From owner-freebsd-security Sun Nov 24 7:19: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAE4F37B401 for ; Sun, 24 Nov 2002 07:18:59 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40C5243E6E for ; Sun, 24 Nov 2002 07:18:59 -0800 (PST) (envelope-from nectar@nectar.cc) Received: by gw.nectar.cc (Postfix, from userid 1001) id 8440495; Sun, 24 Nov 2002 09:18:58 -0600 (CST) Date: Sun, 24 Nov 2002 09:18:58 -0600 From: "Jacques A. Vidrine" To: Sheldon Hearn Cc: Mike Silbersack , "David G. Andersen" , freebsd-security@freebsd.org Subject: Re: File table exhaustion patch Message-ID: <20021124151858.GA69907@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Sheldon Hearn , Mike Silbersack , "David G. Andersen" , freebsd-security@freebsd.org References: <20021121105204.B75421@cs.utah.edu> <20021121152539.U44884-100000@patrocles.silby.com> <20021122080515.GQ36738@starjuice.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021122080515.GQ36738@starjuice.net> User-Agent: Mutt/1.3.27i X-Url: http://www.celabo.org/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Nov 22, 2002 at 10:05:15AM +0200, Sheldon Hearn wrote: > On (2002/11/21 15:29), Mike Silbersack wrote: > > > HOWEVER, we're in a code freeze leading up to 5.0-release, and local DoSes > > aren't a critical bug. > > Is that the official FreeBSD SO team viewpoint on local DoS > vulnerabilities? Yes, although we still address the most severe cases (with fixes and advisories). Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 0:28:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8477F37B401; Mon, 25 Nov 2002 00:28:53 -0800 (PST) Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2761043E91; Mon, 25 Nov 2002 00:28:51 -0800 (PST) (envelope-from sheldonh@starjuice.net) Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.10) id 18GEbj-000Jev-00; Mon, 25 Nov 2002 10:28:43 +0200 Date: Mon, 25 Nov 2002 10:28:43 +0200 From: Sheldon Hearn To: "Jacques A. Vidrine" Cc: freebsd-security@freebsd.org Subject: Re: File table exhaustion patch Message-ID: <20021125082843.GD68553@starjuice.net> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@freebsd.org References: <20021121105204.B75421@cs.utah.edu> <20021121152539.U44884-100000@patrocles.silby.com> <20021122080515.GQ36738@starjuice.net> <20021124151858.GA69907@hellblazer.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021124151858.GA69907@hellblazer.nectar.cc> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On (2002/11/24 09:18), Jacques A. Vidrine wrote: > > > HOWEVER, we're in a code freeze leading up to 5.0-release, and local DoSes > > > aren't a critical bug. > > > > Is that the official FreeBSD SO team viewpoint on local DoS > > vulnerabilities? > > Yes, although we still address the most severe cases (with fixes > and advisories). Thanks for the clarification. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 5:13: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0565637B404 for ; Mon, 25 Nov 2002 05:13:07 -0800 (PST) Received: from mail.garnet.ru (mail.garnet.ru [195.209.63.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D30143EAF for ; Mon, 25 Nov 2002 05:13:00 -0800 (PST) (envelope-from ilya@martynov.org) Received: from abra.ru (ppp133.garnet.ru [195.209.59.133]) by mail.garnet.ru (8.11.6/8.11.3) with ESMTP id gAPDClH87499; Mon, 25 Nov 2002 16:12:48 +0300 (MSK) (envelope-from ilya@martynov.org) Received: by abra.ru (Postfix, from userid 1000) id 98F68B558; Mon, 25 Nov 2002 16:08:11 +0300 (MSK) From: Ilya Martynov To: Alex Povolotsky Cc: "Allan Jude" <937863@primus.ca>, freebsd-security@FreeBSD.ORG, quak@mydiax.ch, Danny.Carroll@mail.ing.nl Subject: Re: jailed virtual https, anyone? References: <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122155027.7f694357.tarkhil@webmail.sub.ru> X-GnuPG-ID: 1024D/323BDEE6 X-GnuPG-Fingerprint: D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 In-Reply-To: <20021122155027.7f694357.tarkhil@webmail.sub.ru> (Alex Povolotsky's message of "Fri, 22 Nov 2002 15:50:27 +0300") Date: Mon, 25 Nov 2002 16:08:11 +0300 Message-ID: <871y5994qs.fsf@abra.ru> Lines: 27 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Fri, 22 Nov 2002 15:50:27 +0300, Alex Povolotsky said: AP> https cannot be configured with name-based virtual hosts, by AP> design. jail cannot be configured for more than one IP address, AP> by design. (don't ask me to wait until jail-ng will be ready) AP> Jail sits on internal IP, on lo0. fxp0 holds real IP addresses to AP> be accessed from outside. I'm forwarding incoming connection to AP> jail, currently with ipnat. I need to pass information about real AP> (outside) IP to mod_ssl. That is my problem. AP> plain http works perfectly (name-based virthosts). AP> I'm using mod_ssl, but not restricted to it. You can do virtual hosting with https with only one IP. The trick is using different port numbers for each virtual host. Outside of jaul you can forward these ports on a set of external IP using standart port. -- Ilya Martynov, ilya@iponweb.net CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 6:56: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1FFE37B401 for ; Mon, 25 Nov 2002 06:56:06 -0800 (PST) Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by mx1.FreeBSD.org (Postfix) with SMTP id 7A42643E88 for ; Mon, 25 Nov 2002 06:56:04 -0800 (PST) (envelope-from perisa@porsche.de) Received: (qmail 2273 invoked from network); 25 Nov 2002 15:04:50 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 25 Nov 2002 15:04:50 -0000 Received: (qmail 8294 invoked from network); 25 Nov 2002 14:55:30 -0000 Received: from beastie.ibd.porsche.de (HELO porsche.de) (141.36.3.29) by smtp4cli.ibd.porsche.de with SMTP; 25 Nov 2002 14:55:30 -0000 Message-ID: <3DE23BD2.4050601@porsche.de> Date: Mon, 25 Nov 2002 16:03:46 +0100 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020709 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: Alexandr Kovalenko Cc: Lupe Christoph , freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: OpenSSH's sftp and chroot References: <20021122134324.GA24134@nevermind.kiev.ua> <20021123105409.GH1848@lupe-christoph.de> <20021123115521.GA92641@nevermind.kiev.ua> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Alexandr, Alexandr Kovalenko wrote: > Hello, Lupe Christoph! > > On Sat, Nov 23, 2002 at 11:54:09AM +0100, you wrote: > > >>>[I'm again not sure, which list is more apropriate place for asking this >>>question] >> >>>Will OpenSSH's sftp-server have support for chroot anytime soon in >>>RELENG_4{_X} ? Becuase of lack of this feature I have to use ssh.com's >>>ssh, which is what I do not like. >> >>Have a look at scponly, http://www.sublimation.org/scponly/ . The 2.4 >>version is also in /usr/ports/shells . It can do chroot and handles >>sftp. > > > Thank you! This is what I was looking for! > or take a look at http://chrootssh.sourceforge.net/ for a more general chroot() of OpenSSH. Hope that helps Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 13:42:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0ED1637B401 for ; Mon, 25 Nov 2002 13:42:28 -0800 (PST) Received: from smtp.web.de (smtp03.web.de [217.72.192.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 351D043EAF for ; Mon, 25 Nov 2002 13:42:27 -0800 (PST) (envelope-from Jan.Lentfer@web.de) Received: from [213.157.27.8] (helo=floundjan.homeip.net) by smtp.web.de with esmtp (WEB.DE(Exim) 4.91 #2) id 18GQzp-0005Lo-00 for security@freebsd.org; Mon, 25 Nov 2002 22:42:26 +0100 Received: from localhost (localhost.lan [127.0.0.1]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id 3C2C72DE for ; Mon, 25 Nov 2002 22:42:25 +0100 (CET) Received: from jan-linnb.lan (jan-linnb.lan [192.168.0.25]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id BC66D63 for ; Mon, 25 Nov 2002 22:42:19 +0100 (CET) Subject: NFS over SSH From: Jan Lentfer To: security@freebsd.org Content-Type: text/plain Organization: Message-Id: <1038260499.577.21.camel@jan-linnb.lan> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.0 Date: 25 Nov 2002 22:41:39 +0100 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I want to tunnel NFS with SSH for hosts not on my internal network. Are there any how-to's available on this topic? Thanks in advance, Jan -- Jan Lentfer System Administrator Molecular Cell Biology / AG Holstein, Darmstadt University of Technology, Schnittspahnstr. 10, 64287 Darmstadt, Germany Tel: +49 6151 16 5563 / Tel private: +49 6155 899393 / mobile: +49 163 4712037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 15:47:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C59F37B401 for ; Mon, 25 Nov 2002 15:47:41 -0800 (PST) Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92B9F43EB2 for ; Mon, 25 Nov 2002 15:47:40 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: from radix.cryptio.net (localhost [127.0.0.1]) by radix.cryptio.net (8.12.6/8.12.6) with ESMTP id gAPNlepv009924 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 25 Nov 2002 15:47:40 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: (from emechler@localhost) by radix.cryptio.net (8.12.6/8.12.6/Submit) id gAPNldTT009923; Mon, 25 Nov 2002 15:47:39 -0800 (PST) (envelope-from emechler) Date: Mon, 25 Nov 2002 15:47:39 -0800 From: Erick Mechler To: Jan Lentfer Cc: security@FreeBSD.ORG Subject: Re: NFS over SSH Message-ID: <20021125234739.GO28886@techometer.net> References: <1038260499.577.21.camel@jan-linnb.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1038260499.577.21.camel@jan-linnb.lan> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: I want to tunnel NFS with SSH for hosts not on my internal network. Are :: there any how-to's available on this topic? See SNFS: http://www.math.ualberta.ca/imaging/snfs/. According to the information on their site, it works with FreeBSD, but I've never used it. You could also get NFS over PPP over SSH to work, theoretically. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 25 16: 3:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFA5537B401 for ; Mon, 25 Nov 2002 16:03:23 -0800 (PST) Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6680A43ED4 for ; Mon, 25 Nov 2002 16:03:23 -0800 (PST) (envelope-from jason@shalott.net) Received: (qmail 32484 invoked by uid 1000); 26 Nov 2002 00:03:23 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Nov 2002 00:03:23 -0000 Date: Mon, 25 Nov 2002 16:03:22 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: NFS over SSH Message-ID: <20021125160252.B2900-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I want to tunnel NFS with SSH for hosts not on my internal network. > Are there any how-to's available on this topic? This is fairly unpleasant, what with the use of the portmapper, udp, and servers (usually) requiring priveleged ports. If you control both the clients and the servers, check out SFS instead - it's basically NFS over a single tcp port (so packet filtering and tunneling are easy), with builtin crypto, and a magic uid-translation layer, so that uids don't have to be consistent across clients and servers. cat /usr/ports/security/sfs/pkg-descr WWW: http://www.fs.net/ SFS (Self-Certifying File System) is a secure, global file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities. SFS names file systems by public keys. Every remote file server is mounted on a self-certifying pathname -- a directory of the form /sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID is a cryptographic hash of a public key. This naming scheme allows for completely decentralized control -- anyone can create a file server, and any user can access any file server from any client. Various key management schemes can be built on top of SFS using symbolic links to map human-readable names to self-certifying pathnames. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE94rpLswXMWWtptckRAgf8AKCVhCYi+bRnqvAbSUVHVHqFXFwQ8ACeISyH H8yxixmbScilt5gMWF/tQ6Y= =Tbje -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 26 1: 9:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81CC037B401 for ; Tue, 26 Nov 2002 01:09:51 -0800 (PST) Received: from sequel.rsm.ru (sequel.rsm.ru [217.23.86.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B40043EB2 for ; Tue, 26 Nov 2002 01:09:49 -0800 (PST) (envelope-from aga@sequel.rsm.ru) Received: (from aga@localhost) by sequel.rsm.ru (8.11.1/8.11.1/RSM-3.1-s-av) id gAQ99ek40009 for freebsd-security@freebsd.org; Tue, 26 Nov 2002 12:09:40 +0300 (MSK) Message-Id: <200211260909.gAQ99ek40009@sequel.rsm.ru> Subject: two questions on syslog To: freebsd-security@freebsd.org Date: Tue, 26 Nov 2002 12:09:40 +0300 (MSK) From: Dmitry Agafonov Reply-To: aga@rsm.ru Organization: Radioservice Mobile Ltd, Saratov X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Good day! Can anybody help me to find a solution for these: - logging to single host from others on LAN (all I found are solutions for Linux and does not work on FreeBSD) - a tool to analyze system logs mail/messages/auth, etc. to generate something more human friendly than daily security and other scripts. Link to some tutorial will be enough. Thanks. -- Dmitry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 26 1:30:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D94DF37B401 for ; Tue, 26 Nov 2002 01:30:19 -0800 (PST) Received: from sbtx.tmn.ru (sbtx.tmn.ru [212.76.160.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 943F743EAF for ; Tue, 26 Nov 2002 01:30:18 -0800 (PST) (envelope-from serg@sbtx.tmn.ru) Received: from sv.tech.sibitex.tmn.ru (sv.tech.sibitex.tmn.ru [212.76.160.59]) by sbtx.tmn.ru (8.12.6/8.12.6) with ESMTP id gAQ9UAlU053769; Tue, 26 Nov 2002 14:30:10 +0500 (YEKT) (envelope-from serg@sbtx.tmn.ru) Received: from sv.tech.sibitex.tmn.ru (localhost [127.0.0.1]) by sv.tech.sibitex.tmn.ru (8.12.6/8.12.6) with ESMTP id gAQ9UAiM002245; Tue, 26 Nov 2002 14:30:10 +0500 (YEKT) (envelope-from serg@sv.tech.sibitex.tmn.ru) Received: (from serg@localhost) by sv.tech.sibitex.tmn.ru (8.12.6/8.12.6/Submit) id gAQ9UAOr002244; Tue, 26 Nov 2002 14:30:10 +0500 (YEKT) Date: Tue, 26 Nov 2002 14:30:10 +0500 From: "Sergey N. Voronkov" To: Dmitry Agafonov Cc: freebsd-security@FreeBSD.ORG Subject: Re: two questions on syslog Message-ID: <20021126093010.GA1981@sv.tech.sibitex.tmn.ru> References: <200211260909.gAQ99ek40009@sequel.rsm.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200211260909.gAQ99ek40009@sequel.rsm.ru> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Nov 26, 2002 at 12:09:40PM +0300, Dmitry Agafonov wrote: > Good day! > > Can anybody help me to find a solution for these: > - logging to single host from others on LAN (all I > found are solutions for Linux and does not work on FreeBSD) # man syslogd Exactly, you need somthing like that: 1) On logging server a) Modify /etc/rc.conf: syslogd_flags="-a 192.168.0.0/16:*" b) Restart syslogd 2) On other hosts a) Modify /etc/syslog.conf: *.notice;kern.debug;... @your.logging.server.org b) Send HUP to syslogd > - a tool to analyze system logs mail/messages/auth, etc. > to generate something more human friendly than daily > security and other scripts. > > Link to some tutorial will be enough. # cd /usr/ports; make search name=syslog # make search name=mail | grep log # grep -i log sysutils/*/pkg-descr security/*/pkg-descr ... And choose one you need. ;-)) Best Wishes, Serg N. Voronkov, Sibitex JSC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message