Re: Return a Debian system to a pristine state
this has been an interesting topic, so what the hell, here's my two cents. for my vm's, i have a list off packages that i install as soon as the minimum/base install and reboot is done. 4 vm's, testing, stable, centos7, opensuse. i have no gui's on these only cli, just need to know how to configure things for other os's than debian and it becomes a simple cut and paste to get a system to be at what i need. have a home partition, not just a home dir, and back it up often with a timestamp on it, and do a --get-selections and dump it to a file that you back up also. also doing that is an easy way to compare what was installed and what is now installed. keep sensitive config files in a spot that you know is going to be backed up or on your home partition so they aren't overwritten with a new install. there was a suggestion about using a live distro to make a back up right away, never done it before, yet this is a great idea. i believe that someone (smarter than me) could write a simple script to put all user installed programs into a file and then reinstall them after a full-reinstall. i.e. bash_install_script.sh check if su add package to list continue with the install take care em
Re: Persistent sshfs mount from inside a Buster virtual machine?
nate, my instructions are for system wide for kvm(qemu) not vbox. when i look at your config file that you posted there is "ServerAliveCountMax=5". i've had looked at all the man files that i can think of and can't find anything like that. don't know if it's a vbox command or what. yet it seems suspicious to me. since i only have one user on each vm i don't really have to worry about the perms on the files. sorry couldn't help more em
Re: Persistent sshfs mount from inside a Buster virtual machine?
nate, to your question. no. i have a couple of different logins to my vms for some reason that's why i have $USER in the bottom of my first reply, so bear with me. what i did was to mkdir $whatever on the host machine. and then on the vm's i made the same dir $whatever, on the vm i then put the config file "home-$USER-share.mount", (i just named it '...mount' so that i knew what it was.), into /etc/systemd/system/. . i then did an sshfs from vm into host from the $USER with the rsa key. i then changed to root and ran an sshfs with the $USER@hostname, it will connect if you have your rsa keys set up right. (why i had to do this as root???) i then did a reboot on the vm to see if it would startup correctly and mount what i wanted it to. make sure that you change the perms on the file that you are putting into /etc/systemd/system/ "644". you might just have to have it 444, read-only, depends on the system, just checked mine and they have different perms depending on distro. pull up and tail journalctl -xe and take a look to see if it's starting properly. if you do a 'systemctl status filename' (what you named the config file that you put into /etc/systemd/system/) and it will tell you if it's running or not. if it's not running, do a 'systemctl start filename' and look at the journalctl to see what it's saying. you can also tail your host's /var/log/auth.log and watch that to see if you're logging in or if you are getting ejected on the host. biggest things that i learned from messing around with this is- make sure the $USER is correct in the config file make sure that the perms are correct. (i would start with 444) make sure that you have the config file pointing to the proper id_rsa file run sshfs as both the $USER and then root- sshfs $USER@hostname i hope that that helped some. em
Re: Persistent sshfs mount from inside a Buster virtual machine?
nate, i did not log in as root. just used root to call $USER@hostname thought that i would make that clear. take care, good luck em
Re: Persistent sshfs mount from inside a Buster virtual machine?
hello nate. i had a problem with setting this up in the first place and now it's working great for me. i have 4 vm's, debian: stable, testing, centos and opensuse. i think that suse was the worst to get it going. here is mine from testing(bullseye/sid) [Unit] Description=sshfs_mount share #Requires=network-online.target #After=remote-fs.target [Mount] What=emetib@192.168.122.1:/home/emetib/programming/share/ Where=/home/chadb/share Type=fuse.sshfs Options=IdentityFile=/home/chadb/.ssh/id_rsa,allow_other,follow_symlinks,_netdev and from my stable(8.11) [Unit] Description=sshfs_mount share Requires=sshd.service [Mount] What=emetib@192.168.122.1:/home/emetib/programming/share/ Where=/home/chadb/share Type=fuse.sshfs Options=IdentityFile=/home/chadb/.ssh/id_rsa,allow_other,follow_symlinks,_netdev [Install] WantedBy=multi-user.target why the testing doesn't complain about not having the [Install] i don't know. i wrote this down so the next time it would be much much simpler. for home-$USER-share.mount need -- fuse, sshfs mkdir /home/$USER/share make sure that the $USER is correct in the mount point and where the id_rsa file is pointing to chmod 644 the file once it gets put where it's supposed to go -- /etc/systemd/system/ run sshfs as the $USER and sudo/root to make sure it is initialized -- for opensuse; you will have to enable this with -- "systemctl enable home-$USER-share.mount" as sudo/root journalctl -xe(?) is your friend on this. i don't know why i had to also use root (initalization), yet it kept messing with me if i didn't. haven't posted for a while, so hopefully i helped take care em
Re: update bios from debian
On Wednesday, March 7, 2018 at 10:00:05 PM UTC-6, emetib wrote: > has anyone tried to update their bios from debian or linux in general? > > i've looked at these pages -> > https://wiki.debian.org/FlashBIOS > https://support.lenovo.com/us/en/downloads/DS038945 > > and have downloaded the packages that they say to get, and have also > downloaded the new bios from lenovo's website. > > don't really want to turn my laptop into a brick, so i'm curious if anyone > has done this before, and if so anything that i should worry, not worry > about? > > the lenovo site say to just click on the .exe, yet i don't know if it needs > windows to do the install or not. > > any thoughts? > thanks. > em found a cd image, yet don't have any cd's to burn one to. i only use usb sticks now. doing more searching and it seems others have updated their bios' from linux, so i'll keep reading. thank you.
Re: update bios from debian
On Wednesday, March 7, 2018 at 10:00:05 PM UTC-6, emetib wrote: > has anyone tried to update their bios from debian or linux in general? > > i've looked at these pages -> > https://wiki.debian.org/FlashBIOS > https://support.lenovo.com/us/en/downloads/DS038945 > > and have downloaded the packages that they say to get, and have also > downloaded the new bios from lenovo's website. > > don't really want to turn my laptop into a brick, so i'm curious if anyone > has done this before, and if so anything that i should worry, not worry > about? > > the lenovo site say to just click on the .exe, yet i don't know if it needs > windows to do the install or not. > > any thoughts? > thanks. > em don't have a lenovo cd. don't know if i ever got one, i'll have to take a look around for one online.
update bios from debian
has anyone tried to update their bios from debian or linux in general? i've looked at these pages -> https://wiki.debian.org/FlashBIOS https://support.lenovo.com/us/en/downloads/DS038945 and have downloaded the packages that they say to get, and have also downloaded the new bios from lenovo's website. don't really want to turn my laptop into a brick, so i'm curious if anyone has done this before, and if so anything that i should worry, not worry about? the lenovo site say to just click on the .exe, yet i don't know if it needs windows to do the install or not. any thoughts? thanks. em
Re: Why I can not install software on debian easily?
> I don't know if the laptop in question can support it, but I'll > investigate having Grub (LILO?) menu present a choice of > desktops. you should be able to change the de from your login screen, if you're not doing auto login that is. em
Re: Installing/running non-Debian executables
> > "Right click" does several things, but not adding an item to an > existing menu. try this- https://packages.debian.org/search?keywords=menu i've used that in the past and seems to do what you're looking for. em
Re: Why I can not install software on debian easily?
On Sunday, December 18, 2016 at 8:20:04 PM UTC-6, john cusey wrote: > Why I can not download a .deb file, click it and it installs? > linux treats executable files/programs differently than windows. thus more secure. > I have computer science degree and I still trying to do this. > a piece of paper doesn't make you smart. > Time to go back to Windows. > John good. welcome to the world of not hand holding to be able to make things actually work. em
Re: [Newbie] Can ls command format output my way?
> > This Vortex won't last long enough. it only feels like -40 f where i'm at. > Several of the responses I've received are opening my eyes to > what can be done with some straight forward (if not simple) shell > commands. the beauty of the cli em
Re: [Newbie] Can ls command format output my way?
something else that you could use is 'locate' it's on most systems nowdays and it updates each night from cron. it's not as cpu intensive and you can update is quickly with 'updatedb'. if you're just searching removable media, as in your /media/... example then find would be better. i prefer locate to find when searching the entire system. em
Re: ssh doesn't work.
> > Sorry, you have to stop this. Now! > > I thought that to be a basic manner as the original questioner. > Why do you think isn't that good? > Everybody else, how do you think? he's saying don't change 4 things at once. change one, test change another, test that's how you trouble shoot. then you know what steps you have to take to make things work the next time around.
Re: ssh doesn't work.
On Wednesday, December 7, 2016 at 11:40:04 AM UTC-6, EenyMeenyMinyMoa wrote: > > $ ls -ls /home/testac/.ssh > total 12 > 4 -rwx-- 1 u1 u1 776 Dec 8 11:05 authorized_keys > 4 -rw-r--r-- 1 u1 u1 388 Dec 6 11:57 id_rsa_test.pub > 4 -rwx-- 1 u1 u1 444 Dec 6 20:46 known_hosts > check the perms on ~/.ssh should be 700, dwrx-- and your authorized_keys should be 644, -rw-r--r-- and then try again good luck em
Re: OT: Read-Only NFS-mounted Debian System for Library Kiosk PCs, using KACE K2000 as PXE?
kent, i just looked up quest k2000 and there is no mention of linux at all. are you looking at changing the whole system and putting linux on it? trying to have microsoft give a tftp linux image?
Re: systemd-journald fails
hey rainer yeah i wouldn't go with sid, it's fun to play around with yet not for a server install. sysinit vs systemd is up to you. i haven't had a problem with systemd, it's just another thing that you have to read about to get the hang of it. you will have to forgive me for not reading all the way through your original post and not noticing that this is a hosted system. i took a look at my virtual testing machine's '/lib/systemd/system/systemd-udev.service' -- 17 [Service] 18 Type=notify 19 OOMScoreAdjust=-1000 20 Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket 21 Restart=always 22 RestartSec=0 23 ExecStart=/lib/systemd/systemd-udevd 24 KillMode=mixed 25 WatchdogSec=3min 26 TasksMax=infinity 27 MountFlags=slave 28 MemoryDenyWriteExecute=yes 29 RestrictRealtime=yes see if yours are similar. take a look at 'man systemd-udevd.service', it doesn't talk about the service arguments, yet gives references to other man pages. em
Re: systemd-journald fails
quick question for you. if you wanted to have stretch, why did you install jessie and then upgrade instead of just installing stretch? https://www.debian.org/devel/debian-installer/ i've personally found it's better to just install the testing image right away instead of doing a dist-upgrade. that way if somethings do change, like going from sysinit to systemd, things are all ready in place. take a look at this forum for all of the discussions on sysinit vs systemd. take care em
Re: systemd-journald fails
On Sunday, December 4, 2016 at 5:10:04 PM UTC-6, deloptes wrote: > /dev/log ? try and take a look at 'journalctl -b 0' that might give some info or you can look at '/var/log/messages' and/or '/var/log/syslog'. those last two kind of depends on how your systemd is set up. take care em
Re: arm people distributing images with user 1000 already allocated, please stop that
> > [use sudo] > > > > > The last time I tried that, some years ago, it demanded the old > > > passwd first. I think that was about Red Hat 7.1's day. I'd been > > > using it since 1998 and 5.0. > > > > > > > i hope that this helps some for future reference. > > > > > > If no pw is needed, great. > > > > `passwd` invoked as the root user does not require you to provide the > > current password. You can set the password for any user, including the > > default user of root. So you would need to invoke 'sudo passwd' to > > change/set the root password without being prompted for the existing > > one. > > That policy has been changed then. Its been quite some time, possibly a > decade or more since I have attempted that procedure. The last time I > tried that, I was asked for the old password, and having forgotten it, > was refused. I wound up taking that drive to another machine and > removing the root pw in both passwd and shadow files. Then I could set > a new one and did when the drive was re-installed in the machine it ran. > > Cheers, Gene Heskett i believe that gene is correct on this. checking with a couple of virtual machines that i have, have found that just with the 'sudo shutdown -r now' command the passwd changes. debian testing -- asks for the user's passwd centos7 -- asks for the user's passwd mageia -- asks for user's passwd opensuse leap -- asks for root's passwd personally i think that every distro should ask for a root passwd and one username upon installation. from there the sysadmin can assign people what privileges by putting them in whatever group, and then assign that group in /etc/sudoers.
Re: arm people distributing images with user 1000 already allocated, please stop that
gene i can understand your pain. one of the reasons that i don't necessarily like sudo systems. one of the first things that i do when i have a sudo system, ubuntu, lmde, raspbian, is to 'sudo su' and then 'passwd' to actually set a root password. i have found that this has remedied the situation that you have described here. with doing the above you wouldn't have to mount the sd somewhere else, you just make a new password for root. i hope that this helps some for future reference. take care em
ls -l / question in jessie
why do the sym links in ls -l / point to /boot/ and boot/ lrwxrwxrwx 1 root root31 Jun 3 10:34 initrd.img -> /boot/initrd.img-3.16.0-4-amd64 lrwxrwxrwx 1 root root27 Jun 3 10:34 vmlinuz -> boot/vmlinuz-3.16.0-4-amd64 is this just a fluke in the way that the two of them were made? cat /etc/debian_version 8.6 cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 8 (jessie)" yet in stretch/sid they are both pointing to just boot/... lrwxrwxrwx 1 root root29 Sep 19 13:50 initrd.img -> boot/initrd.img-4.6.0-1-amd64 lrwxrwxrwx 1 root root26 Sep 19 13:50 vmlinuz -> boot/vmlinuz-4.6.0-1-amd64 any ideas? thank you em
Re: Why? -- "A Modest Proposal"
Thomas Schmitt wrote: > [man page or wiki] either, both, all documentation. yes i know that these, updating documentation, can take a considerable amount of time, especially with the amount of programs/packages that there are available to, especially debian, linux. just looking at my system, ls /bin/, /usr/bin, /usr/local/bin, /sbin/, /usr/sbin/ | wc -l equals 2680. huge undertaking for just a static system. now update for different versions of the program/package, stable, testing, unstable, fedora, centos, opensuse, ... = really big number. >From the view of the developer it is not that easy. >It is very demanding to document a program which one does not know on >source level. understandable. yet, couldn't a review of the docs be achieved with each security update? maybe this thread show be forwarded to the FSF so they can think about putting things on the so-called 'same page'.
Re: Why? -- "A Modest Proposal"
flame war- man pages vs info pages? open source documentation vs closed source documentation? yes some of them need to be updated. yes there are wiki's that you can contribute to. yet as someone said, 'someone else can do it'. heard that too many times from too many people. why isn't it 'i will take an hour to update this little piece of documentation'. is it that the one's in charge of keeping the docs think that they know best and the docs are fine how they are? personally when i release code to the public, i have notes threw out to tell others what is supposed to be happening. this also helps me three years later when i look at updating it. lets me know what i was thinking at the time. how about this old one- RTFM just my two cents. (just glad that i can say that still)
Re: reportbug and GMail SMTP servers
from the link that i posted earlier- https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/ you are supposed to have these in your main.cf- relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt which i don't see in your paste.debian.net... from me configuring a couple of different virtual machines to use googles smtp you are going to have to change the line- smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd in debian to- smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd for some reason, that i don't know, in my two debian virts- cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 8 (jessie)" dpkg -l | grep postfix ii postfix 2.11.3-1 cat /etc/os-release PRETTY_NAME="Debian GNU/Linux stretch/sid" dpkg -l | grep postfix ii postfix3.1.3-1 the extra dir- /etc/postfix/sasl is created and then you have to run- postmap /etc/postfix/sasl/sasl_passwd to make things work properly. for your actual google settings you are going to have to go to- https://support.google.com/accounts/answer/6010255?hl=en and work your way through that. test your system by sending an email to another one of your email addresses from the machine that you are trying to send from (the one you're having problems with) mail -s test.hostmachine email.address once that is done then you can go back and flip the switch back to shut off the 'less secure' in your google account (worked for mine anyway) i have 6 virtuals of different distros that i have set up to relay through google.smtp for testing purposes by using that howtoforge link. check the change logs on what might have changed in postfix when you did your dist-upgrade (if postfix upgraded) and then trouble shoot it from there. google is your friend please remove my email address from your replies and only reply to this group instead of all thank you em
Re: Shudown And Restart Issue
gene, it depends on what distro that you are running for the different init levels. 0 - shutdown/shutoff, i believe this is the same across the board 1 - single user mode, usually root, also rescue mode, no networking. for debian, this is what you will boot into when your system doesn't boot all the way up and it asks you to enter the root passwd or type ctrl-D. some other distro are 2 or 3 2, 3, 4 - these are different depending what distro again. i believe that debian networking starts up on 3 5 - is usually the standard run level for all distro's. multi-user, networking, GUI... 6 - reboot look at telinit(8) and it will tell you. em
Re: Shudown And Restart Issue
> Lisi they are basically the same thing man telinit - DESCRIPTION telinit may be used to change the SysV system runlevel. Since the concept of SysV runlevels is obsolete the runlevel requests will be transparently translated into systemd unit activation requests. man init - DESCRIPTION systemd is a system and service manager for Linux operating systems. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. For compatibility with SysV, if systemd is called as init and a PID that is not 1, it will execute telinit and pass all command line arguments unmodified. That means init and telinit are mostly equivalent when invoked from normal login sessions. See telinit(8) for more information. When run as a system instance, systemd interprets the configuration file system.conf and the files in system.conf.d directories; when run as a user instance, systemd interprets the configuration file user.conf and the files in user.conf.d directories. See systemd-system.conf(5) for more information. so you could save three keystrokes by calling init itself em
Re: reportbug and GMail SMTP servers
On Saturday, November 5, 2016 at 4:00:03 PM UTC-5, Sophoklis Goumas wrote: > > > On Saturday, November 5, 2016 at 9:50:04 AM UTC-5, Sophoklis Goumas wrote: > > ... > > > >> > >> Does one need to to enable adjust appropriately the "Allow less secure > >> apps" setting [1] ? > >> > > yes > > > > https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/ > > > > Exactly what type of "tighter security" Google is compatible with > with which reportbug cannot comply? > > Are reportbug bug reports: > #810933 [1], #412914 [2], #539157 [3], #825408 [4] anyhow related? > > Sophoklis > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810933 > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412914 > [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539157 > [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825408 i'm not a sysadmin, yet from what people are saying in there reports, no. when is the last time that you used this before this rejection? are you using postfix, exim, ? what are you using for your localhost mailing system? have you updated your localhost mail system lately? have you changed your gmail passwd lately? gmail only supports up to 500 relays a day, are these failed attempts counting? have you looked at these to make sure that things are ok? https://support.google.com/mail/answer/7126229?p=BadCredentials=2#cantsignin https://support.google.com/accounts/answer/6010255 as henning wrote, you're having an authentication issue. what have you changed lately?
Re: Shudown And Restart Issue
you can also do as root # to reboot/restart telinit 6 # to shutdown telinit 0
Re: reportbug and GMail SMTP servers
On Saturday, November 5, 2016 at 9:50:04 AM UTC-5, Sophoklis Goumas wrote: > Hello. > > Anybody else having troubles when using GMails' SMTP servers? > no > Does one need to to enable adjust appropriately the "Allow less secure > apps" setting [1] ? > yes https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/
Re: pen testing beginner
first, thank you all for your honest input on this. shawn wilson wrote: "I'll caveat my response by saying I'm not in this field - I'm a lowly sysadmin :) " i was asked one time what i wanted to do with my linux knowledge and replied that i wanted to be a sys admin and not a programmer. told this gentleman that i know that i would need some programming to be a better sys admin, yet didn't want to just program. i have a high level of respect for sys admins, since they need to know alot more than just programming. i've met many programmers that can't set up a mail server, etc..., properly. "A word on certs - don't get them until someone is paying you to do so (with the exception of RHCE and OSCP)." for the OSCP, i was looking at getting this down the road. for the RHCE, i don't know if i want to focus on a specific distro cert. i was looking at the LPI cert since it isn't distro specific. i don't know if one is better than the other, RH, LPI, LFS... i do know that RH is a leader in enterprise systems, yet i believe that having cross distro knowledge would be better. thoughts on this would be nice to hear. cindy-sue causey wrote: " I did local tech school in 1999, and... was pretty much bored." when i took the linux security class, community college, it was very general. it seemed that the instructor liked to talk more about what he had done in general with his linux experience instead of the hardening of the system. the students seemed to be impressed with my knowledge of linux at the time, yet they also knew nothing about linux in the first place. and as you, i was pretty bored with what i was/wasn't learning in the class. david christensen wrote: "If you are serious about this, go get yourself a degree in computer science." i can understand what you are saying about this. the process that is laid out on a specific course path and the steps that it takes, going from the ground floor to the upper limits of learning/knowledge. don't know about brick and mortar, would have to move as to there is not much for advanced learning on this subject in rural iowa. i have looked at some of the online colleges though, i just don't know how they stack up to being in an actual class room setting. i would hope that they are comparable. don't know if i want that extra $KK of debt at this time, even though it could be made up for in future earnings. as to the specifics that cindy-sue asked about, i'm thinking more about cyber-security and hardening systems. one of the reasons that i'm looking at pen testing is for this, understanding the vulnerabilities of a system and then be able to tighten them up, maybe throw some cryptography in there. also, when i did have my server, i was more interested in making sure that i was following proper protocols to setting things up. i.e. didn't want my mail server being bounced from others for not having the spf's set up correctly, etc, etc. shawn, yes the web has great offerings for learning. i have downloaded many books in pdf to start my learning. just a few- debian handbook, i think everyone should read it multiple books on pen testing with kali linux multiple books and white papers on selinux man pages and info file are always at my finger tips. the book that i'm reading right now, 2013 the basic of hacking and pen tesingmade easy, has talked about CVE's and RFC's and seems like something that i will have to check into more in depth. i have made a list of things that i have to read more on each time something new comes up. sometimes i go read it right away, sometimes i wait until that section is done and then go read it. as you said, read, find out more, return etc... again, thank you all for your input and if you have anything else to contribute to the comments that i made everything is appreciated. take care em
pen testing beginner
hello everyone, have been a linux only person since before 2000 (late 2.2 early 2.4 kernels), yet haven't done much with it in the last ten years. when i did do more with it, it was a in depth hobby that i enjoyed learning and playing around with. now that i'm getting up in years and have beat up on my body from being a carpenter i'm looking at getting back into it and into pen testing. from what i have been reading lately i'm going to have to know quite a bit about a couple of different things that i didn't jump to deep into before, programming and networking especially. for the programming part-- i can read the manuals and papers on how to make programs work and change how they operate with different calls on the cmd line. yet when it comes to writing actual programs, i.e. python, bash (not just linking things together in a script, yet writing operational parameters) i sometimes run into walls, especially with python. for the networking part-- i know basically how machines talk to each other and basic routing, yet, i don't know about the operational specifications, i.e. osi model (which i'm reading now, as to these questions being asked), and other networking concepts, packets, priorities, cidr addressing, etc. basically my questions are, how in depth into both, networking and programming am i going to have to delve? i have given myself a four year window on this learning cycle and am curious about going about it. should i learn one then the other, if so which one first? should i learn them at the same time so that they compliment each other? should i learn them as i read farther into the pen testing books that i have found online? i started out with mandrake 7 and then jumped into debian (because they had the best package management at the time) and have stuck with it since. i had a domain name, with http, https, mail(postfix), dns and such running on my server, along with a backup server and a byo firewall(soekris 4511), so i know about basic routing principles and how to set up a server to get things working properly. right now i have a dual boot, three partition system going on, linux mint debian edition, kali linux, and a shared partition that i keep things on that i use in both, music, virtual machines, config files, etc. i even took a linux security class back in the day. looking at getting another domain name and building my home system(s) again. please just give advice and not right or wrong opinions on what i maybe trying to do with my options and if i should actually take some classes to augment my self learning. thank you. em
Re: Best practices for updating systems over extremely slow links
hello. don't know how many different set ups that you have going on in the boondocks, yet if they are basically all the same you could install a virtual machine(s) at your location that copies what is at your distant locations. this is from page 108 of the debian handbook(comments added) - Installing the same selection of packages several times It can be useful to systematically install the same list of packages on several computers. This can be done quite easily. First, retrieve the list of packages installed on the computer which will serve as the “model” to copy. dpkg --get-selections > pkg-list The pkg-list file then contains the list of installed packages. Next, transfer the pkg-list file onto the computers you want to update and use the following commands: ## Update dpkg’s database of known packages # avail=‘mktemp‘ # apt-cache dumpavail > ”$avail” # dpkg --merge-avail ”$avail” # rm -f ”$avail” ## Update dpkg’s selections # dpkg --set-selections < pkg-list ## Ask apt-get to install the selected packages # apt-get dselect-upgrade The first commands records the list of available packages in the dpkg database, then dpkg --set-selections restores the selection of packages that you wish to install, and the apt-get invocation executes the required operations! aptitude does not have this command. so with this you could basically mirror your remote system running as a virtual guest. with this do can do an 'apt-get -d upgrade' (on virtual system) this will only download your packages and then you can tar.gz them up and rsync that to the remote systems and unpack in /var/cache/apt/archives/ and then 'apt-get upgrade' (on remote system). if you set up a cron job to 'apt-get update' on the remote systems (before you rsync the tar.gz) then you could just write a script that 'upgrades' on them when the rsync is done. for the individual package updates you could push those on an as needed basis to upgrade what you needed. depending on the variety of your remote systems, you could probably get away with having all of the variants installed on one virtual system, and then push the same tar.gz file to all of them and they will only install what is needed from what is in the archive dir.
Re: anyone having problems with python on debian testing
running as root to get the journal. no errors.
Re: anyone having problems with python on debian testing
michael, it's not any modules that i know of. only using re for the three scripts that i'm using. as stated it's working on all of my other virts, so i'm not that worried about it right now. i can't make anything crash. it's just the output from the third that's not getting wrote to the file, and that i can't explain right now. thank you though em
Re: anyone having problems with python on debian testing
yeah, i don't know what to say. started to use my stable virt for working on. it's just the last part of a list comparison that's bothering me. if you have journalctl going you can check out the scripts -- https://drive.google.com/open?id=0BwhDqxZzf5XHMk1na1VNMWFtTDA -- it's the last one that should write to the file, yet it's not. all other virts that it's tested on do.
Re: anyone having problems with python on debian testing
well thank you then ric. glad it's not after hours or i would be doing the same thing. no, i just noticed it today, and i can run the script on my other virtual machines without issue. it's just the debian testing that is the problem. whether i am calling -- python3 script or python script, or python3 >>> or python >>> and typing them in it's not working how it should. wasted a weekend thinking that i had messed up my code. so i was just wondering if others were having problems. i'm starting to think that it's gcc version for python that is giving me problems. yet i'm not that smart to figure it out.
anyone having problems with python on debian testing
is anyone having problems with their deb testing systems? i have a python3 script that isn't giving any output where the other linux systems that i have tested it on are. other systems have differing versions of python and what looks like gcc also. i'm thinking that it's something to do with gcc since if i run it with python or python3 it's not working. works on debian stable though. don't know how much info people want about what is happening. i would like to know if others are having any problems with their systems. thanks
Re: lynx - not all sites readable
personally i prefer links just seems to work better. especially if you install gpm also. make a great combo for terminal only browsing. henning -> because it would be fun. i've had to browse forums before using a text only browser trying to fix my X. it will make you a happy camper to have a graphic browser if you ever have to spend a couple of hours trying to find something on the web with a text browser. em
Re: Getting fqdn, postfix, Comcast to all play nice together
On Thursday, August 25, 2016 at 4:20:05 AM UTC-5, John T. Haggerty wrote: > I have the following issue (seems to be common although my details seem to > differ): > > 1. I recently registered a new domain as WWW.whatever.org or whatever. > > 2. Postfix gets installed. > > 3. "Internet site " is enabled fqdn added. > > 4. Email cannot be sent out to my Gmail address since it magically "times > out" when contacting the servers (even though telnetting to mine and Gmail's > works fine at port 25) > > 5. In theory thus should mean that they aren't blocking 25, and it should > work. > > 6. In the core wiki for Postfix I have the MX record of my server updated > from the registrar to mail.whatever.org (pita since it's dynamic and not > static). > > 7. I want to avoid using gmail's smtp and comcast's servers since I'd love to > host this on my own. > > How can this be accomplished in Debian (not Ubuntu, or something else)? (I > get irritated at Ubuntu specific explanations {which usually don't work} > getting all the search results) > > Any help would be appreciated as I spent ~3 days of work and wiping the > entire OS in case I went wrong somewhere. from what i have read in the past it's comcast(cable providers in general) that have their ports closed for people trying to run mail servers on home accounts, business accounts can have them. you could try to have your dynamic hostname provider send your incoming mail to a different port and then just configure your postfix to listen there. this might also work for your outgoing, yet not sure. check with comcast blocking what ports. sometimes they will block 80(http) also. good luck.
Re: ssh again
jorg wrote- Better command scp /home/whatever/file.jpg remote@hostname:/home/user/Pictures/ --- one thing that i've learned is that you should get in the habit when cping or mving is to add a ./ when copying, moving into a directory. i.e. cp /home/lisi/downloads/whatever.jpg /home/lisi/pictures/./ all that means is basically this directory. like the ../ meaning the directory one up. once you get into the habit of doing it you'll thank yourself especially once you start to get into funky namings of dirs that some people do on their computers. especially once you start spanning miles instead of rooms. take care em
Re: ssh again
On Tuesday, June 14, 2016 at 5:00:09 PM UTC-5, Dan Purgert wrote: > Lisi Reisz wrote: > > On Tuesday 14 June 2016 18:08:45 Brian wrote: > >> With avahi-daemon installed on both machines > >> > >> ssh hostname.local > >> > >> should just work. No messing with config files or anything like that. > >> > >> /etc/hosts is fine if you are more comfortable with it but an IP address > >> changing can make it a pain on the local LAN. > > > > Works a dream!! Thank you, Brian. That was a remarkably easy lesson! I > > might set a hosts file up as I was shown by emetib. It doesn't hurt > > to know both, and I might some time want to ssh into a machine that > > hasn't got avahi-daemon installed. > > > > But I can see that changing IPs around could be a pain - I have several > > machines that have two network cards for one reason or another, and I > > have assigned different IPs to different cards in the router. > > This is a little more "involved" than /etc/hosts or ahavi-daemon, but > you might consider isc-dhcp-server and bind9 on a box you designate as > "your server" (I have it on a spare desktop sitting in the corner). > > That way, > > - you don't have to mess with /etc/hosts as things change (e.g. got a >new computer) > - you don't have to worry about "oh, that one doesn't have >ahavi-daemon" > - you can use hostnames with networked device, including those things >that may not have hostfiles or a decent bonjour client (phones, >tablets, TVs, etc.) > - Other stuff I'm forgetting :) > - When you replace your router (or get a forced 'upgrade' from your >ISP), you don't have to deal with "fixing things" beyond the router >itself. > > -- > |_|O|_| Registered Linux user #585947 > |_|_|O| Github: https://github.com/dpurgert > |O|O|O| dan has a good point about having your own nameserver. yet with only three computers in your home network it's not necessarily needed. wait i did that before. they are easy to set up and if you do have a POS sitting around getting dusty then it's something to play with. you could do an ntp-server on it also for your private network. or just use a little used machine that is already on the network, or the most powerful one, it's up to you. both are easy to set up and you don't need to open up ports on your firewall since they are getting response packets. and it helps with the knowledge curve when you start to play with the dhcp and/or static addresses. maybe plug a wireless card into a pci slot and make your own wireless network. take care em
Re: ssh again
> > Lisi for you home network use /etc/hosts i.e 127.0.0.1 localhost 127.0.1.1 hestia 192.168.122.10 testing 192.168.122.11 stable 192.168.122.12 one-i386 this will make it so you can ssh user@hostname instead of ssh user@ipaddress. this works with scp and sftp also. take care
Re: ssh again
> That's my project after next - if I live that long!!! ;-) Probably a quick > way of getting rid of the rest of my hair. And/or turning it grey. > > Lisi lisi, hopefully this is to the list and not private. for your home network - /etc/hosts add the ipaddress followed by the hostname i.e. 127.0.0.1 localhost 127.0.1.1 hestia 192.168.122.10 testing 192.168.122.11 stable 192.168.122.12 one-i386 that will make ssh user@hostname work instead of user@ipaddress. also works with scp and sftp take care
Re: Rebuilding system after aptitude
Grep -e is the same as egrep. Read the man and you'll see.
Re: Portable Debian?
I know this is a little off topic, yet I wrote this a while back because of script kiddies messing with ssh on my server at the time. https://docs.google.com/document/d/1voXlQpos4uI0qhndcIunBew1mmQbwTPl07xG5JF8bNM/edit?usp=drive_web It checks your auth.log for people trying to get in that don't belong and sends an email to the isp hosting their ip address. Every little bit helps to keep the net safe. Take care.