You are not logged in.
- Topics: Active | Unanswered
#1026 Re: Hardware & System Configuration » [SOLVED] Devuan Beowulf: can't get rid of AppArmor » 2021-12-27 17:49:19
Hello:
... faint memory of having come across this before ...
Found it.
It was me bitching about AppArmor earlier this year:
https://dev1galaxy.org/viewtopic.php?id=4329
Now I have to re-check and see if it is really true that security=none disables both tomoyo and AppArmor, making apparmor=0 unneccesary.
Best,
A.
#1027 Re: Hardware & System Configuration » [SOLVED] Devuan Beowulf: can't get rid of AppArmor » 2021-12-27 17:32:27
Hello:
Thanks for the link, I'll have a look later on.
EDIT: the AppArmor lines in dmesg are from the kernel module.
My main system is this one and as you can see it is Devuan Beowulf with a backported kernel:
groucho@devuan:~$ uname -a
Linux devuan 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux
groucho@devuan:~$ AppArmor is not installed but like in the OP, libapparmor1 is there:
groucho@devuan:~$ apt list | grep installed | grep -i apparmor
--- snip ---
libapparmor1/oldstable,now 2.13.2-10 amd64 [installed]
groucho@devuan:~$ But with this kernel it does not make itself known via dmesg like with the Beowulf kernel.
groucho@devuan:~$ sudo dmesg | grep -i apparmor
groucho@devuan:~$ Makes me wonder why ...
Thanks for your input.
Best,
A.
#1028 Hardware & System Configuration » [SOLVED] Devuan Beowulf: can't get rid of AppArmor » 2021-12-27 15:43:48
- Altoid
- Replies: 12
Hello:
I am in the process of building a (light as possible) Beowulf installation on a separate disk in my box.
root@devuan3:~# uname -a
Linux devuan3 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
root@devuan3:~# One of the things I do not want running is AppArmor.
I added the bit security=none to the kernel command line and purged it but I still get this in dmesg:
root@devuan3:~# dmesg | grep -i apparmor
[ 0.328030] AppArmor: AppArmor initialized
[ 0.569017] AppArmor: AppArmor Filesystem Enabled
[ 1.257404] AppArmor: AppArmor sha1 policy hashing enabled
root@devuan3:~#So I looked to see what was going on:
root@devuan3:~# apt list | grep -i installed | grep -i apparmor
--- snip ---
libapparmor1/oldstable,now 2.13.2-10 amd64 [installed,automatic]
root@devuan3:~# AppArmor is not installed but it left behind its crap, which seems difficult to get rid of:
root@devuan3:~# apt purge libapparmor1
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
dconf-service : Depends: default-dbus-session-bus but it is not installable or
dbus-session-bus
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
root@devuan3:~#So what is causing this?
root@devuan3:~# aptitude why libapparmor1
i dbus Depends libapparmor1 (>= 2.8.94)
root@devuan3:~# dbus is installed and up to date:
root@devuan3:~# apt install dbus
Reading package lists... Done
Building dependency tree
Reading state information... Done
dbus is already the newest version (1.12.20-0+deb10u1+devuan1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@devuan3:~# And dbus-session-bus can't be installed:
root@devuan3:~# apt install dbus-session-bus
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'dbus-x11' instead of 'dbus-session-bus'
dbus-x11 is already the newest version (1.12.20-0+deb10u1+devuan1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@devuan3:~# I have a faint memory of having come across this before but I cannot find it in the forum.
Any ideas?
Thanks in advance,
A.
#1029 Re: Off-topic » Colour of the future? » 2021-12-22 20:33:56
Hello:
Interesting that you would say that . . .
I think we could consider (in some way) honouring the name.
I could not find a colour associated to Daedalus (the architect, father to Icarus), but there is a butterfly (found all over Africa), called Hamanumida daedalus [genus - species], which has a lovely green colour in its wings:
https://www.learnaboutbutterflies.com/H … 0-001a.jpg
https://www.ecoregistros.org/site/imagen.php?id=125883
That would be HEX: #806a55, RGB: rgba(128,106,85,255) or something close to that.
https://www.ecoregistros.org/site/imagen.php?id=125883
Best,
A.
#1030 Re: Installation » [SOLVED] laptop fan running too much: cyber currency miner? Clam inop? » 2021-12-21 18:01:42
Hello:
... the final report.
--- snip ---
... a hardware problem all along.
Hmmm ....
... meaningless marketing term with no legal basis. s/refurbished/cleaned/g.
It was a hardware problem all along due to ridiculously poor/negligent workmanship. <--- reads accurately now
Been there and done that.
Quite a few times actually.
Assuming that because it was a [Sun/HP/IBM/Dell/Sony/whatever] unit, it could not be what I suspected from the start.
25+ years later, I know better.
Glad you got it worked out. 8^D
Best,
A.
#1031 Re: Hardware & System Configuration » [SOLVED] jED, line numbers and user » 2021-12-20 16:49:06
Hello:
/etc/jed.d/*.sl
The system wide configuration files (this is a special Debian feature).
Yes, that did it.
Thank you very much. 8^)
Edit:
Only problem is that if you configure for line numbers, scraping the content (copy to paste) will do so with both the content and the line numbers.
I think (?) most editors behave in the same manner.
Best,
A.
#1032 Hardware & System Configuration » [SOLVED] jED, line numbers and user » 2021-12-20 14:02:41
- Altoid
- Replies: 2
Hello:
Although I have yet to master it, jED is my favourite editor.
Must be my many years under the shadow of MS editors. 8^/
One issue I solved long ago was the line numbering which (for some strange reason) is not set up by default.
Or an option to be quickly configured in a drop down menu.
You just generate a .jedrc file in your /home/user folder with this content:
LINENUMBERS = 2;
public define global_mode_hook (hook_name)
{
set_line_number_mode (1);
}See: https://travelingfrontiers.wordpress.co … ed-editor/
The problem with this is that it is set up on a user basis and I'd like for this to be the default system-wide setting.
This came up while needing jED with line numbers while working on a VM without sudo.
I had to su or su - and line numbers were not available.
Any idea on how to get that done?
Thanks in advance,
A.
#1033 Re: Hardware & System Configuration » [SOLVED] WiCD and Chimaera » 2021-12-17 22:51:38
Hello:
... might look in chimaera-proposed-updates.
https://git.devuan.org/devuan/wicd/src/ … ed-updates
Yes, it seems to be the same one I cited in my post.
ie: Version 1.7.4+tb2-6+devuan2
But the questions you originally posed remain:
1. Is anyone actually using it?
2. What issues if any?
3. Is it secure?
Thanks for your input.
Best,
A.
#1034 Hardware & System Configuration » [SOLVED] WiCD and Chimaera » 2021-12-17 14:20:28
- Altoid
- Replies: 3
Hello:
The time to move to Devuan Chimaera is slowly getting nearer.
Whatever happened to ...
... the possibility of running wicd in Chimaera. Does it work for you? What issues if any? Is it secure? Report your experiences here.
If I can avoid it, I'd really want to continue using both WiCD and SLiM.
I see the SLiM 1.3.6-5.2+devuan1 package is in the /merged chimaera/main amd64
I run a netbook which is i386 (Asus 1000HE), is SLiM available for devuan_chimaera_4.0.0_i386?
I also see the WiCD 1.7.4+tb2-6+devuan2 package is in /merged chimaera-proposed-updates/main amd64
Anyone using it reliably?
Thanks in advance.
A.
#1035 Desktop and Multimedia » xorg-server 21.2.0 - Security and DPI fixes » 2021-12-15 15:33:38
- Altoid
- Replies: 0
Hello:
This came into my mailbox a while ago:
---
[ANNOUNCE] xorg-server 21.1.2
This release fixes 4 recently reported security vulnerabilities and several regressions.
In particular, the real physical dimensions are no longer reported by the X server anymore as it was deemed to be a too disruptive
change. X server will continue to report DPI as 96*.
* seems they heard HoaS. 8^ )
--- snip ---
xorg-server-21.1.2.tar.gz
https://xorg.freedesktop.org/archive/in … 1.2.tar.gz
PGP: https://xorg.freedesktop.org/archive/in … tar.gz.sig
---
Cheers,
O.
#1036 Re: Installation » [SOLVED] laptop fan running too much: cyber currency miner? Clam inop? » 2021-12-15 01:23:10
Hello:
Recently the fan started going on ...
... something it never did before ...
Have you checked with top or htop to see what may be running the CPU hot?
Also, if you suspect something foul, try running lynis, chkrootkit and rkhunter to see what/if they come up with.
I believe they are all in the repository.
Best,
A.
#1037 Re: Desktop and Multimedia » X.Org Security Advisory » 2021-12-14 16:57:46
Hello:
Thanks for the heads-up ...
You're welcome.
Altoid wrote:on systems where the X server is running privileged
... does not apply to any Devuan beowulf (or later) systems that use startx ...
I'm still using SLiM which I'm happy to see made it into /merged chimaera/main amd64.
... posted from Wayland
Whatever rocks your boat desktop. =^)
Best,
A.
#1038 Desktop and Multimedia » X.Org Security Advisory » 2021-12-14 14:33:16
- Altoid
- Replies: 2
Hello:
Just got this in my mailbox, good to see things are working as they should:
---
X.Org Security Advisory: December 14, 2021
Multiple input validation failures in X server extensions
=========================================================
All of the following issues can lead to local privileges elevation on
systems where the X server is running privileged and remote code
execution for ssh X forwarding sessions.
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier
out-of-bounds access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
Patches
-------
Patches for this issues have been commited to the xorg server git
repository (https://gitlab.freedesktop.org/xorg/xserver). xorg-server
21.1.2 will be released shortly and will include these patches.
commit ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
render: Fix out of bounds access in SProcRenderCompositeGlyphs()
ZDI-CAN-14192, CVE-2021-4008
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
commit b5196750099ae6ae582e1f46bd0a6dad29550e02
xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
ZDI-CAN-14950, CVE-2021-4009
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
commit 6c4c53010772e3cb4cb8acd54950c8eec9c00d21
Xext: Fix out of bounds access in SProcScreenSaverSuspend()
ZDI-CAN-14951, CVE-2021-4010
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
commit e56f61c79fc3cee26d83cda0f84ae56d5979f768
record: Fix out of bounds access in SwapCreateRegister()
ZDI-CAN-14952, CVE-2021-4011
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Thanks
======
This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
--
Povilas Kanapickas
---
Best,
A.
#1039 Hardware & System Configuration » Interesting article - Ventoy » 2021-12-11 01:21:16
- Altoid
- Replies: 11
Hello:
Anyone seen this?
https://www.theregister.com/2021/12/10/ … foss_fest/
https://www.ventoy.net/en/index.html
Best,
A.
#1040 Re: Hardware & System Configuration » [SOLVED] ifup interface eth0: time delay too long without carrier » 2021-12-10 15:35:48
Hello:
... my other laptop, without a carrier in the eth0, it has a very long timeout ...
Answer is probably here, check out this thread and specifically post by Ralph.R: https://dev1galaxy.org/viewtopic.php?pid=6783#p6783
Best,
A.
#1041 Hardware & System Configuration » Devuan, ssh and a Palm T|X » 2021-12-06 22:15:20
- Altoid
- Replies: 0
Hello:
After seeing Élisabeth's plight to recover from a damaged laptop keyboard problem, I started thinking about the different ways you could get out of a problem like that one.
I long ago made it a point of always having at least one spare kb at hand and in case that fails, BIOS enabled RS232 and on-board USB ports.
But as Murphy is always lurking, I set out to see if eg: I could make do with my Palm T|X on the ADSL router via WiFi.
I would have preferred to use a cable to RJ45 port solution but I don't know of any PalmOS TCP/IP applications or adaptors and the Palm T|X only has a USB port.
Easier said that done.
I was quite surprised to see that ssh applications for PalmOS5 are practically non-existent: I only found three and one of them (Top Gun ssh) was just for older models like the Palm Pilot Professional.
The other two are TUssh and pssh, I finally settled on this last one.
Tl;dr:
After many hours of fiddling/browsing and some great help from a chap at comp.security.ssh, I managed to ssh into the Devuan ascii VBox VM I have running PiHole for my Devuan Beowulf installation.
If anyone is interested, you can see most if not all the gory details here: https://groups.google.com/g/comp.securi … u0VvfEQudc
Of course, I am quite aware that ssh'ing into a system using deprecated protocols obviously implies security issues, but in this specific case I think I have attenuated them with three four things:
1. Access to the ADSL router via WiFi is MAC filtered. ie: it will only allow *this* specific Palm T|X handheld to log in.
2. A (relatively) complex WPA/WPA2 PSK Mixed PW such as this one is used: 4N@8974+6231, obviously with room to improve.
Unfortunately, the good people at Palm saw it fit to make the last Personal security upgrade only to WEP/WPA-PSK with a pre-shared key which made it useless outside the realm of home routers.
Enterprise security got EAP-TLS, EAP-TTLS, PAP, CHAP, MSCHAP, MSCHAPv2, EAP-GTC (password), EAP-MD5-Challenge, EAP-MSCHAPv2, EAP-PEAP (v0 and v1), MSCHAPv2, GTC (password), MD5-Challenge, LEAP and Dynamic WEP (WEP encryption with 802.1x based authentication).
3. For the time being, WiFi is enabled on a per-case basis till I can think up a more complex PW.
4. The destination machine's default port for ssh has been changed from 22 to one above 1024 / below 5000.
Best,
A.
#1042 Re: Hardware & System Configuration » OpenSSH questions » 2021-12-02 20:25:34
Hello:
OpenSSH is a project from the OpenBSD folks ...
I'll have a look.
Don't have much idea wrt SSH.
All I know is how to log-in to the machines connected to my router.
No need for much else.
Thanks for your input.
Best,
A.
#1043 Hardware & System Configuration » OpenSSH questions » 2021-12-02 18:08:44
- Altoid
- Replies: 2
Hello:
I'm trying to solve an SSH problem but I don't know if Dev1 is the place for that.
The problem is related to a Palm OS5.4.1 application (Tungsten T|X) that can only deal with DES-EDE3-CBC ciphers.
This means that I need to generate a key that this application con handle.
There's really no security problem involved as the link is via WiFi through an ADSL router with a WPA/WPA2 PSK mixed password and a MAC filter.
Plus WiFi is only enabled on a per-case basis.
I cannot find a SSH user's mail list.
Any ideas?
Thanks in advance,
A.
#1044 Re: Other Issues » [SOLVED] Need to reset root password » 2021-12-01 10:58:54
Hello:
... no Apple or Windows in this house.
8^)
... got into single user mode.
Glad you are making progress.
Best,
A.
#1045 Re: Other Issues » [SOLVED] Need to reset root password » 2021-11-30 21:25:31
Hello:
... on my mobile phone.
I see.
Don't have one of those so it did not ocurr to me.
I use an old Blackberry 9320. 8^ )
And it's a pain in the back.
Yes.
I can relate to that.
Is it an android device?
Best,
A.
#1046 Re: Other Issues » [SOLVED] Need to reset root password » 2021-11-30 21:00:52
Hello:
How about ssh from another machine?
That's my only machine.
I'm sorry, maybe I've missed something.
Couldn't you try to ssh from the machine you are writing from now?
I am obviously assuming that it is not your laptop and that whatever machine you are using to post has an available ethernet port you can access.
Best,
A.
#1047 Re: Hardware & System Configuration » [SOLVED] Problem with shutdown script » 2021-11-29 20:58:01
Hello:
Yes!!!
It lives! 8^D
.. look at the logs and see if anything is amiss ...
No problems detected in the guest machine logs, Pihole or Unbound.
For completeness' sake:
I run an autostarted VBbox Devuan Beowulf guest running Pihole/Unbound.
Although it starts up properly, for some reason it does not shutdown gracefully.
The result is that I get error messages when I shut down the host:
groucho@devuan:/var/log$ cat messages | grep -i error
--- snip ---
Nov 19 22:38:23 localhost kernel: [21254.843754] traps: VBoxSVC[2451] trap int3 ip:7fa545efcddc sp:7ffe92195e50 error:0 in VBoxXPCOMIPCC.so[7fa545ef8000+f000]
--- snip ---
groucho@devuan:/var/log$See https://dev1galaxy.org/viewtopic.php?id=4684
Fixing this script (VBox) issue made everything right.
Now the host shuts down after the guest shuts down properly, it's health is preserved and there are no more localhost kernel errors.
Thanks to all that pitched in. 8^)
Best,
A.
#1048 Re: Hardware & System Configuration » [SOLVED] Problem with shutdown script » 2021-11-29 20:15:45
Hello:
... won't comment on VirtualBox ...
=^ )
... an entire terminal emulator to run a script ...
The only way I found to run this set of commands and see the printout roll out 'live' without much hassle.
Maybe could have sent the output to a file.
Perhaps just run a shell instead ....
Yes!!!
It lives! 8^D
sh -c 'vboxmanage controlvm "madmax ascii" poweroff && wait && sudo /usr/bin/shutdown.sh' as the command in the launcher works great.
Quite fast, maybe because the terminal is not involved now (?).
I have to look at the logs and see if anything is amiss VBox wise, but at first sight it seems to work as intended.
... recommend using /etc/rc6.d/ to execute scripts on shutdown.
I'll have a look at that further on.
Thank you very much for your input.
Much appreciated.
Best,
A.
#1049 Re: Hardware & System Configuration » [SOLVED] Problem with shutdown script » 2021-11-29 15:46:36
Hello:
... working directly and not in a script, my first guess would be path ...
I thought of that at first so I checked the script and the launcher command line.
On one hand both xfce4-terminal and vboxmanage are located in /usr/bin/.
Also, as the vm does get shut down, I concluded that it was not related.
Nevertheelss, I just checked to see:
xfce4-terminal -x /usr/bin/vboxmanage controlvm "madmax ascii" poweroff && wait && sudo /usr/bin/shutdown.sh
... does not work either.
Thanks for your input.
Best,
A.
#1050 Re: Hardware & System Configuration » [SOLVED] Problem with shutdown script » 2021-11-29 15:00:52
Hello:
... try it out and report ...
No, no change in how running the command from the launcher behaves.
But thanks a lot for the heads up on wait. 8^D
Using it instead of sleep, which has to be used with an arbitrary time lapse (which may or may not be always right) makes for a faster resolution of the command.
Thanks for your input.
Best,
A.
Board footer
