Re: systemd error

2019-03-09 Thread Reco 
Hi.

On Sat, Mar 09, 2019 at 09:27:35PM -0500, Default User wrote:
> On Sat, Mar 9, 2019 at 2:45 AM Reco  wrote:
> >
> > On Fri, Mar 08, 2019 at 04:00:05PM -0500, Default User wrote:
> > > Hi.  Got a (minor) systemd problem.
> > ...
> > >└─3684 /usr/sbin/minissdpd -i enp7s0 -i wlp6s0
> > ...
> > > So, although the minissdpd.service unit is enables, it does not start
> > > automatically at boot, but will start manually using systemctl
> > start/stop.
> >
> > What is most likely happening at boot is that systemd tries to start
> > minissdpd before configuring interfaces enp7s0 and wlp6s0.
> > So it fails at boot, but works for manual restart because by then you
> > have both enp7s0 and wlp6s0 up and running.
> > Adding a dependency in the form of:
> >
> > [Unit]
> > After=sys-subsystem-net-devices-enp7s0.device
> > sys-subsystem-net-devices-wlp6s0.device
> > Requires=sys-subsystem-net-devices-enp7s0.device
> > sys-subsystem-net-devices-wlp6s0.device
> 
> Hi, Reco.
> Thanks for the reply and information.
> 
> Since I know very little about systemd, may I ask, should:
> 
> [Unit]
> After=sys-subsystem-net-devices-enp7s0.device
> sys-subsystem-net-devices-wlp6s0.device
> Requires=sys-subsystem-net-devices-enp7s0.device
> sys-subsystem-net-devices-wlp6s0.device
> 
> be appended to an existing .service or .target file, or should a new
> .service or .target file be created with these contents? And if a new file
> is needed, what should it be named, and in what directory should it be
> placed?

To do it proper systemd way, you should do the following:

# directory name is crucial
mkdir /etc/systemd/system/minissdpd.service.d
# file name is not important
cat > /etc/systemd/system/minissdpd.service.d/override.conf << EOF
[Unit]
After=sys-subsystem-net-devices-enp7s0.device 
sys-subsystem-net-devices-wlp6s0.device
Requires=sys-subsystem-net-devices-enp7s0.device 
sys-subsystem-net-devices-wlp6s0.device
EOF

systemctl daemon-reload

Just to be free of the formatting errors, you should create one directory,
and add three lines to one file inside it.

Reco

Programa IRPF2019 não se instala no Debian GNU/Linux 9

2019-03-09 Thread Jamenson Ferreira Espindula de Almeida Melo 
Saudações.

O instalador do programa do Imposto de Renda Pessoa Física (IRPF) 2019
não está instalando no meu Debian GNU/Linux 9 (Stretch).

O arquivo é o "IRPF2019Linux-x86_64v1.0.bin" e o hash md5 é este:

fae15aeb8d6c7807c271a0a96b13054b  IRPF2019Linux-x86_64v1.0.bin

Eu executo o arquivo no emulador de terminal (no ambiente gráfico) e
nada acontece. Nenhuma mensagem de erro. Nada.

O comando ps mostra que o dito instalador está em execução, porém nada ocorre.

Eu instalei a Máquina Virtual Java, conforme as instruções contidas no
página da Receita Federal do Brasil, porém nada.

Alguma ideia? Alguém está com essa mesma dificuldade?

Jamenson Ferreira Espindula de Almeida Melo
Jaboatão dos Guararapes, Pernambuco, Brasil
Usuário GNU/Linux nº 166197
https://linuxcounter.net/cert/166197.png

Impressão digital da chave:
234D 1914 4224 7C53 BD13  6855 2AE0 25C0 08A8 6180

Re: systemd error

2019-03-09 Thread Default User 
On Sat, Mar 9, 2019 at 2:45 AM Reco  wrote:

> Hi.
>
> On Fri, Mar 08, 2019 at 04:00:05PM -0500, Default User wrote:
> > Hi.  Got a (minor) systemd problem.
> ...
> >└─3684 /usr/sbin/minissdpd -i enp7s0 -i wlp6s0
> ...
> > So, although the minissdpd.service unit is enables, it does not start
> > automatically at boot, but will start manually using systemctl
> start/stop.
>
> What is most likely happening at boot is that systemd tries to start
> minissdpd before configuring interfaces enp7s0 and wlp6s0.
> So it fails at boot, but works for manual restart because by then you
> have both enp7s0 and wlp6s0 up and running.
> Adding a dependency in the form of:
>
> [Unit]
> After=sys-subsystem-net-devices-enp7s0.device
> sys-subsystem-net-devices-wlp6s0.device
> Requires=sys-subsystem-net-devices-enp7s0.device
> sys-subsystem-net-devices-wlp6s0.device
>
> Should help with the issue.
>
> Reco
>


Hi, Reco.
Thanks for the reply and information.

Since I know very little about systemd, may I ask, should:

[Unit]
After=sys-subsystem-net-devices-enp7s0.device
sys-subsystem-net-devices-wlp6s0.device
Requires=sys-subsystem-net-devices-enp7s0.device
sys-subsystem-net-devices-wlp6s0.device

be appended to an existing .service or .target file, or should a new
.service or .target file be created with these contents? And if a new file
is needed, what should it be named, and in what directory should it be
placed?

Re: systemd error

2019-03-09 Thread Default User 
On Sat, Mar 9, 2019 at 4:21 AM Curt  wrote:

> On 2019-03-08, Default User  wrote:
> >
> > doofus@doofus:~$ sudo systemctl status
> > [sudo] password for doofus:
> > doofus
> > State: degraded
> >  Jobs: 0 queued
> >Failed: 1 units
>
> I believe sudo (or root) isn't required for this command (nor is it
> needed for some of the other, interrogative systemctl commands further
> down, which I've snipped in the interests of brevity).
>
> Elevated privileges are needed for starting and stopping services, of
> course.
>
> As keystroke frugality is one of the frequently expressed ideals of the
> group (though often when other arguments seem unconvincing), if only
> for that I thought you'd like to know.
>
> --
> “Let us again pretend that life is a solid substance, shaped like a globe,
> which we turn about in our fingers. Let us pretend that we can make out a
> plain
> and logical story, so that when one matter is despatched--love for
> instance--
> we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves
>



Curt, I often use sudo [command] even when not needed, because the sudo
elevated privileges state  "times out" after several minutes, reverting to
unprivileged user state. So if I need to enter another command with
elevated privileges after the elevated privilege state expires, I have to
re-enter the password again, instead of just sudo [command].

I guess i'm just lazy.

Re: sucessor for denyhosts?

2019-03-09 Thread Håkon Alstadheim 



Den 09.03.2019 11:22, skrev mj:

Hi,

We are using fail2ban to do this. It offers many more options, and 
works by creating iptables rules. This gives you  much more control 
over what ports exactly are blocked.
fail2ban can run any script of your choosing as "banaction". I have a 
script that does smtp blacklist for example. My default action is a 
shorewall command. Also needs the corresponding "unban" script, 
obviously. All in all fail2ban seems fairly solid, though it /does/ 
depend on the format of your logs to work properly. Stick with standard 
config of logging from services and syslogd/systemd as far as possible, 
and fail2ban will be pretty low-maintenance. (I have only ever used it 
together with rsyslogd).


Plus I think (correct me if Im wrong) that using /etc/hosts.deny to 
block access only works with programs that are compiled to do so, and 
iptables will always work.


That is the direction things are moving in my experience also, though I 
seem to remember a recent issue i had where I needed hosts.deny to get 
proper blocking for apache, because connections were coming in via a 
multiplexer/proxy thingamajig. Had something to do with open-vpn.





MJ

On 3/9/19 9:57 AM, Hans wrote:

Hi folks,

looks like "denyhosts" is nol more in the repos. I like this tool, 
because it

blocks the IP, when the wrong password is sent n-times.

The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.

I am using a script, which, cleares the hosts.deny after a certain 
time, but

this is just my behaviour.

My question: which successor for denyhost do you suggest. I found 
sshguard,
which looks promising, but maybe you got a better tool, which is 
similar to

denyhosts.

Happy hacking!

Hans

Re: GkSudo and Python Apt

2019-03-09 Thread Michael Lange 
Hi,

On Sat, 09 Mar 2019 18:05:25 +
"J.Arun Mani"  wrote:

> Hello.
> 
> Im designing an application in Python for installing some apps. I need
> help in the following:
> 
> 1. Whenever I open any app which needs root permissions, it shows me a
> popup asking password. And I have seen people refer to this GKSudo. How
> can I setup such one for my app?
> 
> 2. Or is there any alternative to GKSudo, like taking password as input
> from user and entering it, using os.system("apt install...") or any
> such modules?

afaik gksu / gksudo is virtually dead. You better use pkexec, for example
like this:

$ python
Python 2.7.13 (default, Sep 26 2018, 18:42:22) 
[GCC 6.3.0 20170516] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from subprocess import call
>>> call(('pkexec', '--disable-internal-agent', '/usr/sbin/synaptic'))

> 
> {In a way such that user need not run the app from terminal using
> "sudo /.myapp"; I want this process to more graphical as possible}
> 
> Like do you guys have a better idea in designing a Python based app
> which uses apt to install apps. The problem I face is with "how to get
> sudo permission". With forums saying graphical apps should not use sudo
> and Python based modules which allow calling terminal commands not so
> effective; Im confused what to do...

If you want to run a gui app with root privilege via pkexec a
properly set up policy file for polkit is required. There is one for
synaptic at
/usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy , which
is why my above example works. Adding policy files like this for random
commands however is for reasons of security not recommended.

Maybe a better alternative is to use pkexec to run a command line program
in the background; you could use subprocess.Popen to catch the output of
this program and process it for the gui.

> 
> 3. Is there any documentation available for Python-Apt module?

Sure, just install python-apt-doc :-)

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Emotions are alien to me.  I'm a scientist.
-- Spock, "This Side of Paradise", stardate 3417.3

Re: User rw Permissions on New Hard Drive

2019-03-09 Thread Pascal Hambourg 

Le 08/03/2019 à 04:15, David Wright a écrit :

On Thu 07 Mar 2019 at 23:12:29 (+0100), Pascal Hambourg wrote:

Le 07/03/2019 à 20:23, David Wright a écrit :


A filesystem
that has a label, has that label regardless of any OS.


Have you ever used UDF ?


Yes. As far as my experience goes, there's not a lot of difference.
I've had no occasion to *write* DVDs on a computer system, so I can
only speak of reading them.


I did not mean using UDF on opticals discs but on regular drives, just 
as any other general purpose filesystem. I once considered using it for 
file sharing between Windows and Linux instead of the usual FAT and 
NTFS. Indeed UDF is natively supported as a read-write filesystem by 
both Linux and Windows, natively supports POSIX permissions and does not 
suffer from FAT file size limitations. And I was surprised to discover 
that the label set by Windows was not the label read by Linux and vice 
versa.



It has a set of identifiers, and I observed
that Windows and blkid did not use the same identifier as the label.


I've made no claim about what Windows and blkid do and do not use.


You wrote that the filesystem label was independent of any OS. I just 
gave an example of a filesystem for which two different OSes use two 
different identifiers as the label.

Re: Sauvegarde "classique" vs synchronisation ?

2019-03-09 Thread fab 

'lut,

Juste un conseil: à mon avis, inutile de sauver tout ton home. Par 
exemple, le cache de ton navigateur, tu t'en fiches un peu. Par 
ailleurs, pour tes mails, il est préférable d'utiliser le stockage 
maildir plutôt que mailbox. Ainsi, ça évitera à ta synchro de devoir 
récupérer tous tes mails juste pour un seul nouveau message.


Enfin, pour répondre plus précisément à ta question, je pense que 
sauvegarde et synchro sont 2 choses différentes que je pratique avec 
backuppc. C'est à dire que tous les jours, il y a un différentiel qui 
est sauvegardé (une synchro quoi) puis toutes les semaines, une 
sauvegarde complète. Je n'ai pas d'archivage.


Et à titre d'exemple, voici quelques exclusions de mon home:
/fabricer/.cache
/fabricer/.config/google-chrome-unstable
/fabricer/.config/google-chrome
/fabricer/.config/libreoffice
/fabricer/.local/share/torbrowser
/fabricer/.mozilla/firefox/0aakuu2qzp.default
/fabricer/.local/share/Trash

mes 2 cts,

f.


Le 09/03/2019 à 18:42, David BERCOT a écrit :

Bonjour,

Afin d'avoir une copie à jour (ou du moins, le plus à jour possible) de
mon ordinateur (ce qui m'intéresse est uniquement mon /home), j'hésite
entre des sauvegardes classiques et une synchronisation type "cloud".

De mon point de vue, la sauvegarde a l'avantage d'être "consistante" et
d'intégrer potentiellement des versions différentes de mes documents.
En revanche, si le crash ou la perte ou le vol de la machine se produit
"relativement longtemps" après la dernière sauvegarde, les données ne
sont pas vraiment fraîches.

La synchronisation (partons sur un serveur personnel de type NextCloud
pour illustrer) permet justement de répondre à ce besoin de fraîcheur
mais peut poser d'autres problèmes [quid des fichiers qui bougent
quasiment en permanence, d'un "gros" fichier mis à jour au moment d'un
connexion bas débit [aéroport par exemple] ?).

Bref, le sujet me semblant assez "classique", je me disais que j'aurais
pu profiter de vos expériences en la matière ;-).

Si vous avez des retours, des conseils, des préconisations, je suis
preneur...

Merci d'avance et bon week-end.

David.

Re: mdadm vs LVM

2019-03-09 Thread Pascal Hambourg 

Le 09/03/2019 à 13:01, Guillaume Clercin a écrit :


Si tu installes le système dans un volume logique, tu doit avoir un
« /boot » sur une partition à part.


Non. GRUB sait lire dans les volumes logiques LVM.


Sauf s'il y a un raid logiciel en dessous du volume logique.


Non plus. En quoi le RAID logiciel changerait-il quelque chose ?

Re: Sauvegarde "classique" vs synchronisation ?

2019-03-09 Thread Belaïd 
Bonjour,

À mon avis le "vs" n'a pas trop ça place dans le sujet puisque chacune des
deux solutions touche à mon avis à deux domaines plutôt différent.  À mon
avis il faudrait faire une réel distinction entre synchronisation et
sauvegarde...

Le sam. 9 mars 2019 18:42, David BERCOT  a écrit :

> Bonjour,
>
> Afin d'avoir une copie à jour (ou du moins, le plus à jour possible) de
> mon ordinateur (ce qui m'intéresse est uniquement mon /home), j'hésite
> entre des sauvegardes classiques et une synchronisation type "cloud".
>
> De mon point de vue, la sauvegarde a l'avantage d'être "consistante" et
> d'intégrer potentiellement des versions différentes de mes documents.
> En revanche, si le crash ou la perte ou le vol de la machine se produit
> "relativement longtemps" après la dernière sauvegarde, les données ne
> sont pas vraiment fraîches.
>
> La synchronisation (partons sur un serveur personnel de type NextCloud
> pour illustrer) permet justement de répondre à ce besoin de fraîcheur
> mais peut poser d'autres problèmes [quid des fichiers qui bougent
> quasiment en permanence, d'un "gros" fichier mis à jour au moment d'un
> connexion bas débit [aéroport par exemple] ?).
>
> Bref, le sujet me semblant assez "classique", je me disais que j'aurais
> pu profiter de vos expériences en la matière ;-).
>
> Si vous avez des retours, des conseils, des préconisations, je suis
> preneur...
>
> Merci d'avance et bon week-end.
>
> David.
>
>

GkSudo and Python Apt

2019-03-09 Thread J.Arun Mani 
Hello.

Im designing an application in Python for installing some apps. I need help in 
the following:

1. Whenever I open any app which needs root permissions, it shows me a popup 
asking password. And I have seen people refer to this GKSudo. How can I setup 
such one for my app?

2. Or is there any alternative to GKSudo, like taking password as input from 
user and entering it, using os.system("apt install...") or any such modules?

{In a way such that user need not run the app from terminal using "sudo 
/.myapp"; I want this process to more graphical as possible}

Like do you guys have a better idea in designing a Python based app which uses 
apt to install apps. The problem I face is with "how to get sudo permission". 
With forums saying graphical apps should not use sudo and Python based modules 
which allow calling terminal commands not so effective; Im confused what to 
do...

3. Is there any documentation available for Python-Apt module?

Thank You
J. Arun Mani

Re: Sauvegarde "classique" vs synchronisation ?

2019-03-09 Thread Bernard Schoenacker 



- Mail original -
> De: "David BERCOT" 
> À: debian-user-french@lists.debian.org
> Envoyé: Samedi 9 Mars 2019 18:42:04
> Objet: Sauvegarde "classique" vs synchronisation ?
> 
> Bonjour,
> 
> Afin d'avoir une copie à jour (ou du moins, le plus à jour possible)
> de
> mon ordinateur (ce qui m'intéresse est uniquement mon /home),
> j'hésite
> entre des sauvegardes classiques et une synchronisation type "cloud".
> 
> De mon point de vue, la sauvegarde a l'avantage d'être "consistante"
> et
> d'intégrer potentiellement des versions différentes de mes documents.
> En revanche, si le crash ou la perte ou le vol de la machine se
> produit
> "relativement longtemps" après la dernière sauvegarde, les données ne
> sont pas vraiment fraîches.
> 
> La synchronisation (partons sur un serveur personnel de type
> NextCloud
> pour illustrer) permet justement de répondre à ce besoin de fraîcheur
> mais peut poser d'autres problèmes [quid des fichiers qui bougent
> quasiment en permanence, d'un "gros" fichier mis à jour au moment
> d'un
> connexion bas débit [aéroport par exemple] ?).
> 
> Bref, le sujet me semblant assez "classique", je me disais que
> j'aurais
> pu profiter de vos expériences en la matière ;-).
> 
> Si vous avez des retours, des conseils, des préconisations, je suis
> preneur...
> 
> Merci d'avance et bon week-end.
> 
> David.
> 

bonjour,

voici un début de piste :

https://doc.ubuntu-fr.org/borgbackup

et c'est un ami admin qui me l'a conseillé

merci
slt
bernard

Sauvegarde "classique" vs synchronisation ?

2019-03-09 Thread David BERCOT 
Bonjour,

Afin d'avoir une copie à jour (ou du moins, le plus à jour possible) de
mon ordinateur (ce qui m'intéresse est uniquement mon /home), j'hésite
entre des sauvegardes classiques et une synchronisation type "cloud".

De mon point de vue, la sauvegarde a l'avantage d'être "consistante" et
d'intégrer potentiellement des versions différentes de mes documents.
En revanche, si le crash ou la perte ou le vol de la machine se produit
"relativement longtemps" après la dernière sauvegarde, les données ne
sont pas vraiment fraîches.

La synchronisation (partons sur un serveur personnel de type NextCloud
pour illustrer) permet justement de répondre à ce besoin de fraîcheur
mais peut poser d'autres problèmes [quid des fichiers qui bougent
quasiment en permanence, d'un "gros" fichier mis à jour au moment d'un
connexion bas débit [aéroport par exemple] ?).

Bref, le sujet me semblant assez "classique", je me disais que j'aurais
pu profiter de vos expériences en la matière ;-).

Si vous avez des retours, des conseils, des préconisations, je suis
preneur...

Merci d'avance et bon week-end.

David.

Re: Certificado ou Declaração de Participação e Organização em evento Debian Day de 2008

2019-03-09 Thread Paulo Henrique de Lima Santana 
Olá,

On 3/6/19 6:00 PM, Rafael Rocha wrote:
> 
> *Resumidamente*, gostaria de saber como posso obter um certificado ou
> declaração da comunidade, de modo que eu consiga comprovar que fiz parte
> disto e que ajudei a organizar, como de fato aconteceu.
> 
> Eu perguntei em particular para alguns destes amigos e, a confirmação
> desta informação ficou centralizada em Marcelo mas, ainda não tive  o
> seu retorno. Caso alguém puder me ajudar, fico muito grato.

Só quem pode fornecer esse certificado é o pessoal envolvido na
organização na época na sua cidade. Não existe uma organização nacional
que possa te ajudar nisso.

Como o evento foi em 2008, eu não teria muita esperança de conseguir
isso agora.

Abraços,


-- 
Paulo Henrique de Lima Santana (phls)
Curitiba - Brasil
Debian Developer
Diretor do Instituto para Conservação de Tecnologias Livres
Membro da Comunidade Curitiba Livre
Site: http://www.phls.com.br
GNU/Linux user: 228719  GPG ID: 0443C450

Organizador da DebConf19 - Conferência Mundial de Desenvolvedores(as) Debian
Curitiba - 21 a 28 de julho de 2019
http://debconf19.debconf.org



signature.asc
Description: OpenPGP digital signature

Re: mdadm vs LVM

2019-03-09 Thread Jean-Michel OLTRA 


Bonjour,


Le samedi 09 mars 2019, Jean-Marc a écrit...


> Des conseils ?  D'autres suggestions ?

J'utilise, comme on te l'a déjà conseillé, un système à base de lvm sur
raid1 depuis de nombreuses années, et sans souci.

Sinon, j'ai rajouté un 3ème disque de spare sur mon raid. Lorsque l'un des 2
principaux tombe, j'ai un peu de temps pour remettre l'ensemble à niveau
tout en conservant le raid opérationnel.

-- 
jm

Re: sucessor for denyhosts?

2019-03-09 Thread Roger Price 

On Sat, 9 Mar 2019, mj wrote:

We are using fail2ban to do this. It offers many more options, and works by 
creating iptables rules. This gives you  much more control over what ports 
exactly are blocked.


Plus I think (correct me if Im wrong) that using /etc/hosts.deny to block 
access only works with programs that are compiled to do so, and iptables will 
always work.


/etc/hosts.deny is part of TCP Wrappers for which Wietse Venema stopped 
maintenance in 1995.  See https://en.wikipedia.org/wiki/TCP_Wrappers . See also 
October 2014 Linux Weekly News article https://lwn.net/Articles/615173/


I find that it is much easier to use an ipset with set type hash:net to define 
the IP nets and addresses that are to be rejected.  It avoids messing with the 
iptable commands.  The ipset can be initialized with the IP addresses of 
originating countries to be rejected using block lists such as those at 
http://ipverse.net/ipblocks/data/countries/ I recommend enabling the counter 
associated with each net.


I have had no problems with ipsets of over 14 sub-net entries.  I wouldn't 
like to do that with just iptables.


Roger

Re: mdadm vs LVM

2019-03-09 Thread Guillaume Clercin 
Bonjour,

On Sat, 9 Mar 2019 10:03:28 +0100
Jean-Marc  wrote:

> salut la liste,
> 
> J'ai deux disques dans mon PC que je compte utilisés en plus du SSD
> sur lequel j'ai mon système.
> 
> Je pense les regrouper en RAID, histoire de me protéger de certaines
> pannes.
> 
> Entre mdadm et LVM, j'hésite.
> 
> LVM me semble plus souple (RAID au niveau volume logique si j'ai bien
> lu la doc).
> 
> Des conseils ?  D'autres suggestions ?

Tu peut marier les deux en utilisant LVM sur un raid créé par mdadm.

Si tu installes le système dans un volume logique, tu doit avoir un
« /boot » sur une partition à part. Sauf s'il y a un raid logiciel en
dessous du volume logique.

Sur l'ordinateur à mon travail, j'ai deux disques durs et un ssd.
J'assemble les deux disques dur pour faire un raid 1. Ensuite je
partition le raid en trois partitions pour avoir un « /boot » et une
« swap » séparés. Avec la troisième partition et le ssd, je les utlise
avec bcache. Et pour finir, j'ai deux volumes logiques, l'un pour la
racine et l'autre pour « /home ». En bonus, j'ai laissé un peu d'espace
disques dans le volume groupe pour pouvoir créer des snapshots que
j'utilise lorsque que je fais des backups.

La sortie de lsblk donne pour info :
NAME  MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda 8:00  1,8T  0 disk  
└─sda1  8:10  1,8T  0 part  
  └─md127   9:127  0  1,8T  0 raid1 
├─md127p1 259:001G  0 part  /boot
├─md127p2 259:102G  0 part  [SWAP]
└─md127p3 259:20  1,8T  0 part  
  └─bcache0   254:00  1,8T  0 disk  
├─system-root 252:00  128G  0 lvm   /
└─system-home 252:10  1,6T  0 lvm   /home
sdb 8:16   0  1,8T  0 disk  
└─sdb1  8:17   0  1,8T  0 part  
  └─md127   9:127  0  1,8T  0 raid1 
├─md127p1 259:001G  0 part  /boot
├─md127p2 259:102G  0 part  [SWAP]
└─md127p3 259:20  1,8T  0 part  
  └─bcache0   254:00  1,8T  0 disk  
├─system-root 252:00  128G  0 lvm   /
└─system-home 252:10  1,6T  0 lvm   /home
sdc 8:32   0 55,9G  0 disk  
└─bcache0 254:00  1,8T  0 disk  
  ├─system-root   252:00  128G  0 lvm   /
  └─system-home   252:10  1,6T  0 lvm   /home
sr011:01 1024M  0 rom


> 
> Merci d'avance.
> 
> Jean-Marc 
> https://6jf.be/keys/ED863AD1.txt


pgpNtjHKZI8_o.pgp
Description: Signature digitale OpenPGP

Re: mdadm vs LVM

2019-03-09 Thread Frédéric MASSOT 

Le 09/03/2019 à 10:03, Jean-Marc a écrit :

salut la liste,

J'ai deux disques dans mon PC que je compte utilisés en plus du SSD sur lequel 
j'ai mon système.

Je pense les regrouper en RAID, histoire de me protéger de certaines pannes.

Entre mdadm et LVM, j'hésite.

LVM me semble plus souple (RAID au niveau volume logique si j'ai bien lu la 
doc).

Des conseils ?  D'autres suggestions ?


Il faut utiliser les deux, tu assembles tes disques dans un ensemble 
unique RAID avec mdadm, ensuite tu partitionnes cet ensemble unique avec 
LVM.



--
==
|  FRÉDÉRIC MASSOT   |
| http://www.juliana-multimedia.com  |
|   mailto:frede...@juliana-multimedia.com   |
| +33.(0)2.97.54.77.94  +33.(0)6.67.19.95.69 |
===Debian=GNU/Linux===

Re: Certificado ou Declaração de Participação e Organização em evento Debian Day de 2008

2019-03-09 Thread Helio Loureiro 
Provavelmente vc precisa participar de um evento maior como FISL ou
Latinoware como palestrante pra poder validar.

./helio

On Wed, Mar 6, 2019, 21:54 Rafael Rocha  wrote:

> Olá pessoas, boa noite.
>
> Estou participando da seleção de mestrado, no IFPB
> 
> e, um dos itens que eu posso pontuar é sobre a participação em eventos de
> tecnologia, conforme item 6.1 desta tabela
> .
> O problema é como comprovar isso, conforme o seguinte texto:
>
> *Certificado ou declaração de participação em eventos assinada pela*
> *organização do evento*
>
> Em 2008 ajudei a organizar o evento Debian Day, de 15 anos, o qual foi
> realizado na UNICAP , em Recife/PE. Esse é um registro
> do cartaz que foi anunciado 
> na época. Também postei no meu antigo blog
> ,
> inclusive na wiki do debian
> .
>
> Como testemunho deste fato, algumas pessoas me ajudaram a organizar do
> grupo *debian-pe*, tais como: Fred, Marcelo, Celina, Andréa, entre muitos
> outros. Talvez estas ainda estejam participando desta lista e, caso puder,
> agradeço a confirmação e validade das minhas informações.
>
> *Resumidamente*, gostaria de saber como posso obter um certificado ou
> declaração da comunidade, de modo que eu consiga comprovar que fiz parte
> disto e que ajudei a organizar, como de fato aconteceu.
>
> Eu perguntei em particular para alguns destes amigos e, a confirmação
> desta informação ficou centralizada em Marcelo mas, ainda não tive  o seu
> retorno. Caso alguém puder me ajudar, fico muito grato.
>
> Amanhã sai o resultado do mestrado e eu tenho até sexta-feira para tentar
> enviar algum recurso, caso eles não considerem as informações que passei.
>
>
>
> Obrigado,
> Rafael
>
>

mdadm vs LVM

2019-03-09 Thread Jean-Marc 
salut la liste,

J'ai deux disques dans mon PC que je compte utilisés en plus du SSD sur lequel 
j'ai mon système.

Je pense les regrouper en RAID, histoire de me protéger de certaines pannes.

Entre mdadm et LVM, j'hésite.

LVM me semble plus souple (RAID au niveau volume logique si j'ai bien lu la 
doc).

Des conseils ?  D'autres suggestions ?

Merci d'avance.

Jean-Marc 
https://6jf.be/keys/ED863AD1.txt


pgpkKahLtUOnC.pgp
Description: PGP signature

Re: sucessor for denyhosts?

2019-03-09 Thread Hans 
Am Samstag, 9. März 2019, 11:22:45 CET schrieb mj:
Hi MJ, 

that is a good point, that only services are blocked, which are using 
hosts.deny. For the other ports I am using tools like porstentry and 
hostentry, which are running well and do a good job.

My personal style is strange: I am looking, on which kind or way an attacker 
could intrude my system and then defend with the rquired tool. I am never 
relying on one tool, it is always a combination of several tools - like I say, 
a "concept".

Of course I pay attention, that my tools do not interfere each other. And you 
may wonder - it happens, that there is a new attacking threat, then I defend 
against it and after one or two years I forgot about it. "Fire and forget".

But from time to time I recheck my strategies (like this time) and look, what 
can be improved/exchanged/whatever, like today.

I will give fail2ban a try, as it looks like the most suggested tool at the 
moment. But as I said before - let's see of more suggestions.

Best

Hans




> Hi,
> 
> We are using fail2ban to do this. It offers many more options, and works
> by creating iptables rules. This gives you  much more control over what
> ports exactly are blocked.
> 
> Plus I think (correct me if Im wrong) that using /etc/hosts.deny to
> block access only works with programs that are compiled to do so, and
> iptables will always work.
> 
> MJ


signature.asc
Description: This is a digitally signed message part.

Re: sucessor for denyhosts?

2019-03-09 Thread mj 

Hi,

We are using fail2ban to do this. It offers many more options, and works 
by creating iptables rules. This gives you  much more control over what 
ports exactly are blocked.


Plus I think (correct me if Im wrong) that using /etc/hosts.deny to 
block access only works with programs that are compiled to do so, and 
iptables will always work.


MJ

On 3/9/19 9:57 AM, Hans wrote:

Hi folks,

looks like "denyhosts" is nol more in the repos. I like this tool, because it
blocks the IP, when the wrong password is sent n-times.

The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.

I am using a script, which, cleares the hosts.deny after a certain time, but
this is just my behaviour.

My question: which successor for denyhost do you suggest. I found sshguard,
which looks promising, but maybe you got a better tool, which is similar to
denyhosts.

Happy hacking!

Hans

Re: sucessor for denyhosts?

2019-03-09 Thread Hans 
Hi Paul,

fail2ban is looking promising, and I have it already installed since years. It 
is more expandable than sshguard, as it is checking more services than ssh.

Both are using the same techniques - both are checking logfiles and then change 
firewall rules. I think, for me fail2ban is more interesting than sshguard. 

I wonder, why denyhots is being deleted from the repo. Ok, there were security 
issues in the past, but these are fixed now. And ok, it does not support IPV6, 
but I think, most private users might not used it.

For the moment I will stay with denyhosts, but fail2ban is in the testing 
pahase here.

And maybe others have more ideas, we will see.

Best

Hans   
> Maybe have a look at fail2ban this seems to fit the description of what
> you're looking for.  I have not used it much but I found out about it
> from another Linux user group member years ago and he suggested it.
> 
> Regards
> 
> Paul



signature.asc
Description: This is a digitally signed message part.

Re: systemd error

2019-03-09 Thread Curt 
On 2019-03-08, Default User  wrote:
>
> doofus@doofus:~$ sudo systemctl status
> [sudo] password for doofus:
> doofus
> State: degraded
>  Jobs: 0 queued
>Failed: 1 units

I believe sudo (or root) isn't required for this command (nor is it
needed for some of the other, interrogative systemctl commands further
down, which I've snipped in the interests of brevity).

Elevated privileges are needed for starting and stopping services, of
course.

As keystroke frugality is one of the frequently expressed ideals of the
group (though often when other arguments seem unconvincing), if only
for that I thought you'd like to know.

-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: sucessor for denyhosts?

2019-03-09 Thread Paul Sutton 


On 09/03/2019 08:57, Hans wrote:
> Hi folks,
>
> looks like "denyhosts" is nol more in the repos. I like this tool, because it 
> blocks the IP, when the wrong password is sent n-times.
>
> The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.
>
> I am using a script, which, cleares the hosts.deny after a certain time, but 
> this is just my behaviour.
>
> My question: which successor for denyhost do you suggest. I found sshguard, 
> which looks promising, but maybe you got a better tool, which is similar to 
> denyhosts.
>
> Happy hacking!
>
> Hans 


Hi Hans

Maybe have a look at fail2ban this seems to fit the description of what
you're looking for.  I have not used it much but I found out about it
from another Linux user group member years ago and he suggested it.

Regards

Paul

-- 
Paul Sutton
http://www.zleap.net
https://www.linkedin.com/in/zleap/
gnupg : 7D6D B682 F351 8D08 1893  1E16 F086 5537 D066 302D

sucessor for denyhosts?

2019-03-09 Thread Hans 
Hi folks,

looks like "denyhosts" is nol more in the repos. I like this tool, because it 
blocks the IP, when the wrong password is sent n-times.

The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.

I am using a script, which, cleares the hosts.deny after a certain time, but 
this is just my behaviour.

My question: which successor for denyhost do you suggest. I found sshguard, 
which looks promising, but maybe you got a better tool, which is similar to 
denyhosts.

Happy hacking!

Hans 

signature.asc
Description: This is a digitally signed message part.