00:02.44 | *** join/#devuan matlock (~matlock@user-24-214-145-29.knology.net) |
00:12.33 | *** join/#devuan koris (~koris@185.65.134.111) |
00:14.57 | *** join/#devuan earthnative (~nemo@59.167.208.146) |
00:34.08 | *** join/#devuan specing (~specing@unaffiliated/specing) |
00:35.30 | *** join/#devuan JohnTheRipper (~JohnTheRi@2.229.193.226) |
00:35.32 | *** join/#devuan saptech (~saptech@unaffiliated/saptech) |
00:42.50 | *** join/#devuan JohnTheRipper (~JohnTheRi@2.229.193.226) |
00:59.38 | *** join/#devuan justinsm (~justinsm@82-69-63-196.dsl.in-addr.zen.co.uk) |
01:02.14 | *** join/#devuan nighty- (~nighty@kyotolabs.asahinet.com) |
01:03.39 | *** join/#devuan XuR (~quassel@ip70-188-216-108.ph.ph.cox.net) |
01:34.47 | *** join/#devuan Humpelstilzchen (erik@x4e32a7c9.dyn.telefonica.de) |
02:09.30 | *** join/#devuan rdav (~rdav@61.181.148.122.sta.dodo.net.au) |
02:09.49 | *** join/#devuan noordinaryspider (~noordinar@41.185.17.106) |
02:13.01 | *** join/#devuan Hoshpak (~Hoshpak@p200300C90BC78400E9B9209A24436626.dip0.t-ipconnect.de) |
03:36.03 | *** join/#devuan jathan (~jathan@189.216.204.127) |
04:02.24 | *** join/#devuan zyliwax (~zyliwax@unaffiliated/zyliwax) |
04:36.38 | *** join/#devuan jathan (~jathan@189.216.204.127) |
04:54.13 | *** join/#devuan jathan (~jathan@189.216.204.127) |
05:36.45 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
05:42.34 | *** join/#devuan tokage (~tokage@fsfe/tokage) |
05:48.23 | *** join/#devuan tsuggs (~tsuggs@adsl-074-171-024-060.sip.int.bellsouth.net) |
06:37.33 | *** join/#devuan Pali (~pali@Maemo/community/contributor/Pali) |
06:52.44 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
07:03.11 | *** join/#devuan romo (~romo@unaffiliated/romo) |
07:05.26 | *** join/#devuan JohnnyRun (~gianni@net94-124-67-2.static.bb.mainsoft.it) |
07:12.03 | *** join/#devuan Kizano (markizano@2600:3c00::f03c:91ff:fec8:382d) |
07:15.04 | *** join/#devuan Besnik_b (~Besnik@ppp-94-66-221-90.home.otenet.gr) |
07:46.29 | ddg | I am experiencing huge memory usage from qupzilla, any ideas why? <<< fresh installed after new devuan install... |
07:47.30 | *** join/#devuan PnUic (~androirc@46.231.35.210) |
07:51.04 | *** join/#devuan thaller (~thaller@2.43.142.111) |
07:58.17 | *** join/#devuan freemangordon_ (~ivo@195.128.225.2) |
07:58.18 | *** join/#devuan mf (~yaaic@x52716adb.dyn.telefonica.de) |
08:05.00 | *** join/#devuan bozonius (~bozonius@c-73-90-84-55.hsd1.ca.comcast.net) |
08:05.02 | *** join/#devuan koris (~koris@185.65.134.111) |
08:05.38 | bozonius | does devuan support hotpluggable drives? |
08:06.25 | bozonius | My devuan 1.0 VM has started having intermittent freezes since I changed the drives to hotpluggable. I just switched them back to non-hotpluggable and wait to see what happens |
08:06.32 | bozonius | thanks |
08:07.18 | bozonius | btw, nothing else changed, other than my adding a new virtual drive. At that time, I changed all the drives to hotpluggable. |
08:08.51 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
08:11.26 | *** join/#devuan s_kunk (~s_kunk@unaffiliated/s-kunk/x-5139101) |
08:15.58 | bozonius | well, nevermind. It just froze again. So it isn't the hotplug ability causing the freeze, apparently. |
08:17.19 | bozonius | Now I am wondering what could be suddenly causing these freezes? I haven't done anything to either VBox host or the Devuan client configuration, though I may have run update/upgrade recently, before the last boot sometime. |
08:17.40 | bozonius | It won't be ping'd. |
08:20.07 | bozonius | and I don't have ssh set up though I doubt that would work either. It seems to be completely hung/frozen. |
08:34.16 | bozonius | I see some curious errors in the vbox log, so I'll try to see if that may be the source of the freeze. |
08:42.16 | *** join/#devuan Drugo (~Drugo@62-11-1-95.dialup.tiscali.it) |
08:46.13 | bozonius | turns out these errors also happen on my Ubuntu VM, and it is not having these freezes |
08:46.34 | bozonius | so this appears to be Devuan specific (but could be a vbox issue, idk) |
08:48.06 | bozonius | the only packages installed or upgraded since these freezes began was the newest Chrome browser and ntptrace. Other than that, no changes to packages. |
08:57.38 | *** join/#devuan fugitive_ (~fugitive@95.211.147.186) |
09:03.06 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
09:03.59 | *** join/#devuan JotaMG (~chatozill@5.109.249.5.rev.vodafone.pt) |
09:16.39 | *** join/#devuan PnUic (~androirc@46.231.35.210) |
09:28.21 | debdog | bozonius: prolly updating the kernel fixes it |
09:29.16 | bozonius | debdog: Thanks. What kernel version do I need? |
09:29.55 | bozonius | I ran "apt-get update" and "apt-get upgrade" and got no updates. |
09:30.06 | debdog | sorry, not into hotplugging stuff. you'll have to check release notes or just use the latest |
09:30.12 | debdog | welll. |
09:30.16 | debdog | *wel... |
09:30.19 | debdog | dang |
09:30.26 | debdog | let me get coffee first :P |
09:30.30 | debdog | well... |
09:30.31 | bozonius | oh, I backed that out -- no more hotplugging, but that made no difference. It still freezes. |
09:30.40 | bozonius | lol. go... get your coffee |
09:31.18 | debdog | by updating I meant compile one |
09:31.40 | bozonius | I've never had to build a kernel for this sort of thing before. Wow, if so. |
09:32.03 | bozonius | but forget hotplugging; that's a non-op here |
09:34.03 | bozonius | I'll come back to this in the AM after some sleep. Thanks for help, debdog. |
09:36.34 | debdog | bozonius: Jessies kernel is quite old by now. it is very likely since then the kernel advanced the hotplugging as well as VM-guest code |
09:50.14 | *** join/#devuan reetp (~john@239.red-80-59-216.staticip.rima-tde.net) |
09:52.46 | debdog | *Jessie's |
09:54.09 | *** join/#devuan fugitive_ (~fugitive@95.211.147.186) |
10:09.32 | *** join/#devuan Nefertiti (~Nefertiti@unaffiliated/nefertiti) |
10:23.28 | *** join/#devuan eliasr (uid27497@gateway/web/irccloud.com/x-emcpqvjazfkimovl) |
10:40.15 | *** join/#devuan godbed (~Wowbagger@HSI-KBW-078-042-157-153.hsi3.kabel-badenwuerttemberg.de) |
11:03.04 | *** join/#devuan fugitive_ (~fugitive@95.211.147.186) |
11:10.13 | *** join/#devuan Infiltrator (~Infiltrat@unaffiliated/infiltrator) |
11:12.39 | *** join/#devuan justinsm (~justinsm@82-69-63-196.dsl.in-addr.zen.co.uk) |
11:36.51 | *** join/#devuan debdog (~debdog@ip-37-201-6-177.hsi13.unitymediagroup.de) |
11:37.58 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
11:44.44 | *** join/#devuan freedomrun (~freedomru@unaffiliated/freedomrun) |
11:44.59 | *** join/#devuan peetaur (~peter@p200300E10BC056001E1B0DFFFE9F7A09.dip0.t-ipconnect.de) |
12:00.39 | *** join/#devuan nighty- (~nighty@s229123.ppp.asahi-net.or.jp) |
12:06.55 | *** join/#devuan ffernand (ffernand@devworker.com) |
12:09.55 | *** join/#devuan fugitive_ (~fugitive@91-150-111-168.dynamic.isp.telekom.rs) |
12:28.53 | *** join/#devuan debdog (~debdog@ip-37-201-6-177.hsi13.unitymediagroup.de) |
12:44.13 | *** join/#devuan XuR (~quassel@ip70-188-216-108.ph.ph.cox.net) |
13:08.14 | *** join/#devuan Katnija (~KittenGNU@208.209.9.46.customer.cdi.no) |
13:11.07 | *** join/#devuan konsolebox (~konsolebo@110.54.223.68) |
13:25.27 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
13:35.03 | *** join/#devuan Drugo (~Drugo@62-11-1-95.dialup.tiscali.it) |
13:40.37 | *** join/#devuan KittenNIX (~KittenGNU@208.209.9.46.customer.cdi.no) |
13:42.42 | *** join/#devuan TemporalBeing (~Ben_Meyer@72.32.180.178) |
13:44.33 | *** join/#devuan system16 (~system16@unaffiliated/system16) |
13:45.42 | system16 | who is preauth? |
13:45.55 | system16 | quit trying to connect to my server |
13:46.15 | fsmithred | did you check where the ip address is from? |
13:46.54 | system16 | no |
13:47.03 | system16 | im on it |
13:47.05 | fsmithred | whois <ip-address> |
13:48.59 | system16 | hmm two ip s |
13:49.10 | fsmithred | ? |
13:49.27 | fsmithred | two different attempts with same name and different addresses? |
13:50.03 | system16 | country cn |
13:50.19 | system16 | this isnt me |
13:50.20 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
13:50.34 | fsmithred | you're not in China? |
13:50.34 | system16 | its china |
13:50.44 | system16 | no |
13:50.45 | fsmithred | several ways to deal with this |
13:51.00 | system16 | maybe its my apt mirror? |
13:51.04 | fsmithred | 1. fail2ban or the other one whose name escapes me |
13:51.10 | fsmithred | are you near there? |
13:51.27 | system16 | kinda |
13:51.33 | fsmithred | and were you running the package manager at that time? |
13:51.37 | fsmithred | wait |
13:51.42 | fsmithred | package manager won't use ssh |
13:52.25 | system16 | idk i think djph configured my mirro |
13:52.29 | system16 | r |
13:52.32 | system16 | in asia |
13:52.53 | fsmithred | you would have had to given him a login name |
13:52.58 | fsmithred | does it match that name? |
13:53.06 | fsmithred | and was it a successful login? |
13:53.19 | system16 | no |
13:53.31 | system16 | i didnt give anyone a login name |
13:54.02 | system16 | cncgroup |
13:54.11 | fsmithred | then how did djph log in? |
13:54.29 | system16 | i gave him a account |
13:54.38 | system16 | but i deleted it afterr 5 min |
13:54.41 | fsmithred | that account had to have a login name |
13:54.44 | fsmithred | oh, ok |
13:55.28 | system16 | how can i know if that person connected to my server ? |
13:55.46 | system16 | failed attempt ? |
13:57.12 | fsmithred | it will say that they connected |
13:57.23 | system16 | where? |
13:57.31 | fsmithred | in the auth.log |
13:57.41 | system16 | last thing in that log is disconnected |
13:58.30 | fsmithred | on an ssh connection? |
13:59.02 | *** join/#devuan polocho (~polocho@89.141.233.231.dyn.user.ono.com) |
13:59.02 | system16 | in less/var/log/auth.log |
13:59.18 | fsmithred | yeah, but that logs all kinds of auths |
13:59.25 | fsmithred | if you su to root it gets logged |
13:59.34 | fsmithred | if you connect by ssh it gets logged |
13:59.38 | fsmithred | etcetera |
13:59.47 | fsmithred | read the whole line and it will tell you |
13:59.52 | system16 | i mean is this a person trying to steal my data? |
14:01.59 | fsmithred | Accepted password for user from 192.168.1... |
14:02.05 | fsmithred | that's a normal login |
14:02.26 | fsmithred | in your case, the ip address was from china instead of from across the room (my case) |
14:02.40 | fsmithred | and the login name is really "user" |
14:02.40 | system16 | preauth is me? |
14:02.58 | fsmithred | not sure what that means |
14:03.04 | fsmithred | it's not a user name |
14:03.41 | system16 | should i e-mail him ? |
14:03.48 | fsmithred | fuck, no! |
14:04.01 | system16 | y? |
14:04.12 | fsmithred | if they only tried one user name, it was probably a mistake |
14:04.28 | fsmithred | if they tried a bunch of different names, they were trying to hack you. |
14:04.36 | system16 | once ? |
14:04.41 | fsmithred | in neither case do you need to contact them |
14:04.50 | fsmithred | what are you asking? |
14:04.50 | system16 | 4 disconnected messages from preauth |
14:05.04 | fsmithred | did they succeed in loggin in? |
14:05.08 | system16 | idk |
14:05.13 | fsmithred | read the log |
14:05.16 | system16 | thats my question |
14:05.26 | fsmithred | "Accepted password" |
14:05.44 | fsmithred | "session opened for..." |
14:06.00 | fsmithred | and they would have used a valid user name |
14:06.11 | system16 | in auth.log? |
14:06.12 | fsmithred | and account on your computer that really exists |
14:06.14 | fsmithred | yes |
14:06.41 | fsmithred | less /var/log/auth.log |
14:07.04 | fsmithred | and then /ssh to search |
14:07.06 | system16 | ok |
14:07.39 | fsmithred | also, not related... Doc said we should have told you about two things... |
14:07.58 | system16 | ? |
14:08.00 | fsmithred | TAB will auto-complete what you're typing in a terminal |
14:08.29 | fsmithred | and if it stops before completing to the end, hit TAB again and it will show you what possible matches exist |
14:08.50 | fsmithred | then you type another letter or two (whatever makes it unique) and TAB again to complete it |
14:09.08 | fsmithred | other thing was the most important command to know... |
14:09.10 | fsmithred | man |
14:09.16 | fsmithred | man <command> |
14:09.29 | fsmithred | to see the manual for <command> that you want to know about |
14:11.21 | fsmithred | back in five minutes. Look for what i said to look for in the log. |
14:13.53 | *** join/#devuan menip (~menip@c-73-53-122-132.hsd1.wa.comcast.net) |
14:17.29 | system16 | lots of people tried connecting to my server....ukrain... |
14:18.23 | system16 | i think he/she failed |
14:19.53 | system16 | failed password from ...... |
14:20.16 | fsmithred | correct |
14:20.38 | system16 | u want the ip? |
14:20.40 | fsmithred | did they try three times? |
14:20.47 | system16 | too many |
14:21.00 | fsmithred | did they try different names? |
14:21.40 | system16 | it says disconnecting from the.ip. |
14:21.51 | system16 | because too many invalid passwords |
14:22.08 | system16 | one is from china the other one is from ukrain |
14:22.23 | fsmithred | ok, so two people tried to get in |
14:22.32 | fsmithred | but each only tried one username? |
14:22.55 | fsmithred | or is there a whole series of attempts from each ip? |
14:23.10 | fsmithred | attemps using different usernames, I mean |
14:23.35 | system16 | <PROTECTED> |
14:23.51 | djph | automated bots trying to break in. Happens with a server on the internet |
14:23.54 | fsmithred | with different usernames each time? |
14:24.45 | system16 | ok i am turning my server off |
14:24.50 | system16 | it happened last night |
14:24.54 | system16 | when i was asleep |
14:25.02 | fsmithred | yeah, it'll probably happen almost every day |
14:25.21 | fsmithred | install either fail2ban or denyhosts |
14:25.40 | fsmithred | that will block anyone who tries too many times |
14:25.45 | djph | ^ that |
14:26.00 | system16 | why r they trying to access my server?? |
14:26.02 | djph | maybe swap over to key-based auth |
14:26.03 | fsmithred | other thing you can do is change the ssh port in the router |
14:26.06 | system16 | i am a normal user |
14:26.08 | djph | because it's on the internet |
14:26.17 | fsmithred | system16, they are criminal hackers - it's their job to break in |
14:26.35 | system16 | am i in danfer? |
14:26.35 | djph | or script kiddies thinking they're good |
14:26.41 | system16 | danger* |
14:26.48 | fsmithred | not a lot of danger, no |
14:26.57 | fsmithred | they're going for the easy targets |
14:27.13 | fsmithred | so don't make it easy |
14:27.19 | djph | long as you have a decent password (or better yet, use key auth), you're not "an easy target" |
14:27.44 | system16 | 11 character password |
14:28.02 | fsmithred | if you're not a bank or big corp that they specifically want to get into, they're not going to spend more than a few seconds trying. |
14:28.21 | system16 | how to activate anti a$$holes thing ? |
14:28.24 | fsmithred | 11 is still good |
14:28.28 | djph | 11 is okay |
14:28.40 | fsmithred | install fail2ban or denyhosts and read how to configure |
14:28.47 | djph | ^that |
14:28.58 | system16 | apt-get install free2ban? |
14:29.06 | fsmithred | fail not free |
14:29.18 | system16 | :) |
14:29.29 | *** join/#devuan IoFran (~Thunderbi@189.231.38.189) |
14:30.17 | fsmithred | looks like fail2ban requires a running firewall |
14:30.36 | fsmithred | denyhosts does not, but it warns that it doesn't do ipv6 |
14:30.37 | system16 | cncgroup |
14:30.47 | fsmithred | what's that? |
14:30.52 | system16 | i am on ipv4 |
14:31.06 | system16 | https://krebsonsecurity.com/tag/china169-bj-cncgroup/ |
14:31.15 | fsmithred | denyhosts will put the bad ip address in /etc/hosts.deny |
14:31.36 | system16 | shit |
14:31.56 | system16 | i am under attack by cncgroup attackers |
14:32.09 | system16 | i was* |
14:32.35 | fsmithred | I have to go |
14:32.47 | system16 | ok |
14:32.55 | system16 | djph i am worried |
14:33.01 | *** join/#devuan aitor (~aitor@218.red-88-11-76.dynamicip.rima-tde.net) |
14:33.05 | fsmithred | no time to read the article, but check to see if they got in through ssh. They probably found another way in. |
14:33.10 | system16 | all my personal things r in my server |
14:33.21 | fsmithred | bbl |
14:33.41 | djph | you were under attack by an automated bot that scans everything. Prior to opening the port on your router, it was the router that was getting hit. |
14:33.58 | system16 | so i am safe? |
14:34.38 | djph | system16: "safe(tm)". Have a good password, don't use "standard" usernames (root, test, user, etc.), have a decent password (11 chars from what you said) ... |
14:34.50 | system16 | test111 |
14:34.53 | djph | ... oops ... said the password bit twice |
14:35.08 | system16 | its not my password |
14:35.25 | djph | maybe kill "test111" and come up with a more unique username. |
14:35.37 | system16 | whats the command for that? |
14:35.41 | djph | maybe move to key-based authentication, and deny password-based auth |
14:35.54 | djph | as root --> adduser newusername |
14:36.06 | system16 | adduser? |
14:36.11 | djph | (where "newusername" is the username you want to add) |
14:36.20 | system16 | all my files r in test111 |
14:36.35 | system16 | idk how to cut them to my new user |
14:36.47 | system16 | u know cut in windows |
14:36.55 | djph | as root, mv /home/test111 /home/newuser |
14:37.21 | djph | then chown -R newuser:newuser /home/newuser |
14:37.33 | system16 | <PROTECTED> |
14:37.40 | system16 | i cant use file zilla? |
14:37.48 | djph | why bother? |
14:38.01 | djph | you have direct access to the box, you can jsut do everything right on there |
14:38.05 | system16 | chown ? |
14:38.16 | system16 | but i have to wait |
14:38.26 | aitor | hi |
14:38.44 | djph | chown => CHange OWNer |
14:38.47 | djph | hey aitor |
14:39.10 | aitor | hey |
14:39.14 | system16 | i said to my friends to access my server and copy-paste a file (they r not from those contries.... |
14:39.29 | djph | so if you move everything from /home/testuser to /home/newuser ... it'll all still be owned by "testuser". You have to change the owner to "newuser" for that |
14:39.50 | system16 | ok |
14:40.03 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
14:40.48 | *** join/#devuan bill-auger (~quassel@75-138-187-221.dhcp.oxfr.ma.charter.com) |
14:42.08 | system16 | oh |
14:42.52 | system16 | recived a disconnect from 185.165.29.157: 11: bye bye [preauh] |
14:43.43 | system16 | auth* |
14:45.03 | *** join/#devuan mn3monic (~xxwa@unaffiliated/mn3monic) |
14:45.06 | bozonius | my anacron jobs have not been run in a week. Somehow it must have become disabled. How to re-enable it? |
14:45.37 | djph | system16: means that someone from 185.x.x.x tried connecting, then hung up |
14:45.42 | *** join/#devuan PnUic (~androirc@91.252.62.65) |
14:46.06 | system16 | so they didnt connect sucsessfully? |
14:46.09 | djph | no |
14:46.30 | system16 | i have their address |
14:46.34 | djph | the only way for someone to connect successfully to your system is (1) they have the right username, and (2) they have the right password |
14:46.45 | djph | so? |
14:46.47 | system16 | whois their.ip |
14:46.53 | djph | so |
14:46.54 | djph | ? |
14:47.00 | system16 | report to police? |
14:47.01 | djph | no |
14:47.19 | system16 | for trying to break in? |
14:47.28 | djph | no |
14:47.31 | djph | you're overreacting |
14:48.07 | djph | do you call the cops every time someone knocks on your front door / rings your doorbell? |
14:48.37 | system16 | yes if they use force like 4 years ago |
14:48.37 | Lydia_K | There are lots of bots/scripts out there that try to log into any machine they can find with predictable username/password combinations. |
14:48.55 | djph | "using force" is not "knocked on your front door" |
14:48.56 | system16 | somebody tried to break in 4 years ago |
14:49.52 | djph | I'm talkin' about people like girl scouts / boy scouts / church groups / salesmen / etc. who you don't know and who come knocking trying to sell you stuff / get you involved in the community / whatever. |
14:50.14 | system16 | and i dont want that in online world....again |
14:50.35 | system16 | so its not a bot related to me? |
14:50.50 | system16 | like ssh bot trying to help me? |
14:51.56 | system16 | service bot? i am asking this because the word auth is used in auth.log too |
14:52.00 | djph | it's just a bot scanning the ports, and knocking. that's it. it's not "immediately" someone trying to break in (same as say girl scouts) ... |
14:52.30 | djph | the only log that tracks that is "auth.log" you're reading too much into filenames / words in the logs |
14:53.10 | system16 | so its not friendly ? (not a service bot?) |
14:53.29 | DocScrutinizer05 | system16: trying to connect is perfectly legal and a usual recurring thing to happen whever you are in internet |
14:53.41 | system16 | whats their goal ? scare people ? |
14:54.00 | djph | it's no different that if you put a notebook on a table next to your front door, and called it "auth.log". Then wrote in it "girl scout - didn't let in. bought cookies" / "girlfriend - let in" / "crazy cat lady - didn't let in" / "brother - let in" / [...] |
14:54.05 | system16 | just making sure my private data remains private <DocScrutinizer05> |
14:54.07 | DocScrutinizer05 | ghaha, no, they don't expect to scare anybody with that, they don't know you are |
14:54.18 | *** join/#devuan telst4r (~telstar@a91-153-137-214.elisa-laajakaista.fi) |
14:54.18 | *** join/#devuan telst4r (~telstar@fsf/member/telst4r) |
14:55.07 | djph | system16: the idea of the internet is that it's "public" -- same as your front door. |
14:55.20 | djph | system16: anyone who feels like it can walk up and knock |
14:55.38 | system16 | but +4 times ? |
14:56.23 | system16 | oh and i see bunch of people trying to be a root>....interesting |
14:56.26 | DocScrutinizer05 | there WILL be brute force attempts to break in, you better ignore them to stay with sane mind. Just make sure you sue a good password and a unique user name (NOT "root", "admin", "test", "mysql", whatever, there's a long list of user names you should NOT allow login from outside) |
14:56.47 | djph | 'root' is a common username. |
14:56.55 | djph | it's one that everyone tries with ssh |
14:57.01 | system16 | ps4-967? |
14:57.07 | DocScrutinizer05 | yes, and you regularly do NOT allow ssh login for root |
14:57.10 | djph | same as say "anonymous" for a FTP server |
14:57.15 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
14:57.28 | DocScrutinizer05 | actually that's a default setting for sshd |
14:57.34 | system16 | is there any GUI way to detect this kind of things? |
14:57.40 | DocScrutinizer05 | norootlogin=yes, or somesuch |
14:57.59 | system16 | i cant deny or allow things |
14:58.09 | DocScrutinizer05 | o,O |
14:58.39 | DocScrutinizer05 | see what Lydia_K said |
14:58.47 | system16 | if the password matches they will connect if not they wont |
14:59.09 | djph | DocScrutinizer05: default for sshd is "AllowRootLogin = without-password" (i.e. with SSH Keys ONLY) |
14:59.38 | DocScrutinizer05 | no, you can deny accounts to log in at all, or just restrict login to certain access methods, excluding for example ssh login |
14:59.51 | system16 | and how? |
15:01.06 | DocScrutinizer05 | I set all my servers to not allow password login at all, only ssh-key. I move prot from 22 to some upper portrange like 21212, and I disallow root login generally |
15:01.18 | djph | near all accounts are blocked by default (they're "non-login" accounts). The exceptions being root, and user accounts that you create. However, root is denied ssh logins |
15:01.59 | DocScrutinizer05 | s/prot/port/ |
15:02.29 | djph | changing the default ports really doesn't do much though - I mean, sure it'll stop the most basic of scripts; but these days, determined types hit everything :/ |
15:02.36 | DocScrutinizer05 | it does |
15:02.55 | DocScrutinizer05 | reduces spam from skiddies briteforcing my servers by 99% |
15:03.03 | system16 | djph i am confused it says sftp not ssh |
15:03.19 | DocScrutinizer05 | I love clean syslogs |
15:03.26 | djph | SFTP is "ftp over ssh" -- close enough |
15:03.37 | system16 | so its not ssh |
15:03.42 | djph | DocScrutinizer05: I just block all of asia, did the same thing |
15:03.44 | DocScrutinizer05 | it basically is |
15:03.52 | DocScrutinizer05 | hehe nice |
15:03.57 | djph | system16: it's a ssh tunnel wrapping ftp ... it's the same thing |
15:04.24 | system16 | transfer file protocol? |
15:04.31 | DocScrutinizer05 | man sftp |
15:04.36 | djph | is too lazy to mess with standard ports -- 21,22,25,80,443, etc... |
15:05.11 | DocScrutinizer05 | if I open those, then only to place honeypots in there ;-) |
15:05.18 | djph | sftp --> ssh file transfer protocol (IIRC -- might be "secure file transfer protocol", as with ssh => "secure shell" / scp => "secure copy"_ |
15:05.20 | system16 | oh and my friends said i need to pay for a static ip is this true? |
15:05.28 | DocScrutinizer05 | yes |
15:05.37 | djph | system16: no. just use a service like no-ip / dyndns |
15:05.40 | DocScrutinizer05 | google dyndns though |
15:05.49 | system16 | ok i have to go bye |
15:05.58 | DocScrutinizer05 | system16: check man |
15:06.04 | DocScrutinizer05 | the command |
15:06.21 | DocScrutinizer05 | and check what happens when you press TAB key, twice |
15:06.50 | DocScrutinizer05 | the two best features of linux |
15:07.12 | DocScrutinizer05 | ma<TAB> |
15:07.17 | *** join/#devuan g4570n (~g4570n@host2.190-228-106.telecom.net.ar) |
15:07.21 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-41-232.clienti.tiscali.it) |
15:07.32 | DocScrutinizer05 | man sf<TAB> |
15:07.34 | telst4r | man man |
15:07.36 | DocScrutinizer05 | <TAB> |
15:08.26 | DocScrutinizer05 | yeah, start with `man man` |
15:08.29 | AntoFox | o/ |
15:11.46 | aitor | \o |
15:12.07 | DocScrutinizer05 | system16: you asked "how did you learn about all those commands?" - I did by reading manpages (man man ...) for days and weeks |
15:13.27 | DocScrutinizer05 | (well, actually that's not exactly correct. Back when I got me *books* with all the manpages in them) |
15:15.25 | telst4r | books were nice. and then there came the internet. But basically, reading a lot of stuff and trying a lot of stuff. |
15:19.29 | Lydia_K | system16: Playing around with things, breaking stuff, talking to people, trying new things, those are the best way to learn all this. You'll be surprised how quickly it becomes second nature. |
15:19.33 | DocScrutinizer05 | first I had those 3 or 4 red paperback books with all the manpages in them, from university. Much later (several years) I got me the awesome book box with the official NeXTstep docs |
15:19.33 | Lydia_K | Oh, he's gone. |
15:19.34 | *** join/#devuan leafwiz (~leafwiz@204.51-174-97.customer.lyse.net) |
15:21.38 | DocScrutinizer05 | then shortly after that (some 3 years or somesuch) linux emerged and dwarfed minix etc |
15:22.39 | DocScrutinizer05 | finally it was possible to run a 'true unix' on your home computer |
15:25.54 | *** join/#devuan debdog (~debdog@ip-37-201-6-177.hsi13.unitymediagroup.de) |
15:27.13 | *** join/#devuan Kruppt (~Kruppt@104.169.28.12) |
15:34.23 | telst4r | that's quite heavy. I was on the platform of the 90's that time. OS/2. |
15:37.20 | *** join/#devuan noordinaryspider (~noordinar@134.19.187.45) |
15:38.48 | *** join/#devuan IoFran (~Thunderbi@189.231.38.189) |
15:40.03 | *** join/#devuan fugitive (~fugitive@91-150-111-168.dynamic.isp.telekom.rs) |
15:53.42 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
16:12.41 | *** join/#devuan noordinaryspider (~noordinar@41.185.17.106) |
16:19.27 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
16:24.33 | DocScrutinizer05 | my primary OS of that time: Amiga Workbench |
16:25.55 | DocScrutinizer05 | IBM PC only in case of emergency, and then in emulator |
16:26.09 | telst4r | Ooh :) |
16:26.13 | telst4r | respect. |
16:28.06 | *** join/#devuan KittenNIX (~KittenGNU@208.209.9.46.customer.cdi.no) |
16:30.49 | *** join/#devuan system16 (~system16@unaffiliated/system16) |
16:30.58 | system16 | ok im back |
16:31.16 | system16 | what happenes when they gain access to my server ? |
16:31.58 | system16 | steal data or just some kids saying :i hacked ur server i am goo in pc... |
16:32.16 | Lydia_K | 98% chance it'll be used to send spam mail. |
16:32.20 | Lydia_K | spam mail = money |
16:32.50 | Lydia_K | But if you have a strong password you'll be fine. |
16:32.53 | system16 | huh that bot/ guy tried again at 17:00 |
16:33.23 | Lydia_K | Almost certainly a bot, no human does that manually. |
16:33.23 | system16 | recived disconnect means he/it didnt enter the correct password ? |
16:33.36 | Lydia_K | If you want to feel safer take a look at this: http://denyhosts.sourceforge.net/ |
16:34.06 | system16 | ip changes but port stays at 11 interesting... |
16:34.56 | system16 | i prefer downloading it using apt can u say the command? |
16:35.23 | system16 | i am using devuan with no gui |
16:36.52 | system16 | lydia_k its 9 years old u sure about this program/ |
16:38.26 | Lydia_K | denyhosts is just a simple script to watch your ssh logs and block IPs based on failed logins and such. It's not needed to change in a very long time. |
16:38.40 | Lydia_K | I'm sure there are others that do the same thing |
16:38.49 | Lydia_K | feel free to look around and pick one you like :) |
16:40.06 | Lydia_K | BRB, lunch! |
16:42.23 | unixman | system16, Lydia_K, here is one I have been considering - http://www.digitalmages.com/projects/autofwd/ |
16:43.51 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
16:44.29 | system16 | hey one of them is a hosting company .... they r trying to send me ads? |
16:45.15 | djph | no, you're just checking an IP address part of a larger range that happens to be owned by a hosting company |
16:45.23 | jonadab | Lydia_K: So like fail2ban, basically. |
16:45.31 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
16:47.27 | system16 | its downloading |
16:47.32 | system16 | fail3safe |
16:47.50 | system16 | fail2ban* |
16:47.56 | system16 | done |
16:48.16 | system16 | no confi required? it works out of the box? |
16:50.10 | system16 | config* |
16:52.31 | *** join/#devuan Pali (~pali@Maemo/community/contributor/Pali) |
16:53.49 | fsmithred | man fail2ban |
16:54.59 | DocScrutinizer05 | man fai<TAB> ;-) |
16:55.16 | DocScrutinizer05 | and worst case: apropos fail2ban |
16:55.22 | fsmithred | yes |
16:55.31 | system16 | i guess no configuring is not required |
16:55.39 | DocScrutinizer05 | usually not |
16:55.48 | fsmithred | reallt? |
16:55.50 | system16 | sorry this keyboard has some problems |
16:56.12 | DocScrutinizer05 | well, not much |
16:56.38 | system16 | virtual servers ? thats not good |
16:56.46 | DocScrutinizer05 | huh? |
16:56.53 | system16 | actual server is better |
16:57.12 | system16 | almashosting.com <<it was in whois |
16:59.08 | *** join/#devuan litefem1 (~fag86693@ip-89-103-237-191.net.upcbroadband.cz) |
16:59.53 | DocScrutinizer05 | you are on a sure road to insanity, trying to find out about _who_ tested your server |
17:00.32 | DocScrutinizer05 | there are even university projects mass scanning the internet to estimate how many vulnerable machines are out there |
17:01.27 | DocScrutinizer05 | make sure your server is secure, forget about the "attacks" |
17:01.32 | system16 | ok |
17:01.59 | DocScrutinizer05 | fail2ban-client status |
17:03.19 | telst4r | you should take a look on fail2ban's configs. Like, how many failed login tries will result in how long bantime and so. |
17:04.31 | system16 | number of jail 1 |
17:07.18 | DocScrutinizer05 | so one rule/jail is active in your fail2ban |
17:08.00 | system16 | jail list :ssh |
17:11.42 | *** join/#devuan peetaur (~peter@p200300E10BC056001E1B0DFFFE9F7A09.dip0.t-ipconnect.de) |
17:12.16 | *** join/#devuan eracc_lappy (~Captalist@unaffiliated/eracc) |
17:23.16 | system16 | djph can u try connecting to my server again? |
17:23.37 | *** join/#devuan JotaMG (~chatozill@5.109.249.5.rev.vodafone.pt) |
17:24.22 | djph | if you want ... pm me the IP again |
17:32.33 | system16 | djph..the app broke something' |
17:33.09 | system16 | but i can connect with ipv4 using filezilla |
17:39.40 | *** join/#devuan Katnija (~KittenGNU@208.209.9.46.customer.cdi.no) |
17:47.59 | *** join/#devuan xes (~xes@unaffiliated/xes) |
17:53.08 | *** join/#devuan jathan (~jathan@fixed-187-190-159-133.totalplay.net) |
18:01.12 | *** join/#devuan bozonius (~bozonius@c-73-90-84-55.hsd1.ca.comcast.net) |
18:01.17 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-41-232.clienti.tiscali.it) |
18:03.40 | *** join/#devuan Ltem (~ltem@h081217057026.dyn.cm.kabsi.at) |
18:03.48 | *** join/#devuan debdog (~debdog@2a02:8070:4182:a200:7a24:afff:fe8a:d04d) |
18:05.51 | *** join/#devuan jathan (~jathan@fixed-187-190-159-133.totalplay.net) |
18:11.20 | *** join/#devuan Kruppt (~Kruppt@104.169.28.12) |
18:16.51 | *** join/#devuan atrapado_ (~atrapado@unaffiliated/atrapado) |
18:31.51 | *** join/#devuan Akuli (~Akuli@mobile-access-5d6a95-83.dhcp.inet.fi) |
18:43.20 | DocScrutinizer05 | can connect when using correct IP addr |
18:45.00 | DocScrutinizer05 | the app broke nothing |
18:48.27 | DocScrutinizer05 | wasted 90 min to find out there's actually a thing like ephemeral IP addresses |
18:53.50 | DocScrutinizer05 | http://wstaw.org/m/2017/08/28/plasma-desktopYg2395.png |
18:54.29 | system16 | sorry for wasting 90 min of ur life |
19:03.26 | DocScrutinizer05 | https://www.noip.com/free |
19:03.59 | bozonius | why does devuan supply virtualbox guest additions rather than having the user build them from the CD, as I do for most other distros? |
19:04.27 | bozonius | (strangely, it actually eliminates a bug, but I don't get why; I'm using the latest GA CD image!) |
19:04.48 | bozonius | does devuan make any changes to the source of the GA's? Just curious |
19:05.51 | DocScrutinizer05 | no changes afaik |
19:06.11 | *** join/#devuan pillepalle (~Thunderbi@5.146.73.225) |
19:06.46 | bozonius | Thanks, doc. Interesting, the version I built manually from the CD was generating a bug -- it was trying to access Host Time clock, even though I had disabled this for my Devuan VM! |
19:07.20 | bozonius | for some reason, the same source that was used to build both versions (CD-built and Devuan-built) seem to produce different results! |
19:11.33 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-41-232.clienti.tiscali.it) |
19:13.12 | bozonius | Hmmm... I wonder if merely building the GAs causes this difference -- maybe the build looks at whether the HostTime feature is enabled or not and builds the GAs accordingly. |
19:13.41 | bozonius | If the GAs are built by the apt-get mechanism, which I think they are, then this would make sense. |
19:31.00 | *** join/#devuan mf (~yaaic@p200300C613C93D0098C9B4719D6739F3.dip0.t-ipconnect.de) |
19:41.29 | DocScrutinizer05 | bozonius: this sounds like a worthwhile subject to investigate further. I have no clue about the topic but I think devuan should provide 'the right thing' or not provide it at all. Could you please share any further findings? |
19:41.52 | bozonius | sure. |
19:42.55 | bozonius | Right now, I'm stress-testing my Devuan VM to see if it freezes again. But it was freezing after only a few minutes, maybe up to 20 or so, but it has now been running almost 2 hours since the last boot without a freeze... |
19:44.04 | bozonius | Mainly, I'm just wondering why devuan supplies the GAs -- convenience? Or maybe they figure people will struggle figuring out which packages and headers they need |
19:44.35 | DocScrutinizer05 | no idea, it's maybe just a side effect of how amprolla works |
19:44.41 | DocScrutinizer05 | ~pkhs |
19:44.49 | DocScrutinizer05 | !pkgs |
19:44.56 | DocScrutinizer05 | damn |
19:45.02 | DocScrutinizer05 | !packages |
19:45.10 | DocScrutinizer05 | !ping |
19:45.10 | infobot | 1 packet transmitted, 1 packet received, 0.0% packet loss |
19:45.25 | DocScrutinizer05 | :-S |
19:47.02 | DocScrutinizer05 | !pkgs |
19:47.02 | infobot | #devuan packagelist is, like, on our gitlab's group https://git.devuan.org/groups/devuan-packages |
19:47.29 | *** join/#devuan pillepalle (~Thunderbi@5.146.73.225) |
19:48.10 | DocScrutinizer05 | can't find guest additions in devuan specific packages |
19:48.46 | DocScrutinizer05 | so be mere logic it must be a package drawn from debian |
19:51.52 | bozonius | contrib |
19:52.23 | bozonius | have to add contrib to the source list then update |
20:03.32 | *** join/#devuan konsolebox (~konsolebo@112.198.118.187) |
20:03.52 | bozonius | oh, you mean ones not ported from debian, got it now |
20:07.03 | DocScrutinizer05 | yes, a package genuinely built on, and drawn in binary form from debian |
20:10.52 | bozonius | ah, so whatever is going on would be in debian's bailiwick |
20:13.24 | DocScrutinizer05 | yep |
20:13.53 | DocScrutinizer05 | however if that's "wrong" then devuan can correct it |
20:16.34 | DocScrutinizer05 | or whoever wants to could open a ticket against guest additions in debian |
20:17.15 | bozonius | so I could ask over at #debian |
20:18.08 | DocScrutinizer05 | of course you should pull the package from genuine debian and test in a debian environment/system before you expose yourself to hate from debian devels |
20:18.23 | bozonius | but it does appear that the GAs are built when the package is installed |
20:18.32 | bozonius | (yeah I was thinking that also) |
20:18.34 | bozonius | :D |
20:18.43 | DocScrutinizer05 | oooh, that's very special then |
20:19.05 | DocScrutinizer05 | onviously the build environment is devuan and not debian then |
20:19.35 | DocScrutinizer05 | so yes, this *might* be a bug against devuan indeed |
20:19.39 | bozonius | the GA's have to be built against the environment they will run in |
20:19.42 | bozonius | maybe |
20:19.46 | bozonius | or maybe not a bug at all |
20:20.09 | bozonius | I changed the "hardware" environment |
20:20.12 | DocScrutinizer05 | when it blows chunks it is a bug :-D |
20:20.33 | bozonius | so the package build will pick up the specific params of my "HW" environment |
20:20.45 | bozonius | well, that's true |
20:20.51 | bozonius | it really did blow chunks |
20:21.04 | DocScrutinizer05 | when the package drawn from debian expects a build environment that's not available on devuan, then devuan needs to fix that package |
20:22.14 | bozonius | well now wait... |
20:22.59 | bozonius | I originally built the GA's from the CD, and things were honky-dory as far as the GA's and happiness in the Devuan environment |
20:23.01 | bozonius | THEN |
20:23.33 | bozonius | I changed the Vbox virtual hardware/drivers to not use the Host Clock |
20:23.43 | bozonius | but did not rebuild the CD sources |
20:24.04 | DocScrutinizer05 | hmm, hist clock smells like systemd dependency |
20:24.11 | DocScrutinizer05 | host* |
20:24.42 | bozonius | nor did the GAs ever get rebuilt upon reboot |
20:25.08 | DocScrutinizer05 | considering how systemd has his grubby fingers in about everything related to time keeping |
20:25.19 | bozonius | nor did I even reboot for some time after changing the vbox env |
20:26.41 | DocScrutinizer05 | then OTOH I'd guess guest extensions are more about host than about guest system, no? |
20:26.50 | bozonius | so without dkms support, I was running the GAs after the reboot that were built against a different env (clock) |
20:27.01 | bozonius | it's both actually |
20:27.05 | bozonius | but you are right |
20:27.55 | bozonius | the host env can have some impact, but the guests are largely insulated. My hosting platform is CentOS 6 (systemd does not arrive until C7) |
20:28.12 | bozonius | and, of course, Devuan has none of that silliness. |
20:28.52 | bozonius | This is a sorta-kinda operator error in a way... |
20:29.14 | DocScrutinizer05 | so you're running GAs that are built for both host and guest with systemd, and still neither has systemd in your setup? :-> |
20:29.15 | bozonius | Sadly, the CD source build does not demand that you install DKMS. |
20:29.28 | bozonius | eh, no |
20:29.44 | bozonius | GAs are built for the guest |
20:30.15 | DocScrutinizer05 | toldya I have no damn clue about that stuff :-) |
20:30.15 | bozonius | no changes are made for the host, though the way the GAs interact with the host certainly could be impacted |
20:30.19 | bozonius | np |
20:30.23 | bozonius | I think I do. |
20:30.29 | bozonius | I've been using Vbox for years now |
20:30.36 | bozonius | since about V3 or so |
20:30.53 | bozonius | and I'd experimented with earlier versions before that, but not seriously |
20:31.27 | bozonius | just fyi, Doc, there are other distros that provide the GAs in packaged form. 2 I know of are Mageia and Alpine |
20:32.05 | bozonius | Alpine because its MUSL C, not GNU C, and some changes are necessary to accomodate the MUSL lib env |
20:32.27 | bozonius | for Mageia, I forget now, but a user there explained it to me once. |
20:32.37 | DocScrutinizer05 | I recall last time I downloaded them via a menu entry inside VB |
20:32.40 | bozonius | right |
20:32.46 | bozonius | that's what I mean by the CD build |
20:33.16 | bozonius | it's not a download per se, but actually the build of the GAs from that CD image |
20:33.32 | DocScrutinizer05 | aaah right, rings a bell |
20:33.39 | bozonius | you have to make sure you have the headers and dev libs for your kernel |
20:33.54 | bozonius | (I can hear the "ding" from here, Doc) |
20:34.04 | bozonius | sounds like you've done it a time or so |
20:34.41 | bozonius | BUT |
20:34.53 | bozonius | Here's how I got bitten by all this in the case at hand |
20:35.28 | DocScrutinizer05 | starts the recording |
20:35.33 | bozonius | Because I did not have DKMS installed (the CD build does not require it), when I rebooted after changing the VM's environment |
20:36.41 | bozonius | I was then running mis-matched GAs for the now-changed environment. Or maybe even before the reboot b/c actually you can change those particular params on the fly |
20:37.06 | bozonius | disabling Use Host Clock and Use TSC Timer |
20:37.15 | DocScrutinizer05 | help me out, what's DKMS? |
20:37.18 | bozonius | I think this covers my "bug" |
20:37.25 | bozonius | Oh. OK. |
20:37.39 | bozonius | Dynamic Kernel Make System (I think) |
20:37.52 | DocScrutinizer05 | o.O |
20:38.04 | bozonius | each time you boot, DKMS checks for any loadable kernel mods that need to be rebuilt |
20:38.24 | DocScrutinizer05 | yikes |
20:38.25 | bozonius | such as after a kernel upgrade, but possibly for other reasons |
20:38.29 | bozonius | ? |
20:38.36 | bozonius | no, it's really a great feature |
20:38.45 | bozonius | without it, you could get bitten like I just did |
20:38.58 | DocScrutinizer05 | hmm, sounds like prone to outsmart itself |
20:39.20 | bozonius | go on... ? |
20:39.20 | *** join/#devuan pillepalle (~Thunderbi@5.146.73.225) |
20:39.41 | DocScrutinizer05 | I prefer to explicitly update my kernels and lernel modules |
20:39.44 | bozonius | I will remove it from all my domains, real and virtual, if you can tell me how |
20:39.54 | bozonius | sure |
20:39.55 | bozonius | but |
20:40.13 | bozonius | Doc, what if you update the kernel but forget to update the modules? |
20:40.21 | DocScrutinizer05 | I also guess rkhunter will not be amused |
20:40.45 | bozonius | Or what if you unintentionally update the kernel on a general update (gets pulled along with other updates) |
20:40.52 | DocScrutinizer05 | when I update kernel but forget the modules, I hope somebody will shoot me ;-) |
20:40.59 | bozonius | I think rkhunter tolerates it somehow |
20:41.14 | bozonius | Has anyone shot you so far? |
20:41.15 | bozonius | No. |
20:41.21 | bozonius | So that's why DKMS is there |
20:41.28 | bozonius | to spare you that pain! |
20:41.46 | DocScrutinizer05 | sounds like ... systemd rationale |
20:41.50 | bozonius | I don't mean to sound like the DKMS fanboy |
20:42.05 | bozonius | I knew this was going to happen... |
20:42.22 | *** join/#devuan rick8024 (~andreas@p5B0A1F21.dip0.t-ipconnect.de) |
20:42.27 | bozonius | LOL |
20:42.33 | DocScrutinizer05 | "don't worry if you don't understand it, we take care for you anyway so you don't need to understand how it works" |
20:42.48 | bozonius | Makefiles? |
20:42.56 | DocScrutinizer05 | updates |
20:43.11 | bozonius | Unless you study them in great depth, you don't always know every last thing they do |
20:43.23 | bozonius | that's all DKMS is doing really |
20:43.38 | bozonius | no hand-waving or anything, AFAIK |
20:43.47 | DocScrutinizer05 | I know I need a consistent set of kernel plus modules, and when I mess up, I keep a fallback jernel to boot from |
20:44.21 | bozonius | DKMS is just a kind of makefile tool, that's all. |
20:44.38 | DocScrutinizer05 | though honestly I never seen a kernel update coming without the modules, ever |
20:45.16 | DocScrutinizer05 | since the maintainers also know they are one package |
20:45.24 | bozonius | good point, but at least in the case of the vbox GA's, they can't come with the kernel update |
20:45.43 | bozonius | for one thing, they can (and usually do) change more frequently than kernel updates |
20:46.12 | bozonius | unless you think the kernel devs and packagers need more work to do |
20:46.18 | bozonius | bbs |
20:46.22 | bozonius | (food) |
20:46.44 | fsmithred | just got back, and I don't have time to read the whole scrollback, but my understanding is that the virtualbox in repo is completely FOSS and the one from oracle is not. |
20:50.36 | *** join/#devuan matlock (~matlock@user-24-214-145-29.knology.net) |
20:53.15 | DocScrutinizer05 | fsmithred: read from ``[2017-08-28 Mon 22:35:27] * DocScrutinizer05 starts the recording´´ to ``[2017-08-28 Mon 22:38:46] <bozonius> without it, you could get bitten like I just did´´ |
20:57.44 | *** join/#devuan matlock (~matlock@user-24-214-145-29.knology.net) |
21:00.34 | fsmithred | some stuff doesn't work if you don't have dkms. I think vbox is one of them. |
21:01.36 | DocScrutinizer05 | possible. So I'd suggest vbox depends on them and invokes them explicitly when needed. I strictly do not want any automatism updating my kernel modules of my productive systems without my consent |
21:02.28 | fsmithred | I've only ever noticed it when installing something |
21:02.31 | *** join/#devuan tarbz2 (~Thunderbi@181.44.164.227) |
21:04.47 | DocScrutinizer05 | tbh I can't even figure how compiling kernel modules on the fly **during boot** could possibly work |
21:05.08 | DocScrutinizer05 | during install, sure. |
21:05.14 | FrostyBytes | why not? there was even a project to compile the entire kernel at boot |
21:05.26 | DocScrutinizer05 | headdesks |
21:05.36 | FrostyBytes | using a compiler much faster than gcc of course |
21:12.33 | fsmithred | one could boast about 45-minute boot times? |
21:13.17 | fsmithred | why do that? Is a fresh compile any different from one that was done last week? |
21:33.15 | *** join/#devuan Mr_Pan (~Mr_Pan@unaffiliated/mr-pan/x-4457432) |
21:36.48 | *** join/#devuan mf (~yaaic@p200300C613C93D0038EC10CE25162D32.dip0.t-ipconnect.de) |
21:37.57 | *** join/#devuan polocho (~polocho@89.141.233.231.dyn.user.ono.com) |
21:44.05 | matlock | not exactly an entirely new kernel rebuild but openbsd is getting unique kernels with each reboot https://www.bleepingcomputer.com/news/security/openbsd-will-get-unique-kernels-on-each-reboot-do-you-hear-that-linux-windows/ |
21:48.29 | *** join/#devuan TemporalBeing (~Ben_Meyer@172-6-231-225.lightspeed.tukrga.sbcglobal.net) |
21:57.55 | *** join/#devuan chomwitt (~chomwitt@2a02:587:dc0e:9300:7058:b2cc:2d54:a660) |
21:58.49 | *** join/#devuan justinsm (~justinsm@82-69-63-196.dsl.in-addr.zen.co.uk) |
22:08.59 | *** join/#devuan aitor (~aitor@218.red-88-11-76.dynamicip.rima-tde.net) |
22:09.02 | aitor | hi |
22:11.42 | golinux | ho |
22:12.18 | golinux | fsmithred: is off eating cake and ice cream |
22:12.28 | aitor | the boot process with vdev delays some seconds due to the following message: |
22:12.52 | aitor | failed to load ath3k-1.fw |
22:13.28 | aitor | it's a bluetooth driver: https://wireless.wiki.kernel.org/en/users/drivers/ath3k |
22:15.03 | aitor | i built the kernel with: |
22:15.04 | aitor | CONFIG_BT_HCIUART_ATH3K=y |
22:15.14 | aitor | CONFIG_BT_ATH3K=m |
22:16.50 | aitor | golinux: fsmithred is always hungry |
22:18.48 | *** join/#devuan greenjeans (~greenjean@104.235.205.1) |
22:24.22 | *** join/#devuan polocho (~polocho@89.141.233.231.dyn.user.ono.com) |
22:32.16 | *** join/#devuan bozonius (~bozonius@c-73-90-84-55.hsd1.ca.comcast.net) |
22:33.27 | bozonius | sorry, we keep losing power here |
22:36.06 | bozonius | fsmithred: You should also notice a recompile when you update the kernel and reboot -- dkms is set to run at boot time and will recompile any modules that need updates |
22:36.16 | bozonius | there may be other instances as well |
22:36.29 | bozonius | it is not strictly related to installation necessarily |
22:39.06 | *** join/#devuan barrett9h (~doti@179.55.105.224) |
22:39.08 | *** join/#devuan crayxmp (~crayxmp@LFbn-LIL-1-472-87.w81-49.abo.wanadoo.fr) |
22:40.29 | golinux | aitor: I also eat all day long. |
22:43.45 | aitor | golinux: your armadillo also eat all day long... |
22:43.58 | aitor | lettuces an leeks |
22:44.41 | golinux | No the eat grubs etc. |
22:44.45 | golinux | they |
22:51.57 | unixman | MMMmmm, grubs. Buttery flavor when toasted. :) |
22:52.20 | aitor | i thought that devuan-sdk and live-sdk were the same project, but now i see that they are not |
23:12.03 | gnarface | fsmithred: as i understand it they just jack with the order the modules are included in the binary, to sabotage the reliability of stack-smashing attacks and the like |
23:12.52 | gnarface | so you can't smash the stack in the same place anymore on machines running the same versions of everything |
23:14.07 | gnarface | fsmithred: probably useless for home, but for large deployments of otherwise completely homogeneous software&hardware this could be a critical step in long-term security from data fuzzing? |
23:14.26 | gnarface | that's my vague understanding of the justifications anyway |
23:14.50 | *** join/#devuan g4570n (~g4570n@host2.190-228-106.telecom.net.ar) |
23:16.20 | gnarface | DocScrutinizer05: ^ |
23:16.25 | gnarface | (re, openbsd) |
23:21.28 | bozonius | gnarface, how does an attacker smash the stack of anything if they cannot somehow first get access to an account on the system? That's the part that puzzles me. |
23:22.33 | bozonius | (In fact, this has been puzzling me for a couple of years since I learned of stack smashing) |
23:23.48 | gnarface | bozonius: i don't really know. i'm just parroting what i remember from the article when they started doing this months (years?) ago. this may be more for virtual servers where they ARE giving out shell accounts, or doing other things where it's expected users might be uploading their own binaries. the use case also seemed to imply that the machines are expected to be rebooted semi-regularly |
23:24.58 | bozonius | If users want to upload their own binaries just to turn around and smash them... ??? Or am I missing something? |
23:25.25 | *** join/#devuan Olufunmilayo (~Olufunmil@unaffiliated/olufunmilayo) |
23:25.56 | gnarface | imagine you're a hosting provider with enough 5$/month customers that you couldn't hope to meet them all face-to-face or do any sort of reliable background checks or other judgement of their character |
23:26.05 | bozonius | sure. |
23:26.12 | bozonius | still doesn't make sense though |
23:26.15 | bozonius | but go ahead |
23:26.22 | gnarface | the vast majority of them will be harmmless fools |
23:26.41 | gnarface | but a small percentage of them will be actively evil, and trying to jailbreak themselves out of the virtual container to get into their peer's containers |
23:27.01 | bozonius | so they are sharing binaries across containers? |
23:27.20 | gnarface | no, but the containers share hardware |
23:27.37 | bozonius | is this like rowhammer? |
23:27.38 | gnarface | with some types of containers, all guests on a single machine share one kernel instance even |
23:28.02 | bozonius | oh, yeah, I know about that -- I've been wondering about the security of that architecture, sharing kernels |
23:28.25 | gnarface | it's not quite like rowhammer, where it's taking advantage of a physical vulnerability in the hardware, it's more a low-level logical vulnerability in the way CPUs execute instructions |
23:28.33 | bozonius | I don't think containers are the right solution for $5/month subscribers who you don't know well |
23:28.49 | bozonius | I haev taken 2 classes in Unix internals |
23:29.04 | bozonius | one was 2 weeks, on an Amdahl UTS mainframe |
23:29.16 | gnarface | i don't disagree, but nonetheless it's popular because dedicated hardware is prohibitively expensive still |
23:29.22 | bozonius | I am aware how the kernel works, but it is also very very secure |
23:30.08 | bozonius | when I've had "shared" hosting, I still got my own kernel and operating system, my own physical memory, and a certain slice of the CPU's time (depending on how much I paid) |
23:30.22 | bozonius | so this worry over shared binaries would be effectively nil |
23:30.35 | bozonius | but containers, that's wholly different, yes |
23:30.41 | gnarface | gcc has some sort of stack randomization built-in as a way to defend against stack smashing too, but the problem is that if everyone is taking a copy of just ONE build of something, the stack is not so random anymore... |
23:31.01 | bozonius | and why I would never consider parceling out hosting on a weak container basis |
23:31.16 | gnarface | so this idea allows for a random stack that's also heterogeneous across identical versions of given software |
23:31.35 | bozonius | yeah, I understand the preventatives |
23:32.04 | bozonius | I was just curious what sort of environment would permit such intrusion that could lead to disaster. You have answered my question. |
23:32.19 | gnarface | the shared hosting you're talking about is like the way kvm/zen does it. the problem with that is the static memory and storage allocation isn't very flexible; doesn't scale down well |
23:32.21 | bozonius | It all revolves around containers that are shared by people who might not be trustworthy. |
23:32.57 | bozonius | static memory? It's all dynamic on *nix systems, afaik |
23:33.09 | gnarface | yea, as far as i know... but i guess in theory someone could find a vulnerable daemon considered reputable and widely distributed too... |
23:33.26 | gnarface | well, last i set up kvm you have to give it a static slice of memory |
23:33.28 | bozonius | but that goes beyond just stack smashing. |
23:34.10 | bozonius | UTS was just one OS you could run on Amdahl mainframe (a clone of IBM 370) |
23:34.16 | gnarface | with bsd jails and for example, my favorite, linux-vservers, the host machine has one kernel that just hides memory used by other guests |
23:34.30 | bozonius | and they shared the CPUs across "domains" (UTS, MVS, etc) |
23:34.36 | bozonius | very much like Xen |
23:35.05 | bozonius | right, that approac is more appropriate for hosted services to anonymous users with money |
23:35.07 | *** join/#devuan justinsm (~justinsm@82-69-63-196.dsl.in-addr.zen.co.uk) |
23:35.35 | gnarface | i'm not saying it's perfect, but it's better than the old form of shared hosting where everyone gets a shell account directly on the host, and virtualization is limited to apache virtualserver directory rewrites |
23:35.44 | bozonius | oh no |
23:35.46 | gnarface | (which bluehost and dreamhost STILL DO) |
23:35.50 | bozonius | not what I am talkig about at all |
23:35.56 | bozonius | the hosting I had was more like Vbox |
23:36.21 | bozonius | I had my own domain, although the /bin and /usr/bin might have been mounted ro from some server onthe local net |
23:36.29 | bozonius | *on the |
23:37.07 | bozonius | sorry that was /var (keep forgetting I'm on irc) |
23:37.19 | bozonius | dang |
23:37.35 | bozonius | I mean /var and /home were "private" to your domain, not shared with anyone else |
23:38.13 | bozonius | at least, that's how they seemed to me. And, yeah, I've had bluehost (briefly, too many restrictions) |
23:39.04 | bozonius | dreamhost was anything but a dream |
23:39.38 | bozonius | more of a nightmare in the end, actually. They damaged my domain by terminating a long process (by their accounting) causing severe and permanent database damage |
23:39.53 | bozonius | they didn't give a, a, whatchmacallit |
23:40.39 | bozonius | I just don't get how some of these attacks actually work. I mean, apparently they DO work, but there is some missing thing they don't say about them. |
23:41.15 | bozonius | gotta go make dinner now... bbl (sorry for all the chatter) |
23:52.59 | *** join/#devuan mn3monic (~xxwa@unaffiliated/mn3monic) |
23:53.44 | *** join/#devuan Xenguy (~Xenguy@unaffiliated/xenguy) |