Re: linux cash register software, i.e, a simple point of sale?
On Lu, 23 iul 12, 01:03:42, Nick Lidakis wrote: > > Any simple Linux cash registers out there? My brother tested several POS programs for his restaurant, but found nothing that matched his needs (he needed a software that could do recipes as well), but in his opinion LemonPOS was quite good. Unfortunately there is no Debian package :( (but there is an Ubuntu PPA package that worked on squeeze). Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: is it rational to close the 139 port
On Lu, 23 iul 12, 04:14:10, lina wrote: > > Thanks for your suggestions. I didn't realize aptitude would install > something else, and sometimes I treated the recommended as something > complimentary. Many times I left the laptop to install and myself run > outside to take a break. I don't watch it downloading and installing packages either, but I do have a good look at what it plans to do before confirming ;) When in doubt I look at package descriptions and even go up the dependency chain and then, on occasion, chose to not install specific Recommends. All of this is very easy to do with aptitude in interactive mode. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On Du, 22 iul 12, 20:51:04, Erwan David wrote: > > > bug 375500, but you do not have the whole discussion > Note that rephrasing it in 505662 leads to silence. > > SOme other but I cannot find them back, since they are old : I now > prefer directly installing non packaged programs when I encounter such > behaviour. > And first thing I disable automatic installation of recommended packages. You could: - provide patches (after testing that the dependency on gconf2 is really not needed) - if still no answer/reaction bring the issue to -devel or Technical Committee You probably already know the Gnome team is chronically understaffed... Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Tools in Debian to create whole disk image (multiple partitions)?
On Du, 22 iul 12, 19:28:35, Rick Thomas wrote: > > If all the empty space is filled with something redundant (like, > zeroes?) then you can use almost any compress program (gzip comes to > mind...) and it will all be compressed out. > > If the empty space is filled with random junk, it will depend on > just how "random" the junk is. > > Does that help? A compressor of course helps reduce the size a *lot* (it's only 368 MiB gziped), but this introduces an additional step that I was trying to avoid. I'll look at Colenzilla, but just creating the live USB is a pain[1] and having to reboot each time I want to generate a new image is also not something I look forward to :( [1] http://clonezilla.org/liveusb.php Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Tools in Debian to create whole disk image (multiple partitions)?
On Du, 22 iul 12, 22:41:52, Gary Dale wrote: > So what you really need is a copy of the files on /boot and /. You > don't need the swap space and you don't need the empty space in the > main partition. Nope, what I really need is something that would fit here: http://www.raspberrypi.org/downloads Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Why have d-community-offtopic? (Re: What does group consider to be on topic"?)
On Lu, 23 iul 12, 08:03:06, Chris Bannister wrote: > > Are you suggesting that some posts to d-community-offtopic be marked as > [OT] ? Of course, Debian stuff is offtopic on -offtopic :p Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: is it rational to close the 139 port
On 22/07/12 21:31, Stan Hoeppner wrote: ~$ netstat -ant|grep LISTEN ... or ~$ netstat -lnt :-) Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500cdfda.4030...@walnut.gen.nz
linux cash register software, i.e, a simple point of sale?
I'd like to transition our medium sized coffee/shop bakery to some kind of open Linux cash register. I say register because I don't need the advanced features of a POS, i.e., inventory control, invoices, etc. I'd like to replicate what we have now which is this: http://www.cashregisterstore.com/xcart/product.php?productid=77&cat=23&page=1 Flat PLU buttons for drinks and pastries, electronic reporting, VAT tax, i.e., our prices include sales tax and are rounded off to the quarter. We program a flat key for $2.25 and the Casio takes care of adding the tax to the total price, reporting the taxes at the end of the day on the Z report and breaking it down on a customer's receipt. With a ton of professional IBM POS terminals (all x86 based, infrared touch screens) available on eBay, I thought I could recycle some old hardware and run a Linux ncurses based simple cash register. Something configured with a text file. But I can't find anything in the Debian repos or via Google. The closest was Kvark but it's written in Russian and seems abandoned: http://sourceforge.net/projects/kvark/ The Casio has no network capabilities; is very difficult to program; writes the Z reports to a compact flash which must be physically pulled from the machine at the end of the night or get a paper Z report; has cryptic error codes when one of the baristas does something it doesn't like; is very closed hardware and software wise. I'd like to stay away from proprietary systems if I can. iPad POS systems (Shopkeep; Square register) are all the rage these days amongst espresso shops like ours but I don't do Apple and the hardware is not up to snuff (consumer grade; wireless only; delicate ports) behind a bar with hot liquids and food, in my opinion. Any simple Linux cash registers out there? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120723050342.GA17619@phobos
Re: What does this mean?
On 20120723_110432, Chris Bannister wrote: > On Sun, Jul 22, 2012 at 04:18:07PM -0600, Paul E Condon wrote: > > I have already downloaded Knoppix v7.0.1, per Chris' suggestion, but > > have not yet found out what to do with it. Does it have memory, > > component test software on it? > > Yes. At boot prompt read help screens. :) Using the disk I downloaded yesterday and got burnt today, there is a fancy KDE gui, but no help screens about such trivia as getting it working on possibly defective, broken, hardware. I got it working on a different computer and discovered that it uses UNIONFS to overlay an record of changes that one makes to files on the root partition. But even on my better computer, I couldn't find a way to exit from Knoppix gracefully. Shutdown only shut down KDE and left the computer in a state where it was unresponsive to any keyboard keys that I could think to try. I had to do a press-and-hold the power button to recover the use of the computer. When it came back up in Squeeze, the changes that I had made to a file on the root partition were not there. The had not been written to real disk during the somewhat brutal shutdown. One bright spot for the day. The new memtest+ package in Squeeze has a nice feature: It edits grub config to included memtest+ image in the boot menu. With this, one doesn't have to have a working CDROM drive to do a memtest. I have one running now on the problem box. I'll be looking into earlier versions of Knoppix tomorrow. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120723042134.ga3...@big.lan.gnu
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 18:58:36 +0200 Erwan David wrote: > > > However, I have noticed a tendency for things to be installed or > > started that open new ports, and it's easy to overlook them. Aptitude > > in particular will install extra packages that you don't need or want. > For this, first thing is to disable automatic installation of > recommended packages, it is much more easy to manage then. True, but the downside is that you're going to experience random, confusing absences of functionality in various applications, and it can sometimes be difficult to figure out why ... -- Celejar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120723001920.4cc8800a764ac77497819...@gmail.com
pidgin ym protocol over ssl
hi, is it possible to configure pidgin to connect to ym via ssl this is because there's an issue at my office where a colleague's message had been logged by a network staff -- Regards, Umarzuki Mochlis http://debmal.my -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cahw9mby2spp9k1cl3vo8lmqwfjn5oahp43czcn2dg_jy1wd...@mail.gmail.com
Re: Tools in Debian to create whole disk image (multiple partitions)?
On 22/07/12 02:05 PM, Andrei POPESCU wrote: On Du, 22 iul 12, 17:38:58, Sthu Deus wrote: Good time of the day, Andrei. You worte: Any suggestions? Why don't You copy Your installation w/ "cp -a" and reconfiguring then grub for the copy - to another disk (USB one?). OR I'm missing something? The Raspberry Pi can only boot from an SD card and the partition layout matters (e.g. /boot needs to be primary, FAT32, bootable and probably the first partition -- there is no bootloader like grub AFAICT). # parted -l Model: SD SD08G (sd/mmc) Disk /dev/mmcblk0: 7948MB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End SizeType File system Flags 1 1049kB 79,7MB 78,6MB primary fat32 boot 2 79,7MB 336MB 256MB primary linux-swap(v1) 3 336MB 7947MB 7612MB primary ext4 The ext4 partition only holds about 630 MiB of data (Debian base install + SSH server). I want to create an image that I can: * reuse myself later (just dd to some SD card) * distribute to possibly not very knowledgeable people Actually, I already have the image (with GNU ddrescue --sparse), but it's about 5 times bigger than expected, which makes it difficult to store and/or distribute :( Hope this explains, Andrei So what you really need is a copy of the files on /boot and /. You don't need the swap space and you don't need the empty space in the main partition. You can use fdisk to copy the partition information and a couple of cp -a or tar's to copy the other files. You could even use dd to copy the boot partition since it is pretty full. This could be put into a restore script where you just need to identify the SD destination card. However, unless the SD card is the same size, the main partition won't fill the space. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500cb9f0.4030...@rogers.com
Re: Tools in Debian to create whole disk image (multiple partitions)?
If all the empty space is filled with something redundant (like, zeroes?) then you can use almost any compress program (gzip comes to mind...) and it will all be compressed out. If the empty space is filled with random junk, it will depend on just how "random" the junk is. Does that help? Rick On Jul 22, 2012, at 11:05 AM, Andrei POPESCU wrote: On Du, 22 iul 12, 17:38:58, Sthu Deus wrote: Good time of the day, Andrei. You worte: Any suggestions? Why don't You copy Your installation w/ "cp -a" and reconfiguring then grub for the copy - to another disk (USB one?). OR I'm missing something? The Raspberry Pi can only boot from an SD card and the partition layout matters (e.g. /boot needs to be primary, FAT32, bootable and probably the first partition -- there is no bootloader like grub AFAICT). # parted -l Model: SD SD08G (sd/mmc) Disk /dev/mmcblk0: 7948MB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End SizeType File system Flags 1 1049kB 79,7MB 78,6MB primary fat32 boot 2 79,7MB 336MB 256MB primary linux-swap(v1) 3 336MB 7947MB 7612MB primary ext4 The ext4 partition only holds about 630 MiB of data (Debian base install + SSH server). I want to create an image that I can: * reuse myself later (just dd to some SD card) * distribute to possibly not very knowledgeable people Actually, I already have the image (with GNU ddrescue --sparse), but it's about 5 times bigger than expected, which makes it difficult to store and/or distribute :( Hope this explains, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/f1aabf71-4355-49db-9cfd-9dc093a90...@pobox.com
Re: What does this mean?
On Sun, Jul 22, 2012 at 04:18:07PM -0600, Paul E Condon wrote: > I have already downloaded Knoppix v7.0.1, per Chris' suggestion, but > have not yet found out what to do with it. Does it have memory, > component test software on it? Yes. At boot prompt read help screens. :) -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722230432.GB4492@tal
wifi vanished today
It was working this morning. I have an ASUS HE1000 EEE netbook. It runs testing. Early this morning at home the wifi worked fine. Later thsi mornign I was at a location where there was no usable wifi signeal, and rather than ahve it wasting battery looking for a connection, I right-clicked on the icon with two terminals and a red box with an white X, got a menu, and unchecked the option that enabled wireless. Later, back at home, I tried enabling wireless again. TO my sutprise, the option had disappeared from the menu. I seem to have no obvious way to turn wifi on. The menu which used to have an option that enabled wifi now just has * Enable Networking (checked) * Enable Notifications (checked) (greyed out) Connection Information * Edit Connections * About No option for wifi. What can I do to turn wifi on again? I did *not* do an upgrade to my system between this morning and now. The collection of availkable drivers shoulkd be identical between now and then, unless the system did something behind my back. All I did that seems relevant was uncheck a menu item that normally just temporarily turns off wifi. It's as if this time it expunged wifi from my system permanently. -- hendrik -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/juhub8$1q5$1...@dough.gmane.org
Re: What does this mean?
On 20120722_132033, Camaleón wrote: > On Sat, 21 Jul 2012 11:58:52 -0600, Paul E Condon wrote: > > > I'm running a computer box that is recently purchased second hand - new > > to me, but not new. While running a script that does a disk to disk > > copy with some reformatting on a file of a few GB, I got this burst of > > lines on all open gnome-terminal windows: > > > > start of cut and paste: > > Message from syslogd@gq at Jul 21 04:40:03 ... > > kernel:[233576.618678] Oops: 0002 [#1] SMP > > (...) > > > Message from syslogd@gq at Jul 21 04:40:03 ... > > kernel:[233576.618994] EIP: [] > > jbd2_journal_grab_journal_head+0xf/0x36 [jbd2] SS:ESP 0068:f6e83d38 > > (...) > > You got a kernel oops, and Google suggests as a possible source of the > error a bad memory RAM stick (long mode). Being a second hand computer > you better run a memtest and run a pile of system stress tests to check > the computer components health (mainly micro, memory and hard disks). > > Greetings, > > -- > Camaleón I'm trying to learn. When I try to repeat your Googling the only hits that I get are links to *my*own* query on this list. (Not much help, Google. Yes I know the question.) Give me some more information on what query string gave you the RAM stick (long mode) answer. You've given me a fish. Thankyou. But I'd like to learn how to fish. Memory test and other component tests: Do you have any suggestions as to what I might download. I have already downloaded Knoppix v7.0.1, per Chris' suggestion, but have not yet found out what to do with it. Does it have memory, component test software on it? Actually, I've already learned something really significant to me: Back when I hit Enter to send my original post, I didn't know for sure that these lines were actually significant. An alternative explanation that I had in mind was that the kernel issued messages like these frequently but Gnome, or some other high level thing, trapped them and sent them to /dev/null. It is really nice to know that two significant people here take the content of these messages seriously. I bought the computer from a computer recycling business. They know about Windows, but not so much about Linux. I'd like to take some information to them about the nature of the problem, AND I'd like to be prepared to test whatever 'fix' we (the business, and I) agree to try. I saw this computer run Windows XP, before I took out the XP-holding disk and put in my own HD as the first step in installing Linux Thanks. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2012071807.ge2...@big.lan.gnu
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 10:01:50PM +0800, lina wrote: > Just today one website I cared about failed to open, certainly it's > under attack. And how does a firewall help in that case. If you don't want your intranet web server being accessed from outside, then that's what a firewall is for. It doesn't make any sense having a firewall on a standalone machine, like a laptop, if you see what I mean. Well, that's my understanding of it. > P.S, In the past, if some books/webpage/blogs or anything which > inspired you lots in this area, appreciate to share. I don't have CS > background. http://www.debian-administration.org/articles/552 -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722202735.GC31191@tal
Re: is it rational to close the 139 port
On 23 Jul, 2012, at 0:44, Mark Allums wrote: > On 7/22/2012 11:09 AM, lina wrote: >> On Sun, Jul 22, 2012 at 11:53 PM, Brian wrote: >>> On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote: >>> On Sun, Jul 22, 2012 at 7:32 PM, Brian wrote: > Heaven above knows why you need a firewall. These services are quite > capable of getting on with life without iptables being involved. So are > you. Just today one website I cared about failed to open, certainly it's under attack. I don't know what other people are capable of, I feel they are capable of doing lots of things. Frankly speaking I don't have much energy/channel to arm myself some intense knowledge to meet some potential defense requirement (sometimes I read something, but mainly to forget later.). so the only way I can do now is to understand something very basic.gradually and patiently, perhaps 10 years later, and I don't have some strong security feelings, if something wrong with the laptop, I guess I will unavoidably freak out and at that time definitely some days will waste. >>> Let's take a look at what you are doing. I'll simplify it a bit but >>> hopefully not too much as to distort your intentions. >>> >>> 1. You have two tcp services which you offer on the network, ssh and a >>>webserver. Other services are available to localhost only. So the >>>only way the outside can communicate with your machine is through >>>ports 22 and 80. >>> >>> 2. You use iptables to reject all connections. This effectively means >>>the services on ports 22 and 80 become unavailable, which does not >>>suit you. >>> >>> 3. You now poke two holes in the firewall to reverse what you did in 2. >>> >>> Now you can consider what you have achieved. Sticking at 1. gives you >>> what you have at 3. In what way have improved security on the machine? >> so now is okay?! (if I catch correctly, this firewall actually is >> making no big differences here?) >> >> Thanks, > > In general, it often makes sense to have everything set to be secure. If > there are two things you can do, and it makes sense to do both, go ahead > (suspenders *and *belt). Sometimes, it doesn't make sense, such as times > when there's a fork in the road, and you have to choose one way or the other. > It might not make sense if doing multiple things caused a significant > performance hit. > > But sometimes an exploit is found in one of the things, and if you are doing > that thing, and nothing else, then your system is vulnerable. If you are > doing two separate things and one is compromised, then hopefully you are > still protected by the other. > > While you are only running two things that use an open port, you are > compromised only if there is a vulnerability in one of them.In this case, > iptables adds no extra security. > > However, I have noticed a tendency for things to be installed or started that > open new ports, and it's easy to overlook them. Aptitude in particular will > install extra packages that you don't need or want. > > So, keep an eye open at all times, and one thing you can do is every now and > then look at log files and config files. If you do run *iptables*, look at > all the rules now and then, and see if one has been added that you didn't add > yourself, and ask yourself why it's there. Maybe you are running World of > Warcraft under WINE, and installing it opens up port 3724. You might leave > it, or you might want to close it. (Wow can use port 80.) But if you see > something you don't recognize, do what you did, and Google it or ask someone. Thanks for your suggestions. I didn't realize aptitude would install something else, and sometimes I treated the recommended as something complimentary. Many times I left the laptop to install and myself run outside to take a break. Thanks, > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject > of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/500c2e00.1020...@allums.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8c6df8f7-5f17-4f84-96f0-bbf81892d...@gmail.com
Re: Why have d-community-offtopic? (Re: What does group consider to be on topic"?)
On Sun, Jul 22, 2012 at 01:38:27PM +, Camaleón wrote: > On Sun, 22 Jul 2012 19:06:48 +1200, Chris Bannister wrote: > > But, it **IS** ON TOPIC if they are not looking for Oracle support, so > > marking it [OT] is counter productive. > > And when is that to happen? What's the line that makes the difference > between both? In the end, you are asking for support about an Oracle > product, right? It could be an installation issue; working in with the Debian system. Then it is not [OT] > > d-community-offtopic would be the list to post to if they wanted free > > Oracle support. > > The list to post would be in that case the Oracle forum or mailing lists Oracle don't tend to give out free help. Could you find a mailing list? > but the OP already knows that and he/she is not looking for *that kind* > of support, Free help is better than paying for it. :) > that's why he/she tags the subject as OT here, not in debian offtopic ML. Are you suggesting that some posts to d-community-offtopic be marked as [OT] ? -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722200306.GB31191@tal
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On 22/07/12 20:29, Andrei POPESCU wrote: > On Du, 22 iul 12, 20:15:33, Erwan David wrote: >> On 22/07/12 20:07, Andrei POPESCU wrote: >>> Please do file bugs where appropriate. >>> >> In the past I was too often attacked or mocked, when doing such bug >> reports that I stopped. > Would you care to provide some examples? > bug 375500, but you do not have the whole discussion Note that rephrasing it in 505662 leads to silence. SOme other but I cannot find them back, since they are old : I now prefer directly installing non packaged programs when I encounter such behaviour. And first thing I disable automatic installation of recommended packages. signature.asc Description: OpenPGP digital signature
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On Du, 22 iul 12, 20:15:33, Erwan David wrote: > On 22/07/12 20:07, Andrei POPESCU wrote: > > Please do file bugs where appropriate. > > > In the past I was too often attacked or mocked, when doing such bug > reports that I stopped. Would you care to provide some examples? Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On 22/07/12 20:07, Andrei POPESCU wrote: > On Du, 22 iul 12, 19:51:33, Erwan David wrote: >> Yes, indeed. But I've seen too many packages where recommends leeds to >> installing full gnome where I do not want it, that I prefer having more >> control (and thus more responsibility). > Please do file bugs where appropriate. > > In the past I was too often attacked or mocked, when doing such bug reports that I stopped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500c4345.5010...@rail.eu.org
Re: Debian 5 - was Re: Query abouut root account
On Lu, 23 iul 12, 01:49:21, Bret Busby wrote: > > I have a Samsung MFP printer thing; a CLX-3185FW, and I had been > able to use it with a Debian 5 system that I had been using. Then, > the Debian 5 system went awry (a separate system from the firewall > system), and became apparently unusable. > > So, I installed Debian 6 on another computer (this computer), and > have been using that on this system, for the past few or several > months. > > But I was unable to install the drivers for the printer, on the > Debian 6 workstation. Try splix. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On Du, 22 iul 12, 19:51:33, Erwan David wrote: > > > Yes, indeed. But I've seen too many packages where recommends leeds to > installing full gnome where I do not want it, that I prefer having more > control (and thus more responsibility). Please do file bugs where appropriate. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Tools in Debian to create whole disk image (multiple partitions)?
On Du, 22 iul 12, 17:38:58, Sthu Deus wrote: > Good time of the day, Andrei. > > You worte: > > > Any suggestions? > > Why don't You copy Your installation w/ "cp -a" and reconfiguring then > grub for the copy - to another disk (USB one?). OR I'm missing > something? The Raspberry Pi can only boot from an SD card and the partition layout matters (e.g. /boot needs to be primary, FAT32, bootable and probably the first partition -- there is no bootloader like grub AFAICT). # parted -l Model: SD SD08G (sd/mmc) Disk /dev/mmcblk0: 7948MB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End SizeType File system Flags 1 1049kB 79,7MB 78,6MB primary fat32 boot 2 79,7MB 336MB 256MB primary linux-swap(v1) 3 336MB 7947MB 7612MB primary ext4 The ext4 partition only holds about 630 MiB of data (Debian base install + SSH server). I want to create an image that I can: * reuse myself later (just dd to some SD card) * distribute to possibly not very knowledgeable people Actually, I already have the image (with GNU ddrescue --sparse), but it's about 5 times bigger than expected, which makes it difficult to store and/or distribute :( Hope this explains, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disabling Recommends [was: Re: is it rational to close the 139 port]
On 22/07/12 19:29, Andrei POPESCU wrote: > On Du, 22 iul 12, 18:58:36, Erwan David wrote: >>> However, I have noticed a tendency for things to be installed or >>> started that open new ports, and it's easy to overlook them. Aptitude >>> in particular will install extra packages that you don't need or want. >> For this, first thing is to disable automatic installation of >> recommended packages, it is much more easy to manage then. > I would not hurry to do this unless the machine in question is really > space constrained (e.g. I have an install on a 2 GB USB stick). Since > apt-get installs recommends by default as well Maintainers have started > moving stuff from Depends to Recommends (to allow special use cases and > so). > > If you disable Recommends you should understand that is your > responsibility for any missing functionality that may be important for > you. > Yes, indeed. But I've seen too many packages where recommends leeds to installing full gnome where I do not want it, that I prefer having more control (and thus more responsibility). signature.asc Description: OpenPGP digital signature
Debian 5 - was Re: Query abouut root account
On Mon, 16 Jul 2012, Denis Witt wrote:
On 16.07.2012 10:01, Bret Busby wrote:
I have forgotten the root password, and have not logged into root on
that computer, or updated the system, for about a year, I think.
Do you have physical access to this machine? Or can you get someone to boot
it with a live-CD?
If so you can boot from the live-CD, chroot into the system on the disk and
change the root passwd.
Bye.
One of the reasons that I wanted to be able to log in as root, is to
perform an update on that system.
The system is running Firestarter on Debian 5.
However, another problem has arisen, that indicates that that system
apparently cannot be updated, and has to stay as it is, without having
been updated for about a year or so, which is unfortunate for a
firewall computer.
I have a Samsung MFP printer thing; a CLX-3185FW, and I had been able to
use it with a Debian 5 system that I had been using. Then, the Debian 5
system went awry (a separate system from the firewall system), and
became apparently unusable.
So, I installed Debian 6 on another computer (this computer), and have
been using that on this system, for the past few or several months.
But I was unable to install the drivers for the printer, on the Debian 6
workstation.
I have now been advised by Samsung, that the CLX-3185FW works with
Debian 3.x through 5.x, but does not work with Debian.
("Why is this so?"; that a peripheral device that worked with Debian 3.x
through 5.x, now does not work with Debian 6? Has Debian 6 been made
incompatible with some hardware that ran (relatively) okay with Debian
3.x through 5.x?)
So, I today tried to instal Debian 5 on my HP NX5000 laptop, which is
one of the systems on which I have previously (relatively) successfully
run Debian 5, in the past (until the HDD crashed on that computer, and
got replaced, so I installed Debian 6 on it).
But, when it came to the APT part of the setup in the installation
process, I could not successfully configure the mirror setting.
In looking at the Debian web site, I found, and tried,
http://archive.kernel.org/debian-archive, as one of the many mirrors
that I tried.
That did not work.
No mirror worked.
So, I thought that I would try to find the optical disks (CD's or DVD's)
ISO images, download them, and just instal it from the ISO images.
But, I could not find any ISO images for Debian 5.
The Debian website stated that, when Debian 6 was released; 06 February
2012, updates for Debian 5 ceased, and Debian 5 got shifted and
archived.
But, I can not find any archived ISO images for Debian 5, so I can not
instal Debian 5, and thus, I can no longer use the printer/scanner, that
I was able to use with Debian 5. Unless I switch to MS Windows...
Are ISO images available on the Debian web site, or in its repositories,
for Debian 5?
I had to abort the installation, as it would not progress any further,
and, would not even "install a basic system", so, I had to abort the
installation, and that appears to have harmed to Debian 6 installation
on the HP NX 500, so I will probably now have to re-instal Debian 6 (on
booting Debian 6, I got "fsck failed with error 8 - login as root or
press to continue").
But, if Debian 5 is still available, both in the ISO images, so as to
allow installation, and, in repositories, so that existing Debian 5
systems can be updated to at least the February 2012 update state, then
I would be able to use the Samsung CLX-3185FW, for more than just a
photocopier, and, I would be able to be a bit more confident of the
security of the firwewall that appartently can not be updated.
I note that Firestarter has apparently not been maintained for a few
years, so, whilst it apparently is available as an installable package
within the Debian 6 set of packages, there would probably not be much
advantage in upgrading the firewall to Debian 6, due to Firestarter for
Debian 6, being probably not more updated than the Firesrater on Debian
5.
And, other firewall software, appears to be too difficult for me to deal
with, so I am stuck with Firestarter.
So, advice as to how I can obtain Debian 5 ISO image downloads, and, how
I can perform an update (what URL's I need for the /etc/apt/sources.list
file) on the Debian 5 firewall, if these can be achieved, would be good.
Thank you in anticipation.
--
Bret Busby
Armadale
West Australia
..
"So once you do know what the question actually is,
you'll know what the answer means."
- Deep Thought,
Chapter 28 of Book 1 of
"The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts",
written by Douglas Adams,
published by Pan Books, 1992
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/alpine.deb.2.00.1207230059310.5...@bret-dd-work
Re: is it rational to close the 139 port
On Du, 22 iul 12, 22:33:49, lina wrote: > > Another thing I am a little concern, > > I can ssh from remote server back to laptop without password. Passphraseless keys? > but on the remote server, actually someone who has root privilege can > easily su lina and ssh to my laptop (sorry to assume like that, we > have a great system administrators in those servers). Sounds like it from your description. > my concern is that it's a good idea to put the public keys from remote > servers into my authorized_keys, just for scp convenience? I think you are mixing things. The client (in the case about the remote server) needs a private key accepted by the "server" (in you case above the laptop), that is, they are listed in the authorized_keys on the "server". Back to your question a general recommendation is to not put or use sensitive material (and SSH private keys and their passphrase do count as such) on machines where you don't trust root. Hope this explains, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Disabling Recommends [was: Re: is it rational to close the 139 port]
On Du, 22 iul 12, 18:58:36, Erwan David wrote: > > > However, I have noticed a tendency for things to be installed or > > started that open new ports, and it's easy to overlook them. Aptitude > > in particular will install extra packages that you don't need or want. > For this, first thing is to disable automatic installation of > recommended packages, it is much more easy to manage then. I would not hurry to do this unless the machine in question is really space constrained (e.g. I have an install on a 2 GB USB stick). Since apt-get installs recommends by default as well Maintainers have started moving stuff from Depends to Recommends (to allow special use cases and so). If you disable Recommends you should understand that is your responsibility for any missing functionality that may be important for you. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: is it rational to close the 139 port
> However, I have noticed a tendency for things to be installed or > started that open new ports, and it's easy to overlook them. Aptitude > in particular will install extra packages that you don't need or want. For this, first thing is to disable automatic installation of recommended packages, it is much more easy to manage then. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500c313c.9020...@rail.eu.org
Re: is it rational to close the 139 port
On 7/22/2012 11:09 AM, lina wrote: On Sun, Jul 22, 2012 at 11:53 PM, Brian wrote: On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote: On Sun, Jul 22, 2012 at 7:32 PM, Brian wrote: Heaven above knows why you need a firewall. These services are quite capable of getting on with life without iptables being involved. So are you. Just today one website I cared about failed to open, certainly it's under attack. I don't know what other people are capable of, I feel they are capable of doing lots of things. Frankly speaking I don't have much energy/channel to arm myself some intense knowledge to meet some potential defense requirement (sometimes I read something, but mainly to forget later.). so the only way I can do now is to understand something very basic.gradually and patiently, perhaps 10 years later, and I don't have some strong security feelings, if something wrong with the laptop, I guess I will unavoidably freak out and at that time definitely some days will waste. Let's take a look at what you are doing. I'll simplify it a bit but hopefully not too much as to distort your intentions. 1. You have two tcp services which you offer on the network, ssh and a webserver. Other services are available to localhost only. So the only way the outside can communicate with your machine is through ports 22 and 80. 2. You use iptables to reject all connections. This effectively means the services on ports 22 and 80 become unavailable, which does not suit you. 3. You now poke two holes in the firewall to reverse what you did in 2. Now you can consider what you have achieved. Sticking at 1. gives you what you have at 3. In what way have improved security on the machine? so now is okay?! (if I catch correctly, this firewall actually is making no big differences here?) Thanks, In general, it often makes sense to have everything set to be secure. If there are two things you can do, and it makes sense to do both, go ahead (suspenders *and *belt). Sometimes, it doesn't make sense, such as times when there's a fork in the road, and you have to choose one way or the other. It might not make sense if doing multiple things caused a significant performance hit. But sometimes an exploit is found in one of the things, and if you are doing that thing, and nothing else, then your system is vulnerable. If you are doing two separate things and one is compromised, then hopefully you are still protected by the other. While you are only running two things that use an open port, you are compromised only if there is a vulnerability in one of them.In this case, iptables adds no extra security. However, I have noticed a tendency for things to be installed or started that open new ports, and it's easy to overlook them. Aptitude in particular will install extra packages that you don't need or want. So, keep an eye open at all times, and one thing you can do is every now and then look at log files and config files. If you do run *iptables*, look at all the rules now and then, and see if one has been added that you didn't add yourself, and ask yourself why it's there. Maybe you are running World of Warcraft under WINE, and installing it opens up port 3724. You might leave it, or you might want to close it. (Wow can use port 80.) But if you see something you don't recognize, do what you did, and Google it or ask someone. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500c2e00.1020...@allums.com
Re: is it rational to close the 139 port
Hi Lina, On Sun, Jul 22, 2012 at 03:25:03PM +0800, lina wrote: > > BTW, why need allow ping? from outside? > 59 # Allow ping > 60 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT > > I know so little, thanks very much for your expilanation, > I've found www/grc.com/ and his 'ShieldsUp' scan to be very helpful in securing my system and he's posted some good reading material there. Keep grinnin', Mike -- Satisfied user of Linux since 1997. O< ascii ribbon campaign - stop html mail - www.asciiribbon.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722152458.GA29880@playground
Re: Daemons in schroot or how to start chroot automatically
On Sam, 2012-07-21 at 22:18 +0100, Roger Leigh wrote: > On Sat, Jul 21, 2012 at 11:54:58AM +, Ramon Hofer wrote: > > On Fri, 20 Jul 2012 17:32:14 +0100, Roger Leigh wrote: > > > > > On Fri, Jul 20, 2012 at 12:48:49PM +, Ramon Hofer wrote: > > >> On Fri, 20 Jul 2012 10:42:58 +0100, Roger Leigh wrote: > > >> > > >> > On Thu, Jul 19, 2012 at 12:34:26PM +, Ramon Hofer wrote: > > >> >> I have some questions about starting daemons in a chroot environment > > >> >> or rather about starting schroot on bootup. > > >> >> The reason I want to do this is to clean up my server. It's a > > >> >> Squeeze with an AMD64 kernel from backports. Some packages are from > > >> >> testing which gives me problems because of dependencies that can't > > >> >> be fullfilled: sabnzbdplus from testing depends on python so I can't > > >> >> install build- essential... > > >> >> > > >> >> So far I was able to setup a chroot with schroot and installed sid > > >> >> in it. > > >> >> > > >> >> [sid] > > >> >> description=Debian sid (unstable) > > >> >> directory=/srv/chroot/sid users=hoferr groups=hoferr > > >> >> root-groups=root aliases=unstable,default > > >> > > > >> > set type=directory here > > >> > > >> That sounds great what I can read in the schroot.conf manpage: > > >> "In consequence, filesystems such as /proc are not mounted in > > >> plain chroots; it is the responsibility of the system > > >> administrator to configure such chroots by hand, whereas directory > > >> chroots are automatically configured." > > >> > > >> This means I can remove the remounts of /proc, /dev and /sys to /srv/ > > >> chroot/sid/... from my /etc/fstab? > > > > > > Yes, exactly. You still have an fstab--it's /etc/schroot/default/fstab, > > > though this is configurable (set script=config with schroot 1.4.x, or > > > profile= with schroot 1.6.x). > > > > Very nice! > > This is the default fstab which is used for all schroots right? > > Yes. > > > Is there another one which I can use to set specific mounts? > > Like in my case the config dir in my home for sabnzbd? > > Not provided with the package. You could just > sudo cp -r /etc/schroot/default /etc/schroot/sabnzbd > and then set > script-config=/etc/schroot/sabnzdb/config > (you'll need to edit this file to update the paths in it from > /etc/schroot/default to /etc/schroot/sabnzdb. This has made me want to have a separate sid schroot for sabnzbd :-) That's why I renamed /srv/chroot/sid to /srv/chroot/sid-sab and the session name in /etc/schroot/schroot.conf to sid-sab too: [sid-sab] type=directory description=Debian sid (unstable) for SABnzbd directory=/srv/chroot/sid-sab users=hoferr groups=hoferr root-groups=root,hoferr script-config=/etc/schroot/sid-sab/config After copying /etc/schroot/default to /etc/schroot/sid-sab I have manually edited the three paths in /etc/schroot/sabnzdb/config: FSTAB="/etc/schroot/sid-sab/fstab" COPYFILES="/etc/schroot/sid-sab/copyfiles" NSSDATABASES="/etc/schroot/sid-sab/nssdatabases" Unfortunately when I started the schroot session I got $ schroot -v -p -c sid-sab I: Executing ‘00check setup-start ok’ E: 00check: error: script-config file '/etc/schroot/etc/schroot/sid-sab/config' does not exist ... That's why I changed script-config to script-config=sid-sab/config Now it's working. :-) Because in my init.d script now both --session-name and --chroot are sid-sab I feared that this would lead to problems. But doesn't seem to. Is this true? > > And I should copy/bind another config file. Is it possible to have > > different /etc/schroot/default/copyfiles for different schroot > > environments? > > > Something like /etc/schroot/[SCHROOT]/fstab and /etc/schroot/[SCHROOT]/ > > copyfiles would be very handy :-) > > Not using the same /etc/schroot/default/copyfiles file, but by > creating your own chroot-specific config directory as above, it's > definitely possible. See the other options like > /etc/schroot/desktop for pre-canned profiles provided as > alternatives to "default". That's great! Thanks :-) I will in the next weeks probably play a lot with it ;-) Not only desktop/config but maybe also sbuild/config. I always wanted to learn about building my own package :-) > > >> >> In the chroot I have created a new user called hoferr and am now > > >> >> able to login without root privilieges. > > >> >> But in there sudo is missing. Maybe this can be resolved by > > >> >> installing the correct base system meta package mentioned above? > > >> > > > >> > You could install sudo. But why? This is what schroot /is/ (chroot > > >> > + > > >> > sudo). If you want to do stuff as root inside the chroot, > > >> > just add yourself to root-groups/root-users. > > >> > > >> Or start it with `sudo schroot -p -c sid`. > > > > > > That's a possibility, though I would personally just configure schroot > > > to give me root access directly. > > > > I have tried to set root-groups=ro
Re: To pulse or not to pulse?
On Sat, 2012-07-21 at 01:33 +1200, Chris Bannister wrote: > On Thu, Jul 19, 2012 at 07:41:20AM +0200, Ralf Mardorf wrote: > > However, here's the instruction how to build a dummy package for Debian > > based distros: > > http://www.debian.org/doc/manuals/apt-howto/ch-helpers.en.html > > APT HOWTO (Obsolete Documentation) - Very useful helpers > ^^ equivs-control and equivs-build still work that way. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342973704.2312.79.camel@precise
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 11:53 PM, Brian wrote: > On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote: > >> On Sun, Jul 22, 2012 at 7:32 PM, Brian wrote: >> > >> > Heaven above knows why you need a firewall. These services are quite >> > capable of getting on with life without iptables being involved. So are >> > you. >> >> Just today one website I cared about failed to open, certainly it's >> under attack. >> I don't know what other people are capable of, I feel they are capable >> of doing lots of things. >> Frankly speaking I don't have much energy/channel to arm myself some >> intense knowledge to meet some potential defense requirement >> (sometimes I read something, but mainly to forget later.). >> so the only way I can do now is to understand something very >> basic.gradually and patiently, perhaps 10 years later, >> and I don't have some strong security feelings, if something wrong >> with the laptop, I guess I will unavoidably freak out and at that time >> definitely some days will waste. > > Let's take a look at what you are doing. I'll simplify it a bit but > hopefully not too much as to distort your intentions. > > 1. You have two tcp services which you offer on the network, ssh and a >webserver. Other services are available to localhost only. So the >only way the outside can communicate with your machine is through >ports 22 and 80. > > 2. You use iptables to reject all connections. This effectively means >the services on ports 22 and 80 become unavailable, which does not >suit you. > > 3. You now poke two holes in the firewall to reverse what you did in 2. > > Now you can consider what you have achieved. Sticking at 1. gives you > what you have at 3. In what way have improved security on the machine? so now is okay?! (if I catch correctly, this firewall actually is making no big differences here?) Thanks, > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722155344.GE7631@desktop > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmmARcCDdR2L4fkk6=c7r_14d4qqoqrwvak2aj0gg_j...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote: > On Sun, Jul 22, 2012 at 7:32 PM, Brian wrote: > > > > Heaven above knows why you need a firewall. These services are quite > > capable of getting on with life without iptables being involved. So are > > you. > > Just today one website I cared about failed to open, certainly it's > under attack. > I don't know what other people are capable of, I feel they are capable > of doing lots of things. > Frankly speaking I don't have much energy/channel to arm myself some > intense knowledge to meet some potential defense requirement > (sometimes I read something, but mainly to forget later.). > so the only way I can do now is to understand something very > basic.gradually and patiently, perhaps 10 years later, > and I don't have some strong security feelings, if something wrong > with the laptop, I guess I will unavoidably freak out and at that time > definitely some days will waste. Let's take a look at what you are doing. I'll simplify it a bit but hopefully not too much as to distort your intentions. 1. You have two tcp services which you offer on the network, ssh and a webserver. Other services are available to localhost only. So the only way the outside can communicate with your machine is through ports 22 and 80. 2. You use iptables to reject all connections. This effectively means the services on ports 22 and 80 become unavailable, which does not suit you. 3. You now poke two holes in the firewall to reverse what you did in 2. Now you can consider what you have achieved. Sticking at 1. gives you what you have at 3. In what way have improved security on the machine? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722155344.GE7631@desktop
Re: is it rational to close the 139 port
On Sun 22 Jul 2012 at 11:09:26 -0300, Henrique de Moraes Holschuh wrote: > On Sun, 22 Jul 2012, Brian wrote: > > The ssh and webserver daemons are available on the network. Presumably > > this is what you want. Their security will depend on how you have > > configured them. Debian sshd can be run safely with the default install. > > Sort of. The recommended "almost worry-free" configuration for SSH nowadays > is to have it refuse any sort of password-based autentication, and accept > only key-based authentication (and token-based if you use kerberos or MS > AD), *restricted* to the set of users that indeed are allowed to ssh to the > box[1] and no root logins. Depending on the situation, you also have to > restrict port forwarding and agents forwarding even for authorized users. > > Unfortunately, that's not something easy to automate in the general case, > and any compromise we take will generate a lot of complains, so we ship a > *reasonably safe* default... but last I checked, they're safe only if you > don't ever set any easily brute-forceable passwords, etc. No default configuration file will ever suit everyone or fit their needs, but the Debian sshd_config doesn't seem to me to be have any insecure aspects to it. A strong password goes without saying, as does a strong passphrase for key-based authentication, but there may be extra considerations which influence the choice of one method over the other. I'm with the Debian maintainer regarding logging in as root and have never grasped why if a key is good enough for a user it should be less secure for root. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722153107.GD7631@desktop
Re: Daemons in schroot or how to start chroot automatically
On Son, 2012-07-22 at 15:58 +0100, Roger Leigh wrote: > On Sun, Jul 22, 2012 at 03:25:49PM +0200, Ramon Hofer wrote: > > On Sam, 2012-07-21 at 22:05 +0100, Roger Leigh wrote: > > > > > > Firstly, add schroot to Required-(Start|Stop), since you do > > > need it to be set up prior to starting new sessions. > > > > Thanks for the hint! > > I added $schroot at the end (don't know if the ordering matters...) > > It's "schroot", not "$schroot". '$' means it's a virtual > service provided by another script; without the '$' means the > script itself. e.g. "$network" is provided by "ifupdown". Thanks for the explanation :-) > > > I would also check the return status of schroot. If sid-sab > > > already exists, then session creation will fail, and you'll > > > reuse the old session. That might not be incorrect, but > > > in the general case, I'd recommend checking. > > > > I was thinking about this too. But I saw no need to create a new session > > if the old is still there. > > What could be drawbacks of doing so? > > None really; they can even persist across reboots. (That's what > the "recover-session" action is for.) Hmm, then maybe I should check if there'are lost sessions upon the start of the script? Or will either schroot -b or -r work with such a lost session? > > > What "talking" are you seeing? --quiet should hide all the > > > messages, unless there's a problem. > > > > I have tried this > > $NAME=$(schroot -bq -n $NAME -c $SCHROOT) > > > > But when the init.d script is called the second time with start then it > > return > > E: /etc/init.d/sabnzbdplus: Chroot not found > > > > That's why I have added >/dev/null to the creation command > > schroot -bq -n $NAME -c $SCHROOT >/dev/null > > "/etc/init.d/sabnzbdplus" is an odd name for a chroot; It's not > even valid to have '/' in the name IIRC. Is "$NAME" correct here? Yes but this error was printed when I had these two commands in the start part of my init.d script: $NAME=$(schroot -bq -n $NAME -c $SCHROOT) schroot -rq -c $NAME /etc/init.d/sabnzbdplus start NAME is set to "" after the first command and "/etc/init.d/sabnzbdplus" is therefore the argument for -c in the second command. Cheers Ramon -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342970834.3425.38.camel@hoferr-desktop.hofer.rummelring
Re: Optimal Storage Server
On Son, 2012-07-22 at 10:34 -0400, Shaffin Bhanji wrote: > Hello Ramon, > > Thanks, and how much did the server cost you? Please don't top post, Sam. It cost me the case €387.94, the LSI hba CHF 281.45, the Intel SAS expander CHF 110.25 and four new WD black 2TB drives 4x CHF 190.65. Plus some cables and fans. But if you multiply the price of five Netgear NV+ (which each holds four disks) ~ CHF 300.-- each then this isn't what I'd call cheap. And with the speed and possibilities it gives me I consider my solution better than what I could get from a ready to use NAS. Cheers Ramon > On 22/07/2012 8:49 AM, Ramon Hofer wrote: > > On Sun, 22 Jul 2012 07:41:32 -0400, Shaffin Bhanji wrote: > > > >> I am trying to put together a 2U storage server for data. I have > >> previously invested in NAS equipment such as the Netgear NAS 1100 that I > >> have been disappointed in to say the least - data write speed of 5MB/s. > >> > >> This time around I want to build something that I have control over > >> hardware than to rely on equipment that I am locked in with, and not to > >> mention limitations. > >> > >> I would like an opinion from this group on successful implementation as > >> I will highly be using the server for vitalization disks (iSCSI), > >> backup, file share, etc. I want to make sure that I chose the right > >> hardware to get the best read/write performance. > > Hi Sam > > > > I was at the same point some months ago. I had a Netgear NV+ and even > > lower data rates (read and write not even 2 MB/s). I didn't want to fill > > the case up but I wanted to have the possibility to expand it later. > > > > What I did is was to go for a Norco 19" 4U case [1]. > > Of course Norco has as well 2U cases [2]. > > > > With the help of this list (especially Stan) I went for a MegaRAID SAS > > 9240 controller and an Inter SAS expander. I had serious problems getting > > it working with a Supermicro C7P67 mainboard. But in an Asus P7P55D it > > works like a charm. I use the hba in jbod mode and let mdadm do the raid > > stuff. > > > > When I copied my old data (from 4 disks in RAID5 attached directly to > > mobo) to the new hardware (to 4 disks attached to the Intel expander and > > the LSI hba) I had data speed measured with rsync of more than 150 MB/s. > > When I now copy things I have data rates of about 60 MB/s. This is read > > and write to the disk over ethernet and from a 2.5" laptop drive to the > > raid inside the server again measured with rsync. > > > > Hope this helps a little. > > > > > > Best regards > > Ramon > > > > > > > > [1] http://cybershop.ri-vier.nl/4u-rackmnt-server-case-w20-hotswap- > > satasas-drv-bays-rpc4020-p-17.html > > [2] http://cybershop.ri-vier.nl/19-inch-rack-mount-2u-rack-mount-case- > > c-1_3_5.html?zenid=3f7d9a26cb57676b810105b2621b6c13 > > > > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342970256.3425.31.camel@hoferr-desktop.hofer.rummelring
Re: Daemons in schroot or how to start chroot automatically
On Sun, Jul 22, 2012 at 03:25:49PM +0200, Ramon Hofer wrote: > On Sam, 2012-07-21 at 22:05 +0100, Roger Leigh wrote: > > > > Firstly, add schroot to Required-(Start|Stop), since you do > > need it to be set up prior to starting new sessions. > > Thanks for the hint! > I added $schroot at the end (don't know if the ordering matters...) It's "schroot", not "$schroot". '$' means it's a virtual service provided by another script; without the '$' means the script itself. e.g. "$network" is provided by "ifupdown". > > I would also check the return status of schroot. If sid-sab > > already exists, then session creation will fail, and you'll > > reuse the old session. That might not be incorrect, but > > in the general case, I'd recommend checking. > > I was thinking about this too. But I saw no need to create a new session > if the old is still there. > What could be drawbacks of doing so? None really; they can even persist across reboots. (That's what the "recover-session" action is for.) > > What "talking" are you seeing? --quiet should hide all the > > messages, unless there's a problem. > > I have tried this > $NAME=$(schroot -bq -n $NAME -c $SCHROOT) > > But when the init.d script is called the second time with start then it > return > E: /etc/init.d/sabnzbdplus: Chroot not found > > That's why I have added >/dev/null to the creation command > schroot -bq -n $NAME -c $SCHROOT >/dev/null "/etc/init.d/sabnzbdplus" is an odd name for a chroot; It's not even valid to have '/' in the name IIRC. Is "$NAME" correct here? -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722145838.gi25...@codelibre.net
Re: installion problem
On 22/07/12 07:37 AM, Mohd Asif wrote: hello, while installing debian os, after providing partitioning and applying it some error is occuring(unable to partition error: /dev/sda). or without providing partition too, its viewing read error hoping for a solution to this problem With Regards, Asif You really should post a more descriptive subject line, such as "partitioning error during install". Secondly, you need to provide more information. As Camaleón suggested, we need to which version of Debian are you installing and what installer are you using. Thirdly, write down the exact error message and when it is occurring. If you are having problems with partitioning, have you tried letting the installer do the partitioning for you (automatic partitioning)? If this is not practical, you can also download and use a gparted live CD to do the partitioning first (i.e. shrinking any Windows partition down to half the disk and leaving the rest of the disk unused, then letting the installer automatically partition the free space).
Re: is it rational to close the 139 port
On 22/07/12 16:09, Henrique de Moraes Holschuh wrote: > On Sun, 22 Jul 2012, Brian wrote: >> The ssh and webserver daemons are available on the network. Presumably >> this is what you want. Their security will depend on how you have >> configured them. Debian sshd can be run safely with the default install. > Sort of. The recommended "almost worry-free" configuration for SSH nowadays > is to have it refuse any sort of password-based autentication, and accept > only key-based authentication (and token-based if you use kerberos or MS > AD), *restricted* to the set of users that indeed are allowed to ssh to the > box[1] and no root logins. Depending on the situation, you also have to > restrict port forwarding and agents forwarding even for authorized users. > > Unfortunately, that's not something easy to automate in the general case, > and any compromise we take will generate a lot of complains, so we ship a > *reasonably safe* default... but last I checked, they're safe only if you > don't ever set any easily brute-forceable passwords, etc. > > If you never need to SSH into the box, remove openssh-server. > > [1] AllowUsers foo bar. And root must never be one of them :p > Beware you must be sure to keep an access to the machine before applying the restrictions, ie. if you're dealing with a rented server (be it physical or virtual) in a datacenter far away... This access might be through an out of band management connection (KVM, Idrac, ILO, or something else), but you'd better check it works before restraining ssh access. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500c11ef.2050...@rail.eu.org
Re: Optimal Storage Server
Hello Ramon, Thanks, and how much did the server cost you? Sam. On 22/07/2012 8:49 AM, Ramon Hofer wrote: On Sun, 22 Jul 2012 07:41:32 -0400, Shaffin Bhanji wrote: I am trying to put together a 2U storage server for data. I have previously invested in NAS equipment such as the Netgear NAS 1100 that I have been disappointed in to say the least - data write speed of 5MB/s. This time around I want to build something that I have control over hardware than to rely on equipment that I am locked in with, and not to mention limitations. I would like an opinion from this group on successful implementation as I will highly be using the server for vitalization disks (iSCSI), backup, file share, etc. I want to make sure that I chose the right hardware to get the best read/write performance. Hi Sam I was at the same point some months ago. I had a Netgear NV+ and even lower data rates (read and write not even 2 MB/s). I didn't want to fill the case up but I wanted to have the possibility to expand it later. What I did is was to go for a Norco 19" 4U case [1]. Of course Norco has as well 2U cases [2]. With the help of this list (especially Stan) I went for a MegaRAID SAS 9240 controller and an Inter SAS expander. I had serious problems getting it working with a Supermicro C7P67 mainboard. But in an Asus P7P55D it works like a charm. I use the hba in jbod mode and let mdadm do the raid stuff. When I copied my old data (from 4 disks in RAID5 attached directly to mobo) to the new hardware (to 4 disks attached to the Intel expander and the LSI hba) I had data speed measured with rsync of more than 150 MB/s. When I now copy things I have data rates of about 60 MB/s. This is read and write to the disk over ethernet and from a 2.5" laptop drive to the raid inside the server again measured with rsync. Hope this helps a little. Best regards Ramon [1] http://cybershop.ri-vier.nl/4u-rackmnt-server-case-w20-hotswap- satasas-drv-bays-rpc4020-p-17.html [2] http://cybershop.ri-vier.nl/19-inch-rack-mount-2u-rack-mount-case- c-1_3_5.html?zenid=3f7d9a26cb57676b810105b2621b6c13 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500c0f75.2020...@gmail.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 10:09 PM, Henrique de Moraes Holschuh wrote: > On Sun, 22 Jul 2012, Brian wrote: >> The ssh and webserver daemons are available on the network. Presumably >> this is what you want. Their security will depend on how you have >> configured them. Debian sshd can be run safely with the default install. > > Sort of. The recommended "almost worry-free" configuration for SSH nowadays > is to have it refuse any sort of password-based autentication, and accept > only key-based authentication (and token-based if you use kerberos or MS > AD), *restricted* to the set of users that indeed are allowed to ssh to the > box[1] and no root logins. Depending on the situation, you also have to > restrict port forwarding and agents forwarding even for authorized users. Thank you, this is very helpful, I have never realized that. All mine server ForwardAgent was set to yes. Another thing I am a little concern, I can ssh from remote server back to laptop without password. but on the remote server, actually someone who has root privilege can easily su lina and ssh to my laptop (sorry to assume like that, we have a great system administrators in those servers). my concern is that it's a good idea to put the public keys from remote servers into my authorized_keys, just for scp convenience? Thanks with best regards, > > Unfortunately, that's not something easy to automate in the general case, > and any compromise we take will generate a lot of complains, so we ship a > *reasonably safe* default... but last I checked, they're safe only if you > don't ever set any easily brute-forceable passwords, etc. > > If you never need to SSH into the box, remove openssh-server. > > [1] AllowUsers foo bar. And root must never be one of them :p > > -- > "One disk to rule them all, One disk to find them. One disk to bring > them all and in the darkness grind them. In the Land of Redmond > where the shadows lie." -- The Silicon Valley Tarot > Henrique Holschuh > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722140926.gc6...@khazad-dum.debian.net > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=cd2qzbw06boiz7ycdyxjfxx9cdaogyd1ds-3dec4...@mail.gmail.com
Re: Showing hidden files (.) in gnome-shell with desktop enabled
On Sat, 21 Jul 2012 11:37:04 +, Camaleón wrote:
> Is there a way to see the hidden files (".myfile") in gnome-shell when
> the old desktop with icons is enabled?
I finally filed a bug report:
https://bugzilla.gnome.org/show_bug.cgi?id=680395
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/juh211$nk6$9...@dough.gmane.org
Re: installion problem
On Sun, 22 Jul 2012 04:37:05 -0700, Mohd Asif wrote: (please, no html posts, thanks...) > hello,while installing debian os, What exactly... stable, testing (weekly, daily)? What ISO... CD, DVD, netinst? > after providing partitioning and applying it some error is occuring > (unable to partition error: /dev/sda). What kind of partitioning are you doing? Is your hard disk using something special, such as LVM or RAID volume? You can try with the expert installer and manaully partition your hard disk or use any already-made partition for each mount moint. Also, you can jump to a console to see what's the exact error you get. > or without providing partition too, its viewing read error I don't understand this. You mean you are getting the same error regardless you partition you hard disk or not? :-? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/juh1nj$nk6$8...@dough.gmane.org
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012, Brian wrote: > The ssh and webserver daemons are available on the network. Presumably > this is what you want. Their security will depend on how you have > configured them. Debian sshd can be run safely with the default install. Sort of. The recommended "almost worry-free" configuration for SSH nowadays is to have it refuse any sort of password-based autentication, and accept only key-based authentication (and token-based if you use kerberos or MS AD), *restricted* to the set of users that indeed are allowed to ssh to the box[1] and no root logins. Depending on the situation, you also have to restrict port forwarding and agents forwarding even for authorized users. Unfortunately, that's not something easy to automate in the general case, and any compromise we take will generate a lot of complains, so we ship a *reasonably safe* default... but last I checked, they're safe only if you don't ever set any easily brute-forceable passwords, etc. If you never need to SSH into the box, remove openssh-server. [1] AllowUsers foo bar. And root must never be one of them :p -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722140926.gc6...@khazad-dum.debian.net
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 7:32 PM, Brian wrote: > On Sun 22 Jul 2012 at 18:08:25 +0800, lina wrote: > >> On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner >> wrote: >> > On 7/22/2012 3:37 AM, lina wrote: >> > >> >> P.S I also found >> >> >> >> tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN >> >> tcp0 0 127.0.0.1:250.0.0.0:* LISTEN >> >> tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN >> > >> > Instead of doing this piecemeal, post the output of: >> > >> > ~$ netstat -ant|grep LISTEN >> > >> > and we'll go through the list together, trimming the fat. >> >> # netstat -ant|grep LISTEN >> tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN >> tcp0 0 127.0.0.1:250.0.0.0:* LISTEN >> tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN >> tcp6 0 0 :::143 :::*LISTEN >> tcp6 0 0 :::80 :::*LISTEN >> tcp6 0 0 :::22 :::*LISTEN >> tcp6 0 0 ::1:631 :::*LISTEN >> >> Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, >> respectively, > > CUPS and the mailserver only listen for connections from localhost. This > is as safe as it gets without removing the two services. > > The ssh and webserver daemons are available on the network. Presumably > this is what you want. Their security will depend on how you have > configured them. Debian sshd can be run safely with the default install. > > For port 538 try > >lsof -i :538 > > It's probably gdomap, which is part of GNUstep. By default it will not > probe for other servers (see /etc/default/gdomap), so that looks ok. > Only you know whether you need GNUstep. > > Port 143 is likely to be imap. It too can be accessed from the network. > Is that your intention? my email is not function perfectly yet. I don't have much idea about it. Shall I close it? > > Heaven above knows why you need a firewall. These services are quite > capable of getting on with life without iptables being involved. So are > you. Just today one website I cared about failed to open, certainly it's under attack. I don't know what other people are capable of, I feel they are capable of doing lots of things. Frankly speaking I don't have much energy/channel to arm myself some intense knowledge to meet some potential defense requirement (sometimes I read something, but mainly to forget later.). so the only way I can do now is to understand something very basic.gradually and patiently, perhaps 10 years later, and I don't have some strong security feelings, if something wrong with the laptop, I guess I will unavoidably freak out and at that time definitely some days will waste. Thanks with best regards, P.S, In the past, if some books/webpage/blogs or anything which inspired you lots in this area, appreciate to share. I don't have CS background. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722113234.GC7631@desktop > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=qYOvDSVb+1hBqhANWi-6tNart=fspe6ffehmwr3z...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 15:25:03 +0800, lina wrote: > strangely my netstat showed my 139 and 445 ports are open. > > tcp0 0 0.0.0.0:445 0.0.0.0:*LISTEN > tcp0 0 0.0.0.0:139 0.0.0.0:*LISTEN > > Do I need specify > > -A INPUT -p tcp --dport 139 -j REJECT > > in iptables? (...) That makes no sense. If you have both ports open is because you have a running service that has opened them. If you have such service is because you need it, otherwise it should be stopped. If you need that service you will break it if you add a rule to your iptables. The question is, what do you want to do? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/juh138$nk6$7...@dough.gmane.org
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 06:44:04PM +0800, lina wrote:
Thanks, packet looks for the IP address first or MAC address first?
(seems I read something before, it's a book/document written in 2001,
kinda of aged? still don't understand.)
IPv4 hasn’t change since then, and IPv6 is working quite similiar.
But this is a question about ethernet networks and routing, so let me try
to explain it a little.
IPv4:
You probably have already seen IPv4 addresses. They are 32bit addresses,
normally written with a separating dot after 8bit, e.g. 192.168.1.20 or
193.99.144.85. If you see a .1., it should be .001.
The netmask has the same length. It is used together with the IP address
to separate the network part of the address from the host part.
Examples:
IP: 192.168.0.1, netmask: 255.255.255.0 means 192.169.0 is the network
part, .1 is the host part (short form 192.168.0.1/24).
IP: 10.20.4.3, netmask: 255.255.0.0 means 10.20 is the network part, 4.3
is the host part (short form 10.20.4.2/16).
You can reach any host within the network part without needing a router
or gateway. 10.20.4.3/16 can reach directly 10.20.120.75, but not
10.10.4.6.
The program subnetcalc will help you to understand network and hosts:
stse@minas-ithil:~$ subnetcalc 192.168.1.1 255.255.255.0
Address = 192.168.1.1
1100 . 10101000 . 0001 . 0001
Network = 192.168.1.0 / 24
Netmask = 255.255.255.0
Broadcast = 192.168.1.255
Wildcard Mask = 0.0.0.255
Hosts Bits= 8
Max. Hosts= 254 (2^8 - 2)
Host Range= { 192.168.1.1 - 192.168.1.254 }
Properties=
- 192.168.1.1 is a HOST address in 192.168.1.0/24
- Class C
- Private
It shows you that 192.168.1.0/24 can have 254 hosts. Two addresses are by
default the network address (192.168.1.0) and the broadcast address
(192.168.1.255) and can’t be used by hosts.
If you wish to leave your network and talk to other systems, you need
a router (or gateway). „/sbin/route -n” will show you your routes on your
host:
stse@minas-ithil:~$ env LANG=C /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0
The last line tells me, that I’m directly connected to the 192.168.1.0/24
network via eth0. My default gateway (see the letter G in the Flags
section) is 192.168.1.1 for everything else (destination 0.0.0.0).
You can only have one default gateway, but you can have several routes of
course (I could have an additional route telling me that to reach the
network 192.168.2.0/24 I have to use the gateway 192.168.1.2).
To send a packet over ethernet you need the MAC address of the ethernet
device, because ethernet devices don’t know anything about IP addresses.
The Address Resolution Protocol (ARP) is used to find a MAC address for
a given IP address.
So, we will try an example:
- Lina PC has the IP address 10.10.10.20/16
- your gateway is the 10.10.1.1
- your DNS server is the 10.10.30.1
Now you enter the command „ping www.heise.de”. What will happen?
First your system needs to resolve the name www.heise.de into an IP
address. This is a job for the DNS server. If you followed my
explanation about networks (and understand it, I hope ;-), you know that
you can reach your DNS server directly without a gateway. And you will
need the MAC address of the DNS server.
So your PC sends a broadcast to any host on your network and asks for the
MAC address of the system with the IP 10.10.30.1. Wireshark would decode
this broadcast with „Who has 10.10.30.1? Tell 10.10.10.20”. A Broadcast
is received by any network device on your network. The network device
passes the request to the TCP layer of the operating system. In our case
the DNS server says „Oh, it’s for me” and sends your PC the reply
„10.10.30.1 is at ”.
Now Lina PC has the MAC address of the DNS server and can ask it for the
IP address of www.heise.de and gets the result 193.99.144.85.
The next step is to send the ping packet to 193.99.144.85. Your PC knows
that this IP address is outside of its network. So it looks into the
routing table how to reach it. It has only a default gateway, so it has
to send the packet to the gateway.
Lina PC sends a broadcast again to ask for the MAC address of the gateway
10.10.1.1.
After the answer it sends the ping packet to 193.99.144.85, but the
destination MAC address is the gateway MAC address.
The gateway receives the ping packet because it has its MAC address as
destination, looks into the IP part of the packet, sees the destination
IP and then looks into its routing table to search for the „next hop” of
your packet. And so your packet is traveling from router to router until
it reaches its destination. ;-)
IPv6:
In most cases IPv6 is quite similiar to IPv4. The address length is with
128b
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012, lina wrote: > strangely my netstat showed my 139 and 445 ports are open. > > tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN > tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN > > Do I need specify > > -A INPUT -p tcp --dport 139 -j REJECT > > in iptables? It is good practice to not let ports 135, 137, 138, 139 and 445 get through the interface to *EXTERNAL* networks/Internet. They're used for services that ought to stay restricted to your internal network and VPNs. And they're required only if you use Windows-style network shares in your internal network. The same goes to port 631 (CUPS/IPP printing) and a few other ports that are used by services that nobody in an external network has any business messing with in the general case. If you don't need Windows-style networking at all, it is best to disable/remove/purge package "samba", which provices these services. This ought to close the 445 and 139 ports. > BTW, why need allow ping? from outside? It is useful for diagnostics initiated from the outside, and that's it. If you don't need it (i.e. you never ping your box from an outside network), you can safely drop incoming ICMP ECHO REQUESTS in the external interface (that type 8 in the iptable rule means ECHO REQUEST). Do not mess with the other ICMP types unless you know what you're doing, some of them must not be dropped at all, while some others are required only in specific network topologies. The kernel already does a very good job at ignoring rogue ICMPs by default. http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722134949.gb6...@khazad-dum.debian.net
Re: Tools in Debian to create whole disk image (multiple partitions)?
On Sun, 22 Jul 2012 10:10:04 +0300, Andrei POPESCU wrote: (...) > A web search seems to indicate CloneZilla might do the trick, but it's > not in Debian. > > Any suggestions? CloneZilla did a good job for me time ago and it can be run from a live medium, nothing needs to be installed. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/juh03d$nk6$6...@dough.gmane.org
Re: Why have d-community-offtopic? (Re: What does group consider to be "on topic"?)
On Sun, 22 Jul 2012 19:06:48 +1200, Chris Bannister wrote: > On Sat, Jul 21, 2012 at 11:32:14AM +, Camaleón wrote: >> On Sat, 21 Jul 2012 23:19:07 +1200, Chris Bannister wrote: >> >> > On Fri, Jul 20, 2012 at 02:46:43PM +, Camaleón wrote: >> >> But I wouldn't post there how to configure an Oracle database with >> >> the current Debian stable. Hope you see the "slightly" difference >> >> between a brocolli and Oracle. >> > >> > Umm, I think so. :) I hope you see Oracle support doesn't come under >> > the "umbrella" of debian-user. >> >> No, of course; it was just an example for a question that can fit here >> tagged with [OT]. > > But, it **IS** ON TOPIC if they are not looking for Oracle support, so > marking it [OT] is counter productive. And when is that to happen? What's the line that makes the difference between both? In the end, you are asking for support about an Oracle product, right? > logical conclusion: > d-community-offtopic would be the list to post to if they wanted free > Oracle support. The list to post would be in that case the Oracle forum or mailing lists but the OP already knows that and he/she is not looking for *that kind* of support, that's why he/she tags the subject as OT here, not in debian offtopic ML. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jugvoj$nk6$5...@dough.gmane.org
Re: Iceweasel disables Java plugin, demands non-Debian package
On Sat, 21 Jul 2012 18:46:02 -0400, Carl Fink wrote: > If I want to use Java applets (needed, for instance, to watch PBS > video), I can install icedtea-7-plugin, which depends on openjdk. > > Then Iceweasel disables it with no option to re-enable it and says, "For > your safety, Firefox has disabled your outdated version of Java. Please > upgrade to the latest version." > (https://www.mozilla.org/en-US/plugincheck/) Because of this, I guess: https://blog.mozilla.org/addons/2012/04/02/blocking-java/ Curiously, I'm running an old version of the java plugin (lenny) but it has not been disabled: *** Java(TM) Plug-in 1.6.0_26 The next generation Java plug-in for Mozilla browsers. Vulnerable (more info) Update Now *** Additional info: http://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist > So for Debian, Iceweasel demands a plugin which Debian no longer > supports, since the sun-java package has been deprecated. > > This seems like a bad thing. > > Should I file a bug? > > Using Wheezy. There's a bug report opened with some comments on this: https://bugzilla.mozilla.org/show_bug.cgi?id=739955#c65 Maybe is just something needs to be updated :-? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jugv9p$nk6$4...@dough.gmane.org
Re: Daemons in schroot or how to start chroot automatically
On Sam, 2012-07-21 at 22:05 +0100, Roger Leigh wrote: > On Sat, Jul 21, 2012 at 04:52:24PM +, Ramon Hofer wrote: > > On Sat, 21 Jul 2012 11:54:58 +, Ramon Hofer wrote: > > > > > I found what I did wrong: In the init.d script I used chroot instead of > > > schroot: > > > http://pastebin.com/raw.php?i=Lamy4K4a > > > > > > Could you please help me with the correct command? > > > Instead of `chroot /srv/chroot/sid /etc/init.d/sabnzbdplus start` can I > > > use `schroot -c sid sabnzbdplus start`? > > > > > > Then this would be my new schroot script: > > > http://pastebin.com/raw.php?i=Lamy4K4a > > > > I have made some changes to my script: > > http://pastebin.com/raw.php?i=VFr77mwK > > > > There's some mess with the output of the commands. So it's not really > > nice but it's working. > > > > I've tried to use the -q option for schroot but it's still talking... > > Firstly, add schroot to Required-(Start|Stop), since you do > need it to be set up prior to starting new sessions. Thanks for the hint! I added $schroot at the end (don't know if the ordering matters...) > I would also check the return status of schroot. If sid-sab > already exists, then session creation will fail, and you'll > reuse the old session. That might not be incorrect, but > in the general case, I'd recommend checking. I was thinking about this too. But I saw no need to create a new session if the old is still there. What could be drawbacks of doing so? > What "talking" are you seeing? --quiet should hide all the > messages, unless there's a problem. I was wrong there. The only output I see is from schroot -bq -n $NAME -c $SCHROOT It returns $NAME. But I've already changed to sabnzbdplus init script from the sid schroot to output something like [ ok ] Starting SABnzbd+ binary newsgrabber in sid chroot:. I have tried this $NAME=$(schroot -bq -n $NAME -c $SCHROOT) But when the init.d script is called the second time with start then it return E: /etc/init.d/sabnzbdplus: Chroot not found That's why I have added >/dev/null to the creation command schroot -bq -n $NAME -c $SCHROOT >/dev/null Now everything seems to run as expected. Except maybe the re-usage of an old schroot session? Cheers Ramon -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342963549.3425.10.camel@hoferr-desktop.hofer.rummelring
Re: What does this mean?
On Sat, 21 Jul 2012 11:58:52 -0600, Paul E Condon wrote: > I'm running a computer box that is recently purchased second hand - new > to me, but not new. While running a script that does a disk to disk > copy with some reformatting on a file of a few GB, I got this burst of > lines on all open gnome-terminal windows: > > start of cut and paste: > Message from syslogd@gq at Jul 21 04:40:03 ... > kernel:[233576.618678] Oops: 0002 [#1] SMP (...) > Message from syslogd@gq at Jul 21 04:40:03 ... > kernel:[233576.618994] EIP: [] > jbd2_journal_grab_journal_head+0xf/0x36 [jbd2] SS:ESP 0068:f6e83d38 (...) You got a kernel oops, and Google suggests as a possible source of the error a bad memory RAM stick (long mode). Being a second hand computer you better run a memtest and run a pile of system stress tests to check the computer components health (mainly micro, memory and hard disks). Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jugun1$nk6$3...@dough.gmane.org
Re: Per user "gnome-shell.css"
On Sat, 21 Jul 2012 19:42:29 +0200, Julio wrote: > El 21/07/2012 13:43, Camaleón escribió: >> Hello, >> >> I would like to use a customized "gnome-shell.css" file instead having >> to edit the system wide file located in >> "/usr/share/gnome-shell/theme/gnome- shell.css" because on every >> "gnome-shell-common" update the file is overwritten. >> >> Is is possible to place this single file under the user's home or will >> it be necessary to clone the whole Adwaita theme? > > Maybe this can help you: > > http://therning.org/magnus/archives/933 Thanks Julio, that seems the way to go. After reading the article, it seems that I had to copy the full theme to the user's home in order to modifiy the gnome-shell look. I will have to reconsider it, though, I was looking for something easy which involved managing a single file but I'm afraid there's no other way. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jugua2$nk6$2...@dough.gmane.org
Re: is it rational to close the 139 port
Claudius Hubig a écrit : > > While it is technically possible to block these requests for IPv4, > you should never block ICMPv6, since it is necessary to do SLAAC. Not only SLAAC (which is optional) but also neighbour discovery, which is mandatory in most cases on a shared medium such as ethernet as it plays a similar role as ARP does for IPv4. However only a few ICMPv6 types are used by neighbour discovery, and echo request/reply are not part of them. Namely : neighbour solicitation neighbour advertisement router solicitation router advertisement -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bf821.3080...@plouf.fr.eu.org
installion problem
hello,while installing debian os, after providing partitioning and applying it some error is occuring(unable to partition error: /dev/sda). or without providing partition too, its viewing read errorhoping for a solution to this problem With Regards, Asif
Optimal Storage Server
Hello, I am trying to put together a 2U storage server for data. I have previously invested in NAS equipment such as the Netgear NAS 1100 that I have been disappointed in to say the least - data write speed of 5MB/s. This time around I want to build something that I have control over hardware than to rely on equipment that I am locked in with, and not to mention limitations. I would like an opinion from this group on successful implementation as I will highly be using the server for vitalization disks (iSCSI), backup, file share, etc. I want to make sure that I chose the right hardware to get the best read/write performance. Experiences shared will greatly be appreciated. Thanks, Sam. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500be6ec.2060...@gmail.com
Re: is it rational to close the 139 port
On Sun 22 Jul 2012 at 18:08:25 +0800, lina wrote: > On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner wrote: > > On 7/22/2012 3:37 AM, lina wrote: > > > >> P.S I also found > >> > >> tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN > >> tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > >> tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN > > > > Instead of doing this piecemeal, post the output of: > > > > ~$ netstat -ant|grep LISTEN > > > > and we'll go through the list together, trimming the fat. > > # netstat -ant|grep LISTEN > tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN > tcp6 0 0 :::143 :::*LISTEN > tcp6 0 0 :::80 :::*LISTEN > tcp6 0 0 :::22 :::*LISTEN > tcp6 0 0 ::1:631 :::*LISTEN > > Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, > respectively, CUPS and the mailserver only listen for connections from localhost. This is as safe as it gets without removing the two services. The ssh and webserver daemons are available on the network. Presumably this is what you want. Their security will depend on how you have configured them. Debian sshd can be run safely with the default install. For port 538 try lsof -i :538 It's probably gdomap, which is part of GNUstep. By default it will not probe for other servers (see /etc/default/gdomap), so that looks ok. Only you know whether you need GNUstep. Port 143 is likely to be imap. It too can be accessed from the network. Is that your intention? Heaven above knows why you need a firewall. These services are quite capable of getting on with life without iptables being involved. So are you. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722113234.GC7631@desktop
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 5:18 PM, Joe wrote: > On Sun, 22 Jul 2012 16:44:13 +0800 > lina wrote: > >> >> Checked, now only 22 80 open with 443 closed. >> another thing is that the nmap can scan my MAC address correctly. >> is it bad? (I guess I will feel comfortable if the MAC address is >> hidden) >> > > All network communication is actually based on MAC addresses, if it > can't be seen, you can't talk. > > Try arp -a as root to see what other computers yours has recently > talked to. A cache is kept to speed things up, but only for a few > minutes, otherwise your computer has to broadcast to look up a link > between IP address and MAC. Thanks, packet looks for the IP address first or MAC address first? (seems I read something before, it's a book/document written in 2001, kinda of aged? still don't understand.) > > If you have a rainy afternoon to while away, install Wireshark and have > a play with it. Try various network connections while a capture is > running, and play with the filtering. One day you will need to use it > in anger. (Here "in anger", you implied that the wireshark was not so much fun to play with? just curious... I installed but never see how can it be useful, or mainly I don't know what/how to check among so much information it popped up.) > > Here is a fragment of a capture showing my workstation trying to find > the server using the ARP protocol. It hasn't connected for a time, so > the server isn't in its cache: > > No. Time Source Destination Protocol Length Info > > 5 5.007111000Giga-Byt_xx:xx:xx Hewlett-_xx:xx:xx ARP 42 > Who has 192.168.99.3? Tell 192.168.99.101 > > 6 5.007315000Hewlett-_xx:xx:xx Giga-Byt_xx:xx:xx ARP 60 > 192.168.99.3 is at xx:xx:xx:xx:xx:xx > > Sorry about the wrap, but email isn't designed for this sort of thing. > Note that the first half of the MAC is a vendor ID, and Wireshark > decodes it. Thank you. I will do a try, Best regards, > > -- > Joe > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722101816.4e778...@jretrading.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmk2cbbn6s7ujmddt1odc0sxr1p19u75gktd9k79mbw...@mail.gmail.com
Re: Tools in Debian to create whole disk image (multiple partitions)?
Good time of the day, Andrei. You worte: > Any suggestions? Why don't You copy Your installation w/ "cp -a" and reconfiguring then grub for the copy - to another disk (USB one?). OR I'm missing something? Sthu. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bd84b.c76c980a.3f31.8...@mx.google.com
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 11:32:58 +0200 Pascal Hambourg wrote: > Joe a écrit : > > > > All network communication is actually based on MAC addresses > > No. Communication over an ethernet network is, but not all network > communication is. > > I realise that, but there are only so many levels of complexity which are worth introducing at once. The more 'buts' and 'excepts' in an explanation, the harder it is to follow. The point being made was that MAC addresses cannot be concealed, which is valid wherever MAC addresses exist. The issue does not arise in those interfaces which don't use Ethernet at the PC, such as DSL modems and cellphone dongles and virtual interfaces like VPNs, nor away from the PC across routers into other broadcast domains. But a computer within a local network will communicate entirely by Ethernet, either wired or wireless. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722113009.68486...@jretrading.com
Re: Epson Perfection 1240U USB scanner device not found
Joel Roth wrote:
> This scanner is supposed to be fully supported by SANE.
> But scanimage --list-devices only show my notebook camera.
I see further down the thread that you have determined that scanimage
needs root.
I have also found that my Perfection 2480 needed a firmware upload
("esfw41.bin", snaffled, I think, from the Windows installation
files). This I configured in /etc/sane.d/scanscan.conf. I notice this
file mentions the 2480 but not the 1240, so you might be alright.
Chris
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/gnusd9x5fp@news.roaima.co.uk
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 5:14 PM, Pascal Hambourg wrote: > Hello, > > lina a écrit : >> root@debian:/etc/iptables# dpkg --get-selections | grep gdomap >> >> no gdomap installed, >> # dpkg -L gdomap >> Package `gdomap' is not installed. >> Use dpkg --info (= dpkg-deb --info) to examine archive files, >> and dpkg --contents (= dpkg-deb --contents) to list their contents. >> >> But # which gdomap >> /usr/bin/gdomap > > To search which package a file belongs to : > $ dpkg -S /usr/bin/gdomap > will find the package gnustep-base-runtime. > $ man gdomap > will tell you what this program does. Don't ask me, I have never heard > of it before. > Maybe /etc/default/gdomap has options to tune it. Thanks, Shall I keep or purge the gdomap? Best regards, > > A port listening on 127.x.y.z or ::1 is fine : such addresses are > reachable only from the host itself. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/500bc474.7050...@plouf.fr.eu.org > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmnczhT=0uqadp2p8w0xktxjbnzrtquxpwpkfxqfkju...@mail.gmail.com
Re: is it rational to close the 139 port
On 07/22/2012 01:08 PM, lina wrote: > Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, > respectively, > > Best regards, > > P.S I will be glad to know more. You can get the official list of what goes where from the file /etc/services Regards /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bd18b.6050...@gmail.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner wrote: > On 7/22/2012 3:37 AM, lina wrote: > >> P.S I also found >> >> tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN >> tcp0 0 127.0.0.1:250.0.0.0:* LISTEN >> tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN > > Instead of doing this piecemeal, post the output of: > > ~$ netstat -ant|grep LISTEN > > and we'll go through the list together, trimming the fat. # netstat -ant|grep LISTEN tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:250.0.0.0:* LISTEN tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN tcp6 0 0 :::143 :::*LISTEN tcp6 0 0 :::80 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 ::1:631 :::*LISTEN Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, respectively, Best regards, P.S I will be glad to know more. > > -- > Stan > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/500bc87a.4050...@hardwarefreak.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmnG+cSqmK=diswYTHOF0ooY5d00LiOxPp8OFUotX+a=r...@mail.gmail.com
Re: is it rational to close the 139 port
Hello lina, this is a rather strange name :) lina wrote: > BTW, why need allow ping? from outside? > 59 # Allow ping > 60 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT It doesn’t help to block ICMP echo requests: - if you block them by dropping them, the other party knows that you are (most likely) there, since otherwise the last-but-one hop would return ‘No route to host’. - if you block them by rejecting them, the other party knows that you are there. - if you accept them, the other party knows that you are there and is able to link no replies to network problems (see first point). While it is technically possible to block these requests for IPv4, you should never block ICMPv6, since it is necessary to do SLAAC. Best regards, Claudius -- A board is the planck unit of boredom. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: is it rational to close the 139 port
Joe a écrit : > > All network communication is actually based on MAC addresses No. Communication over an ethernet network is, but not all network communication is. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bc8ca.9010...@plouf.fr.eu.org
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 16:58:33 +0800 lina wrote: > sorry, this one is easy to read > > # netstat -tupan | grep 538 > tcp0 0 0.0.0.0:538 0.0.0.0:* > LISTEN 2366/gdomap > udp0 0 0.0.0.0:538 0.0.0.0:* > 2366/gdomap > > > gdomap appears to be part of GNUstep: http://www.gnustep.org/resources/documentation/Developer/Tools/Reference/gdomap.html http://linux.die.net/man/8/gdomap -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722103940.3916e...@jretrading.com
Re: is it rational to close the 139 port
On 7/22/2012 3:37 AM, lina wrote: > P.S I also found > > tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN Instead of doing this piecemeal, post the output of: ~$ netstat -ant|grep LISTEN and we'll go through the list together, trimming the fat. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bc87a.4050...@hardwarefreak.com
Re: is it rational to close the 139 port
Hello, lina a écrit : > root@debian:/etc/iptables# dpkg --get-selections | grep gdomap > > no gdomap installed, > # dpkg -L gdomap > Package `gdomap' is not installed. > Use dpkg --info (= dpkg-deb --info) to examine archive files, > and dpkg --contents (= dpkg-deb --contents) to list their contents. > > But # which gdomap > /usr/bin/gdomap To search which package a file belongs to : $ dpkg -S /usr/bin/gdomap will find the package gnustep-base-runtime. $ man gdomap will tell you what this program does. Don't ask me, I have never heard of it before. Maybe /etc/default/gdomap has options to tune it. A port listening on 127.x.y.z or ::1 is fine : such addresses are reachable only from the host itself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bc474.7050...@plouf.fr.eu.org
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 16:44:13 +0800 lina wrote: > > Checked, now only 22 80 open with 443 closed. > another thing is that the nmap can scan my MAC address correctly. > is it bad? (I guess I will feel comfortable if the MAC address is > hidden) > All network communication is actually based on MAC addresses, if it can't be seen, you can't talk. Try arp -a as root to see what other computers yours has recently talked to. A cache is kept to speed things up, but only for a few minutes, otherwise your computer has to broadcast to look up a link between IP address and MAC. If you have a rainy afternoon to while away, install Wireshark and have a play with it. Try various network connections while a capture is running, and play with the filtering. One day you will need to use it in anger. Here is a fragment of a capture showing my workstation trying to find the server using the ARP protocol. It hasn't connected for a time, so the server isn't in its cache: No. Time Source Destination Protocol Length Info 5 5.007111000Giga-Byt_xx:xx:xx Hewlett-_xx:xx:xx ARP 42 Who has 192.168.99.3? Tell 192.168.99.101 6 5.007315000Hewlett-_xx:xx:xx Giga-Byt_xx:xx:xx ARP 60 192.168.99.3 is at xx:xx:xx:xx:xx:xx Sorry about the wrap, but email isn't designed for this sort of thing. Note that the first half of the MAC is a vendor ID, and Wireshark decodes it. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722101816.4e778...@jretrading.com
Re: is it rational to close the 139 port
sorry, this one is easy to read # netstat -tupan | grep 538 tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN 2366/gdomap udp0 0 0.0.0.0:538 0.0.0.0:* 2366/gdomap Thanks, -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=__m6UWqZKRHG3Svy=6Pjk3Z237n-pnjpj=ghjw6t...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 4:44 PM, Joe wrote: > On Sun, 22 Jul 2012 16:37:16 +0800 > lina wrote: > >> >> P.S I also found >> >> tcp0 0 127.0.0.1:631 0.0.0.0:* >> LISTEN tcp0 0 127.0.0.1:25 >> 0.0.0.0:* LISTEN tcp0 0 >> 0.0.0.0:538 0.0.0.0:* LISTEN >> >> >> 631 is for network printer, I am confused why it need LISTEN here, I >> only print once or twice each month. >> >> What 538 is for? I googled, but I don't have gdomap >> installed, strange? >> > > Run netstat -tupan as root, and it will also show you the processes > associated with the ports. The -p does that, and as root, it will show > all processes, not just yours. # netstat -tupan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5466/sshd tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1945/cupsd tcp0 0 127.0.0.1:250.0.0.0:* LISTEN 2306/exim4 tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN 2366/gdomap tcp0 0 172.21.48.67:60259 208.93.141.90:80 TIME_WAIT - tcp0 0 172.21.48.67:55221 155.69.57.55:22 ESTABLISHED 5507/ssh tcp0 0 172.21.48.67:47085 74.125.235.54:443 TIME_WAIT - tcp6 0 0 :::143 :::* LISTEN 1866/couriertcpd tcp6 0 0 :::80 :::* LISTEN 1719/apache2 tcp6 0 0 :::22 :::* LISTEN 5466/sshd tcp6 0 0 ::1:631 :::* LISTEN 1945/cupsd udp0 0 0.0.0.0:19777 0.0.0.0:* 2695/dhclient udp0 0 0.0.0.0:68 0.0.0.0:* 5405/dhclient udp0 0 0.0.0.0:68 0.0.0.0:* 2826/dhclient udp0 0 0.0.0.0:68 0.0.0.0:* 2695/dhclient udp0 0 172.21.48.67:1230.0.0.0:* 2905/ntpd udp0 0 127.0.0.1:123 0.0.0.0:* 2905/ntpd udp0 0 0.0.0.0:123 0.0.0.0:* 2905/ntpd udp0 0 0.0.0.0:538 0.0.0.0:* 2366/gdomap udp0 0 0.0.0.0:53856 0.0.0.0:* 2826/dhclient udp0 0 0.0.0.0:54035 0.0.0.0:* 5405/dhclient udp6 0 0 :::20444:::* 5405/dhclient udp6 0 0 :::28780:::* 2695/dhclient udp6 0 0 :::49268:::* 2826/dhclient udp6 0 0 fe80::ca2a:14ff:fe0:123 :::* 2905/ntpd udp6 0 0 ::1:123 :::* 2905/ntpd udp6 0 0 :::123 :::* 2905/ntpd root@debian:/etc/iptables# dpkg --get-selections | grep gdomap no gdomap installed, # dpkg -L gdomap Package `gdomap' is not installed. Use dpkg --info (= dpkg-deb --info) to examine archive files, and dpkg --contents (= dpkg-deb --contents) to list their contents. But # which gdomap /usr/bin/gdomap Thanks, P.S if you notice something abnormal form the netstat, please feel free to let me know. Best regards, > > -- > Joe > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722094412.3cdc0...@jretrading.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmkoWEn=e38w7yvo_wu5sxuoaxeguqra+_mtohmbw5d...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 4:35 PM, Joe wrote: > On Sun, 22 Jul 2012 15:59:29 +0800 > lina wrote: > >> On Sun, Jul 22, 2012 at 3:49 PM, Andrei POPESCU >> wrote: >> > On Du, 22 iul 12, 15:41:16, lina wrote: >> >> >> >> Thanks, I don't have some basic understanding about samba, >> >> will read something about it. >> >> just a short quick question, is it necessary to keep it? >> > >> > Only you can tell since we don't know what you use/need. >> I felt a bit silly to ask, and a bit annoyed about myself for knowing >> so little. >> seems no need to share files with outside. >> have rejected all inbound towards the port 139 and 445. >> > > These ports should never be open to the Net, or any potentially hostile > computers, as there is a great deal of activity by bots looking for open > Windows shares. > > If this machine is part of a network which shares files using the > Windows SMB protocol, and this machine hosts shares, then the ports > need to be open to the other network machines. If it's a standalone > computer, or doesn't host any shares, you don't need samba running at > all, or even installed. If you need to access SMB shares on other > machines, the client programs to do this do not need the main samba > program to be installed. > > You should probably be working towards rejecting all incoming packets, > and only explicitly permitting what you need. That way, you don't need > to worry about samba ports or what the portmapper does, etc. > > If you can, run nmap from another network computer to see what ports are > actually available, since netstat doesn't take iptables filtering into Checked, now only 22 80 open with 443 closed. another thing is that the nmap can scan my MAC address correctly. is it bad? (I guess I will feel comfortable if the MAC address is hidden) > account, and can worry you needlessly. If you have a standalone > computer, Shields Up!! on the site http://grc.com will show ports open > to the Internet, but it can do only very limited tests compared with > nmap, and you must ignore all the dire warnings on the site, intended > to panic Windows users into doing something to protect themselves. > > If for reasons above, you do need to run samba and allow access, the > samba configuration allows you to specify IP addresses which have > access. The configuration file is a bit of a beast, but the samba web > administration tool (SWAT) takes away some of the pain. Iptables will > also do this, of course, but as always, belt *and* braces... it is > always embarrassing to discover that last time you were debugging a > networking problem, you temporarily turned off iptables and forgot to > re-enable it. samba has been purged. there are really HUGE things to learn. Thanks again, Best regards, > > -- > Joe > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722093526.269af...@jretrading.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmnJQeibQHRnWOShWwxgEdo-=r6oe4rpjciv5afh1x9...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 16:37:16 +0800 lina wrote: > > P.S I also found > > tcp0 0 127.0.0.1:631 0.0.0.0:* > LISTEN tcp0 0 127.0.0.1:25 > 0.0.0.0:* LISTEN tcp0 0 > 0.0.0.0:538 0.0.0.0:* LISTEN > > > 631 is for network printer, I am confused why it need LISTEN here, I > only print once or twice each month. > > What 538 is for? I googled, but I don't have gdomap > installed, strange? > Run netstat -tupan as root, and it will also show you the processes associated with the ports. The -p does that, and as root, it will show all processes, not just yours. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722094412.3cdc0...@jretrading.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 4:30 PM, Stan Hoeppner wrote: > On 7/22/2012 2:59 AM, lina wrote: >> On Sun, Jul 22, 2012 at 3:49 PM, Andrei POPESCU >> wrote: >>> On Du, 22 iul 12, 15:41:16, lina wrote: Thanks, I don't have some basic understanding about samba, will read something about it. just a short quick question, is it necessary to keep it? >>> >>> Only you can tell since we don't know what you use/need. >> I felt a bit silly to ask, and a bit annoyed about myself for knowing >> so little. >> seems no need to share files with outside. >> have rejected all inbound towards the port 139 and 445. > > If you don't need it, why not disable the service and free up the memory > the smbd/nmbd daemons are using? Maybe I wasn't clear. > > Disabling the Samba service, or simply uninstalling Samba, closes those > ports. When the ports are closed, there's no need to firewall them. If > you do anyway, it's like putting a padlock on a steel door that's been > welded shut. If you need a few pounds of dynamite to blow the door > open, the padlock yields zero extra protection. Same for firewalling. > The solution is very simple: > > ~$ aptitude remove samba Thanks, I have purged the samba just now. Haha ... Best regards, P.S I also found tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:250.0.0.0:* LISTEN tcp0 0 0.0.0.0:538 0.0.0.0:* LISTEN 631 is for network printer, I am confused why it need LISTEN here, I only print once or twice each month. What 538 is for? I googled, but I don't havegdomap installed, strange? Thanks again, > > -- > Stan > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/500bba1d.5040...@hardwarefreak.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmkv5br9o4bxnqg9obqzjdfawypq_q7ugvg4mvffua0...@mail.gmail.com
Re: is it rational to close the 139 port
On Sun, 22 Jul 2012 15:59:29 +0800 lina wrote: > On Sun, Jul 22, 2012 at 3:49 PM, Andrei POPESCU > wrote: > > On Du, 22 iul 12, 15:41:16, lina wrote: > >> > >> Thanks, I don't have some basic understanding about samba, > >> will read something about it. > >> just a short quick question, is it necessary to keep it? > > > > Only you can tell since we don't know what you use/need. > I felt a bit silly to ask, and a bit annoyed about myself for knowing > so little. > seems no need to share files with outside. > have rejected all inbound towards the port 139 and 445. > These ports should never be open to the Net, or any potentially hostile computers, as there is a great deal of activity by bots looking for open Windows shares. If this machine is part of a network which shares files using the Windows SMB protocol, and this machine hosts shares, then the ports need to be open to the other network machines. If it's a standalone computer, or doesn't host any shares, you don't need samba running at all, or even installed. If you need to access SMB shares on other machines, the client programs to do this do not need the main samba program to be installed. You should probably be working towards rejecting all incoming packets, and only explicitly permitting what you need. That way, you don't need to worry about samba ports or what the portmapper does, etc. If you can, run nmap from another network computer to see what ports are actually available, since netstat doesn't take iptables filtering into account, and can worry you needlessly. If you have a standalone computer, Shields Up!! on the site http://grc.com will show ports open to the Internet, but it can do only very limited tests compared with nmap, and you must ignore all the dire warnings on the site, intended to panic Windows users into doing something to protect themselves. If for reasons above, you do need to run samba and allow access, the samba configuration allows you to specify IP addresses which have access. The configuration file is a bit of a beast, but the samba web administration tool (SWAT) takes away some of the pain. Iptables will also do this, of course, but as always, belt *and* braces... it is always embarrassing to discover that last time you were debugging a networking problem, you temporarily turned off iptables and forgot to re-enable it. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722093526.269af...@jretrading.com
Re: is it rational to close the 139 port
On 7/22/2012 2:59 AM, lina wrote: > On Sun, Jul 22, 2012 at 3:49 PM, Andrei POPESCU > wrote: >> On Du, 22 iul 12, 15:41:16, lina wrote: >>> >>> Thanks, I don't have some basic understanding about samba, >>> will read something about it. >>> just a short quick question, is it necessary to keep it? >> >> Only you can tell since we don't know what you use/need. > I felt a bit silly to ask, and a bit annoyed about myself for knowing > so little. > seems no need to share files with outside. > have rejected all inbound towards the port 139 and 445. If you don't need it, why not disable the service and free up the memory the smbd/nmbd daemons are using? Maybe I wasn't clear. Disabling the Samba service, or simply uninstalling Samba, closes those ports. When the ports are closed, there's no need to firewall them. If you do anyway, it's like putting a padlock on a steel door that's been welded shut. If you need a few pounds of dynamite to blow the door open, the padlock yields zero extra protection. Same for firewalling. The solution is very simple: ~$ aptitude remove samba -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bba1d.5040...@hardwarefreak.com
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 3:49 PM, Andrei POPESCU wrote: > On Du, 22 iul 12, 15:41:16, lina wrote: >> >> Thanks, I don't have some basic understanding about samba, >> will read something about it. >> just a short quick question, is it necessary to keep it? > > Only you can tell since we don't know what you use/need. I felt a bit silly to ask, and a bit annoyed about myself for knowing so little. seems no need to share files with outside. have rejected all inbound towards the port 139 and 445. > > Kind regards, Thanks, Best regards, > Andrei > -- > Offtopic discussions among Debian users and developers: > http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=et-8ickrgvri3s2m9p_ywwxtj0e-3r0ubwjludr8...@mail.gmail.com
Re: is it rational to close the 139 port
On Du, 22 iul 12, 15:41:16, lina wrote: > > Thanks, I don't have some basic understanding about samba, > will read something about it. > just a short quick question, is it necessary to keep it? Only you can tell since we don't know what you use/need. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: is it rational to close the 139 port
On Sun, Jul 22, 2012 at 3:36 PM, Stan Hoeppner wrote: > On 7/22/2012 2:25 AM, lina wrote: > > Hi Lina, Hi, > >> strangely my netstat showed my 139 and 445 ports are open. >> >> tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN >> tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN > > These ports are used by Samba. If you want these ports closed simply > disable the Samba service. If you need Samba, leave the ports open. If > you don't know what Samba is: > > http://www.samba.org/ Thanks, I don't have some basic understanding about samba, will read something about it. just a short quick question, is it necessary to keep it? Best regards, > > -- > Stan > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/500bad78.40...@hardwarefreak.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmmv9lbvryojssjv6ly3tklo70l84rsg9b5zn0drvh4...@mail.gmail.com
Re: is it rational to close the 139 port
On 7/22/2012 2:25 AM, lina wrote: Hi Lina, > strangely my netstat showed my 139 and 445 ports are open. > > tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN > tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN These ports are used by Samba. If you want these ports closed simply disable the Samba service. If you need Samba, leave the ports open. If you don't know what Samba is: http://www.samba.org/ -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bad78.40...@hardwarefreak.com
SOLVED: Re: need simply CLI only live ISO
On 7/22/2012 12:36 AM, Alex Mestiashvili wrote: > On 07/22/2012 07:00 AM, Stan Hoeppner wrote: >> Look'n for a small ISO that'll boot CLI only and allow me to run dd. I >> simply need to wipe the first few KB/MB of a drive. It's an SSD >> otherwise I'd just use DBAN. >> >> Thanks. >> >> > I would suggest grml , small version. Thanks Alex. Exactly what I was looking for. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/500bac2d.4000...@hardwarefreak.com
Re: What does this mean?
On Sat, Jul 21, 2012 at 11:58:52AM -0600, Paul E Condon wrote: > I'm running a computer box that is recently purchased second hand - > new to me, but not new. While running a script that does a disk to > disk copy with some reformatting on a file of a few GB, I got this > burst of lines on all open gnome-terminal windows: > > start of cut and paste: [snip kernel messages. > end > > The computer is a Dell desktop on which I have loaded Squeeze and > Gnome. I've seen this type of outburst from this computer before, but > haven't had the presence of mind to capture a copy and send it to this > list. The computer is running only a home brew data processing script > in written in Bash and there are several window open to monitor > different aspects of its progress. The script does not crash. It > continues to be possible to interact with it, including, even using > aptitude to install software. What does this outburst mean? Dunno, but I wouldn't trust it. I'd suspect a h/w problem. Don't store any important data on it. Can you guarrantee that the data integrity is ok? Boot a knoppix cd, run memtest. Find a test disk to test h/w HDD, motherboard, etc Anyone know of any good ones? I'm on the lookout for some myself :) -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722072400.GC19708@tal
is it rational to close the 139 port
Hi, strangely my netstat showed my 139 and 445 ports are open. tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN Do I need specify -A INPUT -p tcp --dport 139 -j REJECT in iptables? For all INPUT has already set -P INPUT DROP, except open for 80, 443, 22, BTW, why need allow ping? from outside? 59 # Allow ping 60 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT I know so little, thanks very much for your expilanation, Best regards, -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmmyf4hi5akjdzox8nxew2lvbpnyu0asdytcjz9asb9...@mail.gmail.com
Re: Why have d-community-offtopic? (Re: What does group consider to be "on topic"?)
On Sat, Jul 21, 2012 at 11:32:14AM +, Camaleón wrote: > On Sat, 21 Jul 2012 23:19:07 +1200, Chris Bannister wrote: > > > On Fri, Jul 20, 2012 at 02:46:43PM +, Camaleón wrote: > >> But I wouldn't post there how to configure an Oracle database with the > >> current Debian stable. Hope you see the "slightly" difference between a > >> brocolli and Oracle. > > > > Umm, I think so. :) I hope you see Oracle support doesn't come under > > the "umbrella" of debian-user. > > No, of course; it was just an example for a question that can fit here > tagged with [OT]. But, it **IS** ON TOPIC if they are not looking for Oracle support, so marking it [OT] is counter productive. logical conclusion: d-community-offtopic would be the list to post to if they wanted free Oracle support. -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722070647.GB19708@tal
Tools in Debian to create whole disk image (multiple partitions)?
Hello list, My Raspberry Pi arrived a few days ago and yesterday I finally managed to run the installer for Raspbian (Debian wheezy armhf recompiled for the Raspberry Pi). Since the installation is not very fast due to the speed of the SD card (and I may want to contribute images anyway) I want to create an image of the SD card used for installation, possibly in different stages (fresh install, all updates, etc.). Unfortunately dd creates an image as big as the SD card (7,5 GiB) and GNU ddrescue with the --sparse option will create a file of 5,7 GiB. (the base + SSH server install is ~ 0,6 GiB) Partimage, as far as I can tell, only works on individual partitions, but I want to image the whole card. A web search seems to indicate CloneZilla might do the trick, but it's not in Debian. Any suggestions? Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
