Re: [gentoo-user] Correct way to fight malicious .doc/.docx/.xls/xlsx/.ppt/.pptx email attachments

2019-07-05 Thread Hasan Ç . 
Sure, i sent you bunch of malicious office attachments.

From: hasan.cali...@psauxit.com

Sorry for spam :)

5 Tem 2019 Cum 22:01 tarihinde Michael Orlitzky  şunu yazdı:

> On 7/5/19 2:18 PM, Hasan Ç. wrote:
> > Hi Michael,
> >
> > I quickly tested clamav with option "AlertOLE2Macros" enabled but not
> > worked as expected. ClamAV still marks malicious office attachments like
> > VBA macros as CLEAN.
>
> Would you mind sending the malicious attachment to my other address,
> mich...@orlitzky.com? I'd like to see if our mail system catches it (and
> if not, I'll have something to report to the ClamAV team).
>
>

Re: [gentoo-user] Correct way to fight malicious .doc/.docx/.xls/xlsx/.ppt/.pptx email attachments

2019-07-05 Thread Hasan Ç . 
Hi Michael,

I quickly tested clamav with option "AlertOLE2Macros" enabled but not
worked as expected. ClamAV still marks malicious office attachments like
VBA macros as CLEAN.
On the other hand gmail detects the virus as soon as i add the file to
attachments and doesn't let me send it.

I envy it.

I am happy to hear that next version of spamassassin will have a plugin
that can detect office related attachments i hope it will do good job.

Thank you.

Michael Orlitzky , 5 Tem 2019 Cum, 19:53 tarihinde şunu
yazdı:

> On 7/5/19 11:59 AM, Hasan Ç. wrote:
> >
> > Rejecting all of them with postfix is not a option for me.
> >
> > I tried some spamassasian rules to give them high score but not worked
> > as expected.
> >
> > I would appreciate it if you share your experiences.
> >
>
> The next version of SpamAssassin will have a plugin that can detect and
> score these:
>
>
> https://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEMacro.pm
>
> In the meantime, your best bet might be to turn on
>
>   AlertOLE2Macros yes
>
> in your clamd.conf. That will block any office documents that look like
> they contain VBA macros.
>
>

[gentoo-user] Correct way to fight malicious .doc/.docx/.xls/xlsx/.ppt/.pptx email attachments

2019-07-05 Thread Hasan Ç . 
Hi all,

Nowadays, i find myself in trouble while protecting mail servers from
office related malicious email attachments.

ClamAV, even with unofficial signatures like sanesecurity, malwarepatrol
etc. can't filter correctly these kind of office attachments.

Rejecting all of them with postfix is not a option for me.

I tried some spamassasian rules to give them high score but not worked as
expected.

I would appreciate it if you share your experiences.

MTA:Postfix
Filtering: ClamAV (with clamsmtp & all unofficial signatures) + SpamAssassin
MDA=Dovecot (LMTP) + Sieve

Hasan.

Re: [gentoo-user] virtual eselect - how to

2019-06-28 Thread Hasan Ç . 
[image: 56973125-e55d8300-6b74-11e9-99c7-142bfc4b2b11.png]

[image: 56973077-d1198600-6b74-11e9-97a0-315e789142cd.png]

[image: 56973043-c3640080-6b74-11e9-9415-90b3fa01ee9f.png]

Hasan Ç. , 29 Haz 2019 Cmt, 04:20 tarihinde şunu yazdı:

> Hi All,
>
> I mentioned my active PR a few times on dev-lists that covers *openblas
> ebuild (for main gentoo tree ~amd64)* + *integrated switch script between
> openblas and gentoo reference set* {c,}blas, lapack and gsl (gnu
> scientific library) *system-wide.* It seems i could not announce it
> enough.
>
> Here is the complete openblas PR + system-wide switch script, if someone
> interested in -->
> https://github.com/gentoo/gentoo/pull/11700
>
> *Here is the code who want to inspect switch script before use it -->*
>
> https://github.com/gentoo/gentoo/blob/04b5fc9c117571ce040a94f63c6d09e0ce15c5f8/sci-libs/openblas/files/openblas
>
>- I believe the proper way is eselect instead of this script but
>openblas switch script is my quick fix until openblas fully integrated to
>main tree and eselect.
>- After switching to openblas system wide with script i tested it with 
> *numpy
>& scipy, *both of them compiled with openblas support without any
>issue.
>- *This is not officially merged PR and maybe it never will.Also
>switch script not reviewed deeply by gentoo devs and may need
>improvement.This is my own solution.Please consider this before use it.*
>
> Screenshot's of the openblas switch script -->
>
> *openblas --status*
> [image: 56973125-e55d8300-6b74-11e9-99c7-142bfc4b2b11.png]
>
> *openblas --openblas*
> [image: 56973077-d1198600-6b74-11e9-97a0-315e789142cd.png]
>
> *openblas --help*
> [image: 56973043-c3640080-6b74-11e9-9415-90b3fa01ee9f.png]
>
> Hasan Calisir | Proxy Maint
>
> Helmut Jarausch , 26 Haz 2019 Çar, 16:05 tarihinde
> şunu yazdı:
>
>> Hi,
>> what is the relationship of a virtual package and eselect.
>> E.g.
>> I have installed openblas but 'eselect blas list' doesn't know about
>> this.
>> I have even modified  virtual/blas to include openblas.
>>
>> How does eselect get the list of alternatives?
>>
>> Many thanks for a hint,
>> Helmut
>>
>>

Re: [gentoo-user] virtual eselect - how to

2019-06-28 Thread Hasan Ç . 
Hi All,

I mentioned my active PR a few times on dev-lists that covers *openblas
ebuild (for main gentoo tree ~amd64)* + *integrated switch script between
openblas and gentoo reference set* {c,}blas, lapack and gsl (gnu scientific
library) *system-wide.* It seems i could not announce it enough.

Here is the complete openblas PR + system-wide switch script, if someone
interested in -->
https://github.com/gentoo/gentoo/pull/11700

*Here is the code who want to inspect switch script before use it -->*
https://github.com/gentoo/gentoo/blob/04b5fc9c117571ce040a94f63c6d09e0ce15c5f8/sci-libs/openblas/files/openblas

   - I believe the proper way is eselect instead of this script but
   openblas switch script is my quick fix until openblas fully integrated to
   main tree and eselect.
   - After switching to openblas system wide with script i tested it
with *numpy
   & scipy, *both of them compiled with openblas support without any issue.
   - *This is not officially merged PR and maybe it never will.Also switch
   script not reviewed deeply by gentoo devs and may need improvement.This is
   my own solution.Please consider this before use it.*

Screenshot's of the openblas switch script -->

*openblas --status*
[image: 56973125-e55d8300-6b74-11e9-99c7-142bfc4b2b11.png]

*openblas --openblas*
[image: 56973077-d1198600-6b74-11e9-97a0-315e789142cd.png]

*openblas --help*
[image: 56973043-c3640080-6b74-11e9-9415-90b3fa01ee9f.png]

Hasan Calisir | Proxy Maint

Helmut Jarausch , 26 Haz 2019 Çar, 16:05 tarihinde şunu
yazdı:

> Hi,
> what is the relationship of a virtual package and eselect.
> E.g.
> I have installed openblas but 'eselect blas list' doesn't know about
> this.
> I have even modified  virtual/blas to include openblas.
>
> How does eselect get the list of alternatives?
>
> Many thanks for a hint,
> Helmut
>
>

Re: [gentoo-user] 4 versions of binutils: requesting confirmation for eselect set

2019-04-16 Thread Hasan Ç . 
I didn't check the package keywords.I looked from web.Even 2.31.1-r5 not
exist on web.

I see that web is out of sync with current tree.I understand now it is not
good idea to trust packages.gentoo.org

16 Nis 2019 Sal 11:07 PM tarihinde Neil Bothwick  şunu
yazdı:

> On Tue, 16 Apr 2019 16:28:19 +0300, Hasan Ç. wrote:
>
> > In my case i didn't find the reason why portage tried to install
> > unstable 2.31.1-r4 on my system.
> >
> > Which package pulls it still a mystery for me .
> >
> > 2.30-r4 is latest stable.
>
> 2.31.1-r4 is stable here, 2.31.1-r5 is testing.
>
>
> --
> Neil Bothwick
>
> "There are no stupid questions, just too many inquisitive idiots."
>

Re: [gentoo-user] 4 versions of binutils: requesting confirmation for eselect set

2019-04-16 Thread Hasan Ç . 
I face the same problem so i masked binutils.I also warned toolchain team
about that.

In my case i didn't find the reason why portage tried to install unstable
2.31.1-r4 on my system.

Which package pulls it still a mystery for me .

2.30-r4 is latest stable.

I believe after "emerge -av depclean" portage will drop 2.31.1 from your
system.Maybe 2.29 too.

But i find this really weird.

Regards.
Hasan Çalışır

15 Nis 2019 Pts 5:41 PM tarihinde allan gottlieb  şunu
yazdı:

> On one of my machines I see
>
> gottlieb@E6430 ~ $ eselect binutils list
>  [1] x86_64-pc-linux-gnu-2.28.1 *
>  [2] x86_64-pc-linux-gnu-2.29.1
>  [3] x86_64-pc-linux-gnu-2.30
>  [4] x86_64-pc-linux-gnu-2.31.1
>
> But I also see
>
> gottlieb@E6430 ~ $ eix -I -e binutils
> [?] sys-devel/binutils
>  ...
>  (2.28.1) [M]2.28.1
>  (2.29.1) [M]2.29.1-r1
>  (2.30) 2.30-r4
>  (2.31) 2.31.1-r4 ~2.31.1-r5
>  ...
>
> So I am using a masked version of binutils, which seems bad.
>
> I presume I should do
>eselect binutils set 4
>
> I am asking for confirmation since I realize breaking binutils
> is not fun.
>
> thank you,
> allan
>
>

Re: [gentoo-user] Server fails to boot after update to 4.19.27-r1

2019-03-10 Thread Hasan Ç . 
I just upgraded to 4.19.27-r1 and there wasn't any issue.I think issue is
related to your kernel compile procedure.

If you used genkernel i don't know how it handles things.

If you compiled kernel manually my best guess for troubleshooting for non
EFI system-->

 your initramfs (regenerate)
 your kernel .config
 /etc/default/grub settings  /boot/grub/grub.cfg.
 microcode cpio for any breaks

 start from scratch ---

make mrproper
make menuconfig --> save & exit <--
make syncconfig  --> need for 4.19. This will sync your old kernel config
but i always prefer to get a fine tuned one from my trusted sources if
kernel upgrade is major <--

make
make modules_install
make install
dracut --force --regenerate-all
grub-mkconfig -o /boot/grub/grub.cfg

10 Mar 2019 Pzr 4:24 PM tarihinde Dan Johansson  şunu
yazdı:

> After updating a server from kernel-4.14.83 to 4.19.27-r1 (same problem
> with 4.19.23) the server will not boot.
>
> Grub starts fine and I can select the new kernel.
> The kernel starts booting and after mounting "/" and "/usr" (this is a
> server with a separate /usr") the boot-process hangs.
>
> Here are the last few lines displayed before it hangs:
>
>  >> Initializing root device...
>  >> Detected root: /dev/md127
>  >> Mounting /dev/md127 as root...
>  >> Detected fstype: ext4
>  >> Using mount fstype: ext4
>  >> Using mount opts: -o ro
>   7.6104971 EXT4-fs (md127): mounted filesystem with ordered data
> mode.  Opts (null)
>   7.6572671 init (5708) used greatest stack depth: 13280 bytes left
>  >> Mounting /dev/dm-O as /usr: mount -t ext4 -o noatime,user_xattr,ro
> /deu/dm-O /newroot/usr
>   7.6909561 EXT4-fs (dm-0): INFO: recouery required on readonly
> filesystem
>   7.6925551 EXT4-fs (dm-0): write access will be enabled diming
> recouery
>   7.9169781 EXT4-fs (dm-0): recovery complete
>   7.9223701 EXT4-fs (dm-0): mounted filesystem with ordered data
> mode.  Opts: user_xattr
>   7.9233051 mount (5722) used greatest stack depth, 13000 bytes left
>  >> /usr already mounted, skipping...
>  >> Booting (initramfs)
> sep-usr init: running user requested applet
>
>
> As I said, the 4.14.83 kernel boots without problem with the same
> configuration.
>
> Any suggestions?
> --
> Dan Johansson,
> ***
> This message is printed on 100% recycled electrons!
> ***
>
>

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

2019-01-15 Thread Hasan Ç . 
Hi Ralph,

Sorry for very very late answer.I am on prod. with 4.19.8 kernel and i
confirm that i don't have a such problem with iptables.I am not sure what
is the exact solution of your problem but the one thing i guess your linux
headers (4.13 or 4.14 if you follow mainstream) & kernel .config and kernel
version mistmatch.I have own compiled kernel and also re-compiled glibc
with 4.19.8 headers also re-compiled @world and @system :)

The only issue i faced with this setup is kernel audit. sys-process/audit
package can't compile because of 4.19.8 headers.


Andrew Savchenko , 23 Ara 2018 Paz, 18:34 tarihinde
şunu yazdı:

> On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote:
> > With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> > I activate some iptables rules. The same ruleset works fine with all
> > earlier kernel versions.
> >
> > I found https://marc.info/?l=netfilter-devel=154211825506348=2 and
> > was wondering if there is any workaround/patch availabe in Gentoo?
>
> You can apply patches by your own. This is easy:
>
> 1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8
> (or whatever kernel you are using).
> 2. Put patches there, ensure file names end with ".patch".
>
> More details are here:
> https://wiki.gentoo.org/wiki//etc/portage/patches
>
> Best regards,
> Andrew Savchenko
>

[gentoo-user] sys-process/audit | gen_flagtabs_h-gen_tables.o] Error 1

2018-12-12 Thread Hasan Ç . 
Hello,

Any idea?

 * Package:sys-process/audit-2.8.3
 * Repository: gentoo
 * Maintainer: seli...@gentoo.org robb...@gentoo.org
 * USE:abi_x86_64 amd64 elibc_glibc kernel_linux python
python_targets_python2_7 python_targets_python3_6 userland_GNU
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
 * Determining the location of the kernel source code
 * Found kernel source directory:
 * /usr/src/linux
 * Found sources for kernel version:
 * 4.19.8-gentoo
 * Checking for suitable kernel configuration options...
 [ ok ]
 * Applying audit-2.4.3-python.patch ...
 [ ok ]
 * Applying audit-2.1.3-ia64-compile-fix.patch ...
 [ ok ]
 * Running eautoreconf in
'/var/tmp/portage/sys-process/audit-2.8.3/work/audit-2.8.3' ...
 * Running libtoolize --install --copy --force --automake ...
 [ ok ]
 * Running aclocal ...
 [ ok ]
 * Running autoconf --force ...
 [ ok ]
 * Running autoheader ...
 [ ok ]
 * Running automake --add-missing --copy --force-missing ...
 [ ok ]
 * Running elibtoolize in: audit-2.8.3/
 *   Applying portage/1.2.0 patch ...
 *   Applying sed/1.5.6 patch ...
 *   Applying as-needed/2.4.3 patch ...
 * abi_x86_64.amd64: running multilib-minimal_abi_src_configure
Configuring auditd
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for a BSD-compatible install...
/usr/lib/portage/python3.6/ebuild-helpers/xattr/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to print strings... printf
checking for style of include used by make... GNU
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether x86_64-pc-linux-gnu-gcc accepts -g... yes
checking for x86_64-pc-linux-gnu-gcc option to accept ISO C89... none needed
checking whether x86_64-pc-linux-gnu-gcc understands -c and -o together...
yes
checking dependency style of x86_64-pc-linux-gnu-gcc... none
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by x86_64-pc-linux-gnu-gcc...
/usr/x86_64-pc-linux-gnu/bin/ld
checking if the linker (/usr/x86_64-pc-linux-gnu/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)...
/usr/bin/x86_64-pc-linux-gnu-nm -B
checking the name lister (/usr/bin/x86_64-pc-linux-gnu-nm -B) interface...
BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 201326592
checking how to convert x86_64-pc-linux-gnu file names to
x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain
format... func_convert_file_noop
checking for /usr/x86_64-pc-linux-gnu/bin/ld option to reload object
files... -r
checking for x86_64-pc-linux-gnu-objdump... x86_64-pc-linux-gnu-objdump
checking how to recognize dependent libraries... pass_all
checking for x86_64-pc-linux-gnu-dlltool... no
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for x86_64-pc-linux-gnu-ar... x86_64-pc-linux-gnu-ar
checking for archiver @FILE support... @
checking for x86_64-pc-linux-gnu-strip... x86_64-pc-linux-gnu-strip
checking for x86_64-pc-linux-gnu-ranlib... x86_64-pc-linux-gnu-ranlib
checking command to parse /usr/bin/x86_64-pc-linux-gnu-nm -B output from
x86_64-pc-linux-gnu-gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for x86_64-pc-linux-gnu-mt... no
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if x86_64-pc-linux-gnu-gcc supports -fno-rtti -fno-exceptions... no
checking for x86_64-pc-linux-gnu-gcc option to produce PIC... -fPIC -DPIC
checking if x86_64-pc-linux-gnu-gcc PIC flag -fPIC -DPIC works... yes
checking if x86_64-pc-linux-gnu-gcc static flag -static works... yes
checking if x86_64-pc-linux-gnu-gcc supports -c -o file.o... yes
checking if

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

2018-12-12 Thread Hasan Ç . 
Can you share your iptables rules i am on 4.19.8 too with exact version of
kernel c headers & updated glibc.
I can share my results.

Hasan.

Ralph Seichter , 12 Ara 2018 Çar, 16:40
tarihinde şunu yazdı:

> With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> I activate some iptables rules. The same ruleset works fine with all
> earlier kernel versions.
>
> I found https://marc.info/?l=netfilter-devel=154211825506348=2 and
> was wondering if there is any workaround/patch availabe in Gentoo?
>
> -Ralph
>
>

[gentoo-user] net-misc/r8168 build issue

2018-11-15 Thread Hasan Ç . 
Hi All,

This is a known problem kernel uses r8169 ethernet firmware for r8168 chips
and causes connectivity issues.Thanks gentoo there is a r8168 package in
net-misc but i encountered a problem.

James Le Cuirot , Sat, 28 Apr 2018 00:09, commit ee232457


-CONFIG_CHECK="!R8169"
-ERROR_R8169="${P} requires Realtek 8169 PCI Gigabit Ethernet adapter
(CONFIG_R8169) to be DISABLED"

emerge --ask net-misc/r8168


* Messages for package net-misc/r8168-8.045.08:
 *   r8168-8.045.08 requires Realtek 8169 PCI Gigabit Ethernet adapter
(CONFIG_R8169) to be DISABLED

It seems not allow to build r8168 if kernel compiled with r8169 module.Do
we need to re-compile kernel without r8169?
After i disabled r8169 in /usr/src/linux-$(uname -r)/*.config* manually,
build works.

#CONFIG_R8169=m


 emerge --ask net-misc/r8168


lspci -v


02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
Subsystem: Hewlett-Packard Company RTL8111/8168/8411 PCI Express Gigabit
Ethernet Controller
Kernel driver in use: r8169
Kernel modules: r8169, r8168

modprobe -r r8169
> modprobe r8168


modprobe: ERROR: could not insert 'r8168': Required key not available

[*]   Module signature verification
[*] Require modules to be validly signed
[*] Automatically sign all modules
  Which hash algorithm should modules be signed with? (Sign
modules with SHA-512) --->


I signed r8168 manually and disabled r8169:

/usr/src/linux-$(uname -r)/scripts/sign-file sha512 /usr/src/linux-$(uname
> -r)/certs/signing_key.pem /usr/src/linux-$(uname -r)/certs/signing_key.x509
> /lib/modules/$(uname -r)/net/r8168.ko


modprobe r8168



> echo "blacklist r8169" >> /etc/modprobe.d/blacklist.conf # This is not
> working for me something forcing to it load.


GRUB_CMDLINE_LINUX_DEFAULT="modprobe.blacklist=r8169" #This is working way
> to push r8168 instead of r8169 for me.


grub-mkconfig -o /boot/grub/grub.cfg



> dracut --force --regenerate-all


lspci -v


 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
Subsystem: Hewlett-Packard Company RTL8111/8168/8411 PCI Express Gigabit
Ethernet Controller
Kernel driver in use: r8168
Kernel modules: r8169, r8168

dmesg | grep r8168


[3.951450] r8168: loading out-of-tree module taints kernel.
[3.951732] calling  init_module+0x0/0x1000 [r8168] @ 564
[3.951750] r8168 Gigabit Ethernet driver 8.045.08-NAPI loaded
[3.967857] r8168: This product is covered by one or more of the
following patents: US6,570,884, US6,115,776, and US6,327,625.
[3.967861] r8168  Copyright (C) 2017  Realtek NIC software team <
nic...@realtek.com>
[3.967893] initcall init_module+0x0/0x1000 [r8168] returned 0 after
15775 usecs
[3.993330] r8168 :02:00.0 eno1: renamed from eth0
[  808.484879] r8168: eno1: link up

ifconfig


eno1: flags=4163  mtu 1500
inet 10.34.105.20  netmask 255.255.255.0  broadcast 10.34.105.255
inet6 fe80::f9e1:641f  prefixlen 64  scopeid 0x20
ether 48:ba:4e  txqueuelen 1000  (Ethernet)
RX packets 408  bytes 119641 (116.8 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 507  bytes 84037 (82.0 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 127  base 0x5000

It seems stable but i don't know why it is restricted for r8169 enabled
kernel.
Sincerely.