they're watching!
uhh
scared?
don't be shy
haha
ugh.. time for work
sounds more like chatroulette in here than irc
:/
can anyone tell me how to use zfs for each jail?
found this I thought I'd share: http://tuxtraining.com/2009/04/26/how-to-harden-freebsd
few things in there I hadn't considered before
I don't understand that first one, about symlinking /tmp with /var/tmp.
yeah, that seemed odd. I didn't bother with that oen.
Also not sure why he turned off X11 forwarding if X isn't even installed.
cargo culting :)
I'm wary of an admin who uses nano ...
mike-burns: +1
"blowfish is much better suited for passwords" than md5, sez he
or "open gedit and..."
Ha.
ziyourenxiang: I do prefer blf over md5; i've been making that change long before I read that post.
well, i'm not really disagreeing, just pointing out that the author of that docu made that assertion without explanation... telling how without why is poor teaching
Surprised /etc/mtree wasn't mentioned in here, what with all the chmod'ing.
, ok, actually i didn't point out anything in my earlier statement :-)
"I prefer capital letters to lowercase, since capital letters are more secure"
I wouldn't really trust security considerations from someone who runs 4.x and 5.x in 2009 :p
Or whose domain name is tuxtraining.org.
now ya'll are making me feel bad for sharing the link :(
com
"second half of the alphabet, even better!"
hah, tux training... for freebsd :/
lol, not entirely sure how adding a login banner improves security :/
if it says "thank you for logging in to the FBI..."
yeah. i never bother with login banners anywhere but work, and that's because they told me to.
RandalSchwartz: way back when I was teaching Linux I had a student add a banner similar to that on his machine.
RandalSchwartz: made me double-take and re-check the IP I had connected to
heh
:)
first thing I do on getting a new login is "touch .hushlogin" :)
++1
although that kills /etc/motd but not banners. i wish it did banners.
banner?
where's that?
i quite like the motd sometimes - we use it in work to keep notes about recent config changes on boxes etc
The banner tends to say which version of FreeBSD it is, which is more information than no banner.
Banner directive in sshd_config is prior to login, which .hushlogin doesn't--cant--avoid.
indeed, it doesn't know what username you're going to enter until after the banner is sent :)
ahh
what is really annoying in when I bounce: ssh -t host1 ssh -t host2 ssh -t host3 and have to see three effing banners along the way.
you always pass a username when making a ssh-connection, I think you can disable it selectively with Match in sshd_config
DaCa: ohh that would be nice. /me tries.
I just realized that this guide is running everything from a root shell instead of using sudo.
lol, i didn't even notice that :(
cedwards: just tested, works indeed
DaCa: what syntax did you use? I'm getting an error on Match
Match User blah
Banner none
to disable the banner only for user blah
you can also work with groups
Starting sshd: /etc/ssh/sshd_config: line 120: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
too old sshd?
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (CentOS 5)
yeah, probably too old
lame
now that everyone is awake I'll try this question again: how do I create sized-pools for use with ezjail?
I know how to create: 'zfs create zroot/usr/jails/jailname', but I don't know how to make it a set size.
set a quota
or do you want to ensure that it already allocates from its parent
if so, there's something like "reservation size"
I just want to make sure it can't become larger than X
that's quota
zfs set quota=50G zroot/usr/jails/jailname ?
something like that yeah
do I need to do anything fancy with ezjail?
it says this in ezjail-admin(1):
Starting with ZFS version 13 in FreeBSD, the -c option allows to create a ZFS-backed jail with an optional ZFS filesystem-quota passed via  the -s option. The filesystem is named after the jailname.
I must be getting the syntax wrong though. I'm not getting the results I exect.
ezjail-admin create -i -f example -s 2G -c zfs bodie 10.0.0.10
I _think_ that worked.
would anyone know why I'd get this error when trying to launch screen:
fork: Resource temporarily unavailable
mkfifo /tmp/screens/S-dlord/22809.pts-3.bodie failed
(inside a jail)
figured that one out (because you care)
now I get:
Apr 28 10:25:08 bodie bitlbee[1900]: Unable to create UNIX socket: Protocol not supported
Apr 28 10:25:08 bodie bitlbee[1900]: Warning: Couldn't write PID to `/var/run/bitlbee.pid'
yo yo
http://pastebin.com/ZS8J4Lqw <- Got that in the mail. Sounds legit.
yeah nice email
aem: I think I'll give it a go
Who doesn't have 1,850,000 USD laying around?
heheh
might as well, what you go to lose!?
money? psh, that grows on trees!
:D
Btw, aem. How did the DNS work out?
I guess FreeBSD doesn't use /etc/skel for adduser, but /usr/share/skel?
good question :D
Never thought about it
I added maildirs to /etc/skel though
but don't ask me if it actually worked
`man pw' says that -k and -m changes it, but I can't see where it's set.
I'm trying to add a few files to my new user /home but it's not quite working
./etc/skel seems to be ignored, and /usr/share/skel is ro in jails
yeah it uses /usr/share/skel/ cedwards
aem_: I created an adduser.conf and changed it to /etc/skel.
aem_: see if that'll allow me to customize it's contents on a per-jail setting.
cedwards: wth some fiddling with /etc/profile and that you can probably get something work I'm sure
good luck :)
lemme know what you do if it works
adduser -C, follow prompts. this generates an adduser.conf.
edit adduser.conf to point to /etc/skel. cp -a /usr/share/skel/* /etc/skel/
done
...at least it seems to have worked :)
Uhm, guys
I don't remember... How do I get xterm to work with irssi (or vice/versa)? :)
Can't use alt-numbers :(
esc-number is what I use
always used, actually.
cedwards: True. Might have to learn that then ;)
muscle memory is a fickle mistress
I'm lucky alt-arrows still work though
Could ofcourse set XTerm*metaSendsEscape: true
Or try weechat.
Using xterm now \o
I prefer uxrvt over xterm, but I'm currently using Konsole
I'm using (X)ubuntu with full disk encryption :)
And yes, I do prefer xterm over urxvt
full disk encryption is nice. tell me, do you encrypt your disk & your home folder?
dxtr: I ask because I think it is funny how home-folder encryption can be handled separately, so even when you encrypt all you still get prompted.
No I'm not
is there a garry here
jjpickle: his nick is up_the_irons
thanks
can anyone recommend a lightweight forum software? not happy with the built in drupal forus
yeah...
vanilla seems to work ok
Thumbs down to Drupal.
I used MyBB and bbpress
don't _love_ either, but they get the job done
hello
hi aem
g'nite all
g'night cedwards sleep well
sup fink how are you
aem: ok