Site Navigation

Date:      Sun, 25 May 2014 23:51:14 -0400
From:      Jason Hellenthal <jhellenthal@dataix.net>
To:        "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: NEVERMIND!  (was: Local Denial of Service: logger(1))
Message-ID:  <61CB0E46-3969-4A00-866E-731F44E0B29A@dataix.net>
In-Reply-To: <2218.1401075427@server1.tristatelogic.com>
References:  <2218.1401075427@server1.tristatelogic.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
That and/or you could just disallow the use of logger to that of just a special group say staff and modify the mtree(8) files to keep the changes. 

These are just medial tasks into hardening a system for its specific needs. security/logcheck should pick up these events pretty quickly and shoot out an email to your admin group to alert them of the miscreant :-)

-- 
 Jason Hellenthal
 Voice: 95.30.17.6/616
 JJH48-ARIN

> On May 25, 2014, at 23:37, "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote:
> 
> 
> In message <2091.1401074804@server1.tristatelogic.com>, I wrote:
> 
>> ==========================================================================
>> #!/bin/sh
>> 
>> while (1)
>>   dd if=/dev/random bs=15 count=1 | od -c | xargs logger
>> end
>> ==========================================================================
> 
> DUH!
> 
> I forgot that newsyslog(8) should limit the size of /var/log/messages, and
> that as long as you limit the size of that to a reasnable value, and as
> long as you have newsyslog(8) only keeping a finite & reasonable number
> of "rotated out" copies, then /var won't fill up.
> 
> My apologies to everyone for the distraction.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��90�00��
��0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
130518085048Z
140519220947Z0H10Ujhellenthal@dataix.net1%0#	*�H��

	
jhellenthal@dataix.net0�
"0
	*�H��



�
0�

�

�'`T�mfkܨJ5�u+c�'�U�p�b����`��zv�)&ȸX�Z*V��N�6�Jv�LoV�o�h�}�g�
p�QDŽKf/�tZ�A�˳(���"4Ԅ��˻�'�d2h|��IB�l�'���^v�^��;'��e8�S��9�9���ۿVm|k8_UQ��t�C�"5�l��!kjZ]އQGn����\��B�Ž�h�!FT�sD�%���pV^�E��ӑ
d¨x͸"�9
г"����
����f�

���0��0	U00U�0U%0+
+
0U�ڔ�fm��V�ʢ�$䟓�0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�jhellenthal@dataix.net0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

{0���Ӹ,52��W{��E�y�8�b�[���{��7��_�+��P�"��n�[���"-�,��@Žp��J��-W��$ݍ�jWA��-6���z��(	���RdIZ�.����Kz�X�є[�K6}{�s+v.�Q��h�0���P�ͅK��h�Tw0I�7�3l��z*�Kv��4Kkگ��6�3;�p1:ױ����@)����]o�k>:W�%Xw�C1þL�/�o8���~#�oP�0�40��

0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N��

��
�0�
�0U

�0

�0U

�
0USr풜���
\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�

�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢����
��o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�LJ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b
��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�0��0���


0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0�"0
	*�H��



�0�
�
���	�lF|x��{�3��rb��6 "$^��w�C
�d�̎6�8�#�nm�<�r����=�3+�/���AYg��}
�t��yL�7z�9RY��FC�҅���q�ub4�,����4�ǖ�R=�3��M�;JK��&/��r5w�<]���&�6v\
�t%������x�-�0
-ry�F�*�����I�����
�
�cS�b�:̵f��kt�+�v>�m��D�sb;ľ�SV%lQ	���ʿv�m��ۿ=f�V���H�:KߧXP�8u�[�C����lMp[)e�ݪ]̯
1��ҍ��{�n�'fH�nB�?�!>{�
p�c��lT�\%zɢɋ��,~^MXn
�
�2�����n��6I�Hi�–M�i�
���y"H��{i�p��z7��
�vOW��������`�g:�����ԋr"�Ɵ���������ƶ�\R<��*s

�`�z/�ۣn�&0���݉W��=��+ŷv��+��*r��3�]	K߻�tRK

��R0�N0U0

�0U
�0UN��@[�i�0�4hC�A��0dU]0[0,�*�(�&http://cert.startcom.org/sfsca-crl.crl0+�)�'�%http://crl.startcom.org/sfsca-crl.crl0�
]U �
T0�
P0�
L+

��7


0�
;0/+

#http://cert.startcom.org/policy.pdf05+

)http://cert.startcom.org/intermediate.pdf0��+
0��0' Start Commercial (StartCom) Ltd.0

��Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`�H
��B

08	`�H
��B

+)StartCom Free SSL Certification Authority0
	*�H��


�
l��f4�Ѕ^}
��N8^ߦ%K�2��;�=�D	[I�)�f����%�	<���6�+K�h�9f=�&��9�Q��{~��Z��Wpi��^X�
ߌ�E8
^W�b�z�����)����n(�DÐ�8�<�CMdE��(�\�s{�諱�.\dns1:����}��Q�;���M�f{<�Ӛ��eP���u�/���C��i��y�C�Fr�d6��%8��w~�kj���DK�x����,KD�4R'�
]�����x�S2݀�fuٵh(�a.���8����gd�./�p�ǖ|�e��CT�ݥ�9�`�4ɖp,��H{�~k����";���*���R��KU�����"��4N&"��,uJ��}׸d�6��/��#	��;sI�jW����xřCc�M�w-�e�riG	�
V$��y�X.��	
~��m>��J9��+���u���	�U7��7�Cb ��VKe��l�$�$�4���"��}?�eQ
�0j���
�r��^1�o0�k

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0	+��
�0	*�H��

	1	*�H��


0	*�H��

	1
140526035116Z0#	*�H��

	1�?PT����vo��U^��0��	+

�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0��*�H��

	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0
	*�H��



�
*{�^ݲ7���P<UHQQ�݇#��7=�8��i(Ehy��y���e��	�`�a���8��"�0B�"A̤�o T���$=MP������ѣ���3%��=R��U+TY�m���a!_��C��{��#��ZgH=��	)����ɓ�L��d:�2Г�dž�s�'�D�p�(�^+`Y^
�PD��#�f�f!�6����s���"�#�;��p���]�aFZ�/{EF$�|A`����mFr��ta7��y-��3�[�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61CB0E46-3969-4A00-866E-731F44E0B29A>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact