Debian Configuration :: Securing My Installation ?
Feb 27, 2011
Recently I have installed Debian Squeeze amd64 on my home desktop. I have used the standard installation method using DVD. I use my desktop primarily for web surfing, playing games and web application development. I do run apache2 and mysql servers on my system as need arise. I have been told that apache2 server execution without mandatory access controls such as apparmor or selinux makes the system vulnerable.
I could not find apparmor in synaptics, so I choose selinux for this task. To start with I installed identical environment in virtual box and tried installing selinux as given in url [url]. After the last step i.e. after running command selinux-config-enforcing and reboot I get login screen, I choose username and enter password. Thats it. The screen becomes blank and no further progress. I am not sure where did I went wrong. I am also curious whether selinux is really required in such cases or there is any better way to handle such situations. I also thought of running apache2 service from virtualbox. But I did not find it suitable for my requirement though.
View 7 Replies
ADVERTISEMENT
Apr 13, 2011
After a dist-upgrade in Sid, i get the following message: W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-2.fw for module r8169
View 6 Replies
View Related
Apr 8, 2014
I've been installing multiple versions of ubunutu over years and now I better understand why I faced always problems with wifi configuration on these different baselines : Debian root of course.
Now on Debian 7.4 :
The Broadcom BCM4313 driver is not loaded by default (not free product) for my wifi card. This is stated thru the UNCLAIMED declaration
Code: Select allÂ
sudo lshw -c network
 *-network UNCLAIMED
    description: Network controller
    product: BCM4313 802.11b/g/n Wireless LAN Controller
    vendor: Broadcom Corporation
    physical id: 0
[Code] ...
Unclaimed means : no driver found (no kernel association)
So I installed the driver located in the non-free backports by adding this target into the repository
Code: Select alldeb http://http.debian.net/debian/ wheezy main contrib non-free
and install :
Code: Select allsudo apt-get update && apt-get install firmware-brcm80211
sudo modprobe brcm80211
Check seems OK :
Code: Select allsudo lshw -c network
 *-network
    description: Wireless interface
    product: BCM4313 802.11b/g/n Wireless LAN Controller
    vendor: Broadcom Corporation
    physical id: 0
[Code] ....
I can't connect with wlan0, it doesn't work. I found information here regarding WPA2/PSK wifi configuration on debian : [URL] ....
so I added this setup to my interfaces file an got :
Code: Select allauto lo
iface lo inet loopback
allow-hotplug wlan0
iface wlan0 inet dhcp
 wpa-ssid Hznteam-Datacenter
 # hexadecimal psk is encoded from a plaintext passphrase
 wpa-psk 12345678901234567890123456
It's worth ! no more wifi network are detected and ifconfig gives no ip address allocated :
Code: Select allwlan0   Link encap:Ethernet HWaddr 78:e4:00:4e:49:a3Â
     UP BROADCAST MULTICAST MTU:1500 Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[Code] ....
View 7 Replies
View Related
Aug 4, 2015
I'm trying to install using windows 7 on a 2010 macbook pro. Firstly the network configuration won't work and secondly the cd rom can't be detected. I've rewritten the usb drive several times with no joy.
View 3 Replies
View Related
Feb 18, 2010
I have problem with installing Deluge. I did not find any manual how to install Deluge. And I wanna install deluge newest version, and that is on Debian testing packages. So how can I install Deluge from debian testing packages. I read a little bit Deluge forum and there I see, there is lot of problems with Deluge on Debian Lenny. And all I need is use Deluge from web interfaces, thats all. How could I set it up?
View 6 Replies
View Related
Jan 27, 2010
I am trying to create a LiveCD with the option of installation.So far, so good.Live and installation works well.Now I want to automate the installation. The problem is that when I run the install from the ISO, he said he did not could find the preseed file.In looking around, it seems that we should add this file in initrd But, I do not see how.I searched a few hours on the net in vain.
View 1 Replies
View Related
Jul 21, 2010
I just got a new hard drive and figured I might as well do an installation of Squeeze (and was previously using Lenny). That went fine, and then I decided that I should copy over my old Lenny installation to the new disk -- mostly to have a working backup without bothering to do a new installation on a partition of the new drive. My partition scheme was a smaller /boot partition and then a much larger / partition with everything else standard (and a much larger /data partition rather than storing everything under /home). So I copied /boot over to a new partition on the new disk, and the same with /. That was done from the Squeeze installation, so the Lenny install wasn't active at the time. I modified all the appropriate entries in /etc/fstab to use UUIDs rather than partition numbers and ran an update-grub.
It detected everything on the old and new disks without a problem. When I went to try and boot up the transferred Lenny installation, it hung on trying to activate the root file system (I've forgotten the exact messaging). Not entirely unexpected, mind you. I went and took a look at the grub.cfg file. It does list that the transferred Lenny is on partition sda8 (correct), it has the correct uuid for the boot partition... but it seems to be setting the root incorrectly. Specifically, the root is still set for the old disk (though in its new position of hd1 instead of hd0), and the "linux" line sets a root for the old device. Or more specifically, this is the menu entry I get, with a few // comments.
menuentry "Debian GNU/Linux, kernel 2.6.26-2-amd64 (on /dev/sda8)" {
insmod part_msdos
insmod ext2
set root='(hd1,msdos2)' // <------ This position is the *current* location of my old Lenny disk/partition
search --no-floppy --fs-uuid --set [the correct /boot UUID]
linux /vmlinuz-2.6.26-2-amd64 root=/dev/sda5 ro vga=795 // <----- that root=/dev/sda5 line is what it was on the old device.
initrd /initrd.img-2.6.26-2-amd64 }
The odd thing there is that it sets the root according to the *current* position of the old install disk (maybe some trickery with detecting the correct UUID before setting the root), but the "linux" line refers to the *old* partition. The two lines will never match up no matter what. Now if I edit grub.cfg manually, I can make it boot (and run) normally, as I've verified. For example, I made a couple manual changes to do this:
menuentry "Debian GNU/Linux, kernel 2.6.26-2-amd64 (on /dev/sda8)" {
insmod part_msdos
insmod ext2
set root='(hd0,msdos3)' // <----------- First hard drive, partition sda3 is where I put /boot
search --no-floppy --fs-uuid --set [the correct /boot UUID]
linux /vmlinuz-2.6.26-2-amd64 root=UUID=[the correct / UUID] ro vga=795 // <--- Changed it to the UUID here; could be /dev/sda8 instead
initrd /initrd.img-2.6.26-2-amd64 }
And that works perfectly, the installation works just fine. Of course, the problem is that those changes will/would be lost every time I run an update-grub. So my question, in a nutshell, is how can I configure things so that update-grub sets things properly to the new devices? Or in other words, where in the copied installation are the variables I need to change? I did note one thing odd -- the existence of a vga=795 line. For the new Squeeze installation, I'm using gfxpayload and there's no vga=anything line anywhere. My old installation, of course, had its own grub installation where I did use vga=795 to set the console resolution properly.
So my first guess was that update-grub (for Grub2) was pulling config information out of the Lenny /boot/grub folder (grub legacy). Unfortunately I tried several changes there and it made no difference. Then I deleted the entire /boot/grub folder entirely from the copied Lenny installation and ran update-grub again (the Squeeze grub version). It changed absolutely nothing. That's very confusing for me, since I have no clue where it could be getting vga=795 from, *except* the now-deleted Lenny /boot/grub folder. Where in the copied Lenny installation, I can change something to make it so that update-grub picks up the correct information?
View 4 Replies
View Related
Oct 6, 2010
I got a new laptop the other day, repartitioned it and installed Lenny. The wireless did not work. From some searching, I decided that I have the 14e4:4727 broadcom chipset. The driver I need is partially supported by the 2.6.33 kernel. I installed squeeze and downloaded the 2.6.35-7 kernel from kernel.org Then compiled it with the debian 2.6.32 kernel config file. Once it was done I installed the kernel deb files, and restarted it.
Kernel 2.6.35.7 Compiled with commands
make oldconfid
make menuconfig
export CONCURRENCY_LEVEL=2
make-kpkg clean
fakeroot make-kpkg --append-to-version "-hermes" --revision "10-5-2010" --initrd kernel_image kernel_headers
[0.433831] PCI_root PNP0A03:00: address space collision : host bridge window [mem 0xafffffff-0xdfffffff] conflicts with PCI bus 000:00 [mem 0xd0000000-0xffffffff]
And it seems to hang until I manually hold the power button to shut it down.
Before I compiled my own kernel I tried to use the liquorix-2.6.35-amd64 kernel with the same result. Am I doing something incorrectly?
Computer: DELL Inspiron m5010
4g ram
phenom 2 triple core
ATI Mobility Radeon HD 4250
I have been using linux primarily for a year or two.
View 14 Replies
View Related
Mar 22, 2011
I have trouble setting up NFS on Debian Squeeze (2.6.32-5-kirkwood armv5tel GNU/Linux) running on a Sheevaplug. After some digging and googling I found that the NFS server is (probably) not properly installed.
no rules in iptables or hosts.allow or hosts.deny. Fresh OS install.
apt-get install --reinstall nfs-kernel-server
generates this output:
Setting up nfs-kernel-server (1:1.2.2-4) ...
Stopping NFS kernel daemon: mountd nfsd.
Unexporting directories for NFS kernel daemon....
Exporting directories for NFS kernel daemon....
[Code]....
It could be related to this bug [URL] but I wonder if the fix goes to the arm-branch as well?
I have never had any trouble setting up NFS before.
View 2 Replies
View Related
Apr 1, 2011
I am attempting a netboot installation and I aw following the documentation found here My problem is that given my dhcpd.conf I am met with the errors listed below. I have checked to make sure that none of the conditions that the error warns about possible causes are currently in effect on my system.
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
[code]....
View 1 Replies
View Related
Apr 20, 2011
i've just installed squeeze on my lenovo t61 laptop. i've noticed one of my cpu's running at 100% (even in idle) from time to time.
View 3 Replies
View Related
Jul 26, 2011
I am currently running a Debian 4.0 (etch) PC and I can't upgrade to a newer distribution for legacy software reasons.
It is currently running on Kernel 2.6.18-4-686 and I would like to upgrade it to Kernel 2.6.22-3-686 (whilst keeping my current Debian 4.0 Etch installation). Does anyone know how this could be possible?
Prefereably I would like to instal Kernel 2.6.22-3-686 along side my current Kernel 2.6.18-4-686 with the option to specify which kernel to use when booting.
View 6 Replies
View Related
Aug 20, 2011
I recently bought a new hard disk for my /home tree. I don't have encrypted home directories currently, but I was wondering if there is an easy way to encrypt my home directory so that it is automatically decrypted when I'm logging in (console/kdm). Basically I would like to manually do same thing as Debian installer would have done.
I'm running Squeeze.
View 2 Replies
View Related
May 9, 2011
what the hell the error message shown below and in the attachment means? Apt-get, Aptitude, dpkg and member limiter's 3/21 post all give the same outcome. Do I need to simply remove the offending .deb file from /var/cache/apt/archives? Do I need to install squeeze from scratch? (I'm installing over a tempermental lenny-sid hybrid installation.) This thing is blocking installation and configuration of 28 other packages.
Code: dpkg: error processing /var/cache/apt/archives/libx11-dev_2%3a1.3.3-4_i386.deb (--unpack): short read on buffer copy for backend dpkg-deb during `./usr/share/doc/libx11-dev/libX11.txt.gz'
View 3 Replies
View Related
Sep 14, 2010
I'm trying to install Debian-testing to an ASUS 1018P netbook on which I have successfully installed Arch in the past. I'm installing from an external DVD drive and when I get to the point of network configuration it fails. I'm connected via Ethernet via eth0 which is recognized. Here is the last part of the ouput:
kernel: [ 1807.932848] atl1c 0000:01:00.0: irq 29 for MSI/MSI-X
kernel: [ 1807.933453] ADDRCONF(NETDEV_UP): eth0: link is not ready
dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval is 8
dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval is 15
code....
View 14 Replies
View Related
Sep 26, 2010
I get the following error message when attempting to boot: No DEFAULT or UI configuration directive found.
View 1 Replies
View Related
Apr 6, 2016
I got assigned to a project, where the installation is done over ansible. As I'm new in linux, python, django, ansible I wanted to try this out on a empty linux debian.
Code: Select alluname -a
Linux DebianABC 3.16.0-4 amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) x86 64 Gnu/Linux
When I now run my ansible playbook it tries to install mysql and suddenly I get an error:
Code: Select all:stderr: DEPRECATION: --allow-external has been deprecated and will be removed in the future. Due to changes in the repository protocol, it no longer has any effect.
DEPRECATION: --allow-unverified has been deprecated and will be removed in the future. Due to changes in the repository protocol, it no longer has any effect.
Could not find a version that satisfies the requirement mysql-connector-python==1.0.12 (from -r /home/abc/abcTest/requirements.pip (line 36)) (from versions: )
No matching distribution found for mysql-connector-python==1.0.12 (from -r /home/abc/abcTest/requirements.pip (line 36))
FATAL: all hosts have already failed -- aborting
So I checked the target machine and tried to run
pip install -vvv -r requirement.txt mysql-connector-python
As version 1.0.12 is an old version, I was searching and tried the following: [URL] ....
But also if I run the installation by direct download I have the same error message:
Code: Select allabc@DebianABC:/home/abc/abcTest$ pip install -r requirements.pip -vvv mysql-connector-python
Collecting http://cdn.mysql.com//Downloads/Connector-Python/mysql-connector-python-1.0.12.tar.gz (from -r requirements.pip (line 36))
 Starting new HTTP connection (1): cdn.mysql.com
 "GET //Downloads/Connector-Python/mysql-connector-python-1.0.12.tar.gz HTTP/1.1" 200 230923
[Code] ....
I was reading about the version requirements from PEP: [URL] .... but as the version looks ok, this should not be the problem.
View 0 Replies
View Related
May 9, 2010
After resetting a pc running lenny I get iptables errors at boot ("resource temporarily unavailable", "bad rule" etc). "setting up firewall" (Guarddog) is not followed by any errors and the firewall apparently operates ok.How can I restore my iptables to the default installation values?
View 2 Replies
View Related
Nov 13, 2010
I've been trying to make a live CD off an installation with minimalist deviation possible. Purpose is to check the hardware compatibility using the live CD, after which I'll copy the installation to the hard drive (which will probably be a squashed image) and do the necessary edits to make the system bootable. Since the rootfs will be copied over (not dd, but direct cp --preserve=all), the difference from the actual install should be minimal.
If there are any caveats using this procedure, do notify.
I've been succeeded in doing this using Gentoo but it appears the Gentoo kernel uses Gentoo specific kernel parameters which makes things very simple, but I gotta do this with the generic Debian kernel.
If it can be done easily using a script I would also like to know exactly how it's done so I can reproduce it by hand even to make an ro rootfs and possibly reproducing the same with other distros.
View 5 Replies
View Related
Mar 11, 2011
I have recently installed Debian alongside Vista on the same boot menu using the GRUB booting device. Only problem is, I couldn't boot Vista at all any more, so I removed my Debian installation from that drive. But the GRUB boot record persists, I don't have the Recovery disk to restore my old system, so I have to find a way to manually remove the GRUB track and put the old record in its place. I assume there was a copy made of it by the installation program, now my only problem is to find that file and copy the content back in place (at the address at the very beginning of the drive) all that by using Linux code, since that is all I have left. Being new to this game, I have no idea how to begin writing the right command for a job like this
View 3 Replies
View Related
Apr 5, 2011
I'm installing a non-X server using squeeze 32bit netinst iso, expert installation. I don't know that I can specify "debian-installer/framebuffer=false" during the installation, after reboot I got a framebuffer display with console fonts smaller and fonts look like ubuntu. I search around I can edit GRUB config for the resolution items or disable framebuffer. How can I disable the framebuffer (use normal text system fonts) when booting in LILO?
I got everything installed and setuped, I don't want to re-install the OS again.
View 8 Replies
View Related
Jun 3, 2011
I had installed ssh but something went wrong and I uninstalled it. I removed the SSH configuration files by hand (I deleted all /etc/ssh folder).After ssh installation (I mean apt-get install ssh) I noticed that I have no SSH configuration files.I tried apt-get install openssh-server but i still have no SSH configuration files.
View 2 Replies
View Related
Sep 15, 2010
We have a public server and it can be accessed from any where through ssh.
My question is my server should not allow anyone directly to login as root user. First he should login as normal user then he should switch to root user.
I also have another questions is there any specific linux command is there to end other users ssh session without rebooting the server.
View 2 Replies
View Related
Jan 26, 2010
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla.
In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)?
Is there an automated way to set this up via Webmin?
View 3 Replies
View Related
Oct 12, 2014
ERROR: No configuration file found
No Default or UI configuration directive found!
boot:_
This appears when I try to boot Debian 7.6.0 from my USB drive
View 1 Replies
View Related
Apr 8, 2011
I have got the following Problem: I installed the 64 bit lxde Debian version... I couldnt configure the network during the installation because I just have a dsl modem and not a router... so the configuration of the network failed.... after the installation I started debian... and was surprised about the lack of "basic system configuration"-software that had been installed... I couldnt find aptitude or whats the debian-Update-Programm called .... instead I found OpenOffice... HAE? then I tried to configure internet access..... so I started a terminal and tried to start pppoeconf... but the program wasnt found! ARRRGG! What am I doing wrong here.... Why are these system utilities like pppoeconf not always installed...
View 1 Replies
View Related
Jun 6, 2011
1- I'm trying to install the ATI Mobility Radeon HD 5470 driver over the non-free repository ...the problem is that until now i didn't found a recent documentation ...and to be honest i don't know which procedure should i use to rightly install the driver .
2- I have two graphic cards (integrated Intel with the i5 processor), and i can't change the default one to the ati! because debian had set the intel card as a native one...! that's why i´ m wondering if just an installation of the non-free drivers will solve this or not! I think every body will ask me how the lspci output looks like so here is it : 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02) 00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 02) 00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 02) 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 00:1a.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05)00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 05)
[Code]...
View 8 Replies
View Related
Mar 19, 2009
I am having trouble trying to setup an FTP server, so i made a video lesson to show how it is done PROPERLY. I actually had this before, but it was poor quality, and i went through it a little fast; so this time it is better quality and i explain more details. You can find it here:
[Code]...
View 2 Replies
View Related
Nov 19, 2009
I'm still new to PHP and SQL, but all the tutorials I've found connect to the database like this:
PHP Code:
Right now I'm just doing local network tests before exposing everything to the Internet.
Wouldn't leaving the password in there as plain text be a huge security issue? I tried downloading the php file off the server, and it just comes down blank. So does PHP already have a security feature that doesn't allow anyone to just nab PHP files off the server?
And for Postgre, I have pg_hba.conf set up to "trust" it's own IP address:
Code:
Would I need to use something like Kerberos, PAM, or ident authentication? Right now the only plan is to use it as login system for a website. The clients themselves won't be accessing the DB itself, because all the DB access will be through PHP.
View 4 Replies
View Related
Mar 11, 2010
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
View 2 Replies
View Related
