Posts by frpatte

    I don't use omv guy, I hate graphical interfaces! I admin my servers via cli, it is the first time I see that some upgrade has to be confirmed: why? and doing what?

    That's a mystery.

    F.P.

    Bonjour,


    I upgraded the system using apt-get


    apt-get update && apt-get upgrade


    Since this day, I get this message:

    Subject: Pending configuration changes

    Code
    The configuration has been changed. You must apply the changes in order for them to take effect.


    Who send this message?

    What does it mean.

    How to stop it (and satisfy the offended service...)


    Thank you.


    F.P.

    Bonjour,


    Nobody answered, so I give what I have done to use nftables.


    1- I deleted iptables alternatives:

    update-alternatives --remove iptables /usr/sbin/iptables-legacy

    update-alternatives --remove iptables /usr/sbin/iptables-nft


    Same for ip6tables:

    update-alternatives --remove ip6tables /usr/sbin/ip6tables-legacy

    update-alternatives --remove ip6tables /usr/sbin/ip6tables-nft


    2- I removed x-permissions from script

    /etc/iptables/openmediavault-firewall.sh

    chmod u-x g-x a-x /etc/iptables/openmediavault-firewall.sh


    3- I deleted all lines between <iptables> and </iptables> in xml config file /etc/openmediavault/config.xml


    4- I removed all kernel modules concerning iptables with rmmod


    And, at last, I could configure nftables.... and get it working.


    Next time I will remove iptables packages...


    That's all.


    F.P.

    Bonjour,


    I try to have nftables as my default firewal on omv, but someone (?) has written something somewhere that prevent nftables to read its configation file (/etc/nftables.conf).


    Whatever I write in this configation file, nft list ruleset -a returns:

    table inet filter { # handle 40

    chain input { # handle 1

    type filter hook input priority 0; policy accept;

    }


    chain forward { # handle 2

    type filter hook forward priority 0; policy accept;

    }


    chain output { # handle 3

    type filter hook output priority 0; policy accept;

    }

    }


    Thank you.


    F.P.

    access to the internet is absolutely no issue.

    The risk comes when access from the internet is enabled.

    Thank you so much and happy new year! I learnt something today: I can't get the Covid if I don't go outside and invite nobody in my home.

    Only persons having the knowhow for securing a computer for this scenario should attempt this as it involves creation of proper firewall rules.

    You maybe think that if someone asks for a tool, this fellow might know how to use the tool.... No?

    Probably because it doesn't have iptables in its name. https://github.com/openmediava…tables/10firewall.sls#L51

    Yes. I found something:

    /etc/iptables/openmediavault-firewall.sh


    That's what I was searching a script which could annihilate all attempts to build a firewall using the debian default one (nftables/iptables). Reading that script you can see:

    start)

    ;;

    It does nothing when starting and:

    stop)

    iptables -t filter -F INPUT

    iptables -t filter -F OUTPUT

    iptables -P INPUT ACCEPT

    iptables -P OUTPUT ACCEPT

    ip6tables -t filter -F INPUT

    ip6tables -t filter -F OUTPUT

    ip6tables -P INPUT ACCEPT

    ip6tables -P OUTPUT ACCEPT

    ;;


    flush all tables when stopping and changes them to default accept anything from anywhere...


    So, for me:

    systemctl mask openmediavault-firewall.service


    And use my own iptables scripts to protect my machine (like others on my network!)

    F.P.

    "useless" is the wrong description! Its not preventing to lock any communication and leaves it to the knowledgeable user to apply the desired walls. As main purpose of OMV is sharing data inside a private home network, defaults "walls" would hurt more than do good

    As the private network has an access to the internet, it is useful to control the traffic on network interfaces.

    Bonjour,


    I want to turn off some services configured by default by omv:


    1- automatic upgrade

    2- why is php enabled by default?

    3- firewalld, I prefer to use iptables.

    BTW, here, some ports are open (5355/tcp open llmnr, 35725/tcp open unknown, 42893/tcp open unknown, 46649/tcp open unknown, 46731/tcp open unknown)

    The graphical interface under the firewall tab gives no informaion about the default rules.


    Thank you for information.


    F.P.

    The main problem is lvm2: if I remove it, apt-get install -f seems to be happy.


    As soon as I install it (without omv packages) errors occur andinstallation fails.


    Once again: why does omv requires lvm2 as lvm is not installed? All disks are not partionned with lvm.

    If you installed from the ISO, OMV was already installed. But something went wrong.

    This installed omv-extras, but as OMV was already in a bad state this did not help.


    Would you run omv-aptclean as geaves suggested?

    I did. It "Gets" a lot of things, then concludes:


    Fetched 67.5 MB in 35s (1931 kB/s)

    Reading package lists... Done


    8. Saving current package list...


    That's all.

    Something went wrong during or after installation which we have not seen.


    What happens if you run omv-update?

    It does a lot of things then at the end:


    Errors were encountered while processing:

    lvm2

    openmediavault

    openmediavault-omvextrasorg

    E: Sub-process /usr/bin/dpkg returned an error code (1)


    There is a problem with lvm2 (why this package there is no use of lvm in installation!) if I run

    apt-get install lvm2 --reinstall


    the result is:

    E: Internal Error, No file name for lvm2:amd64


    No file? It has just installed it and claimesd that it is misconfigured.


    One more question: when I run some install command (apt-get, or dpkg... ) there is no pause to tell me what will be done and ask me if I agree.... This is unpleasant, particularly if some package are removed.

    That tells that openmediavault is installed, but not configured (installed-Unconfigured)


    I would try

    apt-get install openmediavault --reinstall

    I tried this yesterday and today with the same result:

    E: Internal Error, No file name for openmediavault:amd64

    What is the output of dpkg -l | grep openmedia?

    and

    cat /etc/apt/sources.list

    root@bertuccio:~# dpkg -l | grep openmedia

    iU openmediavault 5.5.19-1 all openmediavault - The open network attached storage solution

    ii openmediavault-keyring 1.0 all GnuPG archive keys of the OpenMediaVault archive

    iU openmediavault-omvextrasorg 5.4.2 all OMV-Extras.org Package Repositories for OpenMediaVault


    root@bertuccio:~# cat /etc/apt/sources.list

    #


    # deb cdrom:[Debian GNU/Linux 10 _Buster_ - Official Snapshot amd64 LIVE/INSTALL Binary 20200921-17:33]/ buster contrib main non-free


    #deb cdrom:[Debian GNU/Linux 10 _Buster_ - Official Snapshot amd64 LIVE/INSTALL Binary 20200921-17:33]/ buster contrib main non-free


    deb http://deb.debian.org/debian/ buster main non-free contrib

    deb-src http://deb.debian.org/debian/ buster main non-free contrib


    deb http://security.debian.org/debian-security buster/updates main contrib non-free

    deb-src http://security.debian.org/debian-security buster/updates main contrib non-free


    # buster-updates, previously known as 'volatile'

    deb http://deb.debian.org/debian/ buster-updates main contrib non-free

    deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free


    # This system was installed using small removable media

    # (e.g. netinst, live or single CD). The matching "deb cdrom"

    # entries were disabled at the end of the installation process.

    # For information about how to configure apt package sources,

    # see the sources.list(5) manual.

    Do you have console access to the shell? Can you login as the root user? If so run omv-firstaid and try configuring the network.

    I tried omv-firstaid, trid to configure the network and failed:

    Failed to connect /var/lib/openmediavault/engined.sock: [Errno 2] No such file or directory


    So, what?


    I check the log and could see a lot of strange messages: for instance:

    déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' start: '/bin/systemctl start openmediavault-engined'

    déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' trying to restart

    déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' process is not running

    déc. 27 10:15:58 bertuccio monit[16535]: 'nginx' failed to start (exit status 0) -- no output

    déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' start: '/bin/systemctl start nginx'

    déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' trying to restart

    déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' process is not running


    But, if I check the nginx status, I get:

    root@bertuccio:~# systemctl status nginx

    ● nginx.service - A high performance web server and a reverse proxy server

    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)

    Active: active (exited) since Sat 2020-12-26 14:55:59 CET; 19h ago

    Docs: man:nginx(8)

    Tasks: 0 (limit: 4915)

    Memory: 0B

    CGroup: /system.slice/nginx.service


    déc. 26 14:55:59 bertuccio systemd[1]: Starting LSB: starts the nginx web server...

    déc. 26 14:55:59 bertuccio systemd[1]: Started LSB: starts the nginx web server.


    Strange, isn't it?


    Or these lines:


    <a lot of same before>


    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.

    déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.


    <a lot of same after>


    Then suddenly these messages stopped!


    F.P.