Re: Redirect HTTPS with Squid3+Squidguard
Sven Hartge wrote: Michael I. wrote: Is there really no way to redirect https request to an errorpage with squid3+squidguard? Short answer: No, there is not. +1, No there is not for the reasons Sven described. Long answer: The only way is to setup a transparent proxy, intercepting any outbound connection and terminating the encryption on the proxy. You will need a fake CA certificate with which the proxy is able to create fake server certificates so the client still thinks it is connected to the real server. And here it gets a) dangerous and b) expensive. It is extremely bad, bad, bad, as well as dangerous. I haven't been following the news in great detail but read all about Komodia's recent news articles. Komodia's cracking tools are used in Superfish and Lenovo was in trouble for pre-installing Superfish. They apparently do exactly the above of setting up a fake certificate authority on the local machine and proxying https through. And made multiple mistakes in the implementation making them a security disaster in multiple different ways. Very bad. There are many news articles on the debacle to read all about it. Don't do it. Bob signature.asc Description: Digital signature
Re: sound vanished with a reboot?
On 03/22/2015 02:41 AM, Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. But he uses kmail. I bet it drug phonon, the KDE sound manager, into his mix. You don't mention it, Gene, but what about pulseaudio itself? he's not running the pulse server, he said. :) Ric -- My father, Victor Moore (Vic) used to say: There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome. R.I.P. Dad. http://linuxcounter.net/user/44256.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550e8793.30...@gmail.com
[BUG]Shellshock
Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# -- Atenciosamente, Rodrigo da Silva Cunha
Re: sound vanished with a reboot?
On Sunday 22 March 2015 02:41:54 Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. You don't mention it, Gene, but what about pulseaudio itself? Not installed, never was IIRC. And is your sound card OK? Perhaps run a live CD to check? I tried that too, same failure, but I did find it, by doing something I haven't had to do in years, install alsamixer and its gui, which showed that it had all turned itself off. Turned it up, works. Found the keyboard volume control didn't work until I had quit the alsamixer, they fought tooth and nail for control when the mixer was running. Thanks Lisi Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503220410.46294.ghesk...@wdtv.com
Re: sound vanished with a reboot?
On Sunday 22 March 2015 05:12:51 Ric Moore wrote: On 03/22/2015 02:41 AM, Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. But he uses kmail. I bet it drug phonon, the KDE sound manager, into his mix. Maybe. But I see /opt/trinity/artsd running via htop. No hint of phonon in that 171 item list. But I see iceweasal went on a binge and cooked the cpu all night. Thats another pet peeve. If I click the quit dot, the SOB should quit clean. About 10% of the time it doesn't. Buggier than a 10 day old carcass. But I can point that same finger and sharpen it like a schoolchild at firefox if it was installed. My hearings direction finder isn't as good as it was even 20 years ago, and it was just last night that I discovered the kmail beep isn't mono on center, its either the pc's own speaker, or right channel only, and I strongly suspect its the pc's own speaker that is making the incoming mail beep. From where I sit, the direction of the right speaker and the pc's speaker are in line but one is on the table and one is under the table. That beep does not seem to be subject to the keyboard volume control to the extent it effects the main sound. That clue I'd throw it at the pc's speaker, however I just turn it down to 50%, a good 30 db down just to check that theory. It should have lowered the beep to inaudible, but its the same. So that has got to be the pc's speaker. You don't mention it, Gene, but what about pulseaudio itself? he's not running the pulse server, he said. :) Ric Correct. Thanks all. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503220916.58913.ghesk...@wdtv.com
Configurar squid.conf versão 3.3.8
Bom dia Amigos estou tentando configurar o squid.conf para um amigo que esta na versão 3.3.8. Ele esta usando o ubuntu 14.04 lts, sei que muitos vão falar que ele deve perguntar na lista do ubuntu, mais me prontifiquei em ajuda-lo e recorro aos amigos que possa me fazer essa gentileza, tentei fazer algumas modificações mais mesmo ao rodar o squid3 -k reconfigure ele da a mensagem: erro ao executar a copia não sei como configurar ele, estou lhe mandando uma copia do meu squid.conf para analise, pois o dele é uma copia do meu. Atenciosamente, Roberto Brandão # Autor: Roberto Brandão - robertobran...@msn.com # Arquivo: /etc/squid3/squid.conf # # Politicas de Acesso a Internet (AI) adotadas #* # # 01. Definir AI somente para PCs da rede interna (Intranet) # 02. Definir AI para todos PCs, fora do horário de expediente # 03. Proibir AI de determinados PCs no horário de expediente # 04. Definir lista de PC(s) sem AI (bloqueados) 24h/dia # 05. Proibir uso do Internet Explorer (Estimular Firefox) # 06. Definir PC(s) com permissão para uso do Internet Explorer # 07. Proibir formatos de vídeos, áudio e arquivos de risco # 08. Proibir palavras e sites impróprios/imoral # 09. Proibir downloads com mais de 5 MB # 10. Definir PC(s) (admin) com privilegio total de AI # 11. Bloqueia os malware na rede local # 12. Libera apenas sites cadastrado # # OBS: O controle dos computadores (PC) é feito pelo seu # endere�o f�sico (MAC) e n�o pelo IP. # # Configura��o Geral #*** # http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 1000 MB #Alto limpeza do Cache cache_swap_low 90 cache_swap_high 95 #Tamanho maximo e minimo pra armazena no cache maximum_object_size 3000 MB minimum_object_size 40 KB cache_dir ufs /var/spool/squid3 9 16 256 cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log /var/log/squid3/store.log pid_filename /var/run/squid3.pid mime_table /usr/share/squid3/mime.conf cache_mgr rbsolut...@rbsolution.com.br memory_pools off diskd_program /usr/lib/squid3/diskd unlinkd_program /usr/lib/squid3/unlinkd #emulate_httpd_log off visible_hostname srvnet ftp_user r...@root.com.br refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 quick_abort_max 16 KB quick_abort_pct 95 quick_abort_min 16 KB request_header_max_size 20 KB reply_header_max_size 20 KB request_body_max_size 0 KB # acl - Recomendadas #*** # #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/32 #acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT # # acl - Personalizadas #* # #Regras para autentica��o ##auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/list/squid_passwd.txt ##auth_param basic children 5 ##auth_param basic realm Digite o Usuario e Senha de Acesso a Internet # *** Faz Autentica��o ##acl autenticados proxy_auth REQUIRED # *** Lista de Usu�rios com restri��o ##acl aut_usuario proxy_auth /etc/squid3/list/autusuario.txt # # # *** Libera siste cadastrado acl sitelib dstdom_regex /etc/squid3/list/sitelivre.txt # # *** Lista de Bloqueio de Malware acl malware_list url_regex -i /etc/squid3/list/malware.txt # # *** Lista de Bloqueio de Porno acl porno_list url_regex -i /etc/squid3/list/lstblackporno.txt # # *** Define portas liberadas acl Safe_ports port 3050 # Interbase/Firebird # # *** Define a rede interna (Intranet) acl intranet src 10.0.0.0/24 # # *** Define PC(s) com privilegio total - CUIDADO! acl admin arp /etc/squid3/list/admin.txt # # *** Define a lista de PC(s) autorizados ao acesso a Internet acl internet arp /etc/squid3/list/internet.txt # # *** Define a lista de sites improprios acl improprio dstdom_regex /etc/squid3/list/sitebloq.txt # # *** Define a lista de sites confiaveis acl confiavel dstdom_regex /etc/squid3/list/siteconf.txt # # *** Define a lista de palavras improprias acl palavra url_regex -i /etc/squid3/list/palavra.txt # # *** Define os formatos de video, audio e outros de risco acl video urlpath_regex /etc/squid3/list/videodown.txt acl audio urlpath_regex /etc/squid3/list/audiodown.txt acl risco urlpath_regex /etc/squid3/list/riscodown.txt # # *** Define o browser Internet Explorer acl ie_browser browser ^Mozilla/4.0 ^Mozilla/5.0 .compatible; MSIE # #
Re: Ejecutar aplicaciones como root sin ingresar la pass
El sáb, 21-03-2015 a las 13:51 -0300, matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Gracias de antemano Mati consideraciones de seguridad aparte (usar la cuenta de root para tareas diarias es como usar una cuenta con privilegios administrativos en windows, en especial cuando NO se sabe que se hace) : alt-f2 (al menos en gnome) gksu programa -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1427023270.1737.3.ca...@gmail.com
Re: [BUG]Shellshock
O bash 4.1 Tinha essa vulnerabilidade, fiz o upgrade para o 4.2.37 e agora não tem mais a vulnerabilidade. Fiquei curioso de como eu poderia explorar esta vulnerabilidade em meu ambiente de laboratorio para fins academicos, isso poderia render um bom artigo para a comunidade de SLivre, principalmente se conseguíssemos demostrar os perigos na pratica. Em 22 de março de 2015 13:28, Rodrigo Cunha rodrigo.root...@gmail.com escreveu: Solução, adicione os repositorios : deb http://ftp.br.debian.org/debian/ wheezy main deb-src http://ftp.br.debian.org/debian/ wheezy main Executei: sudo apt-get update sudo apt-get install --only-upgrade bash gcc-4.4 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com escreveu: Que mistureba... Mas com relação ao bug veja qual versão do bash é a vulnerável e qual está instalada na sua máquina... assimo como os pacotes do referentes ao SSL... procure no google, sites com CVE's por exemplo, ou na parte de segurança do debian no seu site... [ ] 's Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos e 46 não atualizados. É preciso baixar 172 MB de arquivos. Depois desta operação, 51,9 MB de espaço em disco serão liberados. Posso e devo atualizar sem medo? Como sempreatualizei o gNewSense, então posso ter atualizado para o necessário antes. Como posso ver se o pacote instalado é o vulnerável, como era possível ver o do OpenSSL? Att. On 22-03-2015 10:35, Rodrigo Cunha wrote: Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# -- Atenciosamente, Rodrigo da Silva Cunha -- | .''`. A fé não dá respostas. Só impede perguntas. | : :' : | `. `'` | `- Je vois tout -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of
Re: Mostrar imagen en monitor con cable HDMI no da pie con bola
El día 20 de marzo de 2015, 10:14, Camaleón noela...@gmail.com escribió: El Thu, 19 Mar 2015 19:15:16 -0430, Miguel Matos escribió: El día 19 de marzo de 2015, 19:05, Carlos Zuniga carlos@gmail.com escribió: 2015-03-19 17:32 GMT-05:00 Miguel Matos unefistano...@gmail.com: Saludos a la lista. Aprovecho para utilizar de nuevo este medio para pedir otra consulta: la semana pasada por fin compré un cable HDMI para mostrar mejor la imagen y el audio. Mi sorpresa es mayor cuando veo que en mi Debian no puedo pasar la imagen. Pruebo con WIN7 para descartar fallas y ahí sí que la muestra. Pruebo un vídeo corto en HD, y va de perlas. Entonces, ¿qué no estoy haciendo bien en Debian? Qué tarjeta de video utilizas? Con qué drivers? y que configuración? y no funciona en modo consola? estas tratando de expandir el escritorio entre 2 pantallas (una HDMI, la otra VGA) o mostrar el escritorio solo en una? Busco conectar mi laptop a la televisión de la alcoba, que tiene entrada HDMI. Pero en Debian no hay respuesta. Y sí, busco expandir el escritorio para poder ver las pelis desde esa pantalla más grande. Esa es una de las opciones. Además de indicarnos lo que te pregunta Carlos (tarjeta y driver usado) manda la salida de xrandr -q con la conexión HDMI conectada, obviamente, a ver qué dice. Ssaludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.20.14.44...@gmail.com A vr...: $ xrandr -q Screen 0: minimum 320 x 200, current 2304 x 800, maximum 8192 x 8192 LVDS1 connected 1280x800+0+0 (normal left inverted right x axis y axis) 331mm x 207mm 1280x800 60.0*+ 50.0 1024x768 60.0 800x60060.3 56.2 640x48059.9 VGA1 disconnected (normal left inverted right x axis y axis) HDMI1 connected 1024x768+1280+32 (normal left inverted right x axis y axis) 747mm x 420mm 1360x768 60.0 + 1920x1080 60.0 50.0 59.9 24.0 24.0 1920x1080i 30.0 25.0 30.0 1280x720 60.0 50.0 59.9 1440x576i 25.0 1024x768 75.1 70.1 60.0* 1440x480i 30.0 30.0 800x60072.2 75.0 60.3 56.2 720x57650.0 720x48060.0 59.9 640x48075.0 72.8 60.0 59.9 720x40070.1 DP1 disconnected (normal left inverted right x axis y axis) DP2 disconnected (normal left inverted right x axis y axis) Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué: había que inicar la sesión Debian con el cable conectado. ¿Todo bien? No lo creo. En lo que escribo esto estoy viendo una serie en calidad HD, pero, sólo suena en la laptop, en la tele nada de nada. ¿Qué no se habrá configurado bien? -- Ayuda para hacer preguntas inteligentes: http://is.gd/NJIwRz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/calevjmtyke4exhvts0dv55tut_ne5p0_rgw8g7f-ij5su_g...@mail.gmail.com
Re: [BUG]Shellshock
Olha isso # bash --version GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. No repositório do gNewSense está como nenhum pacote para ser atualizado. Como verifico a vulnerabilidade? Como posso saber se este bash está vulnerável? Att. On 22-03-2015 13:32, Rodrigo Cunha wrote: O bash 4.1 Tinha essa vulnerabilidade, fiz o upgrade para o 4.2.37 e agora não tem mais a vulnerabilidade. Fiquei curioso de como eu poderia explorar esta vulnerabilidade em meu ambiente de laboratorio para fins academicos, isso poderia render um bom artigo para a comunidade de SLivre, principalmente se conseguíssemos demostrar os perigos na pratica. Em 22 de março de 2015 13:28, Rodrigo Cunha rodrigo.root...@gmail.com mailto:rodrigo.root...@gmail.com escreveu: Solução, adicione os repositorios : deb http://ftp.br.debian.org/debian/ wheezy main deb-src http://ftp.br.debian.org/debian/ wheezy main Executei: sudo apt-get update sudo apt-get install --only-upgrade bash gcc-4.4 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com mailto:pjotam...@gmail.com escreveu: Que mistureba... Mas com relação ao bug veja qual versão do bash é a vulnerável e qual está instalada na sua máquina... assimo como os pacotes do referentes ao SSL... procure no google, sites com CVE's por exemplo, ou na parte de segurança do debian no seu site... [ ] 's Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br escreveu: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19 tel:20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19 tel:20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele
apt-get update W: A error occurred during the signature verification.
debian-user: I've been seeing apt-get update failures lately: 2015-03-22 08:52:02 root@i72600s ~ # apt-get update Hit http://approx wheezy Release.gpg Get:1 http://approx wheezy-updates Release.gpg [836 B] Hit http://approx wheezy/updates Release.gpg Hit http://approx wheezy Release Get:2 http://approx wheezy-updates Release [124 kB] Err http://approx wheezy-updates Release Hit http://approx wheezy/updates Release 2015-03-22 08:52:02 root@i72600s ~ # apt-get update Hit http://approx wheezy Release.gpg Get:1 http://approx wheezy-updates Release.gpg [836 B] Hit http://approx wheezy/updates Release.gpg Hit http://approx wheezy Release Get:2 http://approx wheezy-updates Release [124 kB] Err http://approx wheezy-updates Release Hit http://approx wheezy/updates Release Hit http://ftp.us.debian.org wheezy-backports Release.gpg Hit http://ftp.us.debian.org wheezy-backports Release Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex Hit http://approx wheezy/main Translation-en Hit http://approx wheezy/updates/main Translation-en Hit http://approx wheezy/main Sources Hit http://approx wheezy/main amd64 Packages Hit http://approx wheezy/updates/main Sources Hit http://approx wheezy/updates/main amd64 Packages Fetched 125 kB in 2s (47.1 kB/s) Reading package lists... Done W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://approx wheezy-updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) ftpmas...@debian.org W: Failed to fetch http://approx:/debian/dists/wheezy-updates/Release W: Some index files failed to download. They have been ignored, or old ones used instead. Hit http://ftp.us.debian.org wheezy-backports Release.gpg Hit http://ftp.us.debian.org wheezy-backports Release Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex Hit http://approx wheezy/main Translation-en Hit http://approx wheezy/updates/main Translation-en Hit http://approx wheezy/main Sources Hit http://approx wheezy/main amd64 Packages Hit http://approx wheezy/updates/main Sources Hit http://approx wheezy/updates/main amd64 Packages Fetched 125 kB in 2s (47.1 kB/s) Reading package lists... Done W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://approx wheezy-updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) ftpmas...@debian.org W: Failed to fetch http://approx:/debian/dists/wheezy-updates/Release W: Some index files failed to download. They have been ignored, or old ones used instead. 2015-03-22 08:57:42 root@i72600s ~ # egrep -v '#' /etc/apt/sources.list deb http://approx:/debian/ wheezy main deb http://ftp.us.debian.org/debian/wheezy-backportsmain deb http://approx:/debian/ wheezy-updates main deb http://approx:/security/wheezy/updates main deb-src http://approx:/debian/ wheezy main deb-src http://approx:/debian/ wheezy-updates main deb-src http://approx:/security/wheezy/updates main 2015-03-22 08:58:37 root@i72600s ~ # egrep -v '#' /etc/approx/approx.conf | grep . debian http://ftp.us.debian.org/debian/ securityhttp://security.debian.org/debian-security/ Is there a problem with my local Apt configuration, local Approx server, remote Apt mirror, or something else? TIA, David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550ee76a.9040...@holgerdanske.com
Re: Algo raro con las memorias flash y Debian 7 LXDE
El Sat, 21 Mar 2015 19:50:17 -0400, cpp escribió: Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo Debian 7 LXDE. Todo muy bien, solo un detalle, por ejemplo, cuando un usuario inserta una memoria flash o pendrive por vez primera y luego la retira, al insertar otra memoria diferente, pues le sale la información de la primera que retiró o anterior. (...) Es imposible que tenga acceso a los datos de un dispositivo que ya no está conectado al sistema :-? ¿O a qué información te refieres, exactamente? Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.22.16.15...@gmail.com
Re: sound vanished with a reboot?
On Sunday 22 March 2015 09:12:51 Ric Moore wrote: On 03/22/2015 02:41 AM, Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. But he uses kmail. I bet it drug phonon, the KDE sound manager, into his mix. No, he uses KMail-Trinity. I'd be very surprised if it dragged in anything from KDE4. I have kmail-trinity. lisi@Tux-II:~$ aptitude show phonon Package: phonon State: not installed Multi-Arch: same Version: 4:4.6.0.0-3 Priority: optional Section: sound Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org Architecture: amd64 If Gene has phonon it is a hangover from KDE4 and nothing to do with his present kmail-trinity. You don't mention it, Gene, but what about pulseaudio itself? he's not running the pulse server, he said. :) Ric My point was, without pulseaudio what use is pavucontrol? Why install pavucontrol when it is useless without pulseaudio? Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503221633.34339.lisi.re...@gmail.com
Another problem is getting old
Greetings, iceweasal guru's; Still the wheezy based install here. What is the cause of my getting a refusal to go look at what is supposed to be a news story, by iceweasal? Instead of going to the link, its an error 413 Request entity too large There does not seem to be a likely candidate setting in about:config, nothing I see in the search results looks to be relevant. Any idea how to fix that, or do I have to install firefox from the get firefox site? Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503221244.30044.ghesk...@wdtv.com
Re: searching for a structure viewer tool
Maybe you can have a look at this wikipedia page: http://en.wikipedia.org/wiki/Comparison_of_hex_editors -- F. 2015-03-20 18:26 GMT+01:00 Sergey Spiridonov s...@hurd.homeunix.org: Hi On 20/03/15 17:50, Renaud (Ron) OLGIATI wrote: I am looking for a tool which will allow to describe binary structure, some thing like COBOL ? Well, it exists in Debian (as well as perl and gcc), but I will prefer something more specialized. -- Sergey -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/vq1utb-vuu@legba.gamic.com -- *Fabrizio*
Re: sound vanished with a reboot?
On Sunday 22 March 2015 12:33:34 Lisi Reisz wrote: On Sunday 22 March 2015 09:12:51 Ric Moore wrote: On 03/22/2015 02:41 AM, Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. But he uses kmail. I bet it drug phonon, the KDE sound manager, into his mix. No, he uses KMail-Trinity. I'd be very surprised if it dragged in anything from KDE4. I have kmail-trinity. lisi@Tux-II:~$ aptitude show phonon Package: phonon State: not installed Multi-Arch: same Version: 4:4.6.0.0-3 Priority: optional Section: sound Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org Architecture: amd64 If Gene has phonon it is a hangover from KDE4 and nothing to do with his present kmail-trinity. You don't mention it, Gene, but what about pulseaudio itself? he's not running the pulse server, he said. :) Ric My point was, without pulseaudio what use is pavucontrol? Why install pavucontrol when it is useless without pulseaudio? Someone suggested it, and I was a sucker. :) Both have now been excised, no effect that I can hear. But iceweasal is frozen again, the *%$ back button does NOT work on cbsnews.com. Everyone but bbcnews is playing with your controls, and cbs seems to be the worst offender. When it refuses to go back, sometimes closing the tab works, occasionally the close button on the browser works, but I keep a root exec'd copy of htop running just so I can have the last word. And I have to use it about 25% of the time to exit iceweasal. But that problem is a separate thread Request Entity too Large. No clue it its related, but get firefox will get a visit soon if I can't get this under control. Lisi Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503221259.09709.ghesk...@wdtv.com
Re: searching for a structure viewer tool
Hi On 20.03.2015 15:56, Sergey Spiridonov wrote: If found such a tool exists for MS Windows [1]. I remember there was similar for MS DOS. Is there something like that for the Debian GNU/Linux? [1] http://www.hexworkshop.com/onlinehelp/500/html/idhelp_struct_overview.htm Here [1] is similar tool written by author of HIEW for MS-DOS. You can run it in dosbox: [1] ftp://ftp.sac.sk/sac/utilprog/stl430.zip -- Best regards, Sergey Spiridonov -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/memsb5$af6$1...@ger.gmane.org
Re: Mostrar imagen en monitor con cable HDMI no da pie con bola
El domingo, 22 mar 2015, a las 17:46 UTC+1 horas, Miguel Matos escribió: [...] Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué: había que inicar la sesión Debian con el cable conectado. ¿Todo bien? No lo creo. En lo que escribo esto estoy viendo una serie en calidad HD, pero, sólo suena en la laptop, en la tele nada de nada. ¿Qué no se habrá configurado bien? Yo veo dos posibilidades: 1. La tarjeta gráfica es compatible con audio. Solo tiene que seleccionarla como dispositivo de salida de audio. Puedes hacerlo como configuración de sistema o de cliente. Por ejemplo: con vlc selecciono Audio - Dispositivo de audio - HDMI. lspci te dice si es tu caso. 2. Tu gráfica no es compatible con audio. Vas a necesitar un cable desde la salida de audio (auriculares, por ejemplo) hasta la entrada de audio de tu televisor, si existe tal. Otra opción es seguir como hasta ahora. Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150322183057.7df30...@gmail.com
Debian LTS (era [BUG]Shellshock)
On Sun, Mar 22, 2015 at 10:35:35AM -0300, Rodrigo Cunha wrote: Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# Quem ainda estiver rodando squeeze deve adicionar o repositório squeeze-lts, que fornece updates de segurança para a oldstable por mais tempo ainda depois do final do período de suporte de segurança normal (1 ano depois do lançamento da próxima stable): https://wiki.debian.org/LTS Esse problema de segurança do bash por exemplo já está corrigido para o squeeze desde setembro do ano passado: https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html http://metadata.ftp-master.debian.org/changelogs//main/b/bash/bash_4.1-3+deb6u2_changelog -- Antonio Terceiro terce...@debian.org signature.asc Description: Digital signature
Re: [BUG]Shellshock
Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos e 46 não atualizados. É preciso baixar 172 MB de arquivos. Depois desta operação, 51,9 MB de espaço em disco serão liberados. Posso e devo atualizar sem medo? Como sempreatualizei o gNewSense, então posso ter atualizado para o necessário antes. Como posso ver se o pacote instalado é o vulnerável, como era possível ver o do OpenSSL? Att. On 22-03-2015 10:35, Rodrigo Cunha wrote: Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# -- Atenciosamente, Rodrigo da Silva Cunha
Re: [BUG]Shellshock
Que mistureba... Mas com relação ao bug veja qual versão do bash é a vulnerável e qual está instalada na sua máquina... assimo como os pacotes do referentes ao SSL... procure no google, sites com CVE's por exemplo, ou na parte de segurança do debian no seu site... [ ] 's Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos e 46 não atualizados. É preciso baixar 172 MB de arquivos. Depois desta operação, 51,9 MB de espaço em disco serão liberados. Posso e devo atualizar sem medo? Como sempreatualizei o gNewSense, então posso ter atualizado para o necessário antes. Como posso ver se o pacote instalado é o vulnerável, como era possível ver o do OpenSSL? Att. On 22-03-2015 10:35, Rodrigo Cunha wrote: Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# -- Atenciosamente, Rodrigo da Silva Cunha -- | .''`. A fé não dá respostas. Só impede perguntas. | : :' : | `. `'` | `- Je vois tout -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cacnf0pjnzdgcwu1h-_gv_rfdymrf80kmhbqudykkssqujep...@mail.gmail.com
Re: samba casero en solo lectura
El Sun, 22 Mar 2015 08:50:17 -0300, Gonzalo Rivero escribió: El sáb, 21-03-2015 a las 15:14 +, Camaleón escribió: (...) Intenta identificarte en smblclient como guest para ver qué te dice, o en su defecto, configurar/mapear los usuarios windows como usuarios samba/ del sistema y configurando expresamente los permisos de acceso a los recursos para esos usuarios. Supongo que esta versión de samba se pusieron mas estrictos (y deb -changes no me dijo nada al respecto) y ahora debo agregar cosas como write users, valid users y tal No sé, me parece un cambio demasiado radical que además va contra el sentido común ya que existe mayor exposición dando permisos de escritura a los recursos ¿no crees? no. En realidad antes, cualquiera que esté en mi lan puede conectarse a mi smb con permisos de escritura (no tan así porque necesitaban entrar con un usuario y contraseña a su respectivo sistema). Para eso está el usuario guest y el tipo de permisos que otorues sobre los recursos. Cosa a aparte es que lo quieras usar o no, pero ese tipo de autentificación es posible usarla. Y no es lo mismo tener permisos de acceso (lectura) que poder eliminar archivos (escritura). Ahora tuve que decirle que usuarios tienen permiso de escritura (con valid users y write list), y volvió a funcionar para la parte de archivos. Pues mala cosa. ¿No probaste la autentificación vía smblient como guest? Me resta ver que debo agregar a la impresora compartida para que puedan usarla Pues aquí lo tienes: https://wiki.samba.org/index.php/Samba_as_a_print_server Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.22.16.07...@gmail.com
Re: [BUG]Shellshock
Solução, adicione os repositorios : deb http://ftp.br.debian.org/debian/ wheezy main deb-src http://ftp.br.debian.org/debian/ wheezy main Executei: sudo apt-get update sudo apt-get install --only-upgrade bash gcc-4.4 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com escreveu: Que mistureba... Mas com relação ao bug veja qual versão do bash é a vulnerável e qual está instalada na sua máquina... assimo como os pacotes do referentes ao SSL... procure no google, sites com CVE's por exemplo, ou na parte de segurança do debian no seu site... [ ] 's Em 22/03/15, Thiago Zoroastrothiago.zoroas...@bol.com.br escreveu: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos e 46 não atualizados. É preciso baixar 172 MB de arquivos. Depois desta operação, 51,9 MB de espaço em disco serão liberados. Posso e devo atualizar sem medo? Como sempreatualizei o gNewSense, então posso ter atualizado para o necessário antes. Como posso ver se o pacote instalado é o vulnerável, como era possível ver o do OpenSSL? Att. On 22-03-2015 10:35, Rodrigo Cunha wrote: Srs, encontrei este erro no meu laboratorio com Debian 6. Li no facebook que isso é um bug do bash.O Shellshock, pensei em divulgar porque sei que existem muitos servidores que não tem uma atualização sistematica do S/O e como estamos com O debian 7. Segundo o texto que li, ele permite que via protocolos distintos podem ser enviados comandos remotos para o seu server/desktop. root@DEB-TEST:~# env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel root@DEB-TEST:~# cat /etc/issue Debian GNU/Linux 6.0 \n \l root@DEB-TEST:~# uname -a Linux DEB-TEST 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux root@DEB-TEST:~# -- Atenciosamente, Rodrigo da Silva Cunha -- | .''`. A fé não dá respostas. Só impede perguntas. | : :' : | `. `'` | `- Je vois tout -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cacnf0pjnzdgcwu1h-_gv_rfdymrf80kmhbqudykkssqujep...@mail.gmail.com -- Atenciosamente, Rodrigo da Silva Cunha
Re: Mostrar imagen en monitor con cable HDMI no da pie con bola
El Sun, 22 Mar 2015 12:16:34 -0430, Miguel Matos escribió: El día 20 de marzo de 2015, 10:14, Camaleón noela...@gmail.com escribió: (...) Además de indicarnos lo que te pregunta Carlos (tarjeta y driver usado) manda la salida de xrandr -q con la conexión HDMI conectada, obviamente, a ver qué dice. A vr...: $ xrandr -q (...) HDMI1 connected 1024x768+1280+32 (normal left inverted right x axis y axis) 747mm x 420mm 1360x768 60.0 + (...) Ahí se ven dos resoluciones diferentes, seguramente la TV permita la de 1360x768 aunque esté configurada con 1024x768. Seguramente podrás cambiarlo o bien manualmente (con xrandr) o a través de algún aplicativo gráfico. Pues anda bien, ya pude ver la imagen. Creo que ya averigüé por qué: había que inicar la sesión Debian con el cable conectado. Si mal no recuerdo la conexión HDMI permite conexiones en caliente así que eso no debería ser un problema. Cosa aparte es que Xorg se entere de lo que haces. ¿Todo bien? No lo creo. En lo que escribo esto estoy viendo una serie en calidad HD, pero, sólo suena en la laptop, en la tele nada de nada. ¿Qué no se habrá configurado bien? Pues te faltará decirle al sistema que use la tarjeta de sonido HDMI para sacar el audio por ahí pero deberías preguntarlo mejor en otro hilo para no mezclar las cosas. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.22.17.45...@gmail.com
NetInstaller Wheezy (7.8) on ASUS M4A78A-M/CSM does not see SATA HDDs
Hi, I am attempting to netinstall Wheezy (7.8) on a computer with ASUS M4A785-M/CSM mainboard (BIOS was updated to most recent version 2302 2011/03/18) and WD 2TB SATA HDD. Netnstaller requires network driver (rtl_nic) which I provided on USB drive and the installer gained network access. But netinstaller does not see SATA HDDs (tried SATA in both IDE / AHCI BIOS mode settings -- HDD WD20). Please nudge me in right direction what should be done on my part to make netinstaller to be able see SATA hard drives. Thank you in advance Andy lspci (IDE mode) --- 00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge 00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx) 00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 5) 00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [IDE mode] 00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 3c) 00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 IDE Controller 00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia (Intel HDA) 00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller 00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge 00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI2 Controller 00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Miscellaneous Control 00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Link Control 01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI RS880 [Radeon HD 4200] 01:05.1 Audio device: Advanced Micro Devices [AMD] nee ATI RS880 HDMI Audio [Radeon HD 4200 Series] 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03) 03:06.0 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 Controller (rev 61) 03:06.1 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 Controller (rev 61) 03:06.2 USB controller: VIA Technologies, Inc. USB 2.0 (rev 63) 03:06.3 FireWire (IEEE 1394): VIA Technologies, Inc. VT6306/7/8 [Fire II(M)] IEEE 1394 OHCI Controller (rev 46) ouput lspci (AHCI mode) -- 00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge 00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx) 00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 5) 00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] 00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 3c) 00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 IDE Controller 00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia (Intel HDA) 00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller 00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge 00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI2 Controller 00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h
Re: Problem forward/postroute http/https thru vlan-ed interface.
Mimiko vbv...@gmail.com wrote: I did some test today to with tcpdump. It's realy strange. First I uninstalled vlan. Configured all again. using tcpdump I saw it was sending packets. But at first it didn't want to work. I added 8021q to /etc/modules, rebooted server and as I wrote: ping works, ftp works, but not http. Which is very very strange. If FTP works, which is a TCP-based protocol like HTTP, then HTTP should work as well. FTP, with its two connections (control and data) being a much bigger pain in the ass to a) firewall and b) masquerade, is normally the procotol which does not work in a complex setup. The strange thing that as soon I am doing `tcpdump -i eth1 -ne`, where eth1 is the interface to the internet and vlan configured, http starts working. So in a start up script I've put: timeout 1 tcpdump -i eth1 -ne You can use something like ip link set dev $DEVICE promisc on so toggle that, no need to run a tcpdump in the background. Its strange that this is needed to start web to work. I think its not wright this. Is this tipical? No, this is not typical. Something smells fishy here. Forcing a device into promiscuous to get it working in my book normally indicates a problem with the driver (or the hardware). For example I once had a problem with the via-velocity network driver and IPv6, which only started working once I put the device into promiscuous mode because the driver did not correctly configure the hardware for multicasts. What kind of network card and kernel version do you use? Please show the unmodified (!) output from ip route show ip link show ip rule show iptables -v -L Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ibfpo3mro...@mids.svenhartge.de
[SOLVED] Re: [BUG]Shellshock
* Retirei linhas duplicadas que acabei colocando no sources.list quando copiei o que estava nas páginas do Debian-LTS; * Apliquei # apt-get update apt-get install bash (gcc-4.4 já estava instalado) * Agora o comando que o Rodrigo Cunha apresentou não retorna mais a resposta de 'vulneravel' nem outras respostas quando mudo o comando. Resolvido o problema que ele alertou. Aliás, já havia ouvido falar do shellshock, mas ainda não tinha seguido a solução, embora estivesse atualizando o gNewSense regularmente. Obrigado, Att. On 22-03-2015 15:10, Rodrigo Cunha wrote: Na verdade você alterou apenas a string texto da linha, a função desta string, neste contexto.É informar um resultado obtido através de um teste. env x='() { :;}; Ele depende do resultado desta parte da linha para executar ou não o echo vulneravel' Em 22 de março de 2015 15:02, Thiago Zoroastro thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br escreveu: Sim eu havia feito isso desde que você havia colocado esta linha. Daí coloquei na lista com 'unvulneravel' e ele sai 'unvulneravel'. Quer dizer, ele sai o que você colocar ali É claro que com 'vulneravel' e ele aparece 'vulneravel'. Vou colocar denovo: # env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel # env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel # env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel # env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel Sou bastante leigo, mas duvido de muita coisa, então eu testo antes de tirar conclusões. Porque é que ele seria vulneravel se trocar a palavra, troca o 'resultado' também? Se bem que você deve ter atualizado e colocado o mesmo comando e saiu um 'resultado' diferente. Desculpa a teimosia. Thiago Zoroastro www.participa.br/thiagozoroastro http://www.participa.br/thiagozoroastro www.blogoosfero.cc/thiagozoroastro http://www.blogoosfero.cc/thiagozoroastro *De:* rodrigo.root...@gmail.com mailto:rodrigo.root...@gmail.com *Enviada:* Domingo, 22 de Março de 2015 14:49 *Para:* thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br *Assunto:* [BUG]Shellshock Joga essa linha de comando no sei bash : env x='() { :;}; echo vulneravel' bash -c 'false' Se o output for : vulneravel Você está com o bash bugado. Em 22 de março de 2015 14:33, Thiago Zoroastro thiago.zoroas...@bol.com.br http://../../../undefined//compose?to=thiago.zoroas...@bol.com.br escreveu: Olha isso # bash --version GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html http://gnu.org/licenses/gpl.html This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. No repositório do gNewSense está como nenhum pacote para ser atualizado. Como verifico a vulnerabilidade? Como posso saber se este bash está vulnerável? Att. On 22-03-2015 13:32, Rodrigo Cunha wrote: O bash 4.1 Tinha essa vulnerabilidade, fiz o upgrade para o 4.2.37 e agora não tem mais a vulnerabilidade. Fiquei curioso de como eu poderia explorar esta vulnerabilidade em meu ambiente de laboratorio para fins academicos, isso poderia render um bom artigo para a comunidade de SLivre, principalmente se conseguíssemos demostrar os perigos na pratica. Em 22 de março de 2015 13:28, Rodrigo Cunha rodrigo.root...@gmail.com http://../../../undefined//compose?to=rodrigo.root...@gmail.com escreveu: Solução, adicione os repositorios : deb http://ftp.br.debian.org/debian/ wheezy main deb-src http://ftp.br.debian.org/debian/ wheezy main Executei: sudo apt-get update sudo apt-get install --only-upgrade bash gcc-4.4 Em 22 de março de 2015 13:26, P. J. pjotam...@gmail.com http://../../../undefined//compose?to=pjotam...@gmail.comescreveu: Que mistureba... Mas com relação ao bug veja qual versão do bash é a vulnerável e qual está instalada na sua máquina... assimo como os pacotes do referentes
Re: Another problem is getting old
On Sunday 22 March 2015 14:12:24 Brian wrote: On Sun 22 Mar 2015 at 12:44:30 -0400, Gene Heskett wrote: Greetings, iceweasal guru's; Still the wheezy based install here. What is the cause of my getting a refusal to go look at what is supposed to be a news story, by iceweasal? Instead of going to the link, its an error 413 Request entity too large You forgot to give the URL of the page. CBS in particular are hiding it, so I never see the url long enough to even menally snashot it. Aspirant gurus have been known to do a search with firefox 413 Request entity too large when seeking a solution. I did do that, but iceweasal does not have the line that was suggested to be edited in its about:config. It was also a couple weeks back when I did that search, so I'll look again. Now the fix is purported to be entirely the servers fault. I'll see if I can scrape up a phone number to call them with tomorrow. I do have some connections I can lean on, having been in BC engineering since late '63, the last 30 being at CBS affiliate. :) Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503221646.51071.ghesk...@wdtv.com
Re: [SOLVED] Re: [BUG]Shellshock
Valeu por mais esta dica do site shelshocker.net Se não tiver o curl instalado, como foi aqui, é só instalar # apt-get install curl Teste: # curl https://shellshocker.net/shellshock_test.sh | bash % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 2632 100 26320 0898 0 0:00:02 0:00:02 --:--:-- 917 CVE-2014-6271 (original shellshock): not vulnerable CVE-2014-6277 (segfault): not vulnerable CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014- (exploit 3 on http://shellshocker.net/): not vulnerable On 22-03-2015 16:27, Roberval Lustosa wrote: Esse site ajuda bastante. https://shellshocker.net/ Em 22/03/2015 16:22, Thiago Zoroastro thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br escreveu: * Retirei linhas duplicadas que acabei colocando no sources.list quando copiei o que estava nas páginas do Debian-LTS; * Apliquei # apt-get update apt-get install bash (gcc-4.4 já estava instalado) * Agora o comando que o Rodrigo Cunha apresentou não retorna mais a resposta de 'vulneravel' nem outras respostas quando mudo o comando. Resolvido o problema que ele alertou. Aliás, já havia ouvido falar do shellshock, mas ainda não tinha seguido a solução, embora estivesse atualizando o gNewSense regularmente. Obrigado, Att. On 22-03-2015 15:10, Rodrigo Cunha wrote: Na verdade você alterou apenas a string texto da linha, a função desta string, neste contexto.É informar um resultado obtido através de um teste. env x='() { :;}; Ele depende do resultado desta parte da linha para executar ou não o echo vulneravel' Em 22 de março de 2015 15:02, Thiago Zoroastro thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br escreveu: Sim eu havia feito isso desde que você havia colocado esta linha. Daí coloquei na lista com 'unvulneravel' e ele sai 'unvulneravel'. Quer dizer, ele sai o que você colocar ali É claro que com 'vulneravel' e ele aparece 'vulneravel'. Vou colocar denovo: # env x='() { :;}; echo vulneravel' bash -c 'false' vulneravel # env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel # env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel # env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel Sou bastante leigo, mas duvido de muita coisa, então eu testo antes de tirar conclusões. Porque é que ele seria vulneravel se trocar a palavra, troca o 'resultado' também? Se bem que você deve ter atualizado e colocado o mesmo comando e saiu um 'resultado' diferente. Desculpa a teimosia. Thiago Zoroastro www.participa.br/thiagozoroastro http://www.participa.br/thiagozoroastro www.blogoosfero.cc/thiagozoroastro http://www.blogoosfero.cc/thiagozoroastro *De:* rodrigo.root...@gmail.com mailto:rodrigo.root...@gmail.com *Enviada:* Domingo, 22 de Março de 2015 14:49 *Para:* thiago.zoroas...@bol.com.br mailto:thiago.zoroas...@bol.com.br *Assunto:* [BUG]Shellshock Joga essa linha de comando no sei bash : env x='() { :;}; echo vulneravel' bash -c 'false' Se o output for : vulneravel Você está com o bash bugado. Em 22 de março de 2015 14:33, Thiago Zoroastro thiago.zoroas...@bol.com.br http://../../../undefined//compose?to=thiago.zoroas...@bol.com.br escreveu: Olha isso # bash --version GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html http://gnu.org/licenses/gpl.html This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. No repositório do gNewSense está como nenhum pacote para ser atualizado. Como verifico a vulnerabilidade? Como posso saber se este bash está vulnerável? Att. On 22-03-2015 13:32, Rodrigo Cunha wrote: O bash 4.1 Tinha essa vulnerabilidade, fiz o
Re: sound vanished with a reboot?
On Sunday 22 March 2015 14:24:23 Joe wrote: On Sun, 22 Mar 2015 09:16:58 -0400 Gene Heskett ghesk...@wdtv.com wrote: My hearings direction finder isn't as good as it was even 20 years ago, and it was just last night that I discovered the kmail beep isn't mono on center, its either the pc's own speaker, or right channel only, and I strongly suspect its the pc's own speaker that is making the incoming mail beep. From where I sit, the direction of the right speaker and the pc's speaker are in line but one is on the table and one is under the table. Most single-pitch sounds aren't directional inside a room, just move your ears around a few feet and see how many different directions you hear it from. You're hearing the standing wave pattern set up between the walls, and 'loudest is where it's coming from' gets fooled. I once spent several hours trying to find out why my server had started beeping for a minute at midnight, quite loudly. Cron and anacron seemed innocent, but *something* was causing it. I tried software disabling the internal speaker, no good. Eventually I tried standing in front of the server at the witching hour, with the door open, hoping to get a directional fix on the beep. I did... it was coming from the nearby weather station, which unknown to me had two alarms, which were trivial to enable if you hit the wrong button when setting the barometric pressure... -- Joe Chuckle, war stories, love 'em joe. After 53 years in broadcast engineering, I have several of those myself. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503221649.41995.ghesk...@wdtv.com
Re: Cool things to do with server
On Mon, 23 Mar 2015 06:58:21 +1000 Stuart Longland stua...@longlandclan.yi.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/03/15 09:11, Joris Bolsens wrote: Mail server, I thought about this, but from what i understand, mail servers are notoriously difficult to secure properly. The crucial bit is ensuring you don't openly relay all mail. Only traffic from your authorised users. That's the major tricky bit. Nothing worse than coming home to a modem running red hot and a mail queue crammed with Viagra spam. (Been there, done that. On dial-up too no less.) There are basically two ways, with slight variations: you either relay only for authenticated senders, and organise your network machines to authenticate, or if your mail server is within your private network, you can relay only for hosts in that network address range. If your email server is outside your network, and not accessible by VPN, only the authentication method is possible. The only issue you might hit is port 25/tcp being blocked by your ISP. You may have to relay outbound email via their SMTP server. I think that's quite rare, as I still get vast amounts of malware from domestic connections. What is more likely is that outgoing mail will not be accepted by many people for a variety of perfectly good spam-reducing reasons. Many ISPs don't care if their IP address blocks are on email blacklists, and won't make any attempt to have them removed. Many will not provide means of setting a proper PTR record for the IP address. In some parts of the world, it's difficult and/or expensive to obtain a fixed IP address, and while some kind of job can be done using a dynamic address, it's not ideal and almost certainly the address pool will be blacklisted, requiring the use of an outgoing smarthost. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150322214220.6e0f9...@jresid.jretrading.com
Re: sound vanished with a reboot?
On Sun, 22 Mar 2015 09:16:58 -0400 Gene Heskett ghesk...@wdtv.com wrote: My hearings direction finder isn't as good as it was even 20 years ago, and it was just last night that I discovered the kmail beep isn't mono on center, its either the pc's own speaker, or right channel only, and I strongly suspect its the pc's own speaker that is making the incoming mail beep. From where I sit, the direction of the right speaker and the pc's speaker are in line but one is on the table and one is under the table. Most single-pitch sounds aren't directional inside a room, just move your ears around a few feet and see how many different directions you hear it from. You're hearing the standing wave pattern set up between the walls, and 'loudest is where it's coming from' gets fooled. I once spent several hours trying to find out why my server had started beeping for a minute at midnight, quite loudly. Cron and anacron seemed innocent, but *something* was causing it. I tried software disabling the internal speaker, no good. Eventually I tried standing in front of the server at the witching hour, with the door open, hoping to get a directional fix on the beep. I did... it was coming from the nearby weather station, which unknown to me had two alarms, which were trivial to enable if you hit the wrong button when setting the barometric pressure... -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150322182423.403ad...@jresid.jretrading.com
Re: Another problem is getting old
On Sun 22 Mar 2015 at 12:44:30 -0400, Gene Heskett wrote: Greetings, iceweasal guru's; Still the wheezy based install here. What is the cause of my getting a refusal to go look at what is supposed to be a news story, by iceweasal? Instead of going to the link, its an error 413 Request entity too large You forgot to give the URL of the page. Aspirant gurus have been known to do a search with firefox 413 Request entity too large when seeking a solution. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/22032015180831.dfbcd4dba...@desktop.copernicus.demon.co.uk
scanbd
Hi list, I've set up scanbd successfully on my Jessie box (everything up to date, using systemd). Everything works really well if I start scanbd as user root on the command line, it scans for local-only device and finds my scanner which is connected via USB 3. If I start scanbd as a service it scans for the scanner... and finds nothing. Why? Where can I look? A permission problem? But it's the same configuration, once started as root, once as a service. From scanbd.conf: [...] user = saned group = scanner [...] Thanks for any hints. Bernd signature.asc Description: This is a digitally signed message part.
Re: Problem forward/postroute http/https thru vlan-ed interface.
Well. I did some test today to with tcpdump. It's realy strange. First I uninstalled vlan. Configured all again. using tcpdump I saw it was sending packets. But at first it didn't want to work. I added 8021q to /etc/modules, rebooted server and as I wrote: ping works, ftp works, but not http. The strange thing that as soon I am doing `tcpdump -i eth1 -ne`, where eth1 is the interface to the internet and vlan configured, http starts working. So in a start up script I've put: timeout 1 tcpdump -i eth1 -ne Its strange that this is needed to start web to work. I think its not wright this. Is this tipical? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f0be2.4090...@gmail.com
Re: sound vanished with a reboot?
On 03/22/2015 12:33 PM, Lisi Reisz wrote: On Sunday 22 March 2015 09:12:51 Ric Moore wrote: On 03/22/2015 02:41 AM, Lisi Reisz wrote: On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. But he uses kmail. I bet it drug phonon, the KDE sound manager, into his mix. No, he uses KMail-Trinity. I'd be very surprised if it dragged in anything from KDE4. I have kmail-trinity. lisi@Tux-II:~$ aptitude show phonon Package: phonon State: not installed Multi-Arch: same Version: 4:4.6.0.0-3 Priority: optional Section: sound Maintainer: Debian Qt/KDE Maintainers debian-qt-...@lists.debian.org Architecture: amd64 If Gene has phonon it is a hangover from KDE4 and nothing to do with his present kmail-trinity. You don't mention it, Gene, but what about pulseaudio itself? he's not running the pulse server, he said. :) Ric My point was, without pulseaudio what use is pavucontrol? Why install pavucontrol when it is useless without pulseaudio? Heh, go figure! :) Ric -- My father, Victor Moore (Vic) used to say: There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome. R.I.P. Dad. http://linuxcounter.net/user/44256.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f0f2d.4000...@gmail.com
Redirect HTTPS with Squid3+Squidguard
Hello list, I have a problem with my squid3 + squidguard. I can't redirect https requests to an errorpage. When I request a blocked https page it always says the site isn't available. I searched on the internet an there it says, it is an problem with the https protocol because https is direct an dosn't allow an redirect. Is there really no way to redirect https request to an errorpage with squid3+squidguard? Thanks for help. -- best regards Michael I. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f1fb8.1030...@abwesend.de
Re: Redirect HTTPS with Squid3+Squidguard
Michael I. linux-michae...@abwesend.de wrote: I have a problem with my squid3 + squidguard. I can't redirect https requests to an errorpage. When I request a blocked https page it always says the site isn't available. I searched on the internet an there it says, it is an problem with the https protocol because https is direct an dosn't allow an redirect. This is correct. A HTTP-Client doing HTTPS over a proxy like squid uses CONNECT (instead of HEAD, GET or POST) which instructs the proxy to open a TCP connectio to the specified host and port and forward any bytes sent or received. Since inside that connction the data is encrypted, the proxy cannot do anything special with it. Is there really no way to redirect https request to an errorpage with squid3+squidguard? Short answer: No, there is not. Long answer: The only way is to setup a transparent proxy, intercepting any outbound connection and terminating the encryption on the proxy. You will need a fake CA certificate with which the proxy is able to create fake server certificates so the client still thinks it is connected to the real server. And here it gets a) dangerous and b) expensive. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/jbfpujsro...@mids.svenhartge.de
Re: Algo raro con las memorias flash y Debian 7 LXDE
2015-03-22 13:15 GMT-03:00 Camaleón noela...@gmail.com: El Sat, 21 Mar 2015 19:50:17 -0400, cpp escribió: Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo Debian 7 LXDE. Todo muy bien, solo un detalle, por ejemplo, cuando un usuario inserta una memoria flash o pendrive por vez primera y luego la retira, al insertar otra memoria diferente, pues le sale la información de la primera que retiró o anterior. (...) Es imposible que tenga acceso a los datos de un dispositivo que ya no está conectado al sistema :-? ¿O a qué información te refieres, exactamente? Coincido con lo que dice Sergio más arriba, lo que debe pasar es que sigue mostrando el nombre y demás de la memoria que ya no está porque no fue debidamente desmontada (obviamente no va a mostrar el contenido, de hecho, no deben ni tener acceso a esa supuesta memoria vieja que ya no está). ¿Cuál es el procedimiento que están siguiendo para quitar las memorias? -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cad8u+g8bzjvchkxx9vzraf2yg4ocze3msft0twwwaus6y7_...@mail.gmail.com
Re: Cool things to do with server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/03/15 09:11, Joris Bolsens wrote: Mail server, I thought about this, but from what i understand, mail servers are notoriously difficult to secure properly. The crucial bit is ensuring you don't openly relay all mail. Only traffic from your authorised users. That's the major tricky bit. Nothing worse than coming home to a modem running red hot and a mail queue crammed with Viagra spam. (Been there, done that. On dial-up too no less.) The only issue you might hit is port 25/tcp being blocked by your ISP. You may have to relay outbound email via their SMTP server. Even if it's blocked inbound too, you can still use something like `fetchmail` to grab mail from POP3 and IMAP mailboxes anywhere and present all your email as one homogeneous mailbox with as much space as you like. This was one of the reasons I don't use Gmail: I had a 1GB mailbox back in 2002, a time when the average webmail account offered about 10MB. Having gotten it working, I see no reason to move. I've been hosting a number of websites on mine (which runs Gentoo, but the same can be achieved in Debian). At the moment it's a shared hosting arrangement but I'm starting to look into moving to LXC. (The machine is an Intel Atom with no VT extensions, so no KVM for me.) Using LXC then, your host can basically just act as a router/firewall and reverse proxy (using Apache/nginx for http; sniproxy for https) and your actual hosted services are on internal containers in a virtual DMZ. Spinning up minimal LXC instances using deboostrap is a synch and they take very little disk space. - -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJVDyztAAoJEE36GRQQveO3nHcP/2Y2DsWyTZuYmbM8ErqQnvZX ri2v41cnLjvElBOaD7KIcLTCIzmSGJRnkOjFqO76nERAShSsVRW6oU3hNA64tHkQ LCR2Du96b5xOCiNPJTP2czznWc9bCBOpzzBwKtKIIqwsoBIIteWcs99cOz4iEzSg F1Vc62R/PhBDe8goR/oV0KibQq83PvnUbOfEbujT+jB89cj+WfHByEaBw4aHEo+Q 08iL6ifWXYUe7LqPNNAL3knqCLTh9kNLJf0Le8GI5cYpY0TBXxLmd+66T96u2L57 +PIe0qu2H6Ufj1IIPi1/H8L0OLPrPL82zuNTY2JGN+6ywZR2+24xtvL7bio6d6ex pu4VDi0QoABIeoMaOt17IRXH3b3v61GtLwfp5Y6vH+RoC8gjfLViW4FNzwO/JF2g q6ZlMyPoyHth80ajfxywDXBOAuzDmcCrPq90Icde5ipGxo9rQes0XR9QQh9LnxpL Q5ZdfQVDIafDDfGSQ5D/cBvy1UzP4fIa+mkoZvdW4rKlTD1fLrtpAp59rAu27X99 d6u1myOk8MJ0yTKT6EXXmlL9d8GJ86d7mRNj7WBhgjc5MUIohMHkWe5EGDWJ7agj n8hzDwvOlW4YbMSy4VBBjvA0Js2Pkey6W3CVjaMaQLxlpMAHSQ+WyeomusUNAsiR IdK7DqzJaaL1JtuONJlK =ji8H -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f2ced.8010...@longlandclan.yi.org
Changing of ifDescr of SNMP of Debian Jessie
Hi all! A few days ago I decided to migrate my own servers to Debian GNU/Linux Jessie. Having migrated my firewall, I started getting an error in the Nagios Manubulon plugin check_snmp_int.pl since it does not find the interface eth1. # ./check_snmp_int.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \ -X passwOrd1 -L md5,des -w 1500,295 -c 2500,400 \ -k -B --label -M -B --label -n eth1 ERROR : Unknown interface eth1 This was running smoothly prior to migration, although it now seems to have changed the description: # ./check_snmp_netint.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \ -X passwOrd1 -L md5,des -n -v Alarm at 10 + 5 SNMPv3 AuthPriv login : Us3r, md5, des Filter : OID : 1.3.6.1.2.1.2.2.1.2.2, Desc : Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter OID : 1.3.6.1.2.1.2.2.1.2.1, Desc : lo OID : 1.3.6.1.2.1.2.2.1.2.3, Desc : VIA Technologies, Inc. VT6102 [Rhine-II] OID : 1.3.6.1.2.1.2.2.1.2.4, Desc : tun0 Name : Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter, Index : 2 Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter:UP:(1 UP): OK | So I checked the equivalence between ifDescr and ifName: # snmpwalk -v 3 -u Us3r -l authPriv -a MD5 -A passw0rd0 \ -x DES -X passwOrd1 10.1.0.10 ifDescr IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter IF-MIB::ifDescr.3 = STRING: VIA Technologies, Inc. VT6102 [Rhine-II] IF-MIB::ifDescr.4 = STRING: tun0 # snmpwalk -v 3 -u Us3r -l authPriv -a MD5 -A passw0rd0 \ -x DES -X passwOrd1 10.1.0.10 ifName IF-MIB::ifName.1 = STRING: lo IF-MIB::ifName.2 = STRING: eth1 IF-MIB::ifName.3 = STRING: eth0 IF-MIB::ifName.4 = STRING: tun0 I could use something like this, but the output is extremely long: # ./check_snmp_netint.pl -H 10.1.0.10 -l Us3r -x passw0rd0 \ -X passwOrd1 -L md5,des -w 1500,295 -c 2500,400 -k -B --label -k \ -B --label -n Realtek.* Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter:UP (in=93.0Kbps/out=13.1Kbps):(1 UP): OK | It's a pity If it can not solve because quite a while I was using the check_snmp_int.pl plugin and was very happy with their results. But now in Debian Jessie I'm having this problem. It seems that something has changed in the SNMP service included in the new version of Debian since before (on Debian Wheezy) the description matched the ifName: # ./check_snmp_netint.pl -H srv01.freesoftware -C public -w 1500,295 -c 2500,400 -n -v Alarm at 10 + 5 SNMP v1 login Filter : OID : 1.3.6.1.2.1.2.2.1.2.2, Desc : eth0 OID : 1.3.6.1.2.1.2.2.1.2.1, Desc : lo Name : eth0, Index : 2 eth0:UP:(1 UP): OK | I think it is easier to identify interfaces such as eth0, eth1, etc, rather than by its manufacturer/model. Any suggestions to return to the original behavior? Thanks in advance. Best regards, Daniel -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f36e9.9060...@gmx.net
Re: samba casero en solo lectura
El sáb, 21-03-2015 a las 15:14 +, Camaleón escribió: El Fri, 20 Mar 2015 18:01:49 -0300, Gonzalo Rivero escribió: El mié, 18-03-2015 a las 16:19 +, Camaleón escribió: (...) De los registros y archivo de configuración que has enviado se deduce que los recursos compartidos (directorio /multimedia e impresora) están configurados para clientes invitados sin autentificar (guest) pero me ha parecido ver desde smbclient iniciabas sesión con el usuario sfish que no sé si tendrá los permisos adecuados de acceso. es que puse en nautilus smb://localhost, pero si pongo smb://sfish@localost/ es lo mismo: solo lectura Claro, porque el cliente guest es que está configurado para acceder a los recursos, los usuarios del sistema (como sfish) no tienen permisos de acceso definidos en el archivo de configuración de samba. Intenta identificarte en smblclient como guest para ver qué te dice, o en su defecto, configurar/mapear los usuarios windows como usuarios samba/ del sistema y configurando expresamente los permisos de acceso a los recursos para esos usuarios. Supongo que esta versión de samba se pusieron mas estrictos (y deb -changes no me dijo nada al respecto) y ahora debo agregar cosas como write users, valid users y tal No sé, me parece un cambio demasiado radical que además va contra el sentido común ya que existe mayor exposición dando permisos de escritura a los recursos ¿no crees? no. En realidad antes, cualquiera que esté en mi lan puede conectarse a mi smb con permisos de escritura (no tan así porque necesitaban entrar con un usuario y contraseña a su respectivo sistema). Ahora tuve que decirle que usuarios tienen permiso de escritura (con valid users y write list), y volvió a funcionar para la parte de archivos. Me resta ver que debo agregar a la impresora compartida para que puedan usarla -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1427025017.1737.6.ca...@gmail.com
Re: X11/Thinkpad T430: partially drops input from USB devices after resume
On Sat, Mar 21, 2015 at 01:05:58AM +, stefan.schwar...@gmx.net wrote: I am using my laptop (lenovo T430, debian testing) regularly in a docking station. The dock has a USB keyboard, USB mouse and monitor permanently attached. The laptops suspends from time to time, and _after_ resuming X11 or some other system component the input from USB mouse and keyboard to be dropped/ignored partially. Symptoms are that the cursor does not move with the mouse, however it will start moving again if I click any of the mouse buttons; or that the keyboard input is ignored until I hit some arbitrary keys very rapidly. The USB amnesia starts again if I leave the input device untouched for some seconds. The issue will not occur for newly connected devices or if I reconnect mouse/keyboard. The dock is not the issue as I can reproduce the phenomenon with a USB mouse directly connected to the laptop. I am looking for ways to correctly diagnose things to file a bug (against which package: xorg-input, kernel/driver, ...). I've had a similar problem with my T410, running sid. I was losing the first few keystrokes when I begin typing on a USB keyboard. I didn't connect it with sleeping. At the moment (typing on USB keyboard I plugged in to test) I don't see the problem. Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.8.3 (Debian 4.8.3-13) ) #1 SMP Debian 3.16.7-2 (2014-11-06) cheers, Joel dmesg shows on device attachment/boot, e.g. for a cordless USB mouse: [316267.291416] usb 3-1.2: new low-speed USB device number 7 using ehci-pci [316267.390581] usb 3-1.2: New USB device found, idVendor=046d, idProduct=c521 [316267.390588] usb 3-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [316267.390591] usb 3-1.2: Product: USB Receiver [316267.390593] usb 3-1.2: Manufacturer: Logitech [316267.397463] input: Logitech USB Receiver as /devices/pci:00/:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/0003:046D:C521.002D/input/input60 [316267.397850] hid-generic 0003:046D:C521.002D: input,hidraw0: USB HID v1.11 Mouse [Logitech USB Receiver] on usb-:00:1a.0-1.2/input0 [316267.405442] input: Logitech USB Receiver as /devices/pci:00/:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.1/0003:046D:C521.002E/input/input61 [316267.406232] hid-generic 0003:046D:C521.002E: input,hiddev0,hidraw1: USB HID v1.11 Device [Logitech USB Receiver] on usb-:00:1a.0-1.2/input1 on wakeup (all USB related messages) [316278.048335] xhci_hcd :00:14.0: System wakeup disabled by ACPI [316278.048401] ehci-pci :00:1a.0: System wakeup disabled by ACPI [316278.048465] ehci-pci :00:1d.0: System wakeup disabled by ACPI [316278.048543] PM: noirq resume of devices complete after 15.665 msecs ... [316278.428114] usb 3-1.1: reset full-speed USB device number 3 using ehci-pci [316278.592293] usb 3-1.6: reset high-speed USB device number 6 using ehci-pci lsusb (after resume) sts@nbof08:~$ lsusb Bus 004 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 006: ID 04f2:b2da Chicony Electronics Co., Ltd Bus 003 Device 005: ID 0a5c:21e6 Broadcom Corp. BCM20702 Bluetooth 4.0 [ThinkPad] Bus 003 Device 004: ID 147e:2020 Upek TouchChip Fingerprint Coprocessor (WBF advanced mode) Bus 003 Device 007: ID 046d:c521 Logitech, Inc. Cordless Mouse Receiver Bus 003 Device 003: ID 17ef:1003 Lenovo Integrated Smart Card Reader Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Xorg.0.log (info refering to device attachment, there is no info after resume: ... [316188.752] (II) config/udev: Adding input device Logitech USB Receiver (/dev/input/event14) [316188.752] (**) Logitech USB Receiver: Applying InputClass evdev pointer catchall [316188.752] (II) Using input driver 'evdev' for 'Logitech USB Receiver' [316188.752] (**) Logitech USB Receiver: always reports core events [316188.752] (**) evdev: Logitech USB Receiver: Device: /dev/input/event14 [316188.752] (--) evdev: Logitech USB Receiver: Vendor 0x46d Product 0xc521 [316188.752] (--) evdev: Logitech USB Receiver: Found 20 mouse buttons [316188.752] (--) evdev: Logitech USB Receiver: Found scroll wheel(s) [316188.752] (--) evdev: Logitech USB Receiver: Found relative axes [316188.752] (--) evdev: Logitech USB Receiver: Found x and y relative axes [316188.752] (II) evdev: Logitech USB Receiver: Configuring as mouse [316188.752] (II) evdev: Logitech USB Receiver: Adding scrollwheel support [316188.752] (**) evdev: Logitech USB Receiver: YAxisMapping: buttons 4 and 5 [316188.752] (**) evdev: Logitech USB Receiver: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200 [316188.752]
Re: Redirect HTTPS with Squid3+Squidguard
Bob Proulx b...@proulx.com wrote: Sven Hartge wrote: Michael I. wrote: Is there really no way to redirect https request to an errorpage with squid3+squidguard? Long answer: The only way is to setup a transparent proxy, intercepting any outbound connection and terminating the encryption on the proxy. You will need a fake CA certificate with which the proxy is able to create fake server certificates so the client still thinks it is connected to the real server. And here it gets a) dangerous and b) expensive. It is extremely bad, bad, bad, as well as dangerous. I haven't been following the news in great detail but read all about Komodia's recent news articles. Komodia's cracking tools are used in Superfish and Lenovo was in trouble for pre-installing Superfish. There are network policy/security appliances in the enterprise world, which implement a scanning proxy for HTTPS. They come with a either a wildcard certificate for * (signed by a valid CA!) or a fake CA certificate, which you install onto your computers to enable the appliance to function. This is of course very dangerous if you don't know what you are doing, but sometimes there are no other options (for example HIPAA, SOX, PCI, ...) if you have to absolutley control the flow and content of data. But then, if you are in the area where you need such MitM-Filter-SSL-breaking-proxies, then you already know of how to do it and when to do it. If you don't know how to do it and when to do it, chances are, you don't need it. Guessing from Michaels TLD, he is German. This means there are several other things to consider, based on the environment this is done in. If this is for a company or govermental agency, the Betriebsrat (works council) or the Personlrat and the local Datenschutzbeauftragter (data security official) has to be involved. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/kbfqc92ro...@mids.svenhartge.de
Re: sound vanished with a reboot?
On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric -- My father, Victor Moore (Vic) used to say: There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome. R.I.P. Dad. http://linuxcounter.net/user/44256.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550e5d60.6090...@gmail.com
Re: sound vanished with a reboot?
On Sunday 22 March 2015 06:12:48 Ric Moore wrote: On 03/21/2015 10:12 PM, Gene Heskett wrote: Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. KDE has it's own notion of sound. Good luck! :0 Ric Gene is using TDE now. You don't mention it, Gene, but what about pulseaudio itself? And is your sound card OK? Perhaps run a live CD to check? Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503220641.54944.lisi.re...@gmail.com
Re: Cool things to do with server
Stuart Longland wrote: Joris Bolsens wrote: Mail server, I thought about this, but from what i understand, mail servers are notoriously difficult to secure properly. Not really. They are notoriously infamous when people don't secure them. But securing them is quite easy. If you install a Debian packaged one then they will be secure by default. Just don't break it after that point. :-) The only issue you might hit is port 25/tcp being blocked by your ISP. You may have to relay outbound email via their SMTP server. That really only happens on home dynamic address networks on home cable modems and that type of thing. In that case most do block outgoing port 25 as an anti-virus-spam mitigation. I think those should be the default. I always block outgoing port 25 on any business system I set up for the exactly the same reason. Even if they weren't blocked I don't know anyone of my peers that allow receiving email from an address in the dynamic IP ranges of home cable modems. The only mail from them is spam from virus infected PCs. Therefore even if they didn't block port 25 you would have problems running a mail server from your home network because no one else would receive email from you. In order to be a mail server you really, really, really need a static IP address with a clean reputation. Blocking outbound 25 doesn't affect users these days. Almost everyone except for us geeks are using a web browser for their email interface these days. A much smaller set use imap. (I hate using the web browser for email. I still use a real mail user client. I expect this to continue.) But if you rent a VM or collocated server from a hosting provider then you will be getting a static IP address. You will have a first class entrance to the network. You can then send mail without having port 25 blocked. A reputable hosting service will not support spammers and the reputation on your IP will be clean. Bob signature.asc Description: Digital signature
Re: [BUG]Shellshock
On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos e 46 não atualizados. É preciso baixar 172 MB de arquivos. Depois desta operação, 51,9 MB de espaço em disco serão liberados. Posso e devo atualizar sem medo? com esse sources.list desse jeito, você provavemente vai ter muitos problemas. Não se mistura repositórios de sistemas diferentes. -- Antonio Terceiro terce...@debian.org signature.asc Description: Digital signature
Re: NetInstaller Wheezy (7.8) on ASUS M4A78A-M/CSM does not see SATA HDDs
Hi, the issue has been resolved by downloading most recent netboot files from next location http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/debian-installer/amd64/ Andy On 3/22/2015 2:32 PM, Snow Leopard wrote: Hi, I am attempting to netinstall Wheezy (7.8) on a computer with ASUS M4A785-M/CSM mainboard (BIOS was updated to most recent version 2302 2011/03/18) and WD 2TB SATA HDD. Netnstaller requires network driver (rtl_nic) which I provided on USB drive and the installer gained network access. But netinstaller does not see SATA HDDs (tried SATA in both IDE / AHCI BIOS mode settings -- HDD WD20). Please nudge me in right direction what should be done on my part to make netinstaller to be able see SATA hard drives. Thank you in advance Andy lspci (IDE mode) --- 00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge 00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx) 00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 5) 00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [IDE mode] 00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 3c) 00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 IDE Controller 00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia (Intel HDA) 00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller 00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge 00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI2 Controller 00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Miscellaneous Control 00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Link Control 01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI RS880 [Radeon HD 4200] 01:05.1 Audio device: Advanced Micro Devices [AMD] nee ATI RS880 HDMI Audio [Radeon HD 4200 Series] 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03) 03:06.0 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 Controller (rev 61) 03:06.1 USB controller: VIA Technologies, Inc. VT82x UHCI USB 1.1 Controller (rev 61) 03:06.2 USB controller: VIA Technologies, Inc. USB 2.0 (rev 63) 03:06.3 FireWire (IEEE 1394): VIA Technologies, Inc. VT6306/7/8 [Fire II(M)] IEEE 1394 OHCI Controller (rev 46) ouput lspci (AHCI mode) -- 00:00.0 Host bridge: Advanced Micro Devices [AMD] RS880 Host Bridge 00:01.0 PCI bridge: ASUSTeK Computer Inc. RS880 PCI to PCI bridge (int gfx) 00:0a.0 PCI bridge: Advanced Micro Devices [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 5) 00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] 00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0 USB OHCI1 Controller 00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 3c) 00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 IDE Controller 00:14.2 Audio device: Advanced Micro Devices [AMD] nee ATI SBx00 Azalia (Intel HDA) 00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller 00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge
Re: [BUG]Shellshock
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sir, É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres.. Percebi que as linhas estavam duplicadas e tirei. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade. Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS. Este é o sources.list atual: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS # deb http://http.debian.net/debian/ squeeze-lts main # deb-src http://http.debian.net/debian/ squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr On 22-03-2015 19:26, Antonio Terceiro wrote: On Sun, Mar 22, 2015 at 01:04:40PM -0300, Thiago Zoroastro wrote: Obrigado ao Antonio Terceiro por lembrar que o Debian LTS existe. Estou com gNewSense e com algumas dúvidas Coloquei no terminal: root@root# env x='() { :;}; echo vulneravel' bash -c 'true' vulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'false' unvulneravel root@root# env x='() { :;}; echo unvulneravel' bash -c 'true' unvulneravel Coloquei as linhas do Debian LTS sem contrib e non-free. Sources.list: deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main deb http://ftp.de.debian.org/debian squeeze main ## LTS deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main deb http://http.debian.net/debian/ squeeze main deb-src http://http.debian.net/debian/ squeeze main deb http://http.debian.net/debian squeeze-lts main deb-src http://http.debian.net/debian squeeze-lts main # LTS # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # deb cdrom:[gNewSense 3.0 _Parkes_ - Official i386 LIVE/INSTALL Binary 20140205-19:57]/ parkes main # Line commented out by installer because it failed to verify: deb http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # Line commented out by installer because it failed to verify: deb-src http://archive.gnewsense.org/gnewsense-three/gnewsense parkes-security main # parkes-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ parkes-updates main deb-src http://ftp.debian.org/debian/ parkes-updates main deb http://backports.debian.org/debian-backports squeeze-backports main deb http://mozilla.debian.net/ squeeze-backports iceweasel-esr deb http://mozilla.debian.net/ squeeze-backports icedove-esr # deb http://debian.net/debian experimental main # deb http://mozilla.debian.net/ experimental iceweasel-beta Então faço apt-get update e apt-get upgrade e ele me oferece 164 pacotes atualizados, 0 pacotes novos instalados, 0 a serem removidos
Re: [BUG]Shellshock
On Sun, Mar 22, 2015 at 09:23:34PM -0300, Thiago Zoroastro wrote: Sir, É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres.. Percebi que as linhas estavam duplicadas e tirei. O problema não é ter linhas duplicadas, isso só faz seu `apt-get update` ficar mais lento, mas não vai causar problemas. O problema é misturar pacotes de distribuições diferentes. *Muitas* coisas podem ser diferentes entre os sistemas, e eventualmente você *vai* ter problemas. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade. Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS. Eu acho muito difícil que o gNewSense não tenha atualizações de segurança dele próprio. Se realmente não tiver, você deveria procurar outro sistema, ou procurar ajuda sobre o gNewSense numa lista do gNewSense. -- Antonio Terceiro terce...@debian.org signature.asc Description: Digital signature
Fwd: Re: [gNewSense-users] Shellshock
Encontrei a mensagem e respondi-o dizendo o que fazer. Original Message Subject:Re: [gNewSense-users] Shellshock Date: Sun, 22 Mar 2015 22:07:14 -0300 From: Thiago Zoroastro thiago.zoroas...@bol.com.br To: gnewsense-us...@nongnu.org You must to add the lines in the sources.list deb http://http.debian.net/debian/ squeeze-lts main deb-src http://http.debian.net/debian/ squeeze-lts main Do # apt-get update Install new bash # apt-get install bash Comment the Debian-LTS lines with '#' in the sources.list list to avoid other upgrades. Ok. Have nice days. On 27-09-2014 05:15, Keith Ball wrote: What, if anything, should I do about shellshock? I mostly use the gNewSense GUI. I'm not yet confident to install the patches from gnu.org though I guess I'll manage if I have to. I've played about a bit with bash and then didn't bother with it as the manual is very long and I think I read (maybe even in the manual) that there are better ways of doing the same things as bash does. But what about calls to bash that I'm not aware of? Am I using bash all the time without knowing it? Is there a plan or need to make a gNewSense -specific patch? Is everyone involved with gNewSense rushing around frantically trying to fix things or is this just a storm in a teacup? Thanks Keith ___ gNewSense-users mailing list gnewsense-us...@nongnu.org https://lists.nongnu.org/mailman/listinfo/gnewsense-users ___ gNewSense-users mailing list gnewsense-us...@nongnu.org https://lists.nongnu.org/mailman/listinfo/gnewsense-users
Re: [BUG]Shellshock
Aviso: (...) "The mail server responded: 4.7.1 deb... Não foi possível enviar pelo Icedove. Em meus computadores eu faço testes. No momento estou usando um Kaiana beta em dois notebooks (pessoal e um somente de testes). Já tive experiências falhas com pacotes, estou habituado a instalar o que for que eu preciso usar.Adicionei as linhas do Debian-LTS no gNewSense e pelo jeito arrumou/corrigiu.Porque comandos que ele passouenv x='() { :;}; echo vulneravel' bash -c 'false'não retorna mais nenhuma mensagem, nem com 'unvelneravel' nem com 'true' nem de forma alguma. Thiago Zoroastro www.participa.br/thiagozoroastro www.blogoosfero.cc/thiagozoroastro De: terce...@debian.orgEnviada: Domingo, 22 de Março de 2015 22:22Para: debian-user-portuguese@lists.debian.orgAssunto: [BUG]ShellshockOn Sun, Mar 22, 2015 at 09:23:34PM -0300, Thiago Zoroastro wrote: Sir, É claro que bugaria. Às vezes coloco algumas linhas diferentes da família Debian e coloco # apt-get upgrade para ver quais pacotes precisariam ser atualizados. Na maioria das vezes nem é possível ou não faço. Como neste que uso é gNewSense, tomo cuidado para instalar apenas livres.. Percebi que as linhas estavam duplicadas e tirei.O problema não é ter linhas duplicadas, isso só faz seu `apt-get update`ficar mais lento, mas não vai causar problemas. O problema é misturarpacotes de distribuições diferentes. *Muitas* coisas podem serdiferentes entre os sistemas, e eventualmente você *vai* ter problemas. Fiz o # apt-get update apenas para instalar o bash não vulnerável. Mas fiquei com vontade de ter feito os comandos do https://shelshocker.net ANTES de ter atualizado, para ver se apontaria a vulnerabilidade. Jamais seria possível atualizar todos aqueles pacotes. No momento julgo que a mensagem foi até desnecessária, tenho tentado falar menos. Porque falar menos tem menos chance equivocar-me. Tanto é que assisto todas aquelas listas. É possível atualizar SOMENTE o bash e depois comentar a linha do Debian-LTS.Eu acho muito difícil que o gNewSense não tenha atualizações desegurança dele próprio. Se realmente não tiver, você deveria procuraroutro sistema, ou procurar ajuda sobre o gNewSense numa lista dogNewSense.-- Antonio Terceiro terce...@debian.org -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f7289579ec_646f15b2515293ec45...@a4-winter1.mail
Re: Cool things to do with server
On 23/03/15 07:42, Joe wrote: The only issue you might hit is port 25/tcp being blocked by your ISP. You may have to relay outbound email via their SMTP server. I think that's quite rare, as I still get vast amounts of malware from domestic connections. What is more likely is that outgoing mail will not be accepted by many people for a variety of perfectly good spam-reducing reasons. Not as rare as one would like, as it happens. Telstra 3G connections are one example where port 25 is firewalled off. Yes, it'll connect, but it'll be one of Telstra's servers, not yours, that you connect to. I found this out the hard way when I couldn't figure out why my father had trouble getting into his email when he was accessing it via 3G. The solution was authenticated STARTTLS SMTP on another port. Many ISPs don't care if their IP address blocks are on email blacklists, and won't make any attempt to have them removed. Many will not provide means of setting a proper PTR record for the IP address. In some parts of the world, it's difficult and/or expensive to obtain a fixed IP address, and while some kind of job can be done using a dynamic address, it's not ideal and almost certainly the address pool will be blacklisted, requiring the use of an outgoing smarthost. Indeed, you would think they wouldn't want the bad publicity of being blacklisted for spam. The don't care attitude that's seemingly so universal is saddening, but that's a discussion for another list. Absolutely though to run a mail server effectively, a static IP address is really a must, although you can get by with dynamic. The only real show stopper is carrier grade NAT, then the whole exercise becomes rather pointless unless you only read your mail on your own private LAN. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550f3c5e.1040...@longlandclan.yi.org
Debian wheezy on Dell 7535
Hello...I wanted to know if anyone has been able to use Debian wheezy on the laptop Dell 7535. I have been able to install Debian on the laptop successfully...however I got some issues after installation: - No Sound - Can't control screen brightness - No Wifi..i have already followed the steps on ( https://wiki.debian.org/WiFi) and tried several drivers but it still does not detect any wifi connection. Please help..I really want to use Debian on my laptop.. Thank You