Messages

I've already read that some here think that forcing users to use Console via SSH and Serial Console is the only way and that having a console in GUI is a security flaw. I happen to think that forcing one to use SSH is a security flaw. Any way to remedy it without hearing from the wise guys about how their way is the only way?

Thank you for taking your time to explain this :)

Funny that you mentioned botnets. Lately I've been getting scanned by some Chang Way Technologies Co Limited, which seems to operate under said country's flag. A Chinese company operating out of RU.

Just tried to reply, was a one line only, so I probably messed up. It went somewhere else  :) Back to the subject, the purpose of me asking is to find the best way of going about it? Should I not update every update and wait for more stable versions instead ? I am really depending on working security. I had to reinstall a couple of times, which was a bit problematic, so whatever you can advise would be great. I think it makes more sense for me to wait than update and have to remedy or wait for patches in a compromised state. Your opinion?

Just wondering if every update has this going on? I mean not exactly this, but you know what I mean. What's the solution to not having it every time? To update? Means to have a possibility of this. Not to update?  Update every so often? Any ideas? Because if this happens every time or every other time, kind of not confident about it, when the problem is broadcasted all around the world for everyone to see. All that they have to do is find who is using OPNSense, lol  Thanks  :D Because every time I post these, I feel like a person who says, by the way, there is a key from my house right there, just make sure you don't go in.


***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 24.1.1 at Wed Feb 14 18:48:09 PST 2024
Fetching vuln.xml.xz: .......... done
unbound-1.19.0_1 is vulnerable:
  DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
  CVE: CVE-2023-50868
  CVE: CVE-2023-50387
  WWW: https://vuxml.freebsd.org/freebsd/21a854cc-cac1-11ee-b7a7-353f1e043d9a.html

Got this error after the upgrade to 24.1, so I started a clean install. After I got all my security back, ran a health check and got this Greeting of the day from finely tuned OPNsense:

>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
   size (299, 433)
   sha256digest .......


Anyone else? Or is God punishing just me? :)

Outrageous mate, OPNsense 24.1 was released on January 30th and the patches landed on Freshports on the 31st ? You have every right to be spared :)

https://www.freshports.org/security/openssl/

Rest assured the fix is coming.

Thank you brother :) Looking forward to the day when the Security scan won't mention the OpenSSL :) It's very important for me :) Cheers!

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 24.1_1 at Thu Feb  1 03:40:34 PST 2024
Fetching vuln.xml.xz: .......... done
openssl-3.0.12_2,1 is vulnerable:
  OpenSSL -- Multiple vulnerabilities
  CVE: CVE-2023-6237
  CVE: CVE-2024-0727
  WWW: https://vuxml.freebsd.org/freebsd/10dee731-c069-11ee-9190-84a93843eb75.html

1 problem(s) in 1 installed package(s) found.
***DONE***

I was really hoping I won't see this after the update. In fact someone was beating their chest swearing that the new upgrade will fix this?

Please spare me on the speeches about how it doesn't matter, it's minor and insignificant. The up and down swearing in the previous version about how it's gonna go away is enough.  I am paying money for this product and I don't want to see persistent errors like this. An attacker can see this too, you know?

Thank you for your time.