After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity.
Install the latest Kernel 4.4.0-112-generic
sudo apt-get install linux-image-4.4.0-112-generic
sudo apt-get install linux-image-extra-4.4.0-112-generic
sudo apt-get autoremove --purge -y
This removes older kernels and save Space! Do test the PC for hanging again!!!
If you run scripts to handle text output by cronjobs your perhaps get problems with umlouds “ÖÄÜ” cause they are displayed by “**”.
This is a problem cause cron uses “C” setting as locale, you can test it by setting it into root crontab:
open crontab from root with:
$su - root
* * * * * locale
This will mail cron’s locale echo to the mailbox of root! Read root’s mail!
After tests remove the locale entry at crontab!
Howto fix for Scripts:
open crontab from root with:
$su - root
insert (for German):
If you run Debian Servers, you read last weeks about security problems of systemd service manager.
On several tests i have seen much systems having problems on service starts on boot like on debian, raspian ..
This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package…
For Tests i decided to try the new Debian Fork Replacement DEVUAN for Desktop and a standard Debian Server Setup without systemd!
Howto purge Systemd on a Debian System read this external Wiki:
or try Devuan for Server and Desktop:
Remark: Devuan is tested for Desktop usage cause customized scripts and packages like polkit for EASY setup!
Current is a UNFIXED Bug on Debian 9.0 Stretch which makes impossible to easy install DKMS Nvidia-Legacy Drivers 304/340 for older Geforce Cards
To run nouveau on upgrade 8.0 to 9.0 go to /etc/modprobe.d and remove MANUAL all blacklist configs (*.conf) of nvidia cause some glued on upgrade and are not purged automatic by the upgrade. Cause they will block nouveau load at boot (xserver-xorg-video-nouveau)
Then run on Terminal:
$sudo update-initramfs -u -k all
- Older Hardware isn’t supported by Legacy Drivers after Nvidia-375!!
- If you not forced to upgrade to 9.0, then WAIT! up to 3 Month! and checkout Bug Lists.
- I tried Nvidia Installer Files too (*.run) they don’t work too, seems a API of the Kernel is changed
- Nouveau Version on Debian Stretch is able to run Kodi (glx)! seen on Geforce 8400GS 256MB
- On Onboard Geforce Chips like older Laptops HOLD Debian 8.0
If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed!
It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!!
Howto? Edit the /etc/modprobe.d/blacklist.conf and add:
Update initramfs (Kernel Image)
update-initramfs -u -k all
Now try to plugin USB Sticks , they should now be ignored!
To enable USB Drives temporaily do:
$sudo modprobe uas
Now the USB Stick should be able to mount for root!
Advantage? No gvfs, org.freedesktop rules or package deps are touched!
Remark: On Laptops DISABLE all USB Devices for Security Reasons! There should now “Fake Keyboard” or “Fake Mouse” be able to enter the Systems!!! (USB Kill Sticks)
You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware
Howto protect yourself?
- Enable the Firewall on Windows Systems!! Always!
- Update daily the Virus Scanners and Windows Patches!
- Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol!
- Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense)
- Check with nmap Portscanner Tool the taken Rules and check if the work!
- For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa)
- For fresh installed Systems do a Full Backup of the Disk.
- To Save your work files use USB Drives or USB Sticks which can be unplugged, if you don’t need them.
- Backup weekly the Windows Disk to a external USB Disk 1TB sold for less than 50$
- ..last but not least use a Live CD of Linux like ubuntu to access the Internet..
- The Linux Windows Share Service called Samba is also under attack CVE-2017-7494
- to fix enter smb.conf with a Editor:
nt pipe support = no
- restart the Service with:
$service samba stop && service samba start
- Don’t use reload, to be secure that the config is really reloaded!! A “systemd” Problem!
- Check the Samba Share for write and read access!
Today i got a call and was asked how to STOP Seahorse from asking with a Passphrase Popup after opening Chrome or Chromium Browser:
Seems that google implementated a new Tool for Security to Prevent Access to STORED Browser Passwords, BUT this won’t work on Desktops with USER AUTOLOGIN like Lightdm!
ln -s /usr/share/applications/google-chrome.desktop /home/username/Desktop/google-chrome.desktop
- Now open the new Icon on the desktop with the mouse right click
- Change Command Line for Chrome :
google-chrome-stable --password-store=basic %U
- or for (chromium):
- Now open the Browser with the new Icon Link
- On Ubuntu you can hold the Icon at the Taskbar after open the App with Store on the Taskbar
- Changed only on the User Desktop prevent you from Change the App by default for other Users!
- Changed only on the User Desktop prevent Chrome Updates from overwriting the new Command!