Une mise en œuvre du projet FreedomBox avec un matériel (presque1) libre et un FAI2.
Ceci est un humble témoignage d'un cas d'utilisation (EndUser). Je remercie et je salue bien bas les excellents contributeurs du projet FreedomBox3.
Contents
- Ressouces, documents
- Tentative "une"
- Tentative "deux"
- État d'avancement
-
Période de suivi
- Version ciblée : Testing
- Exposition de la solution FreedomBox dans la DMZ du boîtier du FAI.
- Et bien, qu'est-ce cela ?
- Changement, évolution DNS
- IRC avec Quassel
- De retour d'une semaine d'éloignement
- Dans le doute, je mets en cause...
- C'est pas triste !
- boot.src
- hypothèse : sysstat à l'origine des ruptures de continuité de service ?
- Je débranche l'interface Wi-Fi (R5370)
- La reprise
- Nouveau matériel
Ressouces, documents
Choix et achats
FreedomBox (le projet)
FreedomBox/Hardware (le matériel proposé)
FreedomBox/Hardware/A20-OLinuXino-Lime2 (le matériel reçu de Bulgarie)
Premières mises sous tension
FreedomBox/Hardware/Debian (le paquet freedombox)
?Prise en main rapide
Seconde stratégie
Entretenir
fr/HowToIdentifyADevice (À mettre à jour ?)
Tentative "une"
sans succès. La version de Debian fournis par Olimex et mon expérience ont induit un abandon de cette voie (installation du paquet freedombox-setup à partir d'un GNU/Linux Debian nouvellement installé)
État des lieux à la livraison
- Côté "console" (USB_OTG)
fred@pyxtwo:~$ sudo ifconfig usb0 192.168.2.200 fred@pyxtwo:~$ ssh olimex@192.168.2.1
olimex@OLinuXino-A20:~$ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 8.1 (jessie) Release: 8.1 Codename: jessie
olimex@OLinuXino-A20:~$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2 ext4 rw,relatime,data=ordered |-/dev devtmpfs devtmpfs rw,relatime,size=448624k,nr_inodes=112156,mode=755 | |-/dev/shm tmpfs tmpfs rw,nosuid,nodev | `-/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 |-/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime | |-/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime | |-/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 | | |-/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd | | |-/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset | | |-/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu | | |-/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory | | |-/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices | | |-/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer | | |-/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio | | `-/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event | |-/sys/kernel/debug debugfs debugfs rw,relatime | |-/sys/fs/fuse/connections fusectl fusectl rw,relatime | `-/sys/kernel/config configfs configfs rw,relatime |-/proc proc proc rw,nosuid,nodev,noexec,relatime | `-/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct |-/run tmpfs tmpfs rw,nosuid,nodev,mode=755 | |-/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k | `-/run/user/1001 tmpfs tmpfs rw,nosuid,nodev,relatime,size=89748k,mode=700,uid=1001,gid=1001 `-/media/olimex/6B4C-FFFD9 /dev/mmcblk0p1 vfat rw,nosuid,nodev,relatime,uid=1001,gid=1001,fmask=0022,dmask=0022,codepage=cp437,iocharset=ascii,shortname=mixed,s
olimex@OLinuXino-A20:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/root 7.3G 819M 6.2G 12% / devtmpfs 439M 0 439M 0% /dev tmpfs 439M 0 439M 0% /dev/shm tmpfs 439M 12M 427M 3% /run tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 439M 0 439M 0% /sys/fs/cgroup tmpfs 88M 4.0K 88M 1% /run/user/1001 /dev/mmcblk0p1 16M 8.8M 7.3M 55% /media/olimex/6B4C-FFFD9
olimex@OLinuXino-A20:~$ ip l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default link/ipip 0.0.0.0 brd 0.0.0.0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 72:05:ee:af:b6:4d brd ff:ff:ff:ff:ff:ff 4: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 8e:1c:d2:e1:29:52 brd ff:ff:ff:ff:ff:ff 5: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:e1:80:40:57:97 brd ff:ff:ff:ff:ff:ff
602.sa-di
- LAN
fred@pyxtwo:~$ ip r default via 192.168.0.254 dev wlan0 proto static metric 600 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.36 metric 600 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown {{{ {{{ fred@pyxtwo:~$ sudo arp -vna Mot de passe [sudo] de fred : ? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on wlan0 ? (192.168.0.184) at 66:82:c8:9a:ba:54 [ether] on wlan0 Entrées: 2 Ignorées: 0 Trouvées: 2
La console Freebox corrobore l'adresse MAC (66:82:c8:9a:ba:54).
Après upgrade ; tzdata ; install ntp
fred@OLinuXino-A20:~$ id uid=1000(fred) gid=1000(fred) groups=1000(fred),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),44(video),46(plugdev),100(users),997(i2c),998(spi) fred@OLinuXino-A20:~$ uptime 11:41:57 up 28 min, 1 user, load average: 1,57, 1,26, 0,95 fred@OLinuXino-A20:~$ lsb_release -d Description: Debian GNU/Linux testing (stretch) fred@OLinuXino-A20:~$ uname -a Linux OLinuXino-A20 3.4.103-00033-g9a1cd03-dirty #17 SMP PREEMPT Tue Sep 8 11:01:09 EEST 2015 armv7l GNU/Linux fred@OLinuXino-A20:~$ date samedi 16 janvier 2016, 11:42:48 (UTC+0100) fred@OLinuXino-A20:~$ ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== 0.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 1.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 2.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 3.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 +195.154.41.195 195.13.23.5 3 u 29 64 3 33.027 39.436 33.586 +62.210.28.176 84.255.209.79 4 u 25 64 3 25.876 30.049 37.097 +213.186.36.183 145.238.203.14 2 u 25 64 3 29.143 33.524 36.503 -78.192.88.115 145.238.203.14 2 u 19 64 3 24.722 29.918 37.526 +91.121.154.183 145.238.203.10 3 u 23 64 3 31.491 31.962 36.920 +213.154.229.24 192.36.144.23 2 u 24 64 3 39.612 33.782 37.000 +5.196.160.139 10.21.137.1 2 u 24 64 3 27.146 32.401 38.059 +37.187.109.209 138.96.64.10 2 u 25 64 3 28.273 31.775 36.200 -178.23.121.164 192.53.103.104 2 u 23 64 3 48.285 37.647 35.921 *212.83.179.156 138.96.64.10 2 u 23 64 3 26.236 32.233 34.638
- C/S ssh
fred@OLinuXino-A20:~$ sudo arp -na [sudo] password for fred: ? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on eth0 ? (192.168.0.36) at 0c:d2:92:6e:82:7d [ether] on eth0 fred@OLinuXino-A20:~$ w 11:56:32 up 43 min, 1 user, load average: 1,00, 1,01, 0,97 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT fred pts/0 192.168.0.36 11:36 8.00s 0.29s 0.04s w
- locales
fred@OLinuXino-A20:~$ sudo apt-get --reinstall install locales Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded. Need to get 3 323 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://ftp.fr.debian.org/debian testing/main armhf locales all 2.21-6 [3 323 kB] Fetched 3 323 kB in 7s (431 kB/s) Preconfiguring packages ... (Reading database ... 37318 files and directories currently installed.) Preparing to unpack .../locales_2.21-6_all.deb ... Unpacking locales (2.21-6) over (2.21-6) ... Processing triggers for man-db (2.7.5-1) ... Setting up locales (2.21-6) ... Generating locales (this might take a while)... fr_FR.UTF-8...locale alias file `/usr/share/locale/locale.alias' not found: No such file or directory done Generation complete.
Il reste un problème...
- paquet olimex-tools à retrouver...
fred@OLinuXino-A20:~$ sudo apt-get -s purge locales libc-l10n Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: dialog Use 'sudo apt autoremove' to remove it. The following packages will be REMOVED: libc-l10n* locales* olimex-tools* 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. Purg olimex-tools [1.0] Purg locales [2.21-6] Purg libc-l10n [2.21-6] fred@OLinuXino-A20:~$ dpkg -L olimex-tools /. /usr /usr/bin /usr/bin/a10_display /usr/bin/change_display.sh /usr/bin/devmem /usr/bin/netcardconfig /usr/bin/wlcardconfig /usr/bin/olimex-config
Tentative "deux"
Avec succès
à faire : inclure traces commandes dd
Passage par image téléchargée
- ouf (soupir) !
fred@pyxtwo:~$ ssh fred@192.168.0.20 The authenticity of host '192.168.0.20 (192.168.0.20)' can't be established. ECDSA key fingerprint is SHA256:mQNuPPxekVe7xLDa0UWVn+Wl/H8wAjePgK2gWI4xghA. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.20' (ECDSA) to the list of known hosts. fred@192.168.0.20's password: Creating directory '/home/fred'. .--._ _.--. ( \ / ) \ /\ / \_ \/ _/ / \ ( /\ ) `--' `--' FreedomBox FreedomBox is a pure blend of Debian GNU/Linux. FreedomBox manual is available in /usr/share/doc/plinth. The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. fred@freedombox:~$ date dimanche 17 janvier 2016, 15:34:20 (UTC+0000)
- un meilleur noyau
fred@freedombox:~$ uname -a Linux freedombox 4.2.0-1-armmp-lpae #1 SMP Debian 4.2.6-3 (2015-12-06) armv7l GNU/Linux fred@freedombox:~$ date lundi 18 janvier 2016, 16:11:31 (UTC+0100)
Activation et essais de quelques applications
Network (wifi avec firmware-misc-nonfree)
- ikiwiki
- mumble
- AP sur canal 3
- IHM web
À décrire.
Préparation LVM
- Volume Physique (PV)
Disk /dev/sda: 465,8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes fred@freedombox:~$ pvdisplay -bash: pvdisplay : commande introuvable fred@freedombox:~$ sudo pvdisplay fred@freedombox:~$ sudo pvcreate /dev/sda allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support. Falling back to native LVM signature detection. Physical volume "/dev/sda" successfully created fred@freedombox:~$ sudo pvdisplay "/dev/sda" is a new physical volume of "465,76 GiB" --- NEW Physical volume --- PV Name /dev/sda VG Name PV Size 465,76 GiB Allocatable NO PE Size 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID MdGBd2-ebx1-6o6y-ltF6-8hPa-kMEO-fpm40M
Porter le contenu de /var/lib
Pour suivre le design FreedomBox.
- VG
fred@freedombox:~$ sudo vgcreate ddsata /dev/sda Volume group "ddsata" successfully created fred@freedombox:~$ sudo vgdisplay --- Volume group --- VG Name ddsata System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 465,76 GiB PE Size 4,00 MiB Total PE 119234 Alloc PE / Size 0 / 0 Free PE / Size 119234 / 465,76 GiB VG UUID 9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa
- LV
fred@freedombox:~$ sudo lvcreate -n varlib -L 200g ddsata allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support. Falling back to native LVM signature detection. Logical volume "varlib" created. fred@freedombox:~$ sudo lvdisplay --- Logical volume --- LV Path /dev/ddsata/varlib LV Name varlib VG Name ddsata LV UUID 1FLvL1-4w3z-XJL3-YTqy-eA03-fVkt-THhFUC LV Write Access read/write LV Creation host, time freedombox, 2016-01-18 17:40:45 +0100 LV Status available # open 0 LV Size 200,00 GiB Current LE 51200 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 254:0
fred@freedombox:~$ sudo lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert varlib ddsata -wi-a----- 200,00g
- reprendre éléments du fichier-script.log
après reboot
fred@freedombox:~/603traces$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ └─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126433,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var/lib /dev/mapper/ddsata-varlib ext4 rw,relatime,errors=remount-ro,data=ordered fred@freedombox:~/603traces$ sudo lvs [sudo] password for fred: LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert varlib ddsata -wi-ao---- 200,00g
- Quelques essais positifs
- ikiwi
- diag-tor
- IHM-web
Application "tor"
- activation via IHM-web
Installation Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ? Paquet Sommaire obfs4proxy pluggable transport proxy for Tor, implementing obfs4 apt-transport-tor APT transport for anonymous package downloads via Tor tor-geoipdb GeoIP database for Tor tor anonymizing overlay network for TCP torsocks use SOCKS-friendly applications with Tor
accès au service en ".onion" avec succès
ownCloud
- avant activation
fred@freedombox:~$ df -h Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,2M 198M 2% /run /dev/mmcblk0p2 3,7G 1,6G 1,8G 48% / tmpfs 502M 0 502M 0% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 3,7G 1,6G 1,8G 48% /btrfs /dev/mmcblk0p1 113M 31M 76M 29% /boot /dev/mapper/ddsata-varlib 197G 219M 187G 1% /var/lib tmpfs 101M 0 101M 0% /run/user/10000
- activation (IHM-web)
Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ? Paquet Sommaire php5-pgsql PostgreSQL module for php5 owncloud cloud storage for files, music, contacts, calendars and many more postgresql object-relational SQL database (supported version)
- après
df -h
fred@freedombox:~$ df -h Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,3M 198M 2% /run /dev/mmcblk0p2 3,7G 1,9G 1,6G 56% / tmpfs 502M 4,0K 502M 1% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 3,7G 1,9G 1,6G 56% /btrfs /dev/mmcblk0p1 113M 31M 76M 29% /boot /dev/mapper/ddsata-varlib 197G 268M 187G 1% /var/lib tmpfs 101M 0 101M 0% /run/user/10000
pg_lsclusters
fred@freedombox:~$ pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 9.5 main 5432 online postgres /var/lib/postgresql/9.5/main /var/log/postgresql/postgresql-9.5-main.log
État d'avancement
fred@freedombox:~$ date ; uptime jeudi 21 janvier 2016, 10:07:02 (UTC+0100) 10:07:02 up 1 day, 18:18, 1 user, load average: 0,00, 0,01, 0,05
Bonnes sensations dans l'ensemble.
À reconsidérer
- FS
fred@freedombox:~$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ └─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126433,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var/lib /dev/mapper/ddsata-varlib ext4 rw,relatime,errors=remount-ro,data=ordered
- mais...
janv. 19 15:39:40 freedombox systemd[1]: var-lib.mount: Directory /var/lib to mount over is not empty, mounting anyway.
- SATA
janv. 19 15:39:40 freedombox kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [...] janv. 19 15:39:40 freedombox kernel: xor: using function: arm4regs (1254.000 MB/sec)
- microSD
janv. 19 15:39:40 freedombox kernel: Btrfs loaded janv. 19 15:39:40 freedombox kernel: BTRFS: device fsid 2bb9a7a0-a166-41af-b18f-1ce05351aa7d devid 1 transid 1317 /dev/mmcblk0p2 janv. 19 15:39:40 freedombox kernel: BTRFS info (device mmcblk0p2): disk space caching is enabled janv. 19 15:39:40 freedombox kernel: BTRFS: has skinny extents janv. 19 15:39:40 freedombox kernel: BTRFS: detected SSD devices, enabling SSD mode
- mais...
projet nouvelle version de /etc/fstab avec deux LV pour /usr et /var et abandon LV varlib
- (à l'étude)...
après tentative sans succès, le "déplacement" de /usr était une mauvaise idée.
Période d'observation
je.28/1/6
fred@freedombox:~$ date ; uptime jeudi 28 janvier 2016, 10:34:24 (UTC+0100) 10:34:24 up 11:18, 1 user, load average: 3,11, 3,07, 3,05
Beaucoup de charge CPU, trois processus "apache2" en "boucle" détruits. Hypothèse d'origine : l'application web abandonne des processus ?fred@freedombox:~$ systemctl -l status apache2.service
● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Active: active (running) since mer. 2016-01-27 23:16:13 CET; 11h ago Docs: man:systemd-sysv-generator(8) Process: 5748 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS) Process: 871 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) CGroup: /system.slice/apache2.service ├─1045 /usr/sbin/apache2 -k start ├─5794 /usr/sbin/apache2 -k start ├─5795 /usr/sbin/apache2 -k start ├─5796 /usr/sbin/apache2 -k start ├─5797 /usr/sbin/apache2 -k start └─5798 /usr/sbin/apache2 -k start janv. 27 23:16:03 freedombox systemd[1]: Starting LSB: Apache2 web server... janv. 27 23:16:09 freedombox apache2[871]: Starting web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message janv. 27 23:16:13 freedombox apache2[871]: . janv. 27 23:16:13 freedombox systemd[1]: Started LSB: Apache2 web server. janv. 28 06:25:10 freedombox systemd[1]: Reloading LSB: Apache2 web server. janv. 28 06:25:14 freedombox apache2[5748]: Reloading web server: apache2. janv. 28 06:25:14 freedombox systemd[1]: Reloaded LSB: Apache2 web server.
Les processus détruits à l'aide de sudo htop étaient actifs après le rechargement de Apache2 web server !
- FS
df -h
Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,3M 198M 2% /run /dev/mmcblk0p2 7,3G 1,6G 5,5G 23% / tmpfs 502M 4,0K 502M 1% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 7,3G 1,6G 5,5G 23% /btrfs /dev/mmcblk0p1 113M 53M 55M 50% /boot /dev/mapper/ddsata-var 219G 1,8G 206G 1% /var tmpfs 101M 0 101M 0% /run/user/10000
findmnt
TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ └─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126432,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var /dev/mapper/ddsata-var ext4 rw,relatime,errors=remount-ro,data=ordered
sudo lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert var ddsata -wi-ao---- 222,00g
Je suis satisfait par cette version du FS, il reste de l'espace pour des copies de secours (à revoir plus tard).sudo vgdisplay
--- Volume group --- VG Name ddsata System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 6 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 465,76 GiB PE Size 4,00 MiB Total PE 119234 Alloc PE / Size 56832 / 222,00 GiB Free PE / Size 62402 / 243,76 GiB VG UUID 9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa
- Les processus
systemctl -l --no-pager status > 604je.txt
lu.01/2/6
Quelques conclusions non définitives.
Deluge
Trop de doute sur l'étape GUI "login/logout" et les tâches "100%CPU"-apache2. En outre, après reboot il n'y a pas de reprise de diffusion.
J'expérimente Transmission (login type htaccess).
Je préfère.
Tor
Le port ORPort change après chaque reboot le réglage de la FAI-Freebox me laisse des doutes (redirection de ports). J'envisage l'essai de la fonction DMZ (À faire).
grep ORPort /var/log/tor/log Feb 01 06:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 06:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Tenter reboot FAI-Freebox sans coupure Freedombox
- Bonne idée !
Confirmez l'utilisation de Tor pour https://check.torproject.org sur tcp4 passed
Extrait Résultats Diagnostic de plinth.
- Bonne idée !
serverstats me semble une solution simple et légère (pas de MySQL-cacti|munin), elle m’apparaît facile à bricoler (sans être un vrai dev)
À faire : ~récapituler la mise en œuvre~
Je modifie un peu pour voir... 605serverstats.diff
je.04/2/6
Transmission
C'est pas grand chose et un grand plaisir de participer
● transmission-daemon.service - Transmission BitTorrent Daemon Loaded: loaded (/lib/systemd/system/transmission-daemon.service; enabled; vendor preset: enabled) Active: active (running) since jeu. 2016-02-04 09:23:24 CET; 10min ago Main PID: 20249 (transmission-da) Status: "Uploading 18.04 KBps, Downloading 0.62 KBps."
fred@freedombox:/var/lib/transmission-daemon/downloads$ du -sh * 3,8G debian-8.3.0-i386-amd64-source-DVD-1.iso 1,3G debian-live-8.3.0-amd64-gnome-desktop.iso 1,5G debian-live-8.3.0-i386-gnome-desktop.iso 1,1G tails-i386-2.0
Période de suivi
Version ciblée : Testing
Modifications /etc/apt
1 diff --git a/apt/apt.conf.d/06version-cible b/apt/apt.conf.d/06version-cible 2 new file mode 100644 3 index 0000000..ce20589 4 --- /dev/null 5 +++ b/apt/apt.conf.d/06version-cible 6 @@ -0,0 +1 @@ 7 +APT::Default-Release "testing"; 8 diff --git a/apt/sources.list b/apt/sources.list 9 index da8b956..7d117ee 100644 10 --- a/apt/sources.list 11 +++ b/apt/sources.list 12 @@ -1,3 +1,9 @@ 13 +deb http://httpredir.debian.org/debian testing main non-free 14 +deb-src http://httpredir.debian.org/debian testing main non-free 15 + 16 +deb http://security.debian.org/ testing/updates main 17 +deb-src http://security.debian.org/ testing/updates main 18 + 19 deb http://httpredir.debian.org/debian sid main non-free 20 deb-src http://httpredir.debian.org/debian sid main non-free 21
Vérification après dist-upgrade
1 Script started on ven. 05 févr. 2016 12:57:31 CET 2 fred@freedombox:~$ sudo apt-get update 3 Atteint:1 http://security.debian.org testing/updates InRelease 4 Atteint:2 http://debian.mirrors.ovh.net/debian testing InRelease 5 Atteint:3 http://ftp2.fr.debian.org/debian sid InRelease 6 Lecture des listes de paquets... Fait 7 8 fred@freedombox:~$ sudo apt-get -s dist-upgrade 9 Calcul de la mise à jour... Fait 10 0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour. 11 12 fred@freedombox:~$ sudo apt-get -s -t sid dist-upgrade 13 Calcul de la mise à jour... Fait 14 15 Les NOUVEAUX paquets suivants seront installés : 16 busybox initramfs-tools-core 17 Les paquets suivants seront mis à jour : 18 batctl binutils coreutils erlang-lager erlang-p1-cache-tab erlang-p1-stringprep erlang-p1-xml erlang-p1-yaml gir1.2-networkmanager-1.0 gir1.2-packagekitglib-1.0 19 initramfs-tools insserv isc-dhcp-client isc-dhcp-common iso-codes libboost-filesystem1.58.0 libboost-iostreams1.58.0 libboost-python1.58.0 libboost-system1.58.0 20 libdatrie1 libdebconfclient0 libgnutls-openssl27 libgnutls30 libjpeg62-turbo libnm-glib4 libnm-util2 libnm0 libnss-myhostname libpackagekit-glib2-18 libpam-systemd 21 libpq5 libsystemd0 libteamdctl0 libthai-data libthai0 libudev1 network-manager packagekit packagekit-tools postgresql-9.5 postgresql-client-9.5 publicsuffix 22 python-cryptography python-django-common python3-django ruby-test-unit systemd systemd-sysv udev unattended-upgrades 23 50 mis à jour, 2 nouvellement installés, 0 à enlever et 0 non mis à jour. 24 25 fred@freedombox:~$ exit 26 Script done on ven. 05 févr. 2016 12:58:54 CET
Exposition de la solution FreedomBox dans la DMZ du boîtier du FAI.
- Sans redirection de port à ajuster
fred@freedombox:~$ systemctl -l status system-tor.slice ● system-tor.slice Loaded: loaded Active: active since ven. 2016-02-05 12:00:25 CET; 3h 34min ago CGroup: /system.slice/system-tor.slice └─tor@default.service ├─1900 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 └─1902 /usr/bin/obfs4proxy févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on 127.0.0.1:9053 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on [::1]:9053 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on [::1]:9040 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on 127.0.0.1:9051 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on /var/run/tor/control févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening OR listener on 0.0.0.0:0 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] OR listener listening on port 45715. févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Extended OR listener on 127.0.0.1:0 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.957 [notice] Extended OR listener listening on port 34341.
MaisFeb 05 15:37:17.000 [warn] Your server (82.229.89.119:45715) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
- DNS (merci FAI) :-|
1 Le script a débuté sur ven. 05 févr. 2016 16:25:43 CET 2 3 $ dig freedombox.local 4 5 ; <<>> DiG 9.9.5-12.1-Debian <<>> freedombox.local 6 ;; global options: +cmd 7 ;; Got answer: 8 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41144 9 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 10 11 ;; OPT PSEUDOSECTION: 12 ; EDNS: version: 0, flags:; udp: 1280 13 ;; QUESTION SECTION: 14 ;freedombox.local. IN A 15 16 ;; Query time: 1 msec 17 ;; SERVER: 10.42.0.1#53(10.42.0.1) 18 ;; WHEN: Fri Feb 05 16:26:25 CET 2016 19 ;; MSG SIZE rcvd: 45 20 21 $ dig mlm-fbx.freeboxos.fr 22 23 ; <<>> DiG 9.9.5-12.1-Debian <<>> mlm-fbx.freeboxos.fr 24 ;; global options: +cmd 25 ;; Got answer: 26 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41068 27 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 28 29 ;; OPT PSEUDOSECTION: 30 ; EDNS: version: 0, flags:; udp: 1280 31 ;; QUESTION SECTION: 32 ;mlm-fbx.freeboxos.fr. IN A 33 34 ;; ANSWER SECTION: 35 mlm-fbx.freeboxos.fr. 2653 IN A 82.229.89.119 36 37 ;; Query time: 2 msec 38 ;; SERVER: 10.42.0.1#53(10.42.0.1) 39 ;; WHEN: Fri Feb 05 16:26:34 CET 2016 40 ;; MSG SIZE rcvd: 65 41 42 $ exit 43 exit 44 45 Script terminé sur ven. 05 févr. 2016 16:26:38 CET
Et donc, cela reste à voir...
Et bien, qu'est-ce cela ?
- samedi matin
1 [Sat Feb 06 02:03:11.691527 2016] [authz_core:error] [pid 20697] [client 150.70.188.175:53463] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\ 2 000/plinth 3 [Sat Feb 06 02:25:39.760373 2016] [gnutls:error] [pid 20630] [client 66.171.228.150:18107] GnuTLS: Handshake Failed. Hit Maximum Attempts 4 [Sat Feb 06 02:55:28.411526 2016] [authz_core:error] [pid 5317] [client 150.70.173.10:35262] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\ 5 0/plinth 6 [Sat Feb 06 03:23:11.298064 2016] [authz_core:error] [pid 20772] [client 150.70.188.177:57829] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\ 7 000/plinth 8 [Sat Feb 06 03:38:14.530662 2016] [gnutls:error] [pid 8850] [client 85.203.19.222:62188] GnuTLS: Handshake Failed. Hit Maximum Attempts 9 [Sat Feb 06 03:39:35.259473 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:35704] GnuTLS: Handshake Failed. Hit Maximum Attempts 10 [Sat Feb 06 03:41:08.279441 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:60962] GnuTLS: Handshake Failed. Hit Maximum Attempts 11 [Sat Feb 06 03:42:31.247390 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:48414] GnuTLS: Handshake Failed. Hit Maximum Attempts 12 [Sat Feb 06 03:44:01.231664 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:27247] GnuTLS: Handshake Failed. Hit Maximum Attempts 13 [Sat Feb 06 03:49:00.398461 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:43575] GnuTLS: Handshake Failed. Hit Maximum Attempts 14 [Sat Feb 06 03:59:56.373834 2016] [gnutls:error] [pid 20796] [client 216.185.58.250:59561] GnuTLS: Handshake Failed. Hit Maximum Attempts 15 [Sat Feb 06 04:15:18.538671 2016] [authz_core:error] [pid 20630] [client 150.70.188.177:51726] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\ 16 000/plinth 17 [Sat Feb 06 04:20:36.312944 2016] [gnutls:error] [pid 20629] [client 216.185.58.250:37786] GnuTLS: Handshake Failed. Hit Maximum Attempts 18 [Sat Feb 06 04:21:24.866933 2016] [authz_core:error] [pid 10865] [client 150.70.173.49:57077] AH01630: client denied by server configuration: proxy:http://127.0.0.1:80\ 19 00/plinth 20 [Sat Feb 06 04:25:08.290801 2016] [gnutls:error] [pid 20772] [client 216.185.58.250:22864] GnuTLS: Handshake Failed. Hit Maximum Attempts 21 [Sat Feb 06 04:31:38.174325 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:56625] GnuTLS: Handshake Failed. Hit Maximum Attempts 22 [Sat Feb 06 04:53:09.101955 2016] [authz_core:error] [pid 20796] [client 150.70.97.85:58610] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\ 23 0/plinth 24 [Sat Feb 06 05:46:47.935067 2016] [authz_core:error] [pid 20630] [client 150.70.172.232:60173] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\ 25 000/plinth 26 [Sat Feb 06 05:59:08.345722 2016] [authz_core:error] [pid 5317] [client 150.70.173.45:60482] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\ 27 0/plinth 28 [Sat Feb 06 06:11:15.851530 2016] [authz_core:error] [pid 20772] [client 150.70.188.175:59600] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\ 29 000/plinth 30 [Sat Feb 06 06:25:09.849697 2016] [mpm_prefork:notice] [pid 935] AH00171: Graceful restart requested, doing restart
- mardi soir
Feb 9 19:36:11 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:11 freedombox sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122 user=root Feb 9 19:36:13 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:13 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:15 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:15 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:17 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:18 freedombox sshd[3365]: Connection closed by 78.24.223.122 [preauth] Feb 9 19:36:18 freedombox sshd[3365]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122 user=root
Avec logwatch
sshd: Authentication Failures: root (59.45.79.51): 1221 Time(s) root (60.173.26.173): 1023 Time(s) root (78.24.223.122): 60 Time(s) unknown (193.201.227.124): 35 Time(s) unknown (75.148.154.225): 20 Time(s) root (193.201.227.124): 16 Time(s) root (75.148.154.225): 5 Time(s) unknown (2.177.237.247): 4 Time(s) unknown (78.24.223.122): 3 Time(s) root (2.177.237.247): 2 Time(s) Invalid Users: Unknown Account: 62 Time(s) **Unmatched Entries** pam-abl: Blocking access from 193.201.227.124 to service sshd, user admin: 17 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user manager: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user operator: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user root: 11 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user support: 2 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user tech: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user test: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user ubnt: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user user: 5 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user webadmin: 1 Time(s) pam-abl: Blocking access from 59.45.79.51 to service sshd, user root: 1216 Time(s) pam-abl: Blocking access from 60.173.26.173 to service sshd, user root: 1018 Time(s) pam-abl: Blocking access from 75.148.154.225 to service sshd, user root: 5 Time(s) pam-abl: Blocking access from 78.24.223.122 to service sshd, user root: 60 Time(s) systemd-logind: New seat seat0.: 1 Time(s)
mercredi en milieu de journée, tant d'égaré(s) ?
Feb 10 08:19:38 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2 Feb 10 08:19:40 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2 Feb 10 08:31:46 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2 Feb 10 08:31:48 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2 Feb 10 08:43:39 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2 Feb 10 08:43:41 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2 Feb 10 08:55:27 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2 Feb 10 08:55:29 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2 Feb 10 09:07:19 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2 Feb 10 09:07:22 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2 Feb 10 09:19:09 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2 Feb 10 09:19:12 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2 Feb 10 09:31:01 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2 Feb 10 09:31:04 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2 Feb 10 09:42:57 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2 Feb 10 09:42:59 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2 Feb 10 09:56:20 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 09:56:22 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 09:56:24 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 10:08:36 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2 Feb 10 10:08:38 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2 Feb 10 10:21:53 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2 Feb 10 10:21:55 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2 Feb 10 10:33:21 freedombox sshd[869]: Failed password for invalid user tomcat from 78.24.223.122 port 50850 ssh2 Feb 10 10:46:33 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:46:35 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:46:36 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:58:48 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2 Feb 10 10:58:50 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2 Feb 10 11:10:10 freedombox sshd[1823]: Failed password for invalid user ident from 78.24.223.122 port 33780 ssh2 Feb 10 11:21:19 freedombox sshd[2047]: Failed password for invalid user mysql from 78.24.223.122 port 37433 ssh2 Feb 10 11:34:33 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:34:35 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:34:37 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:46:09 freedombox sshd[2660]: Failed password for invalid user gabriel from 78.24.223.122 port 60863 ssh2 Feb 10 13:53:42 freedombox sshd[5564]: Failed password for root from 186.216.135.156 port 45057 ssh2 Feb 10 14:11:52 freedombox sshd[6008]: Failed password for invalid user admin from 186.216.135.156 port 48238 ssh2 Feb 10 14:33:03 freedombox sshd[6486]: Failed password for invalid user ubnt from 186.216.135.156 port 38352 ssh2
évolution firewalld encore merci :-)
diff --git a/firewalld/zones/external.xml b/firewalld/zones/external.xml index e069b5b..c3d448c 100644 --- a/firewalld/zones/external.xml +++ b/firewalld/zones/external.xml @@ -3,10 +3,9 @@ <short>External</short> <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="xmpp-server"/> - <service name="ssh"/> - <service name="xmpp-bosh"/> <service name="http"/> - <service name="https"/> <service name="xmpp-client"/> + <service name="https"/> + <service name="xmpp-bosh"/> <masquerade/> </zone> diff --git a/firewalld/zones/trusted.xml b/firewalld/zones/trusted.xml new file mode 100644 index 0000000..d05e01b --- /dev/null +++ b/firewalld/zones/trusted.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="utf-8"?> +<zone target="ACCEPT"> + <short>Trusted</short> + <description>All network connections are accepted.</description> + <interface name="eth0"/> + <source address="192.168.0.0/25"/> + <service name="ssh"/> +</zone>
Et poursuivre le suivi.jeudi matin (TZ:Europe/Paris), ça va mieux mais...
LOGWATCH Summary Logwatch Version: 7.4.1 (01/06/16) Processing Initiated: Thu Feb 11 10:14:18 2016 Date Range Processed: today ( 2016-Feb-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: file / html Logfiles for Host: freedombox
Aucune section Authentication Failures dans la partie sshd
mais :
httpd Requests with error response codes 400 Bad Request vip163mx01.mxmail.netease.com:25: 1 Time(s) 401 Unauthorized /ikiwiki-auth/doutes/ikiwiki.cgi?do=postsignin: 1 Time(s) 403 Forbidden /plinth: 12 Time(s) 404 Not Found //myadmin/scripts/setup.php: 1 Time(s) //mysql/scripts/setup.php: 1 Time(s) //mysqladmin/scripts/setup.php: 1 Time(s) //phpMyAdmin/scripts/setup.php: 1 Time(s) //phpmyadmin/scripts/setup.php: 1 Time(s) //web/scripts/setup.php: 1 Time(s) //websql/scripts/setup.php: 1 Time(s) /MyAdmin/scripts/setup.php: 1 Time(s) /favicon.ico: 1 Time(s) /index.php: 1 Time(s) /muieblackcat: 1 Time(s) /myadmin/scripts/setup.php: 1 Time(s) /phpMyAdmin/scripts/setup.php: 1 Time(s) /phpmyadmin/scripts/setup.php: 1 Time(s) /pma/scripts/setup.php: 1 Time(s) /w00tw00t.at.blackhats.romanian.anti-sec:): 1 Time(s)
Prochaine intention : restreindre l'accessibilité de /plinth/ aux sources 192.168.0.0/25 et 10.42.0.0/16 TODO:[d:asap]!!!
Changement, évolution DNS
La "prestation" DNS fournis par le FAI-Free prête à confusion entre "sous-domaine" et "hôte".freeboxos.fr.
Je choisi :
- le nom d'hôte fbx-m1m du domaine freeboxos.fr
- j'inactive XMPP(jwchat).
fred@fbx-m1m:~$ hostname -f fbx-m1m.freeboxos.fr fred@fbx-m1m:~$ dig fbx-m1m.freeboxos.fr @10.42.0.1 ; <<>> DiG 9.9.5-12.1-Debian <<>> fbx-m1m.freeboxos.fr @10.42.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;fbx-m1m.freeboxos.fr. IN A ;; ANSWER SECTION: fbx-m1m.freeboxos.fr. 2217 IN A 82.229.89.119 ;; Query time: 1 msec ;; SERVER: 10.42.0.1#53(10.42.0.1) ;; WHEN: Sun Feb 14 15:10:20 CET 2016 ;; MSG SIZE rcvd: 65
IRC avec Quassel
Je suis fred1m mais je manque de coutumes IRC
De retour d'une semaine d'éloignement
Presque pas de coupure de service pendant une semaine Les torrent étaient suspendus, je note l'effet sur la consommation de RAM. Il n'y avait pas de flux wifi non plus.
Cependant, dès la reprise de proximité, il y a des cas de fin-de-service-sans-signalement-syslog
Je constate l'absence de configuration par défaut pour une liaison "console", la solution utilisée fonctionne sans écran ni clavier. Je souhaite établir une tty via la liaison USB_OTG (À Faire )
Dans le doute, je mets en cause...
...sans certitude, le pilote non-free nécessaire au fonctionnement de l'attachement wifi trop vite choisi Ralink Technology, Corp. RT5370 Wireless Adapter
Je suivrais les recommandations lors d'une prochaine opportunité d'achat, dans l'attente je fixe une tâche quotidienne de redémarrage.
C'est pas triste !
Un extrait à propos de..., pénétrateur⋅euse⋅s putatif⋅ve⋅s ?
1 [Wed May 04 06:25:39.007208 2016] [mpm_prefork:notice] [pid 1195] AH00163: Apache/2.4.20 (Debian) mod_gnutls/0.7.2 GnuTLS/3.4.11 configured -- resuming normal operations
2 [Wed May 04 06:25:39.007445 2016] [core:notice] [pid 1195] AH00094: Command line: '/usr/sbin/apache2'
3 [Wed May 04 09:26:40.771510 2016] [authz_core:error] [pid 19387] [client 150.70.173.48:33694] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
4 [Wed May 04 13:33:34.898192 2016] [authz_core:error] [pid 19390] [client 150.70.188.179:40565] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
5 [Wed May 04 14:19:42.530910 2016] [authz_core:error] [pid 23540] [client 150.70.173.53:60544] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
6 [Wed May 04 15:58:46.487526 2016] [authz_core:error] [pid 19388] [client 150.70.173.7:59643] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
7 [Wed May 04 16:50:55.892334 2016] [authz_core:error] [pid 19390] [client 150.70.173.51:22249] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
8 [Wed May 04 17:32:30.394205 2016] [authz_core:error] [pid 23540] [client 150.70.188.177:42217] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
9 [Wed May 04 21:20:25.142467 2016] [authz_core:error] [pid 19390] [client 150.70.188.169:45045] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
10 [Wed May 04 22:45:45.614009 2016] [authz_core:error] [pid 19387] [client 150.70.188.175:40602] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
11 [Wed May 04 23:14:28.265944 2016] [authz_core:error] [pid 19390] [client 150.70.173.58:37680] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
12 [Thu May 05 00:02:00.768923 2016] [authz_core:error] [pid 19387] [client 194.28.115.233:51000] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
13 [Thu May 05 00:11:07.717825 2016] [authz_core:error] [pid 19390] [client 150.70.188.182:55941] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
14 [Thu May 05 02:01:42.274346 2016] [authz_core:error] [pid 19387] [client 150.70.173.5:37379] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
15 [Thu May 05 03:08:49.977680 2016] [authz_core:error] [pid 19388] [client 120.132.50.135:58842] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
16 [Thu May 05 03:09:03.676944 2016] [authz_core:error] [pid 19390] [client 120.132.50.135:37043] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
17 [Thu May 05 03:53:15.580206 2016] [authz_core:error] [pid 19389] [client 150.70.173.54:51845] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
18 [Thu May 05 05:46:20.171394 2016] [authz_core:error] [pid 19386] [client 150.70.173.55:52690] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
19 [Thu May 05 05:52:12.370859 2016] [authz_core:error] [pid 23540] [client 150.70.188.166:44483] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8000/plinth
20 [Thu May 05 06:25:33.152391 2016] [mpm_prefork:notice] [pid 1195] AH00171: Graceful restart requested, doing restart
boot.src
Pas de mise à jour "fluide" de l'amorçage après mise à jour /boot
fred@fbx-m1m:~$ alors lundi 6 juin 2016, 13:45:52 (UTC+0200) 13:45:52 up 3:56, 1 user, load average: 0,12, 0,10, 0,13 Linux fbx-m1m 4.2.0-1-armmp-lpae #1 SMP Debian 4.2.6-3 (2015-12-06) armv7l GNU/Linux
Plusieurs tentatives sans succès, je suspends mes essais, je ne comprends pas les outils flash-kernel ou mkimage. J'y reviendrai...
hypothèse : sysstat à l'origine des ruptures de continuité de service ?
Je ne consultait pas les ressources fournies par sysstat.
Start-Date: 2016-06-12 13:09:29 Commandline: apt remove sysstat Requested-By: fred (10000) Remove: sysstat:armhf (11.3.3-1) End-Date: 2016-06-12 13:10:00
La période d'observation continue...
Quelques heures après, une nouvelle panne, l'hypothèse ne doit pas être retenue.
Je débranche l'interface Wi-Fi (R5370)
Nouvelle période d'observation...
je constate que le modèle R5370 est en rupture de stock chez mon fournisseur, et que le produit proposé en stock (https://www.olimex.com/Products/USB-Modules/MOD-WIFI-AR9271-ANT/) correspont aux recommandations : "MOD-WIFI-AR9271-ANT is USB WiFi adapter which is with Open Source Linux driver and Linux Kernel build in support since Kernel 2.6.35"
Je vais préparer une nouvelle commande...
Également, je choisis de désactiver l'application Quassel.
La reprise
Après une période de "mise en panne"..., je reprends la mise en usage
Téléchargement + nouvelle installation
Une liste bien garnie d'images à télécharger, je choisi A20 OLinuXino LIME2 ;
la commande `dd` après journalctl -f pour repérer /dev/mmcblk0 dans mon cas ;
Fonctionnement
Après la finalisation d'installation (10 minutes d'attente) la création du login se passe bien
Je m'encourage
Nouveau matériel
Mise en œuvre d'une solution XMAS Olimex Home-server en novembre 2019.
Fonctionnement
- Une image avec de l'information...
- À suivre...
note(s) de bas de page