouL3Vzci9zaGFy ZS9leGFtcGxlcy9wcmludGluZy9ocGlmDQouL3Vzci9zaGFyZS9leGFtcGxl cy9wcmludGluZy9ocG9mDQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcmludGlu Zy9ocHJmDQouL3Vzci9zaGFyZS9leGFtcGxlcy9wcmludGluZy9ocHZmDQou L3Vzci9zaGFyZS9leGFtcGxlcy9wcmludGluZy9pZi1zaW1wbGUNCi4vdXNy L3NoYXJlL2V4YW1wbGVzL3ByaW50aW5nL2lmLXNpbXBsZVgNCi4vdXNyL3No YXJlL2V4YW1wbGVzL3ByaW50aW5nL2lmaHANCi4vdXNyL3NoYXJlL2V4YW1w bGVzL3ByaW50aW5nL21ha2UtcHMtaGVhZGVyDQouL3Vzci9zaGFyZS9leGFt cGxlcy9wcmludGluZy9uZXRwcmludA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMv cHJpbnRpbmcvcHNkZg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvcHJpbnRpbmcv cHNkZlgNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3ByaW50aW5nL3BzaWYNCi4v dXNyL3NoYXJlL2V4YW1wbGVzL3ByaW50aW5nL3BzdGYNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL3ByaW50aW5nL3BzdGZYDQouL3Vzci9zaGFyZS9leGFtcGxl cy9zY3NpX3RhcmdldA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc2NzaV90YXJn ZXQvTWFrZWZpbGUNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3Njc2lfdGFyZ2V0 L3Njc2lfdGFyZ2V0LmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3NsYXR0YWNo DQouL3Vzci9zaGFyZS9leGFtcGxlcy9zbGF0dGFjaC91bml0LWNvbW1hbmQu c2gNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3NsaXBsb2dpbg0KLi91c3Ivc2hh cmUvZXhhbXBsZXMvc2xpcGxvZ2luL3NsaXAuaG9zdHMNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL3NsaXBsb2dpbi9zbGlwLmxvZ2luDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9zbGlwbG9naW4vc2xpcC5sb2dvdXQNCi4vdXNyL3NoYXJlL2V4 YW1wbGVzL3NsaXBsb2dpbi9zbGlwLnNscGFybXMNCi4vdXNyL3NoYXJlL2V4 YW1wbGVzL3N0YXJ0c2xpcA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3RhcnRz bGlwL3NsZG93bi5zaA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3RhcnRzbGlw L3NsaXAuc2gNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3N0YXJ0c2xpcC9zbHVw LnNoDQouL3Vzci9zaGFyZS9leGFtcGxlcy9zdW5ycGMNCi4vdXNyL3NoYXJl L2V4YW1wbGVzL3N1bnJwYy9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBs ZXMvc3VucnBjL2Rpcg0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3VucnBjL2Rp ci9NYWtlZmlsZQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3VucnBjL2Rpci9k aXIueA0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3VucnBjL2Rpci9kaXJfcHJv Yy5jDQouL3Vzci9zaGFyZS9leGFtcGxlcy9zdW5ycGMvZGlyL3Jscy5jDQou L3Vzci9zaGFyZS9leGFtcGxlcy9zdW5ycGMvbXNnDQouL3Vzci9zaGFyZS9l eGFtcGxlcy9zdW5ycGMvbXNnL01ha2VmaWxlDQouL3Vzci9zaGFyZS9leGFt cGxlcy9zdW5ycGMvbXNnL21zZy54DQouL3Vzci9zaGFyZS9leGFtcGxlcy9z dW5ycGMvbXNnL21zZ19wcm9jLmMNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3N1 bnJwYy9tc2cvcHJpbnRtc2cuYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3Vu cnBjL21zZy9ycHJpbnRtc2cuYw0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvc3Vu cnBjL3NvcnQNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3N1bnJwYy9zb3J0L01h a2VmaWxlDQouL3Vzci9zaGFyZS9leGFtcGxlcy9zdW5ycGMvc29ydC9yc29y dC5jDQouL3Vzci9zaGFyZS9leGFtcGxlcy9zdW5ycGMvc29ydC9zb3J0LngN Ci4vdXNyL3NoYXJlL2V4YW1wbGVzL3N1bnJwYy9zb3J0L3NvcnRfcHJvYy5j DQouL3Vzci9zaGFyZS9leGFtcGxlcy93b3JtDQouL3Vzci9zaGFyZS9leGFt cGxlcy93b3JtL1JFQURNRQ0KLi91c3Ivc2hhcmUvZXhhbXBsZXMvd29ybS9i dXJuY2Quc2gNCi4vdXNyL3NoYXJlL2V4YW1wbGVzL3dvcm0vbWFrZWNkZnMu c2gNCi4vdXNyL3NoYXJlL2dhbWVzDQouL3Vzci9zaGFyZS9ncm9mZl9mb250 L2RldlgxMDANCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC0xMg0K Li91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwLTEyL0NCDQouL3Vzci9z aGFyZS9ncm9mZl9mb250L2RldlgxMDAtMTIvQ0JJDQouL3Vzci9zaGFyZS9n cm9mZl9mb250L2RldlgxMDAtMTIvQ0kNCi4vdXNyL3NoYXJlL2dyb2ZmX2Zv bnQvZGV2WDEwMC0xMi9DUg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZY MTAwLTEyL0RFU0MNCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC0x Mi9IQg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwLTEyL0hCSQ0K Li91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwLTEyL0hJDQouL3Vzci9z aGFyZS9ncm9mZl9mb250L2RldlgxMDAtMTIvSFINCi4vdXNyL3NoYXJlL2dy b2ZmX2ZvbnQvZGV2WDEwMC0xMi9OQg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9u dC9kZXZYMTAwLTEyL05CSQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZY MTAwLTEyL05JDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAtMTIv TlINCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC0xMi9TDQouL3Vz ci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAtMTIvVEINCi4vdXNyL3NoYXJl L2dyb2ZmX2ZvbnQvZGV2WDEwMC0xMi9UQkkNCi4vdXNyL3NoYXJlL2dyb2Zm X2ZvbnQvZGV2WDEwMC0xMi9USQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9k ZXZYMTAwLTEyL1RSDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAv Q0INCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC9DQkkNCi4vdXNy L3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC9DSQ0KLi91c3Ivc2hhcmUvZ3Jv ZmZfZm9udC9kZXZYMTAwL0NSDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rl dlgxMDAvREVTQw0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwL0hC DQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAvSEJJDQouL3Vzci9z aGFyZS9ncm9mZl9mb250L2RldlgxMDAvSEkNCi4vdXNyL3NoYXJlL2dyb2Zm X2ZvbnQvZGV2WDEwMC9IUg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZY MTAwL05CDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAvTkJJDQou L3Vzci9zaGFyZS9ncm9mZl9mb250L2RldlgxMDAvTkkNCi4vdXNyL3NoYXJl L2dyb2ZmX2ZvbnQvZGV2WDEwMC9OUg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9u dC9kZXZYMTAwL1MNCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDEwMC9U Qg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwL1RCSQ0KLi91c3Iv c2hhcmUvZ3JvZmZfZm9udC9kZXZYMTAwL1RJDQouL3Vzci9zaGFyZS9ncm9m Zl9mb250L2RldlgxMDAvVFINCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2 WDc1DQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS0xMg0KLi91c3Iv c2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUtMTIvQ0INCi4vdXNyL3NoYXJlL2dy b2ZmX2ZvbnQvZGV2WDc1LTEyL0NCSQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9u dC9kZXZYNzUtMTIvQ0kNCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1 LTEyL0NSDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS0xMi9ERVND DQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS0xMi9IQg0KLi91c3Iv c2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUtMTIvSEJJDQouL3Vzci9zaGFyZS9n cm9mZl9mb250L2Rldlg3NS0xMi9ISQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9u dC9kZXZYNzUtMTIvSFINCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1 LTEyL05CDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS0xMi9OQkkN Ci4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1LTEyL05JDQouL3Vzci9z aGFyZS9ncm9mZl9mb250L2Rldlg3NS0xMi9OUg0KLi91c3Ivc2hhcmUvZ3Jv ZmZfZm9udC9kZXZYNzUtMTIvUw0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9k ZXZYNzUtMTIvVEINCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1LTEy L1RCSQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUtMTIvVEkNCi4v dXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1LTEyL1RSDQouL3Vzci9zaGFy ZS9ncm9mZl9mb250L2Rldlg3NS9DQg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9u dC9kZXZYNzUvQ0JJDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS9D SQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUvQ1INCi4vdXNyL3No YXJlL2dyb2ZmX2ZvbnQvZGV2WDc1L0RFU0MNCi4vdXNyL3NoYXJlL2dyb2Zm X2ZvbnQvZGV2WDc1L0hCDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3 NS9IQkkNCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1L0hJDQouL3Vz ci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS9IUg0KLi91c3Ivc2hhcmUvZ3Jv ZmZfZm9udC9kZXZYNzUvTkINCi4vdXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2 WDc1L05CSQ0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUvTkkNCi4v dXNyL3NoYXJlL2dyb2ZmX2ZvbnQvZGV2WDc1L05SDQouL3Vzci9zaGFyZS9n cm9mZl9mb250L2Rldlg3NS9TDQouL3Vzci9zaGFyZS9ncm9mZl9mb250L2Rl dlg3NS9UQg0KLi91c3Ivc2hhcmUvZ3JvZmZfZm9udC9kZXZYNzUvVEJJDQou L3Vzci9zaGFyZS9ncm9mZl9mb250L2Rldlg3NS9USQ0KLi91c3Ivc2hhcmUv Z3JvZmZfZm9udC9kZXZYNzUvVFINCi4vdXNyL3NoYXJlL2lzZG4NCi4vdXNy L3NoYXJlL21pc2MvcGN2dGZvbnRzDQouL3Vzci9zaGFyZS9wY3Z0DQouL3Vz ci9zaGFyZS9zeXNjb25zL2ZvbnRzL2NwNDM3LTh4MTQuZm50DQouL3Vzci9z aGFyZS9zeXNjb25zL2ZvbnRzL2NwNDM3LTh4MTYuZm50DQouL3Vzci9zaGFy ZS9zeXNjb25zL2ZvbnRzL2NwNDM3LTh4OC5mbnQNCi4vdXNyL3NoYXJlL3N5 c2NvbnMvZm9udHMvY3A0MzctdGhpbi04eDE2LmZudA0KLi91c3Ivc2hhcmUv c3lzY29ucy9mb250cy9jcDQzNy10aGluLTh4OC5mbnQNCi4vdXNyL3NoYXJl L3N5c2NvbnMvZm9udHMvY3A4NTAtOHgxNC5mbnQNCi4vdXNyL3NoYXJlL3N5 c2NvbnMvZm9udHMvY3A4NTAtOHgxNi5mbnQNCi4vdXNyL3NoYXJlL3N5c2Nv bnMvZm9udHMvY3A4NTAtOHg4LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9m b250cy9jcDg1MC10aGluLTh4MTYuZm50DQouL3Vzci9zaGFyZS9zeXNjb25z L2ZvbnRzL2NwODUwLXRoaW4tOHg4LmZudA0KLi91c3Ivc2hhcmUvc3lzY29u cy9mb250cy9jcDg2NS04eDE0LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9m b250cy9jcDg2NS04eDE2LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9mb250 cy9jcDg2NS04eDguZm50DQouL3Vzci9zaGFyZS9zeXNjb25zL2ZvbnRzL2Nw ODY1LXRoaW4tOHgxNi5mbnQNCi4vdXNyL3NoYXJlL3N5c2NvbnMvZm9udHMv Y3A4NjUtdGhpbi04eDguZm50DQouL3Vzci9zaGFyZS9zeXNjb25zL2ZvbnRz L2lzby04ODU5LTItOHgxNi5mbnQNCi4vdXNyL3NoYXJlL3N5c2NvbnMvZm9u dHMvaXNvLTh4MTQuZm50DQouL3Vzci9zaGFyZS9zeXNjb25zL2ZvbnRzL2lz by04eDE2LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9mb250cy9pc28tOHg4 LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9mb250cy9pc28tdGhpbi04eDE2 LmZudA0KLi91c3Ivc2hhcmUvc3lzY29ucy9mb250cy9pc28wMi04eDE0LmZu dA0KLi91c3Ivc2hhcmUvc3lzY29ucy9mb250cy9pc28wMi04eDE2LmZudA0K Li91c3Ivc2hhcmUvc3lzY29ucy9mb250cy9pc28wMi04eDguZm50DQouL3Vz ci9zaGFyZS9zeXNjb25zL2ZvbnRzL2lzbzE1LXRoaW4tOHgxNi5mbnQNCi4v dXNyL3NoYXJlL3N5c2NvbnMvZm9udHMvc3dpc3MtOHgxNi5mbnQNCi4vdXNy L3NoYXJlL3N5c2NvbnMvZm9udHMvc3dpc3MtOHg4LmZudA0KLi91c3Ivc2hh cmUvc3lzY29ucy9rZXltYXBzL0lOREVYLmtleW1hcHMNCi4vdXNyL3NoYXJl L3N5c2NvbnMva2V5bWFwcy9iZS5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUv c3lzY29ucy9rZXltYXBzL2JlLmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2Nv bnMva2V5bWFwcy9icjI3NS5jcDg1MC5rYmQNCi4vdXNyL3NoYXJlL3N5c2Nv bnMva2V5bWFwcy9icjI3NS5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUvc3lz Y29ucy9rZXltYXBzL2JyMjc1Lmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2Nv bnMva2V5bWFwcy9jZS5pc28yLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9r ZXltYXBzL2N6LmlzbzIua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1h cHMvZGFuaXNoLmNwODY1LmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXlt YXBzL2RhbmlzaC5pc28ua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1h cHMvZmlubmlzaC5jcDg1MC5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5 bWFwcy9maW5uaXNoLmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5 bWFwcy9mci5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXlt YXBzL2ZyLmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9m cl9DQS5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXltYXBz L2dlcm1hbi5jcDg1MC5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFw cy9nZXJtYW4uaXNvLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXltYXBz L2hyLmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9odS5p c28yLjEwMWtleXMua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMv aHUuaXNvMi4xMDJrZXlzLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXlt YXBzL2ljZWxhbmRpYy5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29u cy9rZXltYXBzL2ljZWxhbmRpYy5pc28ua2JkDQouL3Vzci9zaGFyZS9zeXNj b25zL2tleW1hcHMvaXQuaXNvLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9r ZXltYXBzL2pwLjEwNi5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFw cy9qcC4xMDZ4LmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXltYXBzL2xh dC1hbWVyLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXltYXBzL25vcndl Z2lhbi5pc28ua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMvcGxf UEwuSVNPXzg4NTktMi5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFw cy9wdC5pc28uYWNjLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9rZXltYXBz L3B0Lmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9zaS5p c28ua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMvc2suaXNvMi5r YmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9zcGFuaXNoLmlzby5h Y2Mua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMvc3BhbmlzaC5p c28ua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMvc3dlZGlzaC5j cDg1MC5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9zd2VkaXNo Lmlzby5rYmQNCi4vdXNyL3NoYXJlL3N5c2NvbnMva2V5bWFwcy9zd2lzc2Zy ZW5jaC5pc28ua2JkDQouL3Vzci9zaGFyZS9zeXNjb25zL2tleW1hcHMvc3dp c3NnZXJtYW4uaXNvLmtiZA0KLi91c3Ivc2hhcmUvc3lzY29ucy9zY3JubWFw cy9pc28tODg1OS0xX3RvX2NwNDM3LnNjbQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQWZyaWNhDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvQWJpZGph bg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0FjY3JhDQouL3Vzci9z aGFyZS96b25laW5mby9BZnJpY2EvQWRkaXNfQWJhYmENCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FmcmljYS9BbGdpZXJzDQouL3Vzci9zaGFyZS96b25laW5m by9BZnJpY2EvQXNtZXJhDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2Ev QmFtYWtvDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvQmFuZ3VpDQou L3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvQmFuanVsDQouL3Vzci9zaGFy ZS96b25laW5mby9BZnJpY2EvQmlzc2F1DQouL3Vzci9zaGFyZS96b25laW5m by9BZnJpY2EvQmxhbnR5cmUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Fmcmlj YS9CcmF6emF2aWxsZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0J1 anVtYnVyYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0NhaXJvDQou L3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvQ2FzYWJsYW5jYQ0KLi91c3Iv c2hhcmUvem9uZWluZm8vQWZyaWNhL0NldXRhDQouL3Vzci9zaGFyZS96b25l aW5mby9BZnJpY2EvQ29uYWtyeQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZy aWNhL0Rha2FyDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvRGFyX2Vz X1NhbGFhbQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0RqaWJvdXRp DQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvRG91YWxhDQouL3Vzci9z aGFyZS96b25laW5mby9BZnJpY2EvRWxfQWFpdW4NCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0FmcmljYS9GcmVldG93bg0KLi91c3Ivc2hhcmUvem9uZWluZm8v QWZyaWNhL0dhYm9yb25lDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2Ev SGFyYXJlDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvSm9oYW5uZXNi dXJnDQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvS2FtcGFsYQ0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0toYXJ0b3VtDQouL3Vzci9zaGFy ZS96b25laW5mby9BZnJpY2EvS2lnYWxpDQouL3Vzci9zaGFyZS96b25laW5m by9BZnJpY2EvS2luc2hhc2ENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Fmcmlj YS9MYWdvcw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL0xpYnJldmls bGUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FmcmljYS9Mb21lDQouL3Vzci9z aGFyZS96b25laW5mby9BZnJpY2EvTHVhbmRhDQouL3Vzci9zaGFyZS96b25l aW5mby9BZnJpY2EvTHVidW1iYXNoaQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v QWZyaWNhL0x1c2FrYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL01h bGFibw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL01hcHV0bw0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL01hc2VydQ0KLi91c3Ivc2hhcmUv em9uZWluZm8vQWZyaWNhL01iYWJhbmUNCi4vdXNyL3NoYXJlL3pvbmVpbmZv L0FmcmljYS9Nb2dhZGlzaHUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Fmcmlj YS9Nb25yb3ZpYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL05haXJv YmkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FmcmljYS9OZGphbWVuYQ0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL05pYW1leQ0KLi91c3Ivc2hhcmUv em9uZWluZm8vQWZyaWNhL05vdWFrY2hvdHQNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FmcmljYS9PdWFnYWRvdWdvdQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v QWZyaWNhL1BvcnRvLU5vdm8NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Fmcmlj YS9TYW9fVG9tZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL1RpbWJ1 a3R1DQouL3Vzci9zaGFyZS96b25laW5mby9BZnJpY2EvVHJpcG9saQ0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQWZyaWNhL1R1bmlzDQouL3Vzci9zaGFyZS96 b25laW5mby9BZnJpY2EvV2luZGhvZWsNCi4vdXNyL3NoYXJlL3pvbmVpbmZv L0FtZXJpY2ENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQWRhaw0K Li91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9BbmNob3JhZ2UNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQW5ndWlsbGENCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FtZXJpY2EvQW50aWd1YQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQW1lcmljYS9BcmFndWFpbmENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Ft ZXJpY2EvQXJ1YmENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQXN1 bmNpb24NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQmFyYmFkb3MN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQmVsZW0NCi4vdXNyL3No YXJlL3pvbmVpbmZvL0FtZXJpY2EvQmVsaXplDQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL0JvZ290YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1l cmljYS9Cb2lzZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9CdWVu b3NfQWlyZXMNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQ2FuY3Vu DQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL0NhcmFjYXMNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQ2F0YW1hcmNhDQouL3Vzci9zaGFy ZS96b25laW5mby9BbWVyaWNhL0NheWVubmUNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FtZXJpY2EvQ2F5bWFuDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVy aWNhL0NoaWNhZ28NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQ2hp aHVhaHVhDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL0NvcmRvYmEN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvQ29zdGFfUmljYQ0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9DdWlhYmENCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FtZXJpY2EvQ3VyYWNhbw0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQW1lcmljYS9EYXdzb24NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJp Y2EvRGF3c29uX0NyZWVrDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNh L0RlbnZlcg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9EZXRyb2l0 DQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL0RvbWluaWNhDQouL3Vz ci9zaGFyZS96b25laW5mby9BbWVyaWNhL0VkbW9udG9uDQouL3Vzci9zaGFy ZS96b25laW5mby9BbWVyaWNhL0VsX1NhbHZhZG9yDQouL3Vzci9zaGFyZS96 b25laW5mby9BbWVyaWNhL0Vuc2VuYWRhDQouL3Vzci9zaGFyZS96b25laW5m by9BbWVyaWNhL0ZvcnRhbGV6YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1l cmljYS9HbGFjZV9CYXkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2Ev R29kdGhhYg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9Hb29zZV9C YXkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvR3JhbmRfVHVyaw0K Li91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9HcmVuYWRhDQouL3Vzci9z aGFyZS96b25laW5mby9BbWVyaWNhL0d1YWRlbG91cGUNCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FtZXJpY2EvR3VhdGVtYWxhDQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL0d1YXlhcXVpbA0KLi91c3Ivc2hhcmUvem9uZWluZm8v QW1lcmljYS9HdXlhbmENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2Ev SGFsaWZheA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9IYXZhbmEN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvSW5kaWFuYQ0KLi91c3Iv c2hhcmUvem9uZWluZm8vQW1lcmljYS9JbmRpYW5hL0luZGlhbmFwb2xpcw0K Li91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9JbmRpYW5hL0tub3gNCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvSW5kaWFuYS9NYXJlbmdvDQou L3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL0luZGlhbmEvVmV2YXkNCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvSW5kaWFuYXBvbGlzDQouL3Vz ci9zaGFyZS96b25laW5mby9BbWVyaWNhL0ludXZpaw0KLi91c3Ivc2hhcmUv em9uZWluZm8vQW1lcmljYS9JcWFsdWl0DQouL3Vzci9zaGFyZS96b25laW5m by9BbWVyaWNhL0phbWFpY2ENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJp Y2EvSnVqdXkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvSnVuZWF1 DQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL0xhX1Bheg0KLi91c3Iv c2hhcmUvem9uZWluZm8vQW1lcmljYS9MaW1hDQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL0xvc19BbmdlbGVzDQouL3Vzci9zaGFyZS96b25laW5m by9BbWVyaWNhL0xvdWlzdmlsbGUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Ft ZXJpY2EvTWFjZWlvDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL01h bmFndWENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvTWFuYXVzDQou L3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL01hcnRpbmlxdWUNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvTWF6YXRsYW4NCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FtZXJpY2EvTWVuZG96YQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQW1lcmljYS9NZW5vbWluZWUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Ft ZXJpY2EvTWV4aWNvX0NpdHkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJp Y2EvTWlxdWVsb24NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvTW9u dGV2aWRlbw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9Nb250cmVh bA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9Nb250c2VycmF0DQou L3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL05hc3NhdQ0KLi91c3Ivc2hh cmUvem9uZWluZm8vQW1lcmljYS9OZXdfWW9yaw0KLi91c3Ivc2hhcmUvem9u ZWluZm8vQW1lcmljYS9OaXBpZ29uDQouL3Vzci9zaGFyZS96b25laW5mby9B bWVyaWNhL05vbWUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvTm9y b25oYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9QYW5hbWENCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvUGFuZ25pcnR1bmcNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvUGFyYW1hcmlibw0KLi91c3Ivc2hh cmUvem9uZWluZm8vQW1lcmljYS9QaG9lbml4DQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL1BvcnQtYXUtUHJpbmNlDQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL1BvcnRfb2ZfU3BhaW4NCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FtZXJpY2EvUG9ydG9fQWNyZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v QW1lcmljYS9Qb3J0b19WZWxobw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1l cmljYS9QdWVydG9fUmljbw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmlj YS9SYWlueV9SaXZlcg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9S YW5raW5fSW5sZXQNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvUmVn aW5hDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL1Jvc2FyaW8NCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvU2FudGlhZ28NCi4vdXNyL3No YXJlL3pvbmVpbmZvL0FtZXJpY2EvU2FudG9fRG9taW5nbw0KLi91c3Ivc2hh cmUvem9uZWluZm8vQW1lcmljYS9TYW9fUGF1bG8NCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0FtZXJpY2EvU2NvcmVzYnlzdW5kDQouL3Vzci9zaGFyZS96b25l aW5mby9BbWVyaWNhL1NoaXByb2NrDQouL3Vzci9zaGFyZS96b25laW5mby9B bWVyaWNhL1N0X0pvaG5zDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNh L1N0X0tpdHRzDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL1N0X0x1 Y2lhDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL1N0X1Rob21hcw0K Li91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9TdF9WaW5jZW50DQouL3Vz ci9zaGFyZS96b25laW5mby9BbWVyaWNhL1N3aWZ0X0N1cnJlbnQNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FtZXJpY2EvVGVndWNpZ2FscGENCi4vdXNyL3No YXJlL3pvbmVpbmZvL0FtZXJpY2EvVGh1bGUNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FtZXJpY2EvVGh1bmRlcl9CYXkNCi4vdXNyL3NoYXJlL3pvbmVpbmZv L0FtZXJpY2EvVGlqdWFuYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmlj YS9Ub3J0b2xhDQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL1ZhbmNv dXZlcg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQW1lcmljYS9XaGl0ZWhvcnNl DQouL3Vzci9zaGFyZS96b25laW5mby9BbWVyaWNhL1dpbm5pcGVnDQouL3Vz ci9zaGFyZS96b25laW5mby9BbWVyaWNhL1lha3V0YXQNCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FtZXJpY2EvWWVsbG93a25pZmUNCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0FudGFyY3RpY2ENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FudGFy Y3RpY2EvQ2FzZXkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FudGFyY3RpY2Ev RGF2aXMNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FudGFyY3RpY2EvRHVtb250 RFVydmlsbGUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FudGFyY3RpY2EvTWF3 c29uDQouL3Vzci9zaGFyZS96b25laW5mby9BbnRhcmN0aWNhL01jTXVyZG8N Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FudGFyY3RpY2EvUGFsbWVyDQouL3Vz ci9zaGFyZS96b25laW5mby9BbnRhcmN0aWNhL1NvdXRoX1BvbGUNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FyY3RpYw0KLi91c3Ivc2hhcmUvem9uZWluZm8v QXJjdGljL0xvbmd5ZWFyYnllbg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNp YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9BZGVuDQouL3Vzci9zaGFy ZS96b25laW5mby9Bc2lhL0FsbWF0eQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v QXNpYS9BbW1hbg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9BbmFkeXIN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvQXF0YXUNCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FzaWEvQXF0b2JlDQouL3Vzci9zaGFyZS96b25laW5mby9B c2lhL0FzaGtoYWJhZA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9CYWdo ZGFkDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL0JhaHJhaW4NCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0FzaWEvQmFrdQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXNpYS9CYW5na29rDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL0Jl aXJ1dA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9CaXNoa2VrDQouL3Vz ci9zaGFyZS96b25laW5mby9Bc2lhL0JydW5laQ0KLi91c3Ivc2hhcmUvem9u ZWluZm8vQXNpYS9DYWxjdXR0YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNp YS9DaHVuZ2tpbmcNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvQ29sb21i bw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9EYWNjYQ0KLi91c3Ivc2hh cmUvem9uZWluZm8vQXNpYS9EYW1hc2N1cw0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXNpYS9EdWJhaQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9EdXNo YW5iZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9HYXphDQouL3Vzci9z aGFyZS96b25laW5mby9Bc2lhL0hhcmJpbg0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXNpYS9Ib25nX0tvbmcNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEv SXJrdXRzaw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9Jc3RhbmJ1bA0K Li91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9KYWthcnRhDQouL3Vzci9zaGFy ZS96b25laW5mby9Bc2lhL0pheWFwdXJhDQouL3Vzci9zaGFyZS96b25laW5m by9Bc2lhL0plcnVzYWxlbQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9L YWJ1bA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9LYW1jaGF0a2ENCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvS2FyYWNoaQ0KLi91c3Ivc2hhcmUv em9uZWluZm8vQXNpYS9LYXNoZ2FyDQouL3Vzci9zaGFyZS96b25laW5mby9B c2lhL0thdG1hbmR1DQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL0tyYXNu b3lhcnNrDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL0t1YWxhX0x1bXB1 cg0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9LdWNoaW5nDQouL3Vzci9z aGFyZS96b25laW5mby9Bc2lhL0t1d2FpdA0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXNpYS9NYWNhbw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9NYWdh ZGFuDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL01hbmlsYQ0KLi91c3Iv c2hhcmUvem9uZWluZm8vQXNpYS9NdXNjYXQNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FzaWEvTmljb3NpYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9O b3Zvc2liaXJzaw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9PbXNrDQou L3Vzci9zaGFyZS96b25laW5mby9Bc2lhL1Bobm9tX1BlbmgNCi4vdXNyL3No YXJlL3pvbmVpbmZvL0FzaWEvUHlvbmd5YW5nDQouL3Vzci9zaGFyZS96b25l aW5mby9Bc2lhL1FhdGFyDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL1Jh bmdvb24NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvUml5YWRoDQouL3Vz ci9zaGFyZS96b25laW5mby9Bc2lhL1NhaWdvbg0KLi91c3Ivc2hhcmUvem9u ZWluZm8vQXNpYS9TYW1hcmthbmQNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0Fz aWEvU2VvdWwNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvU2hhbmdoYWkN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEvU2luZ2Fwb3JlDQouL3Vzci9z aGFyZS96b25laW5mby9Bc2lhL1RhaXBlaQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXNpYS9UYXNoa2VudA0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9U YmlsaXNpDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL1RlaHJhbg0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9UaGltYnUNCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0FzaWEvVG9reW8NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0FzaWEv VWp1bmdfUGFuZGFuZw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9VbGFu X0JhdG9yDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL1VydW1xaQ0KLi91 c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9WaWVudGlhbmUNCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0FzaWEvVmxhZGl2b3N0b2sNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0FzaWEvWWFrdXRzaw0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXNpYS9Z ZWthdGVyaW5idXJnDQouL3Vzci9zaGFyZS96b25laW5mby9Bc2lhL1llcmV2 YW4NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0F0bGFudGljDQouL3Vzci9zaGFy ZS96b25laW5mby9BdGxhbnRpYy9Bem9yZXMNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0F0bGFudGljL0Jlcm11ZGENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0F0 bGFudGljL0NhbmFyeQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXRsYW50aWMv Q2FwZV9WZXJkZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXRsYW50aWMvRmFl cm9lDQouL3Vzci9zaGFyZS96b25laW5mby9BdGxhbnRpYy9KYW5fTWF5ZW4N Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0F0bGFudGljL01hZGVpcmENCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0F0bGFudGljL1JleWtqYXZpaw0KLi91c3Ivc2hh cmUvem9uZWluZm8vQXRsYW50aWMvU291dGhfR2VvcmdpYQ0KLi91c3Ivc2hh cmUvem9uZWluZm8vQXRsYW50aWMvU3RfSGVsZW5hDQouL3Vzci9zaGFyZS96 b25laW5mby9BdGxhbnRpYy9TdGFubGV5DQouL3Vzci9zaGFyZS96b25laW5m by9BdXN0cmFsaWENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0F1c3RyYWxpYS9B ZGVsYWlkZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vQXVzdHJhbGlhL0JyaXNi YW5lDQouL3Vzci9zaGFyZS96b25laW5mby9BdXN0cmFsaWEvQnJva2VuX0hp bGwNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0F1c3RyYWxpYS9EYXJ3aW4NCi4v dXNyL3NoYXJlL3pvbmVpbmZvL0F1c3RyYWxpYS9Ib2JhcnQNCi4vdXNyL3No YXJlL3pvbmVpbmZvL0F1c3RyYWxpYS9MaW5kZW1hbg0KLi91c3Ivc2hhcmUv em9uZWluZm8vQXVzdHJhbGlhL0xvcmRfSG93ZQ0KLi91c3Ivc2hhcmUvem9u ZWluZm8vQXVzdHJhbGlhL01lbGJvdXJuZQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vQXVzdHJhbGlhL1BlcnRoDQouL3Vzci9zaGFyZS96b25laW5mby9BdXN0 cmFsaWEvU3lkbmV5DQouL3Vzci9zaGFyZS96b25laW5mby9DRVQNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0NTVDZDRFQNCi4vdXNyL3NoYXJlL3pvbmVpbmZv L0VFVA0KLi91c3Ivc2hhcmUvem9uZWluZm8vRVNUDQouL3Vzci9zaGFyZS96 b25laW5mby9FU1Q1RURUDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUv QW1zdGVyZGFtDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvQW5kb3Jy YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0F0aGVucw0KLi91c3Iv c2hhcmUvem9uZWluZm8vRXVyb3BlL0JlbGZhc3QNCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0V1cm9wZS9CZWxncmFkZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v RXVyb3BlL0Jlcmxpbg0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0Jy YXRpc2xhdmENCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9CcnVzc2Vs cw0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0J1Y2hhcmVzdA0KLi91 c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0J1ZGFwZXN0DQouL3Vzci9zaGFy ZS96b25laW5mby9FdXJvcGUvQ2hpc2luYXUNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL0V1cm9wZS9Db3BlbmhhZ2VuDQouL3Vzci9zaGFyZS96b25laW5mby9F dXJvcGUvRHVibGluDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvR2li cmFsdGFyDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvSGVsc2lua2kN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9Jc3RhbmJ1bA0KLi91c3Iv c2hhcmUvem9uZWluZm8vRXVyb3BlL0thbGluaW5ncmFkDQouL3Vzci9zaGFy ZS96b25laW5mby9FdXJvcGUvS2lldg0KLi91c3Ivc2hhcmUvem9uZWluZm8v RXVyb3BlL0xpc2Jvbg0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0xq dWJsamFuYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0xvbmRvbg0K Li91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL0x1eGVtYm91cmcNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9NYWRyaWQNCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0V1cm9wZS9NYWx0YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVy b3BlL01pbnNrDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvTW9uYWNv DQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvT3Nsbw0KLi91c3Ivc2hh cmUvem9uZWluZm8vRXVyb3BlL1BhcmlzDQouL3Vzci9zaGFyZS96b25laW5m by9FdXJvcGUvUHJhZ3VlDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUv UmlnYQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL1JvbWUNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9TYW1hcmENCi4vdXNyL3NoYXJlL3pv bmVpbmZvL0V1cm9wZS9TYW5fTWFyaW5vDQouL3Vzci9zaGFyZS96b25laW5m by9FdXJvcGUvU2FyYWpldm8NCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0V1cm9w ZS9TaW1mZXJvcG9sDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvU2tv cGplDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvU29maWENCi4vdXNy L3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9TdG9ja2hvbG0NCi4vdXNyL3NoYXJl L3pvbmVpbmZvL0V1cm9wZS9UYWxsaW5uDQouL3Vzci9zaGFyZS96b25laW5m by9FdXJvcGUvVGlyYW5lDQouL3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUv VmFkdXoNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL0V1cm9wZS9WYXRpY2FuDQou L3Vzci9zaGFyZS96b25laW5mby9FdXJvcGUvVmllbm5hDQouL3Vzci9zaGFy ZS96b25laW5mby9FdXJvcGUvVmlsbml1cw0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vRXVyb3BlL1dhcnNhdw0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3Bl L1phZ3JlYg0KLi91c3Ivc2hhcmUvem9uZWluZm8vRXVyb3BlL1p1cmljaA0K Li91c3Ivc2hhcmUvem9uZWluZm8vRmFjdG9yeQ0KLi91c3Ivc2hhcmUvem9u ZWluZm8vR01UDQouL3Vzci9zaGFyZS96b25laW5mby9IU1QNCi4vdXNyL3No YXJlL3pvbmVpbmZvL0luZGlhbg0KLi91c3Ivc2hhcmUvem9uZWluZm8vSW5k aWFuL0FudGFuYW5hcml2bw0KLi91c3Ivc2hhcmUvem9uZWluZm8vSW5kaWFu L0NoYWdvcw0KLi91c3Ivc2hhcmUvem9uZWluZm8vSW5kaWFuL0NocmlzdG1h cw0KLi91c3Ivc2hhcmUvem9uZWluZm8vSW5kaWFuL0NvY29zDQouL3Vzci9z aGFyZS96b25laW5mby9JbmRpYW4vQ29tb3JvDQouL3Vzci9zaGFyZS96b25l aW5mby9JbmRpYW4vS2VyZ3VlbGVuDQouL3Vzci9zaGFyZS96b25laW5mby9J bmRpYW4vTWFoZQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vSW5kaWFuL01hbGRp dmVzDQouL3Vzci9zaGFyZS96b25laW5mby9JbmRpYW4vTWF1cml0aXVzDQou L3Vzci9zaGFyZS96b25laW5mby9JbmRpYW4vTWF5b3R0ZQ0KLi91c3Ivc2hh cmUvem9uZWluZm8vSW5kaWFuL1JldW5pb24NCi4vdXNyL3NoYXJlL3pvbmVp bmZvL01FVA0KLi91c3Ivc2hhcmUvem9uZWluZm8vTVNUDQouL3Vzci9zaGFy ZS96b25laW5mby9NU1Q3TURUDQouL3Vzci9zaGFyZS96b25laW5mby9QU1Q4 UERUDQouL3Vzci9zaGFyZS96b25laW5mby9QYWNpZmljDQouL3Vzci9zaGFy ZS96b25laW5mby9QYWNpZmljL0FwaWENCi4vdXNyL3NoYXJlL3pvbmVpbmZv L1BhY2lmaWMvQXVja2xhbmQNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lm aWMvQ2hhdGhhbQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9FYXN0 ZXINCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvRWZhdGUNCi4vdXNy L3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvRW5kZXJidXJ5DQouL3Vzci9zaGFy ZS96b25laW5mby9QYWNpZmljL0Zha2FvZm8NCi4vdXNyL3NoYXJlL3pvbmVp bmZvL1BhY2lmaWMvRmlqaQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZp Yy9GdW5hZnV0aQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9HYWxh cGFnb3MNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvR2FtYmllcg0K Li91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9HdWFkYWxjYW5hbA0KLi91 c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9HdWFtDQouL3Vzci9zaGFyZS96 b25laW5mby9QYWNpZmljL0hvbm9sdWx1DQouL3Vzci9zaGFyZS96b25laW5m by9QYWNpZmljL0pvaG5zdG9uDQouL3Vzci9zaGFyZS96b25laW5mby9QYWNp ZmljL0tpcml0aW1hdGkNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMv S29zcmFlDQouL3Vzci9zaGFyZS96b25laW5mby9QYWNpZmljL0t3YWphbGVp bg0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9NYWp1cm8NCi4vdXNy L3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvTWFycXVlc2FzDQouL3Vzci9zaGFy ZS96b25laW5mby9QYWNpZmljL01pZHdheQ0KLi91c3Ivc2hhcmUvem9uZWlu Zm8vUGFjaWZpYy9OYXVydQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZp Yy9OaXVlDQouL3Vzci9zaGFyZS96b25laW5mby9QYWNpZmljL05vcmZvbGsN Ci4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvTm91bWVhDQouL3Vzci9z aGFyZS96b25laW5mby9QYWNpZmljL1BhZ29fUGFnbw0KLi91c3Ivc2hhcmUv em9uZWluZm8vUGFjaWZpYy9QYWxhdQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v UGFjaWZpYy9QaXRjYWlybg0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZp Yy9Qb25hcGUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvUG9ydF9N b3Jlc2J5DQouL3Vzci9zaGFyZS96b25laW5mby9QYWNpZmljL1Jhcm90b25n YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9TYWlwYW4NCi4vdXNy L3NoYXJlL3pvbmVpbmZvL1BhY2lmaWMvVGFoaXRpDQouL3Vzci9zaGFyZS96 b25laW5mby9QYWNpZmljL1RhcmF3YQ0KLi91c3Ivc2hhcmUvem9uZWluZm8v UGFjaWZpYy9Ub25nYXRhcHUNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1BhY2lm aWMvVHJ1aw0KLi91c3Ivc2hhcmUvem9uZWluZm8vUGFjaWZpYy9XYWtlDQou L3Vzci9zaGFyZS96b25laW5mby9QYWNpZmljL1dhbGxpcw0KLi91c3Ivc2hh cmUvem9uZWluZm8vUGFjaWZpYy9ZYXANCi4vdXNyL3NoYXJlL3pvbmVpbmZv L1N5c3RlbVYNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1N5c3RlbVYvQVNUNA0K Li91c3Ivc2hhcmUvem9uZWluZm8vU3lzdGVtVi9BU1Q0QURUDQouL3Vzci9z aGFyZS96b25laW5mby9TeXN0ZW1WL0NTVDYNCi4vdXNyL3NoYXJlL3pvbmVp bmZvL1N5c3RlbVYvQ1NUNkNEVA0KLi91c3Ivc2hhcmUvem9uZWluZm8vU3lz dGVtVi9FU1Q1DQouL3Vzci9zaGFyZS96b25laW5mby9TeXN0ZW1WL0VTVDVF RFQNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1N5c3RlbVYvSFNUMTANCi4vdXNy L3NoYXJlL3pvbmVpbmZvL1N5c3RlbVYvTVNUNw0KLi91c3Ivc2hhcmUvem9u ZWluZm8vU3lzdGVtVi9NU1Q3TURUDQouL3Vzci9zaGFyZS96b25laW5mby9T eXN0ZW1WL1BTVDgNCi4vdXNyL3NoYXJlL3pvbmVpbmZvL1N5c3RlbVYvUFNU OFBEVA0KLi91c3Ivc2hhcmUvem9uZWluZm8vU3lzdGVtVi9ZU1Q5DQouL3Vz ci9zaGFyZS96b25laW5mby9TeXN0ZW1WL1lTVDlZRFQNCi4vdXNyL3NoYXJl L3pvbmVpbmZvL1dFVA0KLi91c3Ivc2hhcmUvem9uZWluZm8vcG9zaXhydWxl cw0KLi91c3Ivc2hhcmUvem9uZWluZm8vem9uZS50YWINCi4vdmFyL2FjY291 bnQNCi4vdmFyL2JhY2t1cHMNCi4vdmFyL2NyYXNoDQouL3Zhci9nYW1lcw0K Li92YXIvcndobw0KLi92YXIvc3Bvb2wvbHBkDQouL3Zhci9zcG9vbC9tcXVl dWUNCi4vdmFyL3Nwb29sL29waWVsb2Nrcw0KLi92YXIvc3Bvb2wvb3V0cHV0 DQouL3Zhci9zcG9vbC9vdXRwdXQvbHBkDQouL3Zhci9zcG9vbC91dWNwDQou L3Zhci9zcG9vbC91dWNwLy5QcmVzZXJ2ZQ0KLi92YXIvc3Bvb2wvdXVjcC8u U2VxdWVuY2UNCi4vdmFyL3Nwb29sL3V1Y3AvLlN0YXR1cw0KLi92YXIvc3Bv b2wvdXVjcC8uVGVtcA0KLi92YXIvc3Bvb2wvdXVjcC8uWHF0ZGlyDQouL3Zh ci9zcG9vbC91dWNwcHVibGljDQouL3Zhci95cA0K --0-224132887-995395712=:78628-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 12:10:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-27.n01.orldfl01.us.ra.verio.net [157.238.210.27]) by hub.freebsd.org (Postfix) with ESMTP id 4A81A37B401 for ; Tue, 17 Jul 2001 12:10:40 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f6HJAW984793; Tue, 17 Jul 2001 15:10:32 -0400 (EDT) (envelope-from bill) Date: Tue, 17 Jul 2001 15:09:35 -0400 From: Bill Vermillion To: Robert Hough Cc: freebsd-isp@FreeBSD.ORG Subject: Re: OT: Product Search Message-ID: <20010717150935.C84254@wjv.com> Reply-To: bv@wjv.com References: <20010717133659.A92688@acidpit.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717133659.A92688@acidpit.org>; from rch@acidpit.org on Tue, Jul 17, 2001 at 01:36:59PM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 17, 2001 at 01:36:59PM -0400, Robert Hough thus sprach: > On Tue, Jul 17, 2001, Drew J. Weaver wrote: > > > > We're ISP not ESP =) > Bill Vermillion wrote: > > > > > I'll make an off-topic reply. Just what is a 'SnapGear device'? > > > > > > My ESP is particularly ineffective this afternoon. > Baah, sorry http://www.snapgear.com/ I was about to complain that I had to go to the Win machine to see that [had to turn all of 90 degrees] when a word saying what it was would have sufficed, but thanks for that link. Intersting looking system. The ablity to do VPN is good. Again thanks for that pointer. I see that BSD is missing from the list. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 12:15: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.volant.org (dickson.phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (Postfix) with ESMTP id 9ACA037B408 for ; Tue, 17 Jul 2001 12:15:02 -0700 (PDT) (envelope-from patl@phoenix.volant.org) Received: from asimov.phoenix.volant.org ([205.179.79.65] helo=asimov) by phoenix.volant.org with esmtp (Exim 1.92 #8) id 15MaJ1-0004pR-00; Tue, 17 Jul 2001 12:14:51 -0700 Date: Tue, 17 Jul 2001 12:14:49 -0700 From: PM Lashley To: Alexey Zakirov Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail Message-ID: <609150000.995397289@asimov> In-Reply-To: References: X-Mailer: Mulberry/2.1.0b2 (SunOS/SPARC Demo) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========610131052==========" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==========610131052========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Tuesday, July 17, 2001 22:48:32 +0400 Alexey Zakirov = wrote: > On Tue, 17 Jul 2001, PM Lashley wrote: > >> > make install DESTDIR=3D$INSTALLATION_PATH >> > cd $INSTALLATION_PATH >> > rm -rf boot dev lkm mnt modules proc root sys >> > cat $WORK/delete.lst | xargs chflags 0 >> > cat $WORK/delete.lst | xargs rm -rf >> > cat $WORK/noworld.lst | xargs chflags 0 >> > cat $WORK/noworld.lst | xargs chmod o-rwx >> > cat $WORK/nosuid.lst | xargs chflags 0 >> > cat $WORK/nosuid.lst | xargs chmod ug-s >> >> So exactly which files do you have listed in each of the '.lst' files? > > Sorry if this can't be appropriate for this list but I've administered > public shell boxes for 3 years and I think those AREN'T important files > for public shell/web hosting so I've attached those lists. No, I agree - there are a lot of files installed by the make world that=20 aren't necessary (or in some cases even useful) in a jail environment. I=20 just thought it would be helpful if you shared your lists. (Thanks!) >> Also, a nit - I'd like to point out that the above six lines would be >> more efficient using redirection instead of cat and pipes. E.g., > > have you ever tried to rm(1) about 1 m files? Most of shells have a = pretty > small buffers for it's command line arguments. > And more - it's classic. Yes, I have. Note that my solution still uses xargs to get around the=20 command-line buffer size restrictions. It just eliminates the 'cat' in=20 favor of redirecting stdin for xargs. Yours: cat FOO | xargs CMD Mine: xargs CMD < FOO It eliminates the unnecessary and unhelpful cat process, it's buffers, the=20 pipe, etc. The construct 'cat ONE-FILE |' can almost always be replaced by a stdin=20 redirection to improve efficiency with no down-side at all. It's a=20 different matter, of course, if more than one file is being processed by=20 the cat or if other command-line parameters are being used to alter cat's=20 output. (E.g., 'cat -n ONE-FILE |' or 'cat -v ONE-FILE |') -Pat --==========610131052========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUjqoACgkQncYNbLD8wuNNGACg7gVQ/81ZOJd6ADRqfMBzybIs ub8AnRsFCQwkijXy1qI0PYX56ktU4Opr =y0S1 -----END PGP SIGNATURE----- --==========610131052==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 12:30:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id E18F837B407 for ; Tue, 17 Jul 2001 12:30:11 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 9D16627E9E1; Tue, 17 Jul 2001 23:30:04 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id E5ED5438E1; Tue, 17 Jul 2001 23:29:12 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id A963F5F21; Tue, 17 Jul 2001 23:29:12 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 78A73CCE6; Tue, 17 Jul 2001 23:29:12 +0400 (MSD) Date: Tue, 17 Jul 2001 23:29:12 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: PM Lashley Cc: Subject: Re: jail In-Reply-To: <609150000.995397289@asimov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001, PM Lashley wrote: > Yes, I have. Note that my solution still uses xargs to get around the > command-line buffer size restrictions. It just eliminates the 'cat' in > favor of redirecting stdin for xargs. > > Yours: cat FOO | xargs CMD > Mine: xargs CMD < FOO > > It eliminates the unnecessary and unhelpful cat process, it's buffers, the > pipe, etc. > > The construct 'cat ONE-FILE |' can almost always be replaced by a stdin Sorry but this is doesn't matter for jail solution. No one aware about updating jails. I'm make it about 2 times per month but not so care. In the real life users most interested in the things like GD perl library not the system /usr/sbin/faithd one. :) The most annoying thing that I got from freebsd is the PR/18209. Why the hell nobody cares? *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 12:45:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.volant.org (dickson.phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (Postfix) with ESMTP id CD5F337B40C for ; Tue, 17 Jul 2001 12:45:49 -0700 (PDT) (envelope-from patl@phoenix.volant.org) Received: from asimov.phoenix.volant.org ([205.179.79.65] helo=asimov) by phoenix.volant.org with esmtp (Exim 1.92 #8) id 15Mamv-0004tt-00; Tue, 17 Jul 2001 12:45:45 -0700 Date: Tue, 17 Jul 2001 12:45:45 -0700 From: PM Lashley To: Alexey Zakirov Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail Message-ID: <621390000.995399145@asimov> In-Reply-To: References: X-Mailer: Mulberry/2.1.0b2 (SunOS/SPARC Demo) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --On Tuesday, July 17, 2001 23:29:12 +0400 Alexey Zakirov wrote: > On Tue, 17 Jul 2001, PM Lashley wrote: > >> Yes, I have. Note that my solution still uses xargs to get around the >> command-line buffer size restrictions. It just eliminates the 'cat' in >> favor of redirecting stdin for xargs. >> >> Yours: cat FOO | xargs CMD >> Mine: xargs CMD < FOO >> >> It eliminates the unnecessary and unhelpful cat process, it's buffers, >> the pipe, etc. >> >> The construct 'cat ONE-FILE |' can almost always be replaced by a stdin > > Sorry but this is doesn't matter for jail solution. No one aware about > updating jails. I'm make it about 2 times per month but not so care. In > the real life users most interested in the things like GD perl library not > the system /usr/sbin/faithd one. :) It's a matter of cultivating good practices. (That's why I called it a 'nit' in my first posting.) In this situation, it doesn't really matter very much whether there's an extra 'cat' or not. BUT it is better to simply cultivate the habit of avoiding such constructs so that you won't use them where they do matter. AND the code fragment was being ezplicitly listed as an example to a less experienced admin. Examples should -ALWAYS- use the best practices. (Unless they are explicitly examples of bad practices...) -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 13:13: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id BAD3137B401 for ; Tue, 17 Jul 2001 13:13:03 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id B242227E9F8; Wed, 18 Jul 2001 00:13:01 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id 55C6F43860; Wed, 18 Jul 2001 00:11:45 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 315605EF9; Wed, 18 Jul 2001 00:11:40 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id E5209CCE9; Wed, 18 Jul 2001 00:11:39 +0400 (MSD) Date: Wed, 18 Jul 2001 00:11:39 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: PM Lashley Cc: Subject: Re: jail In-Reply-To: <621390000.995399145@asimov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001, PM Lashley wrote: > > Sorry but this is doesn't matter for jail solution. No one aware about > > updating jails. I'm make it about 2 times per month but not so care. In > > the real life users most interested in the things like GD perl library not > > the system /usr/sbin/faithd one. :) > > It's a matter of cultivating good practices. (That's why I called it a that not to be a RTFM, it just a working solution. > use the best practices. (Unless they are explicitly examples of bad Sorry but have ever seen msh? It is a shell with 2 or 3 tens lines of code and it doesn't have a pipelinig features :) > very much whether there's an extra 'cat' or not. BUT it is better to > simply cultivate the habit of avoiding such constructs so that you won't > use them where they do matter. AND the code fragment was being ezplicitly we've got a simply not too important reason to discuss. Jail is a very important feature for the FreeBSD and I like it very much. (Looking to scheme) It's about tens of virtual machines and they're work. We should appreciate PHK for his work. > listed as an example to a less experienced admin. Examples should -ALWAYS- > practices...) shell scripts get us more than one way to go *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 13:36:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id EEAA037B405 for ; Tue, 17 Jul 2001 13:36:30 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 8318 invoked from network); 17 Jul 2001 20:36:12 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 17 Jul 2001 20:36:12 -0000 Message-ID: <002901c10f00$252605b0$0d00a8c0@alexus> From: "alexus" To: "Alexey Zakirov" Cc: References: Subject: Re: jail Date: Tue, 17 Jul 2001 16:36:23 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how often do i need/have to update my jail? ----- Original Message ----- From: "Alexey Zakirov" Cc: Sent: Tuesday, July 17, 2001 12:54 PM Subject: Re: jail > On Tue, 17 Jul 2001, alexus wrote: > > > make buildworld > > > > isn't this will upgrade my 4.3R to 5.0C? > > it just build a new system (not install it). > > So I'm use a following script to update my jails: > > make hierarchy DESTDIR=$INSTALLATION_PATH > make install DESTDIR=$INSTALLATION_PATH > cd $INSTALLATION_PATH > rm -rf boot dev lkm mnt modules proc root sys > cat $WORK/delete.lst | xargs chflags 0 > cat $WORK/delete.lst | xargs rm -rf > cat $WORK/noworld.lst | xargs chflags 0 > cat $WORK/noworld.lst | xargs chmod o-rwx > cat $WORK/nosuid.lst | xargs chflags 0 > cat $WORK/nosuid.lst | xargs chmod ug-s > > > *** WBR, Alexey Zakirov (frank@agava.com) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 14: 1:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.volant.org (dickson.phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (Postfix) with ESMTP id ABE5137B401 for ; Tue, 17 Jul 2001 14:01:31 -0700 (PDT) (envelope-from patl@phoenix.volant.org) Received: from asimov.phoenix.volant.org ([205.179.79.65] helo=asimov) by phoenix.volant.org with esmtp (Exim 1.92 #8) id 15Mby4-000553-00; Tue, 17 Jul 2001 14:01:20 -0700 Date: Tue, 17 Jul 2001 14:01:18 -0700 From: PM Lashley To: Alexey Zakirov Cc: freebsd-isp@FreeBSD.ORG Subject: Unnecessary cats/clean coding practices [Was: Re: jail ] Message-ID: <635860000.995403678@asimov> In-Reply-To: References: X-Mailer: Mulberry/2.1.0b2 (SunOS/SPARC Demo) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========636895628==========" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==========636895628========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Wednesday, July 18, 2001 00:11:39 +0400 Alexey Zakirov=20 wrote: > On Tue, 17 Jul 2001, PM Lashley wrote: > >> > Sorry but this is doesn't matter for jail solution. No one aware about >> > updating jails. I'm make it about 2 times per month but not so care. = In >> > the real life users most interested in the things like GD perl library >> > not the system /usr/sbin/faithd one. :) >> >> It's a matter of cultivating good practices. (That's why I called it a > > that not to be a RTFM, it just a working solution. Right. But the primary mode of human learning is by example. It is=20 incumbent upon those of us with experience to attempt to display best=20 practices even for quick working solutions. (I can't begin to tell you the = number of times I've grabbed a bit of my own code as an example, and then=20 cleaned it up before sending it out.) >> use the best practices. (Unless they are explicitly examples of bad > > Sorry but have ever seen msh? It is a shell with 2 or 3 tens lines > of code and it doesn't have a pipelinig features :) If it doesn't have pipelining features, how does the 'cat foo | xargs cmd'=20 work? Or did you mean to say that it doesn't have redirection?=20 (Personally, I would consider any shell without redirection to be too=20 crippled to be useful.) >> very much whether there's an extra 'cat' or not. BUT it is better to >> simply cultivate the habit of avoiding such constructs so that you won't >> use them where they do matter. AND the code fragment was being >> ezplicitly > > we've got a simply not too important reason to discuss. Jail is a very > important feature for the FreeBSD and I like it very much. (Looking to > scheme) It's about tens of virtual machines and they're work. We should > appreciate PHK for his work. Absolutely, no argument there at all. Nor did I intend to disparage your example. It was a useful and helpful=20 response to the original query; and should be helpful to other new jail=20 users who browse the archives. I was merely trying to point out a minor=20 improvement to your example. >> listed as an example to a less experienced admin. Examples should >> -ALWAYS- practices...) > > shell scripts get us more than one way to go Yes, and they are used as coding examples for further projects. Which is=20 another reason why it is a good idea to code them as cleanly as feasable. In many cases there will be more than one clean way to do something. But=20 there will always be even more unclean ways to be avoided. -Pat --==========636895628========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUp58ACgkQncYNbLD8wuOIAACfT9FlAG0ZCNFMWB969lXlwOBf ANgAnjrhJeIJjSTHSY6P6M/yTRem0TDq =0lPT -----END PGP SIGNATURE----- --==========636895628==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 14:55:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id D649137B401 for ; Tue, 17 Jul 2001 14:55:28 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds9m39.sarvers.com [216.37.231.39]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id ; Tue, 17 Jul 2001 17:55:25 -0400 Message-ID: <017f01c10f0b$2cf38be0$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: "Paul Robinson" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> <20010717121913.J27087@jake.akitanet.co.uk> Subject: Re: gcc on production server Date: Tue, 17 Jul 2001 17:55:18 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mr. Robinson, > Firstly, can I suggest that you use more paragraph breaks. Your mail was > bordering on unreadable due to the big mass of text. ;-) I'll try :-) > You're talking about something completely different. Ditto. Perhaps one of the key points of contention and misunderstanding in this thread. >I'm not talking about a > proven exploitation. I'm not talking about the case where there is direct > evidence that your machine has been compromised. I'm talking about you > keeping your daemons patched up to date. That would be a different but related issue; I think we should be talking in the same context in order to come to an understanding. I came from the school of thought where an attack, and eventual compromise, is almost a definite given with enough time online. And in the environments where I worked, there simply wasn't enough manpower to properly plan and execute things; in the practical sense. I have tried to do things as best as possible given that when the powers that be needed something it was always a crisis mode deal. often budgeting and planning weren't priorities not by MY choice, but by those that if I don't live up to their expectations, I'm out of there. You imply that I give little regard to security. Far from it. I put a high priority on it. I haven't been lucky enough to have a neighborhood guru around to help teach me. I've learned mainly through howtos, newsgroups, printing and reading enough docs to get lab admins ticked at the paper allotments I used up, and experimenting with setups. That's why I asked you about the howtos for doing the MD5's. In the environment where I am now, it's simply not practical for me to refit a system to improve on something that's working. >And if you are honestly stating > that there are fewer patches released for software you run over say, a year, > than the number of times you get rootkitted in a year, again I thank God you > don't work anywhere near any equipment I operate. I haven't been rootkitted. I also do the best I can to prevent having a myriad of services running on a single system, coupled with different passwords to my servers so infiltrating one doesn't give carte blanche to the others. As I said, I'm not as irresponsible security-wise as you're implying. As for the standpoint of patching just to keep up to date, I have been bitten once in awhile for being on the bleeding edge in updates. If an exploit is for a service I don't run, why apply it? If an exploit is for a program only expolitable locally, but the only person who has any access on the machine is myself, why update it and run the risk of having a downtime problem because of it? Being called into the office to get dressed down for taking out a service just because I was trying to fix something that wouldn't be used anyway by anyone would not make management exactly happy. I realize what you're saying, and if it were just my server or just my services in question, I'd do it. In my situation, and in the situation I suspect many admins out there are in, there are times where well enough alone works. > We're less than 10 people and have a full-time security officer. I'd love to have even that :-) > Not really, we have less than half a dozen permanently connected hosts. I > have worked in very large sites with 100's of machines, but I like it here > where things are nice and small. :-) I kind of miss that too...my previous job was smaller but with more people depending on the systems. I liked having a boss that knew that SMTP wasn't something that involved Halloween and toilet papering. > Build it Once and Walk Away. You should put the time and effort in at the > design stage to try and get things to work well. If you spend 4 months > designing and then a weekend implementing, you will find things to be a lot > more stable and better suited to the app than 2 months rushed gradual > implementing based on a design put together in a weekend. For better or worse, time is a luxury as is budgeting where I am. I have no doubt that 4 months of planning would make things a lot more stable and well suited. Except within one month my head would be on a platter. Although I do disagree with the walk away philosophy part. No system is foolproof. Except for Microsoft marketing, maybe. And no admin is infallible. Ever read "@Large"? I'd like to see you keep that kid out of your servers. > I agree with that, I'm just trying to get across to you that from a security > point of view, it's a dead end. I would think it's a matter of "security priorities". Your argument sounds like security through latest patchlevels are the key. The CD idea I tossed out was essentially saying "if you manage to break into my house, you can take what you want", only all the belongings are nailed down and superglued. That gets into the argument, which neither of us can win, of "can I come up with a system that no one will ever break into" or "someone may get in eventually, lets minimize the damage as much as possible". >As for security, all I have to say is "why > bother?" just use the tools provided. Too many clever hacks I've occasionally met up with, basically. I'm not dismissing your argument, I agree with you on many points. I'm just not comfortable with the tools provided being the place to rest on laurels. Just when you think you've seen it all...never underestimate the power of a bored and malcontented mind. > Ho, ho, ho. Look, I've worked in a variety of sites, on a variety of > applications. If you knew what some of our products were, and how they were > developed you would realise I'm open to new approaches. I apologize if I came off too strong in sounding like a personal attack. I don't know you, and it wouldn't be right of me to make that kind of judgement. I was returning the volley released by the "thank God you don't work near my servers" sentiment...I didn't think I was that bad of a Linux admin. >However, we also > know about security. Then you can acknowledge that you are in an evironment where such learning and care are encouraged. Where I was, and am, it's an unfortunate luxury. I'd really have liked to work at a place where I'd have more time to immerse myself or work with others on implementing freenix systems. It just hasn't worked out that way at this point. But I'm young :-) > We have never told them to move to read-only media as a security measure. Another point of context, I didn't mean to say that it was a purely security driven measure. When I had discussed this with my previous boss, it was part of setting up servers for the ease of use in certain areas, the security would have been a side benefit. > This is not because we're not "open to new ideas". It's because we've seen > it, done it, played with it, broken it, stamped on it, trashed it, written > reports on it, and got paid to consider it. I came to that conclusion about the open ideas mainly because I didn't remember you telling what background you had done before about it; your arguments came off more as rapid fire brushoffs. At least, that was my interpretation when I read and re-read your previous posting. Another apology may be in order to you. >And the simple truth is that you > will improve security and lower administrative costs by using standard > installs, but using the tools provided for the security measures that are > appropriate for the organisation. Very true. > And the worst security risk on a network is the admin who thinks he knows > about security and won't listen to what we're saying. I'm very much trying to listen to what you're saying. I haven't dismissed your approach. I asked about the implementation of the MD5 checksummed executables, remember? (BTW-does that have overhead cost to the server when doing heavy accesses to different programs on the server side, having to do the checksum computation before execution?) > What the HELL is doing there? It should be on a CD, in the drive of the > machine, being checked on a daily basis automatically. Or at least, that's > what databases like that are there for. The Aide database? Because I routinely run a check from it and compare the database on the server with the one on the media. As changes are made I archive a new copy to another disk. The file isn't big enough to really warrant transferring it over to a machine with a burner when the ZIP works more than adequately. > Now I see the reason why the first you know about being rootkitted is when > customers start complaining, or you get mail from the admins at ibm.com... I have yet to find myself in that particular situation, but if you find every glitch in your system or configuration on your own without anyone else noticing, you must be charmed. > The point about all these measures is that you are supposed to be able to > detect a compromise. Not prevent it. Being able to detect but not prevent is > FAR more useful than thinking you can prevent (which you can never do) but > are never able to detect. You're assuming an implicit trust in a piece of > software on the IDE controller that says "no, I think I'm read only". Somewhere in here we seem to have switched rolls. > The point about using MD5, signed executables, etc. is to detect > compromise. The idea of being able to *very* quickly patch your daemons is > about prevention. MD5: again, why I asked if there was a reference to implementing it. > Fair enough. I've got confused in this criss-crossing of threads as well. I > thought you were referring to HDD RO. Nopes. I wouldn't want the hassle of disassembling the case just to make a change. Especially on a production server. >CD RO is more realistic, but then you > still have rising admin costs, etc. and you start to have real problems if > your servers are in a co-location facility 3,000 miles away. ;-) True, our colos at the time were only about 20 or 30. :-) > If you give or sell shell accounts, expect to get compromised one day. Exactly why we don't. >The > guy who does the security audits here reckons that given a shell on any > machine, he'll eventually get root. And he's proved himself right every > time. :-) Then perhaps one day I'll find a way to prove him wrong, if that's a challenge :-) Here...I'll put up an NT machine with the telnet server...you'll never get root on that! Administrator maybe, but never root!! > Absolutely, which is why detection is IMHO better than attempted prevention. I try fortifying prevention and having a regimen of detection in the backside. The management who doesn't care what a daemon or spooler is are the same ones that will see more problems with the mopup after an attack rather than being told that if we're compromised, we'll definitely know it. > Well, all the TrustedBSD stuff is being merged at the moment into 5.0, and > there has been something like $1.2 million awarded by the DoD to be spent on > improving this functionality in FreeBSD, to bring it up to DoD specs. So, at > the moment, it requires a lot of messing around, but we should see over the > next 12 months it become more common place, and for more docs to appear. I will be watching more of this as it happens then. One thing I did not like was the liklihood of splitting configs even more; finding that something wasn't working properly because of the security enhancements put into the system. Small chance, but another training hurdle for new admins to get aquainted with and keep in mind that keeps it from being more or less standard. > Agreed, and the more we have this argument, the more I'm starting to wane to > your point of view, and I can see what you're attempting to state. The heart of most arguments, it seems, is not necessarily having a different opinion, but rather a different interpretation and approach to the perceived problem at hand, eh? > We just spend Friday afternoons in the pub instead of pizza partys. ;-) Can't we all just get along and have pizza at a pub? > > You sound as if you have a solid implementation of policies and procedures, > > Ohhh, no. Don't go that far. We're fumbling as much as you are. Perhaps > we've just tried more things than most. How long have you been in the security biz, out of curiosity? > Well, like I say, I'm seeing your point, slowly. And I wouldn't neccessarily > dismiss you as an employee. Providing you were female, good looking, could > give good shoulder massages, etc. :-) Oh, dammit, I'm male. And not all that good looking. How about just locking me in the server room? Okay, that was indeed a couple big messages, and I'm about ready to go relax a little. Unless there are other points to be made for everyone to view, I suggest that this be drawn to a close with a virtual handshake and be taken to private email offlist if there are more comments on this, and thanks to everyone who emailed some arguments in private :-) -Bart --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/4/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 20:52: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 2426237B403 for ; Tue, 17 Jul 2001 20:52:00 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f6I3pw526897 for ; Tue, 17 Jul 2001 21:51:58 -0600 (MDT) From: dave@hawk-systems.com (Dave) To: Subject: RE: jail... any minimal lists or configs available? Date: Tue, 17 Jul 2001 23:57:25 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <552500000.995391273@asimov> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org below >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG On Behalf Of PM Lashley >To: Alexey Zakirov >Subject: Re: jail >> So I'm use a following script to update my jails: >> >> make hierarchy DESTDIR=$INSTALLATION_PATH >> make install DESTDIR=$INSTALLATION_PATH >> cd $INSTALLATION_PATH >> rm -rf boot dev lkm mnt modules proc root sys >> cat $WORK/delete.lst | xargs chflags 0 > >So exactly which files do you have listed in each of the '.lst' files? Speaking (loosly related to thread) about jail file lists... would love to see a sample (toaster like install) for a bare bones jail that would give the minimal jail configuration supporting qmail, apache, database(a la mysql, postgres,...) perhaps open ssh... basic telnet and so forth. Save having to reduce and hack apart the directory tree sfter the fact. Currently our jails feel a bit top heavy in the storage requirement arena. Any examples or toaster instructions out there that one is willing to share? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 22:16:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepB.post.tele.dk (fepB.post.tele.dk [195.41.46.145]) by hub.freebsd.org (Postfix) with ESMTP id 961CF37B401 for ; Tue, 17 Jul 2001 22:16:47 -0700 (PDT) (envelope-from leifn@neland.dk) Received: from arnold.neland.dk ([62.243.18.79]) by fepB.post.tele.dk (InterMail vM.4.01.03.21 201-229-121-121-20010307) with ESMTP id <20010718051646.SOML3246.fepB.post.tele.dk@arnold.neland.dk>; Wed, 18 Jul 2001 07:16:46 +0200 Received: from gina (gina.neland.dk [192.168.5.14]) by arnold.neland.dk (8.11.4/8.11.4) with SMTP id f6I5Ipd44908; Wed, 18 Jul 2001 07:18:51 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <006601c10f48$df89da60$0e05a8c0@neland.dk> From: "Leif Neland" To: "Bart Silverstrim" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> <20010717121913.J27087@jake.akitanet.co.uk> <017f01c10f0b$2cf38be0$0100a8c0@sosbbs.com> Subject: @large, was: Re: gcc on production server Date: Wed, 18 Jul 2001 07:16:59 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Ever read "@Large"? I'd like to see you keep that kid out of your = servers. >=20 Any links? All the search engines ignore "@" and return a large number of hits for = "large". Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 22:28:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from roulen-gw.morning.ru (roulen-gw.morning.ru [195.161.98.242]) by hub.freebsd.org (Postfix) with ESMTP id DC3D437B406; Tue, 17 Jul 2001 22:28:05 -0700 (PDT) (envelope-from poige@morning.ru) Received: from NIC1 (seven.ld [192.168.11.7]) by roulen-gw.morning.ru (Postfix) with ESMTP id 10175127; Wed, 18 Jul 2001 13:28:04 +0800 (KRAST) Date: Wed, 18 Jul 2001 13:28:20 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <1185771218.20010718132820@morning.ru> To: Wes Peters Cc: freebsd-hackers@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re[2]: Flight of the rat, living wreck..... In-Reply-To: <3B3E0D93.79738728@softweyr.com> References: <754836544.20010630185133@morning.ru> <3B3E0D93.79738728@softweyr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Igor Podlesny wrote: >> > /* >> > * Macro for finding the interface (ifnet structure) corresponding to one >> > * of our IP addresses. >> > */ >> > #define INADDR_TO_IFP(addr, ifp) \ >> > /* struct in_addr addr; */ \ >> > /* struct ifnet *ifp; */ \ >> > { \ >> > register struct in_ifaddr *ia; \ >> > \ >> > for (ia = in_ifaddrhead.tqh_first; \ >> >> // so here we start looking through the queue >> >> > ia != NULL >> >> // sanity (I'd have written just (ia)) >> >> > && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \ >> >> // hm. special case if the interface is PTP >> >> > IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \ >> >> // so it is like: if it is PTP, then we using DST address in comparison >> // with addr.s_addr >> >> // it is the time I started to ask myself why it is so? why we're (ok, >> // they're) checking for remote ip-address if the head comment >> // says: >> // * Macro for finding the interface (ifnet structure) corresponding to one >> // * of our IP addresses. >> // ^^^ >> // ^^^ > With point-to-point connections, the address at the opposite end of the > connection is always used in the route table. When the interface is > created as a point-to-point interface, a route is automatically entered > from the local address to the opposite address. The "corresponding" > in the comment at the beginning of the macro is interpreted rather loosely. From http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_var.h : > Backout damage to the INADDR_TO_IFP() macro in revision 1.7. > > This macro was supposed to only match local IP addresses of > interfaces, so, this comment supports the idea that the macro itself was incorrect. > and all consumers of this macro assume this as > well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket > options in the ip(4) manpage.) > > This fixes a major security breach in IPFW-based firewalls Actually, this doesn't (didn't) and Ruslan (ru@freebsd.org) was wrong pointing out this in the comment... It was just a mistake affecting to remote peer only. Local ip anyway was protected with 'me'. (it did fit to the macros as well as remote ip did and this fact is the only erroneous in the situation) > where the `me' keyword would match the other end of a P2P > link. > > PR: kern/28567 -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 22:32:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.inetcomm.ru (mail.inetcomm.ru [212.152.32.73]) by hub.freebsd.org (Postfix) with ESMTP id A14D037B407 for ; Tue, 17 Jul 2001 22:32:41 -0700 (PDT) (envelope-from rk@inetcomm.ru) Received: from hit.inetcomm.net (hit.inetcomm.net [212.152.32.74]) by mail.inetcomm.ru (Postfix) with SMTP id A731017E41; Wed, 18 Jul 2001 09:32:34 +0400 (MSD) Date: Wed, 18 Jul 2001 09:32:34 +0400 From: "Roman Korolyov" To: Alexey Zakirov Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail In-Reply-To: References: <552500000.995391273@asimov> X-Mailer: stuphead ver. 0.5.2 (Roach) (GTK+ 1.2.6; Linux 2.2.14-win4lin; i686) Organization: INET Communications Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Message-Id: <20010718053234.A731017E41@mail.inetcomm.ru> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001 22:48:32 +0400 (MSD) Alexey Zakirov wrote: > Sorry if this can't be appropriate for this list but I've administered > public shell boxes for 3 years and I think those AREN'T important files > for public shell/web hosting so I've attached those lists. Thanks alot :) But there's one question I still have no answer: is it possible to use quotas INSIDE jail? Will it work on the same real fs for many jails? Or should I use vnode partition for every jail? -- Roman Korolyov INETCOMM ISP - Podolsk, Russia http://www.inetcomm.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 23:37:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.inet.hu (www.netporta.hu [195.70.35.166]) by hub.freebsd.org (Postfix) with ESMTP id 6B40D37B401 for ; Tue, 17 Jul 2001 23:37:36 -0700 (PDT) (envelope-from coltaan@is.hu) Received: from storage01 (m019-balassagyarmat.dial.elender.hu [212.108.238.211]) by www.inet.hu (8.11.0/8.11.0) with SMTP id f6I6fFQ01644 for ; Wed, 18 Jul 2001 08:41:16 +0200 (CEST) (envelope-from coltaan@is.hu) Message-ID: <003c01c10f53$bf31d1e0$0264a8c0@home.net> From: =?windows-1250?Q?Szab=F3_Zolt=E1n?= To: Subject: 56k/isdn Date: Wed, 18 Jul 2001 08:34:48 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi i need a 56k/isdn (combo) BRI card for my freebsd box. any experience, any idea? regards, szabo zoltan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 17 23:53: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from postoffice.aims.com.au (advanc2.lnk.telstra.net [139.130.119.73]) by hub.freebsd.org (Postfix) with ESMTP id 9779637B40A for ; Tue, 17 Jul 2001 23:52:50 -0700 (PDT) (envelope-from chris@aims.com.au) Received: from postoffice.aims.com.au (nts-ts1.aims.private [192.168.10.2]) by postoffice.aims.com.au with ESMTP id f6I6qlV82301 for ; Wed, 18 Jul 2001 16:52:47 +1000 (EST) (envelope-from chris@aims.com.au) Received: from ntsts1 by aims.com.au with SMTP (MDaemon.v3.5.3.R) for ; Wed, 18 Jul 2001 16:52:20 +1000 Reply-To: From: "Chris Knight" To: Cc: Subject: RE: 56k/isdn Date: Wed, 18 Jul 2001 16:52:19 +1000 Message-ID: <00b301c10f56$30cfbf90$020aa8c0@aims.private> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-reply-to: <003c01c10f53$bf31d1e0$0264a8c0@home.net> Importance: Normal X-Return-Path: chris@aims.com.au X-MDaemon-Deliver-To: freebsd-isp@freebsd.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Howdy, There's the Eicon Diva Server card, but you'll have to port the Linux driver yourself - the folks who wrote the Linux drivers aren't interested in writing it for the xBSD platforms. Getting datasheets for either the Eicon range of cards (Diva Server) or the Digi range of cards (Datafire RAS) is next to impossible, so the only reference is the Linux driver code for both these products. This is probably better discussed on the freebsd-isdn mailing list. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Szabó Zoltįn > Sent: Wednesday, 18 July 2001 16:35 > To: freebsd-isp@FreeBSD.ORG > Subject: 56k/isdn > > > hi > > i need a 56k/isdn (combo) BRI card for my freebsd box. > any experience, any idea? > > regards, > szabo zoltan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 2:15:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id 6BE0337B401 for ; Wed, 18 Jul 2001 02:15:30 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds9m39.sarvers.com [216.37.231.39]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id ; Wed, 18 Jul 2001 05:15:25 -0400 Message-ID: <002901c10f6a$2ddb95c0$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: "Leif Neland" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> <20010717121913.J27087@jake.akitanet.co.uk> <017f01c10f0b$2cf38be0$0100a8c0@sosbbs.com> <006601c10f48$df89da60$0e05a8c0@neland.dk> Subject: Re: @large, was: Re: gcc on production server Date: Wed, 18 Jul 2001 05:15:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Ever read "@Large"? I'd like to see you keep that kid out of your servers. > >Any links? All the search engines ignore "@" and return a large number of hits for "large". In case anyone else out there is interested, http://www.amazon.com/exec/obidos/ASIN/0684824647/qid=995447343/br=1-17/ref= b_br_lf/002-5710797-1960822 for information (not an endorsement for amazon...I just use them sometimes to grab ISBN numbers and such for ordering...) Hardcover - 315 pages 1st edition (January 15, 1997) Simon & Schuster; ISBN: 0684824647 ; Dimensions (in inches): 0.99 x 9.57 x 6.49 The above info points to the hardcover edition, according to the website... -Bart --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 3:30:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 5A60D37B401 for ; Wed, 18 Jul 2001 03:30:09 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15MoaW-000Igl-00; Wed, 18 Jul 2001 11:29:52 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15Moao-000CQI-00; Wed, 18 Jul 2001 11:30:10 +0100 Date: Wed, 18 Jul 2001 11:30:10 +0100 From: Paul Robinson To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010718113010.C59895@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> <20010716103740.C37477@jake.akitanet.co.uk> <00a701c10e42$2075b560$0100a8c0@sosbbs.com> <20010717121913.J27087@jake.akitanet.co.uk> <017f01c10f0b$2cf38be0$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <017f01c10f0b$2cf38be0$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Tue, Jul 17, 2001 at 05:55:18PM -0400 X-Scanner: exiscan *15MoaW-000Igl-00*$AK$N.4sYw906iYiFBzakiYQU.* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This one is getting big and unwieldy, so I'm going to chop a lot of stuff out for the sake of diskspace. ;-) On Jul 17, Bart Silverstrim wrote: > Mr. Robinson, My bank calls me Mr. Robinson. And my Doctor. You, you will be pleased to hear, don't need to. :-) > In the environment where I am now, it's simply not practical for me to refit > a system to improve on something that's working. And therein lies an inherent misunderstanding. This thread picked up with the idea of doing a retro-fit - moving boxes onto RO media. My point was that if you're starting from scratch, you have the oppurtunity to do it properly, and just wacking stuff onto RO, whilst making you sleep a little better at night, was not IMHO "best practise". > > We're less than 10 people and have a full-time security officer. > > I'd love to have even that :-) Well, you need to start up a pen-testing company like we did. Then you get one. :-) > For better or worse, time is a luxury as is budgeting where I am. I have no > doubt that 4 months of planning would make things a lot more stable and well > suited. Except within one month my head would be on a platter. Four months was an exaggeration. What I meant was (and this betrays my Software Engineering background), that if you sit down and plan and design, and spend orders of magnitude doing that, and then quickly implement it, the solution would be better than if you just start implementing with only a rough plan and design. > Although I do disagree with the walk away philosophy part. No system is > foolproof. Except for Microsoft marketing, maybe. And no admin is > infallible. "Walk Away" again is a bit of an exaggeration. What I am trying to infer is very little maintenance. Sure, everything needs maintenance, but the less you have to do, the more time you get to work on new projects. With the right time at the beginning, that is a more acheivable goal. Or at least, it is for me. > work near my servers" sentiment...I didn't think I was that bad of a Linux > admin. Never underestimate how terrible you are. :-) > I'd really have liked to work at a place where I'd have more time to immerse > myself or work with others on implementing freenix systems. It just hasn't > worked out that way at this point. But I'm young :-) So am I. Only 23 next month. ;-) > arguments came off more as rapid fire brushoffs. At least, that was my > interpretation when I read and re-read your previous posting. Another > apology may be in order to you. And another apology from me. I can be a bit abrupt at times. Something to do with several hundred mails a day to get through, plus the day job. :-) > I'm very much trying to listen to what you're saying. I haven't dismissed > your approach. I asked about the implementation of the MD5 checksummed > executables, remember? (BTW-does that have overhead cost to the server when > doing heavy accesses to different programs on the server side, having to do > the checksum computation before execution?) OK, the executables are MD5 checked against a database every day or so (a la tripwire), but with trustedbsd, which is to be merged with FreeBSD 5.0 over time, you can play silly buggers with all sorts of mad stuff. You can control what syscalls get used by who, where, etc. and there is all sorts of mad stuff to play with. To get started, take a look at: http://www.trustedbsd.org/downloads/ > > FAR more useful than thinking you can prevent (which you can never do) but > > are never able to detect. You're assuming an implicit trust in a piece of > > software on the IDE controller that says "no, I think I'm read only". > > Somewhere in here we seem to have switched rolls. Yeah, mine has got cheese in it. This one is tuna. :-) > Nopes. I wouldn't want the hassle of disassembling the case just to make a > change. Especially on a production server. Which was one of my original points - e.g. the administrative costs on a large site would make the idea prohibitive. > Here...I'll put up an NT machine with the telnet server...you'll never get > root on that! Administrator maybe, but never root!! We can make an Administrator-equivalent account called "root". :-) > > We just spend Friday afternoons in the pub instead of pizza partys. ;-) > > Can't we all just get along and have pizza at a pub? I actually know a bar in Manchester, UK (where I am), where you can have pizza delivered, and the bar staff will come and find you. Sounds like a good idea. > > Ohhh, no. Don't go that far. We're fumbling as much as you are. Perhaps > > we've just tried more things than most. > > How long have you been in the security biz, out of curiosity? The sec. officer has been involved one way or another for about 15-20 years now. I've been messing with security for about 7 years or so, and although I'm still quite young have worked in quite senior positions in a variety of places. Plus I spend most of my time outside of work playing with kit as well. > Oh, dammit, I'm male. And not all that good looking. How about just > locking me in the server room? As long as you wear a gimp mask in corporate colours, I'm sure we could sort something out. :-) > suggest that this be drawn to a close with a virtual handshake and be taken > to private email offlist if there are more comments on this, and thanks to > everyone who emailed some arguments in private :-) Yeah, I didn't read that bit until I got here, but I agree. I think we can wrap this one up as: 1. Use the tools provided with/for the OS for security - don't try and make your own unless you know what you're doing. 2. RO media can be a hassle if you're OS is on there. It needs careful planning, and your admin costs are likely to rise. 3. RO media is great for things like tripwire databases. 4. Arguments are futile when it comes to security, because everybody has their own technique, and their own angle and perception as to what the priorities are. 5. Life is too short to spend most of it worrying about a 14-year old getting access to your password file. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 3:56:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id AEA5537B401 for ; Wed, 18 Jul 2001 03:56:13 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 52F2E27E9C7; Wed, 18 Jul 2001 14:56:06 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id 8F63A43973; Wed, 18 Jul 2001 14:55:27 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 5B46B5F3C; Wed, 18 Jul 2001 14:55:26 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 22D71CCE6; Wed, 18 Jul 2001 14:55:26 +0400 (MSD) Date: Wed, 18 Jul 2001 14:55:26 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: alexus Cc: Subject: Re: jail In-Reply-To: <002901c10f00$252605b0$0d00a8c0@alexus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 17 Jul 2001, alexus wrote: > how often do i need/have to update my jail? it depends onto your master system updates. *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 4: 5:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unity.agava.ru (unity.agava.ru [213.59.3.227]) by hub.freebsd.org (Postfix) with ESMTP id F076D37B403 for ; Wed, 18 Jul 2001 04:05:33 -0700 (PDT) (envelope-from frank@agava.com) Received: from relay2.agava.net.ru (unknown [193.125.142.2]) by unity.agava.ru (Postfix) with ESMTP id 3554A27E9E4; Wed, 18 Jul 2001 15:05:33 +0400 (MSD) Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2]) by relay2.agava.net.ru (Postfix) with ESMTP id B5CCF4386E; Wed, 18 Jul 2001 15:04:27 +0400 (MSD) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by gw.office.agava.ru (Postfix) with ESMTP id 594935F8E; Wed, 18 Jul 2001 15:04:23 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id B1984CCE6; Wed, 18 Jul 2001 15:04:22 +0400 (MSD) Date: Wed, 18 Jul 2001 15:04:22 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: Roman Korolyov Cc: Subject: Re: jail In-Reply-To: <20010718053234.A731017E41@mail.inetcomm.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 18 Jul 2001, Roman Korolyov wrote: > On Tue, 17 Jul 2001 22:48:32 +0400 (MSD) Alexey Zakirov wrote: > > > Sorry if this can't be appropriate for this list but I've administered > > public shell boxes for 3 years and I think those AREN'T important files > > for public shell/web hosting so I've attached those lists. > > Thanks alot :) > But there's one question I still have no answer: is it possible > to use quotas INSIDE jail? Will it work on the same real fs for > many jails? Or should I use vnode partition for every jail? it depends. As usual you can get quota only for a particular user or group. There is a trick with including all users of jail into one group and set group quota for it but it not 100% reliable. In my own expirience disk quota is not so important as other resource limits and the existent quota mechanism is enough for a normal work. There is the only one problem - you can't drive quota limits from jail. quotactl(2) works only from the "master" system. *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 4:38:14 2001 Delivered-To: freebsd-isp@freebsd.org Received: from proxon.bnc.net (proxon.bnc.net [62.225.99.6]) by hub.freebsd.org (Postfix) with ESMTP id A3C0F37B403; Wed, 18 Jul 2001 04:38:10 -0700 (PDT) (envelope-from ap@proxon.bnc.net) Received: (from ap@localhost) by proxon.bnc.net (8.11.3/8.11.3) id f6IBc5s86331; Wed, 18 Jul 2001 13:38:05 +0200 (CEST) (envelope-from ap) Date: Wed, 18 Jul 2001 13:38:05 +0200 From: Achim Patzner To: hackers@freebsd.org, isp@freebsd.org Subject: UW IMAP, PAM and mysql Message-ID: <20010718133805.A86188@proxon.bnc.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! I didn't know exactly whom to annoy about it so I sent it to hackers AND ISP... I'm trying to get UW IMAP to authenticate users using a mysql database (using pam_mysql). Am I the only one trying to do this? My /etc/pam.conf contains all the necessary things: [...] # Mail services imap auth sufficient pam_mysql.so user=[...] #imap auth required pam_unix.so imap account sufficient pam_mysql.so user=[...] try_first_pass #imap account required pam_unix.so try_first_pass imap session required pam_deny.so pop3 auth sufficient pam_mysql.so host=[...] #pop3 auth sufficient pam_unix.so pop3 account sufficient pam_mysql.so host=[...] try_first_pass #pop3 account sufficient pam_unix.so try_first_pass pop3 session required pam_deny.so [...] As you might have guessed: It doesn't work. If the account in question doesn't exist in /etc/passwd authentication will fail _without_ a query to the mysql database. Obviously I misunderstood something about PAM in general or using pam_mysql. Any ideas? Noses. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 6: 7:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (f71.pav2.hotmail.com [64.4.37.71]) by hub.freebsd.org (Postfix) with ESMTP id 02F2937B403 for ; Wed, 18 Jul 2001 06:07:35 -0700 (PDT) (envelope-from tomturrisi@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 18 Jul 2001 06:07:34 -0700 Received: from 217.32.137.224 by pv2fd.pav2.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 13:07:34 GMT X-Originating-IP: [217.32.137.224] From: "Tom Turrisi" To: freebsd-isp@freebsd.org Subject: FreeBSD 4.2 RELEASE and RealServer 8.01 Date: Wed, 18 Jul 2001 14:07:34 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 13:07:34.0994 (UTC) FILETIME=[9C941B20:01C10F8A] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, During the next few months i will be creating a streaming media solution and i have chosen to use RealServer 8.01 from www.realnetworks.com . The only problem with that is... RealServer is supported on FreeBSD 3 but apparently not 4.2 I e-mailed tech support at realnetworks and was informed that although their was no "out of the box" package for 4.2 , it is still possible to install it on 4.2 . So i downloaded the evaluation, ran it a few times and fixed all the errors it came up with (missing librarys which i found in /usr/src/lib/compat/compat3x.i386/ ) and then managed to execute the setup program. All was going well until whilst copying files i get a core dump. The setup has produced no error log for this, the only thing i could find was this line in /var/log/messages /kernel: pid 39237 (rs-8-01-freebsd-), uid 0: exited on signal 11 (core dumped) Has anybody sucesfully installed RealServer 8 on a freebsd 4x box? or has anybody come across this problem and not been able to get around it? I would really appreciate any help and advice Thanks Tom Turrisi _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 9:12:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (f94.pav2.hotmail.com [64.4.37.94]) by hub.freebsd.org (Postfix) with ESMTP id E094137B403 for ; Wed, 18 Jul 2001 09:12:23 -0700 (PDT) (envelope-from tomturrisi@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 18 Jul 2001 09:12:18 -0700 Received: from 217.32.137.224 by pv2fd.pav2.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 16:12:18 GMT X-Originating-IP: [217.32.137.224] From: "Tom Turrisi" To: giorgio@ag2000.it, freebsd-isp@freebsd.org Subject: Re: FreeBSD 4.2 RELEASE and RealServer 8.01 Date: Wed, 18 Jul 2001 17:12:18 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 16:12:18.0253 (UTC) FILETIME=[6AB737D0:01C10FA4] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org excellent, that sorted the problem out in no time. Thanks! Tom >From: "Giorgio Bozio" >To: "Tom Turrisi" , >Subject: Re: FreeBSD 4.2 RELEASE and RealServer 8.01 >Date: Wed, 18 Jul 2001 15:16:23 +0200 > >Hi Tom! >just go to /stand/sysinstall >choose Configuration >then distributions >then check compat3.x > >maybe you'll have to reinstall and realserver should work fine. >hope this help > >Ciao, >Giorgio > >----- Original Message ----- >From: "Tom Turrisi" >To: >Sent: mercoledģ 18 luglio 2001 15.07 >Subject: FreeBSD 4.2 RELEASE and RealServer 8.01 > > > > Hi guys, > > > > During the next few months i will be creating a streaming media solution >and > > i have chosen to use RealServer 8.01 from www.realnetworks.com . > > > > The only problem with that is... RealServer is supported on FreeBSD 3 >but > > apparently not 4.2 > > > > I e-mailed tech support at realnetworks and was informed that although >their > > was no "out of the box" package for 4.2 , it is still possible to >install >it > > on 4.2 . > > > > So i downloaded the evaluation, ran it a few times and fixed all the >errors > > it came up with (missing librarys which i found in > > /usr/src/lib/compat/compat3x.i386/ ) and then managed to execute the >setup > > program. > > > > All was going well until whilst copying files i get a core dump. > > The setup has produced no error log for this, the only thing i could >find > > was this line in /var/log/messages > > > > /kernel: pid 39237 (rs-8-01-freebsd-), uid 0: exited on signal 11 (core > > dumped) > > > > > > > > Has anybody sucesfully installed RealServer 8 on a freebsd 4x box? or >has > > anybody come across this problem and not been able to get around it? > > > > I would really appreciate any help and advice > > > > Thanks > > > > Tom Turrisi > > > > >_________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12: 1: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.qcislands.net (mail.qcislands.net [209.53.238.6]) by hub.freebsd.org (Postfix) with ESMTP id 601B237B401 for ; Wed, 18 Jul 2001 12:00:58 -0700 (PDT) (envelope-from ccstore@qcislands.net) Received: from [209.53.238.7] (helo=auth.qcislands.net) by mail.qcislands.net with esmtp (Exim 3.31 #2) id 15MwZ8-0002Kl-00 for freebsd-isp@freebsd.org; Wed, 18 Jul 2001 12:00:58 -0700 Received: from ccstore by auth.qcislands.net with local (Exim 3.22 #1) id 15MwZ8-0003Cm-00 for freebsd-isp@freebsd.org; Wed, 18 Jul 2001 12:00:58 -0700 From: Jim Pazarena To: freebsd-isp@freebsd.org Subject: setting up a mirror web server X-Mailer: SCO Shell Date: Wed, 18 Jul 2001 11:58:41 -0700 (PDT) Message-ID: <10107181158.aa08361@ccstores.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a remotely hosted server for the www. portion of my business, and I maintain a mirror server where my dial-ups are. I'd like to have my local dial-ups hit my local mirror server rather than go out my (thin) pipe to the remote site to pull back their local web pages from the remote host location. I can do this in 1 of two ways that I can see. I can configure the local server with the same IP as the remote one and then set routes to it in my local routers, or, I can set my DNS to feed the local IP to local dial-up DNS requests and provide the remote IP to outside world DNS requests. I can't reason which is more better ;-/ advice please. -- Jim Pazarena mailto:paz@qcislands.net http://www.qcislands.net/paz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12: 1:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nlaredo.globalpc.net (nld2.globalpc.net [207.193.206.189]) by hub.freebsd.org (Postfix) with ESMTP id 07FD437B409 for ; Wed, 18 Jul 2001 12:01:37 -0700 (PDT) (envelope-from adrianbsd@globalpc.net) Received: from ds9 (ds9.globalpc.net [207.193.204.57]) by nlaredo.globalpc.net (8.9.3/8.9.3) with SMTP id OAA99450 for ; Wed, 18 Jul 2001 14:06:18 -0500 (CDT) (envelope-from adrianbsd@globalpc.net) Message-Id: <3.0.6.32.20010718140004.01057240@globalpc.net> X-Sender: adrianbsd@globalpc.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Wed, 18 Jul 2001 14:00:04 -0500 To: freebsd-isp@FreeBSD.ORG From: Adrian Gonzalez Subject: Adaptec 2100S RAID Performance Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello everyone Sorry if this is slightly off topic, but I couldn't find anything similar on the archives. Here goes... I recently got an Adaptec 2100S single channel RAID controller (Ultra 160) and 4 Seagate Cheetah 18G 15K RPM drives. Basically, I mounted the 4 drives in a very nice but somewhat pricey enclosure from Storcase (http://www.storcase.com) and connected the array to the Adaptec card using a 3 ft Ultra-160 cable. The array was configured as RAID 1+0 (two pairs of two-drive RAID1 arrays) to get the best performance. FreeBSD 4.3 happily detected the controller and the disk array. I created a single partition and mounted it under /raid. Now for the question: What kind of performance should I expect from the array? I did simple tests like: dd if=/dev/zero of=test.file bs=1024k count=1000 and wasn't terribly impressed with the performance. dd reported about 44Meg/sec reads and 18Meg/sec writes on average. I know this isn't a terribly reliable way to test the performance, and I'm hoping the advantages of using RAID will show themselves once this array is in a production server under a multiuser environment, but I can't help feeling it's somewhat on the slow side. Anyone have a similar setup or some suggestions for better ways to benchmark this array? Since this is somewhat off-topic, please reply directly to me. I will post any interesting results/observations to the list. Thank you -Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12: 2:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by hub.freebsd.org (Postfix) with ESMTP id 2453E37B401 for ; Wed, 18 Jul 2001 12:02:46 -0700 (PDT) (envelope-from deichert@wrench.com) Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with ESMTP id f6IJ2tl85265; Wed, 18 Jul 2001 13:02:56 -0600 (MDT) Received: from localhost (deichert@localhost) by inago.swcp.com (8.8.7/8.8.7) with ESMTP id NAA03891; Wed, 18 Jul 2001 13:02:44 -0600 (MDT) X-Authentication-Warning: inago.swcp.com: deichert owned process doing -bs Date: Wed, 18 Jul 2001 13:02:44 -0600 (MDT) From: Diana Eichert X-Sender: deichert@inago.swcp.com To: Jim Pazarena Cc: freebsd-isp@FreeBSD.ORG Subject: Re: setting up a mirror web server In-Reply-To: <10107181158.aa08361@ccstores.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Take a look at squid. On Wed, 18 Jul 2001, Jim Pazarena wrote: > I have a remotely hosted server for the www. portion of my business, > and I maintain a mirror server where my dial-ups are. > > I'd like to have my local dial-ups hit my local mirror server rather than > go out my (thin) pipe to the remote site to pull back their local web > pages from the remote host location. > > I can do this in 1 of two ways that I can see. > > I can configure the local server with the same IP as the remote one and > then set routes to it in my local routers, or, > I can set my DNS to feed the local IP to local dial-up DNS requests > and provide the remote IP to outside world DNS requests. > > I can't reason which is more better ;-/ > > advice please. > > -- > Jim Pazarena mailto:paz@qcislands.net > http://www.qcislands.net/paz > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > Diana Eichert VP Technical Services Nothing in Particular at the Moment, Inc. deichert@wrench.com For PGP Public key http://www.swcp.com/~deichert/pgp_public_key.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12:15: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 9596B37B405 for ; Wed, 18 Jul 2001 12:15:02 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id NAA01538; Wed, 18 Jul 2001 13:14:36 -0600 (MDT) Date: Wed, 18 Jul 2001 13:14:36 -0600 (MDT) From: "Forrest W. Christian" To: Jim Pazarena Cc: freebsd-isp@FreeBSD.ORG Subject: Re: setting up a mirror web server In-Reply-To: <10107181158.aa08361@ccstores.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You don't want a mirror you want a cache. Try squid or one of the many commercial products. This will (possibly) improve performance if you really have a thin pipe. On Wed, 18 Jul 2001, Jim Pazarena wrote: > Date: Wed, 18 Jul 2001 11:58:41 -0700 (PDT) > From: Jim Pazarena > To: freebsd-isp@FreeBSD.ORG > Subject: setting up a mirror web server > > I have a remotely hosted server for the www. portion of my business, > and I maintain a mirror server where my dial-ups are. > > I'd like to have my local dial-ups hit my local mirror server rather than > go out my (thin) pipe to the remote site to pull back their local web > pages from the remote host location. > > I can do this in 1 of two ways that I can see. > > I can configure the local server with the same IP as the remote one and > then set routes to it in my local routers, or, > I can set my DNS to feed the local IP to local dial-up DNS requests > and provide the remote IP to outside world DNS requests. > > I can't reason which is more better ;-/ > > advice please. > > -- > Jim Pazarena mailto:paz@qcislands.net > http://www.qcislands.net/paz > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12:43:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 9A74437B401 for ; Wed, 18 Jul 2001 12:43:57 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 21941 invoked from network); 18 Jul 2001 19:43:40 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 18 Jul 2001 19:43:40 -0000 Message-ID: <000901c10fc1$f98d0d00$0d00a8c0@alexus> From: "alexus" To: Subject: autolock on users acc if he/she didnt login for last 30 days Date: Wed, 18 Jul 2001 15:43:52 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is there a way to do if user didn't login on shell for past lets say 30 days his account automaticly gonig lock? or change shell to /noshell ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12:46:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id B9A7C37B405 for ; Wed, 18 Jul 2001 12:46:43 -0700 (PDT) (envelope-from simon@optinet.com) Received: (qmail 44936 invoked by uid 106); 18 Jul 2001 19:48:32 -0000 Received: from 66-65-36-21.nyc.rr.com (HELO sharky) (66.65.36.21) by anaconda.acceleratedweb.net with SMTP; 18 Jul 2001 19:48:32 -0000 From: "Simon" To: "alexus" , "freebsd-isp@FreeBSD.ORG" Date: Wed, 18 Jul 2001 15:46:57 -0400 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: <000901c10fc1$f98d0d00$0d00a8c0@alexus> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: autolock on users acc if he/she didnt login for last 30 days Message-Id: <20010718194643.B9A7C37B405@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can write a script to do that and cron it. -Simon On Wed, 18 Jul 2001 15:43:52 -0400, alexus wrote: >is there a way to do if user didn't login on shell for past lets say 30 days >his account automaticly gonig lock? or change shell to /noshell ? > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 12:51:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id BDEDC37B403 for ; Wed, 18 Jul 2001 12:51:38 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 22061 invoked from network); 18 Jul 2001 19:51:24 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 18 Jul 2001 19:51:24 -0000 Message-ID: <001501c10fc3$0e58e230$0d00a8c0@alexus> From: "alexus" To: "Simon" , References: <20010718194643.B9A7C37B405@hub.freebsd.org> Subject: Re: autolock on users acc if he/she didnt login for last 30 days Date: Wed, 18 Jul 2001 15:51:37 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i'm not very good at writing scripts... can you do that for me?:) ----- Original Message ----- From: "Simon" To: "alexus" ; Sent: Wednesday, July 18, 2001 3:46 PM Subject: Re: autolock on users acc if he/she didnt login for last 30 days > > You can write a script to do that and cron it. > > -Simon > > On Wed, 18 Jul 2001 15:43:52 -0400, alexus wrote: > > >is there a way to do if user didn't login on shell for past lets say 30 days > >his account automaticly gonig lock? or change shell to /noshell ? > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 13:17:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 7D27037B401 for ; Wed, 18 Jul 2001 13:17:22 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id OAA01769; Wed, 18 Jul 2001 14:16:46 -0600 (MDT) Date: Wed, 18 Jul 2001 14:16:46 -0600 (MDT) From: "Forrest W. Christian" To: alexus Cc: Simon , freebsd-isp@FreeBSD.ORG Subject: Re: autolock on users acc if he/she didnt login for last 30 days In-Reply-To: <001501c10fc3$0e58e230$0d00a8c0@alexus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 18 Jul 2001, alexus wrote: > i'm not very good at writing scripts... See: To get started: (A must to learn perl:) Learning Perl, O'Reilly and associates. ISBN 0596001320 For "cookie cutter examples": (HIGHLY HIGHLY RECOMMENDED) Perl Cookbook, O'Reilly and associates. ISBN 1565922433 For documentation related to what you will likely be doing: Perl for System Administration, O'REilly & Assoc ISBN 1565926099 (I don't have a copy of this book, but if I was learning perl and needed to use it for sysadmin I would consider it a must!) Reference Manual: (Recommended if you like a printed reference manual) Programming Perl, O'Reilly & Assoc ISBN 0596000278 - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 13:54:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id 1E9B837B401 for ; Wed, 18 Jul 2001 13:54:51 -0700 (PDT) (envelope-from alson@mediadesign.nl) Received: (qmail 12827 invoked by uid 1002); 18 Jul 2001 20:54:50 -0000 Date: Wed, 18 Jul 2001 22:54:48 +0200 From: Alson van der Meulen To: freebsd-isp@FreeBSD.ORG Subject: Re: autolock on users acc if he/she didnt login for last 30 days Message-ID: <20010718225448.D15065@md2.mediadesign.nl> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.18i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 18, 2001 at 02:16:46PM -0600, Forrest W. Christian wrote: > On Wed, 18 Jul 2001, alexus wrote: > > > i'm not very good at writing scripts... > > See: > > To get started: (A must to learn perl:) > Learning Perl, O'Reilly and associates. ISBN 0596001320 > > For "cookie cutter examples": (HIGHLY HIGHLY RECOMMENDED) > Perl Cookbook, O'Reilly and associates. ISBN 1565922433 > > For documentation related to what you will likely be doing: > Perl for System Administration, O'REilly & Assoc ISBN 1565926099 > (I don't have a copy of this book, but if I was learning perl and needed > to use it for sysadmin I would consider it a must!) > > Reference Manual: (Recommended if you like a printed reference manual) > Programming Perl, O'Reilly & Assoc ISBN 0596000278 how about: Perl for System Administrators, look at perl.oreilly.com for more info You could also but the Perl CD Bookshelf 2.0, which includes all these books plus 'Advanced perl programming' in searchable HTML format To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 14:46:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from crdras.crd.ge.COM (crdras.crd.GE.COM [192.35.44.7]) by hub.freebsd.org (Postfix) with ESMTP id 2CE5937B401 for ; Wed, 18 Jul 2001 14:46:31 -0700 (PDT) (envelope-from lapinski@crd.ge.com) Received: from crdras.crd.ge.COM (localhost [127.0.0.1]) by crdras.crd.ge.COM (18xxx/8.9.3/8.9.3) with ESMTP id RAA28996 for ; Wed, 18 Jul 2001 17:46:30 -0400 (EDT) Received: from crdns.crd.ge.com (crdns [3.1.7.107]) by crdras.crd.ge.COM (25/8.9.3/8.9.3) with ESMTP id RAA28992; Wed, 18 Jul 2001 17:46:27 -0400 (EDT) Received: from exc01crdge.crd.ge.com (exc01crdge.crd.ge.com [3.1.116.47]) by crdns.crd.ge.com (8.9.3/8.9.3) with ESMTP id RAA11576; Wed, 18 Jul 2001 17:46:31 -0400 (EDT) Received: by exc01crdge.crd.ge.com with Internet Mail Service (5.5.2653.19) id <391CC5JG>; Wed, 18 Jul 2001 17:46:23 -0400 Message-ID: From: "Lapinski, Michael (CRD)" To: "'alexus'" , Simon , freebsd-isp@FreeBSD.ORG Subject: RE: autolock on users acc if he/she didnt login for last 30 days Date: Wed, 18 Jul 2001 17:46:16 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org nothing like the present time to get better at doing something =) -------------------------------------------------- Michael Lapinski Computer Scientist GE Corporate Research & Development Everything is on the Network and Everything is a Service. "I think there is a world market for maybe five computers." - IBM Chariman Thomas Watson, 1943 -----Original Message----- From: alexus [mailto:ml@db.nexgen.com] Sent: Wednesday, July 18, 2001 3:52 PM To: Simon; freebsd-isp@FreeBSD.ORG Subject: Re: autolock on users acc if he/she didnt login for last 30 days i'm not very good at writing scripts... can you do that for me?:) ----- Original Message ----- From: "Simon" To: "alexus" ; Sent: Wednesday, July 18, 2001 3:46 PM Subject: Re: autolock on users acc if he/she didnt login for last 30 days > > You can write a script to do that and cron it. > > -Simon > > On Wed, 18 Jul 2001 15:43:52 -0400, alexus wrote: > > >is there a way to do if user didn't login on shell for past lets say 30 days > >his account automaticly gonig lock? or change shell to /noshell ? > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 15:45:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id AF6EF37B403 for ; Wed, 18 Jul 2001 15:45:19 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.154.8]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id PAA00315 for ; Wed, 18 Jul 2001 15:43:57 -0700 Message-ID: <00d901c10fda$e4bc08e0$0c0aa8c0@caz> From: "Jeremy Buckner" To: Subject: virus checking Date: Wed, 18 Jul 2001 15:42:15 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just built a new mail server. Also using 4.3 with standard sendmail for smtp and qpopper for pop3. The goal here is to performe a virus scan on all email before it leaves the server (in other words incoming and outgoing mail). Can anyone recommend something good? Thanks, Jeremy Buckner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 17:41:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pendragon.tacni.net (mail.tacni.net [216.178.136.165]) by hub.freebsd.org (Postfix) with SMTP id 4BB9837B403 for ; Wed, 18 Jul 2001 17:41:08 -0700 (PDT) (envelope-from tom.oneil@tacni.com) Received: (qmail 56216 invoked by alias); 19 Jul 2001 00:40:57 -0000 Received: from unknown (HELO tacni.com) (216.201.173.186) by pendragon.tacni.net with SMTP; 19 Jul 2001 00:40:57 -0000 Message-ID: <3B562C98.8FF1EA03@tacni.com> Date: Wed, 18 Jul 2001 19:40:56 -0500 From: Tom ONeil Organization: Texas American Communictions Network Inc. X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Lapinski, Michael (CRD)" Cc: 'alexus' , freebsd-isp@FreeBSD.ORG Subject: Re: autolock on users acc if he/she didnt login for last 30 days References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org man pw Do it when the account is setup. -- Thomas J. ONeil tom.oneil@tacni.com http://www.tacni.net "National Power, Local Presence" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 18:48:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id A843737B403 for ; Wed, 18 Jul 2001 18:48:46 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 23797 invoked from network); 19 Jul 2001 01:48:30 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 19 Jul 2001 01:48:30 -0000 Message-ID: <002001c10ff5$3d699ba0$0100a8c0@alexus> From: "alexus" To: "Tom ONeil" , "Lapinski, Michael (CRD)" Cc: References: <3B562C98.8FF1EA03@tacni.com> Subject: Re: autolock on users acc if he/she didnt login for last 30 days Date: Wed, 18 Jul 2001 21:50:50 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2479.0006 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you probably talking about expiration date... and i'm talkin about inactivity on account ----- Original Message ----- From: "Tom ONeil" To: "Lapinski, Michael (CRD)" Cc: "'alexus'" ; Sent: Wednesday, July 18, 2001 8:40 PM Subject: Re: autolock on users acc if he/she didnt login for last 30 days > > > man pw Do it when the account is setup. > -- > Thomas J. ONeil tom.oneil@tacni.com > http://www.tacni.net > "National Power, Local Presence" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 18:58: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.amplex.net (mailsrv.amplex.net [209.57.124.54]) by hub.freebsd.org (Postfix) with ESMTP id A321A37B407 for ; Wed, 18 Jul 2001 18:58:00 -0700 (PDT) (envelope-from mark@amplex.net) Received: from mark2000 (dhcp58.amplex.net [209.57.124.58]) by mailsrv.amplex.net (8.11.2/8.11.2) with SMTP id f6J1vsk64260 for ; Wed, 18 Jul 2001 21:57:54 -0400 (EDT) From: "Mark Radabaugh - Amplex" To: Subject: RE: virus checking Date: Wed, 18 Jul 2001 21:57:55 -0400 Message-ID: X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <00d901c10fda$e4bc08e0$0c0aa8c0@caz> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have been very impressed with the combination of AVP for Unix (www.avp.ru) with this hack: http://www.decros.cz/~reho/check_virus/ Mark Radabaugh Amplex (419) 833-3635 > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jeremy Buckner > Sent: Wednesday, July 18, 2001 6:42 PM > To: freebsd-isp@FreeBSD.ORG > Subject: virus checking > > > Just built a new mail server. Also using 4.3 with standard > sendmail for smtp and qpopper for pop3. The goal here is to > performe a virus scan on all email before it leaves the > server (in other words incoming and outgoing mail). Can > anyone recommend something good? > > Thanks, > Jeremy Buckner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 18 19: 3:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.i-logic.ch (mail.pwh.ch [194.38.160.243]) by hub.freebsd.org (Postfix) with ESMTP id C445C37B403 for ; Wed, 18 Jul 2001 19:03:28 -0700 (PDT) (envelope-from ll@i-logic.ch) Received: from toto2 (pop-zh-20-1-dialup-140.freesurf.ch [194.230.178.140]) by mail.i-logic.ch (Postfix) with ESMTP id 4BA2BAC97 for ; Thu, 19 Jul 2001 04:03:26 +0200 (CEST) From: ll@i-logic.ch To: freebsd-isp@freebsd.org Date: Thu, 19 Jul 2001 04:04:29 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Various admin problems and jails Message-ID: <3B565C4D.12771.7839A78@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm a new FreeBSD admin and I have a little problem in making jails like I exactly want. I think to run all the services of the machine in jail. I will make a slice for the base system, and a slice for each jail (I will only have a defined little number of jails). Like that: Slice 1 [base system] : s1a / ro nosuid s1b SWAP s1c /usr ro s1d /usr/local nosuid s1e /usr/home noexec,nosuid s1f /tmp noexec,nosuid s1g /var noexec,nosuid Slice 2 [Jail 1]: s2a /jail1/ ro nosuid s2b /jail1/usr ro s2c /jail1/usr/local nosuid s2d /jail1/usr/home noexec,nosuid s2e /jail1/tmp noexec,nosuid s2f /jail1/var noexec,nosuid Slice 3 [Jail 2]: ... ... I will only admin this computer remotely (It will be very far from me). => Except if there is a very important remotely exploitable hole in the kernel, I will never change the base system or the kernel, all my updates will only apply to the jails. My system will be by default in securelevel 2. My problem with jail is the folowing: When you compile your jail, some files are set with the schg flag, so I can no more delete or update theses files (=> and the jail) remotely (yes, I can change the secure level, reboot, modify them, change rc.conf and reboot, but I don't like a lot remote reboot...). => I search a manner to install files of a jail without than the install put theses flags. There is no security problem, because like you can see upper, jail will be partitionned and the partition that normally hold the schg files will be mounted read only after the compilation. My other question it's if I should CVS the RELENG_4_3 or the RELENG_4. I precise that's only for recompiling Jails, the base system, and the kernel will not be recompiled remotely. There is a risk of incompatiblity between a 4.3 Release kernel and some binaries compiled for a jail usind the 4 stable branch ? Do you think the RELENG_4_3 branch will continue to have security update how long ? I have see that with FreeBSD, the security patch are more or less only for the last release, if the RELENG_4_3 don't evolve when the 4.4 Release appear, I should preferably CVS the the stable branch. Thanks in advance, excuse me for my shit english :-) Leo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 1:33:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id A4D2F37B401 for ; Thu, 19 Jul 2001 01:33:36 -0700 (PDT) (envelope-from so@server.i-clue.de) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id KAA26359; Thu, 19 Jul 2001 10:41:21 +0200 Message-ID: <3B569BDE.A3260474@i-clue.de> Date: Thu, 19 Jul 2001 10:35:42 +0200 From: Christoph Sold Reply-To: so@server.i-clue.de X-Mailer: Mozilla 4.75 [de] (WinNT; U) X-Accept-Language: de MIME-Version: 1.0 To: Jeremy Buckner Cc: freebsd-isp@FreeBSD.ORG Subject: Re: virus checking References: <00d901c10fda$e4bc08e0$0c0aa8c0@caz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jeremy Buckner schrieb: > > Just built a new mail server. Also using 4.3 with standard > sendmail for smtp and qpopper for pop3. The goal here is to > performe a virus scan on all email before it leaves the > server (in other words incoming and outgoing mail). Can > anyone recommend something good? Amavis combined with Sophos Antivirus works well here. Just my EUR.02 -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 2:23:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtpf.casema.net (smtpf.casema.net [195.96.96.173]) by hub.freebsd.org (Postfix) with SMTP id 6782637B405 for ; Thu, 19 Jul 2001 02:23:23 -0700 (PDT) (envelope-from walter@binity.com) Received: (qmail 7356 invoked by uid 0); 19 Jul 2001 09:23:21 -0000 Received: from unknown (HELO slash.b118.binity.net) (212.64.76.102) by smtpf.casema.net with SMTP; 19 Jul 2001 09:23:21 -0000 Received: from silver.b118.binity.net (silver.b118.binity.net [172.18.3.10]) by slash.b118.binity.net (Postfix) with ESMTP id 1D214151 for ; Thu, 19 Jul 2001 11:22:07 +0200 (CEST) Date: Thu, 19 Jul 2001 11:24:48 +0200 From: Walter Hop X-Mailer: The Bat! (v1.52f) Educational Organization: Binity X-Priority: 3 (Normal) Message-ID: <17810514298.20010719112448@binity.com> To: FreeBSD ISP Subject: What do you do about DoS attacks? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I am interested in your experience with good ACL's and tools to analyze and prevent DoS attacks, which pose a current problem for me. One of my machines, which is running ircd, has been the subject of frequent DoS attacks for the last few weeks. The box was unaffected until today -- our upstream is getting annoyed by the packets and now cuts off our line when under attack. So, that's an effective DoS we have there. :) There are no log entries of rate-limited ICMP packets. Our upstream's router stats only show that there is about 8Mb/s of traffic coming in, while the traffic on the outside drops (saturated pipe). They can't/do not want to give us information on the traffic, but they can block certain netblocks at the edge on our request. Given that there's probably not much to do about these attacks, I'd still like to: 1] see what types of packets cause the attack The colocated boxes on the subnet are hardly reachable when under attack, so I can't login to make an ad-hoc analysis of the traffic; I want to have a solid logging system in place before another attack occurs. I've replaced net.inet.*.blackhole by .log_in_vain to see if there is anything out of the usual during the attacks. I'd like to keep network dumps under heavy load. Logging all tcpdump output to a file all day would create gigantic file -- is there a tool which can do a (more or less intelligent) analysis of traffic and only log when a problem occurs? (For example, the queues get too large, or incoming traffic exceeds a certain limit) 2] (maybe) discover the origin of the attack The attacks all look the same, so I guess there is one person (or group) behind them. If the attackers are not too intelligent, the source addresses might not be spoofed. Does anyone have any pointers for tools or config options that could help me? [I have tried google and the archives, but did not find anything really valuable this morning..] thanks, walter -- Walter Hop | +31 6 24290808 | Finger for public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 4: 4:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 3692237B406 for ; Thu, 19 Jul 2001 04:04:43 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15NBbZ-0000z8-00; Thu, 19 Jul 2001 12:04:29 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15NBby-000FmN-00; Thu, 19 Jul 2001 12:04:54 +0100 Date: Thu, 19 Jul 2001 12:04:54 +0100 From: Paul Robinson To: Christoph Sold Cc: Jeremy Buckner , freebsd-isp@FreeBSD.ORG Subject: Re: virus checking Message-ID: <20010719120454.B24504@jake.akitanet.co.uk> References: <00d901c10fda$e4bc08e0$0c0aa8c0@caz> <3B569BDE.A3260474@i-clue.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3B569BDE.A3260474@i-clue.de>; from so@server.i-clue.de on Thu, Jul 19, 2001 at 10:35:42AM +0200 X-Scanner: exiscan *15NBbZ-0000z8-00*$AK$d/whrAHGPqBpX0Fk/23zL.* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 19, Christoph Sold wrote: > > Amavis combined with Sophos Antivirus works well here. Exim, with exiscan and Sophos work over here rather well. Exim rocks as well. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 5:51:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.solveinteractive.com [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 5B3A037B401 for ; Thu, 19 Jul 2001 05:51:43 -0700 (PDT) (envelope-from rch@acidpit.org) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.4/8.11.3) id f6JCmr998927; Thu, 19 Jul 2001 08:48:53 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Thu, 19 Jul 2001 08:48:53 -0400 From: Robert Hough To: Walter Hop Cc: freebsd-isp@freebsd.org Subject: Re: What do you do about DoS attacks? Message-ID: <20010719084853.A98826@acidpit.org> Mail-Followup-To: Walter Hop , freebsd-isp@freebsd.org References: <17810514298.20010719112448@binity.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <17810514298.20010719112448@binity.com>; from walter@binity.com on Thu, Jul 19, 2001 at 11:24:48 +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 19, 2001, Walter Hop wrote: > The colocated boxes on the subnet are hardly reachable when under > attack, so I can't login to make an ad-hoc analysis of the traffic; I > want to have a solid logging system in place before another attack > occurs. First suggestion, get a modem and put it on any colo boxes you manage, it will save you a lot of headache. If you have several machines, look into an old portmaster. They work great in this scenario. > I'd like to keep network dumps under heavy load. Logging all tcpdump > output to a file all day would create gigantic file Try using NetFlow's on your router. Along side flow-tools, you can probably get the information you want. It's actually a very nice feature, regardless of attacks. Lots of information to pull from netflows. http://www.cisco.com/warp/public/732/Tech/netflow/ http://www.splintered.net/sw/flow-tools > Does anyone have any pointers for tools or config options that could > help me? [I have tried google and the archives, but did not find > anything really valuable this morning..] http://www.sans.org NANOG can also be a good source of information, just have to weed through a ton of ego. I'd suggest spending some time digging through the NANOG site, and seeing if they have anything you can use (I'm sure they do). Then, maybe joining the mailing list and lurking for a while. If you don't mind being the end of someone's ego boost, you can post too. :) -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 9:44: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from everest.wananchi.com (everest.wananchi.com [62.8.64.4]) by hub.freebsd.org (Postfix) with ESMTP id 8E4A737B408; Thu, 19 Jul 2001 09:43:57 -0700 (PDT) (envelope-from wash@wananchi.com) Received: from wash by everest.wananchi.com with local (Exim 3.31 #3) id 15NGtm-000ECf-00; Thu, 19 Jul 2001 19:43:38 +0300 Date: Thu, 19 Jul 2001 19:43:38 +0300 From: Odhiambo Washington To: FBSD-Q Cc: FBSD-ISP Subject: OT: Help with Squid Message-ID: <20010719194337.C53666@everest.wananchi.com> Mail-Followup-To: Odhiambo Washington , FBSD-Q , FBSD-ISP Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.3.19i X-Disclaimer: My opinions do not necessarily represent those of my employer. X-Operating-System: FreeBSD 4.3-STABLE i386 X-Mailer: Mutt http://www.mutt.org/ X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 7:41PM up 6 days, 23:23, 2 users, load averages: 0.04, 0.12, 0.17 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Please allow me to ask for help. Someone might have seen squid whinning with these messages and has a way to solve that problem: I don't seem to be able to find a solution from the squid's list archives. Thanks in advance. ## Jul 19 17:05:34 everest squid[7359]: comm_accept: FD 11: (53) Software caused connection abort Jul 19 17:05:34 everest squid[7359]: httpAccept: FD 11: accept failure: (53) Software caused connection abort Jul 19 17:05:40 everest squid[7359]: comm_accept: FD 11: (53) Software caused connection abort Jul 19 17:05:40 everest squid[7359]: httpAccept: FD 11: accept failure: (53) Software caused connection abort Jul 19 17:10:51 everest squid[7359]: comm_accept: FD 11: (53) Software caused connection abort Jul 19 17:10:51 everest squid[7359]: httpAccept: FD 11: accept failure: (53) Software caused connection abort MTIA -Wash -- Odhiambo Washington Wananchi Online Ltd., wash@wananchi.com 1st Flr Loita Hse. Tel: 254 2 313985 Loita Street., Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE. Nothing takes the taste out of peanut butter quite like unrequited love.=20 -Charlie Brown=20 (contributed by Chris Johnston)=20 --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Vw45n7LIsuxjem8RAmKzAJ9ogKQ++prmS7brknS14HipfpQJBACfcFEH RiItPp4cz2YYvlHvp61vvGM= =WwAS -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 12: 5:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id 3660737B406 for ; Thu, 19 Jul 2001 12:05:14 -0700 (PDT) (envelope-from matiss@bkc.lv) Received: from ysdh45 ([159.148.83.150]) by pit.lv (8.10.2/8.11.2) with SMTP id f6JMFsZ01804 for ; Fri, 20 Jul 2001 01:15:54 +0300 Message-ID: <000c01c110d9$a348f620$9653949f@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: Subject: filesystem change after installation Date: Thu, 19 Jul 2001 22:05:46 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0009_01C1109E.F68E90A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0009_01C1109E.F68E90A0 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: quoted-printable Hi there, Now I have the following problem.=20 I recently installed FreeBSD 4.3 RELEASE on a production server, but, as = I was in a hurry, I used defaults for disk dividing to various mount = points. So, the /var is 20 MBytes, which, as far as I'm concerned, is = not too many for a mail server :-) Is there any way to change it? Again, I am asking this question after = sitting at manual and man pages but I guess I simply don't know, where = to look.=20 I want to know, is there a way to add a new slice ( something like = /dev/da0s1a ) on the existing drive without reformatting it. Wbrgds,=20 Matiss Elsbergs Astranet IS IT manager matiss@bkc.lv ------=_NextPart_000_0009_01C1109E.F68E90A0 Content-Type: text/html; charset="windows-1257" Content-Transfer-Encoding: quoted-printable
Hi there,
 
Now I have the following problem. =
 
I recently installed FreeBSD 4.3 = RELEASE on a=20 production server, but, as I was in a hurry, I used defaults for disk = dividing=20 to various mount points. So, the /var is 20 MBytes, which, as far as I'm = concerned, is not too many for a mail server :-)
 
Is there any way to change it? Again, I = am asking=20 this question after sitting at manual and man pages but I guess I simply = don't=20 know, where to look.
 
I want to know, is there a way to add a = new=20 slice ( something like /dev/da0s1a ) on the existing drive without=20 reformatting it.
 
Wbrgds,
Matiss Elsbergs
Astranet IS
IT manager
matiss@bkc.lv
 
------=_NextPart_000_0009_01C1109E.F68E90A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 12:45:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-87.n01.orldfl01.us.ra.verio.net [157.238.210.87]) by hub.freebsd.org (Postfix) with ESMTP id 336D237B436 for ; Thu, 19 Jul 2001 12:45:08 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f6JJiwf02082; Thu, 19 Jul 2001 15:44:58 -0400 (EDT) (envelope-from bill) Date: Thu, 19 Jul 2001 15:43:19 -0400 From: Bill Vermillion To: =?iso-8859-1?Q?Mat=EEss_Elsbergs?= Cc: freebsd-isp@FreeBSD.ORG Subject: Re: filesystem change after installation Message-ID: <20010719154319.C1852@wjv.com> Reply-To: bv@wjv.com References: <000c01c110d9$a348f620$9653949f@lv> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <000c01c110d9$a348f620$9653949f@lv>; from matiss@bkc.lv on Thu, Jul 19, 2001 at 10:05:46PM -0700 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 19, 2001 at 10:05:46PM -0700, Matīss Elsbergs thus sprach: > Now I have the following problem. > I recently installed FreeBSD 4.3 RELEASE on a production server, > but, as I was in a hurry, I used defaults for disk dividing to > various mount points. So, the /var is 20 MBytes, which, as far as > I'm concerned, is not too many for a mail server :-) When I have a large volume of mail - as in one system I installed for a site to replace and aging and tired sun system, the /var was not large enough for that amount of users. I don't think you should put a great many things like that in /var any was. I just moved /var/mail aside and made a link so that /var/mail was a symlink to /usr/mail. > Is there any way to change it? Again, I am asking this question > after sitting at manual and man pages but I guess I simply don't > know, where to look. I'd not do that. A small /var is good. Make a symlink and don't worry. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 12:55:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns2.sysadmin-inc.com (ns2.sysadmin-inc.com [209.16.228.145]) by hub.freebsd.org (Postfix) with SMTP id 58CD737B406 for ; Thu, 19 Jul 2001 12:55:07 -0700 (PDT) (envelope-from peter@sysadmin-inc.com) Received: (qmail 19676 invoked by alias); 19 Jul 2001 19:55:05 -0000 Received: from unknown (HELO 98wkst) (10.10.1.70) by ns2.sysadmin-inc.com with SMTP; 19 Jul 2001 19:55:05 -0000 From: "Peter Brezny" To: Subject: increasing amount of ram, what to do about /swap? Date: Thu, 19 Jul 2001 15:54:33 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm going to be increasing the amount of ram in one of my system from 128 to 256 mb. What do I need to do to keep the system happy as far as the size of the swap partition? It's currently double the amount of ram (default on initial install). TIA Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 12:57:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns2.sysadmin-inc.com (ns2.sysadmin-inc.com [209.16.228.145]) by hub.freebsd.org (Postfix) with SMTP id 1396237B406 for ; Thu, 19 Jul 2001 12:57:46 -0700 (PDT) (envelope-from peter@sysadmin-inc.com) Received: (qmail 19690 invoked by alias); 19 Jul 2001 19:57:45 -0000 Received: from unknown (HELO 98wkst) (10.10.1.70) by ns2.sysadmin-inc.com with SMTP; 19 Jul 2001 19:57:45 -0000 From: "Peter Brezny" To: Subject: nocol's message. (a little OT) Date: Thu, 19 Jul 2001 15:57:13 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd like to change the format (shorten) the message nocol sends to my pager (the last bit of info , the 'up' or 'down' part is cut off due to restrictions at the paging company). Is there an easy way to change the date format to yymmdd, rather than Month day, year and perhaps remove some of the other information it sends out in a page that i don't really need? All i really need is the date/time, ip, and status. TIA Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 13: 2:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 28D5137B403 for ; Thu, 19 Jul 2001 13:02:07 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15NJze-000PLW-00; Thu, 19 Jul 2001 21:01:54 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15NK0B-000Jgl-00; Thu, 19 Jul 2001 21:02:27 +0100 Date: Thu, 19 Jul 2001 21:02:27 +0100 From: Paul Robinson To: Peter Brezny Cc: freebsd-isp@freebsd.org Subject: Re: increasing amount of ram, what to do about /swap? Message-ID: <20010719210227.C34395@jake.akitanet.co.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from peter@sysadmin-inc.com on Thu, Jul 19, 2001 at 03:54:33PM -0400 X-Scanner: exiscan *15NJze-000PLW-00*$AK$8NHMRE9GGsqjHqS60IlET0* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 19, Peter Brezny wrote: > What do I need to do to keep the system happy as far as the size of the swap > partition? > > It's currently double the amount of ram (default on initial install). To be honest, in my experience, FBSD hardly ever touches swap, and that is a Good Thing(tm). The "double the size of RAM" is really a Linux rule of thumb, and trust me, Linux uses swap all the time. In all honesty, if you're going to be using more than a few Mb of swap, you really should consider getting more memory, especially with the prices as they are at the moment. That's my take on it, anyway. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 13:31:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id CC47E37B403 for ; Thu, 19 Jul 2001 13:31:49 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f6JGcPU88728 for freebsd-isp@FreeBSD.ORG; Thu, 19 Jul 2001 16:38:25 GMT (envelope-from hugme) Date: Thu, 19 Jul 2001 16:38:25 +0000 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: increasing amount of ram, what to do about /swap? Message-ID: <20010719163825.A88683@pitr.tuxinternet.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from peter@sysadmin-inc.com on Thu, Jul 19, 2001 at 03:54:33PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ah the swap size rule. A long time a go on a planet far far away... oh wrong story...=20 it used to be computer memory was not only small but it was not very accuarate. along with the os. crashes were regular, you would get=20 problems with memory busses, all kinds of things well the double swap rule came into effect when your memory would crash it could dump it to swap. well to figure out what happened you still had to have usable memory. so your current memory would drop to swap=20 (theoryaticly that would be your first half) and then you would have to still have a functunioning computer (that would be the secound half) Today things are a lot different, memory is more stable and much much cheaper!! not only that it's much faster... I would say if you are using more than 64 meg of swap on ANY modern system you need to get more memory or there is somthing wrong. did you use up a lot of swap space on your computer before? On Thu, Jul 19, 2001 at 03:54:33PM -0400, Peter Brezny wrote: > I'm going to be increasing the amount of ram in one of my system from 128= to > 256 mb. >=20 > What do I need to do to keep the system happy as far as the size of the s= wap > partition? >=20 > It's currently double the amount of ram (default on initial install). >=20 > TIA >=20 > Peter Brezny > SysAdmin Services Inc. >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --=20 ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtXDQEACgkQCEkxz3stqbTV1wCgg7J5qZqhmDPXXlGUyLb1VlM0 CvYAnRm0s4xzp7CI1FDLkEhsOHi42pdT =gMGX -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 13:34:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id E34F737B40B for ; Thu, 19 Jul 2001 13:34:31 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 37077 invoked from network); 19 Jul 2001 20:34:21 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 19 Jul 2001 20:34:21 -0000 Message-ID: <000f01c11092$3589d6a0$0d00a8c0@alexus> From: "alexus" To: "Hug Me" , References: <20010719163825.A88683@pitr.tuxinternet.com> Subject: Re: increasing amount of ram, what to do about /swap? Date: Thu, 19 Jul 2001 16:34:28 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i have on one system 1g and on another 2gb.. how much swap should i have therE? ----- Original Message ----- From: "Hug Me" To: Sent: Thursday, July 19, 2001 12:38 PM Subject: Re: increasing amount of ram, what to do about /swap? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 13:34:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id B2EBF37B409 for ; Thu, 19 Jul 2001 13:34:31 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f6JGfDR88757 for freebsd-isp@FreeBSD.ORG; Thu, 19 Jul 2001 16:41:13 GMT (envelope-from hugme) Date: Thu, 19 Jul 2001 16:41:13 +0000 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: filesystem change after installation Message-ID: <20010719164113.B88683@pitr.tuxinternet.com> References: <000c01c110d9$a348f620$9653949f@lv> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="pvezYHf7grwyp3Bc" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000c01c110d9$a348f620$9653949f@lv>; from matiss@bkc.lv on Thu, Jul 19, 2001 at 10:05:46PM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --pvezYHf7grwyp3Bc Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable you could go and change it but why not just use a symbolic link to=20 another partition? $ ln -s /var/mail /usr/mail just make sure you either put it in a partition you don't care if it gets filled up or you use disk quota's On Thu, Jul 19, 2001 at 10:05:46PM -0700, Mat=EEss Elsbergs wrote: > Hi there, >=20 > Now I have the following problem.=20 >=20 > I recently installed FreeBSD 4.3 RELEASE on a production server, but, as = I was in a hurry, I used defaults for disk dividing to various mount points= . So, the /var is 20 MBytes, which, as far as I'm concerned, is not too man= y for a mail server :-) >=20 > Is there any way to change it? Again, I am asking this question after sit= ting at manual and man pages but I guess I simply don't know, where to look= .=20 >=20 > I want to know, is there a way to add a new slice ( something like /dev/d= a0s1a ) on the existing drive without reformatting it. >=20 > Wbrgds,=20 > Matiss Elsbergs > Astranet IS > IT manager > matiss@bkc.lv >=20 --=20 ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp --pvezYHf7grwyp3Bc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtXDakACgkQCEkxz3stqbTd4QCfTcMLQ0kQoAuTww4qL+YdeGee 9tcAnjOF0ywlDgUqy1A7NZbR2LFy9HYH =F8He -----END PGP SIGNATURE----- --pvezYHf7grwyp3Bc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 16: 5:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id C322D37B405 for ; Thu, 19 Jul 2001 16:05:19 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id SAA28667; Thu, 19 Jul 2001 18:05:15 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-49.tnt1.rac.cyberlynk.net(209.224.182.49) by peak.mountin.net via smap (V1.3) id sma028648; Thu Jul 19 18:05:10 2001 Message-Id: <4.3.2.20010719175503.01b10100@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Thu, 19 Jul 2001 18:03:56 -0500 To: "Peter Brezny" , From: "Jeffrey J. Mountin" Subject: Re: increasing amount of ram, what to do about /swap? In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 03:54 PM 7/19/01 -0400, Peter Brezny wrote: >I'm going to be increasing the amount of ram in one of my system from 128 to >256 mb. > >What do I need to do to keep the system happy as far as the size of the swap >partition? > >It's currently double the amount of ram (default on initial install). Swap should be a bit larger than the memory. In light of the other advice seen here, one has to wonder if they ever had to debug a kernel panic. Just because one does not use any in during normal operation and in light of how cheap drive space is, it's better to have it and avoid hassle should need it. I figure having a swap large enough to handle the max memory on a system is easy enough. YMMV Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 17:13:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id B2B2F37B401 for ; Thu, 19 Jul 2001 17:13:41 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f6JKKOQ89751 for freebsd-isp@freebsd.org; Thu, 19 Jul 2001 20:20:24 GMT (envelope-from hugme) Date: Thu, 19 Jul 2001 20:20:24 +0000 From: Hug Me To: freebsd-isp@freebsd.org Subject: Re: increasing amount of ram, what to do about /swap? Message-ID: <20010719202024.A89693@pitr.tuxinternet.com> References: <4.3.2.20010719175503.01b10100@207.227.119.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.20010719175503.01b10100@207.227.119.2>; from jeff-ml@mountin.net on Thu, Jul 19, 2001 at 06:03:56PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 06:03:56PM -0500, Jeffrey J. Mountin wrote: > At 03:54 PM 7/19/01 -0400, Peter Brezny wrote: > >I'm going to be increasing the amount of ram in one of my system from 12= 8 to > >256 mb. > > > >What do I need to do to keep the system happy as far as the size of the = swap > >partition? > > > >It's currently double the amount of ram (default on initial install). >=20 > Swap should be a bit larger than the memory. In light of the other advic= e=20 > seen here, one has to wonder if they ever had to debug a kernel=20 > panic. Just because one does not use any in during normal operation and = in=20 > light of how cheap drive space is, it's better to have it and avoid hassl= e=20 > should need it. I figure having a swap large enough to handle the max=20 > memory on a system is easy enough. YMMV several reasons: 1. most of the time I don't have a gig or so of hard drive space to give up on my box. 2. this is on a server, if you have a kernal panic you=20 arn't going to care about de-bugging it as much as getting the server back up as fast as possible, I would run a=20 restore before I tried to debug a kernal panic 3. it is rare that a server is going to kernal panic if you have a development box then yes you are going to need the room. but not on a server 4. Sysadmins run servers, not programers... 99% of sysadmins don't know how to debug a kernal panic.=20 --=20 ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtXQQgACgkQCEkxz3stqbTyWgCdGm8V44Qn9Ww07cXJjgNDQxsv 9t8An0jQwTnrlwp7fa4FKCNaIpNKdOdm =IAU+ -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 19 18:18:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtpf.casema.net (smtpf.casema.net [195.96.96.173]) by hub.freebsd.org (Postfix) with SMTP id D041237B406 for ; Thu, 19 Jul 2001 18:18:12 -0700 (PDT) (envelope-from walter@binity.com) Received: (qmail 7401 invoked by uid 0); 20 Jul 2001 01:18:11 -0000 Received: from unknown (HELO slash.b118.binity.net) (212.64.76.102) by smtpf.casema.net with SMTP; 20 Jul 2001 01:18:11 -0000 Received: from silver.b118.binity.net (silver.b118.binity.net [172.18.3.10]) by slash.b118.binity.net (Postfix) with ESMTP id 1EB12151; Fri, 20 Jul 2001 03:16:56 +0200 (CEST) Date: Fri, 20 Jul 2001 03:19:41 +0200 From: Walter Hop X-Mailer: The Bat! (v1.52f) Educational Organization: Binity X-Priority: 3 (Normal) Message-ID: <11067807702.20010720031941@binity.com> To: Robert Hough Cc: freebsd-isp@freebsd.org Subject: Re[2]: What do you do about DoS attacks? In-Reply-To: <20010719084853.A98826@acidpit.org> References: <17810514298.20010719112448@binity.com> <20010719084853.A98826@acidpit.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [in reply to rch@acidpit.org, 19-07-2001] Thank you for your good reply to my post :) I have been able to capture some of the malicious traffic: 01:25:10.885919 205.114.189.220.1028 > 213.239.135.226.80: S 4284658201:4284658201(0) win 16384 (DF) 01:25:10.885929 24.248.173.190.1058 > 213.239.135.226.80: S 926436216:926436216(0) win 16384 (DF) 01:25:10.885936 205.191.138.167.1111 > 213.239.135.226.80: S 1070972984:1070972984(0) win 16384 (DF) The packets all have a bad TCP header option in common. A quick dump of normal traffic shows no sign of these packets and I can't think of a legitimate use for these packets. So, now I only have to convince my upstream provider that these packets need to be dropped -- I hope that Juniper routers have a means for this. The upstream can't be arsed to devote much time to this issue, so I'll have to give them clear instructions on how to do this... Ah well, that's a project for tomorrow. Thanks anyway. :) walter -- Walter Hop | +31 6 24290808 | Finger for public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 20 0:22:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 7B97437B401 for ; Fri, 20 Jul 2001 00:22:51 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id BAA07996; Fri, 20 Jul 2001 01:22:03 -0600 (MDT) Date: Fri, 20 Jul 2001 01:22:02 -0600 (MDT) From: "Forrest W. Christian" To: Robert Hough Cc: Walter Hop , freebsd-isp@FreeBSD.ORG Subject: Modems WAS: Re: What do you do about DoS attacks? In-Reply-To: <20010719084853.A98826@acidpit.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 19 Jul 2001, Robert Hough wrote: > First suggestion, get a modem and put it on any colo boxes you manage, > it will save you a lot of headache. If you have several machines, look > into an old portmaster. They work great in this scenario. Lets assume that I want to do this, but for various reasons I need a modem which is a) INTERNAL (so I don't take up more rack space than needed), b) PCI, as that is the only slot type I have and c) a voice modem so I can use voice announcements of error conditions. Preferably supported by something like vgetty so I don't have to write my own voice io code. Oh yeah and d) supported by FreeBSD (I guess that was kinda implied). What options do I have in today's marketplace? - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 20 11: 2:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id CDD9B37B401 for ; Fri, 20 Jul 2001 11:02:23 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f6KI2NW86355 for ; Fri, 20 Jul 2001 12:02:23 -0600 (MDT) From: "Dave VanAuken" To: Subject: Gigabyte GS-SR101 and GS-SR102 1U rackmount... Date: Fri, 20 Jul 2001 14:08:15 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Any experience using either of these in a FreeBSD 4.3 stable environment? have asked them for some answers on SCSI and ATA raid technology used for compatability purposes. Look forward to any first hand experience from a FreeBSD(possible?) usage and from a hardware construction(solid? looks shabby?). thanks Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 21 21:21: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 43BBC37B403 for ; Sat, 21 Jul 2001 21:21:00 -0700 (PDT) (envelope-from jim@siteplus.net) Received: from veager.siteplus.net ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010722042059.VTYL14903.femail4.sdc1.sfba.home.com@veager.siteplus.net> for ; Sat, 21 Jul 2001 21:20:59 -0700 Date: Sun, 22 Jul 2001 00:20:58 -0400 (EDT) From: Jim Weeks To: freebsd-isp@freebsd.org Subject: Joker problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, I will take most of the responsibility for this. I made a mistake and will probably do so again. I have registered hundreds of domains through Joker.com and untill this episode, have had no problems. I am just wondering if anyone else has experienced this. First, I logged in under my regular admin address and registered a new clients domain. Second, I mistyped the owner, admin, and billing e-mail address with an undeliverable AOL address. However, I typed in and checked the appropriate box to make the tech handle my own. As you can guess, the same undeliverable address was recorded for every contact position. Now, I can login under my regular admin address and change any aspect of the new undeliverable e-mail/admin handle except the undeliverable address, which is needed if you ever want to make changes to or renew this domain in the future. So far, I haven't even been able to get a response from Joker on this subject at all. Any suggestions would be appreciated, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 21 21:23:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hex.databits.net (hex.databits.net [207.29.192.16]) by hub.freebsd.org (Postfix) with SMTP id AA95437B401 for ; Sat, 21 Jul 2001 21:23:29 -0700 (PDT) (envelope-from petef@hex.databits.net) Received: (qmail 52073 invoked by uid 1001); 22 Jul 2001 04:24:52 -0000 Date: Sun, 22 Jul 2001 00:24:52 -0400 From: Pete Fritchman To: Jim Weeks Cc: freebsd-isp@freebsd.org Subject: Re: Joker problem Message-ID: <20010722002452.D51265@databits.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jim@siteplus.net on Sun, Jul 22, 2001 at 12:20:58AM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ++ 22/07/01 00:20 -0400 - Jim Weeks: | Now, I can login under my regular admin address and change any aspect of | the new undeliverable e-mail/admin handle except the undeliverable | address, which is needed if you ever want to make changes to or renew this | domain in the future. Wait a few days for a "Free 100 Hours" AOL CD, sign up for the undeliverable email address @aol.com, respond to joker email, cancel AOL account. :-) -pete -- Pete Fritchman Databits Network Services, Inc. finger petef@databits.net for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 21 21:29: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 47B3437B401 for ; Sat, 21 Jul 2001 21:29:00 -0700 (PDT) (envelope-from jim@siteplus.net) Received: from veager.siteplus.net ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010722042859.VZUN14903.femail4.sdc1.sfba.home.com@veager.siteplus.net>; Sat, 21 Jul 2001 21:28:59 -0700 Date: Sun, 22 Jul 2001 00:28:58 -0400 (EDT) From: Jim Weeks To: Pete Fritchman Cc: freebsd-isp@freebsd.org Subject: Re: Joker problem In-Reply-To: <20010722002452.D51265@databits.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, Thats another problem. The screwed up address I typed in is over sixteen characters. I already thought of that :-( -- Jim Weeks On Sun, 22 Jul 2001, Pete Fritchman wrote: > ++ 22/07/01 00:20 -0400 - Jim Weeks: > | Now, I can login under my regular admin address and change any aspect of > | the new undeliverable e-mail/admin handle except the undeliverable > | address, which is needed if you ever want to make changes to or renew this > | domain in the future. > > Wait a few days for a "Free 100 Hours" AOL CD, sign up for the > undeliverable email address @aol.com, respond to joker email, cancel AOL > account. :-) > > -pete > > -- > Pete Fritchman > Databits Network Services, Inc. > finger petef@databits.net for PGP key > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 21 22: 5:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 9F3A037B405 for ; Sat, 21 Jul 2001 22:05:30 -0700 (PDT) (envelope-from simon@optinet.com) Received: (qmail 89640 invoked by uid 106); 22 Jul 2001 05:07:20 -0000 Received: from 66-65-36-21.nyc.rr.com (HELO sharky) (66.65.36.21) by anaconda.acceleratedweb.net with SMTP; 22 Jul 2001 05:07:20 -0000 From: "Simon" To: "Jim Weeks" , "Pete Fritchman" Cc: "freebsd-isp@freebsd.org" Date: Sun, 22 Jul 2001 01:06:20 -0400 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Joker problem Message-Id: <20010722050530.9F3A037B405@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Contact the registrar for help. -Simon On Sun, 22 Jul 2001 00:28:58 -0400 (EDT), Jim Weeks wrote: >Well, > >Thats another problem. The screwed up address I typed in is over sixteen >characters. I already thought of that :-( > >-- >Jim Weeks > > >On Sun, 22 Jul 2001, Pete Fritchman wrote: > >> ++ 22/07/01 00:20 -0400 - Jim Weeks: >> | Now, I can login under my regular admin address and change any aspect of >> | the new undeliverable e-mail/admin handle except the undeliverable >> | address, which is needed if you ever want to make changes to or renew this >> | domain in the future. >> >> Wait a few days for a "Free 100 Hours" AOL CD, sign up for the >> undeliverable email address @aol.com, respond to joker email, cancel AOL >> account. :-) >> >> -pete >> >> -- >> Pete Fritchman >> Databits Network Services, Inc. >> finger petef@databits.net for PGP key >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message