summaryrefslogtreecommitdiff
path: root/security (follow)
Commit message (Collapse)AuthorAgeFilesLines
* update to 1.6.Michael Haro1999-12-102-7/+4
| | | | | | | | had to remove manpage path corrections patch (patch-ac) because I don't have time till after Friday to work on this port more. Notes: svn path=/head/; revision=23708
* Back out my change from Oct.26, this was a misconfigured hack and shouldFoxfair Hu1999-12-091-5/+0
| | | | | | | | | never be taken. Pointed out by : maintainer. Notes: svn path=/head/; revision=23672
* Activate chrootuid.Don Lewis1999-12-091-0/+1
| | | | Notes: svn path=/head/; revision=23668
* The chrootuid command combines chroot(8) and su(1) into one program,Don Lewis1999-12-096-0/+59
| | | | | | | | | | | so that there is no need to have commands such as /usr/bin/su in the restricted environment. Access to the file system is restricted to the newroot subtree and privileges are restricted to those of the newuser account (which must be a known account in the unrestricted environment). Notes: svn path=/head/; revision=23667
* Change broken link to homepage to official oneAndrey A. Chernov1999-12-084-2/+4
| | | | Notes: svn path=/head/; revision=23659
* I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), andBrian Feldman1999-12-085-61/+63
| | | | | | | | | | | | | updated to today's snapshot of OpenSSH. Various updates from the latest ${CVS_DATE}, and requisite patch changes, are the "big new thing". Nothing major has changed; the biggest ones would be using atomicio() in a lot of places and a fix for a SIGHUP not updating sshd(8)'s configuration until the next connection. Notes: svn path=/head/; revision=23652
* Update to 2.3 beta #9.David E. O'Brien1999-12-072-3/+3
| | | | | | | This speeds up OS scans. Notes: svn path=/head/; revision=23650
* The software's www page has been moved.SADA Kenji1999-12-071-1/+1
| | | | Notes: svn path=/head/; revision=23644
* In the meantime (while things are being worked and decided on on theBrian Feldman1999-12-065-22/+328
| | | | | | | | | | | | | | | | | | OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via running the system out of resources. In reality, this wouldn't be a full DoS, but would make a system slower, but this is a better thing to do than let the system get loaded down. So here we are, rate-limiting. The default settings are now: Five connections are allowed to authenticate (and not be rejected) in a period of ten seconds. One minute is given for login grace time. More work in this area is being done by alfred@FreeBSD.org and markus@OpenBSD.org, at the very least. This is, essentially, a stopgap solution; however, it is a properly implemented and documented one, and has an easily modifiable framework. Notes: svn path=/head/; revision=23622
* Under advisories, put RESTRICTED back. It more accurately reflectsBrian Feldman1999-12-061-0/+2
| | | | | | | | | | | reality, though. One file, cipher.c, calls cryptographic routines from external libraries. This really cannot encumber OpenSSH in any case, but I put RESTRICTED back since it would give people a false hope of being able to install the OpenSSH package but not the requisite, RESTRICTED (so nonexistant) openssl package. Notes: svn path=/head/; revision=23621
* Upgrade to l0pht-watch 1.1Kris Kennaway1999-12-063-11/+11
| | | | | | | Reviewed by: Maintainer Notes: svn path=/head/; revision=23620
* Good-bye, RESTRICTED.Brian Feldman1999-12-061-2/+0
| | | | | | | | | | | | | | | | Reasons: 1. It's not crypto. 2. It links with crypto. a. That crypto is in the public domain. b. Linking with crypto does not constitute cryptography. 3. Even if it were crypto, the description of the entire protocol, etc., is in the public domain. The RFC is PD in the USA, and the white paper in Europe. 4. Precedence? Even if it were crypto, the Bernstein case has set precedence for allowing export of that. But it's not even crypto. Notes: svn path=/head/; revision=23619
* Reduce LoginGraceTime from 10 minutes (!!!) to 30 seconds. More toBrian Feldman1999-12-041-2/+3
| | | | | | | come, soon. Notes: svn path=/head/; revision=23572
* fix buffer overflow in RSA{Public,Private}Decrypt. from CORE SDI.Chris Piazza1999-12-021-0/+42
| | | | Notes: svn path=/head/; revision=23554
* PORTLINT rules.Foxfair Hu1999-12-012-8/+6
| | | | Notes: svn path=/head/; revision=23544
* More portlint cleanup.Foxfair Hu1999-12-012-8/+8
| | | | Notes: svn path=/head/; revision=23543
* PORTLINT rules.Foxfair Hu1999-12-012-10/+10
| | | | Notes: svn path=/head/; revision=23542
* Upgrade nessus-plugins to 0.99.1 .Foxfair Hu1999-12-018-82/+126
| | | | Notes: svn path=/head/; revision=23541
* Upgrade to 0.99.1, and make portlint happy.Foxfair Hu1999-12-016-8/+12
| | | | Notes: svn path=/head/; revision=23540
* Active nessus-* ports.Foxfair Hu1999-12-011-0/+3
| | | | Notes: svn path=/head/; revision=23525
* PR: 14776Foxfair Hu1999-12-0110-0/+618
| | | | | | | | | | | Submitted by: Anders Nordby <anders@fix.no> Import the plugins for nessus, network security scanner program. WWW: http://www.nessus.org/ Notes: svn path=/head/; revision=23524
* PR: 14775Foxfair Hu1999-12-0110-0/+134
| | | | | | | | | | | | | | | | | | | | | Submitted by: Anders Nordby <anders@fix.no> NASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to garantee everyone that a NASL script can not do anything nasty except performing a given security test against a given target. NASL is not a powerful scripting language. Its purpose is to make scripts that are security tests. So, do not expect to write a third generation web server in this language, nor a file conversion utility. Use perl, python or whatever scripting language to do this. WWW: http://www.nessus.org/doc/nasl.html Notes: svn path=/head/; revision=23523
* PR: 14774Foxfair Hu1999-12-0110-0/+126
| | | | | | | | Submitted by: Anders Nordby <anders@fix.no> Split nessus-libraries from nessus port. Notes: svn path=/head/; revision=23522
* PR: ports/14773Foxfair Hu1999-12-0110-522/+182
| | | | | | | | | Submitted by: maintainer Update to 0.99.1, and disable nessus for compiling in -current. Original patch submitted by the maintainer, and some fixes from me. Notes: svn path=/head/; revision=23521
* Update one of the master sites.Archie Cobbs1999-11-301-1/+1
| | | | | | | Submitted by: Brent <brent@kearneys.ca> Notes: svn path=/head/; revision=23507
* Add the PAM SSH RSA key authentication module. For example, you can add,Brian Feldman1999-11-295-6/+373
| | | | | | | | | | | | "login auth sufficient pam_ssh.so" to your /etc/pam.conf, and users with a ~/.ssh/identity can login(1) with their SSH key :) PR: 15158 Submitted by: Andrew J. Korty <ajk@waterspout.com> Reviewed by: obrien Notes: svn path=/head/; revision=23497
* Update to a current CVS_DATE. The only real change I see is the (big)Brian Feldman1999-11-284-155/+157
| | | | | | | | | | change of KNFization being finalized :) Patches had to be modified, but should look "better" according to style(9), now. Notes: svn path=/head/; revision=23479
* Change CFLAGS to get modified in Makefile.inc, fixing theBrian Feldman1999-11-282-4/+6
| | | | | | | | | problem several people have reported with make.conf setting ${CFLAGS}. Partially submitted by: Jos Backus <Jos.Backus@nl.origin-it.com> Notes: svn path=/head/; revision=23476
* Update to 0.6.1Nick Sayer1999-11-282-4/+4
| | | | | | | Submitted by: sascha@schumann.cx Notes: svn path=/head/; revision=23462
* Re-importing in net.Steve Price1999-11-261-1/+0
| | | | | | | Suggested by: kris Notes: svn path=/head/; revision=23423
* Activate the dante and p5-Authen-PAM ports.Steve Price1999-11-261-0/+2
| | | | Notes: svn path=/head/; revision=23404
* Initial import of p5-Authen-PAM version 0.08.Steve Price1999-11-265-0/+35
| | | | | | | | | | A Perl interface to the PAM library. PR: 14137 Submitted by: Matt Behrens <matt@zigg.com> Notes: svn path=/head/; revision=23403
* Forgot a lineChris Piazza1999-11-251-0/+1
| | | | Notes: svn path=/head/; revision=23333
* Patches are now available from www.ssh.org/patchesChris Piazza1999-11-252-2/+5
| | | | | | | Submitted by: Issei Suzuki <issei@jp.freebsd.org> Notes: svn path=/head/; revision=23332
* Removed an obsoleted patch.SADA Kenji1999-11-241-4/+0
| | | | | | | | PR: 15059 Submitted by: Maintainer Notes: svn path=/head/; revision=23303
* Also, set SSH_PROGRAM correctly.Brian Feldman1999-11-241-1/+1
| | | | Notes: svn path=/head/; revision=23297
* Update the CVS_DATE. This brings in support for TIS authentication,Brian Feldman1999-11-2421-298/+578
| | | | | | | | | | | | | | | | | | | | | obsoleting a couple patches (it's the same code, though, except for additions). This also brings in KNFization of everything (please hold the cheering down :) and made me reroll all my patches. My patches have been almost entirely rewritten. The places are the same, but the code's rewritten. It fits with the style (KNF) now, and looks better. I've also added strlcat.c to the build, which, just like strlcpy.c, is necessary for compatibility with older libcs. After strlcat() snuck into the OpenSSH code recently, this would prevent OpenSSH from building on (e.g.) FreeBSD 3.2. Adding it to ssh/lib/ makes it work yet again :) Notes: svn path=/head/; revision=23296
* Correct ssh-keygen usage.Brian Feldman1999-11-231-1/+1
| | | | | | | Submitted by: Larry Baird <lab@gta.com> Notes: svn path=/head/; revision=23275
* Clean up some shell scripting and replace it with proper MakefileBrian Feldman1999-11-221-8/+12
| | | | | | | | syntax. Run ssh-keygen for ssh_host_key on port install, not just package install. Notes: svn path=/head/; revision=23263
* I wish CVS would report new files. This broke the carefully designedBrian Feldman1999-11-221-8/+10
| | | | | | | mirroring system. The tarball was fine, but the extraction was not Notes: svn path=/head/; revision=23262
* And away we go! Here comes the source mirror, thanks Mark!Brian Feldman1999-11-211-1/+1
| | | | | | | Submitted by: markm Notes: svn path=/head/; revision=23253
* Update to 2.3 Beta8.David E. O'Brien1999-11-212-3/+3
| | | | | | | | | | | | | | * Added "firewall mode" timing optimizations which can decrease the amount of time neccessary to SYN or connect scan some heavily filtered hosts. * Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS called Snort was using this to detect Nmap TCP pings). * better FDDI support * changes which should lead to tremendous speedups against some firewalled hosts. Notes: svn path=/head/; revision=23252
* Mastersite has moved.SADA Kenji1999-11-211-1/+1
| | | | Notes: svn path=/head/; revision=23245
* Update to the latest CVS_DATE, obsoleting patches patch-a[yz].Brian Feldman1999-11-213-15/+42
| | | | | | | | | | | | | | | | Add "ignorelogin" login.conf functionality to sshd. The biggest change: new port functionality. Making "fetchsrctarball" will soon work for those of you who cannot use CVS to get OpenSSH. Mark Murray, the savior he is :), will use "make makesrctarball" and put the snapshots of OpenSSH source in the proper place. The current ${MASTER_SITES} is just a guess at where the snapshot files could be hosted; something definite should be worked out very soon. Notes: svn path=/head/; revision=23238
* Set all the default PATHs correctly, removing a "hack"-ish ${PERL}Brian Feldman1999-11-201-2/+0
| | | | | | | | | transform. Prompted by: deraadt Notes: svn path=/head/; revision=23223
* Default to not allowing root logins. This makes it consistant withWarner Losh1999-11-201-1/+1
| | | | | | | | OpenSSH. Users desiring the old functionality can edit their sshd-config files by hand for new installs. Notes: svn path=/head/; revision=23216
* Give OpenSSH TIS client-side authentication.Brian Feldman1999-11-204-0/+99
| | | | | | | Submitted by: peter Notes: svn path=/head/; revision=23210
* ARGH! Remember the echo -n ' sshd'.Brian Feldman1999-11-202-2/+2
| | | | Notes: svn path=/head/; revision=23209
* Change around sshd.sh for the last time.Brian Feldman1999-11-203-16/+7
| | | | Notes: svn path=/head/; revision=23208
* Turn on HAVE_OPENPTY so more than 16 terminals work with sshd.Brian Feldman1999-11-202-9/+8
| | | | | | | | | | | | | | | | | Put sshd.sh installation in the pre-install, ssh_host_key generation back in the PLIST, and check for ssh_config, too. This port now works much better as a package. The configuration files and sshd.sh are also part of the package, and as such removed on deinstall. The proper upgrade procedure from one OpenSSH version to a newer one is: chflags schg /usr/local/etc/ssh* # preserve them from deletion cd /usr/ports/security/openssh make all deinstall reinstall clean Partially submitted by: peter Notes: svn path=/head/; revision=23206
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 10:27:19 +0000