Re: Erreur d'un partitionnement assisté avec LVM chiffré
Le lundi 24 février 2014 à 17:21, LaNaar Dakoté a écrit : Apparemment, LVM peut garder les volumes physique en cache pour éviter de les re-détecter systématiquement. Que donne la commande « pvscan » ? Incorrect metadata area header checksum on /dev/sda1 at offset 4096 PV /dev/sda5 VG mon_VGlvm2 [74,26 GiB / 0free] PV /dev/sdb1 VG mon_VGlvm2 [74,50 GiB / 0free] PV /dev/sda1 lvm2 [74,50 GiB] Total: 3 [223,27 GiB] / in use: 2 [148,77 GiB] / in no VG: 1 [74,50 GiB] La partition /dev/sda1 doit contenir un en-tete LVM… La commande suivante permettra de copier cet en-tête dans un fichier : dd if=/dev/sda1 bs=512 count=255 skip=1 of=/tmp/sda1.txt Ensuite, en recherchant du texte dedans, tu devrais trouver ce qui induit LVM en erreur : strings /tmp/sda1.txt Il va falloir effacer cet en-tête. Il est plus que recommandé de faire une sauvegarde de la partition avant ! umount /boot dd if=/dev/sda1 of=/var/tmp/sda1.img Ensuite, cette commande devrait faire l'affaire : pvremove /dev/sda1 Seb -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225103620.ga13...@sebian.nob900.homeip.net
Re: USB Installation
Bonjour, Le mardi 25 février 2014 à 13:49, Diogene Laerce a écrit : J'ai installé Wheezy sur une clef USB. Tout fonctionne mais j'aimerais avoir des conseils sur la gestion des cartes graphiques. En effet, selon l'ordinateur sur lequel je vais booter ma clef, le système graphique sera différent. Quelle serait donc la meilleure méthode pour gérer cela ? J'ai à peu près la même configuration. Je laisse Xorg gérer ça comme un grand et ça se passe plutôt bien. Il faut juste t'assurer que tous les drivers graphiques sont correctement installés, meta-paquet « xserver-xorg-video-all ». Avant, en fonction de la configuration réseau, j'identifiais la machine et je déposais un xorg.conf adapté… Je m'en passe très bien depuis plusieurs années. Seb -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225105150.gb13...@sebian.nob900.homeip.net
Re: Handy Linux à base Debian
On Monday 24 February 2014 13:58:00 Roger Bouchard wrote: Le 2014-02-24 06:31, jc.etiemble a écrit : ça semble super pour les retraités qui débutent en informatique. Je l'ai installé pour le fun et la localisation pour le Québec ne fonctionne pas, clavier heure... Et je n'ai fait qu'effleurer la surface. Il faut mettre la main dans la cambouis Donc vous repasserez pour l'affirmation gratuite. Roger, retraité et pas débutant en informatique Handy Linux est une excellente initiative qui doit encore s'améliorer : http://handylinux.org/blog/article3/le-blog-handylinux-pose-ses-valises Allez, un peu de tolérance pour cette équipe de sympathiques développeurs ! André -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201402251202.00606.andre_deb...@numericable.fr
Re: Handy Linux à base Debian
Le 2014-02-25 06:02, andre_deb...@numericable.fr a écrit : On Monday 24 February 2014 13:58:00 Roger Bouchard wrote: Le 2014-02-24 06:31, jc.etiemble a écrit : ça semble super pour les retraités qui débutent en informatique. Je l'ai installé pour le fun et la localisation pour le Québec ne fonctionne pas, clavier heure... Et je n'ai fait qu'effleurer la surface. Il faut mettre la main dans la cambouis Donc vous repasserez pour l'affirmation gratuite. Roger, retraité et pas débutant en informatique Handy Linux est une excellente initiative qui doit encore s'améliorer : http://handylinux.org/blog/article3/le-blog-handylinux-pose-ses-valises Allez, un peu de tolérance pour cette équipe de sympathiques développeurs ! André Bonjour à tous! Pour clarifier ma pensée, ce n'est pas contre la distribution que j'en ai (mes excuses aux développeurs si on l'a cru) mais plutôt contre l'allusion aux retraités que je trouve tendancieuse et préjudiciable. Voilà. Bonne journée à tous, Roger -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/530ca80a.4090...@gmail.com
Re: Handy Linux à base Debian
On Tue, 25 Feb 2014 09:26:18 -0500 Roger Bouchard rhb...@gmail.com wrote: Pour clarifier ma pensée, ce n'est pas contre la distribution que j'en ai (mes excuses aux développeurs si on l'a cru) mais plutôt contre l'allusion aux retraités que je trouve tendancieuse et préjudiciable. Ah bon, je croyais que c'était une distro pour les handicapés mentaux?! -- Tzim passe a la fnac : t'as au moins 1 PC sur 2 avec de l'AMD dedans Faskil et autant de vendeurs qui savent ce qu'est un PC -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225153401.2b92e070@anubis.defcon1
Re: Handy Linux à base Debian
Le Mardi 25 Février 2014 15:26 CET, Roger Bouchard rhb...@gmail.com a écrit: Le 2014-02-25 06:02, andre_deb...@numericable.fr a écrit : On Monday 24 February 2014 13:58:00 Roger Bouchard wrote: Le 2014-02-24 06:31, jc.etiemble a écrit : ça semble super pour les retraités qui débutent en informatique. Je l'ai installé pour le fun et la localisation pour le Québec ne fonctionne pas, clavier heure... Et je n'ai fait qu'effleurer la surface. Il faut mettre la main dans la cambouis Donc vous repasserez pour l'affirmation gratuite. Roger, retraité et pas débutant en informatique Handy Linux est une excellente initiative qui doit encore s'améliorer : http://handylinux.org/blog/article3/le-blog-handylinux-pose-ses-valises Allez, un peu de tolérance pour cette équipe de sympathiques développeurs ! André Bonjour à tous! Bonjour Roger, Content de voir un retraité Canadien sur la liste, ça fait plaisir. Je ne suis pas retraité mais plus très jeune non plus... Dans cette liste il n'y a pas d'âge, L'intérêt à Debian n'en a pas non plus. Les gens sont sympa. Juste de temps en temps des hors sujets comme nous maintenant. On apprend beaucoup de choses juste en lisant les autres. Et quand on peut aider, c'est génial. A bientôt. nb -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/6580-530caa00-3-70f33480@133639876
Pb de noyau rt en testing
Bonjour, j' ai un portable en testing. Comme je m' en sers essentiellement pour travailler du son, je tourne (tournais...) avec le noyau rt. Depuis ma dernière mise à jour, la machine ne démarre plus. Je suis passé du 3.12.6-2 au 3.12.9-1. En démarrage normal le dernier affichage est 'Booting the kernel...' et en mode recovery les 3 dernières lignes qui s' affichent sont: [0.216477] hpet0: at MMIO 0xfed0, IRQs 2, 8, 0 [0.216481] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [0.218517] Switched to clocksource hpet ...puis plus rien. J' ai pas une connaissance très approfondie du noyau, mais ça me semble pas incohérent si c' est un bug du noyau temps réel que ça s' arrête là. Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Et précision supplémentaire c' est en amd64. Merci, Vincent -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225181551.706a246e@bricoleur.ouhena.intra
Re: Pb de noyau rt en testing
Le Mardi 25 Février 2014 18:15 CET, Vincent Besse vinc...@ouhena.org a écrit: Bonjour, j' ai un portable en testing. Comme je m' en sers essentiellement pour travailler du son, je tourne (tournais...) avec le noyau rt. Depuis ma dernière mise à jour, la machine ne démarre plus. Je suis passé du 3.12.6-2 au 3.12.9-1. En démarrage normal le dernier affichage est 'Booting the kernel...' et en mode recovery les 3 dernières lignes qui s' affichent sont: [0.216477] hpet0: at MMIO 0xfed0, IRQs 2, 8, 0 [0.216481] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [0.218517] Switched to clocksource hpet ...puis plus rien. J' ai pas une connaissance très approfondie du noyau, mais ça me semble pas incohérent si c' est un bug du noyau temps réel que ça s' arrête là. Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Et précision supplémentaire c' est en amd64. Bonjour, Je pense que tu peux récupérer le tarball qui t'intéresse ici: https://www.kernel.org/pub/linux/kernel/v3.x/ puis le compiler toi-même après dézip: - cd linux-x.y.z - récupérer un /boot/config-xxx en .config - make menuconfig puis save puis exit - make -j nombre KDEB_PKGVERSION=1.nomcustom deb-pkg (-j nombre si +ieurs CPU) - dpkg -i chemin/linux-x.y.z*.deb nb -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/6580-530cd380-7-70f33480@133639878
Re: Handy Linux à base Debian
On Tuesday 25 February 2014 15:34:01 Bzzz wrote: On Tue, 25 Feb 2014 09:26:18 -0500 Roger Bouchard rhb...@gmail.com wrote: Pour clarifier ma pensée, ce n'est pas contre la distribution que j'en ai (mes excuses aux développeurs si on l'a cru) mais plutôt contre l'allusion aux retraités que je trouve tendancieuse et préjudiciable. Ah bon, je croyais que c'était une distro pour les handicapés mentaux?! Pourquoi mentaux ? Le nom de cette distribution est mal choisie, on pense qu'elle est faite pour des handicapés, mal-voyants, paralysés... alors que son objectif est de faciliter ceux qui démarrent l'informatique ou viennent du clicodrome Window$. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201402251913.19066.andre_deb...@numericable.fr
Re: Handy Linux à base Debian
Le Tue, 25 Feb 2014 15:30:03 +0100, Roger Bouchard a écrit : mais plutôt contre l'allusion aux retraités que je trouve tendancieuse et préjudiciable +1 HS certains retraités ont des connaissances à faire pâlir plus d'un jeune même un crâne d'œuf. Ils ont vécu l'histoire de l'informatique/ électronique \HS Je la trouve un peu maternelle et trop bridée mais c'est un bon début sur tout les menus d'entrée. Ce ne sont pas les softs que je préfère mais il faut choisir. Il faudrait aussi un mode aventurier plus libre. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/530cd877$0$2380$426a7...@news.free.fr
Re: Pb de noyau rt en testing
Bonsoir, Le mardi 25 février 2014 à 18:15, Vincent Besse a écrit : Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Oui ! Tu n'as qu'à chercher dans les archives : http://snapshot.debian.org Seb -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225183507.gb2...@serveur.nob900.us.to
Re: Pb de noyau rt en testing
Le 25/02/2014 18:30, Vincent Besse a écrit : Bonjour, j' ai un portable en testing. Comme je m' en sers essentiellement pour travailler du son, je tourne (tournais...) avec le noyau rt. Depuis ma dernière mise à jour, la machine ne démarre plus. Je suis passé du 3.12.6-2 au 3.12.9-1. En démarrage normal le dernier affichage est 'Booting the kernel...' et en mode recovery les 3 dernières lignes qui s' affichent sont: [0.216477] hpet0: at MMIO 0xfed0, IRQs 2, 8, 0 [0.216481] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [0.218517] Switched to clocksource hpet ...puis plus rien. J' ai pas une connaissance très approfondie du noyau, mais ça me semble pas incohérent si c' est un bug du noyau temps réel que ça s' arrête là. Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Et précision supplémentaire c' est en amd64. Merci, Vincent Bonjour, Peut-être une solution là : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736682 Je n'ai pas testé, je ne suis pas en rt. Cordialement Michel -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/530cdd2b$0$2042$426a3...@news.free.fr
dh_auto_configure et le CPU
Salut à tous les Debianistes, Je suis en train de me créer moi-même mes paquets Wine en utilisant un mix du dossier debian des paquets d'Ubuntu et Debian. Tout fonctionne très bien, la compilation complète de Wine fonctionne et la création des différents paquets également. Mais voilà, pour compile wine, j'utilise dans le fichier debian/rules la commande 'dh_auto_configure'. La commande en elle-même fonctionne mais le petit soucis, c'est qu'il n'y a qu'un Core sur les 4 que je possède (j'ai un I5) qui est utilisé. Donc la compilation est un peu longue. Si je remplace cette commande par ./configure make -j4 J'ai un message d'erreur au lancement de debuild me disant qu'il manque un séparateur à debian rules:9 (donc à la ligne 9 du fichier debian/rules qui correspond à la ligne du make -j4 juste avant le else) 1- Impossible de corriger cette erreur vu que je ne vois pas ou il en a une. De plus, le duo ./configure + make -j4 fonctionne très bien sur 32-bits. Je n'ai cette erreur que lors de la compilation sur 64-bits 2- Y a-t'il la possibilité de dire à la commande dh_auto_configure d'utiliser les 4 cores et non un seul ? Merci PS : j'attache le fichier rules avec les différentes modifications. rules Description: Binary data
Re: Handy Linux à base Debian
Le mardi 25 février 2014 19:13:19 andre_deb...@numericable.fr a écrit : […] Le nom de cette distribution est mal choisie, on pense qu'elle est faite pour des handicapés, mal-voyants, paralysés... […] Handy : adj., facile d’usage, à proximité, adroit. Rien à voir avec le sens actuel de handicapé (/disabled/ en anglais), sauf l’étymologie (« hand in cap ») et, surtout, l’« humour » de Bzzz. -- Sylvain Sauvage -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/6971073.gFr9oMWMqP@earendil
Re: Pb de noyau rt en testing
Le 25/02/2014 18:15, Vincent Besse a écrit : Bonjour, j' ai un portable en testing. Comme je m' en sers essentiellement pour travailler du son, je tourne (tournais...) avec le noyau rt. Depuis ma dernière mise à jour, la machine ne démarre plus. Je suis passé du 3.12.6-2 au 3.12.9-1. En démarrage normal le dernier affichage est 'Booting the kernel...' et en mode recovery les 3 dernières lignes qui s' affichent sont: [0.216477] hpet0: at MMIO 0xfed0, IRQs 2, 8, 0 [0.216481] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [0.218517] Switched to clocksource hpet ...puis plus rien. J' ai pas une connaissance très approfondie du noyau, mais ça me semble pas incohérent si c' est un bug du noyau temps réel que ça s' arrête là. Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Dans le pool il y a plusieurs versions : ftp://ftp.fr.debian.org/debian/pool/main/l/linux/ -- == | FRÉDÉRIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frede...@juliana-multimedia.com | | +33.(0)2.97.54.77.94 +33.(0)6.67.19.95.69 | ===Debian=GNU/Linux=== -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/530cf5c8.2090...@juliana-multimedia.com
Re: Pb de noyau rt en testing
On Tue, 25 Feb 2014 19:35:07 +0100 Sébastien NOBILI sebnewslet...@free.fr wrote: Bonsoir, Le mardi 25 février 2014 à 18:15, Vincent Besse a écrit : Je démarre sans soucis avec un noyau 3.12.9-1 'normal'. Avant de déclarer un bug, j' aurais bien re-essayé un 3.12.6 rt (ou plus ancien) mais il n' est plus dans les dépots. Y a-t-il un moyen de retrouver une ancienne version? Oui ! Tu n'as qu'à chercher dans les archives : http://snapshot.debian.org Fo-horrmida-ble! Merci, c' est ce qu' il me fallait. Du coup pas de problème avec le 3.12.6-rt. J' ai regardé très vite fait le bugreport signalé par Michel et je vais sans doute rester en 3.12.6 en attendant le 3.13 mais faut que je le relise à tête reposée :) En tout cas merci à tous. Vincent -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140225211915.7598515e@bricoleur.ouhena.intra
Re: Handy Linux à base Debian
Sylvain L. Sauvage sylvain.l.sauv...@free.fr writes: Rien à voir avec le sens actuel de handicapé (/disabled/ en anglais), sauf l’étymologie (« hand in cap ») et, surtout, Euh impaired plutôt non ? l’« humour » de Bzzz. Oui, on y est habitué. Mais je peux comprendre que par écrit on perçoive moins l'humour. -- Raphaël « Tout chercheur plongé dans la science subit une poussée de bas en haut susceptible de lui remonter le moral. » Monsieur Cyclopède -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/8738j7aq4a@gmail.com
[HS] : Que pensez-vous de cette article à propos de FreeBSD ?
Que pensez-vous de cette article à propos de FreeBSD ? http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dexploitation-obsolete-et-dangereux/ Les 1ère lignes font penser à une personne rageuse (Excusez-moi du terme) qui dit que Linux, BSD... C'est vraiement pourri Mais en lisant les autres lignes, on se rend compte que non. Qu'en pensez-vous ? Cordialement, Valentin
Re: [HS] : Que pensez-vous de cette article à propos de FreeBSD ?
Le 25/02/2014 22:00, valentin OVD a écrit : http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dexploitation-obsolete-et-dangereux/Que pensez-vous de cette article à propos de FreeBSD ? http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dexploitation-obsolete-et-dangereux/ http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dexploitation-obsolete-et-dangereux/http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dexploitation-obsolete-et-dangereux/ Les 1ère lignes font penser à une personne rageuse (Excusez-moi du terme) qui dit que Linux, BSD... C'est vraiement pourri Mais en lisant les autres lignes, on se rend compte que non. Qu'en pensez-vous ? Cordialement, Valentin Hello, Je lis là simplement quelqu'un qui critique FreeBSD. Ce qui porte à confusion par contre c'est dès le premier paragraphe il nous dit tout n'est pas rose sur GNU/Linux après avoir décidé quitté GNU/Linux, mais nous dit juste avant revenir inlassablement sur Debian . Finalement, Linux malgré ses défauts serait moins pire que FreeBSD... Par contre je n'ai jamais utilisé FreeBSD donc je ne pourrai rien dire sur le fond de l'article qui m'a l'air quand même bien à charge! (les utilisateurs lambda souvent arrogants ... :-) ) -- RHATAY Sami IUT Vannes - INFO1 signature.asc Description: OpenPGP digital signature
Re: [HS] : Que pensez-vous de cette article à propos de FreeBSD ?
On Tuesday 25 February 2014 22:00:14 valentin OVD wrote: Que pensez-vous de cette article à propos de FreeBSD ? http://bloglinuxunixwindows.wordpress.com/2013/08/03/freebsd-un-systeme-dex ploitation-obsolete-et-dangereux/ Les 1ère lignes font penser à une personne rageuse (Excusez-moi du terme) qui dit que Linux, BSD... C'est vraiement pourri Mais en lisant les autres lignes, on se rend compte que non. Qu'en pensez-vous ? Cordialement, Valentin Lors du dernier salon 2013 Solutions Linux et OpenSource, une équipe d'un Unix Free reconnaissait d'elle même des bugs dans les dernières versions et préconisait d'attendre. Je pense qu'il s'agissait de FreeBSD (sinon OpenBSD ou NetBSD ?) S'agit-il de la suite de la déception des aficionados de FreeBSD... ? André -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201402252302.57431.andre_deb...@numericable.fr
Re: Handy Linux à base Debian
Le mardi 25 février 2014 21:34:13 Raphaël POITEVIN a écrit : Sylvain L. Sauvage sylvain.l.sauv...@free.fr writes: Rien à voir avec le sens actuel de handicapé (/disabled/ en anglais), sauf l’étymologie (« hand in cap ») et, surtout, Euh impaired plutôt non ? Après une courte vérification sur wiktionary, /disabled/ y est bien donné comme synonyme de /handicapped/ (que j’ai moins souvent rencontré). Et /disability/ y est dit être utilisé pour une pension d’invalidité. Donc ça colle. /Impaired/ (tout seul) semble être réservé pour un état temporaire mais, effectivement, c’est lui qui est utilisé dans toutes ces circonlocutions¹ politiquement correctes qu’ils nous pondent (/visually impaired/ et Cie). ––– 1. et dans circonlocution, il y a cirque… l’« humour » de Bzzz. Oui, on y est habitué. Mais je peux comprendre que par écrit on perçoive moins l'humour. Sais pas, jamais testé cet humour à l’oral. -- Sylvain Sauvage -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/9418994.kbsqMdoxoR@earendil
Re: USB Installation
Merci pour ta réponse. J'ai installé Wheezy sur une clef USB. Tout fonctionne mais j'aimerais avoir des conseils sur la gestion des cartes graphiques. En effet, selon l'ordinateur sur lequel je vais booter ma clef, le système graphique sera différent. Quelle serait donc la meilleure méthode pour gérer cela ? J'ai à peu près la même configuration. Je laisse Xorg gérer ça comme un grand et ça se passe plutôt bien. Il faut juste t'assurer que tous les drivers graphiques sont correctement installés, meta-paquet « xserver-xorg-video-all ». Donc un Xorg --configure avant de démarrer X et ca roule ? -- “One original thought is worth a thousand mindless quotings.” “Le vrai n'est pas plus sûr que le probable.” Diogene Laerce -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/530d4f4e.8050...@yahoo.fr
Re: Handy Linux à base Debian
Salut a tout le monde, ici (en Australie), où j'ai un boulot en mairie que l'on pourrait traduire par Chargé de développement jeunesse et communauté qui comporte une partie concernant l'accessibilité, les personnes en situation de handicap sont politi-correctement appelées people with disabilities ( http://australia.gov.au/people/people-with-disabilities ) . Les toilettes sont appelées disabled toilet. La commission d'état chargé en la matière se nomme Disability Services Commission ( http://www.disability.wa.gov.au/ ). Et ainsi de suite. a+ Olivier (mes excuses pour le message en privé Sylvain) -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/1716488146.181070870.1393390730408.javamail.r...@zimbra61-e11.priv.proxad.net
Re: Handy Linux à base Debian
On Wed, Feb 26, 2014 at 01:37:25AM +0100, Sylvain L. Sauvage wrote: Après une courte vérification sur wiktionary, /disabled/ y est bien donné comme synonyme de /handicapped/ (que j'ai moins souvent rencontré). Et /disability/ y est dit être utilisé pour une pension d'invalidité. Donc ça colle. /Impaired/ (tout seul) semble être réservé pour un état temporaire mais, effectivement, c'est lui qui est utilisé dans toutes ces circonlocutions¹ politiquement correctes qu'ils nous pondent (/visually impaired/ et Cie). Je dirais que 'disabled' se rapporte à la personne et 'impaired' à la fonction: I'm disabled because I am visually impaired. Y. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20140226065444.gn19...@rutschle.net
Re: Pregunta sobre iptables en debian
On 25/02/14 00:24, Maykel Franco wrote: Sé de lo que es capaz iptables y para que es. El forward, mangle, nat, redirect...Lo he usado para numerosas cosas, pero la duda no es que no sepa lo que es iptables, la duda es que creo que da lo mismo tener iptables permitiendo sólo el tráfico TCP y cerrar todo, va a ser vulnerable igual. Es decir, si cierras todo, servicio a servicio y solo dejas el web apache, iptables apagado, daría lo mismo que usar iptables, cerrar todo y sólo permitir el tráfico TCP al puerto 80. Sería igual de vulnerable en ese caso o me equivoco?? Todo esto sin contar con fail2ban, por supuesto. Gracias por las respuestas. Saludos. Si la aplicación es vulnerable y no tienes ningún filtro que neutralice la acción de forma activa o medio de detección antes de la explotación, está claro que nada podrás hacer. En este caso el uso de aplicaciones como modsecurity pueden ayudarte. Puedes usar netfilter para detectar fragmentación (como te comentaron) controlar el número de conexiones http/https, redireccionar si detectas más de x conexiones o comportamientos no humanos, redireccionar la petición o null route. De forma pasiva puedes usar netfilter y ya que hablas de fail2ban, tienes la directiva badbots (apache), puedes currarte filtros para detectar ataques por fuerza bruta para tus wordpress, joomla (si lo usas), directorios protegidos por contraseña. Filtros en OUTPUT+log. Saludos, -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c78f8.1030...@gmail.com
Xen Qemu
Queria probar el estado actual de la virtualización para VDI, haseun par de años lo probe con QEMU y spice, en la actualidad creo que ha cambiado algo, Virtual BOX esta integrado en Debian y dice dar mejores rendimientor con VRDP y XEN tambien esta integrado en debian y soporta spice (xl) desde la versión 4.2 (en testing esta la 4.3). ¿Alguien sabe algo? Que recomendaría QEMU. XEN o VBOX. En este caso se trata de una maquina (para uso personal) pero que voy a tener un par de escritorios, quiero que se accedan en remoto y en local, pero se van a usar mas en remoto que en local y necesito alto rendimiento multimedia en remoto, incluso juegos. No se trata de un gran sistema para una empresa con muchos servidores virtuales, posiblemnte solo tenga dos maquinas debian y W7 y van ha ser usadas en remoto desde una tablet android. (hay clientes rdp y spice disponibles. Si tenéis curiosidad por lo que quiero podeis ver este producto de ASUS que es lo que quiero crear: http://www.asus.com/es/AllinOne_PCs/ASUS_Transformer_AiO_P1801 -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1393329872.9384.9.ca...@trujo.hvn.sas.junta-andalucia.es
Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
Hola. Aprovecho el punto que a cogido este hilo para lanzar una cuestión de novato con servidor web. ¿Como evitar usuarios spam registrados por robots? Desde la última oleada, he desactivado el registro y aun no tengo solución. Espero que tengan algun remedio, receta o consejo para mi. Por supuesto las soluciones más simples y sencillas son las más apreciadas. Muchas gracias. Juan El 25/02/14 12:05, czm.ext escribió: On 25/02/14 00:24, Maykel Franco wrote: Sé de lo que es capaz iptables y para que es. El forward, mangle, nat, redirect...Lo he usado para numerosas cosas, pero la duda no es que no sepa lo que es iptables, la duda es que creo que da lo mismo tener iptables permitiendo sólo el tráfico TCP y cerrar todo, va a ser vulnerable igual. Es decir, si cierras todo, servicio a servicio y solo dejas el web apache, iptables apagado, daría lo mismo que usar iptables, cerrar todo y sólo permitir el tráfico TCP al puerto 80. Sería igual de vulnerable en ese caso o me equivoco?? Todo esto sin contar con fail2ban, por supuesto. Gracias por las respuestas. Saludos. Si la aplicación es vulnerable y no tienes ningún filtro que neutralice la acción de forma activa o medio de detección antes de la explotación, está claro que nada podrás hacer. En este caso el uso de aplicaciones como modsecurity pueden ayudarte. Puedes usar netfilter para detectar fragmentación (como te comentaron) controlar el número de conexiones http/https, redireccionar si detectas más de x conexiones o comportamientos no humanos, redireccionar la petición o null route. De forma pasiva puedes usar netfilter y ya que hablas de fail2ban, tienes la directiva badbots (apache), puedes currarte filtros para detectar ataques por fuerza bruta para tus wordpress, joomla (si lo usas), directorios protegidos por contraseña. Filtros en OUTPUT+log. Saludos, -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c9340.1080...@gmail.com
Re: Cual es a mejor combinacion Server de Correos
El Mon, 24 Feb 2014 13:27:31 -0500, William Romero escribió: (ese html...) Hola lista tengo servidor de correos con la combinacion de PostFix , Dovecot, Sendmail , luego Horde. El sendmail no lo ubico... si ya tienes Postfix ¿para qué quieres otro MTA? Resulta que ahora quieren agregar mas dominios en este mismo servidor e instale Postfix admin que por cierto funiona bien pero hay que configurar algo mas a postfix y dovecot para que lea la base de datos del mismo al crar cuentas y dominio. Bueno, claro, según el tipo de almacén de datos que uses tienes que añadir los nuevos buzones/cuentas de los usuarios para que el sistema los reconozca. mi consulta es cuan es la mejor opcion para escoger para configurar y administrar las cuentas y dominios por cierto tambien la aplicacion web. ¿De qué cantidad de usuarios estamos hablando y qué tipo de almacén de datos usas (mysql, sasldb2, pam, ldap...)? 1. Phamm , Postfix , Horde , Spam mail ( esta estoy buscando me dicen que si funciona bien ) 2. Posfixadmin , Postfix , Dovecot, Rouncube, Spamassin ( seria bueno esto) 3. Zimbra ( es algo caro ) Tu pregunta es confusa ya que la gestión de las cuentas de los usuarios es independiente de las aplicaciones que uses y creo que es más importante lo segundo que lo primero, es decir, que no decidas los servicios que van hacerse cargo de tu sistema de correo en base a su facilidad de gestión de los buzones sino a si cubre los requisitos que buscas. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.14.59...@gmail.com
Re: Pregunta sobre iptables en debian
El Mon, 24 Feb 2014 22:44:03 +0100, Maykel Franco escribió: Hola buenas, tengo una pregunta que alomejor es un poco tonta pero siempre la he tenido y ahí va... No entiendo cuál es la finalidad de usar iptables. Jo-do. Con perdón. Es decir, se usa para filtrar y abrir sólo lo que tú quieras o cerrar, pero si tengo sólo instalado un servidor web y un servicio ssh, qué más da si uso iptables para aceptar sólo conexiones a esos puertos 80/22 respectivamente y cierro todo lo demás, si aunque no ponga iptables también van a estar abierto y escuchando... Un cortafuegos avanzado como iptables también permite controlar el número de peticiones permitidas desde/hacia ciertos puertos para evitar dejar saturado el servicio o servidor. ¿Para que no puedan explotar otros puertos abiertos de otros servicios? No sé alomejor estoy equivocado pero no le veo mucho sentido excepto cerrar todo y abrir solo lo que quieras... No sé si me explicado bien. Es una medida adicional de seguridad. Es decir, imaginaros que sólo tengo el servicio web activo, puerto 80, todo lo demás que tenga algún puerto corriendo los paro, qué diferencia habría de usar ahí iptables a no usarlo... Si tienes la certeza de que no hay ningún servicio accesible desde el exterior que esté en ejecución con un puerto abierto, no hay ninguna diferencia. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.15.12...@gmail.com
RE: Cual es a mejor combinacion Server de Correos
To: debian-user-spanish@lists.debian.org From: noela...@gmail.com Subject: Re: Cual es a mejor combinacion Server de Correos Date: Tue, 25 Feb 2014 14:59:19 + El Mon, 24 Feb 2014 13:27:31 -0500, William Romero escribió: (ese html...) Hola lista tengo servidor de correos con la combinacion de PostFix , Dovecot, Sendmail , luego Horde. El sendmail no lo ubico... si ya tienes Postfix ¿para qué quieres otro MTA? ahora solo estoy usando Horde no tengo sendmail ya , esto para aplicacion web desde fuera algunos usuarios se conectan desde fuera. Resulta que ahora quieren agregar mas dominios en este mismo servidor e instale Postfix admin que por cierto funiona bien pero hay que configurar algo mas a postfix y dovecot para que lea la base de datos del mismo al crar cuentas y dominio. Bueno, claro, según el tipo de almacén de datos que uses tienes que añadir los nuevos buzones/cuentas de los usuarios para que el sistema los reconozca. instale postfixadmin me crea los buzones , incluyendo los dominios pero el tema es que hay que hacerle algo a postfix para que lea la base de datos que esta en mysql no hay otra. mi consulta es cuan es la mejor opcion para escoger para configurar y administrar las cuentas y dominios por cierto tambien la aplicacion web. ¿De qué cantidad de usuarios estamos hablando y qué tipo de almacén de datos usas (mysql, sasldb2, pam, ldap...)? postfixadmin usa mysql , la cantidad de usuarios en un domino tengo 160 , en el otro 40 , etc . tengo 5 dominios al que debo de registrar. 1. Phamm , Postfix , Horde , Spam mail ( esta estoy buscando me dicen que si funciona bien ) 2. Posfixadmin , Postfix , Dovecot, Rouncube, Spamassin ( seria bueno esto) 3. Zimbra ( es algo caro ) ayer hice una descarga . Tu pregunta es confusa ya que la gestión de las cuentas de los usuarios es independiente de las aplicaciones que uses y creo que es más importante lo segundo que lo primero, la gestion de cuentas es muy principal ya que cada domino tiene su pull de cuentas registradaz , si te refieres a que el domino es principal estas en lo cierto , pero requiero de su administracion con algun aplicativo como ya lo mencione. es decir, que no decidas los servicios que van hacerse cargo de tu sistema de correo en base a su facilidad de gestión de los buzones sino a si cubre los requisitos que buscas. es gestion lo que busco. Saludos, -- Camaleón saludos william Romero -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/bay177-w62505ac5696fb61d84d28b6...@phx.gbl
Re: Xen Qemu
El Tue, 25 Feb 2014 13:04:32 +0100, Antonio Trujillo Carmona escribió: Queria probar el estado actual de la virtualización para VDI, haseun par ^^ Olakase ;-P de años lo probe con QEMU y spice, en la actualidad creo que ha cambiado algo, Virtual BOX esta integrado en Debian y dice dar mejores rendimientor con VRDP y XEN tambien esta integrado en debian y soporta spice (xl) desde la versión 4.2 (en testing esta la 4.3). ¿Alguien sabe algo? Que recomendaría QEMU. XEN o VBOX. Sé que ahora además se llevan los contenedores (LXC). En este caso se trata de una maquina (para uso personal) pero que voy a tener un par de escritorios, quiero que se accedan en remoto y en local, pero se van a usar mas en remoto que en local y necesito alto rendimiento multimedia en remoto, incluso juegos. ¿Qué SO vas a virtualizar? No se trata de un gran sistema para una empresa con muchos servidores virtuales, posiblemnte solo tenga dos maquinas debian y W7 y van ha ser usadas en remoto desde una tablet android. (hay clientes rdp y spice disponibles. (...) Yo uso VirtualBox y funciona bien. Y si vas a usar conexiones remotas, echa un vistazo a lo que permite: Chapter 7. Remote virtual machines http://www.virtualbox.org/manual/ch07.html Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.15.19...@gmail.com
Re: Pregunta sobre iptables en debian
El día 25 de febrero de 2014, 12:05, czm.ext czm@gmail.com escribió: On 25/02/14 00:24, Maykel Franco wrote: Sé de lo que es capaz iptables y para que es. El forward, mangle, nat, redirect...Lo he usado para numerosas cosas, pero la duda no es que no sepa lo que es iptables, la duda es que creo que da lo mismo tener iptables permitiendo sólo el tráfico TCP y cerrar todo, va a ser vulnerable igual. Es decir, si cierras todo, servicio a servicio y solo dejas el web apache, iptables apagado, daría lo mismo que usar iptables, cerrar todo y sólo permitir el tráfico TCP al puerto 80. Sería igual de vulnerable en ese caso o me equivoco?? Todo esto sin contar con fail2ban, por supuesto. Gracias por las respuestas. Saludos. Si la aplicación es vulnerable y no tienes ningún filtro que neutralice la acción de forma activa o medio de detección antes de la explotación, está claro que nada podrás hacer. En este caso el uso de aplicaciones como modsecurity pueden ayudarte. Puedes usar netfilter para detectar fragmentación (como te comentaron) controlar el número de conexiones http/https, redireccionar si detectas más de x conexiones o comportamientos no humanos, redireccionar la petición o null route. De forma pasiva puedes usar netfilter y ya que hablas de fail2ban, tienes la directiva badbots (apache), puedes currarte filtros para detectar ataques por fuerza bruta para tus wordpress, joomla (si lo usas), directorios protegidos por contraseña. Filtros en OUTPUT+log. Saludos, -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c78f8.1030...@gmail.com Gracias a todos por las respuestas. Me ha quedado un pelin más claro. Saludos. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj2aoa9bb_yqbfntfye-sq0vghzypckfiufezktd40pehtn...@mail.gmail.com
Re: Cual es a mejor combinacion Server de Correos
El Tue, 25 Feb 2014 10:19:00 -0500, William Romero escribió: (...) Bueno, claro, según el tipo de almacén de datos que uses tienes que añadir los nuevos buzones/cuentas de los usuarios para que el sistema los reconozca. instale postfixadmin me crea los buzones , incluyendo los dominios pero el tema es que hay que hacerle algo a postfix para que lea la base de datos que esta en mysql no hay otra. Vale, si usas MySQL como almacén de datos para las cuentas de los usuarios tienes que: 1/ Crear la base de datos 2/ Crear la tabla mysql con la información de los usuarios y los alias 3/ Ir añadiendo los datos a la(s) tabla(s) de usuarios/alias En definitiva, si usas MySQL creo que necesitarías un gestor de bases de datos (p. ej., phpMyAdmin) para ir añadiendo usuarios de manera sencilla. mi consulta es cuan es la mejor opcion para escoger para configurar y administrar las cuentas y dominios por cierto tambien la aplicacion web. ¿De qué cantidad de usuarios estamos hablando y qué tipo de almacén de datos usas (mysql, sasldb2, pam, ldap...)? postfixadmin usa mysql , la cantidad de usuarios en un domino tengo 160 , en el otro 40 , etc . tengo 5 dominios al que debo de registrar. ¿Y qué problema tienes exactamente con Postfixadmin? ¿No te permite administrar la base de datos de usaurios (MySQL) desde ahí? :-? 1. Phamm , Postfix , Horde , Spam mail ( esta estoy buscando me dicen que si funciona bien ) 2. Posfixadmin , Postfix , Dovecot, Rouncube, Spamassin ( seria bueno esto) 3. Zimbra ( es algo caro ) ayer hice una descarga . ¿Una descarga de qué? Por cierto, yo uso Postfix, Cyrus y SA+AmavisdNew+ClamAV (sin webmail). Tu pregunta es confusa ya que la gestión de las cuentas de los usuarios es independiente de las aplicaciones que uses y creo que es más importante lo segundo que lo primero, la gestion de cuentas es muy principal ya que cada domino tiene su pull de cuentas registradaz , si te refieres a que el domino es principal estas en lo cierto , pero requiero de su administracion con algun aplicativo como ya lo mencione. Creo que no me has entendido. es decir, que no decidas los servicios que van hacerse cargo de tu sistema de correo en base a su facilidad de gestión de los buzones sino a si cubre los requisitos que buscas. es gestion lo que busco. La gestión sin control no sirve de nada. Si interpones la facilidad de uso (o de gestión) al rendimiento o capacidad de un sistema de correo u otro, tarde o temprano tendrás problemas. Lo que quiero decir es que tu servidor de correo puede funcionar sin herramientas de gestión (puedes añadir usuarios manualmente a la bdd) pero no puede funcionar si tienes caído alguno de los servicios y no sabes cómo solucionarlo porque no entiendes el funcionamiento de la aplicación. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.15.40...@gmail.com
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
El día 25 de febrero de 2014, 9:57, Juan Gomez (Txonta) juantxo...@gmail.com escribió: Hola. Aprovecho el punto que a cogido este hilo para lanzar una cuestión de novato con servidor web. ¿Como evitar usuarios spam registrados por robots? Desde la última oleada, he desactivado el registro y aun no tengo solución. Espero que tengan algun remedio, receta o consejo para mi. Por supuesto las soluciones más simples y sencillas son las más apreciadas. Muchas gracias. Juan Has secuestrado un hilo, crea uno nuevo y replantea tu consulta ya que me parece que no tiene nada que ver con debian y si con la aplicación web que estas utilizando. El 25/02/14 12:05, czm.ext escribió: On 25/02/14 00:24, Maykel Franco wrote: Sé de lo que es capaz iptables y para que es. El forward, mangle, nat, redirect...Lo he usado para numerosas cosas, pero la duda no es que no sepa lo que es iptables, la duda es que creo que da lo mismo tener iptables permitiendo sólo el tráfico TCP y cerrar todo, va a ser vulnerable igual. Es decir, si cierras todo, servicio a servicio y solo dejas el web apache, iptables apagado, daría lo mismo que usar iptables, cerrar todo y sólo permitir el tráfico TCP al puerto 80. Sería igual de vulnerable en ese caso o me equivoco?? Todo esto sin contar con fail2ban, por supuesto. Gracias por las respuestas. Saludos. Si la aplicación es vulnerable y no tienes ningún filtro que neutralice la acción de forma activa o medio de detección antes de la explotación, está claro que nada podrás hacer. En este caso el uso de aplicaciones como modsecurity pueden ayudarte. Puedes usar netfilter para detectar fragmentación (como te comentaron) controlar el número de conexiones http/https, redireccionar si detectas más de x conexiones o comportamientos no humanos, redireccionar la petición o null route. De forma pasiva puedes usar netfilter y ya que hablas de fail2ban, tienes la directiva badbots (apache), puedes currarte filtros para detectar ataques por fuerza bruta para tus wordpress, joomla (si lo usas), directorios protegidos por contraseña. Filtros en OUTPUT+log. Saludos, -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c9340.1080...@gmail.com -- usuario linux #274354 normas de la lista: http://wiki.debian.org/es/NormasLista como hacer preguntas inteligentes: http://www.sindominio.net/ayuda/preguntas-inteligentes.html -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAiZAx5T2=lcuobzwg5s8sqwpppug646vryckl4ynbyphcb...@mail.gmail.com
rdesktop y archivo.desktop
en un archivo.desktop tengo [Desktop Entry] Version=1.0 Name=NOMBRE Comment=Comentario Exec=rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO Icon=gpicview Terminal=false Type=Application y no se traga la clave, porque el % no le mola pero la instrucción desde la linea de comandos rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO funciona de coña alguna sugerencia para escapar eso ¿? (ya he probado con \, con \\, con , con ' [ufff] Saludos y gracias. -- [o - - - -- - (\ | u d t ( \_(' c c s (__(=_) s o ? -=
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
El Tue, 25 Feb 2014 13:57:36 +0100, Juan Gomez (Txonta) escribió: Hola. Aprovecho el punto que a cogido este hilo para lanzar una cuestión de novato con servidor web. Bueno, por los pelos... ¿Como evitar usuarios spam registrados por robots? ¿Lo qué? Desde la última oleada, he desactivado el registro y aun no tengo solución. Espero que tengan algun remedio, receta o consejo para mi. Por supuesto las soluciones más simples y sencillas son las más apreciadas. Si explicas un poco más lo que te preocupa y lo que has hecho, mejor :-) Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.16.26...@gmail.com
Re: rdesktop y archivo.desktop
El Tue, 25 Feb 2014 17:15:40 +0100, Mariano Cediel escribió: (ese html...) en un archivo.desktop tengo [Desktop Entry] Version=1.0 Name=NOMBRE Comment=Comentario Exec=rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO Icon=gpicview Terminal=false Type=Application y no se traga la clave, porque el % no le mola pero la instrucción desde la linea de comandos rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO funciona de coña alguna sugerencia para escapar eso ¿? (ya he probado con \, con \\, con , con ' [ufff] Hum... prueba con %%. Fuente: http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2014.02.25.16.44...@gmail.com
[OFF-TOPIC]Curso GNU/Linux Debian
Buen dia,8vo Capitulo del Curso de GNU/Linux por CLI publicado, en el cual hablaremos un poco sobre el la gestion de la interfaz de red Para Visualizar: http://servicios.sugeek.co/ventanas/capacitaciones/gnulinux.html Para Descargar: http://1drv.ms/1fp1Q7v From: ramses.sevi...@gmail.com Subject: Re: [OFF-TOPIC]Curso GNU/Linux Debian Date: Wed, 19 Feb 2014 15:51:05 +0100 To: debian-user-spanish@lists.debian.org El 19/02/2014, a las 14:21, Maykel Franco maykeldeb...@gmail.com escribió: El día 19 de febrero de 2014, 14:09, Frank Harbey Sanabria Florez franksanab...@live.com.co escribió: 7mo Capitulo del Curso de GNU/Linux por CLI publicado, en el cual hablaremos de los permisos de los archivos y directorios. Para Visualizar: http://servicios.sugeek.co/ventanas/capacitaciones/gnulinux.html From: franksanab...@live.com.co To: debian-user-spanish@lists.debian.org Subject: [OFF-TOPIC]Curso GNU/Linux Debian Date: Mon, 3 Feb 2014 14:18:37 -0500 Buen dia, Ya se encuentra Disponible el 6to Capitulo del Curso Basico de GNU Linux usando Debian Para Descargar: http://sdrv.ms/1an6K1o Para Vizualisar: http://blog.sugeek.co/2013/11/curso-basico-de-gnulinux-debian.html En este capitulo se veran la administracion de uusarios y grupos, usando el editor de texto nano. From: franksanab...@live.com.co To: debian-user-spanish@lists.debian.org Date: Tue, 14 Jan 2014 09:09:04 -0500 Subject: [U-co] [OFF-TOPIC]Capitulo 5: Curso GNU/Linux Debian Acabo de Subir el 5to Capitulo del Curso de GNU/Linux con Debian, en el cual se hablara un poco de los Directorios. Para Descargar: http://sdrv.ms/1an6K1o Para Vizualisar: http://blog.sugeek.co/2013/11/curso-basico-de-gnulinux-debian.html FRANK HARBEY SANABRIA FLOREZTecnologo en Telecomunicaciones y Sistemas Bogota - Colombia@franksanabria sugeek.co -- Al escribir recuerde observar la etiqueta (normas) de esta lista: http://goo.gl/Pu0ke Para cambiar su inscripción, vaya a Cambio de opciones en http://goo.gl/Nevnx -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/bay175-w236331fbed124b70f40e62f4...@phx.gbl Están muy bien los cursos muchas gracias. Sólo una sugerencia que ya te la hicieron, creo que Camaleón, podrías meter todos las partes del tutorial en el mismo hilo así nos es más fácil a mí y a todos encontrar las partes... Y si pusieras todos los links de descarga de los vídeos, ya sería lo más... Saludos, y gracias por tus aportes, Ramses -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20b33539-7a8e-4b5e-a44d-d0ee55dda...@gmail.com
Re: rdesktop y archivo.desktop
2014-02-25 17:44 GMT+01:00 Camaleón noela...@gmail.com: El Tue, 25 Feb 2014 17:15:40 +0100, Mariano Cediel escribió: (ese html...) en un archivo.desktop tengo [Desktop Entry] Version=1.0 Name=NOMBRE Comment=Comentario Exec=rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO Icon=gpicview Terminal=false Type=Application y no se traga la clave, porque el % no le mola pero la instrucción desde la linea de comandos rdesktop -f -a 24 -u USUARIO -pPOLLO%pepito MAQUINA_DESTINO funciona de coña alguna sugerencia para escapar eso ¿? (ya he probado con \, con \\, con , con ' [ufff] Hum... prueba con %%. Fuente: http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables El bingo el correcto Gracias. -- [o - - - -- - (\ | u d t ( \_(' c c s (__(=_) s o ? -= -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cab-01r5mlqlqqa-ttsukrzhiijemoxg-xd7o99mdj6xfh1f...@mail.gmail.com
Re: [OFF-TOPIC]Curso GNU/Linux Debian
El 25/02/14 17:56, Frank Harbey Sanabria Florez escribió: El HTML...anda... Buen dia,8vo Capitulo del Curso de GNU/Linux por CLI publicado, en el cual hablaremos un poco sobre el la gestion de la interfaz de red Para Visualizar: http://servicios.sugeek.co/ventanas/capacitaciones/gnulinux.html Para Descargar: http://1drv.ms/1fp1Q7v OK. -- Saludos de Santiago José López Borrazás. signature.asc Description: OpenPGP digital signature
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
Hola y gracias por su interés. He aprovechado este hilo porque estabais hablando de algo que me está interesando especialmente: el uso de iptables (si pudiera ser una solución para mi ¿?) y por ejemplo para limitar consultas, evitar robots etc; extremos que se habían señalado expresamente .. aunque si no lo he entendido bien me lo dicen. No lo he nombrado OT porque -creo- que es un poco seguir el mismo tema reorientandolo y el anterior tema no llevaba OT. Por eso también le he dado otro nombre. Para evitar el posible secuestro. Si he secuestrado el hilo, y se puede solucionar explíquenmelo y lo arreglo. Así pues disculpen mi torpeza y paso a explicarme mas extensamente. El 25/02/14 17:26, Camaleón escribió: El Tue, 25 Feb 2014 13:57:36 +0100, Juan Gomez (Txonta) escribió: Hola. Aprovecho el punto que a cogido este hilo para lanzar una cuestión de novato con servidor web. Bueno, por los pelos... ¿Como evitar usuarios spam registrados por robots? ¿Lo qué? Tengo una web que estaba padeciendo una ola de registros -fraudulentos- por robots, es decir de modo automatizado (sobre 100 diarios). Esto a pesar que tengo deshabilitado el autoregistro y la 1ª password se enviaba via email. El robot conseguía tras sus intentos baldios añadir usuarios y después insertar spam en los perfiles. Desde la última oleada, he desactivado el registro y aun no tengo solución. Espero que tengan algun remedio, receta o consejo para mi. Por supuesto las soluciones más simples y sencillas son las más apreciadas. Si explicas un poco más lo que te preocupa y lo que has hecho, mejor :-) Lo que he hecho a sido lo mas bruto y radical del mundo, no es posible registrar usuarios nuevos, mas que por el administrador; y esto claro no es una solución. A raiz de los comentarios y la discusión del hilo original deduje que se podría manejar a estos bichos (robots) y acaso mantenerlos inoperantes. Esa es la cuestión. ¿Que les parece? Cualquier dato adicional de mi problema que sea conveniente añadir me lo dicen. Mi cms es plone, pero creo que es un problema que afecta a todos. Saludos, Saludos y gracias. Juan Txonta -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530cf279.5000...@gmail.com
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
On Tue, 25 Feb 2014 20:43:53 +0100 Juan Gomez (Txonta) juantxo...@gmail.com wrote: Lo que debes ir viendo es el log continuamente. Para ver los reintentos de IP que quieren registrarse. Localizando los botbad (robots malos) es simple con iptables. Aquí tienes un ejemplo http://blog.mamalibre.com.ar/post/firewall-con-iptables solo baneas esas IP y ya. Saludos -- Servicios:. http://mamalibre.com.ar/servicios.php MamaLibre, Casa en Lincoln, Ituzaingo 1085 CP6070, Buenos Aires, Argentina pgpDNJ2cNcvU_.pgp Description: PGP signature
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
El 25/02/2014 03:43 p.m., Juan Gomez (Txonta) escribió: No lo he nombrado OT porque -creo- que es un poco seguir el mismo tema reorientandolo y el anterior tema no llevaba OT. No...pero estas secuestrando el hilo, si quieres hablar de un tema aunque este relacionado con otro, simplemente crea uno nuevo y deja el otro hilo tranquilo, asi no se cruza la conversación. -- Dios en su Cielo, todo bien en la Tierra -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530cfac0.2060...@gmail.com
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
On 02/25/14 19:43, Juan Gomez (Txonta) wrote: Hola y gracias por su interés. He aprovechado este hilo porque estabais hablando de algo que me está interesando especialmente: el uso de iptables (si pudiera ser una solución para mi ¿?) y por ejemplo para limitar consultas, evitar robots etc; extremos que se habían señalado expresamente .. aunque si no lo he entendido bien me lo dicen. No lo he nombrado OT porque -creo- que es un poco seguir el mismo tema reorientandolo y el anterior tema no llevaba OT. Por eso también le he dado otro nombre. Para evitar el posible secuestro. Si he secuestrado el hilo, y se puede solucionar explíquenmelo y lo arreglo. Así pues disculpen mi torpeza y paso a explicarme mas extensamente. Vamos a ver. Varias cosas: a) No hagas top-posting (esto te lo dirán otros a parte de mí) b) No secuestres un hilo (esto te lo dirán otros a parte de mí) c) ¿Tu tienes claro lo que es un firewall? Para hacerlo en sentido llano: un firewall perimetral (porque el interno es otro tema) es como si fuese la puerta de tu casa que da a la calles. Tú lo que quieres controlar lo tienes que hacer instalando una alarma, es decir: tienes que instalar productos/componentes específicos para lo que quieres hacer. O sea que sí: ya te puedes ir explicando de la forma más concienzuda que sepas. Saludos. -- Carlos L.M. carlopmart {at} gmail {dot} com -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d0bfe.9080...@gmail.com
Poner a funcionar el Scanner de una Canon imageRunner 1023
Hola lista. Un amigo necesita le ponga a funcionar su impresora Canon imageRunner 1023 en su Debian 6. La impresora como tal tiene algunos problemas mecánicos para la impresión, de rodillos defectuosos. Él lo que quiere es que le funcione el scanner. Desde CUPS 1.4.4 conozco que existen los drivers de esa impresora. Mi duda está en que si al instalar los drivers de la Canon imageRunner 1023, ¿es suficiente para que funcione el scanner o hay que instalar algún otro paquete adicional?. Quisiera me expliquen detalladamente qué tengo que hacer. NO TENGO INTERNET. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/50800.10.0.1.2.1393358216.squir...@www.correo.pinarte.cult.cu
Re: Poner a funcionar el Scanner de una Canon imageRunner 1023
El 25/02/14 20:56, acade...@pinarte.cult.cu escribió: Mi duda está en que si al instalar los drivers de la Canon imageRunner 1023, ¿es suficiente para que funcione el scanner o hay que instalar algún otro paquete adicional?. Quisiera me expliquen detalladamente qué tengo que hacer. NO TENGO INTERNET. Deberás instalar el programa saned, entre otras. Además, deberás poner, si te lo detecta con sane-find-scanner, si te aparece del mismo, una regla en jdev, para luego hacerle saber al scanner, tener como usuario para permitirlo, porque de hecho, va a funcionar directamente como root, no como usuario. Por ello (un ejemplo): found USB scanner (vendor=0x04a9 [Canon,Inc.], product=0x269d [iR1018/1022/1023]) at libusb:002:002 Deberás poner como sigue: BUS==usb, SYSFS{product}==269d, MODE=664, GROUP=scanner Puedes comprobar en /proc/usb/devices para escáners USB. Si necesitas alguna cosa, me lo dices, y te digo el cómo. No es difícil. Yo tengo un scanner y, a mí, me detecta de otra manera, pero le tengo puesto una regla buena y me detecta bien. ;) -- Saludos de Santiago José López Borrazás. signature.asc Description: OpenPGP digital signature
[OT] Proxy HTTPS transparente
Buenas noches, Llevo algún tiempo peleándome con Squid para que trabaje de forma transparente con el tráfico HTTP y HTTPS. He compilado, con soporte SSL, tanto el paquete squid3 de Debian como la última versión de Squid con el mismo resultado. Estoy utilizando un certificado auto-firmado generado con OpenSSL y aunque recibo la advertencia de seguridad en el navegador, puedo acceder al contenido. El problema viene al utilizar el navegador Chrome y acceder a ciertas páginas como google o paypal (imagino que habrá muchas más) que muestran la siguiente información técnica: www.google.es le ha pedido a Chrome que bloquee los certificados que contengan errores, pero el certificado que ha recibido Chrome durante este intento de conexión contiene un error. Tipo de error: HSTS failure Destinatario: www.miweb.es Emisor: www.miweb.es Hashes de clave pública: sha1//56eU2r1eF2ylEej7cDkTo0SbBk= sha256/uoXtr1FR/avDhIbWRaqKcgpVL6kV4Yvqb+EveDoSqzc= Desde Firefox no tengo problemas tras confirmar la advertencia de seguridad con ninguna página HTTPS pero a la hora de utilizar Chrome hay ciertas páginas que no quiere. En Squid, para el tráfico HTTPS estoy utilizando https_port y ssl-bump junto con alguna acl para manejar errores y de momento es lo mejor que he encontrado salvo el problema con Chrome. Si no es indiscreción... ¿Cómo gestionan/manejan/filtran las conexiones HTTPS? Gracias y un saludo. Fernando. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d3d59.30...@gmail.com
Re: Evitar usuarios spam por robots era Re: Pregunta sobre iptables en debian
On 02/25/2014 11:43 AM, Juan Gomez (Txonta) wrote: Hola y gracias por su interés. He aprovechado este hilo porque estabais hablando de algo que me está interesando especialmente: el uso de iptables (si pudiera ser una solución para mi ¿?) y por ejemplo para limitar consultas, evitar robots etc; extremos que se habían señalado expresamente .. aunque si no lo he entendido bien me lo dicen. No lo he nombrado OT porque -creo- que es un poco seguir el mismo tema reorientandolo y el anterior tema no llevaba OT. Por eso también le he dado otro nombre. Para evitar el posible secuestro. Si he secuestrado el hilo, y se puede solucionar explíquenmelo y lo arreglo. Así pues disculpen mi torpeza y paso a explicarme mas extensamente. Quiere decir: que si agarras a Juan, te lo llevas, le tapas los ojos y le decis Pedro; deja de ser un secuestro? Ademas, le cambias el nombre al hilo; que acaso es tuyo el primer mensaje, eso se llama abuso! Crea tu propio mensaje y explica alli! signature.asc Description: OpenPGP digital signature
Re: [OT] Telia ADSL och SSH
Jag har Tyfons ADSL och ett parallellkopplat jack. När jag lyfter luren vid det jack där ADSL-modet/min server är ansluten bryts internet. Går det att koppla så att telefoni och internet fungerar samtidigt? Hur gör man en korrekt kabeldragning? Då har du kopplat fel. Kolla http://www.telia.se/privat/support/bredbandviatelejacket/kopplainbbviatelejacket Du måste ha ADSL-modemet kopplat före alla andra telefoner. Det innebär att splittern (filterburken) måste sitta i det första jacket på inkommande teleledning. Dessutom måste du koppla så att alla telefoner sitter kopplade _bara_ på splitterns telefon-utgång. /jens == Jens Andersson ja...@barbanet.com VHF: SC8895 MMSI:265586130 PGP finger print: BD36 399B 2594 74DA EFAB B72C B655 55D1 -- To UNSUBSCRIBE, email to debian-user-swedish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/d66f86454fd89957a353905035dde56e.squir...@mail.barbanet.com
Re: [OT] Telia ADSL och SSH
Hej Jens! Tack! Bra beskrivning på Telias hemsida, nu ska jag göra om kopplingen (som gjorts av en elektriker) så jag slipper detta. Mvh Thomas Den 25 februari 2014 09:51 skrev Jens Andersson ja...@barbanet.com: Jag har Tyfons ADSL och ett parallellkopplat jack. När jag lyfter luren vid det jack där ADSL-modet/min server är ansluten bryts internet. Går det att koppla så att telefoni och internet fungerar samtidigt? Hur gör man en korrekt kabeldragning? Då har du kopplat fel. Kolla http://www.telia.se/privat/support/bredbandviatelejacket/kopplainbbviatelejacket Du måste ha ADSL-modemet kopplat före alla andra telefoner. Det innebär att splittern (filterburken) måste sitta i det första jacket på inkommande teleledning. Dessutom måste du koppla så att alla telefoner sitter kopplade _bara_ på splitterns telefon-utgång. /jens == Jens Andersson ja...@barbanet.com VHF: SC8895 MMSI:265586130 PGP finger print: BD36 399B 2594 74DA EFAB B72C B655 55D1 -- __ *Thomas Dahlén* mobil: +46 70 710 64 54
kryptering av diskar
Hej Alla! Nu är jag frågvis igen... Om man läser på om TrueCrypt (http://www.truecrypt.org/) verkar allt rosenskimrande. Förmodligen är det ett utmärkt alternativ om man vill kryptera hela diskar eller delar därav. Men, nu verkar vi linuxianer av någon anledning föredra dm-crypt antingen i skepnaden av LUKS, cryptsetup eller cryptmount. Själv har jag använt GPG och encfs till stor belåtenhet men inser att där finns vissa svagheter, som tex att det är trivialt att konstatera att jag har krypterade filer på mina hårddiskar. Nu är det dags att fixa till en av mina servrar (och några USB-diskar) till något som helst inte skvallrar om vad det är jag har krypterat och helst ser ut som om det är en rensad disk. Vad föreslår prenumeranterna? Vad har fungerat bra för er? Enkelt? Krångligt? Best practice? /Janne -- To UNSUBSCRIBE, email to debian-user-swedish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225185016.21ce4602@igor
Re: kryptering av diskar
2014-02-25 18:50, j...@lillahusetiskogen.se skrev: Hej Alla! Nu är jag frågvis igen... Om man läser på om TrueCrypt (http://www.truecrypt.org/) verkar allt rosenskimrande. Förmodligen är det ett utmärkt alternativ om man vill kryptera hela diskar eller delar därav. Men, nu verkar vi linuxianer av någon anledning föredra dm-crypt antingen i skepnaden av LUKS, cryptsetup eller cryptmount. Själv har jag använt GPG och encfs till stor belåtenhet men inser att där finns vissa svagheter, som tex att det är trivialt att konstatera att jag har krypterade filer på mina hårddiskar. Nu är det dags att fixa till en av mina servrar (och några USB-diskar) till något som helst inte skvallrar om vad det är jag har krypterat och helst ser ut som om det är en rensad disk. Vad föreslår prenumeranterna? Vad har fungerat bra för er? Enkelt? Krångligt? Best practice? /Janne encfs tillsammans med crypkeeper eller Gnome Encfs Manager (som fungerar bättre med Unity, som jag idag föredrar) är IMHO trevliga och bekväma alternativ för att kryptera en katalog. Speciellt bra är tekniken när man synkroniserar katalogen, t ex via någon publik molntjänst eller med rsync då varje fil är representerad separat (dock med krypterat namn och innehåll). Synkningen behöver bara agera på ändrade filer. Vill du inte bara kryptera dina filer utan även gömma dem eller låta dem se ut som något annat så är det steganografimetoder du är ute efter. t ex steghide eller bara en cat http://www.unixmen.com/steganography-in-ubuntu-hide-your-files-inside-an-image/ Googla på encfs och steganography så får du förslag på hur du kan gömma ett krypterat filsystem. Har du stora mängder data som skall gömmas blir det svårare eftersom dina data måste se ut och någorlunda fungera som en annan stor mängd data. Du kan iofs alltid göra en swap-partition (som du låter bli att använda). Göra steghide på en binär i /var/lib/mysql-katalogen, döpa en terabytestor partition till skräp eller liknande. Men den som letar kommer alltid kunna hitta dina gömda filer och då hänger det på krypteringen igen. GPG är ett utmärkt verktyg när du vill kryptera något med asynkrona nycklar, dvs kryptera en fil som bara en viss mottagare kan packa upp utan att behöva utbyta någon hemlighet. Sätter du ett lösenord på pdf-fil, delar en encfs-katalog med någon, så måste du även meddela lösenordet på något vis till mottagaren (synkrona kryptosystem). /Anders W -- To UNSUBSCRIBE, email to debian-user-swedish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d0af7.8030...@kreawit.se
Re: Ajuda com tomcar
E o que você alterou no script ? Compartilhe Em 24 de fevereiro de 2014 21:21, Leandro Moreira lean...@leandromoreira.eti.br escreveu: Rodolfo, Troquei a porta para 80 quando subia como root todo OK, mas ao subir como tomcat ele subia mas não abria a porta. Consegui resolve o problema no scritp de inicialização. Orbigado pela atenção. Att. Em 24 de fevereiro de 2014 09:04, Rodolfo rof20...@gmail.com escreveu: Já tentou acessar sua máquina nesse endereço ? localhost:8080 ? Em 23 de fevereiro de 2014 22:20, Leandro Moreira lean...@leandromoreira.eti.br escreveu: Prezados, boa noite! Tenho um tomcat instalado e configurado, preciso agora colocar o serviço do tomcat com o usuário do tomcat. Já criei o grupo, usuários dei as devidas permissões na pasta do tomcat e no script de inicialização do tomcat. Consigo subir o serviço com o usuário tomcat mas pela saída do netstat ele não abre a porta. Não encontrei nada de incomun nos logs tanto do servidor quanto do tomcat Sei que é uma lista do debian, mas estou realizando essa configuração no red hat, mas acredito que não seja muito diferente a configuração. segue abaixo a saídas dos comandos de starte e o os com serviço no ar: sh-4.1$ service tomcat start Using CATALINA_BASE: /usr/local/apache-tomcat-7.0.52 Using CATALINA_HOME: /usr/local/apache-tomcat-7.0.52 Using CATALINA_TMPDIR: /usr/local/apache-tomcat-7.0.52/temp Using JRE_HOME:/usr/java/jdk1.7.0_51 Using CLASSPATH: /usr/local/apache-tomcat-7.0.52/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.52/bin/tomcat-juli.jar Tomcat started. sh-4.1$ !ps ps -aux | grep tomcat Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ root 2198 0.0 0.2 161432 1972 pts/0S22:34 0:00 su tomcat tomcat2199 0.0 0.1 108332 1744 pts/0S22:34 0:00 sh tomcat3040 83.0 6.9 945832 61152 pts/0Sl 23:18 0:02 /usr/java/jdk1.7.0_51/bin/java -Djava.util.logging.config.file=/usr/local/apache-tomcat-7.0.52/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/apache-tomcat-7.0.52/endorsed -classpath /usr/local/apache-tomcat-7.0.52/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.52/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/apache-tomcat-7.0.52 -Dcatalina.home=/usr/local/apache-tomcat-7.0.52 -Djava.io.tmpdir=/usr/local/apache-tomcat-7.0.52/temp org.apache.catalina.startup.Bootstrap start tomcat3053 0.0 0.1 110232 1144 pts/0R+ 23:18 0:00 ps -aux tomcat3054 0.0 0.0 103240 840 pts/0S+ 23:18 0:00 grep tomcat Att. -- Leandro Moreira Network Administrator LPIC1 - Linux Professional Institute Certified e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713 -- Leandro Moreira Network Administrator LPIC1 - Linux Professional Institute Certified e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713
Re: Ajuda com tomcar
*Mude as permissões recursivamente* chmor -R tomcat. $CATALINA_HOME Instalou ele pelo apt-get? Faça download do tomcat no apache ( http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.52/bin/apache-tomcat-7.0.52.zip) e descompacte no diretório /opt *Configurar as variávies do ambiente* export JRE_HOME=/usr/java/jdk1.7.0_51 export CATALINA_HOME=/opt/apache-tomcat-7.0.52 *Mude as permissões recursivamente* chmor -R tomcat. /opt/apache-tomcat-7.0.52 *Execute o comando para subir como o tomcat* su - tomcat -c sh $CATALINA_HOME/bin/startup.sh Veja se funciona! Att, Antonio Novaes de C. Jr Analista TIC - Sistema e Infraestrutura Pós-graduando em Segurança de Rede de Computadores LPIC-1 - Linux Certified Professional Level 1 Novell Certified Linux Administrator (CLA) ID Linux: 481126 | LPI000255169 LinkedIN: Perfil Públicohttp://www.linkedin.com/pub/antonio-novaes/50/608/138 Em 25 de fevereiro de 2014 08:50, Rodolfo rof20...@gmail.com escreveu: E o que você alterou no script ? Compartilhe Em 24 de fevereiro de 2014 21:21, Leandro Moreira lean...@leandromoreira.eti.br escreveu: Rodolfo, Troquei a porta para 80 quando subia como root todo OK, mas ao subir como tomcat ele subia mas não abria a porta. Consegui resolve o problema no scritp de inicialização. Orbigado pela atenção. Att. Em 24 de fevereiro de 2014 09:04, Rodolfo rof20...@gmail.com escreveu: Já tentou acessar sua máquina nesse endereço ? localhost:8080 ? Em 23 de fevereiro de 2014 22:20, Leandro Moreira lean...@leandromoreira.eti.br escreveu: Prezados, boa noite! Tenho um tomcat instalado e configurado, preciso agora colocar o serviço do tomcat com o usuário do tomcat. Já criei o grupo, usuários dei as devidas permissões na pasta do tomcat e no script de inicialização do tomcat. Consigo subir o serviço com o usuário tomcat mas pela saída do netstat ele não abre a porta. Não encontrei nada de incomun nos logs tanto do servidor quanto do tomcat Sei que é uma lista do debian, mas estou realizando essa configuração no red hat, mas acredito que não seja muito diferente a configuração. segue abaixo a saídas dos comandos de starte e o os com serviço no ar: sh-4.1$ service tomcat start Using CATALINA_BASE: /usr/local/apache-tomcat-7.0.52 Using CATALINA_HOME: /usr/local/apache-tomcat-7.0.52 Using CATALINA_TMPDIR: /usr/local/apache-tomcat-7.0.52/temp Using JRE_HOME:/usr/java/jdk1.7.0_51 Using CLASSPATH: /usr/local/apache-tomcat-7.0.52/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.52/bin/tomcat-juli.jar Tomcat started. sh-4.1$ !ps ps -aux | grep tomcat Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ root 2198 0.0 0.2 161432 1972 pts/0S22:34 0:00 su tomcat tomcat2199 0.0 0.1 108332 1744 pts/0S22:34 0:00 sh tomcat3040 83.0 6.9 945832 61152 pts/0Sl 23:18 0:02 /usr/java/jdk1.7.0_51/bin/java -Djava.util.logging.config.file=/usr/local/apache-tomcat-7.0.52/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/apache-tomcat-7.0.52/endorsed -classpath /usr/local/apache-tomcat-7.0.52/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.52/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/apache-tomcat-7.0.52 -Dcatalina.home=/usr/local/apache-tomcat-7.0.52 -Djava.io.tmpdir=/usr/local/apache-tomcat-7.0.52/temp org.apache.catalina.startup.Bootstrap start tomcat3053 0.0 0.1 110232 1144 pts/0R+ 23:18 0:00 ps -aux tomcat3054 0.0 0.0 103240 840 pts/0S+ 23:18 0:00 grep tomcat Att. -- Leandro Moreira Network Administrator LPIC1 - Linux Professional Institute Certified e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713 -- Leandro Moreira Network Administrator LPIC1 - Linux Professional Institute Certified e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713
[i3]Colors and transparency problems with rxvt-unicode-color
Hi, If I start a new urxvt terminal using the command, urxvt -name Terminal -fn xft:Monospace:pixelsize=11 -fade 20 +sb -depth 32 -fg white -bg rgba:2000/2000/2000/ urxvt starts just the way I like it. But if I put this in ~/.Xresources, it would never work: Urxvt*background: rgba:2000/2000/2000/ Here is my full ~/.Xresources URxvt.keysym.Shift-Control-V: perl:clipboard:paste URxvt.iso14755: False URxvt.perl-ext-common: default,clipboard !## !# Xft settings !## Xft.dpi: 96 Xft.antialias: true Xft.rgba: rgb Xft.hinting: true Xft.hintstyle: hintslight Xcursor.theme: Pulse-Glass Compile xft: Attempt to find a visual with the given bit depth; option -depth. URxvt*depth: 32 Urxvt*background: rgba:2000/2000/2000/ Urxvt*transparent: false Urxvt*fading: 2% Urxvt*shading: 75 ! Compile xft: Turn on/off double-buffering for xft (default enabled). On some card/driver combination enabling it slightly decreases performance, on most it greatly helps it. The slowdown is small, so it URxvt*buffered: true ! Base16 Tomorrow ! Scheme: Chris Kempson (http://chriskempson.com) #define base00 #1d1f21 #define base01 #282a2e #define base02 #373b41 #define base03 #969896 #define base04 #b4b7b4 #define base05 #c5c8c6 #define base06 #e0e0e0 #define base07 #ff #define base08 #cc #define base09 #de935f #define base0A #f0c674 #define base0B #b5bd68 #define base0C #8abeb7 #define base0D #81a2be #define base0E #b294bb #define base0F #a3685a *.foreground: base05 !*.background: base00 *.cursorColor: base05 *.color0: base00 *.color1: base08 *.color2: base0B *.color3: base0A *.color4: base0D *.color5: base0E *.color6: base0C *.color7: base05 *.color8: base03 *.color9: base09 *.color10: base01 *.color11: base02 *.color12: base04 *.color13: base06 *.color14: base0F *.color15: base07 !###Font Settings URxvt*font: xft:Inconsolata:pixelsize=15 URxvt*boldFont: xft:Inconsolata:bold:pixelsize=15 URxvt*letterSpace: -1 ALso from base16 colorscheme palate the background is given as #1d1f21 and I have commented it out to prevent clashing it with Urxvt*background option which is given in rgba format. I would love if someone can convert the hex value into a working rgba format as required for this configuration file? 2) I also feel that only 2-3 colors are shown in the shell. But when I use weechat-curses all colors are shown. But linux command like ls and grep won't give me any colors. 'tput setaf' wont output anything. Here is something I found in my .bashrc # set a fancy prompt (non-color, unless we know we want color) case $TERM in xterm-color) color_prompt=yes;; esac Now I have installed both xfce terminal and xterm. Any inputs would be greatly appreciated! -- Regards, Anubhav Yadav Imperial College of Engineering and Research, Pune. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca+jf9agcdmyu50735y0fmow9ik297tcb_g570t8mrvvske-...@mail.gmail.com
Re: Re: Suspend leads to black screen without sleep [Dell Latitude E6440]
Thanks guys for your suggestions. I have tried kernel 3.12 and then the recently released 3.13 in sid without any luck. The thing is that, from time to time, suspend works (maybe 1 out of 15 attempts) for whatever reasons.
fancontrol wheezy Dell T7610
Hi, I recently bought a workstation to do calculations. It has two Xeon processors with 16 cores and 32 threads in total. I realized that the temperature gets very high on high load typically 80C. That is way too much. Then I changed the fan speed in the bios from auto to high. Now temperatures are reasonable 45C, but it is very noise and it never stops (even with no load) I have to reboot the computer to change the fan speed.. I would like to use fancontrol but I get: /usr/sbin/pwmconfig: There are no pwm-capable sensor modules installed It seems that lm-sensors do not read properly the fan. I get: Adapter: ISA adapter Physical id 0: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 0: +38.0°C (high = +79.0°C, crit = +89.0°C) Core 1: +37.0°C (high = +79.0°C, crit = +89.0°C) Core 2: +40.0°C (high = +79.0°C, crit = +89.0°C) Core 3: +38.0°C (high = +79.0°C, crit = +89.0°C) Core 4: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 5: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 6: +41.0°C (high = +79.0°C, crit = +89.0°C) Core 7: +38.0°C (high = +79.0°C, crit = +89.0°C) coretemp-isa-0001 Adapter: ISA adapter Physical id 1: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 0: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 1: +40.0°C (high = +79.0°C, crit = +89.0°C) Core 2: +42.0°C (high = +79.0°C, crit = +89.0°C) Core 3: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 4: +44.0°C (high = +79.0°C, crit = +89.0°C) Core 5: +40.0°C (high = +79.0°C, crit = +89.0°C) Core 6: +42.0°C (high = +79.0°C, crit = +89.0°C) Core 7: +45.0°C (high = +79.0°C, crit = +89.0°C) I edited /etc/default/grub and added GRUB_CMDLINE_LINUX_DEFAULT=quiet acpi_enforce_resources=lax as suggested in http://hydra.geht.net/tino/howto/linux/fixes/w83627hf/ But no success. I checked /proc/cmdline and the option acpi_enforce_resources=lax has been taken by the kernel. Any idea or suggestion? Thanks a lot, Dan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAK00fOK7s7ND+Sqo=Ojq2c=oY-=NG6c01HYSrF3W4c=ix2m...@mail.gmail.com
Re: Am I paranoid?
By the way, do not have sshd installed (and there is no /usr/sbin/sshd). I mentioned sshd as an example. There are plenty of ways to do remote connection to the host (telnet, VNC, XDMCP), all of them can be used for the root access. Just to be on a safe side, scan your host with 'nmap -sT -sU 1-65535' for both ipv4 and ipv6. Consider blocking everything unneeded with iptables. Great! This thread starts to look like a small tutorial on useful commands! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lehq34$1hn$1...@ger.gmane.org
Re: Am I paranoid?
Please note the difference between *are/is* installed, and *were* installed. I would expect dpkg -S to fail if those packages had been wrongly removed (corrupting dpkg database) but the pam and man files are extremely unlikely to be the result of malware. The OP never responded to my query about the other files that would have been installed - or checked the installation history with dpkg --get-selections (it won't show if purge was run, but then, those files would likely not be left). Sorry I didn't follow up on this one... What info did you requested? How can I check if the package was installed (but is there no more)? I believe that dpkg --get-selections shows only available packages. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lehq9k$44g$1...@ger.gmane.org
Re: Am I paranoid?
Hi On Tue, Feb 25, 2014 at 11:17:12AM +0100, ha wrote: Please note the difference between *are/is* installed, and *were* installed. I would expect dpkg -S to fail if those packages had been wrongly removed (corrupting dpkg database) but the pam and man files are extremely unlikely to be the result of malware. The OP never responded to my query about the other files that would have been installed - or checked the installation history with dpkg --get-selections (it won't show if purge was run, but then, those files would likely not be left). Sorry I didn't follow up on this one... What info did you requested? How can I check if the package was installed (but is there no more)? I believe that dpkg --get-selections shows only available packages. If the package was *purged* I don't think it should be different that never-installed-in-the-first-place. (If I'm wrong, somebody shout!) However, if it was installed and then removed, then the configuration files should remain, and dpkg --status $packagename would report: Status: deinstall ok config-files For the uninitiated: Removing a debian package will not remove the configuration files. Which is a brilliant if you subsequently re-install the package. To also remove configuration files, you need to *purge* the package. Since configuration files are usually very small, most people are not too bothered about the difference. However Neither seems to match the situation of the original poster - (s?)he seems to have both a binary *and* a configuration file... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225102726.GB13544@hawking
Re: Am I paranoid?
My guess is that this situation is the result of invoking: dpkg -X *deb / or, simply unpacking a tarball into /. But your guess is as good as mine. The only package I installed via dpkg was youtube-dl, as I couldn't get it by invoking apt-get install (and I still can't). I downloaded it from the browser, and true, I did not verified the package (is there a common way to do that?) Yet, there is another thing - OP claims that he didn't install anything like this. Reco I prefer Virtualbox and QEMU over VMware, and on this machine I had no need to install virtual machine at all - yet. However, I used pip to install virtualenv as suggested by one python package. Perhaps virtualenv uses some VM package? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lehr6d$fhn$1...@ger.gmane.org
Re: Am I paranoid?
I'd hate to hold anyone responsible for their memory - AFAIK no one can remember what they don't remember (this is why we take notes and run script) - I can only assume their memory is complete. With other areas a guess/instinct may be good enough - with security I prefer proof. Even if they didn't specifically install open-vm-tools it could well have been a dependency Great point. It made me laugh. :-) Hopefully I will embrace part of that knowledge and way of life with time. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lehrl1$kcj$1...@ger.gmane.org
Re: Am I paranoid?
Looking at those files makes me think of a possible installation error: that one or more partitions on the old install were used and mounted without reformatting for the new install. Is there a timestamp check that could be performed (install time/date for the file, rather than the datetime that ls -l shows? Could be. After I removed Windows I had several attempts to boot into Debian as the GPT gave me some headache. It is possible that I made a mistake and did not format the partition every time. How could I do this timestap check you mentioned? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lehrsu$n7i$1...@ger.gmane.org
Re: Am I paranoid?
On 25/02/14 21:40, ha wrote: I'd hate to hold anyone responsible for their memory - AFAIK no one can remember what they don't remember (this is why we take notes and run script) - I can only assume their memory is complete. With other areas a guess/instinct may be good enough - with security I prefer proof. Even if they didn't specifically install open-vm-tools it could well have been a dependency Great point. At my age I need all the help with memory I can get. It made me laugh. :-) Hopefully I will embrace part of that knowledge and way of life with time. With time it'll make you cry. :/ Tattooing feet Left and Right - socks *then* shoes, nose points to toes - head is on straight helps. Labels on clothing can work both ways - unless your name is Kelvin Klein Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c7c39.6080...@gmail.com
Re: 3.13 Kernel
When the 3.13.0 was out, some problems with filesystems seems to get in[0]. But in general I don't see any improvement, I run VMs and heavy things and it still seems as long as usual :) So it might be a very subjective impression ;) If you want, you should make some benchmarks to get more formal results. Run a database, 3D rendering, filesystemcpu stress and so on… [0] http://www.phoronix.com/scan.php?page=articleitem=linux_313ssd_filesystemsnum=1 On 25/02/2014 08:38, David Baron wrote: Is it just my very subjective impression or are these significantly faster than 3.12?? signature.asc Description: OpenPGP digital signature
Re: [i3]Colors and transparency problems with rxvt-unicode-color
On Tue, Feb 25, 2014 at 02:32:29PM +0530, Anubhav Yadav wrote: Hi, If I start a new urxvt terminal using the command, urxvt -name Terminal -fn xft:Monospace:pixelsize=11 -fade 20 +sb -depth 32 -fg white -bg rgba:2000/2000/2000/ urxvt starts just the way I like it. But if I put this in ~/.Xresources, it would never work: Urxvt*background: rgba:2000/2000/2000/ I use URxvt*background: [95]#00, which applies a 95% transparency to black. That might be useful to you. [cut] 2) I also feel that only 2-3 colors are shown in the shell. But when I use weechat-curses all colors are shown. But linux command like ls and grep won't give me any colors. Just a thought, do you need to say ls --color=auto? The dircolors should, I believe, already be set up nicely. 'tput setaf' wont output anything. Here is something I found in my .bashrc # set a fancy prompt (non-color, unless we know we want color) case $TERM in xterm-color) color_prompt=yes;; esac Note that RXVT isn't XTerm. You'll probably find that your $TERM is 'rxvt-unicode-256color'. Now I have installed both xfce terminal and xterm. Any inputs would be greatly appreciated! -- Regards, Anubhav Yadav Imperial College of Engineering and Research, Pune. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca+jf9agcdmyu50735y0fmow9ik297tcb_g570t8mrvvske-...@mail.gmail.com signature.asc Description: Digital signature
Re: cron.daily logrotate beating up my server
On Mon, Feb 24, 2014 at 11:15:19PM +0200, Andrei POPESCU wrote: On Lu, 24 feb 14, 15:06:48, Tazman Deville wrote: On Mon, Feb 24, 2014 at 01:57:02PM +0100, Tazman Deville wrote: I have a little server running here in my office, and logrotate kept running at c. 7am, and using up 100% CPU. I changed the line in /etc/crontab to run cron.daily scripts at 4:15am, instead of 7:whateveritwas am. 15 4 * * * Also, in cron.daily/logrotate I added nice -n 15 I made these changes two days ago, and still, yesterday and today, logrotate is running at 7:30ami-ish, and using up almost 100% of CPU cycles. The server is an old refurbed eMachines box, 3.2ghz single core celeron with 2gb ram (was my work box from 2007 to 2011), and logrotate is beating it up. How do I get logrotate, first, to run at a time when the server is not busy with other stuff (I'm actively doing stuff on the server at 7am, but not at 4am, which is why I had made that change). and/or limit its abuse of CPU cycles? Why is it seemingly not honouring the changes I made to /etc/crontab and cron.daily/logrotate? Off-list someone suggested I restart the cron daemon, which I have done. I won't know if that helped until tomorrow morning, though. According to the manpage it is not necessary to restart the daemon, so this should not fix your problem. How about you attach your crontab and the relevant parts from syslog? Also check if you have anacron installed. First, as Andrei surmised, restarting cron has made no difference. It's still starting late. My /etc/crontab is as follows: SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 ** * * rootcd / run-parts --report /etc/cron.hourly 15 4* * * roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.daily ) 07 3* * 7 roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.weekly ) 52 11 * * roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.monthly ) I DO have anacron installed. I do not know what is relevant from syslog. I find no mention of cron, crontab, or logrotate in /var/log/syslog at all. Taz -- http://tazmandevil.info taz hungry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225125339.ga13...@myownsite.me
Re: cron.daily logrotate beating up my server
On Mon, Feb 24, 2014 at 07:38:24PM -0300, André Nunes Batista wrote: On Mon, 2014-02-24 at 13:57 +0100, Tazman Deville wrote: I have a little server running here in my office, and logrotate kept running at c. 7am, and using up 100% CPU. I changed the line in /etc/crontab to run cron.daily scripts at 4:15am, instead of 7:whateveritwas am. 15 4 * * * Also, in cron.daily/logrotate I added nice -n 15 If you do not want this process to take precedence, why did you choose such a low niceness to other processes? Shouldn't you have chosen something above 10 or at least above 0? Perhaps I misunderstand, but from reading man nice, my understanding is that -20 is the hightest priority, and 19 is the lowest, so I assume 15 was low priority. I've tried to renice the process in htop now that it's running again, and that doesn't seem to be working. Taz -- http://tazmandevil.info taz hungry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225125513.gb13...@myownsite.me
Re: cron.daily logrotate beating up my server
On Mon, Feb 24, 2014 at 01:57:02PM +0100, Tazman Deville wrote: I have a little server running here in my office, and logrotate kept running at c. 7am, and using up 100% CPU. Logrotate *itself* shouldn't use much CPU. But there are a couple of things I can think that might make it do so: * A badly-behaved {pre,post}rotate script. These would, I suspect, show up as separate processes, though. * Compression of a large and/or corrupt log file. In both cases, check through your logrotate config files and try running logrotate yourself (probably with --debug). I changed the line in /etc/crontab to run cron.daily scripts at 4:15am, instead of 7:whateveritwas am. 15 4 * * * Also, in cron.daily/logrotate I added nice -n 15 I made these changes two days ago, and still, yesterday and today, logrotate is running at 7:30ami-ish, and using up almost 100% of CPU cycles. A couple more points. Is logrotate running at 7:30 simply because it's STILL running then? Also note that nicing a process won't, by itself, make the process use less that 100% CPU. It'll just make other processes more favoured. If the rest of the system is idle, then a nice process can easily use 100%. The server is an old refurbed eMachines box, 3.2ghz single core celeron with 2gb ram (was my work box from 2007 to 2011), and logrotate is beating it up. How do I get logrotate, first, to run at a time when the server is not busy with other stuff (I'm actively doing stuff on the server at 7am, but not at 4am, which is why I had made that change). and/or limit its abuse of CPU cycles? Why is it seemingly not honouring the changes I made to /etc/crontab and cron.daily/logrotate? Taz -- http://tazmandevil.info taz hungry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140224125702.ga16...@myownsite.me signature.asc Description: Digital signature
hostname does not match certificate
Using mutt this morning, I was informed that my postfix certificate had expired a few days ago. I made a new one with: openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 I'm fairly certain this is precisely how I did it a year ago. the hostname on the box is tonybaldwin.info the fqdn is tonybaldwin.info but every time I send a message, I'm told the hostname on the server doesn't match the hostname on the certificate. I'm a bit lost on that. I can accept it (I've been choosing accept (o)nce until I can resolve this, but (a)ccept always is an option) It doesn't seem to be impeding me from sending or receiving mail, but I have to wonder if it will hinder others in receiving my mail (if their provider sees a problem with my cert?). ./tony -- https://tonybaldwin.info all tony, all day long... signature.asc Description: Digital signature
Re: cron.daily logrotate beating up my server
On Tue, Feb 25, 2014 at 01:10:38PM +, Darac Marjal wrote: On Mon, Feb 24, 2014 at 01:57:02PM +0100, Tazman Deville wrote: I have a little server running here in my office, and logrotate kept running at c. 7am, and using up 100% CPU. Logrotate *itself* shouldn't use much CPU. But there are a couple of things I can think that might make it do so: * A badly-behaved {pre,post}rotate script. These would, I suspect, show up as separate processes, though. How would one diagnose this? I'm having a similar problem, but I haven't altered post/pre scripts, only the /etc/logrotate.d/ scripts for specific logs. * Compression of a large and/or corrupt log file. This shouldn't happen on a regular basis, though, should it? Unless something is routinely writing huge and/or corrupt logs, but if they're rotated daily, I can't imagine them getting huges, so we'd have to assume that maybe something is writing corrupt logs? How would I diagnose that? A couple more points. Is logrotate running at 7:30 simply because it's STILL running then? Not, it seems to be starting around that time. Runs for about 30 to 60 minutes on any given day. ./tony -- https://tonybaldwin.info all tony, all day long... signature.asc Description: Digital signature
Re: cron.daily logrotate beating up my server
2014-02-25 13:53 GMT+01:00 Tazman Deville tazmande...@gmx.com: My /etc/crontab is as follows: SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 ** * * rootcd / run-parts --report /etc/cron.hourly 15 4* * * roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.daily ) 07 3* * 7 roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.weekly ) 52 11 * * roottest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.monthly ) I DO have anacron installed. I do not know what is relevant from syslog. I find no mention of cron, crontab, or logrotate in /var/log/syslog at all. That's quite weird, indeed you should have something like that /USR/SBIN/CRON[32528]: (root) CMD ( cd / run-parts --report /etc/cron.hourly) /USR/SBIN/CRON[32528]: (root) CMD ( cd / run-parts --report /etc/cron.daily) etc etc... BTW Your crontab is correct run # run-parts --report /etc/cron.daily then # grep -i cron /var/log/syslog /r
Re: [i3]Colors and transparency problems with rxvt-unicode-color
I use URxvt*background: [95]#00, which applies a 95% transparency to black. That might be useful to you. Yes that did it. Thanks a lot. I was also having 'r' small instead of capital. Note that RXVT isn't XTerm. You'll probably find that your $TERM is 'rxvt-unicode-256color'. Yes and I changed that in the .bashrc too. But didn't help much. However uncommenting the line force_color_prompt=yes did make my prompt (user@hostname:$) coloured. But that was the same color as my background. Made it look even more uglier. -- Regards, Anubhav Yadav Imperial College of Engineering and Research, Pune. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca+jf9ahxiobuq46mms9attvof0nurpnjzr5er1tm5us7u1y...@mail.gmail.com
Re: hostname does not match certificate
On 25/02/2014 13:23, Tony Baldwin wrote: Using mutt this morning, I was informed that my postfix certificate had expired a few days ago. I made a new one with: openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 I'm fairly certain this is precisely how I did it a year ago. the hostname on the box is tonybaldwin.info the fqdn is tonybaldwin.info but every time I send a message, I'm told the hostname on the server doesn't match the hostname on the certificate. I suspect that this error message is misleading, but just to be sure, what server address are you using in your mutt config? Also can you outline how your mutt is configured to send mail (sounds like it isn't just using /usr/bin/sendmail, the default method) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530c9ffa.1070...@debian.org
Re: fancontrol wheezy Dell T7610
Dan wrote: I recently bought a workstation to do calculations. It has two Xeon processors with 16 cores and 32 threads in total. I realized that the temperature gets very high on high load typically 80C. That is way too much. Then I changed the fan speed in the bios from auto to high. Now temperatures are reasonable 45C, but it is very noise and it never stops (even with no load) I have to reboot the computer to change the fan speed.. I would like to use fancontrol but I get: /usr/sbin/pwmconfig: There are no pwm-capable sensor modules installed Do the fan connectors have 4 pins/wires (PWM control)? If not, fancontrol will not work, IIRC. It seems that lm-sensors do not read properly the fan. I get: Adapter: ISA adapter Physical id 0: +44.0°C (high = +79.0°C, crit = +89.0°C) [...] coretemp-isa-0001 Adapter: ISA adapter Physical id 1: +44.0°C (high = +79.0°C, crit = +89.0°C) [...] So 'sensors' only outputs coretemp-isa-* readings? You did run 'sensors-detect' to configure lm-sensors? Did it find any hardware sensors besides 'coretemp'? (if it didn't, and you're running Wheezy's stock kernel, it might be an option to try a more recent kernel) I edited /etc/default/grub and added GRUB_CMDLINE_LINUX_DEFAULT=quiet acpi_enforce_resources=lax as suggested in http://hydra.geht.net/tino/howto/linux/fixes/w83627hf/ But no success. I checked /proc/cmdline and the option acpi_enforce_resources=lax has been taken by the kernel. Any idea or suggestion? No clue if that option is really needed for your system... Did you add that option because you had actual problems loading a hardware sensor kernel module, or ACPI trouble? Or was that just trialerror? (not clear from what you wrote) Regards Ingmar -- assembled from 100% recycled electrons -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530caeb6.4000...@schreyben.de
Re: Am I paranoid?
Hi. On Tue, 25 Feb 2014 18:24:50 +1100 Scott Ferguson scott.ferguson.debian.u...@gmail.com wrote: My guess is that this situation is the result of invoking: dpkg -X *deb / or, simply unpacking a tarball into /. But your guess is as good as mine. Maybe, certainly my guesses as to the cause are similar... the tarball'd be tricky (debsums). No, of course not. debsums only checks files which belong to an installed package. Such 'orphan' files are invisible to debsums, regardless of the way they landed into filesystem. What I cannot understand is how exactly removing a package would fix this issue if both apt and dpkg claim that the package is not installed. *If* the package was legitimately installed - then it's removal would ease Ha's concern. Though without understanding how it happened it's no less likely to happen again. I haven't seen the result of checking the selections with dpkg. There are a couple of scenarios where the user/operator can damage the dpkg database - I'm not familiar with all of them. Possible scenario, yes. Still, installing and deinstalling a package - I see how it could work. Simply deinstalling non-installed package seems like 'magic'. It is possible[*1] vmtoolsd is a trojan - though that scenario means the rest of it's expected files would likely be there (and dpkg -S would find it) - an md5sum is a simple way to check. If you browse this part of thread up, you'll see that OP did checked the root filesystem with debsums, and debsums haven't found anything. Therefore I agree that it's unlikely that vmtoolsd is a malware. Simply re-installing a system because some one suspects a security breach - will zero evidence to support the suspicion, is not a good idea. Agreed. That's why I wrote earlier that no reinstall is necessary. Unfortunately the OP's editing combined with my free time limitations mean I'm not sure who said what - so that comment wasn't aimed at any particular participant in the thread. It's a convoluted thread and at present there's still three recent posts I haven't read. Ok, no harm done to anyone, if you ask me. I wrote this part to merely clarify things. By all mean re-install from a known clean source - but first check to see if the installation was legitimate (check package selections status), check suspect file/s. Otherwise it confirms nothing and do even less to help detect and defend against real malware. Always test when security is in doubt - but it's probably not a good idea to rule out user error. Yet, there is another thing - OP claims that he didn't install anything like this. I'd hate to hold anyone responsible for their memory - AFAIK no one can remember what they don't remember (this is why we take notes and run script) - I can only assume their memory is complete. With other areas a guess/instinct may be good enough - with security I prefer proof. Even if they didn't specifically install open-vm-tools it could well have been a dependency True. But, reading other parts of the thread, now I blame multiple reinstalls of Debian over the same partition. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225192317.adf55bd4003a38fa76de3...@gmail.com
Re: fancontrol wheezy Dell T7610
On Tue, Feb 25, 2014 at 3:54 PM, Schrey debian-u...@schreyben.de wrote: Dan wrote: I recently bought a workstation to do calculations. It has two Xeon processors with 16 cores and 32 threads in total. I realized that the temperature gets very high on high load typically 80C. That is way too much. Then I changed the fan speed in the bios from auto to high. Now temperatures are reasonable 45C, but it is very noise and it never stops (even with no load) I have to reboot the computer to change the fan speed.. I would like to use fancontrol but I get: /usr/sbin/pwmconfig: There are no pwm-capable sensor modules installed Do the fan connectors have 4 pins/wires (PWM control)? If not, fancontrol will not work, IIRC. It seems that lm-sensors do not read properly the fan. I get: Adapter: ISA adapter Physical id 0: +44.0°C (high = +79.0°C, crit = +89.0°C) [...] coretemp-isa-0001 Adapter: ISA adapter Physical id 1: +44.0°C (high = +79.0°C, crit = +89.0°C) [...] So 'sensors' only outputs coretemp-isa-* readings? You did run 'sensors-detect' to configure lm-sensors? Did it find any hardware sensors besides 'coretemp'? (if it didn't, and you're running Wheezy's stock kernel, it might be an option to try a more recent kernel) I edited /etc/default/grub and added GRUB_CMDLINE_LINUX_DEFAULT=quiet acpi_enforce_resources=lax as suggested in http://hydra.geht.net/tino/howto/linux/fixes/w83627hf/ But no success. I checked /proc/cmdline and the option acpi_enforce_resources=lax has been taken by the kernel. Any idea or suggestion? No clue if that option is really needed for your system... Did you add that option because you had actual problems loading a hardware sensor kernel module, or ACPI trouble? Or was that just trialerror? (not clear from what you wrote) Dear Ingmar, Thanks for your answer I didn't open the computer. I do not know if the fan connectors have 4 pin. I prefer not to open the computer. It is on warranty. I run sensors-detect, but no success. It only finds coretemp. The option that I added in grub was just to try something. I found out that I can control the fan with i8kutils. I can turn it on and off, but I can not use it with fancontrol. I would prefer to be able to use the fan with the standard fancontrol but at least it works. The drawback is that I can not control the speed. Thanks, Dan
Re: cron.daily logrotate beating up my server
On Tue, Feb 25, 2014 at 02:31:43PM +0100, Raffaele Morelli wrote: 2014-02-25 13:53 GMT+01:00 Tazman Deville tazmande...@gmx.com mailto:tazmande...@gmx.com: My /etc/crontab is as follows: SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user �command 17 * � �* * * � root � �cd / run-parts --report /etc/cron.hourly 15 4 � �* * * � root � �test -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.daily ) 07 3 � �* * 7 � root � �test -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.weekly ) 52 1 � �1 * * � root � �test -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.monthly ) I DO have anacron installed. I do not know what is relevant from syslog. I find no mention of cron, crontab, or logrotate in /var/log/syslog at all. That's quite weird, indeed you should have something like that /USR/SBIN/CRON[32528]: (root) CMD ( � cd / run-parts --report /etc/cron.hourly) /USR/SBIN/CRON[32528]: (root) CMD ( � cd / run-parts --report /etc/cron.daily) etc etc... BTW Your crontab is correct run # run-parts --report /etc/cron.daily This gives a lot of output. I did see an error for the existence of two scripts in /etc/logrotate.d for things I'd removed (popcon, and a friendica installation), so I removed those. I had had a problem with popcon logs a while back, where they were filling up the hdd (at least, used up 100% of my inodes), so had removed popcon. then # grep -i cron /var/log/syslog I did this earlier (actually, I did less /var/log/syslog then searched with /cron), and found nothing. Honest, I swear! Now, I just dug into the older ones, just from this past week, and found stuff like Feb 19 19:40:01 tonybaldwin /USR/SBIN/CRON[11248]: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] /usr/share/awstats/tools/update.sh) Feb 19 19:50:01 tonybaldwin /USR/SBIN/CRON[12029]: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] /usr/share/awstats/tools/update.sh) Feb 19 20:00:01 tonybaldwin /USR/SBIN/CRON[12832]: (root) CMD (/usr/local/bin/mywebstat.sh) Feb 19 20:00:01 tonybaldwin /USR/SBIN/CRON[12835]: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] /usr/share/awstats/tools/update.sh) Feb 19 20:00:01 tonybaldwin /USR/SBIN/CRON[12836]: (www-data) CMD (if [ -f /usr/share/pnopaste/bin/expired_delete.pl ]; then /usr/bin/perl /usr/share/pnopaste/bin/expired_delete.pl /dev/null; fi) But I'm using neither awstats nor pnopaste, nor have I for some time. I just purged the box of anything related to either. It seems this may help with the excessive abuse of CPU cycles, but I'm still at a loss for why logrotate is running after 7 am, when my crontab is set to run the cron.daily stuff at 4:15am. ./tony -- http://www.tonybaldwin.me art, music, software by me, tony 3F330C6E signature.asc Description: Digital signature
Re: resolv.conf misbehaving
Sounds like what you really want is for your local nameserver to forward the query if it doesn't have the answer. It might be helpful to look at the forwarders option for named.conf. resolv.conf would just need your local name server then. Pat -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225171237.gb5...@flying-gecko.net
Re: hostname does not match certificate
On Tue, Feb 25, 2014 at 01:51:54PM +, Jonathan Dowland wrote: On 25/02/2014 13:23, Tony Baldwin wrote: Using mutt this morning, I was informed that my postfix certificate had expired a few days ago. I made a new one with: openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 I'm fairly certain this is precisely how I did it a year ago. the hostname on the box is tonybaldwin.info the fqdn is tonybaldwin.info but every time I send a message, I'm told the hostname on the server doesn't match the hostname on the certificate. I suspect that this error message is misleading, but just to be sure, what server address are you using in your mutt config? Also can you outline how your mutt is configured to send mail (sounds like it isn't just using /usr/bin/sendmail, the default method) No, not sendmail. The server has postfix and dovecot, I'm using imap, not pop, and sending the mail through the dovecot smtp on the server. smtp://t...@tonybaldwin.info:passwordh...@mail.tonybaldwin.info:25 Of course, the hostname on the box is not mail.tonybaldwin.info but tonybaldwin.info for the postfix cert, I used mail.tonybaldwin.info hmmm...I didn't change the dovecot cert (doesn't expire for a while, because I redid the whole dovecot upon update to wheezy). ./tony -- https://tonybaldwin.info art, music, software by me, tony 3F330C6E signature.asc Description: Digital signature
Re: fancontrol wheezy Dell T7610
On 2/25/2014 3:47 AM, Dan wrote: I recently bought a workstation to do calculations. It has two Xeon processors with 16 cores and 32 threads in total. I realized that the temperature gets very high on high load typically 80C. That is way too much. Then I changed the fan speed in the bios from auto to high. Now temperatures are reasonable 45C, but it is very noise and it never stops (even with no load) I have to reboot the computer to change the fan speed.. ... Any idea or suggestion? Is it the CPU fans or the chassis fans generating the intolerable noise? If just the CPU fans, you can simply replace them with quieter models. If your system accepts wide coolers, two of this model would be suitable http://www.newegg.com/Product/Product.aspx?Item=N82E16835114120 If it accepts only narrow coolers, then two of these http://www.newegg.com/Product/Product.aspx?Item=N82E16835114142 The 8 core Sandy/Ivy bridge Xeons range from 95-150 watts Thermal Design Power, or 180-300 watts combined for a 2 socket system. The stock style fans required to evacuate this amount of heat, plus that of the GPU, HDDs, system chipsets, DRAM, VRMs, etc are not going to be quiet. Dual socket/professional workstations are generally not very quiet machines. Beyond replacing the CPU coolers there are a number of ways to reduce the noise while still achieving the required airflow for proper cooling. Run the fans at full RPM all the time, while damping the interior of the chassis using acoustic damping pads such as http://www.acoustiproducts.com/en/acoustipack.asp When applied correctly, thoroughly, to all interior surfaces, this will absorb much of the high frequency fan noise emitted by the CPU and chassis fans. I don't use such self stick thin foam pads as they are over priced and the performance isn't that great for the money. I use 1.5 acoustic egg crate foam attached with 3M Super 77, as the egg crate foam yields superior acoustical damping performance. http://www.parts-express.com/acoustic-sound-damping-foam-1-1-2-x-24-x-18-ul-94--260-516 This is the material used inside of speaker cabinets and recording studios. The self stick thin foam is much easier for most people to install which is why I mentioned it first. You can also use a manual fan speed controller such as http://www.newegg.com/Product/Product.aspx?Item=N82E16811999171 This allows you to fine tune noise level vs cooling performance using continuously variable knobs. This requires replacing any existing PWM fans in system with non-PWM fans if using a standard fan controller. There are some PWM controllers on the market but I'd avoid them. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530cdc9b.7090...@hardwarefreak.com
Re: resolv.conf misbehaving
On Feb 25, 2014, at 9:12 AM, Patrick Ouellette poue...@debian.org wrote: Sounds like what you really want is for your local nameserver to forward the query if it doesn't have the answer. It might be helpful to look at the forwarders option for named.conf. resolv.conf would just need your local name server then. Pat Pat's correct. That's the proper way to do what you want. If you like, you can have two forwarding server (for redundancy in case of failure of the primary server). A good way to do that is with the dnsmasq package. It provides both DNS (forwarding if you configure it) and DHCP. Configuration is remarkably easy -- it uses /etc/hosts and /etc/ethers as input. The ISC dhcp server is much more flexible, but (as a consequence) takes a lot of configuring. Dnsmasq is *way* easier. Rick -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5356b738-16bb-4149-be81-f83eb79ed...@pobox.com
Re: hostname does not match certificate
On Tue, Feb 25, 2014 at 01:08:38PM -0500, Tony Baldwin wrote: smtp://t...@tonybaldwin.info:passwordh...@mail.tonybaldwin.info:25 Of course, the hostname on the box is not mail.tonybaldwin.info If you delete 'mail.', does it stop complaining? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225211541.gb16...@bryant.redmars.org
Re: fancontrol wheezy Dell T7610
On 2/25/2014 9:53 AM, Dan wrote: ... I didn't open the computer. I do not know if the fan connectors have 4 pin. I prefer not to open the computer. It is on warranty. If you don't want to void the warranty, then don't monkey with the fan speed or accidentally shut any fans down for any amount of time. That can roast things. There are companies that sell sound killing computer cabinets for tower style computers but they're not cheap. Google is your friend. You don't strike me as the handy type but I'll suggest the most common inexpensive DIY path taken for killing PC noise. This assumes the T7610 sits on the floor next to your desk, not on it. If not, put it on the floor already. Build a 3 sided box out of 3/4 MDF with outside dimensions, matched to the T7510 11W x 18H x 28D Cover the inside and outside with low pile carpet, using 3M Super77 adhesive or simply lots of T50 1/4 staples. Wrap it around the edges and neatly trim it so it looks half way decent. Lower it over the T7610 so you have 3.5 overhang front and rear. This will pretty much kill the noise problem instantly. Carpeting the outside isn't necessary for killing noise, but looks better than bare MDF. You could use black synth wood grain Melamine or even Maple veneer if want it to really look fancy. Finish is your choice. You could substitute 1.5 thick egg crate acoustic damping foam on the inside. Carpet remnants are usually easier for most people to acquire from a store or relative/friend, probably cheaper as well, and just as effective at killing the noise. I've build a few of these in the past and they just work. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d0815.1050...@hardwarefreak.com
Re: fancontrol wheezy Dell T7610
On 2/25/2014 4:16 PM, Stan Hoeppner wrote: On 2/25/2014 9:53 AM, Dan wrote: ... I didn't open the computer. I do not know if the fan connectors have 4 pin. I prefer not to open the computer. It is on warranty. If you don't want to void the warranty, then don't monkey with the fan speed or accidentally shut any fans down for any amount of time. That can roast things. There are companies that sell sound killing computer cabinets for tower style computers but they're not cheap. Google is your friend. You don't strike me as the handy type but I'll suggest the most common inexpensive DIY path taken for killing PC noise. This assumes the T7610 sits on the floor next to your desk, not on it. If not, put it on the floor already. snip Maybe a better idea - put it on the floor next to his boss's desk and run cables from a KVM switch to his office. Noise from the computer will be the least of his worries :) But seriously, you are correct. Encasing the tower in a sound dampening box works great. Just ensure there is enough ventilation (remember air has to get in also, not just out) and that you can access the power button, DVD, USB ports, etc. Making access holes for these without compromising the sound dampening is probably the hardest part. Jerry Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d0b01.5030...@attglobal.net
Re: Am I paranoid?
On 26/02/14 02:23, Reco wrote: Hi. On Tue, 25 Feb 2014 18:24:50 +1100 Scott Ferguson scott.ferguson.debian.u...@gmail.com wrote: My guess is that this situation is the result of invoking: dpkg -X *deb / or, simply unpacking a tarball into /. But your guess is as good as mine. Maybe, certainly my guesses as to the cause are similar... the tarball'd be tricky (debsums). No, of course not. debsums only checks files which belong to an installed package. Such 'orphan' files are invisible to debsums, regardless of the way they landed into filesystem. Which, um, might make confirming the authenticity, tricky - don't you think? :) If you don't understand what tricky means you've never seen a rabbit pulled from a hat, or a girl sawn in half (magic/illusion). The OP didn't post the results of mounting the filesystem and checking against the md5sums (or where they are) for the files (installed packages or everything in /bin /sbin ??). Until it's confirmed what files *were checked* it's assumptions all the way down. snipped Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d1a05.8030...@gmail.com
USB storage exposes two superfloppy devices in Ubuntu, but Debian testing won't recognize it.
Hello all, I have a YP-GS1 Samsung Galaxy player that I'm trying to uses as usb-storage in Debian testing, but I plug it in and don't get any of the device files or partitions detected. In Ubuntu, where it does work, this is some info: $ dmesg |tail [173296.103783] sd 7:0:0:1: [sdd] 15556608 512-byte logical blocks: (7.96 GB/7.41 GiB) [173296.104529] sd 7:0:0:1: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [173296.109066] sdd: [173304.294969] sd 7:0:0:0: [sdc] 9928704 512-byte logical blocks: (5.08 GB/4.73 GiB) [173304.295875] sd 7:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [173304.300906] sdc: $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:00 931.5G 0 disk ├─sda1 8:10 37.3G 0 part / ├─sda2 8:20 7.6G 0 part [SWAP] └─sda3 8:30 886.6G 0 part /home sr0 11:01 1024M 0 rom sdc 8:32 1 4.8G 0 disk /media/404E-5EB1 sdd 8:48 1 7.4G 0 disk /media/Kingston I understand the devices are formated using superfloppy mode, is this correct? Is there something obvious I'm missing in Debian testing? I'll attach the same info from the Debian box as soon a soon as I get home. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d200e.3000...@gmail.com
Re: ethernet and wifi together
On Mon, Feb 24, 2014 at 03:32:08PM +0100, S3v3ran . wrote: Hello My scenario is the following. I'm connected to the wired network, which is the default network i'm using. The default gateway, DNS server and everything else is via this interface. On the other side i have some virtual machines inside and i need them to use the bridged wifi connection (because the wired one is behind a proxy server). For this i also need to have connected the wireless network (using WPA2-PSK). When i use Wicd. When i use Wicd to connect to wifi, it automatically disconnects me from ethernet and when i connect to ethernet, it disconnects me from wifi. Both connections (wifi and wired) should be configured dynamically (i'm using various networks at home or in the company). I tried a network-manager but I couldn't connect to wifi with it. Is there a way how to connect dynamically to both interfaces, using the eth0 as default route? Thanks in advance. Severan I had a similar problem, and I will get to it in a second. But first: bridged Wifi might not work. Some AP refuse to accept packages, which are not from the interface bound to it. So you would have to masquerade those packages with ebtables. Here how I did it. I created a dummy-bridge which is completely internal in /etc/network/interfaces ... iface dummy0 inet manual auto br0 iface br0 inet static address 10.0.77.1 network 10.0.77.0 netmask 255.255.255.0 broadcast 10.0.77.255 bridge_ports dummy0 bridge_stp yes post-up /bin/echo 1 /proc/sys/net/ipv4/ip_forward post-up /sbin/iptables --table filter --insert INPUT --source \ 10.0.77.0/255.255.255.0 -j ACCEPT post-up /sbin/iptables --table filter --insert FORWARD --source \ 10.0.77.0/255.255.255.0 -j ACCEPT post-up /sbin/iptables --table filter --insert FORWARD \ --destination 10.0.77.0/255.255.255.0 --match state --state \ ESTABLISHED,RELATED -j ACCEPT post-up /sbin/iptables --table nat --insert POSTROUTING --source \ 10.0.77.0/255.255.255.0 ! --destination 10.0.77.0/255.255.255.0 -j \ MASQUERADE pre-down /sbin/iptables --table filter --delete INPUT --source \ 10.0.77.0/255.255.255.0 -j ACCEPT pre-down /sbin/iptables --table filter --delete FORWARD --source \ 10.0.77.0/255.255.255.0 -j ACCEPT pre-down /sbin/iptables --table filter --delete FORWARD \ --destination 10.0.77.0/255.255.255.0 --match state --state ESTABLISHED,RELATED -j ACCEPT pre-down /sbin/iptables --table nat --delete POSTROUTING --source \ 10.0.77.0/255.255.255.0 ! --destination 10.0.77.0/255.255.255.0 -j \ MASQUERADE ... So 10.0.77.0/24 is my xen network for all my virtual domains. It just will work with the default vif-bridge script. I also use dnsmasq to serve all virtual machines with a proxy dns server. Then I agree with my previous poster. Get rid of any network manager. Install wpasupplicant for your wifi and manage the ethernet with resolvconf. -H -- Henning Follmann | hfollm...@itcfollmann.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225232000.gc25...@newton.itcfollmann.com
Re: ethernet and wifi together
On Mon, Feb 24, 2014 at 03:32:08PM +0100, S3v3ran . wrote: Hello My scenario is the following. I'm connected to the wired network, which is the default network i'm using. The default gateway, DNS server and everything else is via this interface. On the other side i have some virtual machines inside and i need them to use the bridged wifi connection (because the wired one is behind a proxy server). For this i also need to have connected the wireless network (using WPA2-PSK). When i use Wicd. When i use Wicd to connect to wifi, it automatically disconnects me from ethernet and when i connect to ethernet, it disconnects me from wifi. Both connections (wifi and wired) should be configured dynamically (i'm using various networks at home or in the company). I tried a network-manager but I couldn't connect to wifi with it. Is there a way how to connect dynamically to both interfaces, using the eth0 as default route? Thanks in advance. I'm not sure if this will work, but you could remove the wired interface device in wicd's preferences, then use /etc/network/interfaces to configure the wired interface like this: allow-hotplug eth0 iface eth0 inet dhcp -Rob signature.asc Description: Digital signature
Netflix on Sid, no wine.
Hi, A few days ago Google News carried this: http://www.makeuseof.com/tag/easily-enable-silverlight-watch-netflix-linux/ I tried it and it works as advertized, an easy installation and Netflix works. IMO the latter is overrated: mostly old hat hu hum movies. Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/lejlqp$5cg$1...@ger.gmane.org
Re: Am I paranoid?
Hi. On Wed, 26 Feb 2014 09:32:37 +1100 Scott Ferguson scott.ferguson.debian.u...@gmail.com wrote: No, of course not. debsums only checks files which belong to an installed package. Such 'orphan' files are invisible to debsums, regardless of the way they landed into filesystem. Which, um, might make confirming the authenticity, tricky - don't you think? :) The authenticity of a Debian install - yep, using debsums proves nothing in this case. The authenticity of stock shell (/bin/bash), remote control (/usr/sbin/sshd) - this is where debsums works wonders. The whole point of running debsums was to ensure that nobody replaced any binaries managed by package manager. If you don't understand what tricky means you've never seen a rabbit pulled from a hat, or a girl sawn in half (magic/illusion). The OP didn't post the results of mounting the filesystem and checking against the md5sums (or where they are) for the files (installed packages or everything in /bin /sbin ??). Until it's confirmed what files *were checked* it's assumptions all the way down. Indeed, you're correct. Still, given this debsums behavior: # ls -al /mnt total 8 drwxr-xr-x 2 root root 4096 Jan 18 21:13 . drwxr-xr-x 25 root root 4096 Jan 2 19:39 .. # debsums -ac -r /mnt dpkg-query: error: failed to open package info file `/mnt/var/lib/dpkg/status' for reading: No such file or directory debsums: dpkg-query --admindir=/mnt/var/lib/dpkg --showformat=${Package} … And assuming OP invoked debsums exactly as shown (see [1]) - I suspect that at least / and /var was mounted into /mnt during the check. [1] http://lists.debian.org/lefrlt$7f4$1...@ger.gmane.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140226094630.1428e611a245b3f209628...@gmail.com
Re: resolv.conf misbehaving
Hi, O.k guys, I think I sorted it out. I can do both forward and reverse lookups now. My life is normal again ... Pascal, you remind me of my maths teacher in high school ... very stern and to the point ... :) ... In the end I had to pay attention (again) to DHCP ... like many of you suggested ... It would appear as if DHCP is stronger than other users of resolv.conf and it has the last say as to what goes into resolv.conf ... by reading (a few times) the suggestions on this thread I finally did something right (don't even ask, cause I can't remember, was watching NASCAR while doing it ) ... Once again, thanks to all Have a nice day Danny On Feb 24 14, Pascal Hambourg : To: debian-user@lists.debian.org Date: Mon, 24 Feb 2014 22:46:23 +0100 From: Pascal Hambourg pas...@plouf.fr.eu.org Subject: Re: resolv.conf misbehaving User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) X-Loop: debian-user@lists.debian.org Danny a écrit : Warning : this setup is wrong and may not work as you expect. All listed nameservers should be equivalent. Multiple nameservers are only for redundancy, not to provide multiple sources. If you query the first server for an information out of its scope, it may reply negatively (status: NXDOMAIN or NOERROR, ANSWER: 0) and the next server won't be queried. So in the end you won't get your answer. However, what would be the point of giving resolv.conf multiple nameserver options then I wrote it : redundancy. if one cannot force (for lack of a better word) it, or even arbitrarily change the order in which servers can be queried? You can force or change the order of the nameservers. /etc/resolv.conf even has an option rotate to do round-robin among the listed nameservers. What you cannot do is expect the current resolver library to : - ask a given nameserver for a given type of queries (e.g. external names), and another nameserver for another given type of queries (e.g. internal names) ; - ask the next nameserver if the previous nameserver replied that the requested name does not exist or does not have a resource record for the requested type (aka negative answer). The setup I had (Debian 3.0) worked. Unfortunately smart devices and more wireless laptops demanded attention. So I upgraded (clean install) to Debian 7.0. All I want to do is for all wireless devices to get DHCP from Debian (not the router) and query Debian (not the router) for name resolution. Simple as that. Why then are you messing with the router's nameserver ? If you need to resolve both internal and external names, I suggest that you query only the Debian nameserver and configure it to reply to recursive queries, either by itself or by forwarding them to the router's nameserver. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/530bbdaf.3090...@plouf.fr.eu.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140226063219.GC4113@fever.havannah.local
Re: fancontrol wheezy Dell T7610
On 2/25/2014 3:28 PM, Jerry Stuckle wrote: ... Encasing the tower in a sound Damping not dampening. To dampen something is to add moisture to it. To damp an object is to lower its resonance frequency. One cannot add moisture to sound waves thus there is no such thing as sound dampening. Please use the correct terminology. Saying sound dampening is like fingernails on a chalk board to audio engineers. On 2/25/2014 4:16 PM, Stan Hoeppner wrote: Build a 3 sided box out of 3/4 MDF... Just ensure there is enough ventilation (remember air has to get in also, not just out) and that you can access the power button, DVD, USB ports, etc. A 3 sided box is by definition open at the front, rear, and bottom, so front panel access is not an issue. Making access holes for these without compromising the sound dampening is probably the hardest part. Not at all. The goal here is not to make the workstation completely silent, but to decrease the SPL of the mid and high frequencies to little more than room background noise level at the ears when seated in the desk chair. An acoustically damped 3 sided box with small front/rear overhangs accomplishes this, in the two ways that matter: 1. The damping material, whether carpet or acoustical egg crate foam, absorbs most of the mid and high frequency sound energy generated by the fans. These sound waves normally radiate not only out the front/rear case vents, but also through the thin sheet steel and plastic panels which tend to resonate at or near these frequencies. In the stock configuration the fan noise radiates in all directions, but not uniformly. 2. Because the sound pressure level of mid/high frequencies drops at a much higher rate off axis from ear position, any sound energy at these frequencies not absorbed by the damping material propagates at floor level out the front and back only. By absorbing most, then directionally focusing the remaining mid/high frequency waves, which are now of greatly decreased amplitude due to the damping material in the overhangs, the noise is barely audible while seated in the chair. You must kneel down to floor level to really hear the fans now. This solution works without compromising access to the machine, or compromising cooling capacity. The T7610 is a true business workstation, with front-to-back only airflow. This 3 sided damping shroud will not work with PCs which have side air intakes, top exhausts, etc. This should be common sense to everyone, but not everyone has common sense, so I'm attempting to head off further me too posts. I tend to only reply to thread topics of which I am a subject matter expert. You made the mistake of assuming that a DIY suggestion implies amateur knowledge, then proceeded to display your truly amateur understanding of the subject matter. I don't post to debian-user that often, but there are folks on this list who know they can take the information and analysis I present straight to the bank. They know the level of expertise and analysis that goes into each and every one of my posts, even those in which I don't give the 2-3 page explanation up front, but the short version which assumes the reader knows a little bit about the subject. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/530d8bf3.1080...@hardwarefreak.com
Re: very slow Xorg and/or bash
Hi, I think you are looking for the answer in the wrong place. Remember that Xorg is totally network aware. When it starts up, it checks your hostname and resolv.conf file. A bad configuration of these two will slow Xorg down considerably. The reason I say this is because very recently (last week or so) I ran into a few problems with DNS, and whenever I misconfigured one of these files Xorg would take up to 15 seconds and sometimes even more to start. Also, I had slow logins with terminals. Properly configuring these two files rectified the problem. Hope it helps Danny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140226065445.GD4113@fever.havannah.local