Recent Questions - Unix & Linux Stack Exchange

---

• Parsing for specific information
• Cannot login to running libvirt virtual machine from qcow2 cloud-init image
• Is it possible that BalancerMember retries connection?
• quickly tar/zip/group 15mil files into one for archival purposes
• Copying file between machines without uploading my private key
• Managing ssl ciphersuites in Linux
• sudo apt-get update Error writing to output file - write (28: No space left on device) [IP:]
• Fetch partial data from JSON Format data by jq
• Is there any reason why /proc/*/cmdline is world-readable?
• Change restart settings based on ExecCondition
• Systemd service echo and ping does not work on startup
• Unable to change mouse sensitivity
• Connecting Linux to Yaesu FT3D via bluetooth for audio
• VNC too many authentication failures error - Fail2ban
• How to set NoAccel to disable i915 GPU from Xorg.conf (to avoid GPU hang)
• tar fails on symlinks when called as python subprocess
• GNU tar's "transform" option behaves inconsistently when pattern ends in "/"
• Stream video with ffmpeg to icecast?
• iptables-block-all-inbound-and-outbound except dns(port 53), teamviewer port(5938) and my server ip (port 80)
• Bash: How can I replace a string in a previous command?
• How to make grub-mkconfig work on a usb device?
• Test integrity of ZIP file?
• Give server access to Internet, via client connecting by SSH
• Is it safe to add . to my PATH? How come?
• Bash script that reads filenames from a pipe or from command line args?
• How can I detect when a monitor is plugged in or unplugged?
• How do I change folder timestamps recursively to the newest file?

Parsing for specific information Posted: 18 Oct 2021 11:06 AM PDT I run a command on my linux system and redirect the output into a file. Here is what my file looks like: client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-1: frdp::Green::Test connection-0: frdp::Purple::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Purple::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Purple::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Green::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Purple::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Green::Test client: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx version: xxxx uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx user-uid: 10000 user: someuser primary-server: xxx.xxx.xxx.xxx operational-mode: normal mac: XX:XX:XX:XX:XX:XX locked-time: xx:xx:xx ipaddr: xxx.xxx.xxx.xxx hostname: tc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx connection-0: frdp::Purple::Test I want to extract the client hostnames that show only a connection to Purple and clients with no connections into a new file. I have had some success getting all of the non-relevant information out using the following: awk -F '\t' '/^client: / || /connection/' myfile1 >> myfile2 I have not been able extract just those clients with a connection to purple or no connection. I want to omit everything that has a connection to Green only.

Cannot login to running libvirt virtual machine from qcow2 cloud-init image Posted: 18 Oct 2021 10:48 AM PDT I'm running Arch Linux and I would like to install a qcow2 cloud image of Arch in a vm using libvirt similar to the method described here: How to create VM using the qcow2 image file in KVM - nixCraft. I have never used cloud-init images or libvirt before. The problem I'm having is that I cannot ssh into the domain (vm). Also, I cannot login via the console. Here are my full steps. I started by checking my hardware: $ sudo zgrep CONFIG_KVM /proc/config.gz CONFIG_KVM_GUEST=y CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_KVM_VFIO=y CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y CONFIG_KVM_COMPAT=y CONFIG_KVM_XFER_TO_GUEST_WORK=y CONFIG_KVM=m CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m CONFIG_KVM_AMD_SEV=y CONFIG_KVM_XEN=y CONFIG_KVM_MMU_AUDIT=y $ sudo lsmod | grep kvm kvm_intel 335872 0 kvm 1056768 1 kvm_intel irqbypass 16384 1 kvm $ LC_ALL=C lscpu | grep Virtualization Virtualization: VT-x It seems to meet the requirements, so I proceeded with the installation as follows: pacman -Syu virt-manager virt-manager virt-viewer libvirt iptables-nft dnsmasq openbsd-netcat qemu libguestfs And I did the initial basic setup: btrfs su cr /var/lib/libvirt/images chattr +C /var/lib/libvirt/images systemctl enable --now libvirtd gpasswd -a myuser libvirt I downloaded a cloud-init image from: https://mirror.pkgbuild.com/images/latest/ Specifically, I downloaded Arch-Linux-x86_64-cloudimg-20211001.0.qcow2 I checked the basic libvirt functionality: # virsh -c qemu:///system Welcome to virsh, the virtualization interactive terminal. $ virsh -c qemu:///session Welcome to virsh, the virtualization interactive terminal. $ virsh version Compiled against library: libvirt 7.8.0 Using library: libvirt 7.8.0 Using API: QEMU 7.8.0 Running hypervisor: QEMU 6.1.0 $ virsh version --daemon Compiled against library: libvirt 7.8.0 Using library: libvirt 7.8.0 Using API: QEMU 7.8.0 Running hypervisor: QEMU 6.1.0 Running against daemon: 7.8.0 I made my user-data and meta-data text files following the outline given at the link above. meta-data contents (changed to reflect that I'm installing Arch, not rhel8): instance-id: arch1 local-hostname: arch1 cloud-config contents: #cloud-config preserve_hostname: False hostname: arch1 fqdn: arch1.domain.com users: - default - name: myuser groups: ['wheel'] shell: /bin/bash sudo: ALL=(ALL) NOPASSWD:ALL ssh-authorized-keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAxxxxxxxxxxxxxxxxvQUbMq3jt19HflOtAy1EPBmKw SSH Login key for user output: all: ">> /var/log/cloud-init.log" ssh_genkeytypes: ['ed25519', 'rsa'] ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAxxxxxxxxxxxxxVvQUbMq3jt19HflOtAy1EPBmKw (same actual key as above) timezone: Asia/Kolkata # Test first before removing cloud-init #runcmd: #- systemctl stop systemd-networkd.service && systemctl start systemd-networkd.service #- pacman -Rsn --noconfirm cloud-init I made those two files into an iso image: genisoimage -output cidata.iso -V cidata -r -J user-data meta-data I created a base image and an image to hold the changes: qemu-img create -b arch1.qcow2 -f qcow2 -F qcow2 arch1-live.img 50G Then I ran this command (and I guessed at some of the parameters, like the network and graphics): virt-install --connect qemu:///system --name=arch1 --ram=4096 --vcpus=2 --import --disk path=arch1-live.img,format=qcow2 --disk path=cidata.iso,device=cdrom --os-type=linux --os-variant=archlinux --network default,model=virtio --graphics spice --network user --virt-type kvm As stated, the problem I'm having now is that I cannot ssh into the domain (vm). Also, I cannot login via the console. Here are a few things I checked: $ virsh -c qemu:///system list --all Id Name State ---------------------------- 5 arch1 running $ virsh -c qemu:///system net-dhcp-leases default Expiry Time MAC address Protocol IP address Hostname Client ID or DUID ------------------------------------------------------------------------------------------------------------------------------------------------- 2021-10-18 12:02:57 52:54:00:1a:27:a4 ipv4 192.168.121.167/24 archlinux ff:56:50:4d:98:00:02:00:00:ab:11:b3:28:6f:a2:c3:2c:09:08 SSH is asking for a password when I try to ssh into it. This made me wonder if the customizations in my cidata.is (user-data) were applied, but it seems maybe they were from this domstats output: virsh # domstats arch1 Domain: 'arch1' state.state=1 state.reason=1 block.0.path=/var/lib/libvirt/images/arch1/arch1-live.img block.1.path=/var/lib/libvirt/images/arch1/cidata.iso If that info was applied, I should be able to ssh into the domain without a password, but I can't. Checked a few more things: virsh # domcontrol arch1 ok virsh # domiflist arch1 Interface Type Source Model MAC ------------------------------------------------------------- vnet4 network default virtio 52:54:00:1a:27:a4 - user - virtio 52:54:00:1a:62:a6 virsh # domif-getlink arch1 52:54:00:1a:27:a4 52:54:00:1a:27:a4 up virsh # domifaddr arch1 vnet4 Name MAC address Protocol Address ------------------------------------------------------------------------------- vnet4 52:54:00:1a:27:a4 ipv4 192.168.121.167/24 And I don't see any log messages here: $ ls /var/log/cloud-init.log ls: cannot access '/var/log/cloud-init.log': No such file or directory

Is it possible that BalancerMember retries connection? Posted: 18 Oct 2021 11:33 AM PDT We are using apache2 Proxy balancer and we have setup like this: <Proxy balancer://app_server_1 maxattempts=10> BalancerMember http://127.0.0.1:5033 </Proxy> Is it possible to setup this balancer to retry connection to http://127.0.0.1:5033 and does sleep for 10 seconds or so each time it fails to connect. Sometime like try sleep for 10 seconds after each attempt to connect?

quickly tar/zip/group 15mil files into one for archival purposes Posted: 18 Oct 2021 09:11 AM PDT i have a backup directory on a corp nas that contains something like 15million + files - large corporation 365 back up i need to migrate all this into s3 then glacier - going by individual files the transfer would have taken something like 81 days - so i figured i'd batch all the files into a tar and the split the tar in 500mb chunks - since its deep storage it won't need to be access - and it will only have to move larger files instead of each transaction for a 30kb file currently i'm just straight - tar cvf ex1.tar ex1/ is there a quicker way to batch all these up - i don't care about compression - just want it done quickly - presently its been going for three days and i'm only at 600gb i'm doing this on a synology nas - so its not a powerhouse of a machine

Copying file between machines without uploading my private key Posted: 18 Oct 2021 09:41 AM PDT I have SSH access to two machines which I want to copy a big file between them. I also have sudo privileges, but I do not wish in any way to upload my private key file to one of the machines to login from number 1 to number 2. What do you think?

Managing ssl ciphersuites in Linux Posted: 18 Oct 2021 09:18 AM PDT Are the ciphersuites and encryption protocols allowed by an application managed only at the application, or can they be managed at the OS level? Note: My experience with ssl is at the application level, not the os. I have a vulnerability report stating that a particular app supports insecure cipher suites and deprecated protocols. I spoke with the application owner and he states that we should be able to disable all of this at the OS level. So, I'd like to confirm: Can these be managed at the OS level, or are they managed at the application level? I have my thoughts, but I'd like to hear from those who know more about this than I do and get an idea of best practices. Thank you!

sudo apt-get update Error writing to output file - write (28: No space left on device) [IP:] Posted: 18 Oct 2021 10:14 AM PDT I am not a linux admin by no means and I cant seem to figure this one out. So I am ultimately trying to perform an update but running into a "Error writing to output file - write (28: No space left on device) [IP:]" NOTE: This is a new install of linux and the df -H is written below. Filesystem Size Used Avail Use% Mounted on udev 17G 0 17G 0% /dev tmpfs 3.4G 2.2M 3.4G 1% /run /dev/sda3 11G 7.2G 2.3G 76% / tmpfs 17G 0 17G 0% /dev/shm tmpfs 5.3M 0 5.3M 0% /run/lock tmpfs 17G 0 17G 0% /sys/fs/cgroup /dev/sda4 7.0G 6.9G 0 100% /var /dev/loop1 105M 105M 0 100% /snap/core/11743 /dev/sda2 270G 1.2G 255G 1% /home /dev/sda1 2.0G 326M 1.6G 18% /boot /dev/sda6 252M 5.5M 247M 3% /boot/efi tmpfs 3.4G 173k 3.4G 1% /run/user/1000 /dev/loop3 105M 105M 0 100% /snap/core/11798 I have performed sudo apt-get autoclean / clean and have used bleachbit. Although I do not fully comprehend what these files are I have used disk analyzer and have found that the following file paths are full or nearing at capacity for memory: # (I believe this may be the culprit but not 100%) is there anyway # to increase this folder? Seems small. /var/lib/flatpak/repo/objects /usr/lib/x86_64-linux-gnu/dri # is this typical to max out of memory? # Do I need to make adjustments to my network? /usr/lib/modules/5.11.0-37-generic/kernal/drivers/net/ethernet/mellanox/mix5/core/mix5_cor.ko Here is the lnode output for reference: Filesystem Inodes IUsed IFree IUse% Mounted on udev 4096256 669 4095587 1% /dev tmpfs 4107845 1191 4106654 1% /run /dev/sda3 625856 333836 292020 54% / tmpfs 4107845 1 4107844 1% /dev/shm tmpfs 4107845 2 4107843 1% /run/lock tmpfs 4107845 18 4107827 1% /sys/fs/cgroup /dev/sda4 438048 124688 313360 29% /var /dev/loop1 12844 12844 0 100% /snap/core/11743 /dev/sda2 16785408 15314 16770094 1% /home /dev/sda1 124928 316 124612 1% /boot /dev/sda6 0 0 0 - /boot/efi tmpfs 4107845 151 4107694 1% /run/user/1000 /dev/loop3 12845 12845 0 100% /snap/core/11798 Is there something I am not seeing? I am unable to update or install anything currently because of this issue. What can I do to fix these space issues? UPDATE: So this just happened when I tried to reboot my machine let me know if this is clear. I am unable to get to terminal. It does not respond to my key commands.

Fetch partial data from JSON Format data by jq Posted: 18 Oct 2021 10:38 AM PDT I have a sample JSON format data [ { "info":{ "disk_num":"2", "hostname":"hostA", "net":[ "eth0", "eth1" ], "software":{ "version":"1.0.0", "build_date":"2021-10-08", "commit":"bfdaee" }, "kernel":"5.0.0" }, "ip":"10.240.82.192", "status":"PASS" }, { "info":{ "disk_num":"2", "hostname":"hostA", "net":[ "eth0", "eth1" ], "software":{ "version":"1.0.0", "build_date":"2021-10-08", "commit":"bfdaee" }, "kernel":"5.0.3" }, "ip":"10.240.82.193", "status":"PASS" }, { "info":{ "disk_num":"5", "hostname":"hostB", "net":[ "eth0", "eth1" ], "software":{ "version":"1.0.2", "build_date":"2021-10-11", "commit":"935678" }, "kernel":"5.0.1" }, "ip":"10.240.82.194", "status":"PASS" } ] I want to get partial data and construct another json FORMAT Like [ { "IP": "10.240.82.192", "STATUS": "PASS", "SOFTWARE": "1.0.0", "KERNEL": "5.0.0" }, { "IP": "10.240.82.193", "STATUS": "PASS", "SOFTWARE": "1.0.0", "KERNEL": "5.0.3" }, { "IP": "10.240.82.194", "STATUS": "PASS", "SOFTWARE": "1.0.2", "KERNEL": "5.0.1" } ] I have tried this command (I have saved sample data to json.data) cat json.data|jq -r '{IP:.[].ip,STATUS:.[].status,SOFTWARE:.[].info.software.version,KERNEL:.[].info.kernel}' It didn't work I wonder to know the correct cli command to get what I want Thanks very much

Is there any reason why /proc/*/cmdline is world-readable? Posted: 18 Oct 2021 10:37 AM PDT Maybe I haven't had enough coffee yet today, but I can't remember or think of any reason why /proc/PID/cmdline should be world-readable - after all, /proc/PID/environ isn't. Making it readable only by the user (and maybe the group. and root, of course) would prevent casual exposure of passwords entered as command-line arguments. Sure, it would affect other users running ps and htop and the like - but that's a good thing, right? That would be the point of not making it world-readable.

Change restart settings based on ExecCondition Posted: 18 Oct 2021 08:48 AM PDT I have a bunch of services that have the same service file that changes based on the parameter. Something like this: [Unit] Description=device_bridge instance %i # Rate limit for restarts applies to both 'voluntary' and 'involuntary' restarts: # no more than 5 restarts per day. StartLimitIntervalSec=1d StartLimitBurst=5 Requires=device_socat@%i.service After=device_socat@%i.service [Service] Type=simple ExecCondition=/bin/config_query -a device_bridge -i %i ExecStart=/bin/device_bridge -i %i Restart=always RestartSec=5 [Install] WantedBy=multi-user.target The application ran in ExecCondition checks the system configuration file to see if this service should be running. I also need it to be restarted (up to 5 times) if ti crashes. However, if ExecCondition returns 1 (no need to run) systemd still restarts it. Is there any way not to restart if ExecCondition is set to 1? systemd 245 (245.4-4ubuntu3.2)

Systemd service echo and ping does not work on startup Posted: 18 Oct 2021 10:48 AM PDT I created a simple oneshoot systemd service file on a Raspberry Pi which starts up on boot and logs a specific journal namespace and some dmesg locally to a file. Executing the script locally as a test seems to work, but the automatic start has issues and does not work at all. test.service [Unit] Description=Test message After=multi-user.target [Service] Type=oneshot ExecStart=/data/test.sh StandardOutput=journal [Install] WantedBy=multi-user.target The system is rather simple, there is not much going on. Only root user is there. One temperature logger, which logs to journal and has a LogNamespace=temp_logger also starts with the system. I did not put it in the dependencies or somewhere else. Now when I execute the file test.sh with this content: #!/bin/bash echo $(date) TEST_DIR=/data/testdirectory mkdir -p $(TEST_DIR) journalctl -f --namespace=temp_logger > ${TEST_DIR}/journaltemp.log & dmesg -w > ${TEST_DIR}/dmesg.log & It seems to work fine. No errors, nothing. Looks good. If I enable the service with systemctl enable test and reboot the system there seem to be some issues. The directory didnt get created and the log files are not there. (I deleted the ones from the test) When checking with systemctl status test I can see error messages that tell me, the command echo, mkdir etc. were not found. When I modify all calls from echo or mkdir etc. to /bin/echo and /bin/mkdir etc., it seems to work. I get the echo and the date and the directory. I checked all calls to binaries with the whichcommand and adapted the paths. However, the journal log seems not to work. The files are there but have no content (size 0) What exactly goes wrong there? Why do I need to give the absolute path to binaries ? Why does the journalctl not work?

Unable to change mouse sensitivity Posted: 18 Oct 2021 09:16 AM PDT System: Debian 11 Bullseye DE: XFCE or KDE There is only an acceleration slider in the mouse settings (acceleration only). And no acceleration profile or mode flags in xinput. Acceleration flags i have: libinput Accel Speed (301): 1.000000 libinput Accel Speed Default (302): 0.000000 libinput Accel Profiles Available (303): 1, 1 libinput Accel Profile Enabled (304): 1, 0 libinput Accel Profile Enabled Default (305): 1, 0 If I disable acceleration with xinput, I can't be able to change the sensitivity at all. Changing the DPI is not an option. I have several different mouses - same result. xset output: > xset q Keyboard Control: auto repeat: on key click percent: 0 LED mask: 00000002 XKB indicators: 00: Caps Lock: off 01: Num Lock: on 02: Scroll Lock: off 03: Compose: off 04: Kana: off 05: Sleep: off 06: Suspend: off 07: Mute: off 08: Misc: off 09: Mail: off 10: Charging: off 11: Shift Lock: off 12: Group 2: off 13: Mouse Keys: off auto repeat delay: 500 repeat rate: 20 auto repeating keys: 00ffffffdffffbbf fadfffefffedffff 9fffffffffffffff fff7ffffffffffff bell percent: 50 bell pitch: 400 bell duration: 100 Pointer Control: acceleration: 2/1 threshold: 4 Screen Saver: prefer blanking: yes allow exposures: yes timeout: 600 cycle: 600 Colors: default colormap: 0x20 BlackPixel: 0x0 WhitePixel: 0xffffff Font Path: /usr/share/fonts/X11/misc,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins DPMS (Energy Star): Standby: 600 Suspend: 0 Off: 900 DPMS is Enabled Monitor is On

Connecting Linux to Yaesu FT3D via bluetooth for audio Posted: 18 Oct 2021 09:40 AM PDT I'm looking to connect my Yaesu FT3D ham radio to a Linux laptop via bluetooth. I understand it only does audio over bluetooth, but for my use case that's acceptable. My end goal is to run direwolf and do packet radio. I assume I'm limited to 1200bps since the FT3D doesn't expose the 9600 bps internal TNC it uses for APRS (when configured for 9600). With no PTT control I'll be limited to either RX only, or using VOX. So how do I do this? I assume there's a series of commands that will make it show up like a sound device on Linux?

VNC too many authentication failures error - Fail2ban Posted: 18 Oct 2021 10:48 AM PDT On a Debian 11 server with Xtightvnc, I am getting a lot of "too many authentication failures" messages. I would like to put fail2ban to block unauthorized users who try to login into my server via VNC. But I can't find a rule that works. The rules I find are old and don't work with the log. 14/10/21 20:37:43 Got connection from client 209.141.49.123 14/10/21 20:37:43 Using protocol version 3.3 14/10/21 20:37:43 Too many authentication failures - client rejected 14/10/21 20:37:43 Client 209.141.49.123 gone 14/10/21 20:37:43 Statistics: 14/10/21 20:37:43 framebuffer updates 0, rectangles 0, bytes 0 I'm using iptables to release only my access ip, but I don't want this solution.

How to set NoAccel to disable i915 GPU from Xorg.conf (to avoid GPU hang) Posted: 18 Oct 2021 09:14 AM PDT I'm running Ubuntu on a new system with a GPU that uses the i915 kernel module. Unfortunately several times a week the gui crashes and dumps me to a terminal. journalctl shows the problem is: kernel: i915 0000:00:02.0: [drm] GPU HANG: ecode 12:1:859fddff, in budgie-wm I'm working on diagnosing the problem, but that's not my question today. Today I simply want to disable Xorg from using the GPU at all, so I can use Xorg without crashing. (I tried kernel parameter nomodeset which indeed disabled the GPU but then I couldn't even dim the screen backlight, so that's too extreme of a method for me. This is why I'm now looking at the Xorg layer.) I read from the ArchLinux wiki that sometimes GPU hanging can be solved by setting Option "NoAccel" "True" in Xorg.conf. That's what I want to try. There's some missing explanation, however. I think I should add this by creating a file under /etc/X11/xorg.conf.d/90-noaccel.conf. man xorg.conf explains that xorg.conf is organized into sections. What section should NoAccel go in? Maybe it should go in the Device section, but does that mean I have to put other lines in the same section to identify the device? And how can I tell whether NoAccel is recognized successfully in Xorg?

tar fails on symlinks when called as python subprocess Posted: 18 Oct 2021 09:08 AM PDT After upgrading my debian from buster to bullseye, my yocto build process fails in do_package: Function failed: perform_packagecopy with hundereds of messages like tar: ./dir/linkfile: Cannot change mode to rwxrwxrwx: No such file or directory (linkfile is any symbolic link in the directory). The actual copy action has been executed, the files and their symlinks are present with the expected mode settings. It looks like the symlink is copied before the file it points to and tar believes it needs to adapt the mode of the symlink, but gets an error, because the file the symlink is pointing to does not exist (but this is just an assumption). Unfortunally, I can't reproduce the error executing tar -cf - -C /full/path/image -p -S . | tar -xf - -C /full/path/package directly. This does not give any error. Just when executed as a python subprocess from out the yocto scripting hell, I get these errors. Just in case, the tar is $ tar --version tar (GNU tar) 1.34

GNU tar's "transform" option behaves inconsistently when pattern ends in "/" Posted: 18 Oct 2021 09:46 AM PDT I have come across the following strange behavior of GNU tar when using the --transform option to transform path elements: When I try to tar an entire sub-directory and want to transform the path to this directory, the transformation is not applied to the directory itself, but only to its content, when the transformation pattern explicitly contains the /. To reproduce: create a directory test-dir with dummy content: $ mkdir test-dir $ touch test-dir/test{1..50}.txt tar this directory with renaming of test-dir/ to transformed-dir/, and instruct tar to print the transformed names for checking: $ tar --transform="s,^test-dir/,transformed-dir/," --show-transformed-names -cvf test.tar test-dir test-dir/ transformed-dir/test25.txt transformed-dir/test29.txt transformed-dir/test47.txt ... As you can see, the directory itself is not renamed correctly, although the renaming works for all files within the directory. For comparison, use the same transformation but without the trailing /: $ tar --transform="s,^test-dir,transformed-dir," --show-transformed-names -cvf test2.tar test-dir transformed-dir/ transformed-dir/test25.txt transformed-dir/test29.txt transformed-dir/test47.txt ... Now, the directory itself is correctly renamed. The behavior doesn't change when the ^ anchor is omitted, and is independent on whether the directory to be tarred is specified with or without trailing / on the command line. I wondered if the problem was that when the / is specified, in case of the directory the entire filename is subject to replacement. However, when specifying a transformation that would rename an entire file, that works correctly: $ tar --transform="s,^test-dir/test29.txt,transformed-dir/file.txt," --show-transformed-names -cvf test3.tar test-dir test-dir/ test-dir/test25.txt transformed-dir/file.txt test-dir/test47.txt ... So it really seems that the trailing / is the problem. Is this a feature, a bug, or did I somehow misunderstand the scope/syntax of the option? The tar version is GNU tar 1.28.

Stream video with ffmpeg to icecast? Posted: 18 Oct 2021 10:04 AM PDT Is there a simple way to stream video with ffmpeg into icesast? Source video is in video/x-matroska format. Streams themselves are in various formats (mpeg, vorbis, aac, etc.). I want ffmpeg to guess source on it's own and then trans-code it into anything playable by browsers "on the fly", keeping source resolution and aspect ratio. video/webm will do. I tried doing this (Including playing with output formats): ffmpeg -i source.mkv -vcodec libvpx -cpu-used -5 -deadline realtime -content_type video/webm\ icecast://source:hackme@localhost:8000/vstream.webm But stream is not playable and connections cause ffmpeg to terminate with following error: av_interleaved_write_frame(): Connection reset by peer Error writing trailer of icecast://source:hackme@localhost:8000/vstream.webm: Connection reset by peer Involving anything besides ffmpeg is fine, I just want it to work.

iptables-block-all-inbound-and-outbound except dns(port 53), teamviewer port(5938) and my server ip (port 80) Posted: 18 Oct 2021 11:09 AM PDT I´m trying to block all traffic using iptables, but I have some exceptions: DNS my own server (I'm only using port 80) Teamviewer (port 5938) port 5555 to allow adb connections At the moment I have these lines of code, but it is not working as I need: // Allow my own server - this seems to work iptables -A INPUT -s 1.1.1.1 -j ACCEPT iptables -A OUTPUT -d 1.1.1.1 -j ACCEPT // Allow DNS requests - dont know if it´s correct iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT // Allow Teamviewer - same as above - dont know if it´s correct iptables -A INPUT -p tcp --dport 5938 -j ACCEPT iptables -A OUTPUT -p tcp --dport 5938 -j ACCEPT iptables -A OUTPUT -p udp --dport 5938 -j ACCEPT iptables -A INPUT -p udp --dport 5938 -j ACCEPT // Allow ADB - same as above - dont know if it´s correct iptables -A INPUT -p tcp --dport 5555 -j ACCEPT iptables -A OUTPUT -p tcp --dport 5555 -j ACCEPT iptables -A OUTPUT -p udp --dport 5555 -j ACCEPT iptables -A INPUT -p udp --dport 5555 -j ACCEPT // Block all other requests iptables -P INPUT DROP iptables -P OUTPUT DROP Teamviewer won't connect, nor the name resolution works, adb doesn't connect either. There is something wrong there, don't really know what. Only thing working is the connection to my own server if I hardcode the domain at /etc/hosts. Can one of the iptables gurus here help me out?

Bash: How can I replace a string in a previous command? Posted: 18 Oct 2021 10:19 AM PDT I need to replace a word in line or URL but I need to do it from command line/terminal. I mean $ ./myscript.sh xxx.xxx.xxx.xxx:8080/code -c code1 -t query Now from there, without going back, I need to replace code1 with mycode or some other string.

How to make grub-mkconfig work on a usb device? Posted: 18 Oct 2021 09:04 AM PDT AFAIK grub-mkconfig and grub-update/update-grub commands only run on the device that they are installed on. I want to run the commands on a usb drive, but I don't know how to install them on the usb I can't make the ones that are installed on my computer to run on usb(i.e they should update the usb's grub.cfg file) How can I do either of them? BTW I am using manjaro KDE

Test integrity of ZIP file? Posted: 18 Oct 2021 08:58 AM PDT Near as I can tell the zip -T option only determines if files can be extracted -- it doesn't really test the archive for internal integrity. For example, I deliberately corrupted the local (not central directory) CRC for a file, and zip didn't care at all, reporting the archive as OK. Is there some other utility to do this? There's a lot of internal redundancy in ZIP files, and it would be nice to have a way of checking it all. Of course, normally the central directory is all you need, but when repairing a corrupted archive often all you have is a fragment, with the central directory clobbered or missing. I'd like to know if archives I create are as recoverable as possible.

Give server access to Internet, via client connecting by SSH Posted: 18 Oct 2021 09:05 AM PDT I can use my home computer A to connect by SSH to a server B where access to the external network is blocked. In other words, all requests to Internet from B throw an error: Network is unreachable. Can I redirect all these requests to pass through the computer A which has an unrestricted access to Internet? Server B is a server which hosts one of my website. I want to download files in order to install some software. But the connection is blocked. I was able to transfer files but it was complicated because the software versions are different on A and B, so the dependencies where different and it required different files on A and B. I searched on Internet and it seems that I need a reverse tunnel. But I only found solutions where a port is redirected. But it's not what I need since I don't want B to access to A but to Internet.

Is it safe to add . to my PATH? How come? Posted: 18 Oct 2021 09:07 AM PDT I've seen people mention in other answers that it's a bad idea to include the current working directory ('.') in your $PATH environment variable, but haven't been able to find a question specifically addressing the issue. So, why shouldn't I add . to my path? And if despite all warnings I do it anyway, what do I have to watch out for? Is it safer to add it to the end than to the the start?

Bash script that reads filenames from a pipe or from command line args? Posted: 18 Oct 2021 10:44 AM PDT I want my script to read a bunch of filenames (which may have spaces) given either as a glob or from STDIN and do stuff with them. I've been able to read either way separately, but not combine them. This reads globs from the command line: for filename in "$@"; do process_file "$filename" done And this reads from STDIN: IFS=$'\n' read -d '' -r -a filenames for filename in "${filenames[@]}"; do process_file "$filename" done What I really want is to read from either one into an array so I don't have to duplicate my entire for filename in... loop twice. Sorry if this is obvious, I'm new to BASH. EDIT: I think the best thing would be to read from args if they're given, and otherwise wait for STDIN. How would I do that? EDIT: OK, the problem isn't what I thought it was. The problem is that process_file also asks for user input. Is there are way to read from STDIN until EOF, store that, and then start asking for input again?

How can I detect when a monitor is plugged in or unplugged? Posted: 18 Oct 2021 09:26 AM PDT Is there any event that is triggered when I plug in or out an external monitor into the DisplayPort of my laptop? ACPID and UDEV don't react at all. I'm using onboard graphics on an intel chip. Here is a similar discussion which is already a couple of years old. I don't want to use polling but I need to have some configuration that set's the display settings automatically depending on if the display is connected.

How do I change folder timestamps recursively to the newest file? Posted: 18 Oct 2021 09:05 AM PDT I was wondering if anyone knows how to change the timestamps of folders recursively based on the latest timestamp found of the files in that folder. So for example: jon@UbuntuPanther:/media/media/MP3s/Foo Fighters/(1997-05-20) The Colour and The Shape$ ls -alF total 55220 drwxr-xr-x 2 jon jon 4096 2010-08-30 12:34 ./ drwxr-xr-x 11 jon jon 4096 2010-08-30 12:34 ../ -rw-r--r-- 1 jon jon 1694044 2010-04-18 00:51 Foo Fighters - Doll.mp3 -rw-r--r-- 1 jon jon 3151170 2010-04-18 00:51 Foo Fighters - Enough Space.mp3 -rw-r--r-- 1 jon jon 5004289 2010-04-18 00:52 Foo Fighters - Everlong.mp3 -rw-r--r-- 1 jon jon 5803125 2010-04-18 00:51 Foo Fighters - February Stars.mp3 -rw-r--r-- 1 jon jon 4994903 2010-04-18 00:51 Foo Fighters - Hey, Johnny Park!.mp3 -rw-r--r-- 1 jon jon 4649556 2010-04-18 00:52 Foo Fighters - Monkey Wrench.mp3 -rw-r--r-- 1 jon jon 5216923 2010-04-18 00:51 Foo Fighters - My Hero.mp3 -rw-r--r-- 1 jon jon 4294291 2010-04-18 00:52 Foo Fighters - My Poor Brain.mp3 -rw-r--r-- 1 jon jon 6778011 2010-04-18 00:52 Foo Fighters - New Way Home.mp3 -rw-r--r-- 1 jon jon 2956287 2010-04-18 00:51 Foo Fighters - See You.mp3 -rw-r--r-- 1 jon jon 2730072 2010-04-18 00:51 Foo Fighters - Up in Arms.mp3 -rw-r--r-- 1 jon jon 6086821 2010-04-18 00:51 Foo Fighters - Walking After You.mp3 -rw-r--r-- 1 jon jon 3033660 2010-04-18 00:52 Foo Fighters - Wind Up.mp3 The folder "(1997-05-20) The Colour and The Shape" would have its timestamp set to 2010-04-18 00:52.

You are subscribed to email updates from Recent Questions - Unix & Linux Stack Exchange. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States