Debian :: Setting Up Grub Against The Rules?
Feb 11, 2011
Since I have been using grub-legacy in quite an unorthodox manner, and ironically, getting benefits that an otherwise obedient user wouldn't even dream of getting, this question may, most probably, pose a challenge to all those who don't understand the filthy tricks of grub. So, here I am, trying to install grub, in a manner, that makes it independent of all operating systems on my computer. As I understand it, a bootloader is so important, especially when it is used to boot multiple OSs, that I deem it mandatory for it to be installed in a manner making it independent of all operating systems it is used for.
What I did till now:I have a 24 Mega Byte partition to which I copied /boot/grub/*I run the command: # grub-install --root-directory=/mounted-partition-holding-the-copied-files '(hd0)'Grub boots, but the menus are not displayed presenting me with a cute shell with limited commands. My next strategy in this battle, is to copy the device.map and grub.cfg files from a working installation - a sort of a heart transplant.
View 14 Replies
ADVERTISEMENT
Jan 27, 2011
I am setting my firewall rules using the command iptables.My question is i wanna know what command i can use that list rule 2 and 3 for instance in my table?i want to create rule that: The host is administered using SSH, scp and sftp so allow incoming SSH traffic and securing remote file copying and transferring.
View 2 Replies
View Related
Jun 22, 2011
I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?
View 3 Replies
View Related
Mar 16, 2011
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
View 8 Replies
View Related
Jun 30, 2010
I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
View 9 Replies
View Related
Mar 21, 2011
I've been using squeeze for a year or two now, on a PC dual booting with windows xp. Not long ago I thought that, as it's now become the stable release version, I'd do a fresh install, which I've been trying to do with the first two dvds. The installation proceeds as expected, up to and including setting grub. However, although grub saysthat it has detected windows xp, and I tell it to set up the dual boot, the computer on reboot goes straight into windows xp, with no on-scrteen option shown for choosing debian.
View 6 Replies
View Related
Mar 30, 2011
Durring the upgrade from lenny to squeeze everything went fine but grub2 fails to configure
Setting up grub-pc (1.98+20100804-14) ....
and it hangs, even freezes there...
Is it safe to restart the server, will grub1 still function if I do ?
View 4 Replies
View Related
Jun 19, 2011
I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
View 2 Replies
View Related
Apr 2, 2011
I recently tossed Ubuntu for Debian Unstable for my personal machines and I'm having trouble building Emerald into a package. I've already configured and installed the package (using the usual ./configure, make, make install) but I wanted to make a deb for future use (for myself and for others). However every time I try to run dpkg-build I get the following error message.
dh_install -pemerald --sourcedir=debian/tmp
dh_install: emerald missing files (usr/bin/*), aborting
make: *** [binary-install/emerald] Error 2
dpkg-buildpackage: error: debian/rules binary gave error exit status 2
[Code]...
View 2 Replies
View Related
Jul 30, 2013
I just installed ufw and made some rules :-
Code: Select all$ sudo ufw enable
$ sudo ufw default deny
$ sudo ufw allow 80,443/tcp
Now this gives the following :-
Code: Select allRule added
Rule added (v6)
Now is there anyway to tell it to NOT add the v6 rules (of course over time v6 will become the new standard and I'll have to upgrade my router and all) but till my ISP doesn't I just want to make it easy for myself.
I could install gufw and just take that rule out but wanted to know if there was a way to do that via CLI .
View 6 Replies
View Related
Dec 25, 2010
Still training with packaging. Here: [url]
I found the lintian reports about blackbox.
Most of them i could get sorted (via wild edits in the debian/{rules,control} files.
I am stuck at this error: [url]
I was told to read dh_link, but it doesn't say much.
My main problem is that i don't understand the rules file.
Hence a short question: If i got a rules which looks like this: #!/usr/bin/make -f
If i try it with gtk-theme-switch and with gtk2-engines-magicchicken i get syntax like the first example (blackbox -unedited,if i must i can replace it with the edited version), my working example-files use the syntax of the second example.
View 6 Replies
View Related
Aug 23, 2010
I'm trying to build the package "minitunes" [url] but when I attempt the code:
The build exits with the code dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2
This actually happens when I try to build any package with "dh_make" so I'm wondering if it is because of my debian/rules file, which I'm not so certain how to edit.
What should actually be in such a file? I have mine posted below for the minitunes package debian/rules:
View 6 Replies
View Related
Jun 6, 2015
How can we do a file replacing string on debian/rules file using sed and bash variable ? I don't seem to be able to do so. I have tried below under the install section with arch dependent amd64, as far as I know all the bash commands are allowed to be executed in debian/rules file.
I have tried this :
Code: Select all
debian/rules file
ipaddr=`<long command to find ipaddr>`
myVar=`hostname`
sed -i -e 's/somestring/'$myVar'/g' $(configs)*
sed -i -e "s/somestring/$myVar/g" $(configs)*
[Code]...
Nothing works. Sed works but the hostname replacement doesn't work.
View 13 Replies
View Related
Mar 8, 2016
I'm using Debian 8 and I have ipset v6.23 and iptables v1.4.21. I put a rule with ipset in rules.v4 file and then I restart the iptables with netfilter-persistent service. When I reboot the iptables list is empty. But if in the file I don't put a rule with ipset, after reboot the iptables list is correct.
View 4 Replies
View Related
Sep 2, 2010
I may not searched deeply enough but is somewhere desribed what variables are available in debian/rules package build script generated by dh_make ? I know about CURDIR f.E. but what about package Version (defined in debian/control) ?
View 2 Replies
View Related
Apr 23, 2011
I am using Debian Squeeze on my laptop an now I want to write udev rules. I bought an USB enclosure for my old Desktop HDD drive (Debian lenny ). But when I plug it in only the first primary partition gets mounted so I can not copy the data from my old desktop to the laptop. the output of mount shows that the following disk was mounted/dev/sdb1 on /media/disk type ext3 (rw,nosuid,nodev,uhelper=hal)
I can cd into /media/disk/etc and cat fstab shows the following:
# /etc/fstab: static file system information.
#
[code]...
View 1 Replies
View Related
Apr 18, 2016
I have SSD drives without SCT support, because of this I want to tune /sys/block/device-name/device/timeout in order to force mdadm put these drives offline. So, I can see my drive like this:
/dev/disk/by-id/ata-OCZ-SABER1000_A22MJ061512000074.
Where can I tune /sys/block/device-name/device/timeout from 30 to 7 sec only for these drive? I don't want to use rc.local.
Can I create right udev rules for it in /etc/udev/rules.d?
I want to avoid any conflict with /lib/udev/rules.d.
Code: Select all# udevadm monitor --environment --udev
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
UDEV [9302.549485] add   /devices/pci0000:00/0000:00:01.2/0000:03:00.0/host0/target0:0:0 (scsi)
ACTION=add
DEVPATH=/devices/pci0000:00/0000:00:01.2/0000:03:00.0/host0/target0:0:0
DEVTYPE=scsi_target
SEQNUM=5210
SUBSYSTEM=scsi
[Code] ....
View 0 Replies
View Related
Dec 30, 2010
I'm having some trouble with the configuration of the iptables. I want to setup a network server to serve as Fail Over (for my 2 ISPs), DHCP and DNS. I have 3 network cards, 2 connected to ISP's routers and 1 that serves as UPLINK for my switch.
I want to add some Iptables rules so I can achieve what I want to do. The problem is that the rules I try to use, they have to effect.... they don't load, here are the rules I am trying to add:
#iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j SNAT --to EXTIP
When I try to check to see if it loads, with the command:
#iptables -L
It returns empty
View 2 Replies
View Related
Mar 28, 2011
I'm trying to allow non-root account to use avrdude to program mucrocontrollers. There are many articles online about how to do that, but it seems not to work for me. Every time i try to execute avrdude it says "permission denied". Here's "$ udevadm info --name=/dev/bus/usb/002/011 --attribute-walk" says looking at device '/devices/pci0000:00/0000:00:1d.1/usb2/2-1':
KERNEL=="2-1"
SUBSYSTEM=="usb"
DRIVER=="usb"
ATTR{configuration}==""
[code]....
However, after restarting udev, replugging the device, even rebooting the computer I still get "permission denied". The Vendor and Product match, so what's the problem?
View 7 Replies
View Related
Mar 20, 2011
I'm trying to write udev rules to make it easier to recognize the network cards in my server. After a reboot it doesn't seem to take place, what am I doing wrong? I'm running Debian Squeeze stable.
Code:
$ uname -a
Linux debian 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux
Code:
# ls -l /etc/udev/rules.d/
total 4
[Code]...
View 3 Replies
View Related
Apr 30, 2011
I should create a sqeeze image and install it on other computers.Udev should detect network card (NIC) module and load it automatically at startup.How I understand /lib/udev/rules.d/75-persistent-net-generator.rules runs when udev starts, then writes to /etc/udev/rules.d/70-persistent-net.rules.The problem is, udev searches for this NIC on other hardware and the network cannot start.I can solve this problem easily using a startup script to delete /etc/udev/rules.d/70-persistent-net.rules file.
View 2 Replies
View Related
Oct 9, 2010
im using Debian (lenny) with 2.6.26 kernel, I'm trying to write udev rules in order to automount my usb pendrive, so I added this rules in udev:
SUBSYSTEM=="block", SUBSYSTEMS=="scsi",ATTRS{vendor}=="OTi ",
ATTRS{model}=="Flash Disk ", NAME="penna128M",RUN="/usr/bin/
pmount /dev/penna128M"
I use pmount to install the device as normal user If i connect my device to the usb port I don't see nothing in /media/penna128M, BUT giving at the prompt cat /etc/mtab the last line is:
/dev/penna128M /media/penna128M vfat rw,noexec,nosuid,nodev 0 0
The line in fstab about this pendrive is:
/dev/penna128M /media/penna128Mvfatdefaults,user,owner,auto00
View 5 Replies
View Related
Mar 2, 2011
I've created live squeeze usb-hdd and if I boot first time the udev system writes the MAC address of the network interfaces into /etc/udev/rules.d/70-persistent-net.rules.Because I use full persistence, the file is there on the next boot and I don't get network running automatically on other computers. My problem is, howto remove 70-persistent-net.rules every time during the startup?
View 5 Replies
View Related
Apr 14, 2010
After yesterdays upgrade of Squeeze, my Synaptics touchpad's udev configuration is ignored on my EeePC. It was working fine before. Are there any changes in how it is supposed to be configured or is it just broken?
View 3 Replies
View Related
Jan 30, 2010
After a system update a couple of days back - which as far as I can remember included some xorg packages - neither of the policy files I have written for my keyboard, synaptics touchpad and mouse work.Below are the files and the Xorg log file.
99-x11-keyboard.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
[code]...
View 4 Replies
View Related
Oct 10, 2013
Consolidate several lines of a CSV file with firewall rules, in order to parse them easier?
I have a .csv file, which I created using an HTML export from a Check Point firewall. The objective is to have all the firewall configuration lines where a given host is present. I have to do this for a few hundred, manually is not a reasonable option. I'm going to write a simple Python script for this.
The problem is that the output from the Check Point firewall is complicated to work with. If a firewall rule works with several source or destination hosts, services or other configurations, instead of having them separated with a symbol other than a comma, I get a new line.
This prevents me from exporting the line where the host is present, since I would be missing info.
Let me show you an example, hostnames are modified, of course:
NO.;NAME;SOURCE;DESTINATION;VPN**;SERVICE;ACTION;TRACK;INSTALL ON;TIME;COMMENT
1;;fwxcluster;mcast_vrrp;;vrrp;accept;Log;fwxcluster;Any;"VRRP;;*Comment suppressed*
;;;;;igmp;;;;;
2;;fwxcluster;fwxcluster;;FireWall;accept;Log;fwxcluster;Any;"Management FWg;*Comment suppressed*
;;fwmgmpe;fwmgmpe;;ssh;;;;;
;;fwmgm;fwmgm;;;;;;;
3;NTP;G_NTP_Clients;cmm_ntpserver_pe01;;ntp;accept;None;fwxcluster;Any;*Comment suppressed*
;;;cmm_ntpserver_pe02;;;;;;;
View 0 Replies
View Related
Dec 1, 2015
I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
View 9 Replies
View Related
May 12, 2011
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
View 2 Replies
View Related
Dec 15, 2010
UUIDs make fstab hard to read, so.. Is it possible to use udev rules to prevent HDs to change device, instead of using UUID in /etc/fstab?
View 2 Replies
View Related
Oct 11, 2013
I have a CSV file, which I created using an HTML export from a Check Point firewall policy. Each rule is represented as several lines, in some cases. That occurs when a rule has several address sources, destinations or services.
I need the output to have each rule described in only one line. It's easy to distinguish when each rule begins. In the first column, there's the rule ID, which is a number.
Here's an example. In green are marked the strings that should be moved:
See example. The strings that should be moved are in bold:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp;accept;
;;;;igmp;;
2;Testing;fwgcluster;fwgcluster;FireWall;accept;
;;fwmgmpe;fwmgmpe;ssh;;
;;fwmgm;fwmgm;;;
What I need ,explained in pseudo code, is this:
Read the first column of the next line. If there's a number:
Evaluate the first column of the next line. If there's no number there, concatenate (separating with a comma) the strings in the columns of this line with the last one and eliminate the text in the current one
The output should be something like this. The strings in bold are the ones that were moved:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp-igmp;accept;
;;;;;;
2;Testing;fwgcluster-fwmgmpe-fwmgm;fwgcluster-fwmgmpe-fwmgm;FireWall-ssh;accept;
;;;;;;
The empty lines are there only to be more clear, I don't actually need them.
View 1 Replies
View Related
