devil-linux-discuss — General Mailing List for all discussions

[Devil-Linux-discuss] FYI: SORBS shuts down

[Martin H. <ma...@ho...>]

(Sorry for the German reference ...)

FYI: SORBs is shutting down their blacklist, be sure to adapt your
mailfilters!


http://www.heise.de/newsticker/Anti-Spam-Blacklist-zu-verkaufen--/meld
ung/140913
---
Laut Ankündigung auf ihrer Webseite [1] wird die SORBS-Blacklist am
20. Juli 2009 den Betrieb einstellen, wenn sich bis dahin kein neuer
Sponsor für das Hosting findet. (...)
---

[1] http://www.au.sorbs.net/

greetings, martin

Re: [Devil-Linux-discuss] DL and Intel PRO/1000 MF Server Adapter (LX)

[Bradlee L. <bra...@gm...>]

I don't know the exact adapter I had, but I did have to manually set
e1000 to be loaded manually. We are still using DL 1.2.15 though.

In modules.conf, I added lines "alias eth0 e1000" all the way to eth7,
because we had an 8 port system.

-Brad

On Fri, Jun 19, 2009 at 8:42 AM, Heiko Zuerker<he...@zu...> wrote:
> Never used the adapter.
>
> But I think Serge updated the Intel e1000 driver after the RC1 release, so
> if you run into trouble we could compile a newer version of DL.
>
> Heiko
>
>> -----Original Message-----
>> From: Frank Weis [mailto:Fra...@ct...]
>> Sent: Friday, June 19, 2009 6:10 AM
>> To: dev...@li...
>> Subject: [Devil-Linux-discuss] DL and Intel PRO/1000 MF Server Adapter
>> (LX)
>>
>> Hello,
>>
>> has anybody any experience with this adapter in a DL Box?
>>
>> Should I expect problems?
>>
>> TIA,
>>
>> Frank
>>
>> --
>> _______________________________________________
>>  Centre de Technologie de l'Education
>>  29 avenue John F. Kennedy
>>  L-1855 Luxembourg-Kirchberg
>>  email: Fra...@ct...
>>  tél.: +352 247-85973
>>  fax: +352 333797
>> _______________________________________________
>>
>>
>> -----------------------------------------------------------------------
>> -------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensing option that enables unlimited
>> royalty-free distribution of the report engine for externally facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> Devil-linux-discuss mailing list
>> Dev...@li...
>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>

Re: [Devil-Linux-discuss] DL and Intel PRO/1000 MF Server Adapter (LX)

[Heiko Z. <he...@zu...>]

Never used the adapter.

But I think Serge updated the Intel e1000 driver after the RC1 release, so
if you run into trouble we could compile a newer version of DL.

Heiko

> -----Original Message-----
> From: Frank Weis [mailto:Fra...@ct...]
> Sent: Friday, June 19, 2009 6:10 AM
> To: dev...@li...
> Subject: [Devil-Linux-discuss] DL and Intel PRO/1000 MF Server Adapter
> (LX)
> 
> Hello,
> 
> has anybody any experience with this adapter in a DL Box?
> 
> Should I expect problems?
> 
> TIA,
> 
> Frank
> 
> --
> _______________________________________________
>  Centre de Technologie de l'Education
>  29 avenue John F. Kennedy
>  L-1855 Luxembourg-Kirchberg
>  email: Fra...@ct...
>  tél.: +352 247-85973
>  fax: +352 333797
> _______________________________________________
> 
> 
> -----------------------------------------------------------------------
> -------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss

[Devil-Linux-discuss] DL and Intel PRO/1000 MF Server Adapter (LX)

[Frank W. <Fra...@ct...>]

Hello,

has anybody any experience with this adapter in a DL Box?

Should I expect problems?

TIA,

Frank

-- 
_______________________________________________
 Centre de Technologie de l'Education
 29 avenue John F. Kennedy
 L-1855 Luxembourg-Kirchberg
 email: Fra...@ct...
 tél.: +352 247-85973
 fax: +352 333797
_______________________________________________

[Devil-Linux-discuss] Device scanning for config file at boot time

[Dominic R. <dl...@ed...>]

I just wanted to check about the way DL 1.4RC1 scans automatically at 
boot to find the configuration file device scanning by DL at boot.

A table 1.1 is given at 
http://www.devil-linux.org/documentation/1.3.x/ch01s03.html#id3883577 
but this may be out-of-date. Is the order of automatic scanning of 
devices as shown in table 1.1 (ide cd drives first, then scsi cd drives, 
then ide partitions, then scsi partitions, then scsi disks [inc USB], 
and last floppy)?

I may be misunderstanding, but if one is using USB drive or floppy 
(presumably write-protected) to hold one's configuration, is the system 
vulnerable - in theory - to a hacker placing a 'false' config file onto 
a writeable media (e.g. hard disk partition) that is scanned earlier in 
the cycle, and then forcing a reboot?

Dominic

Re: [Devil-Linux-discuss] Devil-linux-discuss Digest, Vol 37, Issue 11

[Olivier B. <oli...@fr...>]

Thanks a lot !

Olibouli
----- Original Message ----- 
From: <dev...@li...>
To: <dev...@li...>
Sent: Wednesday, June 10, 2009 2:06 PM
Subject: Devil-linux-discuss Digest, Vol 37, Issue 11


> Send Devil-linux-discuss mailing list submissions to
> dev...@li...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
> or, via email, send a message with subject or body 'help' to
> dev...@li...
>
> You can reach the person managing the list at
> dev...@li...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Devil-linux-discuss digest..."
>
>
> Today's Topics:
>
>   1. Re: test on Devil-Linux 1.4RC1 (Bruce Smith)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 9 Jun 2009 21:29:23 -0400
> From: Bruce Smith <bw...@re...>
> Subject: Re: [Devil-Linux-discuss] test on Devil-Linux 1.4RC1
> To: dev...@li...
> Message-ID:
> <5f9...@ma...>
> Content-Type: text/plain; charset=ISO-8859-1
>
>> ?1 - Problem of new iptables version that is not allowed to Drop on Nat 
>> tables,
>> despite default firewall script is using :
>
> OK, I fixed the problem.
>
> If you don't want to wait for a new release, you can download the new
> scripts from CVS.
>
> The 2nic firewall script is here:
>
> http://devil-linux.cvs.sourceforge.net/viewvc/*checkout*/devil-linux/build/config/etc/init.d/firewall.rules.2nic?revision=1.17
>
> The 3nic firewall script is here:
>
> http://devil-linux.cvs.sourceforge.net/viewvc/*checkout*/devil-linux/build/config/etc/init.d/firewall.rules.3nic?revision=1.14
>
> - BS
>
>
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
>
> ------------------------------
>
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>
>
> End of Devil-linux-discuss Digest, Vol 37, Issue 11
> ***************************************************
>
>
> __________ Information NOD32 4145 (20090610) __________
>
> Ce message a ete verifie par NOD32 Antivirus System.
> http://www.nod32.com
>
> 

Re: [Devil-Linux-discuss] test on Devil-Linux 1.4RC1

[Bruce S. <bw...@re...>]

>  1 - Problem of new iptables version that is not allowed to Drop on Nat tables,
> despite default firewall script is using :

OK, I fixed the problem.

If you don't want to wait for a new release, you can download the new
scripts from CVS.

The 2nic firewall script is here:

http://devil-linux.cvs.sourceforge.net/viewvc/*checkout*/devil-linux/build/config/etc/init.d/firewall.rules.2nic?revision=1.17

The 3nic firewall script is here:

http://devil-linux.cvs.sourceforge.net/viewvc/*checkout*/devil-linux/build/config/etc/init.d/firewall.rules.3nic?revision=1.14

 - BS

Re: [Devil-Linux-discuss] test on Devil-Linux 1.4RC1

[Bruce S. <bw...@re...>]

> I tried to test the new RC1 and I felt a bit dizzy with the normal version and
> the server version. It seems that the server version was compiled without grsec
> ! any other difference ?

I believe that's the only difference.

I've had problems with grsec killing processes that have a high
resource utilization (like server processes), so instead of taking the
time to learn how to configure grsec correctly, I compiled a server
version of DL without grsec.

I'll take a look at the iptables/DROP problem when I get a chance.

Maybe someone else can answer your other questions.

 - BS

[Devil-Linux-discuss] test on Devil-Linux 1.4RC1

[<oli...@fr...>]

Hello,
I tried to test the new RC1 and I felt a bit dizzy with the normal version and
the server version. It seems that the server version was compiled without grsec
! any other difference ?

As a first approch of testing this new RC1, I tried to migrate from a DL 2.15
(main use as a firewall with only services Beep, Firewall, Routing, SSHD) : new
RC1 convert old configuration files but during the "save-config" on /dev/fd0 I
got a loop message : please insert configuration media in /dev/fd0.
I decided to reconfigure RC1 from scratch. Everything was fine except few
details I noticed :

 1 - Problem of new iptables version that is not allowed to Drop on Nat tables,
despite default firewall script is using :

# Prevent NetBIOS and Samba from leaking.
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 445 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 445 -j DROP

Starting Firewalliptables v1.4.3.2:
The "nat" table is not intended for filtering, the use of DROP is therefore
inhibited.

 2 - Tried to test webmin and noticed another little problem with module
Webminstats. Perl script cannot execute because of an error in the @INC path
(files RRDs.pm is in /usr/lib/perl/5.8.9/i686-linux-thread-multi and not in
/usr/lib/perl5/5.8.9/i686-linux-thread-multi).

 3 - As a comparaison of both versions, release 2.15 was 23 tasks and more or
less 40000K in memory. New RC1 is 46 tasks and 85000K in memory with same
configuration. I was just wondering what can be expected in term of security
when the main use is a firewall ? (this is not a complain but more a question
that a novice like me could have in mind)

I hope this e-mail will help such a good project like Devil-linux. Thanks in
advance for your answers, and congratulation for this new release that seems to
have much more functunalities than the previous one.

Olibouli

Re: [Devil-Linux-discuss] rdiff-backup (was Devil-Linux 1.4RC1 released)

[Dominic R. <dl...@ed...>]

Thanks Heiko, I will look forward to seeing it in the changes list 
sometime. Sorry I can't help with the patching - way out of my depth!

Dominic

Heiko Zuerker wrote:
> Dominic,
>
> sounds like a nice little tool.
> I added a note to the feature request that we'll implement it. There's  
> no ETA, patches are as always welcome.
>
> Heiko
>
> Quoting Dominic Refard <dl...@ed...>:
>
>   
>> On 06/06/2009 17:03, Heiko Zuerker wrote:
>>     
>>>> Dominic Raferd wrote:
>>>> I would also like to request that rdiff-backup  
>>>> (http://www.gnu.org/savannah-checkouts/non-gnu/rdiff-backup/) be  
>>>> added to the next release?...

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Serge L. <fi...@in...>]

Dominic Refard wrote:
> On 07/06/2009 09:13, Serge Leschinsky wrote:
>> Dominic Refard wrote:
>> ...
>>    
>>> - eth0 networking is not fully autoconfigured but udev's preferred eth0
>>> network module is displayed in Setup. It was news to me that it was
>>> optional to specify the network module in Setup. (Finding the right
>>> network module for your network card seems to me the hardest thing to
>>> explain - short of saying: er, use Google.)
>>>      
>> Well...
>> The following code may help with network module identification.
>>
>> for i in $(lsmod | awk '{ print $1}');
>> do
>>    modinfo -F filename $i 2>  /dev/null | grep "kernel/drivers/net/" \
>> 	| sed -e 's#.*/##' -e 's#\..*$##';
>> done
>>
>> It prints the list of loaded network modules (previously loaded by udev, of course).
>>    
> Neat, and I've added it to my how-to page
Hm... It was just an example, moreover I considered this code to be used in
'setup' tool. For howto page I'd rather suggest 'lspci' based variant
	lspci -v | grep "Ethernet controller:\|Kernel modules:" | \
		grep -A1 "Ethernet controller:"


> could type this all in perfectly, and of course they can't cut'n'paste 
> at this stage. I guess it would not be necessary if your idea of having 
> an 'autodetect' option in setup is followed.
I tried several times to modify 'setup' and  have to admit it's not so easy.
This magic is too difficult for me... Bruce is the main wizard.


Serge

Re: [Devil-Linux-discuss] rdiff-backup (was Devil-Linux 1.4RC1 released)

[Heiko Z. <he...@zu...>]

Dominic,

sounds like a nice little tool.
I added a note to the feature request that we'll implement it. There's  
no ETA, patches are as always welcome.

Heiko

Quoting Dominic Refard <dl...@ed...>:

> On 06/06/2009 17:03, Heiko Zuerker wrote:
>>> Dominic Raferd wrote:
>>> I would also like to request that rdiff-backup  
>>> (http://www.gnu.org/savannah-checkouts/non-gnu/rdiff-backup/) be  
>>> added to the next release?...
>>>
>> What's the big benefit on using this instead of rsync?
> rsync transfers files in an efficient manner, but it doesn't offer any
> storage efficiency. Nor, I believe, does Bacula.
>
> Quoting: "rdiff-backup backs up one directory to another, possibly over
> a network. The target directory ends up a copy of the source directory,
> but extra reverse diffs are stored in a special subdirectory of that
> target directory, so you can still recover files lost some time ago. The
> idea is to combine the best features of a mirror and an incremental
> backup. rdiff-backup also preserves subdirectories, hard links, dev
> files, permissions, uid/gid ownership, modification times, extended
> attributes, acls, and resource forks. Also, rdiff-backup can operate in
> a bandwidth efficient manner over a pipe, like rsync. Thus you can use
> rdiff-backup and ssh to securely back a hard drive up to a remote
> location, and only the differences will be transmitted. Finally,
> rdiff-backup is easy to use and settings have sensical defaults."
>
> So if you run it every day (as we do, to a backup server that runs
> Ubuntu), you have a backup repository which not only has the most recent
> data (stored in the clear) but also every previous version of every file
> going back each day since you started. Although this is complicated
> under the hood, it is easy to use - for backup or restore. I had a case
> only this week with a corrupted Access 2007 file (a fault in Access 2007
> [even SP2] leads to occasional corruption of files); the previous day's
> backup was corrupt too but I could easily retrieve the file from the day
> before that - which was fine.
>
> Critically, because the data for previous backups is stored in
> reverse-diff files it is highly space-efficient. So our raw backup data
> is 80GB, we now have 6 month's worth of daily backups and the backup is
> 90GB. This includes lots of large database and email files which change
> daily.
>
> I can continue to use Ubuntu for this so I don't feel so strongly, I
> guess I thought since Bacula had been added to DL it would be logical to
> add rdiff-backup.
>
> Dominic
>
> ------------------------------------------------------------------------------
> OpenSolaris 2009.06 is a cutting edge operating system for enterprises
> looking to deploy the next generation of Solaris that includes the latest
> innovations from Sun and the OpenSource community. Download a copy and
> enjoy capabilities such as Networking, Storage and Virtualization.
> Go to: http://p.sf.net/sfu/opensolaris-get
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>



-- 

Regards
   Heiko Zuerker
   http://www.devil-linux.org


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Herbert K. <her...@gm...>]

Heiko Zuerker wrote:

> One part of the DL philosophy is that nothing happens without the  
> Admin of the Box explicitly allowing it.

100% agree!
   Herbert

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Dominic R. <dl...@ed...>]

On 07/06/2009 09:13, Serge Leschinsky wrote:
> Dominic Refard wrote:
> ...
>    
>> - eth0 networking is not fully autoconfigured but udev's preferred eth0
>> network module is displayed in Setup. It was news to me that it was
>> optional to specify the network module in Setup. (Finding the right
>> network module for your network card seems to me the hardest thing to
>> explain - short of saying: er, use Google.)
>>      
> Well...
> The following code may help with network module identification.
>
> for i in $(lsmod | awk '{ print $1}');
> do
>    modinfo -F filename $i 2>  /dev/null | grep "kernel/drivers/net/" \
> 	| sed -e 's#.*/##' -e 's#\..*$##';
> done
>
> It prints the list of loaded network modules (previously loaded by udev, of course).
>    
Neat, and I've added it to my how-to page, but it's unlikely a newcomer 
could type this all in perfectly, and of course they can't cut'n'paste 
at this stage. I guess it would not be necessary if your idea of having 
an 'autodetect' option in setup is followed.

Dominic

Re: [Devil-Linux-discuss] rdiff-backup (was Devil-Linux 1.4RC1 released)

[Dominic R. <dl...@ed...>]

On 07/06/2009 03:43, Bruce Smith wrote:
>> Critically, because the data for previous backups is stored in
>> reverse-diff files it is highly space-efficient....
>>      
> How's it work with binary files?  (pictures, compiled executables, etc.)
>    
For executables it is efficient I believe, for jpegs that change I am 
not so sure; it cannot be efficient for encrypted files that change 
(Access .mde or .accde files, for instance). It uses the librsync 
library to generate the (reverse) diffs i.e. the differences between 
file versions. Quotes: "librsync implements the rsync remote-delta 
algorithm" "The algorithm works best when the files are similar, but 
will also function correctly and reasonably efficiently when the files 
are quite different"

It always stores the most recent version of a file in the clear i.e. 
uncompressed and unencrypted, so for recovery you only need to use 
rdiff-backup itself (or a tool based on it) if you need an earlier 
version of a file (or fileset).

There is a similar utility called duplicity 
(http://duplicity.nongnu.org/) which again uses librsync but stores 
encrypted tar-format volumes. Because this is inherently more secure it 
might sort of fit better with the DL philosophy, but it is in beta, and 
even I don't think DL needs beta software. :-)

Dominic

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Serge L. <fi...@in...>]

Dominic Refard wrote:
...
> - eth0 networking is not fully autoconfigured but udev's preferred eth0
> network module is displayed in Setup. It was news to me that it was
> optional to specify the network module in Setup. (Finding the right
> network module for your network card seems to me the hardest thing to
> explain - short of saying: er, use Google.)
Well...
The following code may help with network module identification.

for i in $(lsmod | awk '{ print $1}');
do
  modinfo -F filename $i 2> /dev/null | grep "kernel/drivers/net/" \
	| sed -e 's#.*/##' -e 's#\..*$##';
done

It prints the list of loaded network modules (previously loaded by udev, of course).


> 
> But I also recognise the argument that if you make getting started with
> DL too simple, you just encourage non-experts to have a go, and then
> they will have problems later. Better if they stick to Ubuntu maybe?
Everybody choses his own way. I think Ubuntu is not the best but definetely not
the worst. And you are right, DL is the most attractive for experienced users.

--
Sincerely,
Serge

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Serge L. <fi...@in...>]

Bruce Smith wrote:
>>>>> If a new DL install came online on the Internet, would anyone be able
>>>>> to hack the system?  sshd and other services shouldn't be started so
>>>>> is there anyway to connect or login other than the local console?
>>>> He was actually asking for enabling the network, SSH and Webmin. So
>>>> yes, anybody could connect to it.
>>> Don't know about webmin, but we could configure SSH to not allow root
>>> login and/or not allow login to accounts without a password.
>>>
>>> Maybe we could config webmin to only listen on the internal network
>>> nic by default?
>>>
>>> Or on boot, if an init script detects root doesn't have a password, we
>>> could generate and assign a random password to root, and display it on
>>> the console.  That would keep out remote users.  :-)
>> Not sure if this would be worth the effort.
>> I'm currently leaning more towards a "No".
> 
> I like the idea of automatically loading modules, instead of manually
> selecting (guessing) them.
> 
Bruce, you can add to the list of modules something like "autodetect" and if a
user chooses it, just to not write anything in the MODULE parameter, i.e.
MODULE="". In this case the task of network module loading will be delegated to
udev. Usually udev manages to do it.


Serge

Re: [Devil-Linux-discuss] rdiff-backup (was Devil-Linux 1.4RC1 released)

[Bruce S. <bw...@re...>]

> Critically, because the data for previous backups is stored in
> reverse-diff files it is highly space-efficient....

How's it work with binary files?  (pictures, compiled executables, etc.)

 - BS

Re: [Devil-Linux-discuss] rdiff-backup (was Devil-Linux 1.4RC1 released)

[Dominic R. <dl...@ed...>]

On 06/06/2009 17:03, Heiko Zuerker wrote:
>> Dominic Raferd wrote:
>> I would also like to request that rdiff-backup (http://www.gnu.org/savannah-checkouts/non-gnu/rdiff-backup/) be added to the next release?...
>>      
> What's the big benefit on using this instead of rsync?
rsync transfers files in an efficient manner, but it doesn't offer any 
storage efficiency. Nor, I believe, does Bacula.

Quoting: "rdiff-backup backs up one directory to another, possibly over 
a network. The target directory ends up a copy of the source directory, 
but extra reverse diffs are stored in a special subdirectory of that 
target directory, so you can still recover files lost some time ago. The 
idea is to combine the best features of a mirror and an incremental 
backup. rdiff-backup also preserves subdirectories, hard links, dev 
files, permissions, uid/gid ownership, modification times, extended 
attributes, acls, and resource forks. Also, rdiff-backup can operate in 
a bandwidth efficient manner over a pipe, like rsync. Thus you can use 
rdiff-backup and ssh to securely back a hard drive up to a remote 
location, and only the differences will be transmitted. Finally, 
rdiff-backup is easy to use and settings have sensical defaults."

So if you run it every day (as we do, to a backup server that runs 
Ubuntu), you have a backup repository which not only has the most recent 
data (stored in the clear) but also every previous version of every file 
going back each day since you started. Although this is complicated 
under the hood, it is easy to use - for backup or restore. I had a case 
only this week with a corrupted Access 2007 file (a fault in Access 2007 
[even SP2] leads to occasional corruption of files); the previous day's 
backup was corrupt too but I could easily retrieve the file from the day 
before that - which was fine.

Critically, because the data for previous backups is stored in 
reverse-diff files it is highly space-efficient. So our raw backup data 
is 80GB, we now have 6 month's worth of daily backups and the backup is 
90GB. This includes lots of large database and email files which change 
daily.

I can continue to use Ubuntu for this so I don't feel so strongly, I 
guess I thought since Bacula had been added to DL it would be logical to 
add rdiff-backup.

Dominic

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Dominic R. <dl...@ed...>]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 07/06/2009 00:45, Bruce Smith wrote:
<blockquote
 cite="mid:5f9...@ma..."
 type="cite">
  <blockquote type="cite">
    <blockquote type="cite">
      <blockquote type="cite">
        <blockquote type="cite">
          <pre wrap="">If a new DL install came online on the Internet, would anyone be able
to hack the system? &nbsp;sshd and other services shouldn't be started so
is there anyway to connect or login other than the local console?
          </pre>
        </blockquote>
        <pre wrap="">He was actually asking for enabling the network, SSH and Webmin. So
yes, anybody could connect to it.
        </pre>
      </blockquote>
      <pre wrap="">Don't know about webmin, but we could configure SSH to not allow root
login and/or not allow login to accounts without a password.

Maybe we could config webmin to only listen on the internal network
nic by default?

Or on boot, if an init script detects root doesn't have a password, we
could generate and assign a random password to root, and display it on
the console. &nbsp;That would keep out remote users. &nbsp;:-)
      </pre>
    </blockquote>
    <pre wrap="">Not sure if this would be worth the effort.
I'm currently leaning more towards a "No".
    </pre>
  </blockquote>
  <pre wrap=""><!---->I like the idea of automatically loading modules, instead of manually
selecting (guessing) them.

However, I don't think that should happen automatically.  It should be
turned on as part of the process of creating an initial manual
configuration.  Setting root password, configuring firewall,
specifying IP addresses or DHCP, and then having it auto load modules.

 - BS
  </pre>
</blockquote>
Well I recognise the security dangers in an open initial installation
but the instructions should make clear that the first thing you must do
is login and set a password. DL could come preconfigured with root
having a password such as 'devil-linux', which would at least prevent
opportunistic casual hacking. Under normal usage you don't need a
monitor or keyboard for your DL
machine, but you do need it for initial setup; the open bare
installation would
overcome this and allow plug'n'go.<br>
<br>
Some possible compromises:<br>
- the open installation could be limited to the 'server' flavour of DL,
which I guess is aimed towards behind-the-firewall usage (such as I
have)?<br>
- sshd &amp; webmin are left switched off, but eth0 networking is still
autoconfigured for DHCP; or<br>
- eth0 networking is not fully autoconfigured but udev's preferred eth0
network module is displayed in Setup. It was news to me that it was
optional to specify the network module in Setup. (Finding the right
network module for your network card seems to me the hardest thing to
explain - short of saying: er, use Google.)<br>
<br>
But I also recognise the argument that if you make getting started with
DL
too simple, you just encourage non-experts to have a go, and
then they will have problems later. Better if they stick to Ubuntu
maybe?<br>
<br>
Dominic<br>
</body>
</html>

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Bruce S. <bw...@re...>]

>>>> If a new DL install came online on the Internet, would anyone be able
>>>> to hack the system?  sshd and other services shouldn't be started so
>>>> is there anyway to connect or login other than the local console?
>>>
>>> He was actually asking for enabling the network, SSH and Webmin. So
>>> yes, anybody could connect to it.
>>
>> Don't know about webmin, but we could configure SSH to not allow root
>> login and/or not allow login to accounts without a password.
>>
>> Maybe we could config webmin to only listen on the internal network
>> nic by default?
>>
>> Or on boot, if an init script detects root doesn't have a password, we
>> could generate and assign a random password to root, and display it on
>> the console.  That would keep out remote users.  :-)
>
> Not sure if this would be worth the effort.
> I'm currently leaning more towards a "No".

I like the idea of automatically loading modules, instead of manually
selecting (guessing) them.

However, I don't think that should happen automatically.  It should be
turned on as part of the process of creating an initial manual
configuration.  Setting root password, configuring firewall,
specifying IP addresses or DHCP, and then having it auto load modules.

 - BS

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Heiko Z. <he...@zu...>]

Quoting Bruce Smith <bw...@re...>:

>>> If a new DL install came online on the Internet, would anyone be able
>>> to hack the system?  sshd and other services shouldn't be started so
>>> is there anyway to connect or login other than the local console?
>>
>> He was actually asking for enabling the network, SSH and Webmin. So
>> yes, anybody could connect to it.
>
> Don't know about webmin, but we could configure SSH to not allow root
> login and/or not allow login to accounts without a password.
>
> Maybe we could config webmin to only listen on the internal network
> nic by default?
>
> Or on boot, if an init script detects root doesn't have a password, we
> could generate and assign a random password to root, and display it on
> the console.  That would keep out remote users.  :-)

Not sure if this would be worth the effort.
I'm currently leaning more towards a "No".

-- 

Regards
   Heiko Zuerker
   http://www.devil-linux.org


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Re: [Devil-Linux-discuss] Devil-Linux 1.4RC1 released

[Dick M. <di...@fo...>]

Dominic Refard wrote:

>> So, if we put a prepared ifcfg script for eth0 with DHCP configured then the
>> network will start automatically.
>>
>> The question is - do we really need this feature?
>>   
> Thanks for the info re udev. Personally I don't need this feature and I 
> am sure you don't, but anything which helps newcomers seems beneficial 

The thing about newbies is that they don't stay newbies for long. DL is not 
really a general purpose system so it's not particularly helpful to 
preconfigure things.  It's better to have things such that they have to be 
actively setup before they can be used.  That way there are no surprises.

If you do need to get help configuring a service there's nothing to stop you 
copying configs from, say, Debian to use as a basis for your own configuration.

>>> I would also like to request that rdiff-backup 
>>> (http://www.gnu.org/savannah-checkouts/non-gnu/rdiff-backup/) be added 
>>> to the next release?...

It is possible to install apps, particularly script based apps in DL (assuming 
you have some non volatile storage i.e. hard drive).  I put stuff in /opt for 
example.   It usually only becomes a problem if you need a special kernel 
module. Sometimes you need to do a bit of jiggery-pokery to load a library or 
something but mostly it's not difficult.

There is also the option of rolling your own DL using the development kit. 
I've not tried this myself but people do.

Dick

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Bruce S. <bw...@re...>]

>> If a new DL install came online on the Internet, would anyone be able
>> to hack the system?  sshd and other services shouldn't be started so
>> is there anyway to connect or login other than the local console?
>
> He was actually asking for enabling the network, SSH and Webmin. So
> yes, anybody could connect to it.

Don't know about webmin, but we could configure SSH to not allow root
login and/or not allow login to accounts without a password.

Maybe we could config webmin to only listen on the internal network
nic by default?

Or on boot, if an init script detects root doesn't have a password, we
could generate and assign a random password to root, and display it on
the console.  That would keep out remote users.  :-)

 - BS

Re: [Devil-Linux-discuss] DL with network access on first boot (was Devil-Linux 1.4RC1 released)

[Heiko Z. <he...@zu...>]

Quoting Bruce Smith <bw...@re...>:

>>>> Thinking of newbies, could a new install of DL attempt to autoconfigure
>>>> eth0 i.e. identify and load an appropriate ethernet module and try to
>>>> pick up IP from an external DHCP server?
>>> Actually, udev loads all necessary modules during startup. The field
>>> "module" is
>>> optional for the simplest cases and allows to define any  
>>> non-standard options
>>> for modules (bonding for example).
>>> So, if we put a prepared ifcfg script for eth0 with DHCP  
>>> configured then the
>>> network will start automatically.
>>>
>>> The question is - do we really need this feature?
>>
>> One part of the DL philosophy is that nothing happens without the
>> Admin of the Box explicitly allowing it.
>> I'm unsure about this request. On one hand it would be nice, on the
>> other hand it would suck if you firewall comes up and connects to the
>> internet right away (without being configured for security, no root
>> pwd, etc.)
>> Anybody else have an opinion on this topic?
>
> If a new DL install came online on the Internet, would anyone be able
> to hack the system?  sshd and other services shouldn't be started so
> is there anyway to connect or login other than the local console?

He was actually asking for enabling the network, SSH and Webmin. So  
yes, anybody could connect to it.

-- 

Regards
   Heiko Zuerker
   http://www.devil-linux.org


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.