Re: Redirect HTTPS with Squid3+Squidguard

[Bob Proulx]

Sven Hartge wrote:
 Michael I. wrote:
  Is there really no way to redirect https request to an errorpage with
  squid3+squidguard?
 
 Short answer: No, there is not. 

+1, No there is not for the reasons Sven described.

 Long answer: The only way is to setup a transparent proxy, intercepting
 any outbound connection and terminating the encryption on the proxy. You
 will need a fake CA certificate with which the proxy is able to create
 fake server certificates so the client still thinks it is connected to
 the real server.
 
 And here it gets a) dangerous and b) expensive.

It is extremely bad, bad, bad, as well as dangerous.  I haven't been
following the news in great detail but read all about Komodia's recent
news articles.  Komodia's cracking tools are used in Superfish and
Lenovo was in trouble for pre-installing Superfish.

They apparently do exactly the above of setting up a fake certificate
authority on the local machine and proxying https through.  And made
multiple mistakes in the implementation making them a security
disaster in multiple different ways.  Very bad.  There are many news
articles on the debacle to read all about it.  Don't do it.

Bob


signature.asc
Description: Digital signature

Re: sound vanished with a reboot?

[Ric Moore]

On 03/22/2015 02:41 AM, Lisi Reisz wrote:

On Sunday 22 March 2015 06:12:48 Ric Moore wrote:

On 03/21/2015 10:12 PM, Gene Heskett wrote:

Greetings audio guru's;

All sound Except the new mail beep from kmail, vanished with the first
reboot after 20 days uptime while dinking around with what was sold to
me as a new 2Tb Toshiba drive, but which did not turn out to be a
sealed box.  I do not think its related.

Pursuant to someones suggestions, I installed pavuctl and pavumeter this
morning early, but according to synaptic, that is the extent of the pulse
install, no other pulse stuff is seen as installed by synaptic.  And of
coarse, they don't work, no server.


KDE has it's own notion of sound. Good luck! :0 Ric


Gene is using TDE now.


But he uses kmail. I bet it drug phonon, the KDE sound manager, into his 
mix.



You don't mention it, Gene, but what about pulseaudio itself?


he's not running the pulse server, he said. :) Ric


--
My father, Victor Moore (Vic) used to say:
There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome. R.I.P. Dad.
http://linuxcounter.net/user/44256.html


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550e8793.30...@gmail.com

[BUG]Shellshock

[Rodrigo Cunha]

Srs, encontrei este erro no meu laboratorio com Debian 6.
Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar
porque sei que existem muitos servidores que não tem uma atualização
sistematica do S/O e como estamos com O debian 7.
Segundo o texto que li, ele permite que via protocolos distintos podem ser
enviados comandos remotos para o seu server/desktop.


root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
vulneravel
root@DEB-TEST:~# cat /etc/issue
Debian GNU/Linux 6.0 \n \l

root@DEB-TEST:~# uname -a
Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
GNU/Linux
root@DEB-TEST:~#


-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: sound vanished with a reboot?

[Gene Heskett]

On Sunday 22 March 2015 02:41:54 Lisi Reisz wrote:
 On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
  On 03/21/2015 10:12 PM, Gene Heskett wrote:
   Greetings audio guru's;
  
   All sound Except the new mail beep from kmail, vanished with the
   first reboot after 20 days uptime while dinking around with what
   was sold to me as a new 2Tb Toshiba drive, but which did not turn
   out to be a sealed box.  I do not think its related.
  
   Pursuant to someones suggestions, I installed pavuctl and
   pavumeter this morning early, but according to synaptic, that is
   the extent of the pulse install, no other pulse stuff is seen as
   installed by synaptic.  And of coarse, they don't work, no server.
 
  KDE has it's own notion of sound. Good luck! :0 Ric

 Gene is using TDE now.

 You don't mention it, Gene, but what about pulseaudio itself?

Not installed, never was IIRC.

 And is your sound card OK?  Perhaps run a live CD to check?

I tried that too, same failure, but I did find it, by doing something I 
haven't had to do in years, install  alsamixer and its gui, which showed 
that it had all turned itself off.  Turned it up, works.  Found the 
keyboard volume control didn't work until I had quit the alsamixer, they 
fought tooth and nail for control when the mixer was running.

Thanks Lisi

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503220410.46294.ghesk...@wdtv.com

Re: sound vanished with a reboot?

[Gene Heskett]

On Sunday 22 March 2015 05:12:51 Ric Moore wrote:
 On 03/22/2015 02:41 AM, Lisi Reisz wrote:
  On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
  On 03/21/2015 10:12 PM, Gene Heskett wrote:
  Greetings audio guru's;
 
  All sound Except the new mail beep from kmail, vanished with the
  first reboot after 20 days uptime while dinking around with what
  was sold to me as a new 2Tb Toshiba drive, but which did not turn
  out to be a sealed box.  I do not think its related.
 
  Pursuant to someones suggestions, I installed pavuctl and
  pavumeter this morning early, but according to synaptic, that is
  the extent of the pulse install, no other pulse stuff is seen as
  installed by synaptic.  And of coarse, they don't work, no server.
 
  KDE has it's own notion of sound. Good luck! :0 Ric
 
  Gene is using TDE now.

 But he uses kmail. I bet it drug phonon, the KDE sound manager, into
 his mix.

Maybe.  But I see /opt/trinity/artsd running via htop.  No hint of phonon 
in that  171 item list.  But I see iceweasal went on a binge and cooked 
the cpu all night.  Thats another pet peeve. If I click the quit dot, 
the SOB should quit clean. About 10% of the time it doesn't. Buggier 
than a 10 day old carcass. But I can point that same finger and sharpen 
it like a schoolchild at firefox if it was installed.

My hearings direction finder isn't as good as it was even 20 years ago, 
and it was just last night that I discovered the kmail beep isn't mono 
on center, its either the pc's own speaker, or right channel only, and I 
strongly suspect its the pc's own speaker that is making the incoming 
mail beep.  From where I sit, the direction of the right speaker and the 
pc's speaker are in line but one is on the table and one is under the 
table.

That beep does not seem to be subject to the keyboard volume control to 
the extent it effects the main sound. That clue I'd throw it at the pc's 
speaker, however I just turn it down to 50%, a good 30 db down just to 
check that theory. It should have lowered the beep to inaudible, but its 
the same. So that has got to be the pc's speaker.

  You don't mention it, Gene, but what about pulseaudio itself?

 he's not running the pulse server, he said. :) Ric

Correct.

Thanks all.

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503220916.58913.ghesk...@wdtv.com

Configurar squid.conf versão 3.3.8

[Roberto Brandão]

Bom dia 

Amigos estou tentando configurar o squid.conf para um amigo que esta na
versão 3.3.8.

Ele esta usando o ubuntu 14.04 lts, sei que muitos vão falar que ele
deve perguntar na lista do ubuntu,  mais me prontifiquei em ajuda-lo e
recorro aos amigos que possa me fazer essa gentileza, tentei fazer
algumas modificações mais mesmo ao rodar o squid3 -k reconfigure ele da
a mensagem: erro ao executar a copia 

não sei como configurar ele, estou lhe mandando uma copia do meu
squid.conf para analise, pois o dele é uma copia do meu.

Atenciosamente, 

Roberto Brandão


# Autor: Roberto Brandão - robertobran...@msn.com
# Arquivo: /etc/squid3/squid.conf
#
# Politicas de Acesso a Internet (AI) adotadas
#*
#
# 01. Definir AI somente para PCs da rede interna (Intranet)
# 02. Definir AI para todos PCs, fora do horário de expediente
# 03. Proibir AI de determinados PCs no horário de expediente
# 04. Definir lista de PC(s) sem AI (bloqueados) 24h/dia
# 05. Proibir uso do Internet Explorer (Estimular Firefox)
# 06. Definir PC(s) com permissão para uso do Internet Explorer
# 07. Proibir formatos de vídeos, áudio e arquivos de risco
# 08. Proibir palavras e sites impróprios/imoral
# 09. Proibir downloads com mais de 5 MB
# 10. Definir PC(s) (admin) com privilegio total de AI
# 11. Bloqueia os malware na rede local 
# 12. Libera apenas sites cadastrado
#
# OBS: O controle dos computadores (PC) é feito pelo seu
# endere�o f�sico (MAC) e n�o pelo IP.
#
# Configura��o Geral
#***
#
http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 1000 MB

#Alto limpeza do Cache
cache_swap_low 90
cache_swap_high 95

#Tamanho maximo e minimo pra armazena no cache 
maximum_object_size 3000 MB
minimum_object_size 40 KB

cache_dir ufs /var/spool/squid3 9 16 256

cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log
pid_filename /var/run/squid3.pid
mime_table /usr/share/squid3/mime.conf

cache_mgr rbsolut...@rbsolution.com.br
memory_pools off

diskd_program /usr/lib/squid3/diskd
unlinkd_program /usr/lib/squid3/unlinkd

#emulate_httpd_log off
visible_hostname srvnet

ftp_user r...@root.com.br
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320
quick_abort_max 16 KB
quick_abort_pct 95
quick_abort_min 16 KB
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 KB


# acl - Recomendadas
#***
#
#acl all src 0.0.0.0/0.0.0.0
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32
#acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#
# acl - Personalizadas
#*
#
#Regras para autentica��o
##auth_param basic program /usr/lib/squid3/ncsa_auth 
/etc/squid3/list/squid_passwd.txt
##auth_param basic children 5
##auth_param basic realm Digite o Usuario e Senha de Acesso a Internet
# *** Faz Autentica��o
##acl autenticados proxy_auth REQUIRED
# *** Lista de Usu�rios com restri��o
##acl aut_usuario proxy_auth /etc/squid3/list/autusuario.txt 
#
#
# *** Libera siste cadastrado
acl sitelib dstdom_regex /etc/squid3/list/sitelivre.txt
#
# *** Lista de Bloqueio de Malware
acl malware_list url_regex -i /etc/squid3/list/malware.txt
#
# *** Lista de Bloqueio de Porno
acl porno_list url_regex -i /etc/squid3/list/lstblackporno.txt
#
# *** Define portas liberadas
acl Safe_ports port 3050 # Interbase/Firebird
#
# *** Define a rede interna (Intranet)
acl intranet src 10.0.0.0/24
#
# *** Define PC(s) com privilegio total - CUIDADO!
acl admin arp /etc/squid3/list/admin.txt
#
# *** Define a lista de PC(s) autorizados ao acesso a Internet
acl internet arp /etc/squid3/list/internet.txt
#
# *** Define a lista de sites improprios
acl improprio dstdom_regex /etc/squid3/list/sitebloq.txt
#
# *** Define a lista de sites confiaveis
acl confiavel dstdom_regex /etc/squid3/list/siteconf.txt
#
# *** Define a lista de palavras improprias
acl palavra url_regex -i /etc/squid3/list/palavra.txt
#
# *** Define os formatos de video, audio e outros de risco
acl video urlpath_regex /etc/squid3/list/videodown.txt
acl audio urlpath_regex /etc/squid3/list/audiodown.txt
acl risco urlpath_regex /etc/squid3/list/riscodown.txt
#
# *** Define o browser Internet Explorer
acl ie_browser browser ^Mozilla/4.0 ^Mozilla/5.0 .compatible; MSIE
#
# 

Re: Ejecutar aplicaciones como root sin ingresar la pass

[Gonzalo Rivero]

El sáb, 21-03-2015 a las 13:51 -0300, matlnx1...@gmail.com escribió: 
 Buenas tardes:
  Tal vez alguien pueda tirarme alguna ayuda de por 
 donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy 
 necesitando generar un acceso directo en Debian 7, para varias 
 aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para 
 abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como 
 root (previo a ingresar la pass), ejecutar la aplicación.
  Se que no parece mucho pero es muy tedioso tener 
 que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos 
 para ejecutar esas aplicaciones sin tener la pass de root.
 
 Gracias de antemano
 Mati
 
 

consideraciones de seguridad aparte (usar la cuenta de root para tareas
diarias es como usar una cuenta con privilegios administrativos en
windows, en especial cuando NO se sabe que se hace) : 
alt-f2 (al menos en gnome)
gksu programa


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1427023270.1737.3.ca...@gmail.com

Re: [BUG]Shellshock

[Rodrigo Cunha]

O bash 4.1  Tinha essa vulnerabilidade, fiz o upgrade para o 4.2.37 e
agora não tem mais a vulnerabilidade.
Fiquei curioso de como eu poderia explorar esta vulnerabilidade em meu
ambiente de laboratorio para fins academicos, isso poderia render um bom
artigo para a comunidade de SLivre, principalmente se conseguíssemos
demostrar os perigos na pratica.


Em 22 de março de 2015 13:28, Rodrigo Cunha rodrigo.root...@gmail.com
escreveu:

 Solução,
 adicione os repositorios :
 deb http://ftp.br.debian.org/debian/ wheezy main
 deb-src http://ftp.br.debian.org/debian/ wheezy main
 Executei:
 sudo apt-get update
 sudo apt-get install --only-upgrade bash gcc-4.4

 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com escreveu:

 Que mistureba...

 Mas com relação ao bug veja qual versão do bash é a vulnerável e qual
 está instalada na sua máquina... assimo como os pacotes do referentes
 ao SSL... procure no google, sites com CVE's por exemplo, ou na parte
 de segurança do debian no seu site...

 [  ] 's

 Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu:
  Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
  com gNewSense e com algumas dúvidas
 
  Coloquei no terminal:
  root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
  vulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
  unvulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
  unvulneravel
 
  Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:
 
  deb http://ftp.at.debian.org/debian-backports/
 squeeze-backports
  main
  deb http://ftp.de.debian.org/debian squeeze main
 
 
  ## LTS
  deb http://http.debian.net/debian/ squeeze-lts main
  deb-src http://http.debian.net/debian/ squeeze-lts main
 
  deb http://http.debian.net/debian/ squeeze main
  deb-src http://http.debian.net/debian/ squeeze main
 
  deb http://http.debian.net/debian squeeze-lts main
  deb-src http://http.debian.net/debian squeeze-lts main
  # LTS
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
  Binary 20140205-19:57]/ parkes main
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
  Binary 20140205-19:57]/ parkes main
 
  # Line commented out by installer because it failed to verify:
  deb http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
  # Line commented out by installer because it failed to verify:
  deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
 
  # parkes-updates, previously known as 'volatile'
  # A network mirror was not selected during install.  The
  following entries
  # are provided as examples, but you should amend them as
  appropriate
  # for your mirror of choice.
  #
  deb http://ftp.debian.org/debian/ parkes-updates main
  deb-src http://ftp.debian.org/debian/ parkes-updates main
 
  deb http://backports.debian.org/debian-backports
  squeeze-backports main
  deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
  deb http://mozilla.debian.net/ squeeze-backports icedove-esr
  # deb http://debian.net/debian experimental main
  # deb http://mozilla.debian.net/ experimental iceweasel-beta
 
 
  Então faço apt-get update e apt-get upgrade e ele me oferece
 
  164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
  removidos e 46 não atualizados.
  É preciso baixar 172 MB de arquivos.
  Depois desta operação, 51,9 MB de espaço em disco serão
 liberados.
 
 
  Posso e devo atualizar sem medo?
  Como sempreatualizei o gNewSense, então posso ter atualizado para o
  necessário antes. Como posso ver se o pacote instalado é o vulnerável,
  como era possível ver o do OpenSSL?
 
  Att.
 
  On 22-03-2015 10:35, Rodrigo Cunha wrote:
  Srs, encontrei este erro no meu laboratorio com Debian 6.
  Li no facebook que isso é um bug do bash.O Shellshock, pensei em
  divulgar porque sei que existem muitos servidores que não tem uma
  atualização sistematica do S/O e como estamos com O debian 7.
  Segundo o texto que li, ele permite que via protocolos distintos podem
  ser enviados comandos remotos para o seu server/desktop.
 
 
  root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
  vulneravel
  root@DEB-TEST:~# cat /etc/issue
  Debian GNU/Linux 6.0 \n \l
 
  root@DEB-TEST:~# uname -a
  Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
  GNU/Linux
  root@DEB-TEST:~#
 
 
  --
  Atenciosamente,
  Rodrigo da Silva Cunha
 
 
 


 --
 |  .''`.   A fé não dá respostas. Só impede perguntas.
 | : :'  :
 | `. `'`
 |   `-   Je vois tout


 --
 To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
 with a subject of 

Re: Mostrar imagen en monitor con cable HDMI no da pie con bola

[Miguel Matos]

El día 20 de marzo de 2015, 10:14, Camaleón noela...@gmail.com escribió:
 El Thu, 19 Mar 2015 19:15:16 -0430, Miguel Matos escribió:

 El día 19 de marzo de 2015, 19:05, Carlos Zuniga carlos@gmail.com
 escribió:
 2015-03-19 17:32 GMT-05:00 Miguel Matos unefistano...@gmail.com:
 Saludos a la lista. Aprovecho para utilizar de nuevo este medio para
 pedir otra consulta: la semana pasada por fin compré un cable HDMI
 para mostrar mejor la imagen y el audio. Mi sorpresa es mayor cuando
 veo que en mi Debian no puedo pasar la imagen. Pruebo con WIN7 para
 descartar fallas y ahí sí que la muestra. Pruebo un vídeo corto en HD,
 y va de perlas. Entonces, ¿qué no estoy haciendo bien en Debian?


 Qué tarjeta de video utilizas? Con qué drivers? y que configuración? y
 no funciona en modo consola? estas tratando de expandir el escritorio
 entre 2 pantallas (una HDMI, la otra VGA) o mostrar el escritorio solo
 en una?

 Busco conectar mi laptop a la televisión de la alcoba, que tiene entrada
 HDMI. Pero en Debian no hay respuesta. Y sí, busco expandir el
 escritorio para poder ver las pelis desde esa pantalla más grande. Esa
 es una de las opciones.

 Además de indicarnos lo que te pregunta Carlos (tarjeta y driver usado)
 manda la salida de xrandr -q con la conexión HDMI conectada,
 obviamente, a ver qué dice.

 Ssaludos,

 --
 Camaleón


 --
 To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: https://lists.debian.org/pan.2015.03.20.14.44...@gmail.com

A vr...:

$ xrandr -q
Screen 0: minimum 320 x 200, current 2304 x 800, maximum 8192 x 8192
LVDS1 connected 1280x800+0+0 (normal left inverted right x axis y
axis) 331mm x 207mm
   1280x800   60.0*+   50.0
   1024x768   60.0
   800x60060.3 56.2
   640x48059.9
VGA1 disconnected (normal left inverted right x axis y axis)
HDMI1 connected 1024x768+1280+32 (normal left inverted right x axis y
axis) 747mm x 420mm
   1360x768   60.0 +
   1920x1080  60.0 50.0 59.9 24.0 24.0
   1920x1080i 30.0 25.0 30.0
   1280x720   60.0 50.0 59.9
   1440x576i  25.0
   1024x768   75.1 70.1 60.0*
   1440x480i  30.0 30.0
   800x60072.2 75.0 60.3 56.2
   720x57650.0
   720x48060.0 59.9
   640x48075.0 72.8 60.0 59.9
   720x40070.1
DP1 disconnected (normal left inverted right x axis y axis)
DP2 disconnected (normal left inverted right x axis y axis)

Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué:
había que inicar la sesión Debian con el cable conectado. ¿Todo bien?
No lo creo. En lo que escribo esto estoy viendo una serie en calidad
HD, pero, sólo suena en la laptop, en la tele nada de nada. ¿Qué no se
habrá configurado bien?
-- 
Ayuda para hacer preguntas inteligentes: http://is.gd/NJIwRz


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/calevjmtyke4exhvts0dv55tut_ne5p0_rgw8g7f-ij5su_g...@mail.gmail.com

Re: [BUG]Shellshock

[Thiago Zoroastro]

Olha isso

# bash --version
GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


No repositório do gNewSense está como nenhum pacote para ser atualizado.
Como verifico a vulnerabilidade? Como posso saber se este bash está
vulnerável?

Att.



On 22-03-2015 13:32, Rodrigo Cunha wrote:
 O bash 4.1  Tinha essa vulnerabilidade, fiz o upgrade para o 4.2.37 e
 agora não tem mais a vulnerabilidade.
 Fiquei curioso de como eu poderia explorar esta vulnerabilidade em meu
 ambiente de laboratorio para fins academicos, isso poderia render um
 bom artigo para a comunidade de SLivre, principalmente se
 conseguíssemos  demostrar os perigos na pratica.


 Em 22 de março de 2015 13:28, Rodrigo Cunha rodrigo.root...@gmail.com
 mailto:rodrigo.root...@gmail.com escreveu:

 Solução,
 adicione os repositorios :
 deb http://ftp.br.debian.org/debian/ wheezy main
 deb-src http://ftp.br.debian.org/debian/ wheezy main
 Executei:
 sudo apt-get update
 sudo apt-get install --only-upgrade bash gcc-4.4

 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com
 mailto:pjotam...@gmail.com escreveu:

 Que mistureba...

 Mas com relação ao bug veja qual versão do bash é a vulnerável
 e qual
 está instalada na sua máquina... assimo como os pacotes do
 referentes
 ao SSL... procure no google, sites com CVE's por exemplo, ou
 na parte
 de segurança do debian no seu site...

 [  ] 's

 Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br
 mailto:thiago.zoroas...@bol.com.br escreveu:
  Obrigado ao Antonio Terceiro por lembrar que o Debian LTS
 existe. Estou
  com gNewSense e com algumas dúvidas
 
  Coloquei no terminal:
  root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
  vulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
  unvulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
  unvulneravel
 
  Coloquei as linhas do Debian LTS sem contrib e non-free.
 Sources.list:
 
  deb http://ftp.at.debian.org/debian-backports/
 squeeze-backports
  main
  deb http://ftp.de.debian.org/debian squeeze main
 
 
  ## LTS
  deb http://http.debian.net/debian/ squeeze-lts main
  deb-src http://http.debian.net/debian/ squeeze-lts main
 
  deb http://http.debian.net/debian/ squeeze main
  deb-src http://http.debian.net/debian/ squeeze main
 
  deb http://http.debian.net/debian squeeze-lts main
  deb-src http://http.debian.net/debian squeeze-lts main
  # LTS
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386
 LIVE/INSTALL
  Binary 20140205-19 tel:20140205-19:57]/ parkes main
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386
 LIVE/INSTALL
  Binary 20140205-19 tel:20140205-19:57]/ parkes main
 
  # Line commented out by installer because it failed
 to verify:
  deb
 http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
  # Line commented out by installer because it failed
 to verify:
  deb-src
 http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
 
  # parkes-updates, previously known as 'volatile'
  # A network mirror was not selected during install.  The
  following entries
  # are provided as examples, but you should amend them as
  appropriate
  # for your mirror of choice.
  #
  deb http://ftp.debian.org/debian/ parkes-updates main
  deb-src http://ftp.debian.org/debian/ parkes-updates
 main
 
  deb http://backports.debian.org/debian-backports
  squeeze-backports main
  deb http://mozilla.debian.net/ squeeze-backports
 iceweasel-esr
  deb http://mozilla.debian.net/ squeeze-backports
 icedove-esr
  # deb http://debian.net/debian experimental main
  # deb http://mozilla.debian.net/ experimental
 iceweasel-beta
 
 
  Então faço apt-get update e apt-get upgrade e ele 

apt-get update W: A error occurred during the signature verification.

[David Christensen]

debian-user:

I've been seeing apt-get update failures lately:

2015-03-22 08:52:02 root@i72600s ~
# apt-get update
Hit http://approx wheezy Release.gpg
Get:1 http://approx wheezy-updates Release.gpg [836 B]
Hit http://approx wheezy/updates Release.gpg 


Hit http://approx wheezy Release
Get:2 http://approx wheezy-updates Release [124 kB]
Err http://approx wheezy-updates Release 



Hit http://approx wheezy/updates Release 
2015-03-22 08:52:02 root@i72600s ~

# apt-get update
Hit http://approx wheezy Release.gpg
Get:1 http://approx wheezy-updates Release.gpg [836 B]
Hit http://approx wheezy/updates Release.gpg 


Hit http://approx wheezy Release
Get:2 http://approx wheezy-updates Release [124 kB]
Err http://approx wheezy-updates Release 



Hit http://approx wheezy/updates Release 


Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://approx wheezy/main Translation-en
Hit http://approx wheezy/updates/main Translation-en
Hit http://approx wheezy/main Sources
Hit http://approx wheezy/main amd64 Packages
Hit http://approx wheezy/updates/main Sources
Hit http://approx wheezy/updates/main amd64 Packages
Fetched 125 kB in 2s (47.1 kB/s)
Reading package lists... Done
W: A error occurred during the signature verification. The repository is 
not updated and the previous index files will be used. GPG error: 
http://approx wheezy-updates Release: The following signatures were 
invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key 
(7.0/wheezy) ftpmas...@debian.org


W: Failed to fetch http://approx:/debian/dists/wheezy-updates/Release

W: Some index files failed to download. They have been ignored, or old 
ones used instead.



Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://approx wheezy/main Translation-en
Hit http://approx wheezy/updates/main Translation-en
Hit http://approx wheezy/main Sources
Hit http://approx wheezy/main amd64 Packages
Hit http://approx wheezy/updates/main Sources
Hit http://approx wheezy/updates/main amd64 Packages
Fetched 125 kB in 2s (47.1 kB/s)
Reading package lists... Done
W: A error occurred during the signature verification. The repository is 
not updated and the previous index files will be used. GPG error: 
http://approx wheezy-updates Release: The following signatures were 
invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key 
(7.0/wheezy) ftpmas...@debian.org


W: Failed to fetch http://approx:/debian/dists/wheezy-updates/Release

W: Some index files failed to download. They have been ignored, or old 
ones used instead.



2015-03-22 08:57:42 root@i72600s ~
# egrep -v '#' /etc/apt/sources.list
deb http://approx:/debian/  wheezy  main
deb http://ftp.us.debian.org/debian/wheezy-backportsmain
deb http://approx:/debian/  wheezy-updates  main
deb http://approx:/security/wheezy/updates  main
deb-src http://approx:/debian/  wheezy  main
deb-src http://approx:/debian/  wheezy-updates  main
deb-src http://approx:/security/wheezy/updates  main


2015-03-22 08:58:37 root@i72600s ~
# egrep -v '#' /etc/approx/approx.conf | grep .
debian  http://ftp.us.debian.org/debian/
securityhttp://security.debian.org/debian-security/


Is there a problem with my local Apt configuration, local Approx server, 
remote Apt mirror, or something else?



TIA,

David


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550ee76a.9040...@holgerdanske.com

Re: Algo raro con las memorias flash y Debian 7 LXDE

[Camaleón]

El Sat, 21 Mar 2015 19:50:17 -0400, cpp escribió:

 Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo
 Debian 7 LXDE. 

 Todo muy bien, solo un detalle, por ejemplo, cuando un
 usuario inserta una memoria flash o pendrive por vez primera y luego la
 retira, al insertar otra memoria diferente, pues le sale la información
 de la primera que retiró o anterior. 

(...)

Es imposible que tenga acceso a los datos de un dispositivo que ya no 
está conectado al sistema :-?

¿O a qué información te refieres, exactamente?

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.22.16.15...@gmail.com

Re: sound vanished with a reboot?

[Lisi Reisz]

On Sunday 22 March 2015 09:12:51 Ric Moore wrote:
 On 03/22/2015 02:41 AM, Lisi Reisz wrote:
  On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
  On 03/21/2015 10:12 PM, Gene Heskett wrote:
  Greetings audio guru's;
 
  All sound Except the new mail beep from kmail, vanished with the first
  reboot after 20 days uptime while dinking around with what was sold to
  me as a new 2Tb Toshiba drive, but which did not turn out to be a
  sealed box.  I do not think its related.
 
  Pursuant to someones suggestions, I installed pavuctl and pavumeter
  this morning early, but according to synaptic, that is the extent of
  the pulse install, no other pulse stuff is seen as installed by
  synaptic.  And of coarse, they don't work, no server.
 
  KDE has it's own notion of sound. Good luck! :0 Ric
 
  Gene is using TDE now.

 But he uses kmail. I bet it drug phonon, the KDE sound manager, into his
 mix.

No, he uses KMail-Trinity.  I'd be very surprised if it dragged in anything 
from KDE4.  I have kmail-trinity.

lisi@Tux-II:~$ aptitude show phonon
Package: phonon
State: not installed
Multi-Arch: same
Version: 4:4.6.0.0-3
Priority: optional
Section: sound
Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
Architecture: amd64

If Gene has phonon it is a hangover from KDE4 and nothing to do with his 
present kmail-trinity.

  You don't mention it, Gene, but what about pulseaudio itself?

 he's not running the pulse server, he said. :) Ric

My point was, without pulseaudio what use is pavucontrol?  Why install 
pavucontrol when it is useless without pulseaudio?

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503221633.34339.lisi.re...@gmail.com

Another problem is getting old

[Gene Heskett]

Greetings, iceweasal guru's;

Still the wheezy based install here.

What is the cause of my getting a refusal to go  look at what is supposed 
to be a news story, by iceweasal?

Instead of going to the link, its an error 413 Request entity too large

There does not seem to be a likely candidate setting in about:config, 
nothing I see in the search results looks to be relevant.

Any idea how to fix that, or do I have to install firefox from the get 
firefox site?

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503221244.30044.ghesk...@wdtv.com

Re: searching for a structure viewer tool

[Fabrizio Carrai]

Maybe you can have a look at this wikipedia page:
http://en.wikipedia.org/wiki/Comparison_of_hex_editors

--
F.

2015-03-20 18:26 GMT+01:00 Sergey Spiridonov s...@hurd.homeunix.org:

 Hi

 On 20/03/15 17:50, Renaud (Ron) OLGIATI wrote:

  I am looking for a tool which will allow to describe binary structure,
  some thing like

  COBOL ?

 Well, it exists in Debian (as well as perl and gcc), but I will prefer
 something more specialized.

 --
 Sergey



 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive: https://lists.debian.org/vq1utb-vuu@legba.gamic.com




-- 
*Fabrizio*

Re: sound vanished with a reboot?

[Gene Heskett]

On Sunday 22 March 2015 12:33:34 Lisi Reisz wrote:
 On Sunday 22 March 2015 09:12:51 Ric Moore wrote:
  On 03/22/2015 02:41 AM, Lisi Reisz wrote:
   On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
   On 03/21/2015 10:12 PM, Gene Heskett wrote:
   Greetings audio guru's;
  
   All sound Except the new mail beep from kmail, vanished with the
   first reboot after 20 days uptime while dinking around with what
   was sold to me as a new 2Tb Toshiba drive, but which did not
   turn out to be a sealed box.  I do not think its related.
  
   Pursuant to someones suggestions, I installed pavuctl and
   pavumeter this morning early, but according to synaptic, that is
   the extent of the pulse install, no other pulse stuff is seen as
   installed by synaptic.  And of coarse, they don't work, no
   server.
  
   KDE has it's own notion of sound. Good luck! :0 Ric
  
   Gene is using TDE now.
 
  But he uses kmail. I bet it drug phonon, the KDE sound manager, into
  his mix.

 No, he uses KMail-Trinity.  I'd be very surprised if it dragged in
 anything from KDE4.  I have kmail-trinity.

 lisi@Tux-II:~$ aptitude show phonon
 Package: phonon
 State: not installed
 Multi-Arch: same
 Version: 4:4.6.0.0-3
 Priority: optional
 Section: sound
 Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
 Architecture: amd64

 If Gene has phonon it is a hangover from KDE4 and nothing to do with
 his present kmail-trinity.

   You don't mention it, Gene, but what about pulseaudio itself?
 
  he's not running the pulse server, he said. :) Ric

 My point was, without pulseaudio what use is pavucontrol?  Why install
 pavucontrol when it is useless without pulseaudio?

Someone suggested it, and I was a sucker. :)  Both have now been excised, 
no effect that I can hear.  But iceweasal is frozen again, the *%$ back 
button does NOT work on cbsnews.com.  Everyone but bbcnews is playing 
with your controls, and cbs seems to be the worst offender. When it 
refuses to go back, sometimes closing the tab works, occasionally the 
close button on the browser works, but I keep a root exec'd copy of htop 
running just so I can have the last word.  And I have to use it about 
25% of the time to exit iceweasal.  But that problem is a separate 
thread Request Entity too Large.  No clue it its related, but get 
firefox will get a visit soon if I can't get this under control.

 Lisi

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503221259.09709.ghesk...@wdtv.com

Re: searching for a structure viewer tool

[Sergey Spiridonov]

Hi

On 20.03.2015 15:56, Sergey Spiridonov wrote:


If found such a tool exists for MS Windows [1]. I remember there was
similar for MS DOS. Is there something like that for the Debian GNU/Linux?


[1]
http://www.hexworkshop.com/onlinehelp/500/html/idhelp_struct_overview.htm


Here [1] is similar tool written by author of HIEW for MS-DOS. You can 
run it in dosbox:


[1] ftp://ftp.sac.sk/sac/utilprog/stl430.zip

--
Best regards, Sergey Spiridonov



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/memsb5$af6$1...@ger.gmane.org

Re: Mostrar imagen en monitor con cable HDMI no da pie con bola

[Manolo Díaz]

El domingo, 22 mar 2015, a las 17:46 UTC+1 horas,
Miguel Matos escribió:

[...]

Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué:
había que inicar la sesión Debian con el cable conectado. ¿Todo bien?
No lo creo. En lo que escribo esto estoy viendo una serie en calidad
HD, pero, sólo suena en la laptop, en la tele nada de nada. ¿Qué no se
habrá configurado bien?

Yo veo dos posibilidades:

1. La tarjeta gráfica es compatible con audio. Solo tiene que
seleccionarla como dispositivo de salida de audio. Puedes hacerlo como
configuración de sistema o de cliente. Por ejemplo: con vlc selecciono
Audio - Dispositivo de audio - HDMI. lspci te dice si es tu caso.

2. Tu gráfica no es compatible con audio. Vas a necesitar un cable
desde la salida de audio (auriculares, por ejemplo) hasta la entrada de
audio de tu televisor, si existe tal. Otra opción es seguir como hasta
ahora.

Saludos.
-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150322183057.7df30...@gmail.com

Debian LTS (era [BUG]Shellshock)

[Antonio Terceiro]

On Sun, Mar 22, 2015 at 10:35:35AM -0300, Rodrigo Cunha wrote:
 Srs, encontrei este erro no meu laboratorio com Debian 6.
 Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar
 porque sei que existem muitos servidores que não tem uma atualização
 sistematica do S/O e como estamos com O debian 7.
 Segundo o texto que li, ele permite que via protocolos distintos podem ser
 enviados comandos remotos para o seu server/desktop.
 
 
 root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
 vulneravel
 root@DEB-TEST:~# cat /etc/issue
 Debian GNU/Linux 6.0 \n \l
 
 root@DEB-TEST:~# uname -a
 Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
 GNU/Linux
 root@DEB-TEST:~#

Quem ainda estiver rodando squeeze deve adicionar o repositório
squeeze-lts, que fornece updates de segurança para a oldstable por mais
tempo ainda depois do final do período de suporte de segurança normal (1
ano depois do lançamento da próxima stable):

https://wiki.debian.org/LTS

Esse problema de segurança do bash por exemplo já está corrigido para o
squeeze desde setembro do ano passado:

https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html
http://metadata.ftp-master.debian.org/changelogs//main/b/bash/bash_4.1-3+deb6u2_changelog

-- 
Antonio Terceiro terce...@debian.org


signature.asc
Description: Digital signature

Re: [BUG]Shellshock

[Thiago Zoroastro]

Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
com gNewSense e com algumas dúvidas

Coloquei no terminal:
root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
vulneravel
root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
unvulneravel
root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
unvulneravel

Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:

deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
main
deb http://ftp.de.debian.org/debian squeeze main


## LTS
deb http://http.debian.net/debian/ squeeze-lts main
deb-src http://http.debian.net/debian/ squeeze-lts main

deb http://http.debian.net/debian/ squeeze main
deb-src http://http.debian.net/debian/ squeeze main

deb http://http.debian.net/debian squeeze-lts main
deb-src http://http.debian.net/debian squeeze-lts main
# LTS

# deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
Binary 20140205-19:57]/ parkes main

# deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
Binary 20140205-19:57]/ parkes main

# Line commented out by installer because it failed to verify:
deb http://archive.gnewsense.org/gnewsense-three/gnewsense
parkes-security main
# Line commented out by installer because it failed to verify:
deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
parkes-security main

# parkes-updates, previously known as 'volatile'
# A network mirror was not selected during install.  The
following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
#
deb http://ftp.debian.org/debian/ parkes-updates main
deb-src http://ftp.debian.org/debian/ parkes-updates main

deb http://backports.debian.org/debian-backports
squeeze-backports main
deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
deb http://mozilla.debian.net/ squeeze-backports icedove-esr
# deb http://debian.net/debian experimental main
# deb http://mozilla.debian.net/ experimental iceweasel-beta


Então faço apt-get update e apt-get upgrade e ele me oferece

164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
removidos e 46 não atualizados.
É preciso baixar 172 MB de arquivos.
Depois desta operação, 51,9 MB de espaço em disco serão liberados.


Posso e devo atualizar sem medo?
Como sempreatualizei o gNewSense, então posso ter atualizado para o
necessário antes. Como posso ver se o pacote instalado é o vulnerável,
como era possível ver o do OpenSSL?

Att.

On 22-03-2015 10:35, Rodrigo Cunha wrote:
 Srs, encontrei este erro no meu laboratorio com Debian 6.
 Li no facebook que isso é um bug do bash.O Shellshock, pensei em
 divulgar porque sei que existem muitos servidores que não tem uma
 atualização sistematica do S/O e como estamos com O debian 7.
 Segundo o texto que li, ele permite que via protocolos distintos podem
 ser enviados comandos remotos para o seu server/desktop.


 root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
 vulneravel
 root@DEB-TEST:~# cat /etc/issue
 Debian GNU/Linux 6.0 \n \l

 root@DEB-TEST:~# uname -a
 Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
 GNU/Linux
 root@DEB-TEST:~#


 -- 
 Atenciosamente,
 Rodrigo da Silva Cunha

Re: [BUG]Shellshock

[P. J.]

Que mistureba...

Mas com relação ao bug veja qual versão do bash é a vulnerável e qual
está instalada na sua máquina... assimo como os pacotes do referentes
ao SSL... procure no google, sites com CVE's por exemplo, ou na parte
de segurança do debian no seu site...

[  ] 's

Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu:
 Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
 com gNewSense e com algumas dúvidas

 Coloquei no terminal:
 root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
 vulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
 unvulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
 unvulneravel

 Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:

 deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
 main
 deb http://ftp.de.debian.org/debian squeeze main


 ## LTS
 deb http://http.debian.net/debian/ squeeze-lts main
 deb-src http://http.debian.net/debian/ squeeze-lts main

 deb http://http.debian.net/debian/ squeeze main
 deb-src http://http.debian.net/debian/ squeeze main

 deb http://http.debian.net/debian squeeze-lts main
 deb-src http://http.debian.net/debian squeeze-lts main
 # LTS

 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main

 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main

 # Line commented out by installer because it failed to verify:
 deb http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main
 # Line commented out by installer because it failed to verify:
 deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main

 # parkes-updates, previously known as 'volatile'
 # A network mirror was not selected during install.  The
 following entries
 # are provided as examples, but you should amend them as
 appropriate
 # for your mirror of choice.
 #
 deb http://ftp.debian.org/debian/ parkes-updates main
 deb-src http://ftp.debian.org/debian/ parkes-updates main

 deb http://backports.debian.org/debian-backports
 squeeze-backports main
 deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
 deb http://mozilla.debian.net/ squeeze-backports icedove-esr
 # deb http://debian.net/debian experimental main
 # deb http://mozilla.debian.net/ experimental iceweasel-beta


 Então faço apt-get update e apt-get upgrade e ele me oferece

 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
 removidos e 46 não atualizados.
 É preciso baixar 172 MB de arquivos.
 Depois desta operação, 51,9 MB de espaço em disco serão liberados.


 Posso e devo atualizar sem medo?
 Como sempreatualizei o gNewSense, então posso ter atualizado para o
 necessário antes. Como posso ver se o pacote instalado é o vulnerável,
 como era possível ver o do OpenSSL?

 Att.

 On 22-03-2015 10:35, Rodrigo Cunha wrote:
 Srs, encontrei este erro no meu laboratorio com Debian 6.
 Li no facebook que isso é um bug do bash.O Shellshock, pensei em
 divulgar porque sei que existem muitos servidores que não tem uma
 atualização sistematica do S/O e como estamos com O debian 7.
 Segundo o texto que li, ele permite que via protocolos distintos podem
 ser enviados comandos remotos para o seu server/desktop.


 root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
 vulneravel
 root@DEB-TEST:~# cat /etc/issue
 Debian GNU/Linux 6.0 \n \l

 root@DEB-TEST:~# uname -a
 Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
 GNU/Linux
 root@DEB-TEST:~#


 --
 Atenciosamente,
 Rodrigo da Silva Cunha





-- 
|  .''`.   A fé não dá respostas. Só impede perguntas.
| : :'  :
| `. `'`
|   `-   Je vois tout


--
To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cacnf0pjnzdgcwu1h-_gv_rfdymrf80kmhbqudykkssqujep...@mail.gmail.com

Re: samba casero en solo lectura

[Camaleón]

El Sun, 22 Mar 2015 08:50:17 -0300, Gonzalo Rivero escribió:

 El sáb, 21-03-2015 a las 15:14 +, Camaleón escribió:

(...)

 Intenta identificarte en smblclient como guest para ver qué te dice,
 o en su defecto, configurar/mapear los usuarios windows como usuarios
 samba/
 del sistema y configurando expresamente los permisos de acceso a los
 recursos para esos usuarios.
 
  Supongo que esta versión de samba se pusieron mas estrictos (y deb
 -changes no me dijo nada al respecto) y ahora debo agregar cosas como
  write users, valid users y tal
 
 No sé, me parece un cambio demasiado radical que además va contra el
 sentido común ya que existe mayor exposición dando permisos de
 escritura a los recursos ¿no crees?
 
 no. En realidad antes, cualquiera que esté en mi lan puede conectarse a
 mi smb con permisos de escritura (no tan así porque necesitaban entrar
 con un usuario y contraseña a su respectivo sistema).

Para eso está el usuario guest y el tipo de permisos que otorues sobre 
los recursos. Cosa a aparte es que lo quieras usar o no, pero ese tipo de 
autentificación es posible usarla. Y no es lo mismo tener permisos de 
acceso (lectura) que poder eliminar archivos (escritura).

 Ahora tuve que decirle que usuarios tienen permiso de escritura  (con
 valid users y write list), y volvió a funcionar para la parte de
 archivos. 

Pues mala cosa. ¿No probaste la autentificación vía smblient como guest?

 Me resta ver que debo agregar a la impresora compartida para
 que puedan usarla

Pues aquí lo tienes:

https://wiki.samba.org/index.php/Samba_as_a_print_server

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.22.16.07...@gmail.com

Re: [BUG]Shellshock

[Rodrigo Cunha]

Solução,
adicione os repositorios :
deb http://ftp.br.debian.org/debian/ wheezy main
deb-src http://ftp.br.debian.org/debian/ wheezy main
Executei:
sudo apt-get update
sudo apt-get install --only-upgrade bash gcc-4.4

Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com escreveu:

 Que mistureba...

 Mas com relação ao bug veja qual versão do bash é a vulnerável e qual
 está instalada na sua máquina... assimo como os pacotes do referentes
 ao SSL... procure no google, sites com CVE's por exemplo, ou na parte
 de segurança do debian no seu site...

 [  ] 's

 Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu:
  Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
  com gNewSense e com algumas dúvidas
 
  Coloquei no terminal:
  root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
  vulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
  unvulneravel
  root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
  unvulneravel
 
  Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:
 
  deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
  main
  deb http://ftp.de.debian.org/debian squeeze main
 
 
  ## LTS
  deb http://http.debian.net/debian/ squeeze-lts main
  deb-src http://http.debian.net/debian/ squeeze-lts main
 
  deb http://http.debian.net/debian/ squeeze main
  deb-src http://http.debian.net/debian/ squeeze main
 
  deb http://http.debian.net/debian squeeze-lts main
  deb-src http://http.debian.net/debian squeeze-lts main
  # LTS
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
  Binary 20140205-19:57]/ parkes main
 
  # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
  Binary 20140205-19:57]/ parkes main
 
  # Line commented out by installer because it failed to verify:
  deb http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
  # Line commented out by installer because it failed to verify:
  deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
  parkes-security main
 
  # parkes-updates, previously known as 'volatile'
  # A network mirror was not selected during install.  The
  following entries
  # are provided as examples, but you should amend them as
  appropriate
  # for your mirror of choice.
  #
  deb http://ftp.debian.org/debian/ parkes-updates main
  deb-src http://ftp.debian.org/debian/ parkes-updates main
 
  deb http://backports.debian.org/debian-backports
  squeeze-backports main
  deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
  deb http://mozilla.debian.net/ squeeze-backports icedove-esr
  # deb http://debian.net/debian experimental main
  # deb http://mozilla.debian.net/ experimental iceweasel-beta
 
 
  Então faço apt-get update e apt-get upgrade e ele me oferece
 
  164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
  removidos e 46 não atualizados.
  É preciso baixar 172 MB de arquivos.
  Depois desta operação, 51,9 MB de espaço em disco serão
 liberados.
 
 
  Posso e devo atualizar sem medo?
  Como sempreatualizei o gNewSense, então posso ter atualizado para o
  necessário antes. Como posso ver se o pacote instalado é o vulnerável,
  como era possível ver o do OpenSSL?
 
  Att.
 
  On 22-03-2015 10:35, Rodrigo Cunha wrote:
  Srs, encontrei este erro no meu laboratorio com Debian 6.
  Li no facebook que isso é um bug do bash.O Shellshock, pensei em
  divulgar porque sei que existem muitos servidores que não tem uma
  atualização sistematica do S/O e como estamos com O debian 7.
  Segundo o texto que li, ele permite que via protocolos distintos podem
  ser enviados comandos remotos para o seu server/desktop.
 
 
  root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false'
  vulneravel
  root@DEB-TEST:~# cat /etc/issue
  Debian GNU/Linux 6.0 \n \l
 
  root@DEB-TEST:~# uname -a
  Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686
  GNU/Linux
  root@DEB-TEST:~#
 
 
  --
  Atenciosamente,
  Rodrigo da Silva Cunha
 
 
 


 --
 |  .''`.   A fé não dá respostas. Só impede perguntas.
 | : :'  :
 | `. `'`
 |   `-   Je vois tout


 --
 To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive:
 https://lists.debian.org/cacnf0pjnzdgcwu1h-_gv_rfdymrf80kmhbqudykkssqujep...@mail.gmail.com




-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: Mostrar imagen en monitor con cable HDMI no da pie con bola

[Camaleón]

El Sun, 22 Mar 2015 12:16:34 -0430, Miguel Matos escribió:

 El día 20 de marzo de 2015, 10:14, Camaleón noela...@gmail.com
 escribió:

(...)

 Además de indicarnos lo que te pregunta Carlos (tarjeta y driver usado)
 manda la salida de xrandr -q con la conexión HDMI conectada,
 obviamente, a ver qué dice.

 A vr...:
 
 $ xrandr -q 

(...)

 HDMI1 connected 1024x768+1280+32 (normal left inverted right x axis y
 axis) 747mm x 420mm
1360x768   60.0 +

(...)

Ahí se ven dos resoluciones diferentes, seguramente la TV permita la de 
1360x768 aunque esté configurada con 1024x768. Seguramente podrás 
cambiarlo o bien manualmente (con xrandr) o a través de algún aplicativo 
gráfico.

 Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué:
 había que inicar la sesión Debian con el cable conectado. 

Si mal no recuerdo la conexión HDMI permite conexiones en caliente así 
que eso no debería ser un problema. Cosa aparte es que Xorg se entere de 
lo que haces.

 ¿Todo bien? No lo creo. En lo que escribo esto estoy viendo una serie
 en calidad HD, pero, sólo suena en la laptop, en la tele nada de nada.
 ¿Qué no se habrá configurado bien?

Pues te faltará decirle al sistema que use la tarjeta de sonido HDMI para 
sacar el audio por ahí pero deberías preguntarlo mejor en otro hilo para 
no mezclar las cosas.

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.22.17.45...@gmail.com

NetInstaller Wheezy (7.8) on ASUS M4A78A-M/CSM does not see SATA HDDs

[Snow Leopard]

Hi,

I am attempting to netinstall Wheezy (7.8) on a computer with ASUS 
M4A785-M/CSM mainboard (BIOS was updated to most recent version 2302 
2011/03/18)  and WD 2TB SATA HDD.


Netnstaller requires network driver (rtl_nic) which I provided on USB 
drive and the installer gained network access.


But netinstaller does not see SATA HDDs (tried SATA in  both IDE / AHCI 
BIOS mode settings -- HDD WD20).


Please nudge me in right direction what should be done on my part to 
make netinstaller to be able see SATA hard drives.


Thank you in advance
Andy

 lspci (IDE mode) 
---

00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge
00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI 
bridge (PCIE port 5)
00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 SATA Controller [IDE mode]
00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus 
Controller (rev 3c)
00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 IDE Controller
00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia 
(Intel HDA)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 LPC host controller
00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to 
PCI Bridge
00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Link Control
01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI 
RS880 [Radeon HD 4200]
01:05.1 Audio device: Advanced Micro Devices [AMD] nee ATI RS880 HDMI 
Audio [Radeon HD 4200 Series]
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
03:06.0 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 
Controller (rev 61)
03:06.1 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 
Controller (rev 61)

03:06.2 USB controller: VIA Technologies, Inc. USB 2.0 (rev 63)
03:06.3 FireWire (IEEE 1394): VIA Technologies, Inc. VT6306/7/8 [Fire 
II(M)] IEEE 1394 OHCI Controller (rev 46)



 ouput lspci (AHCI mode) 
--

00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge
00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI 
bridge (PCIE port 5)
00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode]
00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus 
Controller (rev 3c)
00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 IDE Controller
00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia 
(Intel HDA)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 LPC host controller
00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to 
PCI Bridge
00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h 

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Sven Hartge]

Mimiko vbv...@gmail.com wrote:

 I did some test today to with tcpdump. It's realy strange. First I
 uninstalled vlan. Configured all again. using tcpdump I saw it was
 sending packets. But at first it didn't want to work.

 I added 8021q to /etc/modules, rebooted server and as I wrote: ping
 works, ftp works, but not http.

Which is very very strange. If FTP works, which is a TCP-based protocol
like HTTP, then HTTP should work as well. FTP, with its two connections
(control and data) being a much bigger pain in the ass to a) firewall
and b) masquerade, is normally the procotol which does not work in a
complex setup.

 The strange thing that as soon I am doing `tcpdump -i eth1 -ne`, where
 eth1 is the interface to the internet and vlan configured, http starts
 working. So in a start up script I've put:

 timeout 1 tcpdump -i eth1 -ne

You can use something like ip link set dev $DEVICE promisc on so
toggle that, no need to run a tcpdump in the background.

 Its strange that this is needed to start web to work.

 I think its not wright this. Is this tipical?

No, this is not typical.

Something smells fishy here. Forcing a device into promiscuous to get it
working in my book normally indicates a problem with the driver (or the
hardware).

For example I once had a problem with the via-velocity network driver
and IPv6, which only started working once I put the device into
promiscuous mode because the driver did not correctly configure the
hardware for multicasts.

What kind of network card and kernel version do you use? 

Please show the unmodified (!) output from

ip route show
ip link show
ip rule show
iptables -v -L

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/ibfpo3mro...@mids.svenhartge.de

[SOLVED] Re: [BUG]Shellshock

[Thiago Zoroastro]

* Retirei linhas duplicadas que acabei colocando no sources.list quando
copiei o que estava nas páginas do Debian-LTS;
* Apliquei # apt-get update  apt-get install bash (gcc-4.4 já estava
instalado)
* Agora o comando que o Rodrigo Cunha apresentou não retorna mais a
resposta de 'vulneravel' nem outras respostas quando mudo o comando.

Resolvido o problema que ele alertou. Aliás, já havia ouvido falar do
shellshock, mas ainda não tinha seguido a solução, embora estivesse
atualizando o gNewSense regularmente.

Obrigado,
Att.

On 22-03-2015 15:10, Rodrigo Cunha wrote:
 Na verdade você alterou apenas a string texto da linha, a função
 desta string, neste contexto.É informar um resultado obtido através de
 um teste.
 env x='() { :;};
 Ele depende do resultado desta parte da linha para executar ou não o
 echo vulneravel'



 Em 22 de março de 2015 15:02, Thiago Zoroastro
 thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br
 escreveu:

 Sim eu havia feito isso desde que você havia colocado esta linha.

 Daí coloquei na lista com 'unvulneravel' e ele sai 'unvulneravel'.
 Quer dizer, ele sai o que você colocar ali

 É claro que com 'vulneravel' e ele aparece 'vulneravel'. Vou
 colocar denovo:

 # env x='() { :;}; echo vulneravel' bash -c 'false'
 vulneravel
 # env x='() { :;}; echo unvulneravel' bash -c 'false'
 unvulneravel
 # env x='() { :;}; echo unvulneravel' bash -c 'true'
 unvulneravel
 # env x='() { :;}; echo vulneravel' bash -c 'true'
 vulneravel

 Sou bastante leigo, mas duvido de muita coisa, então eu testo
 antes de tirar conclusões. Porque é que ele seria vulneravel se
 trocar a palavra, troca o 'resultado' também?

 Se bem que você deve ter atualizado e colocado o mesmo comando e
 saiu um 'resultado' diferente. Desculpa a teimosia.
  
  
 Thiago Zoroastro
  www.participa.br/thiagozoroastro
 http://www.participa.br/thiagozoroastro
 www.blogoosfero.cc/thiagozoroastro
 http://www.blogoosfero.cc/thiagozoroastro


 

 *De:* rodrigo.root...@gmail.com mailto:rodrigo.root...@gmail.com
 *Enviada:* Domingo, 22 de Março de 2015 14:49
 *Para:* thiago.zoroas...@bol.com.br
 mailto:thiago.zoroas...@bol.com.br
 *Assunto:* [BUG]Shellshock

 Joga essa linha de comando no sei bash :
 env x='() { :;}; echo vulneravel' bash -c 'false'
 Se o output for :
 vulneravel
 Você está com o bash bugado.

 Em 22 de março de 2015 14:33, Thiago Zoroastro
 thiago.zoroas...@bol.com.br
 http://../../../undefined//compose?to=thiago.zoroas...@bol.com.br
 escreveu:

 Olha isso

 # bash --version
 GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
 Copyright (C) 2009 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 http://gnu.org/licenses/gpl.html
 http://gnu.org/licenses/gpl.html

 This is free software; you are free to change and
 redistribute it.
 There is NO WARRANTY, to the extent permitted by law.


 No repositório do gNewSense está como nenhum pacote para ser
 atualizado. Como verifico a vulnerabilidade? Como posso saber
 se este bash está vulnerável?

 Att.




 On 22-03-2015 13:32, Rodrigo Cunha wrote:

 O bash 4.1  Tinha essa vulnerabilidade, fiz o upgrade
 para o 4.2.37 e agora não tem mais a vulnerabilidade.
 Fiquei curioso de como eu poderia explorar esta
 vulnerabilidade em meu ambiente de laboratorio para fins
 academicos, isso poderia render um bom artigo para a
 comunidade de SLivre, principalmente se conseguíssemos 
 demostrar os perigos na pratica.

 Em 22 de março de 2015 13:28, Rodrigo Cunha
 rodrigo.root...@gmail.com
 http://../../../undefined//compose?to=rodrigo.root...@gmail.com
 escreveu:

 Solução,
 adicione os repositorios :
 deb http://ftp.br.debian.org/debian/ wheezy main
 deb-src http://ftp.br.debian.org/debian/ wheezy main
 Executei:
 sudo apt-get update
 sudo apt-get install --only-upgrade bash gcc-4.4

 Em 22 de março de 2015 13:26, P. J.
 pjotam...@gmail.com
 
 http://../../../undefined//compose?to=pjotam...@gmail.comescreveu:


 Que mistureba...

 Mas com relação ao bug veja qual versão do bash é
 a vulnerável e qual
 está instalada na sua máquina... assimo como os
 pacotes do referentes
   

Re: Another problem is getting old

[Gene Heskett]

On Sunday 22 March 2015 14:12:24 Brian wrote:
 On Sun 22 Mar 2015 at 12:44:30 -0400, Gene Heskett wrote:
  Greetings, iceweasal guru's;
 
  Still the wheezy based install here.
 
  What is the cause of my getting a refusal to go  look at what is
  supposed to be a news story, by iceweasal?
 
  Instead of going to the link, its an error 413 Request entity too
  large

 You forgot to give the URL of the page.

CBS in particular are hiding it, so I never see the url long enough to 
even menally snashot it.

 Aspirant gurus have been known to do a search with firefox 413
 Request entity too large when seeking a solution.

I did do that, but iceweasal does not have the line that was suggested to 
be edited in its about:config.  It was also a couple weeks back when I 
did that search, so I'll look again.

Now the fix is purported to be entirely the servers fault.  I'll see if I 
can scrape up a phone number to call them with tomorrow.  I do have some 
connections I can lean on, having been in BC engineering since late '63, 
the last 30 being at CBS affiliate. :)

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503221646.51071.ghesk...@wdtv.com

Re: [SOLVED] Re: [BUG]Shellshock

[Thiago Zoroastro]

Valeu por mais esta dica do site shelshocker.net

Se não tiver o curl instalado, como foi aqui, é só instalar
# apt-get install curl

Teste:
# curl https://shellshocker.net/shellshock_test.sh | bash
  % Total% Received % Xferd  Average Speed   TimeTime Time 
Current
 Dload  Upload   Total   SpentLeft 
Speed
100  2632  100  26320 0898  0  0:00:02  0:00:02
--:--:--   917
CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014- (exploit 3 on http://shellshocker.net/): not vulnerable


On 22-03-2015 16:27, Roberval Lustosa wrote:

 Esse site ajuda bastante.

 https://shellshocker.net/

 Em 22/03/2015 16:22, Thiago Zoroastro thiago.zoroas...@bol.com.br
 mailto:thiago.zoroas...@bol.com.br escreveu:

 * Retirei linhas duplicadas que acabei colocando no sources.list
 quando copiei o que estava nas páginas do Debian-LTS;
 * Apliquei # apt-get update  apt-get install bash (gcc-4.4 já
 estava instalado)
 * Agora o comando que o Rodrigo Cunha apresentou não retorna mais
 a resposta de 'vulneravel' nem outras respostas quando mudo o comando.

 Resolvido o problema que ele alertou. Aliás, já havia ouvido falar
 do shellshock, mas ainda não tinha seguido a solução, embora
 estivesse atualizando o gNewSense regularmente.

 Obrigado,
 Att.

 On 22-03-2015 15:10, Rodrigo Cunha wrote:
 Na verdade você alterou apenas a string texto da linha, a
 função desta string, neste contexto.É informar um resultado
 obtido através de um teste.
 env x='() { :;};
 Ele depende do resultado desta parte da linha para executar ou
 não o echo vulneravel'



 Em 22 de março de 2015 15:02, Thiago Zoroastro
 thiago.zoroas...@bol.com.br
 mailto:thiago.zoroas...@bol.com.br escreveu:

 Sim eu havia feito isso desde que você havia colocado esta linha.

 Daí coloquei na lista com 'unvulneravel' e ele sai
 'unvulneravel'. Quer dizer, ele sai o que você colocar ali

 É claro que com 'vulneravel' e ele aparece 'vulneravel'. Vou
 colocar denovo:

 # env x='() { :;}; echo vulneravel' bash -c 'false'
 vulneravel
 # env x='() { :;}; echo unvulneravel' bash -c 'false'
 unvulneravel
 # env x='() { :;}; echo unvulneravel' bash -c 'true'
 unvulneravel
 # env x='() { :;}; echo vulneravel' bash -c 'true'
 vulneravel

 Sou bastante leigo, mas duvido de muita coisa, então eu testo
 antes de tirar conclusões. Porque é que ele seria vulneravel
 se trocar a palavra, troca o 'resultado' também?

 Se bem que você deve ter atualizado e colocado o mesmo
 comando e saiu um 'resultado' diferente. Desculpa a teimosia.
  
  
 Thiago Zoroastro
  www.participa.br/thiagozoroastro
 http://www.participa.br/thiagozoroastro
 www.blogoosfero.cc/thiagozoroastro
 http://www.blogoosfero.cc/thiagozoroastro


 
 

 *De:* rodrigo.root...@gmail.com
 mailto:rodrigo.root...@gmail.com
 *Enviada:* Domingo, 22 de Março de 2015 14:49
 *Para:* thiago.zoroas...@bol.com.br
 mailto:thiago.zoroas...@bol.com.br
 *Assunto:* [BUG]Shellshock

 Joga essa linha de comando no sei bash :
 env x='() { :;}; echo vulneravel' bash -c 'false'
 Se o output for :
 vulneravel
 Você está com o bash bugado.

 Em 22 de março de 2015 14:33, Thiago Zoroastro
 thiago.zoroas...@bol.com.br
 http://../../../undefined//compose?to=thiago.zoroas...@bol.com.br
 escreveu:

 Olha isso

 # bash --version
 GNU bash, version 4.1.5(1)-release
 (i486-pc-linux-gnu)
 Copyright (C) 2009 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 http://gnu.org/licenses/gpl.html
 http://gnu.org/licenses/gpl.html

 This is free software; you are free to change and
 redistribute it.
 There is NO WARRANTY, to the extent permitted by law.


 No repositório do gNewSense está como nenhum pacote para
 ser atualizado. Como verifico a vulnerabilidade? Como
 posso saber se este bash está vulnerável?

 Att.




 On 22-03-2015 13:32, Rodrigo Cunha wrote:

 O bash 4.1  Tinha essa vulnerabilidade, fiz o
  

Re: sound vanished with a reboot?

[Gene Heskett]

On Sunday 22 March 2015 14:24:23 Joe wrote:
 On Sun, 22 Mar 2015 09:16:58 -0400

 Gene Heskett ghesk...@wdtv.com wrote:
  My hearings direction finder isn't as good as it was even 20 years
  ago, and it was just last night that I discovered the kmail beep
  isn't mono on center, its either the pc's own speaker, or right
  channel only, and I strongly suspect its the pc's own speaker that
  is making the incoming mail beep.  From where I sit, the direction
  of the right speaker and the pc's speaker are in line but one is on
  the table and one is under the table.

 Most single-pitch sounds aren't directional inside a room, just move
 your ears around a few feet and see how many different directions you
 hear it from. You're hearing the standing wave pattern set up between
 the walls, and 'loudest is where it's coming from' gets fooled.

 I once spent several hours trying to find out why my server had
 started beeping for a minute at midnight, quite loudly. Cron and
 anacron seemed innocent, but *something* was causing it. I tried
 software disabling the internal speaker, no good.

 Eventually I tried standing in front of the server at the witching
 hour, with the door open, hoping to get a directional fix on the beep.
 I did... it was coming from the nearby weather station, which unknown
 to me had two alarms, which were trivial to enable if you hit the
 wrong button when setting the barometric pressure...

 --
 Joe

Chuckle, war stories, love 'em joe.  After 53 years in broadcast 
engineering, I have several of those myself.

Cheers, Gene Heskett
-- 
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Genes Web page http://geneslinuxbox.net:6309/gene


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503221649.41995.ghesk...@wdtv.com

Re: Cool things to do with server

[Joe]

On Mon, 23 Mar 2015 06:58:21 +1000
Stuart Longland stua...@longlandclan.yi.org wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 15/03/15 09:11, Joris Bolsens wrote:
  Mail server,
  I thought about this, but from what i understand, mail servers are 
  notoriously difficult to secure properly.
 
 The crucial bit is ensuring you don't openly relay all mail.  Only
 traffic from your authorised users.
 
 That's the major tricky bit.  Nothing worse than coming home to a
 modem running red hot and a mail queue crammed with Viagra spam.
 (Been there, done that.  On dial-up too no less.)

There are basically two ways, with slight variations: you either relay
only for authenticated senders, and organise your network machines to
authenticate, or if your mail server is within your private network,
you can relay only for hosts in that network address range. If your
email server is outside your network, and not accessible by VPN, only
the authentication method is possible. 
 
 The only issue you might hit is port 25/tcp being blocked by your ISP.
  You may have to relay outbound email via their SMTP server.

I think that's quite rare, as I still get vast amounts of malware from
domestic connections. What is more likely is that outgoing mail will
not be accepted by many people for a variety of perfectly good
spam-reducing reasons. Many ISPs don't care if their IP address blocks
are on email blacklists, and won't make any attempt to have them
removed. Many will not provide means of setting a proper PTR record for
the IP address. In some parts of the world, it's difficult and/or
expensive to obtain a fixed IP address, and while some kind of job can
be done using a dynamic address, it's not ideal and almost certainly
the address pool will be blacklisted, requiring the use of an outgoing
smarthost.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150322214220.6e0f9...@jresid.jretrading.com

Re: sound vanished with a reboot?

[Joe]

On Sun, 22 Mar 2015 09:16:58 -0400
Gene Heskett ghesk...@wdtv.com wrote:


 
 My hearings direction finder isn't as good as it was even 20 years
 ago, and it was just last night that I discovered the kmail beep
 isn't mono on center, its either the pc's own speaker, or right
 channel only, and I strongly suspect its the pc's own speaker that is
 making the incoming mail beep.  From where I sit, the direction of
 the right speaker and the pc's speaker are in line but one is on the
 table and one is under the table.

Most single-pitch sounds aren't directional inside a room, just move
your ears around a few feet and see how many different directions you
hear it from. You're hearing the standing wave pattern set up between
the walls, and 'loudest is where it's coming from' gets fooled.

I once spent several hours trying to find out why my server had started
beeping for a minute at midnight, quite loudly. Cron and anacron seemed
innocent, but *something* was causing it. I tried software disabling
the internal speaker, no good.

Eventually I tried standing in front of the server at the witching
hour, with the door open, hoping to get a directional fix on the beep.
I did... it was coming from the nearby weather station, which unknown
to me had two alarms, which were trivial to enable if you hit the wrong
button when setting the barometric pressure...

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150322182423.403ad...@jresid.jretrading.com

Re: Another problem is getting old

[Brian]

On Sun 22 Mar 2015 at 12:44:30 -0400, Gene Heskett wrote:

 Greetings, iceweasal guru's;
 
 Still the wheezy based install here.
 
 What is the cause of my getting a refusal to go  look at what is supposed 
 to be a news story, by iceweasal?
 
 Instead of going to the link, its an error 413 Request entity too large

You forgot to give the URL of the page.

Aspirant gurus have been known to do a search with firefox 413 Request
entity too large when seeking a solution.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/22032015180831.dfbcd4dba...@desktop.copernicus.demon.co.uk

scanbd

[b-misc]

Hi list,

I've set up scanbd successfully on my Jessie box (everything up to date, using 
systemd). Everything works really well if I start scanbd as user root on the 
command line, it scans for local-only device and finds my scanner which is 
connected via USB 3.

If I start scanbd as a service it scans for the scanner... and finds nothing. 
Why? Where can I look? A permission problem? But it's the same configuration, 
once started as root, once as a service.

From scanbd.conf:
[...]
user = saned
group = scanner
[...]

Thanks for any hints.

Bernd


signature.asc
Description: This is a digitally signed message part.

Re: Problem forward/postroute http/https thru vlan-ed interface.

[Mimiko]

Well.

I did some test today to with tcpdump. It's realy strange. First I 
uninstalled vlan. Configured all again. using tcpdump I saw it was 
sending packets. But at first it didn't want to work.


I added 8021q to /etc/modules, rebooted server and as I wrote: ping 
works, ftp works, but not http.


The strange thing that as soon I am doing `tcpdump -i eth1 -ne`, where 
eth1 is the interface to the internet and vlan configured, http starts 
working. So in a start up script I've put:


timeout 1 tcpdump -i eth1 -ne

Its strange that this is needed to start web to work.

I think its not wright this. Is this tipical?


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550f0be2.4090...@gmail.com

Re: sound vanished with a reboot?

[Ric Moore]

On 03/22/2015 12:33 PM, Lisi Reisz wrote:

On Sunday 22 March 2015 09:12:51 Ric Moore wrote:

On 03/22/2015 02:41 AM, Lisi Reisz wrote:

On Sunday 22 March 2015 06:12:48 Ric Moore wrote:

On 03/21/2015 10:12 PM, Gene Heskett wrote:

Greetings audio guru's;

All sound Except the new mail beep from kmail, vanished with the first
reboot after 20 days uptime while dinking around with what was sold to
me as a new 2Tb Toshiba drive, but which did not turn out to be a
sealed box.  I do not think its related.

Pursuant to someones suggestions, I installed pavuctl and pavumeter
this morning early, but according to synaptic, that is the extent of
the pulse install, no other pulse stuff is seen as installed by
synaptic.  And of coarse, they don't work, no server.


KDE has it's own notion of sound. Good luck! :0 Ric


Gene is using TDE now.


But he uses kmail. I bet it drug phonon, the KDE sound manager, into his
mix.


No, he uses KMail-Trinity.  I'd be very surprised if it dragged in anything
from KDE4.  I have kmail-trinity.

lisi@Tux-II:~$ aptitude show phonon
Package: phonon
State: not installed
Multi-Arch: same
Version: 4:4.6.0.0-3
Priority: optional
Section: sound
Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org
Architecture: amd64

If Gene has phonon it is a hangover from KDE4 and nothing to do with his
present kmail-trinity.


You don't mention it, Gene, but what about pulseaudio itself?


he's not running the pulse server, he said. :) Ric


My point was, without pulseaudio what use is pavucontrol?  Why install
pavucontrol when it is useless without pulseaudio?


Heh, go figure! :) Ric



--
My father, Victor Moore (Vic) used to say:
There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome. R.I.P. Dad.
http://linuxcounter.net/user/44256.html


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550f0f2d.4000...@gmail.com

Redirect HTTPS with Squid3+Squidguard

[Michael I.]

Hello list,

I have a problem with my squid3 + squidguard. I can't redirect https 
requests to an errorpage. When I request a blocked https page it always 
says the site isn't available.


I searched on the internet an there it says, it is an problem with the 
https protocol because https is direct an dosn't allow an redirect.


Is there really no way to redirect https request to an errorpage with 
squid3+squidguard?


Thanks for help.

--
best regards
Michael I.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550f1fb8.1030...@abwesend.de

Re: Redirect HTTPS with Squid3+Squidguard

[Sven Hartge]

Michael I. linux-michae...@abwesend.de wrote:

 I have a problem with my squid3 + squidguard. I can't redirect https
 requests to an errorpage. When I request a blocked https page it
 always says the site isn't available.

 I searched on the internet an there it says, it is an problem with the
 https protocol because https is direct an dosn't allow an redirect.

This is correct. A HTTP-Client doing HTTPS over a proxy like squid uses
CONNECT (instead of HEAD, GET or POST) which instructs the proxy to open
a TCP connectio to the specified host and port and forward any bytes
sent or received. Since inside that connction the data is encrypted, the
proxy cannot do anything special with it.

 Is there really no way to redirect https request to an errorpage with
 squid3+squidguard?

Short answer: No, there is not. 

Long answer: The only way is to setup a transparent proxy, intercepting
any outbound connection and terminating the encryption on the proxy. You
will need a fake CA certificate with which the proxy is able to create
fake server certificates so the client still thinks it is connected to
the real server.

And here it gets a) dangerous and b) expensive.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/jbfpujsro...@mids.svenhartge.de

Re: Algo raro con las memorias flash y Debian 7 LXDE

[Rivera Valdez]

2015-03-22 13:15 GMT-03:00 Camaleón noela...@gmail.com:
 El Sat, 21 Mar 2015 19:50:17 -0400, cpp escribió:

 Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo
 Debian 7 LXDE.

 Todo muy bien, solo un detalle, por ejemplo, cuando un
 usuario inserta una memoria flash o pendrive por vez primera y luego la
 retira, al insertar otra memoria diferente, pues le sale la información
 de la primera que retiró o anterior.

 (...)

 Es imposible que tenga acceso a los datos de un dispositivo que ya no
 está conectado al sistema :-?

 ¿O a qué información te refieres, exactamente?


Coincido con lo que dice Sergio más arriba, lo que debe pasar
es que sigue mostrando el nombre y demás de la memoria que
ya no está porque no fue debidamente desmontada (obviamente
no va a mostrar el contenido, de hecho, no deben ni tener acceso
a esa supuesta memoria vieja que ya no está).

¿Cuál es el procedimiento que están siguiendo para quitar las memorias?


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cad8u+g8bzjvchkxx9vzraf2yg4ocze3msft0twwwaus6y7_...@mail.gmail.com

Re: Cool things to do with server

[Stuart Longland]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 15/03/15 09:11, Joris Bolsens wrote:
 Mail server,
 I thought about this, but from what i understand, mail servers are 
 notoriously difficult to secure properly.

The crucial bit is ensuring you don't openly relay all mail.  Only
traffic from your authorised users.

That's the major tricky bit.  Nothing worse than coming home to a
modem running red hot and a mail queue crammed with Viagra spam.
(Been there, done that.  On dial-up too no less.)

The only issue you might hit is port 25/tcp being blocked by your ISP.
 You may have to relay outbound email via their SMTP server.  Even if
it's blocked inbound too, you can still use something like `fetchmail`
to grab mail from POP3 and IMAP mailboxes anywhere and present all
your email as one homogeneous mailbox with as much space as you like.

This was one of the reasons I don't use Gmail: I had a 1GB mailbox
back in 2002, a time when the average webmail account offered about
10MB.  Having gotten it working, I see no reason to move.

I've been hosting a number of websites on mine (which runs Gentoo, but
the same can be achieved in Debian).  At the moment it's a shared
hosting arrangement but I'm starting to look into moving to LXC.
(The machine is an Intel Atom with no VT extensions, so no KVM for me.)

Using LXC then, your host can basically just act as a router/firewall
and reverse proxy (using Apache/nginx for http; sniproxy for https)
and your actual hosted services are on internal containers in a
virtual DMZ.

Spinning up minimal LXC instances using deboostrap is a synch and they
take very little disk space.
- -- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBAgAGBQJVDyztAAoJEE36GRQQveO3nHcP/2Y2DsWyTZuYmbM8ErqQnvZX
ri2v41cnLjvElBOaD7KIcLTCIzmSGJRnkOjFqO76nERAShSsVRW6oU3hNA64tHkQ
LCR2Du96b5xOCiNPJTP2czznWc9bCBOpzzBwKtKIIqwsoBIIteWcs99cOz4iEzSg
F1Vc62R/PhBDe8goR/oV0KibQq83PvnUbOfEbujT+jB89cj+WfHByEaBw4aHEo+Q
08iL6ifWXYUe7LqPNNAL3knqCLTh9kNLJf0Le8GI5cYpY0TBXxLmd+66T96u2L57
+PIe0qu2H6Ufj1IIPi1/H8L0OLPrPL82zuNTY2JGN+6ywZR2+24xtvL7bio6d6ex
pu4VDi0QoABIeoMaOt17IRXH3b3v61GtLwfp5Y6vH+RoC8gjfLViW4FNzwO/JF2g
q6ZlMyPoyHth80ajfxywDXBOAuzDmcCrPq90Icde5ipGxo9rQes0XR9QQh9LnxpL
Q5ZdfQVDIafDDfGSQ5D/cBvy1UzP4fIa+mkoZvdW4rKlTD1fLrtpAp59rAu27X99
d6u1myOk8MJ0yTKT6EXXmlL9d8GJ86d7mRNj7WBhgjc5MUIohMHkWe5EGDWJ7agj
n8hzDwvOlW4YbMSy4VBBjvA0Js2Pkey6W3CVjaMaQLxlpMAHSQ+WyeomusUNAsiR
IdK7DqzJaaL1JtuONJlK
=ji8H
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550f2ced.8010...@longlandclan.yi.org

Changing of ifDescr of SNMP of Debian Jessie

[Daniel Bareiro]

Hi all!

A few days ago I decided to migrate my own servers to Debian GNU/Linux
Jessie. Having migrated my firewall, I started getting an error in the
Nagios Manubulon plugin check_snmp_int.pl since it does not find the
interface eth1.

# ./check_snmp_int.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \
 -X passwOrd1 -L md5,des -w 1500,295 -c 2500,400 \
 -k -B --label -M -B --label -n eth1
ERROR : Unknown interface eth1


This was running smoothly prior to migration, although it now seems to
have changed the description:


# ./check_snmp_netint.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \
 -X passwOrd1 -L md5,des -n -v
Alarm at 10 + 5
SNMPv3 AuthPriv login : Us3r, md5, des
Filter :
OID : 1.3.6.1.2.1.2.2.1.2.2, Desc : Realtek Semiconductor Co., Ltd.
RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
OID : 1.3.6.1.2.1.2.2.1.2.1, Desc : lo
OID : 1.3.6.1.2.1.2.2.1.2.3, Desc : VIA Technologies, Inc. VT6102 [Rhine-II]
OID : 1.3.6.1.2.1.2.2.1.2.4, Desc : tun0
Name : Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast
Ethernet Adapter, Index : 2
Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet
Adapter:UP:(1 UP): OK |


So I checked the equivalence between ifDescr and ifName:

# snmpwalk -v 3 -u Us3r -l authPriv -a MD5 -A passw0rd0 \
 -x DES -X passwOrd1 10.1.0.10 ifDescr
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: Realtek Semiconductor Co., Ltd.
RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
IF-MIB::ifDescr.3 = STRING: VIA Technologies, Inc. VT6102 [Rhine-II]
IF-MIB::ifDescr.4 = STRING: tun0


# snmpwalk -v 3 -u Us3r -l authPriv -a MD5 -A passw0rd0 \
 -x DES -X passwOrd1 10.1.0.10 ifName
IF-MIB::ifName.1 = STRING: lo
IF-MIB::ifName.2 = STRING: eth1
IF-MIB::ifName.3 = STRING: eth0
IF-MIB::ifName.4 = STRING: tun0


I could use something like this, but the output is extremely long:

# ./check_snmp_netint.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \
 -X passwOrd1 -L md5,des -w 1500,295 -c 2500,400 -k -B --label -k \
 -B --label -n Realtek.*
Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet
Adapter:UP (in=93.0Kbps/out=13.1Kbps):(1 UP): OK |


It's a pity If it can not solve because quite a while I was using the
check_snmp_int.pl plugin and was very happy with their results. But now
in Debian Jessie I'm having this problem. It seems that something has
changed in the SNMP service included in the new version of Debian since
before (on Debian Wheezy) the description matched the ifName:

# ./check_snmp_netint.pl -H srv01.freesoftware -C public -w 1500,295 -c
2500,400 -n -v
Alarm at 10 + 5
SNMP v1 login
Filter :
OID : 1.3.6.1.2.1.2.2.1.2.2, Desc : eth0
OID : 1.3.6.1.2.1.2.2.1.2.1, Desc : lo
Name : eth0, Index : 2
eth0:UP:(1 UP): OK |


I think it is easier to identify interfaces such as eth0, eth1, etc,
rather than by its manufacturer/model.



Any suggestions to return to the original behavior?


Thanks in advance.

Best regards,
Daniel


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550f36e9.9060...@gmx.net

Re: samba casero en solo lectura

[Gonzalo Rivero]

El sáb, 21-03-2015 a las 15:14 +, Camaleón escribió: 
 El Fri, 20 Mar 2015 18:01:49 -0300, Gonzalo Rivero escribió:
 
  El mié, 18-03-2015 a las 16:19 +, Camaleón escribió:
 
 (...)
 
  De los registros y archivo de configuración que has enviado se deduce
  que los recursos compartidos (directorio /multimedia e impresora) están
  configurados para clientes invitados sin autentificar (guest) pero me
  ha parecido ver desde smbclient iniciabas sesión con el usuario
  sfish
  que no sé si tendrá los permisos adecuados de acceso.
  
  
  es que puse en nautilus smb://localhost, pero si pongo
  smb://sfish@localost/ es lo mismo: solo lectura 
 
 Claro, porque el cliente guest es que está configurado para acceder a 
 los recursos, los usuarios del sistema (como sfish) no tienen permisos de 
 acceso definidos en el archivo de configuración de samba.
 
 Intenta identificarte en smblclient como guest para ver qué te dice, o 
 en su defecto, configurar/mapear los usuarios windows como usuarios samba/
 del sistema y configurando expresamente los permisos de acceso a los 
 recursos para esos usuarios. 
 
  Supongo que esta versión de samba se pusieron mas estrictos (y deb
 -changes no me dijo nada al respecto) y ahora debo agregar cosas como
  write users, valid users y tal
 
 No sé, me parece un cambio demasiado radical que además va contra el 
 sentido común ya que existe mayor exposición dando permisos de escritura 
 a los recursos ¿no crees?
 
no. En realidad antes, cualquiera que esté en mi lan puede conectarse a
mi smb con permisos de escritura (no tan así porque necesitaban entrar
con un usuario y contraseña a su respectivo sistema).
Ahora tuve que decirle que usuarios tienen permiso de escritura  (con
valid users y write list), y volvió a funcionar para la parte de
archivos. Me resta ver que debo agregar a la impresora compartida para
que puedan usarla



-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1427025017.1737.6.ca...@gmail.com

Re: X11/Thinkpad T430: partially drops input from USB devices after resume

[Joel Roth]

On Sat, Mar 21, 2015 at 01:05:58AM +, stefan.schwar...@gmx.net wrote:

 I am using my laptop (lenovo T430, debian testing)
 regularly in a docking station. The dock has a USB
 keyboard, USB mouse and monitor  permanently attached. The
 laptops suspends from time to time, and _after_ resuming
 X11 or some other system component  the input from USB
 mouse and keyboard to be dropped/ignored partially.
 Symptoms are that the cursor does not move with the mouse,
 however it will start moving again if I click any of the
 mouse buttons; or that the keyboard input is ignored until
 I hit some arbitrary keys very rapidly. The USB amnesia
 starts again if I leave the input device untouched for
 some seconds.  The issue will not occur for newly
 connected devices or if I reconnect mouse/keyboard. The
 dock is not the issue as I can reproduce the phenomenon
 with a USB mouse directly connected to the laptop. 
 
 I am looking for ways to correctly diagnose things to file
 a bug (against which package: xorg-input, kernel/driver,
 ...).

I've had a similar problem with my T410, running sid. 
I was losing the first few keystrokes when I begin typing on a USB
keyboard. I didn't connect it with sleeping.

At the moment (typing on USB keyboard I plugged in to test)
I don't see the problem.

Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 
4.8.3 (Debian 4.8.3-13) ) #1 SMP Debian 3.16.7-2 (2014-11-06)

cheers,

Joel
 
 dmesg shows on device attachment/boot, e.g. for a cordless USB mouse:
 [316267.291416] usb 3-1.2: new low-speed USB device number 7 using ehci-pci
 [316267.390581] usb 3-1.2: New USB device found, idVendor=046d, idProduct=c521
 [316267.390588] usb 3-1.2: New USB device strings: Mfr=1, Product=2, 
 SerialNumber=0
 [316267.390591] usb 3-1.2: Product: USB Receiver
 [316267.390593] usb 3-1.2: Manufacturer: Logitech
 [316267.397463] input: Logitech USB Receiver as 
 /devices/pci:00/:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/0003:046D:C521.002D/input/input60
 [316267.397850] hid-generic 0003:046D:C521.002D: input,hidraw0: USB HID v1.11 
 Mouse [Logitech USB Receiver] on usb-:00:1a.0-1.2/input0
 [316267.405442] input: Logitech USB Receiver as 
 /devices/pci:00/:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.1/0003:046D:C521.002E/input/input61
 [316267.406232] hid-generic 0003:046D:C521.002E: input,hiddev0,hidraw1: USB 
 HID v1.11 Device [Logitech USB Receiver] on usb-:00:1a.0-1.2/input1
 
 on wakeup (all USB related messages)
 [316278.048335] xhci_hcd :00:14.0: System wakeup disabled by ACPI
 [316278.048401] ehci-pci :00:1a.0: System wakeup disabled by ACPI
 [316278.048465] ehci-pci :00:1d.0: System wakeup disabled by ACPI
 [316278.048543] PM: noirq resume of devices complete after 15.665 msecs
 ...
 [316278.428114] usb 3-1.1: reset full-speed USB device number 3 using ehci-pci
 [316278.592293] usb 3-1.6: reset high-speed USB device number 6 using ehci-pci
 
 lsusb (after resume)
 sts@nbof08:~$ lsusb
 Bus 004 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
 Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 003 Device 006: ID 04f2:b2da Chicony Electronics Co., Ltd 
 Bus 003 Device 005: ID 0a5c:21e6 Broadcom Corp. BCM20702 Bluetooth 4.0 
 [ThinkPad]
 Bus 003 Device 004: ID 147e:2020 Upek TouchChip Fingerprint Coprocessor (WBF 
 advanced mode)
 Bus 003 Device 007: ID 046d:c521 Logitech, Inc. Cordless Mouse Receiver
 Bus 003 Device 003: ID 17ef:1003 Lenovo Integrated Smart Card Reader
 Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
 Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 
 Xorg.0.log (info refering to device attachment, there is no info after resume:
 ...
 [316188.752] (II) config/udev: Adding input device Logitech USB Receiver 
 (/dev/input/event14)
 [316188.752] (**) Logitech USB Receiver: Applying InputClass evdev pointer 
 catchall
 [316188.752] (II) Using input driver 'evdev' for 'Logitech USB Receiver'
 [316188.752] (**) Logitech USB Receiver: always reports core events
 [316188.752] (**) evdev: Logitech USB Receiver: Device: /dev/input/event14
 [316188.752] (--) evdev: Logitech USB Receiver: Vendor 0x46d Product 0xc521
 [316188.752] (--) evdev: Logitech USB Receiver: Found 20 mouse buttons
 [316188.752] (--) evdev: Logitech USB Receiver: Found scroll wheel(s)
 [316188.752] (--) evdev: Logitech USB Receiver: Found relative axes
 [316188.752] (--) evdev: Logitech USB Receiver: Found x and y relative axes
 [316188.752] (II) evdev: Logitech USB Receiver: Configuring as mouse
 [316188.752] (II) evdev: Logitech USB Receiver: Adding scrollwheel support
 [316188.752] (**) evdev: Logitech USB Receiver: YAxisMapping: buttons 4 and 5
 [316188.752] (**) evdev: Logitech USB Receiver: EmulateWheelButton: 4, 
 EmulateWheelInertia: 10, EmulateWheelTimeout: 200
 [316188.752] 

Re: Redirect HTTPS with Squid3+Squidguard

[Sven Hartge]

Bob Proulx b...@proulx.com wrote:
 Sven Hartge wrote:
 Michael I. wrote:

 Is there really no way to redirect https request to an errorpage
 with squid3+squidguard?

 Long answer: The only way is to setup a transparent proxy,
 intercepting any outbound connection and terminating the encryption
 on the proxy. You will need a fake CA certificate with which the
 proxy is able to create fake server certificates so the client still
 thinks it is connected to the real server.
 
 And here it gets a) dangerous and b) expensive.

 It is extremely bad, bad, bad, as well as dangerous.  I haven't been
 following the news in great detail but read all about Komodia's recent
 news articles.  Komodia's cracking tools are used in Superfish and
 Lenovo was in trouble for pre-installing Superfish.

There are network policy/security appliances in the enterprise world,
which implement a scanning proxy for HTTPS. They come with a either a
wildcard certificate for * (signed by a valid CA!) or a fake CA
certificate, which you install onto your computers to enable the
appliance to function.

This is of course very dangerous if you don't know what you are doing,
but sometimes there are no other options (for example HIPAA, SOX, PCI,
...) if you have to absolutley control the flow and content of data.

But then, if you are in the area where you need such
MitM-Filter-SSL-breaking-proxies, then you already know of how to do it
and when to do it.

If you don't know how to do it and when to do it, chances are, you don't
need it.

Guessing from Michaels TLD, he is German. This means there are several
other things to consider, based on the environment this is done in. If
this is for a company or govermental agency, the Betriebsrat (works
council) or the Personlrat and the local Datenschutzbeauftragter (data
security official) has to be involved.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/kbfqc92ro...@mids.svenhartge.de

Re: sound vanished with a reboot?

[Ric Moore]

On 03/21/2015 10:12 PM, Gene Heskett wrote:

Greetings audio guru's;

All sound Except the new mail beep from kmail, vanished with the first
reboot after 20 days uptime while dinking around with what was sold to
me as a new 2Tb Toshiba drive, but which did not turn out to be a
sealed box.  I do not think its related.

Pursuant to someones suggestions, I installed pavuctl and pavumeter this
morning early, but according to synaptic, that is the extent of the pulse
install, no other pulse stuff is seen as installed by synaptic.  And of
coarse, they don't work, no server.


KDE has it's own notion of sound. Good luck! :0 Ric


--
My father, Victor Moore (Vic) used to say:
There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome. R.I.P. Dad.
http://linuxcounter.net/user/44256.html


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/550e5d60.6090...@gmail.com

Re: sound vanished with a reboot?

[Lisi Reisz]

On Sunday 22 March 2015 06:12:48 Ric Moore wrote:
 On 03/21/2015 10:12 PM, Gene Heskett wrote:
  Greetings audio guru's;
 
  All sound Except the new mail beep from kmail, vanished with the first
  reboot after 20 days uptime while dinking around with what was sold to
  me as a new 2Tb Toshiba drive, but which did not turn out to be a
  sealed box.  I do not think its related.
 
  Pursuant to someones suggestions, I installed pavuctl and pavumeter this
  morning early, but according to synaptic, that is the extent of the pulse
  install, no other pulse stuff is seen as installed by synaptic.  And of
  coarse, they don't work, no server.

 KDE has it's own notion of sound. Good luck! :0 Ric

Gene is using TDE now.

You don't mention it, Gene, but what about pulseaudio itself?

And is your sound card OK?  Perhaps run a live CD to check?

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201503220641.54944.lisi.re...@gmail.com

Re: Cool things to do with server

[Bob Proulx]

Stuart Longland wrote:
 Joris Bolsens wrote:
  Mail server,
  I thought about this, but from what i understand, mail servers are 
  notoriously difficult to secure properly.

Not really.  They are notoriously infamous when people don't secure
them.  But securing them is quite easy.  If you install a Debian
packaged one then they will be secure by default.  Just don't break it
after that point.  :-)

 The only issue you might hit is port 25/tcp being blocked by your ISP.
 You may have to relay outbound email via their SMTP server.

That really only happens on home dynamic address networks on home
cable modems and that type of thing.  In that case most do block
outgoing port 25 as an anti-virus-spam mitigation.  I think those
should be the default.  I always block outgoing port 25 on any
business system I set up for the exactly the same reason.

Even if they weren't blocked I don't know anyone of my peers that
allow receiving email from an address in the dynamic IP ranges of home
cable modems.  The only mail from them is spam from virus infected
PCs.  Therefore even if they didn't block port 25 you would have
problems running a mail server from your home network because no one
else would receive email from you.  In order to be a mail server you
really, really, really need a static IP address with a clean
reputation.

Blocking outbound 25 doesn't affect users these days.  Almost everyone
except for us geeks are using a web browser for their email interface
these days.  A much smaller set use imap.  (I hate using the web
browser for email.  I still use a real mail user client.  I expect
this to continue.)

But if you rent a VM or collocated server from a hosting provider then
you will be getting a static IP address.  You will have a first class
entrance to the network.  You can then send mail without having port
25 blocked.  A reputable hosting service will not support spammers and
the reputation on your IP will be clean.

Bob


signature.asc
Description: Digital signature

Re: [BUG]Shellshock

[Antonio Terceiro]

On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote:
 Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
 com gNewSense e com algumas dúvidas
 
 Coloquei no terminal:
 root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
 vulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
 unvulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
 unvulneravel
 
 Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:
 
 deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
 main
 deb http://ftp.de.debian.org/debian squeeze main
 
 
 ## LTS
 deb http://http.debian.net/debian/ squeeze-lts main
 deb-src http://http.debian.net/debian/ squeeze-lts main
 
 deb http://http.debian.net/debian/ squeeze main
 deb-src http://http.debian.net/debian/ squeeze main
 
 deb http://http.debian.net/debian squeeze-lts main
 deb-src http://http.debian.net/debian squeeze-lts main
 # LTS
 
 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main
 
 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main
 
 # Line commented out by installer because it failed to verify:
 deb http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main
 # Line commented out by installer because it failed to verify:
 deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main
 
 # parkes-updates, previously known as 'volatile'
 # A network mirror was not selected during install.  The
 following entries
 # are provided as examples, but you should amend them as appropriate
 # for your mirror of choice.
 #
 deb http://ftp.debian.org/debian/ parkes-updates main
 deb-src http://ftp.debian.org/debian/ parkes-updates main
 
 deb http://backports.debian.org/debian-backports
 squeeze-backports main
 deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
 deb http://mozilla.debian.net/ squeeze-backports icedove-esr
 # deb http://debian.net/debian experimental main
 # deb http://mozilla.debian.net/ experimental iceweasel-beta
 
 
 Então faço apt-get update e apt-get upgrade e ele me oferece
 
 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
 removidos e 46 não atualizados.
 É preciso baixar 172 MB de arquivos.
 Depois desta operação, 51,9 MB de espaço em disco serão liberados.
 
 
 Posso e devo atualizar sem medo?

com esse sources.list desse jeito, você provavemente vai ter muitos
problemas. Não se mistura repositórios de sistemas diferentes.

-- 
Antonio Terceiro terce...@debian.org


signature.asc
Description: Digital signature

Re: NetInstaller Wheezy (7.8) on ASUS M4A78A-M/CSM does not see SATA HDDs

[Snow Leopard]

Hi,

the issue has been resolved by downloading most recent netboot files 
from next location


http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/debian-installer/amd64/

Andy

On 3/22/2015 2:32 PM, Snow Leopard wrote:

Hi,

I am attempting to netinstall Wheezy (7.8) on a computer with ASUS 
M4A785-M/CSM mainboard (BIOS was updated to most recent version 2302 
2011/03/18)  and WD 2TB SATA HDD.


Netnstaller requires network driver (rtl_nic) which I provided on USB 
drive and the installer gained network access.


But netinstaller does not see SATA HDDs (tried SATA in  both IDE / 
AHCI BIOS mode settings -- HDD WD20).


Please nudge me in right direction what should be done on my part to 
make netinstaller to be able see SATA hard drives.


Thank you in advance
Andy

 lspci (IDE mode) 
---

00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge
00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int 
gfx)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to 
PCI bridge (PCIE port 5)
00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 SATA Controller [IDE mode]
00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus 
Controller (rev 3c)
00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 IDE Controller
00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 
Azalia (Intel HDA)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 LPC host controller
00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to 
PCI Bridge
00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor 
Link Control
01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee 
ATI RS880 [Radeon HD 4200]
01:05.1 Audio device: Advanced Micro Devices [AMD] nee ATI RS880 HDMI 
Audio [Radeon HD 4200 Series]
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
03:06.0 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 
Controller (rev 61)
03:06.1 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 
Controller (rev 61)

03:06.2 USB controller: VIA Technologies, Inc. USB 2.0 (rev 63)
03:06.3 FireWire (IEEE 1394): VIA Technologies, Inc. VT6306/7/8 [Fire 
II(M)] IEEE 1394 OHCI Controller (rev 46)



 ouput lspci (AHCI mode) 
--

00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge
00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int 
gfx)
00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to 
PCI bridge (PCIE port 5)
00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode]
00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB 
OHCI1 Controller
00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus 
Controller (rev 3c)
00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 IDE Controller
00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 
Azalia (Intel HDA)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI 
SB7x0/SB8x0/SB9x0 LPC host controller
00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to 
PCI Bridge

Re: [BUG]Shellshock

[Thiago Zoroastro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sir,

É claro que bugaria. Às vezes coloco algumas linhas diferentes da
família Debian e coloco # apt-get upgrade para ver quais pacotes
precisariam ser atualizados. Na maioria das vezes nem é possível ou não
faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas
livres..

Percebi que as linhas estavam duplicadas e tirei. Fiz o # apt-get update
apenas para instalar o bash não vulnerável. Mas fiquei com vontade de
ter feito os comandos do https://shelshocker.net ANTES de ter
atualizado, para ver se apontaria a vulnerabilidade.

Jamais seria possível atualizar todos aqueles pacotes. No momento julgo
que a mensagem foi até desnecessária, tenho tentado falar menos. Porque
falar menos tem menos chance equivocar-me. Tanto é que assisto todas
aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a
linha do Debian-LTS.

Este é o sources.list atual:

deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
main
deb http://ftp.de.debian.org/debian squeeze main

## LTS
# deb http://http.debian.net/debian/ squeeze-lts main
# deb-src http://http.debian.net/debian/ squeeze-lts main
# LTS

# deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
Binary 20140205-19:57]/ parkes main

# deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
Binary 20140205-19:57]/ parkes main

# Line commented out by installer because it failed to verify:
deb http://archive.gnewsense.org/gnewsense-three/gnewsense
parkes-security main
# Line commented out by installer because it failed to verify:
deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
parkes-security main

# parkes-updates, previously known as 'volatile'
# A network mirror was not selected during install.  The
following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
#
deb http://ftp.debian.org/debian/ parkes-updates main
deb-src http://ftp.debian.org/debian/ parkes-updates main

deb http://backports.debian.org/debian-backports
squeeze-backports main
deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
deb http://mozilla.debian.net/ squeeze-backports icedove-esr





On 22-03-2015 19:26, Antonio Terceiro wrote:
 On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote:
 Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou
 com gNewSense e com algumas dúvidas

 Coloquei no terminal:
 root@root# env x='() { :;}; echo vulneravel' bash -c 'true'
 vulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'false'
 unvulneravel
 root@root# env x='() { :;}; echo unvulneravel' bash -c 'true'
 unvulneravel

 Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list:

 deb http://ftp.at.debian.org/debian-backports/ squeeze-backports
 main
 deb http://ftp.de.debian.org/debian squeeze main


 ## LTS
 deb http://http.debian.net/debian/ squeeze-lts main
 deb-src http://http.debian.net/debian/ squeeze-lts main

 deb http://http.debian.net/debian/ squeeze main
 deb-src http://http.debian.net/debian/ squeeze main

 deb http://http.debian.net/debian squeeze-lts main
 deb-src http://http.debian.net/debian squeeze-lts main
 # LTS

 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main

 # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL
 Binary 20140205-19:57]/ parkes main

 # Line commented out by installer because it failed to verify:
 deb http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main
 # Line commented out by installer because it failed to verify:
 deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense
 parkes-security main

 # parkes-updates, previously known as 'volatile'
 # A network mirror was not selected during install.  The
 following entries
 # are provided as examples, but you should amend them as
appropriate
 # for your mirror of choice.
 #
 deb http://ftp.debian.org/debian/ parkes-updates main
 deb-src http://ftp.debian.org/debian/ parkes-updates main

 deb http://backports.debian.org/debian-backports
 squeeze-backports main
 deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr
 deb http://mozilla.debian.net/ squeeze-backports icedove-esr
 # deb http://debian.net/debian experimental main
 # deb http://mozilla.debian.net/ experimental iceweasel-beta


 Então faço apt-get update e apt-get upgrade e ele me oferece

 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem
 removidos 

Re: [BUG]Shellshock

[Antonio Terceiro]

On Sun, Mar 22, 2015 at 09:23:34PM -0300, Thiago Zoroastro wrote:
 
 Sir,
 
 É claro que bugaria. Às vezes coloco algumas linhas diferentes da
 família Debian e coloco # apt-get upgrade para ver quais pacotes
 precisariam ser atualizados. Na maioria das vezes nem é possível ou não
 faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas
 livres..
 
 Percebi que as linhas estavam duplicadas e tirei.

O problema não é ter linhas duplicadas, isso só faz seu `apt-get update`
ficar mais lento, mas não vai causar problemas. O problema é misturar
pacotes de distribuições diferentes. *Muitas* coisas podem ser
diferentes entre os sistemas, e eventualmente você *vai* ter problemas.

 Fiz o # apt-get update
 apenas para instalar o bash não vulnerável. Mas fiquei com vontade de
 ter feito os comandos do https://shelshocker.net ANTES de ter
 atualizado, para ver se apontaria a vulnerabilidade.
 
 Jamais seria possível atualizar todos aqueles pacotes. No momento julgo
 que a mensagem foi até desnecessária, tenho tentado falar menos. Porque
 falar menos tem menos chance equivocar-me. Tanto é que assisto todas
 aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a
 linha do Debian-LTS.

Eu acho muito difícil que o gNewSense não tenha atualizações de
segurança dele próprio. Se realmente não tiver, você deveria procurar
outro sistema, ou procurar ajuda sobre o gNewSense numa lista do
gNewSense.

-- 
Antonio Terceiro terce...@debian.org


signature.asc
Description: Digital signature

Fwd: Re: [gNewSense-users] Shellshock

[Thiago Zoroastro]

Encontrei a mensagem e respondi-o dizendo o que fazer.


 Original Message 
Subject:Re: [gNewSense-users] Shellshock
Date:   Sun, 22 Mar 2015 22:07:14 -0300
From:   Thiago Zoroastro thiago.zoroas...@bol.com.br
To: gnewsense-us...@nongnu.org



You must to add the lines in the sources.list

deb http://http.debian.net/debian/ squeeze-lts main
deb-src http://http.debian.net/debian/ squeeze-lts main

Do
# apt-get update
Install new bash
# apt-get install bash

Comment the Debian-LTS lines with '#' in the sources.list list to avoid
other upgrades.

Ok. Have nice days.

On 27-09-2014 05:15, Keith Ball wrote:
 What, if anything, should I do about shellshock?

 I mostly use the gNewSense GUI. I'm not yet confident to install the
 patches from gnu.org though I guess I'll manage if I have to.

  I've played about a bit with bash and then didn't bother with it as the
 manual is very long and I think I read (maybe even in the manual) that
 there are better ways of doing the same things as bash does. 

 But what about calls to bash that I'm not aware of? Am I using bash all
 the time without knowing it? Is there a plan or need to make a gNewSense
 -specific patch?

 Is everyone involved with gNewSense rushing around frantically trying to
 fix things or is this just a storm in a teacup?

 Thanks

 Keith
  


 ___
 gNewSense-users mailing list
 gnewsense-us...@nongnu.org
 https://lists.nongnu.org/mailman/listinfo/gnewsense-users


___
gNewSense-users mailing list
gnewsense-us...@nongnu.org
https://lists.nongnu.org/mailman/listinfo/gnewsense-users

Re: [BUG]Shellshock

[Thiago Zoroastro]

Aviso: (...) "The mail server responded:  4.7.1 deb...
Não foi possível enviar pelo Icedove.
 
Em meus computadores eu faço testes. No momento estou usando um Kaiana beta em dois notebooks (pessoal e um somente de testes). Já tive experiências falhas com pacotes, estou habituado a instalar o que for que eu preciso usar.Adicionei as linhas do Debian-LTS no gNewSense e pelo jeito arrumou/corrigiu.Porque comandos que ele passouenv x='() { :;}; echo vulneravel' bash -c 'false'não retorna mais nenhuma mensagem, nem com 'unvelneravel' nem com 'true' nem de forma alguma.
 
 
Thiago Zoroastro
 www.participa.br/thiagozoroastro
www.blogoosfero.cc/thiagozoroastro


De: terce...@debian.orgEnviada: Domingo, 22 de Março de 2015 22:22Para: debian-user-portuguese@lists.debian.orgAssunto: [BUG]ShellshockOn Sun, Mar 22, 2015 at 09:23:34PM -0300, Thiago Zoroastro wrote:  Sir,  É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres..  Percebi que as linhas estavam duplicadas e tirei.O problema não é ter linhas duplicadas, isso só faz seu `apt-get update`ficar mais lento, mas não vai causar problemas. O problema é misturarpacotes de distribuições diferentes. *Muitas* coisas podem serdiferentes entre os sistemas, e eventualmente você *vai* ter problemas. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade.  Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS.Eu acho muito difícil que o gNewSense não tenha atualizações desegurança dele próprio. Se realmente não tiver, você deveria procuraroutro sistema, ou procurar ajuda sobre o gNewSense numa lista dogNewSense.-- Antonio Terceiro terce...@debian.org

--
To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550f7289579ec_646f15b2515293ec45...@a4-winter1.mail

Re: Cool things to do with server

[Stuart Longland]

On 23/03/15 07:42, Joe wrote:
 The only issue you might hit is port 25/tcp being blocked by your ISP.
   You may have to relay outbound email via their SMTP server.
 I think that's quite rare, as I still get vast amounts of malware from
 domestic connections. What is more likely is that outgoing mail will
 not be accepted by many people for a variety of perfectly good
 spam-reducing reasons.

Not as rare as one would like, as it happens.  Telstra 3G connections
are one example where port 25 is firewalled off.  Yes, it'll connect,
but it'll be one of Telstra's servers, not yours, that you connect to.

I found this out the hard way when I couldn't figure out why my father
had trouble getting into his email when he was accessing it via 3G.

The solution was authenticated STARTTLS SMTP on another port.

 Many ISPs don't care if their IP address blocks
 are on email blacklists, and won't make any attempt to have them
 removed. Many will not provide means of setting a proper PTR record for
 the IP address. In some parts of the world, it's difficult and/or
 expensive to obtain a fixed IP address, and while some kind of job can
 be done using a dynamic address, it's not ideal and almost certainly
 the address pool will be blacklisted, requiring the use of an outgoing
 smarthost.

Indeed, you would think they wouldn't want the bad publicity of being
blacklisted for spam.  The don't care attitude that's seemingly so
universal is saddening, but that's a discussion for another list.

Absolutely though to run a mail server effectively, a static IP address
is really a must, although you can get by with dynamic.  The only real
show stopper is carrier grade NAT, then the whole exercise becomes
rather pointless unless you only read your mail on your own private LAN.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/550f3c5e.1040...@longlandclan.yi.org

Debian wheezy on Dell 7535

[Gajadur Dwijesh]

Hello...I wanted to know if anyone has been able to use Debian wheezy on
the laptop Dell 7535.
I have been able to install Debian on the laptop successfully...however I
got some issues after installation:

- No Sound
- Can't control screen brightness
- No Wifi..i have already followed the steps on (
https://wiki.debian.org/WiFi) and tried several drivers but it still does
not detect any wifi connection.

Please help..I really want to use Debian on my laptop..

Thank You