[DNG] [Devuan 3] [Chmod] [Lynis] Bonked default permissions
I had run Lynis, a system-hardening auditor. At its suggestion, I changed numerous permissions system-wide. I have also changed conf files that alter book-time permissions. The following problems have occured: 1) Upon reboot, my /dev/snd is in a state that makes ALSA fail to recognize the audio devices. My user is in audio. The only way to make ALSA recognize the /dev/snd devices is to add setguid, which resets upon boot 2) My /var/lib is bonked. I am unable to run clamscan because clamscan can not access the bytecode files. Again, I can fix it with chmod which changes on the reboot. I am unsure if there are other issues. I have not yet come accross them. I changed my umask back to default, thoug my understanding on umask is that it only affects the /home directory. My fault is not logging what Lynis told me to do, and what I did in response. I did not realize that hardening my system permissions would cause this. I previously entered the IRC under an anonymous nick to fix more problems caused not as a result of this, but as a result of attempting to fix this. Those problems have been fixed. More-or-less my system is now in a state as it was after the initial-run of Lynis. Some output: [03:09 se7en@lappy ~] > ls -ld /dev/snd drwxr-x--- 3 root root 260 Jan 29 02:26 /dev/snd [03:12 se7en@lappy ~] > ls -ld /dev/snd/* ls: cannot a=ccess '/dev/snd/*': Permission denied [03:12 root@lappy se7en] > ls -ld /dev/snd/* # NOTE: Changing /dev/snd/by-path to audio:audo is enough to fix the # ALSA problem but it resets on reboot drwxr-xr-x 2 root root 60 Jan 29 02:26 /dev/snd/by-path crw-rw 1 root audio 116, 9 Jan 29 02:26 /dev/snd/controlC1 crw-rw 1 root audio 116, 7 Jan 29 02:26 /dev/snd/hwC1D0 crw-rw 1 root audio 116, 8 Jan 29 02:26 /dev/snd/hwC1D3 crw-rw 1 root audio 116, 3 Jan 29 02:26 /dev/snd/pcmC1D0c crw-rw 1 root audio 116, 2 Jan 29 02:26 /dev/snd/pcmC1D0p crw-rw 1 root audio 116, 4 Jan 29 02:26 /dev/snd/pcmC1D3p crw-rw 1 root audio 116, 5 Jan 29 02:26 /dev/snd/pcmC1D7p crw-rw 1 root audio 116, 6 Jan 29 02:26 /dev/snd/pcmC1D8p crw-rw 1 root audio 116, 1 Jan 29 02:26 /dev/snd/seq crw-rw 1 root audio 116, 33 Jan 29 02:26 /dev/snd/timer [03:13 se7en@lappy ~] > ls -ld /var/lib drwxr-xr-x 72 root root 4.0K Jan 24 02:47 /var/lib [03:14 se7en@lappy ~] > ls -ld /var/lib/* | grep clamav drwxr-xr-x 2 clamavclamav4.0K Jan 29 02:27 /var/lib/clamav drwxr-xr-x 4 root root 4.0K Feb 3 2019 /var/lib/clamav-unofficial-sigs [03:14 se7en@lappy ~] > ls -ld /var/lib/clamav/* -rw-r--r-- 1 clamav clamav 283K Jan 24 00:12 /var/lib/clamav/blurl.ndb -rw-r--r-- 1 clamav clamav 3.4K Oct 27 2019 /var/lib/clamav/bofhland_cracked_URL.ndb -rw-r--r-- 1 clamav clamav 104K Apr 3 2019 /var/lib/clamav/bofhland_malware_attach.hdb -rw-r--r-- 1 clamav clamav 610 Oct 26 2019 /var/lib/clamav/bofhland_malware_URL.ndb -rw-r--r-- 1 clamav clamav 9.5K Oct 27 2019 /var/lib/clamav/bofhland_phishing_URL.ndb -rw-r--r-- 1 clamav clamav 1.4M Sep 19 2019 /var/lib/clamav/bytecode.cld -rw-r--r-- 1 clamav clamav 82 Jul 13 2016 /var/lib/clamav/crdfam.clamav.hdb -rw-r--r-- 1 clamav clamav 323M Jan 27 05:10 /var/lib/clamav/daily.cld -rw-r--r-- 1 clamav clamav 65 Jul 26 2013 /var/lib/clamav/doppelstern.hdb -rw-r--r-- 1 clamav clamav 7.2M Jan 18 08:09 /var/lib/clamav/junk.ndb -rw-r--r-- 1 clamav clamav 184K Jan 23 19:12 /var/lib/clamav/jurlbl.ndb -rw-r--r-- 1 clamav clamav 294M Nov 25 2019 /var/lib/clamav/main.cld -rw-r--r-- 1 clamav clamav 256 Feb 10 2020 /var/lib/clamav/mirrors.dat -rw-r--r-- 1 clamav clamav 4.0M Jan 19 08:11 /var/lib/clamav/phish.ndb -rw-r--r-- 1 clamav clamav 1.4M Jan 24 00:00 /var/lib/clamav/phishtank.ndb -rw-r--r-- 1 clamav clamav 620K Jan 24 00:00 /var/lib/clamav/porcupine.ndb -rw-r--r-- 1 clamav clamav 41K Jan 22 01:11 /var/lib/clamav/rogue.hdb -rw-r--r-- 1 clamav clamav 11K Oct 18 2016 /var/lib/clamav/sanesecurity.ftm -rw-r--r-- 1 clamav clamav 1.9M Jan 19 12:09 /var/lib/clamav/scam.ndb -rw-r--r-- 1 clamav clamav 285 Jan 4 05:08 /var/lib/clamav/sigwhitelist.ign2 -rw-r--r-- 1 clamav clamav 1.4K Apr 28 2017 /var/lib/clamav/spamattach.hdb -rw-r--r-- 1 clamav clamav 19K Nov 6 01:12 /var/lib/clamav/spamimg.hdb -rw-r--r-- 1 root root 49 Dec 13 00:54 /var/lib/clamav/whitelist-files.txt -rw-r--r-- 1 clamav clamav 15K Jul 16 2018 /var/lib/clamav/winnow.attachments.hdb -rw-r--r-- 1 clamav clamav 66 Mar 5 2018 /var/lib/clamav/winnow_bad_cw.hdb -rw-r--r-- 1 clamav clamav 16K Mar 5 2018 /var/lib/clamav/winnow_extended_malware.hdb -rw-r--r-- 1 clamav clamav 18K Mar 5 2018 /var/lib/clamav/winnow_malware.hdb -rw-r--r-- 1 clamav clamav 15K Nov 26 2019 /var/lib/clamav/winnow_malware_links.ndb [03:14 se7en@lappy ~] > alsamixer cannot open mixer: Permission denied [03:14 se7en@lappy ~] > aplay -l aplay: device_list:272: no soundcards found... [03:13 root@lappy se7en] > alsamix
[DNG] [FLASH] THE UNITED STATES CONGRESS HAS FALLEN
The Congress of the United States has fallen. This is NOT A JOKE. The United States Congress has fallen. -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x0F83F93882CF6116 / | https://se7en-site.neocities.org signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] FWD: [Better than Zoom: Try these free software tools for staying in touch]
Zoom is a proprietary Teleconfrencing Software package that has grown in popularity over the past month. I had not heard of it until recently. Many schools that are still open have made it a requirement, from High School to College Level. It is a proprietary piece of technology that need not be used, especially when alternatives exist. Previously, I shared a video from Luke Smith, an internet personality, on Zoom. Now, the FSF has made a statement, as seen below. - Forwarded message from "Greg Farough, FSF" - Date: Fri, 03 Apr 2020 18:05:32 -0400 From: "Greg Farough, FSF" To: se7en@cock.email Subject: Better than Zoom: Try these free software tools for staying in touch Reply-To: "Greg Farough, FSF" Free Software Foundation Please consider adding i...@fsf.org to your address book, which will ensure that our messages reach you and not your spam box. Read and share online: https://www.fsf.org/blogs/community/ better-than-zoom-try-these-free-software-tools-for-staying-in-touch Dear Free Software Supporter, The COVID-19 pandemic has caused an enormous amount of changes in how people work, play, and communicate. By now, many of us have settled into the routine of using remote communication or videoconferencing tools to keep in touch with our friends and family. In the last few weeks we've also seen a number of lists and guides aiming to get people set up with the "right" tools for communicating in hard times, but in almost every case, these articles recommend that people make a difficult compromise: trading their freedom in order to communicate with the people they care about and work with. In times like these it becomes all the more important to remember that tools like Zoom, Slack, and Facebook Messenger are not benign public services, and while the sentiment they've expressed to the global community in responding to the crisis may be sincere, it hasn't addressed the fundamental ethical issues with any piece of proprietary software. After taking the LibrePlanet 2020 conference online, we received a number of requests asking us to document our streaming setup. As the pandemic grew worse, this gave way to more curiosity about how the Free Software Foundation (FSF) uses free tools and free communication platforms to conduct our everyday business. And while the stereotype of hackers hunched over a white on black terminal session applies to us in some ways, many of the tools we use are available in any environment, even for people who do not have a lot of technical experience. We've started documenting ethical solutions on the LibrePlanet wiki, in addition to starting a remote communication mailing list to help each other advocate for their use. In the suggestions that follow, a few of the tools we will recommend depend upon some "self-reliance," that is, steering clear of proprietary network services by hosting free software solutions yourself, or asking a technical friend to do it for you. It's a difficult step, and the benefits may not be immediately obvious, but it's a key part of preserving your autonomy in an age of ubiquitous digital control. To those who have the technical expertise and available infrastructure, we urge you to consider hosting instances of free communication platforms for your friends, family, and your community at large. For example, with a modest server and some GNU/Linux knowledge, you could help local students learn in freedom by volunteering to administer an instance of one of the programs we'll be recommending below. The need to self-host can be an uncomfortable reminder of our dependence on the "cloud" -- the network of someone else's computers -- but acknowledging our current reliance on these providers is the first step in making new, dependable systems for ourselves. During dangerous and stressful times, it's tempting to sideline our ethical commitments for easier or more convenient ways to get things done, and software freedom is no exception. We hope these suggestions will inspire you to inform others about the importance of their freedom, privacy, and security. Chat When we can no longer communicate face-to-face, tools for voice and video calling often come to mind as the next best thing. But as evidenced by the size and success of the proprietary software companies that sponsor these tools, their development isn't easy. Promoting real-time voice and video chat clients remains a High Priority Project of ours. Though we may still be waiting for a truly perfect solution, there are some projects that are far enough along in their development that we can recommend them to others. Audio calls • Mumble: Mumble is a real-time, low latency program for hosting and joining audio conversations. Clients are available for every major operating system, and even large rooms tend not to put too much stress on the network. When it was time fo
[DNG] [ASCII] [Mutt+Torify+Fetchmail+Procmail+Msmtp] Problems torifying email
I have previously stated this months ago in the IRC, and have found some references in other bug report forums including Debian, Ubuntu, and FreeBSD, but I have been unable to find a solution for my own problem. The proposed solutions include "Don't use Tor", "Use Dante", and the classic "Nevermind, I figured it out!" The problem I have been having since November 2018 when I upgraded to ASCII was that I simply can not torify Fetchmail. I later discovered that Mutt is affected. The problem seems to be related to my mail spool, /var/mail/se7en. Fetchmail properly downloads the files when torified. The problem is when it attempts to write them to /var/mail/se7en. The output of a torify'd `fetchmail -v` is fetchmail: MDA error while fetching from se7en@cock.em...@mail.cock.li fetchmail: 6.3.26 querying mail.cock.li (protocol IMAP) at Tue 14 May 2019 11:21:55 PM PDT: poll completed fetchmail: Query status=6 (IOERR) fetchmail: normal termination, status 6 Btw, these are the permissions of my /var/mail/ -rw-rw---- 1 se7en mail 2.8M May 14 23:09 se7en When I attempt to torify mutt (which was part of my previous setup) it produces an error saying "/usr/bin/mutt_dotlock: Operation Not Permitted". (Part of the error is cut off). I can then view my spool's mail, but I can not change the flags or compose a new message. None of these problems occur in a non-tor environment. Is the problem relating to you, Debian Packaging, Tor, Mutt, Fetchmail, or what? Torifying MSMTP works. Torifying almost all-else works. It is only seemingly related to my Procmail+Fetchmail setup. Does /anyone/ have a solution? It has been too long to have such a seemingly-simple problem I can not find a solution to rectify! -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x73518A15BA3C1476 / | Website TBA signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Multiple problems with upgrade
To whom it may concern, I have had many issues with an upgrade from Jessie to ASCII, and have voiced my complaints in IRC. Some of these issues are also reported in Debian Proper with no proposed solutions. I feel the need to voice them. First issue (Reported in Debian): X11 doesn't start up without root permissions. The issue is reported at <http://forums.debian.net/viewtopic.php?t=130587> and the solution is a work-around to change a conf file to run as root. Second issue: Torsocks does not work for several applications, notably fetchmail. I do not know if this is an issue with Devuan or Torsocks. It gives a permission denied error. Specific error is sh: 1: /usr/bin/procmail: Operation not permitted. It exits status 6. This is also an issue with mutt. Torifying mutt produces "mutt_dotlock: operation not permited". Third issue: My loopback address is not automatically brought up. I have to run `ifconfig lo up` on every boot. Attachment is my /etc/network/interfaces Fourth issue: My swap space is not correct. I had to fiddle with it, and am unable to correct it. I use LUKS+Cryptswap. I used the Jessie guided paritioner and it worked well before the upgrade. There are more issues I can not recall at this moment. I am very upset that there are no solutions to this problem. Does anyone know what is happening? -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x73518A15BA3C1476 / | Website TBA # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet # This is an autoconfigured IPv6 interface iface eth0 inet6 auto signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] FWD: [OT] Spammer gone meta
Forwarding this because I thought it funny. Also, what's nettiquite say about forwarding a forward? Should I remove his portion of the message? - Forwarded message from ShieldCurve - Date: Mon, 24 Jul 2017 20:39:15 -0400 From: ShieldCurve To: mail...@lists.cock.li Subject: [cock.li] Spammer gone meta User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 The Nigerian scammers are getting too meta for me. Forwarded Message Subject: WHY YOU SEND SO MUCH MONEY TO THOSE SCAM Date: Sun, 23 Jul 2017 09:56:58 -0700 From: WEST AFRICAN POLICE Reply-To: y...@yy.com We are notifying you this afternoon following so many Frauds report against you from west Africa here, precisely, Ghana, Nigeria and Benin.From United State FBI and scam Monitoring Teams, we have been notified through the security agents that so much money has been sent by United states Citizens to scam experts of the above countries who neither do not have any of your funds or have idea about that. Most of this scammers uses names of corporate companies, Individuals and courts and even the security agencies to scam innocent citizen of their hard earned income. Your case is prominent among this victims, as you were reported to have sent fee to scammers of above countries. And in conjunction with United states CIA, we are working diligently to get to the root of this. We got your email address through United states FBI now in investigation exercise in Africa. Now, for the sake of your freedom, we will like to know more about your transactions in west Africa here, and why all the fees are sent. Bear in mind, The information from FBI says those scammers uses the names of fake companies, Banks, and corporate institutions to collect fee from you instead of original right entrusted person EMAIL US(z...@zz.com) West Africa Security Team - End forwarded message - -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x73518A15BA3C1476 / | http://koolkidsklub.tech/~se7en/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Why am I being stonewalled (GRSecurity discussion)?
On Tue, Jul 25, 2017 at 03:18:25AM +, aconcernedfoss...@airmail.cc wrote: > Why am I being stonewalled from the discussion now? So you were kicked out of a discussion thread for being weird, you go to 8chan to complain, they figure out you're a sockpuppet of MikeeeUSA, and then you leave there and come to the devuan mailing list and don't even put OT in the subject header. Mikeee, you're a weirdo and outside of maybe 10 people no one thinks you are even competent. -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x73518A15BA3C1476 / | http://koolkidsklub.tech/~se7en ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Systemd: Once again the "not-a-bug" attitude, this time regarding a security issue
On Thu, Jul 06, 2017 at 12:36:51AM +0200, Martin Steigerwald wrote: > systemd can't handle the process previlege that belongs to user name > startswith number, such as 0day #6237 > https://github.com/systemd/systemd/issues/6237 > > and > > [systemd-devel] Github systemd issue 6237 > https://lists.freedesktop.org/archives/systemd-devel/2017-July/039154.html > > *again* IMHO is inacceptable for security issues like this. It is stupid. Incredibly stupid. Luckily I've already seen on web forums I frequent the Pro-Systemd crowd having second thoughts. > I read in german Linux-Magazin that KDE Plasma basically works in Devuan > Jessie… but I am on Debian Unstable with my laptop. And there seem to be > issues with automounting… On my Jessie-Server VM I could just cross-grade to > Devuan Jessie, it was running with sysvinit for a long time anyway. My VM for > the backup is Debian Stretch already. Don't use KDE. Use a power-user DE like a white man! FVWM2 or i3 or Bust! -- |-/ | Se7en / The One and Only! | se7en@cock.email / | 0x73518A15BA3C1476 / | http://koolkidsklub.tech/~se7en ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng