Issues with built Tue Dec 14 05:32:26 EST 2010

romainp

Hi,
I have noted sevral issues with:
2.0-BETA4 (i386)
built on Tue Dec 14 05:32:26 EST 2010

• Now, each time a user connect to the web gui, a bip sounds on the pf box as long as a message on the screen:

Message from syslogdxxxxx at xx xx xx:xx:xx ...
xxxx php:pkg_edit.php: Successful webConfigurator login for user 'admin' from xx.xx.xx.xx

• Another issue is related to the tinydns package.
  I have tried then removed this package and mage the upgrade to 2.0-BETA4 (i386) built on Tue Dec 14 05:32:26 EST 2010. At the end of the upgrade, it seems that the tinydns related service starts even if the package is not be installed. Unfortunatly I do not have what has been displayed but it looks like:

...
Starting /usr/local/etc/rc.d/svscan
...

I can catch the messages better that this at the next upgrade

• Last issue: when accessing the console (option 8 ) now, a bip is heard each time I use tab which is very anoying…

Thanks

jimp

The login message is by design (I'm not too crazy about it either, but from a security standpoint it's better.)

As for a beep when you press tab, in what context? It's always beeped if you tried to do tab completion but the file didn't exist. If I tab complete a filename that exists, it doesn't beep at me.

Not sure about the tinydns issue. I have seen that left behind before as well, but haven't investigated it.

mromero

I can confirm an annoying "beep" from the Pfsense box when logging via the Web GUI with the build Jimp issued to temporarily fix the Squid problem.

This has never happened before - is it a new Feature? I am not pressing any alt tab or anything, simply logging in as per usual. I thought the box was going down with a POST beep.

If it is a new Feature, can an option be put in to silence the "beep" ?

The other box has no speaker thus it will not be an issue on that one  :-\

@jimp:

The login message is by design (I'm not too crazy about it either, but from a security standpoint it's better.)

As for a beep when you press tab, in what context? It's always beeped if you tried to do tab completion but the file didn't exist. If I tab complete a filename that exists, it doesn't beep at me.

Not sure about the tinydns issue. I have seen that left behind before as well, but haven't investigated it.

romainp

Beep still there with 2.0-BETA4 (i386) built on Wed Dec 15 07:49:38 EST 2010. (login to the pf web page).
I do not care about the login info (even if I think it is not really usefull to display this) but the beep is really annoying.

If I can make a suggestion:

• On the welcome menu on the console, it could be really cool to have a message at the end saying that 'A user coming from xx.xx.xx.xx is currently connected to the GUI'. It could be nice to have this info in case someone is in front of the box want to reboot he system. This message could be cleared/screen reflreshed after 15 secs and the menu back again.
  Just a suggestion.

• About the issue with tinydns startup service, I still have:

...
Starting /usr/local/etc/rc.d/svscan.sh...done
Starting /usr/local/etc/rc.d/tnydns.sh...done
Bootup complete

I have then reinstalled Tinydns, remove it and I will wait the next upgrade to see if the startup services have disappeared.

Also, there is a major concern I have posted here: http://forum.pfsense.org/index.php/topic,31137.0.html

romainp

With 2.0-BETA4 (i386) built on Thu Dec 16 14:34:04 EST 2010

• Still have the beep and alert message displayed on console each time a web acces is done
• Still have issue with tinydns startup script tried to be executed but package is no more installed

Thanks

jimp

• The beep is a new feature and may be there to stay
• The other issue is up to someone maintaining the tinydns package to fix, not a snapshot issue.

rpsmith

how about a check box to disable the beep?  you might have the box stashed somewhere in the bedroom or closet and the wife might not appreciate the extra security.   :)

Roy…

jimp

I had the same thought yesterday but didn't get around to making any changes.

romainp

I think it could be great to have this option. I am not a security expert (only a sysadmin) and I can't think in a security point of vue about the fact that it could be more secure if my firewall box make some 'beep' sounds when I log on the gui. Logging user activities in a log (or syslog) could be great in my opinion instead of just have a console message (for audit purpose for example). I have played with several security related box like checkpoint or see other security systems like nortel ips or juniper box and none of them have this feature. But you are the experts and I don't want to argue too much about this, I totally believe in your expertise about security. I love PF and the work you already done on it is really impressive.

For the tinydns issue, what is the process to inform the maintainer of the package about this issue?
thanks again.

jimp

The intent is not to beep; There isn't some script making the beep on its own. The intent is to log the authentication to the system's auth log. The OS is causing the beep when that happens.

jimp

As for tinydns, start a new thread with that specifically mentioned in the title and someone may pick up on it, or at least confirm the issue.

romainp

Ok cool for the bip feature. An option to desactivate it could be nice.

I have question:

• what happen (haven't tested yet) if I am on the console configuring a vlan or an interface and that the login warning is displayed at the same time (assuming someone connect the gui at the same time I am on the console)?

Thanks

jimp

The console is not a "live" screen. It is printed and then left there. It's non-trivial to just update the screen and then redisplay the menu.

Printing a message just adds text at the end of the window and then scrolls down.