[DNG] Inkscape Presentation at Phoenix LUG 1/13/2022
Hi all, For anyone who missed my Inkscape presentation but wants to see it, I'm giving it again at the monthly Phoenix (Arizona USA) LUG (PLUG) meeting 1/13/2022 at 7pm **Mountain Time** (Phoenix, Denver, and Salt Lake City USA time). You can see details at http://troubleshooters.com/lugs/phoenixlug/ Thanks, SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Alessandro Vesely via Dng said on Wed, 12 Jan 2022 10:39:07 +0100 >On Wed 12/Jan/2022 01:27:45 +0100 Florian Zieboll via Dng wrote: >> On Tue, 11 Jan 2022 18:52:10 -0500 >> william moss wrote: >> >>> Bash is taking the string in the double quotes as a single command; >>> this is well documented. If either the command or parameters have >>> spaces, you will have to use eval. Check the bash man page for >>> details. >>> >>> This will also usually work >>> X=$( "command and such" ) >>> due to the execute block. >> >> I am replying to the list to share the valid (tested) alternative. >> Thanks a lot! > > >Bash still considers a quoted command as such, for example: > >ale@pcale:~/tmp$ X=$("echo foo") >bash: echo foo: command not found On the other hand... === [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 1 UUID=730eaf92 2 UUID=41abb5fd 3 UUID=96cfdfb3 4 UUID=6F66-BF7 5 tmpfs /tmp tm [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 bash: cat -n: command not found [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 bash: cat -n /etc/fstab: No such file or directory [slitt@mydesk ~]$ === SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nftables firewall and fail2ban replacement.
onefang wrote: > My main problem with fail2ban is that it fails to ban. Or rather it does > ban, for that one rule I wrote myself, but not for any of the built in > rules, but then it releases the ban, even though I have told shorewall to > ban that particular IP. So the IP ends up being unbanned, coz fail2ban > says so. > > Yes, I'm aware you can configure fail2ban to shift from temporary to > permanent bans for persistent rule breakers. Would be good if the built > in rules actually worked. From experience, the built in rules worked last time I set a system up - worth checking all the config files as (again from memory) none of them are enabled by default. But what I did for the persistent offenders was to write my own rule (don’t remember any details now) that basically looked for repeated bans and then blocked them for a long time. That allows for users (or yourself) accidentally triggering the first rule - you just have to wait for it to time out - but will ban persistent offenders quite quickly as they’ll still be hammering the system when the first rule times out. Another thing to be aware of is that applying iptables drop rules to existing connections doesn’t stop the traffic. That’s important when trying to deal with UDP traffic - that may only apply when there is packet mangling (e.g. NAT) and so contract comes into play, or when the traffic terminates on the box you are trying to firewall it on. But TBH it’s a while now since I dealt with th and I don’t recall any details other than needing to clear entries in the contract table to actually stop traffic - I vaguely recall having to log onto the main router and drop it there sometimes. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On 1/12/22 04:39, Alessandro Vesely via Dng wrote: On Wed 12/Jan/2022 01:27:45 +0100 Florian Zieboll via Dng wrote: On Tue, 11 Jan 2022 18:52:10 -0500 william moss wrote: Bash is taking the string in the double quotes as a single command; this is well documented. If either the command or parameters have spaces, you will have to use eval. Check the bash man page for details. This will also usually work X=$( "command and such" ) due to the execute block. I am replying to the list to share the valid (tested) alternative. Thanks a lot! Bash still considers a quoted command as such, for example: ale@pcale:~/tmp$ X=$("echo foo") bash: echo foo: command not found Best Ale X=$( eval "echo foo" ) echo "$X" foo -- William (Bill) Moss billm...@acm.org NY (USA) Those who will not reason, are bigots, those who cannot, are fools, and those who dare not, are slaves. Lord Byron Justice will not be served until those who are unaffected are as outraged as those who are. Benjamin Franklin When the people fear the government there is tyranny, when the government fears the people there is liberty. John Basil Barnhill ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Wed, 12 Jan 2022 10:39:07 +0100 Alessandro Vesely via Dng wrote: > On Wed 12/Jan/2022 01:27:45 +0100 Florian Zieboll via Dng wrote: > > > > I am replying to the list to share the valid (tested) alternative. > > Thanks a lot! > > > Bash still considers a quoted command as such, for example: > > ale@pcale:~/tmp$ X=$("echo foo") > bash: echo foo: command not found Hallo Alessandro, you're right. I can't reproduce my nightly "successful test" and assume, that I had accidentally worked on a zip archive instead of a rar... Thanks for clarification and libre Grüße, Florian ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nftables firewall and fail2ban replacement.
A technique I learned is to use the "fail2ban-regex" command with a log file sample containing actual traffic that you want banned. E.g. for Apache logs from the shell prompt: $ fail2ban-regex /path/to/apache/logs/access_log..??.??-??_??_?? /etc/fail2ban/filter.d/apache-404.conf You'll get a report if the regexes in the apache-404.conf or whatever filter you're using is detecting traffic or not, according to whatever jail file is in use. I'm sure that with your experience in Fail2ban, you already double-check all the settings in the jail file like logpath, maxretry, findtime, and bantime. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] nftables firewall and fail2ban replacement.
I've been using shorewall and fail2ban for a while now, but nftables is soon replacing iptables, so it's time to consider some options. Apparently fail2ban already supports nftables, but shorewall doesn't and wont - https://shorewall-users.narkive.com/aujuSpJ1/nftables-on-the-roadmap My main problem with fail2ban is that it fails to ban. Or rather it does ban, for that one rule I wrote myself, but not for any of the built in rules, but then it releases the ban, even though I have told shorewall to ban that particular IP. So the IP ends up being unbanned, coz fail2ban says so. Yes, I'm aware you can configure fail2ban to shift from temporary to permanent bans for persistent rule breakers. Would be good if the built in rules actually worked. Right now there's a particular IP hitting that one rule, and no matter what I do, even completely zapping fail2ban's database and leaving it turned off, that IP keeps bypassing my firewall somehow. So I'll eventually need a replacement for shorewall anyway, and I'd like something similar to fail2ban that doesn't fail to ban. So the two replacements have to get along with each other. None of this "bad IP can get through coz the two fight over it" bullshit. This has to run on my servers and desktop, so no GUI. I'm an experienced sysadmin, text config is good. Any suggestions? -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Wed 12/Jan/2022 01:27:45 +0100 Florian Zieboll via Dng wrote: On Tue, 11 Jan 2022 18:52:10 -0500 william moss wrote: Bash is taking the string in the double quotes as a single command; this is well documented. If either the command or parameters have spaces, you will have to use eval. Check the bash man page for details. This will also usually work X=$( "command and such" ) due to the execute block. I am replying to the list to share the valid (tested) alternative. Thanks a lot! Bash still considers a quoted command as such, for example: ale@pcale:~/tmp$ X=$("echo foo") bash: echo foo: command not found Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng