Menu
▾
▴
devil-linux-discuss — General Mailing List for all discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(59) |
Sep
(57) |
Oct
(5) |
Nov
(45) |
Dec
(21) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(13) |
Feb
(22) |
Mar
(14) |
Apr
(7) |
May
(33) |
Jun
(57) |
Jul
(25) |
Aug
(40) |
Sep
(53) |
Oct
(58) |
Nov
(75) |
Dec
(22) |
| 2003 |
Jan
(101) |
Feb
(101) |
Mar
(103) |
Apr
(125) |
May
(85) |
Jun
(57) |
Jul
(62) |
Aug
(42) |
Sep
(76) |
Oct
(214) |
Nov
(290) |
Dec
(274) |
| 2004 |
Jan
(187) |
Feb
(172) |
Mar
(313) |
Apr
(209) |
May
(169) |
Jun
(147) |
Jul
(118) |
Aug
(193) |
Sep
(227) |
Oct
(125) |
Nov
(246) |
Dec
(191) |
| 2005 |
Jan
(244) |
Feb
(175) |
Mar
(165) |
Apr
(130) |
May
(217) |
Jun
(122) |
Jul
(188) |
Aug
(235) |
Sep
(165) |
Oct
(133) |
Nov
(209) |
Dec
(88) |
| 2006 |
Jan
(66) |
Feb
(89) |
Mar
(108) |
Apr
(91) |
May
(29) |
Jun
(45) |
Jul
(64) |
Aug
(42) |
Sep
(44) |
Oct
(81) |
Nov
(64) |
Dec
(9) |
| 2007 |
Jan
(24) |
Feb
(122) |
Mar
(55) |
Apr
(50) |
May
(84) |
Jun
(13) |
Jul
(80) |
Aug
(70) |
Sep
(78) |
Oct
(45) |
Nov
(56) |
Dec
(42) |
| 2008 |
Jan
(65) |
Feb
(3) |
Mar
(51) |
Apr
(151) |
May
(54) |
Jun
(72) |
Jul
(73) |
Aug
(47) |
Sep
(55) |
Oct
(123) |
Nov
(16) |
Dec
(4) |
| 2009 |
Jan
(23) |
Feb
(39) |
Mar
(27) |
Apr
(36) |
May
(35) |
Jun
(51) |
Jul
(11) |
Aug
(14) |
Sep
(40) |
Oct
(67) |
Nov
(38) |
Dec
(13) |
| 2010 |
Jan
(15) |
Feb
(35) |
Mar
(40) |
Apr
(11) |
May
(26) |
Jun
(10) |
Jul
(5) |
Aug
(50) |
Sep
(86) |
Oct
(67) |
Nov
(36) |
Dec
(11) |
| 2011 |
Jan
(50) |
Feb
(6) |
Mar
(13) |
Apr
(13) |
May
(29) |
Jun
(27) |
Jul
(26) |
Aug
(27) |
Sep
(21) |
Oct
(7) |
Nov
(27) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(20) |
Mar
(48) |
Apr
(18) |
May
(8) |
Jun
(19) |
Jul
|
Aug
(15) |
Sep
(3) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2013 |
Jan
(13) |
Feb
(7) |
Mar
(4) |
Apr
(25) |
May
(2) |
Jun
(8) |
Jul
(4) |
Aug
(8) |
Sep
(7) |
Oct
|
Nov
(5) |
Dec
(10) |
| 2014 |
Jan
|
Feb
|
Mar
(6) |
Apr
(20) |
May
(5) |
Jun
|
Jul
(2) |
Aug
|
Sep
(8) |
Oct
(21) |
Nov
(4) |
Dec
(7) |
| 2015 |
Jan
(10) |
Feb
(9) |
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(11) |
Oct
|
Nov
(17) |
Dec
(32) |
| 2016 |
Jan
(10) |
Feb
(15) |
Mar
(4) |
Apr
(7) |
May
(10) |
Jun
(11) |
Jul
(15) |
Aug
(26) |
Sep
(13) |
Oct
(10) |
Nov
(16) |
Dec
(6) |
| 2017 |
Jan
(9) |
Feb
(3) |
Mar
|
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
(3) |
Sep
(3) |
Oct
(6) |
Nov
(8) |
Dec
|
| 2018 |
Jan
(12) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Andrzej O. <an...@ma...> - 2012-03-28 12:54:27
|
Heiko Zuerker wrote: > the new udev doesn't use the module-init-tools anymore. > They have switch to kmod, which is a library. > > Maybe the kmod sources have some information. Heiko, I apologize for the delay - I was sick. Thanks for suggestions. Indeed, I read that from the version 171 of udev does not use the m-i-t but kmod library directly. But the preliminary analysis of the sources shows that blacklist is treated differently in m-i-t and in kmod, and that it is rather a political decision. It seems that for kmod dependencies are stronger than the blacklist. So the whole philosophy of loading dahdi drivers modules for Asterisk telephony cards out the window. Since each telephony card typically provides a number of channels and these are numbered, it is not irrelevant, in what order we load the cards drivers. Therefore, the Asterisk developers recommend that all drivers should be on the modprobe blacklist and then loaded on demand by init.d script in the desired order. This worked with old udev and m-i-t correctly. Meanwhile, the presence of telephony card is treated as a dependency and udev/kmod loads drivers regardless of their presence on a blacklist in /etc/modprobe.d/modprobe.conf. Loads them automatcally in the order of cards on the bus and not in the order desired because of the numbers of telephone channels. The behavior of udev/kmod is relatively young and not present in many distribution. This is strange kmod blacklist policy, where the blacklist is not a blacklist, but the discussion shows that the kmod authors rather insist on his own. Of course we can patch the kmod, but it has a little sense because it is the political behavior so patch would be branch from main line of development. We need wait for further decisions: whether Digium becomes independent on the order of loading drivers or kmod team will change the blacklisting policy. So now is the easiest way to get around the problem by modifying the script /etc/init.d/dahdi to mandatory unload all telephony cards drivers before loading they in desired order. And drivers would be loaded, unloaded and loaded again. Best Regards -- Andrzej Odyniec |
|
From: Serge L. <ser...@gm...> - 2012-03-23 15:59:12
|
On 03/23/2012 07:37 AM, Zenny wrote: > >> We also >> heavily depends on the contributions from our users. If you want to >> know any more details on DL specific features, you'll have to do the >> leg-work yourself and google around. > > Nope, the burden of proof lies to the developers. ... I'd say that DL's targeted audience is professional admins, which know what they want and why. DL has several major features - stability, security enhancements and distribution specific like "run-from-ram", configuration is separated from the system image, simplicity of customization of course (I use DL as a Cisco ASA replacement actually, much more flexible and powerful replacement). Nobody knows what exactly do you need, besides you of course. DL may be suitable for your needs, may be not. Do not rely on our proofs, get your own. It's a tool which can help in your job, may harm > >> There's nothing magic we're doing >> in DL. Everything we do and use is publicly available. >> IF you decide to do all this research into all the various security >> details, how about putting everything into a nice presentation so that >> we can put it on our website? > > I already stopped exploring because it was like groping in the dark. > Best of luck to your project, but I bid adieu to DL as well as this > mailing list! If you cannot independently "dissect" a linux distribution, most probably DL is not for you. LFS-based distributions are not oriented for newbies, unfortunately. Your right to choose what to use and what not to use. Good luck, Serge |
|
From: Zenny <gar...@gm...> - 2012-03-23 14:37:44
|
On 3/23/12, Heiko Zuerker <he...@zu...> wrote: > Zenny, > > Quoting Zenny <gar...@gm...>: >> On 3/22/12, Bruce Smith <bw...@re...> wrote: >>>>> It is also created to run off a read-only media (i.e. CDROM or ISO >>>>> image) so the base install cannot be modified or hacked. >>>>> >>>>> And the main reason I use Devil-Linux is the ease of upgrading it to a >>>>> newer version, and the ease of backing it up, since only a small tar >>>>> file containing all of your customizations needs to be backed up >>>>> (unless you're using a live hard drive server data). >>>> >>>> Yes, but that can easily be done with the debian-based voyage linux >>>> also, a portable stuff with much more packages to install and >>>> userbase. >>> >>> Besides iptables, my firewall is running dhcpd with ddns updating BIND >>> for my internal network, radvd for ipv6, ntpd for my internal network, >>> and a dynamic dns service updater. Nothing very fancy, but I can back >>> it up completely in a single tar file that is less than 125KB. If I >>> want an off-site backup, I can encrypt it and email offsite as an >>> attachment. >>> >>> And for an upgrades, all I have to do is download and burn a new ISO >>> image. And if for some reason there is a problem with the update, I >>> can go back to my old ISO. Much easier than a regular disk-installed >>> Linux distro. >>> >>>> Just wondering what makes DL so special and secure compared to others? >>>> >>>> I could not find the kind of the security measures that DL took or the >>>> concept (like http://www.openwall.com/Owl/CONCEPTS.shtml). Any >>>> pointers to such docuemnts? >>> >>> Most of the security measures are listed here: >>> http://www.devil-linux.org/product/features.php >>> >> >> They are good features, yet ... >> >>> Let me know if that's not what you're looking for. >> >> I am looking for something like >> http://www.openwall.com/presentations/Owl/ which explains in detail >> the measures taken in order to secure system architecture (not only to >> patch with grsec, however you confirmed that non-server flavor has no >> patch either), and the packages that GCC stack overflow was not >> addressed. > > I understand that you want to know all these details, but... > We develop DL in our spare time (and you don't pay a cent for it) and > the same goes for any documentation which is available. I am yet to use it either. So I have no obligation to pay. You don't go to a shopping spree and start paying before you liked something. And that is more true in the FLOSS movement. Your remark that 'you don't pay a cent of it' sucks in the FLOSS world and gives an impression of what you are made of! > We also > heavily depends on the contributions from our users. If you want to > know any more details on DL specific features, you'll have to do the > leg-work yourself and google around. Nope, the burden of proof lies to the developers. > There's nothing magic we're doing > in DL. Everything we do and use is publicly available. > IF you decide to do all this research into all the various security > details, how about putting everything into a nice presentation so that > we can put it on our website? I already stopped exploring because it was like groping in the dark. Best of luck to your project, but I bid adieu to DL as well as this mailing list! > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Heiko Z. <he...@zu...> - 2012-03-23 12:47:29
|
Quoting Zenny <gar...@gm...>: > I am a bit confused about DL's jail service? Is it similar to FreeBSD > jail or something else? I'm not familiar with the BSD jail. We simply use a standard linux chroot jail (which is further secured by the grsecurity features). All DL does is provide a wrapper scripts for creating the jails. There's lots of documentation out on the web about Linux chroot jails. -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-23 12:45:37
|
Zenny, Quoting Zenny <gar...@gm...>: > On 3/22/12, Bruce Smith <bw...@re...> wrote: >>>> It is also created to run off a read-only media (i.e. CDROM or ISO >>>> image) so the base install cannot be modified or hacked. >>>> >>>> And the main reason I use Devil-Linux is the ease of upgrading it to a >>>> newer version, and the ease of backing it up, since only a small tar >>>> file containing all of your customizations needs to be backed up >>>> (unless you're using a live hard drive server data). >>> >>> Yes, but that can easily be done with the debian-based voyage linux >>> also, a portable stuff with much more packages to install and >>> userbase. >> >> Besides iptables, my firewall is running dhcpd with ddns updating BIND >> for my internal network, radvd for ipv6, ntpd for my internal network, >> and a dynamic dns service updater. Nothing very fancy, but I can back >> it up completely in a single tar file that is less than 125KB. If I >> want an off-site backup, I can encrypt it and email offsite as an >> attachment. >> >> And for an upgrades, all I have to do is download and burn a new ISO >> image. And if for some reason there is a problem with the update, I >> can go back to my old ISO. Much easier than a regular disk-installed >> Linux distro. >> >>> Just wondering what makes DL so special and secure compared to others? >>> >>> I could not find the kind of the security measures that DL took or the >>> concept (like http://www.openwall.com/Owl/CONCEPTS.shtml). Any >>> pointers to such docuemnts? >> >> Most of the security measures are listed here: >> http://www.devil-linux.org/product/features.php >> > > They are good features, yet ... > >> Let me know if that's not what you're looking for. > > I am looking for something like > http://www.openwall.com/presentations/Owl/ which explains in detail > the measures taken in order to secure system architecture (not only to > patch with grsec, however you confirmed that non-server flavor has no > patch either), and the packages that GCC stack overflow was not > addressed. I understand that you want to know all these details, but... We develop DL in our spare time (and you don't pay a cent for it) and the same goes for any documentation which is available. We also heavily depends on the contributions from our users. If you want to know any more details on DL specific features, you'll have to do the leg-work yourself and google around. There's nothing magic we're doing in DL. Everything we do and use is publicly available. IF you decide to do all this research into all the various security details, how about putting everything into a nice presentation so that we can put it on our website? -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Zenny <gar...@gm...> - 2012-03-22 21:29:59
|
On 3/22/12, Bruce Smith <bw...@re...> wrote: >>> It is also created to run off a read-only media (i.e. CDROM or ISO >>> image) so the base install cannot be modified or hacked. >>> >>> And the main reason I use Devil-Linux is the ease of upgrading it to a >>> newer version, and the ease of backing it up, since only a small tar >>> file containing all of your customizations needs to be backed up >>> (unless you're using a live hard drive server data). >> >> Yes, but that can easily be done with the debian-based voyage linux >> also, a portable stuff with much more packages to install and >> userbase. > > Besides iptables, my firewall is running dhcpd with ddns updating BIND > for my internal network, radvd for ipv6, ntpd for my internal network, > and a dynamic dns service updater. Nothing very fancy, but I can back > it up completely in a single tar file that is less than 125KB. If I > want an off-site backup, I can encrypt it and email offsite as an > attachment. > > And for an upgrades, all I have to do is download and burn a new ISO > image. And if for some reason there is a problem with the update, I > can go back to my old ISO. Much easier than a regular disk-installed > Linux distro. > >> Just wondering what makes DL so special and secure compared to others? >> >> I could not find the kind of the security measures that DL took or the >> concept (like http://www.openwall.com/Owl/CONCEPTS.shtml). Any >> pointers to such docuemnts? > > Most of the security measures are listed here: > http://www.devil-linux.org/product/features.php > They are good features, yet ... > Let me know if that's not what you're looking for. I am looking for something like http://www.openwall.com/presentations/Owl/ which explains in detail the measures taken in order to secure system architecture (not only to patch with grsec, however you confirmed that non-server flavor has no patch either), and the packages that GCC stack overflow was not addressed. Thanks! > > - BS > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Bruce S. <bw...@re...> - 2012-03-22 20:14:15
|
>> It is also created to run off a read-only media (i.e. CDROM or ISO >> image) so the base install cannot be modified or hacked. >> >> And the main reason I use Devil-Linux is the ease of upgrading it to a >> newer version, and the ease of backing it up, since only a small tar >> file containing all of your customizations needs to be backed up >> (unless you're using a live hard drive server data). > > Yes, but that can easily be done with the debian-based voyage linux > also, a portable stuff with much more packages to install and > userbase. Besides iptables, my firewall is running dhcpd with ddns updating BIND for my internal network, radvd for ipv6, ntpd for my internal network, and a dynamic dns service updater. Nothing very fancy, but I can back it up completely in a single tar file that is less than 125KB. If I want an off-site backup, I can encrypt it and email offsite as an attachment. And for an upgrades, all I have to do is download and burn a new ISO image. And if for some reason there is a problem with the update, I can go back to my old ISO. Much easier than a regular disk-installed Linux distro. > Just wondering what makes DL so special and secure compared to others? > > I could not find the kind of the security measures that DL took or the > concept (like http://www.openwall.com/Owl/CONCEPTS.shtml). Any > pointers to such docuemnts? Most of the security measures are listed here: http://www.devil-linux.org/product/features.php Let me know if that's not what you're looking for. - BS |
|
From: Boursin O. <oli...@in...> - 2012-03-22 18:26:06
|
I checked the new Devil-Linux 1.6.0-RC3 and there is no more problem with udevd. Many thanks ! O. Boursin -----Message d'origine----- De : Boursin Olivier Envoyé : jeudi 1 mars 2012 17:32 À : 'dev...@li...' Objet : deprecated oom_adj in udevd Importance : Haute Hello, I just migrate from Devil-Linux 1.4.2-i686 to Devil-Linux 1.6.0-RC2-i686 and It seem that there is an error message concerning udevd at the beginning. udevd (925): /proc/925/oom_adj is deprecated, please use /proc/925/oom_score_adj instead. It is not blocking anything for me but I report this as it is still a RC. Does anyone else have this message ? O. Boursin |
|
From: Zenny <gar...@gm...> - 2012-03-22 17:23:22
|
On 3/22/12, Bruce Smith <bw...@re...> wrote: >> > The server version has extra hardening against attacks, such as >> > grsecurity >> > and a few other things. The non-server does not have these extra >> > hardening, it's more of a "standard" Linux distro. > > It was early when I wrote that, and I said it completely backwards. > > The server version does NOT have extra hardening like grsec. > The non-server (firewall) version is harded with grsec & other things. > >> > Basically if you're going to expose Devil-Linux directly to the >> > internet, >> > such as a firewall or a web server or DNS server, you're a little safer >> > running the non-server version. If you're running DL as an internal >> > server >> > behind a firewall (i.e. Samba), not exposed directly to the internet, >> > then >> > the server version might run better for you. That's because >> > grsecurity sometimes mistakes high resource using server processes as >> > some >> > kind of attack and kills them. >> >> But when I checked the non-server version, the kernel also has >> grsecurity patch installed: >> >> #uname -a >> Linux Devil 3.2.11-grsec >> >> Then even the non-server version is also vulnerable to false-positive >> assumption of the gresecurity patch, isn't it? > > Try the server version and it shouldn't have grsec installed. > > Sorry for I misspoke above, and thanks for pointing it out. Never mind! > >> > If you're running server processes on the non-server version that start >> > dying for unknown reasons, switch to the server version and see if that >> > fixes your problems. And it's never a good idea to run internal servers >> > on >> > your internet firewall, hence the two distinct versions of Devil-Linux. >> >> Thanks for the clarification. As for me, I may never prefer to run >> extra services (except those applications needed to make other >> applications behind NAT of the firewall to run (like siproxd). >> >> BTW, how does the failover and loadbalancing be achieved in DL? I did >> see pound, but wouldn't nginx be better instead of pound (I did see >> apache and thttpd under services)? > > I've never run failover and loadbalancing, so I can't answer that. > >> Another question is: by default the firewall service (I gues >> iptables?) is enabled. Is it necessary to enable both firewall and >> shorewall if I try to use shorewall wrapper scripts? > > I've never tried, but you should be able to run any iptables scripts > for your firewall. > > There are a couple sample scripts that get copied over when you select > a firewall (depending 2 or 3 NIC's). The boot process runs > /etc/init.d/firewall.rules which you can replace with any script that > runs iptables. > >> How can I add additional applications and services to the DL box, I >> meant customization? Where can I find documentation for 1.6 version? > > www.devil-linux.org > The last time I looked, the website didn't have 1.6 documentation yet, > and 1.5 docs were broken. But the 1.4 documentation should work; I > don't think much has changed. > >> How exactly DevilLinux excel from something like openwall/zeroshell? > > Devil-LInux is a little different, in that it has a full range of > server software installed and can be used as either a server or > firewall. > > It is also created to run off a read-only media (i.e. CDROM or ISO > image) so the base install cannot be modified or hacked. > > And the main reason I use Devil-Linux is the ease of upgrading it to a > newer version, and the ease of backing it up, since only a small tar > file containing all of your customizations needs to be backed up > (unless you're using a live hard drive server data). Yes, but that can easily be done with the debian-based voyage linux also, a portable stuff with much more packages to install and userbase. Just wondering what makes DL so special and secure compared to others? I could not find the kind of the security measures that DL took or the concept (like http://www.openwall.com/Owl/CONCEPTS.shtml). Any pointers to such docuemnts? > > - BS > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Bruce S. <bw...@re...> - 2012-03-22 16:39:21
|
> > The server version has extra hardening against attacks, such as grsecurity > > and a few other things. The non-server does not have these extra > > hardening, it's more of a "standard" Linux distro. It was early when I wrote that, and I said it completely backwards. The server version does NOT have extra hardening like grsec. The non-server (firewall) version is harded with grsec & other things. > > Basically if you're going to expose Devil-Linux directly to the internet, > > such as a firewall or a web server or DNS server, you're a little safer > > running the non-server version. If you're running DL as an internal server > > behind a firewall (i.e. Samba), not exposed directly to the internet, then > > the server version might run better for you. That's because > > grsecurity sometimes mistakes high resource using server processes as some > > kind of attack and kills them. > > But when I checked the non-server version, the kernel also has > grsecurity patch installed: > > #uname -a > Linux Devil 3.2.11-grsec > > Then even the non-server version is also vulnerable to false-positive > assumption of the gresecurity patch, isn't it? Try the server version and it shouldn't have grsec installed. Sorry for I misspoke above, and thanks for pointing it out. > > If you're running server processes on the non-server version that start > > dying for unknown reasons, switch to the server version and see if that > > fixes your problems. And it's never a good idea to run internal servers on > > your internet firewall, hence the two distinct versions of Devil-Linux. > > Thanks for the clarification. As for me, I may never prefer to run > extra services (except those applications needed to make other > applications behind NAT of the firewall to run (like siproxd). > > BTW, how does the failover and loadbalancing be achieved in DL? I did > see pound, but wouldn't nginx be better instead of pound (I did see > apache and thttpd under services)? I've never run failover and loadbalancing, so I can't answer that. > Another question is: by default the firewall service (I gues > iptables?) is enabled. Is it necessary to enable both firewall and > shorewall if I try to use shorewall wrapper scripts? I've never tried, but you should be able to run any iptables scripts for your firewall. There are a couple sample scripts that get copied over when you select a firewall (depending 2 or 3 NIC's). The boot process runs /etc/init.d/firewall.rules which you can replace with any script that runs iptables. > How can I add additional applications and services to the DL box, I > meant customization? Where can I find documentation for 1.6 version? www.devil-linux.org The last time I looked, the website didn't have 1.6 documentation yet, and 1.5 docs were broken. But the 1.4 documentation should work; I don't think much has changed. > How exactly DevilLinux excel from something like openwall/zeroshell? Devil-LInux is a little different, in that it has a full range of server software installed and can be used as either a server or firewall. It is also created to run off a read-only media (i.e. CDROM or ISO image) so the base install cannot be modified or hacked. And the main reason I use Devil-Linux is the ease of upgrading it to a newer version, and the ease of backing it up, since only a small tar file containing all of your customizations needs to be backed up (unless you're using a live hard drive server data). - BS |
|
From: Zenny <gar...@gm...> - 2012-03-22 16:32:53
|
Hi: I am a bit confused about DL's jail service? Is it similar to FreeBSD jail or something else? Thanks! |
|
From: Dick M. <di...@fo...> - 2012-03-22 16:25:18
|
On 03/22/12 14:48, Heiko Zuerker wrote: > Hey, > > did anybody receive my announcement emails for RC3? > I tried twice already and they don't seem to make it to the mailinglists.... I got one on each list at around 13:00 GMT today. Dick |
|
From: Zenny <gar...@gm...> - 2012-03-22 16:25:06
|
Heiko: Already received two times. However, I downloaded the rc3 this morning before the announcement was emailed ;-) New, but still checking. How does it look deployment scenario of DL? Or specifically could you tell me how exactly you are using? :-) On 3/22/12, Heiko Zuerker <he...@zu...> wrote: > Found the problem, as you probably realized with all the emails you > just received. > > Heiko > > Quoting Heiko Zuerker <he...@zu...>: > >> Hey, >> >> did anybody receive my announcement emails for RC3? >> I tried twice already and they don't seem to make it to the >> mailinglists.... >> >> -- >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Zenny <gar...@gm...> - 2012-03-22 16:20:05
|
Thanks for reply. My impressions are inline below: On 3/22/12, Bruce Smith <bw...@re...> wrote: > The server version has extra hardening against attacks, such as grsecurity > and a few other things. The non-server does not have these extra > hardening, it's more of a "standard" Linux distro. > > Basically if you're going to expose Devil-Linux directly to the internet, > such as a firewall or a web server or DNS server, you're a little safer > running the non-server version. If you're running DL as an internal server > behind a firewall (i.e. Samba), not exposed directly to the internet, then > the server version might run better for you. That's because > grsecurity sometimes mistakes high resource using server processes as some > kind of attack and kills them. But when I checked the non-server version, the kernel also has grsecurity patch installed: #uname -a Linux Devil 3.2.11-grsec Then even the non-server version is also vulnerable to false-positive assumption of the gresecurity patch, isn't it? > > If you're running server processes on the non-server version that start > dying for unknown reasons, switch to the server version and see if that > fixes your problems. And it's never a good idea to run internal servers on > your internet firewall, hence the two distinct versions of Devil-Linux. Thanks for the clarification. As for me, I may never prefer to run extra services (except those applications needed to make other applications behind NAT of the firewall to run (like siproxd). BTW, how does the failover and loadbalancing be achieved in DL? I did see pound, but wouldn't nginx be better instead of pound (I did see apache and thttpd under services)? Another question is: by default the firewall service (I gues iptables?) is enabled. Is it necessary to enable both firewall and shorewall if I try to use shorewall wrapper scripts? How can I add additional applications and services to the DL box, I meant customization? Where can I find documentation for 1.6 version? How exactly DevilLinux excel from something like openwall/zeroshell? Thanks for sharing interesting work! > > - BS > |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:11:47
|
Found the problem, as you probably realized with all the emails you just received. Heiko Quoting Heiko Zuerker <he...@zu...>: > Hey, > > did anybody receive my announcement emails for RC3? > I tried twice already and they don't seem to make it to the mailinglists.... > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:05:54
|
Andrzej, the new udev doesn't use the module-init-tools anymore. They have switch to kmod, which is a library. Maybe the kmod sources have some information. Heiko Quoting Andrzej Odyniec <an...@ma...>: > Dears, > > Anyone know, how to use blacklist with new udev? > Before was sufficient to append to file /etc/modprobe.d/modprobe.conf: > >> root@VoIP:/etc/modprobe.d # cat /etc/modprobe.d/modprobe.conf|grep blacklist >> blacklist wct4xxp >> blacklist wcte12xp >> blacklist wct1xxp >> blacklist wcte11xp >> blacklist wctdm24xxp >> blacklist wcfxo >> blacklist wctdm >> blacklist wctc4xxp >> blacklist wcb4xxp > > but with new udev it is not woorking. I tried with other filenames, i.e. > blacklist.conf or dahdi.blacklist.conf but it is not working too. So drivers > are loaded in improper sequence and the only solution is unload and load > again. But this is not completely safe. > > Probably udev should call /sbin/modprobe with option --use-blacklist but I > can't find palce, where this should be configured. Maybe in > /etc/udev/udev.conf but how? > > Anyone know? I would like to avoid reading sources. > > Best regards > > -- > Andrzej Odyniec > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:05:53
|
Hello DL Community! I'm happy to announce that the third release candidate of Devil-Linux 1.6 is now available for download. This release brings the Linux kernel 3.2.11, fixes to reported issues, and many other updates. Please read the changelog for details. Please support the project and donate. Every little bit helps! http://www.devil-linux.org/sitetools/donatedl.php Report any new bugs or submit patches here: http://www.devil-linux.org/support/bugs.php -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:05:53
|
Thanks for the update. This means I can release RC3 now. woohoo! Heiko Quoting Andrzej Odyniec <an...@ma...>: > Heiko Zuerker wrote: >> Maybe we're missing a directory or some other command we need to execute for >> /dev to be proper? > > Perhaps something did not go well in the previous compilation. Next > compilation gave good results, with no udev errors. Yesterday I put > this build > (32-bit) on the main router and on all my satelite routers and on MTA gateway > machine. Everything so far is working properly. mysql too. > > Best Regards > > -- > Andrzej Odyniec > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:05:51
|
Hello DL Community! I'm happy to announce that the third release candidate of Devil-Linux 1.6 is now available for download. This release brings the Linux kernel 3.2.11, fixes to reported issues, and many other updates. Please read the changelog for details. Please support the project and donate. Every little bit helps! http://www.devil-linux.org/sitetools/donatedl.php Report any new bugs or submit patches here: http://www.devil-linux.org/support/bugs.php -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2012-03-22 16:05:49
|
Hey, did anybody receive my announcement emails for RC3? I tried twice already and they don't seem to make it to the mailinglists.... -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Bruce S. <bw...@re...> - 2012-03-22 12:50:18
|
The server version has extra hardening against attacks, such as grsecurity and a few other things. The non-server does not have these extra hardening, it's more of a "standard" Linux distro. Basically if you're going to expose Devil-Linux directly to the internet, such as a firewall or a web server or DNS server, you're a little safer running the non-server version. If you're running DL as an internal server behind a firewall (i.e. Samba), not exposed directly to the internet, then the server version might run better for you. That's because grsecurity sometimes mistakes high resource using server processes as some kind of attack and kills them. If you're running server processes on the non-server version that start dying for unknown reasons, switch to the server version and see if that fixes your problems. And it's never a good idea to run internal servers on your internet firewall, hence the two distinct versions of Devil-Linux. - BS |
|
From: Dominic R. <dl...@ed...> - 2012-03-22 11:26:57
|
When you start for the first time the username is 'root' and there is no password. For more information (aimed at noobs coming from Windows and wanting to use Samba, but should help you too) see http://www.edendevelopments.co.uk/dlsetup.php. Regarding server vs. non-server, I know that non-server includes GRSecurity and maybe has some other defences which in server are turned off (or down), I'm not sure of the details. I think for your use non-server is the way to go. Dominic On 22/03/2012 10:24, Zenny wrote: > Just downloaded the devil-linux-1.6.0-RC3-i686.tar.bz2, untarred and > then booted the boot.iso with qemu to test. But what is the default > login and password for root and user if any? > > However, I am expecting to learn the difference between the two > flavors (server.tar.bz2 and tar.bz2)! > > Thanks! > > On 3/22/12, Zenny<gar...@gm...> wrote: >> Hi: >> >> I am finding three candidates for firewall/router: pfSense >> (BSD-based), zeroshell and DevilLinux. >> >> New to DevilLinux, so I am a bit confused which version is what? >> >> When I checked the development version, there are two flavor for each arch: >> >> devil-linux-1.6.0-RC3-i686.tar.bz2 2012-03-19 414.6 MB 47 downloads >> devil-linux-1.6.0-RC3-i686-server.tar.bz2 2012-03-19 397.0 MB >> >> What are the differences between the two above? >> >> Thanks! >> > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Zenny <gar...@gm...> - 2012-03-22 10:24:23
|
Just downloaded the devil-linux-1.6.0-RC3-i686.tar.bz2, untarred and then booted the boot.iso with qemu to test. But what is the default login and password for root and user if any? However, I am expecting to learn the difference between the two flavors (server.tar.bz2 and tar.bz2)! Thanks! On 3/22/12, Zenny <gar...@gm...> wrote: > Hi: > > I am finding three candidates for firewall/router: pfSense > (BSD-based), zeroshell and DevilLinux. > > New to DevilLinux, so I am a bit confused which version is what? > > When I checked the development version, there are two flavor for each arch: > > devil-linux-1.6.0-RC3-i686.tar.bz2 2012-03-19 414.6 MB 47 downloads > devil-linux-1.6.0-RC3-i686-server.tar.bz2 2012-03-19 397.0 MB > > What are the differences between the two above? > > Thanks! > |
|
From: Zenny <gar...@gm...> - 2012-03-22 08:26:30
|
Hi: I am finding three candidates for firewall/router: pfSense (BSD-based), zeroshell and DevilLinux. New to DevilLinux, so I am a bit confused which version is what? When I checked the development version, there are two flavor for each arch: devil-linux-1.6.0-RC3-i686.tar.bz2 2012-03-19 414.6 MB 47 downloads devil-linux-1.6.0-RC3-i686-server.tar.bz2 2012-03-19 397.0 MB What are the differences between the two above? Thanks! |
|
From: Andrzej O. <an...@ma...> - 2012-03-21 16:18:09
|
Dears, Anyone know, how to use blacklist with new udev? Before was sufficient to append to file /etc/modprobe.d/modprobe.conf: > root@VoIP:/etc/modprobe.d # cat /etc/modprobe.d/modprobe.conf|grep blacklist > blacklist wct4xxp > blacklist wcte12xp > blacklist wct1xxp > blacklist wcte11xp > blacklist wctdm24xxp > blacklist wcfxo > blacklist wctdm > blacklist wctc4xxp > blacklist wcb4xxp but with new udev it is not woorking. I tried with other filenames, i.e. blacklist.conf or dahdi.blacklist.conf but it is not working too. So drivers are loaded in improper sequence and the only solution is unload and load again. But this is not completely safe. Probably udev should call /sbin/modprobe with option --use-blacklist but I can't find palce, where this should be configured. Maybe in /etc/udev/udev.conf but how? Anyone know? I would like to avoid reading sources. Best regards -- Andrzej Odyniec |
50 messages has been excluded from this view by a project administrator.
