Does it work when you're on a tty?
No.
(BTW, console-cyrillic doesn't work with X. Maybe it's not a problem
and I should use something else.)
Also, check for any open bug there could for the mentioned package
(console-cyrillic):
I haven't found any, but I found a solution.
Maybe it's not a
A machine (including any virtual hosts on it) can not be 100% secured
from people having physical access to it.
So the only solution in this case is to run the server at my place. Right?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Hello.
Before you install any operating system on your computer, set up a
BIOS password. After installation (once you have enabled bootup from
the hard disk) you should go back to the BIOS and change the boot
sequence to disable booting from floppy, CD-ROM and other devices that
shouldn't boot.
Hello.
What partition scheme is the best for a VPS (MTA + web server)?
According to the guide [1] I should use something like this:
/home
/tmp
/var/tmp/
/var
/opt
/var/mail
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
Cheers
P.S. Sorry for those who already seen
Hello.
During the system partitioning you also have to decide which file
system you want to use. The default file system selected in the Debian
installation for Linux partitions is ext3, a journaling file system. [1]
This manual covers only ext-related features. Should I use ext4
instead of ext3
Hello.
The presence, for example, of development utilities (a C compiler) or
interpreted languages (such as perl - but see below -, python, tcl...)
may help an attacker compromise the system…
So, without Perl and, unless you remake these utilities in shell
script, you will probably not be able to
Hello.
To manually update the system, put the following line in your
sources.list and you will get security updates automatically, whenever
you update your system. Replace [CODENAME] with the release codename,
e.g. squeeze.
deb http://security.debian.org/ [CODENAME]/updates main contrib
Hello.
Bringing the system to run level 1 (single user) and then back to run
level 3 (multi user) should take care of the restart of most (if not
all) system services. But this is not an option if you are executing
the security upgrade from a remote connection (like ssh) since it will
be severed.
Exercise caution when dealing with security upgrades if you are doing
them over a remote connection like ssh. A suggested procedure for a
security upgrade that involves a service restart is to restart the SSH
daemon and then, inmediately, attempt a new ssh connection without
breaking the previous
Hello.
If you are doing a security update which includes the kernel image
you need to reboot the system in order for the security update to be
useful. [1]
How to make it on a running server?
I don't want to disable my site and mail for that period of time.
Should I use another server to keep them
Hello.
Now, in order to allow some users to shutdown the system, as the
manpage shutdown(8) describes, you must create the file
/etc/shutdown.allow and include there the name of users which can boot
the system. When the three finger salute (a.k.a. ctrl+alt+del) is
given the program will check if
Hello.
This sounds great, but it: only applies to ext2 or ext3 file systems… [1]
What about ext4 (and others)?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe.
Hello.
You can set this variable in /etc/apt/apt.conf to another directory
with exec privileges other than /tmp. [1]
Which directory should be selected?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to
Hello.
Add root and the other users that should be able to su to the root
user to this group.
I'll be the only user of the server. Should I create a guest user for
me? Will it be enough to have a root access?
(The answer is pretty obvious, but I want to be sure.)
To make sure that the user root
Hello.
Violations, such as incorrect passwords or trying to run a program
you don't have permission for, are logged and mailed to root.
Where can I check this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
Hello.
If you are really paranoid you might want to add a system-wide
configuration to audit what the users are doing in your system. This
sections presents some tips using diverse utilities you can use.
Is it safe? Someone can read the logs.
Hello.
Note that you could introduce the configuration above in the user's
.profile. But then you would need to setup permissions properly in
such a way that prevents the user from modifying this file. This
includes: having the user's home directories not belong to the user
(since he would be
Hello.
Finally, you should consider changing root's default 022 umask (as
defined in /root/.bashrc) to a more strict umask.
Which one?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject
Hello.
Describe the consequences of changing packages permissions when
upgrading (an admin this paranoid should chroot his users BTW) if not
using dpkg-statoverride.
Could you provide more information on this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To
Hello.
Beware: The above printed example is open to a DoS attack by making
many connections in a short period of time. Many emails mean a lot of
file I/O by sending only a few packets.
How to avoid this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To
Hello.
There are other role accounts and aliases on your system. On a small
system, it's probably simplest to make sure that all such aliases
point to the root account, and that mail to root is forwarded to the
system administrator's personal mailbox.
How to enable this mailbox thing? Is it
Hello.
In addition to the usual Unix permissions, the ext2 and ext3
filesystems offer a set of specific attributes that give you more
control over the files on your system.
What about ext4 and others?
Now that the capability has been removed from the system, an intruder
cannot change any
Hello.
This option is a double-edged sword. On the one hand it protects your
system against syn packet flooding; on the other hand it violates
defined standards (RFCs).
Is there a way to protect the server against syn flooding without
RFCs' violation?
Hello.
Implement IP traffic filtering validating the MAC address.
How to do this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hello.
... Give users a restricted shell such as scponly or rssh. These
shells restrict the commands available to the users so that they are
not provided any remote execution privileges.
Is it really necessary?
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html
Hello.
Note, however, that there are rootkits which might work even in this
case, there are some that tamper with /dev/kmem (kernel memory)
directly to make themselves undetectable.
How to avoid those?
http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html
Cheers
--
To
Hello.
From this shell, backup the information to another host if possible
(maybe a network file server through NFS/FTP).
What about SSH?
Make sure to startup in single user mode, so no other Trojan
processes run after the kernel.
How to be sure?
Hello.
FIXME: Talk on how to do a debsums on a stable system with the
MD5sums on CD and with the recovered file system restored on a
separate partition.
How to do it?
http://www.debian.org/doc/manuals/securing-debian-howto/ch-after-compromise.en.html
Cheers
--
To UNSUBSCRIBE, email to
You really, really should read
http://catb.org/esr/faqs/smart-questions.html first (this applies to all
your other questions as well).
I read it some time ago.
Sorry for zillions of questions, but I really want to hear some
thoughts on these topics. The guide is outdated and I hope it'll help
The one which suits your needs :p
Could you point me to the guide that actually explains this?
Every guide I read says something like: do foo because foo is the right way.
It doesn't make any sense.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of
In ten years I've never seen so much of a flood sent to this list.
I'm really sorry for this, but it's not that easy to find.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
I wonder why the OP didn't keep all the questions in just one thread if
they are addressed to the same subject.
Sorry again. I've though it was a good idea to split those because
some issues may lead to a long discussion.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with
nobody did
Sorry. I learned my lesson.
Most of them could be
answered with the right google search.
It's true, but most of the answers you get will be something like do
foo because foo is a Good Thing.
I want to know the reason for doing foo.
Also, Im happy to see you are eager to learn, but
Why do you think debian-security was the wrong list? You even got answers to
some questions you posted there, what's wrong with those?
People told me (in private) that my questions are not connected with
security and I shouldn't post them there. I've also been told that
debian-security is used
I've successfully installed gNewSense using this guide:
http://www.odi.ch/prog/macbookpro/index.php
Now I have two systems installed. I don't think it'll be a problem to
get rid of Mac OS X.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe.
I forgot to mention this page: http://wiki.debian.org/MacBookPro
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
rEFIt works but cannot be convinced to stop delaying the boot
process by ~20 seconds (even after deleting PRAM and bless'ing
the partition).
I've been told that it's possible to tweak rEFIt, but I don't know how.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a
I've had the same problem. But using grub2 there is no need to use rEFIt
in a single boot environment.
Could you tell a little bit more?
What should I do to make it work?
Will it be enough to delete the partition of Mac OS X (rEFIt was
installed via Mac OS X)?
Should I somehow update GRUB after
Hi there.
I've recently read Securing Debian Manual and I have some newbie
questions connected with security.
I've thought that debian-security is the right list
for them, but I was wrong.
What is the proper list for such questions?
Here is an example:
What is more secure: dedicated server or
..firmware?
arnt@celsius:~$ dpkg -l |grep firmware-linux
ii firmware-linux 0.35
Binary firmware for various drivers in the Linux kernel (meta-package)
ii firmware-linux-free 3
Binary firmware for various drivers in the Linux kernel
ii
Hello.
It worked!
I ran apt-get update; apt-get -f upgrade; apt-get install xorg.
Now I want to find out which packages are really needed. Because xorg
installed a lot of stuff.
Thanks for your help.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of
Does it work when you're on a tty?
I don't really understand why did you mention tty.
What should I do to check it?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Earlier you mentioned
http://nouveau.freedesktop.org/wiki/TroubleShooting
did you check the section that applies to this error?
http://nouveau.freedesktop.org/wiki/TroubleShooting#Xorg_fails_to_start_with_.22.28EE.29_.5Bdrm.5D_failed_to_open_device.22
This guide wasn't helpful. modprobe
To make the firmware work properly you need at least 2 more files that
must be extracted from original Broadcom drivers: b0g0bsinitvals5.fw and
b0g0initvals5.fw.
Could you provide an installation guide for OpenFWWF?
I want to test it myself. Maybe those guys didn't have a chance to test my
This suggests something is missing from your kernel.
Could you be more specific?
Will it help if I paste my .config?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Please attach your /var/log/Xorg.0.log
X.Org X Server 1.7.7
Release Date: 2010-05-04
X Protocol Version 11, Revision 0
xorg-server 2:1.7.7-14 (Julien Cristau jcris...@debian.org)
Current version of pixman: 0.25.1
Before reporting problems, check http://wiki.x.org
to make sure that
Hi,
I have no idea how to make it work.
ctrl:nocaps works fine if console-cyrillic is disabled.
Maybe console-cyrillic blocks /etc/default/keyboard...
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
I've tried to use both packages, but I can't make X work.
startx fails with (EE) [drm] failed to open device.
I tried to look through the kernel options, asked people about it,
read a man page on troubleshooting [1], but all my attempts were
unsuccesful.
[1]
Hi there!
I'm trying to configure wlan on my laptop. I've found several guides
on the topic, but all of them require to install non-free software.
[1, 2] I'm looking for a way to make it work without proprietary
software. Someone told me that it's possible with OpenFWWF. [3] But I
have no
(I'd tried to use one of the nouveau lists, but didn't get the reply.)
modprobe nouveau outputs nothing, but there is no nouveau module in
the output of lsmod.
Is there a HOWTO for Debian?
Cheers.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of
Works here with acpi-support. Uncomment LID_SLEEP=true
in /etc/default/acpi-support.
This thing is exactly what I wanted. But it's not working.
I'd uncommented LID_SLEEP, but it didn't work out. It may depend on
some ACPI-related stuff, but I don't know how to check this.
Or it may be connected
First, invoke acpi_listen, then close and re-open the lid. The event will
be shown onscreen, in my case it is button/lid LID close plus a few
other lines.
In my case: button/lid LID0 0080 000f (closed) and
button/lid LID0 0080 0010 (opened). The last numbers differ
from time to
$ tasksel --task-packages laptop
I've installed pm-utils.
(I was testing these commands in prompt because I haven't configured X yet.)
pm-suspend worked. The LED was blinking. But when I had left suspend
the screen was very bright. How to tweak the screen settings?
I'm not sure about
Closing the lid and go suspend is an option, maye you have to enable that.
Where?
Cheers.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
This usually has to be configured in whatever power manager you're
using. What DE are you using?
I haven't configured Xorg yet. And I'm looking for a universal
solution. It shouldn't depend on DE. I want to be able to use it from
the shell.
Cheers.
--
To UNSUBSCRIBE, email to
Under Trinity desktop, I use the kde3 applet kpowersave.
I'm looking for a small standalone daemon. Because I want to be able
to use it without DE at all.
I've learned to do it by myself!
This is nice. But the main goal was to find a way to do it automatically.
Cheers.
--
To UNSUBSCRIBE,
I wonder if gNewSense have a dedicated mailing list... hum, it seems that
yes ;-)
I've experienced some technical problems with that list.
Despite the messages, what's the problem you are experiencing? No video
output?
The messages themselves are not good. I want to know the cause of the
Kernel messages can be verbose but harmless.
What is the cause of those messages?
If those are harmless I also want to know how to disable them.
Upload the full /var/log/Xorg.0.log file and also dmesg so we can
check it.
/var/log/Xorg.0.log: http://pastebin.com/SYBHh7CZ
dmesg:
Hi!
I'm using gNewSense.
(I know that gNewSense has it's own mailing list. But there aren't
many Mac users.)
Is there a way to check that my laptop (MacBookPro6,2) is actually
going to sleep after the lid is closed?
I'm not sure because it didn't turn off the screen. And the LED was
not
I wonder if nuvó supports that card.
It's supported: http://nouveau.freedesktop.org/wiki/CodeNames#NV50
1/ Disable KMS (append nouveau.modeset=0 to the kernel line of GRUB)
Are you talking about GRUB legacy (1)? I'm using the second version.
--
To UNSUBSCRIBE, email to
Is there another video device on the system? Intel?
Yep. Intel HD.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Everyone has been telling us that we *absolutely* have to be on facebook...
Please don't use Facebook.
http://stallman.org/facebook.html
I've read the tech news concerning facebook's privacy and intellectual
property policies.
Please don't use this term.
Hi!
I'm using gNewSense (it's a Debian-based distro).
Could you help me with these errors:
[drm: i915_init] *ERROR* drm/i915 can't work without intel_agp module!
i8042: No controller found
uhci_hcd :00:1a.0: Found HC with no IRQ. Check BIOS/PCI :00:1a.0 setup!
uhci_hcd :00:1a.0: init
Hey!
Could you help me to install elinks?
Here is the output:
http://pastebin.com/aaAjpS5G
What should I do to resolve this dep?
Cheers.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
I don't want to use non-free software.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/cak5fs_gthf+khz8wyepvcbkpvk9xotf4lkib7ojniffy3un...@mail.gmail.com
Serious, you're using a Mac [1], there's nothing I could imagine that's
more un-libre.
I can't go back in time, but I can change the future.
I really wonder why you won't use the proprietary driver.
It's a matter of principle.
Thanks for the links.
--
To UNSUBSCRIBE, email to
Hello there!
What's the difference between these packages?
Cheers.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Hi there!
I want to encrypt my files automatically when I close my laptop. Is it possible?
Which directories should be encrypted? Where is stored my personal
information (GPG keys, personal data etc.)?
I'm using gNewSense (it's a Debian-based distro).
Cheers.
--
To UNSUBSCRIBE, email to
In brief, the former will install (by dependencies) the full Xorg server
with all of the VGA drivers...
Will it install Nouveau this way?
Should I install Nouveau drivers after the installation of the server itself?
Cheers.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
TrueCrypt is non-free software, and as a gNewSense user you should know it.
Thanks! What could you recommend as a replacement?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Hello!
What version of Debian do you have installed?
I'm using gNewSense (AFAIK it's based on Squeeze).
What Nvidia graphics?
NVIDIA GeForce 330M + Intel HD
What computer?
MacBookPro6,2
Do you need perfect, very fast 3D acceleration?
Yep, but the drivers should be free.
What screen
Hello there!
I'm going to run my own server (website + MTA).
Here is the chosen solution:
https://www.gandi.net/hosting/vps/dedicated (Debian 6 64 bits without
Gandi AI).
Is it OK?
This is my first attempt to administer a server and I want to be as
secure as possible.
Could you give any advice
I knew about it. But I need more information.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/cak5fs_emuze7_t28gvzy12cbci5euywaw4kjxmbd2wkcet1...@mail.gmail.com
The main branch is only free software...
Are you sure about that?
How to check that?
Where can I look through the package's license?
King regards.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
My processor is x86.
Which one should I download?
http://www.debian.org/releases/squeeze/debian-installer/
My OS is Windows XP and I need to make a backup of my data, but I also
want to use this data in the future (on Debian). Could you recommend
me something? Are there any software solutions
75 matches
Mail list logo
