Again sent earlier. Thanks for the intervening comments about
vulnerabiliteis and versions.
A lot of issues and suggestions have been made and raised. My brief
response is that yes, according to nmap and my intention I had port 23,
for ssh (I moved it) and port 5900 open and the rpc port, I think. I'm
going by memory.
Theoretically the only pinhole in the ISP router firewall was port 23.
To use port 5900, you had to use an ssh tunnel.
My web server is on another machine. Since I only use it for
development, I don't leave it up.
My actual web pages are hosted externally on a vendor's box.
My experience with the upgrade treadmill is that it is a waste of time.
By its own admission (if a concept can have that) the new versions will
have issues and you need to upgrade. If the issues with an older
version don't affect you, then it is perfectly fine to use it. Why
upgrade and risk the fact that the new issues will affect your use case.
The developers for Fedora 13 were no smarter or dumber than the
developers who are writing Fedora 36. Or pick your distro of choice.
The issue with an older release is that nifty new things come out and
you can't really use them. But, if you run a VM with a recent version
of the distro, you can use them just fine.
The other issues is that if you are getting vendor support, they can
only reasonably commit to supporting a limited number of versions.
This is AMD hardware from '06.
-Gary
On Fri, Aug 05, 2022 at 06:19:54PM -0700, Rick Moen wrote:
> Quoting Brian E. Lavender (brian(a)brie.com):
>
> > Gary,
> >
> > You were running Fedora 13?
>
> If so, _that_ is likely a big problem. Fedora 13's initial release was
> May 25, 2010, and it was EOLed on June 24, 2011.
>
> Because Fedora. If you don't want to keep moving to newer versions,
> it's about the worst possible distro. (But it's possible Gary meant
> that he did _original_ installation 15 years ago, but has been following
> the recommended upgrade treadmill^W path.
>
> Linus Sphinx wrote:
>
> > https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forc…
>
> You know, I have a _lot_ of things to be grateful for, and somewhere on
> the list is the glad tidings that I don't need to rely on
> Bleepingcomputer.com for IT information.
>
> Over the past 1.5 months since its discovery, the new botnet used
> over 3,500 unique IPs worldwide to scan and attempt brute-forcing Linux
> SSH servers.
> [...]
> The SSH brute-forcing relies on a list of credentials downloaded from
> the [command and control server]. [...]
>
> *snore*
>
> So, doorknob-twisting for "joe accounts", like user=service
> password=manager and like that.
>
> Guestimate the math, and measure the lengthly setup and teardown times
> for remote connections to an sshd, and you'll find that
> dictionary-attacking an sshd with any reasonable rules set about
> password quality and length is going to take an appreciable fraction of
> the time to the heat death of the universe, to succeed.
>
> I mentioned upthread that a lot of IT device comes from gadget freaks.
> The _other_ common problem is that most security _articles_ are
> copied-pasted press releases from security/antimalware firms.
> So, they're big on shockhorror, and small on conveying understanding.
>
> I've only quick-glanced at this article about enforcing password policy
> via PAM, so won't swear to it being a good one:
> https://www.techrepublic.com/article/controlling-passwords-with-pam/
> Of course, if you're the -only- user, you ought to stick to decent
> passwords without PAM forcing you to. (Also, a user who can su to
> root has the power to overrule PAM. But if you do that, you have only
> yourself to blame for consequences.)
>
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
----- End forwarded message -----
So been about 3 months since I handed a dell E6400T laptop loaded with
fedora 36 booting up to the welcome screen waiting to finish the install to
senior citizen neighbor who couldn't support windows 10, asked me two days
later if it was safe to do his banking on, "all I ever use", I answered
along with an expression of deep gratitude for the gift that was his only
question. "Just keep it up to date whenever it prompts for it", and I
haven't heard a peep since.
With apologies to Bing Crosby; "It's beginning to look a lot like the year
of linux desktop".
Hi Folks,
I want to deploy an FTP server on my Windows Server 2012r2, which is a component of Internet Information Server. Initially, I had the obvious and simple problem of the firewall blocking access to port 21, but I think I fixed that. It was a little tricky because the port was an artifact of the FTP service , not the IIE FTP component, so it took me longer than I would like to admit.
Now I have the problem of authenticating. Can't seem to authenticate. Has anybody done this?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
Hi Folks,
This is noteworthy. I have a Windows Server 2012R2. I am using "DFS" and "Off-Line Files".
* "DFS" is "Distributed File System", which among other things "exports" the designated Windows file systems as SMB "Shares". Its goal is to "accumulate" disparate filesystems into a single filesystem, like Linux does, with the added feature of duplication/synchronization of client filesystems. In particular, Windows user "profiles" are shared as "\\TCLC.org\users\Profile\<username>.
* "Off-line Files" syncs a client copy with the "Share" to compensate for the "Share" periodically vanishing from transient conditions or you're traveling and not "connected".
I also have a bunch of Fedora boxes. I mount my Windows user profile on "/home/cjm", which gives me everything I would see on a Windows machine.
I also have a few NASes. Parenthetically, I have an ASUStore AS3204 v2, and I can heartily recommend it. Among other features, it supports hardlinks in the filesystem, which Buffalo NASes do not, and this means rSnapshot can run on ASUStore, which is pretty good news. I also have a couple of Buffalo LinkStations, which are also acceptable, but surprisingly primitive in comparison, and not without some inconvenient bugs surrounding "ownership and permissions", however they can be hacked to expose ssh and a command line.
I mount the NASs on two paths, depending on the access I choose to grant. For root access, I mount \\NAS0.TCLC.org\d0 on /net/nas0/d0, for example, and there is nothing remarkable about this. For user access, I mount the NAS in the user's filesystem: /home/<user>/net/nas0/d0, which mount point is on the Windows filesystem, and that mount point is visible from any of the Windows desktops at the same level as "Desktop", "Documents", and "Downloads".
Now, here's the point of this post: Windows Server can see that Fedora mount! It is not clear to me who is freelancing and extending their mandate -- "DFS", or "Off-line Files", but Windows server is aware that a Fedora box has mounted a filesystem on a Widows profile directory, and copies it, meaning files that should only be visible on the Fedora box are visible on the Windows desktop! This would simply be interesting and possibly beneficial, except this storage comes at a non-zero cost in space on the Windows Server 2012r2 disk, thanks to "Offline Files", or maybe "DFS" -- I don't know.
I discovered this because I am in the middle of a project to re-factor my storage, which has become unmanageable, and I was rsync'ing big file trees around, and they started to show up on my Server!
I'm not posting this as a problem for solving because I can easily work around it by simply doing my refactoring as root. No mounts within the "profile" filesystem; no volunteer files. I am posting this as an interesting observation that might be generally useful to know. Windows Server 2012r2 is spying on you! (-:
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
Hi Folks,
The world seems to be headed toward universal multiple config files in the form <dir>.d. There are about fifty of them in /etc.
I mount some filesystems "universally", under "/net/...", and, when appropriate, in a user directory, "/home/<user>/net/...". This gives me better granularity of permissions. My fstab has become cumbersome and today I asked the question, "Maybe there is an /etc/fstab.d? Son-of-a-bitch! There is! Well, I mean, I find scattered, inaccurate references, but it is not clear to me that it works on Fedora 36, and initial experiments indicate otherwise. I can still use it, but I have a script that combines all my "components" and replaces the "real" /etc/fstab, and that's not too bad, but it is a hack, and I'd rather find out if it is supposed to work and find out why mine doesn't.
Anybody have any experience with /etc/fstab.d?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
Hi Folks,
I'm working with Drupal and its notoriously steep learning curve. The tags file is less helpful than it could be because I think it is tracking more than definitions. It has been awhile, but I know that tagging on something that returns 800 "choice" is probably not correct.
Does anybody know how to make "Exuberant ctags" a little less exuberant? Just the definitions, not the references?
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
