Differences between revisions 76 and 77
Revision 76 as of 2016-03-07 17:21:30
Size: 51733
Editor: FredLeMeur
Comment: lien lshw
Revision 77 as of 2016-03-12 10:47:45
Size: 52078
Editor: FredLeMeur
Comment: apropos reboot quotidien (avant ajout pièce jointe)
Deletions are marked like this. Additions are marked like this.
Line 1052: Line 1052:
== Dans le doute, je mets en cause... ==

...sans certitude, le pilote `non-free` nécessaire au fonctionnement de l'attachement `wifi` ''trop vite choisi'' :(

Je suivrais les [[FreedomBox/Hardware/USBWiFi|recommandations]] lors d'une prochaine opportunité d'achat, dans l'attente je fixe une tâche quotidienne de redémarrage.

 

Une mise en œuvre du projet FreedomBox avec un matériel (presque1) libre et un FAI2.

Ceci est un humble témoignage d'un cas d'utilisation (EndUser). Je remercie et je salue bien bas les excellents contributeurs du projet FreedomBox3.

Ressouces, documents

Choix et achats

Premières mises sous tension


Seconde stratégie


Entretenir

Tentative "une"

sans succès. La version de Debian fournis par Olimex et mon expérience ont induit un abandon de cette voie (installation du paquet freedombox-setup à partir d'un GNU/Linux Debian nouvellement installé)

État des lieux à la livraison

  • Côté "console" (USB_OTG)

fred@pyxtwo:~$ sudo ifconfig usb0 192.168.2.200

fred@pyxtwo:~$ ssh olimex@192.168.2.1

olimex@OLinuXino-A20:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.1 (jessie)
Release:        8.1
Codename:       jessie

olimex@OLinuXino-A20:~$ findmnt 
TARGET                           SOURCE     FSTYPE     OPTIONS
/                                /dev/mmcblk0p2
                                            ext4       rw,relatime,data=ordered
|-/dev                           devtmpfs   devtmpfs   rw,relatime,size=448624k,nr_inodes=112156,mode=755
| |-/dev/shm                     tmpfs      tmpfs      rw,nosuid,nodev
| `-/dev/pts                     devpts     devpts     rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
|-/sys                           sysfs      sysfs      rw,nosuid,nodev,noexec,relatime
| |-/sys/kernel/security         securityfs securityfs rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/cgroup               tmpfs      tmpfs      ro,nosuid,nodev,noexec,mode=755
| | |-/sys/fs/cgroup/systemd     cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
| | |-/sys/fs/cgroup/cpuset      cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,cpuset
| | |-/sys/fs/cgroup/cpu,cpuacct cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,cpuacct,cpu
| | |-/sys/fs/cgroup/memory      cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,memory
| | |-/sys/fs/cgroup/devices     cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,devices
| | |-/sys/fs/cgroup/freezer     cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,freezer
| | |-/sys/fs/cgroup/blkio       cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,blkio
| | `-/sys/fs/cgroup/perf_event  cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,perf_event
| |-/sys/kernel/debug            debugfs    debugfs    rw,relatime
| |-/sys/fs/fuse/connections     fusectl    fusectl    rw,relatime
| `-/sys/kernel/config           configfs   configfs   rw,relatime
|-/proc                          proc       proc       rw,nosuid,nodev,noexec,relatime
| `-/proc/sys/fs/binfmt_misc     systemd-1  autofs     rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
|-/run                           tmpfs      tmpfs      rw,nosuid,nodev,mode=755
| |-/run/lock                    tmpfs      tmpfs      rw,nosuid,nodev,noexec,relatime,size=5120k
| `-/run/user/1001               tmpfs      tmpfs      rw,nosuid,nodev,relatime,size=89748k,mode=700,uid=1001,gid=1001
`-/media/olimex/6B4C-FFFD9       /dev/mmcblk0p1
                                            vfat       rw,nosuid,nodev,relatime,uid=1001,gid=1001,fmask=0022,dmask=0022,codepage=cp437,iocharset=ascii,shortname=mixed,s

olimex@OLinuXino-A20:~$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       7.3G  819M  6.2G  12% /
devtmpfs        439M     0  439M   0% /dev
tmpfs           439M     0  439M   0% /dev/shm
tmpfs           439M   12M  427M   3% /run
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           439M     0  439M   0% /sys/fs/cgroup
tmpfs            88M  4.0K   88M   1% /run/user/1001
/dev/mmcblk0p1   16M  8.8M  7.3M  55% /media/olimex/6B4C-FFFD9

olimex@OLinuXino-A20:~$ ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default 
    link/ipip 0.0.0.0 brd 0.0.0.0
3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 72:05:ee:af:b6:4d brd ff:ff:ff:ff:ff:ff
4: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 8e:1c:d2:e1:29:52 brd ff:ff:ff:ff:ff:ff
5: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:e1:80:40:57:97 brd ff:ff:ff:ff:ff:ff

602.sa-di

  • LAN

fred@pyxtwo:~$ ip r
default via 192.168.0.254 dev wlan0  proto static  metric 600 
169.254.0.0/16 dev virbr0  scope link  metric 1000 linkdown 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.36  metric 600 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 linkdown
{{{

{{{
fred@pyxtwo:~$ sudo arp -vna
Mot de passe [sudo] de fred :
? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on wlan0
? (192.168.0.184) at 66:82:c8:9a:ba:54 [ether] on wlan0
Entrées: 2      Ignorées: 0     Trouvées: 2

La console Freebox corrobore l'adresse MAC (66:82:c8:9a:ba:54).

  • Après upgrade ; tzdata ; install ntp

fred@OLinuXino-A20:~$ id
uid=1000(fred) gid=1000(fred) groups=1000(fred),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),44(video),46(plugdev),100(users),997(i2c),998(spi)
fred@OLinuXino-A20:~$ uptime
 11:41:57 up 28 min,  1 user,  load average: 1,57, 1,26, 0,95
fred@OLinuXino-A20:~$ lsb_release -d
Description:    Debian GNU/Linux testing (stretch)
fred@OLinuXino-A20:~$ uname -a
Linux OLinuXino-A20 3.4.103-00033-g9a1cd03-dirty #17 SMP PREEMPT Tue Sep 8 11:01:09 EEST 2015 armv7l GNU/Linux
fred@OLinuXino-A20:~$ date
samedi 16 janvier 2016, 11:42:48 (UTC+0100)
fred@OLinuXino-A20:~$ ntpq -np
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.001
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.001
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.001
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.001
+195.154.41.195  195.13.23.5      3 u   29   64    3   33.027   39.436  33.586
+62.210.28.176   84.255.209.79    4 u   25   64    3   25.876   30.049  37.097
+213.186.36.183  145.238.203.14   2 u   25   64    3   29.143   33.524  36.503
-78.192.88.115   145.238.203.14   2 u   19   64    3   24.722   29.918  37.526
+91.121.154.183  145.238.203.10   3 u   23   64    3   31.491   31.962  36.920
+213.154.229.24  192.36.144.23    2 u   24   64    3   39.612   33.782  37.000
+5.196.160.139   10.21.137.1      2 u   24   64    3   27.146   32.401  38.059
+37.187.109.209  138.96.64.10     2 u   25   64    3   28.273   31.775  36.200
-178.23.121.164  192.53.103.104   2 u   23   64    3   48.285   37.647  35.921
*212.83.179.156  138.96.64.10     2 u   23   64    3   26.236   32.233  34.638
  • C/S ssh

fred@OLinuXino-A20:~$ sudo arp -na
[sudo] password for fred: 
? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on eth0
? (192.168.0.36) at 0c:d2:92:6e:82:7d [ether] on eth0
fred@OLinuXino-A20:~$ w
 11:56:32 up 43 min,  1 user,  load average: 1,00, 1,01, 0,97
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
fred     pts/0    192.168.0.36     11:36    8.00s  0.29s  0.04s w
  • locales

fred@OLinuXino-A20:~$ sudo apt-get --reinstall install locales
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 3 323 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://ftp.fr.debian.org/debian testing/main armhf locales all 2.21-6 [3 323 kB]
Fetched 3 323 kB in 7s (431 kB/s)                                                                                                                                      
Preconfiguring packages ...
(Reading database ... 37318 files and directories currently installed.)
Preparing to unpack .../locales_2.21-6_all.deb ...
Unpacking locales (2.21-6) over (2.21-6) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up locales (2.21-6) ...
Generating locales (this might take a while)...
  fr_FR.UTF-8...locale alias file `/usr/share/locale/locale.alias' not found: No such file or directory
 done
Generation complete.

Il reste un problème...

  • paquet olimex-tools à retrouver...

fred@OLinuXino-A20:~$ sudo apt-get -s purge locales libc-l10n
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  dialog
Use 'sudo apt autoremove' to remove it.
The following packages will be REMOVED:
  libc-l10n* locales* olimex-tools*
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
Purg olimex-tools [1.0]
Purg locales [2.21-6]
Purg libc-l10n [2.21-6]
fred@OLinuXino-A20:~$ dpkg -L olimex-tools
/.
/usr
/usr/bin
/usr/bin/a10_display
/usr/bin/change_display.sh
/usr/bin/devmem
/usr/bin/netcardconfig
/usr/bin/wlcardconfig
/usr/bin/olimex-config

Tentative "deux"

Avec succès

  • à faire : inclure traces commandes dd

Passage par image téléchargée

  • ouf (soupir) !

fred@pyxtwo:~$ ssh fred@192.168.0.20
The authenticity of host '192.168.0.20 (192.168.0.20)' can't be established.
ECDSA key fingerprint is SHA256:mQNuPPxekVe7xLDa0UWVn+Wl/H8wAjePgK2gWI4xghA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.20' (ECDSA) to the list of known hosts.
fred@192.168.0.20's password: 
Creating directory '/home/fred'.

                         .--._    _.--.
                        (     \  /     )
                         \     /\     /
                          \_   \/   _/
                           /        \
                          (    /\    )
                           `--'  `--'

                           FreedomBox

FreedomBox is a pure blend of Debian GNU/Linux.  FreedomBox manual is
available in /usr/share/doc/plinth.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
fred@freedombox:~$ date
dimanche 17 janvier 2016, 15:34:20 (UTC+0000)
  • un meilleur noyau

fred@freedombox:~$ uname -a
Linux freedombox 4.2.0-1-armmp-lpae #1 SMP Debian 4.2.6-3 (2015-12-06) armv7l GNU/Linux
fred@freedombox:~$ date
lundi 18 janvier 2016, 16:11:31 (UTC+0100)

Activation et essais de quelques applications

  • Network (wifi avec firmware-misc-nonfree)

  • ikiwiki
  • mumble
  • AP sur canal 3
  • IHM web

À décrire.

Préparation LVM

  • Volume Physique (PV)

Disk /dev/sda: 465,8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
fred@freedombox:~$ pvdisplay
-bash: pvdisplay : commande introuvable
fred@freedombox:~$ sudo pvdisplay
fred@freedombox:~$ sudo pvcreate /dev/sda
  allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support.
  Falling back to native LVM signature detection.
  Physical volume "/dev/sda" successfully created
fred@freedombox:~$ sudo pvdisplay
  "/dev/sda" is a new physical volume of "465,76 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sda
  VG Name               
  PV Size               465,76 GiB
  Allocatable           NO
  PE Size               0   
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               MdGBd2-ebx1-6o6y-ltF6-8hPa-kMEO-fpm40M

Porter le contenu de /var/lib

Pour suivre le design FreedomBox.

  • VG

fred@freedombox:~$ sudo vgcreate ddsata /dev/sda
  Volume group "ddsata" successfully created
fred@freedombox:~$ sudo vgdisplay
  --- Volume group ---
  VG Name               ddsata
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               465,76 GiB
  PE Size               4,00 MiB
  Total PE              119234
  Alloc PE / Size       0 / 0   
  Free  PE / Size       119234 / 465,76 GiB
  VG UUID               9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa
  • LV

fred@freedombox:~$ sudo lvcreate -n varlib -L 200g ddsata
  allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support.
  Falling back to native LVM signature detection.
  Logical volume "varlib" created.
fred@freedombox:~$ sudo lvdisplay
  --- Logical volume ---
  LV Path                /dev/ddsata/varlib
  LV Name                varlib
  VG Name                ddsata
  LV UUID                1FLvL1-4w3z-XJL3-YTqy-eA03-fVkt-THhFUC
  LV Write Access        read/write
  LV Creation host, time freedombox, 2016-01-18 17:40:45 +0100
  LV Status              available
  # open                 0
  LV Size                200,00 GiB
  Current LE             51200
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           254:0

fred@freedombox:~$ sudo lvs
  LV     VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  varlib ddsata -wi-a----- 200,00g                                                    
  • reprendre éléments du fichier-script.log
  • après reboot

fred@freedombox:~/603traces$ findmnt 
TARGET                                SOURCE              FSTYPE     OPTIONS
/                                     /dev/mmcblk0p2[/@]  btrfs      rw,relatime,ssd,space_cache,subvolid=257,subvol=/@
├─/sys                                sysfs               sysfs      rw,nosuid,nodev,noexec,relatime
│ ├─/sys/kernel/security              securityfs          securityfs rw,nosuid,nodev,noexec,relatime
│ ├─/sys/fs/cgroup                    tmpfs               tmpfs      ro,nosuid,nodev,noexec,mode=755
│ │ ├─/sys/fs/cgroup/systemd          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
│ │ ├─/sys/fs/cgroup/blkio            cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,blkio
│ │ ├─/sys/fs/cgroup/freezer          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,freezer
│ │ ├─/sys/fs/cgroup/perf_event       cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,perf_event
│ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,net_cls,net_prio
│ │ ├─/sys/fs/cgroup/cpu,cpuacct      cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpu,cpuacct
│ │ ├─/sys/fs/cgroup/cpuset           cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpuset
│ │ └─/sys/fs/cgroup/devices          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,devices
│ └─/sys/kernel/debug                 debugfs             debugfs    rw,relatime
├─/proc                               proc                proc       rw,relatime
│ └─/proc/sys/fs/binfmt_misc          systemd-1           autofs     rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
├─/dev                                udev                devtmpfs   rw,relatime,size=10240k,nr_inodes=126433,mode=755
│ ├─/dev/pts                          devpts              devpts     rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
│ ├─/dev/shm                          tmpfs               tmpfs      rw,nosuid,nodev
│ ├─/dev/hugepages                    hugetlbfs           hugetlbfs  rw,relatime
│ └─/dev/mqueue                       mqueue              mqueue     rw,relatime
├─/run                                tmpfs               tmpfs      rw,nosuid,relatime,size=205480k,mode=755
│ ├─/run/lock                         tmpfs               tmpfs      rw,nosuid,nodev,noexec,relatime,size=5120k
│ └─/run/user/10000                   tmpfs               tmpfs      rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100
├─/btrfs                              /dev/mmcblk0p2      btrfs      rw,relatime,ssd,space_cache,subvolid=5,subvol=/
├─/boot                               /dev/mmcblk0p1      ext2       rw,relatime,errors=remount-ro
└─/var/lib                            /dev/mapper/ddsata-varlib
                                                          ext4       rw,relatime,errors=remount-ro,data=ordered
fred@freedombox:~/603traces$ sudo lvs
[sudo] password for fred: 
  LV     VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  varlib ddsata -wi-ao---- 200,00g                                                    
  • Quelques essais positifs
    • ikiwi
    • diag-tor
    • IHM-web

Application "tor"

  • activation via IHM-web

Installation

Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ?

Paquet                  Sommaire

obfs4proxy              pluggable transport proxy for Tor, implementing obfs4
apt-transport-tor       APT transport for anonymous package downloads via Tor
tor-geoipdb             GeoIP database for Tor
tor                     anonymizing overlay network for TCP
torsocks                use SOCKS-friendly applications with Tor
  • accès au service en ".onion" avec succès :-)

ownCloud

  • avant activation

fred@freedombox:~$ df -h
Sys. de fichiers          Taille Utilisé Dispo Uti% Monté sur
udev                         10M       0   10M   0% /dev
tmpfs                       201M    3,2M  198M   2% /run
/dev/mmcblk0p2              3,7G    1,6G  1,8G  48% /
tmpfs                       502M       0  502M   0% /dev/shm
tmpfs                       5,0M       0  5,0M   0% /run/lock
tmpfs                       502M       0  502M   0% /sys/fs/cgroup
/dev/mmcblk0p2              3,7G    1,6G  1,8G  48% /btrfs
/dev/mmcblk0p1              113M     31M   76M  29% /boot
/dev/mapper/ddsata-varlib   197G    219M  187G   1% /var/lib
tmpfs                       101M       0  101M   0% /run/user/10000
  • activation (IHM-web)

Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ?
Paquet          Sommaire
php5-pgsql      PostgreSQL module for php5
owncloud        cloud storage for files, music, contacts, calendars and many more
postgresql      object-relational SQL database (supported version)
  • après
    • df -h

      fred@freedombox:~$ df -h
      Sys. de fichiers          Taille Utilisé Dispo Uti% Monté sur
      udev                         10M       0   10M   0% /dev
      tmpfs                       201M    3,3M  198M   2% /run
      /dev/mmcblk0p2              3,7G    1,9G  1,6G  56% /
      tmpfs                       502M    4,0K  502M   1% /dev/shm
      tmpfs                       5,0M       0  5,0M   0% /run/lock
      tmpfs                       502M       0  502M   0% /sys/fs/cgroup
      /dev/mmcblk0p2              3,7G    1,9G  1,6G  56% /btrfs
      /dev/mmcblk0p1              113M     31M   76M  29% /boot
      /dev/mapper/ddsata-varlib   197G    268M  187G   1% /var/lib
      tmpfs                       101M       0  101M   0% /run/user/10000
    • pg_lsclusters

      fred@freedombox:~$ pg_lsclusters
      Ver Cluster Port Status Owner    Data directory               Log file
      9.5 main    5432 online postgres /var/lib/postgresql/9.5/main /var/log/postgresql/postgresql-9.5-main.log

État d'avancement

fred@freedombox:~$ date ; uptime
jeudi 21 janvier 2016, 10:07:02 (UTC+0100)
 10:07:02 up 1 day, 18:18,  1 user,  load average: 0,00, 0,01, 0,05

Bonnes sensations dans l'ensemble.

À reconsidérer

  • FS
    fred@freedombox:~$ findmnt 
    TARGET                                SOURCE              FSTYPE     OPTIONS
    /                                     /dev/mmcblk0p2[/@]  btrfs      rw,relatime,ssd,space_cache,subvolid=257,subvol=/@
    ├─/sys                                sysfs               sysfs      rw,nosuid,nodev,noexec,relatime
    │ ├─/sys/kernel/security              securityfs          securityfs rw,nosuid,nodev,noexec,relatime
    │ ├─/sys/fs/cgroup                    tmpfs               tmpfs      ro,nosuid,nodev,noexec,mode=755
    │ │ ├─/sys/fs/cgroup/systemd          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
    │ │ ├─/sys/fs/cgroup/blkio            cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,blkio
    │ │ ├─/sys/fs/cgroup/devices          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,devices
    │ │ ├─/sys/fs/cgroup/cpuset           cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpuset
    │ │ ├─/sys/fs/cgroup/cpu,cpuacct      cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpu,cpuacct
    │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,net_cls,net_prio
    │ │ ├─/sys/fs/cgroup/freezer          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,freezer
    │ │ └─/sys/fs/cgroup/perf_event       cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,perf_event
    │ └─/sys/kernel/debug                 debugfs             debugfs    rw,relatime
    ├─/proc                               proc                proc       rw,relatime
    │ └─/proc/sys/fs/binfmt_misc          systemd-1           autofs     rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
    ├─/dev                                udev                devtmpfs   rw,relatime,size=10240k,nr_inodes=126433,mode=755
    │ ├─/dev/pts                          devpts              devpts     rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
    │ ├─/dev/shm                          tmpfs               tmpfs      rw,nosuid,nodev
    │ ├─/dev/hugepages                    hugetlbfs           hugetlbfs  rw,relatime
    │ └─/dev/mqueue                       mqueue              mqueue     rw,relatime
    ├─/run                                tmpfs               tmpfs      rw,nosuid,relatime,size=205480k,mode=755
    │ ├─/run/lock                         tmpfs               tmpfs      rw,nosuid,nodev,noexec,relatime,size=5120k
    │ └─/run/user/10000                   tmpfs               tmpfs      rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100
    ├─/btrfs                              /dev/mmcblk0p2      btrfs      rw,relatime,ssd,space_cache,subvolid=5,subvol=/
    ├─/boot                               /dev/mmcblk0p1      ext2       rw,relatime,errors=remount-ro
    └─/var/lib                            /dev/mapper/ddsata-varlib
                                                              ext4       rw,relatime,errors=remount-ro,data=ordered
    • mais...
      janv. 19 15:39:40 freedombox systemd[1]: var-lib.mount: Directory /var/lib to mount over is not empty, mounting anyway.
    • SATA
      janv. 19 15:39:40 freedombox kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
      [...]
      janv. 19 15:39:40 freedombox kernel: xor: using function: arm4regs (1254.000 MB/sec)
    • microSD
      janv. 19 15:39:40 freedombox kernel: Btrfs loaded
      janv. 19 15:39:40 freedombox kernel: BTRFS: device fsid 2bb9a7a0-a166-41af-b18f-1ce05351aa7d devid 1 transid 1317 /dev/mmcblk0p2
      janv. 19 15:39:40 freedombox kernel: BTRFS info (device mmcblk0p2): disk space caching is enabled
      janv. 19 15:39:40 freedombox kernel: BTRFS: has skinny extents
      janv. 19 15:39:40 freedombox kernel: BTRFS: detected SSD devices, enabling SSD mode
  • projet nouvelle version de /etc/fstab avec deux LV pour /usr et /var et abandon LV varlib

    • (à l'étude)...
    • après tentative sans succès, le "déplacement" de /usr était une mauvaise idée.

Période d'observation

je.28/1/6

  • fred@freedombox:~$ date ; uptime
    jeudi 28 janvier 2016, 10:34:24 (UTC+0100)
     10:34:24 up 11:18,  1 user,  load average: 3,11, 3,07, 3,05
    Beaucoup de charge CPU, trois processus "apache2" en "boucle" détruits. Hypothèse d'origine : l'application web abandonne des processus ?
    • fred@freedombox:~$ systemctl -l status apache2.service

      ● apache2.service - LSB: Apache2 web server
         Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
         Active: active (running) since mer. 2016-01-27 23:16:13 CET; 11h ago
           Docs: man:systemd-sysv-generator(8)
        Process: 5748 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
        Process: 871 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
         CGroup: /system.slice/apache2.service
                 ├─1045 /usr/sbin/apache2 -k start
                 ├─5794 /usr/sbin/apache2 -k start
                 ├─5795 /usr/sbin/apache2 -k start
                 ├─5796 /usr/sbin/apache2 -k start
                 ├─5797 /usr/sbin/apache2 -k start
                 └─5798 /usr/sbin/apache2 -k start
      
      janv. 27 23:16:03 freedombox systemd[1]: Starting LSB: Apache2 web server...
      janv. 27 23:16:09 freedombox apache2[871]: Starting web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
      janv. 27 23:16:13 freedombox apache2[871]: .
      janv. 27 23:16:13 freedombox systemd[1]: Started LSB: Apache2 web server.
      janv. 28 06:25:10 freedombox systemd[1]: Reloading LSB: Apache2 web server.
      janv. 28 06:25:14 freedombox apache2[5748]: Reloading web server: apache2.
      janv. 28 06:25:14 freedombox systemd[1]: Reloaded LSB: Apache2 web server.

      Les processus détruits à l'aide de sudo htop étaient actifs après le rechargement de Apache2 web server !

    • FS
      • df -h

        Sys. de fichiers       Taille Utilisé Dispo Uti% Monté sur
        udev                      10M       0   10M   0% /dev
        tmpfs                    201M    3,3M  198M   2% /run
        /dev/mmcblk0p2           7,3G    1,6G  5,5G  23% /
        tmpfs                    502M    4,0K  502M   1% /dev/shm
        tmpfs                    5,0M       0  5,0M   0% /run/lock
        tmpfs                    502M       0  502M   0% /sys/fs/cgroup
        /dev/mmcblk0p2           7,3G    1,6G  5,5G  23% /btrfs
        /dev/mmcblk0p1           113M     53M   55M  50% /boot
        /dev/mapper/ddsata-var   219G    1,8G  206G   1% /var
        tmpfs                    101M       0  101M   0% /run/user/10000
      • findmnt

        TARGET                                SOURCE              FSTYPE     OPTIONS
        /                                     /dev/mmcblk0p2[/@]  btrfs      rw,relatime,ssd,space_cache,subvolid=257,subvol=/@
        ├─/sys                                sysfs               sysfs      rw,nosuid,nodev,noexec,relatime
        │ ├─/sys/kernel/security              securityfs          securityfs rw,nosuid,nodev,noexec,relatime
        │ ├─/sys/fs/cgroup                    tmpfs               tmpfs      ro,nosuid,nodev,noexec,mode=755
        │ │ ├─/sys/fs/cgroup/systemd          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
        │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,net_cls,net_prio
        │ │ ├─/sys/fs/cgroup/blkio            cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,blkio
        │ │ ├─/sys/fs/cgroup/cpu,cpuacct      cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpu,cpuacct
        │ │ ├─/sys/fs/cgroup/freezer          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,freezer
        │ │ ├─/sys/fs/cgroup/perf_event       cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,perf_event
        │ │ ├─/sys/fs/cgroup/devices          cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,devices
        │ │ └─/sys/fs/cgroup/cpuset           cgroup              cgroup     rw,nosuid,nodev,noexec,relatime,cpuset
        │ └─/sys/kernel/debug                 debugfs             debugfs    rw,relatime
        ├─/proc                               proc                proc       rw,relatime
        │ └─/proc/sys/fs/binfmt_misc          systemd-1           autofs     rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
        ├─/dev                                udev                devtmpfs   rw,relatime,size=10240k,nr_inodes=126432,mode=755
        │ ├─/dev/pts                          devpts              devpts     rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
        │ ├─/dev/shm                          tmpfs               tmpfs      rw,nosuid,nodev
        │ ├─/dev/hugepages                    hugetlbfs           hugetlbfs  rw,relatime
        │ └─/dev/mqueue                       mqueue              mqueue     rw,relatime
        ├─/run                                tmpfs               tmpfs      rw,nosuid,relatime,size=205480k,mode=755
        │ ├─/run/lock                         tmpfs               tmpfs      rw,nosuid,nodev,noexec,relatime,size=5120k
        │ └─/run/user/10000                   tmpfs               tmpfs      rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100
        ├─/btrfs                              /dev/mmcblk0p2      btrfs      rw,relatime,ssd,space_cache,subvolid=5,subvol=/
        ├─/boot                               /dev/mmcblk0p1      ext2       rw,relatime,errors=remount-ro
        └─/var                                /dev/mapper/ddsata-var
                                                                  ext4       rw,relatime,errors=remount-ro,data=ordered
      • sudo lvs

          LV   VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
          var  ddsata -wi-ao---- 222,00g                                                    
        Je suis satisfait par cette version du FS, il reste de l'espace pour des copies de secours (à revoir plus tard).
      • sudo vgdisplay

          --- Volume group ---
          VG Name               ddsata
          System ID             
          Format                lvm2
          Metadata Areas        1
          Metadata Sequence No  6
          VG Access             read/write
          VG Status             resizable
          MAX LV                0
          Cur LV                1
          Open LV               1
          Max PV                0
          Cur PV                1
          Act PV                1
          VG Size               465,76 GiB
          PE Size               4,00 MiB
          Total PE              119234
          Alloc PE / Size       56832 / 222,00 GiB
          Free  PE / Size       62402 / 243,76 GiB
          VG UUID               9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa
    • Les processus
      • systemctl -l --no-pager status > 604je.txt

lu.01/2/6

Quelques conclusions non définitives.

  • Deluge

    • Trop de doute sur l'étape GUI "login/logout" et les tâches "100%CPU"-apache2. En outre, après reboot il n'y a pas de reprise de diffusion. :-(

  • J'expérimente Transmission (login type htaccess).

    • Je préfère. :-) 605luSeeding_tails-2.0-debian-8.3.0.png

  • Tor

    • Le port ORPort change après chaque reboot le réglage de la FAI-Freebox me laisse des doutes (redirection de ports). J'envisage l'essai de la fonction DMZ (À faire).

      grep ORPort /var/log/tor/log
      Feb 01 06:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 06:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 07:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 07:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 07:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 08:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 08:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      Feb 01 08:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
    • Tenter reboot FAI-Freebox sans coupure Freedombox

      • Bonne idée !
        Confirmez l'utilisation de Tor pour https://check.torproject.org sur tcp4       passed

        Extrait Résultats Diagnostic de plinth.

  • serverstats me semble une solution simple et légère (pas de MySQL-cacti|munin), elle m’apparaît facile à bricoler (sans être un vrai dev) :-)

    • 605RAM-luMatin.png

    • À faire : ~récapituler la mise en œuvre~

    • Je modifie un peu pour voir... 605serverstats.diff

je.04/2/6

  • Transmission

    • C'est pas grand chose et un grand plaisir de participer :-)

      ● transmission-daemon.service - Transmission BitTorrent Daemon
         Loaded: loaded (/lib/systemd/system/transmission-daemon.service; enabled; vendor preset: enabled)
         Active: active (running) since jeu. 2016-02-04 09:23:24 CET; 10min ago
       Main PID: 20249 (transmission-da)
         Status: "Uploading 18.04 KBps, Downloading 0.62 KBps."
      fred@freedombox:/var/lib/transmission-daemon/downloads$ du -sh *
      3,8G    debian-8.3.0-i386-amd64-source-DVD-1.iso
      1,3G    debian-live-8.3.0-amd64-gnome-desktop.iso
      1,5G    debian-live-8.3.0-i386-gnome-desktop.iso
      1,1G    tails-i386-2.0

      605je-transmission.png

Période de suivi

Version ciblée : Testing

  • Modifications /etc/apt

       1 diff --git a/apt/apt.conf.d/06version-cible b/apt/apt.conf.d/06version-cible
       2 new file mode 100644
       3 index 0000000..ce20589
       4 --- /dev/null
       5 +++ b/apt/apt.conf.d/06version-cible
       6 @@ -0,0 +1 @@
       7 +APT::Default-Release "testing";
       8 diff --git a/apt/sources.list b/apt/sources.list
       9 index da8b956..7d117ee 100644
      10 --- a/apt/sources.list
      11 +++ b/apt/sources.list
      12 @@ -1,3 +1,9 @@
      13 +deb http://httpredir.debian.org/debian testing main non-free
      14 +deb-src http://httpredir.debian.org/debian testing main non-free
      15 +
      16 +deb http://security.debian.org/ testing/updates main
      17 +deb-src http://security.debian.org/ testing/updates main
      18 +
      19  deb http://httpredir.debian.org/debian sid main non-free
      20  deb-src http://httpredir.debian.org/debian sid main non-free
      21  
    

    605ve-apt-testing.diff

  • Vérification après dist-upgrade

       1 Script started on ven. 05 févr. 2016 12:57:31 CET
       2 fred@freedombox:~$ sudo apt-get update
       3 Atteint:1 http://security.debian.org testing/updates InRelease
       4 Atteint:2 http://debian.mirrors.ovh.net/debian testing InRelease
       5 Atteint:3 http://ftp2.fr.debian.org/debian sid InRelease
       6 Lecture des listes de paquets... Fait
       7 
       8 fred@freedombox:~$ sudo apt-get -s dist-upgrade
       9 Calcul de la mise à jour... Fait
      10 0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.
      11 
      12 fred@freedombox:~$ sudo apt-get -s -t sid dist-upgrade
      13 Calcul de la mise à jour... Fait
      14 
      15 Les NOUVEAUX paquets suivants seront installés :
      16   busybox initramfs-tools-core
      17 Les paquets suivants seront mis à jour :
      18   batctl binutils coreutils erlang-lager erlang-p1-cache-tab erlang-p1-stringprep erlang-p1-xml erlang-p1-yaml gir1.2-networkmanager-1.0 gir1.2-packagekitglib-1.0
      19   initramfs-tools insserv isc-dhcp-client isc-dhcp-common iso-codes libboost-filesystem1.58.0 libboost-iostreams1.58.0 libboost-python1.58.0 libboost-system1.58.0
      20   libdatrie1 libdebconfclient0 libgnutls-openssl27 libgnutls30 libjpeg62-turbo libnm-glib4 libnm-util2 libnm0 libnss-myhostname libpackagekit-glib2-18 libpam-systemd
      21   libpq5 libsystemd0 libteamdctl0 libthai-data libthai0 libudev1 network-manager packagekit packagekit-tools postgresql-9.5 postgresql-client-9.5 publicsuffix
      22   python-cryptography python-django-common python3-django ruby-test-unit systemd systemd-sysv udev unattended-upgrades
      23 50 mis à jour, 2 nouvellement installés, 0 à enlever et 0 non mis à jour.
      24 
      25 fred@freedombox:~$ exit
      26 Script done on ven. 05 févr. 2016 12:58:54 CET
    

    605ve-AQ-testing-vs-sig.txt

Exposition de la solution FreedomBox dans la DMZ du boîtier du FAI.

  • Sans redirection de port à ajuster
    • fred@freedombox:~$ systemctl -l status system-tor.slice
      ● system-tor.slice
         Loaded: loaded
         Active: active since ven. 2016-02-05 12:00:25 CET; 3h 34min ago
         CGroup: /system.slice/system-tor.slice
                 └─tor@default.service
                   ├─1900 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
                   └─1902 /usr/bin/obfs4proxy
      
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on 127.0.0.1:9053
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on [::1]:9053
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on [::1]:9040
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on 127.0.0.1:9051
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on /var/run/tor/control
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening OR listener on 0.0.0.0:0
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] OR listener listening on port 45715.
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Extended OR listener on 127.0.0.1:0
      févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.957 [notice] Extended OR listener listening on port 34341.
      Mais
      Feb 05 15:37:17.000 [warn] Your server (82.229.89.119:45715) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
  • DNS (merci FAI) :-|
       1 Le script a débuté sur ven. 05 févr. 2016 16:25:43 CET
       2 
       3 $ dig freedombox.local
       4 
       5 ; <<>> DiG 9.9.5-12.1-Debian <<>> freedombox.local
       6 ;; global options: +cmd
       7 ;; Got answer:
       8 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41144
       9 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
      10 
      11 ;; OPT PSEUDOSECTION:
      12 ; EDNS: version: 0, flags:; udp: 1280
      13 ;; QUESTION SECTION:
      14 ;freedombox.local.		IN	A
      15 
      16 ;; Query time: 1 msec
      17 ;; SERVER: 10.42.0.1#53(10.42.0.1)
      18 ;; WHEN: Fri Feb 05 16:26:25 CET 2016
      19 ;; MSG SIZE  rcvd: 45
      20 
      21 $ dig mlm-fbx.freeboxos.fr
      22 
      23 ; <<>> DiG 9.9.5-12.1-Debian <<>> mlm-fbx.freeboxos.fr
      24 ;; global options: +cmd
      25 ;; Got answer:
      26 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41068
      27 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
      28 
      29 ;; OPT PSEUDOSECTION:
      30 ; EDNS: version: 0, flags:; udp: 1280
      31 ;; QUESTION SECTION:
      32 ;mlm-fbx.freeboxos.fr.		IN	A
      33 
      34 ;; ANSWER SECTION:
      35 mlm-fbx.freeboxos.fr.	2653	IN	A	82.229.89.119
      36 
      37 ;; Query time: 2 msec
      38 ;; SERVER: 10.42.0.1#53(10.42.0.1)
      39 ;; WHEN: Fri Feb 05 16:26:34 CET 2016
      40 ;; MSG SIZE  rcvd: 65
      41 
      42 $ exit
      43 exit
      44 
      45 Script terminé sur ven. 05 févr. 2016 16:26:38 CET
    

    605ve-dig-DNS.txt

    Et donc, cela reste à voir...

Et bien, qu'est-ce cela ?

  • samedi matin
       1 [Sat Feb 06 02:03:11.691527 2016] [authz_core:error] [pid 20697] [client 150.70.188.175:53463] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\
       2 000/plinth
       3 [Sat Feb 06 02:25:39.760373 2016] [gnutls:error] [pid 20630] [client 66.171.228.150:18107] GnuTLS: Handshake Failed. Hit Maximum Attempts
       4 [Sat Feb 06 02:55:28.411526 2016] [authz_core:error] [pid 5317] [client 150.70.173.10:35262] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\
       5 0/plinth
       6 [Sat Feb 06 03:23:11.298064 2016] [authz_core:error] [pid 20772] [client 150.70.188.177:57829] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\
       7 000/plinth
       8 [Sat Feb 06 03:38:14.530662 2016] [gnutls:error] [pid 8850] [client 85.203.19.222:62188] GnuTLS: Handshake Failed. Hit Maximum Attempts
       9 [Sat Feb 06 03:39:35.259473 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:35704] GnuTLS: Handshake Failed. Hit Maximum Attempts
      10 [Sat Feb 06 03:41:08.279441 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:60962] GnuTLS: Handshake Failed. Hit Maximum Attempts
      11 [Sat Feb 06 03:42:31.247390 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:48414] GnuTLS: Handshake Failed. Hit Maximum Attempts
      12 [Sat Feb 06 03:44:01.231664 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:27247] GnuTLS: Handshake Failed. Hit Maximum Attempts
      13 [Sat Feb 06 03:49:00.398461 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:43575] GnuTLS: Handshake Failed. Hit Maximum Attempts
      14 [Sat Feb 06 03:59:56.373834 2016] [gnutls:error] [pid 20796] [client 216.185.58.250:59561] GnuTLS: Handshake Failed. Hit Maximum Attempts
      15 [Sat Feb 06 04:15:18.538671 2016] [authz_core:error] [pid 20630] [client 150.70.188.177:51726] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\
      16 000/plinth
      17 [Sat Feb 06 04:20:36.312944 2016] [gnutls:error] [pid 20629] [client 216.185.58.250:37786] GnuTLS: Handshake Failed. Hit Maximum Attempts
      18 [Sat Feb 06 04:21:24.866933 2016] [authz_core:error] [pid 10865] [client 150.70.173.49:57077] AH01630: client denied by server configuration: proxy:http://127.0.0.1:80\
      19 00/plinth
      20 [Sat Feb 06 04:25:08.290801 2016] [gnutls:error] [pid 20772] [client 216.185.58.250:22864] GnuTLS: Handshake Failed. Hit Maximum Attempts
      21 [Sat Feb 06 04:31:38.174325 2016] [gnutls:error] [pid 8850] [client 216.185.58.250:56625] GnuTLS: Handshake Failed. Hit Maximum Attempts
      22 [Sat Feb 06 04:53:09.101955 2016] [authz_core:error] [pid 20796] [client 150.70.97.85:58610] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\
      23 0/plinth
      24 [Sat Feb 06 05:46:47.935067 2016] [authz_core:error] [pid 20630] [client 150.70.172.232:60173] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\
      25 000/plinth
      26 [Sat Feb 06 05:59:08.345722 2016] [authz_core:error] [pid 5317] [client 150.70.173.45:60482] AH01630: client denied by server configuration: proxy:http://127.0.0.1:800\
      27 0/plinth
      28 [Sat Feb 06 06:11:15.851530 2016] [authz_core:error] [pid 20772] [client 150.70.188.175:59600] AH01630: client denied by server configuration: proxy:http://127.0.0.1:8\
      29 000/plinth
      30 [Sat Feb 06 06:25:09.849697 2016] [mpm_prefork:notice] [pid 935] AH00171: Graceful restart requested, doing restart
    

    605sa-matin-tôt.txt

  • mardi soir
    Feb  9 19:36:11 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root
    Feb  9 19:36:11 freedombox sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122  user=root
    Feb  9 19:36:13 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2
    Feb  9 19:36:13 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root
    Feb  9 19:36:15 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2
    Feb  9 19:36:15 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root
    Feb  9 19:36:17 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2
    Feb  9 19:36:18 freedombox sshd[3365]: Connection closed by 78.24.223.122 [preauth]
    Feb  9 19:36:18 freedombox sshd[3365]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122  user=root
  • Avec logwatch

    sshd:
      Authentication Failures:
         root (59.45.79.51): 1221 Time(s)
         root (60.173.26.173): 1023 Time(s)
         root (78.24.223.122): 60 Time(s)
         unknown (193.201.227.124): 35 Time(s)
         unknown (75.148.154.225): 20 Time(s)
         root (193.201.227.124): 16 Time(s)
         root (75.148.154.225): 5 Time(s)
         unknown (2.177.237.247): 4 Time(s)
         unknown (78.24.223.122): 3 Time(s)
         root (2.177.237.247): 2 Time(s)
      Invalid Users:
         Unknown Account: 62 Time(s) 
    
    **Unmatched Entries**
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user admin: 17 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user manager: 1 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user operator: 1 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user root: 11 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user support: 2 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user tech: 1 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user test: 1 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user ubnt: 1 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user user: 5 Time(s)
      pam-abl: Blocking access from 193.201.227.124 to service sshd, user webadmin: 1 Time(s)
      pam-abl: Blocking access from 59.45.79.51 to service sshd, user root: 1216 Time(s)
      pam-abl: Blocking access from 60.173.26.173 to service sshd, user root: 1018 Time(s)
      pam-abl: Blocking access from 75.148.154.225 to service sshd, user root: 5 Time(s)
      pam-abl: Blocking access from 78.24.223.122 to service sshd, user root: 60 Time(s)
      systemd-logind: New seat seat0.: 1 Time(s) 

    :-(

  • mercredi en milieu de journée, tant d'égaré(s) ?

    Feb 10 08:19:38 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2
    Feb 10 08:19:40 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2
    Feb 10 08:31:46 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2
    Feb 10 08:31:48 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2
    Feb 10 08:43:39 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2
    Feb 10 08:43:41 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2
    Feb 10 08:55:27 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2
    Feb 10 08:55:29 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2
    Feb 10 09:07:19 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2
    Feb 10 09:07:22 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2
    Feb 10 09:19:09 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2
    Feb 10 09:19:12 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2
    Feb 10 09:31:01 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2
    Feb 10 09:31:04 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2
    Feb 10 09:42:57 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2
    Feb 10 09:42:59 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2
    Feb 10 09:56:20 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2
    Feb 10 09:56:22 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2
    Feb 10 09:56:24 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2
    Feb 10 10:08:36 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2
    Feb 10 10:08:38 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2
    Feb 10 10:21:53 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2
    Feb 10 10:21:55 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2
    Feb 10 10:33:21 freedombox sshd[869]: Failed password for invalid user tomcat from 78.24.223.122 port 50850 ssh2
    Feb 10 10:46:33 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2
    Feb 10 10:46:35 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2
    Feb 10 10:46:36 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2
    Feb 10 10:58:48 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2
    Feb 10 10:58:50 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2
    Feb 10 11:10:10 freedombox sshd[1823]: Failed password for invalid user ident from 78.24.223.122 port 33780 ssh2
    Feb 10 11:21:19 freedombox sshd[2047]: Failed password for invalid user mysql from 78.24.223.122 port 37433 ssh2
    Feb 10 11:34:33 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2
    Feb 10 11:34:35 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2
    Feb 10 11:34:37 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2
    Feb 10 11:46:09 freedombox sshd[2660]: Failed password for invalid user gabriel from 78.24.223.122 port 60863 ssh2
    Feb 10 13:53:42 freedombox sshd[5564]: Failed password for root from 186.216.135.156 port 45057 ssh2
    Feb 10 14:11:52 freedombox sshd[6008]: Failed password for invalid user admin from 186.216.135.156 port 48238 ssh2
    Feb 10 14:33:03 freedombox sshd[6486]: Failed password for invalid user ubnt from 186.216.135.156 port 38352 ssh2
  • évolution firewalld encore merci :-)

    diff --git a/firewalld/zones/external.xml b/firewalld/zones/external.xml
    index e069b5b..c3d448c 100644
    --- a/firewalld/zones/external.xml
    +++ b/firewalld/zones/external.xml
    @@ -3,10 +3,9 @@
       <short>External</short>
       <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
       <service name="xmpp-server"/>
    -  <service name="ssh"/>
    -  <service name="xmpp-bosh"/>
       <service name="http"/>
    -  <service name="https"/>
       <service name="xmpp-client"/>
    +  <service name="https"/>
    +  <service name="xmpp-bosh"/>
       <masquerade/>
     </zone>
    diff --git a/firewalld/zones/trusted.xml b/firewalld/zones/trusted.xml
    new file mode 100644
    index 0000000..d05e01b
    --- /dev/null
    +++ b/firewalld/zones/trusted.xml
    @@ -0,0 +1,8 @@
    +<?xml version="1.0" encoding="utf-8"?>
    +<zone target="ACCEPT">
    +  <short>Trusted</short>
    +  <description>All network connections are accepted.</description>
    +  <interface name="eth0"/>
    +  <source address="192.168.0.0/25"/>
    +  <service name="ssh"/>
    +</zone>
    Et poursuivre le suivi.

    :-)

  • jeudi matin (TZ:Europe/Paris), ça va mieux mais...

    LOGWATCH Summary
    
             Logwatch Version: 7.4.1 (01/06/16)
             Processing Initiated: Thu Feb 11 10:14:18 2016
             Date Range Processed: today
                                   ( 2016-Feb-11 )
                                   Period is day.
             Detail Level of Output: 0
             Type of Output/Format: file / html
             Logfiles for Host: freedombox

    Aucune section Authentication Failures dans la partie sshd

    :-) mais :

    httpd
    
       Requests with error response codes
         400 Bad Request
            vip163mx01.mxmail.netease.com:25: 1 Time(s)
         401 Unauthorized
            /ikiwiki-auth/doutes/ikiwiki.cgi?do=postsignin: 1 Time(s)
         403 Forbidden
            /plinth: 12 Time(s)
         404 Not Found
            //myadmin/scripts/setup.php: 1 Time(s)
            //mysql/scripts/setup.php: 1 Time(s)
            //mysqladmin/scripts/setup.php: 1 Time(s)
            //phpMyAdmin/scripts/setup.php: 1 Time(s)
            //phpmyadmin/scripts/setup.php: 1 Time(s)
            //web/scripts/setup.php: 1 Time(s)
            //websql/scripts/setup.php: 1 Time(s)
            /MyAdmin/scripts/setup.php: 1 Time(s)
            /favicon.ico: 1 Time(s)
            /index.php: 1 Time(s)
            /muieblackcat: 1 Time(s)
            /myadmin/scripts/setup.php: 1 Time(s)
            /phpMyAdmin/scripts/setup.php: 1 Time(s)
            /phpmyadmin/scripts/setup.php: 1 Time(s)
            /pma/scripts/setup.php: 1 Time(s)
            /w00tw00t.at.blackhats.romanian.anti-sec:): 1 Time(s)
  • Prochaine intention : restreindre l'accessibilité de /plinth/ aux sources 192.168.0.0/25 et 10.42.0.0/16 TODO:[d:asap]!!!

Changement, évolution DNS

La "prestation" DNS fournis par le FAI-Free prête à confusion entre "sous-domaine" et "hôte".freeboxos.fr.

Je choisi :

  • le nom d'hôte fbx-m1m du domaine freeboxos.fr
  • j'inactive XMPP(jwchat).
    fred@fbx-m1m:~$ hostname -f
    fbx-m1m.freeboxos.fr
    fred@fbx-m1m:~$ dig fbx-m1m.freeboxos.fr @10.42.0.1
    
    ; <<>> DiG 9.9.5-12.1-Debian <<>> fbx-m1m.freeboxos.fr @10.42.0.1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45531
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1280
    ;; QUESTION SECTION:
    ;fbx-m1m.freeboxos.fr.          IN      A
    
    ;; ANSWER SECTION:
    fbx-m1m.freeboxos.fr.   2217    IN      A       82.229.89.119
    
    ;; Query time: 1 msec
    ;; SERVER: 10.42.0.1#53(10.42.0.1)
    ;; WHEN: Sun Feb 14 15:10:20 CET 2016
    ;; MSG SIZE  rcvd: 65

IRC avec Quassel

  • Je suis fred1m mais je manque de coutumes IRC :(

De retour d'une semaine d'éloignement

:)

  • Presque pas de coupure de service pendant une semaine CPU_606-609.png Les torrent étaient suspendus, je note l'effet sur la consommation de RAM. Il n'y avait pas de flux wifi non plus.

  • Cependant, dès la reprise de proximité, il y a des cas de fin-de-service-sans-signalement-syslog :(

  • Je constate l'absence de configuration par défaut pour une liaison "console", la solution utilisée fonctionne sans écran ni clavier. Je souhaite établir une tty via la liaison USB_OTG (À Faire :) )

Dans le doute, je mets en cause...

...sans certitude, le pilote non-free nécessaire au fonctionnement de l'attachement wifi trop vite choisi :(

Je suivrais les recommandations lors d'une prochaine opportunité d'achat, dans l'attente je fixe une tâche quotidienne de redémarrage.


note(s) de bas de page