December 2015 - luv-main

firmware malware: DVD; ?motherboard?
by Douglas Ray 03 Feb '16

03 Feb '16

We have a PC with firmware malware on - at least - both DVDs. I don't know if it's worth recovering the system, but I definitely want to find diagnostics for identifying infections and vectors on the rest of the LAN. Booting a DVD live-image of ubuntu, invocations of firefox are intercepted and come up as "JON recovery system" or some such. The attack vector may have been the old XP system on the harddrive, but equally it may have been one of the ubuntu images. It is a medion PC, article number 10002328, and there are firmware updates at the manufacturer. I'm unsure how to securely install, given that the DVDs are compromised, and I have no way to verify the cardreader or motherboard BIOS or harddrive. (I could map/update the bootsector of the harddrive, but I haven't checked what may be available to work with the firmware.) Would putting the infected DVD drives on another system, sans media, risk infecting the new system? Conversely, let's say I swap in a new DVD drive and boot a putatively clean DVD - if the BIOS is corrupted do I risk just re-infecting the new DVD drive? Merry Christmas to all Douglas Ray

6 8

Re: automatically starting KVM
by Dan062 05 Jan '16

05 Jan '16

On Wed, 23 Dec 2015 21:18:39 -0500 Jason White via luv-main <luv-main(a)luv.asn.au> wrote: > Russell Coker via luv-main <luv-main(a)luv.asn.au> wrote: > > To run KVM virtual machines it seems to be recommended to un virsh which > > requires XML. > > > I've run kvm guests directly, without virsh installed, while also managing > them from the console. Thus, whether you actually need virsh depends on your > requirements and environment. What you are saying is true, But inmho, virsh give you far more control over the VM (eg: snapshots, connecting devices live etc). While you may be able to do the same without virsh, using it to me is much easier, specially if you are doing it remotely. Cheers, Daniel > > _______________________________________________ > luv-main mailing list > luv-main(a)luv.asn.au > http://lists.luv.asn.au/listinfo/luv-main -- dan062 <dan062(a)yahoo.com.au> -- dan062 <dan062(a)yahoo.com.au>

6 6

Re: Ian Murdock, father of Debian, dead at 42
by Rick Moen 31 Dec '15

31 Dec '15

Quoting Daniel Jitnah (djitnah(a)greenwareit.com.au) > Is there anyway we can express that directly to those affected? There > seem to be a request to post through Docker? Quoting https://bits.debian.org/2015/12/mourning-ian-murdock.html: His family has asked for privacy during this difficult time and we very much wish to respect that. Within our Debian and the larger Linux community condolences may be sent to in-memoriam-ian(a)debian.org where they will be kept and archived. Respectfully, Rick Moen rick(a)linuxmafia.com

2 1

automatically starting KVM
by Russell Coker 29 Dec '15

29 Dec '15

To run KVM virtual machines it seems to be recommended to un virsh which requires XML. Just having XML isn't necessarily a bad thing (XML is great for machine=>machine communication) but apparently you have to edit it yourself! I've editited XML by hand before and written scripts to do it back when I was working on clustering software which also had the flaw of requiring XML but provided no automated way of creating it. Getting KVM working from the command line is easy enough (for definitions of easy that include a 500 character command). But how do you start it on boot and keep it running? I'm currently using screen to manage KVM sessions and it's not that difficult to script screen to start on boot, but it's a little ugly. Any better ideas? PS A recent update to Xen on Debian resulted in SATA disks not working correctly on one of my systems. If we weren't going to move LUV hosting to another location then I'd convert the LUV server to KVM to avoid the risk of SAS disks having a similar issue. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

6 5

SPF and DKIM checks on mail to the list
by Russell Coker 24 Dec '15

24 Dec '15

The list server is configured to reject mail that fails DKIM or SPF checks. It is not supposed to receive mail from other list servers or forwarding services so there's no reason for mail to fail such checks. If you have a problem with mail from your ISP going to the list then contact me off-list and I'll help you file a bug report. If you have a problem with your own personal domain then I am happy to send you log entries related to your issue and help you debug it. Don't claim that there's something wrong with the LUV server though. If you setup your server to DKIM sign mail and it doesn't do it correctly or setup a SPF entry that doesn't include your sending address then it's your issue. I'm happy to help you solve your issues, just don't claim that they are my issues. While we are having a debate about whether list servers should send out mail that fails DKIM and/or SPF checks I think that there is no reason that a mail server should receive such mail unless it is configured to receive mail from another list server. Of course if a list server receives mail from another list server it should be configured to whitelist such mail. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

5 8

DMARC, SPF and DKIM
by Jason White 24 Dec '15

24 Dec '15

I've spent time today trying to configure SPF, DKIM and DMARC for my domain. Experience will determine how successful I have been. The next step is to configure my mail system, running Postfix, to check inbound mail using these mechanisms. Which tool do others prefer for this purpose? My DMARC record may be too strict; I essentially copied an example from http://www.zytrax.com/books/dns/ch9/dmarc.html (with a slight modification to change the address to which reports are sent). If necessary, I can switch to a "quarantine" rather than a "reject" policy for SPF, DKIM or both. Mailing list servers and their treatment of DKIM would be my main concern, although in such cases, if I understand rightly, the recipient should use the list server's DMARC record to determine the policy rather than mine, since it's the list server which is actually sending the mail out.

2 2

Getting systemd to not use cpuacct cgroup on RHEL 7.2
by Chris Samuel 22 Dec '15

22 Dec '15

/* No systemd religious wars please - thank you */ Hi folks, I'm trying to get Slurm working on a RHEL7.2 system and I've hit an issue where systemd is already using the cpuacct cgroup hierarchy and that prevents Slurm from using it as it seems to be the one case where it can only be in use once. I.e. having this mount create by systemd: cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu 0 0 causes: 12725 mount("cgroup", "/cgroup/cpuacct", "cgroup", MS_NOSUID|MS_NODEV|MS_NOEXEC, "cpuacct") = -1 EBUSY (Device or resource busy) Anyone got any ideas on how to stop systemd from using it? All the best, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC

4 6

Is my root partition dying?
by David Zuccaro 21 Dec '15

21 Dec '15

Hi, I'm running fsck on my root partition and getting lots of io errors as shown in the link. What should I do? Is my disk dead or can it still be used? https://www.dropbox.com/s/d3m019akv70xihs/2015-12-17%2000.50.59.jpg?dl=0 Thanks, David

11 32

Fixing the LUV list?
by Chris Samuel 21 Dec '15

21 Dec '15

Hi folks, I tried emailing the committee, but that just got moderated and I've not heard anything since, so I was wondering are was any progress on fix the LUV mailing list to not rewrite the From: header? thanks, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC

7 15

hosting etc
by Russell Coker 21 Dec '15

21 Dec '15

In 3-5 weeks the LUV server will no longer be running at it's current location due to V3/VPAC closing. We are in the process of making other hosting arrangements. One issue that is yet to be discussed is where to host the lists, in the past Linux Australia offered to host lists for us and we may take them up on that offer if it's still available. If anyone knows of an organisation that might offer us free hosting then please email the committee. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

3 4