Re: Upcoming changes to Debian Linux kernel packages
On 2023-10-01, Bastian Blank wrote: > So you upgrade the driver and libaries and suddenly your system fails > until you reboot? Okay, I could imaging NVidia doing something like > tying libraries to kernel modules. At least in the past they replaced > gl libraries that did not longer work with X forwarding. > > Could you please name the culprit, or is this just a theoretical > problem? Yes you named it. Without rebuilding with dkms the old kernel disable nvidia loading. > However what if the new driver does not build with the old kernel? Of course. But it would fail during compilation not days after when you desperately need to boot on the only supposedly working kernel
Re: Upcoming changes to Debian Linux kernel packages
On 2023-10-01, Bastian Blank wrote: >> Then I upgrade the system, which brings Linux 6.7 (along linux-image-6.6 >> which is kept installed) and a new version of the gpu driver (which adds >> support for 6.7). So the old gpu module for 6.6 gets removed and a new one >> is built for 6.7 only (since there are only 6.7 headers now). > > Ah, here lays the missconception. No, the 6.6 ones are not removed. Why > should they be? The system knows it can't rebuild them. As the old kernel driver is not rebuild it perhaps could break things if libraries/programs are tied on a specific version of the driver
Re: How to get 100% secure debian system?
Le 24 janvier 2023 Carsten Schabacker a écrit : > There is at least one open source alternative to 1password etc. > > > https://psono.com/ But it don't operate ssh/gpg. Also it uses a clent/server architecture much more complicated for personnal use. And keepassxc is a fork from keepass and uses the same database format.
Re: How to get 100% secure debian system?
Le 23 janvier 2023 Alexander Swen a écrit : > It won't stop there. If you're not already using it: start using some > password manager (1password, Lastpass, Keepassxc are all good ones) and > change the passwords of all the accounts you have. You cannot > exaggerate this. Every account you have should have a unique, complex, > password. 1password and lastpass are not opensource. keepassxc is GPL and packaged in Debian. And it is pluggable in web browser and also ssh and gpg. Cheers
Re: Uhm, so, what happened...?
[EMAIL PROTECTED] (John Keimel) a écrit : We've still got many hours of Wednesday left and if the people in charge of this are like many hackers I know, it'll be near the end of the day before anything would be posted. Which time zone ? :) 17h30 now in Paris, France -- Michel Verdier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Uhm, so, what happened...?
[EMAIL PROTECTED] (John Keimel) a écrit : We've still got many hours of Wednesday left and if the people in charge of this are like many hackers I know, it'll be near the end of the day before anything would be posted. Which time zone ? :) 17h30 now in Paris, France -- Michel Verdier
Re: ipchains
syborg [EMAIL PROTECTED] a écrit : | I check this with this 2 rules, for me work with the same, at this | moment. The first cuts all interfaces, the second only eth0. | Under W2k, after scan, I find also in log info that the host of the addres | 192.168.1.1 | have restriction, but I can connect via web, if I scan again, the scaner see | the port who listen for connection. Another rule before authorize connection ? Is your W2k really 192.168.1.1 ? Did you do an ipchains -L to see your rule up ? -- o-o Michel Verdier http://www.chez.com/mverdier ICQ:18744723 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains
syborg [EMAIL PROTECTED] a écrit : | | The first cuts all interfaces, the second only eth0. | | Yes, I want only block from eth0, I also block from all eth interfaces All interfaces includes loopback ... | Is your W2k really 192.168.1.1 ? | No it is only example, normal the IP was from ISP provider. | | Did you do an ipchains -L to see your rule up ? | Yes So it could be : - you used a wrong IP (apparently not ?) - another rule allows connection : try ipchains -C to verify this point and you should use ipchains -I to insert your rule on the first place -- o-o Michel Verdier http://www.chez.com/mverdier ICQ:18744723 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains
syborg [EMAIL PROTECTED] a écrit : | I check this with this 2 rules, for me work with the same, at this | moment. The first cuts all interfaces, the second only eth0. | Under W2k, after scan, I find also in log info that the host of the addres | 192.168.1.1 | have restriction, but I can connect via web, if I scan again, the scaner see | the port who listen for connection. Another rule before authorize connection ? Is your W2k really 192.168.1.1 ? Did you do an ipchains -L to see your rule up ? -- o-o Michel Verdier http://www.chez.com/mverdier ICQ:18744723
Re: ipchains
syborg [EMAIL PROTECTED] a écrit : | | The first cuts all interfaces, the second only eth0. | | Yes, I want only block from eth0, I also block from all eth interfaces All interfaces includes loopback ... | Is your W2k really 192.168.1.1 ? | No it is only example, normal the IP was from ISP provider. | | Did you do an ipchains -L to see your rule up ? | Yes So it could be : - you used a wrong IP (apparently not ?) - another rule allows connection : try ipchains -C to verify this point and you should use ipchains -I to insert your rule on the first place -- o-o Michel Verdier http://www.chez.com/mverdier ICQ:18744723
Re: icmp: echo reply? Am I being attacked?
John Vivian [EMAIL PROTECTED] a écrit : | A 'ping' consists of two types of ICMP packets; an echo-request, | and an echo-reply. | | Take a look at the network traffic for echo-requests from the | hosts | that your machine is sending the echo-reply to; you should see | them. It should be better to look for echo-requests addressed to neural1.fe.up.pt since source address of the echo-requests could be forged. | i may be incorrect with this next statement (corrections anyone?), | if | you do not see any echo-requests that correspond to the | echo-replys | you are seeing, then it may be possible that someone has compromised | your machines. This is probably not the case, though i can't say | for | certain. The bottom line is that if you see the echo-requests, | then | mystery solved. Otherwise, you may wish to post again with more | details. | | Hope this helps. Can anyone else provide more info? I do not know any other reason for echo-replys... -- o-o [EMAIL PROTECTED] (Michel Verdier) http://www.chez.com/mverdier
Re: Logging atempts
"Edward C. Lang" [EMAIL PROTECTED] a écrit : | "MV" == Michel Verdier [EMAIL PROTECTED] writes: | | MV -- | MV o-o | | Is there a major difference between Michel and Christoph Lameter? ??? Of course you have understood my question as : what could make logcheck better than logsurfer for logfiles survey. -- o-o [EMAIL PROTECTED] (Michel Verdier) http://www.chez.com/mverdier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logging atempts
Frank Copeland [EMAIL PROTECTED] a écrit : | Description: Mails anomalies in the system logfiles to the administrator | Logcheck is part of the Abacus Project of security tools. It is a program | created to help in the processing of UNIX system logfiles generated by the | various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper | and Log Daemon packages, and the Firewall Toolkit by Trusted Information | Systems Inc.(TIS). | . | Logcheck helps spot problems and security violations in your logfiles | automatically and will send the results to you in e-mail. This program is | free to use at any site. Please read the disclaimer before you use any of | this software. Is there major differences between Logcheck and logsurfer ? logsurfer is very nice, perhaps not so easy to configure but it permits messages correlation thus sending just one mail for a whole DOS attack. -- o-o [EMAIL PROTECTED] (Michel Verdier) http://www.chez.com/mverdier
Re: Logging atempts
Edward C. Lang [EMAIL PROTECTED] a écrit : | MV == Michel Verdier [EMAIL PROTECTED] writes: | | MV -- | MV o-o | | Is there a major difference between Michel and Christoph Lameter? ??? Of course you have understood my question as : what could make logcheck better than logsurfer for logfiles survey. -- o-o [EMAIL PROTECTED] (Michel Verdier) http://www.chez.com/mverdier
