• Autor
  • Contato
  • AboutMe
  • ContactMe
Tchello Blog by Marcelo Moreira de Mello
  • Posts
  • Contato
  • Autor
  • Flickr
  • GPG Key
  • RSS Feed
  • Twitter
  • Facebook

fedora Archive

0

Sharing with fpaste.org

By
Marcelo Moreira de Mello
– 8 October, 2011

Howdy folks,

All of us already have ever faced some meltdown issues to dissolve regarding the IT matters. For some, the solution is taking a walk and/or prepares a chimarrão (a typical beverage) to make the ideas clear. And if the problem still persists, the deal is change an idea with a friend to try to clear the problem.

Yes! All of us already got this situation. Ok, Perhaps not everyone have had prepared a chimarrão, but what matter is that in most of the times we need to share a log, configuration file, code’s snippet, etc. Pasting those messages under MSN/gtalk/ICQ/Jabber/IRC is too inconvenient and not mentioning that the format may change making it difficult to read.

A quick way to share logs/codes not needing to perform all the procedure of open the browser, copy and past the message using sites as PasteBin.com per example, is to use the application fpaste shipped in Fedora.

The simple tool fpaste consists in a script wrote in Python (++) which uploads the text into fpaste.org and returns a fresh URL. An interesting point in my opinion is that fpaste allows customization, such as to define which language for content to get the syntax highlighted. For while the maximum stay for the shared data is up to 1 day.

notebook $> rpm -q fpaste
fpaste-0.3.7-1.fc16.noarch

Fpaste usage is quite simple. 

notebook $> fpaste  --help
Usage: fpaste [OPTION]... [FILE]...
  send text file(s), stdin, or clipboard to the http://fpaste.org/ pastebin and return the URL.

Examples:
  fpaste file1.txt file2.txt
  dmesg | fpaste
  (prog1; prog2; prog3) | fpaste
  fpaste --sysinfo -d "my laptop" --confirm
  fpaste -n codemonkey -d "problem with foo" -l python foo.py

To a better experiencing, try to create a command alias setting some options as showed below: 

notebook $> alias fpaste
alias fpaste='fpaste -n mmello -l python -x 3600'

An important funcionality we need to highlight is that we can share some information about our own box. This functionality is very important in moments when we need help with that sound/wifi driver that is not working. 

notebook $> fpaste --sysinfo --confirm
Gathering system info...........................

=== fpaste 0.3.7 System Information (fpaste --sysinfo) ===
* OS Release (lsb_release -ds):
     "Fedora release 16 (Verne)"

* Kernel (uname -r ; cat /proc/cmdline):
     3.1.0-0.rc8.git0.1.fc16.x86_64
     BOOT_IMAGE=/vmlinuz-3.1.0-0.rc8.git0.1.fc16.x86_64 root=/dev/mapper/vg_notebook-lv_root ro rhgb quiet rd.md=0 rd.dm=0 rd.lvm.lv=vg_notebook/lv_swap SYSFONT=latarcyrheb-sun16 rd.luks=0 rd.lvm.lv=vg_notebook/lv_root KEYTABLE=us-acentos LANG=en_US.UTF-8

* Smolt Profile URL:
     N/A

* Desktop(s) Running (ps -eo comm= | egrep '(gnome-session|kdeinit|xfce.?-session|fluxbox|blackbox|hackedbox|ratpoison|enlightenment|icewm-session|od-session|wmaker|wmx|openbox-lxde|openbox-gnome-session|openbox-kde-session|mwm|e16|fvwm|xmonad|sugar-session)' ):
     xfce4-session

* Desktop(s) Installed (ls -m /usr/share/xsessions/ | sed 's/\.desktop//g' ):
     gnome, xfce

* SELinux Status (sestatus):
     SELinux status:                 enabled
     SELinuxfs mount:                /sys/fs/selinux
     Current mode:                   enforcing
     Mode from config file:          enforcing
     Policy version:                 26
     Policy from config file:        targeted

* SELinux Error Count (failed: "selinuxenabled && (grep avc: /var/log/messages; ausearch -m avc -ts today)2>/dev/null|egrep -o "comm=\"[^ ]+"|sort|uniq -c|sort -rn"):
     N/A

* CPU Model (grep 'model name' /proc/cpuinfo | awk -F: '{print $2}' | uniq -c | sed -re 's/^ +//' ):
     2  Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz

* 64-bit Support (grep -q ' lm ' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Hardware Virtualization Support (egrep -q '(vmx|svm)' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Load average (uptime):
      00:00:19 up  2:15,  2 users,  load average: 0.02, 0.03, 0.05

* Memory usage (free -m):
                  total       used       free     shared    buffers     cached
     Mem:          3915       3704        210          0         32       3027
     -/+ buffers/cache:        644       3270
     Swap:         5951         24       5927

* Top 5 CPU hogs (ps axuScnh | awk '$2!=4785' | sort -rnk3 | head -5):
            0     1 18.3  0.6  57952 24696 ?        Ss   Oct08  24:50 systemd
         1000  3761  2.0  2.9 2990424 119472 ?      Sl   Oct08   0:55 rhythmbox
            0  1296  1.8  0.5 133656 20220 tty1     Ss+  Oct08   2:26 Xorg
         1000  1762  1.4  0.1 253864  7596 ?        Sl   Oct08   1:56 xfce4-session
         1000  4079  1.1  0.1 119568  5148 pts/0    Ss   Oct08   0:15 bash

* Top 5 Memory hogs (ps axuScnh | sort -rnk4 | head -5):
         1000  3761  2.0  2.9 2990424 119472 ?      Sl   Oct08   0:55 rhythmbox
         1000  1802  0.0  1.1 1585400 44800 ?       Ssl  Oct08   0:04 dropbox
         1000  2251  0.0  0.7 981264 28576 ?        Sl   Oct08   0:00 e-calendar-fact
            0     1 18.3  0.6  57952 24696 ?        Ss   Oct08  24:50 systemd
         1000  1821  0.0  0.5 557828 23188 ?        Sl   Oct08   0:02 tracker-store

* Disk space usage (df -hT):
     Filesystem                                            Type      Size  Used Avail Use% Mounted on
     rootfs                                                rootfs     34G  6.7G   27G  21% /
     devtmpfs                                              devtmpfs  1.9G     0  1.9G   0% /dev
     tmpfs                                                 tmpfs     2.0G  2.2M  2.0G   1% /dev/shm
     tmpfs                                                 tmpfs     2.0G   47M  1.9G   3% /run
     /dev/mapper/vg_notebook-lv_root                       ext4       34G  6.7G   27G  21% /
     tmpfs                                                 tmpfs     2.0G   47M  1.9G   3% /run
     tmpfs                                                 tmpfs     2.0G     0  2.0G   0% /sys/fs/cgroup
     tmpfs                                                 tmpfs     2.0G     0  2.0G   0% /media
     /dev/sda1                                             ext4      485M   79M  381M  18% /boot
     /dev/mapper/luks-c24525fe-40a9-4839-81fd-da2b11355741 ext4      107G   32G   71G  31% /home

* Block devices (failed: "blkid" AND "/sbin/blkid"):
     N/A

* PCI devices (lspci):
     00:00.0 Host bridge: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub (rev 07)
     00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 07)
     00:02.1 Display controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 07)
     00:03.0 Communication controller: Intel Corporation Mobile 4 Series Chipset MEI Controller (rev 07)
     00:03.3 Serial controller: Intel Corporation Mobile 4 Series Chipset AMT SOL Redirection (rev 07)
     00:19.0 Ethernet controller: Intel Corporation 82567LM Gigabit Network Connection (rev 03)
     00:1a.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 (rev 03)
     00:1a.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 (rev 03)
     00:1a.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 (rev 03)
     00:1a.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 (rev 03)
     00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
     00:1c.0 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 (rev 03)
     00:1c.1 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 2 (rev 03)
     00:1c.3 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 4 (rev 03)
     00:1c.4 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 5 (rev 03)
     00:1d.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 (rev 03)
     00:1d.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 (rev 03)
     00:1d.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 (rev 03)
     00:1d.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 (rev 03)
     00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 93)
     00:1f.0 ISA bridge: Intel Corporation ICH9M-E LPC Interface Controller (rev 03)
     00:1f.2 SATA controller: Intel Corporation ICH9M/M-E SATA AHCI Controller (rev 03)
     00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 03)
     03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection
     15:00.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev ba)
     15:00.1 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller (rev 04)

* USB devices (lsusb):
     Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 001 Device 003: ID 22b8:41d9 Motorola PCS Droid/Milestone

* DRM Information (failed: "grep drm /var/log/dmesg"):
     N/A

* Xorg modules (grep LoadModule /var/log/Xorg.0.log | cut -d \" -f 2 | xargs):
     extmod dbe glx record dri dri2 intel vesa fbdev fbdevhw fb dri2 evdev synaptics

* GL Support (failed: "glxinfo | egrep "OpenGL version|OpenGL renderer""):
     N/A

* Xorg errors (failed: "grep '^\[.*(EE)' /var/log/Xorg.0.log"):
     N/A

* Kernel buffer tail (dmesg | tail):
     [ 8072.808666] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8072.813066] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8082.054768] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:84:2b:2b:7c:5c:31:08:00 SRC=172.16.69.2 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8082.055204] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:84:2b:2b:7c:5c:31:08:00 SRC=172.16.69.2 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8090.981265] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:f2:08:d2:08:00 SRC=172.16.69.20 DST=255.255.255.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=35624 PROTO=UDP SPT=17500 DPT=17500 LEN=127
     [ 8090.981970] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:f2:08:d2:08:00 SRC=172.16.69.20 DST=172.16.69.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=53261 PROTO=UDP SPT=17500 DPT=17500 LEN=127
     [ 8096.243782] NEGADO: IN=eth0 OUT= MAC=01:00:5e:00:00:01:68:7f:74:2b:eb:c0:08:00 SRC=172.16.69.254 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
     [ 8102.846392] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8102.847085] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129 

* Last few reboots (last -x -n10 reboot runlevel):
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Sat Oct  8 21:45 - 00:00  (02:14)
     reboot   system boot  3.1.0-0.rc8.git0 Sat Oct  8 21:45 - 00:00  (02:15)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Fri Oct  7 14:40 - 22:35  (07:54)
     reboot   system boot  3.1.0-0.rc8.git0 Fri Oct  7 14:39 - 22:35  (07:55)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 22:35 - 00:56  (02:21)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 22:34 - 00:56  (02:21)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 13:28 - 22:35  (09:07)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 13:27 - 00:56  (11:28)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 12:28 - 12:49  (00:21)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 12:28 - 12:49  (00:21)    

     wtmp begins Sat Sep 10 11:04:31 2011

* YUM Repositories (yum -C repolist):
     Loaded plugins: downloadonly, fastestmirror, langpacks, presto, refresh-
                   : packagekit
     repo id                       repo name                                   status
     brew                          Brew Buildsystem for Fedora 16 - x86_64          4
     fedora                        Fedora 16 - x86_64                          24,906
     fedora-debuginfo              Fedora 16 - x86_64 - Debug                   5,639
     google-chrome                 google-chrome                                    3
     google-earth                  google-earth                                     1
     google-talkplugin             google-talkplugin                                1
     rpmfusion-free-rawhide        RPM Fusion for Fedora Rawhide - Free           394
     rpmfusion-nonfree-rawhide     RPM Fusion for Fedora Rawhide - Nonfree        164
     updates-debuginfo             Fedora 16 - x86_64 - Updates - Debug             0
     updates-testing               Fedora 16 - x86_64 - Test Updates            6,541
     updates-testing-debuginfo     Fedora 16 - x86_64 - Test Updates Debug      1,196
     repolist: 38,849

* YUM Extras (yum -C list extras):
     Loaded plugins: downloadonly, fastestmirror, langpacks, presto, refresh-
                   : packagekit
     Extra Packages
     clutter-gesture.x86_64    0.0.2-2.fc13             @koji-override-0/$releasever
     clutter-imcontext.x86_64  0.1.6-4.fc15             @koji-override-0/$releasever
     kernel.x86_64             3.1.0-0.rc6.git0.3.fc16  @updates-testing
     kernel.x86_64             3.1.0-0.rc8.git0.0.fc16  @updates-testing
     kernel-devel.x86_64       3.1.0-0.rc6.git0.3.fc16  @updates-testing
     kernel-devel.x86_64       3.1.0-0.rc8.git0.0.fc16  @updates-testing
     lastfm.x86_64             1.4.2.58240-6.fc11       @rpmfusion-free-rawhide
     nautilus-dropbox.x86_64   0.6.9-1.fc10             @/nautilus-dropbox-0.6.9-1.fedora.x86_64
     opera.x86_64              2:11.51-1087             installed
     pygobject3.x86_64         3.0.1-1.fc16             @updates-testing
     selinux-policy.noarch     3.10.0-36.fc16           @updates-testing
     selinux-policy-targeted.noarch
                               3.10.0-36.fc16           @updates-testing
     skype.i586                2.2.0.35-fc10            @/skype-2.2.0.35-fedora.i586 

* Last 20 packages installed (rpm -qa --nodigest --nosignature --last | head -20):
     iptraf-3.0.1-11.fc15                          Sat 08 Oct 2011 10:37:55 PM BRT
     cups-libs-1.5.0-14.fc16                       Fri 07 Oct 2011 03:43:42 PM BRT
     qt-x11-4.8.0-0.12.20111002.fc16               Fri 07 Oct 2011 03:43:41 PM BRT
     qt-4.8.0-0.12.20111002.fc16                   Fri 07 Oct 2011 03:43:38 PM BRT
     glib2-2.30.0-2.fc16                           Fri 07 Oct 2011 03:43:35 PM BRT
     system-config-date-1.9.66-1.fc16              Fri 07 Oct 2011 03:43:32 PM BRT
     google-chrome-beta-15.0.874.83-104223         Fri 07 Oct 2011 03:43:17 PM BRT
     postgresql-jdbc-9.1.901-1.fc16.1              Fri 07 Oct 2011 03:43:10 PM BRT
     tftp-5.1-1.fc16                               Fri 07 Oct 2011 03:43:09 PM BRT
     tftp-server-5.1-1.fc16                        Fri 07 Oct 2011 03:43:06 PM BRT
     biosdevname-0.3.11-5.fc16                     Fri 07 Oct 2011 03:43:06 PM BRT
     stunnel-4.44-1.fc16                           Fri 07 Oct 2011 03:43:05 PM BRT
     telepathy-salut-0.5.2-1.fc16                  Fri 07 Oct 2011 03:43:04 PM BRT
     qemu-img-0.15.0-5.fc16                        Fri 07 Oct 2011 03:43:03 PM BRT
     telepathy-mission-control-5.9.3-1.fc16        Fri 07 Oct 2011 03:43:02 PM BRT
     gnome-color-manager-3.2.0-3.fc16              Fri 07 Oct 2011 03:43:00 PM BRT
     libmx-1.3.2-1.fc16                            Fri 07 Oct 2011 03:42:59 PM BRT
     clutter-gst-1.4.2-1.fc16                      Fri 07 Oct 2011 03:42:58 PM BRT
     net-snmp-utils-5.7.1-2.fc16                   Fri 07 Oct 2011 03:42:57 PM BRT
     net-snmp-python-5.7.1-2.fc16                  Fri 07 Oct 2011 03:42:57 PM BRT

OK to send? [y/N]: y
Uploading (16.7KiB)...

http://fpaste.org/QL1G/

notebook $>

Screenshot for fpaste:

Tchê, that’s all folks! Simple and easy!! And please, do not past anymore log/code into your friend’s IM. See you guys!!

Tweet
Tags: fedora, fpaste, linux, Posts
1

Compartilhe com fpaste.org

By
Marcelo Moreira de Mello
– 8 October, 2011

Olá,

Todos nós já passamos por aquele problema “cabeludo” e complicado de ser resolvido, não?! Para alguns a solução é dar uma volta e/ou cevar um novo chimarrão com alecrim para clarear as ideias :) E se mesmo assim o problema persistir, o esquema é então trocar uma ideia com um amigo para tentar clarear o problema.

Sim! Todos nós já passamos por tal situação. OK, talvez nem todos tenham cevado um chimarrão, mas o que importa é que na maioria das vezes precisamos compartilhar um log, arquivo de configuração, trecho de código, etc e colar essas mensagens via MSN/gtalk/ICQ/Jabber/IRC o que é um tanto quanto incoveniente sem contar que a formatação pode ser alterada, dificultando a leitura.

Uma maneira rápida de compartilhar logs/códigos sem precisar realizar todo o procedimento de abrir o browser, copiar e colar a mensagem utilizando sites como o PasteBin.com por exemplo, é utilizar o aplicativo fpaste no Fedora.

A simples ferramenta fpaste consiste em um script em Python(++) que envia o texto para o site fpaste.org retornando a URL recém gerada. Um ponto interessante em minha opinião é que a ferramenta permite a customização, como por exemplo definir a linguagem do trecho de texto compartilhado que irá receber a respectiva syntax highlighting. Por enquanto a permanência máxima para os dados compartilhados é de no máximo 1 dia. 

notebook $> rpm -q fpaste
fpaste-0.3.7-1.fc16.noarch

A utilização do script é bem simples. 

notebook $> fpaste  --help
Usage: fpaste [OPTION]... [FILE]...
  send text file(s), stdin, or clipboard to the http://fpaste.org/ pastebin and return the URL.

Examples:
  fpaste file1.txt file2.txt
  dmesg | fpaste
  (prog1; prog2; prog3) | fpaste
  fpaste --sysinfo -d "my laptop" --confirm
  fpaste -n codemonkey -d "problem with foo" -l python foo.py

Para facilitar na customização da ferramenta sugiro a criação de um alias de comando definindo algumas preferências: 

notebook $> alias fpaste
alias fpaste='fpaste -n mmello -l python -x 3600'

Um funcionalidade que precisa ser destadaca é que podemos compartilhar algumas informações sobre o sistema utilizado. Funcionalidade essa muito interessante em momentos que precisamos de ajuda com aquele driver de som/wifi que não está funcionando. 

notebook $> fpaste --sysinfo --confirm
Gathering system info...........................

=== fpaste 0.3.7 System Information (fpaste --sysinfo) ===
* OS Release (lsb_release -ds):
     "Fedora release 16 (Verne)"

* Kernel (uname -r ; cat /proc/cmdline):
     3.1.0-0.rc8.git0.1.fc16.x86_64
     BOOT_IMAGE=/vmlinuz-3.1.0-0.rc8.git0.1.fc16.x86_64 root=/dev/mapper/vg_notebook-lv_root ro rhgb quiet rd.md=0 rd.dm=0 rd.lvm.lv=vg_notebook/lv_swap SYSFONT=latarcyrheb-sun16 rd.luks=0 rd.lvm.lv=vg_notebook/lv_root KEYTABLE=us-acentos LANG=en_US.UTF-8

* Smolt Profile URL:
     N/A

* Desktop(s) Running (ps -eo comm= | egrep '(gnome-session|kdeinit|xfce.?-session|fluxbox|blackbox|hackedbox|ratpoison|enlightenment|icewm-session|od-session|wmaker|wmx|openbox-lxde|openbox-gnome-session|openbox-kde-session|mwm|e16|fvwm|xmonad|sugar-session)' ):
     xfce4-session

* Desktop(s) Installed (ls -m /usr/share/xsessions/ | sed 's/\.desktop//g' ):
     gnome, xfce

* SELinux Status (sestatus):
     SELinux status:                 enabled
     SELinuxfs mount:                /sys/fs/selinux
     Current mode:                   enforcing
     Mode from config file:          enforcing
     Policy version:                 26
     Policy from config file:        targeted

* SELinux Error Count (failed: "selinuxenabled && (grep avc: /var/log/messages; ausearch -m avc -ts today)2>/dev/null|egrep -o "comm=\"[^ ]+"|sort|uniq -c|sort -rn"):
     N/A

* CPU Model (grep 'model name' /proc/cpuinfo | awk -F: '{print $2}' | uniq -c | sed -re 's/^ +//' ):
     2  Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz

* 64-bit Support (grep -q ' lm ' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Hardware Virtualization Support (egrep -q '(vmx|svm)' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Load average (uptime):
      00:00:19 up  2:15,  2 users,  load average: 0.02, 0.03, 0.05

* Memory usage (free -m):
                  total       used       free     shared    buffers     cached
     Mem:          3915       3704        210          0         32       3027
     -/+ buffers/cache:        644       3270
     Swap:         5951         24       5927

* Top 5 CPU hogs (ps axuScnh | awk '$2!=4785' | sort -rnk3 | head -5):
            0     1 18.3  0.6  57952 24696 ?        Ss   Oct08  24:50 systemd
         1000  3761  2.0  2.9 2990424 119472 ?      Sl   Oct08   0:55 rhythmbox
            0  1296  1.8  0.5 133656 20220 tty1     Ss+  Oct08   2:26 Xorg
         1000  1762  1.4  0.1 253864  7596 ?        Sl   Oct08   1:56 xfce4-session
         1000  4079  1.1  0.1 119568  5148 pts/0    Ss   Oct08   0:15 bash

* Top 5 Memory hogs (ps axuScnh | sort -rnk4 | head -5):
         1000  3761  2.0  2.9 2990424 119472 ?      Sl   Oct08   0:55 rhythmbox
         1000  1802  0.0  1.1 1585400 44800 ?       Ssl  Oct08   0:04 dropbox
         1000  2251  0.0  0.7 981264 28576 ?        Sl   Oct08   0:00 e-calendar-fact
            0     1 18.3  0.6  57952 24696 ?        Ss   Oct08  24:50 systemd
         1000  1821  0.0  0.5 557828 23188 ?        Sl   Oct08   0:02 tracker-store

* Disk space usage (df -hT):
     Filesystem                                            Type      Size  Used Avail Use% Mounted on
     rootfs                                                rootfs     34G  6.7G   27G  21% /
     devtmpfs                                              devtmpfs  1.9G     0  1.9G   0% /dev
     tmpfs                                                 tmpfs     2.0G  2.2M  2.0G   1% /dev/shm
     tmpfs                                                 tmpfs     2.0G   47M  1.9G   3% /run
     /dev/mapper/vg_notebook-lv_root                       ext4       34G  6.7G   27G  21% /
     tmpfs                                                 tmpfs     2.0G   47M  1.9G   3% /run
     tmpfs                                                 tmpfs     2.0G     0  2.0G   0% /sys/fs/cgroup
     tmpfs                                                 tmpfs     2.0G     0  2.0G   0% /media
     /dev/sda1                                             ext4      485M   79M  381M  18% /boot
     /dev/mapper/luks-c24525fe-40a9-4839-81fd-da2b11355741 ext4      107G   32G   71G  31% /home

* Block devices (failed: "blkid" AND "/sbin/blkid"):
     N/A

* PCI devices (lspci):
     00:00.0 Host bridge: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub (rev 07)
     00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 07)
     00:02.1 Display controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 07)
     00:03.0 Communication controller: Intel Corporation Mobile 4 Series Chipset MEI Controller (rev 07)
     00:03.3 Serial controller: Intel Corporation Mobile 4 Series Chipset AMT SOL Redirection (rev 07)
     00:19.0 Ethernet controller: Intel Corporation 82567LM Gigabit Network Connection (rev 03)
     00:1a.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 (rev 03)
     00:1a.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 (rev 03)
     00:1a.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 (rev 03)
     00:1a.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 (rev 03)
     00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
     00:1c.0 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 (rev 03)
     00:1c.1 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 2 (rev 03)
     00:1c.3 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 4 (rev 03)
     00:1c.4 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 5 (rev 03)
     00:1d.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 (rev 03)
     00:1d.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 (rev 03)
     00:1d.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 (rev 03)
     00:1d.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 (rev 03)
     00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 93)
     00:1f.0 ISA bridge: Intel Corporation ICH9M-E LPC Interface Controller (rev 03)
     00:1f.2 SATA controller: Intel Corporation ICH9M/M-E SATA AHCI Controller (rev 03)
     00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 03)
     03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection
     15:00.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev ba)
     15:00.1 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller (rev 04)

* USB devices (lsusb):
     Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
     Bus 001 Device 003: ID 22b8:41d9 Motorola PCS Droid/Milestone

* DRM Information (failed: "grep drm /var/log/dmesg"):
     N/A

* Xorg modules (grep LoadModule /var/log/Xorg.0.log | cut -d \" -f 2 | xargs):
     extmod dbe glx record dri dri2 intel vesa fbdev fbdevhw fb dri2 evdev synaptics

* GL Support (failed: "glxinfo | egrep "OpenGL version|OpenGL renderer""):
     N/A

* Xorg errors (failed: "grep '^\[.*(EE)' /var/log/Xorg.0.log"):
     N/A

* Kernel buffer tail (dmesg | tail):
     [ 8072.808666] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8072.813066] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8082.054768] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:84:2b:2b:7c:5c:31:08:00 SRC=172.16.69.2 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8082.055204] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:84:2b:2b:7c:5c:31:08:00 SRC=172.16.69.2 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8090.981265] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:f2:08:d2:08:00 SRC=172.16.69.20 DST=255.255.255.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=35624 PROTO=UDP SPT=17500 DPT=17500 LEN=127
     [ 8090.981970] NEGADO: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:f2:08:d2:08:00 SRC=172.16.69.20 DST=172.16.69.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=53261 PROTO=UDP SPT=17500 DPT=17500 LEN=127
     [ 8096.243782] NEGADO: IN=eth0 OUT= MAC=01:00:5e:00:00:01:68:7f:74:2b:eb:c0:08:00 SRC=172.16.69.254 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
     [ 8102.846392] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129
     [ 8102.847085] NEGADO: IN=eth0 OUT= MAC= SRC=172.16.69.3 DST=172.16.69.255 LEN=149 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=129 

* Last few reboots (last -x -n10 reboot runlevel):
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Sat Oct  8 21:45 - 00:00  (02:14)
     reboot   system boot  3.1.0-0.rc8.git0 Sat Oct  8 21:45 - 00:00  (02:15)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Fri Oct  7 14:40 - 22:35  (07:54)
     reboot   system boot  3.1.0-0.rc8.git0 Fri Oct  7 14:39 - 22:35  (07:55)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 22:35 - 00:56  (02:21)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 22:34 - 00:56  (02:21)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 13:28 - 22:35  (09:07)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 13:27 - 00:56  (11:28)
     runlevel (to lvl 5)   3.1.0-0.rc8.git0 Thu Oct  6 12:28 - 12:49  (00:21)
     reboot   system boot  3.1.0-0.rc8.git0 Thu Oct  6 12:28 - 12:49  (00:21)    

     wtmp begins Sat Sep 10 11:04:31 2011

* YUM Repositories (yum -C repolist):
     Loaded plugins: downloadonly, fastestmirror, langpacks, presto, refresh-
                   : packagekit
     repo id                       repo name                                   status
     brew                          Brew Buildsystem for Fedora 16 - x86_64          4
     fedora                        Fedora 16 - x86_64                          24,906
     fedora-debuginfo              Fedora 16 - x86_64 - Debug                   5,639
     google-chrome                 google-chrome                                    3
     google-earth                  google-earth                                     1
     google-talkplugin             google-talkplugin                                1
     rpmfusion-free-rawhide        RPM Fusion for Fedora Rawhide - Free           394
     rpmfusion-nonfree-rawhide     RPM Fusion for Fedora Rawhide - Nonfree        164
     updates-debuginfo             Fedora 16 - x86_64 - Updates - Debug             0
     updates-testing               Fedora 16 - x86_64 - Test Updates            6,541
     updates-testing-debuginfo     Fedora 16 - x86_64 - Test Updates Debug      1,196
     repolist: 38,849

* YUM Extras (yum -C list extras):
     Loaded plugins: downloadonly, fastestmirror, langpacks, presto, refresh-
                   : packagekit
     Extra Packages
     clutter-gesture.x86_64    0.0.2-2.fc13             @koji-override-0/$releasever
     clutter-imcontext.x86_64  0.1.6-4.fc15             @koji-override-0/$releasever
     kernel.x86_64             3.1.0-0.rc6.git0.3.fc16  @updates-testing
     kernel.x86_64             3.1.0-0.rc8.git0.0.fc16  @updates-testing
     kernel-devel.x86_64       3.1.0-0.rc6.git0.3.fc16  @updates-testing
     kernel-devel.x86_64       3.1.0-0.rc8.git0.0.fc16  @updates-testing
     lastfm.x86_64             1.4.2.58240-6.fc11       @rpmfusion-free-rawhide
     nautilus-dropbox.x86_64   0.6.9-1.fc10             @/nautilus-dropbox-0.6.9-1.fedora.x86_64
     opera.x86_64              2:11.51-1087             installed
     pygobject3.x86_64         3.0.1-1.fc16             @updates-testing
     selinux-policy.noarch     3.10.0-36.fc16           @updates-testing
     selinux-policy-targeted.noarch
                               3.10.0-36.fc16           @updates-testing
     skype.i586                2.2.0.35-fc10            @/skype-2.2.0.35-fedora.i586 

* Last 20 packages installed (rpm -qa --nodigest --nosignature --last | head -20):
     iptraf-3.0.1-11.fc15                          Sat 08 Oct 2011 10:37:55 PM BRT
     cups-libs-1.5.0-14.fc16                       Fri 07 Oct 2011 03:43:42 PM BRT
     qt-x11-4.8.0-0.12.20111002.fc16               Fri 07 Oct 2011 03:43:41 PM BRT
     qt-4.8.0-0.12.20111002.fc16                   Fri 07 Oct 2011 03:43:38 PM BRT
     glib2-2.30.0-2.fc16                           Fri 07 Oct 2011 03:43:35 PM BRT
     system-config-date-1.9.66-1.fc16              Fri 07 Oct 2011 03:43:32 PM BRT
     google-chrome-beta-15.0.874.83-104223         Fri 07 Oct 2011 03:43:17 PM BRT
     postgresql-jdbc-9.1.901-1.fc16.1              Fri 07 Oct 2011 03:43:10 PM BRT
     tftp-5.1-1.fc16                               Fri 07 Oct 2011 03:43:09 PM BRT
     tftp-server-5.1-1.fc16                        Fri 07 Oct 2011 03:43:06 PM BRT
     biosdevname-0.3.11-5.fc16                     Fri 07 Oct 2011 03:43:06 PM BRT
     stunnel-4.44-1.fc16                           Fri 07 Oct 2011 03:43:05 PM BRT
     telepathy-salut-0.5.2-1.fc16                  Fri 07 Oct 2011 03:43:04 PM BRT
     qemu-img-0.15.0-5.fc16                        Fri 07 Oct 2011 03:43:03 PM BRT
     telepathy-mission-control-5.9.3-1.fc16        Fri 07 Oct 2011 03:43:02 PM BRT
     gnome-color-manager-3.2.0-3.fc16              Fri 07 Oct 2011 03:43:00 PM BRT
     libmx-1.3.2-1.fc16                            Fri 07 Oct 2011 03:42:59 PM BRT
     clutter-gst-1.4.2-1.fc16                      Fri 07 Oct 2011 03:42:58 PM BRT
     net-snmp-utils-5.7.1-2.fc16                   Fri 07 Oct 2011 03:42:57 PM BRT
     net-snmp-python-5.7.1-2.fc16                  Fri 07 Oct 2011 03:42:57 PM BRT

OK to send? [y/N]: y
Uploading (16.7KiB)...

http://fpaste.org/QL1G/

notebook $>

Abaixo um screenshot da URL gerada:

Era isso tchê!! Simples e fácil!!! E por favor, não cole várias linhas de log/código no IM do seu amigo!! :) Forte quebra costelas tchê!!

Tweet
Tags: fedora, fpaste, linux, Posts
0

Diretórios Privados com PAM_Namespace

By
Marcelo Moreira de Mello
– 4 June, 2011

Olá,

Lembro-me dos tempos em que ministrava os cursos da Red Hat pelo Brasil (bons tempos aqueles). Com certeza foi uma das  etapas da minha vida em que mais aprendi profissionalmente e pessoalmente. É incrível estar em lugar diferente a cada semana, com pessoas diferentes com culturas diferentes. Com certeza foi uma experiência fantástica.

Uma das perguntas frequentes que os alunos faziam, era se existia um modelo de particionamento que oferecesse uma boa relação custo vs benefício vs segurança. Acredito que a  melhor resposta para esse questionamento é obtida através de outros questionamentos: Quais serviços irão ser executados? Será utilizado quota? Como será o backup? Os usuários terão acesso remoto? Etc…

Independente do esquema de particionamento escolhido, sempre é observado a questão do diretório /tmp que além de ser compartilhado com os demais usuários, possui permissão de escrita, podendo assim gerar algum desconforto para o sysadmin ou instabilidade do sistema por conta de scripts ou usuários mal intencionados. Por exemplo, executar o comando yes, redirecionando a saída para um arquivo dentro do /tmp? Ou ainda ter acesso à informações  de outros usuários descuidados em salvar arquivos dentro do diretório /tmp.


[root@f15 ~]# yes DoS >> /tmp/disk-FULL
yes: standard output: No space left on device
yes: write error

Sendo um arquivo privado, o seu lugar não deveria ser tal diretório, porém “shit happens”!!! Geralmente cria-se então uma partição para acomodar o diretório /tmp, evitando assim  aborrecimentos causados por usuários ao executar comandos maliciosos no sistema.  Porém, como fica a privacidade dos arquivos armazenados dentro do diretório /tmp?

Com a utilização do módulo da PAM pam_namespace.so, podemos criar diretórios “poli-instanciados privados”, isto é, quando qualquer usuário acessar o diretório mapeado, será um diretório privado.

Nota: Iremos utilizar o diretório /tmp como exemplo, porém a técnica pode ser aplicada para outras situações.

A configuração do módulo pam_namespace.so se dá dentro no arquivo /etc/security/namespace.conf. Basicamente o formato de configuração do arquivo é:

diretório instância_dir_prefix tipo_de_autenticação lista_de_usuário

No primeiro campo, devemos colocar o caminho do diretório privado.

No segundo campo, iremos definir qual prefix do diretório que será utilizado para armazenar os arquivos criados pelo usuários. Esse diretório será automaticamente criado pelo módulo pam_namespace com permissão 000.

No terceiro campo, se define o método utilizado pela pam_namespace. São válidas as seguintes entradas:

  • user -> baseado no nome do usuário
  • level -> baseado no context SELinux MLS e nome do usuário. SELinux é obrigatório!
  • context -> baseado no contexto SELinux do processo e usuário. SELinux é obrigatório!
  • tmpfs -> utilização de diretório TMPFS
  • tmpdir -> para diretórios temporários que serão removidos após o logout do usuário

Por fim no quarto campo, temos a lista dos usuários (separados por vírgula) que serão excluídos dessa regra. Caso a lista inicie com o sinal “~“, a regra se aplicará somente os usuários contidos na lista. Se deixado em branco, a regra se aplicará para todos os usuários do sistema.

No intuito de exemplificar a configuração,  o /tmp será mapeado utilizando o método context para os usuários fulano e sicrano somente.

Primeiramente, iremos configurar o arquivo /etc/security/pam_namespace.conf :

Dica: abra um terminal como usuário root e deixe-o aberto durante o processo de configuração, assim em caso de problemas, você não perderá acesso de root no sistema


[root@f15 ~]# useradd  fulano
[root@f15 ~]# useradd  cicrano
[root@f15 ~]# echo senha | passwd --stdin fulano
Changing password for user fulano.
passwd: all authentication tokens updated successfully.
[root@f15 ~]# echo senha | passwd --stdin sicrano
Changing password for user sicrano.
passwd: all authentication tokens updated successfully.
[root@f15 ~]# ls -lad /tmp
drwxrwxrwt. 7 root root 4096 Jun  5 18:45 /tmp
[root@f15 ~]# cat /etc/security/namespace.conf  | grep -v ^#  | grep -v ^$
/tmp    /var/tmp/tmp-PAM_namespace    context    ~fulano,sicrano
[root@f15 ~]# setsebool -P allow_polyinstantiation 1
[root@f15 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Feito isso, nosso próximo passo será ativar o módulo pam_namespace.so dentro do arquivo /etc/pam.d/system-auth e /etc/pam.d/sshd

[root@f15 /]# cat /etc/pam.d/sshd
#%PAM-1.0
auth	   required	pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth

password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context

session    required     pam_selinux.so open env_params
session	   required	pam_namespace.so debug
session    optional     pam_keyinit.so force revoke
session    include      password-auth

[root@f15 /]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke

session     required      pam_limits.so
session	    required	  pam_namespace.so debug
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Nota: é muito importante o posicionamento da linha pam_namespace.so dentro dos arquivos de configuração.

Abra uma nova sessão com o usuário root, e monitore os arquivos /var/log/messages e /var/log/secure. Acesse o sistema com os usuários fulano e sicrano e observe:

notebook $> ssh fulano@192.168.122.112
fulano@192.168.122.112's password:
Last login: Sun Jun  5 20:26:01 2011 from 192.168.122.1
[fulano@f15 ~]$ cd /tmp/
[fulano@f15 tmp]$ ls -la
total 8
drwxrwxrwt.  2 root root 4096 Jun  5 20:26 .
dr-xr-xr-x. 23 root root 4096 Jun  5 20:23 ..
[fulano@f15 tmp]$ touch private
[fulano@f15 tmp]$ exit
logout
Connection to 192.168.122.112 closed.

[root@f15 tmp]# tail -f /var/log/messages  /var/log/secure -n0

==> /var/log/messages <==

==> /var/log/secure <==

Jun  5 20:39:05 f15 sshd[1741]: Accepted password for fulano from 192.168.122.1 port 42627 ssh2
Jun  5 23:39:05 f15 sshd[1742]: fatal: mm_request_receive: read: Connection reset by peer
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): open_session - start
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Parsing config file /etc/security/namespace.conf
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Expanded polydir: '/tmp'
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Expanded ruser polydir: '/tmp'
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Expanded instance prefix: '/var/tmp/tmp-PAM_namespace/'
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Configured poly dirs:
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): dir='/tmp' iprefix='/var/tmp/tmp-PAM_namespace/' meth=2
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): override user 500
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): override user 501
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Set up namespace for pid 1741
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 500
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Need poly ns for user 500 for dir /tmp
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 0
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 500
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Setting poly ns for user 500 for dir /tmp
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Set namespace for directory /tmp
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): member context returned by policy system_u:object_r:user_tmp_t:s0
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): poly_name system_u:object_r:user_tmp_t:s0_fulano
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Inst ctxt system_u:object_r:user_tmp_t:s0 Orig ctxt system_u:object_r:tmp_t:s0
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): instance_dir /var/tmp/tmp-PAM_namespace/system_u:object_r:user_tmp_t:s0_fulano
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): Protect mount of /var/tmp/tmp-PAM_namespace over itself
Jun  5 20:39:06 f15 sshd[1741]: pam_namespace(sshd:session): namespace setup ok for pid 1741
Jun  5 20:39:06 f15 sshd[1741]: pam_systemd(sshd:session): Moving new user session for fulano into control group /user/fulano/19.
Jun  5 20:39:06 f15 sshd[1741]: pam_unix(sshd:session): session opened for user fulano by (uid=0)

Logando agora com o usuário sicrano:

notebook $> ssh sicrano@192.168.122.112
sicrano@192.168.122.112's password:
[sicrano@f15 ~]$ cd /tmp/
[sicrano@f15 tmp]$ ls
[sicrano@f15 tmp]$ touch test2
[sicrano@f15 tmp]$ ls -la
total 8
drwxrwxrwt.  2 root    root    4096 Jun  5 20:41 .
dr-xr-xr-x. 23 root    root    4096 Jun  5 20:23 ..
-rw-rw-r--.  1 sicrano sicrano    0 Jun  5 20:41 test2
[sicrano@f15 tmp]$ logout
Connection to 192.168.122.112 closed.

[root@f15 tmp]# tail -f /var/log/messages  /var/log/secure -n0

==> /var/log/messages <==

==> /var/log/secure <==

Jun  5 20:41:29 f15 sshd[1770]: Accepted password for sicrano from 192.168.122.1 port 43159 ssh2
Jun  5 23:41:29 f15 sshd[1771]: fatal: mm_request_receive: read: Connection reset by peer
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): open_session - start
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Parsing config file /etc/security/namespace.conf
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Expanded polydir: '/tmp'
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Expanded ruser polydir: '/tmp'
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Expanded instance prefix: '/var/tmp/tmp-PAM_namespace/'
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Configured poly dirs:
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): dir='/tmp' iprefix='/var/tmp/tmp-PAM_namespace/' meth=2
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): override user 500
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): override user 501
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Set up namespace for pid 1770
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 501
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Need poly ns for user 501 for dir /tmp
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 0
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 501
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Setting poly ns for user 501 for dir /tmp
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Set namespace for directory /tmp
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): member context returned by policy system_u:object_r:user_tmp_t:s0
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): poly_name system_u:object_r:user_tmp_t:s0_sicrano
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Inst ctxt system_u:object_r:user_tmp_t:s0 Orig ctxt system_u:object_r:tmp_t:s0
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): instance_dir /var/tmp/tmp-PAM_namespace/system_u:object_r:user_tmp_t:s0_sicrano
Jun  5 20:41:29 f15 sshd[1770]: pam_namespace(sshd:session): Protect mount of /var/tmp/tmp-PAM_namespace over itself
Jun  5 20:41:30 f15 sshd[1770]: pam_namespace(sshd:session): namespace setup ok for pid 1770
Jun  5 20:41:30 f15 sshd[1770]: pam_systemd(sshd:session): Moving new user session for sicrano into control group /user/sicrano/20.
Jun  5 20:41:30 f15 sshd[1770]: pam_unix(sshd:session): session opened for user sicrano by (uid=0)
Jun  5 20:41:46 f15 sshd[1780]: Received disconnect from 192.168.122.1: 11: disconnected by user
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): close_session - start
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): Resetting namespace for pid 1770
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): orig namespace for pid 1770
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): Checking for ns override in dir /tmp for uid 501
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): Unmounting instance dir for user 501 & dir /tmp
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): Unmount of /tmp succeeded
Jun  5 20:41:46 f15 sshd[1770]: pam_namespace(sshd:session): resetting namespace ok for pid 1770
Jun  5 20:41:46 f15 sshd[1770]: pam_systemd(sshd:session): Moving remaining processes of user session 20 of sicrano into control group /user/sicrano/master.
Jun  5 20:41:46 f15 sshd[1770]: pam_unix(sshd:session): session closed for user sicrano

Verificando os diretórios e arquivos criados, temos:

[root@f15 tmp]# ls -laRZ /var/tmp/
/var/tmp/:
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       .
drwxr-xr-x. root root system_u:object_r:var_t:s0       ..
d---------. root root system_u:object_r:user_tmp_t:s0  tmp-PAM_namespace
/var/tmp/tmp-PAM_namespace:
d---------. root root system_u:object_r:user_tmp_t:s0  .
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       ..
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       system_u:object_r:user_tmp_t:s0_sicrano
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       system_u:object_r:user_tmp_t:s0_fulano

/var/tmp/tmp-PAM_namespace/system_u:object_r:user_tmp_t:s0_sicrano:
drwxrwxrwt. root    root    system_u:object_r:tmp_t:s0       .
d---------. root    root    system_u:object_r:user_tmp_t:s0  ..
-rw-rw-r--. sicrano sicrano unconfined_u:object_r:user_tmp_t:s0 test2

/var/tmp/tmp-PAM_namespace/system_u:object_r:user_tmp_t:s0_fulano:
drwxrwxrwt. root   root   system_u:object_r:tmp_t:s0       .
d---------. root   root   system_u:object_r:user_tmp_t:s0  ..
-rw-rw-r--. fulano fulano unconfined_u:object_r:user_tmp_t:s0 private

A utilização do módulo pam_namespace.so não resolve todos os problemas, mas certamente é uma configuração interessante e uma carta na manga do sysadmin!

Um quebra costela, tchê!!

Tweet
Tags: fedora, linux, linux configs, pam, pam_namespace.so, Personal, Posts, security, segurança, selinux, temporary dirs
1

Perfis de Rede com Network Manager + GNOME 3 no Fedora 15

By
Marcelo Moreira de Mello
– 28 May, 2011

Olá,

Após muito tempo sem postar nenhum artigo por aqui, consegui organizar melhor o meu tempo e aqui segue uma simples dica aos amigos que instalaram o Fedora 15 e estão enfrentando dificuldades para gerenciar os perfis de rede no Network Manager no Gnome 3.Nm-applet

Se você já utilizou o Gnome nas versões anteriores  (< 3) juntamente com o Network Manager, deve se lembrar que era bem simples criar perfis de rede utilizando o nm-applet.

Caso você não saiba, o nm-applet é o ícone que fica localizado no system-tray no qual é possível gerenciar as configurações do Network Manager, tais como:

  • Criar perfis de redes local;
  • Criar perfis de rede wireless;
  • Criar VPN;
  • Editar preferências

Também era possível editar as preferências do Network Manager (no Fedora, por exemplo), digitando a partir do terminal o comando system-config-network.

No Fedora 15 com o Gnome 3, a visualização do nm-applet esta um pouco diferente e não é mais possível visualizar a opção para a edição das configurações do Network Manager.

NM-Applet no Fedora 15

NM-Applet no Fedora 14
nm-applet_f15 

nm_applet_f15_2

 nm-applet 

nm-applet_f14

Como podemos visualizar acima, nas versões antigas do Fedora (com Gnome 2), a opção de adicionar um novo perfil de rede já estava disponível pelo próprio menu. No Fedora 15 (com Gnome 3), quando se clica Network Settings e depois Options, a tela seguinte permite somente a edição do perfil atual, não sendo possível adicionar um novo perfil de rede para conexões LAN ou Wireless.

Como workaround, o usuário pode executar a partir do terminal o comando nm-connection-editor, sendo assim possível visualizar a tela de propriedades de configuração do Network Manager.

Um forte quebra costelas e até a próxima!

Tweet
Tags: "fedora 15", "network manager", "wireless", fedora, network, perfis, profiles
0

Workaround for sound issues in Fedora 14

By
Marcelo Moreira de Mello
– 11 November, 2010

If you upgraded to Fedora14 and are facing some sound problems, below follow a workaround proposed by Linux Torvalds that seems to fix the issue. 

/*
*  BZ#638477 - Strange sound on mp3 flash website
*  Workaround proposed by Linus Torvalds (see comment#38)
*
*/

#include <sys/types.h>

void *memcpy(void *dst, const void *src, size_t size) {

 void *orig = dst;

 asm volatile("rep ; movsq":"=D" (dst), "=S" (src)
 :"0" (dst), "1" (src), "c" (size >> 3):"memory");

 asm volatile("rep ; movsb":"=D" (dst), "=S" (src)
 :"0" (dst), "1" (src), "c" (size & 7):"memory");

 return orig;
}

$ gcc -O2 -c mymemcpy.c
$ ld -G mymemcpy.o -o mymemcpy.so
$ LD_PRELOAD=./mymemcpy.so  /usr/bin/firefox4 &

That’s all folks!! cya!!

Tweet
Tags: f14, fedora, fix, glibc, issues, problems, sound, workaround
0

Adicionando histórico de comandos ao SQLPlus

By
Marcelo Moreira de Mello
– 8 November, 2010

Olá,

Recentemente trabalhei em um projeto onde  tive que realizar um levantamento das tabelas, procedures, views, etc… utilizadas pelo Spacewalk em um banco de dados Oracle. Confesso aos amigos, que nunca tinha tido uma experiência maior do que 10 minutos utilizando o cliente SQPLus até então.

Após realizar alguns SELECT(s) dentro do SQLPlus, percebi que o mesmo não armazenada histórico dos comandos realizados. Acostumado com o famoso history e truques para reutilizar comandos no bash, parti em busca de alguma alternativa para acrescentar tal funcionalidade ao SQLPlus.

Graças à comunidade open source, encontrei uma solução muito simples e eficaz para tal problema: Eis que os apresento o rlwrap

O rlwrap esta disponível no repositório oficial do Fedora e também no repositório EPEL caso o cliente queiram instalar em Red Hat Enterprise Linux.

Após instalar o pacote rlwrap, crie um alias adicionando o comando antes do SQLPlus e tudo estará resolvido.  Vamos aos procedimentos:


[root@server ~]$ echo "alias sqlplus='/usr/bin/rlwrap /usr/lib/oracle/10.2.0.4/client/bin/sqlplus'" >> /etc/bashrc
[root@server ~]$ su -
[oracle@server ~]$ alias
alias l.='ls -d .* --color=tty'
alias ll='ls -l --color=tty'
alias ls='ls --color=tty'
alias sqlplus='/usr/bin/rlwrap /usr/lib/oracle/10.2.0.4/client/bin/sqlplus'
alias vi='vim'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
[oracle@server ~]$

[oracle@server ~]$ sqlplus  USER/PASSWORD@rhnsat

SQL*Plus: Release 10.2.0.4.0 - Production on Wed Nov 3 03:46:29 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> SELECT ce.errata_id, ce.channel_id, c.label, e.advisory_name FROM
 2       rhnchannelerrata ce, rhnchannel c, rhnerrata e WHERE ce.channel_id=c.id AND
 3       e.id=ce.errata_id AND e.advisory_name='RHEA-2009:1400';

 ERRATA_ID CHANNEL_ID
---------- ----------
LABEL
--------------------------------------------------------------------------------
ADVISORY_NAME
--------------------------------
 1245      162
rhel-i386-server-5
RHEA-2009:1400

SQL> select version from v$instance;

VERSION
-----------------
10.2.0.4.0

SQL> quit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@server ~]$

Um arquivo será criado no diretório pessoal do usuário chamado .sqlplus_history contendo os comandos digitados. Agora, basta usar a seta para cima e eis o histórico de comandos. :) 

[oracle@server ~]$ ls -la ~/.sqlplus_history
-rw------- 1 oracle oracle 245 Nov  3 03:50 /opt/apps/oracle/.sqlplus_history
[oracle@server ~]$ cat  ~/.sqlplus_history
SELECT ce.errata_id, ce.channel_id, c.label, e.advisory_name FROM
 rhnchannelerrata ce, rhnchannel c, rhnerrata e WHERE ce.channel_id=c.id AND
 e.id=ce.errata_id AND e.advisory_name='RHEA-2009:1400';
select version from v$instance;
quit
[oracle@server ~]$

Gostaria de dedicar esse post ao meu amigo Régiz Vaz que sempre me ajudou em Oracle matters :)   e com certeza o melhor profissional que já trabalhei no que diz repeito de soluções Oracle.

Feito!! Divirtam-se!! :)
Um quebra-costelas chê…

Tweet
Tags: alias, bash, cmd line, comandos, fedora, histórico, Oracle, Posts, Red Hat Enterprise Linux, redhat, RHEL, rlwrap, sqlplus
0

Instalando Firefox4 no Fedora14

By
Marcelo Moreira de Mello
– 6 November, 2010

Olá pessoal,

A idéia hoje é um post rápido mostrando como podemos instalar o Firefox4 no Fedora14. Perceba que no exemplo abaixo, podemos ter as 2 versões do Firefox instaladas {3.6,4b}. Para isso:

$ sudo wget http://repos.fedorapeople.org/repos/spot/firefox4/fedora-firefox4.repo -O /etc/yum.repos.d/fedora-firefox4.repo
$ sudo yum --enablerepo fedora-firefox4 install firefox4
$ rpm -q firefox
firefox-3.6.12-1.fc14.x86_64
$ rpm -q firefox4
firefox4-4.0-0.8.b6.fc14.x86_64
$ which  firefox4
/usr/bin/firefox4
$ firefox4

firefox4-screenshot

Abraços!!

Tweet
Tags: beta, fedora, fedora 14, fedorapeople, firefox4, Posts, yum
5

Ambiente Bash Amigável

By
Marcelo Moreira de Mello
– 5 September, 2010

Olá amigos,

Há alguns dias atrás estava mexendo com um código escrito em Java. Para editá-lo, estava utilizando o bom e velho editor de texto vi/vim.  Até quero aproveitar o momento e compartilhar com todos o mapa de teclado dos comandos e ações que podemos fazer dentro do vi/vim.

VIm

Retornando ao assunto :) , toda vez que digitava o comando vim OlaMundo<tab> o ambiente bash me mostrava dois arquivos  OlaMundo.java e OlaMundo.Class.  OK, até aqui tudo normal!!! O problema era  ficar completando a linha de comando com .java ou j<tab> no final.  Até então é aceitável, porém no momento da compilação e execução do bytecode também tinha que mexer na linha de comando, tirando o ponto do nome do arquivo java OlaMundo. Vou tentar ilustrar melhor a situação com a figura abaixo:

Screenshot-Java

Read the rest of this entry »

Tweet
Tags: bash, bash amigável, bash-completion, fedora, fedora 13, java, javac, Posts, vi, vim
  • Conecte-se / Follow us
  • Photos (view gallery)
    You and MeSunset behind the treesSunset in SedonaOrange SkyNight Flashlights @ RDUSunset StreetThornsMohave Point - Grand Canyon National ParkDuke University Chapel @ Chapel HillDesert FlowerOverlook Point at ArizonaCactus' StrengthSpectacular Orange RocksWhite WolfCactusRed Rocks Country - Sedona
  • Últimos/Recent Posts
    • Spacewalk 1.6 Released
    • Sharing with fpaste.org
    • Compartilhe com fpaste.org
    • Sharing resources with Synergy
    • Compartilhando recursos com Synergy
    • Boleadoras Show in Porto Alegre/RS – Brazil :)
    • RHN Satellite Tips and Tricks – Red Hat Summit 2011 by Thomas Cameron
  • Tags
    atualizando fedora preupgrade bash bash-completion beta cpu hotplug habilitando cpu sob demanda cpuset dedicando cpu isolcpus cryptsetup pendrive criptografia evento universidade são caetano do sul certificações Red Hat f14 fedora fedora 14 fpaste glibc hug a developer iptables recent regras dinâmicas java javac kickstart instalação automatizada anaconda linux install system-config-kickstart kickstart pxe dhcp syslinux pxelinux.0 lemon pepper Linus Torvalds linux LinuxCon LinuxCon2010 linux configs mount journal writeback ordered ext3 tune2fs blkid mouse Oracle Personal Photograph Posts red hat redhat revista espírito livre blueproximity bluetooth rhel6 beta rlwrap segurança sound spacewalk sqlplus synergy tchelinux evento palestrantes puc rs vi vim workaround
  • Spacewalk Stats

    Ohloh profile for mmello

  • ESLAM 5
  • Blogroll
    • Alberto Silva
    • Dan Walsh
    • Dennis Gilmore
    • Douglas Landgraf
    • Flavio's Blog
    • Glauber Costa – glommer.net
    • Gustavo Duarte
    • Jeronimo Zucco
    • João Paulo de Lima Barbosa
    • Osmar Leão
    • Pablo Hess
    • Ricardo Ferreira
  • Arquivo/Archive

About Arras WordPress Theme

Tchello Blog

Stop SOPA