From owner-freebsd-security@FreeBSD.ORG Mon Dec 6 01:50:57 2010 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF0A71065670; Mon, 6 Dec 2010 01:50:57 +0000 (UTC) (envelope-from gabor@kovesdan.org) Received: from server.mypc.hu (server.mypc.hu [87.229.73.95]) by mx1.freebsd.org (Postfix) with ESMTP id 8C3BC8FC08; Mon, 6 Dec 2010 01:50:57 +0000 (UTC) Received: from server.mypc.hu (localhost [127.0.0.1]) by server.mypc.hu (Postfix) with ESMTP id D0E9114DD71C; Mon, 6 Dec 2010 02:35:29 +0100 (CET) X-Virus-Scanned: amavisd-new at server.mypc.hu Received: from server.mypc.hu ([127.0.0.1]) by server.mypc.hu (server.mypc.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bnHJkNSX7WaD; Mon, 6 Dec 2010 02:35:27 +0100 (CET) Received: from [193.137.158.219] (unknown [193.137.158.219]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by server.mypc.hu (Postfix) with ESMTPSA id C618B14DD00D; Mon, 6 Dec 2010 02:35:26 +0100 (CET) Message-ID: <4CFC3DE7.2030606@kovesdan.org> Date: Mon, 06 Dec 2010 01:35:35 +0000 From: Gabor Kovesdan User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-PT; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: trustedbsd-discuss@FreeBSD.org, freebsd-security@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 06 Dec 2010 01:59:13 +0000 Cc: Subject: problems with MAC labels on files X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Dec 2010 01:50:57 -0000 Hi, I'm trying to set up an MLS policy but I'm unable to label files. Multi-label option is enabled on /, UFS_EXTATTR and UFS_EXTATTR_AUTOSTART is in the kernel and the MLS module is loaded. # uname -a FreeBSD .localdomain 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Dec 6 00:20:31 WET 2010 gabor@.localdomain:/usr/src/sys/i386/compile/GENERIC i386 # setfmac mls/20:1 test setfmac: labeling not supported in test I've read all the documentation and man pages but I cannot find what else do I have to do to get it working. Could you please tell what I'm missing here? Thanks in advance, Gabor Kovesdan From owner-freebsd-security@FreeBSD.ORG Mon Dec 6 16:24:42 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D549C1065698; Mon, 6 Dec 2010 16:24:42 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from mx-01queue01.mts.net (mx-01queue01.mts.net [142.161.3.10]) by mx1.freebsd.org (Postfix) with ESMTP id 817088FC13; Mon, 6 Dec 2010 16:24:42 +0000 (UTC) Received: from wnpgmb013qw-sp03.mts.net ([10.205.128.23]) by mx-01mtaout02.mts.net with ESMTP id <20101206161155.CDUL13381.mx-01mtaout02.mts.net@wnpgmb013qw-sp03.mts.net>; Mon, 6 Dec 2010 10:11:55 -0600 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAFua/EzNyMPC/2dsb2JhbACjOHK9aYVJBIRfOoRk X-IronPort-AV: E=Sophos;i="4.59,305,1288587600"; d="scan'208";a="158305117" Received: from wnpgmb1302w-ad01-195-194.dynamic.mts.net (HELO movsx.my.domain) ([205.200.195.194]) by wnpgmb013qw-sp03.mts.net with ESMTP; 06 Dec 2010 10:11:55 -0600 Received: from movsx.my.domain (localhost [127.0.0.1]) by movsx.my.domain (8.14.4/8.14.3) with ESMTP id oB6GAx9p017411; Mon, 6 Dec 2010 10:11:14 -0600 (CST) (envelope-from csjp@movsx.my.domain) Received: (from csjp@localhost) by movsx.my.domain (8.14.4/8.14.3/Submit) id oB6GAhbE017406; Mon, 6 Dec 2010 10:10:43 -0600 (CST) (envelope-from csjp) Date: Mon, 6 Dec 2010 10:10:38 -0600 From: Christian Peron To: Gabor Kovesdan Message-ID: <20101206161038.GA17362@movsx> References: <4CFC3DE7.2030606@kovesdan.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline In-Reply-To: <4CFC3DE7.2030606@kovesdan.org> User-Agent: Mutt/1.4.2.3i X-Mailman-Approved-At: Mon, 06 Dec 2010 16:46:26 +0000 Cc: freebsd-security@FreeBSD.org, trustedbsd-discuss@FreeBSD.org Subject: Re: problems with MAC labels on files X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Dec 2010 16:24:42 -0000 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 06, 2010 at 01:35:35AM +0000, Gabor Kovesdan wrote: > Hi, >=20 > I'm trying to set up an MLS policy but I'm unable to label files.=20 > Multi-label option is enabled on /, UFS_EXTATTR and=20 > UFS_EXTATTR_AUTOSTART is in the kernel and the MLS module is loaded. >=20 > # uname -a > FreeBSD .localdomain 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Dec 6=20 > 00:20:31 WET 2010 =20 > gabor@.localdomain:/usr/src/sys/i386/compile/GENERIC i386 >=20 > # setfmac mls/20:1 test > setfmac: labeling not supported in test >=20 > I've read all the documentation and man pages but I cannot find what=20 > else do I have to do to get it working. Could you please tell what I'm=20 > missing here? >=20 > Thanks in advance, > Gabor Kovesdan > _______________________________________________ > trustedbsd-discuss@FreeBSD.org mailing list > http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss > To unsubscribe, send any mail to=20 > "trustedbsd-discuss-unsubscribe@FreeBSD.org" You need to use tunefs and enable them. --=20 () ascii ribbon campaign - against html e-mail=20 /\ www.asciiribbon.org - against proprietary attachments --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkz9Cv4ACgkQzHFpVAM/ozzy0wCaA7T3ekI4daRKnJ09xoTqk6/T UcgAnR3MHOWfc9w1SIGtRrqWScFrQy6R =sJPr -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi-- From owner-freebsd-security@FreeBSD.ORG Sat Dec 11 16:03:32 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55975106566B for ; Sat, 11 Dec 2010 16:03:32 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 1B6718FC19 for ; Sat, 11 Dec 2010 16:03:31 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 89ABC2B7D08; Sat, 11 Dec 2010 11:03:31 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-type:content-type:in-reply-to:references:subject:subject :mime-version:user-agent:from:from:date:date:message-id; s=dkim; t=1292083410; x=1293897810; bh=lzo0sVCUI0F95Yjp0jQHOuZ7iQ2Qhc9R y5BMYdK3vEA=; b=IDnDyB8u5kL2Mao7W7n2+JCOjVqGVZnX1iF/6UVhS0jZrQ8m 6eFtKLeaJzth1OzIamD6Esa4ryLRh7bDi8Q9ZX3lyvTjlNlmSuQOBD+Ww0oov9ph mLrLZfQAwiYgsbeHSzyIOm6GZjXISGb5hesDfOo45x/yVSV4wgupZtx2A5c= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.13 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 99F332B7D07; Sat, 11 Dec 2010 11:03:30 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.702.0; Sat, 11 Dec 2010 11:03:30 -0500 Message-ID: <4D03A0D1.5070808@secnap.com> Date: Sat, 11 Dec 2010 11:03:29 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Micheas Herman References: <4CF511C7.3050702@secnap.net> In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: any interest in tripwire commercial? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 16:03:32 -0000 > Probably. > >> > does everyone put 32 bit compatibility libraries in their amd64 builds? >> > ______ > Never, unless running cosed source software. It seems to triple your > attack surface area. > than the answer is "no' you would not want an i386 version since you need to put 32bit compatibility in if this is all tripwire supports. Sometimes, its easier to get a vendor to release compiled binaries if you tell them you can support: 7.1 - 8.x, i386/amd, with a single i386/32 bit binary. to tell them the need to maintain 8 versions is harder. doesn't really too much matter, It looks like only you and me are interested. with that huge response, I guess its never going to happen. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________ From owner-freebsd-security@FreeBSD.ORG Sat Dec 11 16:05:21 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0946A1065693 for ; Sat, 11 Dec 2010 16:05:21 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id C77508FC1A for ; Sat, 11 Dec 2010 16:05:20 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 5E97E2B7D08 for ; Sat, 11 Dec 2010 11:05:20 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-transfer-encoding:content-type:content-type:subject :subject:mime-version:user-agent:from:from:date:date:message-id; s=dkim; t=1292083519; x=1293897919; bh=m5MHqhM768RQBZvo6VyGV79w 4IwcW2JiUsQCpUeNQBY=; b=C0/MKF98RTGDNx/BAzdYpcMVnLFqMdkfTcpa//ks 7Qbdvm45JeCkWnC/i6Euc2eBdmaITdkmPr2iEXHAvKZdg8dVh7E/31F4/tJGCy5n IFaCrhkAoxtIGBUmvKDAldcgN4CgFsB9uqh/4uK918/m29p7g69GFCEFR+/AAM5D QKY= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.13 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 8248A2B7D07 for ; Sat, 11 Dec 2010 11:05:19 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.702.0; Sat, 11 Dec 2010 11:05:19 -0500 Message-ID: <4D03A13F.7070204@secnap.com> Date: Sat, 11 Dec 2010 11:05:19 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Subject: packet capture and if_bridge ignore bpf rules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 16:05:21 -0000 I am just not working on tracking this down, and sometimes like to use tcpdump/tshark to watch specific packets on a host to look for 'interesting' things. I think I have seen this since 6.x I don't remember it on 5.x, but 5.x used 'bridge' and 6.x and 7.x are using if_bridge. system is 7.3, amd64. tried this on 6.x amd64, and i386. same results. googled a lot and didn't see anything I could use. problem: if I am on a network using if_bridge, the 'FILTER' section of bpf seems to be ignored, or sorta backward. tried with tcpdump, tshark, snort, etc. example: normal interface: tshark -niem0 net 204.89.241.0/24 sees traffic to and from that net (tcpdump, same thing) HOWEVER.. tshark -niem0 net 204.89.241.0/24 sees NOTHING tshark -niem1 net 204.89.241.0/24 sees NOTHING tshark -nibridge0 net 204.89.241.0/24 sees NOTHING tshark (em0|em1|bridge0) sees 204.89.241.0/24 if I do this: tshark (em0|em1|bridge0) not net 204.89.241.0/24 (actually looks like it sees everything and ignores the bpf filter. using -F on tcpdump, using -f 'net 204.89.241.0/24' on wireshark doesn't help. em0 and em1 have no ip assigned and are brought up like this: ifconfig_em0="-arp up" ifconfig_em1="-arp up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em0 stp em0 up" ifconfig looks like this: em1: flags=89c3 metric 0 mtu 1500 options=9b ether 00:30:64:05:ef:56 media: Ethernet autoselect (1000baseTX ) status: active em0: flags=89c3 metric 0 mtu 1500 options=9b ether 00:30:64:05:ef:57 media: Ethernet autoselect (1000baseTX ) status: active bce0: flags=8843 metric 0 mtu 1500 options=1bb ether 00:1d:09:6b:75:e2 inet 192.168.100.40 netmask 0xffffff00 broadcast 192.168.100.255 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 bridge0: flags=8843 metric 0 mtu 1500 ether ea:62:40:63:41:3b id 00:1d:09:6b:75:e2 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:1d:09:6b:75:e2 priority 32768 ifcost 0 port 0 member: em0 flags=1c7 ifmaxaddr 0 port 3 priority 128 path cost 2000000 proto rstp role designated state forwarding member: em1 flags=1e7 ifmaxaddr 0 port 2 priority 128 path cost 2000000 proto rstp role designated state forwarding so, what magic to make bpf filters work? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________