Re: Central configuration storage
On Oct 5, 2010, at 10:38 AM, Nick Douma wrote: I'm looking for a solution to store configuration files in a central location. My first guess was to look at LDAP, and see if you can use that for keeping track of configuration. Have a look at Puppet. I use LDAP to store information about systems, and then based on that information, Puppet pushes out (or modifies) configuration files, among other things. (LDAP support is built-in, so long as you add an objectClass and a couple of attributes to your schema.) http://www.puppetlabs.com/ -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/579739dd-986b-4080-bf39-f349bf4cf...@skurfer.com
Re: ldap over ssl help
On Nov 4, 2009, at 5:41 AM, vitaminx wrote: I'm trying to setup a secure ldap server, it works fine over the standard port 389 now. but since i access the server remotely i'd like to use ldap over ssl over port 636. however i can't find any howto's for setting that up on debian (i'm working on testing). so i would be happy if anyone has good links or can give me some hints on how to set it up. This was pretty helpful for me: http://www.uvm.edu/ets/projects/ldap/ldapv3.pdf And of course, the official docs. The Quick Start Guide is a must: http://www.openldap.org/doc/admin24/ As for the SSL bits, you'll need a certificate. If you don't plan on purchasing one, there are some good HowTos here: http://sial.org/howto/openssl/ Keep in mind that you can use Start TLS on port 389 (which is what I always do). You don't have to use SSL on 636. -- Rob McBroom http://www.skurfer.com/ Don't try to tell me a thing is important to you if the whole of your support entails forcing others to spend time and money on it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: configuring postfix
On 2009-Jun-4, at 1:52 PM, leonardo wrote: How I can´t configure postfix to send incoming messages to a mailbox without use pop or imap All Postfix does is mail delivery. IMAP and POP can be used to read mail that has already been delivered. So, I guess I don't understand what you're asking. running the command newaliases don´t solve me nothing All that command does is read `/etc/aliases` and generate `/etc/ aliases.db` from it. -- Rob McBroom http://www.skurfer.com/ Because it screws up the order in which people normally read text. Original message: Why is it bad to top-post your reply? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: iptables anxiety
On 2009-May-18, at 7:19 PM, Miguel Obliviemo wrote: After installing arno-iptables-firewall (not on this site): /etc/arno-iptables-firewall$ grep -r IPTABLES * firewall.conf:IPTABLES=/sbin/iptables /etc/arno-iptables-firewall$ Where are the rules? Are you trying to see the rules or set some up? You can see what's currently in effect by running invoke-rc.d arno-iptables-firewall status To make changes, basic things can be configured using debconf. dpkg-reconfigure arno-iptables-firewall If you need to change anything that isn't handled there, edit `/etc/ arno-iptables-firewall/firewall.conf`. -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Installing xfce 4.6 on Lenny
On 2009-Apr-29, at 2:40 AM, Magnus Pedersen wrote: I wouldn't mix stable and testing, get XFCE from backports if it is available or run testing. Someone on another list once told me: As long as you can install the package from Debian unstable directly on stable, which has always been the case, it's against the policy of backports.org to accept an upload. Any truth to that? It would explain why XFCE isn't there. -- Rob McBroom http://www.skurfer.com/ The magnitude of a problem does not affect its ownership. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Admit that the typical Debian machine has tons of cruft(8)
On 2009-Apr-24, at 5:20 AM, Klistvud wrote: Your parallel with unregistered aliens is extremely malaprop, even more so in the context of an operating system that professes to be the _universal_ operating system. Almost every country defines a legal immigration process and considers people that bypass that process to be illegal, unregistered, or something like that. Sounds pretty universal to me. -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: To check a copy of a file on its originality from its installed package.
On 2009-Apr-18, at 9:01 AM, Sthu Deus wrote: Thank You for Your time and answer, Rob: I didn't know what shell you use, so I included it just in case. So, in bash it is useless? And there is no another way of fulfilling the subject? The purpose of `rehash` is to scan your path for new commands that may have appeared since your shell was launched. I have very little experience using `bash` but from what I've seen, it picks up new commands automatically, so there's no need for an equivalent to `rehash`. -- Rob McBroom http://www.skurfer.com/ The magnitude of a problem does not affect its ownership. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: need a browser that can stream video well
On 2009-Apr-18, at 7:03 AM, raman narasimhan wrote: I'm a big fan of youtube. I use Chrome in windows to watch videos online. but in debian I've tried Iceweasel and Epiphany and was not satisfied. both took a lot of time to stream videos. please suggest a good browser I'm not aware of any browsers that support video directly, so I think you're asking the wrong question. Video in a web browser is handled by plug-ins for MPEG, QuickTime, Flash, etc. and different browsers on the same system are most likely going to use the same plug-in. You'll want to experiment with different plug-ins to see which gives the best performance. (This is easier said than done.) -- Rob McBroom http://www.skurfer.com/ The magnitude of a problem does not affect its ownership. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: To check a copy of a file on its originality from its installed package.
On 2009-Apr-16, at 2:05 AM, Sthu Deus wrote: I get the error: # rehash bash: rehash: command not found Yes, I use tcsh, so that command is necessary for me. I knew it wouldn't work in bash or ksh, but it wouldn't hurt anything either. I didn't know what shell you use, so I included it just in case. -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: To check a copy of a file on its originality from its installed package.
On 2009-Apr-15, at 4:02 AM, Sthu Deus wrote: For example, I have /usr/bin/sudo that comes from its installed package sudo My question is, How I can find out that the /usr/bin/sudo file has not been exchanged with another copy by some person and therefore it does some stuff that I'm not aware of. % aptitude install debsums % rehash % debsums sudo -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Recording from XM radio
On 2008-Oct-26, at 2:52 PM, Ron Johnson wrote: Every ISP offers static IP addresses for an extra fee. Oh, I wish that were true. There isn't an ISP in the Indianapolis area that offers a static IP (to residential customers). Although, there are a couple that will claim to offer it because they don't know what it means and you won't find out until the installer is in your house that it wasn't true. I am also unable to find an ISP that doesn't block this and that port for my safety. -- Rob McBroom http://www.skurfer.com/ Because it screws up the order in which people normally read text. Original message: Why is it bad to top-post your reply? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: virtual private server? advice requested
On 2008-Oct-16, at 8:05 PM, Reid Priedhorsky wrote: Also, I discovered lighttpd and nginx, and I think one of them will meet my needs, saving a ton of memory vs. Apache... lighttpd/nginx + exim4 + spamd looks like it will fit just fine in 256M even under a load burst. By sure to check the Community pages SliceHost offers. They have quite a few articles and I believe some of them cover nginx under etch. (For what it's worth, I've always run apache in a 256 MB slice and haven't experienced any issues.) -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ext3 filesystem and file name restrictions
On 2008-Oct-15, at 6:05 AM, Adam Hardy wrote: I created a samba share on one of my debian boxes with a ext3 file system and unfortunately I can't write files with certain file names from Mac OSX. This disrupts the back-up process which takes about an hour every time to fail when I want to try it out again. I would create a sparse bundle (formatted as HFS+) on the Samba share and back up to that. This would mean an extra mount/unmount to access the filesystem, but you may be able to automate those steps depending on what your back-up process is. I don't think you can create the bundle on the Samba share because of some unsupported locking or somesuch, so create it on your Mac and copy it over. (I think you will see an error on the copy, too, but the sparse bundle should work anyway in my experience. Also note that size you give to the sparse bundle is just a maximum. It will actually be quite small until you add files, so don't worry about creating it locally and moving it.) Feel free to e-mail me directly if you need help with any of this. (or Google it. There are quite a few good articles out there.) -- Rob McBroom http://www.skurfer.com/ Because it screws up the order in which people normally read text. Original message: Why is it bad to top-post your reply? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: virtual private server? advice requested
On 2008-Oct-14, at 12:34 AM, Reid Priedhorsky wrote: Hence my request for advice. I am looking for suggestions on finding a good VPS hosting company, or suggestions on Google-fu for effective research on my own (so far I have managed to find only masses of adverts), or pointers on trying something else. I have been using [SliceHost][1] for a few months and have been very happy. (It was recommended to me by a couple of co-workers that have been using them longer.) They offer Xen-based VMs with the distro of your choice. They currently only offer etch for Debian users, but once you get access to the machine, you can go to lenny if you prefer (see their FAQ). [1]: http://www.slicehost.com/ -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: my system packages list
On 2008-Oct-3, at 2:52 AM, Pol wrote: I would like to install on a new station the same applications currently installed on my laptop. Any hints to run a script? Assuming all of the applications were installed using apt/aptitude… I have a script that periodically dumps a list of packages and the answers I gave to `debconf` when the package was installed. Theoretically, this can be used to restore the packages *and their configuration* to another system (or to rebuild the current system). I haven't ever needed to do the restore part, so I can't promise this works, but I got it from official Debian docs, so it's probably legit. #!/bin/tcsh -f # Keep a list of packages installed/removed on a Debian system # # This list can be used to restore a system or set up an identical system. # location for output set DPKGBACKUP=/root /usr/bin/dpkg --get-selections '*' $DPKGBACKUP/dpkgselections.txt /usr/bin/debconf-get-selections $DPKGBACKUP/debconfsel.txt # To restore… # dselect update # debconf-set-selections debconfsel.txt # dpkg --set-selections dpkgselections.txt # apt-get -u dselect-upgrade# or dselect install -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: House wireless/wired router: choices? Plus wireless neophyte questions.
On 2008-Oct-3, at 10:10 AM, Celejar wrote: There are advantages to setting static IPs - you can set up host files and refer to the hosts by name, and I think that bringing up interfaces is a good few seconds quicker with static IPs than with DHCP. True, but the OP will have a laptop that probably needs to use many different networks. Manually switching the laptop back to a static config every time you come home will probably take longer than waiting on DHCP (and is a pain in the ass). ;) -- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] was Re: diff display
On 2008-Sep-11, at 5:08 AM, Tim Edwards wrote: Ron Johnson wrote: (If you ever wonder why so many conservatives in the US dislike the UN [besides the rampant corruption] and the EU, it's because they [the UN and the EU...] spew lots of pretty words, but don't have the testicles to enforce them.) In the UN's case it was specifically designed without balls, these have to be added by the member nations in the form of peace-keeping etc. forces. Good point. I'm kinda glad they aren't that aggressive because who do you think they'd come after first? In fact, I think the reason they accomplish so little is not that they have no balls. It's because deep down, they think rape, slavery, and genocide are only crimes if perpetrated by capitalists. For everyone else, they'll just kinda get to it when they get to it (which is never). Why some in the US hate the EU so much I don't know, but I'd guess it has something to do with disliking anyone who could potentially challenge the US as the world's *only* superpower - whether it be a united Europe, China, or Australia armed with nuclear powered Kangaroos and sharks with laser beams :) (we could do it you know - don't try and stop us!) Free societies aren't a threat to one another. We don't like the EU because of their complete disregard for individual rights. It was conceived of and implemented by socialists. It's that simple. --- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] was Re: diff display
On 2008-Sep-10, at 7:31 AM, Johannes Wiedersich wrote: On 2008-09-10 09:52, James A. Donald wrote: We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from the arbitrary power of the omnipotent state. http://www.jim.com/ James A. Donald I am happy that I am privileged to live in a society that has abandoned that kind of morality that probably was custom around the stone ages, but has since experienced the advancement of civilisation. Umm. The quote is about rights. Rights are an intrinsic part of every person. They don't change depending on where (or when) you live. And rights have nothing to do with need. If you never need to defend yourself, good for you. But you still have a right to. --- Rob McBroom http://www.skurfer.com/ --- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rsync over lan
On 2008-Sep-9, at 9:17 PM, tyler wrote: In order to preserve the ownerships, I have to run the above command as root, which requires that I configure sshd on the desktop to accept root logins. Even behind a NAT router, that doesn't seem like a good idea. Am I missing something? --- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rsync over lan
Sorry about the previous (useless) message. On 2008-Sep-9, at 9:17 PM, tyler wrote: In order to preserve the ownerships, I have to run the above command as root, which requires that I configure sshd on the desktop to accept root logins. Even behind a NAT router, that doesn't seem like a good idea. Am I missing something? As others have mentioned, there are ways to make this more secure. Allow root logins 'without-password' and create a key-pair. You can restrict it further in `authorized_keys` on the client side by adding things like this: no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty I also prefer to use rsync to pull rather than push for backups (especially when root is involved). In other words, have the machine that stores the backups locked down as tight as possible and give it root access to the machines you want backed up. That way, if a client machine gets compromised, it doesn't have automatic root access to where all of your backups live. In your case, the desktop should be able to get into the laptop as root, but not the other way around. The drawback is, in your case, the laptop might not always be powered on or it might not always be on the same network as the desktop machine, so you can't set up a simple schedule. --- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: can't configure networking for static IP address
Sorry… I'm a couple of days behind on the list, but it doesn't look like this was ever solved for the OP. On 2008-Aug-10, at 7:32 PM, Vwaju wrote: I have an RCN cable modem (probably proprietary and not DOCSIS compliant) which connects to a Dell TrueMobile 2300 Wireless Broadband Router. The wireless router broadcasts to a Dell Inspiron 8500 running Windows. In addition there are 2 computers connected through Ethernet ports on the router. One of these is a Windows box, and the other is my Debian system. On 2008-Aug-10, at 3:48 PM, Vwaju wrote: I installed Debian on my Dell Dimension 4100 and, with networking configured for DHCP, I am able to connect to the Internet, ftp, http, etc. Based on the description in your most recent message, your Debian system is *not* connecting to the Internet when you use DHCP. Technically, it is connecting to the TrueMobile router. Everything in your house is on a private network, including the router. What makes the router special is that it is also on the Internet and it can pass certain traffic from one network to the other. Your publicly addressable IP, static or not, belongs to the router (or whatever happens to be connected to the cable modem). If you want the Debian system to use that IP, it's going to have to be plugged directly into the cable modem. This introduces some security concerns that have already been discussed, so only you can decide if that's really what you want. Since you're learning your way around, I think you should leave your Debian system on the private network for now. If there are particular services you'd like to access from the outside world, you can probably forward the appropriate ports to it using the router's config. (Again, this introduces additional risk, but not as much as putting the machine on the Internet directly.) If you just want to learn about configuring Debian with a static IP, you should be able to do that. Just use an available IP on the private network (192.168.2.X). Preferably, choose an address that's outside the range the router uses for DHCP assignments. --- Rob McBroom http://www.skurfer.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
