|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
sysjail alternative
it has been announced they are closing down ,anyone knows any alternative for this?or any honeypot for openbsd?
Quote:
|
|
|||
Unfortunately not, FreeBSD has a more in-depth jail mechanism with kernel support.. but it's quite an extensive modification and very unlikely to be ported easily.
The problem here is that the primary developers of sysjail assumed like many others that systrace was designed for security.. but the man page for it has always warned about a major design flaw for many years. This doesn't mean that systace can't be useful in controlled situations, it shouldn't have been purged immediately like the NetBSD folks decided to do. If you try to explain what you require, it may be possible for to you achieve the "security" you desire using traditional (..and/or OpenBSD specific) mechanisms, so please consider telling us a little more about your setup. I personally don't recommend virtualization or emulation, but assuming this isn't going into production.. it may be an option for you. |
|
|||
iam suprise how friendly the bsd community are,iam new enough in openbsd,this is my first week lol,and haven't been touch even linux for years,so pardon me,my setup are simple,iam gonna use this box as firewall,my connection comes from adsl 2mbps,i planned to divide the bandwidth evenly for 3 people,and if possible qos applied also,but my first priority are bandwidth management,does download manager(flashget,etc) could broke the bsd traffic shaping setup?i was tried using win box with kiddie software like bandwidth limiter,flashget/youtube/streaming easily break the software.
have doing some research so far found these : ht@@p://w@@w.benjaminheckmann.de/how..._altq_v2.7.pdf , great start though but still need more comment from expert like you,and more n00b friendly like me. thx for helping.. |
|
|||
i was testing scanning my own test box,supprisingly there is more than 100 port tcp udp opened o_0,how i can fully make this box invisible? i need advice,tips,trick how to execute my plan,including hardening the box,and any other that i may forget
for hardening got this \v/\v/\v/.cromwell-intl.c0m[slash]security[slash]linux-hardening.html hmm sory for these,antispam 5 min post to post url |
|
|||
I can relate my experience with one scenerio where limiting access for some users is needed. I use the newish SSH capability to invoke an internal-sftp server in combination with MatchUser directive in sshd_config, forcing the user to use this sftp instance in a chroot. I use this for allowing people access to the web root when we are working together on a web project, but they don't need access outside of the web root or full shell access.
Code:
AllowUser ______ Subsystem sftp internal-sftp Match User ______ ForceCommand internal-sftp ChrootDirectory /var/www # copied note from forum on how to make sure this works: # This is quite simple really, it’s stat()ing the directory specified for # “ChrootDirectory” and all its parents up to / and checking that they are: # # * owned by root # * not group or other writable |
|
|||
@narcedata
nice way btw i saw the vid conference by mult about process isolation from http://www.youtube.com/watch?v=JaVnNllZxn4 it was named instproc,but cannt found anywhere?even in ports,any idea when it's gonna be implemented? |
|
||||
If you listen to the presenter, Kristaps Dzonsons, he tells you where to find information on the second slide of his presentation. The .pdf for the presentation is online at www.dcbsdcon.org/speakers/slides/dzonsons_dcbsdcon2009.pdf
At this moment, I cannot connect to the website, but I found the following in Google's cache. Highlights mine: Quote:
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VPN alternative: ssh -w | s2scott | OpenBSD Security | 15 | 16th April 2009 01:09 AM |
Alternative Architecture Laptops | JMJ_coder | General Hardware | 6 | 7th October 2008 05:05 PM |
Alternative to FoxPro? | michaelrmgreen | Programming | 2 | 18th July 2008 11:40 AM |
iTunes alternative | stukov | Off-Topic | 8 | 14th June 2008 01:55 PM |
There is an alternative way to find a packages? | aleunix | OpenBSD Packages and Ports | 23 | 6th June 2008 07:18 AM |