Beiträge von openletter

Yep, still getting these messages.

Some days, like today, I get an email every 4 hours.

Still getting one or two of these emails everyday.

If you think there is a DNS issue on my end, please let me know how to find it so I can report it to the Unbound team.

I also just realized that it is spitting out one of two different IP addresses:

128.31.0.63 PTR mirror-csail-security.debian.org
128.61.240.73 PTR sechter.debian.org

Okay, so I just received today's message and when I immediately used dig from a different server, it listed the TTLs as completely fresh, so it wasn't cached, which, as I understand it, means there was no lookup performed by OMV (or anything else on the network).

The only changes I have made to any system files through command line was when I accidentally deleted /var/www/ and configuration of Flash Memory plugin, so all other configurations have been set by the system through the dashboard.

Are you sure it can't be something within OMV somewhere, because other devices on the same network, including an Ubuntu 16.04 server, resolve to the correct IP address, and with dig I can see it is a CNAME record pointing to omv-extras.org.

The network gateway is pfSense, and I have never had any issues with anything after they switched to DNS Resolver (unbound) as default, so I don't even know what to check there.

$ dig a packages.omv-extras.org


; <<>> DiG 9.9.5-3ubuntu0.11-Ubuntu <<>> a packages.omv-extras.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10100
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;packages.omv-extras.org.       IN      A


;; ANSWER SECTION:
packages.omv-extras.org. 3600   IN      CNAME   omv-extras.org.
omv-extras.org.         600     IN      A       178.63.91.237


;; AUTHORITY SECTION:
omv-extras.org.         86400   IN      NS      ns48.domaincontrol.com.
omv-extras.org.         86400   IN      NS      ns47.domaincontrol.com.


;; Query time: 224 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 28 06:48:17 PST 2017
;; MSG SIZE  rcvd: 137

I am daily getting the following message from CRON-APT:

Zitat

CRON-APT RUN [/etc/cron-apt/config]: Fri Jan 27 07:35:02 PST 2017
CRON-APT SLEEP: 3253, Fri Jan 27 08:29:15 PST 2017
CRON-APT ACTION: 0-update
CRON-APT LINE: /usr/bin/apt-get -o Acquire::http::Dl-Limit=25 update -o quiet=2
W: Failed to fetch http://packages.omv-extras.org…s/stoneburner/Release.gpg Something wicked happened resolving 'packages.omv-extras.org:http' (-5 - No address associated with hostname) [IP: 128.61.240.73 80]

E: Some index files failed to download. They have been ignored, or old ones used instead.

Alles anzeigen

Okay, so it looks like rebooting the machine doesn't change anything and everything seems to be running normally, except that I can't access any of the already enabled plugins because they don't show up in the sidebar.

I tested installing a plugin that I don't use, changing its configuration from default, then uninstalling and reinstalling to see if the configuration was still saved, and the changes are not saved.

Is there anything I can do short of complete reinstall to restore the plugins?

I have noticed the 'wipe' feature before, but I recall having no idea what it actually does. Wipe, to me, means just write zeros in one pass, which will not be suitable for complete erasure nor for even wiping SSDs.

Additionally, the ATA erase will erase parts of the drive not accessible to an OS plus it restores the drive to its factory configuration, which can result in increased performance. And as I understand it, SEDs will replace the encryption key.

Zitat von vl1969

oh, I am completely with you on having a nice GUI to do this.
i am not a fan of CLI myself.

I do believe that badblock command works on SSD as well as on HDD.
not sure about dd though.

Give how sparsely the backblock command line tool shows up in search results, I'm not clear I would trust this tool as much as other tools, such as DBAN. It also appears to be more for the purpose of testing than data destruction.

Zitat von vl1969

why can't you just run "sudo badblocks -wsv /dev/sdX" or combine this with "sudo dd if=/dev/zero of=/dev/sdX bs=1M"

I have read that this two commands should wipe the disk clean as securely as you possible can.
maybe if you run it couple of times to make sure.
only bad thing is that you MUST be very careful when typing the drive.

would be nice to have a plugin script that you can just point to the drive in the UI and say run it N times.

It is more complicated than that when dealing with SSDs, which is why I suggest ATA erase, plus it isn't clear to me how many passes your commands are making as I am not familiar with them. This is the point of scripting - not only does it make it easier (I'm not all that comfortable in Debian shell), it can more conveniently conform to accepted standards, rather than what we each read in some blog post somewheres.

A plugin that erases drives, including simple wipe (/dev/zero), ATA secure erase (both regular and enhanced) and forensically erasing HDDs and SSDs to some standard.

I have an eSATA/USB 3.0 caddy on my server that I use for backups, and it would be great to be able to just plug a drive I'm retiring, reselling, or reusing into that, log in, and wipe with the press of a button.

I didn't notice until just now that in the menu sidebar, it only shows default options. So none of the enabled plugins are present in the sidebar.

However, if I view the plugins page, I can see that all of the plugins are still shown as enabled. I can also tell that they are working because. for example, rsnapshot has a daily job that emails me on completion, and I have been receiving that every day, and NUT is allowing login and status updates.

I am a bit concerned about rebooting the machine, as I have the flashmemory plugin enabled, so I'm not clear what issues rebooting the machine may cause, so haven't tried that.

Is there some way to refresh installed plugins? Or update the GUI with all changes that affect it? Something else?

Zitat von David B

It looks like WoSign no longer offers free SSL Certificates.

I suspect that has something to do with the fact that they are being removed from trust stores.

Zitat von Linkinsoldier

After many many testings I did a restart and the restart fixed it... Didn't know this windows approach also works on Linux

The number of times I've experienced this has lead me to always doing a reboot and testing before posting any questions. It usually has to do with a service not being restarted which I am unaware needed to be restarted, or depending on the problem just logging into a new session to refresh user permissions.

Seems to be working!

Thanks for that. I really didn't want to completely reinstall.

I was in a subdirectory working with some (other) server backups and needed to delete the contents of var/www/ and instead deleted the contents of /var/www/.

Is there any way to restore it short of complete reinstall?

I don't know all of the details in differences between FAT filesystems, but my SD cards are reported by Windows as FAT32 and are mounted by OMV without issue.