#StackBounty: #networking #ubuntu #socat How to keep socat alive using keepalive option

Bounty: 50

I have this socat command that is running fine, but when no data is transfered, it is dying after exactly 5 minutes and I don’t understand why as I’ve set it up to send 100 keepalive every 10 seconds after the first 10 seconds. From what I understood of the socat man page, that should keep it alive for 1000s which is 16 minutes. Also, if I try to set keepcnt to 200, I get “setsockopt(7, 6, 6, {200}, 4): Invalid argument” but nowhere on internet could I find what is the max value for that argument so I think I must be missing something very obvious here.
Experimenting more with the arguments never changed the timeout value of 5mn. Setting lower value for keepcnt and higher values of keepintvl is accepted but simply has no visible effect.

socat -d -d -d -v pty,link=/tmp/lp1 tcp:192.168.0.5:9100,reuseaddr,keepalive,keepidle=10,keepintvl=10,keepcnt=100
2017/05/31 08:53:01 socat[16065] I This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
2017/05/31 08:53:01 socat[16065] I This product includes software written by Tim Hudson (tjh@cryptsoft.com)
2017/05/31 08:53:01 socat[16065] I setting option "symbolic-link" to "/tmp/lp1"
2017/05/31 08:53:01 socat[16065] I openpty({5}, {6}, {"/dev/pts/1"},,) -> 0
2017/05/31 08:53:01 socat[16065] N PTY is /dev/pts/1
2017/05/31 08:53:01 socat[16065] I setting option "so-keepalive" to 1
2017/05/31 08:53:01 socat[16065] I setting option "tcp-keepidle" to 10
2017/05/31 08:53:01 socat[16065] I setting option "tcp-keepintvl" to 10
2017/05/31 08:53:01 socat[16065] I setting option "tcp-keepcnt" to 100
2017/05/31 08:53:01 socat[16065] N opening connection to AF=2 192.168.0.5:9100
2017/05/31 08:53:01 socat[16065] I starting connect loop
2017/05/31 08:53:01 socat[16065] I socket(2, 1, 6) -> 7
2017/05/31 08:53:01 socat[16065] N successfully connected from local address AF=2 192.168.0.4:56482
2017/05/31 08:53:01 socat[16065] I resolved and opened all sock addresses
2017/05/31 08:53:01 socat[16065] N starting data transfer loop with FDs [5,5] and [7,7]
2017/05/31 08:58:01 socat[16065] N socket 2 (fd 7) is at EOF
2017/05/31 08:58:02 socat[16065] I poll timed out (no data within 0.500000 seconds)
2017/05/31 08:58:02 socat[16065] I close(5)
2017/05/31 08:58:02 socat[16065] I shutdown(7, 2)
2017/05/31 08:58:02 socat[16065] N exiting with status 0


Get this bounty!!!

#StackBounty: #linux #ubuntu #microsoft-word #word-processor Linux word processor with good inline Word formula support

Bounty: 50

Is there a word processor for Linux, specifically Ubuntu, which has excellent support for Word equations in existing docx documents?

LibreOffice supports viewing and editing equations, but the editing process seems a bit complicated. You can’t just type in them; clicking them to edit them opens a new window in which you edit your equation. Ideally I’d like to be able to edit them in-line.

I also like Word’s ‘LaTeX shortcuts’ feature, where LaTeX symbol names such as theta are automatically replaced with actual Unicode symbols.

Are there any Word alternatives for Linux with all of these features?


Get this bounty!!!

#StackBounty: #ubuntu #windows-10-preview #windows-subsystem-for-linux Why does Ubuntu on Windows crash on startup?

Bounty: 50

I’m running Windows 10 Insider Preview Build 17074 for PC. The Windows Subsystem for Linux is enabled and I’ve installed Ubuntu on Windows from the Windows Store.

Whenever I try to launch Ubuntu, it fails with the following error message:

“The data area passed to a system call is too small.”

enter image description here

I’ve tried uninstalling/installing the app (via Apps & features) and disabling/enabling the Linux Subsystem (via Turn Windows features on or off), but still get the same error.

How can I fix this problem?

Windows version

Error message

Install Ubuntu

Uninstall Ubuntu


Get this bounty!!!

#StackBounty: #ubuntu #docker How to install missing /lib/modules/$(uname -r) on my trusty docker container

Bounty: 50

Running docker on a Mac

docker pull ubuntu:14.04
docker run -i -t ubuntu:14.04 /bin/bash

Linux Standard Base

root@d112db1e835e:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:    14.04
Codename:   trusty

My goal is to retire a dedicated laptop that I used to build some good old C code and use a docker container instead.

In order to compile my code, my Makefile is looking to run

Makefile:       /usr/bin/make -C /lib/modules/$(shell uname -r)/build M=$(PWD)/linux/$* modules

unfortunately the modules folder is empty

mysuer@d112db1e835e:~/robot$ ls -al /lib/modules/
ls: cannot access /lib/modules/: No such file or directory

On my linux machine, I can find the modules

$ ls -al /lib/modules/
total 28
drwxr-xr-x  7 root root 4096 Dez 13  2016 .
drwxr-xr-x 24 root root 4096 Apr 24  2017 ..
drwxr-xr-x  5 root root 4096 Dez 13  2016 3.13.0-105-generic
drwxr-xr-x  5 root root 4096 Jun 23  2015 3.13.0-55-generic
drwxr-xr-x  5 root root 4096 Jul 10  2015 3.13.0-57-generic
drwxr-xr-x  5 root root 4096 Nov  3  2015 3.13.0-65-generic
drwxr-xr-x  5 root root 4096 Nov 24  2015 3.13.0-68-generic

but no modules in my docker.

On my docker

uname -r
4.9.60-linuxkit-aufs

hence

/usr/bin/make -C /lib/modules/4.9.60-linuxkit-aufs/build .... FAILS

/lib/modules/4.9.60-linuxkit-aufs is not there.

How do I work around that?

Trying to install headers

apt-cache search linux-headers-4
linux-headers-4.2.0-18 - Header files related to Linux kernel version 4.2.0
linux-headers-4.2.0-18-generic - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-18-lowlatency - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-19 - Header files related to Linux kernel version 4.2.0
linux-headers-4.2.0-19-generic - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-19-lowlatency - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-21 - Header files related to Linux kernel version 4.2.0
linux-headers-4.2.0-21-generic - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-21-lowlatency - Linux kernel headers for version 4.2.0 on 64 bit x86 SMP
linux-headers-4.2.0-22 - Header files related to Linux kernel version 4.2.0
...

I don’t find headers for 4.9.60

root@d112db1e835e:~#  apt-get install linux-headers-$(uname -r)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package linux-headers-4.9.60-linuxkit-aufs
E: Couldn't find any package by regex 'linux-headers-4.9.60-linuxkit-aufs'

or

root@d112db1e835e:~# apt-cache search linux-headers-4.9
root@d112db1e835e:~# 

no candidate

root@d112db1e835e:~# apt-get install linux-headers 
Reading package lists... Done
Building dependency tree        
Reading state information... Done
Package linux-headers is a virtual package provided by:
  linux-headers-4.4.0-1010-aws 4.4.0-1010.10
  linux-headers-4.4.0-1009-aws 4.4.0-1009.9
... FILTERED ...
  linux-headers-3.13.0-100-lowlatency 3.13.0-100.147
  linux-headers-3.13.0-100-generic 3.13.0-100.147
You should explicitly select one to install.

E: Package 'linux-headers' has no installation candidate
root@d112db1e835e:~# 

doesn’t return any packages

root@d112db1e835e:~# apt-cache search linux-source     
linux-source - Linux kernel source with Ubuntu patches
linux-source-3.13.0 - Linux kernel source for version 3.13.0 with Ubuntu patches


Get this bounty!!!

#StackBounty: #ubuntu #usb #camera Why does my camera not show up in /dev although it does in dmesg? (Possible Ubuntu regression.)

Bounty: 100

A while ago I could plug in my Canon via USB and it would get mounted as an external drive. Nothing has been reconfigured in the camera, but now if I plug it in

$> dmesg
[103943.225623] usb 1-2: new high-speed USB device number 2 using xhci_hcd
[103943.430666] usb 1-2: New USB device found, idVendor=04a9, idProduct=3110
[103943.430673] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[103943.430677] usb 1-2: Product: Canon Digital Camera
[103943.430680] usb 1-2: Manufacturer: Canon Inc.

$> ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2  /dev/sda3  /dev/sda4  /dev/sda5  /dev/sda6  /dev/sda7  /dev/sdb  /dev/sdb1  /dev/sdb2  /dev/sdb3

sda and sdb are internal disks. Previously the camera would show up as sdc. Presently, other USB devices show up as sdc and are mounted correctly.

What has gone wrong between dmesg and /dev? I think this broke after upgrading to Ubuntu 15.10.


Get this bounty!!!

#StackBounty: #ubuntu #crash Ubuntu 16.04 LTS randomly freezes

Bounty: 50

I just freshly installed Ubuntu on my ASUS Aspire E15. It’s alongside a Windows installation.

Roughly 10 minutes into my boot (maybe longer), everything will just freeze. I can move the mouse but no shortcuts work and no programs respond. I have to hold the power button to turn the computer off, then boot again. I think it may be related to a problem with git. I am trying to git pull in the background.

How would I go about determining what is causing the freezes?


Get this bounty!!!

#StackBounty: #linux #ubuntu #dnsmasq #resolv.conf #systemd-resolved dnsmasq & systemd Causing Intermittent CPU Spikes

Bounty: 50

Problem:

Running Ubuntu 17.10

I have been trying to resolv (hehe) this issue for about a week now and despite countless Google searches and about 20 different attempts, I can not stop dnsmasq from periodically causing my CPU to spike for about a minute with the following offenders:

  • systemd-resolved
  • systemd-journald
  • dnsmasq

Monitoring journalctl -f I see this every time it happens:

maximum number of concurrent dns queries reached (150)

Accompanied/preceded by a crazy loop of requests to some domain (usually ubuntu connection check) like the following:

query[A] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.1.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53
query[A] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53
query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53
query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53
query[A] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53
query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1
forwarded connectivity-check.ubuntu.com to 127.0.0.53

I’ve found that changing my /etc/resolv.conf to use nameserver 127.0.0.53 causes the spike to dissipate almost instantaneously.

However, as that file is updated regularly by Network Manager, I have to do this about once an hour.


Configuration:

/etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.1
search fios-router.home

/etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no

/etc/dnsmasq.conf

// All default except this at the very end for my wildcard DNS
address=/asmar.d/127.0.0.1

Questions:

How can I resolve this issue while still using my wildcard domain name?

Optional: How can I achieve this while using Google DNS?

Please do not recommend upping the concurrent dns queries. That is not a solution.


Get this bounty!!!

#StackBounty: #ubuntu #ssh #motd Why does SSH kill the colour in my /etc/update-motd.d/ script when force_color_prompt=yes is set in ~/…

Bounty: 50

I have an MOTD script installed in /etc/update-motd.d that works properly, however it seems that SSH bleeds out the colour.

SSHD Look:

enter image description here

Output when running the script once logged in:

enter image description here

Actual script:

cat /etc/update-motd.d/20-logo 
#! /usr/bin/env bash
echo "";
echo "$(tput setaf 2)    .::::::::::::::::::::::::::::::::::::::::...
   :::::::::::::::::::::::::::::::::::::::::::::::::::.
   .::::::::::::::::::::::::::::::::::::::::::::::::::::::.
                                      .....::::::::::::::::::
                  $(tput setaf 7):@@@@@O                          $(tput setaf 2).:::::::::::
                  $(tput setaf 7)@@@@@@@o                             $(tput setaf 2).::::::::
                  $(tput setaf 7)@@@@@@@o                                $(tput setaf 2):::::::
                  $(tput setaf 7)@@@@@@@o                                $(tput setaf 2).::::::
        $(tput setaf 7):@@@@@O   @@@@@@@o   O@@@@O                       $(tput setaf 2):::::::
      $(tput setaf 7):@@@@@@@@o  @@@@@@@o  o@@@@@@@O                    $(tput setaf 2):::::::.
     $(tput setaf 7)o@@@@@@@@O   @@@@@@@o  :@@@@@@@@@                $(tput setaf 2).::::::::.
    $(tput setaf 7)o@@@@@@@O     @@@@@@@o    o@@@@@@@O        $(tput setaf 2)..:::::::::::::
    $(tput setaf 7)@@@@@@@O      @@@@@@@o     :@@@@@@@o  $(tput setaf 2)::::::::::::::::::
   $(tput setaf 7)o@@@@@@@       @@@@@@@:      o@@@@@@@ $(tput setaf 2)::::::::::::::::.
   $(tput setaf 7)o@@@@@@o        o@@@O:        @@@@@@@ $(tput setaf 2).:::::::::..
   $(tput setaf 7)o@@@@@@@                     o@@@@@@@   $(tput setaf 2).:::::::::
   $(tput setaf 7)o@@@@@@@                     O@@@@@@O     $(tput setaf 2).:::::::::.
    $(tput setaf 7)@@@@@@@@                   O@@@@@@@:       $(tput setaf 2).::::::::::.
     $(tput setaf 7)@@@@@@@@O               :@@@@@@@@o           $(tput setaf 2).:::::::::::.
      $(tput setaf 7)@@@@@@@@@O:          o@@@@@@@@@o               $(tput setaf 2)::::::::::::::.
       $(tput setaf 7)O@@@@@@@@@@@@@@@@@@@@@@@@@@@@:                   $(tput setaf 2).:::::::::::::::..
         $(tput setaf 7)O@@@@@@@@@@@@@@@@@@@@@@@@:                         $(tput setaf 2).:::::::::::::::.
           $(tput setaf 7):@@@@@@@@@@@@@@@@@@@O                                $(tput setaf 2).::::::::::::
               $(tput setaf 7)oO@@@@@@@@@@o:                                        $(tput setaf 2)..::::.$(tput sgr0)
";
echo "================================================================================";

I’ve ensured that force_color_prompt=yes is enabled in ~/.bashrc and that my $TERM variable looks right on both sides. Both terminal-emulator and server show xterm-256color

What could be causing the colour to fail on SSH login?


Get this bounty!!!

#StackBounty: #debian #ubuntu #ssh #security #repository How to prevent Brute force attacks in Debian systems without fail2ban or CSF-L…

Bounty: 50

How to prevent Brute force attacks in Debian systems without fail2ban or CSF-LFD?

The closest and fastest way I know is ConfigServer’s CSF-LFD but it’s not in the repositories and if I’m going to use a utility I would most prefer something in the repositories (it seems I cannot create a Debian/Ubuntu repository for it because of licensing/legal reasons).

Another solution than CSF-LFD is Fail2ban but it seems to me that the Fail2ban configuration requires firm knowledge in IPS software architecture as well as deep knowledge of Perl compatible regex (PCRE), which both I currently lack (I have some basic PCRE knowledge but not as deep as I think one needs for Fail2ban). It doesn’t seem straight forward as CSF-LFD to me.

Thus I wonder if there is a “smoother” way, maybe manually via IP tables, maybe via some utility I could install directly from the Debian/Ubuntu repositories that could prevent BFAs besides the issue of using SSH keys.


Get this bounty!!!

#StackBounty: #linux #ubuntu #pam checkpassword-pam works locally, but not through qmail

Bounty: 50

I have checkpassword-pam 0.99, and when I run it locally, as in

echo -e 'testusertheuserspassword.' | 
    /usr/local/bin/checkpassword-pam -s smtp --debug --stdout /usr/bin/id 3<&0

everything works, and I get

Reading username and password
Username 'testuser'
Password read successfully
Initializing PAM library using service name 'smtp'
PAM library initialization succeeded
conversation(): msg[0], style PAM_PROMPT_ECHO_OFF, msg = "Password: "
Authentication passed
Account management succeeded
Setting PAM credentials succeeded
PAM session opened
PAM session closed
Terminating PAM library
Executing /usr/bin/id
uid=1001(testuser) gid=1001(testuser) groups=1001(testuser)

(If I don’t do --stdout it logs to auth.log, and still succeeds)

When invoked via qmail it looks like I somehow have a modified library load path, because PAM’s dlopen()s don’t work:

Dec 28 21:19:43 standby smtp[18229]: Reading username and password
Dec 28 21:19:43 standby smtp[18229]: Username 'testuser'
Dec 28 21:19:43 standby smtp[18229]: Password read successfully
Dec 28 21:19:43 standby smtp[18229]: Initializing PAM library using service name 'smtp'
Dec 28 21:19:43 standby smtp[18229]: PAM unable to dlopen(pam_systemd.so): /lib/security/pam_systemd.so: cannot open shared object file: No such file or directory
Dec 28 21:19:43 standby smtp[18229]: PAM adding faulty module: pam_systemd.so
Dec 28 21:19:43 standby smtp[18229]: PAM library initialization succeeded
Dec 28 21:19:43 standby smtp[18229]: conversation(): msg[0], style PAM_PROMPT_ECHO_OFF, msg = "Password: "
Dec 28 21:19:43 standby smtp[18229]: pam_unix(smtp:auth): check pass; user unknown
Dec 28 21:19:43 standby smtp[18229]: pam_unix(smtp:auth): authentication failure; logname= uid=64011 euid=0 tty= ruser= rhost=71.217.92.189
Dec 28 21:19:45 standby smtp[18229]: Authentication failed: Authentication failure
Dec 28 21:19:45 standby smtp[18229]: Exiting with status 1

Since the correct path for pam_systemd.so is /lib/x86_64-linux-gnu/security/pam_systemd.so.

Nothing in the environment block for the qmail-invoked checkpassword-pam looks out of place (per a modification to print everything from the environ global):

Dec 28 21:19:43 standby smtp[18229]: Env: PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/snap/bin
Dec 28 21:19:43 standby smtp[18229]: Env: PWD=/var/qmail/supervise/qmail-smtpd
Dec 28 21:19:43 standby smtp[18229]: Env: SHLVL=0
Dec 28 21:19:43 standby smtp[18229]: Env: XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop
Dec 28 21:19:43 standby smtp[18229]: Env: PROTO=TCP
Dec 28 21:19:43 standby smtp[18229]: Env: TCPLOCALIP=an.ip.v4.address
Dec 28 21:19:43 standby smtp[18229]: Env: TCPLOCALPORT=25
Dec 28 21:19:43 standby smtp[18229]: Env: TCPLOCALHOST=fqdn
Dec 28 21:19:43 standby smtp[18229]: Env: TCPREMOTEIP=another.ip.v4.address
Dec 28 21:19:43 standby smtp[18229]: Env: TCPREMOTEPORT=44994
Dec 28 21:19:43 standby smtp[18229]: Env: TCPREMOTEHOST=anotherfqdn

The presence of the TCPREMOTEIP environment variable does make checkpassword-pam set the RHOST value to the PAM session, but I’ve also tried with that section commented out.

Ubuntu 16.04 x64 from Digital Ocean
+ daemontools, ucspi-tcp, gcc, libpam0g-dev, libssl-dev, qmail-uids-gids

Custom built qmail, custom built checkpassword-pam.

# file /var/qmail/bin/qmail-smtpd `which tcpserver` `which checkpassword-pam`
/var/qmail/bin/qmail-smtpd:       ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e858c3d33bb8fea26d7618e3ce63c37dc7c0557d, stripped
/usr/bin/tcpserver:               ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.15, BuildID[sha1]=1e727ea57ca4de886e56b6783de7df0190a2ad26, stripped
/usr/local/bin/checkpassword-pam: setuid ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=8b6e3fffb52cab99526653078e0fd018b5e97a77, not stripped

With nothing in the environment block looking out of place I can’t really figure out what’s going on. I know I had this working on an Ubuntu server in the past, but I recall it being a frustrating process of failure followed by it working without me understanding why. And now I can’t reproduce the success path.


Get this bounty!!!