From owner-freebsd-current@freebsd.org Sat Jun 25 14:55:48 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D755AB80B69 for ; Sat, 25 Jun 2016 14:55:48 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) by mx1.freebsd.org (Postfix) with ESMTP id A287327BA; Sat, 25 Jun 2016 14:55:48 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: by sdaoden.eu (Postfix, from userid 1000) id A81951604A; Sat, 25 Jun 2016 16:55:47 +0200 (CEST) Date: Sat, 25 Jun 2016 16:55:45 +0200 From: Steffen Nurpmeso To: Glen Barber Cc: freebsd-current@freebsd.org Subject: Re: svn commit: r302185 - head/release/doc/en_US.ISO8859-1/relnotes Message-ID: <20160625145545.-s35vVVMV%steffen@sdaoden.eu> References: <201606242342.u5ONgXTu041633@repo.freebsd.org> <20160625130211.om_RIztzB%steffen@sdaoden.eu> <20160625132153.GP19747@FreeBSD.org> In-Reply-To: <20160625132153.GP19747@FreeBSD.org> Mail-Followup-To: Steffen Nurpmeso , Glen Barber , freebsd-current@freebsd.org User-Agent: s-nail v14.8.8-271-g90e1e10 OpenPGP: id=95F382CE; url=https://www.sdaoden.eu/downloads/steffen.asc X-BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2016 14:55:48 -0000 Glen Barber wrote: |On Sat, Jun 25, 2016 at 03:02:11PM +0200, Steffen Nurpmeso wrote: |>| A selection of system daemons, including: |>| fingerd, |>| ftpd, |>|- rlogind, |>|- rshd, and |>|- sshd have been modified to support |>|+ rlogind, and |>|+ rshd have been modified to support |>| sending notifications to the blacklistd |>| daemon. |>=20 |> Allow me to continue hoping nonetheless. |> In this great future, you can't forget your past. | |I hope the issues can be resolved before 11.0-RELEASE. I personally |look forward to this change, but the revert was necessary. It is very likely that you and D.E. Sm=C3=B8rgrav are right, and then 11.0 is to be expected for September. In fact i was only looking at this from a very narrow user perspective and, in addition, never liked that log files have to be parsed to recollect states that were known by the generating daemon. It can only be that commercial software does this better, more integrated, but i don't know. So once the blacklistd idea came up, which was, if i recall correctly, shortly after DragonFly BSD introduced their own logfile analyzer, didn't they?, i was kind of thrilled, because isn't that the first time that the right thing is done to face that problem? In my opinion it would be great if all servers that listen to the outside world would gain the necessary hooks for "bad command", "bad login", "good login", possibly more. This would create an integrated, synchronous mesh of firewall and servers, so talking about clowds.., i am looking forward to this. If rules would become more sophisticated, e.g., "user IP tried to post messages with more than X KB the Y time", and that could be taken into account. And then it also requires less CPU time and thus energy, then having a logfile analyzer running in addition. Thank you. Have a nice weekend. --steffen