RE: F17 Beta DVD install options
If the NSA wants to look at your machine, they don't need your root password. End of story. Thanks, Dan -Original Message- From: test-boun...@lists.fedoraproject.org [mailto:test-boun...@lists.fedoraproject.org] On Behalf Of Adam Williamson Sent: Wednesday, April 18, 2012 7:31 PM To: For testing and quality assurance of Fedora releases Subject: Re: F17 Beta DVD install options On Wed, 2012-04-18 at 21:19 -0500, John Morris wrote: On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. In short, just how theoretical an attack am I expending effort to repel? I'm not any kind of security expert, but I'm pretty sure the answer to your first question is 'yes' and the answer to your last is 'not theoretical'. One interesting thing to do is look at the things chkrootkit checks for. As far as I'm aware, most of the chkrootkit checks are responses to real-world attacks. If you look at the checks, you can deduce that some of the attacks are pretty sophisticated. Oh, I'm pretty sure quite a lot real-world attacks work in ways that an rpm -Va check wouldn't expose, without needing to actually mung the rpm -Va operation in any way - simply by using files that aren't rpm tracked, for instance. But yeah, I'm not an expert on security at all, I only know enough to be a danger to myself and others. ;) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
RE: F17 Beta DVD install options
On Thu, 2012-04-19 at 00:27 -0700, Dan Mashal wrote: If the NSA wants to look at your machine, they don't need your root password. Erm...I didn't say anything about the NSA. I'm not sure where you're getting that idea. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
RE: F17 Beta DVD install options
Was replying to the quote below, with some additional responses now. Dan -Original Message- On Behalf Of John Morris Sent: Wednesday, April 18, 2012 7:19 PM To: For testing and quality assurance of Fedora releases Subject: Re: F17 Beta DVD install options On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? Yes, hacker defender on windows, suckit root kit on Linux although not as good at covering its tracks. The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. Basically agreeing with the NSA comment here. The NSA, FBI and DOJ do what they want. -Original Message- From: test-boun...@lists.fedoraproject.org [mailto:test-boun...@lists.fedoraproject.org] On Behalf Of Adam Williamson Sent: Thursday, April 19, 2012 2:07 AM To: For testing and quality assurance of Fedora releases Subject: RE: F17 Beta DVD install options On Thu, 2012-04-19 at 00:27 -0700, Dan Mashal wrote: If the NSA wants to look at your machine, they don't need your root password. Erm...I didn't say anything about the NSA. I'm not sure where you're getting that idea. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
RE: F17 Beta DVD install options
On Thu, 2012-04-19 at 02:20 -0700, Dan Mashal wrote: Was replying to the quote below, with some additional responses now. Then avoid confusion by not top-posting, which you have done persistently throughout this thread. Read the list Guidelines. poc -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 18 Apr 2012 21:19:18 -0500 John Morris jmor...@beau.org wrote: Which brings up a good point. I know that the only way to be sure is booting the machine from a known good[1] rescue media and then check with a copy of RPM running from there using the --root option to point at the suspect filesystem to ensure the system's rpm binary isn't trojaned or the kernel patched to show the original executables to rpm. And even then a REAL enemy would exploit a zero day buffer overflow in rpm via the infected rpm database. On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. In short, just how theoretical an attack am I expending effort to repel? In my experience, not at all theoretical. Anything that is a known remote exploit in any commonly distributed free software likely has bots scanning for the vulnerable versions and exploiting them. I've seen a number of machines over the years that were compromised, then rootkitted and then left to their own devices. Often they have some many compromised machines that they don't get time to go and use any of them for anything. Sometimes they install control software like an irc bot and otherwise leave the machine alone until they need it. Some are done in a clumsy manner, others are done in a way that rpm or the like don't show the compromise and the only way you can tell is from other data. So, feel free to run a EOL distro or not apply security updates, but I suspect this will bite you sooner rather than later. I don't mind if people choose to do this, but I do think we should make sure and let those reading know that this is particularly bad advise to follow for the majority of folks. All, IMHO. I've only been a full time linux sysadmin admin since 1998. kevin signature.asc Description: PGP signature -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
Well that's an Anaconda bug isn't it? :) Still not a reason for a rolling release. I quite enjoy Fedora 14. Thanks, Dan On Wed, Apr 18, 2012 at 1:48 AM, Tom Horsley horsley1...@gmail.com wrote: On Wed, 18 Apr 2012 01:06:42 -0700 Dan Mashal wrote: You can install updates during the initial OS install. Just select updates and updates-testing repo. You will need network when you do this. You can do that, but then you find you can't restrict the install to packages only appearing on the DVD. The entire online inventory of packages shows up in the customise pages. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, Apr 18, 2012 at 4:49 AM, Dan Mashal dan.mas...@gmail.com wrote: Well that's an Anaconda bug isn't it? :) Still not a reason for a rolling release. I quite enjoy Fedora 14. Please, if you do nothing else, upgrade your kernel manually. josh -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 01:49 -0700, Dan Mashal wrote: Well that's an Anaconda bug isn't it? :) Still not a reason for a rolling release. Why is it a bug at all? Why wouldn't you want that? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
I know Fedora 14 is EOL. And sorry, I'm not that type. Try again. Dan On Wed, Apr 18, 2012 at 9:55 AM, Rick Stevens rstev...@corp.alldigital.comwrote: On 04/18/2012 09:22 AM, David wrote: On 4/18/2012 11:11 AM, Dan Mashal wrote: My system is secure. Thanks for your concern. Dan Fedora 14 is EOL since one month after Fedora 16. Fedora 15 will be EOL one month after Fedora 17. A long time with no security patches of any kind for any package for you. I know the type. 'I use Linux so I'm ten feet tall and bullet proof'. You forgot and invisible. --**--**-- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - grasshopotomus: A creature that can leap to tremendous heights... - -...once.- --**--**-- -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.**org/mailman/listinfo/testhttps://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On 2012/04/18 09:42 (GMT-0700) Tommy Pham composed: Tried a i386 F17 Beta on an old Dell Optiplex GX280 machine here at work and works fine. However my new upgraded home machine fails :( Hardware info: * Gigabyte GA-990FXA-UD5 AM3+ AMD 990FX SATA 6Gb/s USB 3.0 ATX * 3ware 9650SE-8LPML with 4x HDD on RAID5 * DVD-RW connected to a mobo SATA connection. All mobo SATAs (including eSATA) are set to AHCI, only the DVD-RW is connected to the mobo SATA. Presumably you mean all SATA on the new machine are set to AHCI? I can't find an AHCI setting in my GX280's BIOS, and would like to know where you did if you did. cf. https://bugzilla.novell.com/show_bug.cgi?id=757426#c23 -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 09:42 -0700, Tommy Pham wrote: On Tue, Apr 17, 2012 at 1:14 PM, Adam Williamson awill...@redhat.com wrote: On Tue, 2012-04-17 at 09:50 -0700, Tommy Pham wrote: Hi, Has anyone tried the recent beta released on DVD? Yes. Does it give various install options like F16? Yes. The alpha F17 only installed bare minimal. Um, no it didn't. It had a full set of install options and defaulted to a heavy graphical desktop install just like F16. That sounds like you wound up with text mode install, for some reason, which gives you a minimal package set and no choice about it. If that happens and you didn't explicitly request it, the important question becomes 'why did I wind up in text mode', and the answer is usually 'there's some kind of bug in the graphics driver for my video adapter'. Try Beta, and let us know what happens :) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net Tried a i386 F17 Beta on an old Dell Optiplex GX280 machine here at work and works fine. However my new upgraded home machine fails :( What exactly do you mean by 'fails'? Going to need details to do any diagnosis. Thanks. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 12:22 -0400, David wrote: On 4/18/2012 11:11 AM, Dan Mashal wrote: My system is secure. Thanks for your concern. Fedora 14 is EOL since one month after Fedora 16. Fedora 15 will be EOL one month after Fedora 17. A long time with no security patches of any kind for any package for you. I know the type. 'I use Linux so I'm ten feet tall and bullet proof'. Maybe he is like me and has a machine that he can't upgrade. One of my machines has an HPT374 IDE RAID controller in it that hasn't worked for years. Last distro I cleanly loaded was RHEL4 (Whitebox4 actuallu) I managed to brutally hack the kernel in Fedora 10 with an old out of tree driver from Highpoint (GPL) to have something a little newer and did it again for F11 but a major kernel update along that line changed something I couldn't manage to fix. So that is where that machine stays until I finally toss the 4x200GB drives in it for a pair of larger ones connected to the onboard SATA plugs that should be supported. It is behind a NAT on a home network so I don't worry too much about it getting hacked. Firefox is almost certainly vulnerable but you rarely see active attacks in the wild against Linux browsers, especially if you don't hang out at dodgy sites. And if it happens, guess that will be the universe saying it is finally time to stop being a cheap bastard and buy some new drives. signature.asc Description: This is a digitally signed message part -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 12:05 -0500, John Morris wrote: It is behind a NAT on a home network so I don't worry too much about it getting hacked. Firefox is almost certainly vulnerable but you rarely see active attacks in the wild against Linux browsers, especially if you don't hang out at dodgy sites. And if it happens, guess that will be the universe saying it is finally time to stop being a cheap bastard and buy some new drives. How do you know it _hasn't_ happened? Not all hacks involve the attacker posting some kind of 'HAHA U HAZ BEEN HACKED' notice to let you know about it. Those are the _nice_ hackers. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On Wed, Apr 18, 2012 at 14:00, Felix Miata mrma...@earthlink.net wrote: Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- Another OS/2 user joins the Fedora Family. I remember you from the OS/2 lists Felix, welcome. :) FC -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
I can upgrade. I know how to. It's actually a Virtualbox VM running on a quad core AMD box with 16GB of RAM. Yes, it is natted. Yes SSH is open to the internet. Yes nginx is open to the internet. Yes other ports are open to the internet. No I've never gotten hacked. Any other questions? Thanks, Dan On Wed, Apr 18, 2012 at 10:05 AM, John Morris jmor...@beau.org wrote: On Wed, 2012-04-18 at 12:22 -0400, David wrote: On 4/18/2012 11:11 AM, Dan Mashal wrote: My system is secure. Thanks for your concern. Fedora 14 is EOL since one month after Fedora 16. Fedora 15 will be EOL one month after Fedora 17. A long time with no security patches of any kind for any package for you. I know the type. 'I use Linux so I'm ten feet tall and bullet proof'. Maybe he is like me and has a machine that he can't upgrade. One of my machines has an HPT374 IDE RAID controller in it that hasn't worked for years. Last distro I cleanly loaded was RHEL4 (Whitebox4 actuallu) I managed to brutally hack the kernel in Fedora 10 with an old out of tree driver from Highpoint (GPL) to have something a little newer and did it again for F11 but a major kernel update along that line changed something I couldn't manage to fix. So that is where that machine stays until I finally toss the 4x200GB drives in it for a pair of larger ones connected to the onboard SATA plugs that should be supported. It is behind a NAT on a home network so I don't worry too much about it getting hacked. Firefox is almost certainly vulnerable but you rarely see active attacks in the wild against Linux browsers, especially if you don't hang out at dodgy sites. And if it happens, guess that will be the universe saying it is finally time to stop being a cheap bastard and buy some new drives. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On Wed, Apr 18, 2012 at 10:00 AM, Felix Miata mrma...@earthlink.net wrote: On 2012/04/18 09:42 (GMT-0700) Tommy Pham composed: Tried a i386 F17 Beta on an old Dell Optiplex GX280 machine here at work and works fine. However my new upgraded home machine fails :( Hardware info: * Gigabyte GA-990FXA-UD5 AM3+ AMD 990FX SATA 6Gb/s USB 3.0 ATX * 3ware 9650SE-8LPML with 4x HDD on RAID5 * DVD-RW connected to a mobo SATA connection. All mobo SATAs (including eSATA) are set to AHCI, only the DVD-RW is connected to the mobo SATA. Presumably you mean all SATA on the new machine are set to AHCI? I can't find an AHCI setting in my GX280's BIOS, and would like to know where you did if you did. cf. https://bugzilla.novell.com/show_bug.cgi?id=757426#c23 -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- Yes, I'm sorry I wasn't explicit about the problems and the hardware info with related settings. The AHCI are set on my new Gigabyte mobo. (I only tested the F17 beta on GX280 just to make sure that the GUI install process should work.) Side note, I think there's like 3 SATA chip for that Gigabyte mobo: 1 AMD SB950 (4 SATA ports) and 2 x Marvell 88SE9172 chips (2 internal + 2 eSATA). I also remembering seeing that the kernel did detect that Marvell chip. I'll check on the messages later when I get home to get the details. Thanks, Tommy -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 12:22 -0400, David wrote: On 4/18/2012 11:11 AM, Dan Mashal wrote: My system is secure. Thanks for your concern. Fedora 14 is EOL since one month after Fedora 16. Fedora 15 will be EOL one month after Fedora 17. A long time with no security patches of any kind for any package for you. I know the type. 'I use Linux so I'm ten feet tall and bullet proof'. Maybe he is like me and has a machine that he can't upgrade. One of my machines has an HPT374 IDE RAID controller in it that hasn't worked for years. Last distro I cleanly loaded was RHEL4 (Whitebox4 actuallu) I managed to brutally hack the kernel in Fedora 10 with an old out of tree driver from Highpoint (GPL) to have something a little newer and did it again for F11 but a major kernel update along that line changed something I couldn't manage to fix. So that is where that machine stays until I finally toss the 4x200GB drives in it for a pair of larger ones connected to the onboard SATA plugs that should be supported. It is behind a NAT on a home network so I don't worry too much about it getting hacked. Firefox is almost certainly vulnerable but you rarely see active attacks in the wild against Linux browsers, especially if you don't hang out at dodgy sites. And if it happens, guess that will be the universe saying it is finally time to stop being a cheap bastard and buy some new drives. I can fully appreciate your situation, if aint broke Fedora, Ubuntu and Slackware user Linux counter #386175 -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On Wed, 2012-04-18 at 14:17 -0300, Fernando Cassia wrote: On Wed, Apr 18, 2012 at 14:00, Felix Miata mrma...@earthlink.net wrote: Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- Another OS/2 user joins the Fedora Family. I remember you from the OS/2 lists Felix, welcome. :) Felix has been around here for years... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 18:13 +0100, Adam Williamson wrote: Not all hacks involve the attacker posting some kind of 'HAHA U HAZ BEEN HACKED' notice to let you know about it. Those are the _nice_ hackers. Well they usually DO something with a machine they have 0wn3ed. No spam spewing forth, no probes against other hosts, etc. And rpm -Va doesn't show anything nasty in the packages that would give an intruder an in. OpenWrt is running on the gateway so I see what sort of things are going through the NAT. And it is up to date. Is all that enough to be 100% sure? Nah. On the other hand if I were the sort of paranoid who spent a lot of time with those sort of thoughts I'd be running OpenBSD. signature.asc Description: This is a digitally signed message part -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 19:25 -0500, John Morris wrote: On Wed, 2012-04-18 at 18:13 +0100, Adam Williamson wrote: Not all hacks involve the attacker posting some kind of 'HAHA U HAZ BEEN HACKED' notice to let you know about it. Those are the _nice_ hackers. Well they usually DO something with a machine they have 0wn3ed. Like, rifle through the data for anything useful? Keep it backdoored for future use? Things like that... No spam spewing forth, no probes against other hosts, etc. Doesn't mean a whole lot...see above. And rpm -Va doesn't show anything nasty in the packages that would give an intruder an in. If someone's owned the machine, they can make rpm -Va say whatever they like. Is all that enough to be 100% sure? Nah. On the other hand if I were the sort of paranoid who spent a lot of time with those sort of thoughts I'd be running OpenBSD. Well, sure, there's a line to be drawn somewhere. But even if you're not a security paranoiac, it's very important to know there's a huge world of difference between I'm not aware my machine has been hacked and I'm aware my machine has not been hacked... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On Wed, Apr 18, 2012 at 10:32 AM, Tommy Pham tommy...@gmail.com wrote: On Wed, Apr 18, 2012 at 10:00 AM, Felix Miata mrma...@earthlink.net wrote: On 2012/04/18 09:42 (GMT-0700) Tommy Pham composed: Tried a i386 F17 Beta on an old Dell Optiplex GX280 machine here at work and works fine. However my new upgraded home machine fails :( Hardware info: * Gigabyte GA-990FXA-UD5 AM3+ AMD 990FX SATA 6Gb/s USB 3.0 ATX * 3ware 9650SE-8LPML with 4x HDD on RAID5 * DVD-RW connected to a mobo SATA connection. All mobo SATAs (including eSATA) are set to AHCI, only the DVD-RW is connected to the mobo SATA. Presumably you mean all SATA on the new machine are set to AHCI? I can't find an AHCI setting in my GX280's BIOS, and would like to know where you did if you did. cf. https://bugzilla.novell.com/show_bug.cgi?id=757426#c23 -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- Yes, I'm sorry I wasn't explicit about the problems and the hardware info with related settings. The AHCI are set on my new Gigabyte mobo. (I only tested the F17 beta on GX280 just to make sure that the GUI install process should work.) Side note, I think there's like 3 SATA chip for that Gigabyte mobo: 1 AMD SB950 (4 SATA ports) and 2 x Marvell 88SE9172 chips (2 internal + 2 eSATA). I also remembering seeing that the kernel did detect that Marvell chip. I'll check on the messages later when I get home to get the details. Thanks, Tommy I did something last night that really broke F17. Unfortunately, I was a bit tired and didn't keep track of the things I did so I couldn't restore it. So I reinstalled F16 and about to do preupgrade to F17 again because the F17 alpha would only give me bare minimal install. Haven't had the chance to burn a F17 beta DVD yet. OK here is the info on new upgraded system (UUID 1e8f3c02-9ccd-45f7-9060-68f4d0aea671 - ID of submitted system profile - of reinstalled F16 from DVD)... [root@fedora /]# yum update Loaded plugins: langpacks, presto, refresh-packagekit No Packages marked for Update [root@fedora /]# uname -a Linux fedora.workgroup.domain 3.3.1-5.fc16.x86_64 #1 SMP Tue Apr 10 19:56:52 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux [root@fedora /]# grep -i 'sata' /var/log/messages Apr 18 18:02:14 fedora kernel: [0.939482] ahci :00:11.0: AHCI 0001.0200 32 slots 4 ports 6 Gbps 0xf impl SATA mode Apr 18 18:02:14 fedora kernel: [0.940336] ata1: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff100 irq 19 Apr 18 18:02:14 fedora kernel: [0.940340] ata2: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff180 irq 19 Apr 18 18:02:14 fedora kernel: [0.940343] ata3: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff200 irq 19 Apr 18 18:02:14 fedora kernel: [0.940346] ata4: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff280 irq 19 Apr 18 18:02:14 fedora kernel: [0.940482] ahci :03:00.0: AHCI 0001. 32 slots 2 ports 6 Gbps 0x3 impl SATA mode Apr 18 18:02:14 fedora kernel: [0.940864] ata5: SATA max UDMA/133 abar m512@0xfdaff000 port 0xfdaff100 irq 41 Apr 18 18:02:14 fedora kernel: [0.940867] ata6: SATA max UDMA/133 abar m512@0xfdaff000 port 0xfdaff180 irq 41 Apr 18 18:02:14 fedora kernel: [0.940994] ahci :0a:00.0: AHCI 0001. 32 slots 2 ports 6 Gbps 0x3 impl SATA mode Apr 18 18:02:14 fedora kernel: [0.941390] ata7: SATA max UDMA/133 abar m512@0xfd0ff000 port 0xfd0ff100 irq 42 Apr 18 18:02:14 fedora kernel: [0.941393] ata8: SATA max UDMA/133 abar m512@0xfd0ff000 port 0xfd0ff180 irq 42 Apr 18 18:02:14 fedora kernel: [1.245074] ata5: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.245080] ata4: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.245109] ata6: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.245116] ata2: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.245149] ata1: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.245172] ata3: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.247052] ata7: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [1.401071] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 300) Apr 18 18:02:14 fedora kernel: [1.404803] ata8: limiting SATA link speed to 1.5 Gbps Apr 18 18:02:14 fedora kernel: [6.861230] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 310) Apr 18 18:02:14 fedora kernel: [ 12.321242] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 310) ** Note that my DVD-RW is installed on ata8 since that's the only port with link up. [root@fedora /]# lspci|egrep -i '(sb9x|marvell)' 00:11.0 SATA controller: ATI Technologies Inc SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40) provide 4 ports as
Re: F17 Beta DVD install options
On Thu, 2012-04-19 at 02:30 +0100, Adam Williamson wrote: And rpm -Va doesn't show anything nasty in the packages that would give an intruder an in. If someone's owned the machine, they can make rpm -Va say whatever they like. Which brings up a good point. I know that the only way to be sure is booting the machine from a known good[1] rescue media and then check with a copy of RPM running from there using the --root option to point at the suspect filesystem to ensure the system's rpm binary isn't trojaned or the kernel patched to show the original executables to rpm. And even then a REAL enemy would exploit a zero day buffer overflow in rpm via the infected rpm database. On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. In short, just how theoretical an attack am I expending effort to repel? [1] And that IS the nub of the problem now isn't it; and the gateway to insanity. Do you trust the rescue media and/or the machine that downloaded and burned it? signature.asc Description: This is a digitally signed message part -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Wed, 2012-04-18 at 21:19 -0500, John Morris wrote: On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. In short, just how theoretical an attack am I expending effort to repel? I'm not any kind of security expert, but I'm pretty sure the answer to your first question is 'yes' and the answer to your last is 'not theoretical'. One interesting thing to do is look at the things chkrootkit checks for. As far as I'm aware, most of the chkrootkit checks are responses to real-world attacks. If you look at the checks, you can deduce that some of the attacks are pretty sophisticated. Oh, I'm pretty sure quite a lot real-world attacks work in ways that an rpm -Va check wouldn't expose, without needing to actually mung the rpm -Va operation in any way - simply by using files that aren't rpm tracked, for instance. But yeah, I'm not an expert on security at all, I only know enough to be a danger to myself and others. ;) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options [OT]
On Wed, Apr 18, 2012 at 6:39 PM, Tommy Pham tommy...@gmail.com wrote: On Wed, Apr 18, 2012 at 10:32 AM, Tommy Pham tommy...@gmail.com wrote: On Wed, Apr 18, 2012 at 10:00 AM, Felix Miata mrma...@earthlink.net wrote: On 2012/04/18 09:42 (GMT-0700) Tommy Pham composed: Tried a i386 F17 Beta on an old Dell Optiplex GX280 machine here at work and works fine. However my new upgraded home machine fails :( Hardware info: * Gigabyte GA-990FXA-UD5 AM3+ AMD 990FX SATA 6Gb/s USB 3.0 ATX * 3ware 9650SE-8LPML with 4x HDD on RAID5 * DVD-RW connected to a mobo SATA connection. All mobo SATAs (including eSATA) are set to AHCI, only the DVD-RW is connected to the mobo SATA. Presumably you mean all SATA on the new machine are set to AHCI? I can't find an AHCI setting in my GX280's BIOS, and would like to know where you did if you did. cf. https://bugzilla.novell.com/show_bug.cgi?id=757426#c23 -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- Yes, I'm sorry I wasn't explicit about the problems and the hardware info with related settings. The AHCI are set on my new Gigabyte mobo. (I only tested the F17 beta on GX280 just to make sure that the GUI install process should work.) Side note, I think there's like 3 SATA chip for that Gigabyte mobo: 1 AMD SB950 (4 SATA ports) and 2 x Marvell 88SE9172 chips (2 internal + 2 eSATA). I also remembering seeing that the kernel did detect that Marvell chip. I'll check on the messages later when I get home to get the details. Thanks, Tommy I did something last night that really broke F17. Unfortunately, I was a bit tired and didn't keep track of the things I did so I couldn't restore it. So I reinstalled F16 and about to do preupgrade to F17 again because the F17 alpha would only give me bare minimal install. Haven't had the chance to burn a F17 beta DVD yet. OK here is the info on new upgraded system (UUID 1e8f3c02-9ccd-45f7-9060-68f4d0aea671 - ID of submitted system profile - of reinstalled F16 from DVD)... [root@fedora /]# yum update Loaded plugins: langpacks, presto, refresh-packagekit No Packages marked for Update [root@fedora /]# uname -a Linux fedora.workgroup.domain 3.3.1-5.fc16.x86_64 #1 SMP Tue Apr 10 19:56:52 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux [root@fedora /]# grep -i 'sata' /var/log/messages Apr 18 18:02:14 fedora kernel: [ 0.939482] ahci :00:11.0: AHCI 0001.0200 32 slots 4 ports 6 Gbps 0xf impl SATA mode Apr 18 18:02:14 fedora kernel: [ 0.940336] ata1: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff100 irq 19 Apr 18 18:02:14 fedora kernel: [ 0.940340] ata2: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff180 irq 19 Apr 18 18:02:14 fedora kernel: [ 0.940343] ata3: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff200 irq 19 Apr 18 18:02:14 fedora kernel: [ 0.940346] ata4: SATA max UDMA/133 abar m1024@0xfdfff000 port 0xfdfff280 irq 19 Apr 18 18:02:14 fedora kernel: [ 0.940482] ahci :03:00.0: AHCI 0001. 32 slots 2 ports 6 Gbps 0x3 impl SATA mode Apr 18 18:02:14 fedora kernel: [ 0.940864] ata5: SATA max UDMA/133 abar m512@0xfdaff000 port 0xfdaff100 irq 41 Apr 18 18:02:14 fedora kernel: [ 0.940867] ata6: SATA max UDMA/133 abar m512@0xfdaff000 port 0xfdaff180 irq 41 Apr 18 18:02:14 fedora kernel: [ 0.940994] ahci :0a:00.0: AHCI 0001. 32 slots 2 ports 6 Gbps 0x3 impl SATA mode Apr 18 18:02:14 fedora kernel: [ 0.941390] ata7: SATA max UDMA/133 abar m512@0xfd0ff000 port 0xfd0ff100 irq 42 Apr 18 18:02:14 fedora kernel: [ 0.941393] ata8: SATA max UDMA/133 abar m512@0xfd0ff000 port 0xfd0ff180 irq 42 Apr 18 18:02:14 fedora kernel: [ 1.245074] ata5: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.245080] ata4: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.245109] ata6: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.245116] ata2: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.245149] ata1: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.245172] ata3: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.247052] ata7: SATA link down (SStatus 0 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.401071] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 300) Apr 18 18:02:14 fedora kernel: [ 1.404803] ata8: limiting SATA link speed to 1.5 Gbps Apr 18 18:02:14 fedora kernel: [ 6.861230] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 310) Apr 18 18:02:14 fedora kernel: [ 12.321242] ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 310) ** Note that my DVD-RW is installed on ata8 since that's the only port with link up. [root@fedora /]# lspci|egrep -i
F17 Beta DVD install options
Hi, Has anyone tried the recent beta released on DVD? Does it give various install options like F16? The alpha F17 only installed bare minimal. TIA, Tommy -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
Why is it that yum update pulls in some 500 MB of updates immediately after installing a brand new DVD? Why does the install image have to be riddled with stale files? -- Chuck Forsberg WA7KGX N2469R c...@omen.com www.omen.com Developer of Industrial ZMODEM(Tm) for Embedded Applications Omen Technology Inc The High Reliability Software 10255 NW Old Cornelius Pass Portland OR 97231 503-614-0430 -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: F17 Beta DVD install options
On Tue, 17 Apr 2012 13:38:17 -0700 Chuck Forsberg WA7KGX N2469R c...@omen.com wrote: Why is it that yum update pulls in some 500 MB of updates immediately after installing a brand new DVD? Why does the install image have to be riddled with stale files? This is due to the freeze. Things are frozen while trying to compose and test a release. After the release is out, a bunch of things that were pending show up. If we added everything that wanted into the release, we would never have a stable image to test. kevin signature.asc Description: PGP signature -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
