Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Thomas Schmitt]

Hi,

Gener Badenas wrote:
> Will people downloading the linix mint from torrent be affected?

http://blog.linuxmint.com/?p=2994

"Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon
edition.
If you downloaded another release or another edition, this does not affect you.
If you downloaded via torrents or via a direct HTTP link, this doesn’t affect
you either.
Finally, the situation happened today, so it should only impact people who
downloaded this edition on February 20th."


Have a nice day :)

Thomas

[OT] ISO de Linux Mint comprometidas

[Javier Silva]

Hola,

Como he visto que algunas de las personas de la lista han usado o usan
Linux Mint, deben estar alerta, ya que este fin de semana han sido
comprometida alguna ISO de este sistema:

http://ostatic.com/blog/oh-no-linux-mint-hacked-isos-compromised

Saludos,
Javier Silva

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Glenn English]

> On Feb 22, 2016, at 6:39 PM, Gener Badenas  
> wrote:
> 
> Will people downloading the linix mint from torrent be affected?

Don't think so. 

Google (or DuckDuckGo) for 'linux mint hacked' and you'll get lots of info with 
no "Click Here" buttons. 


One I found that way said torrent downloads weren't infected. Besides, it's all 
fixed now, and the backdoor code didn't work anyway.


-- 
Glenn English

Re: BIND problem

[Glenn English]

> On Feb 22, 2016, at 3:58 PM, Reco  wrote:
> 
> First one is 'ls -ald /var/cache'.

root@log:~# ls -ald /var/cache
drwxr-xr-x 14 root root 4096 Oct 12  2013 /var/cache

> Second one is 'sudo -u touch /var/cache/bind/slaves/1'.

sudo: unknown user: touch
sudo: unable to initialize policy plugin

(Should there have been a "bind" after the '-u'? I just tried that, and it 
returns an empty line.)

> 'su -l bind -c "touch /var/cache/bind/slaves/1"' should do it too since
> you have an interactive login shell for bind.

That one replies with an empty line. BIND's shell is still BASH (I thought I'd 
deleted that long ago).

If I do 'su -l bind -c "touch /var/cache/bind/slaves/1" ; echo $?', it prints 
'0'.

> Third one (hey, you never know) is 'ls -ald /'.

drwxr-xr-x 25 root root 4096 Jun  6  2014 /

...

Wait a minute. I just took a look at today's DNS log with 'cat /var/log/daemon 
| egrep permission' and I see at the bottom:

Feb 22 02:15:07 log named[20117]: dumping master file: 
/var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file: 
/var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file: 
/var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied

That says to me that the problem stopped around 2AM last night, no? I think 
that's about the time I rebooted the server -- I don't remember why. If that's 
true, something got well of natural causes, and I apologize tremendously for 
the noise. 

The 2 PIDs could very well be because I had 2 BINDs running for a while trying 
to figure this out -- one as user bind, and one as root. There's a command in 
my history file to kill 20061.

'logwatch --range today' prints (about the DNS dumps):

dumping master file: /var/cache/bind/slaves/tmp-18yeqdeUo7: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-8m09QHZPqR: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-93yzSn2HVG: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KQi00ADskK: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KnYb1BM7ho: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-RbEDOfprSt: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-X7frzE1EHg: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-fSPdEwQTGO: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-h28gNDyR7n: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-pPGgsIYF9T: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-ucvOB7hKDt: open: 
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-yhcq7G3STF: open: 
permission denied: 1 Time(s)

The day isn't over yet, but compared to the last few days, that does seem like 
a pretty small number of failed dumps.

'cat /var/log/daemon.log | egrep '^Feb 22.*tmp-' | sort -k9' (sorted on 
filename to match logwatch's sorting it's lines) prints:

Feb 22 01:57:18 log named[20061]: dumping master file: 
/var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied
Feb 22 00:14:54 log named[20117]: dumping master file: 
/var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
Feb 22 00:25:48 log named[20061]: dumping master file: 
/var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
Feb 22 02:15:07 log named[20117]: dumping master file: 
/var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 00:51:46 log named[20061]: dumping master file: 
/var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
Feb 22 01:24:08 log named[20117]: 

Re: Error de GPG

[OJEDA David]

root@debian:/home/david/Documentos# apt-get update && apt-get -V upgrade
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy Release
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy/main amd64 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy/main Translation-es_AR
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy/main Translation-es
Ign cdrom://[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
LIVE/INSTALL Binary 20150114-03:51] wheezy/main Translation-en
Des:1 http://ftp.ccc.uba.ar wheezy Release.gpg [2.373 B]
Des:2 http://ftp.ccc.uba.ar wheezy-updates Release.gpg [1.554 B]
Des:3 http://ftp.ccc.uba.ar wheezy Release [191 kB]
Des:4 http://ftp.ccc.uba.ar wheezy-updates Release [143 kB]
Err http://ftp.ccc.uba.ar wheezy-updates Release

Des:5 http://ftp.ccc.uba.ar wheezy/main Sources [5.982 kB]
Des:6 http://security.debian.org wheezy/updates Release.gpg [1.554 B]
Des:7 http://security.debian.org wheezy/updates Release [102 kB]
Des:8 http://security.debian.org wheezy/updates/main Sources [212 kB]
Des:9 http://security.debian.org wheezy/updates/main amd64 Packages [336 kB]
Des:10 http://security.debian.org wheezy/updates/main Translation-en
[195 kB]
Des:11 http://ftp.ccc.uba.ar wheezy/main amd64 Packages [5.840 kB]
Des:12 http://ftp.ccc.uba.ar wheezy/main Translation-es [349 kB]
Des:13 http://ftp.ccc.uba.ar wheezy/main Translation-en [3.846 kB]
Descargados 17,2 MB en 2min. 24seg. (119 kB/s)
Leyendo lista de paquetes... Hecho
W: Se produjo un error durante la verificación de las firmas. El
repositorio no está actualizado y se utilizarán los ficheros de índice
antiguos. El error GPG es: http://ftp.ccc.uba.ar wheezy-updates Release:
Las siguientes firms fueron inválidas: BADSIG 8B48AD6246925553 Debian
Archive Automatic Signing Key (7.0/wheezy) 

W: Imposible obtener
http://ftp.ccc.uba.ar/pub/linux/debian/debian/dists/wheezy-updates/Release

W: Some index files failed to download. They have been ignored, or old
ones used instead.
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
0 actualizados, 0 se instalarán, 0 para eliminar y 0 no actualizados.
---No probé todavia cambiar ese repositorio porque tampoco se por cual
espejo lo tendria que hacer, estoy a su disposicion por como continuar.
Gracias

El 22/02/16 a las 11:41, Camaleón escribió:
> El Sun, 21 Feb 2016 19:55:22 -0300, OJEDA David escribió:
> 
>> Hola a todos tengo una situacion que no pude resolver por actualizacion
>> de Keyrings. 
> 
> ¿Y la situación cuál es, exactamente? :-)
> 
>> Esta consulta que hubo (https://lists.debian.org/debian-user
>> -spanish/2014/11/msg00080.html) es identica solo que varia el
>> repositorio: http://ftp.ccc.uba.ar wheezy-updates Release.
>> ¿Que espejo es el correcto en este caso y como puedo reemplazarlo? 
> 
> Para cambiar la URL de los repos tienes que editar el archivo 
> "/etc/apt/sources.list".
> 
>> lei sobre utilizar "nano" pero las opciones finales de guardado me 
>> superan.
> 
> Para guardar los cambios con nano tienes que pulsar la combinación de
> teclas "Ctrl+O" pero puedes usar cualquier editor de textos, tanto en 
> línea de comandos como gráfico si te sientes más cómodo con la última 
> opción. Eso sí, siempre como usuario root ya que de lo contrario no te 
> dejará guardar los cambios.
> 
>>  Mi Sources List es simple ya que soy un usuario aprendiz todavia:
>>
>> # deb cdrom:[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
>> LIVE/INSTALL Binary 20150114-03:51]/ wheezy main
>>
>> deb cdrom:[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
>> LIVE/INSTALL Binary 20150114-03:51]/ wheezy main
> 
> Si tienes acceso a Internet, comenta (#) el repositorio del CD.
> 
>> deb http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy main 
>> deb-src http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy main
> 
> Este parece correcto si sólo quieres usar software libre.
> 
>> deb http://security.debian.org/ wheezy/updates main 
>> deb-src http://security.debian.org/ wheezy/updates main
> 
> Este también.
> 
>> # wheezy-updates, previously known as 'volatile'
>> deb http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy-updates main
>> deb-src http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy-updates main
>^
>
> Parece correcto también. Mejor si  ejecutas "apt-get update && apt-get -V 
> upgrade" 
> y mandas la salida.
> 
> Saludos,
> 

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Gener Badenas]

On Tue, Feb 23, 2016 at 3:23 AM, Thomas Schmitt  wrote:

> Hi,
>
> > http://thehackernews.com/2016/02/linux-mint-hack.html
>
> A virus of 1.5 GiB size.
>
> Does anybody know a download URL for such an infected ISO image ?
> (I am curious whether they used my software or mkisofs or something
> unusual.)
>

Will people downloading the linix mint from torrent be affected?


>
> Have a nice day :)
>
> Thomas
>
>


-- 
Code , code , code
, and code 

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Gener Badenas]

On Wed, Feb 17, 2016 at 10:08 PM, Tom Browder  wrote:

> I have several remote Debian 7 servers and would like to secure it in
> the following manner:
>
> 1. root will not be allowed any external access (access is only via a
> user becoming root while logged in)
>
> 2. after initial setup, no ssh access will be allowed via a password
>
> I have seen much documentation on securing such a host, but I don't
> want to be an expert--I just need a recipe.
>

You need to open /etc/ssh/sshd_config and the right settings are obvious
from there.  But I would suggest you setup a key pair login and test it
before applying these changes. Otherwise you might be locked out.  But you
might be able to VNC to it just in case.



>
> Many thanks.
>
> Best regards,
>
> -Tom
>
>


-- 
Code , code , code
, and code 

KVM - Sequenciar boot

[Sérgio Abrantes Junior]

Olá a todos,

Possuo um Debian 8 onde virtualizo 2VMs.
Precisava sequenciar o boot. Exemplo: Inicia uma VM, depois outra.
Uso Qemu-KVM e gerencio com virt-namager.
Procurei em um monte de lugares, mas não encontrei.
Alguém já fez isso?

Até!

Sérgio Abrantes

Re: BIND problem

[Reco]

On Mon, 22 Feb 2016 15:33:54 -0700
Glenn English  wrote:

> 
> > On Feb 22, 2016, at 3:16 PM, Reco  wrote:
> > 
> > So, what permissions does /var/cache and /var/cache/bind have?
> 
> root@log:~# ls -lh /var/cache/bind
> total 48K
> -rw-rw-r-- 1 bind bind  221 Oct 12  2013 managed-keys.bind
> -rw-rw-r-- 1 bind bind  512 Oct 12  2013 managed-keys.bind.jnl
> drwxrwxr-x 2 bind bind 4.0K Feb 16 19:19 masters
> -rw-rw-r-- 1 bind bind  30K Feb 22 00:32 named_dump.db
> drwxrwxr-x 2 bind bind 4.0K Feb  5 07:52 slaves
> 
> root@log:~# ls -lh /var/cache/
> total 48K
> drwxr-xr-x  3 root root 4.0K Feb  8  2014 apache2
> drwxr-xr-x  3 root root 4.0K Feb 22 14:12 apt
> drwxr-xr-x  4 bind bind 4.0K Feb 22 02:34 bind
> drwxrwxr-x  3 root lp   4.0K Feb 22 06:25 cups
> drwxr-xr-x  2 root root 4.0K Feb 22 14:12 debconf
> drwxr-xr-x  2 root root 4.0K Oct 11  2013 dictionaries-common
> drwxr-xr-x  2 root root 4.0K Oct 29  2013 fontconfig
> drwxr-xr-x  2 root root 4.0K Nov 24  2012 git
> drwx--  2 root root 4.0K Feb 17 07:36 ldconfig
> drwxr-sr-x 38 man  root 4.0K Feb 22 14:12 man
> drwxr-xr-x  2 root root 4.0K Jan 16  2012 pm-utils
> drwxr-xr-x  2 root root 4.0K Aug 15  2013 samba

OK, three small details are missing from the puzzle.

First one is 'ls -ald /var/cache'.

Second one is 'sudo -u touch /var/cache/bind/slaves/1'.
'su -l bind -c "touch /var/cache/bind/slaves/1"' should do it too since
you have an interactive login shell for bind.

Third one (hey, you never know) is 'ls -ald /'.

Reco

Re: BIND problem

[Glenn English]

> On Feb 22, 2016, at 3:16 PM, Reco  wrote:
> 
> So, what permissions does /var/cache and /var/cache/bind have?

root@log:~# ls -lh /var/cache/bind
total 48K
-rw-rw-r-- 1 bind bind  221 Oct 12  2013 managed-keys.bind
-rw-rw-r-- 1 bind bind  512 Oct 12  2013 managed-keys.bind.jnl
drwxrwxr-x 2 bind bind 4.0K Feb 16 19:19 masters
-rw-rw-r-- 1 bind bind  30K Feb 22 00:32 named_dump.db
drwxrwxr-x 2 bind bind 4.0K Feb  5 07:52 slaves

root@log:~# ls -lh /var/cache/
total 48K
drwxr-xr-x  3 root root 4.0K Feb  8  2014 apache2
drwxr-xr-x  3 root root 4.0K Feb 22 14:12 apt
drwxr-xr-x  4 bind bind 4.0K Feb 22 02:34 bind
drwxrwxr-x  3 root lp   4.0K Feb 22 06:25 cups
drwxr-xr-x  2 root root 4.0K Feb 22 14:12 debconf
drwxr-xr-x  2 root root 4.0K Oct 11  2013 dictionaries-common
drwxr-xr-x  2 root root 4.0K Oct 29  2013 fontconfig
drwxr-xr-x  2 root root 4.0K Nov 24  2012 git
drwx--  2 root root 4.0K Feb 17 07:36 ldconfig
drwxr-sr-x 38 man  root 4.0K Feb 22 14:12 man
drwxr-xr-x  2 root root 4.0K Jan 16  2012 pm-utils
drwxr-xr-x  2 root root 4.0K Aug 15  2013 samba

-- 
Glenn English

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Thomas Schmitt]

Hi,

Sven Hartge wrote:
> You cannot wget a mega.nz URL. You have to use a Javascript-enabled
> Browser to get the file.

Shall i really enable insecure Javascript to download a malicious ISO ?

... google ... Kim Schmitz ... rofl ... i am not that curious.


Have a nice day :)

Thomas

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Sven Hartge]

Thomas Schmitt  wrote:
> Dalios wrote:

>> https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0

> Only wgets a small index.html file:
>   meta name="description" content="MEGA provides free cloud storage with 
> convenient and powerful always-on privacy. Claim your free 50GB now!"
> Probably spam, i fear.

You cannot wget a mega.nz URL. You have to use a Javascript-enabled
Browser to get the file.

S°

-- 
Sigmentation fault. Core dumped.

[Fwd: Re: crear repositorio]

[merlinva2012]

Saludos,

Escribo tan tardiamente porque mi conexión no es estable.
Probé esta sugerencia y me sale:

root@debian64:/media/merlin/DDS/debian/pool/main# dpkg-scanpackages 
'/media/merlin/DDS/debian/pool/main/' | gzip >
'/media/merlin/DDS/debian/pool/main/Packages.gz'
dpkg-deb (subproceso): descomprimiendo el miembro del archivo: error
interno de lectura de gzip `: incorrect data check'
tar: Esto no parece un archivo tar
tar: Exiting with failure status due to previous errors
dpkg-deb: error: el subproceso tar devolvió el código de salida de error 2
dpkg-scanpackages: fallo: No se ha podido analizar la información de
control de
«/media/merlin/DDS/debian/pool/main//i/i8kutils/i8kutils_1.41_amd64.deb»

Alguna sugerencia?.

Gracias,
merlin

 Original Message 
Subject: Re: crear repositorio
From:Camaleón 
Date:Thu, February 18, 2016 11:55 am
To:  debian-user-spanish@lists.debian.org
--

El Thu, 18 Feb 2016 11:29:44 -0500, merlinva2012 escribió:

> Buenas,
> Logré descargar una buena parte del repositorio de debian en un disco
> duro externo, pero no pude terminar de descargarlo todo. ¿Hay alguna
> forma de poder hacer un repositorio en mi disco duro externo solo con
> los paquetes descargados?, preguntándolo de otra forma ¿Existe algún
> programa que me reorganice los paquetes descargados y me haga un
> repositorio? Yo tengo los tres primeros DVD del repositorio oficial de
> debian 8. Uso debian 8 64bit.

Aquí tienes instrucciones para eso mismo:

How to quickly create a local apt repository for random packages using a
Debian based linux distribution?
http://unix.stackexchange.com/questions/87130/how-to-quickly-create-a-local-apt-repository-for-random-packages-using-a-debian

Si no tienes acceso a Internet me dices y te lo mando al correo privado.

> Otra pregunta mi pc soporta 32 y 64 bit,
> tiene un procesador dual core a 3.2 G y 2G de RAM DDR2. ¿Cuál debian es
> más conveniente el de 32 o el de 64bit?. Tengo que trabajar con software
> que realizan un gran procesamiento matemático (Octave, R ... etc). Me es
> dificil llegar a conseguir  más memoria RAM, es decir creo que no puedo
> aumentar la memoria RAM.

Si no vas a ampliar la RAM usa la versión 32 bits pura (no PAE). Espera,
creo que Debian ya sólo tiene versiones i686 con PAE habilitado, tendrías
que usar esa ;-(

Saludos,

-- 
Camaleón




--
Este mensaje le ha llegado mediante el servicio de correo electronico que 
ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema 
Nacional de Salud. La persona que envia este correo asume el compromiso de usar 
el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/

Re: BIND problem

[Reco]

On Mon, 22 Feb 2016 14:33:03 -0700
Glenn English  wrote:

> 
> > On Feb 22, 2016, at 1:59 PM, Reco  wrote:
> > 
> > No, that's not how you check it. Every Debian system has those records.
> > I meant something like 'ls -alZ /'.
> 
> drwxr-xr-x  25 root   root?  4096 Jun  6  2014 .
> drwxr-xr-x  25 root   root?  4096 Jun  6  2014 ..
> drwxr-xr-x   2 root   root?  4096 Feb 19 10:26 bin
> drwxr-xr-x   3 root   root?  4096 Jan  7 21:40 boot
> drwxr-xr-x  14 root   root?  3380 Feb 22 02:34 dev
> drwxr-xr-x 127 root   root? 12288 Feb 22 14:12 etc
> drwxr-xr-x   3 root   root?  4096 Aug 31 00:42 home
> lrwxrwxrwx   1 root   root?30 Oct 11  2013 initrd.img -> 
> /boot/initrd.img-3.2.0-4-amd64
> drwxr-xr-x  15 root   root?  4096 Mar 17  2014 lib
> drwxr-xr-x   2 root   root?  4096 Feb 17 07:36 lib64
> drwx--   2 root   root? 16384 Oct 11  2013 lost+found
> drwxr-xr-x   3 root   root?  4096 Oct 11  2013 media
> drwxr-xr-x   2 root   root?  4096 Jun  2  2013 mnt
> drwxr-xr-x   2 root   root?  4096 Oct 11  2013 opt
> dr-xr-xr-x 149 root   root? 0 Feb 22 02:33 proc
> drwxr-xr-x   3 root   root?  4096 Jun  6  2014 project
> drwx--  23 root   root?  4096 Feb 21 20:24 root
> drwxr-xr-x  22 root   root?   960 Feb 22 14:12 run
> drwxr-xr-x   2 root   root?  4096 Feb 22 14:12 sbin
> drwxr-xr-x   2 root   root?  4096 Jun 10  2012 selinux
> drwxr-xr-x   3 root   root?  4096 Oct 11  2013 srv
> drwxr-xr-x  13 root   root? 0 Feb 22 02:34 sys
> drwxrwxrwx   4 nobody nogroup ?  4096 Apr  2  2014 tftpboot
> drwxrwxrwt   7 root   root?  4096 Feb 22 14:17 tmp
> drwxr-xr-x  11 root   root?  4096 Oct 11  2013 usr
> drwxr-xr-x  14 root   root?  4096 Feb  8  2014 var
> lrwxrwxrwx   1 root   root?26 Oct 11  2013 vmlinuz -> 
> boot/vmlinuz-3.2.0-4-amd64

So, the result has question marks instead of SELinux labels. This rules
out SELinux completely. Audit log would include SELinux violations
anyway, but still - simplest methods are the best :)


> > First, what does contents of /etc/default/bind9 look like?
> 
> # run resolvconf?
> RESOLVCONF=yes
> 
> # startup options for the server
> ### OPTIONS="-u bind"
> OPTIONS=" -4 -u bind"

And again, your usual run-of-the-mill Debian bind configuration file,
nothing to see here.


> > Second, can you install auditd please
> 
> Selecting previously unselected package auditd.
> (Reading database ... 72472 files and directories currently installed.)
> Unpacking auditd (from .../auditd_1%3a1.7.18-1.1_amd64.deb) ...
> Processing triggers for man-db ...
> Setting up auditd (1:1.7.18-1.1) ...
> 
> > and run
> > 'auditctl -w /var/cache/bind/slaves/ -p wa' afterward?
> > A contents of /var/log/audit/audit.log
> 
> type=DAEMON_START msg=audit(1456174952.726:9009): auditd start, ver=1.7.18 
> format=raw kernel=3.2.0-4-amd64 auid=4294967295 pid=18137 res=success
> type=CONFIG_CHANGE msg=audit(1456174952.825:2): audit_backlog_limit=320 
> old=64 auid=4294967295 ses=4294967295 res=1
> type=LOGIN msg=audit(1456174953.225:3): login pid=18158 uid=0 old 
> auid=4294967295 new auid=118 old ses=4294967295 new ses=1
> type=LOGIN msg=audit(1456174953.301:4): login pid=18183 uid=0 old 
> auid=4294967295 new auid=118 old ses=4294967295 new ses=2
> type=LOGIN msg=audit(1456174981.336:5): login pid=18250 uid=0 old 
> auid=4294967295 new auid=1 old ses=4294967295 new ses=3
> type=CONFIG_CHANGE msg=audit(1456174992.612:6): auid=4294967295 
> ses=4294967295 op="add rule" key=(null) list=4 res=1
> 
> > it would be also required for
> > bind to fail to dump a zone at least once. 
> 
> I hadn't read that part until after I ran auditctl. I think there'd been 
> several failed dumps before then, so I looked at the logs in hopes of giving 
> you proof, but auditctl kept saying "Error sending add rule data request 
> (Rule exists)". So I uninstalled --purge'ed it (and deleted it's log) and 
> reinstalled it and ran 'date ; auditctl -w /var/cache/bind/slaves/ -p wa'. 
> That printed the date and nothing else. I ran auditctl again, by itself, and 
> it repeated the error statement.

Sorry, I forgot to add. To clear out audit rules you need to issue
'auditctl -D'. To view existing ones you need to issue 'auditctl -l'.
Reinstalling the package would clear the rules along the way, of
course.


> The logs say there have been many dump failures, so I'm pretty sure auditctl 
> was run after a failed dump. I can't prove it, though.

And that leaves us exactly one possible explanation for this.

/var has 755 permissions, and owner:group of root.
/var/cache/bind/slaves has 775 permission, and owner:group of bind.

Since bind user is unable to write to /var/cache/bind/slaves, and audit
is unable to catch failed writes there - that can only mean that bind
user is unable to chdir to either /var/cache or /var/cache/bind.

So, what permissions does /var/cache and /var/cache/bind 

Re: opengl problem with avidemux

[Sven Arvidsson]

On Mon, 2016-02-22 at 23:06 +0100, Pierre Frenkiel wrote:
> On Mon, 22 Feb 2016, Nicolas George wrote:
> 
> > Le quartidi 4 ventôse, an CCXXIV, Sven Arvidsson a écrit :
> >> I'm not familiar with avidemux, but does it really use OpenGL to
> render
> >> the GUI? 
> >
> > For the GUI, probably not.
> >
> > For the preview of the video, why not? Sync with monitor refresh is
> not
> > available in plain X11 and YUV->RGB conversion is expensive.
> 
>    in the preferences/Display menu, there are 2 lines related to
> OpenGl:
>     the first one is labeled "video display". As I understand it,
> this
>     means that the choice between X11 and OpenGL is actually for the
> video
>     preview.
>     the second one is "enable OpenGl support", which is rather
> confusing,
>     as one may think that the "video display" setting was enough.
>     In fact, I discovred that after checking this box, I also get
>     the messsage
>     "[initGUI]  OpenGL activated, initializing"...
>     This means that my character's size problem is not related to
> OpenGl,
>     but to something else. God knows what, but also may-be one of
> you.

From what I can tell from Google, avidemux comes in both GTK+ (2.x?)
and Qt flavours. If you got it from deb-multimedia it's probably qt4,
so you'll probably need to figure out how to set the fonts with
something like qt4-qtconfig?

I'm not sure why your other users don't have the same problem, but
maybe you are running different desktop environments?

At least that's my be best guess, I always reserve the right to be
totally and utterly wrong ;)

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5



signature.asc
Description: This is a digitally signed message part

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Thomas Schmitt]

Hi,

Dalios wrote:
> https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0

Only wgets a small index.html file:
  meta name="description" content="MEGA provides free cloud storage with 
convenient and powerful always-on privacy. Claim your free 50GB now!"
Probably spam, i fear.

> Have in mind that I found it in one of the thousand discussions on the
> subject in forums, blogs etc.

Yeah. I tried to find any link to that dreaded bulgarian FTP server.
No success yet.
(I even have a MD5 to identify the evil ISO: 7d590864618866c225ede058f1ba61f0
from the discussion at Mint's makeshift home.)

Well, it's purely academic. Even if i learn that xorriso was used,
i cannot keep people from bending other people's bytes.


Have a nice day :)

Thomas

Re: [Noticia] ¿Vuelve Firefox a Debian?

[Javier Barroso]

Hola,

2016-02-22 16:17 GMT+01:00 Camaleón :
> El Sun, 21 Feb 2016 22:18:40 +0100, Javier Barroso escribió:
>
>> Buenas noches,
>>
>> 2016-02-21 16:55 GMT+01:00 Camaleón :
>
> (...)
>
>Bueno, eso tiene fácil arreglo al menos para los accesos directos:
>guarda el PNG y lo cambias después :-)
 Creo que dpkg-divert sería lo ideal para eso, o montarlo vía ~/.config
>>>
>>> ¿Dices para mantener el icono? Sería matar moscas a cañonazos ¿no? :-)
>>
>> ¿Por qué? Si se quiere seguir usando apt-get y que no se modifiquen los
>> iconos personalizados es la solución que se da en debian
>>
>> # cp firefox.png /usr/share/icons/hicolor/64x64/apps/iceweasel.png
>> # dpkg-divert  --divert
>> /usr/share/icons/hicolor/64x64/apps/iceweasel.png.package
>> /usr/share/icons/hicolor/64x64/apps/iceweasel.png
>>
>> Para cada icono en /usr/share/icons/*/*/iceweasel.png, habría que hacer
>> el dpkg-divert, una vez que los iconos sean los que queremos
>
> Porque seguramente cambien el nombre del archivo y las rutas y ya no se
> llame iceweasel sino firefox y entiendo que la diversión funciona cuando
> el nombre del archivo/paquete es el mismo pero de distinta versión
> ¿no? :-?

Con dpkg-divert, puedes conseguir "fijar un fichero" en una
localización que en principio estaría ocupada por un fichero de un
paquete.

Entonces cuando esté el paquete firefox disponible y tú tengas el
icono de iceweasel podrás hacer que el icono de iceweasel aparezca en
vez del icono de firefox, usando el dpkg-divert

No sé si me explico, haz la prueba que he puesto con cualquier fichero
que venga en un paquete (por ejemplo a sustituir un README o algo que
no afecte a la estabilidad del sistema

Saludos

Re: opengl problem with avidemux

[Pierre Frenkiel]

On Mon, 22 Feb 2016, Nicolas George wrote:


Le quartidi 4 ventôse, an CCXXIV, Sven Arvidsson a écrit :

I'm not familiar with avidemux, but does it really use OpenGL to render
the GUI? 


For the GUI, probably not.

For the preview of the video, why not? Sync with monitor refresh is not
available in plain X11 and YUV->RGB conversion is expensive.


  in the preferences/Display menu, there are 2 lines related to OpenGl:
   the first one is labeled "video display". As I understand it, this
   means that the choice between X11 and OpenGL is actually for the video
   preview.
   the second one is "enable OpenGl support", which is rather confusing,
   as one may think that the "video display" setting was enough.
   In fact, I discovred that after checking this box, I also get
   the messsage
   "[initGUI]  OpenGL activated, initializing"...
   This means that my character's size problem is not related to OpenGl,
   but to something else. God knows what, but also may-be one of you.

cheers,
--
Pierre Frenkiel

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Dalios]

On 02/22/2016 09:23 PM, Thomas Schmitt wrote:

> Does anybody know a download URL for such an infected ISO image ?
> (I am curious whether they used my software or mkisofs or something
> unusual.)


Here you go:

https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0

Have in mind that I found it in one of the thousand discussions on the
subject in forums, blogs etc. Can't remember where exactly and can't
guarantee that it is what it says that it is so take care...


Dalios

Re: [OT] Server Blade

[Cristian Mitchell]

El 22 de febrero de 2016, 18:51, Cristian Mitchell
escribió:

>
>
> El 22 de febrero de 2016, 17:23, Maykel Franco
> escribió:
>
>> Buenas, me he topado con este servidor blade:
>>
>> http://www.ebay.es/itm/401073086020?ul_noapp=true
>>
>> Qué os parece?? Lo compraríais para vuestra empresa por ese precio?
>>
>> Me tienta mucho por el precio, aunque es refurbished.
>>
>> Opiniones?
>>
>>
> Yo tengo 4 en producción y son una masa
> si tiene los 16 por esa plata es un regalo
>
> --
> MrIX
> Linux user number 412793.
> http://counter.li.org/
>
> las grandes obras,
> las sueñan los santos locos,
> las realizan los luchadores natos,
> las aprovechan los felices cuerdo,
> y las critican los inútiles crónicos,
>
>
A me faltaba no dice nada de los disco ojo que son sas y valen una pequeña
fortuna


-- 
MrIX
Linux user number 412793.
http://counter.li.org/

las grandes obras,
las sueñan los santos locos,
las realizan los luchadores natos,
las aprovechan los felices cuerdo,
y las critican los inútiles crónicos,

Re: BIND problem

[Glenn English]

> On Feb 22, 2016, at 1:59 PM, Reco  wrote:
> 
> No, that's not how you check it. Every Debian system has those records.
> I meant something like 'ls -alZ /'.

drwxr-xr-x  25 root   root?  4096 Jun  6  2014 .
drwxr-xr-x  25 root   root?  4096 Jun  6  2014 ..
drwxr-xr-x   2 root   root?  4096 Feb 19 10:26 bin
drwxr-xr-x   3 root   root?  4096 Jan  7 21:40 boot
drwxr-xr-x  14 root   root?  3380 Feb 22 02:34 dev
drwxr-xr-x 127 root   root? 12288 Feb 22 14:12 etc
drwxr-xr-x   3 root   root?  4096 Aug 31 00:42 home
lrwxrwxrwx   1 root   root?30 Oct 11  2013 initrd.img -> 
/boot/initrd.img-3.2.0-4-amd64
drwxr-xr-x  15 root   root?  4096 Mar 17  2014 lib
drwxr-xr-x   2 root   root?  4096 Feb 17 07:36 lib64
drwx--   2 root   root? 16384 Oct 11  2013 lost+found
drwxr-xr-x   3 root   root?  4096 Oct 11  2013 media
drwxr-xr-x   2 root   root?  4096 Jun  2  2013 mnt
drwxr-xr-x   2 root   root?  4096 Oct 11  2013 opt
dr-xr-xr-x 149 root   root? 0 Feb 22 02:33 proc
drwxr-xr-x   3 root   root?  4096 Jun  6  2014 project
drwx--  23 root   root?  4096 Feb 21 20:24 root
drwxr-xr-x  22 root   root?   960 Feb 22 14:12 run
drwxr-xr-x   2 root   root?  4096 Feb 22 14:12 sbin
drwxr-xr-x   2 root   root?  4096 Jun 10  2012 selinux
drwxr-xr-x   3 root   root?  4096 Oct 11  2013 srv
drwxr-xr-x  13 root   root? 0 Feb 22 02:34 sys
drwxrwxrwx   4 nobody nogroup ?  4096 Apr  2  2014 tftpboot
drwxrwxrwt   7 root   root?  4096 Feb 22 14:17 tmp
drwxr-xr-x  11 root   root?  4096 Oct 11  2013 usr
drwxr-xr-x  14 root   root?  4096 Feb  8  2014 var
lrwxrwxrwx   1 root   root?26 Oct 11  2013 vmlinuz -> 
boot/vmlinuz-3.2.0-4-amd64

> First, what does contents of /etc/default/bind9 look like?

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
### OPTIONS="-u bind"
OPTIONS=" -4 -u bind"

> Second, can you install auditd please

Selecting previously unselected package auditd.
(Reading database ... 72472 files and directories currently installed.)
Unpacking auditd (from .../auditd_1%3a1.7.18-1.1_amd64.deb) ...
Processing triggers for man-db ...
Setting up auditd (1:1.7.18-1.1) ...

> and run
> 'auditctl -w /var/cache/bind/slaves/ -p wa' afterward?
> A contents of /var/log/audit/audit.log

type=DAEMON_START msg=audit(1456174952.726:9009): auditd start, ver=1.7.18 
format=raw kernel=3.2.0-4-amd64 auid=4294967295 pid=18137 res=success
type=CONFIG_CHANGE msg=audit(1456174952.825:2): audit_backlog_limit=320 old=64 
auid=4294967295 ses=4294967295 res=1
type=LOGIN msg=audit(1456174953.225:3): login pid=18158 uid=0 old 
auid=4294967295 new auid=118 old ses=4294967295 new ses=1
type=LOGIN msg=audit(1456174953.301:4): login pid=18183 uid=0 old 
auid=4294967295 new auid=118 old ses=4294967295 new ses=2
type=LOGIN msg=audit(1456174981.336:5): login pid=18250 uid=0 old 
auid=4294967295 new auid=1 old ses=4294967295 new ses=3
type=CONFIG_CHANGE msg=audit(1456174992.612:6): auid=4294967295 ses=4294967295 
op="add rule" key=(null) list=4 res=1

> it would be also required for
> bind to fail to dump a zone at least once. 

I hadn't read that part until after I ran auditctl. I think there'd been 
several failed dumps before then, so I looked at the logs in hopes of giving 
you proof, but auditctl kept saying "Error sending add rule data request (Rule 
exists)". So I uninstalled --purge'ed it (and deleted it's log) and reinstalled 
it and ran 'date ; auditctl -w /var/cache/bind/slaves/ -p wa'. That printed the 
date and nothing else. I ran auditctl again, by itself, and it repeated the 
error statement.

The logs say there have been many dump failures, so I'm pretty sure auditctl 
was run after a failed dump. I can't prove it, though.

-- 
Glenn English

Re: [OT] Server Blade

[Cristian Mitchell]

El 22 de febrero de 2016, 17:23, Maykel Franco
escribió:

> Buenas, me he topado con este servidor blade:
>
> http://www.ebay.es/itm/401073086020?ul_noapp=true
>
> Qué os parece?? Lo compraríais para vuestra empresa por ese precio?
>
> Me tienta mucho por el precio, aunque es refurbished.
>
> Opiniones?
>
>
Yo tengo 4 en producción y son una masa
si tiene los 16 por esa plata es un regalo

-- 
MrIX
Linux user number 412793.
http://counter.li.org/

las grandes obras,
las sueñan los santos locos,
las realizan los luchadores natos,
las aprovechan los felices cuerdo,
y las critican los inútiles crónicos,

Re: [OT] Servicio tcp socket

[Pablo JIMÉNEZ]

On Mon, Feb 22, 2016 at 09:28:45PM +0100, Maykel Franco wrote:
> El día 22 de febrero de 2016, 15:55, Camaleón  escribió:
>

[...]

> > Sí, exacto, algo así es lo que había visto y sé que netcat es la navaja
> > suiza para depurar cosicas de la red tcp/ip.
> >
> > Mira, aquí tienes ejemplos de uso para el lado cliente (emisor) y
> > servidor (receptor):
> >
> > Using netcat and tar for network file transfer
> > http://www.screenage.de/blog/2007/12/30/using-netcat-and-tar-for-network-file-transfer/
> >
> > Si el emisor tiene windows pues habrá que buscar un sustituto de nc que
> > realice la misma función salvo que haya versión de nc también para él.
> 
> O un móvil por ejemplo, android por ejemplo.

Esta frase huele mal. ¿Te solicitan realizar la entrega del CSV cada vez 
que recibas la solicitud desde un móvil? Casualmente, ¿piensas (o te 
piden) implementar este servicio en Internet y no en una red local?

Si ese fuera el caso, te están pidiendo algo absolutamente insensato, 
porque el CSV con información relevante estará disponible sin cifrado y 
a quien consulte el port en que lo implementes...

Saludos.

-- 
Pablo Jiménez

Re: BIND problem

[Reco]

Hi.

On Mon, 22 Feb 2016 13:07:44 -0700
Glenn English  wrote:

> 
> > On Feb 22, 2016, at 3:14 AM, Reco  wrote:
> > 
> > Please post the output of:
> > 
> > ls -ald /var/cache/bind/slaves
> 
> drwxrwxr-x 2 bind bind 4096 Feb  5 07:52 /var/cache/bind/slaves
> 
> > lsattr /var/cache/bind/slaves
> 
> -e-- /var/cache/bind/slaves/db.172.16.0
> -e-- /var/cache/bind/slaves/db.richeyrentals.com
> -e-- /var/cache/bind/slaves/db.richeyrentals.dmz
> -e-- /var/cache/bind/slaves/db.richeyrentals.lan
> 
> > getfacl /var/cache/bind/slaves
> 
> getfacl: Removing leading '/' from absolute path names
> # file: var/cache/bind/slaves
> # owner: bind
> # group: bind
> user::rwx
> group::rwx
> other::r-x

Ok, so nothing out of place here.


> > Also, do you have SELinux enabled?
> 
> root@log:/etc# egrep -ir SELinux *
 
> I think so...

No, that's not how you check it. Every Debian system has those records.
I meant something like 'ls -alZ /'.


And having looking on all those permissions - I have an idea. Two,
actually.

First, what does contents of /etc/default/bind9 look like?

Second, can you install auditd please and run
'auditctl -w /var/cache/bind/slaves/ -p wa' afterward?
A contents of /var/log/audit/audit.log would be invaluable to
troubleshoot this problem. Of course, it would be also required for
bind to fail to dump a zone at least once. 

Reco

Re: dovecot -- Require different setting for mail_location for each of POP3S and IMAPS protocols

[Andrew McGlashan]

Hi,

On 23/02/2016 4:27 AM, Christian Seiler wrote:
> On 02/22/2016 06:00 PM, Andrew McGlashan wrote:
>> I've tried getting this answered on dovecot mailing list, but not
>> having success so far; so I'm trying here too now (considering it is a
>> Debian system that was upgraded from squeeze-lts to wheezy).
> 
> Not tested, but you could try the following (10-mail.conf): set
> location = Maildir in the "namespace private", but set
> mail_location = mbox globally. Since namespaces are an IMAP feature,
> it might be the case that the POP3 server doesn't evaluate the
> namespace stuff at all, and then you'd have two separate settings.
> 
> No idea if that will actually work.

I think that will be too risky to try -- I wish I had a proper
test server for it.


Okay, I've decided to simplify things. It is now POP3S or IMAPS, not
both.


I've adjusted POP3S only users to have their mbox emails in
their Maildir folder.  And advised IMAPS users that they can no longer
do POP3s with a separate email store.


 # mb2md -s /var/mail/$TARGET_USER -d /tmp/$TARGET_USER
 # chown $TARGET_USER:$TARGET_USER /tmp/$TARGET_USER/cur/1*
 # mv /tmp/$TARGET_USER/cur/1* $TARGET_USER_HOME/Maildir/cur/


Also adjusted all the .forward file to save all new emails to Maildir
folders.

Now, I expect that those that only use POP3S, then the emails will be
deleted after "x" number of days, as per their client setup.

Thank you for the ideas.

Kind Regards
AndrewM

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Charlie Kravetz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 22 Feb 2016 20:50:55 +0100
"Thomas Schmitt"  wrote:

>Hi,
>
>> Cannot say more, but the article is rather detailed.  
>
>It tells a lot about the hack and the Mint people are bravely answering
>questions.
>But my curiosity is about whether i indirectly helped the hackers.
>
>I cannot prevent such misuse of xorriso, neither practically nor legally.
>The GPL does not discriminate evil people. On the short view this might
>appear bad, but in depth it is a very wise position of Richard Stallman and
>the FSF. At least we do not risk to deny Giordano Bruno the license for ink.
>
>Nevertheless:
>
>Be Cursed, Ye Abusers Of Innocent ISO Programs !
>
>
>Have a nice day :)
>
>Thomas
>

There are several articles out now, including one that is an interview
with the hacker. Google is your friend today.

- -- 
Charlie Kravetz
Linux Registered User Number 425914
[http://linuxcounter.net/user/425914.html]
Never let anyone steal your DREAM.   [http://keepingdreams.com]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWy24yAAoJEIqui46mydCA2hoH/jVvrWYBWFiQt9B6zglrTDn7
yDaKiFURAu0Vc5up/HqKHhcznao2N0Gd7gBbUC0EN0syHgkk4c3rzEDJOWJsgexL
bW4OPVYk6KcK2rlUaSh2PORehaDP32WVnQNstheNmYu7WroahkFysTGxlLg21qyT
IKHDyfIseKDEc7KsbiBPz6c22niWBk7a6GrkblLOV0bmh4TB4xIsK9TagGFx3j3W
8/uEARw/lrUqwzJcci6ijJQUyL46XynTnm4JvoL67a/UYIYLDj+ZOF6yzKagb1gN
9plJ8ePuBoNvm2nK5o3cAJCUlfOoAO6LQBimz3pfAaZDdcrKsSPDOYETJtvZlvs=
=nhPy
-END PGP SIGNATURE-

Re: opengl problem with avidemux

[Sven Arvidsson]

On Mon, 2016-02-22 at 20:42 +0100, Nicolas George wrote:
> For the GUI, probably not.
> 
> For the preview of the video, why not? Sync with monitor refresh is
> not
> available in plain X11 and YUV->RGB conversion is expensive.

Right, it probably uses OpenGL for previews and filters, but it
shouldn't impact the font rendering in the GUI.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5



signature.asc
Description: This is a digitally signed message part

Re: [OT] Servicio tcp socket

[Maykel Franco]

El día 22 de febrero de 2016, 15:55, Camaleón  escribió:
> El Mon, 22 Feb 2016 00:07:01 +0100, Maykel Franco escribió:
>
>> El día 20 de febrero de 2016, 15:25, Camaleón 
>> escribió:
>>> El Fri, 19 Feb 2016 22:58:57 +0100, Maykel Franco escribió:
>>>
 Bueno la verdad es que no sé muy bien qué asunto poner... Les cuento
 lo que necesito hacer para una determinada persona que me pide algo
 del siglo X ... Manejo de sockets tcp

 La idea es la siguiente, necesita que le habilite un servicio via tcp
 socket para que lance una conexión desde un cliente a ese puerto y yo
 automáticamente, mediante esa conexión le envie un archivo csv...
>
> (...)
>
>>> Puedes intentarlo con xinetd, aquí tienes un ejemplo:
>>>
>>> http://stackoverflow.com/questions/13519933/executing-script-on-receiving-incoming-connection-with-xinetd
>>>
>>> Otra opción sería usando netcat (nc), échale un ojo.
>>>
>>>
>> Gracias a todos por las respuestas.
>>
>> La verdad no me querría complicar en programarlo, si netcat me vale
>> sería la opción perfecta. He visto esto:
>>
>> http://stackoverflow.com/questions/12267905/how-to-send-a-file-using-netcat-and-then-keep-the-connection-alive
>>
>> Entiendo que esto podría valerme:
>>
>> Server side:
>>
>> nc -k -l 1 < my_in_file
>>
>> Client side:
>>
>> echo "bye" | netcat 192.168.1.6 1 > my_in_file -
>>
>> Pero en los ejemplos que veo es el cliente quien envía... Lo que
>> necesito es que sera el propio servidor el que tiene el puerto abierto y
>> el que sirve el fichero a el cliente.
>
> Sí, exacto, algo así es lo que había visto y sé que netcat es la navaja
> suiza para depurar cosicas de la red tcp/ip.
>
> Mira, aquí tienes ejemplos de uso para el lado cliente (emisor) y
> servidor (receptor):
>
> Using netcat and tar for network file transfer
> http://www.screenage.de/blog/2007/12/30/using-netcat-and-tar-for-network-file-transfer/
>
> Si el emisor tiene windows pues habrá que buscar un sustituto de nc que
> realice la misma función salvo que haya versión de nc también para él.

O un móvil por ejemplo, android por ejemplo.

>
> Saludos,
>
> --
> Camaleón
>

Esto si me vale... Sólo me queda hacer que no se cierre cuando realice
la transferencia, he  probado con -k pero se cierra igualmente...

-k  Forces nc to stay listening for another connection after its
current connection is completed.  It is an error to use this option
without the -l option

Gracias por la ayuda.

[SOLUCIONADO] Re: [OT] Backups CrashPlan Debian sin entorno gráfico

[Maykel Franco]

El día 22 de febrero de 2016, 18:36, Maykel Franco
 escribió:
>
> El 22 feb. 2016 4:25 p. m., "Camaleón"  escribió:
>>
>> El Sun, 21 Feb 2016 23:57:03 +0100, Maykel Franco escribió:
>>
>> (...)
>>
>> > Mi duda viene porque veo que para configurar la cuenta hace falta un
>> > entorno gráfico y levantar la aplicación para configurarlo...Sabéis si
>> > es posible configurarlo usando la terminal, lo que es lo mismo
>> > configurando archivos de configuración? Para introducir el email,
>> > password...
>> >
>> > Otra opción sería configurarlo con entorno gráfico y luego copiarme los
>> > archivos de configuración...
>>
>> Using CrashPlan On A Headless Computer
>>
>> http://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer
>>
>> Saludos,
>>
>> --
>> Camaleón
>>
>
> Solucionado.

[OT] Server Blade

[Maykel Franco]

Buenas, me he topado con este servidor blade:

http://www.ebay.es/itm/401073086020?ul_noapp=true

Qué os parece?? Lo compraríais para vuestra empresa por ese precio?

Me tienta mucho por el precio, aunque es refurbished.

Opiniones?

Re: BIND problem

[Glenn English]

> On Feb 22, 2016, at 3:14 AM, Reco  wrote:
> 
> Please post the output of:
> 
> ls -ald /var/cache/bind/slaves

drwxrwxr-x 2 bind bind 4096 Feb  5 07:52 /var/cache/bind/slaves

> lsattr /var/cache/bind/slaves

-e-- /var/cache/bind/slaves/db.172.16.0
-e-- /var/cache/bind/slaves/db.richeyrentals.com
-e-- /var/cache/bind/slaves/db.richeyrentals.dmz
-e-- /var/cache/bind/slaves/db.richeyrentals.lan

> getfacl /var/cache/bind/slaves

getfacl: Removing leading '/' from absolute path names
# file: var/cache/bind/slaves
# owner: bind
# group: bind
user::rwx
group::rwx
other::r-x

> Also, do you have SELinux enabled?

root@log:/etc# egrep -ir SELinux *
dbus-1/session.conf:  contexts/dbus_contexts
dbus-1/system.conf:  contexts/dbus_contexts
init.d/x11-common:  # Restore file security context (SELinux).
init.d/udev:# set the SELinux context for devices created in the initramfs
init.d/checkroot.sh:if selinux_enabled && [ -x /sbin/restorecon ] && [ -r 
/etc/mtab ]
Binary file ld.so.cache matches
pam.d/login:# SELinux needs to be the first session rule. This ensures that any 
pam.d/login:# When the module is present, "required" would be sufficient (When 
SELinux
pam.d/login:session [success=ok ignore=ignore module_unknown=ignore 
default=bad] pam_selinux.so close
pam.d/login:# SELinux needs to intervene at login time to ensure that the 
process
pam.d/login:session [success=ok ignore=ignore module_unknown=ignore 
default=bad] pam_selinux.so open
pam.d/login:# When the module is present, "required" would be sufficient (When 
SELinux
pam.d/sshd:# Set up SELinux capabilities (need modified pam)
pam.d/sshd:# session  required pam_selinux.so multiple
security/sepermit.conf:#- a SELinux user name, with %seuser syntax
selinux/semanage.conf:# Specify how libsemanage will interact with a SELinux 
policy manager.
selinux/semanage.conf:#  "source" - libsemanage manipulates a source 
SELinux policy
webmin/useradmin/config:selinux_con=user_u:object_r:user_home_dir_t

I think so...

-- 
Glenn English

FW: FW: Debian package on Windows

[Richard Zimmerman]

>> What is so wrong with YUM? I actually like it better over apt-get or 
>> aptitude...

> There's nothing wrong with YUM except that:
>
> a) It's dead upstream. They axed it in favor of DNF.

   Yes, I did hear that but again, I like yum so stayed with it.

> b) It's dependency resolution algorithm is easily beat by snail. And it 
> usually about as smart as said snail.
> c) YUM's package database is stored in SQLite, to which it's written by sync 
> I/O by small chunks. 4 kilobytes small.
> d) And last, but not least. YUM is written in Python in such memory-hungry 
> way that some Java programs pale in comparison. Adds some interesting 
> 'jump-through-the-hoops' scenarios on Python upgrades.

Hmm... It's always worked well for me so I guess I don't mind the drawbacks :)

> If you need an example of good package manager from rpm world - there's 
> zypper.
> Reco

I will have a look at that...

So, to get this back on track for a Debian forum, anything better then aptitude 
I should look at?

Kind regards and thanks,

Richard


---
Richard Zimmerman
Systems / Network Administrator
River Bend Hose Specialty, Inc.
 S Main Street
South Bend, IN   46601-3337
(574) 233-1133
(574) 280-7284 Fax

CRM Users List

[Ronald Charles]

Hi,

I just wanted to drop you a quick note to see if you would be interested in a discussion 
about "CRM Users List" and the benefits it can bring your organization for your 
Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailings etc.

Every contact will include: Company Name, Web Address, Contact Name, Verified 
Email, Job Title,  Complete Mailing Address, Phone Number, FAX Number, Total  
Employees, SIC Code, and Industry details.

We guarantee 100% on that list type that means every individual on that list 
will be as per your criteria for sure, any irrelevant contact will be replaced 
at no cost.

Few Technology Specific Lists:-
   
  1) Consona CRM

  2) Frontrange GoldMine CRM
  3) InterAction CRM
  4) KANA CRM
  5) Microsoft Dynamics CRM
  6) Oracle CRM On Demand
  7) Oracle Customer Relationship Management (CRM)
  8) Oracle Siebel CRM
  9) Salesforce.com CRM
  10) SAP Customer Relationship Management (CRM)
  11) Oracle PeopleSoft Enterprise Customer Relationship 
Management (CRM)
  12) Veeva CRM  and many more

Let me know your target criteria / market like: 

Target Title:
Target Industry:
Target Geography:

Regards,
Ronald Charles


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: pam_smbpass.so

[Christian Seiler]

On 02/18/2016 02:49 AM, Joe Pfeiffer wrote:
> Christian Seiler  writes:
>> Just a hunch: do you run dovecot chroot'ed? If so, then it is most
>> likely the case that the specific PAM module is not available within
>> the chroot and that's why it produces that message.
> 
> No, it isn't chrooted -- if it were, I'd expect the other pam modules to
> give the same issues (for that matter, I'd expect it to not be able to
> find pam.d!).

So I just looked a bit at the PAM source code and found the following:

1. the message you see is generated from libpam/pam_handlers.c [1] from
   within the function _pam_load_module, using the mod_path argument
   passed to that function (which is not modified)

2. the function _pam_load_module is only called from _pam_add_handler,
   which calls it in two cases [2]:

a. module name starts with a /, then it uses that directly
b. module name doesn't start with a /, then it prepends
   DEFAULT_MODULE_PATH

   In Debian, DEFAULT_MODULE_PATH is /lib//security (set via
   debian/rules --libdir=/lib/ for dh_auto_configure [3],
   then used by configure.in as the default argument for
   --enable-securedir if that's not specified [4], which it isn't in
   debian/rules, and then used my Makefile.am to specify the variable
   to the C source [5]).

[1] http://sources.debian.net/src/pam/1.1.8-3.2/libpam/pam_handlers.c/#L705
[2] http://sources.debian.net/src/pam/1.1.8-3.2/libpam/pam_handlers.c/#L760
[3] http://sources.debian.net/src/pam/1.1.8-3.2/debian/rules/#L30
[4] http://sources.debian.net/src/pam/1.1.8-3.2/configure.in/#L274
[5] http://sources.debian.net/src/pam/1.1.8-3.2/libpam/Makefile.am/#L5

If I look at your configuration file, we clearly have 

> # and here are more per-package modules (the "Additional" block)
> authoptionalpam_mount.so
> authoptionalpam_smbpass.so migrate

that the pam_smbpass.so is a relative path, so the code path 2(b)
should be taken, so the error you see shouldn't appear.

This is _really_ weird, especially since (as you said) the other
modules should also be affected...

I'm drawing a blank, sorry. Other than stracing the dovecot auth
process hand hoping you find something in the (presumeably huge) log
of that, I don't think I have any idea on how to debug that. Sorry.

Regards,
Christian



signature.asc
Description: OpenPGP digital signature

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Thomas Schmitt]

Hi,

> Cannot say more, but the article is rather detailed.

It tells a lot about the hack and the Mint people are bravely answering
questions.
But my curiosity is about whether i indirectly helped the hackers.

I cannot prevent such misuse of xorriso, neither practically nor legally.
The GPL does not discriminate evil people. On the short view this might
appear bad, but in depth it is a very wise position of Richard Stallman and
the FSF. At least we do not risk to deny Giordano Bruno the license for ink.

Nevertheless:

Be Cursed, Ye Abusers Of Innocent ISO Programs !


Have a nice day :)

Thomas

Re: mise à jour noyau linux

[merkedanke]

https://www.kernel.org/releases.html

vous pouvez tout à fait prendre la 4.4 , mais il est conseillé de 
toujours prendre les versions de la distrib en priorité.


personnellement je compte l'essayer avec grs et j'ai pas fini la doc ni 
vu si quelqu'un l'avait préparé tout fait pour debian ...

https://grsecurity.net/

Re: opengl problem with avidemux

[Nicolas George]

Le quartidi 4 ventôse, an CCXXIV, Sven Arvidsson a écrit :
> I'm not familiar with avidemux, but does it really use OpenGL to render
> the GUI? 

For the GUI, probably not.

For the preview of the video, why not? Sync with monitor refresh is not
available in plain X11 and YUV->RGB conversion is expensive.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: opengl problem with avidemux

[Pierre Frenkiel]

On Mon, 22 Feb 2016, Sven Arvidsson wrote:


I'm not familiar with avidemux, but does it really use OpenGL to render
the GUI? 

Find out what GUI toolkit it uses and see if other applications using
the same toolkit have similar problems.


  in avidemux, you can choose for the Display between X11 or OpenGL
  As I said, I chooes X11.


You might also want to investigate your OpenGL setup with glxinfo or
similar to make sure you're not getting software rendering.


  The main question is why those different behaviours for different
  users on the same PC?
  glxinfo gives of course the same result for all users.

cheers,
--
Pierre Frenkiel

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Karen Lewellen]

The article indicates that hackers redirected the download link for one 
edition  of mint to an ftp site with their infected iso image.

Cannot say more, but the article is rather detailed.
Kare


On Mon, 22 Feb 2016, Thomas Schmitt wrote:


Hi,


http://thehackernews.com/2016/02/linux-mint-hack.html


A virus of 1.5 GiB size.

Does anybody know a download URL for such an infected ISO image ?
(I am curious whether they used my software or mkisofs or something
unusual.)

Have a nice day :)

Thomas

Re: opengl problem with avidemux

[Sven Arvidsson]

On Mon, 2016-02-22 at 18:01 +0100, Pierre Frenkiel wrote:
> hi,
> I have strange (for me) problem with avidemux:
> when I run it from my account, the characters are rather big (about 2
> mm)
> and there is not enough room to display the current time in the
> bottom "Time" window, so that only the seconds and milliseconds are
> seen.
> If run from any other account, the characters are much smaller, and
> the
> time display is correct (and the size of the avidemux window itself
> is a little smaller.(205 mm .vs 230 mm)
> 
> Looking at the avidemux output, I found this difference:
> for me:
>  [initGUI]  OpenGL not activated, not initialized
> for others:
>  [initGUI]  OpenGL activated, initializing... 
> (the avidemux Display is set to "X11" in both cases in the
> preferences menu)
> 
> Can anybody explain that?
> thanks in advance.

I'm not familiar with avidemux, but does it really use OpenGL to render
the GUI? 

Find out what GUI toolkit it uses and see if other applications using
the same toolkit have similar problems.

You might also want to investigate your OpenGL setup with glxinfo or
similar to make sure you're not getting software rendering.


-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5



signature.asc
Description: This is a digitally signed message part

Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Thomas Schmitt]

Hi,

> http://thehackernews.com/2016/02/linux-mint-hack.html

A virus of 1.5 GiB size.

Does anybody know a download URL for such an infected ISO image ?
(I am curious whether they used my software or mkisofs or something
unusual.)

Have a nice day :)

Thomas

Re: Debian package on Windows

[John Hasler]

Nate Bargmann writes:
> Your question is a non sequitur.  The GPL does not require derivatives
> of a work to benefit the original author in any way.  It only requires
> that the terms it spells out be honored by anyone exercising the
> rights to the covered work granted by it [GPL].

True, but so what?  Ric claimed this is a plus for Debian.
Jean-Baptiste asked how.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: (OT?) Någon som känner till någon "smartphone" med Debian eller åtminstone Linux?

[Carl-Fredrik Enell]

Jag är rätt nöjd med min Jolla. De har dock varit nära konkurs och
verkar sälja ut sina telefoner billigt nu.

Hälsningar
-- 
--
Carl-Fredrik Enell

Föraregatan 26B, 98139 Kiruna
+46 (0)980-61282
+46 (0)70-5508256
http://kyla.kiruna.se/~fredrik
--

Re: FW: Debian package on Windows

[Ric Moore]

On 02/22/2016 12:04 PM, Richard Zimmerman wrote:

How is Debian better off from Microsoft porting apt to Windows ?


Because they didn't select YUM. :) Ric


What is so wrong with YUM? I actually like it better over apt-get or
aptitude...


I wuz just being snarky. I used to work at Redhat and know Bob Young well.


FYI, I'm a CentOS shop and a programmer. I used to run Debian
full-time and running Debian Jessie as I'm looking at possibly moving
back.


The fact that they asked, right out in the open and seeking permissions, 
is telling. If one considers the "Star Trek Effect" of the GPL, Veeger 
might become infected by it. I'll laugh and laugh anticipating how that 
plays out! :) Ric



--
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
http://linuxcounter.net/user/44256.html

Re: Debian package on Windows

[Nate Bargmann]

* On 2016 22 Feb 10:42 -0600, Jean-Baptiste Thomas wrote:
> De: "Ric Moore" 
> > and the GPL notice is included. I saw no mention to avoid the GPL in his 
> > request for information. Ergo, as long as the GPL is honored, this plan 
> > is actually a plus for Debian.
> 
> How is Debian better off from Microsoft porting apt to Windows ?

Your question is a non sequitur.  The GPL does not require derivatives
of a work to benefit the original author in any way.  It only requires
that the terms it spells out be honored by anyone exercising the rights
to the covered work granted by it [GPL].

IANAL, etc.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us

Warning ?~@~T Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System)

[Karen Lewellen]

Sharing in case anyone was impacted.


-- Forwarded message --
Date: Mon, 22 Feb 2016 08:50:44 -0800

http://thehackernews.com/2016/02/linux-mint-hack.html

Re: FW: Debian package on Windows

[Reco]

On Mon, 22 Feb 2016 17:04:42 +
Richard Zimmerman  wrote:

> >> How is Debian better off from Microsoft porting apt to Windows ?
> >
> > Because they didn't select YUM. :) Ric
> 
> What is so wrong with YUM? I actually like it better over apt-get or 
> aptitude...

There's nothing wrong with YUM except that:

a) It's dead upstream. They axed it in favor of DNF.

b) It's dependency resolution algorithm is easily beat by snail. And
it usually about as smart as said snail.

c) YUM's package database is stored in SQLite, to which it's written by
sync I/O by small chunks. 4 kilobytes small.

d) And last, but not least. YUM is written in Python in such
memory-hungry way that some Java programs pale in comparison. Adds some
interesting 'jump-through-the-hoops' scenarios on Python upgrades.

YUM has some redeeming qualities but the main on of them is that
YUM is better than it's predecessor - up2date.

If you need an example of good package manager from rpm world - there's
zypper.

Reco

FW: Debian package on Windows

[Richard Zimmerman]

>> How is Debian better off from Microsoft porting apt to Windows ?
>
> Because they didn't select YUM. :) Ric

What is so wrong with YUM? I actually like it better over apt-get or aptitude...

FYI, I'm a CentOS shop and a programmer. I used to run Debian full-time and 
running Debian Jessie as I'm looking at possibly moving back.

Regards,

Richard



---
Richard Zimmerman
Systems / Network Administrator
River Bend Hose Specialty, Inc.
 S Main Street
South Bend, IN   46601-3337
(574) 233-1133
(574) 280-7284 Fax

Re: [OT] Backups CrashPlan Debian sin entorno gráfico

[Maykel Franco]

El 22 feb. 2016 4:25 p. m., "Camaleón"  escribió:
>
> El Sun, 21 Feb 2016 23:57:03 +0100, Maykel Franco escribió:
>
> (...)
>
> > Mi duda viene porque veo que para configurar la cuenta hace falta un
> > entorno gráfico y levantar la aplicación para configurarlo...Sabéis si
> > es posible configurarlo usando la terminal, lo que es lo mismo
> > configurando archivos de configuración? Para introducir el email,
> > password...
> >
> > Otra opción sería configurarlo con entorno gráfico y luego copiarme los
> > archivos de configuración...
>
> Using CrashPlan On A Headless Computer
>
http://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer
>
> Saludos,
>
> --
> Camaleón
>

Solucionado.

Re: dovecot -- Require different setting for mail_location for each of POP3S and IMAPS protocols

[Christian Seiler]

On 02/22/2016 06:00 PM, Andrew McGlashan wrote:
> I've tried getting this answered on dovecot mailing list, but not
> having success so far; so I'm trying here too now (considering it is a
> Debian system that was upgraded from squeeze-lts to wheezy).

Not tested, but you could try the following (10-mail.conf): set
location = Maildir in the "namespace private", but set
mail_location = mbox globally. Since namespaces are an IMAP feature,
it might be the case that the POP3 server doesn't evaluate the
namespace stuff at all, and then you'd have two separate settings.

No idea if that will actually work.

Alternatively, if that doesn't work out, the 'mail' field in userdb
always overwrites mail_location. And dovecot does replace '%s' with
the service that's accessing the userdb, so what you could do is
use the sqlite driver of dovecot, set the connection path to a non-
existent file (or an empty sqlite database) and use

user_query = SELECT CASE WHEN 'pop3' == '%s' THEN ('mbox:.../' || '%u') ELSE 
('Maildir:.../' || '%n') END AS mail, '%n' as uid ;

Since userdb and passdb are separate, you should be able to get
away with that.

(Unfortunately, using sqlite is the closest I could find to having
generic scripting support for this kind of thing.)

Also not tested, also no idea if that will actually work.

Regards,
Christian



signature.asc
Description: OpenPGP digital signature

opengl problem with avidemux

[Pierre Frenkiel]

hi,
I have strange (for me) problem with avidemux:
when I run it from my account, the characters are rather big (about 2 mm)
and there is not enough room to display the current time in the
bottom "Time" window, so that only the seconds and milliseconds are
seen.
If run from any other account, the characters are much smaller, and the
time display is correct (and the size of the avidemux window itself
is a little smaller.(205 mm .vs 230 mm)

Looking at the avidemux output, I found this difference:
for me:
[initGUI]  OpenGL not activated, not initialized
for others:
[initGUI]  OpenGL activated, initializing... 
(the avidemux Display is set to "X11" in both cases in the preferences menu)


Can anybody explain that?
thanks in advance.

best regards,
--
Pierre Frenkiel

dovecot -- Require different setting for mail_location for each of POP3S and IMAPS protocols

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Okay,

I've tried getting this answered on dovecot mailing list, but not
having success so far; so I'm trying here too now (considering it is a
Debian system that was upgraded from squeeze-lts to wheezy).


Old dovecot allowed me to configure past dovecot to have a different
mail_location setting for the same user, but with different protocols.


When the user requests POP3S, I adjusted the mail_location to
/var/mail/$USER (with mbox in use).


When that *same* user requested IMAPS protocol, the required
mail_location is the Maildir folder.


This allows for independent two mail storage locations, one for the use
of mbox and the other for the use of Maildir *and* for the same user.


Some users only require mbox with others only requiring Maildir.


So, I need to cater for each of these situations.

How might I adjust current dovecot configuration to provide different
mail_location settings for different protocols?

Old dovecot allowed me to run a script before POP3S processing that gave
me the chance to adjust the mail_location variable.  That is what I need
now, just for POP3S.

Thanks
AndrewM


-BEGIN PGP SIGNATURE-

iF4EAREIAAYFAlbLPpoACgkQqBZry7fv4vsr6QEAzqtAdTurYS94B+mfEoJZux65
3uXIHbz0+8WbiqDTIasBALNb/CRtAwkxCzxjrdNy65b7BBrowrSCfXHT1N+xQW3o
=vtb5
-END PGP SIGNATURE-

Re: Debian package on Windows

[Ric Moore]

On 02/22/2016 11:40 AM, Jean-Baptiste Thomas wrote:

De: "Ric Moore" 

and the GPL notice is included. I saw no mention to avoid the GPL in his
request for information. Ergo, as long as the GPL is honored, this plan
is actually a plus for Debian.


How is Debian better off from Microsoft porting apt to Windows ?


Because they didn't select YUM. :) Ric


--
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
http://linuxcounter.net/user/44256.html

Re: Is it possible to fully reinstall the base system without affecting /home?

[John L. Ries]

While it probably doesn't help you now, it is good practice to store 
user data on their own file system (/home), separate from applications 
and system files.  That way, if you hose the system, the user data are 
undisturbed and you only need to worry about backing up system settings.


Something to consider when you're doing your reinstall.

--|
John L. Ries  |
Salford Systems   |
Phone: (619)543-8880 x107 |
or (435)867-8885  |
--|


On Sunday 2016-02-21 21:36, Kynn Jones wrote:


Date: Sun, 21 Feb 2016 21:36:45
From: Kynn Jones 
To: Debian User 
Subject: Is it possible to fully reinstall the base system without affecting
   /home?

My system is badly damaged, and it looks like the only way to fix it
is to do a full re-install.

I figure I will have to back everything up to an external drive,
reformat the hard drive, and install everything from scratch.

But I thought I'd ask if there's anything close to this that would not
require backing up everything and reformatting the hard disk.
Wouldn't it be possible, for example, to boot the system up from a
live CD, and reinstall the base system, leaving /home untouched?  (I
should mention that the hard disk in question is just one big
partition, including /home and everything else.)

Thanks in advance!

kj

Re: Debian package on Windows

[Jean-Baptiste Thomas]

De: "Ric Moore" 
> and the GPL notice is included. I saw no mention to avoid the GPL in his 
> request for information. Ergo, as long as the GPL is honored, this plan 
> is actually a plus for Debian.

How is Debian better off from Microsoft porting apt to Windows ?

Re: Is it possible to fully reinstall the base system without affecting /home?

[Jochen Spieker]

Kynn Jones:
> 
> But I thought I'd ask if there's anything close to this that would not
> require backing up everything and reformatting the hard disk.

If there is anything on your hard disk worth keeping that you haven't
backed up at least weekly then you should start worrying about that now.

Hard disks (and SSDs) die and take your data with them. Worry about that
daily until you have a solution.

J.
-- 
I see weapons of mass destruction as shameful but necessary.
[Agree]   [Disagree]
 


signature.asc
Description: Digital signature

Re: Debian package on Windows

[Ric Moore]

On 02/20/2016 09:21 PM, Thiago wrote:

Hello,

Why did you send this message on Debian Apache and not in the main
mailing list? I'm sorry, but you're not able to own GNU GPL to suck in
your Application Manager. Either you will be educated mentioning it and
respecting his copyright.


First, thanks for top-posting and totally screwing up the timeline. To 
me, anyone top-posting usually winds up in my junk filters with extreme 
prejudice. I'd rather a top-poster not try to educate ~anyone~ within 
the Debian scheme of things.


Second, the OP openly asked for the thoughts and opinions as how to 
potentially proceed. According to the GPL anyone is free to take the 
source-code, edit/change it and compile it any way they wish AS LONG AS 
the GPL remains intact. That means they can compile a binary and 
distribute it, as long as the source code remains available to anyone 
and the GPL notice is included. I saw no mention to avoid the GPL in his 
request for information. Ergo, as long as the GPL is honored, this plan 
is actually a plus for Debian. Ric




I don't know why do you do it. Maybe you thought in new things to do.
Congrats for using Clang instead of GNU C Compiler, at least you're
trying don't using it to don't need mentioning him. But Debian is signed
in GPG too.

And of course, taking apt-get/Debian and implementing new DRMs to avoid
GNU. History is same the even. Or would be Microsoft don't mistreating
who shares the packing management? Are you trying to take it and kick
that out of new hardwares?

Reply us.

Att.


Em 19-02-2016 23:09, Eric Mittelette escreveu:

Hi



I contact you today about a crazy idea, but I hope it is a right kind of
crazy!



I’m PM in the Visual C++ Team (VC Lib to be precise here at Microsoft),
we started to think about lib acquisition (still a painful process for
C++ on Windows) and we are imaging different options, one is to port
apt-get on Windows.

Porting Apt-Get mean using Debian format (we love it) and providing
Windows binary inside the package…



For doing that we imagine a light way process to adapt your actual build
script to generate Windows binaries using our latest Clang/c2 compiler
integration (meaning in theory just changing an env variable to switch
from gcc or Clang to our Clang/C2 compiler will be enough…)



The main idea here is to not reinvent the wheel for packaging management
and use something existing, powerful and well known by the community.

Of course all the project will be open source (the new Microsoft J)



I know you’re really busy, and don’t want to boring you, but I wanted to
know your feedback about this idea?

Do you want to be included in future discussions and provide feedback as
we get more details fleshed out?



Again it is just a draft idea, nothing concrete, but wanted to validate
with you and the Debian maintainers community if that make sense for you…



Thanks for your time



Eric Mittelette

Senior Program Manager – Visual C++ (VCLib)

ericm...@microsoft.com 










--
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
http://linuxcounter.net/user/44256.html

Re: Pregunta sobre IPTABLES

[Camaleón]

El Sun, 21 Feb 2016 10:33:22 -0500, Alexis Verano Glez escribió:

> Hola lister@s,
> 
> Estoy creando un cortafuegos en una red nueva que estoy creando y tengo
> dificultad con el reenvio de las peticiones desde la WAN hacia la LAN,
> le pongo las configuraciones

(...)

Revisa los registros de iptables para ver qué es lo que te falla o qué 
bloqueos se están aplicando en la entrada de paquetes desde el exterior.

De todas formas, si estás usando reenvío/enrutado de paquetes de una 
interfaz a otra acuérdate de activar en el kernel el "ip forwarding".

> He estado revisando algunos manuales, pero encuentro mucha diversidad de
> criterios por ejemplo:
> 
> Como redirecciono una peticion desde la WAN hacia la LAN, del correo
> 
> VARIANTE 1 
> iptables -A FORWARD -i eth1 -p tcp --dport 25 -d 192.168.3.2 -j ACCEPT
> 
> VARIANTE 2
> iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 25 -j ACCEPT

Los comandos son iguales, únicamente en el segundo no se especifica la 
interfaz de entrada sobre la que actuar.

Saludos,

-- 
Camaleón

Re: [OT] Backups CrashPlan Debian sin entorno gráfico

[Camaleón]

El Sun, 21 Feb 2016 23:57:03 +0100, Maykel Franco escribió:

(...)

> Mi duda viene porque veo que para configurar la cuenta hace falta un
> entorno gráfico y levantar la aplicación para configurarlo...Sabéis si
> es posible configurarlo usando la terminal, lo que es lo mismo
> configurando archivos de configuración? Para introducir el email,
> password...
> 
> Otra opción sería configurarlo con entorno gráfico y luego copiarme los
> archivos de configuración...

Using CrashPlan On A Headless Computer
http://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer

Saludos,

-- 
Camaleón

Re: [Noticia] ¿Vuelve Firefox a Debian?

[Camaleón]

El Sun, 21 Feb 2016 22:18:40 +0100, Javier Barroso escribió:

> Buenas noches,
> 
> 2016-02-21 16:55 GMT+01:00 Camaleón :

(...)

Bueno, eso tiene fácil arreglo al menos para los accesos directos:
guarda el PNG y lo cambias después :-)
>>> Creo que dpkg-divert sería lo ideal para eso, o montarlo vía ~/.config
>>
>> ¿Dices para mantener el icono? Sería matar moscas a cañonazos ¿no? :-)
> 
> ¿Por qué? Si se quiere seguir usando apt-get y que no se modifiquen los
> iconos personalizados es la solución que se da en debian
> 
> # cp firefox.png /usr/share/icons/hicolor/64x64/apps/iceweasel.png 
> # dpkg-divert  --divert 
> /usr/share/icons/hicolor/64x64/apps/iceweasel.png.package 
> /usr/share/icons/hicolor/64x64/apps/iceweasel.png
> 
> Para cada icono en /usr/share/icons/*/*/iceweasel.png, habría que hacer
> el dpkg-divert, una vez que los iconos sean los que queremos

Porque seguramente cambien el nombre del archivo y las rutas y ya no se 
llame iceweasel sino firefox y entiendo que la diversión funciona cuando 
el nombre del archivo/paquete es el mismo pero de distinta versión 
¿no? :-?

Saludos,

-- 
Camaleón

Re: Debian package on Windows

[Thiago]

Em 22-02-2016 10:56, Jonathan Dowland escreveu:
> On Sat, Feb 20, 2016 at 11:21:46PM -0300, Thiago wrote:
> Since this is a development query, debian-devel would be more appropriate than
> debian-user, and unless I'm mistaken, you should make it clear that you do not
> speak for Debian as you are not formally affiliated with the project in any 
> way.
> 

Yes, it is.



signature.asc
Description: OpenPGP digital signature

Re: Obsolete packages: shutter

[Camaleón]

El Mon, 22 Feb 2016 09:07:28 -0300, Luis E. Arevalo R. escribió:

> Hola a todos:
> 
> Una consulta. Entiendo que un paquete obsoleto es un paquete que ya no
> se encuentra en los repositorios que tengo configurados:

(...)

Exacto, aunque los motivos del por qué ha sido marcado como "obsoleto" 
puede atender a varias razones. En este caso el motivo lo tienes aquí:

https://packages.qa.debian.org/s/shutter/news/20151013T163917Z.html

Parece que atiende a un bug de seguridad pero ha sido corregido en sid.
 
> Hoy luego del update me apareció el siguiente mensaje:
> 
> There are 4 newly obsolete packages: libgtk2-imageview-perl,
> libgtkimageview0, shutter, ufraw-batch
> 
> Si esto es así, ¿la recomendación sería eliminarlo de mi sistema? Si esa
> fuera la recomendación, ¿alguien me podría recomendar un programa de
> características similares? Lo encuentro bastante últil para la captura
> de pantallas.

Si te gustaba la aplicación puedes usar la versión de sid salvo que tenga 
dependencias gordas que te impida instalarlo.

Saludos,

-- 
Camaleón

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

On 2/18/2016 5:05 PM, Roman wrote:
> Seriously, you have to trust someone to achieve goals. So accessing
> server via ssh keys is pretty normal and secure + ldaps auth of course
> (centralized account management), so if someone leaves, just disable
> his account. sudo supports ldap auth, kind of on group level, so if
> user even got into a server for some reason, he can't become root,
> because his account was deleted and not in sudo enebled group anymore.
>
> After you configure the ldap and sudo for this scenario,  just disable
> password auth and  root login in ssh conf. Also setup firewall to
> enable ssh from known IP addresses only (here comes VPN into the game,
> if needed) and move SSH port to something else, but 22. You will be as
> safe as ldap and ssh and ssl are (exploits, exploits.. they're
> everywhere, you can't be 100% secure unless you disconnect the network
> cable from your server, remove the keyboard and USB ports)
>
> So basically security is all about trusting. You HAVE to choose whom
> (and what) you trust. 
> -- 
> Best regards,
> Roman.

I can show a couple examples of just simply having the centralized
account management can fail... in both cases the password was locked but
I had an SSH identity key already setup on the account. I was till able
to log into the server even with my account locked in the LDAP
centralized account management because the SSH keys were still
authorized. As well I had password-less sudo "NOPASSWD:" entries so I
still had full admin rights while being locked out.

All that to say, don't just assume things are secure you have to
verify and maintain it.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Servidor de correo?

[Camaleón]

El Mon, 22 Feb 2016 11:45:32 +0100, David Rotger escribió:

> en una empresa tienen un servidor Linux, y me he fijado que los
> clientes, en la configuración de la cuenta en thunderbird, el servidor
> SMTP apunta a la IP del servidor. Es porque el servidor tiene
> configurado un servidor de correo?

No entiendo bien la pregunta.

En el cliente de correo se puede usar como servidor pop/imap/smtp bien el 
nombre del equipo FQDN (smtp.example.com), el nombre local (example) o 
bien la IP (192.168.0.1) si no hay forma de resolver el nombre del equipo 
de manera local (p. ej., si no hay servidor DNS) para poder conectar con 
ese servidor.

Saludos,

-- 
Camaleón

Re: [OT] Servicio tcp socket

[Camaleón]

El Mon, 22 Feb 2016 00:07:01 +0100, Maykel Franco escribió:

> El día 20 de febrero de 2016, 15:25, Camaleón 
> escribió:
>> El Fri, 19 Feb 2016 22:58:57 +0100, Maykel Franco escribió:
>>
>>> Bueno la verdad es que no sé muy bien qué asunto poner... Les cuento
>>> lo que necesito hacer para una determinada persona que me pide algo
>>> del siglo X ... Manejo de sockets tcp
>>>
>>> La idea es la siguiente, necesita que le habilite un servicio via tcp
>>> socket para que lance una conexión desde un cliente a ese puerto y yo
>>> automáticamente, mediante esa conexión le envie un archivo csv...

(...)

>> Puedes intentarlo con xinetd, aquí tienes un ejemplo:
>>
>> http://stackoverflow.com/questions/13519933/executing-script-on-receiving-incoming-connection-with-xinetd
>>
>> Otra opción sería usando netcat (nc), échale un ojo.
>>
>>
> Gracias a todos por las respuestas.
> 
> La verdad no me querría complicar en programarlo, si netcat me vale
> sería la opción perfecta. He visto esto:
> 
> http://stackoverflow.com/questions/12267905/how-to-send-a-file-using-netcat-and-then-keep-the-connection-alive
> 
> Entiendo que esto podría valerme:
> 
> Server side:
> 
> nc -k -l 1 < my_in_file
> 
> Client side:
> 
> echo "bye" | netcat 192.168.1.6 1 > my_in_file -
> 
> Pero en los ejemplos que veo es el cliente quien envía... Lo que
> necesito es que sera el propio servidor el que tiene el puerto abierto y
> el que sirve el fichero a el cliente.

Sí, exacto, algo así es lo que había visto y sé que netcat es la navaja 
suiza para depurar cosicas de la red tcp/ip.

Mira, aquí tienes ejemplos de uso para el lado cliente (emisor) y 
servidor (receptor):

Using netcat and tar for network file transfer
http://www.screenage.de/blog/2007/12/30/using-netcat-and-tar-for-network-file-transfer/

Si el emisor tiene windows pues habrá que buscar un sustituto de nc que 
realice la misma función salvo que haya versión de nc también para él.

Saludos,

-- 
Camaleón

Re: [Noticia] ¿Vuelve Firefox a Debian?

[Camaleón]

El Mon, 22 Feb 2016 09:08:52 +0100, Javier Silva escribió:

> El día 20 de febrero de 2016, 15:36, Camaleón 
> escribió:
>> El Fri, 19 Feb 2016 19:23:45 +0100, Javier Silva escribió:
>>
>> (ese html...)
>>
>>
> Sinceramente, ya no se que hacer, tengo activado texto sin formato en el
> gmail y aún sigue llegando en html.

Creo que Gmail mantiene la última opción que hayas elegido para el 
formato del mensaje, es decir, si envías un correo con formato html 
cuando creas un mensaje nuevo mantiene ese formato en html a no ser que 
lo cambies manualmente. Hay que tener cuidado con eso, y de hecho esa es 
una de las cosas por las que no uso el webmail de Gmail: es un 
"tocanarices" al que tienes que estar corrigiendo continuamente :-)

Saludos,

-- 
Camaleón

Re: Error de GPG

[Camaleón]

El Sun, 21 Feb 2016 19:55:22 -0300, OJEDA David escribió:

> Hola a todos tengo una situacion que no pude resolver por actualizacion
> de Keyrings. 

¿Y la situación cuál es, exactamente? :-)

> Esta consulta que hubo (https://lists.debian.org/debian-user
>-spanish/2014/11/msg00080.html) es identica solo que varia el
> repositorio: http://ftp.ccc.uba.ar wheezy-updates Release.
> ¿Que espejo es el correcto en este caso y como puedo reemplazarlo? 

Para cambiar la URL de los repos tienes que editar el archivo 
"/etc/apt/sources.list".

> lei sobre utilizar "nano" pero las opciones finales de guardado me 
> superan.

Para guardar los cambios con nano tienes que pulsar la combinación de
teclas "Ctrl+O" pero puedes usar cualquier editor de textos, tanto en 
línea de comandos como gráfico si te sientes más cómodo con la última 
opción. Eso sí, siempre como usuario root ya que de lo contrario no te 
dejará guardar los cambios.

>  Mi Sources List es simple ya que soy un usuario aprendiz todavia:
> 
> # deb cdrom:[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
> LIVE/INSTALL Binary 20150114-03:51]/ wheezy main
> 
> deb cdrom:[Debian GNU/Linux 7 _Wheezy_ - Official Snapshot amd64
> LIVE/INSTALL Binary 20150114-03:51]/ wheezy main

Si tienes acceso a Internet, comenta (#) el repositorio del CD.

> deb http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy main 
> deb-src http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy main

Este parece correcto si sólo quieres usar software libre.

> deb http://security.debian.org/ wheezy/updates main 
> deb-src http://security.debian.org/ wheezy/updates main

Este también.

> # wheezy-updates, previously known as 'volatile'
> deb http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy-updates main
> deb-src http://ftp.ccc.uba.ar/pub/linux/debian/debian/ wheezy-updates main
   ^
   
Parece correcto también. Mejor si  ejecutas "apt-get update && apt-get -V 
upgrade" 
y mandas la salida.

Saludos,

-- 
Camaleón

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jonathan Dowland]

On Fri, Feb 19, 2016 at 09:30:20AM +1300, Richard Hector wrote:
> That then means that you don't get to choose which people have root on
> which boxes - anyone who gets the rule gets the lot. And that includes
> anyone who leaves, of course.

Yes, but a leaked root password for one host does not translate into a leaked
root password for other hosts, so there are some advantages. If the routine
additionally concatenates a fixed password string, you can rotate that when
staff leave and regenerate/reset all the passwords.

> I think a better solution in the end is to generate a random password
> for each box, and leave it, on paper, in a safe or similar. It's very
> rare anyone needs to use it.

In my past jobs we've always ended up doing something like that in the end,
never getting an algorithmic solution like the above off the ground, but it
does sound attractive to me.

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jonathan Dowland]

On Wed, Feb 17, 2016 at 02:24:02PM +, Darac Marjal wrote:
> On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:
> >2. after initial setup, no ssh access will be allowed via a password
> 
> $ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config

Convenient for writing in an email, but doesn't handle the situation where
PasswordAuthentication is already defined in the config file. Better to just
recommend editing the file and setting or changing the value as necessary.

Re: Pregunta sobre IPTABLES

[Luis Eduardo Cortés]

Hola:

Primero debes manejar el tráfico de INPUT y OUTPUT hacia y desde el
firewall, o sea, primero debe ingresar en el propio firewall, luego se hace
una regla del PREROUTING donde se lleva a cabo un NAT de destino, y recién
ahí vienen las reglas de FORWARD que ya tienes hechas. Las reglas de
FORWARD solitas como las pusiste solo van cuando no es necesario hacer un
NAT ni de origen ni de destino, o sea, solo pasa a través del firewall por
ruteo. Aquí va un ejemplo que tengo en producción:

$IPTABLES -t filter -A INPUT -p tcp -s $ANYWHERE_NET --sport $UNPRIVPORTS
-d $INTERNET_IP --dport $HTTP_PORT -m state --state NEW,ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -t filter -A OUTPUT -p tcp -s $INTERNET_IP --sport $HTTP_PORT -d
$ANYWHERE_NET --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -s $ANYWHERE_NET --sport $UNPRIVPORTS
-d $INTERNET_IP --dport $HTTP_PORT -j DNAT --to $LAN_IP
$IPTABLES -t filter -A FORWARD -p tcp -s $ANYWHERE_NET --sport $UNPRIVPORTS
-d LAN_IP --dport $HTTP_PORT -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -t filter -A FORWARD -p tcp -s LAN_IP --sport $HTTP_PORT -d
$ANYWHERE_NET --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j
ACCEPT



Suerte.




El 21 de febrero de 2016, 12:33, Alexis Verano Glez <
alexis.ver...@cab.onbc.cu> escribió:

> Hola lister@s,
>
> Estoy creando un cortafuegos en una red nueva que estoy creando y tengo
> dificultad con el reenvio de las peticiones desde la WAN hacia la LAN, le
> pongo las configuraciones
>
> ***
> CONFIGURACION DEL ROUTER
>
> IP Router: 192.168.2.9
> IP PC Conectada al router (eth0): 192.168.2.10
>
> ***
>
> IP PC Conectada al swith LAN (eth1): 192.168.3.1
>
> IP PC Servicios RED: (CORREO, DHCP, DNS, CHAT) 192.168.3.2
>
> ***
>
> .. Esta es la configuracion que tengo hasta el momento, por supuesto
> que no es la final.
>
> ##
> ##   CONFIGURACION FIREWALL  IPTABLES
> ##
> #!/bin/sh
>
> # eth0 : 192.168.2.10 (IP conectado al router)
> # eth1 : 192.168.3.1  (IP conectada a la LAN)
>
> ## FLUSH  de reglas
> iptables -F
> ##iptables -X
> ##iptables -Z
> ##iptables -t nat -F
>
> ## Establecemos politica por defecto
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD DROP
> ##iptables -t nat -P PREROUTING DROP
> ##iptables -t nat -P POSTROUTING DROP
>
> #
> ## GESTION DE TRAFICO
> #
>
> # Servidor DNS (puerto 53)
> iptables -A FORWARD -i eth1 -p tcp --dport 53 -d 192.168.3.2 -j ACCEPT
> iptables -A FORWARD -i eth1 -p udp --dport 53 -d 192.168.3.2 -j ACCEPT
>
> # Servidor Correo (puertos 25, 110 y 143)
> iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 25 -j ACCEPT
> iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 25 -j ACCEPT
>
> iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 110 -j ACCEPT
> iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 110 -j ACCEPT
>
> iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 143 -j ACCEPT
> iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 143 -j ACCEPT
>
> # Acceso al Webmail del Servidor de Correo (puerto 80)
> iptables -A FORWARD -i eth1 -p tcp --dport 80 -d 192.168.3.2 -j ACCEPT
>
> # Servidor Chat (puertos 5269, 5222)
> ##VARIANTE 1
> iptables -A FORWARD -i eth1 -p tcp --dport 5269 -d 172.16.3.200 -j ACCEPT
> iptables -A FORWARD -i eth1 -p tcp --dport 5222 -d 172.16.3.200 -j ACCEPT
> ##VARIANTE 2
> iptables -A FORWARD -d 172.16.3.200 -p tcp --dport 5269 -j ACCEPT
> iptables -A FORWARD -d 172.16.3.200 -p tcp --dport 5222 -j ACCEPT
>
>
>
> ===
>
> He estado revisando algunos manuales, pero encuentro mucha diversidad de
> criterios por ejemplo:
>
> Como redirecciono una peticion desde la WAN hacia la LAN, del correo
>
> VARIANTE 1
> iptables -A FORWARD -i eth1 -p tcp --dport 25 -d 192.168.3.2 -j ACCEPT
>
> VARIANTE 2
> iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 25 -j ACCEPT
>
>
> ===
>
>
> Saludos...
>
>
> --
>
>
> Lic. Alexis Verano Glez
> J´ Departamento de Informática
> Centro Nacional de Desarrollo Profesional. ONBC.
> Correo-e: alexis.ver...@cab.onbc.cu
> TLF: (+53)7643-9241
>
>


-- 
Usuario Linux Registrado # 342019
--> http://linuxcounter.net/ <--
skype --> luedcortes
gtalk --> luedcor...@gmail.com
msn --> luedcor...@gmail.com

Re: debian sur archos

[honeyshell]

Bonjour José,

A ce jour, tu n'installes pas Debian directement sur une tablette.
J'ose espérer un jour pouvoir le faire comme toi.
L'une des voie pour tout de même avec un système Debian, c'est de le
chrooter directement depuis android ou sur une cyanogen.
1ière étape :
Si tu souhaites "libérer" ta tablette, le mieux est de remplacer
Android par cyanogen : http://www.cyanogenmod.org
2d étape :
Installer Debian en chroot sur cyanogen, ce thread devrait t'aider :
https://www.debian-fr.org/debian-kit-debian-en-parallele-d-android-sans-chroot-t45761.html

bon courage :)

Re: Debian package on Windows

[Jonathan Dowland]

On Sat, Feb 20, 2016 at 11:21:46PM -0300, Thiago wrote:
> Why did you send this message on Debian Apache and not in the main
> mailing list?

Since this is a development query, debian-devel would be more appropriate than
debian-user, and unless I'm mistaken, you should make it clear that you do not
speak for Debian as you are not formally affiliated with the project in any way.

-- 
Jonathan Dowland

Re: mise à jour noyau linux

[maderios]

On 02/22/2016 01:49 PM, Panayotis Akridas-Morel wrote:

Bonjour à tous,

J'ai lu dans une newsletter que le noyau linux 4.4 avait été publié en
janvier. J'ai un peu cherché sur internet mais je voudrais savoir ce que
vous conseillé pour passer à ce noyau ? En gros j'imagine qu'il y a deux
possibilités :
- faire la mise à jour tout seul comme cela peut être expliqué sur
certains sites
ou
- attendre que la mise à jour soit proposée directement dans les
packages gérés par la communauté Debian (apt-get).

Ces deux solutions existent-elles ou seule la première est envisageable
? Laquelle me conseillez-vous ?


Bonjour
Tu parles de quelle version Debian? Mieux vaut s'en tenir aux noyaux 
officiellement disponibles dans ta distribution. Le paquet du noyau 4.4 
est arrivé dans Sid depuis peu. Jusqu'à ce matin, je  ne pouvais pas 
booter dessus... :) Une nouvelle maj vient d'arriver, à suivre. En 
attendant, le 4.3 est là mais pas pour longtemps puisqu'il est signalé 
EOL (end of life/fin de vie) sur le site kernel.org, donc plus maintenu. 
Il sera remplacé dans Sid par le 4.4.


--
Maderios

Pregunta sobre IPTABLES

[Alexis Verano Glez]

Hola lister@s,

Estoy creando un cortafuegos en una red nueva que estoy creando y tengo
dificultad con el reenvio de las peticiones desde la WAN hacia la LAN,
le pongo las configuraciones

***
CONFIGURACION DEL ROUTER

IP Router: 192.168.2.9
IP PC Conectada al router (eth0): 192.168.2.10

***

IP PC Conectada al swith LAN (eth1): 192.168.3.1

IP PC Servicios RED: (CORREO, DHCP, DNS, CHAT) 192.168.3.2

***

.. Esta es la configuracion que tengo hasta el momento, por supuesto
que no es la final.

##
##   CONFIGURACION FIREWALL  IPTABLES
##
#!/bin/sh

# eth0 : 192.168.2.10 (IP conectado al router)
# eth1 : 192.168.3.1  (IP conectada a la LAN)

## FLUSH  de reglas
iptables -F
##iptables -X
##iptables -Z
##iptables -t nat -F

## Establecemos politica por defecto
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
##iptables -t nat -P PREROUTING DROP
##iptables -t nat -P POSTROUTING DROP

#
## GESTION DE TRAFICO 
#

# Servidor DNS (puerto 53)
iptables -A FORWARD -i eth1 -p tcp --dport 53 -d 192.168.3.2 -j ACCEPT
iptables -A FORWARD -i eth1 -p udp --dport 53 -d 192.168.3.2 -j ACCEPT

# Servidor Correo (puertos 25, 110 y 143)
iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 25 -j ACCEPT

iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 110 -j ACCEPT

iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 143 -j ACCEPT
iptables -A FORWARD -s 192.168.3.2 -p tcp --sport 143 -j ACCEPT

# Acceso al Webmail del Servidor de Correo (puerto 80)
iptables -A FORWARD -i eth1 -p tcp --dport 80 -d 192.168.3.2 -j ACCEPT

# Servidor Chat (puertos 5269, 5222)
##VARIANTE 1
iptables -A FORWARD -i eth1 -p tcp --dport 5269 -d 172.16.3.200 -j
ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 5222 -d 172.16.3.200 -j
ACCEPT
##VARIANTE 2
iptables -A FORWARD -d 172.16.3.200 -p tcp --dport 5269 -j ACCEPT
iptables -A FORWARD -d 172.16.3.200 -p tcp --dport 5222 -j ACCEPT



===

He estado revisando algunos manuales, pero encuentro mucha diversidad de
criterios por ejemplo:

Como redirecciono una peticion desde la WAN hacia la LAN, del correo

VARIANTE 1
iptables -A FORWARD -i eth1 -p tcp --dport 25 -d 192.168.3.2 -j ACCEPT

VARIANTE 2
iptables -A FORWARD -d 192.168.3.2 -p tcp --dport 25 -j ACCEPT


===


Saludos...


-- 


Lic. Alexis Verano Glez
J´ Departamento de Informática
Centro Nacional de Desarrollo Profesional. ONBC.
Correo-e: alexis.ver...@cab.onbc.cu
TLF: (+53)7643-9241 

debian sur archos

[Jose CHARTERS]

Bonjour,

Je viens de recevoir une tablette archos 101.

Seulement elle est sous android. Bien entendu, je n'ai qu'une envie,
c'est de la mettre sous débian.

D'où ma prospection avant de me mettre en marche. Certains d'entre vous
ont il déjà fait cette installation ? Quels sont vos retours ? Les
précautions à prendre ?

De mes recherches sur le net, j'ai trouvé le site http://dev.openaos.org/

Il semble dédié aux installation sur archos. Avez vous d'autres sites ?
d'autres lectures ?*

Si possible en français, car je ne suis pas à l'aise avec la langue de
shakespeare.

Merci pour votre aide.

José

Re: mise à jour noyau linux

[honeyshell]

Bonjour Panayotis,

La solution retenue pour maintenir un système Debian est d'attendre
que les paquets arrivent dans les dépôts. Donc en mode production et
pour la stabilité de ton système, il faut retenir cette solution.
https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.fr.html

Re: Servidor de correo?

[Gonzalo Rivero]

El lun, 22-02-2016 a las 11:45 +0100, David Rotger escribió:
> Hola,
> 
> en una empresa tienen un servidor Linux, y me he fijado que los
> clientes, en la configuración de la cuenta en thunderbird, el
> servidor
> SMTP apunta a la IP del servidor. Es porque el servidor tiene
> configurado un servidor de correo?
> 
si

> Gracias.
> 

Fwd: On the tenth and ultimate FSCONS

[Luna Jernberg]

-- Forwarded message --
From: Luna Jernberg 
Date: Mon, Feb 22, 2016 at 12:13 PM
Subject: Fwd: On the tenth and ultimate FSCONS
To: foss-st...@cool.haxx.se, foss-gbg 



-- Forwarded message --
From: Stian Rødven Eide 
Date: Mon, Feb 22, 2016 at 6:32 AM
Subject: On the tenth and ultimate FSCONS
To: announ...@fscons.org, FSCONS organizers 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear friends and participants of FSCONS,

As we have entered 2016, the next FSCONS will be the tenth one. This
obviously necessitates a celebration, to make FSCONS 2016 a very
special event.

However, at the same time the core organisers have experienced a high
workload. Too many things are still being done by too few people, and
our efforts to bring more people into the fold have not been as
successful as we had hoped.

Therefore, the board's proposal to the Yearly Meeting of Föreningen
FSCONS is that FSCONS 2016 should not only be a celebration of the
conference's 10th anniversary, but also the very last one. We propose
to make FSCONS 2016 a worthy ending to a great conference.

To reduce the workload for the conference, we also propose that we
simplify the organising greatly. The simplest way of accomplishing
this is to find a place where many of the troubling aspects are fixed
for us, such as conference centre, preferably one that lies in the
rural areas close to Gothenburg and includes accommodation for all
participants.

This implies a few things. Firstly, the cost for each participant will
be somewhat higher than it has been, essentially assuming cost price,
as we do not wish to rely on sponsors. On the upside, food and
accommodation will be included in the price. Secondly, we will have to
reduce the number of participants, tracks and speakers. While we want
to leave the exact number open to suggestions from both the public and
the Yearly Meeting, we think that we reasonably could aim for fifty to
a hundred participants, of whom ten or twelve are speakers and not
really have any named tracks. As we have had many fantastic speakers
during our ten years, we propose to invite some of our favourites from
past conferences, and thus make FSCONS 2016 a somewhat retrospective
event.

If FSCONS is to continue as a yearly conference beyond 2016, we would
like to see more people coming forward and being willing to take on
responsibilities in the association. As FSCONS is run by a registered,
democratic organisation, this would have to happen before the Yearly
Meeting, which most likely would take place in April. In any case, we
would appreciate feedback on this proposal from anyone who has
participated in FSCONS in the past. Feedback should preferably go to
the FSCONS organisers' list o...@lists.fscons.org

With hopes of a splendid celebration,
The FSCONS Board
Andreas, Leif-Jöran and Stian
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlbKnV8ACgkQs757iZfan6fHyQCfUhSpk1PEtUxDUetasjYm++af
UIYAn3rQcxtB4uUhvIYy0h3YRU+ttcpL
=BtGV
-END PGP SIGNATURE-
To unsubscribe from this list, click here:
https://lists.fripost.org/fscons.org/sympa/auto_signoff/announces/bittin%40reimu.nl

Fwd: On the tenth and ultimate FSCONS

[Luna Jernberg]

-- Forwarded message --
From: Luna Jernberg 
Date: Mon, Feb 22, 2016 at 12:13 PM
Subject: Fwd: On the tenth and ultimate FSCONS
To: foss-st...@cool.haxx.se, foss-gbg 



-- Forwarded message --
From: Stian Rødven Eide 
Date: Mon, Feb 22, 2016 at 6:32 AM
Subject: On the tenth and ultimate FSCONS
To: announ...@fscons.org, FSCONS organizers 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear friends and participants of FSCONS,

As we have entered 2016, the next FSCONS will be the tenth one. This
obviously necessitates a celebration, to make FSCONS 2016 a very
special event.

However, at the same time the core organisers have experienced a high
workload. Too many things are still being done by too few people, and
our efforts to bring more people into the fold have not been as
successful as we had hoped.

Therefore, the board's proposal to the Yearly Meeting of Föreningen
FSCONS is that FSCONS 2016 should not only be a celebration of the
conference's 10th anniversary, but also the very last one. We propose
to make FSCONS 2016 a worthy ending to a great conference.

To reduce the workload for the conference, we also propose that we
simplify the organising greatly. The simplest way of accomplishing
this is to find a place where many of the troubling aspects are fixed
for us, such as conference centre, preferably one that lies in the
rural areas close to Gothenburg and includes accommodation for all
participants.

This implies a few things. Firstly, the cost for each participant will
be somewhat higher than it has been, essentially assuming cost price,
as we do not wish to rely on sponsors. On the upside, food and
accommodation will be included in the price. Secondly, we will have to
reduce the number of participants, tracks and speakers. While we want
to leave the exact number open to suggestions from both the public and
the Yearly Meeting, we think that we reasonably could aim for fifty to
a hundred participants, of whom ten or twelve are speakers and not
really have any named tracks. As we have had many fantastic speakers
during our ten years, we propose to invite some of our favourites from
past conferences, and thus make FSCONS 2016 a somewhat retrospective
event.

If FSCONS is to continue as a yearly conference beyond 2016, we would
like to see more people coming forward and being willing to take on
responsibilities in the association. As FSCONS is run by a registered,
democratic organisation, this would have to happen before the Yearly
Meeting, which most likely would take place in April. In any case, we
would appreciate feedback on this proposal from anyone who has
participated in FSCONS in the past. Feedback should preferably go to
the FSCONS organisers' list o...@lists.fscons.org

With hopes of a splendid celebration,
The FSCONS Board
Andreas, Leif-Jöran and Stian
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlbKnV8ACgkQs757iZfan6fHyQCfUhSpk1PEtUxDUetasjYm++af
UIYAn3rQcxtB4uUhvIYy0h3YRU+ttcpL
=BtGV
-END PGP SIGNATURE-
To unsubscribe from this list, click here:
https://lists.fripost.org/fscons.org/sympa/auto_signoff/announces/bittin%40reimu.nl

mise à jour noyau linux

[Panayotis Akridas-Morel]

Bonjour à tous,

J'ai lu dans une newsletter que le noyau linux 4.4 avait été publié en 
janvier. J'ai un peu cherché sur internet mais je voudrais savoir ce que 
vous conseillé pour passer à ce noyau ? En gros j'imagine qu'il y a deux 
possibilités :
- faire la mise à jour tout seul comme cela peut être expliqué sur 
certains sites

ou
- attendre que la mise à jour soit proposée directement dans les 
packages gérés par la communauté Debian (apt-get).


Ces deux solutions existent-elles ou seule la première est envisageable 
? Laquelle me conseillez-vous ?


Merci à tous,

Panayotis

Re: Debian package on Windows

[Thiago]

Em 21-02-2016 23:49, John Hasler escreveu:
> I don't know what you mean by that.  It's Free Software.  They can do
> with it what the license terms permit and no more absent special
> permission from the copyright owner.  The authors released it under the
> GPL and that's that.  Debian, not owning the copyright, is not able to
> allow or forbid anything.
> 
> Debian or some members thereof might or might not choose to assist in
> the endeavor, but that's a different matter.
> 

John,

"They can do with it what the license terms permit and no more absent
permission from the copyright owner." -> That's true, no more further
reply would be needed.

If Microsoft will be respecting freedom, ok. But I doubt which they will
do. Will they own it and remove software freedom? I hope no. If they own
something in GPL, we know they have to maintain software freedom in this
way.



signature.asc
Description: OpenPGP digital signature

Re: Obsolete packages: shutter

[fernando sainz]

El 22 de febrero de 2016, 13:07, Luis E. Arevalo R.
 escribió:
>
> Hola a todos:
>
> Una consulta. Entiendo que un paquete obsoleto es un paquete que ya no se 
> encuentra en los repositorios que tengo configurados:
>
> deb http://mirrors.kernel.org/debian/ stretch main non-free contrib
> deb-src http://mirrors.kernel.org/debian/ stretch main non-free contrib
>
> deb http://security.debian.org/ stretch/updates main contrib non-free
> deb-src http://security.debian.org/ stretch/updates main contrib non-free
>
> # stretch-updates, previously known as 'volatile'
> deb http://mirrors.kernel.org/debian/ stretch-updates main contrib non-free
> deb-src http://mirrors.kernel.org/debian/ stretch-updates main contrib 
> non-free
>
> Hoy luego del update me apareció el siguiente mensaje:
>
> There are 4 newly obsolete packages: libgtk2-imageview-perl, 
> libgtkimageview0, shutter, ufraw-batch
>
> Si esto es así, ¿la recomendación sería eliminarlo de mi sistema? Si esa 
> fuera la recomendación, ¿alguien me podría recomendar un programa de 
> características similares? Lo encuentro bastante últil para la captura de 
> pantallas.
>
> ¡Saludos!
>
> --
> Luis Eduardo Arevalo ReyesUser #354770 
> http://linuxcounter.net
> Fono +56 9 54012831
> http://www.luchox.cl
>

Hola.
Yo suelo usar "scrot" no si si tendrá las funcionalidades de shutter,
es bastante simple.

S2.

Obsolete packages: shutter

[Luis E. Arevalo R.]

Hola a todos:

Una consulta. Entiendo que un paquete obsoleto es un paquete que ya no se
encuentra en los repositorios que tengo configurados:

deb http://mirrors.kernel.org/debian/ stretch main non-free contrib
deb-src http://mirrors.kernel.org/debian/ stretch main non-free contrib

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free

# stretch-updates, previously known as 'volatile'
deb http://mirrors.kernel.org/debian/ stretch-updates main contrib non-free
deb-src http://mirrors.kernel.org/debian/ stretch-updates main contrib
non-free

Hoy luego del update me apareció el siguiente mensaje:

There are 4 newly obsolete packages: libgtk2-imageview-perl,
libgtkimageview0, shutter, ufraw-batch

Si esto es así, ¿la recomendación sería eliminarlo de mi sistema? Si esa
fuera la recomendación, ¿alguien me podría recomendar un programa de
características similares? Lo encuentro bastante últil para la captura de
pantallas.

¡Saludos!

-- 
Luis Eduardo Arevalo ReyesUser #354770
http://linuxcounter.net
Fono +56 9 54012831
http://www.luchox.cl

Re: Enabling of the control grups with its subsystems and Kernel module "net_cls" on Debian Jessie.

[Reco]

Hi.

On Mon, 22 Feb 2016 11:01:29 + (UTC)
Mark Johnson  wrote:

> Hi all.
> 
> My name is Mark, and I try since a few days to implement outbound traffic 
> shaping with cgoups and its podsystems (especially - "net_cls", "net_prio") 
> and iptables. The problem is to enable cgroups (subsystems "net_cls" and 
> daemons like "cgrulesengd") Spent many hours looking for education stuff, but 
> everything was time wasting only. In my opinion something must be wrong with 
> Kernel ( set-up?, patching?, upgrade? )
>  My Kernel - 3.16.If you could explain how-to in a few words, it would be 
> really great news for me. We all belongs to big "Debian Family" are we not?

A case study:

1) Ensure that you're *not* running systemd as PID=1. It *will* screw
things up, do not try it.

2) Ensure that you don't have any services in enabled state that try to
configure cgroups on their own. libvirtd or cgmanager, for instance.

3) Write a configuration file /etc/cgconfig.conf with the contents like
this:

mount {
cpuset = /sys/fs/cgroup/cpuset;
cpu = /sys/fs/cgroup/cpu;
cpuacct = /sys/fs/cgroup/cpuacct;
devices = /sys/fs/cgroup/devices;
freezer = /sys/fs/cgroup/freezer;
net_cls = /sys/fs/cgroup/net_cls;
blkio = /sys/fs/cgroup/blkio;
perf_event = /sys/fs/cgroup/perf_event;
}

group mynet {
net_cls {
net_cls.classid="122541";
}
}

4) Invoke:

mount -t tmpfs cgroup_root /sys/fs/cgroup
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf

5) If all goes well you should see a bunch of mounted filesystems of
type cgroup, one for each controller.

6) Create a configuration file /etc/cgrules.conf with the contents
like this:

*:/bin/bash net_cls mynet

7) Start cgrulesengd for debugging:

/usr/sbin/cgrulesengd -nv

8) Observe all instances of bash to migrate to mynet cgroup.
Double-check it with:

cat /sys/fs/cgroup/net_cls/nonet/tasks

9) Clean up:

/usr/sbin/cgclear
umount /sys/fs/cgroup

Reco

Re: Ext2 per ordinadors antics

[Alex Muntada]

Narcis Garcia:

> Fer comprovacions «de laboratori» en això és molt complicat,
> ja que, per posar un exemple tonto:
> 1. L'usuari ordena desar un document
> 2. El nucli utilitza la bitàcola/journaling i torna el control (més aviat?).
> 3. L'usuari ordena la càrrega d'una altra aplicació
> 4. El nucli triga més perquè carrega l'aplicació i allibera la bitàcola
> alhora.

Les mesures de rendiment amb usuaris són massa complicades,
totalment d'acord en això. Però si fem canvis «tècnics»
hauríem de ser capaços de mesurar-ne l'efectivitat també
en termes tècnics i objectius.

Intentar mesurar el grau de satisfacció d'un usuari canviant
d'ext4 a ext2 crec que no és la forma correcta d'enfocar-ho.
Mesurar si hi ha un guany perceptible en lectura o escriptura
en un maquinari determinat amb ext2/ext4 utilitzant algun
benchmark crec que sí aporta valor. De la mateixa manera que
canviar un disc vell per un de més modern amb el mateix S.O.
pot tenir mesures diferents.

Tots aquests experiments, sumats, poden arribar a determinar
una millora objectiva en l'experiència d'usuari sense que ni
tan sols calgui entrar a l'escriptori. Si realment t'interessa
provar el comportament de l'escriptori pots mirar de trobar un
benchmark que el caracteritzi (desconec si n'hi ha cap però
tampoc m'estranyaria que existeixi), però fer experiments de
forma manual no acostuma a ser gaire bona idea.

Salut,
Alex

Enabling of the control grups with its subsystems and Kernel module "net_cls" on Debian Jessie.

[Mark Johnson]

Hi all.

My name is Mark, and I try since a few days to implement outbound traffic 
shaping with cgoups and its podsystems (especially - "net_cls", "net_prio") and 
iptables. The problem is to enable cgroups (subsystems "net_cls" and daemons 
like "cgrulesengd") Spent many hours looking for education stuff, but 
everything was time wasting only. In my opinion something must be wrong with 
Kernel ( set-up?, patching?, upgrade? )
 My Kernel - 3.16.If you could explain how-to in a few words, it would be 
really great news for me. We all belongs to big "Debian Family" are we not?

Regards from Dublin
Mark

Re: Ext2 per ordinadors antics

[Jordi Funollet]

Bones Narcís,

No voldria començar a dir coses òbvies, però instal·lar software antic
en hardware antic no millora el rendiment. El que DE VEGADES funciona és
instal·lar software recent, al que potser s'hauran incorporat més
optimitzacions, i deshabilitar allò que no necessites.

En el cas del filesystem, jo faria servir ext4 i miraria si el meu
usuari és capaç de detectar alguna millora en deshabilitar el
journaling.

tune2fs -O ^has_journal

Però insisteixo en el que ja s'ha dit: si no podem mesurar no podem
optimitzar. Si ho creus convenient tria un paràmetre de molt alt nivell:
la satisfacció de l'usuari, o la velocitat percebuda; però és perillós
basar-nos en "assumpcions raonables". Optimitzar implica mesurar, fer un
experiment i comparar. Sense això val més quedar-nos amb les
configuracions recomanades per defecte.

-- 
Jordi Funollet Pujol
http://www.linkedin.com/in/jordifunollet

Re: Is it possible to fully reinstall the base system without affecting /home?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Feb 22, 2016 at 11:20:24AM +0100, arian wrote:
> 
> Just to make sure, your filesystem is OK, right?
> 
> > But I thought I'd ask if there's anything close to this that would not
> > require backing up everything and reformatting the hard disk.
> > Wouldn't it be possible, for example, to boot the system up from a
> > live CD, and reinstall the base system, leaving /home untouched?  (I
> > should mention that the hard disk in question is just one big
> > partition, including /home and everything else.)
> 
> Just do a normal install with manual filesystem configuration, choose
> the existing partition with the prior filesystem format and make sure
> to _not_ choose format partition.

This was my impression too: installation should not wipe home (actually
it should'nt wipe anything, e.g. /usr/local and friends, just overwrite
existing packages with their newer versions.

That said, and as arian states, it's easy to fat-finger something and
format your disks, so a backup is in order; and you might meet some
niggles, like new packages stumbling upon older configurations and
data in your home (think ~/.config, but also ~/.openffice.org, ~/.gimp
and whatever nice things apps put into your home). Some may cope
and some not.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbK5AcACgkQBcgs9XrR2kbIKQCfUlb64LbSE2F5UHgT2hEGiYsI
yDkAnjXbOy72G7BsuxPCBfS/qOWI6pyw
=wbEI
-END PGP SIGNATURE-

Servidor de correo?

[David Rotger]

Hola,

en una empresa tienen un servidor Linux, y me he fijado que los
clientes, en la configuración de la cuenta en thunderbird, el servidor
SMTP apunta a la IP del servidor. Es porque el servidor tiene
configurado un servidor de correo?

Gracias.

Re: Is it possible to fully reinstall the base system without affecting /home?

[Keith Bainbridge]

On 22/02/16 20:10, Dalios wrote:

First of all you would have to move your /home to a new partition (to
the same disk or another) and you would need to start from a Live CD/USB
in order to do this step.



Or move /home from a terminal as root.  But if you have to create a new 
partition you might as well move /home while you are using the live CD.


--
Keith Bainbridge

keithrbaugro...@gmail.com

+61 (0)447 667 468

Re: Is it possible to fully reinstall the base system without affecting /home?

[arian]

Just to make sure, your filesystem is OK, right?

> But I thought I'd ask if there's anything close to this that would not
> require backing up everything and reformatting the hard disk.
> Wouldn't it be possible, for example, to boot the system up from a
> live CD, and reinstall the base system, leaving /home untouched?  (I
> should mention that the hard disk in question is just one big
> partition, including /home and everything else.)

Just do a normal install with manual filesystem configuration, choose the 
existing partition with the prior filesystem format and make sure to _not_ 
choose format partition. The installer will warn you, something along the lines 
that it will overwrite the old /usr, /etc/, /var, etc - which is what you want.

optionally you can remove all directories but /home (and may be /root prior to 
installation from a live system (the installer will do).

I strongly advise to make the backup before nonetheless - breaking things is 
easy, especially in the installer. This procedure will however spare you 
restoring thing from the backup, if it works.



signature.asc
Description: OpenPGP digital signature

Re: BIND problem

[Reco]

Hi.

On Mon, 22 Feb 2016 02:35:52 -0700
Glenn English  wrote:

> I'm seeing lots of:
> 
> > Feb 21 23:32:24 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-I5cJjYH7fV: open: permission denied
> > Feb 21 23:36:54 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-zsVXbHkEG1: open: permission denied
> > Feb 21 23:46:00 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-ngGrdGrU2a: open: permission denied
> > Feb 21 23:49:26 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-Q0vQCUg5xd: open: permission denied
> > Feb 21 23:58:36 log named[20061]: zone richeyrentals.com/IN: refresh: could 
> > not set file modification time of 
> > '/var/cache/bind/slaves/db.richeyrentals.com': permission denied
> > Feb 21 23:59:56 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-Ef1P4JJ7WK: open: permission denied
> > Feb 22 00:02:30 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
> > Feb 22 00:14:26 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
> > Feb 22 00:14:54 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
> > Feb 22 00:25:31 log named[20117]: zone richeyrentals.com/IN: refresh: could 
> > not set file modification time of 
> > '/var/cache/bind/slaves/db.richeyrentals.com': permission denied
> > Feb 22 00:25:48 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
> > Feb 22 00:29:50 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
> > Feb 22 00:38:07 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
> > Feb 22 00:43:19 log named[20117]: dumping master file: 
> > /var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied
> > Feb 22 00:51:46 log named[20061]: dumping master file: 
> > /var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
> > Feb 22 00:53:20 log named[20061]: zone richeyrentals.com/IN: refresh: could 
> > not set file modification time of 
> > '/var/cache/bind/slaves/db.richeyrentals.com': permission denied
> 
> in my log.

Please post the output of:

ls -ald /var/cache/bind/slaves

lsattr /var/cache/bind/slaves

getfacl /var/cache/bind/slaves


Also, do you have SELinux enabled?

Reco

BIND problem

[Glenn English]

I'm seeing lots of:

> Feb 21 23:32:24 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-I5cJjYH7fV: open: permission denied
> Feb 21 23:36:54 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-zsVXbHkEG1: open: permission denied
> Feb 21 23:46:00 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-ngGrdGrU2a: open: permission denied
> Feb 21 23:49:26 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-Q0vQCUg5xd: open: permission denied
> Feb 21 23:58:36 log named[20061]: zone richeyrentals.com/IN: refresh: could 
> not set file modification time of 
> '/var/cache/bind/slaves/db.richeyrentals.com': permission denied
> Feb 21 23:59:56 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-Ef1P4JJ7WK: open: permission denied
> Feb 22 00:02:30 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
> Feb 22 00:14:26 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
> Feb 22 00:14:54 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
> Feb 22 00:25:31 log named[20117]: zone richeyrentals.com/IN: refresh: could 
> not set file modification time of 
> '/var/cache/bind/slaves/db.richeyrentals.com': permission denied
> Feb 22 00:25:48 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
> Feb 22 00:29:50 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
> Feb 22 00:38:07 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
> Feb 22 00:43:19 log named[20117]: dumping master file: 
> /var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied
> Feb 22 00:51:46 log named[20061]: dumping master file: 
> /var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
> Feb 22 00:53:20 log named[20061]: zone richeyrentals.com/IN: refresh: could 
> not set file modification time of 
> '/var/cache/bind/slaves/db.richeyrentals.com': permission denied

in my log.

I looked on the web, and no suggestion helped. Except one: one of then said his 
worked when he ran bind (aka named) as root. I tried that and sure enough, it 
'fixed' the problem. Until monit somehow noticed the DNS wasn't running and 
started it from /etc/init.d (I'm still running Wheezy). 

It happens only on the master DNS server -- the slaves do their dumps 
successfully, or maybe they don't try.

I tried su -'ing from root to user bind (after giving bind a shell). No joy.

Everything in /var/cache/bind is owned by bind:bind, it's all owner and group 
writable, root manages to write the files, there are no complaints about the 
masters directory (there are also no files called tmp-*** in there), and I'm at 
a loss as to why there's a problem setting the modification time (touch does it 
just fine).

Has anyone seen this and fixed it? 

I'm guessing somebody's just kidding about the directory they're trying to 
write into, and their real directory is owned by user nobody...

-- 
Glenn English

Re: Is it possible to fully reinstall the base system without affecting /home?

[Dalios]

On 02/22/2016 06:36 AM, Kynn Jones wrote:
> My system is badly damaged, and it looks like the only way to fix it
> is to do a full re-install.
> 
> I figure I will have to back everything up to an external drive,
> reformat the hard drive, and install everything from scratch.
> 
> But I thought I'd ask if there's anything close to this that would not
> require backing up everything and reformatting the hard disk.
> Wouldn't it be possible, for example, to boot the system up from a
> live CD, and reinstall the base system, leaving /home untouched?  (I
> should mention that the hard disk in question is just one big
> partition, including /home and everything else.)
> 
> Thanks in advance!
> 
> kj
> 
> 

You can certainly do it but I am not sure you want!

First of all you would have to move your /home to a new partition (to
the same disk or another) and you would need to start from a Live CD/USB
in order to do this step. Of course if you don't have another HD
available then you would have to partition the disk which is risky for
your data which you would have to backup elsewhere etc

Next is the new installation procedure where you will eventually connect
the new system with the old /home.

However let me note that some of the problems of your current
installation may live inside /home which means that you will still have
to deal with them. The /home folder contains not only your data but also
various settings files for your applications.

So, as I said, you can certainly do it but I am not sure you want!

Another approach would be to start a new thread (or more!) on this
helpful list in order to try to solve your system's problems. Of course
you can always re-install and start from scratch but how can you be sure
you will not end on the same position after a while.


Dalios

Re: rotating screen in debian tablet

[jdd]

Le 21/02/2016 19:49, Sven Arvidsson a écrit :


I also suggest that you document your efforts on getting Debian to run
here: https://wiki.debian.org/InstallingDebianOn/

Both the stuff that works, and the stuff that doesn't.


I will, after having investigated a bit more :-)

I was worried to notice the bug is still there when booting as 
multi-user, that is with no X, and this was confirmed this morning, 
there are no X recent logs.


so I looked at the kernel logs and noticed a crash:

http://dodin.org/owncloud/index.php/s/PzRjuxtZHKbMwzK

that seems to be a known issue, with some fixes, but I do not really 
understand what I have to do to apply the fixes :-(


https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1492632

https://bugs.launchpad.net/mesa/+bug/1274315

any way to do this on the grub kernel command line?

https://wiki.debian.org/KernelModesetting#Intel_GfxCards

thanks
jdd

Re: I Couldn't install geany-plugin-gdb in jessie.

[Reco]

Hi.

On Mon, 22 Feb 2016 16:21:31 +0800
EenyMeenyMinyMoa  wrote:

> Hi,
> refering to
> 
> https://packages.debian.org/search?lang=en=all=names=geany-plugin-gdb
> 
> I added the line
> deb http://ftp.jp.debian.org/debian/ wheezy main
> to /etc/apt/sources.list, and apt-get updated,
> but I was not able to install geany-plugin-gdb.

And you should not be able to as most of geany plugins depend on exact
version of geany.

This:

> geany-plugin-gdb : Depends: geany-plugins-common (= 0.21.1.dfsg-4) but
> 1.24+dfsg-5 is to be installed

clearly shows us that you have installed geany from jessie, so the only
kind of plugins that fit your install are geany plugins from Jessie.


> What should I do?

Try installing 'geany-plugin-debugger' instead.


> And why isn't geany-plugin-gdb in the jessie repository?

My guess is that they simply renamed the package.

Reco

I Couldn't install geany-plugin-gdb in jessie.

[EenyMeenyMinyMoa]

Hi,
refering to

https://packages.debian.org/search?lang=en=all=names=geany-plugin-gdb

I added the line
deb http://ftp.jp.debian.org/debian/ wheezy main
to /etc/apt/sources.list, and apt-get updated,
but I was not able to install geany-plugin-gdb.

$ sudo apt-get install geany-plugin-gdb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
geany-plugin-gdb : Depends: geany-plugins-common (= 0.21.1.dfsg-4) but
1.24+dfsg-5 is to be installed
E: Unable to correct problems, you have held broken packages.

What should I do?
And why isn't geany-plugin-gdb in the jessie repository?


EenyMeenyMinyMoa

Re: [Noticia] ¿Vuelve Firefox a Debian?

[Javier Silva]

El día 20 de febrero de 2016, 15:36, Camaleón  escribió:
> El Fri, 19 Feb 2016 19:23:45 +0100, Javier Silva escribió:
>
> (ese html...)
>

Sinceramente, ya no se que hacer, tengo activado texto sin formato en
el gmail y aún sigue llegando en html.

Saludos,
Javier

Re: Help! System crashes and locks up.

[Sven Arvidsson]

On Sun, 2016-02-21 at 18:12 -0600, Dennis Wicks wrote:
> Greetings;
> 
> I have a system I just put together. New pwr sup, mobo, and 
> 1 new SATA disk, 1TB. 2Gig memory. Processor is a Phenom 
> 9950 4 core. Running Deb 8.3.0 Jessie, new install.
> 
> Every so often it crashes and locks up, and the monitor 
> screen has many narrow horizontal lines, mostly the 
> background color.
> 
> When it crashes only reset and power off will work. I have 
> looked in every log file I can think of and no luck.
> 
> Does this sound familiar to anybody? Any hints?
> 
> Any help at all greatly appreciated!!

https://blog.codinghorror.com/is-your-computer-stable/

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5



signature.asc
Description: This is a digitally signed message part