[gentoo-user] Can not update @world
I haven't updated my portage tree for a while. I tried to update recently but got some conflicts. So I removed some packages manually. This didnt' solve the issue. So I decided to remove all the masked packages that I unmasked. To do so, I moved package.mask and package.accept_keyword, and did a --autounmask-write. And added: >gnome-base/gnome-2.32.1-r2:2.0 to package.mask to prevent gnome3 from being pulled. Now, emerge --update --deep --newuse world Still gives me errors: ... [ebuild N ] virtual/perl-CPAN-Meta-Requirements-2.122.0 0 kB [ebuild U ] perl-core/CPAN-Meta-2.120.921 [2.112.621] 75 kB [blocks b ] =net-libs/libsoup-2.42 (">=net-libs/libsoup-2.42" is blocking net-libs/libsoup-gnome-2.38.1) [ebuild U ] net-libs/webkit-gtk-2.0.4:3/25 [1.8.3-r300:3/3] USE="geoloc gstreamer introspection jit webgl (-aqua) -coverage -debug -libsecret% -spell {-test} (-doc%) (-webkit2%*)" 9,619 kB [ebuild N ] net-misc/networkmanager-0.9.8.8 USE="dhcpcd introspection nss ppp wext wifi -avahi -bluetooth -connection-sharing -consolekit -dhclient -gnutls -modemmanager -resolvconf -systemd {-test} -vala" 1,980 kB [ebuild N ] dev-libs/libgweather-3.8.3:2/3-3 USE="introspection" 0 kB [ebuild NS] gnome-extra/gtkhtml-4.6.6:4.0 [3.32.2:3.14] 1,036 kB [ebuild U ] app-crypt/seahorse-3.8.2 [2.32.0] USE="-avahi -debug -ldap (-doc%) (-introspection%) (-libnotify%) (-test%)" 1,966 kB [ebuild U ] app-editors/gedit-3.8.3 [2.30.4] USE="introspection%* python* -spell {-test%} -zeitgeist% (-doc%)" PYTHON_TARGETS="python3_3%* -python3_2%" 3,003 kB [ebuild U ] net-misc/vino-3.8.1-r1 [2.32.2-r2] USE="crypt jpeg ssl telepathy zlib -avahi -debug -gnome-keyring -ipv6 -networkmanager (-libnotify%)" 737 kB [ebuild N ] dev-libs/libgweather-2.30.3:2 USE="-python" 0 kB [ebuild U ] gnome-extra/zenity-3.8.0 [2.32.1] USE="webkit%* -debug -libnotify {-test%} (-compat%*)" 3,566 kB [ebuild N ] net-libs/rest-0.7.90:0.7 USE="gnome introspection {-test}" 299 kB [ebuild U ] dev-libs/totem-pl-parser-3.4.5 [2.32.6-r3] USE="crypt%* introspection quvi -archive {-test%}" 1,571 kB [ebuild N ] gnome-base/gnome-panel-3.8.0-r1 USE="introspection -eds -networkmanager" 0 kB [ebuild N ] gnome-extra/nm-applet-0.9.8.8 USE="introspection -bluetooth -gconf -modemmanager" 1,195 kB [ebuild U ] gnome-extra/yelp-3.8.1 [2.30.2-r200] USE="-debug (-lzma%)" 1,393 kB [ebuild U ] www-client/epiphany-3.8.2 [2.30.6-r1] USE="jit%* nss -debug {-test} (-avahi%) (-doc%) (-introspection%) (-networkmanager%)" 2,473 kB [ebuild N ] net-libs/libsocialweb-0.25.21 USE="gnome introspection networkmanager -connman -vala" 462 kB [ebuild N ] gnome-base/gnome-panel-2.32.1-r3 USE="bonobo introspection -eds -networkmanager" 0 kB [ebuild N ] x11-wm/mutter-3.8.4 USE="introspection -debug {-test}" 1,666 kB [ebuild U ] x11-wm/metacity-2.34.13 [2.30.3] USE="{-test} -xinerama" 1,622 kB [ebuild U ] media-video/totem-3.8.2-r1 [2.32.0-r2] USE="introspection%* nsplugin python* -debug -flash% -grilo% -lirc -nautilus {-test%} -zeitgeist% (-bluetooth%) (-iplayer%) (-tracker%) (-upnp-av%) (-youtube%*)" PYTHON_SINGLE_TARGET="python2_7%* -python2_6%" PYTHON_TARGETS="python2_7%* -python2_6%" 3,080 kB [ebuild N ] gnome-base/gnome-applets-2.32.1.1-r2 USE="cpufreq gstreamer -ipv6 -networkmanager -policykit" 0 kB [ebuild N ] net-libs/gnome-online-accounts-3.8.5 USE="gnome introspection -debug -kerberos" 634 kB [ebuild N ] gnome-base/gnome-control-center-3.8.6:2 USE="bluetooth colord cups gnome-online-accounts i18n socialweb -debug -kerberos -modemmanager -v4l" INPUT_DEVICES="-wacom" 6,566 kB [ebuild U ] dev-libs/libgdata-0.14.0:0/13 [0.8.1-r2:0/0] USE="gnome introspection -debug -static-libs% -vala%" 1,327 kB [ebuild N ] gnome-extra/evolution-data-server-3.8.5:0/40 USE="gnome-online-accounts gtk introspection vala weather -api-doc-extras -ipv6 -kerberos -ldap {-test}" 3,843 kB [ebuild N ] gnome-extra/evolution-data-server-2.32.3-r3 USE="weather -gnome-keyring -ipv6 -kerberos -ldap {-test}" 0 kB [ebuild N ] mail-client/evolution-3.8.5:2.0 USE="bogofilter crypt gnome-online-accounts gstreamer ssl weather -highlight -kerberos -ldap -map -spamassassin" 12,037 kB [ebuild N ] gnome-base/gdm-3.8.4-r3 USE="gnome-shell introspection systemd tcpd -accessibility -audit -branding -debug -fallback -fprint -ipv6 -plymouth (-selinux) {-test} -xinerama" 1,638 kB [ebuild N ] gnome-base/gnome-shell-3.8.4-r1 USE="bluetooth i18n networkmanager (-openrc-force)" PYTHON_TARGETS="python2_7 -python2_6" 1,482 kB [blocks B ] =dev-lang/python-2.7.5-r2:2.7[threads,sqlite] required by (www-client/firefox-24.1.1::gentoo, ebuild scheduled for merge) (dev-lang/python-2.7.5-r3::gentoo, ebuild scheduled for merge) pulled in by (no parents that aren't satisfied by other packages in this slot) media-libs/libpng:0 (media-libs/libpng-1.5.17-r1::gentoo, installed) p
Re: [gentoo-user] Firefox 24.1.1 - and PFD viewer UGLY fonts
On 12/30/13 22:03, Bruce Hill wrote: On Mon, Dec 30, 2013 at 07:38:00PM -0700, Joseph wrote: I just upgraded to Firefox-24.1.1 and when an online pdf file is generated some ugly view pops up that is using "monospace fonts" impossible to read and it looks ugly on a print out. Is there a solution to it? How about giving a link to that file? How does this one look? http://www.adobe.com/content/dam/Adobe/en/products/acrobat/pdfs/adobe-acrobat-xi-pdf-sanitization-remove-hidden-data-from-pdf-files-tutorial-ue.pdf Cheers, Bruce This one looks perfect with firefox previewer. I usually turn off the previewer and save the pdf to file. This way I don't have a problem with firefox previewer fonts. -- Joseph
Re: [gentoo-user] Firefox 24.1.1 - and PFD viewer UGLY fonts
On Mon, Dec 30, 2013 at 07:38:00PM -0700, Joseph wrote: > I just upgraded to Firefox-24.1.1 and when an online pdf file is generated > some ugly view pops up that is using "monospace fonts" impossible to read and > it looks > ugly on a print out. > Is there a solution to it? How about giving a link to that file? How does this one look? http://www.adobe.com/content/dam/Adobe/en/products/acrobat/pdfs/adobe-acrobat-xi-pdf-sanitization-remove-hidden-data-from-pdf-files-tutorial-ue.pdf Cheers, Bruce -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
[gentoo-user] Firefox 24.1.1 - and PFD viewer UGLY fonts
I just upgraded to Firefox-24.1.1 and when an online pdf file is generated some ugly view pops up that is using "monospace fonts" impossible to read and it looks ugly on a print out. Is there a solution to it? -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
Am Dienstag, 31.12.2013 um 01:38 schrieb Neil Bothwick : > On Mon, 30 Dec 2013 17:52:56 +0100, waben...@gmail.com wrote: > > > > For some reason or another the system doesn't like my fstab entry: > > > /dev/sdb1 /media/stickauto > > > noauto,rw,users 0 0 > > > > AFAIK the option to permit user mount is "user" and not "users". > > Could this cause the problem? > > user and users are both valid, slightly different, options. THX for the info, I didn't know that.
Re: [gentoo-user] USB permission/owner - change not allowed as root
On Mon, 30 Dec 2013 17:52:56 +0100, waben...@gmail.com wrote: > > For some reason or another the system doesn't like my fstab entry: > > /dev/sdb1 /media/stickauto > > noauto,rw,users 0 0 > > AFAIK the option to permit user mount is "user" and not "users". Could > this cause the problem? user and users are both valid, slightly different, options. -- Neil Bothwick In 1750 Issac Newton became discouraged when he fell up a flight of stairs. signature.asc Description: PGP signature
Re: [gentoo-user] Apache died this morning... why?
On Mon, 30 Dec 2013 08:44:45 -0500, Tanstaafl wrote: > >>> preserved-rebuild should just take care of all this automagically. > >>> Do you have preserve-libs in FEATURES? > > >> Nope... is this now recommended? Is it the default on new installs? > > > Yes it's the default for new installs and comes highly recommended > > (unless you like having stuff not work at all till revdep-rebuild > > completes...) > > > > There was a news item 2013-06-07: > > Interesting. Wonder how I missed that, or why my new install doesn't > have it enabled - or is it enabled somewhere other than in > /etc/portage/make.conf? It's enabled in the profile, like most defaults. You can see whether it is set by looking at the output from emerge --info. -- Neil Bothwick The truth shall make you free, but first it shall piss you off. signature.asc Description: PGP signature
Re: [gentoo-user] NFS & static ports - driving me crazy...
On Monday 30 December 2013 15:25:02 Tanstaafl wrote: > Ok, my google-fu has failed me... > > I've found a few sites that describe how to set static ports for NFS > mounting remote shares (I use iptables for both inbound AND outbound, > and it is the outbound I'm having trouble with). > > This is for NFS CLIENT... I'm mounting NFS shares from my remote QNAP > NAS boxes. > > I've tried specifying the ports in /etc/conf.d/nfs, and /etc > sysctl.conf, but I must be missing something, because every time I > reboot, some other port comes up being blocked when I try to mount the > shares... > > Anyone? The references I've found are older, so maybe there is something > new I'm missing? Maybe you it's the lockd port: $ cat /etc/modprobe.d/lockd.conf options lockd nlm_udpport=13003 nlm_tcpport=13003
Re: [gentoo-user] MidnightCommander - exit in working directory
On 12/30/2013 02:44 PM, David Abbott wrote: > From the ebuild elog; > LOG: postinst > To enable exiting to latest working directory, > put this into your ~/.bashrc: > . /usr/libexec/mc/mc.sh > > HTH :) > Yes, I knew I was doing something stupid. I tried that, but I forgot the ". " in from of it. Solved and done. Thank you. -Skippy
Re: [gentoo-user] NFS & static ports - driving me crazy...
On Mon, Dec 30, 2013 at 10:04:29PM +0100, Joerg Schilling wrote: > Bruce Hill wrote: > > > > It just so happens that I'm setting up NFS atm using this guide: > > https://wiki.gentoo.org/wiki/NFSv4 > > This info unfortunately misses the port number: 2049 What do you mean by "misses the port number: 2049"? It's covered in the Troubleshooting section, as well as in "man nfs". -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] MidnightCommander - exit in working directory
On Mon, Dec 30, 2013 at 3:08 PM, Skippy wrote: > Greetings; > > This should be simple, I've done it before, yet googling hasn't landed > me the correct answer yet. I've killed exiting config files to start > over and applied assorted wrong answers. > > How does one get MC to exit in the current working directory instead of > the directory it started in? > > Much thanks - Skippy > >From the ebuild elog; LOG: postinst To enable exiting to latest working directory, put this into your ~/.bashrc: . /usr/libexec/mc/mc.sh HTH :) -- David Abbott (dabbott)
Re: [gentoo-user] MidnightCommander - exit in working directory
On the last update, there was an explanation of how to do this either in postinstall or man pages. I'm not near my puter, but will reply with more specifics once I can read the logs. On Dec 30, 2013 12:09 PM, "Skippy" wrote: > Greetings; > > This should be simple, I've done it before, yet googling hasn't landed > me the correct answer yet. I've killed exiting config files to start > over and applied assorted wrong answers. > > How does one get MC to exit in the current working directory instead of > the directory it started in? > > Much thanks - Skippy > >
Re: [gentoo-user] NFS & static ports - driving me crazy...
Bruce Hill wrote: > > Why don't you just use NFSv4? > > NFSv4 was designed to interact well with firewalls. > > > > Jörg > > It just so happens that I'm setting up NFS atm using this guide: > https://wiki.gentoo.org/wiki/NFSv4 This info unfortunately misses the port number: 2049 Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] NFS & static ports - driving me crazy...
On 2013-12-30 3:27 PM, Joerg Schilling wrote: Tanstaafl wrote: Ok, my google-fu has failed me... I've found a few sites that describe how to set static ports for NFS mounting remote shares (I use iptables for both inbound AND outbound, and it is the outbound I'm having trouble with). Why don't you just use NFSv4? NFSv4 was designed to interact well with firewalls. I'm pretty sure these QNAP boxes don't support nfsv4
Re: [gentoo-user] NFS & static ports - driving me crazy...
On Mon, Dec 30, 2013 at 09:27:19PM +0100, Joerg Schilling wrote: > Tanstaafl wrote: > > > Ok, my google-fu has failed me... > > > > I've found a few sites that describe how to set static ports for NFS > > mounting remote shares (I use iptables for both inbound AND outbound, > > and it is the outbound I'm having trouble with). > > Why don't you just use NFSv4? > NFSv4 was designed to interact well with firewalls. > > Jörg It just so happens that I'm setting up NFS atm using this guide: https://wiki.gentoo.org/wiki/NFSv4 Let us know if the info there helps. -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] NFS & static ports - driving me crazy...
Tanstaafl wrote: > Ok, my google-fu has failed me... > > I've found a few sites that describe how to set static ports for NFS > mounting remote shares (I use iptables for both inbound AND outbound, > and it is the outbound I'm having trouble with). Why don't you just use NFSv4? NFSv4 was designed to interact well with firewalls. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
[gentoo-user] NFS & static ports - driving me crazy...
Ok, my google-fu has failed me... I've found a few sites that describe how to set static ports for NFS mounting remote shares (I use iptables for both inbound AND outbound, and it is the outbound I'm having trouble with). This is for NFS CLIENT... I'm mounting NFS shares from my remote QNAP NAS boxes. I've tried specifying the ports in /etc/conf.d/nfs, and /etc sysctl.conf, but I must be missing something, because every time I reboot, some other port comes up being blocked when I try to mount the shares... Anyone? The references I've found are older, so maybe there is something new I'm missing? Thx...
[gentoo-user] MidnightCommander - exit in working directory
Greetings; This should be simple, I've done it before, yet googling hasn't landed me the correct answer yet. I've killed exiting config files to start over and applied assorted wrong answers. How does one get MC to exit in the current working directory instead of the directory it started in? Much thanks - Skippy
Re: [gentoo-user] Re: IPTables question... simple as possible for starters
On Mon, Dec 30, 2013 at 1:04 PM, James wrote: > shawn wilson gmail.com> writes: > > >> Also see nftables: http://netfilter.org/projects/nftables/ > > Interesting read. > > http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg > > http://upload.wikimedia.org/wikipedia/commons/d/dd/Netfilter-components.svg > > Where is the diagram for nftables, in some detail? > > > How secure is nftables, currently? I could not find any results of > published penetration testing against nftables vs ip,eb,x(tables)?. Any > published results against an array of penetration testing? > First, I don't know what they mean by xtables vs iptables: # whereis iptables iptables: /sbin/iptables /usr/include/iptables /usr/include/iptables.h /usr/share/man/man8/iptables.8.bz2 # readlink /sbin/iptables xtables-multi # whereis xtables-multi xtables-multi: /sbin/xtables-multi Right? So, that's just being neadlessly verbose. Per testing. As long as they didn't do anything stupid (I seriously doubt that): http://www.cvedetails.com/product/1656/Netfilter-Core-Team-Iptables.html?vendor_id=959 Would I convert a prime time server to using nftables right now? Hell no. Is it safe, probably. > Also, libmnl, seems to be a library looking for developers to use? > It seems very early stage to me, and not ready for prime-time, at > first glance? What did I miss? > No idea.
Re: [gentoo-user] USB permission/owner - change not allowed as root
On Sun, Dec 29, 2013 at 07:42:33PM -0700, Joseph wrote: > After recent upgrade when I mount my USB and try as root: > > chown joseph:users /media/stick/Ancient-Electricity_new.ppt > chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: > Operation not permitted > > file ownership is: > -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt The thread kinda zig-zagged off on me, so hope you don't mind a post here. Perhaps this guide would be as nice a read for you as it was for me. It brings back memories as I started using Linux in June, 2003, just before he wrote it: http://www.linuxquestions.org/linux/answers/Security/Quick_and_Dirty_Guide_to_Linux_File_Permissions Second, please issue "blkid" and give the line for this USB device. Cheers, Bruce -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
[gentoo-user] Re: IPTables question... simple as possible for starters
shawn wilson gmail.com> writes: > Also see nftables: http://netfilter.org/projects/nftables/ Interesting read. http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg http://upload.wikimedia.org/wikipedia/commons/d/dd/Netfilter-components.svg Where is the diagram for nftables, in some detail? How secure is nftables, currently? I could not find any results of published penetration testing against nftables vs ip,eb,x(tables)?. Any published results against an array of penetration testing? Also, libmnl, seems to be a library looking for developers to use? It seems very early stage to me, and not ready for prime-time, at first glance? What did I miss? curiously, James
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 12/30/13 17:36, Randolph Maaßen wrote: [snip] With the line in fstab: /dev/sdb1 /media/stickautonoauto,rw,users 0 0 Some USB stick are mounted as root:root and I can not change that even as root. When I remove this like from fstab. The USB stick are mounting correctly as joseph:users owner except they have different mounting location which I don't like. -- Joseph You can specify the user/group that mounts a device with some mount options. I think they are uid=/gid= but I'm not sure and unfortunatly not on my Linux box at the moment. I've tried in fstab: /dev/sdb1 /media/stickauto noauto,uid=1000,gid=100,umask=0770 0 but I'm getting an error: Error mounting system-managed device /dev/sdb1: Command-line `mount "/media/stick"' exited with non-zero exit status 32: mount: wrong fs type, bad option, bad superblock on /dev/sdb1, What am I missing? -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
Am Sonntag, 29.12.2013 um 21:12 schrieb Joseph : > For some reason or another the system doesn't like my fstab entry: > /dev/sdb1 /media/stickauto > noauto,rw,users 0 0 AFAIK the option to permit user mount is "user" and not "users". Could this cause the problem?
Re: [gentoo-user] USB permission/owner - change not allowed as root
2013/12/30 Joseph : > On 12/30/13 10:38, Alan McKinnon wrote: > > [snip] > >>> I too ran the chown command on my USB flash and got the same >>> response as you did: >>> >>> localhost001 media # chown cru:users flash-drive1/ >>> chown: changing ownership of ‘flash-drive1/’: Operation not >>> permitted >>> >>> drwxr-xr-x 7 root root 16384 Dec 31 1969 flash-drive1 >>> >>> Don't know what to tell you. interestingmy says Dec 31 1969. >> >> >> >> >> Read the man page for mount, section vfat. >> >> >> You can't change the owner as FAT doesn't have a concept of owner, so >> it's simulated at mount time. You can't change it at runtime. >> >> To change it you have to umount the device and remount it using the >> appropriate option, all in the man page > > > I don't think it has anything to do with FAT. > Everything was working just find on my system before upgrade. > > With the line in fstab: > > /dev/sdb1 /media/stickautonoauto,rw,users > 0 0 > > Some USB stick are mounted as root:root and I can not change that even as > root. > When I remove this like from fstab. > The USB stick are mounting correctly as joseph:users owner except they have > different mounting location which I don't like. > > -- > Joseph > You can specify the user/group that mounts a device with some mount options. I think they are uid=/gid= but I'm not sure and unfortunatly not on my Linux box at the moment. -- Mit freundlichen Grüßen / Best regards Randolph Maaßen
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 12/30/13 10:38, Alan McKinnon wrote: [snip] I too ran the chown command on my USB flash and got the same response as you did: localhost001 media # chown cru:users flash-drive1/ chown: changing ownership of ‘flash-drive1/’: Operation not permitted drwxr-xr-x 7 root root 16384 Dec 31 1969 flash-drive1 Don't know what to tell you. interestingmy says Dec 31 1969. Read the man page for mount, section vfat. You can't change the owner as FAT doesn't have a concept of owner, so it's simulated at mount time. You can't change it at runtime. To change it you have to umount the device and remount it using the appropriate option, all in the man page I don't think it has anything to do with FAT. Everything was working just find on my system before upgrade. With the line in fstab: /dev/sdb1 /media/stickautonoauto,rw,users 0 0 Some USB stick are mounted as root:root and I can not change that even as root. When I remove this like from fstab. The USB stick are mounting correctly as joseph:users owner except they have different mounting location which I don't like. -- Joseph
Re: [gentoo-user] Re: unwanted msgs from cron after upgrade : solved
131230 James wrote: > Philip Webb ca.inter.net> writes: >> Yesterday I did my usual Sat system update, emerging new versions of >> libassuan HTTP-Cookies dialog curl coreutils binutils procps virtual/man . >> Today after restarting the system, mail continues to be downloaded normally, >> my mailbox is receiving notices every 5 min from my cron mail job : > I've been reading about many folks upgrading the deprecated "cron" > to the maintained "cronie". You might want to read re /sys-process/cronie. Thanks for the suggestion & sorry for the noise. The problem was a planned power outage which affected the server ; all is now back to normal. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
[gentoo-user] RUBY_TARGETS and "eselect ruby"
I currently set my RUBY_TARGETS in make.conf to: RUBY_TARGETS="ruby20 ruby21" World is updated. But ruby21 profile can't be selected with eselect: $ eselect ruby list Available Ruby profiles: [1] ruby20 (with Rubygems) * If I remove ruby20 from RUBY_TARGETS, there would be no profiles left. Why?
Re: [gentoo-user] Apache died this morning... why?
On 2013-12-30 7:40 AM, Alan McKinnon wrote: Doesn't mean anything to me though... ;) It's just a list of the libs a file knows it is linked to. First is the lib name then the big arrow (=>) then the file containing that lib then a bunch of numbers. Ignore the numbers, pay most attention to anything that says "not found" - that's the junk revdep-rebuild looks for Ok, thx for the explanation... makes it a little less mysterious at least. preserved-rebuild should just take care of all this automagically. Do you have preserve-libs in FEATURES? Nope... is this now recommended? Is it the default on new installs? Yes it's the default for new installs and comes highly recommended (unless you like having stuff not work at all till revdep-rebuild completes...) There was a news item 2013-06-07: Interesting. Wonder how I missed that, or why my new install doesn't have it enabled - or is it enabled somewhere other than in /etc/portage/make.conf? Anyway, just changed mine to FEATURES="buildpkg preserve-libs" This happened by the way when the logs were rotated by logrotate. Maybe that is significant? Yes, that is highly significant. IIRC logrotate can work in one of two ways: 1. rename the log file and create a new empty one 2. copy the log file elsewhere and truncate the original I forget which way it does it for the moment... #1 is fast but leaves the daemon (apache or syslog) trying to write to a file that isn't there anymore. Or worse, it's writing to an open file that has been deleted and a new one with the same name still exists. #2 is slower but safer. Either way, the apache daemon has to be told it's log file went away. Not all daemons can use inotify to just find this out, some have to be told, so logrotate resets/restarts/hups them. In the case of apache it does a graceful restart (what you get with apachectl graceful). Your apache re-read it's config file at that point, found any error for php and decided to roll over and die. Ok, but, if that is the case, why did it startup just fine when I simply did /etc/init.d/apache2 start? Shouldn't it have still died?
Re: [gentoo-user] metasploit jumping into "emerge -uDN world"
Em 29-12-2013 20:35, Alan McKinnon escreveu: > On 29/12/2013 17:54, Zhu wrote: >> Em 29-12-2013 11:47, Hinnerk van Bruinehsen escreveu: >>> Zhu wrote: Hello, every time that i try to made a "emerge -uDN world", metasploit jump in the process installation. I've check and there aren't dependencies ask for him: /[root@asgard ~]$ equery d net-analyzer/metasploit// // * These packages depend on net-analyzer/metasploit:// //[root@asgard ~]$ equery d dev-ruby/metasploit_data_models// // * These packages depend on dev-ruby/metasploit_data_models:// //[root@asgard ~]$ equery d app-admin/eselect-metasploit * These packages depend on app-admin/eselect-metasploit:// / but, /[root@asgard ~]$ emerge -pvauDN world These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] sys-devel/gcc-4.8.2:4.8 [4.8.2:4.8.2] USE="cxx fortran gcj go graphite mudflap (multilib) multislot nls nptl objc objc++ objc-gc openmp (-altivec) -awt% -doc (-fixed-point) (-hardened) (-libssp) -nopie -nossp -regression-test -vanilla (-gtk%*) (-lto%)" 0 kB [ebuild N ] net-analyzer/metasploit-4.8.2:4.8 USE="java lorcon pcap (-development) {-test}" 0 kB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 0 kB / How to discover what are putting metasploit into "updatable world list"? >>> Most likely metasploit itself is in world. You can check you worldfile with >>> your favourite editor (/var/lib/portage/world). It should also be printed >>> bold in the emerge output if your terminal supports it >>> >>> >>> >> Yeah, metasploit is in there. Is it safe just remove him from the file? > yes, and it will be removed from the system next time you run > "emerge --depclean" > > To remove it immediately run > > "emerge -avC metasploit" > > But the big question is, do you want to keep that package or not? > You didn't say if you want it, you only wondered why it was being updated. > > > I don't want it. But, problem solved. Thank you. Regards
Re: [gentoo-user] Apache died this morning... why?
Replies inter-posted On 30/12/2013 14:25, Tanstaafl wrote: > On 2013-12-30 6:30 AM, Alan McKinnon wrote: >> To see what's going on, run ldd on: >> >> /usr/lib64/apache2/modules/libphp5.s > > Result: > >> # ldd /usr/lib64/apache2/modules/libphp5.so >> ldd: warning: you do not have execution permission for >> `/usr/lib64/apache2/modules/libphp5.so' >> linux-vdso.so.1 (0x7fffc3cbf000) >> libc-client.so.1 => /usr//lib64/libc-client.so.1 >> (0x7f279599d000) >> libresolv.so.2 => /lib64/libresolv.so.2 (0x7f279577b000) >> libreadline.so.6 => /lib64/libreadline.so.6 (0x7f2795535000) >> libaspell.so.15 => /usr//lib64/libaspell.so.15 >> (0x7f2795263000) >> libm.so.6 => /lib64/libm.so.6 (0x7f2794f69000) >> libssl.so.1.0.0 => /usr//lib64/libssl.so.1.0.0 >> (0x7f2794cff000) >> libcrypto.so.1.0.0 => /usr//lib64/libcrypto.so.1.0.0 >> (0x7f279491a000) >> libz.so.1 => /lib64/libz.so.1 (0x7f2794703000) >> libmcrypt.so.4 => /usr//lib64/libmcrypt.so.4 (0x7f27944d1000) >> libdl.so.2 => /lib64/libdl.so.2 (0x7f27942cd000) >> libonig.so.2 => /usr//lib64/libonig.so.2 (0x7f2794062000) >> libt1.so.5 => /usr//lib64/libt1.so.5 (0x7f2793e03000) >> libfreetype.so.6 => /usr//lib64/libfreetype.so.6 >> (0x7f2793b64000) >> libpng15.so.15 => /usr//lib64/libpng15.so.15 (0x7f2793939000) >> libjpeg.so.8 => /usr//lib64/libjpeg.so.8 (0x7f27936e4000) >> libdb-4.8.so => /usr//lib64/libdb-4.8.so (0x7f279336a000) >> libpthread.so.0 => /lib64/libpthread.so.0 (0x7f279314c000) >> libgdbm.so.3 => /usr//lib64/libgdbm.so.3 (0x7f2792f46000) >> libcurl.so.4 => /usr//lib64/libcurl.so.4 (0x7f2792ceb000) >> libbz2.so.1 => /lib64/libbz2.so.1 (0x7f2792ada000) >> libpcre.so.1 => /lib64/libpcre.so.1 (0x7f2792873000) >> libxml2.so.2 => /usr//lib64/libxml2.so.2 (0x7f2792512000) >> libmysqlclient.so.16 => /usr/lib64/mysql/libmysqlclient.so.16 >> (0x7f279218b000) >> libnetsnmp.so.30 => /usr//lib64/libnetsnmp.so.30 >> (0x7f2791eb) >> libc.so.6 => /lib64/libc.so.6 (0x7f2791b0a000) >> libpam.so.0 => /lib64/libpam.so.0 (0x7f27918fb000) >> libncurses.so.5 => /lib64/libncurses.so.5 (0x7f27916d8000) >> libstdc++.so.6 => >> /usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/libstdc++.so.6 >> (0x7f27913d3000) >> /lib64/ld-linux-x86-64.so.2 (0x7f279681b000) >> librt.so.1 => /lib64/librt.so.1 (0x7f27911ca000) >> libtinfo.so.5 => /lib64/libtinfo.so.5 (0x7f2790f95000) >> libgcc_s.so.1 => >> /usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1 (0x7f2790d7e000) looks fine > > and > >> /usr//lib64/libcurl.so.4 > >> # ldd /usr//lib64/libcurl.so.4 >> linux-vdso.so.1 (0x7fffa7bff000) >> libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 >> (0x7f510232b000) >> libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 >> (0x7f5101f46000) >> libz.so.1 => /lib64/libz.so.1 (0x7f5101d2f000) >> librt.so.1 => /lib64/librt.so.1 (0x7f5101b27000) >> libc.so.6 => /lib64/libc.so.6 (0x7f5101781000) >> libdl.so.2 => /lib64/libdl.so.2 (0x7f510157c000) >> libpthread.so.0 => /lib64/libpthread.so.0 (0x7f510135f000) >> /lib64/ld-linux-x86-64.so.2 (0x7f51027fb000) looks fine > > Doesn't mean anything to me though... ;) It's just a list of the libs a file knows it is linked to. First is the lib name then the big arrow (=>) then the file containing that lib then a bunch of numbers. Ignore the numbers, pay most attention to anything that says "not found" - that's the junk revdep-rebuild looks for > >> preserved-rebuild should just take care of all this automagically. >> Do you have preserve-libs in FEATURES? > > Nope... is this now recommended? Is it the default on new installs? Yes it's the default for new installs and comes highly recommended (unless you like having stuff not work at all till revdep-rebuild completes...) There was a news item 2013-06-07: 2013-06-07-portage-preserve-libs-default Title Portage preserve-libs default AuthorZac Medico Posted2013-06-07 Revision 1 Beginning with sys-apps/portage-2.1.12, FEATURES=preserve-libs is enabled by default. Even though preserve-libs makes it unnecessary to use revdep-rebuild for most common updates, it is still a good practice to run `revdep-rebuild -ip` after updates, in order to check if there are any broken library dependencies that preserve-libs was not able to handle. For example, see http://bugs.gentoo.org/show_bug.cgi?id=459038. If you would like to disable preserve-libs by default, then set FEATURES="-preserve-libs" in make.conf. See the make.conf(5) man page or
Re: [gentoo-user] IPTables question... simple as possible for starters
Minor additions to what Pandu said... On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan wrote: > On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl wrote: > The numbers within [brackets] are statistics/countes. Just replace > them with [0:0], unless you really really really have a good reason to > not start counting from 0... > AFAIK, there's no reason this shouldn't alway be set to 0. If you want to keep your counter do --noflush > NOTE: In that ServerFault posting, I suggested using the anti-attack > rules in -t raw -A PREROUTING. This saves a great deal of processing, > becase the "raw" table is just that: raw, unadulterated, unanalyzed > packets. The CPU assumes nothing, it merely tries to match well-known > fields' values. > And because nothing is assumed, you can't prepend a conntrack rule. I can't think of why you'd ever want those packets (and I should probably move at least those 4 masks to raw) but just an FYI - no processing means no processing. Also see nftables: http://netfilter.org/projects/nftables/
Re: [gentoo-user] Apache died this morning... why?
On 2013-12-30 6:30 AM, Alan McKinnon wrote: To see what's going on, run ldd on: /usr/lib64/apache2/modules/libphp5.s Result: # ldd /usr/lib64/apache2/modules/libphp5.so ldd: warning: you do not have execution permission for `/usr/lib64/apache2/modules/libphp5.so' linux-vdso.so.1 (0x7fffc3cbf000) libc-client.so.1 => /usr//lib64/libc-client.so.1 (0x7f279599d000) libresolv.so.2 => /lib64/libresolv.so.2 (0x7f279577b000) libreadline.so.6 => /lib64/libreadline.so.6 (0x7f2795535000) libaspell.so.15 => /usr//lib64/libaspell.so.15 (0x7f2795263000) libm.so.6 => /lib64/libm.so.6 (0x7f2794f69000) libssl.so.1.0.0 => /usr//lib64/libssl.so.1.0.0 (0x7f2794cff000) libcrypto.so.1.0.0 => /usr//lib64/libcrypto.so.1.0.0 (0x7f279491a000) libz.so.1 => /lib64/libz.so.1 (0x7f2794703000) libmcrypt.so.4 => /usr//lib64/libmcrypt.so.4 (0x7f27944d1000) libdl.so.2 => /lib64/libdl.so.2 (0x7f27942cd000) libonig.so.2 => /usr//lib64/libonig.so.2 (0x7f2794062000) libt1.so.5 => /usr//lib64/libt1.so.5 (0x7f2793e03000) libfreetype.so.6 => /usr//lib64/libfreetype.so.6 (0x7f2793b64000) libpng15.so.15 => /usr//lib64/libpng15.so.15 (0x7f2793939000) libjpeg.so.8 => /usr//lib64/libjpeg.so.8 (0x7f27936e4000) libdb-4.8.so => /usr//lib64/libdb-4.8.so (0x7f279336a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x7f279314c000) libgdbm.so.3 => /usr//lib64/libgdbm.so.3 (0x7f2792f46000) libcurl.so.4 => /usr//lib64/libcurl.so.4 (0x7f2792ceb000) libbz2.so.1 => /lib64/libbz2.so.1 (0x7f2792ada000) libpcre.so.1 => /lib64/libpcre.so.1 (0x7f2792873000) libxml2.so.2 => /usr//lib64/libxml2.so.2 (0x7f2792512000) libmysqlclient.so.16 => /usr/lib64/mysql/libmysqlclient.so.16 (0x7f279218b000) libnetsnmp.so.30 => /usr//lib64/libnetsnmp.so.30 (0x7f2791eb) libc.so.6 => /lib64/libc.so.6 (0x7f2791b0a000) libpam.so.0 => /lib64/libpam.so.0 (0x7f27918fb000) libncurses.so.5 => /lib64/libncurses.so.5 (0x7f27916d8000) libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/libstdc++.so.6 (0x7f27913d3000) /lib64/ld-linux-x86-64.so.2 (0x7f279681b000) librt.so.1 => /lib64/librt.so.1 (0x7f27911ca000) libtinfo.so.5 => /lib64/libtinfo.so.5 (0x7f2790f95000) libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/libgcc_s.so.1 (0x7f2790d7e000) and /usr//lib64/libcurl.so.4 # ldd /usr//lib64/libcurl.so.4 linux-vdso.so.1 (0x7fffa7bff000) libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x7f510232b000) libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x7f5101f46000) libz.so.1 => /lib64/libz.so.1 (0x7f5101d2f000) librt.so.1 => /lib64/librt.so.1 (0x7f5101b27000) libc.so.6 => /lib64/libc.so.6 (0x7f5101781000) libdl.so.2 => /lib64/libdl.so.2 (0x7f510157c000) libpthread.so.0 => /lib64/libpthread.so.0 (0x7f510135f000) /lib64/ld-linux-x86-64.so.2 (0x7f51027fb000) Doesn't mean anything to me though... ;) preserved-rebuild should just take care of all this automagically. Do you have preserve-libs in FEATURES? Nope... is this now recommended? Is it the default on new installs? Do a pretend run of revdep-rebuild. I'll bet you end up rebuilding curl and/or php, but not apache. Actually, I did that right after the updates and it didn't recommend anything (I always do revdep-rebuild -p after any system updates like gcc, glib/c, etc)... Apache is unlikely to be at fault, it loads a dynamic module and use it, that module either works or it doesn't. Ok... so, the question is still why did it die? This happened by the way when the logs were rotated by logrotate. Maybe that is significant? The GCC Upgrade guide is a bit outdated (still referring to gcc 3.4 and 4.1, with no mention of newer versions, so I wasn't sure if that was still necessary... According to the posted error, this has nothing to do with compiler versions, it is linker errors related to glibc You do not have to rebuild system, world or the known universe. You only have to do that when the a gcc upgrade changes the data format on-disk that the C++ compiler generates. That has not happened here. There's an insane amounts of FUD around about rebuilding gcc, all of it originating from ricers without a clue. You run strictly stable-only so never fear, if a gcc upgrade required a world rebuild you would have already been subjected to 12-month long threads about it right here on this list I know, and the GCC upgrade guide is pretty clear on that point, and since I didn't say anything about rebuilding anything other than sys-devel/libtool, which it does specifically mention, I'm not sure why you bro
Re: [gentoo-user] IPTables question... simple as possible for starters
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl wrote: > [-- LE SNIP --] > Ok, well, maybe I should have posted my entire ruleset... > > I have this above where I define my chains: > > # > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT DROP [0:0] > # > > Does it matter where this goes? > Yes. Chain declarations must come before the rules themselves. > And then above that, I have something else that I've never understood: > > *mangle Begin declaration of the "mangle" table. > :PREROUTING ACCEPT [1378800222:449528056411] > :INPUT ACCEPT [1363738727:447358082301] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1221121261:1103241097263] > :POSTROUTING ACCEPT [1221116979:1103240864155] The numbers within [brackets] are statistics/countes. Just replace them with [0:0], unless you really really really have a good reason to not start counting from 0... The second word is the 'policy' of the chain, i.e., the default action taken if no rules match in the chain > -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG > -j DROP > -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP > -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP > -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP Alright, the `--tcp-flags` option takes two parameters: and These 4 rules collectively block 'well-known TCP Attacks', which I've listed here: http://serverfault.com/a/245713/15440 NOTE: In that ServerFault posting, I suggested using the anti-attack rules in -t raw -A PREROUTING. This saves a great deal of processing, becase the "raw" table is just that: raw, unadulterated, unanalyzed packets. The CPU assumes nothing, it merely tries to match well-known fields' values. You *do* have to make sure that you don't forget to compile kernel support for RAW tables ;-) > COMMIT End of "mangle" table declaration. Commit all chain definitions and chain rules in one atomic operation. >> ipset create ssh_in iphash >> ipset add ssh_in 1.2.3.4 >> >> and then this works: >> -A -m set --match-set ssh_in src -j ACCEPT >> >> ipset has the same save/load type things as ipt (minor differences >> with how you handle reload, but google or ask if you want to know). >> The set needs to be in place before the ipt rule is added, so ipset >> comes first in your boot sequence. > > > Thanks, looks interesting and useful... > > So much to learn, so little time... ;) > iptables is a powerful beast; learn it well, and you'll prosper :-) Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pandu.poluan.info/blog/ • Linked-In : http://id.linkedin.com/in/pepoluan
[gentoo-user] Mysterious fetch failures
Hi list, For a few weeks now I've been having trouble emerging certain packages: they abort on checksum failure every time. Yet when I wget them myself from the first mirror in the list they're fine. Eh? The problem can't be the presence of a distfile that's been renamed *_checksum_failure_* because those were still present during the successful emerge. I can't think of any other possibility at the moment. The ones I fell over last night were gdk-pixbuf, vala-common, apg and nss. I'm building a new 32-bit system in a chroot for my mini LAN server. The first two have been persistent for several weeks. -- Regards Peter
Re: [gentoo-user] Apache died this morning... why?
On 30/12/2013 12:47, Tanstaafl wrote: > Good morning everyone, > > Came in this morning to a server with a non-running apache... > > It did restart ok, but when I checked the error log, I found this: > > [Mon Dec 30 03:10:02 2013] [notice] Graceful restart requested, doing > restart > [Mon Dec 30 03:10:02 2013] [error] (9)Bad file descriptor: > apr_socket_accept: (client socket) > apache2: Syntax error on line 169 of /etc/apache2/httpd.conf: Syntax > error on line 4 of /etc/apache2/modules.d/70_mod_php5.conf: Cannot load > /usr/lib64/apache2/modules/libphp5.so into server: /lib64/libc.so.6: > version `GLIBC_2.16' not found (required by /usr//lib64/libcurl.so.4) > > I did recently do the gcc upgrade to 4.7... so is this because I failed > to rebuild sys-devel/libtool? The error is that PHP5 cannot load as it wants libcurl which is complaining about a missing libc version. To see what's going on, run ldd on: /usr/lib64/apache2/modules/libphp5.s /usr//lib64/libcurl.so.4 preserved-rebuild should just take care of all this automagically. Do you have preserve-libs in FEATURES? > > Or do I need to rebuild apache? Or both? Do a pretend run of revdep-rebuild. I'll bet you end up rebuilding curl and/or php, but not apache. Apache is unlikely to be at fault, it loads a dynamic module and use it, that module either works or it doesn't. > > The GCC Upgrade guide is a bit outdated (still referring to gcc 3.4 and > 4.1, with no mention of newer versions, so I wasn't sure if that was > still necessary... According to the posted error, this has nothing to do with compiler versions, it is linker errors related to glibc You do not have to rebuild system, world or the known universe. You only have to do that when the a gcc upgrade changes the data format on-disk that the C++ compiler generates. That has not happened here. There's an insane amounts of FUD around about rebuilding gcc, all of it originating from ricers without a clue. You run strictly stable-only so never fear, if a gcc upgrade required a world rebuild you would have already been subjected to 12-month long threads about it right here on this list -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] IPTables question... simple as possible for starters
On 2013-12-29 1:39 PM, shawn wilson wrote: On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl wrote: Hi all, Ok, I'm setting up a new server, and I'd like to rethink my iptables rules. I'd like to start with something fairly simple: 1. Allow connections from anywhere ONLY to certain ports ie, for encrypted IMAP/SMTP connections from users 2. Allow connections from only certain IP addresses to certain ports ie, for limiting SSH access I'd reverse the order that #1 and #2 appear. Well, I was just writing that as a general description. Looking in the rules 3. DROP ALL other connection attempts ie, I don't want to see these disallowed attempts in the logs In order to keep my rules more manageable, I have a commented text file that I manually edit whenever modifying my rules, then I do an 'iptables-restore < /path/to/iptables-rules' to update them. My first question is about a trick I learned some time ago (but don't remember where)... For the ports for which I want to allow only restricted access, I have something like: ### # bgn exceptions blocks ### :f_22_I - [0:0] :f_25_I - [0:0] :f_22_O - [0:0] :f_25_O - [0:0] Am I correct that the above are what are called 'chains' in iptables speak? That defines non-kernel chains but you still need to jump to them from INPUT/OUTPUT or whatever. So, something like: -A -m tcp -p tcp --dport 22 --sport 1024:65535 -j f_22_I Well, yeah... I didn't post my entire ruleset... ;) ^ I just And am I also correct that the above adds each rule to the named chain in order, and that the order is significant? Yep - like ACLs, rules are processed from top down. ACCEPT, REJECT, and DROP are end points when they match. Good, thanks. Then... assuming that I have all of the specific rules after these set up to allow just the traffic I want, and I wanted to add a final rule that just silently DROPped all other inbound connection attempts, it would be: -A INPUT -j DROP What you're looking for is the policy which are by default ACCEPT on all kernel rules and which you change in the save file with something like this: :INPUT DROP [0:0] > And, just so that there's no confusion, you should state the policy of OUTPUT and FORWARD at the top of your save file along with INPUT - see the output of iptables-save as an example of what your file should look like. Ok, well, maybe I should have posted my entire ruleset... I have this above where I define my chains: # *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] # Does it matter where this goes? And then above that, I have something else that I've never understood: *mangle :PREROUTING ACCEPT [1378800222:449528056411] :INPUT ACCEPT [1363738727:447358082301] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1221121261:1103241097263] :POSTROUTING ACCEPT [1221116979:1103240864155] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT Also, if you're creating a chain just to do the same thing with different addresses, look at using ipset. Then you just: ipset create ssh_in iphash ipset add ssh_in 1.2.3.4 and then this works: -A -m set --match-set ssh_in src -j ACCEPT ipset has the same save/load type things as ipt (minor differences with how you handle reload, but google or ask if you want to know). The set needs to be in place before the ipt rule is added, so ipset comes first in your boot sequence. Thanks, looks interesting and useful... So much to learn, so little time... ;)
[gentoo-user] Apache died this morning... why?
Good morning everyone, Came in this morning to a server with a non-running apache... It did restart ok, but when I checked the error log, I found this: [Mon Dec 30 03:10:02 2013] [notice] Graceful restart requested, doing restart [Mon Dec 30 03:10:02 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket) apache2: Syntax error on line 169 of /etc/apache2/httpd.conf: Syntax error on line 4 of /etc/apache2/modules.d/70_mod_php5.conf: Cannot load /usr/lib64/apache2/modules/libphp5.so into server: /lib64/libc.so.6: version `GLIBC_2.16' not found (required by /usr//lib64/libcurl.so.4) I did recently do the gcc upgrade to 4.7... so is this because I failed to rebuild sys-devel/libtool? Or do I need to rebuild apache? Or both? The GCC Upgrade guide is a bit outdated (still referring to gcc 3.4 and 4.1, with no mention of newer versions, so I wasn't sure if that was still necessary... Thanks
Re: [gentoo-user] USB permission/owner - change not allowed as root
On Mon, 30 Dec 2013 10:38:03 +0200 Alan McKinnon wrote: > On 30/12/2013 09:51, Edward M wrote: > > On Sun, 29 Dec 2013 19:42:33 -0700 > > Joseph wrote: > > > >> After recent upgrade when I mount my USB and try as root: > >> > >> chown joseph:users /media/stick/Ancient-Electricity_new.ppt > >> chown: changing ownership of > >> ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted > >> > >> file ownership is: > >> -rwxr-xr-x 1 root root 5796864 Mar 6 2013 > >> Ancient-Electricity_new.ppt > >> > > > > > > I too ran the chown command on my USB flash and got the same > > response as you did: > > > > localhost001 media # chown cru:users flash-drive1/ > > chown: changing ownership of ‘flash-drive1/’: Operation > > not permitted > > > > drwxr-xr-x 7 root root 16384 Dec 31 1969 flash-drive1 > > > > Don't know what to tell you. interestingmy says Dec 31 1969. > > > > Read the man page for mount, section vfat. > > > You can't change the owner as FAT doesn't have a concept of owner, so > it's simulated at mount time. You can't change it at runtime. > > To change it you have to umount the device and remount it using the > appropriate option, all in the man page > > Thank you for the explanation. I appreciate it a lot. I will read the man page for mount and experiment a little.
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 30/12/2013 09:51, Edward M wrote: > On Sun, 29 Dec 2013 19:42:33 -0700 > Joseph wrote: > >> After recent upgrade when I mount my USB and try as root: >> >> chown joseph:users /media/stick/Ancient-Electricity_new.ppt >> chown: changing ownership of >> ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted >> >> file ownership is: >> -rwxr-xr-x 1 root root 5796864 Mar 6 2013 >> Ancient-Electricity_new.ppt >> > > > I too ran the chown command on my USB flash and got the same > response as you did: > > localhost001 media # chown cru:users flash-drive1/ > chown: changing ownership of ‘flash-drive1/’: Operation not > permitted > > drwxr-xr-x 7 root root 16384 Dec 31 1969 flash-drive1 > > Don't know what to tell you. interestingmy says Dec 31 1969. Read the man page for mount, section vfat. You can't change the owner as FAT doesn't have a concept of owner, so it's simulated at mount time. You can't change it at runtime. To change it you have to umount the device and remount it using the appropriate option, all in the man page -- Alan McKinnon alan.mckin...@gmail.com