Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity.

Howto fix:

Install the latest Kernel 4.4.0-112-generic

do:
sudo apt-get install linux-image-4.4.0-112-generic
sudo apt-get install linux-image-extra-4.4.0-112-generic

reboot

then:

sudo apt-get autoremove --purge -y

This removes older kernels and save Space! Do test the PC for hanging again!!!

Locale Umloud Problems Cron

If you run scripts to handle text output by cronjobs your perhaps get problems with umlouds “ÖÄÜ” cause they are displayed by “**”.
This is a problem cause cron uses “C” setting as locale, you can test it by setting it into root crontab:

open crontab from root with:

$su - root
$crontab -

insert
* * * * * locale

This will mail cron’s locale echo to the mailbox of root! Read root’s mail!
After tests remove the locale entry at crontab!

Howto fix for Scripts:

open crontab from root with:

$su - root
$crontab -e

insert (for German):

LANG=de_DE.UTF-8 
LC_ALL=de_DE.UTF-8

for US:
LANG=en_US.UTF-8 
LC_ALL=en_US.UTF-8

Debian: without sytemd

If you run Debian Servers, you read last weeks about security problems of systemd service manager.

On several tests i have seen much systems having problems on service starts on boot like on debian, raspian ..

This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package…

For Tests i decided to try the new Debian Fork Replacement DEVUAN  for Desktop and a standard Debian Server Setup without systemd!

Howto purge Systemd on a Debian System read this external Wiki:

http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

or try Devuan for Server and Desktop:

https://devuan.org/

Remark: Devuan is tested for Desktop usage cause customized scripts and packages like polkit for EASY setup!

Nvidia: Legacy Driver Debian 9.0 Stretch Kernel 4.9 Bug Interface

Current is a UNFIXED Bug on Debian 9.0 Stretch which makes impossible to easy install DKMS Nvidia-Legacy Drivers 304/340 for older Geforce Cards

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852152

To run nouveau on upgrade 8.0 to 9.0 go to /etc/modprobe.d and remove MANUAL all blacklist configs (*.conf) of nvidia cause some glued on upgrade and are not purged automatic by the upgrade. Cause they will block nouveau load at boot (xserver-xorg-video-nouveau)

Then run on Terminal:

$sudo update-initramfs -u -k all
$sudo update-grub
$sudo reboot

Remarks:

  • Older Hardware isn’t supported by Legacy Drivers after Nvidia-375!!
  • If you not forced to upgrade to 9.0, then WAIT! up to 3 Month! and checkout Bug Lists.
  • I tried Nvidia Installer Files too (*.run) they don’t work too, seems a API of the Kernel is changed
  • Nouveau Version on Debian Stretch is able to run Kodi (glx)! seen on Geforce 8400GS 256MB
  • On Onboard Geforce Chips like older Laptops HOLD Debian 8.0

Security: Disable USB Drive mount for Users

If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed!

It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!!

Howto? Edit the /etc/modprobe.d/blacklist.conf and add:

blacklist usb_storage
blacklist uas

Update initramfs (Kernel Image)

update-initramfs -u -k all
reboot

Now try to plugin USB Sticks , they should now be ignored!

To enable USB Drives temporaily do:

$sudo modprobe uas
$nautilus

Now the USB Stick should be able to mount for root!

Advantage? No gvfs, org.freedesktop rules or package deps are touched!

Remark: On Laptops DISABLE all USB Devices for Security Reasons! There should now “Fake Keyboard” or “Fake Mouse” be able to enter the Systems!!! (USB Kill Sticks)

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware

Howto protect yourself?

  • Enable the Firewall on Windows Systems!! Always!
  • Update daily the Virus Scanners and Windows Patches!
  • Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol!
  • Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense)
  • Check with nmap Portscanner Tool the taken Rules and check if the work!
  • For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa)
  • For fresh installed Systems do a Full Backup of the Disk.
  • To Save your work files use USB Drives or USB Sticks which can be unplugged, if you don’t need them.
  • Backup weekly the Windows Disk to a external USB Disk 1TB sold for less than 50$
  • ..last but not least use a Live CD of Linux like ubuntu to access the Internet..

Update:

  • The Linux Windows Share Service called Samba is also under attack CVE-2017-7494
  • to fix enter smb.conf with a Editor:

nt pipe support = no

  • restart the Service with:

$service samba stop && service samba start

  • Don’t use reload, to be secure that the config is really reloaded!! A “systemd” Problem!
  • Check the Samba Share for write and read access!

Chrome Browser: Disable Password Passphrase Autologin Seahorse

Today i got a call and was asked how to STOP Seahorse from asking with a Passphrase Popup after opening Chrome or Chromium Browser:

Seems that google implementated a new Tool for Security to Prevent Access to STORED Browser Passwords, BUT this won’t work on Desktops with USER AUTOLOGIN like Lightdm!

Howto:

  • open a Terminal an enter

ln -s /usr/share/applications/google-chrome.desktop /home/username/Desktop/google-chrome.desktop

    • Now open the new Icon on the desktop with the mouse right click
    • Change Command Line for Chrome :

google-chrome-stable --password-store=basic %U

  • or for (chromium):
  • chrome browser disable password
  • Now open the Browser with the new Icon Link
  • On Ubuntu you can hold the Icon at the Taskbar after open the App with Store on the Taskbar
  • Changed only on  the User Desktop prevent you from Change the App by default for other Users!
  • Changed only on  the User Desktop prevent Chrome Updates from overwriting the new Command!