security

Hi All, I've been trying to change umask of a local user. I've looked around for instructions, and tried adding umask in .login_conf in user's home directory. me:\ :umask=002: Also ran cap_mkdb .login_conf after modification. umask remains 022, unchanged. In addition, I've changed...

According to our third-party PCI scanner (conducted by Trustwave) current OpenSSH version is no longer supported. The version of OpenSSH detected is no longer supported by the vendor. No further security patches or upgrades will be released by the vendor for this version, and the vendor will...

I am running FreeBSD 11.1-RELEASE-p1 with a customized kernel (NAT compiled into it). I have setup ssmtp to send me the daily, weekly etc reports and over the past few days I have been receiving a strange error in the security run output. Checking setuid files and devices: Checking negative...

Hello Everyone: The audit system in FreeBSD currently support auditing by user id only. Is it possible to support auditing by folder(I just wanna to audit specific folder,whoever access it)?? Thanks anyway!!

So I noticed that the Linux Binary compatibility use the Kernel 2.x which is pretty old and it has a lot of known vulnerabilities. Is it still safe if we run it on FreeBSD or will it be not secure to have it?

So here's my scenario. * I have a home server (HostB) which is completely within my control. * I have an off-site machine that can potentially be physically accessed by other people I don't trust (HostA). I want to do off-site backups (encrypted of course) via `duplicity` from HostB to...

Hi everyone, not sure if I'm in the right forum area, so maybe a mod wants to move this. Is it possible to 'track' actions that are done in a jail where an sshd server is running and offering root access (so of course no root access directly in the sshd, but after login su/sudo is possible)...

Hello, I found in the eMail of "daily security run output" today: changes in mounted filesystems: --- /var/log/mount.today 2016-05-14 03:03:55.000000000 +0200 +++ /tmp/security.aYjsnqDE 2016-11-29 03:04:45.000000000 +0100 ..and downstairs kernel log messages: +++...

Hey folks, I'm in progress of migrating my centos openvpn dualstack server to freebsd. I got a problem with ipv6 connection and im not shure what is the problem. IPv4 is working fine through the tunnel. IPv6 icmp is possible, but nameservers are not reachable on :53 or anything else except via...

Hi, despite reading and re-reading the manual, I have an extremely hard time understanding how to keep my FreeBSD host and my FreeBSD jails secure. I am going to try to express my current understanding of FreeBSD as maybe the problem is that I don't understand it. There seems to be on one...

I'm building out a hosting environment for my customers. I typically use Linux but FreeBSD offers some features of interest to my customers. I've used FreeBSD before (version 9), but my experience is limited. The hosting architecture I'd like to setup is (focusing on two servers): Server 1...

With exploits like this that directly affect the hardware and timing of a CPU, can we really believe that security in computer science is anything but a dream? Sure you can raise the bar but if someone wants to get in, they can. Even if they are running in virtual machines on your server, they...

Hello Forum, I think I may have enabled too many security features that prevent me from adding any user account to groups wheel and others during the installation. I am not sure of how to get these back to not enabled post-installation. At least enabling the superuser account privilege for a...

Shadow Brokers reveals list of Servers Hacked by the NSA. FreeBSD is mentioned as one of the systems used in some of the hacked servers: This makes me curious about the security of FreeBSD and the methods and vulnerabilities NSA used to hack the servers. Do you think FreeBSD is suitable for...

Hey guys, I am working on my git server, and SSH its claiming about have no access to /dev/tty inside of jail. After read about this issue, I have found is need setup on /etc/rc.conf to start it using: devfs_load_rulesets="YES" And on my jail.conf I need use devfs_ruleset, the level 3 and 5...

I receive scheduled emails from periodic with the subject line "daily security run output". I cannot find documentation to help interpret each section of the email, e.g. "checking negative group permissions", "checking for uids of 0"(root and toor are listed). Most important to me however, is to...

I was Googling around for it but I couldn't find anything. Is there a module or tool in FreeBSD that provides the same security functionality as selinux?

I submitted this a while back, but never heard back: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204008 What concerns me about this is that cap_enter() doesn't kill the program if it's disabled. I don't think any compiler warnings are sent, nor anything at run time. It just silently...

Hello, I was testing one of my software on FreeBSD ,Where in the software i've been trying to replace the Real/Effective UID and GID of the process using below two functions setregid(),setreuid(). But these both functions return -1 as a result(when i got the errno to print it ssys "operations...

I have two FreeBSD 10.3 servers an audit shows the following pkg audit openssl-1.0.2_15,1 is vulnerable: OpenSSL -- multiple vulnerabilities CVE: CVE-2016-6308 CVE: CVE-2016-6307 CVE: CVE-2016-6306 CVE: CVE-2016-2181 CVE: CVE-2016-2179 CVE: CVE-2016-2178 CVE: CVE-2016-2177 CVE: CVE-2016-2180...