|
I have a random rear end question does finger do anything anymore? I never was quite sure how it worked, since I had no real interest in what it did outside of the muds I originally learned about it in
|
# ? May 11, 2021 00:48 |
|
|
# ? Apr 17, 2024 10:08 |
|
It's basically like a super simplified http: you send either a blank line or a username, and the server sends back either a list of users or a block of plain text with info about that user, then disconnects. It typically tells you if they are logged in or how long they have been away, the full name (taken from the passwd file), and the contents of the .plan file from their home directory - which people would update to show what they were up to. The client and server still exist, but I doubt any modern distro runs the server by default - it's sort of a security hole to have a "tell me about your users" protocol. The RFC is vague about expected answers, but since everything except the request was meant to be read by a human I guess that's not a problem. Computer viking fucked around with this message at 01:03 on May 11, 2021 |
# ? May 11, 2021 00:56 |
|
Thanks! Computer viking posted:The client and server still exist, but I doubt any modern distro runs the server by default - it's sort of a security hole to have a "tell me about your users" protocol. this is exactly what prompted the curiousity. I'm dealing with a compromised server, and saw an ssh connection establish, wait a moment, then disconnect, and it made me curious if finger would tell someone that there was an admin actively working on a box
|
# ? May 11, 2021 01:08 |
|
Just keep your finger outta my gopher, k?
|
# ? May 11, 2021 01:20 |
|
RFC2324 posted:Thanks! I just always use 'w' to check if someone is actively working on it. And 'ps aux | grep pts' if I want to check if someone has something non-interactive going on.
|
# ? May 11, 2021 01:40 |
|
Saukkis posted:I just always use 'w' to check if someone is actively working on it. And 'ps aux | grep pts' if I want to check if someone has something non-interactive going on. that would require logging in, which someone wanting to see if an admin is active before attempting to re-exploit the box might want to see, since I would just be killing their stuff as fast as it appeared in top
|
# ? May 11, 2021 01:44 |
|
If you think a box is compromised shut down the network. As soon as they realize you're on the trail they're going to rm -rf /. If it's a remote and ssh is your only way in, iptables filter to only allow whatever your current workstation IP is.
|
# ? May 11, 2021 02:10 |
|
xzzy posted:If you think a box is compromised shut down the network. As soon as they realize you're on the trail they're going to rm -rf /. not an option at my level! Uptime is king in my role, and cutting users off from their precious website is a nono if its not doing anything more they didn't have an actual login, just what looked to be a java exploit that let them run their cryptominer, but I am still bumping it to people who can shut it down I hate this process
|
# ? May 11, 2021 02:19 |
RFC2324 posted:not an option at my level! Uptime is king in my role, and cutting users off from their precious website is a nono if its not doing anything more Don't you worry about what else the attacker might have left behind to allow them back in once you've patched up the known holes? I am trying to imagine what sort of website has such stringent uptime requirements but also doesn't have sufficient high availability or disaster recover procedure that causes "repair the existing machine quickly as best you can" to be the option considered before immediately isolating the machine and doing forensics on it later to see what happened.
|
|
# ? May 11, 2021 02:35 |
|
fletcher posted:Don't you worry about what else the attacker might have left behind to allow them back in once you've patched up the known holes? I am trying to imagine what sort of website has such stringent uptime requirements but also doesn't have sufficient high availability or disaster recover procedure that causes "repair the existing machine quickly as best you can" to be the option considered before immediately isolating the machine and doing forensics on it later to see what happened. Do I, or does my company? *I* do, but I have learned tonight that the company doesn't really. I don't get to escalate to the security team for remediation, my malware scan came up clean so it looks like I let the customer know it happened and call it a day my company is going to get sued out of existence. We are allegedly FedRAMP
|
# ? May 11, 2021 02:40 |
|
Yeah that sounds like a massive recipe for disaster. Where I'm at, once a box is compromised or even suspected of a compromise, it's mandatory to do a complete network disconnect, a forensic analysis, and a wipe of the hard drives because it can never be trusted again. And we aren't even caring for any PII or industry secrets, this is just to avoid embarrassment if it hits the media. I appreciate you don't get to make the rules, this is more me being amazed at the ignorance of whoever's calling the shots.
|
# ? May 11, 2021 03:03 |
|
xzzy posted:Yeah that sounds like a massive recipe for disaster. Where I'm at, once a box is compromised or even suspected of a compromise, it's mandatory to do a complete network disconnect, a forensic analysis, and a wipe of the hard drives because it can never be trusted again. we have one security&compliance person, and he is frantically running around trying to enforce password compliance and things like that. most of this stuff apparently falls on the sysadmins who man the frontlines, and no one seems aware of things like security... I had to talk one of the departmental stars into admitting that his personal lastpass might not be be best place to keep his work passwords, not sure if he changed the way he said he was going to.
|
# ? May 11, 2021 03:11 |
|
I feel like we had that debate before? Personal lastpass is probably reasonably secure in the "unlikely to get into wrong hands" sense, but far from ideal if he's unavailable - or even worse, quits.
|
# ? May 11, 2021 10:21 |
RFC2324 posted:I have a random rear end question on a lot of internal networks, it's still used: pre:debdrup@freefall.freebsd.org:~ % finger debdrup Login: debdrup Name: Daniel Ebdrup Jensen Directory: /home/debdrup Shell: /bin/tcsh On since Tue May 11 12:17 (CEST) on pts/25 from ::42 No Mail. Project: Ponder life, the universe, and everything. Plan: Always know where my towel is. BlankSystemDaemon fucked around with this message at 11:32 on May 11, 2021 |
|
# ? May 11, 2021 11:22 |
|
Finger was dead to me after Carmack started updating like once a year https://github.com/oliverbenns/john-carmack-plan
|
# ? May 11, 2021 12:31 |
|
xzzy posted:Yeah that sounds like a massive recipe for disaster. Where I'm at, once a box is compromised or even suspected of a compromise, it's mandatory to do a complete network disconnect, a forensic analysis, and a wipe of the hard drives because it can never be trusted again. Yup. Had a case of ransomware hit one of our offices June 2019. Was a perfect time to pull the spinning rust drives and install 250GB SSDs in the workstations with fresh Win 10 installs. I have a WELL labelled box behind me with about 20 infected drives in it. I should check if there is a key available yet. Not much data loss. Just crap that users had on their desktops and not on the network shares. :/ Never re-introduce a "fixed" system back into the network.. ever. Use this opportunity to do a refresh.
|
# ? May 11, 2021 17:31 |
xzzy posted:Yeah that sounds like a massive recipe for disaster. Where I'm at, once a box is compromised or even suspected of a compromise, it's mandatory to do a complete network disconnect, a forensic analysis, and a wipe of the hard drives because it can never be trusted again. The best way is a mix of thermite and napalm, unless you want to go for a Beeblebroxian Gambit where you put it on a rocket and send it into the sun, and then send up a second rocket to confirm it's hit the sun, then send a third rocket to confirm that the second has confirmed that the first rocket hit the sun, et cetera.
|
|
# ? May 11, 2021 18:26 |
|
BlankSystemDaemon posted:Given all the known ways to persist malware outside of harddrives and all the probable ways that aren't known about, any suspect hardware should probably be decommissioned. agreed tho I am fond of those crushing devices. just see how small of a cube you can turn a server into, and use it as a paperweight
|
# ? May 11, 2021 20:29 |
RFC2324 posted:agreed
|
|
# ? May 12, 2021 13:57 |
|
I'm trying to use WINE to install Adobe Digital Editions (ADE) 3.0 so I can transfer a book with DRM to my Nook. I'm pretty new to WINE, so maybe my issues lie there. I installed it on my laptop, running Fedora 33. I then installed winetricks and used it to create a new 32-bit prefix. I grabbed the installer executable for ADE and installed it, which seemed to go fine. I then used winetricks to open Explorer, navigated to where I installed ADE, and tried to run it. That resulted in a rather large stack trace, starting withpre:Unhandled Exception: System.Windows.Markup.XamlParseException: The invocation of the constructor on type 'DE.View.Devices' that matches the specified binding constraints threw an exception. ---> System.TypeInitializationException: The type initializer for 'DE.Model.MainDataProxy' threw an exception. ---> System.TypeLoadException: Could not load type of field 'System.Windows.Controls.PrintDialog:_printQueue' (1) due to: Could not resolve type with token 01000109 from typeref (expected class 'System.Printing.PrintQueue' in assembly 'System.Printing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35') assembly:System.Printing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 type:System.Printing.PrintQueue member:(null)
|
# ? May 14, 2021 19:42 |
|
Sounds like an unimplemented dll somewhere in Wine. I wonder if it's possible to fill in with the appropriate native dll
|
# ? May 14, 2021 21:04 |
|
Sorry to be the guy that suggests a different tool, but I think Calibre should be able to strip the drm with the right setup.
|
# ? May 14, 2021 22:46 |
Yeah, Calibre with DeDRM is the way to go.
|
|
# ? May 14, 2021 23:47 |
|
Yeah, I may just end up doing that.
|
# ? May 14, 2021 23:56 |
|
If you want to respect DRM and not break the DMCA or whatever, I would point out that Lutris does have a WINE script for running ADE v4.5. You can see the install script here, which does install a few dependencies from winetricks, being "corefonts" "dotnet40sp1" and "windowscodecs". Though it's obviously oriented at gamers, Lutris is a nice little app for creating and managing separate prefixes for whatever Windows utilities you're going to run. It's only real downside is for gamers, which is that it does a poor job keeping the emulators it serves as a frontend for up to date. Craptacular! fucked around with this message at 01:48 on May 15, 2021 |
# ? May 15, 2021 01:46 |
|
Craptacular! posted:If you want to respect DRM and not break the DMCA or whatever, I would point out that Lutris does have a WINE script for running ADE v4.5. You can see the install script here, which does install a few dependencies from winetricks, being "corefonts" "dotnet40sp1" and "windowscodecs". Yeah, unfortunately I need 3.0 for my Nook Simple Touch. The more recent versions just don't work. I ended up borrowing my brother-in-law's laptop for the fifteen minutes it took to install ADE and transfer over the book.
|
# ? May 15, 2021 02:03 |
|
I forgot a . someone hold me while I cry please.
|
# ? May 15, 2021 04:37 |
Craptacular! posted:If you want to respect DRM and not break the DMCA or whatever, I would point out that Lutris does have a WINE script for running ADE v4.5. You can see the install script here, which does install a few dependencies from winetricks, being "corefonts" "dotnet40sp1" and "windowscodecs". In Denmark, it's completely legal to break DRM on any content you bought and own, for the purposes of backing it up.
|
|
# ? May 15, 2021 10:35 |
|
Or even just being able to use it, AFAIK. DRM only works on Windows and all of your PCs are running NetBSD? Go right ahead!
|
# ? May 15, 2021 11:21 |
|
Is there any way to see what dnf-automatic is up to? It's been running for 35 minutes. Granted, the wifi in this place is really crappy, so maybe it's doing some big package updates, but it'd be nice to be able to peek into what dnf-automatic is currently doing. Edit: and of course, it finishes right when I post. Thanks, Murphy.
|
# ? May 15, 2021 14:33 |
KozmoNaut posted:Or even just being able to use it, AFAIK. My server, desktop, laptop, and HTPC all run FreeBSD.
|
|
# ? May 15, 2021 14:40 |
|
BlankSystemDaemon posted:Who'd want to respect DRM? Besides, what's it got to do with DMCA? Americans live under a law that technically says that defeating any sort of anti-copy mechanism, no matter how trivially easy to do so, is illegal. It's why libdvdcss is treated so differently depending on where the distro is maintained. I get that not every goon lives in America, but so many do and their IP laws manifest in so many ways that can be felt abroad that I'm not sure it should be necessary to explain at this point.
|
# ? May 15, 2021 14:44 |
|
hooah posted:Is there any way to see what dnf-automatic is up to? It's been running for 35 minutes. Granted, the wifi in this place is really crappy, so maybe it's doing some big package updates, but it'd be nice to be able to peek into what dnf-automatic is currently doing. For another time, systemd to the rescue! code:
BlankSystemDaemon posted:A few machines of mine runs NetBSD for diagnostics et al, since it's a nice consistent platform - because trying to rootcause, for example, Human68k (the OS) and SX-WINDOW (the NeXTSTEP-like windowing system) on a SHARP X68000 is a loving pain. NetBSD was a joy to use on my old Alphaserver 1000A, a delightfully straightforward and uncomplicated OS. Limited in a lot of ways compared to the ridiculous flexibility of Linux, but a lot more coherent.
|
# ? May 15, 2021 14:47 |
|
nescience posted:I forgot a . Always prefix your commands with # and/or type them up in notepad then copy/paste them. Slows you down enough to catch mistakes, hopefully.
|
# ? May 15, 2021 16:09 |
|
systemd tip: if you run systemctl status PID it will give you the status of the unit (service or session) that process is running under, including the pstree like hierarchy of processes.
|
# ? May 15, 2021 16:11 |
|
RFC2324 posted:Always prefix your commands with # and/or type them up in notepad then copy/paste them. Slows you down enough to catch mistakes, hopefully. Never felt like I had to come up with a system to prevent this, I've never made this mistake before; on the other hand I can hear a thousand Ubuntu admins telling me I-told-you-so about sudo. A little annoying that it's going to take a couple of days to rsync back everything, but at least I did backup I guess.
|
# ? May 15, 2021 17:00 |
|
nescience posted:Never felt like I had to come up with a system to prevent this, I've never made this mistake before; on the other hand I can hear a thousand Ubuntu admins telling me I-told-you-so about sudo. A little annoying that it's going to take a couple of days to rsync back everything, but at least I did backup I guess. Honestly I only stuck to the latter because its easier to edit long commands in a text editor, but it has saved me more than once, as has running things in verbose mode(which I actually do because I need to see long running commands actually doing something or i get nervous about hangs)
|
# ? May 15, 2021 17:08 |
Not sure whether this belongs here or the Windows thread, but I'm trying to create a custom WSL distro using RHEL 8 and running into a problem that I'm not experienced enough to know how to solve. The instructions I'm following are here: https://wsl.dev/mobyrhel8/ Everything works fine up until the point where I create a launch script at /etc/profile.d/00-wsl2-systemd.sh and edit the sudoers file to use it. The script: code:
code:
code:
|
|
# ? May 18, 2021 18:13 |
|
What do you get if you run just the ps snippet? ps -C systemd -o pid=
|
# ? May 18, 2021 18:22 |
|
|
# ? Apr 17, 2024 10:08 |
RFC2324 posted:What do you get if you run just the ps snippet? This command doesn't return anything, trying 'ps -ef' gives: code:
|
|
# ? May 18, 2021 18:41 |