Re: ssh

[Alan Taylor]

Success … sort of.

Removing "BatchMode yes” from the backuppc users .ssh/config file fixed 
everything EXCEPT
the backuppc user still could not ssh out from the backup computer (sirius) to 
other computers.
However, the error message was now a lot clearer (complaining that login not 
allowed because the account was locked).
All of the client computers have a backuppc user with the shell set to 
/bin/false (the recommended procedure) as there is no shell login required on 
these computers.
However, changing this to /bin/bash solved the problem … backuppc user can now 
ssh from the backup computer (sirius) to others.

Any ideas as to what may be causing this last issue ?

PS UsePam is set to yes

BRgds/Alan

Re: Paypal and Linux in a low graphics environment.

[Karen Lewellen]

may i ask, based on the post I wrote starting this thread, what gives you 
the impression that Firefox runs in a strict shell environment?
specifically, as referenced in later posts, the shell environment provided 
to   shellworld.net customers?

Karen



On Thu, 15 Nov 2018, Doug wrote:



On 11/15/2018 12:48 AM, john doe wrote:

 On 11/14/2018 10:06 PM, Karen Lewellen wrote:
>  You have used paypal with this tool?
>  before I ask the shellworld.net administrator to consider the  option, I
>  wish to  know it works.
>  for the record shellworld uses Ubuntu.
>  Jude, if you are following this thread, could the program run here?
>  Karen
>
 Given the constrain(s) you're facing, I would look at virtualisation.
 Fire up a vm with a desktop environment and start from there.

I am probably not understanding the problem. I use the PaleMoon browser in 
PCLOS, and I use PayPal all the time. (PaleMoon is a spinoff from an older 
Firefox that doesn't get modified every few weeks.)


Are you saying that you can't use PayPal with your browser, or what? Does it 
say why not? I'm sure you must have Firefox, so have you tried it?


--doug

Re: Paypal and Linux in a low graphics environment.

[john doe]

On 11/15/2018 6:57 AM, Doug wrote:
> 
> On 11/15/2018 12:48 AM, john doe wrote:
>> On 11/14/2018 10:06 PM, Karen Lewellen wrote:
>>> You have used paypal with this tool?
>>> before I ask the shellworld.net administrator to consider the  option, I
>>> wish to  know it works.
>>> for the record shellworld uses Ubuntu.
>>> Jude, if you are following this thread, could the program run here?
>>> Karen
>>>
>> Given the constrain(s) you're facing, I would look at virtualisation.
>> Fire up a vm with a desktop environment and start from there.
>>
> I am probably not understanding the problem. I use the PaleMoon browser
> in PCLOS, and I use PayPal all the time. (PaleMoon is a spinoff from an
> older Firefox that doesn't get modified every few weeks.)
> 
> Are you saying that you can't use PayPal with your browser, or what?
> Does it say why not? I'm sure you must have Firefox, so have you tried it?
> 

Apparently, the OP doesn't have a DE at her disposal.

-- 
John Doe

Re: Paypal and Linux in a low graphics environment.

[Doug]

On 11/15/2018 12:48 AM, john doe wrote:

On 11/14/2018 10:06 PM, Karen Lewellen wrote:

You have used paypal with this tool?
before I ask the shellworld.net administrator to consider the  option, I
wish to  know it works.
for the record shellworld uses Ubuntu.
Jude, if you are following this thread, could the program run here?
Karen


Given the constrain(s) you're facing, I would look at virtualisation.
Fire up a vm with a desktop environment and start from there.

I am probably not understanding the problem. I use the PaleMoon browser 
in PCLOS, and I use PayPal all the time. (PaleMoon is a spinoff from an 
older Firefox that doesn't get modified every few weeks.)


Are you saying that you can't use PayPal with your browser, or what? 
Does it say why not? I'm sure you must have Firefox, so have you tried it?


--doug

Re: Paypal and Linux in a low graphics environment.

[john doe]

On 11/14/2018 10:06 PM, Karen Lewellen wrote:
> You have used paypal with this tool?
> before I ask the shellworld.net administrator to consider the  option, I
> wish to  know it works.
> for the record shellworld uses Ubuntu.
> Jude, if you are following this thread, could the program run here?
> Karen
> 

Given the constrain(s) you're facing, I would look at virtualisation.
Fire up a vm with a desktop environment and start from there.

-- 
John Doe

Re: how to backup to an encrypted usb drive?

[Reco]

Hi.

On Thu, Nov 15, 2018 at 01:12:35PM +1300, Richard Hector wrote:
> On 15/11/18 7:26 AM, Reco wrote:
> >> but leaves you open to cryptolocker ransomware & various 'oh shit!'
> >> moments when I do something stupid.  Offline & offsite is worth a
> >> certain amount of inconvenience to me.
> > Nope. Because:
> > 
> > a) You do not do backups as a regular user.
> > b) You do not keep a single backup.
> 
> How do you prevent access to the older backups? A cron job updating
> /etc/exports on the server?

You meant "how do I prevent users' access to backups"?
Filesystem permissions on NFS server solve it for me.
Ordinary user has no business both reading or $DEITY forbid, writing to
backups.

Or you meant "how do I prevent a backup user from overwriting old
backups"?
An incron script that moves completed (as in "file closed") backup to a
different directory.

Reco

Re: how to backup to an encrypted usb drive?

[Reco]

Hi.

On Wed, Nov 14, 2018 at 05:03:53PM -0500, Lee wrote:
> > b) You do not keep a single backup.
> >
> > Besides, avoiding all those cryptolockers is easy. You just need to
> > learn to distinguish a trusted software from the untrusted. A trusted
> > software comes to you with your OS (in this case - Debian main archive).
> > An untrusted software comes from elsewhere. Keep to a trusted software
> > and you'll be fine.
> 
> Most probably.  But I think using Firefox comes with a certain amount
> of risk - probably not all that much on debian but still a risk; as
> does having an all-the-time online backup.

Using any browser comes with the same amount of risk, in fact.
But if the regular user cannot overwrite the backups - there's little
harm in that.


> > Avoiding human mistakes is impossible indeed, hence the backups. And
> > filesystem snapshots, but that's a different matter.
> >
> >
> >> > And, I'm strong believer of 'machine works, human thinks' principle.
> >> > Automating backups to NFS (and replicating them from there) is simple.
> >> > Automating backup to USB drive - that's something that cannot be done
> >> > without human intervention.
> >> >
> >> >> In other words, what am I missing?
> >
> > A good backup is run by cron. A bad backup is run manually.
> > Simple as that.
> 
> How do you check that your cron backups worked?  Which is assuming you
> do check :)
> The manual backups I do are fast enough that I can watch and see that
> nothing went wrong.

Cron can and will send a e-mail to a pre-determined address, if a batch
job writes something to stdout/stderr.
So then you do a backup, you have two choices:

a) Log all and everything, and get your e-mail every day.
b) Log errors only and get your e-mail only if something goes wrong.

I prefer the latter, but YMMV.

Reco

Re: how to backup to an encrypted usb drive?

[David Christensen]

On 11/14/18 7:01 AM, Lee wrote:
What are you using to backup your files 


I use tar(1), gzip(1), rsync(1), find(1), mv(1), ccrypt(1), md5sum(1), 
sha256sum(1), touch(1), and xorriso(1), for backups and archives.



I use dd(1) for images.


I have automated many chores with bash(1) and perl(1) scripts.



to an encrypted usb drive?


I use cryptsetup(8) to encrypt my drives and partitions.



This is my first try at moving off windows, so it'd be best to assume
I know almost nothing about linux admin stuff.


Get a desktop computer that you can dedicate to Linux.  (Installing and 
running Linux on a laptop is harder.)  Do the simplest installation you 
can per the Debian Installation Guide:


https://www.debian.org/releases/stable/installmanual


Type copious notes into a text file on the Windows computer and take 
photographs of screens as you go.



Get "Learning the Unix Operating System":

http://shop.oreilly.com/product/9780596002619.do


Find other Linux people to meet with -- Linux user groups, computer 
clubs, friends, whatever.



When you are ready, get "UNIX and Linux System Administration Handbook":

https://admin.com/



What I've been using on windows is truecrypt to encrypt the drive and
1) unison + gui frontend to do a quick backup of selected files & 2) a
bat file that calls xcopy to copy files with the archive flag set to
YYMMDD/ on an encrypted drive (ie. an incremental backup; I do a full backup 
every few months)


Windows Backup & Restore is the canonical tool for backing up and 
restoring Windows machines.  However, I do not encrypt the backup drive, 
as I have not researched how to encrypt the backup drive in such a way 
that it can be used in most or all recovery scenarios.



David

Re: Paypal and Linux in a low graphics environment.

[Stefan Monnier]

> Well, I did specify in the subject line, low graphics environment.  when
> I checked  the link provided for browsh, and it referenced Firefox, I could
> not  understand why it was suggested.

Because browsh renders its output in a text terminal (it uses Firefox
internally only).  It's the only text-mode web browser I know which
stands a chance to work on sites like Paypal, I think, because it uses
a standard web engine, with full HTML5 support.

But that doesn't mean that it does work, indeed, hence the phrasing of
my previous message as a question.


Stefan

Re: Lire ses logs rapidement de façon efficace

[G2PC]

J'ai créé la page suivante en français sur le wiki de Debian.
Si quelqu'un pouvait faire une relecture technique pour vérifier
quelques lignes, des mots anglais a passer en français :

https://wiki.debian.org/fr/Rsyslog

J'ai ajouté un lien vers mon wiki, vers la synthèse que j'ai avancée sur
Rsyslog.
https://www.visionduweb.eu/wiki/index.php?title=Gestion_des_logs#Rsyslog_et_Loganalyzer

J'ai créé le menu sur la page en anglais, en italien, et, en français.
La page française doit être relue et corrigée des mots anglais que j'ai
laissé.

Merci.

Re: Audacity 2.2.2 + Pulseaudio in Debian Sid

[Nate Bargmann]

Well, I started down the dependency chain and rolling back libasound2 is
resulting in a deep and dark hole.  I think I shall stop while I only
have one non-working package.

It crossed my mind to try and rebuild the audacity package which, in all
my years of using Debian I've never tried before.  So I follow the nice
tutorial at:

 https://wiki.debian.org/BuildingTutorial

and eventually land on this error:

$ sudo apt-get build-dep audacity
Reading package lists... Done
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 builddeps:audacity : Depends: libjack-dev
  Depends: portaudio19-dev (>= 19+svn20101113-3~) but it is 
not going to be installed
E: Unable to correct problems, you have held broken packages.


In aptitude I see that portaudio19-dev is at version 19.6.0-1.
Apparently, the tool cannot parse this out as the audacity
debian/control file specifies >= 19+svn20101113-3~.

Right now the situation appears intractable.  My only other option is to
reboot into the Slackware partition and try audacity there.  In the mean
time I hope that the maintainers can correct the issue.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB


signature.asc
Description: PGP signature

Re: Paypal and Linux in a low graphics environment.

[Karen Lewellen]

Well, I did specify in the subject line, low graphics environment.  when I 
checked  the link provided for browsh, and it referenced Firefox, I could 
not  understand why it was suggested.

Your test support that it was not an appropriate solution.
It is unfortunate that paypal tech support has  such limited understanding 
of Linux in general, the e-links browser  especially seems to enrage them.

Thanks for checking,
Kare



On Wed, 14 Nov 2018, Jude DaShiell wrote:


Unfortunately browsh isn't ready for prime time anywhere for screen
reader users.

I did try using the program and after installation the program opened
its home page and didn't respond to any keyboard commands attempted.  I
used it in a command line environment and in order for the program to
respond to keyboard commands it has to be running in a graphical user
environment.

On Wed, 14 Nov 2018, Karen Lewellen wrote:


Date: Wed, 14 Nov 2018 16:06:59
From: Karen Lewellen 
To: Stefan Monnier 
Cc: debian-user@lists.debian.org
Subject: Re: Paypal and Linux in a low graphics environment.
Resent-Date: Wed, 14 Nov 2018 21:07:48 + (UTC)
Resent-From: debian-user@lists.debian.org

You have used paypal with this tool?
before I ask the shellworld.net administrator to consider the  option, I wish
to  know it works.
for the record shellworld uses Ubuntu.
Jude, if you are following this thread, could the program run here?
Karen



On Wed, 14 Nov 2018, Stefan Monnier wrote:


More for those using tools like links then tools like Firefox, because
I only have access to Linux via a shell.
Is there an alternative door to paypal, or a paypal alternative?


Tried browsh (https://www.brow.sh/)?


   Stefan








--

Re: how to backup to an encrypted usb drive?

[Richard Hector]

On 15/11/18 7:26 AM, Reco wrote:
>> but leaves you open to cryptolocker ransomware & various 'oh shit!'
>> moments when I do something stupid.  Offline & offsite is worth a
>> certain amount of inconvenience to me.
> Nope. Because:
> 
> a) You do not do backups as a regular user.
> b) You do not keep a single backup.

How do you prevent access to the older backups? A cron job updating
/etc/exports on the server?

Richard



signature.asc
Description: OpenPGP digital signature

Re: Password policy.

[Richard Hector]

On 15/11/18 4:51 AM, Brian wrote:
>> How about:
>>
>> 3. They had physical access to the drive in question (or any backup) and
>> that data wasn't encrypted (LUKS for example).
>> [boot machine with live boot USB, mount root file system and steal the
>> file, remove live boot USB, allow machine to startup normally]
> You know what is said about physical access? This is 1. in disguise.

Mistakes happen. Scenarios fail to occur to people.

Go for defence in depth.

Richard



signature.asc
Description: OpenPGP digital signature

Re: Paypal and Linux in a low graphics environment.

[deloptes]

Jude DaShiell wrote:

> Unfortunately browsh isn't ready for prime time anywhere for screen
> reader users.
> 
> I did try using the program and after installation the program opened
> its home page and didn't respond to any keyboard commands attempted.  I
> used it in a command line environment and in order for the program to
> respond to keyboard commands it has to be running in a graphical user
> environment.

your question should be if there is some command line tool implementing some
of the modern web engines. The engines are not much, but I have not heard
of a CLI tool to utilize the engines. If you find something let us know
please.

regards

Re: Paypal and Linux in a low graphics environment.

[Jude DaShiell]

Unfortunately browsh isn't ready for prime time anywhere for screen
reader users.

I did try using the program and after installation the program opened
its home page and didn't respond to any keyboard commands attempted.  I
used it in a command line environment and in order for the program to
respond to keyboard commands it has to be running in a graphical user
environment.

On Wed, 14 Nov 2018, Karen Lewellen wrote:

> Date: Wed, 14 Nov 2018 16:06:59
> From: Karen Lewellen 
> To: Stefan Monnier 
> Cc: debian-user@lists.debian.org
> Subject: Re: Paypal and Linux in a low graphics environment.
> Resent-Date: Wed, 14 Nov 2018 21:07:48 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
> You have used paypal with this tool?
> before I ask the shellworld.net administrator to consider the  option, I wish
> to  know it works.
> for the record shellworld uses Ubuntu.
> Jude, if you are following this thread, could the program run here?
> Karen
>
>
>
> On Wed, 14 Nov 2018, Stefan Monnier wrote:
>
> >> More for those using tools like links then tools like Firefox, because
> >> I only have access to Linux via a shell.
> >> Is there an alternative door to paypal, or a paypal alternative?
> >
> > Tried browsh (https://www.brow.sh/)?
> >
> >
> >Stefan
> >
> >
>
>
>

-- 

Re: configuración de permisos predeterminados (umask) para nuevos usuarios.

[Fran Torres]

Buenas,

NO, no he querido usar owncloud, pues más o menos quise basarme en lo
que hemos estudiado en clase y owncloud a parte que no lo hemos tocado
(y dudo que lo hagamos), no es accesible.

Fran.

El 14/11/18, Galvatorix Torixgalva  escribió:
> Hola,
>
> una cosilla... has pensado en usar owncloud?. Puede que te sirva.
>
> P. D: juro que se me acaba de ocurrir hace 5 minutos
>
> Saludos
>

Re: how to backup to an encrypted usb drive?

[Lee]

> On Wed, Nov 14, 2018 at 12:52:57PM -0500, Lee wrote:
>> On 11/14/18, Reco  wrote:
  <.. snip ..>
>> > If you're content with losing all this metadata in your backup - there
>> > are rsync, cpio or tar. Or all those 'backup solutions' based on those.
>>
>> Do I need all that metadata?  This is for me at home so it's pretty
>> much a single user machine.
>
> That's for you to decide. I'd say you definitely need it for the backups
> of / and /var and can *probably* skip it for /home, but YMMV.
>
>
>> >> > For the encryption of this hypothetical drive (I don't use USB
>> >> > drives
>> >> > for these purposes) - luks only.
>> >>
>> >> Why don't you like USB drives for these purposes?
>> >
>> > Because backing up something to NFS share is easier.
>>
>> but leaves you open to cryptolocker ransomware & various 'oh shit!'
>> moments when I do something stupid.  Offline & offsite is worth a
>> certain amount of inconvenience to me.
>
> Nope. Because:
>
> a) You do not do backups as a regular user.

On windows I certainly do.  But if I need all the file metadata as
well as the files.. yeah, probably not & I'm going to have to rethink
my whole backup process.

> b) You do not keep a single backup.
>
> Besides, avoiding all those cryptolockers is easy. You just need to
> learn to distinguish a trusted software from the untrusted. A trusted
> software comes to you with your OS (in this case - Debian main archive).
> An untrusted software comes from elsewhere. Keep to a trusted software
> and you'll be fine.

Most probably.  But I think using Firefox comes with a certain amount
of risk - probably not all that much on debian but still a risk; as
does having an all-the-time online backup.

> Avoiding human mistakes is impossible indeed, hence the backups. And
> filesystem snapshots, but that's a different matter.
>
>
>> > And, I'm strong believer of 'machine works, human thinks' principle.
>> > Automating backups to NFS (and replicating them from there) is simple.
>> > Automating backup to USB drive - that's something that cannot be done
>> > without human intervention.
>> >
>> >> In other words, what am I missing?
>
> A good backup is run by cron. A bad backup is run manually.
> Simple as that.

How do you check that your cron backups worked?  Which is assuming you
do check :)
The manual backups I do are fast enough that I can watch and see that
nothing went wrong.

>> > Encrypted backups have their purpose, of course. For storing backups
>> > offsite (whenever it's physical or cloud) encryption is invaluable.
>> >
>> > But, the encryption is only as secure as the management of the
>> > encryption key, and the only relatively secure example of that I can
>> > come up with is gpg. And utilizing gpg for unattended backups is
>> > painful
>> > to say the least.
>>
>> Which is why I liked truecrypt.  Is luks roughly equivalent for
>> encrypting the whole drive?
>
> No, it's better. More encryption algorithms, definitely more code audit
> *and* virtually zero 'became superuser' vulnerabilities.

OK - good to know!

Thanks,
Lee

Re: Paypal and Linux in a low graphics environment.

[Karen Lewellen]

You have used paypal with this tool?
before I ask the shellworld.net administrator to consider the  option, I 
wish to  know it works.

for the record shellworld uses Ubuntu.
Jude, if you are following this thread, could the program run here?
Karen



On Wed, 14 Nov 2018, Stefan Monnier wrote:


More for those using tools like links then tools like Firefox, because
I only have access to Linux via a shell.
Is there an alternative door to paypal, or a paypal alternative?


Tried browsh (https://www.brow.sh/)?


   Stefan

Re: Paypal and Linux in a low graphics environment.

[Stefan Monnier]

> More for those using tools like links then tools like Firefox, because
> I only have access to Linux via a shell.
> Is there an alternative door to paypal, or a paypal alternative?

Tried browsh (https://www.brow.sh/)?


Stefan

Re: smbclient - mount

[G2PC]

>
>> il est possible d’établir une connexion signé et crypté (AES-128-CCM)
>
> signée et chiffrée


J'ai noté ça :

mount -t cifs //127.0.0.1/dossier_en_partage /media/dossier_en_partage_au_choix 
-o username=zero

Source : 
https://www.visionduweb.eu/wiki/index.php?title=Mettre_en_place_un_réseau_local_avec_GNU_Linux

Re: Password policy.

[Brian]

On Thu 15 Nov 2018 at 03:41:42 +1100, Andrew McGlashan wrote:

> 
> 
> On 15/11/18 2:51 am, Brian wrote:
> > And what is the value to an attacker in having /etc/shadow, assuming it
> > can be decrypted in a sensible time frame? Remotely logging in? Surely
> > not in these days of ssh keys?
> 
> Well re-use of passwords.
> 
> We all know that if you have a username (often times an email address)
> and the password used for that username, then there are too many places
> where that same credentials might be re-used elsewhere.

True, that is a possibility. But unless the attack is against a known
user whose habits are also known or that can be guessed, knowing the
password isn't dreadfully useful in itself.

-- 
Brian.

Re: Paypal and Linux in a low graphics environment.

[deloptes]

Joe wrote:

> That doesn't mean they allow their customers to use it.
> 
> Think about it, the minimum wage call-centre people work from scripts.
> That's workable with Windows, of which there are only two
> near-identical versions supported by Microsoft. I don't know OSX, but
> I'd think pretty much the same was true by now.
> 
> Now, how many Linux desktops are there? How many have moveable and
> customisable panels? How are you going to deal with that over the phone
> from a script? That's not even thinking about the command line, and
> which underlying distribution has which tools as 'standard'.

Exactly first of all linux desktop does not have significant market share to 
spent time on testing.
You have to prove your product is working in specific environment, so you
pick up perhaps Windows, Apple (iOS) and Android with respective versions
because these are the desktops having most of the market share. Then you
pick up some browsers: Firefox, IE, Chrome, Safary and particularly the
versions. and then finally you can perform the tests and prove the system
is working for this OS version and that browser, so forget this linux and
low graphics etc. You'll never achieve something, cause PayPal and similar
are mainly after the money. They will not spent a dime to make you happy.
In the world of HTML5 you are expected to have a decent browser with HTML4
or HTML5 and javascript support at least.

regards

Economia de dados móveis em netbook

[China]

Tenho um netbook com Debian stable. Uma das coisas que me incomodou foi o
consumo de dados móveis com atividades em segundo plano, tanto do sistema
(apt buscando atualizações, por exemplo) quanto de alguns softwares como
Firefox no carregamento de páginas.

Existe algum guia pra configurar o sistema pra detectar que está em uma
rede móvel (pelo usb modem) e ativar um modo de economia de dados,
desligando serviços de rede em segundo plano? Dicas de como configurar o
Firefox ou outro navegador pra economizar dados na montagem de páginas
também são bem vindas.

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, Michael Wagner  wrote:
> On Nov 14, 2018 at 12:18:47, Lee wrote:
>> On 11/14/18, Jonathan Dowland  wrote:
>>
>> > I'd recommend
>> > taking a look at rsync for performing the copy.
>>
>> I've used rsync at work.  It was fast & good enuf for keeping my files
>> on different machines consistent but I never figured out how to sync
>> everything except   eg. backing up
>> ~/.cache seems like a waste of time & disk space.
>
> Hello Lee,
>
> look at the options --exclude and --exclude-from in the manpage. It's
> easy to exclude files or directories with rsync.

Maybe I was half-blind the morning I did the man rsync.  Or maybe it
was not bothering to ask anyone & muddling through as best I could,
but clearly I need to take another look at rsync.

Thanks
Lee

Re: configuración de permisos predeterminados (umask) para nuevos usuarios.

[Galvatorix Torixgalva]

Hola,

una cosilla... has pensado en usar owncloud?. Puede que te sirva.

P. D: juro que se me acaba de ocurrir hace 5 minutos

Saludos

RE: configuración de permisos predeterminados (umask) para nuevos usuarios.

[ziprasidone146939277]

> Buenas,

Buenas, reenvío a la lista.

> Gracias. De todas formas, ya está solucionado. No, no me interesaba que
> cada usuario tubiera su propio home; si no que, compartiesen todos un solo
> home que, en este caso es:
> /srv/ftp.
> la carpeta ftp, pertenece al grupo ftp, con permisos 2770 (rwxrwxs---).
> y de paso se le ha añadido el stickibit (rwxrwxs-wxt).
> de modo que queda así:
> d-rwxrws-wt.
> Para lo del umask, he editado el fichero (/etc/login.defs), como sugirieron
> por aquí.
>   Y como servidor ftp, estoy usando proftpd; para que coja los usuarios, lo
> tengo configurado para que los coja del fichero /etc/passwd Como dige
> anteriormente en el primer mail, el fichero /etc/default/useradd está
> también editado, de modo que los usuarios por defecto tengan los siguientes
> parámetros:
> home: /srv/ftp
> shell: /bin/ghost (shell que obviamente me he sacado de la patilla y no vale
> para nada)
> group: 1001

Me alegro que hayas podido solucionarlo.

Pienso que cuando tienes que "meter tanta mano" o modificar tantos archivos del 
s.o. (que por lo general muy poco frecuente se modifican) para levantar un 
servicio, puede que algo no ande bien o no estés usando la solución/software 
adecuado.

Tu necesidad/caso aplica más a un servidor de archivos y no a un FTP.
Como quiera que sea, si lo pudiste resolver y funciona, no hay más que decir.

Un saludo

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, to...@tuxteam.de  wrote:
> On Wed, Nov 14, 2018 at 12:18:47PM -0500, Lee wrote:
>
> [...]
>
> Just for one data point -- I do my backups basically this way, all
> from the command line
>
>   sudo cryptsetup open /dev/sdXX backup
>   sudo mount /dev/mapper/backup /media/backup
>   backup # this is a script in ~/bin which basically calls rsync
>   sudo umount /media/backup
>   sudo cryptsetup close backup
>
> The rsync thingie in ~/bin/backup basically does some sanity checks
> and calls rsync with --filter="merge $home/.backup/filter". There,
> I list some basic excludes and, what's more important, have a line
> "dir-merge .backup-filter" -- so I can exclude big, uninteresting
> things (videos, virtual OS images etc) which are easy to recover.
>
> This way my backup is around 55G and fits in a 64G stick. Has served
> me well so far.

Wow!  Thanks for the --filter tip.  Somehow I managed to miss that
when looking at the rsync man page

Lee

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, Andrew McGlashan  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> On 15/11/18 2:01 am, Lee wrote:
>> What are you using to backup your files to an encrypted usb drive?
>
> In an ideal world:
  <.. snip good suggestions ..>
> 3. Encrypt with LUKS (full disk encryption) where you can, the entire
> device, partition only if you need to.

That's what I want to do next.  But I want to save a few files first &
figured now was the time to figure out how I want to backup my data.
I'm not terribly concerned with backing up everything since most
things I can just re-install.

> Actual backup, there are so many options.
>
> Have multiple USB drives of same size, update drive 1 to drive 2 using
> rsync -- then next drive 2 to drive 3.

I'm missing something.  Why not hard drive => usb1, then usb2, then usb3?
Or this is based on using rsnapshot & keeping hourly/daily/etc.
backups consistent on all the drives?

> Use rsnapshot for the backups with hourly, daily, weekly ... and more
> if needed, snapshots.

That looks interesting.  Thanks for the pointer

> Save encrypted backups to off-site storage or at least keep one
> encrypted backup off site at all times -- hence why at least 3 drives.

yes :)

Thanks
Lee

Re: Télé-gestion électrique d'équipements informatiques 5, 12 et 24v

[Yann Serre]

Le 14/11/2018 à 18:45, Olivier a écrit :
J'ai vu de mes propres yeux une Freebox ADSL bondir de 6 à 9Mb/s en 
changeant 2 choses:

le bloc d'alim 12v
le cordon ADSL


En revanche je crois comprendre en relisant que les 9Mo ont été mesurés 
plutôt sur le boitier TV et pas sur la box ?


Car dans ce cas si on utilise ce que les FAI fournissent comme matériel, 
"l'alim" est aussi un "modem" pour faire une liaison réseau entre la box 
et le boitier TV.
Cette liaison peut bien fonctionner dans 9 cas sur 10 mais si on peut la 
remplacer par un câble RJ45 réseau CAT5 ou CAT6 on évite plein de 
problèmes :

- les multiprises et donc des pertes importantes (à chaque multiprises)
- les parasites du moteur de la machine à laver
- l'ajout de parasites (parfois le frigo ou le four micro-ondes, les 
câbles électriques ne sont pas blindés et sont de grandes antennes)

- la vétusté des prises électriques

Re: how to backup to an encrypted usb drive?

[Reco]

Hi.

On Wed, Nov 14, 2018 at 12:52:57PM -0500, Lee wrote:
> On 11/14/18, Reco  wrote:
> > On Wed, Nov 14, 2018 at 10:50:44AM -0500, Lee wrote:
> >> On 11/14/18, Reco  wrote:
> >> >  Hi.
> >> >
> >> > On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
> >> >> What are you using to backup your files to an encrypted usb drive?
> >> >
> >> > For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).
> >>
> >> Which seems to require restore or xfsrestore?
> >
> > Precisely.
> >
> >
> >> https://linux.die.net/man/8/xfsdump
> >>   The media format used by xfsdump can only be understood by xfsrestore.
> >> I can't tell from a quick look at dump/restore if I can look at files
> >> on the backup media or not
> >
> > No, you do not. You'll need restore/xfsrestore first.
> > The whole purpose of a good filesystem backup is to capture all
> > file/directory attributes (which include, but aren't limited to POSIX
> > permissions, POSIX ACLs, SELinux labels, capability labels, extended
> > attributes to name a few). That's where dump/xfsdump guarantee you to
> > capture anything that a filesystem supports.
> >
> > If you're content with losing all this metadata in your backup - there
> > are rsync, cpio or tar. Or all those 'backup solutions' based on those.
> 
> Do I need all that metadata?  This is for me at home so it's pretty
> much a single user machine.

That's for you to decide. I'd say you definitely need it for the backups
of / and /var and can *probably* skip it for /home, but YMMV.


> >> > For the encryption of this hypothetical drive (I don't use USB drives
> >> > for these purposes) - luks only.
> >>
> >> Why don't you like USB drives for these purposes?
> >
> > Because backing up something to NFS share is easier.
> 
> but leaves you open to cryptolocker ransomware & various 'oh shit!'
> moments when I do something stupid.  Offline & offsite is worth a
> certain amount of inconvenience to me.

Nope. Because:

a) You do not do backups as a regular user.
b) You do not keep a single backup.

Besides, avoiding all those cryptolockers is easy. You just need to
learn to distinguish a trusted software from the untrusted. A trusted
software comes to you with your OS (in this case - Debian main archive).
An untrusted software comes from elsewhere. Keep to a trusted software
and you'll be fine.

Avoiding human mistakes is impossible indeed, hence the backups. And
filesystem snapshots, but that's a different matter.


> > And, I'm strong believer of 'machine works, human thinks' principle.
> > Automating backups to NFS (and replicating them from there) is simple.
> > Automating backup to USB drive - that's something that cannot be done
> > without human intervention.
> >
> >> In other words, what am I missing?

A good backup is run by cron. A bad backup is run manually.
Simple as that.


> > Encrypted backups have their purpose, of course. For storing backups
> > offsite (whenever it's physical or cloud) encryption is invaluable.
> >
> > But, the encryption is only as secure as the management of the
> > encryption key, and the only relatively secure example of that I can
> > come up with is gpg. And utilizing gpg for unattended backups is painful
> > to say the least.
> 
> Which is why I liked truecrypt.  Is luks roughly equivalent for
> encrypting the whole drive?

No, it's better. More encryption algorithms, definitely more code audit
*and* virtually zero 'became superuser' vulnerabilities.

Reco

Re: smbclient - mount

[Gabriel Moreau]

il est possible d’établir une connexion signé et crypté (AES-128-CCM)


signée et chiffrée

A+

gaby
--
Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr
LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels
Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France
mailto:gabriel.mor...@legi.grenoble-inp.fr  tel:+33.476.825.015



smime.p7s
Description: Signature cryptographique S/MIME

smbclient - mount

[Gian Luca Dequecker]

Bonjour,

Avec la commande « smbclient //mypc/myshare -U username -m smb3 -e »
il est possible d’établir une connexion signé et crypté (AES-128-CCM)
avec un serveur.

Quels sont les paramètres équivalents pour la commande mount ?

Merci,

GL

Re: Télé-gestion électrique d'équipements informatiques 5, 12 et 24v

[Yann Serre]

Le 14/11/2018 à 18:45, Olivier a écrit :



Le mer. 14 nov. 2018 à 18:15, Yann Serre  a 
écrit :


Bonjour

Le 14/11/2018 à 17:28, Olivier a écrit :
 > J'ai été surpris de l'impact du remplacement d'un bloc
d'alimentation
 > sur des Livebox ou Freebox

Tu peux développer ?


J'ai vu de mes propres yeux une Freebox ADSL bondir de 6 à 9Mb/s en 
changeant 2 choses:

le bloc d'alim 12v
le cordon ADSL

Par ailleurs, à chaque appel, le support d'Orange me questionne sur 
l'alimentation électrique: "êtes-vous sur une multi-prise, ...


J'ai d'ailleurs bien envie d'ouvrir un fil de discussion sur ce seul 
sujet (qualité des alimentation des box) car je suis un peu frustré de 
ne pas pouvoir étayer par des chiffres (voltage, ampérage, ...) mes 
observations.




Cherche pas, c'est le cordon adsl et la connectique côté cuivre.
L'alim n'a pas joué de rôle !!!

Imaginons qu'une alim constructeur est sous-dimensionnée et s'effondre 
en courant ou en voltage, on en aurait entendu parler !
Si c'était un problème de filtrage du courant continu, avec des 
parasites, là aussi ce serait une faille connue.


Une alim CC, c'est assez simple : elle doit fournir le voltage demandé, 
plus de courant que nécessaire, être ventilée pour ne pas chauffer, 
blindée ou éloignée de l'électronique sensible et le filtrage ne doit 
pas produire d'onde parasite en sortie.


Les pertes de débit ADSL s'additionnent :
- dans la qualité du câble France Telecom (sur une installation on m'a 
changé le câble dans la rue - jarretière corrodée - et le débit est reparti)
- dans la  qualité / longueur du câblage intérieur dans le logement 
(pour faire vite, un jour j'ai acheté du câble dit téléphonique dans une 
grande surface de bricolage pour changer l'emplacement d'une box dans un 
logement. Même en repartant de l'arrivée France Telecom dans la cave et 
en allant directement à la box, la perte en débit était évidente : câble 
mal blindé, mauvaise impédance,...)

- dans le conjoncteur téléphonique (corrosion, graisse sur les contacts)
- dans la qualité du filtre adsl
- dans le réseau téléphonique "classique" après le filtre ADSL, celui 
qui va vers les téléphones et les autres prises du logement (mettre 
juste 1 DECT près du filtre et débrancher le câble qui va vers les 
autres prises).

- dans le petit câble entre le filtre adsl et la box.


Pour la multiprise, ça concerne la liaison réseau par courant porteur 
(entre la box et le boitier TV).


Rien à voir avec "la qualité du courant 240V d'EDF" ;)

Re: how to backup to an encrypted usb drive?

[Michael Wagner]

On Nov 14, 2018 at 12:18:47, Lee wrote:
> On 11/14/18, Jonathan Dowland  wrote:
> 
> > I'd recommend
> > taking a look at rsync for performing the copy.
> 
> I've used rsync at work.  It was fast & good enuf for keeping my files
> on different machines consistent but I never figured out how to sync
> everything except   eg. backing up
> ~/.cache seems like a waste of time & disk space.

Hello Lee,

look at the options --exclude and --exclude-from in the manpage. It's 
easy to exclude files or directories with rsync.

Hth Michael

-- 
BOFH excuse #284:

Electrons on a bender


signature.asc
Description: PGP signature

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, Reco  wrote:
> On Wed, Nov 14, 2018 at 10:50:44AM -0500, Lee wrote:
>> On 11/14/18, Reco  wrote:
>> >Hi.
>> >
>> > On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
>> >> What are you using to backup your files to an encrypted usb drive?
>> >
>> > For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).
>>
>> Which seems to require restore or xfsrestore?
>
> Precisely.
>
>
>> https://linux.die.net/man/8/xfsdump
>>   The media format used by xfsdump can only be understood by xfsrestore.
>> I can't tell from a quick look at dump/restore if I can look at files
>> on the backup media or not
>
> No, you do not. You'll need restore/xfsrestore first.
> The whole purpose of a good filesystem backup is to capture all
> file/directory attributes (which include, but aren't limited to POSIX
> permissions, POSIX ACLs, SELinux labels, capability labels, extended
> attributes to name a few). That's where dump/xfsdump guarantee you to
> capture anything that a filesystem supports.
>
> If you're content with losing all this metadata in your backup - there
> are rsync, cpio or tar. Or all those 'backup solutions' based on those.

Do I need all that metadata?  This is for me at home so it's pretty
much a single user machine.

>> > For the encryption of this hypothetical drive (I don't use USB drives
>> > for these purposes) - luks only.
>>
>> Why don't you like USB drives for these purposes?
>
> Because backing up something to NFS share is easier.

but leaves you open to cryptolocker ransomware & various 'oh shit!'
moments when I do something stupid.  Offline & offsite is worth a
certain amount of inconvenience to me.

> And, I'm strong believer of 'machine works, human thinks' principle.
> Automating backups to NFS (and replicating them from there) is simple.
> Automating backup to USB drive - that's something that cannot be done
> without human intervention.
>
>> In other words, what am I missing?
>
> Encrypted backups have their purpose, of course. For storing backups
> offsite (whenever it's physical or cloud) encryption is invaluable.
>
> But, the encryption is only as secure as the management of the
> encryption key, and the only relatively secure example of that I can
> come up with is gpg. And utilizing gpg for unattended backups is painful
> to say the least.

Which is why I liked truecrypt.  Is luks roughly equivalent for
encrypting the whole drive?

Thanks
Lee

Re: Télé-gestion électrique d'équipements informatiques 5, 12 et 24v

[Olivier]

Le mer. 14 nov. 2018 à 18:15, Yann Serre  a
écrit :

> Bonjour
>
> Le 14/11/2018 à 17:28, Olivier a écrit :
> > J'ai été surpris de l'impact du remplacement d'un bloc d'alimentation
> > sur des Livebox ou Freebox
>
> Tu peux développer ?
>

J'ai vu de mes propres yeux une Freebox ADSL bondir de 6 à 9Mb/s en
changeant 2 choses:
le bloc d'alim 12v
le cordon ADSL

Par ailleurs, à chaque appel, le support d'Orange me questionne sur
l'alimentation électrique: "êtes-vous sur une multi-prise, ...

J'ai d'ailleurs bien envie d'ouvrir un fil de discussion sur ce seul sujet
(qualité des alimentation des box) car je suis un peu frustré de ne pas
pouvoir étayer par des chiffres (voltage, ampérage, ...) mes observations.


>
> Yann
>
>

Re: how to backup to an encrypted usb drive?

[tomas]

On Wed, Nov 14, 2018 at 12:18:47PM -0500, Lee wrote:

[...]

> Well that's .. surprising.  I went with xfce because it's supposed to
> be 'lightweight' and I'm trying debian on an old laptop.  If I go with
> something other than xfce is it just mounting & unlocking the external
> drive that changes or is there more?

Just for one data point -- I do my backups basically this way, all
from the command line

  sudo cryptsetup open /dev/sdXX backup
  sudo mount /dev/mapper/backup /media/backup
  backup # this is a script in ~/bin which basically calls rsync
  sudo umount /media/backup
  sudo cryptsetup close backup

The rsync thingie in ~/bin/backup basically does some sanity checks
and calls rsync with --filter="merge $home/.backup/filter". There,
I list some basic excludes and, what's more important, have a line
"dir-merge .backup-filter" -- so I can exclude big, uninteresting
things (videos, virtual OS images etc) which are easy to recover.

This way my backup is around 55G and fits in a 64G stick. Has served
me well so far.

Cheers
-- t


signature.asc
Description: Digital signature

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, Jonathan Dowland  wrote:
> On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
>>What I've been using on windows is truecrypt to encrypt the drive and
>>1) unison + gui frontend to do a quick backup of selected files & 2) a
>>bat file that calls xcopy to copy files with the archive flag set to
>>YYMMDD/ on an encrypted drive (ie. an incremental backup; I do a full
>>backup every few months)
>
> Luckily, you can use almost the exact same tools for achieving the same
> on Debian.
>
> There are a few choices for the encryption tool you use; I suggest using
> "cryptsetup", especially over a few of the alternatives (encfs, ecryptfs)
> but the tooling you use to achieve this will depend upon what desktop
> environment (if any) you are using.

Well that's .. surprising.  I went with xfce because it's supposed to
be 'lightweight' and I'm trying debian on an old laptop.  If I go with
something other than xfce is it just mounting & unlocking the external
drive that changes or is there more?

> I know that GNOME 3 (what I'm using) can detect and mount LUKS-encrypted
> disks when they are attached to my machine. What I'm not sure about is
> whether it can be used to create those in the first place. Although I
> guess that's a one-time operation (per external USB), so not too bad to
> do it via command-line tools. See man cryptsetup(1)
> 

Wow!  A lot of good info there that's going to take me a while to
digest - thank you.

> Once you've got the encrypted disk set up, you could use unison
> similarly to how you are on Windows. You'd need to re-implement the
> batch file if you wanted exactly the same behaviour for that, and
> there's no direct analogue of the archive bit that I can think of, so
> marking/identifying files is one part of the puzzle;

No problem re-implementing the batch file as a script :)  & I've got
unison setup to compare the files to see if the backup is current or
not, so the archive bit doesn't come into play there.

> I'd recommend
> taking a look at rsync for performing the copy.

I've used rsync at work.  It was fast & good enuf for keeping my files
on different machines consistent but I never figured out how to sync
everything except   eg. backing up
~/.cache seems like a waste of time & disk space.

> Or throw it all out and use something like rdiff-backup and just back up
> everything…

Which can take a long time & tends to back up way more than I want.
Or is there a way to give it a list of files & directories to ignore?
That was the main reason I liked unison - it's easy to create a list
of files/directories to ignore.

Thanks
Lee

Re: Télé-gestion électrique d'équipements informatiques 5, 12 et 24v

[Yann Serre]

Bonjour

Le 14/11/2018 à 17:28, Olivier a écrit :
J'ai été surpris de l'impact du remplacement d'un bloc d'alimentation 
sur des Livebox ou Freebox


Tu peux développer ?

Yann

Re: how to backup to an encrypted usb drive?

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 15/11/18 2:01 am, Lee wrote:
> What are you using to backup your files to an encrypted usb drive?

In an ideal world:

1. Don't use TrueCrypt any longer, VeraCrypt is the natural
replacement in the Winblows world.  TrueCrypt hasn't been considered
safe for quite some time and whilst I think VeraCrypt is fine, it has
the same original base as TrueCrypt and, in theory, goes against the
original TC license, but whose going to stop them?  I do use VeraCrypt
on Windows machines.

2. Don't use ANY drive or flash memory type device without encryption
for data you care about and which must be secure as you can never be
100% certain that wear leveling (or other mechanisms) won't leave your
data behind because a block on the media gets remapped and the
original block gets abandoned.  That is, any media type may well
silently re-map data sectors transparently.  That includes traditional
spinning rust,   Linux installs do need a non-encrypted /boot
partition, but everything else should be fully encrypted.  EFI/UEFI
could adjust your options for booting, as would GPT vs MBR type disks
disk labeling.

3. Encrypt with LUKS (full disk encryption) where you can, the entire
device, partition only if you need to.


Actual backup, there are so many options.

Have multiple USB drives of same size, update drive 1 to drive 2 using
rsync -- then next drive 2 to drive 3.

Use rsnapshot for the backups with hourly, daily, weekly ... and more
if needed, snapshots.

Save encrypted backups to off-site storage or at least keep one
encrypted backup off site at all times -- hence why at least 3 drives.

I'm not going to be exhaustive, but you get the idea that there are
loads of options.

If you do use dump (and restore), of any variant, do the dump with the
file system NOT mounted.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW+xWagAKCRCoFmvLt+/i
+5xmAQCt4vdtmgjyT3IlbidGZ8e81sIPUNeMMYdnpVZV/0zMTQD/Y6JxDK397kZ8
Lw2fMdNQBptueYI1FED7HZ1KxncQwxw=
=w4dn
-END PGP SIGNATURE-

OFF TOPIC - Nuevo curso disponible

[Galvatorix Torixgalva]

Hola,

os comunico que ya está disponible un nuevo curso.

En esta ocasión veremos como crear formas geométricas avanzadas con POV-Ray
y aprovechamos para ver algunas de las texturas propias de POV-Ray

https://www.tutellus.com/tecnologia/software/curso-de-pov-ray-37-nivel-medio-18910

Re: Password policy.

[Andrew McGlashan]

On 15/11/18 2:51 am, Brian wrote:
> And what is the value to an attacker in having /etc/shadow, assuming it
> can be decrypted in a sensible time frame? Remotely logging in? Surely
> not in these days of ssh keys?

Well re-use of passwords.

We all know that if you have a username (often times an email address)
and the password used for that username, then there are too many places
where that same credentials might be re-used elsewhere.

A.

Re: how to backup to an encrypted usb drive?

[Reco]

On Wed, Nov 14, 2018 at 10:50:44AM -0500, Lee wrote:
> On 11/14/18, Reco  wrote:
> > Hi.
> >
> > On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
> >> What are you using to backup your files to an encrypted usb drive?
> >
> > For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).
> 
> Which seems to require restore or xfsrestore?

Precisely.


> https://linux.die.net/man/8/xfsdump
>   The media format used by xfsdump can only be understood by xfsrestore.
> I can't tell from a quick look at dump/restore if I can look at files
> on the backup media or not

No, you do not. You'll need restore/xfsrestore first.
The whole purpose of a good filesystem backup is to capture all
file/directory attributes (which include, but aren't limited to POSIX
permissions, POSIX ACLs, SELinux labels, capability labels, extended
attributes to name a few). That's where dump/xfsdump guarantee you to
capture anything that a filesystem supports.

If you're content with losing all this metadata in your backup - there
are rsync, cpio or tar. Or all those 'backup solutions' based on those.


> > For the encryption of this hypothetical drive (I don't use USB drives
> > for these purposes) - luks only.
> 
> Why don't you like USB drives for these purposes?

Because backing up something to NFS share is easier.
And, I'm strong believer of 'machine works, human thinks' principle.
Automating backups to NFS (and replicating them from there) is simple.
Automating backup to USB drive - that's something that cannot be done
without human intervention.

> In other words, what am I missing?

Encrypted backups have their purpose, of course. For storing backups
offsite (whenever it's physical or cloud) encryption is invaluable.

But, the encryption is only as secure as the management of the
encryption key, and the only relatively secure example of that I can
come up with is gpg. And utilizing gpg for unattended backups is painful
to say the least.

Reco

Télé-gestion électrique d'équipements informatiques 5, 12 et 24v

[Olivier]

Bonjour,

Je gère à distance des installations informatiques qui ont le point commun
d'inclure un NUC sous Debian et plusieurs équipements informatiques de type
modem, routeur.

Ces équipements sont chacun fournis avec leur propre bloc d'alimentation :
d'un côté une prise mâle 2P+T, de l'autre un câble terminé par une prise
Powerjack 2.5x5.5 ou 2.1x5.5 voire même par du micro-USB (pour un
Raspberry).

J'aimerai bien pouvoir remplacer ces blocs d'alimentation par un unique
appareil télé-administrable possédant plusieurs (4 à 6) sorties
d'alimentation continue (et 1 entrée 2P+T, bien sûr) pas trop cher (<500
E.TTC), rackable ou non.

Avec celui-ci (sans ordre d'importance, sans que chaque besoin soit
impératif) :
- pouvoir sélectionner ou régler la tension continue (12V pour Livebox, 5V
pour le Pi, 28V pour un routeur, 19V pour le NUC ?)
- protéger chaque sortie (est-ce redondant avec la protection interne à
chaque équipement ?)
- éteindre, allumer ou redémarrer à distance certains de ces équipements
- avoir un câblage électrique optimisé (*)
- avoir une alimentation de meilleure qualité (**)
- être notifié en cas de coupure ou reprise de courant secteur
- arrêter ou démarrer gracieusement en cas de reprise ou coupure de courant
secteur
- en cas d'onduleur, pouvoir faire remplacer les batteries par un homme
d'entretien

1. Qui pourrait recommander un onduleur ou un ePDU (est-ce le bon terme ?)
adapté aux alimentation en courant continu ou à défaut avec des prises 2P+T
largement espacées (voire orientées à 90°) ? Quel retour d'expérience ?

2. Comment mécaniser le démarrage ou l'arrêt du NUC sous Debian local ?

3. Comment implémenter une règle du type "si le courant est coupé depuis
plus de 10mn, arrêter ce groupe d'équipement, puis celui-ci ..." ?

Slts

(*) Les blocs d'alimentation peuvent être très encombrants et empiéter sur
les emplacements adjacents d'une multiprise
(**) J'ai été surpris de l'impact du remplacement d'un bloc d'alimentation
sur des Livebox ou Freebox

Re: Paypal and Linux in a low graphics environment.

[Gene Heskett]

On Wednesday 14 November 2018 07:57:50 Stefan Monnier wrote:

> > "escalate" the call.  Paypal I think, runs on linux.
>
> You mean Android/Linux or GNU/Linux?
>
> In any case, this is like saying that Toyota uses diesel-powered
> vehicules to ship its cars (and parts), so of course its vehicules
> will also accept diesel.
>
>
> Stefan
Chuckle. But now here's practicality, and offtopic:

In 1978 I was the CE at a tv station Now long gone because the market 
wasn't big enough. But since I started out in broadcast engineering at 
KOTA, I worked for and with the engineer at TEPCO, who made the 
microwave gear that intercepted 1/4 of a watt from the cross-country 
network backbone at a site called waterdog someplace north of the 
Umcompaugraphy(sp?) plateau in CO, and sent it on south thru two more 
hops to get to KIVA-tv just south of Farmington NM.  Needing to go fix 
something, I took the station owners '77 Bronco to our gas tradeout and 
filled the empty front tank up from the regular pump. Unknown to the 
station at the time, the tank truck driver had just filled the regular 
tank with super-diesel. I made it to about the corner west of town and 
had just turned north when I found the 303 was pinging like crazy on 
anything that resembled an upgrade, so I switched tanks, curing the ping 
in about a quarter mile. My trip was important, so I continued switching 
tanks, but stopped in Cortez and filled that tank up from the ethyl 
pump. After 30 more miles I was able to use a bit more throttle on the 
hills before switching tanks. I got to our site on North Mountain and 
found it dead, so had to go on north to the our first site, where I had 
to replace the transmitter klystron. By then I was looking at the gas 
gauge but took a chance and backed south, stopping at the Phillips Store 
at the bottom of north mountain where I again filled that tank with 
ethyl, and the other with regular, and I was able to use from the bigger 
tank all the way up north mountain with only an occasional ping.  The 
rest of that trip was uneventful, but it proved that within reason, a 
year old ford bronco could be run on super-diesel. Back to regular it 
ran like a scalded cat because all the carbon deposits had been blasted 
away, leaving its innards quite clean till it got carboned up again. 

Now back to the regularly scheduled the argument about passwds, with some 
of the arguments for short ones blowing my mind, probably posted by 
windows users at home who have not yet been hacked. Your time is coming.

My only encounter with paypal on the phone was rather nicely handled by 
the support person answering the phone. Several years ago now.

Historically, I've had more problems with ebay when I'm playing visiting 
fireman 2k miles from my home machine and trying to buy a card for a 
$12,000 commercial player whose scsi card had died. Took 3 days of 
yelling at them before they would give me the sellers address to 
complete the sale, their software was not able to authenticate/pass me 
as the buyer because at that site, I was forced to use an xp machine 
locked down by a firewall they need in Northern CA right now.

They weren't able to handle a familiar buyer useing a differrent machine 
2000 miles away from his home machine.

That call wound up being escalated 4 times before I got to someone who 
understood the problem, and gave me the sellers ebay address.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Producción Orgánica de Granos, Frutas y Hortalizas

[Selene Pat]

[1] Ver esta campaña en tu navegador

Cultivo y Producción de Aguacate
Ciudad de México 14 Diciembre

[2]

No te puedes perder esta oportunidad única ASISTEN 2 PERSONAS PAGAS 1 CON TODOS 
LOS MEDIOS DE PAGO

El auge del consumo de aguacate ha dado como resultado ganancias millonarias a 
los productores mexicanos que exportan.

[3] PRESIONE AQUÍ PARA OBTENER EL TEMARIO VÍA EMAIL

[4] PRESIONE AQUÍ PARA OBTENER EL TEMARIO VÍA WHATSAPP
Únase a los comerciantes que ya exportan a Estados Unidos y el resto del mundo, 
preparándose con este curso que le da las bases para poder hacerlo.

Podrá aprender y obtener consejos prácticos de nuestro instructor investigador, 
quien tiene más de 20 años de experiencia a nivel nacional e internacional.

Comuníquese con nosotros a nuestro callcenter:
018003337726 - 3311940740

Este mensaje fue enviado a i...@controldatos.info por 
i...@supervisoresmonterrey.com
Calle 3 Campestre, Merida, Yucatan  97120, Mexico

Cancelar suscripción| Administrar suscripción| Remitir a un amigo| Reportar 
abuso


 References:

1. http://infocontroldatos.info.bme1.net/c/v?e=D8FE2A=855F5=0
2. 
http://infocontroldatos.info.bme1.net/c/l?u=84856A5=D8FE2A=855F5=0=1
3. 
mailto:i...@supervisoresmonterrey.com?subject=Aguacate=Deseo%20Informacion%20favor%20de%20enviar%20a:%0ANombre:%0ATelefono:%0AEmail:
  debian-user-spanish@lists.debian.org
4. 
http://infocontroldatos.info.bme1.net/c/l?u=84856A5=D8FE2A=855F5=0=2  
  

Este mensaje fue enviado a debian-user-spanish@lists.debian.org por 
i...@supervisoresmonterrey.com

Usted puede modificar / actualizar su suscripción a través del enlace de abajo. 
   

Cancelar suscripci n de cualquier env o futuro
http://infocontroldatos.info.bme1.net/c/su?e=D8FE7D=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Administre su Suscripción
http://infocontroldatos.info.bme1.net/c/s?e=D8FE7D=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Remitir Email
http://infocontroldatos.info.bme1.net/c/f?e=D8FE7D=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Reportar Abuso
http://infocontroldatos.info.bme1.net/Abuse?e=D8FE7D=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Calle 3 Campestre, Merida, Yucatan  97120, Mexico

Vea este email en su navegador: 

http://infocontroldatos.info.bme1.net/c/v?e=D8FE7D=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6

Re: Password policy.

[Brian]

On Thu 15 Nov 2018 at 01:30:02 +1100, Andrew McGlashan wrote:

> 
> 
> On 14/11/18 10:19 pm, Brian wrote:
> > There are two situations I can think of which could lead to /etc/shadow
> > becoming vulnerable:
> > 
> > 1. The machine's administrator causes it to happen.
> > 2. There is a flaw in one the OS's components.
> > 
> > The least said about cause 1, the better. There is nothing which can be
> > done here.
> > 
> > The bug arising in 2. would soon be discovered and a fix rapidly devised
> > and distributed. There is nothing much to worry about here.
> 
> Sometimes 2 doesn't get discovered for many years.

A possibility, but remember that most security bugs are discovered
proactively before there is an opportunity to exploit them. People do
actively look for them and there are more goodies than baddies.

In the case of someone discovering a way to take /etc/shadow, the event
might not come to light for some time if exploitation is very low level
and not against perceived high-value hosts. But eventually it would be
noticed.

And what is the value to an attacker in having /etc/shadow, assuming it
can be decrypted in a sensible time frame? Remotely logging in? Surely
not in these days of ssh keys?
 
> How about:
> 
> 3. They had physical access to the drive in question (or any backup) and
> that data wasn't encrypted (LUKS for example).
> [boot machine with live boot USB, mount root file system and steal the
> file, remove live boot USB, allow machine to startup normally]

You know what is said about physical access? This is 1. in disguise.

-- 
Brian.

Re: how to backup to an encrypted usb drive?

[Lee]

On 11/14/18, Reco  wrote:
>   Hi.
>
> On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
>> What are you using to backup your files to an encrypted usb drive?
>
> For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).

Which seems to require restore or xfsrestore?

https://linux.die.net/man/8/xfsdump
  The media format used by xfsdump can only be understood by xfsrestore.
I can't tell from a quick look at dump/restore if I can look at files
on the backup media or not

> For the encryption of this hypothetical drive (I don't use USB drives
> for these purposes) - luks only.

Why don't you like USB drives for these purposes?
In other words, what am I missing?

Thanks,
Lee

Re: Password policy.

[Brad Rogers]

On Thu, 15 Nov 2018 01:22:37 +1100
Andrew McGlashan  wrote:

Hello Andrew,

>you can and perhaps one day they'll get bitten and realize that your
>warnings were for real and very much worth listening to..

Experience (admittedly limited) tells me otherwise;  Despite helping out 
people and stressing the importance of security, I find it's the same
people time and time again that get burned in this way.

You can lead a horse to water..

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Now I found you out, I don't think you're so smart
Who Are You - Black Sabbath


pgpS6qUljxysA.pgp
Description: OpenPGP digital signature

Re: Archiving content of a directory on a DVD-R.

[Jonathan Dowland]

On Wed, Nov 14, 2018 at 08:37:41AM -0500, Greg Wooledge wrote:

The point is you can run "sudo ascript" but you cannot run "sudo afunction".


Oh yes of course. I had forgotten that from the earlier messages. Sorry
for the noise.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: how to backup to an encrypted usb drive?

[Jonathan Dowland]

On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:

What I've been using on windows is truecrypt to encrypt the drive and
1) unison + gui frontend to do a quick backup of selected files & 2) a
bat file that calls xcopy to copy files with the archive flag set to
YYMMDD/ on an encrypted drive (ie. an incremental backup; I do a full
backup every few months)


Luckily, you can use almost the exact same tools for achieving the same
on Debian.

There are a few choices for the encryption tool you use; I suggest using
"cryptsetup", especially over a few of the alternatives (encfs, ecryptfs)
but the tooling you use to achieve this will depend upon what desktop
environment (if any) you are using.

I know that GNOME 3 (what I'm using) can detect and mount LUKS-encrypted
disks when they are attached to my machine. What I'm not sure about is
whether it can be used to create those in the first place. Although I
guess that's a one-time operation (per external USB), so not too bad to
do it via command-line tools. See man cryptsetup(1)


Once you've got the encrypted disk set up, you could use unison
similarly to how you are on Windows. You'd need to re-implement the
batch file if you wanted exactly the same behaviour for that, and
there's no direct analogue of the archive bit that I can think of, so
marking/identifying files is one part of the puzzle; I'd recommend
taking a look at rsync for performing the copy.

Or throw it all out and use something like rdiff-backup and just back up
everything…


--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Questions about upgrading from stretch to testing

[Shane Dev]

On Wed, 14 Nov 2018 at 16:04, john doe  wrote:

>
> Any reasons why you want package from testing and not from Stretch
> backports?
>
> because I didn't know Stretch backports existed - now I do. It seems to
offer to the stability of the stretch destribution with the ability to
upgrade certain packages to more up to date versions. Thanks for the tip!

Re: how to backup to an encrypted usb drive?

[Reco]

Hi.

On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
> What are you using to backup your files to an encrypted usb drive?

For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).
For the encryption of this hypothetical drive (I don't use USB drives
for these purposes) - luks only.

Reco

Re: Questions about upgrading from stretch to testing

[john doe]

On 11/14/2018 12:58 PM, Shane Dev wrote:
> Hello,
> 
> I downloaded firmware-9.6.0-amd64-netinst.iso and successfully installed a
> minimal debian stretch on my UEFI/GPT disk. I then I replaced all
> references to "stretch" with "testing" in /etc/apt/sources.list and
> executed sudo apt update; sudo apt install gnome-core firefox-esr.
>

Any reasons why you want package from testing and not from Stretch
backports?

-- 
John Doe

how to backup to an encrypted usb drive?

[Lee]

What are you using to backup your files to an encrypted usb drive?

This is my first try at moving off windows, so it'd be best to assume
I know almost nothing about linux admin stuff.

What I've been using on windows is truecrypt to encrypt the drive and
1) unison + gui frontend to do a quick backup of selected files & 2) a
bat file that calls xcopy to copy files with the archive flag set to
YYMMDD/ on an encrypted drive (ie. an incremental backup; I do a full
backup every few months)

Thanks
Lee

Re: Questions about upgrading from stretch to testing

[songbird]

Shane Dev wrote:
...
> 3. Last time I tried apt upgrade, my grub menu was replaced with the grub
> command prompted. If there any way to avoid this happening again?

  while testing has been fairly decent, once in a while
there are issues you may have to resolve via other means.

  if you are new enough to linux and Debian i do not 
recommend using testing because once in a while you
may be stuck.

  are you running this system and expecting it to 
always be available?

  what i do to make sure i have a booting system is
that i keep a stable partition and i also keep a 
bootable USB stick.

  i did have to use these this past month or so.


  songbird

Cultivo y Producción de Aguacate

[Omar Felix]

[1] Ver esta campaña en tu navegador

Cultivo y Producción de Aguacate
Ciudad de México 14 Diciembre

[2]

No te puedes perder esta oportunidad única ASISTEN 2 PERSONAS PAGAS 1 CON TODOS 
LOS MEDIOS DE PAGO

El auge del consumo de aguacate ha dado como resultado ganancias millonarias a 
los productores mexicanos que exportan.

[3] PRESIONE AQUÍ PARA OBTENER EL TEMARIO VÍA EMAIL

[4] PRESIONE AQUÍ PARA OBTENER EL TEMARIO VÍA WHATSAPP
Únase a los comerciantes que ya exportan a Estados Unidos y el resto del mundo, 
preparándose con este curso que le da las bases para poder hacerlo.

Podrá aprender y obtener consejos prácticos de nuestro instructor investigador, 
quien tiene más de 20 años de experiencia a nivel nacional e internacional.

Comuníquese con nosotros a nuestro callcenter:
018003337726 - 3311940740

Este mensaje fue enviado a i...@controldatos.info por 
i...@supervisoresmonterrey.com
Calle 3 Campestre, Merida, Yucatan  97120, Mexico

Cancelar suscripción| Administrar suscripción| Remitir a un amigo| Reportar 
abuso


 References:

1. http://infocontroldatos.info.bme1.net/c/v?e=D8FE2A=855F5=0
2. 
http://infocontroldatos.info.bme1.net/c/l?u=84856A5=D8FE2A=855F5=0=1
3. 
mailto:i...@supervisoresmonterrey.com?subject=Aguacate=Deseo%20Informacion%20favor%20de%20enviar%20a:%0ANombre:%0ATelefono:%0AEmail:
  debian-user-spanish@lists.debian.org
4. 
http://infocontroldatos.info.bme1.net/c/l?u=84856A5=D8FE2A=855F5=0=2  
  

Este mensaje fue enviado a debian-user-spanish@lists.debian.org por 
i...@supervisoresmonterrey.com

Usted puede modificar / actualizar su suscripción a través del enlace de abajo. 
   

Cancelar suscripci n de cualquier env o futuro
http://infocontroldatos.info.bme1.net/c/su?e=D8FE2A=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Administre su Suscripción
http://infocontroldatos.info.bme1.net/c/s?e=D8FE2A=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Remitir Email
http://infocontroldatos.info.bme1.net/c/f?e=D8FE2A=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Reportar Abuso
http://infocontroldatos.info.bme1.net/Abuse?e=D8FE2A=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6


Calle 3 Campestre, Merida, Yucatan  97120, Mexico

Vea este email en su navegador: 

http://infocontroldatos.info.bme1.net/c/v?e=D8FE2A=855F5=23944C=fTHoM8aX4cmtTUXrKU%2BuFkH65JnmyxczA4N83Ddjj9tQoS1ahAwyIA%3D%3D=CF0861C6

Re: Password policy.

[Andrew McGlashan]

On 14/11/18 10:19 pm, Brian wrote:
> There are two situations I can think of which could lead to /etc/shadow
> becoming vulnerable:
> 
> 1. The machine's administrator causes it to happen.
> 2. There is a flaw in one the OS's components.
> 
> The least said about cause 1, the better. There is nothing which can be
> done here.
> 
> The bug arising in 2. would soon be discovered and a fix rapidly devised
> and distributed. There is nothing much to worry about here.

Sometimes 2 doesn't get discovered for many years.

How about:

3. They had physical access to the drive in question (or any backup) and
that data wasn't encrypted (LUKS for example).
[boot machine with live boot USB, mount root file system and steal the
file, remove live boot USB, allow machine to startup normally]

Oh and if the backup isn't protected, it could be in some AWS bucket or
somewhere else with inadequate protection such as with a weak password
on any cloud storage service.

Now they've collected /etc/shadow one way or another and they can do as
they please off-line.

A.

Re: Password policy.

[Andrew McGlashan]

On 14/11/18 11:09 pm, Corey Manshack wrote:
> It may be that the Debian team is more in tune with their users. I’ve caught 
> hell trying to convince old timers that their password of mark1 was 
> incredibly horrible. People even tried to get me fired over my “strict” 
> password policy.

There is often a very weak link that you cannot do anything about; but
of course, to them "you are the problem" Dammed if you help them try
to understand damned if you don't.  Either way, lots of people have no
clue as to why it is important and don't think that re-using the same
stupid password all over the place is any kind of problem at all. :(

Some bad practices never get found out as well, but you have to do what
you can and perhaps one day they'll get bitten and realize that your
warnings were for real and very much worth listening to..

A.

Re: Audacity 2.2.2 + Pulseaudio in Debian Sid

[Brad Rogers]

On Wed, 14 Nov 2018 07:34:02 -0600
Nate Bargmann  wrote:

Hello Nate,

>Can I blame it on not being quite awake enough a couple of hours ago?

Certainly;  I would.   :-)

>Thanks, Brad.

YW.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
White people going to school, where they teach you to be thick
White Riot - The Clash


pgpNcqsjXTdha.pgp
Description: OpenPGP digital signature

Re: Archiving content of a directory on a DVD-R.

[Greg Wooledge]

On Wed, Nov 14, 2018 at 09:55:31AM +, Jonathan Dowland wrote:
> On Tue, Nov 13, 2018 at 08:15:13AM -0500, Greg Wooledge wrote:
> > So move them to scripts instead.  Or a single script.
> > 
> > Defining your system backup in your end-user account's shell functions
> > just seems completely silly and pointless.
> 
> I can't really see the problem, assuming ~/.bashrc is being backed up in
> the same way you might expect ~/bin/backup{1,2,3} to be.

The point is you can run "sudo ascript" but you cannot run "sudo afunction".

Re: Verifying dependencins of DEB file(s)

[Greg Wooledge]

On Wed, Nov 14, 2018 at 08:48:56AM +, David Martens wrote:
> 
> Neither I found a way how to at least check
> dependencies. 
> 
> ...
> 
> gdebi?

Basically, "apt-get install ./your_pkg_file.deb" replaces gdebi.
Or "apt install" if you prefer that.  Don't forget the leading ./ on
the filename.  It's required in this case.

Re: Audacity 2.2.2 + Pulseaudio in Debian Sid

[Nate Bargmann]

* On 2018 14 Nov 07:15 -0600, Brad Rogers wrote:
> On Wed, 14 Nov 2018 06:31:22 -0600
> Nate Bargmann  wrote:
> 
> Hello Nate,
> 
> >I'm seeing the same thing, however I've been unable to find the versions
> >of the packages you list, so I am stuck without a working Audacity.
> 
> Look for Debian Snapshot - they'll be on there somewhere.
> 
> https://snapshot.debian.org/ tells you, amongst other things, how to set
> up a repo.

I see that I had looked in the source packages section which is why I
didn't find those libs.  I scrolled down a bit further now and found
them.

Can I blame it on not being quite awake enough a couple of hours ago?

;-)

Thanks, Brad.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB


signature.asc
Description: PGP signature

Re: Audacity 2.2.2 + Pulseaudio in Debian Sid

[Brad Rogers]

On Wed, 14 Nov 2018 06:31:22 -0600
Nate Bargmann  wrote:

Hello Nate,

>I'm seeing the same thing, however I've been unable to find the versions
>of the packages you list, so I am stuck without a working Audacity.

Look for Debian Snapshot - they'll be on there somewhere.

https://snapshot.debian.org/ tells you, amongst other things, how to set
up a repo.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
I hit the ground, boy have I arrived!
The History Of The World (Part 1) - The Damned


pgpqorEmlsWUg.pgp
Description: OpenPGP digital signature

Re: ayuda bash

[Roberto C . Sánchez]

On Wed, Nov 14, 2018 at 09:17:18AM +0100, miguel angel gonzalez wrote:
>Hola a todos,
>Tengo una duda, me han pedido que haga un script relativamente sencillo
>pero que me tiene atascado.
>Comprobar que tomcat está arrancado y sino arrancarlo, hasta aquí bien, lo
>estaba haciendo por procesos.
>#!/bin/bash
>RESTART="/etc/init.d/tomcat restart"
>PGREP="/usr/bin/pgrep"
>TOMCAT="java"
> 
># buscamos que exista el proceso
>$PGREP ${TOMCAT}
> 
># sino existe id de proceso y el comando anterior devuelve 0
> 
>    if [ $? -ne 0 ]
>    then
>  $RESTART
>    fi
>---
>Pues bien, así no quieren que se realice.
>Sino que compruebe estado es decir, si está arrancado que no haga nada
>sino que lo arranque. Por el mensaje que devuelve. Lo que llevo hecho es
>esto, el problema me surge que el estado de tomcat que devuelve el comando
>status no entra en la variable y sin eso el resto no funciona. Como podéis
>ver hee intentado varias opciones pero ninguna me funciona, entiendo que
>la correcta y que debería de funcionar es:  ssh root@$i
>SALIDA=$(/etc/init.d/Tomcat status)
>#!/bin/bash
>START="/etc/init.d/Tomcat start"
>PARADO="Tomcat Server is not running."
>#STATUS="Tomcat Server is running"
>#SALIDA=/etc/init.d/Tomcat status"
>for i in $(cat /home/usuario/xml.lst)
>do
>#    ssh root@$i /etc/init.d/Tomcat status >>
>SALIDA=$(/home/usuario/prueba_estado_tomcat.txt)
>    ssh root@$i /etc/init.d/Tomcat status
>   ssh root@$i SALIDA=$(/etc/init.d/Tomcat status)
>    echo "$SALIDA"  >> /home/usuario/prueba_estado_tomcat.txt
>#   if [ "$SALIDA" == "$PARADO" ];
>#    then echo "está parado" >>
>/home/usuario/tomcat_parado.txt
>    #$START
>#    fi
>done
>Por cierto, el servicio de tomcat es con la T mayúscula. De momento hasta
>que lo tenga terminado, voy por partes y estoy enviando el resultado a un
>txt. Recorro una lista con las ip´s de las máquinas. Por eso dentro de un
>for meto el if.
>¿Se os ocurre algo? Gracias.

Yo creo qu tal vez sería mejor algo de esta manera:

URL=http://host/algo.html
LOG=$(mktemp)
wget -o ${LOG} -O /dev/null "${URL}"
if [ "$?" != "0" ]; then
echo "Problema con Tomcat: "
cat "${LOG}"
# Posiblemente ingresar al servidor y arrancar Tomcat de nuevo
fi

Si wget retorna con "200 OK" entonces el estatus de salida es 0.  Si
regresa con otra cosa, entonces el estatus de salida es alogo por encima
del 0.

Tambien puedes hacer este chequeo primero y entonces el otro chequeo que
has implementado si wget sale con algo indicando problema.  Así también
puedes diagnosticar si Tomcat está arrancado con todo bien, arracando
con algún problema (el estatus de wget, por ejemplo, te deja distinguir
un error HTTP 500 de un 404), o si no está arrancado y hace falta
arrancarlo de nuevo.

Saludos,

-Roberto

-- 
Roberto C. Sánchez

Re: Paypal and Linux in a low graphics environment.

[Stefan Monnier]

> "escalate" the call.  Paypal I think, runs on linux.

You mean Android/Linux or GNU/Linux?

In any case, this is like saying that Toyota uses diesel-powered
vehicules to ship its cars (and parts), so of course its vehicules will
also accept diesel.


Stefan

Re: Audacity 2.2.2 + Pulseaudio in Debian Sid

[Nate Bargmann]

* On 2018 11 Nov 12:47 -0600, Miguel A. Vallejo wrote:
> After a lot of googling, trial and error I solved the issue
> downgrading libasound2 and related packages to version 1.1.6:
> 
> libasound2_1.1.6-1_amd64.deb
> libasound2_1.1.6-1_i386.deb
> libasound2-data_1.1.6-1_all.deb
> libasound2-dev_1.1.6-1_amd64.deb
> libasound2-plugins_1.1.6-1+b1_amd64.deb
> libasound2-plugins_1.1.6-1+b1_i386.deb
> 
> Something is really bad with current version 1.1.7 of libasound2.
> 
> Hope this helps someone.

I'm seeing the same thing, however I've been unable to find the versions
of the packages you list, so I am stuck without a working Audacity.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB


signature.asc
Description: PGP signature

Re: Password policy.

[Corey Manshack]

It may be that the Debian team is more in tune with their users. I’ve caught 
hell trying to convince old timers that their password of mark1 was incredibly 
horrible. People even tried to get me fired over my “strict” password policy.

Sent from my iPhone

> On Nov 14, 2018, at 7:28 PM, Andrew McGlashan 
>  wrote:
> 
> 
> 
>> On 14/11/18 10:25 pm, Corey Manshack wrote:
>> So using the file uploader tool we can inject many more dangerous scripts 
>> and codes to gain higher access than just “reading” /etc/shadow if the 
>> uploader tool is running as privileged user or we gained privilege 
>> escalation another way.
> 
> Sure, I never said it was a good example...
> 
> In any case, weak passwords as per the "recommendation" are surprising
> to say the least.
> 
> A.
> 

Re: Verifying dependencins of DEB file(s)

[Richard Owlett]

On 11/14/2018 01:38 AM, Tomáš Golembiovský wrote:

Hi,

I need to safely install a DEB file (or set of DEB files) without
network connectivity and with tools normally present on small Debian
installation. More precisely I would either like to install the package
or leave the system in state before the attempt.

However, it seems there is no way to roll-back installation done with
dpkg in case of failure. Neither I found a way how to at least check
dependencies. The --dry-run/--simulate option does not do that. In fact,
I'm not sure what stages of the process it goes through (maybe just
verifying package integrity).

Is what I want to do possible with dpkg or other tools that are
normally in the base system?

Thanks,

 Tomas



You may be looking for apt-offline.

man page 
[https://manpages.debian.org/stretch/apt-offline/apt-offline.8.en.html]


The package's home page [http://apt-offline.alioth.debian.org/] seems to 
be unavailable [my ISP does not give useful error report].

Re: Questions about upgrading from stretch to testing

[Dan Ritter]

Shane Dev wrote: 
> Hello,
> 
> I downloaded firmware-9.6.0-amd64-netinst.iso and successfully installed a
> minimal debian stretch on my UEFI/GPT disk. I then I replaced all
> references to "stretch" with "testing" in /etc/apt/sources.list and
> executed sudo apt update; sudo apt install gnome-core firefox-esr.
> Everything works as expected but I have the following questions which I
> posted on the debian-testing mailing list. Since no-one answered, I thought
> I would try here -

apt update loads in new packages to your database; the apt
install installed those particular packages and their
dependencies.

You now have a system which is mostly stretch and partially
testing, and will become more testing over time.

If you want to get everything to testing, do

sudo apt dist-upgrade

> 1. according to uname -r, I am running 4.9.0-7-amd64 which appears to be
> the stretch kernel. Is it safe to run the stretch kernel with programs /
> apps / utilities from testing?

Yes. If a testing version needs a later kernel, that will be a
dependency and it will be installed. (And you will need to
reboot.)

> 2. I noticed the intel-microcode package is not installed. If I install it,
> could this testing version conflict with the stretch kernel?

If it depends on a certain version, see above answer.


> 3. Last time I tried apt upgrade, my grub menu was replaced with the grub
> command prompted. If there any way to avoid this happening again?

Not enough information to tell what happened.

-dsr-

Questions about upgrading from stretch to testing

[Shane Dev]

Hello,

I downloaded firmware-9.6.0-amd64-netinst.iso and successfully installed a
minimal debian stretch on my UEFI/GPT disk. I then I replaced all
references to "stretch" with "testing" in /etc/apt/sources.list and
executed sudo apt update; sudo apt install gnome-core firefox-esr.
Everything works as expected but I have the following questions which I
posted on the debian-testing mailing list. Since no-one answered, I thought
I would try here -

1. according to uname -r, I am running 4.9.0-7-amd64 which appears to be
the stretch kernel. Is it safe to run the stretch kernel with programs /
apps / utilities from testing?
2. I noticed the intel-microcode package is not installed. If I install it,
could this testing version conflict with the stretch kernel?
3. Last time I tried apt upgrade, my grub menu was replaced with the grub
command prompted. If there any way to avoid this happening again?

Re: Password policy.

[Andrew McGlashan]

On 14/11/18 10:25 pm, Corey Manshack wrote:
> So using the file uploader tool we can inject many more dangerous scripts and 
> codes to gain higher access than just “reading” /etc/shadow if the uploader 
> tool is running as privileged user or we gained privilege escalation another 
> way.

Sure, I never said it was a good example...

In any case, weak passwords as per the "recommendation" are surprising
to say the least.

A.

Re: Password policy.

[Andrew McGlashan]

On 14/11/18 9:28 pm, Corey Manshack wrote:
> If they have /etc/shadow why would they need to brute force :) I can’t think 
> of a vuln that would give that up without them already having root.

A website file uploader tool, apparantly there has been one there for
about 10 years using jquery.  Once the file is uploaded, it can be
leveraged to steel other files that the website shouldn't have access to.

That's just one example.  I'm sure there are many others.

A.

Re: Password policy.

[Brian]

On Wed 14 Nov 2018 at 21:21:54 +1100, Andrew McGlashan wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
> 
> On 14/11/18 8:44 pm, Brian wrote:
> > On Tue 13 Nov 2018 at 18:50:35 -0800, pe...@easthope.ca wrote:
> >> https://en.wikipedia.org/wiki/Brute-force_attack
> > 
> > Security is already breached if a password database can be attacked
> > in that way. A six character (upper and lower case) login password
> > would take about 500 years to force for someone at the keyboard.
> > This assumes three seconds per try without coffee breaks.
> > 
> > I'm the cautious type, so use ten character passwords.
> 
> Well, yes but some breaches are from remote machines that may be
> able to life the /etc/shadow file due to a vulnerability that isn't
> fixed and if that's all they have, then they don't yet need more
> direct access.  If they have /etc/shadow, then they can work on
> off-line brute force.

There are two situations I can think of which could lead to /etc/shadow
becoming vulnerable:

1. The machine's administrator causes it to happen.
2. There is a flaw in one the OS's components.

The least said about cause 1, the better. There is nothing which can be
done here.

The bug arising in 2. would soon be discovered and a fix rapidly devised
and distributed. There is nothing much to worry about here.

-- 
Brian.

Re: Password policy.

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 14/11/18 8:44 pm, Brian wrote:
> On Tue 13 Nov 2018 at 18:50:35 -0800, pe...@easthope.ca wrote:
>> https://en.wikipedia.org/wiki/Brute-force_attack
> 
> Security is already breached if a password database can be attacked
> in that way. A six character (upper and lower case) login password
> would take about 500 years to force for someone at the keyboard.
> This assumes three seconds per try without coffee breaks.
> 
> I'm the cautious type, so use ten character passwords.

Well, yes but some breaches are from remote machines that may be
able to life the /etc/shadow file due to a vulnerability that isn't
fixed and if that's all they have, then they don't yet need more
direct access.  If they have /etc/shadow, then they can work on
off-line brute force.

I'm very surprised at the very low password strength / length
recommendations to say the least!

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW+v3PQAKCRCoFmvLt+/i
+19JAP9R3Zw7RqQDIytWTedQxVeCKMV0+gGxMAw9oO6G6gG/VgD/dJbL4dppk5Zp
j5Tolqq/w0aa34exUvNHn6fqMI85HhU=
=5zUS
-END PGP SIGNATURE-

Re: Archiving content of a directory on a DVD-R.

[Jonathan Dowland]

On Tue, Nov 13, 2018 at 08:15:13AM -0500, Greg Wooledge wrote:

So move them to scripts instead.  Or a single script.

Defining your system backup in your end-user account's shell functions
just seems completely silly and pointless.


I can't really see the problem, assuming ~/.bashrc is being backed up in
the same way you might expect ~/bin/backup{1,2,3} to be.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Password policy.

[Brian]

On Tue 13 Nov 2018 at 18:50:35 -0800, pe...@easthope.ca wrote:

> * From: Brian 
> * Date: Tue, 13 Nov 2018 18:14:32 +
> > OTOH, if a*isvg is known to be the name of your dog...
> 
> The reference in my enquiry is clear about that.
> https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_good_password
> Section 4.3.
> "Do not choose guessable words for the password. ...  pets, ... are
>  all bad choice for the password."

My comment was a reference to the reference. :)

> > You are going to have to say what you mean
> > by "brute force",
> 
> https://en.wikipedia.org/wiki/Brute-force_attack

Security is already breached if a password database can be attacked in
that way. A six character (upper and lower case) login password would
take about 500 years to force for someone at the keyboard. This assumes
three seconds per try without coffee breaks.

I'm the cautious type, so use ten character passwords.

-- 
Brian.

RE: Verifying dependencins of DEB file(s)

[David Martens]

-Original Message-
From: Tomáš Golembiovský [mailto:tgole...@redhat.com] 
Sent: Wednesday, November 14, 2018 9:38 AM
To: debian-user@lists.debian.org
Subject: Verifying dependencins of DEB file(s)

...

Neither I found a way how to at least check
dependencies. 

...

gdebi?
This communication is intended for the addressee only. It is confidential. If 
you have received this communication in error, please notify us immediately and 
destroy the original message. You may not copy or disseminate this 
communication without the permission of the University. Only authorised 
signatories are competent to enter into agreements on behalf of the University 
and recipients are thus advised that the content of this message may not be 
legally binding on the University and may contain the personal views and 
opinions of the author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between the 
University and outsiders are subject to South African Law unless the University 
agrees in writing to the contrary.

Re: Paypal and Linux in a low graphics environment.

[Joe]

On Tue, 13 Nov 2018 18:30:47 -0500
Gene Heskett  wrote:

> On Tuesday 13 November 2018 18:04:44 Karen Lewellen wrote:
> 
> > Hi Folks,
> > More for those using tools like links then tools like Firefox,
> > because I only have access to Linux via a shell.
> > Is there an alternative door to paypal, or a paypal alternative?
> > Changes in the past week or so makes even elinks a problem.
> > Does not help speaking personally  that  Paypal itself claims they
> > do not support Linux.
> > Ideas?
> > Kare  
> 
> "escalate" the call. Paypal I think, runs on linux. 

That doesn't mean they allow their customers to use it.

Think about it, the minimum wage call-centre people work from scripts.
That's workable with Windows, of which there are only two
near-identical versions supported by Microsoft. I don't know OSX, but
I'd think pretty much the same was true by now.

Now, how many Linux desktops are there? How many have moveable and
customisable panels? How are you going to deal with that over the phone
from a script? That's not even thinking about the command line, and
which underlying distribution has which tools as 'standard'.

-- 
Joe

Re: Verifying dependencins of DEB file(s)

[Tomaž Šolc]

On 14. 11. 18 08:38, Tomáš Golembiovský wrote:

However, it seems there is no way to roll-back installation done with
dpkg in case of failure. 


"dpkg --purge foo" should remove any installation of "foo", including in 
the case when package configuration failed due to missing dependencies.


For any sane .deb the system after --purge should be in the same state 
as before installation.


Best regards
Tomaž

Re: ayuda bash

[miguel angel gonzalez]

Uff me pierdo un poco en este punto. ¿Me puedes dar alguna pista más y ya
tiro del hilo? Muchas gracias!

El mié., 14 nov. 2018 a las 9:22, OddieX () escribió:

>
>
> El mié., 14 de nov. de 2018 05:17, miguel angel gonzalez <
> mangelgonza...@gmail.com> escribió:
>
>> Hola a todos,
>> Tengo una duda, me han pedido que haga un script relativamente sencillo
>> pero que me tiene atascado.
>> Comprobar que tomcat está arrancado y sino arrancarlo, hasta aquí bien,
>> lo estaba haciendo por procesos.
>>
>> #!/bin/bash
>> RESTART="/etc/init.d/tomcat restart"
>> PGREP="/usr/bin/pgrep"
>> TOMCAT="java"
>>
>> # buscamos que exista el proceso
>> $PGREP ${TOMCAT}
>>
>> # sino existe id de proceso y el comando anterior devuelve 0
>>
>> if [ $? -ne 0 ]
>> then
>>   $RESTART
>> fi
>> ---
>> Pues bien, así no quieren que se realice.
>> Sino que compruebe estado es decir, si está arrancado que no haga nada
>> sino que lo arranque. Por el mensaje que devuelve. Lo que llevo hecho es
>> esto, el problema me surge que el estado de tomcat que devuelve el comando
>> status no entra en la variable y sin eso el resto no funciona. Como podéis
>> ver hee intentado varias opciones pero ninguna me funciona, entiendo que la
>> correcta y que debería de funcionar es:  ssh root@$i
>> SALIDA=$(/etc/init.d/Tomcat status)
>>
>> #!/bin/bash
>> START="/etc/init.d/Tomcat start"
>> PARADO="Tomcat Server is not running."
>> #STATUS="Tomcat Server is running"
>> #SALIDA=/etc/init.d/Tomcat status"
>> for i in $(cat /home/usuario/xml.lst)
>> do
>> #ssh root@$i /etc/init.d/Tomcat status >>
>> SALIDA=$(/home/usuario/prueba_estado_tomcat.txt)
>> ssh root@$i /etc/init.d/Tomcat status
>>*ssh root@$i SALIDA=$(/etc/init.d/Tomcat status)*
>> echo "$SALIDA"  >> /home/usuario/prueba_estado_tomcat.txt
>> #   if [ "$SALIDA" == "$PARADO" ];
>> #then echo "está parado" >>
>> /home/usuario/tomcat_parado.txt
>> #$START
>> #fi
>> done
>> Por cierto, el servicio de tomcat es con la T mayúscula. De momento hasta
>> que lo tenga terminado, voy por partes y estoy enviando el resultado a un
>> txt. Recorro una lista con las ip´s de las máquinas. Por eso dentro de un
>> for meto el if.
>> ¿Se os ocurre algo? Gracias.
>> --
>> /m.a.
>>
>
> Humm chequeando el sock no seria mejor? Y para reforzar con un curl para
> verificar que el puerto web responda...
>
> Fijate si asi te va mejor que utilizando el script de start/stop
>
>>

-- 
/m.a.

Re: Verifying dependencins of DEB file(s)

[Sven Joachim]

On 2018-11-14 08:38 +0100, Tomáš Golembiovský wrote:

> I need to safely install a DEB file (or set of DEB files) without
> network connectivity and with tools normally present on small Debian
> installation. More precisely I would either like to install the package
> or leave the system in state before the attempt.
>
> However, it seems there is no way to roll-back installation done with
> dpkg in case of failure. Neither I found a way how to at least check
> dependencies. The --dry-run/--simulate option does not do that. In fact,
> I'm not sure what stages of the process it goes through (maybe just
> verifying package integrity).

Basically, --dry-run just simulates unpacking, and dpkg does not check
dependencies (other than Pre-Depends) during that phase.  There have
been complaints[1] about that forever, so don't expect it to be fixed
anytime soon.

> Is what I want to do possible with dpkg or other tools that are
> normally in the base system?

Not with dpkg, but apt can install local .deb files and resolve
dependencies, although this is not documented[2].

$ apt -s install ./*.deb

should give you information whether the local packages are installable.
Note the leading "./" here, it tells apt to treat the arguments as local
files rather than package names.

Cheers,
   Sven


1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55364
2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874763

Re: Verifying dependencins of DEB file(s)

[Reco]

Hi.

On Wed, Nov 14, 2018 at 08:38:26AM +0100, Tomáš Golembiovský wrote:
> Hi,
> 
> I need to safely install a DEB file (or set of DEB files) without
> network connectivity and with tools normally present on small Debian
> installation. More precisely I would either like to install the package
> or leave the system in state before the attempt.
> 
> However, it seems there is no way to roll-back installation done with
> dpkg in case of failure.

dpkg --purge should help here.

> Neither I found a way how to at least check dependencies.
> The --dry-run/--simulate option does not do that. In fact,
> I'm not sure what stages of the process it goes through (maybe just
> verifying package integrity).

# apt download mono-complete
Get:1 http://ftp.debian.org/debian stretch/main amd64 mono-complete amd64 
4.6.2.7+dfsg-1 [29.9 kB]
Fetched 29.9 kB in 1s (22.0 kB/s)

# apt install -s ./mono-complete_4.6.2.7+dfsg-1_amd64.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'mono-complete' instead of 
'./mono-complete_4.6.2.7+dfsg-1_amd64.deb'
The following additional packages will be installed:
  ca-certificates-mono cli-common dconf-gsettings-backend dconf-service 
glib-networking glib-networking-common
...
0 upgraded, 194 newly installed, 0 to remove and 0 not upgraded.
Inst libglade2-0 (1:2.6.4-2 Debian:9.6/stable [amd64])
...

So, in the case of the doubt, you use 'apt install -s '.

Reco

Re: ayuda bash

[OddieX]

El mié., 14 de nov. de 2018 05:17, miguel angel gonzalez <
mangelgonza...@gmail.com> escribió:

> Hola a todos,
> Tengo una duda, me han pedido que haga un script relativamente sencillo
> pero que me tiene atascado.
> Comprobar que tomcat está arrancado y sino arrancarlo, hasta aquí bien, lo
> estaba haciendo por procesos.
>
> #!/bin/bash
> RESTART="/etc/init.d/tomcat restart"
> PGREP="/usr/bin/pgrep"
> TOMCAT="java"
>
> # buscamos que exista el proceso
> $PGREP ${TOMCAT}
>
> # sino existe id de proceso y el comando anterior devuelve 0
>
> if [ $? -ne 0 ]
> then
>   $RESTART
> fi
> ---
> Pues bien, así no quieren que se realice.
> Sino que compruebe estado es decir, si está arrancado que no haga nada
> sino que lo arranque. Por el mensaje que devuelve. Lo que llevo hecho es
> esto, el problema me surge que el estado de tomcat que devuelve el comando
> status no entra en la variable y sin eso el resto no funciona. Como podéis
> ver hee intentado varias opciones pero ninguna me funciona, entiendo que la
> correcta y que debería de funcionar es:  ssh root@$i
> SALIDA=$(/etc/init.d/Tomcat status)
>
> #!/bin/bash
> START="/etc/init.d/Tomcat start"
> PARADO="Tomcat Server is not running."
> #STATUS="Tomcat Server is running"
> #SALIDA=/etc/init.d/Tomcat status"
> for i in $(cat /home/usuario/xml.lst)
> do
> #ssh root@$i /etc/init.d/Tomcat status >>
> SALIDA=$(/home/usuario/prueba_estado_tomcat.txt)
> ssh root@$i /etc/init.d/Tomcat status
>*ssh root@$i SALIDA=$(/etc/init.d/Tomcat status)*
> echo "$SALIDA"  >> /home/usuario/prueba_estado_tomcat.txt
> #   if [ "$SALIDA" == "$PARADO" ];
> #then echo "está parado" >> /home/usuario/tomcat_parado.txt
> #$START
> #fi
> done
> Por cierto, el servicio de tomcat es con la T mayúscula. De momento hasta
> que lo tenga terminado, voy por partes y estoy enviando el resultado a un
> txt. Recorro una lista con las ip´s de las máquinas. Por eso dentro de un
> for meto el if.
> ¿Se os ocurre algo? Gracias.
> --
> /m.a.
>

Humm chequeando el sock no seria mejor? Y para reforzar con un curl para
verificar que el puerto web responda...

Fijate si asi te va mejor que utilizando el script de start/stop

>

ayuda bash

[miguel angel gonzalez]

Hola a todos,
Tengo una duda, me han pedido que haga un script relativamente sencillo
pero que me tiene atascado.
Comprobar que tomcat está arrancado y sino arrancarlo, hasta aquí bien, lo
estaba haciendo por procesos.

#!/bin/bash
RESTART="/etc/init.d/tomcat restart"
PGREP="/usr/bin/pgrep"
TOMCAT="java"

# buscamos que exista el proceso
$PGREP ${TOMCAT}

# sino existe id de proceso y el comando anterior devuelve 0

if [ $? -ne 0 ]
then
  $RESTART
fi
---
Pues bien, así no quieren que se realice.
Sino que compruebe estado es decir, si está arrancado que no haga nada sino
que lo arranque. Por el mensaje que devuelve. Lo que llevo hecho es esto,
el problema me surge que el estado de tomcat que devuelve el comando status
no entra en la variable y sin eso el resto no funciona. Como podéis ver hee
intentado varias opciones pero ninguna me funciona, entiendo que la
correcta y que debería de funcionar es:  ssh root@$i
SALIDA=$(/etc/init.d/Tomcat status)

#!/bin/bash
START="/etc/init.d/Tomcat start"
PARADO="Tomcat Server is not running."
#STATUS="Tomcat Server is running"
#SALIDA=/etc/init.d/Tomcat status"
for i in $(cat /home/usuario/xml.lst)
do
#ssh root@$i /etc/init.d/Tomcat status >>
SALIDA=$(/home/usuario/prueba_estado_tomcat.txt)
ssh root@$i /etc/init.d/Tomcat status
   *ssh root@$i SALIDA=$(/etc/init.d/Tomcat status)*
echo "$SALIDA"  >> /home/usuario/prueba_estado_tomcat.txt
#   if [ "$SALIDA" == "$PARADO" ];
#then echo "está parado" >> /home/usuario/tomcat_parado.txt
#$START
#fi
done
Por cierto, el servicio de tomcat es con la T mayúscula. De momento hasta
que lo tenga terminado, voy por partes y estoy enviando el resultado a un
txt. Recorro una lista con las ip´s de las máquinas. Por eso dentro de un
for meto el if.
¿Se os ocurre algo? Gracias.
-- 
/m.a.