General Linux Chat and Small Questions v. I broke my Arch Install
6,886 replies, posted
sure, go ahead
that reminds me, for some reason php doesn't work on the server anymore after I switched where apache looks for web content. I've commented the lines which disables php5 to be ran in user directories (as the config file for php told me to if I wanted to enable it) with no luck. the new folder where apache looks, as mentioned in some posts above I think, is /home/server/public_html
php is enabled of course, just don't know if I need to change some more config files to point it in the right direction?
[editline]26th December 2013[/editline]
and for whatever reason I can't log in via root to SFTP again. it worked after switching from arch to debian but now all of sudden it's not working anymore. I usually turn off the server if I don't use it (dynamic cost, it'll last longer) and now that I've started it up again logging in via root isn't working. I can log in to the root account when already in SSH though, so I know that the password isn't broken or anything like that
just finished my install of Linux Mint 16 Cinnamon and i'm loving it so far. is there anything i should do for extra security or for fun? already got an IRC client and media player etc.
I would never use Arch for a business server or something with grave consequences in the event of a compromise, but I think you guys are seriously overestimating the security risk of running a server with Arch.
You'd have to be a really high value target for a hacker to bother going through the effort of finding a zero day vulnerability in an Arch package and exploiting your server before you have the chance to upgrade. Targeting a rolling release distro would be an utter pain in the ass. Most hackers rely on probing for known exploits in outdated packages en mass. Personally I would be much more worried about misconfiguring a package and creating a security hole (which can happen on any OS!) than I would be about someone discovering an exploit in a bleeding edge package.
[QUOTE=Larikang;43325519]I would never use Arch for a business server or something with grave consequences in the event of a compromise, but I think you guys are seriously overestimating the security risk of running a server with Arch.
You'd have to be a really high value target for a hacker to bother going through the effort of finding a zero day vulnerability in an Arch package and exploiting your server before you have the chance to upgrade. Targeting a rolling release distro would be an utter pain in the ass. Most hackers rely on probing for known exploits in outdated packages en mass. Personally I would be much more worried about misconfiguring a package and creating a security hole (which can happen on any OS!) than I would be about someone discovering an exploit in a bleeding edge package.[/QUOTE]
Hackers don't target Arch specifically. Most "hackers" use programs that check a wide range of exploits against all servers and it's package versions it can find.
if Your arch currently has a new package that has a known or unknown exploit, and such an explit scanner picks up a possible exploitable package on your server, it's over.
basically my Server registers around 100 attacks each day from bots scanning for vulnerabilities on my system. These range from unsecured VNC, to PHP stuff, and even SSH auth's on non-standard ports.
And thats just the things my log's pick up. I don't know how many other flaws that get tested against my system, that my logs don't pick up.
[QUOTE=kaukassus;43326595]Hackers don't target Arch specifically. Most "hackers" use programs that check a wide range of exploits against all servers and it's package versions it can find.[/QUOTE]
I agree, and in that sense Arch is no more vulnerable than any other OS. In some cases it could even be more secure as upstream vulnerability fixes might be more quickly available with the rolling release model.
My point is that the only case in which Arch is more vulnerable would be if someone were targeting you specifically - in which case they could take advantage of a zero day exploit thanks to its bleeding edge packages. AFAIK the Arch team will push out packages that utterly break your system, but they won't push out a package with a known serious vulnerability. Unless you're running your Arch server using the testing repos. Then you deserve to get owned.
[QUOTE=Larikang;43327493]I agree, and in that sense Arch is no more vulnerable than any other OS. In some cases it could even be more secure as upstream vulnerability fixes might be more quickly available with the rolling release model.
My point is that the only case in which Arch is more vulnerable would be if someone were targeting you specifically - in which case they could take advantage of a zero day exploit thanks to its bleeding edge packages. AFAIK the Arch team will push out packages that utterly break your system, but they won't push out a package with a known serious vulnerability. Unless you're running your Arch server using the testing repos. Then you deserve to get owned.[/QUOTE]
This sums up my opinion:
[url]https://wiki.archlinux.org/index.php/Comprehensive_Server_Guide#Arch_Linux_as_a_server_OS[/url]
Archlinux itself, without any other jazz installed, is a very secure foundation, since it has only the most needed applications to get a working System. So it's pretty secure because there's almost no point of entry.
The distro gets more security holes, the more services and programs an user installs, that could potentially get exploited.
IMO bleeding edge packages directly from upstream can be both a good thing and a bad thing.
First, These versions have the newest patches and fixes for the packages. But they can also contain flaws brought in by the changes made in this version of the package. Also, there's the stability thing that you have to keep in mind. You are running mostly the most recent version, that hasn't really seen that much of testing yet, so you can't really be sure if everything works like it should (hope the package dev makes enough unittests for all test cases).
In my opinion, Arch can be used as a server operating system, but you have to know what you are getting into, especially when it's directly accessible from WAN. Block access to services that don't need to be accessible from WAN, or use them on non-standard ports. This is true especially for FTP, SSH and other services that provide access to your server in any way. This is also true for any other server in existence.
I have used arch as a server for a few years now. But mostly it's for internal development and testing of Applications and services on newer package versions, other than the ones from Debian Stable or centOS.
The biggest problem is, that in computing, especially in servers, the infrastructure is only as secure as the person who set it up. Don't expose services you don't need to WAN, so it's exploit''s can't be abused directly. This is also a good read for securing an Arch installation, especially for servers:
[url]https://wiki.archlinux.org/index.php/security[/url]
[TL;DR]
Arch is secure out of the box, it can be as secure as you make it. The more packages you install, the more entrypoints you give for hackers/scriptkiddies.
[code]cf build
rm *[/code]
bad bad bad cf != cd
Thankfully extundelete got everything back.
[editline]28th December 2013[/editline]
And despite complaining about it, it can run on a mounted rw filesystem. Good to know I guess.
When I start up steam it wants me to add a repository and when I try to add it, it won't let me for some reason.
what distro?
[QUOTE=Mega1mpact;43333686]what distro?[/QUOTE]
Elementary OS
Do you have some kind of error(log) you can show?
I'm really curious why steam is unable to add the repo on a debian based distro.
it should work fine
Try to run it as root (once so it can add the repo)
[QUOTE=XxThreedogxX;43334843]Elementary OS[/QUOTE]
had the same problem, just add it manually in the manager.
[QUOTE=PredGD;43279826][t]http://u.cubeupload.com/predgd/3Agvbw.png[/t]
trying out manjaro in a VM right now, loving it so far. it's not all that different from arch I suppose so shouldn't make a big difference if I go arch or manjaro I feel. ughh, feel that the world of linux calls for me. really need to get it back on my PC[/QUOTE]
i ditched manjaro after two weeks of use because i didn't like the fact it had a different repositories than arch. why not arch? [url]https://github.com/helmuthdu/aui[/url]
[IMG]http://i.imgur.com/xgZ51Aw.png[/IMG]
okay so I got the repository added but now this.
I did not have this problem when I had Elementary updated previously.
[url]https://blogs.oracle.com/ksplice/entry/hosting_backdoors_in_hardware[/url]
[quote]IP packets have a field called the protocol number, which is how systems distinguish between TCP and UDP and other protocols. We're going to pick an unused protocol number, say, 163, and have our module listen for packets with that protocol number. When we receive one, we'll execute its data payload in a shell running as root. This will give us complete remote control of the machine.[/quote]
*Grabs a tinfoil hat*
[QUOTE=Mega1mpact;43345879][url]https://blogs.oracle.com/ksplice/entry/hosting_backdoors_in_hardware[/url]
*Grabs a tinfoil hat*[/QUOTE]
[quote]you should not install hardware provided by untrusted sources.[/quote]
Ok, so I have to buy hardware from trusted sources. So, AMD's out, Intel is out, VIA is out, ARM is out, Nvidia is out...
The trusted sources list is easier to define, there are none.
[QUOTE=nikomo;43347814]Ok, so I have to buy hardware from trusted sources. So, AMD's out, Intel is out, VIA is out, ARM is out, Nvidia is out...
The trusted sources list is easier to define, there are none.[/QUOTE]
[quote]Unless you work for something like a government intelligence agency, though, you shouldn't realistically worry about installing commodity hardware from reputable vendors. After all, you're already also trusting the manufacturer of your processor, RAM, etc.,[/quote]
In the real world it doesn't matter that much, so really there's nothing to discuss on this. In the end, nothing is 100% trustworthy, and that's fine.
[QUOTE=Lyoko2;43337131]i ditched manjaro after two weeks of use because i didn't like the fact it had a different repositories than arch. why not arch? [url]https://github.com/helmuthdu/aui[/url][/QUOTE]
if it has different repositories than arch then I'll obviously go with arch, was just something I was testing.
[QUOTE=nikomo;43347814]Ok, so I have to buy hardware from trusted sources. So, AMD's out, Intel is out, VIA is out, ARM is out, Nvidia is out...
The trusted sources list is easier to define, there are none.[/QUOTE]
[url]http://www.ebay.com/itm/600pcs-15value-A1015-2N5551-Bipolar-Signal-Transistor-TO-92-NPN-PNP-kit-Set-/271244538456?pt=LH_DefaultDomain_0&hash=item3f276f3258[/url]
Better get started.
[QUOTE=IpHa;43347983][url]http://www.ebay.com/itm/600pcs-15value-A1015-2N5551-Bipolar-Signal-Transistor-TO-92-NPN-PNP-kit-Set-/271244538456?pt=LH_DefaultDomain_0&hash=item3f276f3258[/url]
Better get started.[/QUOTE]
The item ships from the USA, NSA will use their magic powers and somehow contaminate them.
[code][54522.545963] Uhhuh. NMI received for unknown reason 2c on CPU 3.
[54522.545971] Do you have a strange power saving mode enabled?
[54522.545973] Dazed and confused, but trying to continue[/code]
I hope that's a new bug somewhere and not a hardware failure.
I finally got a reverse SSH tunnel set up with a socks proxy so that I can work remotely without using my company's shitty remote desktop client. So many articles used three or four different ssh commands to do it, but you only need two. Also no one mentions ssh config settings, which are way better than using command line switches IMHO.
At work
[code]
Host home
Hostname home-ip
Port home-sshd-port
IdentityFile home-RSA-key
RemoteForward some-silly-port-like-12345 localhost:22
[/code]
At home
[code]
Host work
Hostname localhost
Port 12345
IdentityFile work-RSA-key
DynamicForward another-silly-port-like-54321
[/code]
Then just ssh home from work (probably with -f -N) and ssh work from home. Configure your web programs to use the socks proxy on localhost:54321.
Finding a decent desktop environment was fun. I tried xfce, gnome, kde, and unity. I stuck with unity. Aaand there goes docky again.. Linux and I are not getting along. Something makes me think, that if getting a decent de up and running was this hard, c++ development is going to be extra fun.
mac kinda feels like it's built on linux, or at least based heavily on it. is it?
[QUOTE=PredGD;43368727]mac kinda feels like it's built on linux, or at least based heavily on it. is it?[/QUOTE]
FreeBSD
[QUOTE=PredGD;43368727]mac kinda feels like it's built on linux, or at least based heavily on it. is it?[/QUOTE]
Not at all:
[t]http://www.netneurotic.de/mac/unix/images/UNIX.png[/t]
Yellow is OSX, green is GNU/Linux
[QUOTE=Rayjingstorm;43370320]I don't think Linux (the kernel) can really be (fully) POSIX compliant or not because it isn't an operating system, it's only a kernel. As for distributions of operating systems which use Linux as a kernel, they might get pretty close, or subscribe to the [url=http://en.wikipedia.org/wiki/Linux_Standard_Base]LSB[/url], or do their own thing, but like you said there is little point forking over the money to get certification.
Apple uses a lot of the BSD/GNU userspace though, right? I know they have quite a bit on top of this, like you said, but you can still find BSD/GNU source in most core utilities, no?[/QUOTE]
What I was referring to as Linux is in fact GNU/Linux or as I’ve recently taken to calling it, GNU plus Linux.
My mistake.
Sorry, you need to Log In to post a reply to this thread.
