Re: [gentoo-user] problem installing confluent-kafka from guru
Il Dom 27 Feb 2022, 10:34 Anatoly Oreshkin ha scritto: > > > сб, 26 февр. 2022 г. в 03:40, Alessandro Barbieri < > lssndrbarbi...@gmail.com>: > >> Il giorno mar 22 feb 2022 alle ore 08:02 Anatoly Oreshkin < >> anatoly.oresh...@gmail.com> ha scritto: >> >>> Hello, >>> >>> I am a newbie to Gentoo. >>> As end user I am using package confluent-kafka from guru repository. >>> To install it I have performed the following steps in command line: >>> [...] >>> 6. modify >>> /var/db/repos/guru/dev-python/confluent-kafka/confluent-kafka-1.7.0.ebuild >>> change PYTHON_COMPAT=( python3_8 ) -> PYTHON_COMPAT=( python3_9 ) >>> sed -i 's/python3_8/python3_9/g' >>> /var/db/repos/guru/dev-python/confluent-kafka/confluent-kafka-1.7.0.ebuild >>> >> >> sorry but you can't do this, you have to stick with python3.8 >> I plan to update the openstack packages next month after I graduate >> > > > If I don't change PYTHON_COMPAT=( python3_8 ) -> PYTHON_COMPAT=( > python3_9 ) then > I will not able to install dev-python/confluent-kafka using emerge. > This isn't true, I can install it as-is in my system and in my test chroot. You have to set your python targets to python3.8 > By the way what is the link between openstack packages and > dev-python/confluent-kafka ? > confluent-kafka is a test dependency >
Re: [gentoo-user] strange errors in http log, what can/should I do about it.
On 2/28/22 5:04 AM, Adam Carter wrote: If you put that url in a browser does it show your passwd file? I assume because the logs say 200 it will. If so shut down the httpd and reset all the passwords Note the question mark after the leading slash. As such, the path traversal component is for a query parameter, named f / file / filename / id. There is a reasonable chance that the web server returned the index / default page for the document root and that the query parameter didn't actually change any thing. With this in mind, it would be normal to return a 200 status code for the index / default page for the document root. Check your httpd config… seems odd that an old attack like this would still work. If this did return the actual contents of /etc/password then there is quite likely a different problem in that the index / default page is accepting query parameters as paths, independent of the HTTP daemon. Aside: +1 to everything that Stefan S. said. -- Grant. . . . unix || die
Re: [gentoo-user] Reproducible Installation Lists?
On Monday, 28 February 2022 13:38:52 GMT Neil Bothwick wrote: > On Sat, 26 Feb 2022 16:41:55 +, Peter Humphrey wrote: > > > After reading the responses in the thread, this appears to be one way > > > to do it. Though I think adding it to a set could be a cleaner way? I > > > haven't tried all of the suggestions yet. > > > > In passing, I thought I'd mention that I keep most of my packages in > > sets: core, base, xorg, plasma, apps and utils. My world file only gets > > used for temporary or experimental things: it has one entry at the > > moment. > > I use a set for temporary installs, saves polluting the word file. From > time to time I check the set and either remove packages or move them to > world or another set. So this operation is commutable, as well as arithmetic etc. That is to say: A=B is the same as B=A. Well, sort of... -- Regards, Peter.
Re: [gentoo-user] Reproducible Installation Lists?
On Sat, 26 Feb 2022 16:41:55 +, Peter Humphrey wrote: > > After reading the responses in the thread, this appears to be one way > > to do it. Though I think adding it to a set could be a cleaner way? I > > haven't tried all of the suggestions yet. > > In passing, I thought I'd mention that I keep most of my packages in > sets: core, base, xorg, plasma, apps and utils. My world file only gets > used for temporary or experimental things: it has one entry at the > moment. I use a set for temporary installs, saves polluting the word file. From time to time I check the set and either remove packages or move them to world or another set. -- Neil Bothwick Shell to DOS... Shell to DOS... DOS, do you copy? Shell to DOS... pgpJiU7m2xgMU.pgp Description: OpenPGP digital signature
Re[2]: [gentoo-user] strange errors in http log, what can/should I do about it.
Montag, 28. Februar 2022 13:04: > On Monday, February 28, 2022, John Covici wrote: >> I got the following error this morning during my logwatch processing >> which I run daily and I would like to know if there is anything I can >> should do about it? Seems to me it could be serious, if someone has >> penetrated my server. >> A total of 4 possible successful probes were detected (the following >> URLs >> contain strings that match one or more of a listing of strings that >> indicate a possible exploit): >> /?f=../../../../../../../../../etc/passwd HTTP Response 200 >> /?file=../../../../../../../../../etc/passwd HTTP Response 200 >> /?filename=../../../../../../../../../etc/passwd HTTP >> Response 200 >> /?id=../../../../../../../../../etc/passwd HTTP Response > If you put that url in a browser does it show your passwd file? I assume > because the logs say 200 it will. If so shut down the httpd and reset all > the passwords > Check your httpd config… seems odd that an old attack like this would still > work. If /etc/passwd still contains passwords in a usable format, you've > asked to be hacked for a long time. Assuming that the actual passwords are in /etc/shadow, you might still want to take a look at changing the usernames stored in /etc/passwd, because now the attacker knows which accounts to target. account1:x:1023:1024:...:/home/account1:/bin/bash account2:x:244:244:...:/home/account2:/sbin/nologin If I had to get into your system, I'd concentrate on account1, as it has an actual login shell, which might be used by a human, so it might even use an "easy" password. s.
Re: [gentoo-user] strange errors in http log, what can/should I do about it.
On Monday, February 28, 2022, John Covici wrote: > I got the following error this morning during my logwatch processing > which I run daily and I would like to know if there is anything I can > should do about it? Seems to me it could be serious, if someone has > penetrated my server. > > A total of 4 possible successful probes were detected (the following > URLs > contain strings that match one or more of a listing of strings that >indicate a possible exploit): > > /?f=../../../../../../../../../etc/passwd HTTP Response 200 > /?file=../../../../../../../../../etc/passwd HTTP Response 200 >/?filename=../../../../../../../../../etc/passwd HTTP > Response 200 >/?id=../../../../../../../../../etc/passwd HTTP Response > If you put that url in a browser does it show your passwd file? I assume because the logs say 200 it will. If so shut down the httpd and reset all the passwords Check your httpd config… seems odd that an old attack like this would still work.
[gentoo-user] gnu-screen split region can't invoke shell
Is it a bug that the gnu screen itself can't invoke a shell automatically after running 'Ctrl-a S' ?
Re: [gentoo-user] Reproducible Installation Lists?
On Saturday, 26 February 2022 16:41:55 GMT Peter Humphrey wrote: > On Saturday, 26 February 2022 14:19:15 GMT Ramces Tampo-og Red wrote: > > --->8 > > > After reading the responses in the thread, this appears to be one way to > > do it. Though I think adding it to a set could be a cleaner way? I > > haven't tried all of the suggestions yet. > > In passing, I thought I'd mention that I keep most of my packages in sets: > core, base, xorg, plasma, apps and utils. My world file only gets used for > temporary or experimental things: it has one entry at the moment. It's proved useful in an existing system too this weekend. One box hadn't been updated for 9 months, and my usual update routine stumbled over lots of blocks. So: emerge -u @core (without D, notice), emerge -u @system, recompile the kernel, emerge -u @world. And now emerge -uaDvN @world is running with 190 packages to update. Saved a reinstallation. -- Regards, Peter.
[gentoo-user] strange errors in http log, what can/should I do about it.
I got the following error this morning during my logwatch processing which I run daily and I would like to know if there is anything I can should do about it? Seems to me it could be serious, if someone has penetrated my server. A total of 4 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?f=../../../../../../../../../etc/passwd HTTP Response 200 /?file=../../../../../../../../../etc/passwd HTTP Response 200 /?filename=../../../../../../../../../etc/passwd HTTP Response 200 /?id=../../../../../../../../../etc/passwd HTTP Response 200 Thanks in advance for any suggestions. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una cov...@ccs.covici.com