Menu
▾
▴
devil-linux-discuss — General Mailing List for all discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(59) |
Sep
(57) |
Oct
(5) |
Nov
(45) |
Dec
(21) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(13) |
Feb
(22) |
Mar
(14) |
Apr
(7) |
May
(33) |
Jun
(57) |
Jul
(25) |
Aug
(40) |
Sep
(53) |
Oct
(58) |
Nov
(75) |
Dec
(22) |
| 2003 |
Jan
(101) |
Feb
(101) |
Mar
(103) |
Apr
(125) |
May
(85) |
Jun
(57) |
Jul
(62) |
Aug
(42) |
Sep
(76) |
Oct
(214) |
Nov
(290) |
Dec
(274) |
| 2004 |
Jan
(187) |
Feb
(172) |
Mar
(313) |
Apr
(209) |
May
(169) |
Jun
(147) |
Jul
(118) |
Aug
(193) |
Sep
(227) |
Oct
(125) |
Nov
(246) |
Dec
(191) |
| 2005 |
Jan
(244) |
Feb
(175) |
Mar
(165) |
Apr
(130) |
May
(217) |
Jun
(122) |
Jul
(188) |
Aug
(235) |
Sep
(165) |
Oct
(133) |
Nov
(209) |
Dec
(88) |
| 2006 |
Jan
(66) |
Feb
(89) |
Mar
(108) |
Apr
(91) |
May
(29) |
Jun
(45) |
Jul
(64) |
Aug
(42) |
Sep
(44) |
Oct
(81) |
Nov
(64) |
Dec
(9) |
| 2007 |
Jan
(24) |
Feb
(122) |
Mar
(55) |
Apr
(50) |
May
(84) |
Jun
(13) |
Jul
(80) |
Aug
(70) |
Sep
(78) |
Oct
(45) |
Nov
(56) |
Dec
(42) |
| 2008 |
Jan
(65) |
Feb
(3) |
Mar
(51) |
Apr
(151) |
May
(54) |
Jun
(72) |
Jul
(73) |
Aug
(47) |
Sep
(55) |
Oct
(123) |
Nov
(16) |
Dec
(4) |
| 2009 |
Jan
(23) |
Feb
(39) |
Mar
(27) |
Apr
(36) |
May
(35) |
Jun
(51) |
Jul
(11) |
Aug
(14) |
Sep
(40) |
Oct
(67) |
Nov
(38) |
Dec
(13) |
| 2010 |
Jan
(15) |
Feb
(35) |
Mar
(40) |
Apr
(11) |
May
(26) |
Jun
(10) |
Jul
(5) |
Aug
(50) |
Sep
(86) |
Oct
(67) |
Nov
(36) |
Dec
(11) |
| 2011 |
Jan
(50) |
Feb
(6) |
Mar
(13) |
Apr
(13) |
May
(29) |
Jun
(27) |
Jul
(26) |
Aug
(27) |
Sep
(21) |
Oct
(7) |
Nov
(27) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(20) |
Mar
(48) |
Apr
(18) |
May
(8) |
Jun
(19) |
Jul
|
Aug
(15) |
Sep
(3) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2013 |
Jan
(13) |
Feb
(7) |
Mar
(4) |
Apr
(25) |
May
(2) |
Jun
(8) |
Jul
(4) |
Aug
(8) |
Sep
(7) |
Oct
|
Nov
(5) |
Dec
(10) |
| 2014 |
Jan
|
Feb
|
Mar
(6) |
Apr
(20) |
May
(5) |
Jun
|
Jul
(2) |
Aug
|
Sep
(8) |
Oct
(21) |
Nov
(4) |
Dec
(7) |
| 2015 |
Jan
(10) |
Feb
(9) |
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(11) |
Oct
|
Nov
(17) |
Dec
(32) |
| 2016 |
Jan
(10) |
Feb
(15) |
Mar
(4) |
Apr
(7) |
May
(10) |
Jun
(11) |
Jul
(15) |
Aug
(26) |
Sep
(13) |
Oct
(10) |
Nov
(16) |
Dec
(6) |
| 2017 |
Jan
(9) |
Feb
(3) |
Mar
|
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
(3) |
Sep
(3) |
Oct
(6) |
Nov
(8) |
Dec
|
| 2018 |
Jan
(12) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Heiko Z. <he...@zu...> - 2017-10-08 15:25:40
|
Udo, The bug tracking system has been out for quite a while. At this point I'm a bit concerned about the future of DL. Unfortunately I've been the only one maintaining it and it shows. I don't have as much time to work on it as I used it. Additionally, I have no clue what to do due to grsecurity not being available anymore publicly.... The project has been around for 18 years now, so it would be sad seeing it die due to the lack of participation. Heiko Quoting Udo Lembke <ul...@po...>: > Hi, > the link on devil-linux.org for the "bug tracking system" is dead: > http://apps.sourceforge.net/mantisbt/devil-linux/ > > Is this normal? Transfer to an more modern system or the begining end of > the projekt? That would be a shame! > > Udo > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
|
From: Heiko Z. <he...@zu...> - 2017-10-08 14:59:07
|
Udo, The bug tracking system has been out for quite a while. At this point I'm a bit concerned about the future of DL. Unfortunately I've been the only one maintaining it and it shows. I don't have as much time to work on it as I used it. Additionally, I have no clue what to do due to grsecurity not being available anymore publicly.... The project has been around for 18 years now, so it would be sad seeing it die due to the lack of participation. Heiko Quoting Udo Lembke <ul...@po...>: > Hi, > the link on devil-linux.org for the "bug tracking system" is dead: > http://apps.sourceforge.net/mantisbt/devil-linux/ > > Is this normal? Transfer to an more modern system or the begining end of > the projekt? That would be a shame! > > Udo > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
|
From: Heiko Z. <he...@zu...> - 2017-10-08 14:58:55
|
Olivier, The behavior must have changed when we switched to the newer gcc version. Unfortunately we got a bigger issue right now, which I mentioned in the other email: grsecurity stopped releasing a public patch. Without that, a lot of our security features are useless. If anybody has an idea what to do, please share. I'm at a loss at the moment... Heiko Quoting Boursin Olivier <oli...@in...>: > Hello, > > > > I discover that compilation options were not the same between > version 1.6.9 and 1.8.0 according to checksec > (https://github.com/slimm609/checksec.sh), 1.6.9 option “proc-all” > told me that processes were all Full RELRO, Stack Canaries, Pax > enabled, PIE enabled and Fortify : > > > > > > > > > > checksec.sh --proc-all > > > > * System-wide ASLRPaX ASLR enabled > > > > > > > > > > * Does the CPU support NX: Yes > > > > > > > > > > COMMAND PID RELRO STACK CANARY > SECCOMP NX/PaX PIE FORTIFY > > > > init 1 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > syslog-ng 1638 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > syslog-ng 1639 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > cron 1657 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > dhcpd 1732 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > sshd 1876 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > jk_socketd 2145 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > ntpd 2150 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > jk_socketd 3223 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > master 4167 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > pickup 4172 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > qmgr 4173 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4216 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4217 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4218 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4219 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4220 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > agetty 4221 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > procinfo 4222 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > iptstate 4223 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > udevd 4225 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > udevd 4226 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > sshd 4234 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > bash 4236 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > udevd 480 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > > > > > > > With version 1.8.0, it seems that only some processes have those > hardening mechanism (example sshd) : > > > > > > > > > > checksec.sh --proc-all > > > > * System-wide ASLRPaX ASLR enabled > > > > > > > > > > * Does the CPU support NX: Yes > > > > > > > > > > COMMAND PID RELRO STACK CANARY > SECCOMP NX/PaX PIE FORTIFY > > > > init 1 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > syslog-ng 1828 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > syslog-ng 1829 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > cron 1851 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > dhcpd 1926 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > sshd 2050 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > jk_socketd 2325 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > ntpd 2329 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > jk_socketd 3347 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > master 4015 Full RELRO No canary found > No Seccomp PaX enabled No PIE Yes > > > > qmgr 4019 Full RELRO No canary found > No Seccomp PaX enabled No PIE Yes > > > > agetty 4062 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > agetty 4063 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > agetty 4064 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > agetty 4065 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > agetty 4066 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > agetty 4067 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > iptstate 4069 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > udevd 745 Full RELRO No canary found > No Seccomp PaX enabled No PIE No > > > > pickup 8223 Full RELRO No canary found > No Seccomp PaX enabled No PIE Yes > > > > sshd 8413 Full RELRO Canary found > No Seccomp PaX enabled PIE enabled Yes > > > > bash 8419 Full RELRO No canary found > No Seccomp PaX enabled No PIE Yes > > > > > > > > > > Is there any reason of that ? > > > > I know it is possible to build a customized version of > Devil-Linux, but I have not found where to check or put customized > gcc parameters, so any advices are welcome. > > > > Many thanks, > > > > > > > > > > OB > > > > > > > > > > > > > > -- Regards Heiko Zuerker |
|
From: Heiko Z. <he...@zu...> - 2017-10-08 14:58:40
|
Frank, Which of the 1.8.1 pre-releases are you using? Looks like I had a flag set wrongly and it wasn't adding the timestamp. This sounds to me like an issue on the kernel side. Anything kernel related is a bit of an issue now. GRSecurity stopped releasing a public patch and it doesn't seem anybody else picked this up by now. This makes upgrading the kernel hard, unless you're willing to go to a non-grsec kernel (the -server build). At this point in time I have no clue what to do about the hardened kernel. The grsec features is something we rely heavily on... Heiko Quoting Frank Weis <Fra...@cg...>: > Hi All, > > > > I have a rather bizarre behaviour on Devil-Linux 1.8.1 > > The DL-box acts as a gateway to specific destinations. > > A collection of hosts have static routes that point to the DL box > to access this destination. On a couple of hosts the following > happens: > > > > they can't access the destinations behind the DL box. > > > * When I inspect their ARP cache I can see that they DON'T KNOW > the DL's MAC-address > * when I do ONE of the following it magically works > > * put the DL's MAC into the host's ARP table > * ON DL start tcpdump on the local interface, thus putting > the interface into promiscuous mode. > > > > It is rather complicated to debug this; debuggin on the DL Box > implies using tcpdump, which makes the problem temporarily disappear. > > > > Any ideas? > > > > Thanks > > > > > -- > > FRANK WEIS > Conseiller informaticien > > LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG > Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse > Centre de gestion informatique de l’éducation > > eduPôle - Walferdange > Route de Diekirch, L-7220 Walferdange > _Adresse postale_ : B.P. 98, L-7201 Bereldange > > Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970 > .Fax : (+352) 247-85174 > E-mail : Fra...@cg... > www.cgie.lu[1] > www.men.lu[2] > www.gouvernement.lu[3] > > Ce message et toutes pièces jointes sont établis à l'intention > exclusive de ses destinataires. Ils peuvent contenir des > informations confidentielles. Si vous recevez ce message par erreur, > merci de le détruire et d'en avertir immédiatement l'expéditeur. > Toute utilisation de ce message non conforme à sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, > sauf autorisation expresse. Ce message a fait l'objet d'un > traitement anti-virus. > > Le contenu de ce message et des pièces jointes ne pourrait engager > la responsabilité du ministère que s'il a été émis par une personne > dûment habilitée agissant dans le strict cadre des fonctions > auxquelles elle est employée et à des fins non étrangères à ses > attributions. > Links: ------ [1] http://www.cgie.lu/ [2] http://www.men.lu/ [3] http://www.gouvernement.lu -- Regards Heiko Zuerker |
|
From: Udo L. <ul...@po...> - 2017-10-07 06:35:37
|
Hi, the link on devil-linux.org for the "bug tracking system" is dead: http://apps.sourceforge.net/mantisbt/devil-linux/ Is this normal? Transfer to an more modern system or the begining end of the projekt? That would be a shame! Udo |
|
From: Boursin O. <oli...@in...> - 2017-09-29 09:07:46
|
Hello, I discover that compilation options were not the same between version 1.6.9 and 1.8.0 according to checksec (https://github.com/slimm609/checksec.sh), 1.6.9 option "proc-all" told me that processes were all Full RELRO, Stack Canaries, Pax enabled, PIE enabled and Fortify : checksec.sh --proc-all * System-wide ASLRPaX ASLR enabled * Does the CPU support NX: Yes COMMAND PID RELRO STACK CANARY SECCOMP NX/PaX PIE FORTIFY init 1 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes syslog-ng 1638 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes syslog-ng 1639 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes cron 1657 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes dhcpd 1732 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes sshd 1876 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes jk_socketd 2145 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes ntpd 2150 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes jk_socketd 3223 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes master 4167 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes pickup 4172 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes qmgr 4173 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4216 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4217 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4218 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4219 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4220 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes agetty 4221 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes procinfo 4222 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes iptstate 4223 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes udevd 4225 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes udevd 4226 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes sshd 4234 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes bash 4236 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes udevd 480 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes With version 1.8.0, it seems that only some processes have those hardening mechanism (example sshd) : checksec.sh --proc-all * System-wide ASLRPaX ASLR enabled * Does the CPU support NX: Yes COMMAND PID RELRO STACK CANARY SECCOMP NX/PaX PIE FORTIFY init 1 Full RELRO No canary found No Seccomp PaX enabled No PIE No syslog-ng 1828 Full RELRO No canary found No Seccomp PaX enabled No PIE No syslog-ng 1829 Full RELRO No canary found No Seccomp PaX enabled No PIE No cron 1851 Full RELRO No canary found No Seccomp PaX enabled No PIE No dhcpd 1926 Full RELRO No canary found No Seccomp PaX enabled No PIE No sshd 2050 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes jk_socketd 2325 Full RELRO No canary found No Seccomp PaX enabled No PIE No ntpd 2329 Full RELRO No canary found No Seccomp PaX enabled No PIE No jk_socketd 3347 Full RELRO No canary found No Seccomp PaX enabled No PIE No master 4015 Full RELRO No canary found No Seccomp PaX enabled No PIE Yes qmgr 4019 Full RELRO No canary found No Seccomp PaX enabled No PIE Yes agetty 4062 Full RELRO No canary found No Seccomp PaX enabled No PIE No agetty 4063 Full RELRO No canary found No Seccomp PaX enabled No PIE No agetty 4064 Full RELRO No canary found No Seccomp PaX enabled No PIE No agetty 4065 Full RELRO No canary found No Seccomp PaX enabled No PIE No agetty 4066 Full RELRO No canary found No Seccomp PaX enabled No PIE No agetty 4067 Full RELRO No canary found No Seccomp PaX enabled No PIE No iptstate 4069 Full RELRO No canary found No Seccomp PaX enabled No PIE No udevd 745 Full RELRO No canary found No Seccomp PaX enabled No PIE No pickup 8223 Full RELRO No canary found No Seccomp PaX enabled No PIE Yes sshd 8413 Full RELRO Canary found No Seccomp PaX enabled PIE enabled Yes bash 8419 Full RELRO No canary found No Seccomp PaX enabled No PIE Yes Is there any reason of that ? I know it is possible to build a customized version of Devil-Linux, but I have not found where to check or put customized gcc parameters, so any advices are welcome. Many thanks, OB |
|
From: Boursin O. <oli...@in...> - 2017-09-28 20:21:26
|
Hello, I discover that compilation options were not the same between version 1.6.9 and 1.8.0 : Using a tool like checksec (https://github.com/slimm609/checksec.sh), 1.6.9 option "proc-all" told me that processes were all Full RELRO, Stack Canaries, Pax enabled, PIE enabled and Fortify (see joined pictures). With version 1.8.0, it seems that only some processes have those hardening mechanism (example sshd). Is there any reason of that ? I know it is possible to build a customized version of Devil-Linux, but I have not found where to put customized gcc parameters, so any advices are welcome. Many thanks, OB |
|
From: Frank W. <Fra...@cg...> - 2017-09-27 10:52:21
|
Hi All,
I have a rather bizarre behaviour on Devil-Linux 1.8.1
The DL-box acts as a gateway to specific destinations.
A collection of hosts have static routes that point to the DL box to
access this destination. On a couple of hosts the following happens:
they can't access the destinations behind the DL box.
* When I inspect their ARP cache I can see that they *don't know* the
DL's MAC-address
* when I do *one* of the following it magically works
o put the DL's MAC into the host's ARP table
o *on DL *start tcpdump on the local interface, thus putting the
interface into promiscuous mode.
It is rather complicated to debug this; debuggin on the DL Box implies
using tcpdump, which makes the problem temporarily disappear.
Any ideas?
Thanks
--
*Frank Weis*
Conseiller informaticien
LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
Centre de gestion informatique de l’éducation
eduPôle - Walferdange
Route de Diekirch, L-7220 Walferdange
_Adresse postale_ : B.P. 98, L-7201 Bereldange
Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
.Fax : (+352) 247-85174
E-mail : Fra...@cg... <mailto:Fra...@cg...>
www.cgie.lu <http://www.cgie.lu/>
www.men.lu <http://www.men.lu/>
www.gouvernement.lu <http://www.gouvernement.lu>
Ce message et toutes pièces jointes sont établis à l'intention exclusive
de ses destinataires. Ils peuvent contenir des informations
confidentielles. Si vous recevez ce message par erreur, merci de le
détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
de ce message non conforme à sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite, sauf autorisation
expresse. Ce message a fait l'objet d'un traitement anti-virus.
Le contenu de ce message et des pièces jointes ne pourrait engager la
responsabilité du ministère que s'il a été émis par une personne dûment
habilitée agissant dans le strict cadre des fonctions auxquelles elle
est employée et à des fins non étrangères à ses attributions.
|
|
From: Heiko Z. <he...@zu...> - 2017-08-16 13:16:27
|
Pekka, Thanks for the information. Any chance I could get you to send in a patch for the documentation, to have it updated? :) Heiko Quoting Pekka Kilponen <Pek...@ja...>: > > > > > > > Hi, sorry forgot format phase (fixed bullet numbers too), here is > todo again hope it helps someone > > > > > > > > > > > * Use linux 64bit (32bit does not work for 64bit DL), windows > cant copy certain filenames > > > * (I used a virtualbox Ubuntu 64bit on Windows Laptop) > > > 3. put usb stick to computer, assign usb stick to virtual > machine, remember to install both vbox extension and vbox guest > additions > > > > 4. use umount on terminal (dont use "filemanager" to eject) if > stick gets automounted on Linux > > > > 5. use fdisk to make two partitions W95 fat32 type > > > > 6. make first partition DOS bootable > > > > 7. use mkdosfs (or equivalent) to format both partitions > > > > 8. unmount them before install on usb in terminal > > > > 9. start install_on_usb, write device names (defaults dont work > with enter), choose syslinux > > > > 10. dont choose format or partition devices, msdos format does > not work (parameters not correct) > > > > 11. copy possible previous etc_mods settings file to second partition > > > > > > > > > > > > > > > > LäHETTäJä: Pekka Kilponen [mailto:Pek...@ja...] > LäHETETTY: 14. elokuutata 2017 14:09 > VASTAANOTTAJA: dev...@li... > AIHE: [Devil-Linux-discuss] Install on USB, how to > > > > > > > > > > Hi, > > > > > > > > > > First of all thank you very much on great software! I been using > Devil-Linux for 10 years in our company. > > > > I use strongswan for dozens of ipsec tunnel and shorewall firewall. > > > > Novadays we had some problems that local network card stalled and > only reboot helps, changed all hardware same problem. > > > > > > > > > > I suspect some driver problem dunno. Its 1.6.8 64 bit version > > > > > > > > > > Anyway we need to reboot often. So from CD its slow, I decided to > got for USB boot and upgrade to 1.6.9. > > > > > > > > > > Here is how I finally was able to install it on 8GB USB stick > with two partitions (one for system, one for config). > > > > Using the provided install_on_usb script > > > > > > > > > > > * Use linux 64bit (32bit does not work for 64bit DL), windows > cant copy certain filenames > > > * (I used a virtualbox Ubuntu 64bit on Windows Laptop) > > > 3. put usb stick to computer, assign usb stick to virtual > machine, remember to install both vbox extension and vbox guest > additions > > > > 3. use umount on terminal (dont use "filemanager" to eject) if > stick gets automounted on Linux > > > > 2. use fdisk to make two partitions W95 fat32 type > > > > 3. make first partition DOS bootable > > > > 4. unmount them before install on usb in terminal > > > > 5. start install_on_usb, write device names (defaults dont work > with enter), choose syslinux > > > > 6. dont choose format or partition devices, msdos format does > not work (parameters not correct) > > > > 7. copy possible previous etc_mods settings file to second partition > > > > > > > > > > > > > > -- Regards Heiko Zuerker |
|
From: Pekka K. <Pek...@ja...> - 2017-08-14 11:52:11
|
Hi, sorry forgot format phase (fixed bullet numbers too), here is todo again hope it helps someone 1. Use linux 64bit (32bit does not work for 64bit DL), windows cant copy certain filenames 2. (I used a virtualbox Ubuntu 64bit on Windows Laptop) 3. put usb stick to computer, assign usb stick to virtual machine, remember to install both vbox extension and vbox guest additions 4. use umount on terminal (dont use "filemanager" to eject) if stick gets automounted on Linux 5. use fdisk to make two partitions W95 fat32 type 6. make first partition DOS bootable 7. use mkdosfs (or equivalent) to format both partitions 8. unmount them before install on usb in terminal 9. start install_on_usb, write device names (defaults dont work with enter), choose syslinux 10. dont choose format or partition devices, msdos format does not work (parameters not correct) 11. copy possible previous etc_mods settings file to second partition Lähettäjä: Pekka Kilponen [mailto:Pek...@ja...] Lähetetty: 14. elokuutata 2017 14:09 Vastaanottaja: dev...@li... Aihe: [Devil-Linux-discuss] Install on USB, how to Hi, First of all thank you very much on great software! I been using Devil-Linux for 10 years in our company. I use strongswan for dozens of ipsec tunnel and shorewall firewall. Novadays we had some problems that local network card stalled and only reboot helps, changed all hardware same problem. I suspect some driver problem dunno. Its 1.6.8 64 bit version Anyway we need to reboot often. So from CD its slow, I decided to got for USB boot and upgrade to 1.6.9. Here is how I finally was able to install it on 8GB USB stick with two partitions (one for system, one for config). Using the provided install_on_usb script 1. Use linux 64bit (32bit does not work for 64bit DL), windows cant copy certain filenames 2. (I used a virtualbox Ubuntu 64bit on Windows Laptop) 3. put usb stick to computer, assign usb stick to virtual machine, remember to install both vbox extension and vbox guest additions 3. use umount on terminal (dont use "filemanager" to eject) if stick gets automounted on Linux 2. use fdisk to make two partitions W95 fat32 type 3. make first partition DOS bootable 4. unmount them before install on usb in terminal 5. start install_on_usb, write device names (defaults dont work with enter), choose syslinux 6. dont choose format or partition devices, msdos format does not work (parameters not correct) 7. copy possible previous etc_mods settings file to second partition |
|
From: Pekka K. <Pek...@ja...> - 2017-08-14 11:22:10
|
Hi, First of all thank you very much on great software! I been using Devil-Linux for 10 years in our company. I use strongswan for dozens of ipsec tunnel and shorewall firewall. Novadays we had some problems that local network card stalled and only reboot helps, changed all hardware same problem. I suspect some driver problem dunno. Its 1.6.8 64 bit version Anyway we need to reboot often. So from CD its slow, I decided to got for USB boot and upgrade to 1.6.9. Here is how I finally was able to install it on 8GB USB stick with two partitions (one for system, one for config). Using the provided install_on_usb script 1. Use linux 64bit (32bit does not work for 64bit DL), windows cant copy certain filenames 2. (I used a virtualbox Ubuntu 64bit on Windows Laptop) 3. put usb stick to computer, assign usb stick to virtual machine, remember to install both vbox extension and vbox guest additions 3. use umount on terminal (dont use "filemanager" to eject) if stick gets automounted on Linux 2. use fdisk to make two partitions W95 fat32 type 3. make first partition DOS bootable 4. unmount them before install on usb in terminal 5. start install_on_usb, write device names (defaults dont work with enter), choose syslinux 6. dont choose format or partition devices, msdos format does not work (parameters not correct) 7. copy possible previous etc_mods settings file to second partition |
|
From: Heiko Z. <he...@zu...> - 2017-05-28 13:35:41
|
Tobias, You're very welcome. I upgraded it to 5.5.2 and it's in CVS. Heiko Quoting Tobias Lorenz <tob...@ba...>: > Dear Heiko, > hello all, > > first of all, thanks for still maintaining and upgrading devil linux. > Recommended and implemented it for a few clients more than ten years ago > and am still recommending it. > > I have an issue with the current version of strongSwan which I believe > is due to the version that is currently in DL (5.3.3). > > For one of my clients I need to set up an ipsec tunnel to one of their > clients with 4 connections. However, when defining 4 connections all of > them are unstable in the tunnel. When I comment any one of them so that > there are three left, everything is working. > > I think it has to do with an option that was introduced in strongSwan > 5.3.4 which allows configuring the number of tracked Quick Mode states: > https://wiki.strongswan.org/issues/1128 > At least this is where hours of researching lead me. > > Heiko, can you please upgrade strongSwan to a version above or equal to > 5.3.4 somewhen in the near future? > > Thank you. > > Best from Nuernberg, Germany > Tobias > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
|
From: Tobias L. <tob...@ba...> - 2017-05-23 12:58:20
|
Dear Heiko, hello all, first of all, thanks for still maintaining and upgrading devil linux. Recommended and implemented it for a few clients more than ten years ago and am still recommending it. I have an issue with the current version of strongSwan which I believe is due to the version that is currently in DL (5.3.3). For one of my clients I need to set up an ipsec tunnel to one of their clients with 4 connections. However, when defining 4 connections all of them are unstable in the tunnel. When I comment any one of them so that there are three left, everything is working. I think it has to do with an option that was introduced in strongSwan 5.3.4 which allows configuring the number of tracked Quick Mode states: https://wiki.strongswan.org/issues/1128 At least this is where hours of researching lead me. Heiko, can you please upgrade strongSwan to a version above or equal to 5.3.4 somewhen in the near future? Thank you. Best from Nuernberg, Germany Tobias |
|
From: Heiko Z. <he...@zu...> - 2017-04-29 13:40:58
|
Christian, The change is in CVS. Heiko Quoting Ma poubelle <the...@gm...>: > Hello, > I use MOXA UPort 1610-16 connected using USB and give access to > 16 serial ports. > > The problem is on /linux/include/usb/serial.h , the setting for > maximum number of usb ports one device can grab at once is set to 8 > > > #define MAX_NUM_PORTS 8 > > Do you have the possibility to change this from 8 to 16 for the > next release ? > > Kind Regards > > Christian -- Regards Heiko Zuerker |
|
From: Ma p. <the...@gm...> - 2017-04-20 12:33:52
|
Hello, I use MOXA UPort 1610-16 connected using USB and give access to 16 serial ports. The problem is on /linux/include/usb/serial.h , the setting for maximum number of usb ports one device can grab at once is set to 8 #define MAX_NUM_PORTS 8 Do you have the possibility to change this from 8 to 16 for the next release ? Kind Regards Christian |
|
From: Philippe M. <ph...@oz...> - 2017-02-20 22:08:59
|
On Mon, Feb 20, 2017 at 05:34:05PM +0100, Frank Weis wrote: > Hi, > > > I am currently experiencing Problems with ADSL Speed: > > when I use DL to make the ADSL connection I get speeds that are way > below the subscribed service. When I use the DSL Hardware (AVM Fritzbox) > provided by the operator, I have the correct speed (200/100 Mbit/s). > With ADSL on DL I get speeds like 85/50 Mbits/s. > > The NIC that connects to the WAN is autodetecting Gigabit speed/Full > duplex correctly. > > > I haven't found any parameters that I could tune... any hints? > I had the same kind of issues when using DL 1.6.x with some VIA CPU in the past however since I moved to an Intel CPU on my firewall/router all is well. I was never able to diagnose the issue so no clue unfortunately. Philippe |
|
From: Frank W. <Fra...@cg...> - 2017-02-20 16:52:58
|
Hi, I am currently experiencing Problems with ADSL Speed: when I use DL to make the ADSL connection I get speeds that are way below the subscribed service. When I use the DSL Hardware (AVM Fritzbox) provided by the operator, I have the correct speed (200/100 Mbit/s). With ADSL on DL I get speeds like 85/50 Mbits/s. The NIC that connects to the WAN is autodetecting Gigabit speed/Full duplex correctly. I haven't found any parameters that I could tune... any hints? Thans a lot, Frank -- *Frank Weis* Conseiller informaticien LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse Centre de gestion informatique de l’éducation eduPôle - Walferdange Route de Diekirch, L-7220 Walferdange _Adresse postale_ : B.P. 98, L-7201 Bereldange Tél. : (+352) 247-85970 . Fax : (+352) 247-85174 E-mail : Fra...@cg... <mailto:Fra...@cg...> www.cgie.lu <http://www.cgie.lu/> www.men.lu <http://www.men.lu/> www.gouvernement.lu <http://www.gouvernement.lu> Ce message et toutes pièces jointes sont établis à l'intention exclusive de ses destinataires. Ils peuvent contenir des informations confidentielles. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Ce message a fait l'objet d'un traitement anti-virus. Le contenu de ce message et des pièces jointes ne pourrait engager la responsabilité du ministère que s'il a été émis par une personne dûment habilitée agissant dans le strict cadre des fonctions auxquelles elle est employée et à des fins non étrangères à ses attributions. |
|
From: Heiko Z. <he...@zu...> - 2017-02-01 23:59:43
|
While I in general agree with your statement, the reality is that right now nobody is helping me with this project. So unless we get more people to actively help maintain DL, I have to make decision that will allow me to still keep it going. Some of those decision might very well be removing software. So stop making demands and start helping with the project. ;-) Heiko Quoting gd...@tx...: > "I didn't realize hostapd is disabled right now in the build system. > I don't think DL is the right OS for being a wireless router, there > are better ones with much more functionality. I'm leaning towards > leaving it disabled. How big of a deal is that for you?" > > I don't understand the logic of this at all. Given the number of > wireless devices in use why would someone building a router not want > to be able to add a wireless connection to it if/when > it is needed ? This is especially true for home routers and that is > exactly what I want to use it for. Also I would much prefer to use a > Linux distribution with a hardened kernel for ANY > world facing router I build and the only one I've found so far that > does not require the use of a web interface is Devil Linux (and as > far as I can remember only one of the web interface > router distributions I looked at had a hardened kernel). Why does > the "ROUTER/server distribution" Devil Linux not include the "much > more functionality" for a wireless connection router ? > In the days of omni-present wireless connected devices it seems > obvious that it should. > > ---- Heiko Zuerker <he...@zu...> wrote: >> Ashwin, >> >> ipconfig has been replaced by the ip command. >> >> I didn't realize hostapd is disabled right now in the build system. I >> don't think DL is the right OS for being a wireless router, there are >> better ones with much more functionality. I'm leaning towards leaving >> it disabled. How big of a deal is that for you? >> >> The ipsec tools are horribly outdated. Strongswan is intended to be >> its replacement. >> >> Heiko >> >> Quoting Ashwin <ash...@gm...>: >> >> Hi, >> >> A. The command "ifconfig" is missing. >> B. The commands for wireless interface management are not there. >> C. The "ipsec" and "hostapd" is missing. >> >> Are these removed forever? >> >> with Regards, >> Ashwin >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> -- >> >> Regards >> Heiko Zuerker >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
|
From: Ashwin <ash...@gm...> - 2017-01-31 09:20:04
|
Heiko, Thanks for the reply. Just for a background, I have used and promoted devil-linux in past and helped like minded friends to create home made router with this OS. These self built boxes were running on early celeron CPUs and 256MB ram booting out of CD during the year 2003-04. Twelve such routers were made and were in use for about an year or so, till I last checked with them about a decade back. Recently, I needed to make a Access Point with IPSec tunnel. So my first natural choice was to download the latest devil-linux and try it. A. IP is not a very convenient tool. In every Centos 7 the net-tools is added by almost every administrator by default to retain the "ifconfig" and "route". You may choose to add it if you wish. I am sure someone else will also complaint and very soon. B. I had to struggle quite a bit to setup the site to site ipsec tunnel (webmin module though present is not compatible for strongswan). Even after setting it up, I could not use it, due the simple reason that the appropriate firewall rules were not available anyhwere. I tried a few iptables rules as per google's various advice but without any success. I spent last two weeks in trying to create the setup with IPsec (and maybe would have lived without the hostap) but finally I had to ditch the devil-linux and move to ipcop as the default firewall rules work without a fuss on IPcop for the IPSec VPN too. Not to mention, the option for an add-on for hostap and wpa_supplicant exists (which I am still trying, probably my wireless card purchased in 2004 is not working anymore, need to check that and fix or replace it first). By the way, I did spend quality time over two days (past weekend) to read and figure out Shorewall. But honestly speaking Shorewall is an overkill. It is too cumbersome to even create the initial config to start it up. Without a GUI, the firewall tools simply do not cut an ice with me anymore. So as of now, I am on IPcop. with Regards, Ashwin On 1/28/17 7:32 PM, Heiko Zuerker wrote: > > Ashwin, > > ipconfig has been replaced by the ip command. > > I didn't realize hostapd is disabled right now in the build system. I > don't think DL is the right OS for being a wireless router, there are > better ones with much more functionality. I'm leaning towards leaving > it disabled. How big of a deal is that for you? > > The ipsec tools are horribly outdated. Strongswan is intended to be > its replacement. > > Heiko > > Quoting Ashwin <ash...@gm... <mailto:ash...@gm...>>: > >> Hi, >> >> A. The command "ifconfig" is missing. >> B. The commands for wireless interface management are not there. >> C. The "ipsec" and "hostapd" is missing. >> >> Are these removed forever? >> >> with Regards, >> Ashwin >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> <mailto:Dev...@li...>.nethttps://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > > -- > > Regards > Heiko Zuerker > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: <gd...@tx...> - 2017-01-28 17:20:46
|
"I didn't realize hostapd is disabled right now in the build system. I don't think DL is the right OS for being a wireless router, there are better ones with much more functionality. I'm leaning towards leaving it disabled. How big of a deal is that for you?" I don't understand the logic of this at all. Given the number of wireless devices in use why would someone building a router not want to be able to add a wireless connection to it if/when it is needed ? This is especially true for home routers and that is exactly what I want to use it for. Also I would much prefer to use a Linux distribution with a hardened kernel for ANY world facing router I build and the only one I've found so far that does not require the use of a web interface is Devil Linux (and as far as I can remember only one of the web interface router distributions I looked at had a hardened kernel). Why does the "ROUTER/server distribution" Devil Linux not include the "much more functionality" for a wireless connection router ? In the days of omni-present wireless connected devices it seems obvious that it should. ---- Heiko Zuerker <he...@zu...> wrote: > Ashwin, > > ipconfig has been replaced by the ip command. > > I didn't realize hostapd is disabled right now in the build system. I > don't think DL is the right OS for being a wireless router, there are > better ones with much more functionality. I'm leaning towards leaving > it disabled. How big of a deal is that for you? > > The ipsec tools are horribly outdated. Strongswan is intended to be > its replacement. > > Heiko > > Quoting Ashwin <ash...@gm...>: > > > Hi, > > > > A. The command "ifconfig" is missing. > > B. The commands for wireless interface management are not there. > > C. The "ipsec" and "hostapd" is missing. > > > > Are these removed forever? > > > > with Regards, > > Ashwin > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > _______________________________________________ > > Devil-linux-discuss mailing list > > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > -- > > Regards > Heiko Zuerker > |
|
From: Heiko Z. <he...@zu...> - 2017-01-28 14:02:30
|
Ashwin, ipconfig has been replaced by the ip command. I didn't realize hostapd is disabled right now in the build system. I don't think DL is the right OS for being a wireless router, there are better ones with much more functionality. I'm leaning towards leaving it disabled. How big of a deal is that for you? The ipsec tools are horribly outdated. Strongswan is intended to be its replacement. Heiko Quoting Ashwin <ash...@gm...>: > Hi, > > A. The command "ifconfig" is missing. > B. The commands for wireless interface management are not there. > C. The "ipsec" and "hostapd" is missing. > > Are these removed forever? > > with Regards, > Ashwin > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
|
From: Ashwin <ash...@gm...> - 2017-01-25 14:56:40
|
Hi, A. The command "ifconfig" is missing. B. The commands for wireless interface management are not there. C. The "ipsec" and "hostapd" is missing. Are these removed forever? with Regards, Ashwin |
|
From: Rich D. <ric...@gm...> - 2017-01-24 03:33:21
|
After upgrading from devil-linux-1.8.0-rc2-2017-01-06 to devil-linux-1.8.0-rc2 the USB NIC used on the WAN side started disconnecting after about 5 minutes. I moved to the USB NIC to an always on powered USB port on the system and it stop happening. Just an FYI. -- Thou shalt not steal, because the government doesn't like the competition: The United Surveillance-State of America |
|
From: Heiko Z. <he...@zu...> - 2017-01-14 16:30:26
|
All, I am happy to announce that Devil-Linux 1.8.0-rc2 has been released! This is a major overhaul of Devil-Linux. Most programs and libraries have been updated and unmaintained ones have been removed. The main file system has been switched to squashfs, to further reduce the iso size. See the changelog for additional details. -- Regards Heiko Zuerker |
|
From: <ul...@po...> - 2017-01-03 15:11:44
|
Hi, not sure, but do you have anything like appamor or selinux running? > chgrp tty /usr/bin/write > chmod g+s /usr/bin/write > chmod: changing permissions of `/usr/bin/write': Permission denied > make[4]: *** [install-exec-hook-write] Error 1 This is happens inside the chroot - right? Udo Am 2017-01-03 14:54, schrieb Ma poubelle: > Hello, > > When i try to compile the system i have an error whit util-linux > > Logs attached.. > > Can you help ? > > Regards > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
50 messages has been excluded from this view by a project administrator.
