Tip: Search Command Line Commands w/First Letters And Tab
On 5/2/14, Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Ok, if I don't remember the complete command name and I like to use the tab key to show me a list of available commands (r typing the complete command name is to much work, then I first type the first characters without sudo, push the tab key and after that I add sudo. [rocketmouse@archlinux ~]$ ch chacl chattrcheckdotdin checkupdates chfn chmod chpasswordchrt chage chcon checkgid checkXML chgpasswd chmorph chromedriver chsh charmap chcp check_hd cheesechgrp chown chromium chuser chat chcpu check-regexp chem chktex chpasswd chrootchvt [rocketmouse@archlinux ~]$ sudo ch Am in my inbox digging around and came across this older post. Seemed like a useful memory aid oriented tip to highlight. I just tried it, and it works great in GNOME Terminal. I tried three letters, too. I tried deb and received just debconf back at first for some reason. For kicks and giggles since only one command came back, I hit the tab key a couple more times again and ended up receiving a list of all commands that begin with debconf. Very cool. My thoughts are always that maybe someone else doesn't know it exists, and maybe they know of just the right wish list where this feature or a tweak of it would be perfect for the next upgrade of something else Debian out there. :) Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with plastic sporks * -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAO1P-kBf7mjVRi0u6cLv09XBQCycOEb=pjhdndn2lrcn3uf...@mail.gmail.com
Re: Have I been hacked?
On 01/09/2015 09:19 PM, Jerry Stuckle wrote: On 1/9/2015 8:49 PM, Joel Rees wrote: On Fri, Jan 9, 2015 at 6:25 PM, Martin Steigerwald mar...@lichtvoll.de wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. What do you mean by that? Okay, one can try to guess the key, but try that with a 4096 bit key. Hmm. 10 characters, 6 to 7 bits per character, that's 60 bits. If the bits are truly random, straight brute-force will take, on average, half of 2^60 attempts. We can hold the integer 2^59 in a C variable on most recent desktops, but if we have bc (dc if you like post-fix), we can do this on even 32 bit CPUs: 576460752303423488 (base ten) At one milion attempts per second, that's 5764607523034 seconds, or 182678 CPU-years. There's no way that's going to happen on-line, if the password is truly random, and not randomly a password that's a quick permutation of common memes or of entries in rainbow tables. Actually, 62 possible characters (upper case, lower case and digits), 10 positions is 62^10 or 839,299,365,868,340,224 possible combinations. Adding in special characters obviously would increase that. But there is no way you'll hit a server 1,000,000 times a second trying to brute force a password. I currently use sixteen or more letters in my passwords, don't use simple permutations or common phrases (as for the first leter trick), use disconnected words from multiple languages. Or use 16 character true random passwords for the important stuff. All good suggestions. SSH keys are useful, but you have to keep them somewhere. The real danger to good passwords is the off-line attempts, and the passphrase you use for your private keystore is potentially subject to off-line if your password is. Yes, keys may actually be less secure than passwords. Jerry If you have a dedicated hacker, or hackers, time is on their side. I would much rather use a key with a passphrase. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b09b89.5060...@gmx.com
Re: Duda sobre script Bash
El Thu, 8 Jan 2015 16:08:46 -0500 Lic. Manuel Salgado manuelsalgado...@gmail.com escribió: Buenas tardes a todos: Llevo varias horas googleando con el objetivo de encontrar una solución al siguiente objetivo: Necesito un comando o concatenación de este y alguna expresión regular que me permita, estando en un directorio dado, borrar recursivamente todos los directorios en cuyos nombres hayan números. Les ilustro el ejemplo: 165897 78963 cadena1 789632 cadena2 Se que para los gurus del bash es facil. Gracias de antemano. y lo queres masticadito??? eso se llama servico de consultoria y se paga por el mismo si no esta dispuesto a pagarle a alguien: man find man grep -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CA++POOO=7tzrvwet6_65fwkuabxq_4glfdlkvnnqtdlhaud...@mail.gmail.com -- Angel Claudio Alvarez an...@angel-alvarez.com.ar -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109222552.f3a51dc130e2ad8a12581...@angel-alvarez.com.ar
Re: Have I been hacked?
On 1/9/2015 8:49 PM, Joel Rees wrote: On Fri, Jan 9, 2015 at 6:25 PM, Martin Steigerwald mar...@lichtvoll.de wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. What do you mean by that? Okay, one can try to guess the key, but try that with a 4096 bit key. Hmm. 10 characters, 6 to 7 bits per character, that's 60 bits. If the bits are truly random, straight brute-force will take, on average, half of 2^60 attempts. We can hold the integer 2^59 in a C variable on most recent desktops, but if we have bc (dc if you like post-fix), we can do this on even 32 bit CPUs: 576460752303423488 (base ten) At one milion attempts per second, that's 5764607523034 seconds, or 182678 CPU-years. There's no way that's going to happen on-line, if the password is truly random, and not randomly a password that's a quick permutation of common memes or of entries in rainbow tables. Actually, 62 possible characters (upper case, lower case and digits), 10 positions is 62^10 or 839,299,365,868,340,224 possible combinations. Adding in special characters obviously would increase that. But there is no way you'll hit a server 1,000,000 times a second trying to brute force a password. I currently use sixteen or more letters in my passwords, don't use simple permutations or common phrases (as for the first leter trick), use disconnected words from multiple languages. Or use 16 character true random passwords for the important stuff. All good suggestions. SSH keys are useful, but you have to keep them somewhere. The real danger to good passwords is the off-line attempts, and the passphrase you use for your private keystore is potentially subject to off-line if your password is. Yes, keys may actually be less secure than passwords. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b08c3d.4090...@gmail.com
RE: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
Bob, Trying my best with the trimming; I'll keep observing how other people do it and try to learn from that. It does work in other Linux distros that I have tried. If it works anywhere then it should be possible to learn why and/or why not and to transfer that knowledge. The other distro may have done something unique and special there to make it work. The task is then to figure this out and make it available in Debian. That's what I would have thought. Rhythm Box appears to work just fine. How would Rhythm Box know what your smb username and password would be? Good question. My guess is perhaps since it's part of Gnome it's more integrated and since Gnome must know my credentials when I access the Windows shares initially, it probably has a standard place to store that information. But this is just a guess from a day 3 day old Debian user. I suggest that you post a new message to the mailing list. [snip] Give it a go. Good luck! I was thinking that myself but wasn't sure on the best procedure there either so thanks for filling me in. When I get a chance I'll do just that. Cheers, Wayne. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/008801d02c8f$97d839a0$c788ace0$@ozemail.com.au
Re: Have I been hacked?
On 01/10/2015 12:01 AM, Jerry Stuckle wrote: On 1/9/2015 10:24 PM, scott wrote: On 01/09/2015 09:19 PM, Jerry Stuckle wrote: On 1/9/2015 8:49 PM, Joel Rees wrote: On Fri, Jan 9, 2015 at 6:25 PM, Martin Steigerwald mar...@lichtvoll.de wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. What do you mean by that? Okay, one can try to guess the key, but try that with a 4096 bit key. Hmm. 10 characters, 6 to 7 bits per character, that's 60 bits. If the bits are truly random, straight brute-force will take, on average, half of 2^60 attempts. We can hold the integer 2^59 in a C variable on most recent desktops, but if we have bc (dc if you like post-fix), we can do this on even 32 bit CPUs: 576460752303423488 (base ten) At one milion attempts per second, that's 5764607523034 seconds, or 182678 CPU-years. There's no way that's going to happen on-line, if the password is truly random, and not randomly a password that's a quick permutation of common memes or of entries in rainbow tables. Actually, 62 possible characters (upper case, lower case and digits), 10 positions is 62^10 or 839,299,365,868,340,224 possible combinations. Adding in special characters obviously would increase that. But there is no way you'll hit a server 1,000,000 times a second trying to brute force a password. I currently use sixteen or more letters in my passwords, don't use simple permutations or common phrases (as for the first leter trick), use disconnected words from multiple languages. Or use 16 character true random passwords for the important stuff. All good suggestions. SSH keys are useful, but you have to keep them somewhere. The real danger to good passwords is the off-line attempts, and the passphrase you use for your private keystore is potentially subject to off-line if your password is. Yes, keys may actually be less secure than passwords. Jerry If you have a dedicated hacker, or hackers, time is on their side. I would much rather use a key with a passphrase. That's fine, if you don't care about security. Lose your laptop and your pass phrase can be broken at a rate of 1 billion attempts per second, since it is local to your machine. There is no way you're going to get even 100 attempts per second into an SSH server. And since the hacker doesn't have direct access to the encrypted password on the server, he can't break it on a local machine. Using the same password/pass phrase for both systems, it would take 10,000,000 times longer to hack the SSH password than your local pass phrase. And then there's the problem you can only access the server from a system with the key file. And the more computers the key file resides on, the less secure it is. Since a password is not stored on any machine (except the server), there is nothing to break. Jerry I replied to your post to me specifically, so I 'll do it here, also. The fact is that if you have physical access to any machine, unfettered, it's game over. Scotty -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b0b779.2010...@gmx.com
Re: Have I been hacked?
On Fri, Jan 9, 2015 at 6:25 PM, Martin Steigerwald mar...@lichtvoll.de wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. What do you mean by that? Okay, one can try to guess the key, but try that with a 4096 bit key. Hmm. 10 characters, 6 to 7 bits per character, that's 60 bits. If the bits are truly random, straight brute-force will take, on average, half of 2^60 attempts. We can hold the integer 2^59 in a C variable on most recent desktops, but if we have bc (dc if you like post-fix), we can do this on even 32 bit CPUs: 576460752303423488 (base ten) At one milion attempts per second, that's 5764607523034 seconds, or 182678 CPU-years. There's no way that's going to happen on-line, if the password is truly random, and not randomly a password that's a quick permutation of common memes or of entries in rainbow tables. I currently use sixteen or more letters in my passwords, don't use simple permutations or common phrases (as for the first leter trick), use disconnected words from multiple languages. Or use 16 character true random passwords for the important stuff. SSH keys are useful, but you have to keep them somewhere. The real danger to good passwords is the off-line attempts, and the passphrase you use for your private keystore is potentially subject to off-line if your password is. Anyway, I will unsubscribe now. Staying on this list has not been beneficial for me. The amount of traffic on this list, that is not related to Debian or is bickering like this is soo high that I find it too time consuming to find out the rare gems of threads where I can still learn something new about Debian or that I enjoy in engaging and replying to. Don´t bother to answer. I will likely delete it. Ciao, -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- Joel Rees Freedom costs in software, too. How much, and what, are you willing to pay for your freedom? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43imglrutsiitri17xotaz0qvwip5eymc1z-q+vsd_ss...@mail.gmail.com
Re: Have I been hacked?
On 1/9/2015 10:24 PM, scott wrote: On 01/09/2015 09:19 PM, Jerry Stuckle wrote: On 1/9/2015 8:49 PM, Joel Rees wrote: On Fri, Jan 9, 2015 at 6:25 PM, Martin Steigerwald mar...@lichtvoll.de wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. What do you mean by that? Okay, one can try to guess the key, but try that with a 4096 bit key. Hmm. 10 characters, 6 to 7 bits per character, that's 60 bits. If the bits are truly random, straight brute-force will take, on average, half of 2^60 attempts. We can hold the integer 2^59 in a C variable on most recent desktops, but if we have bc (dc if you like post-fix), we can do this on even 32 bit CPUs: 576460752303423488 (base ten) At one milion attempts per second, that's 5764607523034 seconds, or 182678 CPU-years. There's no way that's going to happen on-line, if the password is truly random, and not randomly a password that's a quick permutation of common memes or of entries in rainbow tables. Actually, 62 possible characters (upper case, lower case and digits), 10 positions is 62^10 or 839,299,365,868,340,224 possible combinations. Adding in special characters obviously would increase that. But there is no way you'll hit a server 1,000,000 times a second trying to brute force a password. I currently use sixteen or more letters in my passwords, don't use simple permutations or common phrases (as for the first leter trick), use disconnected words from multiple languages. Or use 16 character true random passwords for the important stuff. All good suggestions. SSH keys are useful, but you have to keep them somewhere. The real danger to good passwords is the off-line attempts, and the passphrase you use for your private keystore is potentially subject to off-line if your password is. Yes, keys may actually be less secure than passwords. Jerry If you have a dedicated hacker, or hackers, time is on their side. I would much rather use a key with a passphrase. That's fine, if you don't care about security. Lose your laptop and your pass phrase can be broken at a rate of 1 billion attempts per second, since it is local to your machine. There is no way you're going to get even 100 attempts per second into an SSH server. And since the hacker doesn't have direct access to the encrypted password on the server, he can't break it on a local machine. Using the same password/pass phrase for both systems, it would take 10,000,000 times longer to hack the SSH password than your local pass phrase. And then there's the problem you can only access the server from a system with the key file. And the more computers the key file resides on, the less secure it is. Since a password is not stored on any machine (except the server), there is nothing to break. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b0b23c.8060...@gmail.com
Re: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
On Friday 09 January 2015 22:35:45 Bob Proulx wrote: And also good editor skills of trimming out unneeded excess quoting. Be brutal with removing excess quotes! Personally I would rather see no previous quoted material rather than bad full quoting. Want to see what the message looks like to other people? Take a look at it in the mailing list archive. If it is hard for you to read then it will be hard for other people to read too. https://lists.debian.org/debian-user/2015/01/msg00288.html Contrast that to this message in the archive. I have brutally trimmed the quotes to just the points to which I am replying. https://lists.debian.org/20150109151004514416184.noccsple...@bob.proulx.com Most of the bad trimming in the first of these is mine. I am very bad at trimming. I over-cut or cut the wrong thing so that when I read the nessage back later I can't follow it - so how can anyone else. So then I cut too little. But don't blame poor Wayne who made quite a good job of my hash. I was told always to leave enough for someone new to the list/thread to be able to follow what the discussion is about just by reading your posting, and not a scrap more. But I am not very good at it. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501092328.46242.lisi.re...@gmail.com
Re: _COMPLETE_ instructions for debootstrap /or multistrap
2015/01/09 6:40 Cindy-Sue Causey butterflyby...@gmail.com: [...] As an aside and yet really directly related, my complaints and observations a while back about the seeming uptick in people having trouble with incompatibility became more clear in the last few weeks. There's some what *FEELS LIKE* bad advice running around out there about how to bind and mount while working with chroot to complete the rest of a system install. Won't explain everyone's incompatibility issues, but it sure as heck explained mine. Free advice is worth what you pay for it. Bad advice is part of the price. So is learning to weed the bad out, [...] If you're new to this, don't to do what I've been doing. Instead work that page top to bottom, and research what you need to in order to do it as they've outlined there. In hindsight, I can see the benefit of following every single step in order as it applies to or needs altered slightly to fit each, our own singular install instances. [...] Inside-out is sometimes the only way in. Which is another of the costs of free advice. There are other costs, including such things as enduring stupid questions, flame wars, and social engineering attempts. (Not to Cindy-Sue as much as to the entire list.) -- Joel Rees Freedom costs in software, too. How much and what are you willing to pay for your freedom? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43iozgdhungbur_692oky7n0tvuyge8bfc6x2aa1wq+2...@mail.gmail.com
Re: Have I been hacked?
2015/01/09 23:46 Danny mynixm...@gmail.com: You have completely failed to understand what fail2ban is telling you. Anyway, I have decided to get new hardware and do a clean install of everything ... as many of you have suggested ... It was heading that way so it is probably best for you. You sound like a heartless Seargeant Major in the Marines ... ;) ... I'm afraid you're going to like my comments here even less. However, as I fly a lot internationally, is there a way I can temporarily block these country's IP's for a few days at most untill I have enough time on hand to do a fresh install ... What has flying got to do with it? What I meant was that I fly a lot and don't have time in the immediate future to do a fresh install ... So I wanted a temporary stop-gap solution for a few days untill time would lend itself for the task ... Which was why I was trying to tell you to quit wasting time looking for shortcuts and consolation and re-install. Start with new hardware if you can possibly afford it, to be safe and to save time. Now it looks like your server needs to be off-line for a while until you get back. Also, once you're back up, you need a second, someone who can at least pull the plug while you're out, preferably someone who can also help you review your system design and implementation. Patience, and willingness to listen while you ramble, can be more important than technical expertise. -- Joel Rees Freedom costs in software, too. How much, and what, are you willing to pay for your freedom? Currently my iptables looks like this ... If you have resorted to using iptables you have lost it. A standard Debian install doesn't need it. Yip ... definately a Seargeant Major ... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43in7jyn-dg2tb29o6kkrmjloxpzxnq9nmq7iry5q+fq...@mail.gmail.com
Re: [OT] Raid por hardware
El Thu, 08 Jan 2015 21:52:42 +0100, José Miguel (sio2) escribió: El Thu, 08 de Jan de 2015, a las 03:06:54PM +, Camaleón dijo: Y de la opción 21 (RAID options) no dice nada de nada. Te dice que sirve para obtener información del RAID y de las opciones que permite, que son varias, la verdad. Cierto, pero es que esas opciones... son las que ya se ven si se ejecuta el programa. Correcto, pero añaden alguna cosilla más que nunca está de más para los comandos que son menos obvios. [...] Le he pasado el test short y el conveyance a ambos discos. Ambos sin problemas. Puedo intentar pasarle el long a lo largo de la noche a ver sí dice algo más. Pásale el test extendido, merece la pena y así te quedas más tranquilo. Los discos parecen estar bien, Si le has pasado el test largo y no te ha detectado ningún error, perfecto. Otro problema que tengo es que físicamente no sé cuál es cuál. Las controladoras RAID suelen tener una opción para identificar los discos cuando están en una cabina extraíble (a través de un comando que los ilumina), no sé si será tu caso. Vi en un manual de oracle para un servidor que tiene una controladora LSI cómo hacerlo desde su BIOS. Probé, pero no me pareció que funcionara. ¿El manual de Oracle? :-? Conviene que consultes siempre el manual de la versión de tu controladora, aunque nunca está de más ver lo que dicen otros fabricantes porque te pueden poner ejemplos de uso ten en cuenta que las opciones y parámetros pueden variar. Si no tienes acceso externo a los discos, usa el nº de serie para identificarlos (show PD debería darte datos de los discos, tamaño, nº de serie...). Sí, vi que smartctl me mostraba ese número de serie. El problema es que no vi que ese número de serie me lo proporcionara ni lsiutil ni la BIOS de la controladora. Así que por un lado podía identificar los discos, pero no cuál estaba desincronizado y, por otro, podía saber cuál está desincronizado pero no identificarlo físicamente. lsiutil debe decírtelo... espera que lo consulto desde el pdf que enviaste... vale, creo que debe ser el menú 21 / opción 2 (show physical disks) a lo que deberás pasar el número de la controladora (suele ser 1 salvo que tengas varias) para que te muestre todos los datos de los discos que tienes conectados. Al final, como tengo backups de los datos realmente importantes y el servidor pelado instalado en un disco virtual, decidí probar fortuna y deshice el raid por hardware. Yeeech. Con un par :-S Pero esto no soluciona el problema. El servidor sigue yendo anormalmente lento y creo que ese es el problema del que se derivan todos (quizás incluso el de la eterna resincronización del RAID). Ya desecho el RAID, arranqué con un disco y probé a hacer una actualización de los paquetes actualizados en wheezy. La descarga de los paquetes se hace a velocidad normal; sin embargo, el desempaquetado, sustitución y configuración de los paquetes nuevos es anormalmente lento. Pero ¿con deshacer el raid ya es suficiente? Supongo que habrás tenido que desactivar la controladora raid desde la bios, ponerlo en modo ahci y volcar los datos/particiones de nuevo ¿no? Porque de lo contrario seguirás usando el mismo módulo del kernel (mtp*) y si no quieres raid por harwdare convendría que usaras el driver abierto achi que te dará menos problemas. Tengo otro servidor en otro sitio para comparar, aunque no tienen el mismo hardware, y no hay color: el servidor que me da problemas puede tardar como 10 veces más en hacer las mismas operaciones triviales. Ambos están practicamente sin trabajo, así que no es un problema de sobrecarga. Tampoco parece un problema de lectura y escritura en disco, porque hice algunas pruebas con dd y hdparm y los resultados eran normales. No sé. En ocasiones el servidor se queda como pillado con un comando y al poco reacciona. Por ejemplo, al instalar hdparm escribí: # aptitude installq hdparm me di cuenta del error nada más pulsar Enter e instintivamente escribí ^C. Sin embargo, el programa no respondía al ^C aunque lo escribí varias veces. Así estuvo como veinte segundos, hasta que finalmente reaccionó y se abortó. :/ MIra a ver si sigue cargado el controlador de la tarjeta (mtp*) o estás usando el driver ahci (lsmod) Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.01.09.15.38...@gmail.com
Re: Have I been hacked?
On Sex, 09 Jan 2015, Jerry Stuckle wrote: SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. If the characters are random, that is. The problem is that passwords are often not really random. So even seemingly secure passwords may be guessed relatively easy. This article gives a good overwiew about this topic: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ -- Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109161939.horde.0abxbzwnoqt8_zsbyxhd...@mail.kalinowski.com.br
Re: Are these Jessie installer images hybrid images?
Lisi wrote: On Friday 09 January 2015 14:19:52 Steve McIntyre wrote: In article 201501091406.08420.lisi.re...@gmail.com you write: Are these Jessie installer images hybrid images? It appears not, but I thought all Debian installer images were now. https://www.debian.org/devel/debian-installer/ Thanks, Steve. That's great. All the bootable amd64 and i386 images are hybrid, yes. (i.e. disc 1 in each set and the netinst). What makes you think they're not, OOI? Purely that I could find no mention of it and it explicitly says CD and DVD, with no mention of anything else that I could see. It may be my sight that is at fault again! No problem. :-) I was just checking that we hadn't found a new bug, that's all! -- Steve McIntyre, Cambridge, UK.st...@einval.com ...In the UNIX world, people tend to interpret `non-technical user' as meaning someone who's only ever written one device driver. -- Daniel Pead -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1y9bzw-0004d8...@mail.einval.com
Re: Have I been hacked?
On 1/8/2015 3:02 PM, Brian wrote: If you have resorted to using iptables you have lost it. A standard Debian install doesn't need it. I disagree. iptables is a great tool for blocking unwanted connections. What do you have against it? Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54aff68e.8020...@gmail.com
Re: Have I been hacked?
On 1/9/2015 4:25 AM, Martin Steigerwald wrote: Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. Okay, one can try to guess the key, but try that with a 4096 bit key. SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. The biggest disadvantage of using keys is it limits the machines you can access the server from. That's not good if you need to access the server and you're not near your machine. Anyway, I will unsubscribe now. Staying on this list has not been beneficial for me. The amount of traffic on this list, that is not related to Debian or is bickering like this is soo high that I find it too time consuming to find out the rare gems of threads where I can still learn something new about Debian or that I enjoy in engaging and replying to. Don´t bother to answer. I will likely delete it. Ciao, If a little off-topic discussion bothers you, then it probably is best you unsubscribe. Personally, I've learned a lot just from reading this list. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54aff89d.4000...@gmail.com
RE: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
Sorry, Wayne. I have done it yet again. Clicked reply in the Debian list. I should have pressed l and replied to the list, not you personally. :-( Lisi Hi, Wayne, Welcome to Debian! Good choice! And also welcome to the list. Thank you. So far I am liking what I see. On Friday 09 January 2015 06:07:52 Wayne Hartell wrote: Thanks. I'm sure to violate some conventions here in reply format or what have you. Just let me know if I do and I'll try to remedy in future. You have a basic underlying problem: Your email client does not quote correctly. I had a look. You are running Outlook. All I can say is: bad luck! But your quoting is a bit of a mess and I tried to sort it out for my reply, but it is too early in the morning (I am on GMT and had a late night.). So we all just have to be patient. Most of us have been there, done that and got the T-shirt. There are lots of super Linux email clients out there. Yes, you're right I am using Outlook since I've signed up to this list on a virtual machine that is configured for taking on the road for my work. I haven't yet taken a look at Evolution and others e-mail clients, but I fear that I'll be stuck on Outlook for a little while longer, until I convince myself to make a permanent switch. Hopefully this is a little better in terms of what is expected on the list. I edited a couple of settings to try to improve things. Once you are on a civilised email client, bottom posting, or even better, interleaving, is preferred. With suitable trimming, of course. (Which I am not very good at myself.) I'm sure I'll take a while to look anything but amateur. Now, the problem [snip] is that when I attempt to play an mp3 file using vlc, where that mp3 file is located on a password protected Windows share, vlc fails to play the file. VLC is unable to open the MRL (I have more detailed debug output if needed). Now, I have tried a newer version of VLC from the backports (2.1.2 I think), and it did not help. The work around is to edit the smb://host/path/file.mp3 to be smb://user:password@host/path/file.mp3 When I do this, it will work, but I have to do it for every file I add to the play list. Rhythm Box appears to work just fine. [snip] Anyway, I appreciate you taking the time to respond to my post. This may seem a little trivial, If you use vlc frequently and it does this every time, that is not trivial!! I can't really be any help at all, since I don't use vlc and have no Windows in the house so don't use Samba, but you only had one reply and it didn't feel very welcoming. Agreed; it's not trivial if that's what you are trying to do. Right now listening to music is not high on my agenda; it just jumped out at me as something that should probably work off the bat, especially when there seems to be no other samba related issues. I may end up just logging the issue when I am confident I understand the process and am not just wasting other people's time. Cheers, Wayne. but it's my first serious foray into Linux, just a couple of days old, and rather than run from issues I want to learn not only how to tackle the issues, but the processes that go along with Debian in general. :-)) Lisi Wayne Hartell wrote: I'm a new Debian/Linux user and brand new to this mailing list. Welcome. To that end I have been tinkering with various Linux distros and I have found a reproducible issue in Wheezy ... Please report it as a bug. https://www.debian.org/Bugs/ that I wish to discuss on the Debian user Forums, but I appear to be unable to register. Every IP I try I appears to be black-listed. I even attempted using TOR and those IPs were also black-listed. The problem is I can't post to the forums to tell them I can't register. I can't find anything on Google about this problem. I for one don't like web forums. Fortunately most of the real activity takes place on the mailing lists. You have subscribed to this mailing list and so don't need any of the web forums. Simply discuss the problem here. If there is a better way to report this issue please let me know. Please discuss your problem here. What problem are you having? What reproducible issue have you found in Wheezy? Bob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501091410.39304.lisi.re...@gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/005701d02c1f$d4318d90$7c94a8b0$@ozemail.com.au
Re: Have I been hacked?
On 1/9/2015 11:29 AM, Danny wrote: If you want to inspect further, I would suggest you look at each of the jobs being run. See if they are what you expect them to be. Also check your /etc/crontab and /etc/anacrontab to see what is in them. I would love to investigate further but I am afraid I am not inclined towards forensics ... lol ... I am an Aircraft Engineer by trade not a Computer Scientist ... :) ... I played around with sleuthkit but that confused the living hell out of me ... lol ... I don't even know what to look for ... The server I have is a small community/family server that gives wireless access to poor families ... As for the attacks - I've seen a big uptake in the attacks over the last couple of weeks. The worst I've seen is 100 IP's locked out in one 24 hour period. They are coming from all over the world, although since there are a lot of proxies (many of them from trojans/viruses installed on unsuspecting machines), there's no easy way to tell what the real origins are. It's astonishing how quick they can find an IP ... I have permanently blocked the IP ranges of some of the worst offenders, but the only real way to stop it is to take your machine off the internet completely. Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. That's the problem right there ... random passwords ... lol ... but I will have to adapt ... Thank You Yes, randomizing your passwords is important - as is not using the same password on multiple systems. One trick I use is to take a long phrase and use the first (or second or third...) letter of each word. Then capitalize certain characters. For instance, if you used To be or not to be, that is the question. Your password could be something like 2bOn2BtiTq (capitalizing every 3rd character). It's a lot easier to remember a phrase than a bunch of random characters. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54aff9e5.1020...@gmail.com
Re: Problème driver ATI
Le 08/01/2015 19:19, MERLIN Philippe a écrit : Le jeudi 8 janvier 2015, 16:25:29 red0queen a écrit : Bonjour, J'utilise le driver fglrx depuis mon installation de wheezy sans problèmes, mais hier, suite à une mise à jour, je n'ai plus d'affichage. J'ai donc édité xorg.conf pour désactiver fglrx mais je ne sait pas comment résoudre le problème ! Merci de votre aide ! Je ne sais pas quelle carte ATI vidéo tu utilises, Mobility Radeon HD 5400 Series mai si tu veux utiliser les drivers libres de Xorg, tu dés-installes tous les logiciels liés à flgrx. J'ai eu le même problème il y a longtemps et je me rappelle avoir du faire ce travail pour que le driver libre fonctionne. D'abord supprime xorg.conf non nécessaire pour le driver libre. Pour le reste cherche bien il faut que ton installation ne contienne plus un seul programme ATI. J'ai pas été clair désolé : je souhaite utiliser le driver propriétaire (car le libre ne me permet hélas pas de profiter de gnome shell à fond), malheureusement il a bugé suite à une mise à jour et je sait pas par où commencer pour démeller le truc. Donc pour le moment j'utilise le libre pour pourvoir envoyer des mails mais j'aimerais bien comprendre ce qu'il s'est passé, savoir si je doit faire une remonté de bug ou si y'a un problème sur mon installation. Merci Amitié. Philippe Merlin signature.asc Description: OpenPGP digital signature
Re: Installer Debian sur un chomebook
On Thursday 08 January 2015 23:04:00 Fabián Rodríguez wrote: maintenant, je souhaite savoir comment complètement déinstaller l'OS ChromeOS sur un chromebook, pour installer Debian à la place. (si c'est possible...) Quel modèle? Voici mes notes d'installation pour un C710: https://wiki.debian.org/InstallingDebianOn/Acer/C710-2615-Chromebook J'ai aussi un C720. J'ai remplacé le système d'exploitation au complet, ça fonctionne bien (avec Jessie!), et depuis le noyau 3.17 le touchpad est supporté sans aucune autre manipulation/configuration. Il faut commencer par ici avant même de mettre un clé USB pour installer: https://johnlewis.ie/custom-chromebook-firmware/rom-download/ Exact, j'ai remplacé au complet. Le principal: - Il faudra désactiver le mode sécurisé de démarrage en ouvrant physiquement l'ordinateur et en installant tamporairement un jumper (710) ou enlevant une vis (C720) - Il y a une manipulation à faire pour éviter que votre partition de démarrage soit désactivée, et s'assurer que le démarrage se fait automatiquement en tout temps (au lieu de faire - il faudra remplacer coreboot sur certains modèles... Des instructions détaillées pour ça sont aussi ici: https://johnlewis.ie/custom-chromebook-firmware/rom-download/ En effet, ces chromebook sont souvent de bonne facture et moins chers que des équivalents avec Window$-8. Ça demande un peu d'effort, mais oui, ces machines sont très intéressantes (surtout pour 10h d'autonomie!). Bonne chance! Merci beaucoup. Et oui, ces portables chromebook sont souvent sophistiqués et moins chers que ceux équipés en window$. Avec un peu d'huile de coude on peut les Linuxiser, et on a un beau produit à moindre coût. André -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201501091052.09601.andre_deb...@numericable.fr
Re: Have I been hacked?
Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian: On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote: Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. Only allow SSH key based logins. Of course, only after you copied a public key onto the machine with ssh-copy-id. And have SSH keys with *strong* passphrases, to protect against someone stealing your key. Use ssh-agent wisely only on trusted machines. SSH password logins are just as safe. 20 characters gives a strong password for use on trusted machines. There is no need to worry about it being stolen because it is in your memory, I think SSH keys are safer, cause there is no password at all that can be brute forced. Okay, one can try to guess the key, but try that with a 4096 bit key. Anyway, I will unsubscribe now. Staying on this list has not been beneficial for me. The amount of traffic on this list, that is not related to Debian or is bickering like this is soo high that I find it too time consuming to find out the rare gems of threads where I can still learn something new about Debian or that I enjoy in engaging and replying to. Don´t bother to answer. I will likely delete it. Ciao, -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/3714920.DLpo8KHxcl@merkaba
Re: [OT] Raid por hardware
El Fri, 09 Jan 2015 18:44:21 +0100, José Miguel (sio2) escribió: El Fri, 09 de Jan de 2015, a las 03:38:52PM +, Camaleón dijo: Sí, vi que smartctl me mostraba ese número de serie. El problema es que no vi que ese número de serie me lo proporcionara ni lsiutil ni la BIOS de la controladora. Así que por un lado podía identificar los discos, pero no cuál estaba desincronizado y, por otro, podía saber cuál está desincronizado pero no identificarlo físicamente. lsiutil debe decírtelo... espera que lo consulto desde el pdf que enviaste... vale, creo que debe ser el menú 21 / opción 2 (show physical disks) a lo que deberás pasar el número de la controladora (suele ser 1 salvo que tengas varias) para que te muestre todos los datos de los discos que tienes conectados. Es lo primero que consulté: no lo pone. Pone qué tipo de disco es WD-noséqué (WD de WesternDigital), pero ambos discos son iguales en este aspecto. Recuerdo que indica también un PhysDev (uno es el 0 y el otro un 1), pero no el número de serie que sí aparece usando smartctl. Qué raro... fíjate que en el ejemplo que ponen en la página que te pasé siguen exactamente la misma secuencia 21/2 y el resultado muestra el nº de serie de los discos: *** http://hwraid.le-vert.net/wiki/LSIFusionMPT#a3.2.lsiutil Main menu, select an option: [1-99 or e/p/w or 0 to quit] 21 (...) RAID actions menu, select an option: [1-99 or e/p/w or 0 to quit] 2 1 volume is active, 2 physical disks are active PhysDisk 0 is Bus 0 Target 1 PhysDisk State: online PhysDisk Size 238418 MB, Inquiry Data: ATA ST3250620NS 3BKS PhysDisk 1 is Bus 0 Target 8 PhysDisk State: online PhysDisk Size 238418 MB, Inquiry Data: ATA ST3250620NS 3BKS *** Al final, como tengo backups de los datos realmente importantes y el servidor pelado instalado en un disco virtual, decidí probar fortuna y deshice el raid por hardware. Yeeech. Con un par :-S Bueno, algo había que hacer... He comprobado que los dos discos arrancan el sistema sin errores. Si logro solucionar el problema y no es por culpa de la controladora, siempre puedo volver a ponerlos en RAID: al crearlo se respetan los datos del disco primario. Los datos (la información) del RAID se guardan en los discos duros, por eso cuando se cambia la controladora y se reemplaza con otra del mismo modelo no hay problema. Pero esto no soluciona el problema. El servidor sigue yendo anormalmente lento y creo que ese es el problema del que se derivan todos (quizás incluso el de la eterna resincronización del RAID). Pero ¿con deshacer el raid ya es suficiente? Supongo que habrás tenido que desactivar la controladora raid desde la bios, ponerlo en modo ahci y volcar los datos/particiones de nuevo ¿no? Porque de lo contrario seguirás usando el mismo módulo del kernel (mtp*) y si no quieres raid por harwdare convendría que usaras el driver abierto achi que te dará menos problemas. No toqué la BIOS para desactivar la controladora (miraré el lunes a ver cómo se hace). Lo que sí hice fue desconectar los discos de la controladora y conectarlos directamente a la placa base. Carallo. ¿Y te inició el sistema sin más? :-? Quizás mi problema no tenga nada que ver con el RAID ni la controladora. Como el sistema iba lento lo achaqué a la constante lectura y escritura en disco, y esta constante lectura y escritura a que no se sincronizaban los discos y la no sincronización a un fallo del RAID. Pero quizás el problema es justamente el contrario: el que se me trastabille el servidor de vez en cuando es lo que genera mis problemas de sincronización con el RAID. Bueno, el estado del RAID no era normal, y eso no es casual. La controladora estaba detectando algo que no le gustaba pero si mal no recuerdo hiciste una actualización de la BIOS de la placa base y el problema se produjo tras esa actualización. MIra a ver si sigue cargado el controlador de la tarjeta (mtp*) o estás usando el driver ahci (lsmod) El módulo se sigue cargando: lo cual es lógico porque no deshabilité la controladora. ahci no aparece, pero tampoco lo hace en el otro servidor que no tiene controladora. Quizás el núcleo de debian lo incluye integrado en el núcleo y no como módulo aparte. Hum... por curiosidad (si puedes) manda la salida de lspci -v a ver qué cosicas tiene ese equipo, quizá la controladora sas/sata integrada en la placa base también use el driver mtp :-? A mí lo que me escama es que el servidor se quede trabado alguna vez unos segundos, incluso con los comandos más insignificantes. Posiblemente todos mis problema nacen de esto. Pero no tengo ni idea de a qué se debe. ¿No tienes nada en el dmesg? Por cierto, la controladora también debe tener un registro (búfer) interno, si lo tienes activado quizá tengas algún dato relevante. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble?
Re: [OT] Re: Autenticacion Firefox Vs Chrome
El 9 de enero de 2015, 12:13 p. m., Camaleón escribió: El Fri, 09 Jan 2015 12:06:07 -0500, Lic. Manuel Salgado escribió: Alguien sabe si existe algún problema de compatibilidad con los servicios de Gmail en especifico, para navegadores específicos? Recientemente Google aumentó su seguridad (sic) por lo que ha dejado fuera aplicaciones de terceros que accedían anteriormente a tu cuenta de google, gmail incluido. A mi me pasó hace unos días con el correo de google en mi teléfono con Firefox OS. No lo reviso con frecuencia ahí y no me enteré. Resulta que he probado tres versiones del Mozilla Firefox (22, 28, 34.5) y pide autenticación constantemente, apenas se puede trabajar. Aclaro, que esto me ocurre en versiones de Firefox para Windows. En la PC que suelo usar no me ocurre con Iceweasel 24.4.0. Tampoco me ocurre si uso Google Chrome en Windows. Alguien me sugiere alguna solución para Firefox, pues es el navegador mas acostumbrado. En el ventanuco no tengo problemas, pero ahí procuro siempre tener actualizado Firefox. De hecho estoy en la versión 34 sin problemas. Puedes echar una mirada en la parte de abajo de la ventana de gmail a la derecha que dice Detalles. Revisa ahí tus conexiones, si Google detectó algo malo te lo resaltará en rojo y te advertirá. Mira bien los detalles, la hora y fecha de conexión y si es tuya revisa la configuración de acceso de gmail y corrígela como señaló Camaleón. Espero que eso te ayude. Revisa tambien tus plug ins, no vaya a ser que alguno meta ruido (ya me pasó). Por otro lado yo no recomendaría usar otro navegador, Firefox es bueno y tiene una filosofía con la que podemos coincidir muchos usuarios de linux. Saludos -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caacnk7z4hhgqsaxnt0dypgmrme7qvyyroc3wjsu+fngssba...@mail.gmail.com
Fix Penguin Penalty 18th December2014 ( mail-archive.com )
Dear Sir Did your website get hit by Google Penguin update on October 17th 2014? What basically is Google Penguin Update? It is actually a code name for Google algorithm which aims at decreasing your websites search engine rankings that violate Googles guidelines by using black hat SEO techniques to rank your webpage by giving number of spammy links to the page. We are one of those few SEO companies that can help you avoid penalties from Google Updates like Penguin and Panda. Our clients have survived all the previous and present updates with ease. They have never been hit because we use 100% white hat SEO techniques to rank Webpages. Simple thing that we do to keep websites away from any Penguin or Panda penalties is follow Google guidelines and we give Google users the best answers to their queries. If you are looking to increase the quality of your websites and to get more targeted traffic or save your websites from these Google penalties email us back with your interest. We will be glad to serve you and help you grow your business. Regards Avni K SEO Manager ( TOB ) B7 Green Avenue, Amritsar 143001 Punjab NO CLICK in the subject to STOP EMAILS -- To UNSUBSCRIBE, email to debian-user-ukrainian-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b023e8.4345440a.71d9.5...@mx.google.com
Re: help in purging old packages
On Fri, Jan 09, 2015 at 11:23:17AM -0500, Comer Duncan wrote: Hi, I have a situation in which I am running wheezy 7.7 and for various reasons now want to purge all packages which for some reason are still present from etch, lenny, and squeeze. What I would like to know is how can I purge all such packages using dpkg? I can not seem to find how to select just those old packages for purging. Can those who know about this please help? If you want to purge all packages which have been uninstalled but for which configuration remains: aptitude purge ?config-files If you want to purge all packages which are installed but which no longer have a candidate in debian: aptitude purge ?obsolete If you want to purge all packages which are installed and installable, but where the version is the same as in an earlier release... that's probably going to need some scripting :) Thanks. signature.asc Description: Digital signature
Autenticacion Firefox Vs Chrome
Hola nuevamente: Alguien sabe si existe algún problema de compatibilidad con los servicios de Gmail en especifico, para navegadores específicos? Resulta que he probado tres versiones del Mozilla Firefox (22, 28, 34.5) y pide autenticacion constantemente, apenas se puede trabajar. Aclaro, que esto me ocurre en versiones de Firefox para Windows. En la PC que suelo usar no me ocurre con Iceweasel 24.4.0. Tampoco me ocurre si uso Google Chrome en Windows. Alguien me sugiere alguna solucion para Firefox, pues es el navegador mas acostumbrado. Gracias -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CA++POOOFODCf2SjjWu3uHr9WLKCrnh81RU=yerkzore88j5...@mail.gmail.com
debian 7 64 bits
hola lista agradeceria me aclararan que ISO debo bajar para implementar debian7 para adquitectura 64 bits, la pc donde lo quier implementar cuenta con el siguiente hardware: motherboard: gigabite ram 4 Gb micro: i3 gracias de antemano. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54afee62.7070...@cncc.cult.cu
Re: Have I been hacked?
On Fri 09 Jan 2015 at 16:19:39 +, Eduardo M KALINOWSKI wrote: On Sex, 09 Jan 2015, Jerry Stuckle wrote: SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. If the characters are random, that is. The problem is that passwords are often not really random. So even seemingly secure passwords may be guessed relatively easy. This article gives a good overwiew about this topic: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Please note that this excellent article describes off-line cracking. The number of attempts per second is limited only by the machinery at hand. The 100 attempts per second for on-line cracking isn't something which can be increased to the same level. Jerry's argument still holds up. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/09012015175110.acd723095...@desktop.copernicus.demon.co.uk
Re: debian 7 64 bits
El Fri, 09 Jan 2015 10:06:10 -0500, Ariel escribió: hola lista agradeceria me aclararan que ISO debo bajar para implementar debian7 para adquitectura 64 bits, la pc donde lo quier implementar cuenta con el siguiente hardware: motherboard: gigabite ram 4 Gb micro: i3 gracias de antemano. Para CD o DVD: http://cdimage.debian.org/debian-cd/7.7.0/amd64/ ¿Pero no te convendría más esperar a que salga la nueva versión (jessie)? No le debe de quedar mucho. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.01.09.18.07...@gmail.com
[OT] Re: Autenticacion Firefox Vs Chrome
El Fri, 09 Jan 2015 12:06:07 -0500, Lic. Manuel Salgado escribió: Alguien sabe si existe algún problema de compatibilidad con los servicios de Gmail en especifico, para navegadores específicos? Pues no, que yo sepa :-? Si le has dicho al navegador que te guarde los datos, que almacene las cookies y al gmail que te mantenga la sesión... pues no deberías tener problemas ni debería preguntarte. Resulta que he probado tres versiones del Mozilla Firefox (22, 28, 34.5) y pide autenticacion constantemente, apenas se puede trabajar. Aclaro, que esto me ocurre en versiones de Firefox para Windows. En la PC que suelo usar no me ocurre con Iceweasel 24.4.0. Tampoco me ocurre si uso Google Chrome en Windows. Alguien me sugiere alguna solucion para Firefox, pues es el navegador mas acostumbrado. Ni idea... quizá detecte que hay varias sesiones abiertas desde distintos dispositivos y por seguridad te pregunta. Mira a ver si cambiando la contraseña deja de fastidiar. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.01.09.18.13...@gmail.com
Re: Have I been hacked?
On 01/09/2015 11:29 AM, Danny wrote: I am an Aircraft Engineer by trade not a Computer Scientist Have you considered that alone would make you a tasty bit to hack, and for that reason, if you have anything tasty on your machine, you REALLY need to clear it up soonest with a complete re-install. I'd add a measure of panic to that level of concern. No need for the black hats to have access at all. :) Ric -- My father, Victor Moore (Vic) used to say: There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome. R.I.P. Dad. Linux user# 44256 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b021fc.6080...@gmail.com
Re: Installer Debian sur un PC sans DVD
On 01/08/2015 11:38 PM, Haricophile wrote: Au passage j'oublie une PRÉCISION TRÈS IMPORTANTE : En France et en UE, ton seul et unique interlocuteur responsable est le vendeur de ton matériel, c'est à lui de se démerder avec le fabricant s'il y a un problème, et c'est lui que tu assignera au tribunal en cas de besoin. J'ai malheureusement une bonne expérience en la matière. Dans les faits, cela ne se passe pas comme cela. Le vendeur te met en relation avec la plateforme SAV du constructeur qui prend la réparation en charge. Il est vrai que si l'affaire dégénère, genre réparation non faite, mal faite ou impossible, seul le vendeur est pénalement responsable devant un tribunal. -- Maderios -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/54b0260a.1020...@gmail.com
Re: help in purging old packages
If you want to purge all packages which have been uninstalled but for which configuration remains: aptitude purge ?config-files If you want to purge all packages which are installed but which no longer have a candidate in debian: aptitude purge ?obsolete If you want to purge all packages which are installed and installable, but where the version is the same as in an earlier release... that's probably going to need some scripting :) Also a good way: Install package deborphan, then run aptitude purge `deborphan --guess-all`. Be carefull, what it wants do deinstall. However, I am using it regularly and it did not deinstall accidently a package, I did not want to be deinstalled. Ok, might be, I was lucky. If it does, I would just reinstall it. I suggest, just to take a look and then decide for yourself. Best regards Hans signature.asc Description: This is a digitally signed message part.
Re: Have I been hacked?
On Fri 09 Jan 2015 at 10:41:02 -0500, Jerry Stuckle wrote: On 1/8/2015 3:02 PM, Brian wrote: If you have resorted to using iptables you have lost it. A standard Debian install doesn't need it. I disagree. iptables is a great tool for blocking unwanted connections. What do you have against it? I have nothing against it and, in fact, agree with you. I'll enlarge on my sketchy remarks. The OP installs Debian with (say) Gnome. There are no listening services so there is no need to block any connections. If it happened that sshd was installed at the same time (or later) the use of ssh keys or a very strong password for authentication is sufficient to protect the service. However, there can be a big annoyance factor when attempts to log on the server take place. Software like fail2ban (which uses iptables) can be some comfort here and will at least reduce the noise in auth.log. Last year this machine saw about 4000 such random connections. I don't know how typical that is but none of them caused me to lose any sleep. Iptables can do a great job blocking unwanted connections. If someone wants to use it as a way of obtaining peace of mind, that's fine. But it doesn't add one iota of security to a well-set-up and well-managed sshd. With more services running the need is to understand their different security needs. Substituting the use of iptables for understanding isn't (IMO) something that needs to be top of the list. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109175103.ga15...@copernicus.demon.co.uk
Re: Freeipa para debian.
El Thu, 08 Jan 2015 16:52:47 -0500, Lic. Manuel Salgado escribió: Hola nuevamente: Alguno conoce si existe Freeipa para Debian o Ubuntu y de ser así, donde puedo encontrar sus repositorios actualizados? Gracias a todos Sólo lo veo para Sid como te comenta Carlos :-( En su página oficial¹ tienen la última versión como tar.gz, sólo veo paquete rpm para Fedora (es un desarrollo patrocinado por Redhat). ¹http://www.freeipa.org/page/Downloads#Latest_Release_-_FreeIPA_4.1.2 Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.01.09.16.35...@gmail.com
Re: Duda sobre script Bash
El Thu, 08 Jan 2015 21:19:48 +, Johnnatan Malpica escribió: 2015-01-08 16:38 GMT-04:30 Lic. Manuel Salgado manuelsalgado...@gmail.com: Buenas tardes a todos: Llevo varias horas googleando con el objetivo de encontrar una solución al siguiente objetivo: Necesito un comando o concatenación de este y alguna expresión regular que me permita, estando en un directorio dado, borrar recursivamente todos los directorios en cuyos nombres hayan números. Les ilustro el ejemplo: 165897 78963 cadena1 789632 cadena2 Se que para los gurus del bash es facil. Gracias de antemano. Hola.. No soy guru.. llevo algo de tiempo de usuario intenta con esta comando.. find . -name *[0-9]* desde el directorio raiz. y luego en el man podras usar -exec o tambien mediante tuberias el xargs. Con -type d filtrará sólo los directorios, que es lo que busca. sugerencia: crea una estructura de directorios de ejemplo o copia un extracto en otro lugar para hacer las pruebas. A find lo carga el demonio, así que concuerdo es que es mejor que prueba antes en un entorno muy limitado y siempre ejecutado desde el usuario sin privilegios para que haga pruebas en dique seco. Find está pidiendo a gritos el parámetro -dryrun :-) Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.01.09.16.30...@gmail.com
help in purging old packages
Hi, I have a situation in which I am running wheezy 7.7 and for various reasons now want to purge all packages which for some reason are still present from etch, lenny, and squeeze. What I would like to know is how can I purge all such packages using dpkg? I can not seem to find how to select just those old packages for purging. Can those who know about this please help? Thanks.
Re: Have I been hacked?
On 1/9/2015 11:19 AM, Eduardo M KALINOWSKI wrote: On Sex, 09 Jan 2015, Jerry Stuckle wrote: SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. If the characters are random, that is. That's just good security practice. The problem is that passwords are often not really random. So even seemingly secure passwords may be guessed relatively easy. This article gives a good overwiew about this topic: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ If you don't follow good security practices, it's your own fault if you get hacked. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b00528.2040...@gmail.com
Re: debian 7 64 bits
El viernes, 9 ene 2015, a las 16:06 horas (UTC+1), Ariel escribió: hola lista agradeceria me aclararan que ISO debo bajar para implementar debian7 para adquitectura 64 bits, la pc donde lo quier implementar cuenta con el siguiente hardware: motherboard: gigabite ram 4 Gb micro: i3 gracias de antemano. Si tienes una conexión de red razonable: https://www.debian.org/distrib/netinst Y si vas a usar únicamente CD o DVD https://www.debian.org/CD/ Suponiendo que quieras instalar Debian basada en Linux (dispones de otros núcleos) en una máquina típica para usuarios debes escoger la arquitectura amd64. Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109185441.6eec3...@gmail.com
Re: [OT] Raid por hardware
El Fri, 09 de Jan de 2015, a las 03:38:52PM +, Camaleón dijo: Sí, vi que smartctl me mostraba ese número de serie. El problema es que no vi que ese número de serie me lo proporcionara ni lsiutil ni la BIOS de la controladora. Así que por un lado podía identificar los discos, pero no cuál estaba desincronizado y, por otro, podía saber cuál está desincronizado pero no identificarlo físicamente. lsiutil debe decírtelo... espera que lo consulto desde el pdf que enviaste... vale, creo que debe ser el menú 21 / opción 2 (show physical disks) a lo que deberás pasar el número de la controladora (suele ser 1 salvo que tengas varias) para que te muestre todos los datos de los discos que tienes conectados. Es lo primero que consulté: no lo pone. Pone qué tipo de disco es WD-noséqué (WD de WesternDigital), pero ambos discos son iguales en este aspecto. Recuerdo que indica también un PhysDev (uno es el 0 y el otro un 1), pero no el número de serie que sí aparece usando smartctl. Al final, como tengo backups de los datos realmente importantes y el servidor pelado instalado en un disco virtual, decidí probar fortuna y deshice el raid por hardware. Yeeech. Con un par :-S Bueno, algo había que hacer... He comprobado que los dos discos arrancan el sistema sin errores. Si logro solucionar el problema y no es por culpa de la controladora, siempre puedo volver a ponerlos en RAID: al crearlo se respetan los datos del disco primario. Pero esto no soluciona el problema. El servidor sigue yendo anormalmente lento y creo que ese es el problema del que se derivan todos (quizás incluso el de la eterna resincronización del RAID). Pero ¿con deshacer el raid ya es suficiente? Supongo que habrás tenido que desactivar la controladora raid desde la bios, ponerlo en modo ahci y volcar los datos/particiones de nuevo ¿no? Porque de lo contrario seguirás usando el mismo módulo del kernel (mtp*) y si no quieres raid por harwdare convendría que usaras el driver abierto achi que te dará menos problemas. No toqué la BIOS para desactivar la controladora (miraré el lunes a ver cómo se hace). Lo que sí hice fue desconectar los discos de la controladora y conectarlos directamente a la placa base. Quizás mi problema no tenga nada que ver con el RAID ni la controladora. Como el sistema iba lento lo achaqué a la constante lectura y escritura en disco, y esta constante lectura y escritura a que no se sincronizaban los discos y la no sincronización a un fallo del RAID. Pero quizás el problema es justamente el contrario: el que se me trastabille el servidor de vez en cuando es lo que genera mis problemas de sincronización con el RAID. MIra a ver si sigue cargado el controlador de la tarjeta (mtp*) o estás usando el driver ahci (lsmod) El módulo se sigue cargando: lo cual es lógico porque no deshabilité la controladora. ahci no aparece, pero tampoco lo hace en el otro servidor que no tiene controladora. Quizás el núcleo de debian lo incluye integrado en el núcleo y no como módulo aparte. A mí lo que me escama es que el servidor se quede trabado alguna vez unos segundos, incluso con los comandos más insignificantes. Posiblemente todos mis problema nacen de esto. Pero no tengo ni idea de a qué se debe. Saludos, Saludos. -- Parezco en mi fortuna al Manzanares, que con agua o sin ella siempre es río. --- Tomé de Burguillos --- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109174421.ga11...@cubo.casa
Re: How can g++ (stable) be incompatible with a fresh stable install?
On Thu, Jan 8, 2015 at 7:18 PM, Sven Hartge s...@svenhartge.de wrote: Kynn Jones kyn...@gmail.com wrote: libc6-dev: Installed: (none) Candidate: 2.13-38+deb7u4 Version table: 2.19-13 0 750 http://debian.csail.mit.edu/debian/ testing/main amd64 Packages 750 http://ftp.us.debian.org/debian/ testing/main amd64 Packages 50 http://debian.csail.mit.edu/debian/ unstable/main amd64 Packages 50 http://ftp.us.debian.org/debian/ unstable/main amd64 Packages 2.13-38+deb7u6 0 995 http://debian.csail.mit.edu/debian/ stable/main amd64 Packages 995 http://ftp.us.debian.org/debian/ stable/main amd64 Packages 2.13-38+deb7u4 0 1000 http://security.debian.org/ stable/updates/main amd64 Packages Your priorities for the different versions seem off. Security should have to same priority as stable, not a higher one. And security should not need a higher priority, because security updates (not already included via point-release) will always have a higher version than the non-security package from the normal repository. OK, I thought I understood what was going on, but it turns out that I'm more baffled than ever. (E.g. I don't understand why I'm given the *option* of setting a priority for security when in fact, if I understand you correctly, there's only one sensible setting for it, namely identical to stable...) Please post the content of /etc/apt/preferences and any file in /etc/apt/preferences.d As I mentioned in my original post, my configs for /etc/apt/{sources.list,preferences}.d are based on those given here http://serverfault.com/a/382101. It may have been unwise of me to follow those recommendations, but they are the best (actually, the only) ones I was able to find when I searched for apt configuration best practices. (I will resume my search now, of course.) As far as /etc/apt/preferences.d goes, my configs are exactly as suggested in that post. Specifically: (no /etc/apt/preferences file) == /etc/apt/preferences.d/security.pref == Package: * Pin: release l=Debian-Security Pin-Priority: 1000 == /etc/apt/preferences.d/stable.pref == Package: * Pin: release a=stable Pin-Priority: 995 == /etc/apt/preferences.d/testing.pref == Package: * Pin: release a=testing Pin-Priority: 750 == /etc/apt/preferences.d/unstable.pref == Package: * Pin: release a=unstable Pin-Priority: 50 == /etc/apt/preferences.d/experimental.pref == Package: * Pin: release a=experimental Pin-Priority: 1 Thank you for your comments. I much appreciate them. kj -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAFvQaj4o0pYUHzJB87nwUQD=8orhHH3X5D=biwgGsQrRrE=r...@mail.gmail.com
Re: Are these Jessie installer images hybrid images?
On Friday 09 January 2015 14:19:52 Steve McIntyre wrote: In article 201501091406.08420.lisi.re...@gmail.com you write: Are these Jessie installer images hybrid images? It appears not, but I thought all Debian installer images were now. https://www.debian.org/devel/debian-installer/ Thanks, Steve. That's great. All the bootable amd64 and i386 images are hybrid, yes. (i.e. disc 1 in each set and the netinst). What makes you think they're not, OOI? Purely that I could find no mention of it and it explicitly says CD and DVD, with no mention of anything else that I could see. It may be my sight that is at fault again! Lisi. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501091522.21536.lisi.re...@gmail.com
Re: Have I been hacked?
On Fri, Jan 09, 2015 at 10:49:49AM -0500, Jerry Stuckle wrote: snip... SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. That's the key phrase, to cover all possibilities Don't forget, it's possible to hit pay dirt on the first try...or the 3rd...or the 20th... or the 500th...or the 50,000th...or the last possibility. I constantly hear references to mind boggling lengths of time required to crack passwords/phrases. I think it's misleading, especially to a beginner. On the other hand I have to admit I can't come up with a better way. ...snip.. -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109213704.ga32...@cox.net
Re: help in purging old packages
On 09/01/15 11:23 AM, Comer Duncan wrote: Hi, I have a situation in which I am running wheezy 7.7 and for various reasons now want to purge all packages which for some reason are still present from etch, lenny, and squeeze. What I would like to know is how can I purge all such packages using dpkg? I can not seem to find how to select just those old packages for purging. Can those who know about this please help? Thanks. Check out aptitude autoclean and aptitude clean. Or you can install deborphan. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b04b87.1020...@torfree.net
Re: How can g++ (stable) be incompatible with a fresh stable install?
On 01/09/2015 at 03:57 PM, Sven Hartge wrote: Kynn Jones kyn...@gmail.com wrote: On Thu, Jan 8, 2015 at 7:18 PM, Sven Hartge s...@svenhartge.de wrote: Kynn Jones kyn...@gmail.com wrote: Your priorities for the different versions seem off. Security should have to same priority as stable, not a higher one. And security should not need a higher priority, because security updates (not already included via point-release) will always have a higher version than the non-security package from the normal repository. OK, I thought I understood what was going on, but it turns out that I'm more baffled than ever. (E.g. I don't understand why I'm given the *option* of setting a priority for security when in fact, if I understand you correctly, there's only one sensible setting for it, namely identical to stable...) The option exists because there might be a use case for someone somewhere. Just because an option is useless for you does not mean it is useless for everybody. (See also root should be able to shoot itself in the foot.) Also because the stable security updates repository is, in terms of technical implementation, exactly like any other package repository. In particular, it uses the same infrastructure - including tools which have support for repository priorities built in, and have no way of knowing that this particular repository is in any way special. It's possible (and often desirable) to set a separate priority for an ordinary package repository, and because the security-updates repository uses the same infrastructure, it's necessarily possible (although rarely desirable) to set one for the security-updates repository as well. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: test VMs
Bonno Bloksma wrote: I was thinking I could run something which Debian Install runs too but then later realized that probably depends on files like ssh keys not being present yet and only creating new keys when that is the case. There isn't anything that runs later that does this in the debian-installer. Things are built up from nothing in place with the settings as given by the user. A very basic list of things that need to be changed are: Thanks, that is enough for now. Just going to install a machine with only the system tools installed, need to do some basic routing / firewall testing. I think you will do fine then. Note that there are often some lingering places where a previous hostname persists. Mostly those are harmless. But they do persist. Therefore picking a neutral hostname for the initial installation that won't do any harm later is good. Such as localhost is typical. But otherwise something else innocuous is good too. For example the mdadm tool encodes the system name into arrays constructed by the debian-installer. mdadm --examine /dev/sda1 Bob signature.asc Description: Digital signature
Jerarquias de chache Squid
Hola otra vez: Tengo un servidor Proxy con Squid, el cual sera ISP de otros Squids, pertenecientes a otras subredes. Necesito que este Squid solo permita squid hijos a ciertos IPs declarados en ACLs, no así a cualquier IP de estas subredes. Alguien me da una luz? Gracias por su tiempo. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca++poonfh0w29v5trewbit8c6csj5r39vyv2fwnd_19z_56...@mail.gmail.com
Re: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
On 01/09/2015 07:20 AM, Wayne Hartell wrote: [snip] Yes, you're right I am using Outlook since I've signed up to this list on a virtual machine that is configured for taking on the road for my work. I haven't yet taken a look at Evolution and others e-mail clients, but I fear that I'll be stuck on Outlook for a little while longer, until I convince myself to make a permanent switch. Hopefully this is a little better in terms of what is expected on the list. I edited a couple of settings to try to improve things. I come from windows/outlook IMO Thunderbird is a wonderful alternative and is very easy to configure to look/feel/behave the way you want, might want to give it a try. -Joris signature.asc Description: OpenPGP digital signature
Re: Have I been hacked?
Bob Holtzman writes: That's the key phrase, to cover all possibilities Don't forget, it's possible to hit pay dirt on the first try And it's about equally likely that a burst of cosmic rays of just the right pattern will strike your computer so as to reconfigure it to allow passwordless root logins via telnet. -- John Hasler jhas...@newsguy.com Elmwood, WI USA -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbkfha85@thumper.dhh.gt.org
Re: Have I been hacked?
On 1/9/2015 4:37 PM, Bob Holtzman wrote: On Fri, Jan 09, 2015 at 10:49:49AM -0500, Jerry Stuckle wrote: snip... SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe. That's the key phrase, to cover all possibilities Don't forget, it's possible to hit pay dirt on the first try...or the 3rd...or the 20th... or the 500th...or the 50,000th...or the last possibility. I constantly hear references to mind boggling lengths of time required to crack passwords/phrases. I think it's misleading, especially to a beginner. On the other hand I have to admit I can't come up with a better way. ...snip.. That's true. On average it will take 1/2 as long - or about 133 million years for a 10 character password or 8 billion years for an 11 character password. But that's also assuming the hacker knows how long your password is. He/she would also have to consider all possible combinations of 1-9 character passwords. That alone would take almost 4.36 million years just to ensure the password wasn't shorter. Of course, the hacker could also probably skip 1 character passwords ( 1 second), 2 character passwords (38 seconds), etc. But even going through all the possibilities of 9 character passwords would take around 4.29 million years (without a hit because the password is 10 characters). Of course, *anything* can be caught on the first, second or third try. But the odds of hitting it on the first try are over 13 quadrillion (13 followed by 15 zeros) to 1. You have a better chance of being struck by lightning while in an elevator 300' underground! Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b0530a.4020...@gmail.com
Re: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
Hi Wayne, Wayne Hartell wrote: Thanks. I'm sure to violate some conventions here in reply format or what have you. Just let me know if I do and I'll try to remedy in future. I see you have already exchanged mail concerning one of those things. :-) There are 2,000+ subscribers on this mailing list. If you could imagine a town hall meeting with 2,000+ physical people in the room all with voices you can imagine how difficult it can be to keep discussion efficient. That is why trimming excess words is so important. It makes it easier for people to read and understand the message. If they can read and understand then you are much more likely to receive a high quality reply in return. With respect to reporting the issue as a bug I started down that path using Reportbug, but noticed that a similar issue (not quite the same, or maybe I just didn't understand it fully), so I wanted to discuss it first. Thanks for providing that opportunity. Please feel welcome to discuss problems such as you have found on this mailing list. We are mostly all simple users of the Debian system. A few are developers. Have some patience. You may get answers or help that is better or worse on different days. It does work in other Linux distros that I have tried. If it works anywhere then it should be possible to learn why and/or why not and to transfer that knowledge. The other distro may have done something unique and special there to make it work. The task is then to figure this out and make it available in Debian. VLC is unable to open the MRL (I have more detailed debug output if needed). ... The work around is to edit the smb://host/path/file.mp3 to be smb://user:password@host/path/file.mp3 That makes sense to me. With the username and password it can then access the media. When I do this, it will work, but I have to do it for every file I add to the play list. I understand that can be quite the pain. :-( Rhythm Box appears to work just fine. How would Rhythm Box know what your smb username and password would be? I'm not overly concerned about the issue which is why I wanted to discuss it before I submitted any official bug (that would obviously be low priority). I noticed Debian bug #602985 appears quite similar (it's about getting VLC to prompt for smb credentials), but I'm not sure if it's exactly the same. Anyway, I appreciate you taking the time to respond to my post. This may seem a little trivial, but it's my first serious foray into Linux, just a couple of days old, and rather than run from issues I want to learn not only how to tackle the issues, but the processes that go along with Debian in general. I don't have any knowledge of either of the two areas needed. I don't know about smb shares. I don't know about vlc using remote media through smb shares. Sorry I can't help there. And I don't see other help on this issue. (At least not yet). I suggest that you post a new message to the mailing list. (I will be specific about it being a NEW message. If you reply to any mailing list message then your reply will be threaded below it. Since Outlook does not handle message threads most Outlook users don't realize that replying to start a new message causes threading problems. That creates a situation known as thread stealing or thread hijacking. To avoid that simply start a new message every time you have a new topic.) I suggest that you post a new message to the mailing list. Pick a good short concise subject. In this case I would definitely mention both VLC and SMB shares and password in the subject. There is no right answer but just to get the thought processes going I will suggest something like: VLC password in SMB shares URL? You want to attract the attention of people who are knowledgeable about those things. It is in your interest to choose the subject to make it clear to those people so that they will choose to read your message. This current thread is not good because those people not interested in web forums have already skipped over it. Remember that there are 2,000+ people on the list. Meaning that there are a lot of postings. Not every posting will interest everyone. At some point everyone is going to be skipping a lot of messages. Connecting you and them together needs good subject lines. And also good editor skills of trimming out unneeded excess quoting. Be brutal with removing excess quotes! Personally I would rather see no previous quoted material rather than bad full quoting. Want to see what the message looks like to other people? Take a look at it in the mailing list archive. If it is hard for you to read then it will be hard for other people to read too. https://lists.debian.org/debian-user/2015/01/msg00288.html Contrast that to this message in the archive. I have brutally trimmed the quotes to just the points to which I am replying. https://lists.debian.org/20150109151004514416184.noccsple...@bob.proulx.com Include
Re: debian 7 64 bits
A. El vie, 09-01-2015 a las 10:06 -0500, Ariel escribió: hola lista agradeceria me aclararan que ISO debo bajar para implementar debian7 para adquitectura 64 bits, la pc donde lo quier implementar cuenta con el siguiente hardware: motherboard: gigabite ram 4 Gb micro: i3 gracias de antemano. Puedes usar la misma de 32 bits sin problema al igual que los programas sin cambio. Yo lo he hecho así y pincha super bien. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1420839023.11901.0.ca...@unix.inor.sld.cu
Re: How can g++ (stable) be incompatible with a fresh stable install?
Kynn Jones kyn...@gmail.com wrote: On Thu, Jan 8, 2015 at 7:18 PM, Sven Hartge s...@svenhartge.de wrote: Kynn Jones kyn...@gmail.com wrote: libc6-dev: Installed: (none) Candidate: 2.13-38+deb7u4 Version table: 2.19-13 0 750 http://debian.csail.mit.edu/debian/ testing/main amd64 Packages 750 http://ftp.us.debian.org/debian/ testing/main amd64 Packages 50 http://debian.csail.mit.edu/debian/ unstable/main amd64 Packages 50 http://ftp.us.debian.org/debian/ unstable/main amd64 Packages 2.13-38+deb7u6 0 995 http://debian.csail.mit.edu/debian/ stable/main amd64 Packages 995 http://ftp.us.debian.org/debian/ stable/main amd64 Packages 2.13-38+deb7u4 0 1000 http://security.debian.org/ stable/updates/main amd64 Packages Your priorities for the different versions seem off. Security should have to same priority as stable, not a higher one. And security should not need a higher priority, because security updates (not already included via point-release) will always have a higher version than the non-security package from the normal repository. OK, I thought I understood what was going on, but it turns out that I'm more baffled than ever. (E.g. I don't understand why I'm given the *option* of setting a priority for security when in fact, if I understand you correctly, there's only one sensible setting for it, namely identical to stable...) The option exists because there might be a use case for someone somewhere. Just because an option is useless for you does not mean it is useless for everybody. Please post the content of /etc/apt/preferences and any file in /etc/apt/preferences.d As I mentioned in my original post, my configs for /etc/apt/{sources.list,preferences}.d are based on those given here http://serverfault.com/a/382101. Ouch. Please do _not_ follow that guide. The pinnings shown there are dangerous and wrong, as you have seen. Please remove them from your system. Please also remove any sources.list files with testing/jessie or unstable/sid from your configuration until you have configured the preferences correctly. It may have been unwise of me to follow those recommendations, but they are the best (actually, the only) ones I was able to find when I searched for apt configuration best practices. (I will resume my search now, of course.) It is true that the pinning feature is under-documented and a bit arcane to use. This may be because the normal user never has any need of changing them. What do you want to accomplish? To have some packages from Testing but the majority of the system to remain Stable? Then just pin testing to a value between 0 and 100 to prevent an automatic upgrade of every package to the testing version. To do so, please delete every preferences fil from /etc/apt/preferences.d and just put on file with the following content inside: Package: * Pin: release n=jessie Pin-Priority: 50 You then can reenable any apt-sources for jessie. This has the following effects: a) All packages from Stable will automatically get a prio of 500 b) All packages from Jessie will get a prio of 50 Packages with a priorioty lower than 100 will never be installed unless 1) a dependency requests this or 2) the admin tells apt-get to do so. To install a package, you then use apt-get -t jessie install package. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/6b9s301ba...@mids.svenhartge.de
Re: Have I been hacked?
On Thursday 08 January 2015 21:53:45, Danny wrote : Hi guys, So what I did was do disable all startup scripts/servers/services and then enable only one at a time ... then I would reboot and wait and keep an eye on /boot (I deleted all randomly generated files, so I could see if a file was added or not, and it was also the only way I knew for certain that the culprit was active or not, hence that is how I could time it) ... All went well untill I enabled cron ... I checked all cron jobs and they all look normal ... here is an ls of my cron directories ... ### /etc/cron.d/ anacron atop mrtg php5 /etc/cron.daily/ anacron atop mrtg php5 /etc/cron.hourly/ cron.sh sarg /etc/cron.monthly 0anacron sarg /etc/cron.weekly 0anacron apt-xapian-index man-db sarg ### Have a look at /etc/crontab. The file contains commands to be run by cron. The directory /var/spool/cron/crontabs also contains user's cron jobs. If anacrontab is installed, /etc/anacrontab may contain more jobs. Since I killed cron at bootup everything seems fine ... network is back to normal ... I don't get the transition between the above paragraph (network is normal if cron is killed) and the below paragraph (troubles begin when network is up). Do you have any evidence that cron is triggering the attack or am I misreading your mail? However, as soon as my network was up and running I got attacked ... here is an excerpt of one of the fail2ban mails ... ### The IP 204.12.241.227 has just been banned by Fail2Ban after 3 attempts against ssh. Jan 8 04:23:15 fever sshd[17406]: Connection from 204.12.241.227 port 38090 on 10.0.0.5 port 22 Jan 8 04:23:17 fever sshd[17406]: Invalid user zhangyan from 204.12.241.227 Jan 8 04:23:17 fever sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.12.241.227 Jan 8 04:23:20 fever sshd[17406]: Failed password for invalid user zhangyan from 204.12.241.227 port 38090 ssh2 Jan 8 04:23:20 fever sshd[17406]: Received disconnect from 204.12.241.227: 11: Bye Bye [preauth] Jan 8 04:23:20 fever sshd[17408]: Connection from 204.12.241.227 port 39800 on 10.0.0.5 port 22 Jan 8 04:23:22 fever sshd[17408]: Invalid user dff from 204.12.241.227 Jan 8 04:23:23 fever sshd[17408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.12.241.227 Jan 8 04:23:24 fever sshd[17408]: Failed password for invalid user dff from 204.12.241.227 port 39800 ssh2 ## The mail is sent because someone is brute force attacking your ssh server. Not starting fail2ban or your mail server would suppress those mails but not the attack. Turning off ssh or the network would stop the attack though :-) If your line of reasoning is to correlate the mail arrival with starting cron, then maybe cron is the last link required to make the fail2ban alert functional. What is interesting to me is the user in the above excerpt zhangyan ... By using a username that is unfamiliar to the western world tells me that whatever is on my system had to respond to this username otherwise why would this guy use a username that only he is familiar with ... Other usernames that were used: 3D, ssht and ftfl ... Also, attempts were made from China, Hong Kong, Belgium and Canada ... You cannot tell something is responding to that user name on your system based only on that fail2ban alert. On the contrary, the mail means fail2ban successfully thwarted that particular attempt. Attackers can't know what names are valid login names unless they can find one by hacking into a legitimate user's computer or a user posted its login on the net. What hackers do instead, is to try a long list of possible login names collected on servers they have hacked in the past. That's the reason this particular bot was trying to login with the zhangyan user name. There is nothing to worry about unless you receive alerts about a valid login name. Currently my iptables looks like this ... ### -A INPUT -p tcp -s 122.0.0.0/8 -j DROP -A INPUT -p tcp -s 61.0.0.0/8 -j DROP -A INPUT -p tcp -s 117.0.0.0/8 -j DROP -A INPUT -p tcp -s 103.0.0.0/8 -j DROP -A INPUT -p tcp -s 82.0.0.0/8 -j DROP -A INPUT -p tcp -s 204.0.0.0/8 -j DROP -A INPUT -p tcp -s 218.0.0.0/8 -j DROP ### As you can see ... I am already DROPping some of these IP's ... I just need something to block an ENTIRE country ... You can't ban an entire country based on IPv4 addresses because the whole IPv4 address space is
Re: Have I been hacked?
On Thu, Jan 08, 2015 at 10:53:45PM +0200, Danny wrote: Hi guys, My apologies for replying a little late ... [cut] As you can see ... I am already DROPping some of these IP's ... I just need something to block an ENTIRE country ... Install xtables-addons-dkms (which will build the module for your current kernel). You can then use instructions such as those at [1] to set up xtables (basically, though, you use xt_geoip_dl to download the GeoIP database and then do something akin to iptables -A INPUT -m geoip --src-cc CN -j DROP). [1]: http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip Thank you ... and thanks to everyone replying ... I apreciate it ... Danny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150108205345.GA4732@fever.havannah.local signature.asc Description: Digital signature
Re: Unable to join the Debian User Forum; appears that all IPs are being black-listed.
Sorry, Wayne. I have done it yet again. Clicked reply in the Debian list. I should have pressed l and replied to the list, not you personally. :-( Lisi Hi, Wayne, Welcome to Debian! Good choice! And also welcome to the list. On Friday 09 January 2015 06:07:52 Wayne Hartell wrote: Thanks. I'm sure to violate some conventions here in reply format or what have you. Just let me know if I do and I'll try to remedy in future. You have a basic underlying problem: Your email client does not quote correctly. I had a look. You are running Outlook. All I can say is: bad luck! But your quoting is a bit of a mess and I tried to sort it out for my reply, but it is too early in the morning (I am on GMT and had a late night.). So we all just have to be patient. Most of us have been there, done that and got the T-shirt. There are lots of super Linux email clients out there. Once you are on a civilised email client, bottom posting, or even better, interleaving, is preferred. With suitable trimming, of course. (Which I am not very good at myself.) [snip] Now, the problem [snip] is that when I attempt to play an mp3 file using vlc, where that mp3 file is located on a password protected Windows share, vlc fails to play the file. VLC is unable to open the MRL (I have more detailed debug output if needed). Now, I have tried a newer version of VLC from the backports (2.1.2 I think), and it did not help. The work around is to edit the smb://host/path/file.mp3 to be smb://user:password@host/path/file.mp3 When I do this, it will work, but I have to do it for every file I add to the play list. Rhythm Box appears to work just fine. [snip] Anyway, I appreciate you taking the time to respond to my post. This may seem a little trivial, If you use vlc frequently and it does this every time, that is not trivial!! I can't really be any help at all, since I don't use vlc and have no Windows in the house so don't use Samba, but you only had one reply and it didn't feel very welcoming. but it's my first serious foray into Linux, just a couple of days old, and rather than run from issues I want to learn not only how to tackle the issues, but the processes that go along with Debian in general. :-)) Lisi Wayne Hartell wrote: I'm a new Debian/Linux user and brand new to this mailing list. Welcome. To that end I have been tinkering with various Linux distros and I have found a reproducible issue in Wheezy ... Please report it as a bug. https://www.debian.org/Bugs/ that I wish to discuss on the Debian user Forums, but I appear to be unable to register. Every IP I try I appears to be black-listed. I even attempted using TOR and those IPs were also black-listed. The problem is I can't post to the forums to tell them I can't register. I can't find anything on Google about this problem. I for one don't like web forums. Fortunately most of the real activity takes place on the mailing lists. You have subscribed to this mailing list and so don't need any of the web forums. Simply discuss the problem here. If there is a better way to report this issue please let me know. Please discuss your problem here. What problem are you having? What reproducible issue have you found in Wheezy? Bob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501091410.39304.lisi.re...@gmail.com
Re: Are these Jessie installer images hybrid images?
In article 201501091406.08420.lisi.re...@gmail.com you write: Are these Jessie installer images hybrid images? It appears not, but I thought all Debian installer images were now. https://www.debian.org/devel/debian-installer/ All the bootable amd64 and i386 images are hybrid, yes. (i.e. disc 1 in each set and the netinst). What makes you think they're not, OOI? -- Steve McIntyre, Cambridge, UK.st...@einval.com ...In the UNIX world, people tend to interpret `non-technical user' as meaning someone who's only ever written one device driver. -- Daniel Pead -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1y9apo-0007vt...@mail.einval.com
Re: Installer Debian sur un chomebook / noyau Linux 3.17 pour touchpad
Le 2015-01-09 09:12, Michel Casabianca a écrit : Je précise que le kernel 3.17 n'est pas inclus dans la Jessie (qui embarque un 3.16). Mais c'est l'affaire de télécharger un .deb et de l'installer. Oui, personellement j'utilise le dépôt Linux-Libre: http://jxself.org/linux-libre/ Avez-vous d'autres suggestions pour éviter les mises-à-jour manuelles? F. -- Fabián Rodríguez - XMPP/Jabber+OTR: magic...@member.fsf.org http://debian.magicfab.ca signature.asc Description: OpenPGP digital signature
Re: Have I been hacked?
If you want to inspect further, I would suggest you look at each of the jobs being run. See if they are what you expect them to be. Also check your /etc/crontab and /etc/anacrontab to see what is in them. I would love to investigate further but I am afraid I am not inclined towards forensics ... lol ... I am an Aircraft Engineer by trade not a Computer Scientist ... :) ... I played around with sleuthkit but that confused the living hell out of me ... lol ... I don't even know what to look for ... The server I have is a small community/family server that gives wireless access to poor families ... As for the attacks - I've seen a big uptake in the attacks over the last couple of weeks. The worst I've seen is 100 IP's locked out in one 24 hour period. They are coming from all over the world, although since there are a lot of proxies (many of them from trojans/viruses installed on unsuspecting machines), there's no easy way to tell what the real origins are. It's astonishing how quick they can find an IP ... I have permanently blocked the IP ranges of some of the worst offenders, but the only real way to stop it is to take your machine off the internet completely. Just ensure you're using good security practices - don't allow root login, use long, random passwords, etc. I also use a random character strings for the login ids, as well as passwords - just one more thing for the hackers to have to figure out how to get around. That's the problem right there ... random passwords ... lol ... but I will have to adapt ... Thank You -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109162948.GA17386@fever.havannah.local
Re: Have I been hacked?
So Many?? For instance here is a list of the blocks for Belgium: http://www.nirsoft.net/countryip/be.html -Joris Feel sorry for iptables ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109163429.GB17386@fever.havannah.local
Re: Have I been hacked?
Blocking a country which is famous for producing chocolate and beer. What is the world coming to? rofl :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109163622.GC17386@fever.havannah.local
QoS
Bonjour à tous, Considérons un serveur connecté à deux interfaces WAN (eth1 et eth2, le LAN est sur eth0). Les adresses IP sont les suivantes : eth1 : 192.168.254.1 eth1:1 : 192.168.254.81 ... eth1:6 : 192.168.254.86 eth2 : 192.168.253.1 Tourne sur cette machine un proxy qui tire au hasard une adresse entre eth1:1 et eth1:6 pour se connecter sur les serveurs distants. Ça fonctionne. Je veux rajouter une QoS sur cette machine. Pour cela, j'ai tagué les différents paquets comme suit : [0:0] -A POSTROUTING -p icmp -o eth1 -j MARK --set-mark 10 [0:0] -A POSTROUTING -p icmp -o eth2 -j MARK --set-mark 10 [0:0] -A POSTROUTING -p udp --dport domain -o eth1 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p udp --sport domain -o eth1 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p udp --sport domain -o eth2 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p udp --dport ntp -o eth1 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p udp --sport ntp -o eth1 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p udp --sport ntp -o eth2 -j MARK --set-mark 20 [0:0] -A POSTROUTING -p tcp --sport 3128 -o eth2 -j MARK --set-mark 30 [0:0] -A POSTROUTING -p tcp --sport ssh -o eth1 -j MARK --set-mark 40 [0:0] -A POSTROUTING -p tcp --sport ssh -o eth2 -j MARK --set-mark 40 tc qdisc add dev eth1 root handle 1: htb default 100 tc qdisc add dev eth2 root handle 2: htb default 100 tc class add dev eth1 parent 1:0 classid 1:1 htb \ rate 1100kbit mtu 1500 tc class add dev eth2 parent 2:0 classid 2:1 htb \ rate 3mbit mtu 1500 tc class add dev eth1 parent 1:1 classid 1:10 htb \ rate 10kbit ceil 1100kbit prio 1 tc class add dev eth1 parent 1:1 classid 1:20 htb \ rate 200kbit ceil 1100kbit prio 2 tc class add dev eth1 parent 1:1 classid 1:40 htb \ rate 500kbit ceil 1100kbit prio 4 tc class add dev eth2 parent 2:1 classid 2:10 htb \ rate 10kbit ceil 3mbit prio 1 tc class add dev eth2 parent 2:1 classid 2:20 htb \ rate 200kbit ceil 3mbit prio 2 tc class add dev eth2 parent 2:1 classid 2:30 htb \ rate 1mbit ceil 2mbit prio 3 tc class add dev eth2 parent 2:1 classid 2:40 htb rate \ 500kbit ceil 3mbit prio 4 tc filter add dev eth1 parent 1: protocol ip prio 1 handle 10 \ fw flowid 1:10 tc filter add dev eth1 parent 1: protocol ip prio 2 handle 20 \ fw flowid 1:20 tc filter add dev eth1 parent 1: protocol ip prio 4 handle 40 \ fw flowid 1:40 tc filter add dev eth2 parent 2: protocol ip prio 1 handle 10 \ fw flowid 2:10 tc filter add dev eth2 parent 2: protocol ip prio 2 handle 20 \ fw flowid 2:20 tc filter add dev eth2 parent 2: protocol ip prio 3 handle 30 \ fw flowid 2:30 tc filter add dev eth2 parent 2: protocol ip prio 4 handle 40 \ fw flowid 2:40 J'aimerais avec cela que les l'ICMP, le ssh et certains autres protocoles aient un débit minimal réservé et que le reste utilise la bande passante restante. Visiblement, j'ai raté quelque chose puisque cela ne fonctionne pas. Une requête sur le serveur apache est capable de monopoliser toute la bande disponible au détriment des autres protocoles. Une idée ? Cordialement, JKB -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/54afd6da.3010...@systella.fr
Are these Jessie installer images hybrid images?
Are these Jessie installer images hybrid images? It appears not, but I thought all Debian installer images were now. https://www.debian.org/devel/debian-installer/ Thanks, Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501091406.08420.lisi.re...@gmail.com
Re: Qual o melhor programa de inventário LAMP.
Eu uso o OcsInventory, e atende muito bem para o que preciso, inventário de hardware e de software, meu parque é pequeno, cerca de 150 computadores, único problema que vejo nele , é que algumas maquinas com o tempo param de comunicar, então , você tem que criar uma rotina de tempos em tempos para ver quais maquinas não estão atualizando,ah, também acontece de se você formatar uma maquina as vezes ele duplica o registro, tem que fazer uma limpeza as vezes. abraço. Jacques Teixeira Em 8 de janeiro de 2015 20:44, Tobias cont...@eutobias.org escreveu: Não ficou claro para mim se você quer fazer inventário de rede ou monitoramento de um servidor web. On 08-01-2015 12:05, hamacker wrote: Ola pessoal, Estou precisando de um programa de inventario LAMP, e estou estando o OCS Inventary e o Open Audit. Já instalei o Open Audit e parece bom, mas as vezes é confuso e alguns links dão erro 404, fica parecendo versão de software mal acabado, alguns howtos falam de usar a versão 9.x, mas a unica disponivel no site é a 1.5, então fiquei meio perdido. O que eu achei diferente é que o OA não tem agente, é um script de que alguma forma terei de automatizar a execução. Daqui a pouco vou instalar o OCS Inventary que também é popular na web, sei quase nada dele. Se alguém puder me indicar outros e puder tecer comentários sobre qual é o melhor ficaria muito grato. Um abraço a todos. -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54af085f.50...@eutobias.org
Re: Installer Debian sur un PC sans DVD
On 01/08/2015 09:39 PM, Pascal Hambourg wrote: maderios a écrit : On 01/08/2015 07:53 PM, Pascal Hambourg wrote: baal a écrit : moi le service client d'asus m'a dit si vous changer de system d'exploitation vous perdez la garantie logiciel C'est quoi la garantie logiciel ? C'est un concept issu du monde tordu de Microsoft pour les futures victimes de Microsoft. C'est une liste imbuvable d'inepties, genre notice de médicament listant les effets indésirables :-) Pour en rire, c'est ici : http://www.microsoft.com/hardware/fr-fr/warranties Sauf erreur, cette page traite de la garantie de produits matériels. Pas seulement matériel. Extrait de cette liste poétique: La présente Garantie Limitée ne couvre aucun aspect subjectif ou esthétique du Périphérique Matériel ou du Logiciel -- Maderios -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/54afb4f1.9020...@gmail.com
Re: Have I been hacked?
*me* blushing Why? If you don't know anyone in China, don't pick up the phone. Why are your services responding to them? You're not seriously telling us you're accepting user name and password for ssh authentication from the Internet, are you? Uhm ... yes ... (looking down ashamed ...) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109163909.GD17386@fever.havannah.local
Re: Have I been hacked?
You have completely failed to understand what fail2ban is telling you. Anyway, I have decided to get new hardware and do a clean install of everything ... as many of you have suggested ... It was heading that way so it is probably best for you. You sound like a heartless Seargeant Major in the Marines ... ;) ... However, as I fly a lot internationally, is there a way I can temporarily block these country's IP's for a few days at most untill I have enough time on hand to do a fresh install ... What has flying got to do with it? What I meant was that I fly a lot and don't have time in the immediate future to do a fresh install ... So I wanted a temporary stop-gap solution for a few days untill time would lend itself for the task ... Currently my iptables looks like this ... If you have resorted to using iptables you have lost it. A standard Debian install doesn't need it. Yip ... definately a Seargeant Major ... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109164451.GE17386@fever.havannah.local