When ModSecurity receives a request body with a size bigger than the value set by the “SecRequestBodyInMemoryLimit” and with a “Content-Type” that has no request body processor mapped to it, ModSecurity will systematically crash on every call to “forceRequestBodyVariable”.
You have to update this package.
A little article which can save you
Samba needs ACLs support. With samba 3.5-3.6 it’s possible to ignore this, but with samba4 it’s quite difficult. When you have installed samba4, you would see that samba4 doesn’t want to initialize AD base without ACLs (for UFS just use acls option). I haven’t found any solution on the internet but samba-tool man helps me to fix this problem.
Here is the arguments to add to samba-tool to use vfs ACLs instead of ZFS acls.
samba-tool domain provision --use-xattrs=yes --use-ntvfs --interactive
Now you can trash your active directory
Because we are installing a new intersite link, with new border routers (BGP+OSPF) on OpenBSD, i have realized that OpenOSPF has some technical limitations.
Indeed my routers to distribute routes via GRE+OSPF redistribute default route (mandatory for internal routers) and this route is also redistributed on the GRE tunnel and create a routing loop on the WAN.
The second limitation is BGP and OSPF. OSPF overrides BGP and if we double the border routers, the default route is learnt from the other border router and incude a routing loop.
OpenOSPF didn’t have filtering meaning, and i need to get a meaning faster, i have decided to patch the service to add filtering option which keep SPF algorithm coherence and forbid system to add route.
I share you this little patch (147 lines) which permit you to add this function (based on OpenOSPF on OpenBSD 5.3), under BSD license.
Continuer à lire
This afternoon i want to test DragonFly dports. Then i got an idea, why not compare PostgreSQL performances between BSD and Linux ? I have done a little benchmark to see the performances gap between multiple OS. To have the best bench, i use the same hardware and the same software. Those tests have been done under pgsql 9.1.
When i did the bench under Linux Debian, I was surprized of the stats, then also do it on a Redhat like, Centos 6.4.
Those operating systems has been choosed.
- DragonFlyBSD 3.4.1 (Hammer)
- FreeBSD 9.1-p3 (UFS2+J)
- FreeBSD 9.1-p3 (ZFS v28)
- Debian 7: Wheezy (ext4, kernel 3.2)
- Debian 7: Wheezy (ext4, kernel 3.2, barrier=0)
- Centos 6.4 (ext4, kernel 2.6.32)
- Centos 6.4 (ext4, kernel 2.6.32, nobarrier)
Continuer à lire
DragonFlyBSD was based on NetBSD’s pkgsrc. Since DragonFlyBSD 3.4, FreeBSD port tree has been ported to DragonFly, and renamed it dports.
The ports tree containt all softwares. It’s an essential element for 3rd softwares and libraries. Each port is categorized in one directory (databases, www, converters…) Continuer à lire
A security hole is present on FreeBSD NFS implementation.
Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory.
You must update FreeBSD via freebsd-update command if you use NFS
Following our recent BGPv4 peering on Renater (french network for research and universities), and our demand on IPv6, i have done a little performance benchmark. I would share you the results.
Globally, BSD IPv4 & IPv6 performances are equivalent, even passing by OpenBSD routers (soft routing). However, CISCO device (45xx chassis, year 2006) which do soft routing has very bad routing performances (2.3Mo/sec whereas 48Mo/sec in IPv4).
Following a recent need (on owncloud port), i want to update the FreeBSD port in the tree. Here we take owncloud example
When we look on google, that seems not to be simple but, it’s weak !
Diff creation for updating port
The first need is to create an update diff. Move to port direction and copy Makefile and distinfo files. Continuer à lire
BGP is a sensible process/protocol. We must monitor it very finely
For efficient monitoring on bgpd, there are some NRPE sensors. Continuer à lire
This afternoon i had some problems when i wanted to add a network kernel driver to my Raspberry PI (using FreeBSD 10.0 -current). When i ask some ideas to FreeBSD ARM list, i have learnt how to compile only ONE module, not all kernel. It’s very usefull for debug purposes or driver devel. Here are the commands.:
Alea jacta est, you can prepare yourselves to kernel panic, because of a missing test !