Re: How to find system configuration vulnerabilities; was: Thank you Debian

[Timothy Butterworth]

On February 21, 2024, at 4:08 PM, Michael Kjörling <2695bd53d...@ewoof.net> 
wrote:

>On 21 Feb 2024 19:03 +, from an...@rodier.me (Andre Rodier):
>> - What is the best approach to check if there is any vulnerability in the
>> packages configuration ?
>> - Is there any service that could audit the deployment code or the
>> configuration files ?
>My understanding is that both Lynis and Vuls are popular for
>already-installed systems. If you have your configuration packaged as
>Ansible scripts, then deploying that onto a disposable VM based on a
>minimal Debian installation should be a reasonably practical way of
>auditing the deployment process itself for vulnerabilities.
>A web search for something like "linux local vulnerability scanner"
>will provide you with additional leads.
>Note that any automated tool will use some kind of heuristics so (a)
>may find things that are not actually vulnerabilities in your setup,
>and (b) might not find something which _is_ a vulnerability in your
>setup.
>-- 

You can install and run Tenable Nessus Vulnerability scanner. The free version 
can scan like 10 IPs. I use Nessus and it works well. 

Security Blanket is a Security hardening tool suite which is nice and not too 
expensive.


>Michael Kjörling  https://michael.kjorling.se
>“Remember when, on the Internet, nobody cared that you were a dog?”

Re: PATH question

[Timothy Butterworth]

On November 11, 2023, at 11:16 PM, David  wrote:

>On Sat, 11 Nov 2023 at 18:42, Thomas George  wrote:
>> I downloaded the google-chrome deb file to /opt/

Why did you put the chrome.deb in /opt? You found have just kept it in your 
downloads folder. When you use apt to install the chrome.deb package it will 
automatically install the software into a directory on /opt.

>>
>> used dpkg to install the program.
>>
>> initial attempt failed, two lib files missing.
>>
>> added the sbin entries to path and tried again
>Hi, the 'apt install' command does have the capability to install a local .deb
>package file together with its dependencies if they are available in
>the configured repositories.
>This capability seems to be not mentioned in the manpages
>of 'apt' or 'apt-get' [1].
>Looking for an authoritative source of information to show you,
>I found only this:
>  
>https://wiki.debian.org/DebianPackageManagement#Installing_and_removing_packages
>which says:
>  You can also install a .deb file with:
>  # apt install 
>My understanding is that the  must look like a pathname.
>So, to install 'debfile.deb' in the current directory, it should look like
>  apt install ./debfile.deb
>Maybe someone else knows where the authoritative documentation
>of this capability can be read, if there is any.
>Maybe someone else knows why this isn't documented in the manpages.
>I have a hazy recollection of possibly reading sometime that 'apt'
>authors might
>intend to rewrite the package regex handling in future, so maybe how this
>works might change, so that might be why it hasn't been documented.
>[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874763

Re: PATH question

[Timothy Butterworth]

On November 11, 2023, at 8:51 PM, Thomas George  
wrote:

>I downloaded the google-chrome deb file to /opt/
>used dpkg to install the program.

Use sudo apt install ./filename.deb you may need to run sudo apt update first.

>
>initial attempt failed, two lib files missing.
>added the sbin entries to path and tried again
>missing files found on the dvd installation disk and google-chrome 
>successfully installed
>On 11/11/23 13:22, Greg Wooledge wrote:
>> On Sat, Nov 11, 2023 at 01:03:45PM -0500, Thomas George wrote:
>>> In a newly installed bookworm I edited PATH to
>>> /usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

What account did you add the sbin's too? The Root account should already have 
sbin and it is the only account that should.

If you used su then you need to run either su -l or su -L to switch user to 
root with a login shell. I recommend disabling root login and using sudo.

>> What, exactly, did you edit?
>>
>>> in order to
>>> install google-chrome.
>> Now that makes no sense... unless you ran into the buster su issue.
>>
>> Please see ;.
>>
>>>    This worked but the installed PATH had  two other
>>> entries, something about games?
>> /usr/local/games and /usr/games
>>
>>> I failed to save and did not take note of all the installed PATH entries.
>>>
>>> I have no sound with bookworm. Could these other entries be the problem?
>> I sincerely doubt it.
>>

Re: Part II BIN=? AW: Anybody familiar with dd (copy)?

[Timothy Butterworth]

On November 11, 2023, at 5:54 PM, Pocket  wrote:

>
>
>On 11/11/23 17:42, Timothy Butterworth wrote:
>
>On November 11, 2023, at 5:21 PM, Schwibinger Michael  wrote:
>
>>
>>
>>dd if=/dev/sr0 of=/tmp/dvd.bin bs=1M
>>
>>Good afternoon
>>
>>This did work
>>
>>Thank You.
>>
>>But now the bin.
>>
>>I did
>>
>>chmod +x dvd.bin 
>>
>>./dvd.bin
>>
>>This did not work.
>
>Are you trying to copy a DVD movie? If so you should try handbrake or k3b.
>
>That would require dvdcss/libdvdcss 

How would you watch the movie with out dvdcss? K3B can make an iso disk image. 
You can mount the image but you would still need dvdcss to decrypt it.


-- It's not easy to be me 

Re: Part II BIN=? AW: Anybody familiar with dd (copy)?

[Timothy Butterworth]

On November 11, 2023, at 5:21 PM, Schwibinger Michael  wrote:

>
>
>dd if=/dev/sr0 of=/tmp/dvd.bin bs=1M
>
>Good afternoon
>
>This did work
>
>Thank You.
>
>But now the bin.
>
>I did
>
>chmod +x dvd.bin 
>
>./dvd.bin
>
>This did not work.

Are you trying to copy a DVD movie? If so you should try handbrake or k3b.

>
>Step 1 
>
> think ok
>
>no bug report 
>
>Step 2:
>
>./dvd.bin: 1: Syntax error: "(" unexpected
>
>Regards Sophie
>
>Von: jeremy ardley 
>
>Gesendet: Freitag, 3. November 2023 23:19
>An: debian-user@lists.debian.org 
>Betreff: Re: Anybody familiar with dd (copy)? 
>
> 
>
>On 4/11/23 03:37, Schwibinger Michael wrote:
>> I found:
>>
>> dd if=/dev/sr0 of=/tmp/dvd.bin conv=noerror oflag=direct
>>
>> It does not work.
>>
>> What do I do wrong?
>the conv and oflag parameters will be causing the problem.
>If you want to simply copy a disk image
>dd if=/dev/sr0 of=/tmp/dvd.bin bs=1M
>

Re: netmask question

[Timothy Butterworth]

On May 22, 2023, at 8:08 PM, Greg Wooledge  wrote:

>On Tue, May 23, 2023 at 07:39:21AM +0800, Tom Reed wrote:
>> For a given ipv4, if I know net addr and broadcast addr, how will I
>> calculate the netmask?
>I hope this is a theoretical question, because this is backwards.
>Normally you would specify the IP address and the netmask, and the
>software would calculate a broadcast address for you.
>The question you asked has no unique solution in the general case.
>Consider that you have the IPv4 address 10.0.255.42 and the broadcast
>address 10.0.255.255.
>Now, the netmask *could* be /24.  That would make 10.0.255.* the network
>address, and setting all the non-network bits to 1 gives you the
>broadcast address 10.0.255.255.
>But the netmask could also be /22.  That would make the network
>address range 10.0.252.0 through 10.0.255.255.

The network address is 10.0.252.0, the first address. The broadcast address is 
10.0.252.255, the last address. The host addresses are 10.0.252.1 - 254.

>In fact, the netmask could be anything from /17 to /24 inclusive.  You
>can't deduce it from the available information.
>That's why you specify the netmask up front.  You have to know it.

Re: how to change default nameserver?

[Timothy Butterworth]

After you edit resolv.conf make the file immutable with chattr. Chattr +i makes 
immutable chattr -i removes immmutable.

On April 9, 2023, at 4:51 AM, Christoph Brinkhaus  
wrote:

Am Sun, Apr 09, 2023 at 04:20:49PM +0800 schrieb cor...@free.fr:
> greetings,
> 
> I know I can edit the entries in /etc/resolv.conf, but it will be
> overwritten by DHCP server.
> I searched the internet and got one of the answers:
> 
> apt install resolvconf
> echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head
> 
> what's the difference for /etc/resolv.conf and the method above?
 
There is a thrid method I use. I have add the following lines to
/etc/dhcp/dhclient.conf:

interface "bond0" {
supersede domain-name-servers 127.0.0.1;
}

My interface is bond0. Yours might be different.

Kind regards,
Christoph
-- 
Ist die Katze gesund
schmeckt sie dem Hund.

Re: Strange application menus (File, Edit…) behaviour since last update

[Timothy Butterworth]

Try running apt fully upgrade


On March 9, 2023, at 2:33 AM, Yvan Masson  wrote:

Le 09/03/2023 à 04:19, Vincent Lefevre a écrit :
> On 2023-03-08 18:02:42 +0100, Yvan Masson wrote:
>> Using testing with KDE, I have an issue since last update: for many QT
>> applications and some GTK applications, menus (File, Edit…) or even
>> drop-down lists are difficult to trigger (Moste often I need to click and
>> then press Alt). I would like to ensure this bug has already been reported
>> (which might not has it has already entered testing), but I don't know which
>> package to look at.
> 
> I'm using Debian/unstable with FVWM (no desktop environment), and I
> don't have any issue with menus... except with those of Firefox 110,
> where the menus behave very strangely with the mouse (but everything
> is fine with the keyboard). Firefox 109 and the other applications
> (QT and GTK) do not have any issue.
> 
> I don't see how this could be related, but having 2 similar bugs
> with menus at the same time would be a strange coincidence (though
> this might be a consequence of something broken on the system).
> 
> FYI, my bug reports for Firefox 110, with some details on the
> behavior I get:
>https://bugzilla.mozilla.org/show_bug.cgi?id=1820542
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032428
> 
I might be the same issue indeed. A temporary workaround I have just 
found is to run KDE on Wayland. But I suppose it is not possible with FVWM.

Re: I am stuck with this while installing devian on my IMac early 2006

[Timothy Butterworth]

On May 29, 2022, at 2:30 PM, Nusrath Moin  wrote:

>
>
>Whenever i login after installing debian on my imac early 2006 it shows 
>"debian gnu/linux comes with absolutely no warranty, to the extent permitted 
>by applicable law" on some command screen and i am stuck what should i do 
>please tell me i am unable to use my imac 
>
What version of the installer did you use. If you want to troubleshoot then 
download the live DVD image. If you need non-free firmware then download the 
non-free live DVD installer.