Recent Questions - Unix & Linux Stack Exchange

---

• How update centos repositories?
• what is icl-twobase1 service
• SSH transparent jump to next server
• Is pam_krb5 affected by Active Directory kerberos changes due to CVE-2021-42287?
• Would the process running as pid 1 ignore job controll signals by default?
• Black screen after sddm login into kde
• Diff says that files differ after copying them with cp -a
• After=multi-user.target and others not working in a systemd service
• Common function to handle piped stdin and positional arguments in bash script
• Stuck with Low Resolution on Newer Kernels
• Why aren't some flags accepted by rsync?
• On a system, can two CAN ports have the same CAN-ids?
• VXLAN interface disappears
• How do i convert iptables rules to nftables rules?
• Need to add second enclosure string not present in a csv file column
• Log for each function that start and ends in a script
• root filesystem on usb drive
• Why does ethernet interface stop after anacron job(Debian Bullseye)?
• Stop command in ssh session without exiting ssh
• Debian buster upgrade renamed all interfaces to renameX
• How to use column with tput colors?
• Keyboard switching doesn't work in xfce4 in any sense
• How to echo multiple lines into email body while using mail command in linux?
• Strongswan VPN not working unless pinging out manually
• CUPS stops printing right after a while
• How to list "only" startup applications through the terminal on Fedora 24
• make find fail when nothing was found
• fail2ban works fine on bad SSH attempts, but fails on bad Apache2 attempts

How update centos repositories? Posted: 08 Mar 2022 09:10 AM PST How could be possible to update all yum repositories in /etc/yum.repos.d/ directory? Is this command is right for this purpose? yum update repolist or yum repolist all

what is icl-twobase1 service Posted: 08 Mar 2022 08:35 AM PST On one of my EC2 instance (RHEL) on AWS, there is a service called icl-twobase1 running on port 25000. Does anyone know what that service is?

SSH transparent jump to next server Posted: 08 Mar 2022 08:27 AM PST Is it possible to somehow redirect the SSH connection depending on the user? For example I have 3 machines proxy, host1, host2 And I would like the user john logging into proxy (ssh john@proxy_ip) automagically logging into host1 user alice (ssh alice@proxy_ip) automagically logged into host2 Users are not supposed to know where they are redirected. so ssh -J john@proxy_ip john@host1 is not a solution Does ssh have these options? Any suggestions?

Is pam_krb5 affected by Active Directory kerberos changes due to CVE-2021-42287? Posted: 08 Mar 2022 08:13 AM PST I use pam_krb5 to authenticate Linux users against a Microsoft Active Directory. Due to CVE-2021-42287, Microsoft is pushing out updates that will change the way kerberos works in AD. Microsoft's description of the problem and mitigation is here: https://support.microsoft.com/en-gb/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 The update will set PacRequestorEnforcement to 1 in Active Directory, causing AD to add "new information about the original requestor to the PACs of Kerberos Ticket-Granting Tickets". I see that these changes have an impact on Linux computers that join an AD domain: https://access.redhat.com/discussions/6645871 but it's not clear to me whether these changes will affect pam_krb5. Has anyone tested this?

Would the process running as pid 1 ignore job controll signals by default? Posted: 08 Mar 2022 08:04 AM PST When I invoke bash as pid 1 (as init) directly, as the result it will issue something like this before prompting : bash: cannot set terminal process group (-1): Inappropriate ioctl for device bash: no job control in this shell and any signal (e.g Ctrl-Z, Ctrl-C) doesn't work. To solve this issue, I writed a simple program 'init1.c' as following: /* init1.c */ #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <fcntl.h> int main(int argc, char **argv) { char *options[] = {"--login", NULL}; int fd = -1; /* Make bash as session leader. */ if (setsid() == -1) { perror("setsid() : "); exit(EXIT_FAILURE); } /* Make tty1 as controlling terminal of bash. */ fd = open("/dev/tty1", O_RDWR); if (fd == -1) { perror("open() : "); exit(EXIT_FAILURE); } execv("/bin/bash", options); } compiled it as init1, then invoked it as pid 1 (e.g finally bash running as pid 1, the preceding errors disappear and some signals ( e.g Ctrl-c, Ctrl-\ ) work, but job control signals ( e.g Ctrl-Z ) still not. For making job control signals working, I revised the code above as following ( init2.c ): /* init2.c */ #include <stdio.h> #include <sys/wait.h> #include <unistd.h> #include <stdlib.h> #include <fcntl.h> int main(int argc, char **argv) { char *options[] = {"--login", NULL}; int fd = -1; int tty_fd = -1; fd = fork(); if (fd < 0) { perror("fork()"); exit(EXIT_FAILURE); } /* Parent */ if (fd > 0) { while (wait(NULL) > 0); } /* Child */ if (setsid() == -1) { perror("setsid() : "); exit(EXIT_FAILURE); } tty_fd = open("/dev/tty1", O_RDWR); if (tty_fd == -1) { perror("open() : "); exit(EXIT_FAILURE); } execv("/bin/bash", options); } compiled it as init2 and invoked as pid 1 ( e.g finally bash running as arbitrary pid other than 1 ), this time the job controll signals work. I don't figure out why the job controll signals work in init2 but not init1, would the process running as pid 1 ignore job controll signals by default ?

Black screen after sddm login into kde Posted: 08 Mar 2022 07:09 AM PST After installing Archlinux and reboot I can see sddm login screen. After login I see KDE logo for a while then there is just black screen and mouse pointer. I guess installing wrong graphics driver causing the issue. How to fix this issue?

Diff says that files differ after copying them with cp -a Posted: 08 Mar 2022 06:23 AM PST I have a flash drive which I backed up onto a disk with the following command: cp -a /media/user/flashDrive /home/user/Documents/flashBackup Now I just wanted to quickly check if the files were copied correctly with the following command: diff -r -q /home/user/Documents/flashBackup /media/user/flashDrive However, diff tells me that some "Files" and "Binary files" differ. From manually checking the affected files, they seem to be the same although the checksums of both files actually differ. The target filesystem is ext4, the source filesystem is vfat. How can this be? Is there something which cp -a doesn't preserve while copying? Is there a better way to archive files while preserving everything (timestamps, permissions etc.)?

After=multi-user.target and others not working in a systemd service Posted: 08 Mar 2022 08:10 AM PST I have a service that works if I run it manually with: sudo -u michael systemctl start updatecontinue.service ... but it fails when running at boot. So I suspect it might be a timing issue. I am trying to make the service run as late as possible. How does one know what item is valid to be used for Before/After/Requires? Are they all valid? E.g. After=multi-user.target is not working, when I look at a plot with systemd-analyze plot > ~/plot.svg; I see its my service is starting before, not after the specified target: Here you can see updatecontinue is before multi-user.target: Here is updatecontinue.service: [Unit] Description=Check if an update is halfway through, if yes, then update/enable OverlayFS/reboot [Service] # Don't pause system boot up for this, as update can be quite long process (10s) Type=simple ExecStart=/home/michael/.venv/terminal/bin/python3 /home/michael/terminal/script/update.py --check After=multi-user.target Requires=multi-user.target User=michael [Install] # systemd works on dependencies, and at boot time, if nothing Requires or Wants your service, it won't be started even if the service is enabled. # WantedBy does not define the order WantedBy=multi-user.target NOTE Even if I set after to: After=dhcpcd.service systemd-update-utmp-runlevel.service systemd-timesyncd.service It still does not delay it. For interest's sake This is part of the sript it runs, and falls over on the marked line, so I know its starting: def git_noninteractive_update(): if not Hw.DEV: print('Git stash...') subprocess.check_call(['git', '-C', CHECKOUT_DPATH, 'stash']) set_github_fingerprint() print('Git pull...') cmds = [] # eval is a special bash thing that does not work with python, required for ssh-add cmds.append('eval "$(ssh-agent -s)"') # Deploy key does not have password, but cannot push with it (readonly) cmds.append(f'ssh-add {HOME_DPATH}/.ssh/terminal_github_deploy_key') cmds.append(f'git -C {CHECKOUT_DPATH} pull') cmd = ' ; '.join(cmds) subprocess.check_call(cmd, shell=True) # <------ Here it fails at boot, but not when manually started With error (purpose is just to illustrate it starts): Mar 08 14:19:28 5153F344 python3[382]: continue_update() Mar 08 14:19:28 5153F344 python3[382]: File "/home/michael/terminal/script/update.py", line 90, in continue_update Mar 08 14:19:28 5153F344 python3[382]: git_noninteractive_update() Mar 08 14:19:28 5153F344 python3[382]: File "/home/michael/terminal/script/update.py", line 85, in git_noninteractive_update Mar 08 14:19:28 5153F344 python3[382]: subprocess.check_call(cmd, shell=True) Mar 08 14:19:28 5153F344 python3[382]: File "/usr/lib/python3.9/subprocess.py", line 373, in check_call Mar 08 14:19:28 5153F344 python3[382]: raise CalledProcessError(retcode, cmd) Mar 08 14:19:28 5153F344 python3[382]: subprocess.CalledProcessError: Command 'eval "$(ssh-agent -s)" ; ssh-add /home/michael/.ssh/terminal_git> Mar 08 14:19:28 5153F344 systemd[1]: updatecontinue.service: Main process exited, code=exited, status=1/FAILURE Mar 08 14:19:28 5153F344 systemd[1]: updatecontinue.service: Failed with result 'exit-code'.

Common function to handle piped stdin and positional arguments in bash script Posted: 08 Mar 2022 08:04 AM PST My script works as below: ./script file1 file2 file3 ... -x -st -i or cat filelist.txt | ./script -x -st -i or ./script <<< "$(cat filelist) -x -st -i can someone help with common function that sets array from file names in case files are given by positional arguments or piped or redirection How can i cover all above cases in single shell script? Tried: input="$(</dev/stdin)" Arr_tmp+=("$@") if ! echo "${Arr_tmp[@]}" | grep 'file_regex'; then Array+=( $(echo "$input") ); else Array+=("$(echo "$@" | grep 'file_regex')"); fi or input="$(</dev/stdin)" IFS=$'\n' read -ra Array -d '' <<< "$(echo $input)" if [[ "${#Array[@]}" == 0 ]]; then Arr_tmp+=("$@") fi But nothing working Problem with above is when no stdin is piped script struck at read. Is there a way to prevent script from reading and fallback to argumemts if no stdin is piped??

Stuck with Low Resolution on Newer Kernels Posted: 08 Mar 2022 05:05 AM PST I have a system running Debian Sid with a Nvidia graphics card. On updating my kernal past 5.15.0-2 my resolution is locked to 1024x786. I've tried 5.15.0-3, 5.16.0-2, and 5.16.0-3 and they all have the same problem. My Nvidia driver version is 470.103.01-2 which is the latest as far as I can tell. Any advice on how to fix? I'm not even sure where to start looking to be honest. I can see that Nvidia has a later driver (510.54) on their website, do I just need to wait for that to be available in Sid? Thanks in advance for the help!

Why aren't some flags accepted by rsync? Posted: 08 Mar 2022 04:58 AM PST I tried to pass rsync -rutz --no-l --no-L --no-k --no-K --no-H $HOME/testdir /run/media/USER/HDD/ but it failed, telling me rsync: --no-L: unknown option. So I tried replacing --no-L with --no-copy-links, which failed as well. Two of the other flags didn't pass, either: --no-k and --no-K. Removing the mentioned flags worked, though. What I am trying to do is to copy dirs and its contents without copying any of the links (symlinks, hard links etc.) and without preserving their attributes (ownership, group, perms etc.). How can I do this?

On a system, can two CAN ports have the same CAN-ids? Posted: 08 Mar 2022 08:49 AM PST If a device with two CAN ports have the same CAN-id, will this cause trouble? The networks are separated for some reason, but the master should be the same for both networks.

VXLAN interface disappears Posted: 08 Mar 2022 09:11 AM PST I have a CentOS 7 server with a VXLAN interface connected to a bridge. The server is using the network service. NetworkManager is not installed. This /sbin/ifup-local script sets up the VXLAN interface after the bridge is up. #!/bin/bash # Set up VXLAN once cloudbr0 is available. if [[ "$1" == "cloudbr0" ]] then ip link add vxlan100 type vxlan id 100 dstport 4789 group "240.10.11.1" dev "eth0" brctl addif cloudbr0 vxlan100 ip link set up dev vxlan100 fi It works for a while, then the VXLAN interface disappears. I need help figuring out the cause and fix. I see this in /var/log/messages. Mar 7 18:20:37 cloudstack-worker-4 kernel: brvxlan100-100: port 2(vnet0) entered disabled state Mar 7 18:20:37 cloudstack-worker-4 kernel: device vnet0 left promiscuous mode Mar 7 18:20:37 cloudstack-worker-4 kernel: brvxlan100-100: port 2(vnet0) entered disabled state Mar 7 18:20:37 cloudstack-worker-4 libvirtd: 2022-03-07 18:20:37.544+0000: 85757: error : qemuMonitorIO:718 : internal error: End of file from qemu monitor Mar 7 18:20:37 cloudstack-worker-4 kvm: 0 guests now active Mar 7 18:20:37 cloudstack-worker-4 systemd-machined: Machine qemu-5-i-2-34-VM terminated. Mar 7 18:20:38 cloudstack-worker-4 java: libvirt: QEMU Driver error : Domain not found: no domain with matching uuid '32a413eb-7d54-4b63-bcea-4354c9649db9' (i-2-34-VM) Mar 7 18:20:38 cloudstack-worker-4 java: WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:) (logid:e71a1258) Groovy script '/etc/cloudstack/agent/hooks/libvirt-vm-state-change.groovy' is not available. Transformations will not be applied. Mar 7 18:20:38 cloudstack-worker-4 java: WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:) (logid:e71a1258) Groovy scripting engine is not initialized. Data transformation skipped. Mar 7 18:20:38 cloudstack-worker-4 kernel: cloudbr0: port 2(vxlan100) entered disabled state Mar 7 18:20:38 cloudstack-worker-4 kernel: device vxlan100 left promiscuous mode Mar 7 18:20:38 cloudstack-worker-4 kernel: brvxlan100-100: port 1(vxlan100.100) entered disabled state Mar 7 18:20:38 cloudstack-worker-4 kernel: brvxlan100-100: port 1(vxlan100.100) entered disabled state Mar 7 18:20:39 cloudstack-worker-4 ntpd[83942]: Deleting interface #23 brvxlan100-100, fe80::4890:56ff:fe85:3cb3#123, interface stats: received=0, sent=0, dropped=0, active_time=571 secs Mar 7 18:20:39 cloudstack-worker-4 ntpd[83942]: Deleting interface #22 vnet0, fe80::fc00:6bff:fe5b:1#123, interface stats: received=0, sent=0, dropped=0, active_time=571 secs Mar 7 18:20:39 cloudstack-worker-4 ntpd[83942]: Deleting interface #21 vxlan100.100, fe80::8c5:cff:fec1:2025#123, interface stats: received=0, sent=0, dropped=0, active_time=571 secs Mar 7 18:20:39 cloudstack-worker-4 ntpd[83942]: Deleting interface #14 vxlan100.179, fe80::8c5:cff:fec1:2025#123, interface stats: received=0, sent=0, dropped=0, active_time=1274 secs Mar 7 18:20:39 cloudstack-worker-4 ntpd[83942]: Deleting interface #7 vxlan100, fe80::8c5:cff:fec1:2025#123, interface stats: received=0, sent=0, dropped=0, active_time=264643 secs Mar 7 18:36:08 cloudstack-worker-4 java: INFO [cloud.agent.Agent] (Agent-Handler-2:) (logid:6fdfda4a) Lost connection to host: 10.11.0.2. Attempting reconnection while we still have 0 commands in progress. Mar 7 18:36:08 cloudstack-worker-4 java: INFO [utils.nio.NioClient] (Agent-Handler-2:) (logid:6fdfda4a) NioClient connection closed Mar 7 18:36:08 cloudstack-worker-4 java: INFO [cloud.agent.Agent] (Agent-Handler-2:) (logid:6fdfda4a) Reconnecting to host:10.11.0.2 Mar 7 18:36:08 cloudstack-worker-4 java: INFO [utils.nio.NioClient] (Agent-Handler-2:) (logid:6fdfda4a) Connecting to 10.11.0.2:8250 Mar 7 18:36:11 cloudstack-worker-4 java: ERROR [utils.nio.NioConnection] (Agent-Handler-2:) (logid:6fdfda4a) Unable to initialize the threads. Mar 7 18:36:11 cloudstack-worker-4 java: java.net.NoRouteToHostException: No route to host Running systemctl status network shows that the network service has a long uptime (much longer than the time since the interface disappeared). systemctl restart network successfully brings the missing interface back into existence. Then after some time, the interface disappears again. Any idea why the interface is disappearing? The other interfaces keep working. Is there a more reliable way to configure the interface? UPDATE Output from ip link after the interface disappears: [centos@cloudstack-worker-3 ~]$ ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 0e:e1:87:a2:92:db brd ff:ff:ff:ff:ff:ff 3: ethdummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master cloudbr0 state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 8a:9d:8a:91:9c:6e brd ff:ff:ff:ff:ff:ff 8: cloud0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 23: cloudbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 8a:9d:8a:91:9c:6e brd ff:ff:ff:ff:ff:ff Output from ip link after systemctl restart network brings the interface back: [root@cloudstack-worker-3 centos]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 0e:e1:87:a2:92:db brd ff:ff:ff:ff:ff:ff inet 10.10.67.48/18 brd 10.10.127.255 scope global dynamic eth0 valid_lft 2361sec preferred_lft 2361sec inet6 fe80::ce1:87ff:fea2:92db/64 scope link valid_lft forever preferred_lft forever 3: ethdummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master cloudbr0 state UNKNOWN group default qlen 1000 link/ether 8a:9d:8a:91:9c:6e brd ff:ff:ff:ff:ff:ff 8: cloud0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 169.254.0.1/16 scope global cloud0 valid_lft forever preferred_lft forever inet6 fe80::248d:90ff:fe51:1fa1/64 scope link valid_lft forever preferred_lft forever 23: cloudbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 6a:bb:e5:cb:8a:b1 brd ff:ff:ff:ff:ff:ff inet 10.11.0.13/16 brd 10.11.255.255 scope global cloudbr0 valid_lft forever preferred_lft forever inet6 fe80::889d:8aff:fe91:9c6e/64 scope link valid_lft forever preferred_lft forever 30: vxlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8951 qdisc noqueue master cloudbr0 state UNKNOWN group default qlen 1000 link/ether 6a:bb:e5:cb:8a:b1 brd ff:ff:ff:ff:ff:ff inet6 fe80::68bb:e5ff:fecb:8ab1/64 scope link valid_lft forever preferred_lft forever

How do i convert iptables rules to nftables rules? Posted: 08 Mar 2022 05:11 AM PST I was trying to figure out how to convert my iptables rules to nftables rules. I tried to convert iptables to nftables using the automated converter, but it didn't appear to work. PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT; ip6tables -A INPUT -s fd00:00:00::0/8 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -D INPUT -s 10.0.0.0/8 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT; ip6tables -D INPUT -s fd00:00:00::0/8 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT If you can improve the rules than please go for it, I want to specify ports, but I am not good with iptables nor nftables.

Need to add second enclosure string not present in a csv file column Posted: 08 Mar 2022 07:32 AM PST Second double quotes is missing in csv column. Looking for any ideas/ shell script for the below Find a specific column which is missing a ending double quotes. Add the missing double quotes at the end of the column. Sample data: 79,A138270382563593,QMGXA1752256,Open Up,"Barry Devorzon; 3,A263163706496582,QMGXA1727673,A Different Time (Full),"BruceChianese, VTAM;

Log for each function that start and ends in a script Posted: 08 Mar 2022 07:59 AM PST I'm starting to add log functions to gather lots of infos about self-service scripts for users in my University, and I would like to find a way to feed a log file each time a function starts and ends. For now, the obvious way I chose is a function such as: add2log() { printf "$(date)\tINFO\t%s\t%s\n" "$1" "$2" >>"$logPATH" } and for each function in my script, I will call add2log in the following way: anyFunction() { add2log "${FUNCNAME[0]}" "function started" ...some code add2log "${FUNCNAME[0]}" "function ended" } Do you guys ever implement this kind of idea? The way I described above feels pretty heavy. Would there be a way to make it automatic without having to manually call add2log twice in each function? See you! EDIT: thanks a lot for your replies. After some discussion, I found the solution that suits me best. I will share it in another post and add the link here.

root filesystem on usb drive Posted: 08 Mar 2022 05:06 AM PST I am trying to move my linux partition (ext4) to usb drive and boot from this drive and not my hdd. I have slackware64-14.2 with kernel 5.15.25 and usb driver (xhci) built in kernel. I have made the usb drive bootable (grub) but when i boot my usb drive is not recognized and i get kernel panic Kernel Panic - not syncing: VFS: Unable to mount root fs So i made a simple initramfs with no module and strangely my usb was recognized, mounted and i booted. But on boot, all my usb devices disconnect and reconnect. I am sure udev is doing this with this command: udevadm trigger --type=devices --action add I would be grateful if any one could help me with this. More specifically is there a way to disable udev not to disconnect only this device But if you believe my approach is wrong, please tell me how you would to do this. Thank you Edit 1: I couldnt do it with udev. so as workaround i build usb driver in kernel and it works.

Why does ethernet interface stop after anacron job(Debian Bullseye)? Posted: 08 Mar 2022 09:10 AM PST I am using USB wired modem to connect internet(over eth0 interface) in Debian Bullseye (uname -a >> Linux styx 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 GNU/Linux). Sometimes, my ethernet interface suddenly stops. Interestingly : I can ping to gateway(success), I can ping to 8.8.8.8(success), Interface seems up (I checked ip addr show) I restart interface by ifdown first, and then by ifup, nothing happened, ethernet interface name changed from eth0 to enxMACADDRESS, but still no internet connection. I checked the output of ip route, it was the same configuration as with eth0 when it was working. I checked the previous question&answers (such as no connection, etc.). I can ping to 8.8.8.8 but there is not internet(No ping to other IPs, such as openDNS's servers). There is no error about interface and it is up. Only I have to unplug and replug USB cable and then connection re-established. [ EDIT BEGIN ] After comments and answer, I checked the /var/log/syslog as Felicia stated as answer and I found that : Feb 21 11:40:30 localhost kernel: [ 3936.163162] usb-storage 3-5.4:1.2: USB Mass Storage device detected Feb 21 11:40:30 localhost kernel: [ 3936.167079] scsi host10: usb-storage 3-5.4:1.2 Feb 21 11:40:30 localhost mtp-probe: checking bus 3, device 18: "/sys/devices/pci0000:00/0000:00:1d.7/usb3/3-5/3-5.x" Feb 21 11:40:30 localhost mtp-probe: bus: 3, device: 18 was not an MTP device Feb 21 11:40:30 localhost systemd-udevd[5898]: Using default interface naming scheme 'v247'. Feb 21 11:40:30 localhost systemd-udevd[5898]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable. Feb 21 11:40:30 localhost kernel: [ 3936.225574] cdc_ether 3-5.x:1.0 enxXXXXXXXXXXXX: renamed from eth0 Feb 21 11:40:30 localhost mtp-probe: checking bus 3, device 18: "/sys/devices/pci0000:00/0000:00:1d.7/usb3/3-5/3-5.x" Feb 21 11:40:30 localhost mtp-probe: bus: 3, device: 18 was not an MTP device Feb 21 11:40:30 localhost systemd-udevd[5903]: Using default interface naming scheme 'v247'. Feb 21 11:40:30 localhost systemd-udevd[5903]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable. Feb 21 11:40:30 localhost systemd[1]: Found device 1024. Feb 21 11:40:30 localhost systemd[1]: Started ifup for enxXXXXXXXXXXXX. Feb 21 11:40:30 localhost dhclient[5931]: Internet Systems Consortium DHCP Client 4.4.1 Feb 21 11:40:30 localhost sh[5931]: Internet Systems Consortium DHCP Client 4.4.1 Feb 21 11:40:30 localhost dhclient[5931]: Copyright 2004-2018 Internet Systems Consortium. Feb 21 11:40:30 localhost sh[5931]: Copyright 2004-2018 Internet Systems Consortium. Feb 21 11:40:30 localhost dhclient[5931]: All rights reserved. Feb 21 11:40:30 localhost dhclient[5931]: For info, please visit https://www.isc.org/software/dhcp/ Feb 21 11:40:30 localhost sh[5931]: All rights reserved. Feb 21 11:40:30 localhost sh[5931]: For info, please visit https://www.isc.org/software/dhcp/ Feb 21 11:40:30 localhost dhclient[5931]: Feb 21 11:40:30 localhost dhclient[5931]: Listening on LPF/enxXXXXXXXXXXXX/X:X:X:X:X:X Feb 21 11:40:30 localhost sh[5931]: Listening on LPF/enxXXXXXXXXXXXX/X:X:X:X:X:X Feb 21 11:40:30 localhost sh[5931]: Sending on LPF/enxXXXXXXXXXXXX/X:X:X:X:X:X Feb 21 11:40:30 localhost sh[5931]: Sending on Socket/fallback Feb 21 11:40:30 localhost sh[5931]: DHCPREQUEST for 192.168.x.100 on enxXXXXXXXXXXXX to 255.255.255.255 port 67 Feb 21 11:40:30 localhost dhclient[5931]: Sending on LPF/enxXXXXXXXXXXXX/X:X:X:X:X:X Feb 21 11:40:30 localhost dhclient[5931]: Sending on Socket/fallback Feb 21 11:40:30 localhost dhclient[5931]: DHCPREQUEST for 192.168.9.100 on enxXXXXXXXXXXXX to 255.255.255.255 port 67 Feb 21 11:40:30 localhost dhclient[5931]: DHCPNAK from 192.168.x.1 Feb 21 11:40:30 localhost sh[5931]: DHCPNAK from 192.168.x.1 Feb 21 11:40:30 localhost avahi-autoipd(enxXXXXXXXXXXXX)[5947]: Found user 'avahi-autoipd' (UID 108) and group 'avahi-autoipd' (GID 116). Feb 21 11:40:30 localhost avahi-autoipd(enxXXXXXXXXXXXX)[5947]: Successfully called chroot(). Feb 21 11:40:30 localhost avahi-autoipd(enxXXXXXXXXXXXX)[5947]: Successfully dropped root privileges. Feb 21 11:40:30 localhost avahi-autoipd(enxXXXXXXXXXXXX)[5947]: Starting with address 169.254.4.147 Also I have found that there is a file in /run/ called /run/dhclient.enxXXXXXXXXXXXX.pid which includes 5931 which is the same number stated in above log. But, What I understood is that, the problem is due to error was that it changed my address to 169.254.4.147**, which means it kicks me that IP and I do not see network anymore. [ END OF EDIT] [SECOND EDIT] Ok, again failure occured this time I am ready to analyse it(I think :D). So, what I found this time are : I checked whether I can pinging to another IP other than 8.8.8.8 and but no success, 8.8.8.8 is still successful. I can not ping 169.254.4.147 (which seem an private IP I dropped to) too! Strange. I checked that /sys/clas/net/enxXXXXXXXXXXXX/carrier file to have a network or not, it said 1, so it gives me I am online. However, until unplug, I can not see none of the interface or network errors in /var/log/syslog(i.e. system logs). When I unplug and replugger USB cable, all of them revealed. I checked that /etc/resolv.conf is the same as before, i.e not changed after failure. I can still ping to 8.8.8.8 only, not to other addresses. [ END OF SECOND EDIT] Is there other ways/commands to check what is the root cause of the problem? How can I solve it without unplugging/replugging the cable?

Stop command in ssh session without exiting ssh Posted: 08 Mar 2022 05:47 AM PST I've a ssh session and I'm running a script. I want to terminate the script without exiting the ssh session. In a local PC I press Ctrl-C and the script stops, while if I press Ctrl-C in remote session I close the ssh session itself (and also the script in this case). How can I stop the script in remote shell without interrupting the ssh connection? EDIT: I connect with the usual ssh user@ip command, in a standard Ubuntu distribution, by using the git bash from windows. In my windows client the .ssh/config is the following one: Host 192.168.XXX.YYY HostName 192.168.XXX.YYY User auser ForwardAgent yes Host 192.168.XXX.ZZZ HostName 192.168.XXX.ZZZ User auser They are not related to the remote server that I'm using.

Debian buster upgrade renamed all interfaces to renameX Posted: 08 Mar 2022 06:21 AM PST Prior to upgrade they were named like: iface ens2f0 iface ens2f1 from original install. Now they are like: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: rename2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:1e:67:7c:84:2b brd ff:ff:ff:ff:ff:ff 3: eno0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 00:1e:67:7c:84:2c brd ff:ff:ff:ff:ff:ff 4: rename4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:1e:67:7c:84:2d brd ff:ff:ff:ff:ff:ff 5: rename5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:1e:67:7c:84:2e brd ff:ff:ff:ff:ff:ff They are Intel gigabit I350 adapters, so from lshw I have: *-network:0 DISABLED description: Ethernet interface product: I350 Gigabit Network Connection vendor: Intel Corporation physical id: 0 bus info: pci@0000:02:00.0 logical name: rename2 version: 01 serial: 00:1e:67:7c:84:2b size: 1Gbit/s capacity: 1Gbit/s width: 32 bits clock: 33MHz capabilities: pm msi msix pciexpress vpd bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=igb driverversion=5.4.0-k duplex=full firmware=1.48, 0x800006e7 latency=0 link=no multicast=yes port=twisted pair speed=1Gbit/s resources: irq:26 memory:d0960000-d097ffff ioport:2060(size=32) memory:d09b0000-d09b3fff memory:d0aa0000-d0abffff memory:d0a80000-d0a9ffff *-network:1 DISABLED description: Ethernet interface product: I350 Gigabit Network Connection vendor: Intel Corporation physical id: 0.1 bus info: pci@0000:02:00.1 logical name: eno0 version: 01 serial: 00:1e:67:7c:84:2c size: 1Gbit/s capacity: 1Gbit/s width: 32 bits clock: 33MHz capabilities: pm msi msix pciexpress vpd bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=igb driverversion=5.4.0-k duplex=full firmware=1.48, 0x800006e7 latency=0 link=no multicast=yes port=twisted pair speed=1Gbit/s resources: irq:39 memory:d0940000-d095ffff ioport:2040(size=32) memory:d09a0000-d09a3fff memory:d0a60000-d0a7ffff memory:d0a40000-d0a5ffff *-network:2 DISABLED ... I have installed firmware-linux-nonfree in case it was an firmware issue, but it worked fine on Debian Stretch. I don't understand how the logical names are/should be created here. I guess I could configure int rename2 as a static IP and just use it? Why is one named eno0 now? All four interfaces show disabled in lshw. Edit: added more detail I have also asked udevadmin what it thought: udevadm test-builtin net_id /sys/class/net/eno0 2>/dev/null ID_NET_NAMING_SCHEME=v240 ID_NET_NAME_MAC=enx001e677c842c ID_OUI_FROM_DATABASE=Intel Corporate ID_NET_NAME_ONBOARD=eno0 ID_NET_LABEL_ONBOARD=enPowerVille ID_NET_NAME_PATH=enp2s0f1 ID_NET_NAME_SLOT=ens2f1 So why doesn't Debian see that interface as ens2f1 instead of eno0? Edit 2: added solution from @telcoM vi /etc/systemd/network/20-builtins.link [Match] Path=pci-0000:02:* [Link] NamePolicy=slot Then restart and I get: kernel: [ 107.897834] igb 0000:02:00.1 ens2f1: igb: ens2f1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX Mar 30 11:56:45 host1 kernel: [ 107.897978] br1: port 1(ens2f1) entered blocking state Mar 30 11:56:45 host1 kernel: [ 107.897981] br1: port 1(ens2f1) entered forwarding state Mar 30 11:56:45 host1 kernel: [ 107.898129] IPv6: ADDRCONF(NETDEV_CHANGE): br1: link becomes ready Mar 30 11:56:46 host1 kernel: [ 108.093815] igb 0000:02:00.0 ens2f0: igb: ens2f0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX Mar 30 11:56:46 host1 kernel: [ 108.093957] br0: port 1(ens2f0) entered blocking state Mar 30 11:56:46 host1 kernel: [ 108.093960] br0: port 1(ens2f0) entered forwarding state I still get errors on boot bringing network up, can't find specific error in syslog, but my interfaces and bridges are up now! Thanks a lot @telcoM

How to use column with tput colors? Posted: 08 Mar 2022 06:14 AM PST Using tput colors seems to disturb the output of column. Why does this happen and more importantly is there a way around it? $ { echo "$(tput bold)foo$(tput sgr0)" "$(tput bold)bar$(tput sgr0)" echo bar foo } | column -t foo bar bar foo I have reproduced this issue on both macos and ubuntu 20.04 although it seems they both use BSD column

Keyboard switching doesn't work in xfce4 in any sense Posted: 08 Mar 2022 06:03 AM PST After playing with installing / uninstalling of KDE/GNOME/Mate I got a situation, where I can't switch keyboards in Xfce4 at all. Applet is configured normally and Keyboard layouts panel is showing Unfortunately, if I press specified shortcut (Ctrl-Shift) nothing happens (neither indicator changes, nor input changes). Also if I press indicator by mouse, it changes, but input doesn't change. What components can be lost here? What components of other desktops can interfere here? How to debug a situation?

How to echo multiple lines into email body while using mail command in linux? Posted: 08 Mar 2022 07:30 AM PST I have to send some list of file names (result of find command) into email body along with a message saying 'Below are list of files transfered'. How can I combine this message along with above find result into mail body. Ex: echo "Below are list of files transfered" | mail -s "$some_subject" $some_mail_id find . -maxdepth 1 -type f -name $(echo ${FILE_ARR[@]}| sed 's/ / -o -name /g') | \ mail -s "$some_subject" $some_mail_id I am able to individually do above commands, but cannot combine them into one. Please Help. Thank You.

Strongswan VPN not working unless pinging out manually Posted: 08 Mar 2022 06:01 AM PST We have successfully set up a strongswan vpn on our network to communicate with Google Cloud VPN. Sometimes we leave it idle for a while, let's say a night, that's when the issue appear. If I try to ping from Google to our network, it doesn't work, no packets are transmitted. If I try to ping from our side to Google, it works, and then the ping which was blocked on Google side starts working fine. It looks like StrongSwan enters in sleep mode on our side and wakes up only when I manually ping out, not when receiving packets. But I can't find any option in the doc to fix this, has anyone got this issue and fixed it somehow? EDIT: there is no firewall on our side which could explain this behaviour and on google side we can only set the IP range allowed to go through the firewall, nothing else. But since it uses their own VPN service to communicate with our strongswan server, I strongly doubt it comes from them. Here is what ipsec status returns before the issue on our side: net-net[72]: ESTABLISHED 113 minutes ago, 79.xxx.xxx.xxx[79.xxx.xxx.xxx]...146.xxx.xxx.xxx[146.xxx.xxx.xxx] net-net{255}: INSTALLED, TUNNEL, reqid 24, ESP SPIs: c5xxxxxx 4exxxxxx net-net{255}: 192.168.0.0/24 192.168.17.0/24 === 10.132.0.0/20 Here is what ipsec statusall returns after: Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-64-generic, x86_64): uptime: 22 days, since Feb 27 15:21:33 2017 malloc: sbrk 2568192, mmap 0, used 370288, free 2197904 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 11 loaded plugins: charon aes agent attr connmark constraints dnskey fips-prf gcm md4 openssl pem pgp pkcs1 pkcs12 pkcs7 pkcs8 pubkey rc2 resolve revocation sshkey test-vectors x509 xcbc sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown Listening IP addresses: 192.168.17.205 79.xxx.xxx.xxx Connections: net-net: 79.xxx.xxx.xxx...146.xxx.xxx.xxx IKEv2, dpddelay=30s net-net: local: [79.xxx.xxx.xxx] uses pre-shared key authentication net-net: remote: [146.xxx.xxx.xxx] uses pre-shared key authentication net-net: child: 192.168.17.0/24 192.168.0.0/24 === 10.132.0.0/20 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): net-net[72]: ESTABLISHED 2 hours ago, 79.xxx.xxx.xxx[79.xxx.xxx.xxx]...146.xxx.xxx.xxx[146.xxx.xxx.xxx] net-net[72]: IKEv2 SPIs: 0fd4efxxxxxx 17ed000axxxxxx*, pre-shared key reauthentication in 108 minutes net-net[72]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 net-net{255}: INSTALLED, TUNNEL, reqid 24, ESP SPIs: c5b822fe_i 4ed83bd8_o net-net{255}: AES_GCM_16_128, 3916 bytes_i (47 pkts, 1020s ago), 3956 bytes_o (47 pkts, 1020s ago), rekeying in 7 hours net-net{255}: 192.168.0.0/24 192.168.17.0/24 === 10.132.0.0/20 And the ipsec.conf: config setup conn %default ikelifetime=24h keylife=8h rekeymargin=9m keyingtries=1 authby=psk keyexchange=ikev2 mobike=no esp=aes128gcm16-modp2048! dpdaction=restart conn net-net left=79.xxx.xxx.xxx leftsubnet=192.168.17.0/24,192.168.0.0/24 leftid=79.xxx.xxx.xxx leftfirewall=yes leftdns=xxx.... right=146.xxx.xxx.xxx rightsubnet=10.132.0.0/20 rightid=146.xxx.xxx.xxx auto=start And on the logs from the google side I noticed that at the moment I send the ping test, it sends some requests to recreate CHILD_SA: "creating rekey job for CHILD_SA ESP/0xxxxxxxxx/79.xxx.xxx.xxx" ... Once the CHILD_SA is established with its SPI the ping goes through. Though the ESP SPI didn't change before and after. I also see rekeying in 7 hours on ipsec statusall. Could it be the issue that during the night there is no activity during more than 7 hours? Here is charon log: Mar 22 07:56:43 vpn07 charon: 11[ENC] parsed CREATE_CHILD_SA request 223 [ N(REKEY_SA) SA No KE TSi TSr ] Mar 22 07:56:43 vpn07 charon: 11[IKE] CHILD_SA net-net{255} established with SPIs c5b8xxxxxxx_o and TS 192.168.0.0/24 192.168.17.0/24 === 10.132.0.0/20 Mar 22 07:56:43 vpn07 charon: 11[ENC] generating CREATE_CHILD_SA response 223 [ SA No KE TSi TSr ] Mar 22 07:56:43 vpn07 charon: 05[IKE] received DELETE for ESP CHILD_SA with SPI 7dd6xxxx Mar 22 07:56:43 vpn07 charon: 05[IKE] closing CHILD_SA net-net{254} with SPIs ce7xxxx (95264 bytes) 7ddxxxxx (4885433 bytes) and TS 192.168.0.0/24 192.168.17.0/24 === 10.132.0.0/20 Mar 22 07:56:43 vpn07 charon: 05[IKE] sending DELETE for ESP CHILD_SA with SPI ce75xxxxx Mar 22 07:56:43 vpn07 charon: 05[IKE] CHILD_SA closed And google logs: D sending DPD request D CHILD_SA closed D received DELETE for ESP CHILD_SA with SPI cexxxxx D parsed INFORMATIONAL response 224 [ D ] D received packet: from 79.xxx.xxx.xxx[500] to 146.xxx.xxx.xxx[500] (76 bytes) D sending packet: from 146.xxx.xxx.xxx[500] to 79.xxx.xxx.xxx[500] (76 bytes) D generating INFORMATIONAL request 224 [ D ] D sending DELETE for ESP CHILD_SA with SPI 7dxxxxxx I closing CHILD_SA vpn_79.xxx.xxx.xxx{33} with SPIs 7dxxxxx (5073648 bytes) cexxxxxx (95264 bytes) and TS 10.132.0.0/20 === 192.168.0.0/24 192.168.17.0/24 I CHILD_SA vpn_79.xxx.xxx.xxx{34} established with SPIs 4exxxxxx c5xxxxxx and TS 10.132.0.0/20 === 192.168.0.0/24 192.168.17.0/24 D handling HA CHILD_SA vpn_79.xxx.xxx.xxx{34} 10.132.0.0/20 === 192.168.0.0/24 192.168.17.0/24 (segment in: 1*, out: 1*) D parsed CREATE_CHILD_SA response 223 [ SA No KE TSi TSr ] D received packet: from 79.xxx.xxx.xxx[500] to 146.xxx.xxx.xxx[500] (476 bytes) D sending packet: from 146.xxx.xxx.xxx[500] to 79.xxx.xxx.xxx[500] (620 bytes) D generating CREATE_CHILD_SA request 223 [ N(REKEY_SA) SA No KE TSi TSr ] I establishing CHILD_SA vpn_79.xxx.xxx.xxx{1} D creating rekey job for CHILD_SA ESP/0xxxxxxx/79.xxx.xxx.xxx D parsed INFORMATIONAL response 222 [ ] D received packet: from 79.xxx.xxx.xxx[500] to 146.xxx.xxx.xxx[500] (76 bytes) D sending packet: from 146.xxx.xxx.xxx[500] to 79.xxx.xxx.xxx[500] (76 bytes) D generating INFORMATIONAL request 222 [ ] D sending DPD request

CUPS stops printing right after a while Posted: 08 Mar 2022 07:02 AM PST I've converted an automatic printing system from Windows with Acrobat Reader to Ubuntu with CUPS. This took about 10 minutes using CUPS, but now I'm getting a strange issue with incomplete prints rolling out, or nothing being printed whatsoever after a while. CUPS reports seemingly arbitrary errors. Sometimes it doesn't even report an error, and most of the errors reported are "broken pipe" errors. Usually after adding a printer to CUPS it will print fine for a while. When I come back a few hours later and try the exact same thing (even with the same file), the file might not print at all or come out of the printer with elements missing. This might be an unrelated bug, but also after a while CUPS' web interface stops responding. All I can access after this happens is the HTTP version of the main page. A restart of CUPS fixes this. I'm running a fresh installation of CUPS, with only remote administration enabled. The issue persists even after doing a sudo service cups restart. I've added the printers in many different ways (socket, ldp, ipp), with both generic PCL6 drivers and the printers' official KPDL drivers. Directly after adding a printer the prints will usually come out as expected. I'm printing using the most basic command possible: lp -d [printer-name] [numbers].pdf. I'm running Ubuntu Server 16.04. The printers I've configured are a Kyocera ECOSYS FS-1370DN, and a Kyocera ECOSYS P2135dn. The printers do not seem to be the issue though, as a HP printer I've used exhibits the same issue. I've been trying to figure out what is going wrong for longer than I care to admit. And I'm starting to feel pretty stupid. Every time I think I've fixed it bad prints start rolling out soon after. Acrobat Reader/the Windows print spooler never has trouble printing, even while CUPS spits out garbage. Other things I've tried without success: - Converting to PostScript (.ps) using pdf2ps before printing - Converting to PDF using GhostScript (fixing possible PDF errors) before printing - Printing web-downloaded test PDFs known to have printed well before. This is the weird one that's defying all logic to me: Uploading the PDF files through ftp (the printers are capable of printing PDF) also only works sometimes. This completely circumvents CUPS, so it must be the printers right? But no, printing the same file through Acrobat Reader works fine. As it stands the only option I see is to convert the Ubuntu server to a VM with an expensive Windows Server VM running alongside it, only used for printing... There must be a solution to this issue. EDIT: I've set up CUPS on my Ubuntu Server 16.04 at home and configured a Canon MG8100 on it. The first few prints came out fine. The next morning, every job I added showed it completed, but actually nothing came out of the printer. This means it does not have anything to do with the printers. I added the MG8100 using LPD. CUPS error log states the below errors. Keep in mind that all these errors occur for the exact same file on different times, and that the file was printed successfully in the same manner before. E [26/Nov/2016:13:35:44 +0100] [Job 158] The printer is not responding. When this is logged no print is made and CUPS keeps retrying the job until it is abandoned. Other times it fails like this: W [29/Nov/2016:11:45:01 +0100] [Job 169] /var/spool/cups/d00169-001: file is damaged W [29/Nov/2016:11:45:01 +0100] [Job 169] /var/spool/cups/d00169-001 (file position 35596): xref not found W [29/Nov/2016:11:45:01 +0100] [Job 169] /var/spool/cups/d00169-001: Attempting to reconstruct cross-reference table Which will result in a mangled print (Random parts being printed, and others being left out).

How to list "only" startup applications through the terminal on Fedora 24 Posted: 08 Mar 2022 09:04 AM PST How to list in the terminal "only" start-up applications (the ones that you find normally in "Startup Application Preferences" Dialog box on Fedora Mate Desktop). This question can be generalized to Ubuntu or any other Linux Distro.

make find fail when nothing was found Posted: 08 Mar 2022 06:34 AM PST When find is invoked to find nothing, it still exits with code 0. Is there a way to make it return an exit code indicating failure when no file was found?

fail2ban works fine on bad SSH attempts, but fails on bad Apache2 attempts Posted: 08 Mar 2022 08:07 AM PST I'm running Debian Linux. uname --all shows: Linux xxx.xx 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux I'm running sshd on a port that is not 22. I've updated /etc/fail2ban/jail.local to point to the new sshd port. It works fine. I can try and login to that port with an ssh client, enter the wrong password several times, then it locks that IP address out via iptables. However, I am also running an apache webserver, that gets hit all the time with attempts like this (from /var/log/apache2/error.log): [Sun Nov 02 08:03:13 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/muieblackcat [Sun Nov 02 08:03:14 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/phpMyAdmin [Sun Nov 02 08:03:16 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/phpmyadmin [Sun Nov 02 08:03:16 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/pma [Sun Nov 02 08:03:16 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/myadmin [Sun Nov 02 08:03:17 2014] [error] [client 178.239.62.113] File does not exist: /var/www/html/MyAdmin I was trying to setup fail2ban to read error.log and ban the offending IP addresses via iptables, but I can't get it to work. Like I said, it works great for ssh, but not for apache. Here is my jail.local: [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1/8 67.159.128.0/19 # bantime = 21600 == 6 hours bantime = 21600 #findtime, in seconds. 300 = 5 minutes, 10800 = 3 hours findtime = 10800 maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". # yoh: For some reason Debian shipped python-gamin didn't work as expected # This issue left ToDo, so polling is default backend for now backend = auto # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = root@localhost # # ACTIONS # # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overriden globally or per # section within jail.local file banaction = iptables-multiport # email action. Since 0.8.1 upstream fail2ban uses sendmail # MTA for the mailing. Change mta configuration parameter to mail # if you want to revert to conventional 'mail'. mta = sendmail # Default protocol protocol = tcp # # Action shortcuts. To be used to define action parameter # The simplest action to take: ban only action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] # ban & send an e-mail with whois report to the destemail. action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s] # ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath= %(logpath)s] # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = %(action_)s # # JAILS # # Next jails corresponds to the standard configuration in Fail2ban 0.6 which # was shipped in Debian. Enable any defined here jail by including # # [SECTION_NAME] # enabled = true # # in /etc/fail2ban/jail.local. # # Optionally you may override any other parameter (e.g. banaction, # action, port, logpath, etc) in that section within jail.local # we are banning port xxxxx instead of ssh because I use port xxxxx instead [ssh] enabled = true port = xxxxx filter = sshd logpath = /var/log/auth.log findtime = 300 maxretry = 4 # # HTTP servers # [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache2/*error.log findtime = 10800 maxretry = 3 # default action is now multiport, so apache-multiport jail was left # for compatibility with previous (<0.7.6-2) releases [apache-multiport] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache2/*error.log findtime = 300 maxretry = 3 [apache-noscript] enabled = true port = http,https filter = apache-noscript logpath = /var/log/apache2/*error.log findtime = 300 maxretry = 4 [apache-overflows] enabled = true port = http,https filter = apache-overflows logpath = /var/log/apache2/*error.log findtime = 300 maxretry = 2 [apache-misc] enabled = true port = http,https filter = apache-misc logpath = /var/log/apache2/*error.log findtime = 10800 maxretry = 2 Here is my /etc/fail2ban/apache-misc file: [Definition] failregex = <HOST>.*"[A-Z]* /(cms|user|muieblackcat|db|cpcommerce|wp-login|joomla| awstatstotals|wp-content|wp-includes|pma|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin| mypma|admin|xampp|mysqldb|pmadb|phpmyadmin1|phpmyadmin2).*" <HOST>.*\" (502|500|417|416|415|414|413|412|404|405|403|401|400) ignoreregex = .*\"GET \/(press|mailto|domestic|word).* Can anyone offer any suggestions?

You are subscribed to email updates from Recent Questions - Unix & Linux Stack Exchange. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States