<![CDATA[Dev1 Galaxy Forum / the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?id=6662 Sun, 04 May 2025 20:46:54 +0000 FluxBB <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=55495#p55495 opensnitch https://github.com/evilsocket/opensnitch is must have nowadays.

]]> Sun, 04 May 2025 20:46:54 +0000 http://dev1galaxy.org/viewtopic.php?pid=55495#p55495 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=53625#p53625 Nice tip Ron. ;-)

]]> Wed, 25 Dec 2024 21:22:25 +0000 http://dev1galaxy.org/viewtopic.php?pid=53625#p53625 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=53623#p53623 I'd suggest reading this: https://easylinuxtipsproject.blogspot.c … urity.html
It's just as applicable to Devuan (and any other Linux distro).

]]> Wed, 25 Dec 2024 16:52:58 +0000 http://dev1galaxy.org/viewtopic.php?pid=53623#p53623 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=53621#p53621 Hello:

Just a (belated) comment / heads-up:

aluma wrote:

... enough RAM (4 GB or more) ...

My Devuan Daedalus system runs on a box with a 120GB SSD and 8GB RAM.
As my conky swap file use always read nought, I decided to reduce it to 2.6GB just in case some application looks for a swap file.
I plan to reduce it further should I need more space in / or /home.

Long after that, I set up a tmpfs like you suggested.
It ran without a hitch till a couple of days ago when I had a system lock-up while streaming a video.
Something I had never encountered before and made me fear for my system's SSD.

After making a full Clonezilla image of my system drive, I had a look (among other things) at df -h and found that it was set up with a capacity of 3.9GB, something I was not aware of:

$ df -h
--- snip ---
tmpfs           3.9G   18M  2.0G   1% /home/groucho/.cache/mozilla/firefox
--- snip ---
$

This is 50% of the available physical system RAM in my box.
And the default value tmpfs claims when it is set up without specifying the desired size.
In this specific case, it was more than the amount assigned* to /dev/shm:

$ df -h | grep tmpfs
tmpfs           788M  800K  787M   1% /run
tmpfs           5.0M  8.0K  5.0M   1% /run/lock
tmpfs           2.1G     0  2.1G   0% /dev/shm
tmpfs           3.9G   20M  2.0G   1% /home/groucho/.cache/mozilla/firefox
tmpfs           788M  8.0K  788M   1% /run/user/1000
$

* apparently limited by the amount of available RAM in a system

Suspecting some sort of conflict (?) somewhere, I did some searching and found this tidbit which may be of use.

I have now set it up with a specified size of 2GB:

$ cat /etc/fstab
--- snip ---
tmpfs     /home/groucho/.cache/mozilla/firefox  tmpfs nosuid,nodev,noatime,user,uid=1000,size=2G  0  0
$ df -h
--- snip ---
tmpfs           2.0G   18M  2.0G   1% /home/groucho/.cache/mozilla/firefox
--- snip ---
$

I really don't really know if the two lockups I had were caused by my system using a 3.9GB tmpfs but I'll report back if I get another lock-up.

Best,

A.

]]> Wed, 25 Dec 2024 14:23:46 +0000 http://dev1galaxy.org/viewtopic.php?pid=53621#p53621 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50496#p50496 @devur

но архива 'r6a038wc.default-esr/cache2/' больше не существует.

Just look at its contents after launch Firefox.
In RAM, the cache will be created when Firefox is launched in a new session and, naturally, will disappear when the computer is turned off. In addition, it improves browser performanceь and reduces the number of rewrites of SSD drives..

]]> Thu, 13 Jun 2024 05:02:59 +0000 http://dev1galaxy.org/viewtopic.php?pid=50496#p50496 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50489#p50489 devur wrote:

unsure whether I want that type of files on my system.

Like all browsers, Firefox is not 100% secure. Vulnerabilities are found and exploited. Clamav is also for Windows so it finds PUAs. PAUs require an NTFS/NTFS+ filesystem as well as the Win OS to run. They cannot run on Linux filesystems or work with a Linux OS. They're useless and take up HD space.

Suggestion: In Firefox > Settings > Privacy and Security > History, is 'Clear history when Firefox closes' checked? In History > Settings, are all of them checked? If the PUAs still get through, find where they're stored and write a script you can click on on the desktop to delete them.

Another way is an icon on the desktop to start Firefox, with a <script> to delete the PUAs executed when Firefox processes end. 

#!/bin/bash
firefox && <script>
]]> Wed, 12 Jun 2024 21:28:42 +0000 http://dev1galaxy.org/viewtopic.php?pid=50489#p50489 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50488#p50488 and for fanderal there is something in what you point to, I am however unsure whether I want that type of files on my system.

]]> Wed, 12 Jun 2024 17:15:10 +0000 http://dev1galaxy.org/viewtopic.php?pid=50488#p50488 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50487#p50487 I have added extension to Firefox, and added tmpfs to /etc/fstmp and it has gone well.  but there is no longer any archive 'r6a038wc.default-esr/cache2/' it does not exist.

]]> Wed, 12 Jun 2024 17:10:21 +0000 http://dev1galaxy.org/viewtopic.php?pid=50487#p50487 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50486#p50486 A quick search for PUA.Win.Trojan.Xored-1 in quotes finds this, posted years ago: https://askubuntu.com/questions/1006237 … ns#1006252

UA.Win.Exploit.CVE_2012_1461-1

* PUA means "potential unwanted application".  PUA are not virusses, those are claims by clamav that there is an application they consider "unwanted" because that file or extension have been proven to be abused in Windows
* Win as 2nd part means it is a Windows related notice.
* clamav has an option to not scan for PUA's.
(snipped for length)

Clamav identifies them as Win exploits and trojans. As @chris2be8 noted, it means they need a Win filesystem to run, and are incompatible with any Linux filesystem.

@aluma's suggestion is one way to deal with it. Another is a small script to delete stored data inside the directories in ~/.cache/mozilla/firefox/xxxxxx.default-esr/ or wherever they're stored.

]]> Wed, 12 Jun 2024 16:58:00 +0000 http://dev1galaxy.org/viewtopic.php?pid=50486#p50486 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50484#p50484 From the description those look like malware aimed at Windows systems that your browser cached. So probably not a threat to a Linux system.

Put CVE_2012_1461 into your favourite search engine for more details. Or the full name of the vulnerabilities.

You could also look at what's in /home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/ (how big are the files, what does file say they are, etc).

]]> Wed, 12 Jun 2024 16:06:40 +0000 http://dev1galaxy.org/viewtopic.php?pid=50484#p50484 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50477#p50477 If there is enough RAM (4 GB or more), the browser cache can be located in it.
Add a line to /etc/fstab like this

tmpfs     /home/usre2/.cache/mozilla/firefox  tmpfs  nosuid,nodev,noatime,user,uid=1000  0  0

"uid=1000" - specify your user specifically.

]]> Wed, 12 Jun 2024 10:38:59 +0000 http://dev1galaxy.org/viewtopic.php?pid=50477#p50477 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50476#p50476 Yes you can see the virus List.
And the only action on these pc w3

ClamTk, v6.07
Tue Jun 11 17:04:30 2024
ClamAV Signatures: 8710280
Directories Scanned:

Found 0 possible threats (4 files scanned).

No threats found.
---------------------------------------------

ClamTk, v6.07
Tue Jun 11 17:20:05 2024
ClamAV Signatures: 8710280
Directories Scanned:
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries

Found 25 possible threats (58531 files scanned).

/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/1231DD2EA9FCAEAD544000B2C42978033720B3F3      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/BDCC87EE344E20D465A1A939BB259ED33DCB37FA      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/B925469B00E39A393DA96976DC2BCCC47341C595      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/BA08D5E9D857B7AC9C99FEB3B2B4BFD983CFC754      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/DF42EAB2E87062092AAD4C969EAEEA511E0CA610      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/3EDB8FF08D388E71BABA2694A8FE95E537EFFEF9      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/B67A87B9957498FF0DECE6550E9852A338E2D96D      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/A0DF9F80C099D12857FBB5F80A97BEBB97EFEDA1      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/28200FEE743D8A88FC050ACB35C95AA9B000037C      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/A922BEDD3229F0BFF5652A7FF975D68EE52D133E      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/1C4038F316498439FBB4808F7D7CD82EE32B68FD      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/3EEE453E76E2CE763DFB313F5CE2D067E036B95E      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/C825FDD50D1349BBAE185BA58FB6639213962633      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/D86D41F5976E38E5DED9FEF99AE4B7D7A29B78EB      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/D6FAE84D27C79C66291F17E9FF4F20E228950157      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/E89BF141CDE9063624EE6D5BE6F90AE378303E28      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/C6437DF9DCFAE9833749D321E621EC079A11DA1D      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/00A2EEB79D840DEA619FFAB8AEE00AE4DFA782C9      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/F6B8F755EFE9F6903824ED6888C029BB8C0B0876      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/8FF38A09CDDB798688671E5C8A473A201D78F066      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/963B4624DDF84378163EB0FFFA408FE6F5FECEA7      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/F769C5DCDD6D0ED9009B2DB63111C83E4F67E8B8      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/5E7F2843EBB750CDA86FC638453B893B24DDBBB5      PUA.Win.Trojan.Xored-1              
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/48ADD0A5F5D9453FC7537A6956C9F57DC9604F25      PUA.Win.Exploit.CVE_2012_1461-1     
/home/usre2/.cache/mozilla/firefox/r6a038wc.default-esr/cache2/entries/80E3C62564962F770C8A3CE1B855CEE812903949      PUA.Win.Exploit.CVE_2012_1461-1     
--------------------------------------------------------------------------------------------------------------------------------------------------------------
]]> Wed, 12 Jun 2024 10:27:16 +0000 http://dev1galaxy.org/viewtopic.php?pid=50476#p50476 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50474#p50474 Are you sure they are viruses? What were the names of the viruses and can you share what web sites you think might have given you viruses or are these websites NSFW?

In any case, as a matter of privacy and security i use the arkenfox user.js and fiddle with a user-overrides.js config.

https://github.com/arkenfox/user.js/

as stargate mentions, use ublock-origin and tick as many filter lists boxes that apply and also use filter lists from filterlists.com.

The filter lists from anti-corp (no-google in filterlists.com) are great if you want to try to completely block google, just saying.

https://github.com/nickspaargaren/no-google

]]> Wed, 12 Jun 2024 09:16:00 +0000 http://dev1galaxy.org/viewtopic.php?pid=50474#p50474 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50473#p50473 check these out for web browsers:
https everywhere
minerblock
noscript
privacybadger
snowflake
ublockorigin
uboscope
umatrix
--

check these out for hosts file blocking:

blocklists sources:
ttps://someonewhocares.org
ttps://www.spamhaus.org
ttps://filterlists.com
ttps://github.com/hagezi/dns-blocklists
ttps://github.com/badmojr/1Hosts

also one website/list not being frequently updated(last 20210306):
ttps://winhelp2002.mvps.org/hosts.txt
(still good for reference)

]]> Wed, 12 Jun 2024 07:29:47 +0000 http://dev1galaxy.org/viewtopic.php?pid=50473#p50473 <![CDATA[Re: the right procedure ?]]> http://dev1galaxy.org/viewtopic.php?pid=50466#p50466 Not allowing java script by default can help.
I usually have the extensions "ublock origin" and "umatrix" running with firefox.

]]> Tue, 11 Jun 2024 18:24:57 +0000 http://dev1galaxy.org/viewtopic.php?pid=50466#p50466