From owner-freebsd-security@FreeBSD.ORG Mon Mar 22 23:40:25 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8AF416A4CE for ; Mon, 22 Mar 2004 23:40:25 -0800 (PST) Received: from hamlet.pilgerer.de (hamlet.pilgerer.de [213.133.123.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05B0643D2F for ; Mon, 22 Mar 2004 23:40:25 -0800 (PST) (envelope-from benny@pilgerer.de) Received: from hamlet.pilgerer.de (hamlet.pilgerer.de [213.133.123.43]) by hamlet.pilgerer.de (8.12.10/8.12.10) with ESMTP id i2N7dVCe020506 for ; Tue, 23 Mar 2004 08:40:21 +0100 (CET) Received: (from benny@localhost) by hamlet.pilgerer.de (8.12.10/8.12.7/Submit) id i2MKmEB3003627 for freebsd-security@freebsd.org; Mon, 22 Mar 2004 21:48:14 +0100 (CET) Date: Mon, 22 Mar 2004 21:48:14 +0100 From: Benjamin von Mossner To: freebsd-security@freebsd.org Message-ID: <20040322204814.GA3540@vonmossner.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 4.9-STABLE i386 User-Agent: Mutt/1.5.6i X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 6.24.0.7; VDF 6.24.0.66 Subject: auth.log messages X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 07:40:25 -0000 hi list, i've seen those messages in my auth.log and really dont know where to classify them. The messages are inside a jail, base system is clear of those.. [snip] Mar 19 13:44:37 hamlet login: 2 LOGIN FAILURES ON ttypb Mar 19 13:44:37 hamlet login: 2 LOGIN FAILURES ON ttypb, 78419s4 Mar 19 13:44:51 hamlet login: 2 LOGIN FAILURES ON ttypb Mar 19 13:44:51 hamlet login: 2 LOGIN FAILURES ON ttypb, exit [snap] opinions are appreciated. greets benny -- /"\ ASCII RIBBON CAMPAIGN | Benjamin von Mossner \ / AGAINST HTML MAIL | benny@vonmossner.de X / \ multiple exclamation marks are a sure sign of a diseased mind From owner-freebsd-security@FreeBSD.ORG Thu Mar 25 14:28:49 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 110E116A4CE for ; Thu, 25 Mar 2004 14:28:49 -0800 (PST) Received: from serv01.divms.uiowa.edu (serv01.divms.uiowa.edu [128.255.44.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8131143D39 for ; Thu, 25 Mar 2004 14:28:48 -0800 (PST) (envelope-from jdusek@cs.uiowa.edu) Received: from cs.uiowa.edu ([128.255.35.99]) by serv01.divms.uiowa.edu with id i2PMSleX006118 for ; Thu, 25 Mar 2004 16:28:47 -0600 (CST) Message-ID: <40636B2F.6070809@cs.uiowa.edu> Date: Thu, 25 Mar 2004 17:28:47 -0600 From: Jason Dusek Organization: University of Iowa User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040323 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Security@BSD" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.37 Subject: The usbdThis Daemon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jdusek@cs.uiowa.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 22:28:49 -0000 Hi Everyone, When my FreeBSD 4.9 system starts up, it tries to run the 'usbdThis' daemon and then tries to run a module named 'This'. Do you have any idea what is going on there? Is this a sign that I have been hacked? -- ~*~* Jason From owner-freebsd-security@FreeBSD.ORG Fri Mar 26 03:19:24 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADB9D16A4CE for ; Fri, 26 Mar 2004 03:19:24 -0800 (PST) Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FDFA43D4C for ; Fri, 26 Mar 2004 03:19:24 -0800 (PST) (envelope-from borjamar@sarenet.es) Received: from [192.148.167.78] (zaphod.sarenet.es [192.148.167.78]) by orhi.sarenet.es (Postfix) with ESMTP id 6D2A57A37A9 for ; Fri, 26 Mar 2004 12:19:22 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <40636B2F.6070809@cs.uiowa.edu> References: <40636B2F.6070809@cs.uiowa.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <6E57D645-7F17-11D8-922A-000393C94468@sarenet.es> Content-Transfer-Encoding: 7bit From: Borja Marcos Date: Fri, 26 Mar 2004 12:19:21 +0100 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.613) Subject: Re: The usbdThis Daemon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 11:19:24 -0000 > When my FreeBSD 4.9 system starts up, it tries to run the 'usbdThis' > daemon and then tries to run a module named 'This'. Do you have any > idea what is going on there? Is this a sign that I have been hacked? A mistake editing a script or a configuration file? Check /etc/rc.conf to see if you have inadvertedly pasted part of a comment after the daemon name. Borja. From owner-freebsd-security@FreeBSD.ORG Sat Mar 27 10:15:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3733016A4CE for ; Sat, 27 Mar 2004 10:15:09 -0800 (PST) Received: from hotmail.com (bay15-f69.bay15.hotmail.com [65.54.185.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2927743D2F for ; Sat, 27 Mar 2004 10:15:09 -0800 (PST) (envelope-from slimmybaddog@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 27 Mar 2004 10:15:09 -0800 Received: from 213.5.19.91 by by15fd.bay15.hotmail.msn.com with HTTP; Sat, 27 Mar 2004 18:15:08 GMT X-Originating-IP: [213.5.19.91] X-Originating-Email: [slimmybaddog@hotmail.com] X-Sender: slimmybaddog@hotmail.com From: "slimmy baddog" To: freebsd-security@freebsd.org Date: Sat, 27 Mar 2004 18:15:08 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 27 Mar 2004 18:15:09.0051 (UTC) FILETIME=[701DFCB0:01C41427] Subject: Security updates X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 18:15:09 -0000 Hallo. I am new to FreeBSD and i wanted to ask something since systems security is what interests me the most. Does freebsd have an automated update system like redhat has ? Also where can i find a list with patches for all local - remote holes and bugs of FreeBSD 4.9 ? Thank you very much for your time ! Best Regards A. Stamatis _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From owner-freebsd-security@FreeBSD.ORG Sat Mar 27 11:20:29 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A5616A4CE for ; Sat, 27 Mar 2004 11:20:29 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD92043D2D for ; Sat, 27 Mar 2004 11:20:27 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i2RJKMNE029156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 27 Mar 2004 19:20:22 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i2RJKLWR029155; Sat, 27 Mar 2004 19:20:21 GMT (envelope-from matthew) Date: Sat, 27 Mar 2004 19:20:21 +0000 From: Matthew Seaman To: slimmy baddog Message-ID: <20040327192021.GA28932@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: slimmy baddog , freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk X-Virus-Scanned: clamd / ClamAV version devel-20040316, clamav-milter version 0.67l cc: freebsd-security@freebsd.org Subject: Re: Security updates X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 19:20:29 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 27, 2004 at 06:15:08PM +0000, slimmy baddog wrote: > I am new to FreeBSD and i wanted to ask something since systems security = is=20 > what interests me the most. >=20 > Does freebsd have an automated update system like redhat has ? It's not quite like the way RedHat does things. Under FreeBSD, there is a clear distinction between the system and 3rd party packages/ports. You can use cvsup(1) to synchronise your copy of the system sources with the latest available from FreeBSD -- if you track the RELENG_4_9 branch the only changes you'll get are security patches. See the handbook for an explanation of how all this works: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html If you want a binary update system, see: http://www.daemonology.net/freebsd-update/ This is still in development and hasn't received the official FreeBSD imprimatur quite yet (but surely it's only a matter of time). Install the security/freebsd-update port to get started with this. The ports tree is developed separately from the base system, and there's only the one branch that you can track via cvsup(1). Install portupgrade(1) for a useful tool to keep ports up to date. The security/portaudit port will get you a dynamically updated vulnerability database which will warn you of any problems with the port versions you have installed. =20 > Also where can i find a list with patches for all local - remote holes an= d=20 > bugs of FreeBSD 4.9 ? Start here: http://www.freebsd.org/security/ Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAZdP1dtESqEQa7a0RApFAAJ9OpJLsZdL5kQ9SzoAFPbM9IfMDUACfYrO5 F3izpWuXeXiLwyusytp50PQ= =YwJx -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--