Re: [Xastir] FIXED No iGate, please help

[Jason KG4WSV]

On Thu, Feb 16, 2017 at 11:52 AM, Den  wrote:


> I believe you can accomplish the same commands with sudo as you would
> without it after the sudo su.
>

For the most part, correct.  There _can_ be issues with environment
variables (sudo also sanitizes your environment for security reasons), but
other than that rare issue i've found sudo a good replacement for su.


A disturbing tendency i've noticed among novice users is to try to sudo any
command that doesn't work as expected.  As a sysadmin for a few hundred
embryonic engineers I watch the sudo failures. Most of the time they're
trying to install some package or other (which I often add to the standard
build), but occasionally it seems to be some arbitrary command or code
they've written. I've seen a user issue "command", which apparently failed
so they tried "sudo command" - as if the broken C code they wrote will
magically work if they run it as root. This sort of habit can/will lead to
broken and hacked systems.


No harm, no foul we are all just amateurs trying to have fun. Pleasure
> communicating with you..
>

yep, likewise.


> Any suggestions on how to improve the Xastir mapping?
>

Get big companies to share their maps?

The app-ification and profitization of the internet has resulted in fewer
free resources.  The folks that pay to have map databases created certainly
have the right to do as they please with their property, but the desire to
extract every nanocent of profit (either directly or in the form of
harvested personal information which is then sold to marketers) has
squeezed open source projects out of the picture.

I prefer totally offline maps anyway, so I tend to use free data sources
(like TIGER vector maps), spend some time with dbfawk to make them look the
way I want, and go from there.

The xastir team is on the lookout for free online sources, and not too long
ago several new sources of topo and satellite maps were introduced.

-Jason
kg4wsv
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[David Ranch]

- use good passwords (google that one, several articles available)
- keep the OS patched regularly. turn on automatic updates if patching isn't 
part of your routine. Yes, a bad patch _can_ cause trouble but unless you have 
the vigilance of a paranoid sysadmin you're far more likely to be burned by 
lack of a patch than a bad patch.

There are other things (turning off unused services,  change passwords 
regularly, use layered defenses, etc) but if you cover these 3 you're unlikely 
to be compromised in a typical environment.


I completely agree with Jason that there is a lot of little things that 
need to be done to secure a Raspberry Pi (or any other Linux box 
connected to the raw Internet).  In addition to all that, the Raspberry 
Pi platform poses unique challenges since it uses flimsy storage (SD 
card), prone to power issues, can be in a high RF environment, etc.  As 
such, I've been working on a Rpi hardening document document if anyone 
is interested:


   #Actually is RPi3 centric now
http://www.trinityos.com/HAM/CentosDigitalModes/RPi/rpi2-setup.html

--David
KI6ZHD

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Den]

Jason,

Can not say exactly how I ran into this issuefollowing your tutorial but 
I did and it was the second time it happened to me. The first 
configuring a WeeWX pi. This discussion started when Chris appeared to 
have the same issue on 2/16 and was asking how to fix the pi boot refusal.


I was trying to follow a couple of Xastir help files, not really keeping 
track until I rebooted and could not log in. The light went off and I 
knew what I did. This time I had the root password set up and could fix 
the issue.


My input would be to avoid sudo su in tutorials where newbies, like me, 
may 'shoot' themselves, unknowingly. I believe you can accomplish the 
same commands with sudo as you would without it after the sudo su.


No harm, no foul we are all just amateurs trying to have fun. 
Pleasure communicating with you..


Any suggestions on how to improve the Xastir mapping?

73
Den

On 2/16/2017 12:20 PM, Jason KG4WSV wrote:

I just did a quick read of http://tnc-x.com/TNCPi.pdf and while there is an 
apparently unneeded invocation of startx, there were no instructions to do it 
as root nor did I see  prior instructions that would have left you in a root 
shell.  Maybe I read too quickly or there are some out of date instructions 
floating around.


  I forgot instructions on how to change the root password after recommending 
everyone should - sorry about that.

To change the root password:

pi$ sudo passwd root
New password for root:
Retype new password:

Root can override anyone's password without knowing the old one. You can change 
the pi user's password the same way, or by the usual unprivileged method:

pi$ passwd
Old password:
New password:
Repeat new password:

-Jason
kg4wsv

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir



___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Jason KG4WSV]

> On Feb 16, 2017, at 10:44 AM, Den  wrote:
> 
> perhaps you could advise the new Pi user just how to protect themselves 
> definitely NOT a popular subject on the web

The problem is that security is at best inconvenient,  it isn't always trivial, 
and it's never ending. 

For a pi or any system on the 'net:

- change the default root (or other admin) and default user (e.g. pi) passwords

- use good passwords (google that one, several articles available)

- keep the OS patched regularly. turn on automatic updates if patching isn't 
part of your routine. Yes, a bad patch _can_ cause trouble but unless you have 
the vigilance of a paranoid sysadmin you're far more likely to be burned by 
lack of a patch than a bad patch. 

There are other things (turning off unused services,  change passwords 
regularly, use layered defenses, etc) but if you cover these 3 you're unlikely 
to be compromised in a typical environment. 

-j

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Jason KG4WSV]

I just did a quick read of http://tnc-x.com/TNCPi.pdf and while there is an 
apparently unneeded invocation of startx, there were no instructions to do it 
as root nor did I see  prior instructions that would have left you in a root 
shell.  Maybe I read too quickly or there are some out of date instructions 
floating around.


 I forgot instructions on how to change the root password after recommending 
everyone should - sorry about that. 

To change the root password:

pi$ sudo passwd root
New password for root:
Retype new password:

Root can override anyone's password without knowing the old one. You can change 
the pi user's password the same way, or by the usual unprivileged method:

pi$ passwd 
Old password:
New password:
Repeat new password:

-Jason
kg4wsv

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Ken Koster]

On Thursday, February 16, 2017 11:44:36 AM PST Den wrote:
> Well, I stumbled on this anomaly and it looks like others have too where
> you can 'shoot yourself'. Get locked out and not be able to get back in.
> And so far, there is no recovery, except logging in as root. There are
> way too many shoddy tutorials on the web that lure users into pulling
> the trigger. "sudo su" then down the page "xstart" BAM

Yes,  far to many of those.
 
> I'd prefer to have more control over my guns rather than to have them go
> off unintentionally.

It's kind of like having a modern rifle and finding the instructions on the 
web for a muzzleloader.  Pour the powder in,  stuff down a bullet, pull the 
trigger and BAM.

> 
> Of course, change the Pi password and create a root password. Both
> should be strong. Don't think I advised differently? Actually am tired
> of helping people who did not take the simplest precautions right up front.
>
> KEN;
> 
> perhaps you could advise the new Pi user just how to protect
> themselves definitely NOT a popular subject on the web

I'm working on a couple of RPi/radio combos that need to be properly 
configured and I'll try to write up the details.  The problem is finding the 
ATU's to do it and staying focused...oh look 'Squirrel'...long enough.
...
-- 
Ken - N7IPB
Email: n7...@wetnet.net
JID: n7...@jabber.wetnet.net
PGP Sig: F42B EF90 3CD3 31C7 3056  122E 993A 7B2E 5138 C42A 
“I never am really satisfied that I understand anything; because, understand 
it well as I may, my comprehension can only be an infinitesimal fraction of 
all I want to understand” -Ada Lovelace 

signature.asc
Description: This is a digitally signed message part.
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Den]

Well, I stumbled on this anomaly and it looks like others have too where 
you can 'shoot yourself'. Get locked out and not be able to get back in. 
And so far, there is no recovery, except logging in as root. There are 
way too many shoddy tutorials on the web that lure users into pulling 
the trigger. "sudo su" then down the page "xstart" BAM


I'd prefer to have more control over my guns rather than to have them go 
off unintentionally.


Of course, change the Pi password and create a root password. Both 
should be strong. Don't think I advised differently? Actually am tired 
of helping people who did not take the simplest precautions right up front.


KEN;

perhaps you could advise the new Pi user just how to protect 
themselves definitely NOT a popular subject on the web


73
Den
On 2/16/2017 11:08 AM, Jason KG4WSV wrote:

On Feb 16, 2017, at 9:19 AM, Den  wrote:

I'll let you explore how to create a root password, which I recommend. 
Obviously those with more knowledge think we commoners, and the owner of the 
Pi, should not use.

Well, the problem was that you shot yourself in the foot by running something 
as root. Maybe they're onto something.

sudo is configured on by default for the pi user. Use of sudo instead of using 
a full root shell (su or sudo bash) or even worse logging in a root is 
considered best practice for security reasons. Using sudo allows minimal 
privilege escalation to accomplish a task and consequently minimizes risk.

If your pi is to be exposed to the internet, or maybe even on a home network, 
the passwords _should_ be changed for both the pi and root users. Default 
passwords are extremely insecure - there are days when I see over 10k brute 
force login attempts against a dozen or so systems, where attackers are looking 
for me and my users to rely on default or dumb passwords.

-j

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir



___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Ken Koster]

On Thursday, February 16, 2017 10:08:31 AM PST Jason KG4WSV wrote:
> > On Feb 16, 2017, at 9:19 AM, Den  wrote:
> > 
> > I'll let you explore how to create a root password, which I recommend.
> > Obviously those with more knowledge think we commoners, and the owner of
> > the Pi, should not use.
> Well, the problem was that you shot yourself in the foot by running
> something as root. Maybe they're onto something.
> 
> sudo is configured on by default for the pi user. Use of sudo instead of
> using a full root shell (su or sudo bash) or even worse logging in a root
> is considered best practice for security reasons. Using sudo allows minimal
> privilege escalation to accomplish a task and consequently minimizes risk.
> 
> If your pi is to be exposed to the internet, or maybe even on a home
> network, the passwords _should_ be changed for both the pi and root users.
> Default passwords are extremely insecure - there are days when I see over
> 10k brute force login attempts against a dozen or so systems, where
> attackers are looking for me and my users to rely on default or dumb
> passwords.

And one additional item to add to Jasons excellent comment.

Never, never, never put a pi on the internet without either putting it behind 
a firewall or installing the appropriate firewall rules on the pi itself.

Out of the box there is NO protection other than your password and those are 
far to easy to crack.

Put it behind your home router, or better yet put it on it's own subnet, and 
enable a port forward if you must have Internet access.  And for good measure, 
pick some other port number instead of the standard ssh port that everyone 
attacks and have that on the Internet facing side. 

The shear number of attacks on standard ports is incredible and if you have a 
system or two directly on the Internet, like I do, you put into place all 
kinds of additional tools to combat the bad guys.

For most casual use putting your RPi behind your home firewall and perhaps 
forwarding a port or two works,  but be careful.  There are far too many 
compromised devices out there and it's getting worse.
-- 
Ken - N7IPB
Email: n7...@wetnet.net
JID: n7...@jabber.wetnet.net
PGP Sig: F42B EF90 3CD3 31C7 3056  122E 993A 7B2E 5138 C42A 
“I never am really satisfied that I understand anything; because, understand 
it well as I may, my comprehension can only be an infinitesimal fraction of 
all I want to understand” -Ada Lovelace 

signature.asc
Description: This is a digitally signed message part.
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Jason KG4WSV]

> On Feb 16, 2017, at 9:19 AM, Den  wrote:
> 
> I'll let you explore how to create a root password, which I recommend. 
> Obviously those with more knowledge think we commoners, and the owner of the 
> Pi, should not use.

Well, the problem was that you shot yourself in the foot by running something 
as root. Maybe they're onto something. 

sudo is configured on by default for the pi user. Use of sudo instead of using 
a full root shell (su or sudo bash) or even worse logging in a root is 
considered best practice for security reasons. Using sudo allows minimal 
privilege escalation to accomplish a task and consequently minimizes risk. 

If your pi is to be exposed to the internet, or maybe even on a home network, 
the passwords _should_ be changed for both the pi and root users. Default 
passwords are extremely insecure - there are days when I see over 10k brute 
force login attempts against a dozen or so systems, where attackers are looking 
for me and my users to rely on default or dumb passwords. 

-j

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Den]

I tried to answer Chris both privately and this list. had issues that 
the list did not like my formatting. Think eventually my reply made 
it... not sure though

73
den

I'm just playing with Raspian, but I'm not running Xastir on it, it was
W2DEN who was doing that. My current work is with Direwolf to make an igate
out of an Rpi.

On Wed, Feb 15, 2017 at 4:25 PM, Chris Viningre 
wrote:


Curt, What Distro are you using? I tried with the instructions that
came with the TNC-Pi running Raspbain Pixel and it keep locking up at
the password when it rebooted.
Chris Viningre
70 W. Roadrunner
Salt Flat, Texas 79847
C:(915) 504-1510
chrisvinin...@gmail.com
Amateur Radio Operator: WS5B
https://www.qrz.com/db/ws5b
http://www.reverbnation.com/chrisviningre


On Wed, Feb 15, 2017 at 8:16 AM, Curt Mills  wrote:

Good deal!

On Wed, Feb 15, 2017 at 7:08 AM, Den  wrote:


Just needed to add the Internet Server  Interface Control with my APRS
Passcode.

Who knew? Well now I do!

73
Den

On 2/15/2017 9:12 AM, Den wrote:


I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My
tracker shows up on the Xastir map as it should. The issue is Xastir

will

not iGate. It will digipeat but not iGate.

The Pi is WiFi to my local internet router which looks OK... I have

gone

over the settings multiple times with out success.
Using a different rig / computer etc. my tracker gets iGated without
issue. Switch to the Pi and no luck.

Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a
successful digipeat) and -3 the other computer running APRSIS32 with

many

igates.
You can find me on aprs.fl.

Any help would be appreciated.



___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir




--
Curt, WE7U
http://we7u.wetnet.net
http://www.sarguydigital.com
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir






___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Curt Mills]

I'm just playing with Raspian, but I'm not running Xastir on it, it was
W2DEN who was doing that. My current work is with Direwolf to make an igate
out of an Rpi.

On Wed, Feb 15, 2017 at 4:25 PM, Chris Viningre 
wrote:

> Curt, What Distro are you using? I tried with the instructions that
> came with the TNC-Pi running Raspbain Pixel and it keep locking up at
> the password when it rebooted.
> Chris Viningre
> 70 W. Roadrunner
> Salt Flat, Texas 79847
> C:(915) 504-1510
> chrisvinin...@gmail.com
> Amateur Radio Operator: WS5B
> https://www.qrz.com/db/ws5b
> http://www.reverbnation.com/chrisviningre
>
>
> On Wed, Feb 15, 2017 at 8:16 AM, Curt Mills  wrote:
> > Good deal!
> >
> > On Wed, Feb 15, 2017 at 7:08 AM, Den  wrote:
> >
> >> Just needed to add the Internet Server  Interface Control with my APRS
> >> Passcode.
> >>
> >> Who knew? Well now I do!
> >>
> >> 73
> >> Den
> >>
> >> On 2/15/2017 9:12 AM, Den wrote:
> >>
> >>> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My
> >>> tracker shows up on the Xastir map as it should. The issue is Xastir
> will
> >>> not iGate. It will digipeat but not iGate.
> >>>
> >>> The Pi is WiFi to my local internet router which looks OK... I have
> gone
> >>> over the settings multiple times with out success.
> >>> Using a different rig / computer etc. my tracker gets iGated without
> >>> issue. Switch to the Pi and no luck.
> >>>
> >>> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a
> >>> successful digipeat) and -3 the other computer running APRSIS32 with
> many
> >>> igates.
> >>> You can find me on aprs.fl.
> >>>
> >>> Any help would be appreciated.
> >>>
> >>>
> >> ___
> >> Xastir mailing list
> >> Xastir@lists.xastir.org
> >> http://xastir.org/mailman/listinfo/xastir
> >>
> >
> >
> >
> > --
> > Curt, WE7U
> > http://we7u.wetnet.net
> > http://www.sarguydigital.com
> > ___
> > Xastir mailing list
> > Xastir@lists.xastir.org
> > http://xastir.org/mailman/listinfo/xastir
> ___
> Xastir mailing list
> Xastir@lists.xastir.org
> http://xastir.org/mailman/listinfo/xastir
>



-- 
Curt, WE7U
http://we7u.wetnet.net
http://www.sarguydigital.com
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Chris Viningre]

Curt, What Distro are you using? I tried with the instructions that
came with the TNC-Pi running Raspbain Pixel and it keep locking up at
the password when it rebooted.
Chris Viningre
70 W. Roadrunner
Salt Flat, Texas 79847
C:(915) 504-1510
chrisvinin...@gmail.com
Amateur Radio Operator: WS5B
https://www.qrz.com/db/ws5b
http://www.reverbnation.com/chrisviningre


On Wed, Feb 15, 2017 at 8:16 AM, Curt Mills  wrote:
> Good deal!
>
> On Wed, Feb 15, 2017 at 7:08 AM, Den  wrote:
>
>> Just needed to add the Internet Server  Interface Control with my APRS
>> Passcode.
>>
>> Who knew? Well now I do!
>>
>> 73
>> Den
>>
>> On 2/15/2017 9:12 AM, Den wrote:
>>
>>> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My
>>> tracker shows up on the Xastir map as it should. The issue is Xastir will
>>> not iGate. It will digipeat but not iGate.
>>>
>>> The Pi is WiFi to my local internet router which looks OK... I have gone
>>> over the settings multiple times with out success.
>>> Using a different rig / computer etc. my tracker gets iGated without
>>> issue. Switch to the Pi and no luck.
>>>
>>> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a
>>> successful digipeat) and -3 the other computer running APRSIS32 with many
>>> igates.
>>> You can find me on aprs.fl.
>>>
>>> Any help would be appreciated.
>>>
>>>
>> ___
>> Xastir mailing list
>> Xastir@lists.xastir.org
>> http://xastir.org/mailman/listinfo/xastir
>>
>
>
>
> --
> Curt, WE7U
> http://we7u.wetnet.net
> http://www.sarguydigital.com
> ___
> Xastir mailing list
> Xastir@lists.xastir.org
> http://xastir.org/mailman/listinfo/xastir
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

Re: [Xastir] FIXED No iGate, please help

[Curt Mills]

Good deal!

On Wed, Feb 15, 2017 at 7:08 AM, Den  wrote:

> Just needed to add the Internet Server  Interface Control with my APRS
> Passcode.
>
> Who knew? Well now I do!
>
> 73
> Den
>
> On 2/15/2017 9:12 AM, Den wrote:
>
>> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My
>> tracker shows up on the Xastir map as it should. The issue is Xastir will
>> not iGate. It will digipeat but not iGate.
>>
>> The Pi is WiFi to my local internet router which looks OK... I have gone
>> over the settings multiple times with out success.
>> Using a different rig / computer etc. my tracker gets iGated without
>> issue. Switch to the Pi and no luck.
>>
>> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a
>> successful digipeat) and -3 the other computer running APRSIS32 with many
>> igates.
>> You can find me on aprs.fl.
>>
>> Any help would be appreciated.
>>
>>
> ___
> Xastir mailing list
> Xastir@lists.xastir.org
> http://xastir.org/mailman/listinfo/xastir
>



-- 
Curt, WE7U
http://we7u.wetnet.net
http://www.sarguydigital.com
___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir

[Xastir] FIXED No iGate, please help

[Den]

Just needed to add the Internet Server  Interface Control with my APRS 
Passcode.


Who knew? Well now I do!

73
Den

On 2/15/2017 9:12 AM, Den wrote:
I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My 
tracker shows up on the Xastir map as it should. The issue is Xastir 
will not iGate. It will digipeat but not iGate.


The Pi is WiFi to my local internet router which looks OK... I have 
gone over the settings multiple times with out success.
Using a different rig / computer etc. my tracker gets iGated without 
issue. Switch to the Pi and no luck.


Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a 
successful digipeat) and -3 the other computer running APRSIS32 with 
many igates.

You can find me on aprs.fl.

Any help would be appreciated.



___
Xastir mailing list
Xastir@lists.xastir.org
http://xastir.org/mailman/listinfo/xastir