| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | islandfox has quit IRC (*.net *.split)
woremacx has quit IRC (*.net *.split) | [00:27] |
| islandfox has joined #arpnetworks
woremacx has joined #arpnetworks | [00:33] | |
| .................... (idle for 1h35mn) | ||
| LT has joined #arpnetworks | [02:08] | |
| ............ (idle for 56mn) | ||
| schmir has joined #arpnetworks | [03:04] | |
| .... (idle for 19mn) | ||
| [FBI] starts logging #arpnetworks at Wed Apr 28 03:23:01 2010
[FBI] has joined #arpnetworks | [03:23] | |
| ........... (idle for 54mn) | ||
| schmir has quit IRC (Quit: rcirc on GNU Emacs 24.0.50.1) | [04:17] | |
| ..... (idle for 22mn) | ||
| ziyourenxiang has joined #arpnetworks | [04:39] | |
| cedwards | they're watching! | [04:42] |
| infrared | infrared undresses | [04:50] |
| cedwards | uhh | [04:52] |
| infrared | scared?
don't be shy haha ugh.. time for work | [04:52] |
| cedwards | sounds more like chatroulette in here than irc | [04:55] |
| ...... (idle for 25mn) | ||
| bob^^ | :/ | [05:20] |
| cedwards | can anyone tell me how to use zfs for each jail? | [05:28] |
| *** | Ehtyar has quit IRC (Ping timeout: 252 seconds) | [05:42] |
| ..... (idle for 24mn) | ||
| vtoms has joined #arpnetworks | [06:06] | |
| schmir has joined #arpnetworks | [06:17] | |
| .... (idle for 15mn) | ||
| cedwards | found this I thought I'd share: http://tuxtraining.com/2009/04/26/how-to-harden-freebsd
few things in there I hadn't considered before | [06:32] |
| mike-burns | I don't understand that first one, about symlinking /tmp with /var/tmp. | [06:34] |
| cedwards | yeah, that seemed odd. I didn't bother with that oen. | [06:35] |
| mike-burns | Also not sure why he turned off X11 forwarding if X isn't even installed. | [06:36] |
| RandalSchwartz | cargo culting :) | [06:37] |
| mike-burns | I'm wary of an admin who uses nano ... | [06:37] |
| cedwards | mike-burns: +1 | [06:37] |
| ziyourenxiang | "blowfish is much better suited for passwords" than md5, sez he | [06:37] |
| cedwards | or "open gedit and..." | [06:38] |
| mike-burns | Ha. | [06:38] |
| cedwards | ziyourenxiang: I do prefer blf over md5; i've been making that change long before I read that post. | [06:38] |
| ziyourenxiang | well, i'm not really disagreeing, just pointing out that the author of that docu made that assertion without explanation... telling how without why is poor teaching | [06:39] |
| mike-burns | Surprised /etc/mtree wasn't mentioned in here, what with all the chmod'ing. | [06:39] |
| ziyourenxiang | , ok, actually i didn't point out anything in my earlier statement :-) | [06:39] |
| RandalSchwartz | "I prefer capital letters to lowercase, since capital letters are more secure" | [06:40] |
| DaCa | I wouldn't really trust security considerations from someone who runs 4.x and 5.x in 2009 :p | [06:40] |
| mike-burns | Or whose domain name is tuxtraining.org. | [06:40] |
| cedwards | now ya'll are making me feel bad for sharing the link :( | [06:40] |
| mike-burns | com | [06:40] |
| RandalSchwartz | "second half of the alphabet, even better!" | [06:40] |
| bob^^ | hah, tux training... for freebsd :/ | [06:41] |
| RandalSchwartz | RandalSchwartz trains his tux | [06:41] |
| bob^^ | lol, not entirely sure how adding a login banner improves security :/ | [06:42] |
| RandalSchwartz | if it says "thank you for logging in to the FBI..." | [06:43] |
| cedwards | yeah. i never bother with login banners anywhere but work, and that's because they told me to.
RandalSchwartz: way back when I was teaching Linux I had a student add a banner similar to that on his machine. RandalSchwartz: made me double-take and re-check the IP I had connected to | [06:43] |
| RandalSchwartz | heh | [06:43] |
| bob^^ | :) | [06:44] |
| RandalSchwartz | first thing I do on getting a new login is "touch .hushlogin" :) | [06:44] |
| cedwards | ++1
although that kills /etc/motd but not banners. i wish it did banners. | [06:44] |
| RandalSchwartz | banner?
where's that? | [06:45] |
| bob^^ | i quite like the motd sometimes - we use it in work to keep notes about recent config changes on boxes etc | [06:45] |
| mike-burns | The banner tends to say which version of FreeBSD it is, which is more information than no banner. | [06:45] |
| cedwards | Banner directive in sshd_config is prior to login, which .hushlogin doesn't--cant--avoid. | [06:46] |
| bob^^ | indeed, it doesn't know what username you're going to enter until after the banner is sent :) | [06:46] |
| RandalSchwartz | ahh | [06:47] |
| cedwards | what is really annoying in when I bounce: ssh -t host1 ssh -t host2 ssh -t host3 and have to see three effing banners along the way. | [06:47] |
| DaCa | you always pass a username when making a ssh-connection, I think you can disable it selectively with Match in sshd_config | [06:48] |
| cedwards | DaCa: ohh that would be nice. /me tries. | [06:49] |
| mike-burns | I just realized that this guide is running everything from a root shell instead of using sudo. | [06:51] |
| bob^^ | lol, i didn't even notice that :( | [06:51] |
| DaCa | cedwards: just tested, works indeed | [06:53] |
| cedwards | DaCa: what syntax did you use? I'm getting an error on Match | [06:54] |
| DaCa | Match User blah
Banner none to disable the banner only for user blah you can also work with groups | [06:55] |
| cedwards | Starting sshd: /etc/ssh/sshd_config: line 120: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options | [06:56] |
| DaCa | too old sshd? | [06:56] |
| cedwards | OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (CentOS 5) | [06:57] |
| DaCa | yeah, probably too old | [06:57] |
| cedwards | lame
now that everyone is awake I'll try this question again: how do I create sized-pools for use with ezjail? | [06:58] |
| DaCa | DaCa leaves for siesta :) | [07:01] |
| cedwards | I know how to create: 'zfs create zroot/usr/jails/jailname', but I don't know how to make it a set size. | [07:04] |
| RandalSchwartz | set a quota
or do you want to ensure that it already allocates from its parent if so, there's something like "reservation size" | [07:04] |
| cedwards | I just want to make sure it can't become larger than X | [07:05] |
| RandalSchwartz | that's quota | [07:05] |
| cedwards | zfs set quota=50G zroot/usr/jails/jailname ? | [07:05] |
| RandalSchwartz | something like that yeah | [07:06] |
| cedwards | do I need to do anything fancy with ezjail?
it says this in ezjail-admin(1): Starting with ZFS version 13 in FreeBSD, the -c option allows to create a ZFS-backed jail with an optional ZFS filesystem-quota passed via the -s option. The filesystem is named after the jailname. I must be getting the syntax wrong though. I'm not getting the results I exect. | [07:06] |
| ezjail-admin create -i -f example -s 2G -c zfs bodie 10.0.0.10
I _think_ that worked. | [07:16] | |
| .................. (idle for 1h26mn) | ||
| *** | lll_ has quit IRC (Quit: leaving)
lll has joined #arpnetworks | [08:42] |
| ..... (idle for 22mn) | ||
| LT has quit IRC (Quit: Leaving) | [09:05] | |
| ..... (idle for 20mn) | ||
| cedwards | would anyone know why I'd get this error when trying to launch screen:
fork: Resource temporarily unavailable mkfifo /tmp/screens/S-dlord/22809.pts-3.bodie failed (inside a jail) | [09:25] |
| ..... (idle for 22mn) | ||
| *** | nbari|away has quit IRC (Remote host closed the connection) | [09:48] |
| nbari|away has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [09:55] | |
| ....... (idle for 33mn) | ||
| nbari|away has quit IRC (Read error: Connection reset by peer)
nbari|away has joined #arpnetworks residual has quit IRC (Ping timeout: 258 seconds) | [10:30] | |
| cedwards | figured that one out (because you care)
now I get: Apr 28 10:25:08 bodie bitlbee[1900]: Unable to create UNIX socket: Protocol not supported Apr 28 10:25:08 bodie bitlbee[1900]: Warning: Couldn't write PID to `/var/run/bitlbee.pid' | [10:37] |
| ........... (idle for 53mn) | ||
| *** | nbari|away has quit IRC (Read error: Connection reset by peer)
nbari|away has joined #arpnetworks | [11:30] |
| nbari|away has quit IRC (Write error: Connection reset by peer)
nbari|away has joined #arpnetworks nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks | [11:41] | |
| nbari|away has quit IRC (Read error: Connection reset by peer)
nbari|away has joined #arpnetworks nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks | [11:53] | |
| aem has joined #arpnetworks
nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks nbari|away has quit IRC (Read error: Connection reset by peer) nbari|away has joined #arpnetworks | [12:02] | |
| aem | yo yo | [12:15] |
| dxtr | http://pastebin.com/ZS8J4Lqw <- Got that in the mail. Sounds legit. | [12:16] |
| aem | yeah nice email | [12:16] |
| *** | nbari|away has quit IRC (Remote host closed the connection) | [12:17] |
| dxtr | aem: I think I'll give it a go
Who doesn't have 1,850,000 USD laying around? | [12:19] |
| aem | heheh
might as well, what you go to lose!? money? psh, that grows on trees! | [12:20] |
| dxtr | :D
Btw, aem. How did the DNS work out? | [12:24] |
| *** | nbari|away has joined #arpnetworks
aem_ has joined #arpnetworks aem has quit IRC (Ping timeout: 245 seconds) | [12:25] |
| cedwards | I guess FreeBSD doesn't use /etc/skel for adduser, but /usr/share/skel? | [12:40] |
| dxtr | good question :D
Never thought about it I added maildirs to /etc/skel though but don't ask me if it actually worked | [12:40] |
| mike-burns | `man pw' says that -k and -m changes it, but I can't see where it's set. | [12:42] |
| cedwards | I'm trying to add a few files to my new user /home but it's not quite working
./etc/skel seems to be ignored, and /usr/share/skel is ro in jails | [12:43] |
| aem_ | yeah it uses /usr/share/skel/ cedwards | [12:46] |
| .... (idle for 18mn) | ||
| cedwards | aem_: I created an adduser.conf and changed it to /etc/skel.
aem_: see if that'll allow me to customize it's contents on a per-jail setting. | [13:04] |
| aem_ | cedwards: wth some fiddling with /etc/profile and that you can probably get something work I'm sure
good luck :) lemme know what you do if it works | [13:06] |
| cedwards | adduser -C, follow prompts. this generates an adduser.conf.
edit adduser.conf to point to /etc/skel. cp -a /usr/share/skel/* /etc/skel/ done ...at least it seems to have worked :) | [13:08] |
| dxtr | Uhm, guys
I don't remember... How do I get xterm to work with irssi (or vice/versa)? :) Can't use alt-numbers :( | [13:16] |
| cedwards | esc-number is what I use
always used, actually. | [13:16] |
| dxtr | cedwards: True. Might have to learn that then ;) | [13:18] |
| cedwards | muscle memory is a fickle mistress | [13:18] |
| dxtr | I'm lucky alt-arrows still work though
Could ofcourse set XTerm*metaSendsEscape: true | [13:20] |
| mike-burns | Or try weechat. | [13:20] |
| dxtr | Using xterm now o | [13:20] |
| cedwards | I prefer uxrvt over xterm, but I'm currently using Konsole | [13:21] |
| dxtr | I'm using (X)ubuntu with full disk encryption :)
And yes, I do prefer xterm over urxvt | [13:22] |
| cedwards | full disk encryption is nice. tell me, do you encrypt your disk & your home folder?
dxtr: I ask because I think it is funny how home-folder encryption can be handled separately, so even when you encrypt all you still get prompted. | [13:22] |
| dxtr | No I'm not | [13:31] |
| *** | Ehtyar has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection) fink has joined #arpnetworks | [13:32] |
| ...... (idle for 29mn) | ||
| amdprophet has quit IRC (Ping timeout: 276 seconds)
vtoms has quit IRC (Quit: Leaving.) | [14:05] | |
| ........... (idle for 50mn) | ||
| aem has joined #arpnetworks
aem_ has quit IRC (Ping timeout: 245 seconds) | [14:56] | |
| aem has quit IRC (Ping timeout: 240 seconds)
aem has joined #arpnetworks | [15:03] | |
| ...... (idle for 28mn) | ||
| aem_ has joined #arpnetworks
aem has quit IRC (Ping timeout: 240 seconds) aem_ has quit IRC (Remote host closed the connection) | [15:33] | |
| schmir has joined #arpnetworks
trapdoor has joined #arpnetworks | [15:52] | |
| ....... (idle for 34mn) | ||
| schmir has quit IRC (Ping timeout: 258 seconds) | [16:26] | |
| jjpickle has joined #arpnetworks
jjpickle has quit IRC (Quit: leaving) jjpickle has joined #arpnetworks | [16:37] | |
| jjpickle | is there a garry here | [16:38] |
| DaCa | jjpickle: his nick is up_the_irons | [16:39] |
| jjpickle | thanks | [16:39] |
| *** | jjpickle has left | [16:43] |
| ...... (idle for 26mn) | ||
| homosaur has joined #arpnetworks | [17:09] | |
| .... (idle for 19mn) | ||
| schmir has joined #arpnetworks | [17:28] | |
| ...... (idle for 25mn) | ||
| schmir has quit IRC (Ping timeout: 265 seconds) | [17:53] | |
| ..... (idle for 24mn) | ||
| j3m has quit IRC (Read error: Operation timed out) | [18:17] | |
| homosaur | can anyone recommend a lightweight forum software? not happy with the built in drupal forus | [18:17] |
| infrared | yeah... | [18:18] |
| CESSMASTER | vanilla seems to work ok | [18:18] |
| mhoran[jUaReZ] | Thumbs down to Drupal. | [18:26] |
| *** | DaCa has quit IRC (Ping timeout: 260 seconds)
DaCa has joined #arpnetworks j3m has joined #arpnetworks | [18:28] |
| cedwards | I used MyBB and bbpress
don't _love_ either, but they get the job done | [18:38] |
| ........ (idle for 36mn) | ||
| *** | homosaur has quit IRC (Quit: pocketful of goat cheese, ready to party) | [19:14] |
| hsbt has quit IRC (Ping timeout: 252 seconds) | [19:25] | |
| Shazaum has joined #arpnetworks | [19:32] | |
| trapdoor has quit IRC (Quit: Leaving) | [19:38] | |
| hsbt has joined #arpnetworks | [19:43] | |
| .... (idle for 17mn) | ||
| aem has joined #arpnetworks | [20:00] | |
| aem | hello | [20:01] |
| fink | hi aem | [20:01] |
| *** | Shazaum has quit IRC (Quit: Saindo) | [20:01] |
| cedwards | g'nite all | [20:02] |
| aem | g'night cedwards sleep well
sup fink how are you | [20:02] |
| fink | aem: ok | [20:03] |
| ...... (idle for 27mn) | ||
| *** | lll_ has joined #arpnetworks
lll has quit IRC (Remote host closed the connection) lll_ is now known as lll lll has left | [20:30] |
| lll has joined #arpnetworks
fink has quit IRC (Ping timeout: 245 seconds) | [20:39] | |
| fink has joined #arpnetworks | [20:48] | |
| .......................... (idle for 2h8mn) | ||
| fink has quit IRC (Quit: fink) | [22:56] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |