Une mise en œuvre du projet FreedomBox avec un matériel (presque<>) libre et un FAI<>. Ceci est un humble témoignage d'un cas d'utilisation (!EndUser). Je '''remercie''' et je salue bien bas les excellents contributeurs du projet FreedomBox<>. <> = Ressouces, documents = == Choix et achats == * FreedomBox (le projet) * [[FreedomBox/Hardware]] (le matériel proposé) * [[FreedomBox/Hardware/A20-OLinuXino-Lime2]] (le matériel reçu de Bulgarie) * [[https://fr.wikipedia.org/wiki/Allwinner_A2X|AllWinner A20]] * [[https://fr.wikipedia.org/wiki/OLinuXino|Selon Wikipédia (l'article Olimex est manquant (16/1/2016 TÀF?)]] * [[https://www.olimex.com/wiki/A20-OLinuXino-LIME2#I_don.27t_have_neither_serial_cable.2C_nor_HDMI_monitor._I_also_can.27t_access_the_local_Ethernet_network._Can_I_somehow_access_the_board_anyway.3F|Liaison "console" USB_OTG_@IP pour ssh]] * [[http://linux-sunxi.org/USB_Gadget|USB Gadget, "ip / usb0" (USB_OTG)]] * [[http://www.oshwa.org/definition/french/|Open Source Hardware (OSHW) Déclaration de Principes (fr)]] == Premières mises sous tension == * [[http://lynx.invisible-island.net/|Lynx-cur comme www-browser (invisible-island :-)]] * [[https://wiki.debian.org/InstallingDebianOn/Allwinner|Debian - Allwinner]] ---- * [[FreedomBox/Hardware/Debian]] (le paquet freedombox) * [[fr/FreedomBox/Manuel/DemarrageRapide|Prise en main rapide]] * [[FreedomBox/Manual/SecureShell|Dans la situation: sans écran ni clavier]] == Seconde stratégie == * [[https://wiki.debian.org/FreedomBox/Download|Changement de méthode]] * [[http://www.cs.unb.ca/~bremner//blog/posts/bootable-usb/|switch to system-nspawn]] * [[fr/LVM]] ---- * FreedomboxHomeTest == Entretenir == * [[https://packages.debian.org/stretch/serverstats|Des courbes RRDTool sans "monstres" (cacti, munin)]] * [[https://www.debian.org/doc/manuals/debian-reference/ch02.fr.html#_tweaking_candidate_version|testing vs sid]] * [[fr/HowToIdentifyADevice]] (À mettre à jour ?) * [[https://packages.debian.org/stretch/lshw]] = Tentative "une" = '''sans succès'''. La version de Debian fournis par Olimex et mon expérience ont induit un abandon de cette voie (installation du paquet `freedombox-setup` à partir d'un GNU/Linux Debian ''nouvellement installé'') == État des lieux à la livraison == * Côté "console" (USB_OTG) {{{ fred@pyxtwo:~$ sudo ifconfig usb0 192.168.2.200 fred@pyxtwo:~$ ssh olimex@192.168.2.1 }}} {{{ olimex@OLinuXino-A20:~$ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 8.1 (jessie) Release: 8.1 Codename: jessie }}} {{{ olimex@OLinuXino-A20:~$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2 ext4 rw,relatime,data=ordered |-/dev devtmpfs devtmpfs rw,relatime,size=448624k,nr_inodes=112156,mode=755 | |-/dev/shm tmpfs tmpfs rw,nosuid,nodev | `-/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 |-/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime | |-/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime | |-/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 | | |-/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd | | |-/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset | | |-/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu | | |-/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory | | |-/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices | | |-/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer | | |-/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio | | `-/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event | |-/sys/kernel/debug debugfs debugfs rw,relatime | |-/sys/fs/fuse/connections fusectl fusectl rw,relatime | `-/sys/kernel/config configfs configfs rw,relatime |-/proc proc proc rw,nosuid,nodev,noexec,relatime | `-/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct |-/run tmpfs tmpfs rw,nosuid,nodev,mode=755 | |-/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k | `-/run/user/1001 tmpfs tmpfs rw,nosuid,nodev,relatime,size=89748k,mode=700,uid=1001,gid=1001 `-/media/olimex/6B4C-FFFD9 /dev/mmcblk0p1 vfat rw,nosuid,nodev,relatime,uid=1001,gid=1001,fmask=0022,dmask=0022,codepage=cp437,iocharset=ascii,shortname=mixed,s }}} {{{ olimex@OLinuXino-A20:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/root 7.3G 819M 6.2G 12% / devtmpfs 439M 0 439M 0% /dev tmpfs 439M 0 439M 0% /dev/shm tmpfs 439M 12M 427M 3% /run tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 439M 0 439M 0% /sys/fs/cgroup tmpfs 88M 4.0K 88M 1% /run/user/1001 /dev/mmcblk0p1 16M 8.8M 7.3M 55% /media/olimex/6B4C-FFFD9 }}} {{{ olimex@OLinuXino-A20:~$ ip l 1: lo: mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: tunl0: mtu 1480 qdisc noop state DOWN mode DEFAULT group default link/ipip 0.0.0.0 brd 0.0.0.0 3: eth0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 72:05:ee:af:b6:4d brd ff:ff:ff:ff:ff:ff 4: usb0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 8e:1c:d2:e1:29:52 brd ff:ff:ff:ff:ff:ff 5: wlan0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:e1:80:40:57:97 brd ff:ff:ff:ff:ff:ff }}} == 602.sa-di == * LAN {{{ fred@pyxtwo:~$ ip r default via 192.168.0.254 dev wlan0 proto static metric 600 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.36 metric 600 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown {{{ {{{ fred@pyxtwo:~$ sudo arp -vna Mot de passe [sudo] de fred : ? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on wlan0 ? (192.168.0.184) at 66:82:c8:9a:ba:54 [ether] on wlan0 Entrées: 2 Ignorées: 0 Trouvées: 2 }}} La console ''Freebox'' corrobore l'adresse MAC (66:82:c8:9a:ba:54). * Après `upgrade` ; `tzdata` ; `install ntp` {{{ fred@OLinuXino-A20:~$ id uid=1000(fred) gid=1000(fred) groups=1000(fred),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),44(video),46(plugdev),100(users),997(i2c),998(spi) fred@OLinuXino-A20:~$ uptime 11:41:57 up 28 min, 1 user, load average: 1,57, 1,26, 0,95 fred@OLinuXino-A20:~$ lsb_release -d Description: Debian GNU/Linux testing (stretch) fred@OLinuXino-A20:~$ uname -a Linux OLinuXino-A20 3.4.103-00033-g9a1cd03-dirty #17 SMP PREEMPT Tue Sep 8 11:01:09 EEST 2015 armv7l GNU/Linux fred@OLinuXino-A20:~$ date samedi 16 janvier 2016, 11:42:48 (UTC+0100) fred@OLinuXino-A20:~$ ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== 0.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 1.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 2.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 3.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.001 +195.154.41.195 195.13.23.5 3 u 29 64 3 33.027 39.436 33.586 +62.210.28.176 84.255.209.79 4 u 25 64 3 25.876 30.049 37.097 +213.186.36.183 145.238.203.14 2 u 25 64 3 29.143 33.524 36.503 -78.192.88.115 145.238.203.14 2 u 19 64 3 24.722 29.918 37.526 +91.121.154.183 145.238.203.10 3 u 23 64 3 31.491 31.962 36.920 +213.154.229.24 192.36.144.23 2 u 24 64 3 39.612 33.782 37.000 +5.196.160.139 10.21.137.1 2 u 24 64 3 27.146 32.401 38.059 +37.187.109.209 138.96.64.10 2 u 25 64 3 28.273 31.775 36.200 -178.23.121.164 192.53.103.104 2 u 23 64 3 48.285 37.647 35.921 *212.83.179.156 138.96.64.10 2 u 23 64 3 26.236 32.233 34.638 }}} * C/S ssh {{{ fred@OLinuXino-A20:~$ sudo arp -na [sudo] password for fred: ? (192.168.0.254) at f4:ca:e5:44:31:21 [ether] on eth0 ? (192.168.0.36) at 0c:d2:92:6e:82:7d [ether] on eth0 fred@OLinuXino-A20:~$ w 11:56:32 up 43 min, 1 user, load average: 1,00, 1,01, 0,97 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT fred pts/0 192.168.0.36 11:36 8.00s 0.29s 0.04s w }}} * locales {{{ fred@OLinuXino-A20:~$ sudo apt-get --reinstall install locales Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded. Need to get 3 323 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://ftp.fr.debian.org/debian testing/main armhf locales all 2.21-6 [3 323 kB] Fetched 3 323 kB in 7s (431 kB/s) Preconfiguring packages ... (Reading database ... 37318 files and directories currently installed.) Preparing to unpack .../locales_2.21-6_all.deb ... Unpacking locales (2.21-6) over (2.21-6) ... Processing triggers for man-db (2.7.5-1) ... Setting up locales (2.21-6) ... Generating locales (this might take a while)... fr_FR.UTF-8...locale alias file `/usr/share/locale/locale.alias' not found: No such file or directory done Generation complete. }}} Il reste un problème... * paquet olimex-tools à retrouver... {{{ fred@OLinuXino-A20:~$ sudo apt-get -s purge locales libc-l10n Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: dialog Use 'sudo apt autoremove' to remove it. The following packages will be REMOVED: libc-l10n* locales* olimex-tools* 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. Purg olimex-tools [1.0] Purg locales [2.21-6] Purg libc-l10n [2.21-6] fred@OLinuXino-A20:~$ dpkg -L olimex-tools /. /usr /usr/bin /usr/bin/a10_display /usr/bin/change_display.sh /usr/bin/devmem /usr/bin/netcardconfig /usr/bin/wlcardconfig /usr/bin/olimex-config }}} = Tentative "deux" = '''Avec succès''' * ''à faire'' : inclure traces commandes `dd` == Passage par image téléchargée == * ouf (soupir) ! {{{ fred@pyxtwo:~$ ssh fred@192.168.0.20 The authenticity of host '192.168.0.20 (192.168.0.20)' can't be established. ECDSA key fingerprint is SHA256:mQNuPPxekVe7xLDa0UWVn+Wl/H8wAjePgK2gWI4xghA. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.20' (ECDSA) to the list of known hosts. fred@192.168.0.20's password: Creating directory '/home/fred'. .--._ _.--. ( \ / ) \ /\ / \_ \/ _/ / \ ( /\ ) `--' `--' FreedomBox FreedomBox is a pure blend of Debian GNU/Linux. FreedomBox manual is available in /usr/share/doc/plinth. The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. fred@freedombox:~$ date dimanche 17 janvier 2016, 15:34:20 (UTC+0000) }}} * un meilleur noyau {{{ fred@freedombox:~$ uname -a Linux freedombox 4.2.0-1-armmp-lpae #1 SMP Debian 4.2.6-3 (2015-12-06) armv7l GNU/Linux fred@freedombox:~$ date lundi 18 janvier 2016, 16:11:31 (UTC+0100) }}} == Activation et essais de quelques applications == * Network (wifi avec `firmware-misc-nonfree`) * ikiwiki * mumble * AP sur canal 3 * IHM web ''À décrire.'' == Préparation LVM == * Volume Physique (PV) {{{ Disk /dev/sda: 465,8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes fred@freedombox:~$ pvdisplay -bash: pvdisplay : commande introuvable fred@freedombox:~$ sudo pvdisplay fred@freedombox:~$ sudo pvcreate /dev/sda allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support. Falling back to native LVM signature detection. Physical volume "/dev/sda" successfully created fred@freedombox:~$ sudo pvdisplay "/dev/sda" is a new physical volume of "465,76 GiB" --- NEW Physical volume --- PV Name /dev/sda VG Name PV Size 465,76 GiB Allocatable NO PE Size 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID MdGBd2-ebx1-6o6y-ltF6-8hPa-kMEO-fpm40M }}} === Porter le contenu de /var/lib === Pour suivre le ''design'' FreedomBox. * VG {{{ fred@freedombox:~$ sudo vgcreate ddsata /dev/sda Volume group "ddsata" successfully created fred@freedombox:~$ sudo vgdisplay --- Volume group --- VG Name ddsata System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 465,76 GiB PE Size 4,00 MiB Total PE 119234 Alloc PE / Size 0 / 0 Free PE / Size 119234 / 465,76 GiB VG UUID 9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa }}} * LV {{{ fred@freedombox:~$ sudo lvcreate -n varlib -L 200g ddsata allocation/use_blkid_wiping=1 configuration setting is set while LVM is not compiled with blkid wiping support. Falling back to native LVM signature detection. Logical volume "varlib" created. fred@freedombox:~$ sudo lvdisplay --- Logical volume --- LV Path /dev/ddsata/varlib LV Name varlib VG Name ddsata LV UUID 1FLvL1-4w3z-XJL3-YTqy-eA03-fVkt-THhFUC LV Write Access read/write LV Creation host, time freedombox, 2016-01-18 17:40:45 +0100 LV Status available # open 0 LV Size 200,00 GiB Current LE 51200 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 254:0 }}} {{{ fred@freedombox:~$ sudo lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert varlib ddsata -wi-a----- 200,00g }}} * reprendre éléments du fichier-script.log * après `reboot` {{{ fred@freedombox:~/603traces$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ └─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126433,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var/lib /dev/mapper/ddsata-varlib ext4 rw,relatime,errors=remount-ro,data=ordered fred@freedombox:~/603traces$ sudo lvs [sudo] password for fred: LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert varlib ddsata -wi-ao---- 200,00g }}} * Quelques essais positifs * ikiwi * diag-tor * IHM-web == Application "tor" == * activation via IHM-web {{{ Installation Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ? Paquet Sommaire obfs4proxy pluggable transport proxy for Tor, implementing obfs4 apt-transport-tor APT transport for anonymous package downloads via Tor tor-geoipdb GeoIP database for Tor tor anonymizing overlay network for TCP torsocks use SOCKS-friendly applications with Tor }}} * accès au service en ".onion" avec succès :-) == ownCloud == * avant activation {{{ fred@freedombox:~$ df -h Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,2M 198M 2% /run /dev/mmcblk0p2 3,7G 1,6G 1,8G 48% / tmpfs 502M 0 502M 0% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 3,7G 1,6G 1,8G 48% /btrfs /dev/mmcblk0p1 113M 31M 76M 29% /boot /dev/mapper/ddsata-varlib 197G 219M 187G 1% /var/lib tmpfs 101M 0 101M 0% /run/user/10000 }}} * activation (IHM-web) {{{ Cette fonction requiert un paquet additionnel. Voulez-vous l'installer ? Paquet Sommaire php5-pgsql PostgreSQL module for php5 owncloud cloud storage for files, music, contacts, calendars and many more postgresql object-relational SQL database (supported version) }}} * après * `df -h` {{{ fred@freedombox:~$ df -h Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,3M 198M 2% /run /dev/mmcblk0p2 3,7G 1,9G 1,6G 56% / tmpfs 502M 4,0K 502M 1% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 3,7G 1,9G 1,6G 56% /btrfs /dev/mmcblk0p1 113M 31M 76M 29% /boot /dev/mapper/ddsata-varlib 197G 268M 187G 1% /var/lib tmpfs 101M 0 101M 0% /run/user/10000 }}} * `pg_lsclusters` {{{ fred@freedombox:~$ pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 9.5 main 5432 online postgres /var/lib/postgresql/9.5/main /var/log/postgresql/postgresql-9.5-main.log }}} = État d'avancement = {{{ fred@freedombox:~$ date ; uptime jeudi 21 janvier 2016, 10:07:02 (UTC+0100) 10:07:02 up 1 day, 18:18, 1 user, load average: 0,00, 0,01, 0,05 }}} Bonnes sensations dans l'ensemble. == À reconsidérer == * FS {{{ fred@freedombox:~$ findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ └─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126433,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var/lib /dev/mapper/ddsata-varlib ext4 rw,relatime,errors=remount-ro,data=ordered }}} * mais... {{{ janv. 19 15:39:40 freedombox systemd[1]: var-lib.mount: Directory /var/lib to mount over is not empty, mounting anyway. }}} * SATA {{{ janv. 19 15:39:40 freedombox kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [...] janv. 19 15:39:40 freedombox kernel: xor: using function: arm4regs (1254.000 MB/sec) }}} * microSD {{{ janv. 19 15:39:40 freedombox kernel: Btrfs loaded janv. 19 15:39:40 freedombox kernel: BTRFS: device fsid 2bb9a7a0-a166-41af-b18f-1ce05351aa7d devid 1 transid 1317 /dev/mmcblk0p2 janv. 19 15:39:40 freedombox kernel: BTRFS info (device mmcblk0p2): disk space caching is enabled janv. 19 15:39:40 freedombox kernel: BTRFS: has skinny extents janv. 19 15:39:40 freedombox kernel: BTRFS: detected SSD devices, enabling SSD mode }}} * projet nouvelle version de `/etc/fstab` avec deux `LV` pour `/usr` et `/var` et abandon `LV varlib` (à l'étude)... * après tentative sans succès, le "déplacement" de `/usr` était une mauvaise idée. == Période d'observation == === je.28/1/6 === {{{ fred@freedombox:~$ date ; uptime jeudi 28 janvier 2016, 10:34:24 (UTC+0100) 10:34:24 up 11:18, 1 user, load average: 3,11, 3,07, 3,05 }}} Beaucoup de charge CPU, trois processus "apache2" en "boucle" détruits. Hypothèse d'origine : l'application web abandonne des processus ? * `fred@freedombox:~$ systemctl -l status apache2.service` {{{ ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Active: active (running) since mer. 2016-01-27 23:16:13 CET; 11h ago Docs: man:systemd-sysv-generator(8) Process: 5748 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS) Process: 871 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) CGroup: /system.slice/apache2.service ├─1045 /usr/sbin/apache2 -k start ├─5794 /usr/sbin/apache2 -k start ├─5795 /usr/sbin/apache2 -k start ├─5796 /usr/sbin/apache2 -k start ├─5797 /usr/sbin/apache2 -k start └─5798 /usr/sbin/apache2 -k start janv. 27 23:16:03 freedombox systemd[1]: Starting LSB: Apache2 web server... janv. 27 23:16:09 freedombox apache2[871]: Starting web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message janv. 27 23:16:13 freedombox apache2[871]: . janv. 27 23:16:13 freedombox systemd[1]: Started LSB: Apache2 web server. janv. 28 06:25:10 freedombox systemd[1]: Reloading LSB: Apache2 web server. janv. 28 06:25:14 freedombox apache2[5748]: Reloading web server: apache2. janv. 28 06:25:14 freedombox systemd[1]: Reloaded LSB: Apache2 web server. }}} Les processus détruits à l'aide de `sudo htop` étaient actifs ''après'' le rechargement de `Apache2 web server` ! * FS * `df -h` {{{ Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur udev 10M 0 10M 0% /dev tmpfs 201M 3,3M 198M 2% /run /dev/mmcblk0p2 7,3G 1,6G 5,5G 23% / tmpfs 502M 4,0K 502M 1% /dev/shm tmpfs 5,0M 0 5,0M 0% /run/lock tmpfs 502M 0 502M 0% /sys/fs/cgroup /dev/mmcblk0p2 7,3G 1,6G 5,5G 23% /btrfs /dev/mmcblk0p1 113M 53M 55M 50% /boot /dev/mapper/ddsata-var 219G 1,8G 206G 1% /var tmpfs 101M 0 101M 0% /run/user/10000 }}} * `findmnt` {{{ TARGET SOURCE FSTYPE OPTIONS / /dev/mmcblk0p2[/@] btrfs rw,relatime,ssd,space_cache,subvolid=257,subvol=/@ ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ └─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ └─/sys/kernel/debug debugfs debugfs rw,relatime ├─/proc proc proc rw,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct ├─/dev udev devtmpfs rw,relatime,size=10240k,nr_inodes=126432,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime │ └─/dev/mqueue mqueue mqueue rw,relatime ├─/run tmpfs tmpfs rw,nosuid,relatime,size=205480k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/10000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=102740k,mode=700,uid=10000,gid=100 ├─/btrfs /dev/mmcblk0p2 btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ ├─/boot /dev/mmcblk0p1 ext2 rw,relatime,errors=remount-ro └─/var /dev/mapper/ddsata-var ext4 rw,relatime,errors=remount-ro,data=ordered }}} * `sudo lvs` {{{ LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert var ddsata -wi-ao---- 222,00g }}} Je suis satisfait par cette version du FS, il reste de l'espace pour des copies de secours (à revoir plus tard). * `sudo vgdisplay` {{{ --- Volume group --- VG Name ddsata System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 6 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 465,76 GiB PE Size 4,00 MiB Total PE 119234 Alloc PE / Size 56832 / 222,00 GiB Free PE / Size 62402 / 243,76 GiB VG UUID 9rAVRr-38WJ-6K0r-BwcU-nLNF-qA8Q-OdPNBa }}} * Les processus * `systemctl -l --no-pager status > 604je.txt` [[attachment:604je.txt]] === lu.01/2/6 === Quelques conclusions non définitives. * '''Deluge''' Trop de doute sur l'étape GUI "login/logout" et les tâches "100%CPU"-apache2. En outre, après `reboot` il n'y a pas de reprise de diffusion. :-( * J'expérimente '''Transmission''' (login type ''htaccess''). Je préfère. :-) {{attachment:605luSeeding_tails-2.0-debian-8.3.0.png}} * '''Tor''' Le port ORPort change après chaque `reboot` le réglage de la FAI-Freebox me laisse des doutes (redirection de ports). J'envisage l'essai de la ''fonction DMZ'' ('''À faire'''). {{{ grep ORPort /var/log/tor/log Feb 01 06:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 06:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 07:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:10:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:30:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Feb 01 08:50:40.000 [warn] Your server (--.---.--.---:38000) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. }}} * Tenter `reboot` FAI-Freebox sans coupure ''Freedombox'' Bonne idée ! {{{ Confirmez l'utilisation de Tor pour https://check.torproject.org sur tcp4 passed }}} Extrait ''Résultats Diagnostic'' de `plinth`. * '''serverstats''' me semble une solution simple et légère (pas de MySQL-cacti|munin), elle m’apparaît facile à bricoler (sans être un vrai ''dev'') :-) {{attachment:605RAM-luMatin.png}} * '''À faire''' : ~récapituler la mise en œuvre~ * Je modifie un peu pour voir... [[attachment:605serverstats.diff]] === je.04/2/6 === * '''Transmission''' C'est pas grand chose et un grand plaisir de participer :-) {{{ ● transmission-daemon.service - Transmission BitTorrent Daemon Loaded: loaded (/lib/systemd/system/transmission-daemon.service; enabled; vendor preset: enabled) Active: active (running) since jeu. 2016-02-04 09:23:24 CET; 10min ago Main PID: 20249 (transmission-da) Status: "Uploading 18.04 KBps, Downloading 0.62 KBps." }}} {{{ fred@freedombox:/var/lib/transmission-daemon/downloads$ du -sh * 3,8G debian-8.3.0-i386-amd64-source-DVD-1.iso 1,3G debian-live-8.3.0-amd64-gnome-desktop.iso 1,5G debian-live-8.3.0-i386-gnome-desktop.iso 1,1G tails-i386-2.0 }}} {{attachment:605je-transmission.png}} = Période de suivi = == Version ciblée : Testing == * Modifications `/etc/apt` {{attachment:605ve-apt-testing.diff}} * Vérification après `dist-upgrade` {{attachment:605ve-AQ-testing-vs-sig.txt}} == Exposition de la solution FreedomBox dans la DMZ du boîtier du FAI. == * Sans redirection de port à ajuster {{{ fred@freedombox:~$ systemctl -l status system-tor.slice ● system-tor.slice Loaded: loaded Active: active since ven. 2016-02-05 12:00:25 CET; 3h 34min ago CGroup: /system.slice/system-tor.slice └─tor@default.service ├─1900 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 └─1902 /usr/bin/obfs4proxy févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on 127.0.0.1:9053 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.954 [notice] Opening DNS listener on [::1]:9053 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.955 [notice] Opening Transparent pf/netfilter listener on [::1]:9040 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on 127.0.0.1:9051 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Control listener on /var/run/tor/control févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening OR listener on 0.0.0.0:0 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] OR listener listening on port 45715. févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.956 [notice] Opening Extended OR listener on 127.0.0.1:0 févr. 05 12:03:42 freedombox tor[1900]: Feb 05 12:03:42.957 [notice] Extended OR listener listening on port 34341. }}} Mais {{{ Feb 05 15:37:17.000 [warn] Your server (82.229.89.119:45715) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. }}} * DNS (merci FAI) :-| {{attachment:605ve-dig-DNS.txt}} Et donc, [[https://fbx-m1m.freeboxos.fr/serverstats|cela reste à voir...]] == Et bien, qu'est-ce cela ? == * samedi matin {{attachment:605sa-matin-tôt.txt}} * mardi soir {{{ Feb 9 19:36:11 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:11 freedombox sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122 user=root Feb 9 19:36:13 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:13 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:15 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:15 freedombox pam-abl[3365]: Blocking access from 78.24.223.122 to service sshd, user root Feb 9 19:36:17 freedombox sshd[3365]: Failed password for root from 78.24.223.122 port 55011 ssh2 Feb 9 19:36:18 freedombox sshd[3365]: Connection closed by 78.24.223.122 [preauth] Feb 9 19:36:18 freedombox sshd[3365]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.24.223.122 user=root }}} * Avec `logwatch` {{{ sshd: Authentication Failures: root (59.45.79.51): 1221 Time(s) root (60.173.26.173): 1023 Time(s) root (78.24.223.122): 60 Time(s) unknown (193.201.227.124): 35 Time(s) unknown (75.148.154.225): 20 Time(s) root (193.201.227.124): 16 Time(s) root (75.148.154.225): 5 Time(s) unknown (2.177.237.247): 4 Time(s) unknown (78.24.223.122): 3 Time(s) root (2.177.237.247): 2 Time(s) Invalid Users: Unknown Account: 62 Time(s) **Unmatched Entries** pam-abl: Blocking access from 193.201.227.124 to service sshd, user admin: 17 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user manager: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user operator: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user root: 11 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user support: 2 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user tech: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user test: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user ubnt: 1 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user user: 5 Time(s) pam-abl: Blocking access from 193.201.227.124 to service sshd, user webadmin: 1 Time(s) pam-abl: Blocking access from 59.45.79.51 to service sshd, user root: 1216 Time(s) pam-abl: Blocking access from 60.173.26.173 to service sshd, user root: 1018 Time(s) pam-abl: Blocking access from 75.148.154.225 to service sshd, user root: 5 Time(s) pam-abl: Blocking access from 78.24.223.122 to service sshd, user root: 60 Time(s) systemd-logind: New seat seat0.: 1 Time(s) }}} :-( * mercredi en milieu de journée, ''tant d'égaré(s) ?'' {{{ Feb 10 08:19:38 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2 Feb 10 08:19:40 freedombox sshd[30028]: Failed password for invalid user oracle from 78.24.223.122 port 32886 ssh2 Feb 10 08:31:46 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2 Feb 10 08:31:48 freedombox sshd[30292]: Failed password for invalid user paul from 78.24.223.122 port 43679 ssh2 Feb 10 08:43:39 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2 Feb 10 08:43:41 freedombox sshd[30589]: Failed password for invalid user michael from 78.24.223.122 port 50658 ssh2 Feb 10 08:55:27 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2 Feb 10 08:55:29 freedombox sshd[30869]: Failed password for invalid user alex from 78.24.223.122 port 53265 ssh2 Feb 10 09:07:19 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2 Feb 10 09:07:22 freedombox sshd[31163]: Failed password for invalid user danny from 78.24.223.122 port 47519 ssh2 Feb 10 09:19:09 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2 Feb 10 09:19:12 freedombox sshd[31471]: Failed password for invalid user kevin from 78.24.223.122 port 54508 ssh2 Feb 10 09:31:01 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2 Feb 10 09:31:04 freedombox sshd[31788]: Failed password for invalid user david from 78.24.223.122 port 47642 ssh2 Feb 10 09:42:57 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2 Feb 10 09:42:59 freedombox sshd[32110]: Failed password for invalid user michael from 78.24.223.122 port 43355 ssh2 Feb 10 09:56:20 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 09:56:22 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 09:56:24 freedombox sshd[32417]: Failed password for invalid user user from 78.24.223.122 port 60375 ssh2 Feb 10 10:08:36 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2 Feb 10 10:08:38 freedombox sshd[32685]: Failed password for invalid user test from 78.24.223.122 port 55387 ssh2 Feb 10 10:21:53 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2 Feb 10 10:21:55 freedombox sshd[568]: Failed password for invalid user tomcat from 78.24.223.122 port 40249 ssh2 Feb 10 10:33:21 freedombox sshd[869]: Failed password for invalid user tomcat from 78.24.223.122 port 50850 ssh2 Feb 10 10:46:33 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:46:35 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:46:36 freedombox sshd[1222]: Failed password for invalid user linux from 78.24.223.122 port 45831 ssh2 Feb 10 10:58:48 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2 Feb 10 10:58:50 freedombox sshd[1489]: Failed password for invalid user linux from 78.24.223.122 port 52690 ssh2 Feb 10 11:10:10 freedombox sshd[1823]: Failed password for invalid user ident from 78.24.223.122 port 33780 ssh2 Feb 10 11:21:19 freedombox sshd[2047]: Failed password for invalid user mysql from 78.24.223.122 port 37433 ssh2 Feb 10 11:34:33 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:34:35 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:34:37 freedombox sshd[2351]: Failed password for invalid user andrew from 78.24.223.122 port 60607 ssh2 Feb 10 11:46:09 freedombox sshd[2660]: Failed password for invalid user gabriel from 78.24.223.122 port 60863 ssh2 Feb 10 13:53:42 freedombox sshd[5564]: Failed password for root from 186.216.135.156 port 45057 ssh2 Feb 10 14:11:52 freedombox sshd[6008]: Failed password for invalid user admin from 186.216.135.156 port 48238 ssh2 Feb 10 14:33:03 freedombox sshd[6486]: Failed password for invalid user ubnt from 186.216.135.156 port 38352 ssh2 }}} * évolution `firewalld` [[FreedomBox/Manual/Firewall|encore merci :-)]] {{{ diff --git a/firewalld/zones/external.xml b/firewalld/zones/external.xml index e069b5b..c3d448c 100644 --- a/firewalld/zones/external.xml +++ b/firewalld/zones/external.xml @@ -3,10 +3,9 @@ External For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. - - - + + diff --git a/firewalld/zones/trusted.xml b/firewalld/zones/trusted.xml new file mode 100644 index 0000000..d05e01b --- /dev/null +++ b/firewalld/zones/trusted.xml @@ -0,0 +1,8 @@ + + + Trusted + All network connections are accepted. + + + + }}} Et poursuivre le suivi. :-) * jeudi matin (TZ:Europe/Paris), ça va mieux mais... {{{ LOGWATCH Summary Logwatch Version: 7.4.1 (01/06/16) Processing Initiated: Thu Feb 11 10:14:18 2016 Date Range Processed: today ( 2016-Feb-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: file / html Logfiles for Host: freedombox }}} Aucune section `Authentication Failures` dans la partie `sshd` :-) mais : {{{ httpd Requests with error response codes 400 Bad Request vip163mx01.mxmail.netease.com:25: 1 Time(s) 401 Unauthorized /ikiwiki-auth/doutes/ikiwiki.cgi?do=postsignin: 1 Time(s) 403 Forbidden /plinth: 12 Time(s) 404 Not Found //myadmin/scripts/setup.php: 1 Time(s) //mysql/scripts/setup.php: 1 Time(s) //mysqladmin/scripts/setup.php: 1 Time(s) //phpMyAdmin/scripts/setup.php: 1 Time(s) //phpmyadmin/scripts/setup.php: 1 Time(s) //web/scripts/setup.php: 1 Time(s) //websql/scripts/setup.php: 1 Time(s) /MyAdmin/scripts/setup.php: 1 Time(s) /favicon.ico: 1 Time(s) /index.php: 1 Time(s) /muieblackcat: 1 Time(s) /myadmin/scripts/setup.php: 1 Time(s) /phpMyAdmin/scripts/setup.php: 1 Time(s) /phpmyadmin/scripts/setup.php: 1 Time(s) /pma/scripts/setup.php: 1 Time(s) /w00tw00t.at.blackhats.romanian.anti-sec:): 1 Time(s) }}} * Prochaine intention : ''restreindre l'accessibilité de /plinth/ aux sources 192.168.0.0/25 et 10.42.0.0/16'' '''TODO:[d:asap]!!!''' == Changement, évolution DNS == La "prestation" DNS fournis par le FAI-Free prête à confusion entre "sous-domaine" et "hôte".freeboxos.fr. Je choisi : * le nom d'hôte fbx-m1m du domaine freeboxos.fr * j'inactive XMPP(jwchat). {{{ fred@fbx-m1m:~$ hostname -f fbx-m1m.freeboxos.fr fred@fbx-m1m:~$ dig fbx-m1m.freeboxos.fr @10.42.0.1 ; <<>> DiG 9.9.5-12.1-Debian <<>> fbx-m1m.freeboxos.fr @10.42.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;fbx-m1m.freeboxos.fr. IN A ;; ANSWER SECTION: fbx-m1m.freeboxos.fr. 2217 IN A 82.229.89.119 ;; Query time: 1 msec ;; SERVER: 10.42.0.1#53(10.42.0.1) ;; WHEN: Sun Feb 14 15:10:20 CET 2016 ;; MSG SIZE rcvd: 65 }}} == IRC avec Quassel == * Je suis `fred1m` mais je manque de coutumes IRC :( == De retour d'une semaine d'éloignement == :) * Presque pas de coupure de service pendant une semaine {{attachment:CPU_606-609.png}} Les `torrent` étaient suspendus, je note l'effet sur la consommation de RAM. Il n'y avait pas de flux `wifi` non plus. * Cependant, dès la reprise de proximité, il y a des cas de `fin-de-service-sans-signalement-syslog` :( * Je constate l'absence de configuration par défaut pour une liaison "console", la solution utilisée fonctionne sans écran ni clavier. Je souhaite établir une `tty` via la liaison `USB_OTG` (À Faire :) ) == Dans le doute, je mets en cause... == ...sans certitude, le pilote `non-free` nécessaire au fonctionnement de l'attachement `wifi` ''trop vite choisi'' `Ralink Technology, Corp. RT5370 Wireless Adapter` :( Je suivrais les [[FreedomBox/Hardware/USBWiFi|recommandations]] lors d'une prochaine opportunité d'achat, dans l'attente je fixe une tâche quotidienne de redémarrage. {{attachment:reboot0248.diff}} == C'est pas triste ! == Un extrait à propos de..., ''pénétrateur⋅euse⋅s'' putatif⋅ve⋅s ? {{attachment:618apache2_error.log.1.txt}} == boot.src == Pas de mise à jour "fluide" de l'amorçage après mise à jour `/boot` {{{ fred@fbx-m1m:~$ alors lundi 6 juin 2016, 13:45:52 (UTC+0200) 13:45:52 up 3:56, 1 user, load average: 0,12, 0,10, 0,13 Linux fbx-m1m 4.2.0-1-armmp-lpae #1 SMP Debian 4.2.6-3 (2015-12-06) armv7l GNU/Linux }}} Plusieurs tentatives sans succès, je suspends mes essais, je ne comprends pas les outils `flash-kernel` ou `mkimage`. J'y reviendrai... == hypothèse : sysstat à l'origine des ruptures de continuité de service ? == {{attachment:fév_mi-juin_DiscontinuitéS.png}} Je ne consultait pas les ressources fournies par `sysstat`. {{{ Start-Date: 2016-06-12 13:09:29 Commandline: apt remove sysstat Requested-By: fred (10000) Remove: sysstat:armhf (11.3.3-1) End-Date: 2016-06-12 13:10:00 }}} La période d'observation continue... Quelques heures après, une nouvelle panne, l'hypothèse ne doit pas être retenue. == Je débranche l'interface Wi-Fi (R5370) == Nouvelle période d'observation... ~-je constate que le modèle R5370 est en rupture de stock chez mon fournisseur, et que le produit proposé en stock ([[https://www.olimex.com/Products/USB-Modules/MOD-WIFI-AR9271-ANT/]]) correspont aux recommandations : "MOD-WIFI-AR9271-ANT is USB WiFi adapter which is with Open Source Linux driver and Linux Kernel build in support since Kernel 2.6.35"-~ Je vais préparer une nouvelle commande... * Également, je choisis de désactiver l'application `Quassel`. = La reprise = Après une période de "mise en panne"..., je reprends la mise en usage :) == Téléchargement + nouvelle installation == * [[https://freedombox.org/download/testing/|Une liste bien garnie]] d'images à télécharger, je choisi `A20 OLinuXino LIME2` ; * [[https://wiki.debian.org/FreedomBox/Download#Installation|la commande `dd`]] après `journalctl -f` pour repérer `/dev/mmcblk0` dans mon cas ; == Fonctionnement == * Après la finalisation d'installation (10 minutes d'attente) la création du login se passe bien :) * Je m'encourage ;) * {{attachment:850satisfaction.png}} = Nouveau matériel = Mise en œuvre d'une solution [[https://olimex.wordpress.com/2019/11/05/christmas-promotion-for-pioneer-freedombox-hsk-upgrade-to-128gb-for-eur-0-01/|XMAS Olimex Home-server]] en novembre 2019. == Fonctionnement == * Une image avec de l'information... {{attachment:948onion-share-link.png}} * À suivre... ------ ~-note(s) de bas de page-~