DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default .serverauth was deleted

Dear All,

I was realized that my /home/user/.serverauth was deleted and unable to start xfce4 anymore. Perhaps this is a sign of intruding. I had no idea how.

I had issues this command tcpdump -l npi fxp0 | tee tcpdump to analyze the network traffic. I had realized there are a lot of ipv6cp and lcp packet flowing between the interface.

I had attached a tcpdump file with a idle connection.

Hope someone are willing to illustrate this.
Attached Files
File Type: zip tcpdump1.zip (10.1 KB, 63 views)
Reply With Quote
  #2   (View Single Post)  
Old 25th August 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Peter, any time something happens you do not understand, it must be "I've been hacked!"

Please stop. You. Have. Not. Been. Hacked. You do not know what a .serverauth file is for, how it would be created, nor deleted. I'll tell you this much. These files are created by startx(1), and deleted by startx(1).

Perhaps it was your failed Gnome installation that is causing your problems now? We don't know, of course, because you haven't posted a useful problem report.

Since you've posted some tcpdump(1) output, I looked at it, and saw:
  • IPv6 configuration requests and acknowledgement responses.
  • outbound HTTPS requests and responses.
  • outbound HTTP requests and responses
  • NTP traffic
  • ICMP traffic
You apparently missed this post in one of your other threads. I'll highlight something very important from it.
Quote:
Originally Posted by jggimi View Post
...Peter is still running -release, and to the best of my knowledge, he has not applied any of the 14 published errata patches -- 9 of which address actual, confirmed security issues. If he has not done so, then this is where his attention should be focused...
Instead of chasing ghosts, why not address real security issues?

If you do not have the skills to maintain your own system, consider using M:Tier's very useful -stable services. Many people do, for both -stable systems and -stable packages.

Last edited by jggimi; 25th August 2015 at 12:46 PM. Reason: clarity, formatting
Reply With Quote
  #3   (View Single Post)  
Old 25th August 2015
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 314
Default

Quote:
Originally Posted by jggimi View Post
Instead of chasing ghosts, why not address real security issues?
+1

I think your issue here is in the pursuit of a "sense of security" rather than actual security.

As jgimi says, files like .serverauth.* and .Xauthority are session files which work exactly as above. Things can go wrong with these when X is just killed or if the user just reboots from a terminal emulator. This means that next time you want to run startx, you may need to clean up.

I thought that on your system the X aperture driver was disabled and the X sets not installed anyway?
Reply With Quote
  #4   (View Single Post)  
Old 26th August 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by jggimi View Post
Please stop. You. Have. Not. Been. Hacked.
My firewall rebooted after my house lost power. Damned hackers creating thunderstorms.

In all honesty, thanks jggimi, I've been trying to think of a tactful way to say what you said above.

Edit - Burden of proof and all that jazz...
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 26th August 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

It's OK to have a sense of paranoia, if it is applied constructively towards best practices. This isn't.

Peter's paranoia appears actively harmful to him, because his focus and attention are on non-existent threats. He apparently has no time or attention to spare to learn and apply actual security best practices, such as keeping his system up-to-date.
Reply With Quote
  #6   (View Single Post)  
Old 27th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

I'm understand what you all saying here. I will try my best to follow the guidance and practises from experience people. Thanks you very much.
Reply With Quote
  #7   (View Single Post)  
Old 27th August 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Excellent! I know that you want to "harden" your OpenBSD installation. Your first step towards actually doing that is to apply fixes for known issues. As noted above, there are nine security issues you have not yet addressed.

OpenBSD is source-code maintained. Users -- that's you and me, Peter -- are expected to be able to apply patches or else build a system from the -stable branch (the "patch branch") of the source code. The errata web page linked to above provide step by step instructions for individual patches, but there is an assumption that the user has read the FAQ and obtained the -release source code.

If you find this is beyond your skills, you can use M:Tier's -stable services. While not part of the Project directly, M:Tier employs several OpenBSD developers and provides commercial OpenBSD services.

Along with -stable systems, M:Tier also provides -stable packages.

The OpenBSD project creates -stable ports but does not have the resources to provide -stable packages for all of its architectures, leaving the building of packages to the users. Many users, even technically skilled users, use M:Tier's service because they do not have the time, resources, or interest in building -stable packages for themselves.

Good luck! Should you have any questions about keeping your system updated, please start a new thread.

If you still have issues with XFCE, and wish to have us review the problem, please post a more complete problem report. If you're unsure what to post, log the output of your startx(1) command.

$ startx > my.log.file 2>&1 should log the startx output into my.log.file. If there is content, it may show the error more clearly. And it may provide you with enough information to resolve the problem on your own.
Reply With Quote
  #8   (View Single Post)  
Old 28th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by jggimi View Post
Excellent! I know that you want to "harden" your OpenBSD installation. Your first step towards actually doing that is to apply fixes for known issues. As noted above, there are nine security issues you have not yet addressed.

OpenBSD is source-code maintained. Users -- that's you and me, Peter -- are expected to be able to apply patches or else build a system from the -stable branch (the "patch branch") of the source code. The errata web page linked to above provide step by step instructions for individual patches, but there is an assumption that the user has read the FAQ and obtained the -release source code.

If you find this is beyond your skills, you can use M:Tier's -stable services. While not part of the Project directly, M:Tier employs several OpenBSD developers and provides commercial OpenBSD services.

Along with -stable systems, M:Tier also provides -stable packages.

The OpenBSD project creates -stable ports but does not have the resources to provide -stable packages for all of its architectures, leaving the building of packages to the users. Many users, even technically skilled users, use M:Tier's service because they do not have the time, resources, or interest in building -stable packages for themselves.

Good luck! Should you have any questions about keeping your system updated, please start a new thread.

If you still have issues with XFCE, and wish to have us review the problem, please post a more complete problem report. If you're unsure what to post, log the output of your startx(1) command.

$ startx > my.log.file 2>&1 should log the startx output into my.log.file. If there is content, it may show the error more clearly. And it may provide you with enough information to resolve the problem on your own.
Thanks jggmi for provide some guidance on how to harden/secure the operating system by resolve the well known critical security issues first. Thanks you very much.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Serverauth.27093 does not exsist whispersGhost OpenBSD General 2 18th April 2012 11:33 PM
OpenBSD groff deleted from tree J65nko News 2 17th March 2011 12:26 AM
Deleted my /boot/loader enpey FreeBSD General 16 10th June 2008 10:02 PM


All times are GMT. The time now is 08:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick