[PLUG] recommendations for a usb wireless adapter

2020-07-08 Thread Smith, Cathy 
Can some recommend a WiFi usb adapter that is compatible with Ubuntu?

I have a Dell workstation that I want run Ubuntu.  The nearest ethernet port is 
2 rooms away.   Using a wireless adapter would be easier than stepping over an 
ethernet cable.  The workstation belongs to my employer, so buying a NIC card 
is not worth the money.  I tried to use a Linksys AC600 WiFi adapter but I 
couldn't find a driver.

Thanks.


Cathy
--
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone: 509.375.2687
Fax:   509.375.4399
Email: cathy.sm...@pnnl.gov



___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Would you suspect time as being off?

2020-06-24 Thread Smith, Cathy 
In my case, I don't generally think to check the time first thing, but then I 
remember.  If you are not running chrony or ntp or something similar, I'd 
recommend doing so.  We have as part of our update procedures a step where time 
is checked.  That can be done manually or automatically.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of 
Michael Rasmussen
Sent: Wednesday, June 24, 2020 11:18 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Would you suspect time as being off?

I was. In my case, it was the web-based email RoundCube.



On 2020-06-24 10:22, Smith, Cathy wrote:
> Michael
> 
> Are you referring to services?  For example, nfs behaves weirdly when 
> time isn't sync'd.
> 
> --
> Cathy L. Smith
> IT Engineer
> 
> Pacific Northwest National Laboratory
> Operated by Battelle for the
> U.S. Department of Energy
> 
> Phone: 509.375.2687
> Fax:       509.375.4399
> Email: cathy.sm...@pnnl.gov
> 
> -Original Message-
> From: plug-boun...@pdxlinux.org  On Behalf 
> Of Michael Rasmussen
> Sent: Wednesday, June 24, 2020 10:04 AM
> To: Portland Linux/Unix Group 
> Subject: [PLUG] Would you suspect time as being off?
> 
> After my "fun" last week (the wandering time) I've added checking time 
> consistancy to my list of thing to make sure are OK after a big 
> upgrade.
> 
> 
> My question is: would you suspect time being off as a suspect when 
> other things aren't working?

-- 
   Michael Rasmussen, Portland Oregon
 Be Appropriate && Follow Your Curiosity 
___
PLUG mailing list
PLUG@pdxlinux.org
https://protect2.fireeye.com/v1/url?k=0b1d1dc7-57a82308-0b1d37d2-0cc47adc5e60-9d5b8e0aed8bfb8a=1=dd371b22-5666-4b40-87a6-96a1ec32df07=http%3A%2F%2Flists.pdxlinux.org%2Fmailman%2Flistinfo%2Fplug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Would you suspect time as being off?

2020-06-24 Thread Smith, Cathy 
Michael

Are you referring to services?  For example, nfs behaves weirdly when time 
isn't sync'd.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of 
Michael Rasmussen
Sent: Wednesday, June 24, 2020 10:04 AM
To: Portland Linux/Unix Group 
Subject: [PLUG] Would you suspect time as being off?

After my "fun" last week (the wandering time) I've added checking time 
consistancy to my list of thing to make sure are OK after a big upgrade.


My question is: would you suspect time being off as a suspect when other things 
aren't working?

-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity 
___
PLUG mailing list
PLUG@pdxlinux.org
https://protect2.fireeye.com/v1/url?k=c537283c-99821785-c5370229-0cc47adc5fce-28a4a008ab3ce742=1=adb3a065-b9fc-47fc-a471-d7a17f4442a4=http%3A%2F%2Flists.pdxlinux.org%2Fmailman%2Flistinfo%2Fplug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] OSCON Cancellation Announcement

2020-03-24 Thread Smith, Cathy 
Yes, sad to say:
https://www.linuxfestnorthwest.org/conferences/2020

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Galen 
Seitz
Sent: Tuesday, March 24, 2020 5:11 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] OSCON Cancellation Announcement

On 3/24/20 4:53 PM, Michael Dexter wrote:
> All,
> 
> OSCON has been pretty important to PLUG. Here is there announcement:
> 
> https://www.oreilly.com/conferences/from-laura-baldwin.html

I guess this is the year I'll make it to LinuxFest NW.  ...oh, wait... :-(

galen
-- 
Galen Seitz
gal...@seitzassoc.com
___
PLUG mailing list
PLUG@pdxlinux.org
https://protect2.fireeye.com/v1/url?k=1637f1d9-4a82ce60-1637dbcc-0cc47adc5fce-b47de4a03e48250b=1=d70fb355-a1ff-4737-93ac-ab27b97e05f7=http%3A%2F%2Flists.pdxlinux.org%2Fmailman%2Flistinfo%2Fplug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Make cron send an e-mail upon completion

2020-01-27 Thread Smith, Cathy 
First thing to check is that the command syntax runs in the foreground.  Also 
remember that jobs run from cron don't get the same environment as you have 
when logged in.  There might be a path issue somewhere.


Cathy

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of John 
Jason Jordan
Sent: Monday, January 27, 2020 10:56 AM
To: PLUG 
Subject: [PLUG] Make cron send an e-mail upon completion

I've read online all kinds of advice, but none succeed. The closest I've gotten 
is:

#  | mail -s "Home is backed up" myusern...@gmx.com

Which gives the error message 'mail: cannot send message: Broken pipe.'

I have lots of plumbing tools and experience using them for fixing houses, but 
this message is beyond me. How do I fix a broken Linux pipe?
___
PLUG mailing list
PLUG@pdxlinux.org
https://protect2.fireeye.com/v1/url?k=7a60856f-26d5bba0-7a60af7a-0cc47adc5e60-ea9bccb9b4c0caae=1=df460f8a-e5b9-4e32-a360-cc51ea54d95b=http%3A%2F%2Flists.pdxlinux.org%2Fmailman%2Flistinfo%2Fplug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] What could cause /home partition not to be found

2019-11-18 Thread Smith, Cathy 
A good practice is to keep all necessary system files on the boot disk and not 
depend on another disk to boot.  Not always possible, I understand.

Check your BIOS for boot order.  It may have  tried to use the USB.

Check if nfs is running to be sure after the upgrade.

Just some suggestions.


-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of John 
Jason Jordan
Sent: Sunday, November 17, 2019 9:33 PM
To: PLUG 
Subject: [PLUG] What could cause /home partition not to be found

OK, y'all who tell me I must do a clean install can be happy.

At the Clinic today I tried to do a dist-upgrade from Xubuntu 16.04-6 to 18.04. 
After massive efforts we failed due to the Update Manager being unable to find 
files. When I got home I tried again, and this time the update sailed through 
without a single error. I made no changes to anything before doing this, so 
there is a question why the Update Manager could not find files from Free Geek, 
but had no problem from my home internet connection.  But that is a discussion 
to leave for another day.

However, although the dist-upgrade proceeded beautifully, when it ended the 
computer will not boot, that is, it will not boot to the GUI. It will only boot 
to a command line. There is an option 'systemctl-default' to view the logs and 
I perused them completely. No errors stood out except 'Subject: Unit dev-sdb2 
device has failed; Unit home mount has failed.'

On this computer /dev/sdb is a 512GB SSD with two partitions, / of 50GB and 
/home of 400GB (dev/sdb2). Of course, /home has tons of config files for 
software, so failing to boot the GUI without a /home folder is understandable. 
But why would the OS suddenly be unable to find /home?

Any suggestions welcome!
___
PLUG mailing list
PLUG@pdxlinux.org
https://protect2.fireeye.com/v1/url?k=4c61e10a-10d4dfc5-4c61cb1f-0cc47adc5e60-3f16e17efd23e534=1=ab83912e-0810-4717-b0bd-d2a550ddbbf9=http%3A%2F%2Flists.pdxlinux.org%2Fmailman%2Flistinfo%2Fplug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] fsck: recommended options?

2019-08-04 Thread Smith, Cathy 
I've just always used   
fsck -y

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Sunday, August 4, 2019 8:03 AM
To: plug@pdxlinux.org
Subject: [PLUG] fsck: recommended options?

My daily logwatch report shows kernel errors on the external backup drive, 
/dev/sdb/, an ext3 file system. It's been a very long time since I had occasion 
to manually run fsck.

After turning no the enclosure (and leaving the drive unmounted) what command 
line options should I add to fsck.ext3?

TIA,

Rich

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Copying to new host, excluding a directory tree

2019-07-31 Thread Smith, Cathy 
I've always found it useful to test my rsync syntax with a subset of the data 
or the --dry-run option first.  Various OS implement rsync a tiny bit 
differently.

There are a lot of good rsync tutorials online which have working examples.


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of David 
Bridges
Sent: Wednesday, July 31, 2019 1:15 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Copying to new host, excluding a directory tree

> Well, I'm the only human element involved and I have no problems.
> When
> synchronizing an entire directory there's never been an issue. What I 
> want to learn is how to exclude a specific subdirectory on the source 
> host.

In an earlier reply I mentioned using a file to exclude things that is 
referenced on the rsync command line.  I know that things can be excluded as an 
argument on the command line but I've been tripped up doing it like that in the 
past.  I would suggest trying the following using your correct information of 
course.

Create a file on the source node /home/rshepard/excludes.txt that includes the 
directory you want to exclude (in this case data no / needed), and possibly 
excludes.txt

The following should do what you want as it works prefectly for me with my 
specific directories and excludes.

rsync -arvP -e ssh --exclude-from='/home/rshepard/excludes.txt'
/home/rshepard/ rshepard@salmo:/home/rshepard/ 

I have files with commands resembling the one above on several computers which 
have worked for me for years.

Hope this helps

--
David


___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Dell apt repos.

2019-05-13 Thread Smith, Cathy 
I'm in the same situation.  I install specific apps that I need but never a 
repository.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Tim 
Garton
Sent: Monday, May 13, 2019 3:28 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Dell apt repos.

I am running Ubuntu 16.04 and 18.04 on multiple Lattitude and XPS laptops for 
many years but have always just run stock, never added their repos.
What do their repos offer that vanilla Ubuntu doesn't?

On Mon, May 13, 2019 at 2:55 PM Russell Johnson  wrote:

> Is anyone here using Ubuntu 18.04 on a Dell machine?
>
>
>
> I’m having an issue getting the repo.
>
>
>
> Adding the repos:
>
>
>
> $ cat << 'EOL' | sudo tee /etc/apt/sources.list.d/dell-repos.list
> > deb http://dell.archive.canonical.com/updates/ bionic-dell public 
> > deb-src http://dell.archive.canonical.com/updates/ bionic-dell 
> > public EOL
> deb http://dell.archive.canonical.com/updates/ bionic-dell public 
> deb-src http://dell.archive.canonical.com/updates/ bionic-dell public
>
>
>
> Verifying the key:
>
>
>
> $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
> F9FDA6BED73CDC22
> Executing: /tmp/apt-key-gpghome.vL4Mi5xmtD/gpg.1.sh --keyserver 
> keyserver.ubuntu.com --recv-keys F9FDA6BED73CDC22
> gpg: key F9FDA6BED73CDC22: "Canonical Archive Automatic Signing Key < 
> ftpmas...@canonical.com>" not changed
> gpg: Total number processed: 1
> gpg:  unchanged: 1
>
>
>
> Update Apt:
>
>
>
> $ sudo apt update
> Hit:1 http://us.archive.ubuntu.com/ubuntu disco InRelease
> Ign:2 http://dell.archive.canonical.com/updates bionic-dell InRelease
> Hit:3 http://security.ubuntu.com/ubuntu disco-security InRelease
> Hit:4 http://us.archive.ubuntu.com/ubuntu disco-updates InRelease
> Get:5 http://dell.archive.canonical.com/updates bionic-dell Release
> [4,173 B]
> Hit:6 http://us.archive.ubuntu.com/ubuntu disco-backports InRelease
> Get:7 http://dell.archive.canonical.com/updates bionic-dell 
> Release.gpg
> [287 B]
> Ign:7 http://dell.archive.canonical.com/updates bionic-dell 
> Release.gpg Reading package lists... Done
> W: GPG error: http://dell.archive.canonical.com/updates bionic-dell
> Release: Detached signature file
> '/var/lib/apt/lists/partial/dell.archive.canonical.com_updates_dists_bionic-dell_Release.gpg'
> is in unsupported binary format
> E: The repository 'http://dell.archive.canonical.com/updates 
> bionic-dell Release' is not signed.
> N: Updating from such a repository can't be done securely, and is 
> therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user 
> configuration details.
>
>
>
> I am not able to get past the errors here. I tried the same with 
> xenial
> (16.04) and got the same thing.
>
>
>
> Anyone have a cluestick to hit me with?
>
>
>
> -Russ
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Controlling resolv.conf...

2019-03-12 Thread Smith, Cathy 
If you are going to mention other distros, NetworkManager can not work right 
sometimes for CentOS 7 and RHEL 7.  The information would be correctly entered 
in the /etc/sysconfig/network-script/ifcfg-XX file, but /etc/resolv.conf 
wouldn't be right.  This was about 1-2 years ago.  I don't run dhcp.  So this 
was for static IPs.  The solution then was to take fewer defaults for the 
possible entries in the NIC interface file.  And sometimes running auth-tui 
helped.If you are running Ubuntu 18.04, the only way to get the search 
directive correct, if you are not using dhcp, is to create an 
/etc/netplan/XX.conf file.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Ben 
Koenig
Sent: Tuesday, March 12, 2019 7:40 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Controlling resolv.conf...


On 3/12/19 4:17 PM, wes wrote:
> I recently struggled with this. It turns out, NetworkManager will only 
> modify /etc/resolv.conf if it is a symlink to /run/resolvconf/resolv.conf.
> If it's a regular file, regardless of its permissions, NM will not touch it.

/etc/resolv.conf is not symlinked on every distro, and is not even unique to 
linux. It is not a symlink on my system, and is being overwritten by 
NetworkManager. Fun fact:  The decisions of Canonical are not canonical.

>
> Other software probably still will, though, like dhclient.

Depends on how things are configured. /run/resolvconf/ is the state directory 
for resolvconf, and not tied specifically to NM.


As for the OP's question, there are a number of systems that handle 
configure DNS resolving, be it resolvconf, NetworkManager, WICD, or 
whatever that can do this. They are typically run on set schedules, such 
as at boot time (or when the user 'connects' to a network), and write to 
a file, such as /etc/resolv.conf.

Which network "service" are you using? I don't know what debian defaults 
do, but I would guess that it is NetworkManager. It usually is these 
days, but there are others.


I used to set my IP address in /etc/rc.d/rc.inet1.conf and then save my 
DNS servers in /etc/resolv.conf. Nothing would overwrite my changes, but 
that was before wifi and the millennial obsession with reinventing the 
init wheel.

> -wes
>
> On Tue, Mar 12, 2019 at 4:11 PM Ben Koenig  wrote:
>
>> Are you using NetworkManager?
>>
>> Last I checked NetworkManager will overwrite customizations to
>> /etc/resolv.conf.
>> One of my systems currently has the line:
>>
>> # Generated by NetworkManager
>>
>> at the top, so I add all my stuff through the designated utility.
>> Networkmanager should be the same everywhere, but I'm not on debian
>> so things might be different.
>>
>> On Mon, Mar 11, 2019 at 1:42 PM  wrote:
>>> I have Spectrum cable where the ethernet connection to the modem
>> receives a dynamic ip address from Spectrum along with wrong name servers.
>>> This is correct for resolv.conf:
>>> search roch.robinson-west.com
>>> nameserver 127.0.0.1
>>>
>>> resolv.conf get's overwritten though by the modem...
>>>
>>> I'm on a Debian Linux system. I need to ignore the nameserver settings
>> from Spectrum and the Spectrum search line.
>>> Something called resolvconf will allow me to do this???
>>>
>>> Another thing I'm wondering about is what the proper firewall settings
>> are to allow clients on my RFC 1918 network to use
>>> the proxy on my server. I'm also wondering about the legality of sslbump
>> and what people who have deployed this can tell
>>> me about enabling https support in squid?
>>>
>>> Theoretically, I could have a list of https sites that are allowed and
>> disallow all others and not have a legal problem. With google pushing web
>> sites
>>> to go https, it's not just banks and credit unions using it anymore.
>> Even google search is https. Uge! This is a nightmare for anyone who wants
>> their
>>> Internet connection content filtered. Content filtering by it's very
>> nature requires a man in the middle. The https protocol is supposed to
>> guarantee
>>> that there isn't a man in the middle. Some countries evidently will
>> prosecute you if you filter https connections. If I'm a business owner or a
>> home owner
>>> running a network at home, what am I supposed to do?
>>> ___
>>> PLUG mailing list
>>> PLUG@pdxlinux.org
>>> http://lists.pdxlinux.org/mailman/listinfo/plug
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Controlling resolv.conf...

2019-03-12 Thread Smith, Cathy 
You can use the chattri command to make the file unchangeable to 


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Tyrell 
Jentink
Sent: Tuesday, March 12, 2019 10:37 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Controlling resolv.conf...

On Mon, Mar 11, 2019, 13:44  wrote:

I have Spectrum cable where the ethernet connection to the modem receives a 
dynamic ip address from Spectrum along with wrong name servers.

This is correct for resolv.conf:
search roch.robinson-west.com
nameserver 127.0.0.1

resolv.conf get's overwritten though by the modem...


No, not "by the modem," but rather "From the modem," or more specifically, 
"From the DHCP server in the modem."

The distinction is that your machine does not and should not let any device 
untrusted by you to access your machine, especially not the modem.

So, instead, Network Manager (Or, more specifically, DHCPd) is asking the DHCP 
server for it's host configuration, and it's using it.

To be clear, Spectrum isn't "Forcing" these settings on you, your machine is 
asking for them. This, however, is not what you intended for it to do.

I'm on a Debian Linux system. I need to ignore the nameserver settings from 
Spectrum and the Spectrum search line.
Something called resolvconf will allow me to do this???


I don't know about resolvconf, and have never used it before...

When I want a client host to use DHCP to get an IP addresses but NOT DNS or any 
other settings,  I configure NetworkManager to "Use DHCP Address Only."

Details on that method and two other approaches are available here:
https://askubuntu.com/questions/623940/network-manager-how-to-stop-nm-updating-etc-resolv-conf

Another thing I'm wondering about is what the proper firewall settings are to 
allow clients on my RFC 1918 network to use the proxy on my server. I'm also 
wondering about the legality of sslbump and what people who have deployed this 
can tell me about enabling https support in squid?


You are overthinking this... There is no legal problem with you doing anything 
you want to any packet inside your network... It's your network...
You can do anything you want...

You can even use Penetration Testing software to "Hack" your own network...
That's what "Penetration Testers" and "Ethical Hackers" do. Sometimes, big 
companies even pay people to try and hack their Network. Network security is 
big money. It's only illegal if you trespass, or if you steal something, or you 
go somewhere you aren't supposed to...

The internet is like the real world... Don't do things that are illegal in the 
real world, and you will be OK.

For example... It's probably legal to open your wife or daughter's mail...
It's probably not mail fraud or anything, I mean, you are living at the address 
on the label, and you are probably legal proxy enough to avoid trouble... Mail 
Fraud doesn't even apply to the internet, so opening your family's internet 
packets is doubly legal.


What you are trying to achieve is a "Transparent Proxy;" The "proper" way of 
doing it is to NOT do a Transparent Proxy, and instead configure each client to 
use the proxy as appropriate; Maybe block un-proxied access to the WAN at the 
firewall, but DON'T do a outbound port redirect to the proxy. The reason this 
is is correct is that you, as system admin, really have no business breaking 
SSL... Even for your family. It's kinda like reading your daughter's diary... 
It's not that it's illegal, one may even be able to justify it to themselves... 
But it's kinda just not very polite.

Theoretically, I could have a list of https sites that are allowed and disallow 
all others and not have a legal problem.


Again, you don't have a "Legal" problem at all... Just an ethical one.

But your wrong about how one whitelists and blacklists at the firewall: You 
can't do it by URL, you have to do it by IP address... Some Enterprise Layer 7 
firewalls try to emulate that effect by tracking sessions by IP, Port, and DNS 
Lookup, but it's not available on Linux or FreeBSD firewalls, and it's far from 
foolproof... Let's postulate that two popular domains are both hosted by AWS, 
and have the same IP... How would the firewall track both sessions? Thus why 
only Enterprise routers have the feature...

With google pushing web sites
to go https, it's not just banks and credit unions using it anymore. Even 
google search is https. Uge!


This isn't Google being evil... This is Google telling web admins that 
protecting their customers privacy is not optional, and isn't acceptable...
This is a GOOD thing, and to advocate for poor security merely because you want 
to control what your family can and can't see on the internet is...
Well, confusing.

This is a nightmare for anyone who wants their Internet

Re: [PLUG] Assigning a name to local machines

2019-03-01 Thread Smith, Cathy 
That does raise the question if the DNS name servers are configured.  That used 
to be in the /etc/resolv.conf, but not for some of the newer OS such as Ubuntu 
18.04.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Tomas 
Kuchta
Sent: Friday, March 1, 2019 2:53 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Assigning a name to local machines

If your router can answer dns request ( many routers run dnsmasq service ) then 
you could have local name resolution working on all machines just by pointing 
to your router for Dns.

If your router does that - just configure it that it hand out its own IP as Dns 
during DHCP. You should also configure all the PCs not to change their names by 
DHCP unless you want that. After that names should work for all machines using 
DHCP for IP assignment.

The advantage here is that you do not have to hand maintain list of all your 
machines and their IPs on all host all the time. If you use DHCP IPs change 
every time you reboot/update router.

Tomas

On Fri, Mar 1, 2019, 2:30 PM Paul Heinlein  wrote:

> On Fri, 1 Mar 2019, Dick Steffens wrote:
>
> > Is there someplace I can put in the name of my local machines that 
> > will
> let
> > me use those names instead of IP addresses when using ssh or sftp?
>
> /etc/hosts
>
>
> --
> Paul Heinlein
> heinl...@madboa.com
> 45°38' N, 122°6' W___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Allow user to shutdown host

2019-02-27 Thread Smith, Cathy 
I forgot to mention that the script does whatever you want it to do.  This 
could as easily be the actual shutdown command.  It doesn't have to be a 
wrapper for anything.   Our script is a menu of options.  I'd recommend (from 
experience) including a prompt that asks is this really what you want to do 
before it shuts anything down.  



Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Wednesday, February 27, 2019 3:27 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Allow user to shutdown host

On Wed, 27 Feb 2019, Smith, Cathy wrote:

> You can just set up an alias in .bashrc or whatever file is used for aliases. 
>  That's what I do for folks here.  I have a group set up for people needing 
> to use a command.  I edit the sudoers file once to set things up.  It looks 
> like
> %hradmin  ALL=/usr/local/bin/hradmin.sh
>
> I make the hradmin group a secondary group for the user.  For example, for 
> the user account greg
>   usermod -a -G hradmin  greg
>
> Then Gregg has in his .bashrc
>   alias hradmin='sudo /usr/local/bin/hradmin.sh'

Cathy,

Thanks very much. I always learn so much from you professional system/network 
admins.

> Names have been changed to protect the innocent.

Heh!

Best regards,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Allow user to shutdown host

2019-02-27 Thread Smith, Cathy 
You can just set up an alias in .bashrc or whatever file is used for aliases.  
That's what I do for folks here.  I have a group set up for people needing to 
use a command.  I edit the sudoers file once to set things up.  It looks like
  %hradmin  ALL=/usr/local/bin/hradmin.sh

I make the hradmin group a secondary group for the user.  For example, for the 
user account greg
usermod -a -G hradmin  greg

Then Gregg has in his .bashrc
alias hradmin='sudo /usr/local/bin/hradmin.sh'

Names have been changed to protect the innocent.


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Wednesday, February 27, 2019 2:51 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Allow user to shutdown host

On Wed, 27 Feb 2019, Paul Heinlein wrote:

> My experience is that sudo expects the command line invocation to look 
> like the sudo configuration. So what I'd do is add a function, not an 
> alias, to .bashrc:
>
> function halt {
>  /sbin/shutdown -h now
> }
>
> But since "halt" is the name of an actual executable, maybe train her 
> to use something like "haltnow" and tweak the name of the function:
>
> function haltnow {
>  /sbin/shutdown -h now
> }

Paul,

Your experiences easily top my web search. :-) I read that if the sudo alias 
has a space before the closing quote bash will pass the following command to 
sudo.

The issue today seems to be that she typed sudo /bin/halt rather than sudo 
/sbin/halt

I'll try both your haltnow function and the doit alias and report the results 
... probably over the weekend.

Many thanks,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] rsync in a cron job

2018-11-15 Thread Smith, Cathy 
Just as a suggestion, get your backup running manually first before running 
from cron.  That reduces the time for troubleshooting.  Understand what your 
rsync is doing.  Validate that your backup on the destination is good. If 
you are going to use ssh keys, get that tested.  Then put everything in cron.  
It's a lot easier to figure out what is going wrong that way.

For example, in your original post, you don't need to rsync from / if all you 
want are your home directory and other specific files/directories backed up.  
You need to ask yourself if you need a backup of system files.  It just depends 
on the purpose of the backup.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Thursday, November 15, 2018 10:07 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] rsync in a cron job

On Thu, 15 Nov 2018, Larry Brigman wrote:

> Note that none of your shell variables from your login will be set 
> when you run from cron.

Larry,

   Would this affect synchronizing files in ~/ on both hosts?

Thanks,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] rsync in a cron job

2018-11-15 Thread Smith, Cathy 
Take a look at the man page from cron.  When a job executes from cron, you 
don't even get your default path.  You have to set the variables, including 
your path in your script.  Or you have to specify the full path in the command 
syntax that is executed.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Thursday, November 15, 2018 10:07 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] rsync in a cron job

On Thu, 15 Nov 2018, Larry Brigman wrote:

> Note that none of your shell variables from your login will be set 
> when you run from cron.

Larry,

   Would this affect synchronizing files in ~/ on both hosts?

Thanks,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] rsync in a cron job

2018-11-15 Thread Smith, Cathy 
There are a lot of examples available if you google for rsync tutorial or rsync 
examples.   Search for examples of using rsync for backups. 

You may need to specify the source path, /, and the destination path, /.  If 
you are rsync'ing everything, then /data should be included by default.  That 
assumes that your destination paths are identical to the source.  You said that 
the destination is different than the source  so you need to consider the 
exclude option.  Excludes can be specified individually or in a file.  The 
syntax is going to vary slightly with the OS and version of rsync.   The 
trailing "/" is critical in determining where everything ends up.  

The general rsync syntax looks like this:
rsync  source destination

So your syntax is going to look something like this.  I threw in some options 
you may want to consider such as stats, and others that are a must for a backup 
such as the -a and -l options.  The - a option is for archive.  It equals a 
group of other individual options.  The -l option is to copy symlinks.
rsync -al  --ignore-errors --stats --delete --exclude="data" / 
root@foo:/

There are a lot of options for rsync.  Take a look at the man page for rsync.  
.  You need to test to see which ones you want.

If you are going to run multiple rsync commands from cron, then just write a 
simple script that executes the rsync commands.  You need to do this is if the 
rsync commands are to be executed sequentially.  Running multiple rsync 
commands simultaneously can be a resource hog.  If you want to things 
simultaneously, I suggest that you test by running manually before trying it 
from cron.

I suggest that you test your syntax manually before trying to run it from cron. 
 


Cathy 


-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov

-Original Message-
From: plug-boun...@pdxlinux.org  On Behalf Of Rich 
Shepard
Sent: Thursday, November 15, 2018 7:53 AM
To: plug@pdxlinux.org
Subject: [PLUG] rsync in a cron job

   I want to update ~/ on the new desktop with changes made in ~/ on the old 
desktop using rsync in a daily cron job. The old desktop has a directory ~/data 
while the newdesktop has a /data partition separate from /home.

   There is an --exclude option to rsync and I'm not sure where it should go in 
the command line. Is this correct if run from my crontab?

rsync salmo: --exclude=data .

   Would a separate rsync command be needed to copy changes from salmo:data/ to 
baetis:/data or could both be accomplished with the same command?

TIA,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] rsync: worked once now perms error

2018-11-13 Thread Smith, Cathy 
I apologize for intruding.  I've been following this conversation and now I'm 
confused.  Is the issue the use of keys to lock down access, or the use of 
rsync in general? 

Have you tried to run the rsync without the use of keys? 

Are you aware that rsync can be resumed?

If you haven't checked, the perms on the .ssh directory should be 700.



Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov


-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Rich Shepard
Sent: Tuesday, November 13, 2018 5:54 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] rsync: worked once now perms error

On Mon, 12 Nov 2018, wes wrote:

> You said "rather than ssh" - did you test ssh again after you started 
> getting this error? What command and parameters do you use to make the 
> ssh connection?

wes,

   When rsync failed to connect Sunday I used 'ssh -vv ...' to test since 
adding the verbose switches to rsync did not provide useful output.

   Yesterday I tried rsync again; same failure.

   Today I will re-generate the public/private key pair (same pass phrase), 
copy the new public key to the old desktop's authorized_keys and expect that to 
resolve the issue.

   Perhaps there is no way to determine why rsync failed after spending a lot 
of time moving 89G across the cat5 cable. If a new key pair works perhaps it 
will keep working.

Regards,

Rich

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

2018-05-03 Thread Smith, Cathy 
Just google for tutorials on how to configure the various protocols.  For 
example, DNS is really easy to set up.  I got a number of hits looking for a 
tutorial to set up DNS.

https://www.google.com/search?source=hp=wivrWp71OYewjwPFsZL4Cg=howto+tutorial+configure+dns+server+in+linux=howto+tutorial+configure+dns+ser_l=psy-ab.3.1.33i22i29i30k1l10.12033.20875.0.24063.32.32.0.0.0.0.542.4276.0j25j4-1j1.27.00...1.1.64.psy-ab..5.27.4238...0j0i131k1j0i10k1j0i13k1j0i13i30k1j0i22i30k1.0.GRWi_-V6IfI



-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Thomas Groman
Sent: Wednesday, May 02, 2018 8:00 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Linux centralized authentication

Do you have any book or other resource recommendations for setting these up? I 
already do sysadmin work, just never done centralized auth before.


On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> The easiest is to pick LDAP or NIS, both work very well on Linux. With 
> or without Kerberos for local small setup.
>
> NIS with NFS for file sharing would be probably the simplest setup, 
> but you will eventually wish you had LDAP for integration with various 
> other services.
>
> LDAP + Kerberos + NFS is probably the most common and extensible solution.
> You will absolutely need local DNS and NTP to get it going, but it is 
> well integrated extensible solution.
>
> Another option would be to uses Samba - it combines LDAP + Kerberos, 
> so it has less moving parts and can accept Windows hosts without much 
> headache, compared to LDAP and Kerberos.
>
> For both solution, you might need some enterprise admin to help 
> setting it up. If well and simply setup, it is not difficult to maintain and 
> manage.
> IMHO
>
> Tomas
>
> On Wed, May 2, 2018, 5:36 PM Smith, Cathy <cathy.sm...@pnnl.gov> wrote:
>
>> There used to be dns, ldap, kerberos, nis.  These are open source 
>> protocols and not restricted to Microsoft.
>>
>>
>> --
>> Cathy L. Smith
>> IT Engineer
>>
>> Pacific Northwest National Laboratory Operated by Battelle for the 
>> U.S. Department of Energy
>>
>> Phone: 509.375.2687
>> Fax:   509.375.4399
>> Email: cathy.sm...@pnnl.gov
>>
>>
>>
>> -Original Message-
>> From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On 
>> Behalf Of Thomas Groman
>> Sent: Wednesday, May 02, 2018 5:16 PM
>> To: plug@pdxlinux.org
>> Subject: [PLUG] Linux centralized authentication
>>
>> Has anyone ever made a 100% UNIX/BSD/Linux network with centralized 
>> authentication? Using native protocols not some sort of strange 
>> Microsoft AD mesh thing.
>> I wanted to build a hacker-space for a school and since it would be 
>> starting from scratch there's no reason to get locked in to a 
>> Microsoft product from the start. Also the Microsoft's protocols are 
>> not open source and hard to debug. They never really work well with 
>> UNIX like operating systems requiring id/group mapping and such.
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

2018-05-02 Thread Smith, Cathy 
There used to be dns, ldap, kerberos, nis.  These are open source protocols and 
not restricted to Microsoft.


-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Thomas Groman
Sent: Wednesday, May 02, 2018 5:16 PM
To: plug@pdxlinux.org
Subject: [PLUG] Linux centralized authentication

Has anyone ever made a 100% UNIX/BSD/Linux network with centralized 
authentication? Using native protocols not some sort of strange Microsoft AD 
mesh thing.
I wanted to build a hacker-space for a school and since it would be starting 
from scratch there's no reason to get locked in to a Microsoft product from the 
start. Also the Microsoft's protocols are not open source and hard to debug. 
They never really work well with UNIX like operating systems requiring id/group 
mapping and such.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Meltdown/Spectre, older distros, virtual hosting

2018-02-14 Thread Smith, Cathy 
Here are some thing to think about.  

If you can't eliminate the ssh access, reduce it to the minimum possible.   
Control the direction of traffic.  Change from external pushing to internal, to 
internal pulling from external.  Confine ssh access to sftp only access.  
Restrict who can ssh.   Look into the use of command locked ssh keys

https://research.kudelskisecurity.com/2013/05/14/restrict-ssh-logins-to-a-single-command/

Rsync, for example, can be restricted with the use of a command locked ssh key. 
 Node lock the command locked ssh keys.  Patch.  Have good firewalls.  Don't 
run unnecessary services.


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Keith Lofstrom
Sent: Wednesday, February 14, 2018 4:13 PM
To: plug@pdxlinux.org
Subject: [PLUG] Meltdown/Spectre, older distros, virtual hosting

Meltdown and Spectre are potential security exploits of flaws in advanced CPU 
architectures (Intel, ARM, probably AMD).  Flaws that have been there decades, 
but discovered and publicised only recently.

I am no security guru, so my strategy has been to use conservative "proven" 
distros (like Red Hat Enterprise Linux clones, vetted by third parties), and 
let others stick their necks out.  However, RHEL7 uses the Linux
3.10 kernel, and attempted kernel fixes do not appear until the 4.14 kernel.  
It may be a year or two before these new kernels become "old, tested" kernels.  

On the one hand, my outward facing systems are virtuals, running as guests at 
Linode and Rimuhosting, with Xen hypervisors that are being upgraded and 
bulletproofed right now.  I have daily backups.

On the other hand, my internal systems are older, and connected to those 
world-exposed systems by VPN links, and apps like postfix and rsync and ssh.  
My backups are accessable on the internal network.

As it stands today, if one of my world-exposed systems is compromised, either 
directly or via the hosting company's hypervisor, the Bad Guys MAY be able to 
crawl up the VPN tunnel and tamper with my internal systems, and my backups.

Is there a simple way to tweak the ssh process from the internal network so 
that it cannot be exploited from the world-exposed virtual systems?

Am I worrying too much? 

Keith

-- 
Keith Lofstrom  kei...@keithl.com
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] CPU info needed

2018-02-14 Thread Smith, Cathy 
Determine your requirements.  Look at how you intend to use the computer.   Are 
you a gamer, bitcoin miner, or just general Internet browsing and email?  The 
gamers always want the latest, hottest of everything.   Mining bitcoins has its 
own requirements.  If you have a specific application that you intend to use, 
look to see the application or vendor has requirementsEven if all you do is 
browse the Internet and read email, memory will make a difference.  Find out if 
you can add memory later or not. 

I got bite last year going to a workshop.  The vendor said their app would work 
with 8 GB RAM, but did better at 16 GB.  Well, the app can't do much with only 
8 GB RAM.  It would run, just barely, on my old Mac.

A friend bought a System76 last year for general type usage.  He has been happy 
with it.


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov


-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Michael Rasmussen
Sent: Thursday, February 01, 2018 7:51 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] CPU info needed

On 2018-02-01 18:10, John Jason Jordan wrote:
> First, let me make it clear that when it comes to CPUs, motherboards 
> and RAM I am hopelessly out of date. I was out of date four years ago 
> when I bought my laptop - I just selected component options based on 
> the price. I had no idea what any of the features of the CPU actually 
> did.
...
> I need a really, really dumbed down explanation, dumber than I have 
> found on the net.

Go to System76 and see what they provision in their Wild Dog and Leopard 
desktops. Use that as a starting guide. Remember that the lowest cost CPU + 
Lots of RAM will outperform the highest cost CPU + Minimal RAM for most use 
cases.

-- 
   Michael Rasmussen, Portland Oregon
  Be Appropriate && Follow Your Curiosity 
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Recovering a website?

2018-01-12 Thread Smith, Cathy 
You can try httrack or a similar application.  Just google for a term similar 
to "website offline browsing" or "download website".  There are a lot of 
offerings.


Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Ken Stephens
Sent: Friday, January 12, 2018 11:11 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Recovering a website?

Rod

wget -rv 

-r recursive
-v verbose

Will get the website, but not the configuration and certificate files.
Those must be deduced from the site.

Regards,
Ken

On Fri, Jan 12, 2018 at 10:59 AM, Roderick Anderson 
wrote:

> We recently lost our web master for the local user group.  Died 
> suddenly in the night.  No warning at all.
>
> We didn't have a backup plan in place so I'm researching how to at 
> least get a static copy of the web site.
>
> Domain name is under one persons name, DNS is under my control, but 
> the site is actually hosted on the web masters personal account somewhere 
> else.
>
> I'm thinking wget but open to other suggestions.
>
>
> When I taught Intro to Computers at the local community college I used 
> to ask my students "How do you describe someone that doesn't do 
> regular back ups?".  "Really sorry!"
>Now I need to add "doesn't have a disaster plan?" Yup the same.
>
>
> TIA,
> Rod
> --
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Mount cifs share from fstab.

2017-12-04 Thread Smith, Cathy 
I work in a multi-user environment where authentication is performed by 
Kerberos.  So all user accounts in the Active Directory domain, use their AD 
password to login to the Linux servers.   The Linux server is configured as a 
samba server.   We run Red Hat here.   I just have a basic samba server 
configuration running on the Linux server.  I don't have to have the account's 
password specified as long as the account is in the AD domain.  We only use the 
.sambpass file for non-AD accounts.  Those account must have a local password 
entry on the Linux server.

Cathy
-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of 
Tomas Kuchta
Sent: Monday, December 04, 2017 4:35 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Mount cifs share from fstab.

When you put SMB password into root RO file, it is not secure locally, but it 
is not transmitted over the network in the plain text as far as I know.

In my experience, SMB/CIFS is quie painful to use in multi user, multi machine 
world without domain compatible single sign of.

To be fair, same goes for NFS with Kerberos, if you cannot live without server 
side authentication.

Off topic:
In my opinion - single sign on should be basic stuff done by any ..nix 
household chiefdom setup for both Linux and Windows. Once working, it makes 
huge difference in usability and security. And it currently keeps M$ away from 
local network resource scans.

-T

On Dec 4, 2017 3:47 PM, "David"  wrote:

> On 12/04/2017 03:36 PM, michael wrote:
>
>> On 2017-12-04 17:00, David wrote:
>>
>>> On 12/04/2017 02:33 PM, michael wrote:
>>>
 I have it working.  I don't want the password for the owner of the 
 share in plain text in a file though.  Creating /home/pi/.smbpasswd 
 with the contents:
 username=Test
 password=password
 domain=somedomain
 and chmod 600 isn't good enough.

 The password should be salted in this file even if it is password!

 Is there a simple way to use an smbpasswd file properly salted 
 without implementing a full samba server?

>>>
>>> The proper tool that I know of is "smbpasswd" as an executable, 
>>> which is part of the samba-common-bin package on my system (Debian).
>>>
>>> It may have dependencies which includes a full smb server (which I 
>>> run), so this may not be helpful information.
>>>
>>> dafr
>>>
>>
>
>> I am most concerned about the password having to be in plaintext when 
>> transmitted over the network.  Even if there is a way without a full 
>> samba server deployment to have the password sent in encrypted form 
>> over the network, that would be great.  The server is probably the 
>> latest incarnation of Windows server.  I don't like the idea of 
>> having to have a Linux user for every Windows user either.
>>
>
>
>
> Sure, I get that, and agree with the concerns. I was looking at the 
> smbpasswd man page initially and this is why I think you want to use 
> this
> utility:
>
>   "On a UNIX machine the encrypted SMB
>passwords are usually stored in the smbpasswd(5) file."
>
> Now, the problem with the utility is that unless you do something 
> fancy, you may have to be on the localhost where the share is exported 
> to set / reset the password as a user. This may not be feasible in 
> your situation unless there is a web interface that you can front 
> smbpasswd with to allow users to change passwords.
>
> When mounting a share in a Windows VM on my Linux host, I have to auth 
> with a pop-up window of user / pass to access the shared directory. 
> I'm not sure if (and don't believe that) you have to have a Linux 
> account for the Windows user. They are different password files, but 
> my experience is also limited to a full samba server, so your needs 
> may be more an issue than mine.
>
> dafr
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug