Re: svn commit: r302185 - head/release/doc/en_US.ISO8859-1/relnotes

From: Steffen Nurpmeso <steffen_at_sdaoden.eu>
Date: Sat, 25 Jun 2016 16:55:45 +0200
Glen Barber <gjb_at_FreeBSD.org> wrote:
 |On Sat, Jun 25, 2016 at 03:02:11PM +0200, Steffen Nurpmeso wrote:

 |>|  A selection of system daemons, including:
 |>|  <application>fingerd</application>,
 |>|  <application>ftpd</application>,
 |>|-     <application>rlogind</application>,
 |>|-     <application>rshd</application>, and
 |>|-     <application>sshd</application> have been modified to support
 |>|+     <application>rlogind</application>, and
 |>|+     <application>rshd</application> have been modified to support
 |>|  sending notifications to the <application>blacklistd</application>
 |>|  daemon.</para>
 |> 
 |> Allow me to continue hoping nonetheless.
 |> In this great future, you can't forget your past.
 |
 |I hope the issues can be resolved before 11.0-RELEASE.  I personally
 |look forward to this change, but the revert was necessary.

It is very likely that you and D.E. Smørgrav are right, and then
11.0 is to be expected for September.

In fact i was only looking at this from a very narrow user
perspective and, in addition, never liked that log files have to
be parsed to recollect states that were known by the generating
daemon.  It can only be that commercial software does this better,
more integrated, but i don't know.  So once the blacklistd idea
came up, which was, if i recall correctly, shortly after DragonFly
BSD introduced their own logfile analyzer, didn't they?, i was
kind of thrilled, because isn't that the first time that the right
thing is done to face that problem?

In my opinion it would be great if all servers that listen to the
outside world would gain the necessary hooks for "bad command",
"bad login", "good login", possibly more.  This would create an
integrated, synchronous mesh of firewall and servers, so talking
about clowds.., i am looking forward to this.  If rules would
become more sophisticated, e.g., "user IP tried to post messages
with more than X KB the Y time", and that could be taken into
account.  And then it also requires less CPU time and thus energy,
then having a logfile analyzer running in addition.

Thank you.  Have a nice weekend.

--steffen
Received on Sat Jun 25 2016 - 12:55:48 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC