Another Home Page Bloghttps://blog.anotherhomepage.org/2022-12-08T14:20:00+01:00Initramfs and dracut2022-12-08T14:20:00+01:002022-12-08T14:20:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-08:/post/2022/12/08/initramfs-and-dracut/<p><img alt="an open wristwatch, showing it's cogs and wheels" src="https://blog.anotherhomepage.org/images/2022/12/lukas-tennie-3dyDozzCORw-unsplash_mini.jpg"></p>
<p>In order to keeps blog posts small and easy to read, I sometimes skip up some
details. In the series on my shenanigans with
<a href="/post/2022/12/05/check-the-vulnerabilites-affecting-CPU/">CPU vulnerabilites</a>
and the <a href="/post/2022/12/06/a-non-vulnerable-cpu/">Intel microcode</a>, I did not
specify how I handled the initramfs side of things. This post will double as a
cheat-sheet for …</p><p><img alt="an open wristwatch, showing it's cogs and wheels" src="https://blog.anotherhomepage.org/images/2022/12/lukas-tennie-3dyDozzCORw-unsplash_mini.jpg"></p>
<p>In order to keeps blog posts small and easy to read, I sometimes skip up some
details. In the series on my shenanigans with
<a href="/post/2022/12/05/check-the-vulnerabilites-affecting-CPU/">CPU vulnerabilites</a>
and the <a href="/post/2022/12/06/a-non-vulnerable-cpu/">Intel microcode</a>, I did not
specify how I handled the initramfs side of things. This post will double as a
cheat-sheet for next time I need to move a system disk from a computer to another.</p>
<h2>What's the initramfs, anyway ?</h2>
<p>Well, Wikipedia really explains it well, so instead of badly paraphrasing it,
I'll just quote thes lines from the <a href="https://en.wikipedia.org/wiki/Initial_ramdisk">Initial ramdisk
page</a> :</p>
<blockquote>
<p>In Linux systems, initrd (initial ramdisk) is a scheme for loading a temporary root file system into memory, to be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.</p>
</blockquote>
<h2>The initramfs and the Intel microcode</h2>
<p>Why do I care about the initramfs for the Intel microcode ? The reason is, as
stated in its article on <a href="https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html">loading the microcode from the
OS</a>,
Intel explains that the microcode must be installed in the initramfs to be
updated at startup.</p>
<p>The article then explains how to update the microcode for multiple
distributions, especially for Fedora and Ubuntu. On the Fedora side, the
article make use of the following command (as root) :</p>
<div class="highlight"><pre><span></span><code>dracut -f -vvv
</code></pre></div>
<p>In the <a href="https://linux.die.net/man/8/dracut">dracut manual page</a>, we can learn :</p>
<ul>
<li><code>-f</code> or <code>--force</code> overwrite the existing initramfs file ;</li>
<li><code>-vvv</code> increases verbosity (a lot).</li>
</ul>
<p>Looking at the content of the initramfs file can be done with two ways. The
first one is by uncompressing the file, which is simply a CPIO archive,
sometimes compressed. For example (as root) :</p>
<div class="highlight"><pre><span></span><code>mkdir /tmp/initramfs
cp /boot/initramfs-<span class="k">$(</span>uname -r<span class="k">)</span>.img /tmp/initramfs/
<span class="nb">cd</span> /tmp/initramfs
mv initramfs-<span class="k">$(</span>uname -r<span class="k">)</span>.img<span class="o">{</span>,.gz<span class="o">}</span>
gunzip initramfs-<span class="k">$(</span>uname -r<span class="k">)</span>.img.gz
cpio -idv < initramfs-<span class="k">$(</span>uname -r<span class="k">)</span>.img
</code></pre></div>
<p>If your initramfs is not compressed, you can skip the mv/gunzip part, or adapt
it if this using another compression algorithm.</p>
<p>Now the initramfs is unarchived in <code>/tmp/initramfs</code>, and its content can be
analyzed.</p>
<p>If no "thorough analysis" is required, the <code>lsinitrd</code> (available in the
<code>dracut</code> package in Fedora) command can be run as root. Not only does it show
the content of the initramfs with owner/group, mode and size, but it also
displays the arguments and modules used in the dracut command for generating it.</p>
<h2>generic and host-only initramfs</h2>
<p>One neat trick I used once in dracut is the ability to generate generic or
host-only initramfs. What's the difference ? In the first case, the generic
initramfs can be used on multiple computers with different hardware because it
contains all the modules that were compiled for the associated Linux kernel.
The initramfs is therefore quite big on the filesystem. On the other hand, the
host-only initramfs will only keep the modules corresponding to detected
hardware, which is slimmer, but less portable. There are even two modes,
depending on how strict you want to be.</p>
<p>Some examples :</p>
<ul>
<li><code>dracut -f --no-hostonly</code> will generate a generic initramfs for the running
kernel ;</li>
<li><code>dracut -f --host-only</code> will generate a host-only initramfs for the running
kernel ; without further information, the "sloppy" mode is used ;</li>
<li><code>dracut -f --hostonly-mode=strict</code> will, this time, be very strict on what's
added to the initramfs and can make the system unbootable for minor hardware
changes.</li>
</ul>
<p>The generic mode is really useful and I used it in two use-cases :</p>
<ul>
<li>I replaced the CPU and motherboard in my main desktop PC (therefore replacing
a lot of components, including the storage controller);</li>
<li>I added a HBA in a server, which was faster than the integrated SATA ports,
so I wanted to move my system SSD to it.</li>
</ul>
<p>If you want to read more on dract and Fedora, have a look at
<a href="https://fedoramagazine.org/initramfs-dracut-and-the-dracut-emergency-shell/">InitRAMFS, Dracut, and the Dracut Emergency Shell</a>
from <a href="https://fedoramagazine.org">Fedora Magazine</a>.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@luk10?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Lukas Tennie</a> on <a href="https://unsplash.com/s/photos/cogs?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Share snippets and files2022-12-07T17:00:00+01:002022-12-07T17:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-07:/post/2022/12/07/share-snipprts-files/<p><img alt="An "open" sign in front of a shop's window" src="https://blog.anotherhomepage.org/images/2022/12/clay-banks-N3SsG7xR-Dg-unsplash_mini.jpg">
A shameless autopromotion post about some services I provide.</p>
<h2>Public IP address and browser informations display</h2>
<p>If you need to check what your public IP adress is, and some informations from
your web browser, have a look at <a href="https://ottertelecom.com/">ottertelecom.com</a>. I
created this page in order to give these informations …</p><p><img alt="An "open" sign in front of a shop's window" src="https://blog.anotherhomepage.org/images/2022/12/clay-banks-N3SsG7xR-Dg-unsplash_mini.jpg">
A shameless autopromotion post about some services I provide.</p>
<h2>Public IP address and browser informations display</h2>
<p>If you need to check what your public IP adress is, and some informations from
your web browser, have a look at <a href="https://ottertelecom.com/">ottertelecom.com</a>. I
created this page in order to give these informations from a location I trust,
and without advertisement. Because I did not want to code anything using PHP or
something else, everything makes uses of <a href="https://en.wikipedia.org/wiki/Server_Side_Includes">Server Side Includes
(SSI)</a>.</p>
<p>And if you want to use the public IP address information, let's say for
automation, just point your curl to the <a href="https://ottertelecom.com/ip">/ip</a> URL,
you will get it without any HTML to strip.</p>
<h2>Share text snippets and small files</h2>
<p>Everyone knows about <a href="https://en.wikipedia.org/wiki/Pastebin">PasteBin</a> and its
many clones. One in particular is the self-hosted
<a href="https://privatebin.info/">PrivateBin</a>, which I find to be quite useful. I'm
very proud to see my instance to be the second french instance in the
<a href="https://privatebin.info/directory/">PrivateBin instances directory</a>. You can
use my instance here :
<a href="https://paste.ottertelecom.com/">https://paste.ottertelecom.com/</a>.</p>
<p>Features include :</p>
<ul>
<li>copy and paste large amounts of text ;</li>
<li>data is encrypted and decrypted in the browser using 256bit AES in <a href="https://en.wikipedia.org/wiki/Galois/Counter_Mode">Galois
Counter mode</a> ;</li>
<li>ability to colorize the text following the syntax ;</li>
<li>you can configure the expiration time with pre-defined ranges, from 5 minutes
to never ;</li>
<li>a burn-after-read system, so you can ensure the link will be shown only once
(useful for passwords and secrets) ;</li>
<li>password-protected pastes (of course, you'll provide the password using
another channel for enhanced security) ;</li>
<li>file attachment.</li>
</ul>
<p>My instance limits the paste size (including attachments) to around 55MB.</p>
<h2>Share bigger files</h2>
<p>For sharing bigger files, and since everything dynamic here runs on PHP, I
installed a <a href="https://gitlab.com/mojo42/Jirafeau">Jirafeau</a> instance to provide
with the ability to share some big files. You can use my instance here :
<a href="https://files.ottertelecom.com/">https://files.ottertelecom.com/</a>.</p>
<p>Features include :</p>
<ul>
<li>password-protected files (you can provide the password using the
burn-after-read feature of my <a href="https://paste.ottertelecom.com/">PrivateBin
instance</a>) ;</li>
<li>one-time downloads ;</li>
<li>you can configure the expiration time with pre-defined ranges, from one
minute to a month (no unlimited tier here ;-)).</li>
</ul>
<p>My instance size limit is 640MB.</p>
<p><strong>Warning</strong> : unlike the PrivateBin instance, data is <strong>not encrypted</strong>.</p>
<h2>Support these services, and more !</h2>
<p>I just signed up for <a href="https://liberapay.com/ahp_nils/">Liberapay</a>, so if you
want to help and don't want to subscribe to my <a href="https://www.twitch.tv/ahp_nils">Twitch
channel</a>, this is the place to support my
services and my <a href="https://github.com/ahpnils">contributions</a> for a more open
digital world. Of course, neither of them is mandatory and you can just enjoy
the services, code and content for free.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@claybanks?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Clay Banks</a> on <a href="https://unsplash.com/s/photos/we%27re-open?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText.">Unsplash</a></em></p>A non-vulnerable CPU ?2022-12-06T22:00:00+01:002022-12-06T22:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-06:/post/2022/12/06/a-non-vulnerable-cpu/<p><img alt="a brown shield on a white wall" src="https://blog.anotherhomepage.org/images/2022/12/pawel-czerwinski-RovCBKMfK_k-unsplash_mini.jpg"></p>
<p>Following <a href="/post/2022/12/05/check-the-vulnerabilites-affecting-CPU/">yesterday's blog post</a>,
I was wondering if I could find a CPU that would have a BIOS old enough so it's
microcode would not be patched agains any vulnerability.</p>
<h2>Enter the Intel Atom 330</h2>
<p>I decided to bring out of retirement my good old Shuttle X27D, a 2008 computer …</p><p><img alt="a brown shield on a white wall" src="https://blog.anotherhomepage.org/images/2022/12/pawel-czerwinski-RovCBKMfK_k-unsplash_mini.jpg"></p>
<p>Following <a href="/post/2022/12/05/check-the-vulnerabilites-affecting-CPU/">yesterday's blog post</a>,
I was wondering if I could find a CPU that would have a BIOS old enough so it's
microcode would not be patched agains any vulnerability.</p>
<h2>Enter the Intel Atom 330</h2>
<p>I decided to bring out of retirement my good old Shuttle X27D, a 2008 computer
running the low-power Intel Atom 330 processor, with only 2G of RAM.</p>
<p>The Intel Atom 330 is wonderful CPU : with two cores and four threads, running
at 1.6Ghz, it is a lightweight CPU. But it is for lightweight usage. Forget
about virtualization, this processor and it's maximum supported memory cannot
handle that kind of task : the virtualization instructions are nowhere to be
found, and you are limited to 2G of RAM.</p>
<h2>More resilient than modern processors ?</h2>
<p>So I gave it go. Installed Fedora 37 (server edition), and ran the check script
mentionned in my previous post. It gives for each CVE a status of OK or KO.
And everything is OK. Weird. Almost each time, the CPU is not vulnerable.
But each time, there a little added sentence : </p>
<blockquote>
<p>(your CPU vendor reported your CPU model as not affected)</p>
</blockquote>
<p>My take on this is that the Intel Atom 330 is so old it does not even features
the vulnerable instructions. I think I'll still try to benchmark it, it may be
funny.</p>
<p>Even <code>/proc/cpuinfo</code> does not display anything in the "bugs" section !</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@pawel_czerwinski?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Pawel Czerwinski</a> on <a href="https://unsplash.com/s/photos/shield?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>check the vulnerabilites affecting a CPU2022-12-05T22:00:00+01:002022-12-07T09:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-05:/post/2022/12/05/check-the-vulnerabilites-affecting-CPU/<p><img alt="using a pipette to select a sample" src="https://blog.anotherhomepage.org/images/2022/12/louis-reed-pwcKF7L4-no-unsplash_mini.jpg"></p>
<p><strong>Warning: in this article, I'll show how to disable mitigations for some
vulnerabilities. Do not try this on a production system or any other system
containing important data you care about not being leaked/stolen/lost.</strong></p>
<p>After the blog post on the <a href="/post/2022/05/25/Compiling-the-NetBSD-kernel-as-a-benchmark/">NetBSD kernel compilation
benchmarking</a>,
and since most of …</p><p><img alt="using a pipette to select a sample" src="https://blog.anotherhomepage.org/images/2022/12/louis-reed-pwcKF7L4-no-unsplash_mini.jpg"></p>
<p><strong>Warning: in this article, I'll show how to disable mitigations for some
vulnerabilities. Do not try this on a production system or any other system
containing important data you care about not being leaked/stolen/lost.</strong></p>
<p>After the blog post on the <a href="/post/2022/05/25/Compiling-the-NetBSD-kernel-as-a-benchmark/">NetBSD kernel compilation
benchmarking</a>,
and since most of my computers are at least 5 years old, I was wondering
how much of an impact on performance the CPU vulnerabilities mitigations have
over time. So let's first discover how to verify how vulnerable a system is,
disable all we can and then verify again.</p>
<h2>how vulnerable am I ?</h2>
<p>The test system is the following : an old laptop with an Intel Core i5
i5-3210M, with Hyperthreading enabled. It is running Fedora Linux 37, and all
updates are applied at this time. Most notably, the package <code>microcode_ctl</code> is
installed in its latest version.</p>
<p>From what I understood, there are two ways to mitigate the ever growing list of
processor vulnerabilities : one is by adding fixing code in the OS kernel
(Linux in this case), and another is by adding fixing code in the CPU
microcode, which is some sort of firmware. Usually, the first one has much more
impact on performance than the second one. It may be important because it means
a processor can still get mitigations even if the vendor stopped supporting it,
which is likely to be my case with a 10-year old laptop.</p>
<p>There are many tools that verify CPU vulnerabilities, and I chose <a href="https://github.com/speed47/spectre-meltdown-checker">Spectre &
Meltdown Checker</a> because
it seems to be well maintained, quite complete, easy to use and to understand.
It gives for each CVE a status of OK or KO. Let's run it to get a "control"
result :</p>
<div class="highlight"><pre><span></span><code>$ <span class="nb">cd</span> /tmp
$ curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
$ chmod +x spectre-meltdown-checker.sh
$ sudo ./spectre-meltdown-checker.sh
<span class="o">[</span>lots of stuff and explanations<span class="o">]</span>
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:KO
</code></pre></div>
<p>As you can see, my laptop is still vulnerable to CVE-2020-0543, aka 'Special
Register Buffer Data Sampling (SRBDS)'. For some other vulnerabilities, I'm not
entirely covered :</p>
<div class="highlight"><pre><span></span><code><span class="nv">dmesg</span> <span class="o">|</span><span class="nv">grep</span> <span class="s2">"</span><span class="s">CPU bug</span><span class="s2">"</span>
[ <span class="mi">0</span>.<span class="mi">198447</span>] <span class="nv">MDS</span> <span class="nv">CPU</span> <span class="nv">bug</span> <span class="nv">present</span> <span class="nv">and</span> <span class="nv">SMT</span> <span class="nv">on</span>, <span class="nv">data</span> <span class="nv">leak</span> <span class="nv">possible</span>. <span class="nv">See</span> <span class="nv">https</span>:<span class="o">//</span><span class="nv">www</span>.<span class="nv">kernel</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">doc</span><span class="o">/</span><span class="nv">html</span><span class="o">/</span><span class="nv">latest</span><span class="o">/</span><span class="nv">admin</span><span class="o">-</span><span class="nv">guide</span><span class="o">/</span><span class="nv">hw</span><span class="o">-</span><span class="nv">vuln</span><span class="o">/</span><span class="nv">mds</span>.<span class="nv">html</span> <span class="k">for</span> <span class="nv">more</span> <span class="nv">details</span>.
[ <span class="mi">23</span>.<span class="mi">371778</span>] <span class="nv">L1TF</span> <span class="nv">CPU</span> <span class="nv">bug</span> <span class="nv">present</span> <span class="nv">and</span> <span class="nv">SMT</span> <span class="nv">on</span>, <span class="nv">data</span> <span class="nv">leak</span> <span class="nv">possible</span>. <span class="nv">See</span> <span class="nv">CVE</span><span class="o">-</span><span class="mi">2018</span><span class="o">-</span><span class="mi">3646</span> <span class="nv">and</span> <span class="nv">https</span>:<span class="o">//</span><span class="nv">www</span>.<span class="nv">kernel</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">doc</span><span class="o">/</span><span class="nv">html</span><span class="o">/</span><span class="nv">latest</span><span class="o">/</span><span class="nv">admin</span><span class="o">-</span><span class="nv">guide</span><span class="o">/</span><span class="nv">hw</span><span class="o">-</span><span class="nv">vuln</span><span class="o">/</span><span class="nv">l1tf</span>.<span class="nv">html</span> <span class="k">for</span> <span class="nv">details</span>.
</code></pre></div>
<p>For the sake of simplicity, I'll still consider myself non vulnerable. So, I'm
OK on 14 out of 15 checks.</p>
<h2>Disabling the microcode mitigations</h2>
<p>Basically, disabling the microcode mitigations means "downgrading the microcode
and hoping it is old enough to be vulnerable". Which, on my laptop, was not
really possible. The microcode can come from two locations : the first one is
the BIOS or UEFI, and the second is the operating system.</p>
<p>In my case, I'm running Fedora. I uninstalled the <code>microcode_ctl</code> package, and
out of precaution, updated the initramfs using <code>dracut --force -vvv</code>.
However, before and after this, I still had the same microcode version :</p>
<div class="highlight"><pre><span></span><code>$ grep microcode /proc/cpuinfo <span class="p">|</span> sort -u
microcode : 0x21
</code></pre></div>
<p>After some research, and comparison of <a href="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/intel-ucode">Intel's public Github
repository</a>
with the <a href="https://pagure.io/microcode_ctl">microcode_ctl package</a>, my only
explanation is that the provided BIOS/UEFI has the same microcode version. Does
Apple slips EFI updates containing microcode with macOS ?</p>
<p>In order to get a working example, I'm thinking about finding an older
computer. Maybe in a follow-up post ?</p>
<h2>Disabling the kernel mitigations</h2>
<p>This last part is simpler : following the official <a href="https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html">Linux kernel
documentation</a>,
disabling the mitigations is as simple as adding <code>mitigations=off</code> to the
command-line, either as a one-off at boot time, or by updating the Grub
configuration.</p>
<p>Once the mitigations are disabled, the result of the check script is now :</p>
<div class="highlight"><pre><span></span><code>> SUMMARY: CVE-2017-5753:KO CVE-2017-5715:KO CVE-2017-5754:KO CVE-2018-3640:OK CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:KO
</code></pre></div>
<p>I am still OK for 6 out of 15 checks. I hope this will give results when
compiling the NetBSD kernel.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@_louisreed?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Louis Reed</a> on <a href="https://unsplash.com/s/photos/experiment?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>s-tui, a frontend for stress-ng2022-12-04T22:00:00+01:002022-12-04T22:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-04:/post/2022/12/04/s-tui-stress-ng-frontend/<p><img alt="a dashboard with many analog temperature
gauges" src="https://blog.anotherhomepage.org/images/2022/12/michal-mrozek-0aqJNZ5tVBc-unsplash_mini.jpg"></p>
<p>For a (failed) project, I needed to stress-test a system in order to verify the
limits of it's ventilation system and it's temperatues. I heard about
<a href="https://github.com/ColinIanKing/stress-ng">stress-ng</a> a while ago, and I
lately found about a fronted for it, named
<a href="https://amanusk.github.io/s-tui/">s-tui</a>.</p>
<h2>What is stress-ng ?</h2>
<p>The name actually describes it very …</p><p><img alt="a dashboard with many analog temperature
gauges" src="https://blog.anotherhomepage.org/images/2022/12/michal-mrozek-0aqJNZ5tVBc-unsplash_mini.jpg"></p>
<p>For a (failed) project, I needed to stress-test a system in order to verify the
limits of it's ventilation system and it's temperatues. I heard about
<a href="https://github.com/ColinIanKing/stress-ng">stress-ng</a> a while ago, and I
lately found about a fronted for it, named
<a href="https://amanusk.github.io/s-tui/">s-tui</a>.</p>
<h2>What is stress-ng ?</h2>
<p>The name actually describes it very well. This tool allows you to run various
stress tests on your computer, on many Unix-like operating systems. The tool is
actually intended for my kind of use-case, which is trying to find thermal
issues. The examples in the
<a href="https://github.com/ColinIanKing/stress-ng/blob/master/README.md">README.md</a>
file are quite useful, I invite you to try it.</p>
<h2>What is s-tui ?</h2>
<p>while looking for stress-ng in my package manager, <code>s-tui</code> came out. As it
turns out, this frontend is really complementary. It is a terminal UI for
<code>stress-ng</code>, hence its name. It is not only able to run a stress test, but also
to simply monitor some properties of your system, starting with CPU usage, CPU
frequency and temperature. You can have a look at the baseline before starting
a test, from <code>s-tui</code> or outside of it.</p>
<p><img alt="screenshot of s-tui running on a Raspberry Pi 2B" src="https://blog.anotherhomepage.org/images/2022/12/s-tui_screenshot.png"></p>
<p><em>Photo by <a href="https://unsplash.com/@miqul?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Michal Mrozek</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Dotfiles at scale2022-12-02T22:45:00+01:002022-12-02T22:45:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-02:/post/2022/12/02/dotfiles-at-scale/<p><img alt="a big crowd walking in the same direction" src="https://blog.anotherhomepage.org/images/2022/12/rob-curran-sUXXO3xPBYo-unsplash_mini.jpg">
Like everyone, I now store configuration files and customizations for my
beloved shell environment in a git repository.</p>
<h2>Why ?</h2>
<p>I have to admit, I'm no minimalist when it comes to computers. Without counting
my work-provided laptop, I use two laptops, one desktop, a few servers and
that's without mentioning what's …</p><p><img alt="a big crowd walking in the same direction" src="https://blog.anotherhomepage.org/images/2022/12/rob-curran-sUXXO3xPBYo-unsplash_mini.jpg">
Like everyone, I now store configuration files and customizations for my
beloved shell environment in a git repository.</p>
<h2>Why ?</h2>
<p>I have to admit, I'm no minimalist when it comes to computers. Without counting
my work-provided laptop, I use two laptops, one desktop, a few servers and
that's without mentioning what's in the cloud, or the gadgets (e.g. PineBook
and Raspberry Pi) . Each and every one of these systems run a Unix-based
operating system, either GNU/Linux, macOS or NetBSD.</p>
<p>What these operating systems have in common is a command-line interface, or a
shell. And with time, I learned to tweak it and add a lot of small tools that
helps me in my various actions.</p>
<p>Multiple systems, but same configuration. You know where I'm getting, don´t you
? Why would I do it by hand ?</p>
<h2>How ?</h2>
<p>The first reflex when it comes to quickly give several systems the same
configuration is to copy the same file on each of them. Then, I figured I could
pull the file to a central location, and push new versions to that location.
That reasoning leads to one key concept everyone already guessed : version
control system. So yes, I created
<a href="https://github.com/ahpnils/dotfiles">a git repository</a>. I even ended up
renaming it to the same as everyone else : dotfiles. </p>
<h2>Challenges ?</h2>
<p>That kind of setup brings 3 challenges. The first one is how to organize the
files in the repository ? To me, the easiest way is to create a directory for
each tool, and give the configuration files the same names they would have in
their target system. Quick example : in my repository, my VIM configuration
file is <code>vim/.vimrc</code>, and it will be used in <code>~/.vimrc</code>.</p>
<p>The second challenge is how to install the files ? I though about copying them
from the repository, but it means I have to run an "install" phase each time I
update my repository. I decided to opt for symbolic links. That way, I don't
have to run an "install" phase for each update, just for the initial set up.
One major advantage I also find is that I can modify the files straight from
their supposed location. I can then spot the differences, and be reminded to
commit them if I <code>git pull -r</code> after that.</p>
<p>The third challenge is automation. I don't want to have to manually copy the
files (or in my case, symlink them). I know
<a href="https://github.com/geerlingguy">some people</a> make heavy use of Ansible even to
<a href="https://github.com/geerlingguy/mac-dev-playbook">set up their desktop
environment</a>. I'm not there.
Yet. To me, starting with installing Ansible is not lightweight, so for now I
decided to stick with a good old <a href="https://github.com/ahpnils/dotfiles/blob/master/Makefile">Makefile</a>.
I declared an <code>install</code> target, which creates the symbolic links, a
<code>pkgin-deps</code> target for installing useful softwares (on NetBSD and macOS), and
finally <code>rpm-deps</code> for installing the same softwares (and more) on Fedora, my
distribution of choice. </p>
<h2>What's next ?</h2>
<p>This seems already complete, but as it turns out, there are more challenges to
overcome :</p>
<ul>
<li>I may use another Linux distro (Alpine, Debian, and sometimes even Ubuntu) ;</li>
<li>some commands do not behave the same depending on the operating system : my
latest issue is with <code>which</code>, which does not have some GNU options on NetBSD ;</li>
<li>I would like to also configure some graphical parts of the desktop : I'll be
soon digging in the commands to configure Gnome and macOS !</li>
</ul>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@curranrob?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Rob Curran</a> on <a href="https://unsplash.com/s/photos/crowd?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Rename a user on a Linux desktop system2022-12-02T10:00:00+01:002022-12-02T10:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-12-02:/post/2022/12/02/rename-user-linux-desktop/<p><img alt="a multi-colored chameleon on blue background" src="https://blog.anotherhomepage.org/images/2022/12/pierre-bamin-WBCefg9hYo4-unsplash_mini.jpg">
This time, I won't go into details about the context, but let's just say that
for some compliance reasons, I needed to rename a user on a Linux desktop
computer.</p>
<h2>Rename ? Why not create a new user ?</h2>
<p>3 things :</p>
<ul>
<li>I wanted to keep the same UID/GID, and I don't …</li></ul><p><img alt="a multi-colored chameleon on blue background" src="https://blog.anotherhomepage.org/images/2022/12/pierre-bamin-WBCefg9hYo4-unsplash_mini.jpg">
This time, I won't go into details about the context, but let's just say that
for some compliance reasons, I needed to rename a user on a Linux desktop
computer.</p>
<h2>Rename ? Why not create a new user ?</h2>
<p>3 things :</p>
<ul>
<li>I wanted to keep the same UID/GID, and I don't like having 2 users with the
same UID;</li>
<li>I wanted to keep all the existing configurations in the $HOME directory ; I
could have moved from the old one to the new one and chown everything, but I
would not have prevented some of the funny things that happened along the way
;</li>
<li>who doesn't like some challenge ?</li>
</ul>
<h2>The easy part</h2>
<p>The basic change itself is the easyest. I renamed the user in <code>/etc/passwd</code> and
in <code>/etc/shadow</code> using <code>vipw</code> / <code>vipw -s</code>. I also needed to update <code>/etc/group</code>
and <code>/etc/sudoers</code> (or maybe some other file in <code>/etc/sudoers.d</code> but you get
the idea).</p>
<p>Of course I renamed the home directory.</p>
<p>On the graphical side of things, the wallpaper needed to be set up.</p>
<h2>The hard part</h2>
<p>I run a lot of virtual machines. Not as much as I would like to, but on every
desktop system I have, I tend to install a hypervisor and run at least one or
two VM. When I run libvirt on a desktop or laptop, I usually create storage
pools in my home (<code>${HOME}/libvirt/images</code> for VM disks and
<code>${HOME}/libvirt/boot</code> for ISO files). This implies the virtual machines are
running in my home directory. </p>
<p>Two ways to operate here :</p>
<ul>
<li>the "good" way : use the graphical Virt-Manager tool or <code>virsh edit|pool-edit</code>
to change the paths ;</li>
<li>the "bad" way : explore <code>/etc/libvirt/qemu</code> and <code>/etc/libvirt/storage</code> and
mass-replace the paths using sed.</li>
</ul>
<p>Guess which one I chose. Don't forget to restart the libvirt related services,
or reboot.</p>
<p>If you have a laptop, it means you're somewhat mobile. Multiple Wi-Fi networks
are set up, and maybe one or two VPN access. Paths are also used for these
settings, using Network Manager. I don't know if there is a good way to do
this, but I found connection settings saved in
<code>/etc/NetworkManager/system-connections</code>. This was especially useful for
certificate files location for a VPN access.</p>
<p>But for my OpenVPN access, this may be not enough. It's no secret I mainly use
Fedora on my laptop, and like all Red Hat-based distributions, SELinux is
enforced. So, yes, I had to modify some SELinux settings. A "bad" way could be
to look at <code>/etc/selinux/targeted/contexts/files/file_contexts.local</code>.</p>
<p>Some other files I forgot to modify in the first part are <code>/etc/gshadow</code>,
<code>/etc/subuid</code> and <code>/etc/subgid</code>. My notes tell me I had to run <code>podman system
migrate</code> following the last two changes.</p>
<h2>The hardest part</h2>
<p>The most annoying part is the Firefox profile. Here, I had to run <code>firefox
--ProfileManager</code> to get everything back to normal.</p>
<h2>Something else ?</h2>
<p>From what I remember, and my notes on the matter, that's all. If someone ever
stumbles upon this post, trying to do the same, I would suggest to go and
search for other settings by running <code>grep -R <oldusername> /etc/*</code> and <code>grep
-R <oldusername> /home/*</code>.</p>
<p>And if you don't feel the courage to go through all theses changes, you can
still keep the old path to your home directory.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@bamin?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Pierre Bamin</a> on <a href="https://unsplash.com/s/photos/chameleon?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Compiling the NetBSD kernel as a benchmark2022-05-25T09:00:00+02:002022-05-25T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-05-25:/post/2022/05/25/Compiling-the-NetBSD-kernel-as-a-benchmark/<p><img alt="2 eggs, a small one on the left and a big one on the
right" src="https://blog.anotherhomepage.org/images/2020/05/daniele-levis-pelusi-4mpsEm3EGak-unsplash_mini.jpg">
For a while, I've been compiling my own NetBSD kernel. Just for a few options,
mainly CARP, at first for my Raspberry Pis, and at the moment for
paravirtualized Xen domUs. Compiling a custom NetBSD kernel is a very easy
task, it's just a matter of 3 main steps :</p>
<ul>
<li>getting …</li></ul><p><img alt="2 eggs, a small one on the left and a big one on the
right" src="https://blog.anotherhomepage.org/images/2020/05/daniele-levis-pelusi-4mpsEm3EGak-unsplash_mini.jpg">
For a while, I've been compiling my own NetBSD kernel. Just for a few options,
mainly CARP, at first for my Raspberry Pis, and at the moment for
paravirtualized Xen domUs. Compiling a custom NetBSD kernel is a very easy
task, it's just a matter of 3 main steps :</p>
<ul>
<li>getting the sources ;</li>
<li>copying a configuration file, then modifying this copy ;</li>
<li>and then using <code>build.sh</code> in order to compile the tools, then the kernel
itself.</li>
</ul>
<p>Something I really like about compiling the NetBSD kernel is that it can be
easily done on a system <em>not running NetBSD</em>. In other words, NetBSD can be
cross-compiled very easily. Even with another CPU architecture. I've been
compiling NetBSD kernels for evbarm (RPi) or for amd64 from a Linux 64-bit
system, or from an Intel Mac. Overall, a simple process.</p>
<p>While compiling NetBSD 9.1 for my domUs that currently needs CARP, some
questions popped in my head :</p>
<ul>
<li>which of my desktop systems is the fastest to compile NetBSD ?</li>
<li>do I need a high core count, or rather a high frequency, if not both ?</li>
<li>do I need fast storage to get faster compilation times ?</li>
</ul>
<p>So I decided to compile NetBSD on a few systems :</p>
<ul>
<li>what was at the time my main desktop computer, with a Xeon X5670 CPU and 24GB
of RAM ;</li>
<li>a mid-2012 non-retina 15 inches Macbook Pro, with a Core i7-3720QM CPU and
16GB of RAM ;</li>
<li>another mid-2012 non retina Macbook Pro, with a 13 inches screen, a Core
i5-3210M CPU and also 16GB of RAM.</li>
</ul>
<p>The desktop was running the latest Fedora at that time (32 or 33 if I recall
correctly) and the laptops were running macOS 10.15 Catalina, with all updates
installed.</p>
<p>How did I test these systems ? I made a very basic shell script, that would
compile the GENERIC kernel profile for the amd64 port, then clean the compile
directory, and then do it again... each time increasing the number of make
jobs, from 1 to 20 (sometimes 28). I also ran the same compilation from a
ramdisk, in order to check storage speed. Although each system runs on a SATA-3
SSD drives, the desktop Xeon computer only had a SATA-2 controller.</p>
<p>Since <code>build.sh</code> is quite verbose, keeping tracks of compile times was a matter
of redirecting the output in log files, then extract start and end dates.</p>
<p>Once the compiling jobs were done, I entered the results in a Libre Office Calc
sheet, and got this result :</p>
<p><img alt="Chart showing compile time depending on number of make jobs" src="https://blog.anotherhomepage.org/images/2022/05/benchmark.png"></p>
<p>(Click <a href="https://blog.anotherhomepage.org/images/2022/05/benchmark.png">here</a> for full-res image)</p>
<p>So, what did I learn from this :</p>
<ul>
<li>despite being slightly older than the 3rd gen Core i5 and Core i7, the higher
frequency of the Xeon X5670 seems to give it some advantage ;</li>
<li>the compilation tools or the NetBSD kernel do not take advantage of running
with more than 6 make jobs : more allocated jobs are a waste ;</li>
<li>storage speed does not seems to be a bottleneck here ; trying to run the
benchmark on a spinning hard drive could have been interesting ;</li>
<li>compiling from a ramdisk does not seem to improve performance, but seems to
improve stability : some numbers are off, for instance the compile time for 2
make jobs on the X5670.</li>
</ul>
<p>Now, let's clearly answer my questions :
- my fastest machine for compiling the NetBSD kernel is clearly the desktop
system with the X5670 CPU ;
- I get the fastest compilation with 6 make jobs, and a higher frequency seems
to give better results ;
- SATA SSD seems to do a decent enough job for storage, a ramdisk is not worth
the (relative) hassle to setup.</p>
<p>Some other ideas to further enhance this benchmark :</p>
<ul>
<li>try to run benchmark on a CPU I can easily overclock, so I could really
verify the impact of frequency alone ;</li>
<li>try to run on a drive that is not the system drive (I guess this is one of the
reasons some numbers are off) ;</li>
<li>try to run multiple instances of each benchmark, and provide a chart for the
means (that would reduce the impact of off numbers) ;</li>
<li>try to run the benchmarks with a variety of operating systems on the same
hardware, so I could determine wich one is the fastest, if there is a clear
winner ;</li>
<li>try to run the benchmarks with other kernel config files, to check the impact
of removing/adding some features ;</li>
<li>try to run the benchmarks with a more recent release of NetBSD, or -current ;</li>
<li>try to run the benchmarks with clang instead of gcc.</li>
</ul>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@yogidan2012?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Daniele Levis Pelusi</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Capture network traffic with tcpdump2022-02-28T00:00:00+01:002022-02-28T12:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-02-28:/post/2022/02/28/Capture-network-traffic-with-tcpdump/<p><img alt="A cat with a paw on a faucet dripping
water" src="https://blog.anotherhomepage.org/images/2021/03/kazuky-akayashi-uZS1IHEqfxU-unsplash.jpg"></p>
<p>After a previous post about <a href="/post/2020/06/01/generate-random-tcp-or-udp-traffic-with-netcat/">how to generate
random traffic with netcat</a>, let's have a look at how
to watch traffic flowing through our network interfaces. For this I'll be using
<code>tcpdump</code>, a command-line utility allowing you to literally dump network
traffic, mainly on the terminal output. This post does …</p><p><img alt="A cat with a paw on a faucet dripping
water" src="https://blog.anotherhomepage.org/images/2021/03/kazuky-akayashi-uZS1IHEqfxU-unsplash.jpg"></p>
<p>After a previous post about <a href="/post/2020/06/01/generate-random-tcp-or-udp-traffic-with-netcat/">how to generate
random traffic with netcat</a>, let's have a look at how
to watch traffic flowing through our network interfaces. For this I'll be using
<code>tcpdump</code>, a command-line utility allowing you to literally dump network
traffic, mainly on the terminal output. This post does not aim at replacing the
man page, but I hope to give simple and easy to remember commands for when you
don't have time to explore the official documentation.</p>
<h2>Installation</h2>
<p>If tcpdump is usually installed by default on most Unix systems. If you can't
find it on your system and need to install it, chances are your package manager
provides one simply called "tcpdump". Features shown in this post are pretty
basic so you shouldn't worry about which version you're running. </p>
<h2>Basic commands and network interface selection</h2>
<p>The simplest command is to simply run :</p>
<div class="highlight"><pre><span></span><code>tcpdump
</code></pre></div>
<p>You will mostly get a message like <code>You don't have permission to capture on
that device</code>. It's perfectly normal. For the vast majority of its uses, tcpdump
need super-user access, so run it as root or with sudo. </p>
<p>Once ran with the appropriate rights, you'll be seeing all the network traffic
entering and exiting your computer, from one of the network interfaces. If you
have multiple network interfaces, it will show you traffic only from one of them. </p>
<p>Selecting the network interface can be done with the argument <code>-i <interface></code>,
so if you want to get all traffic from interface <code>virbr5</code>, this is simply a
matter of :</p>
<div class="highlight"><pre><span></span><code>tcpdump -i virbr5
</code></pre></div>
<p>You can also capture packets from all interfaces by using the word <code>any</code>
instead of a network interface.</p>
<p>You can quit tcpdump with a simple <code>Ctrl+C</code>.</p>
<h2>tweaking and recording the output</h2>
<p>By default, tcpdump will resolve IP adresses to hostnames and replace the port
number with its service name coming from <code>/etc/services</code>. You may want to
disable this behavior by using the <code>-n</code> argument. Let's add it to our previous
example :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i virbr5
</code></pre></div>
<p>Another useful change of tcpdump's output is to make it more verbose. There are
4 verbosity levels :</p>
<ul>
<li>the default one, no extra argument needed ;</li>
<li>slightly verbose, with argument <code>-v</code> ;</li>
<li>more verbose, with argument <code>-vv</code> ;</li>
<li>and really verbose, with argument <code>-vvv</code>.</li>
</ul>
<p>To give an idea of what's displayed, here are two output examples, the one from
the default verbosity on a ping, and then with <code>-v</code> :</p>
<div class="highlight"><pre><span></span><code><span class="mi">21</span><span class="o">:</span><span class="mi">33</span><span class="o">:</span><span class="mf">15.200556</span><span class="w"> </span><span class="n">IP</span><span class="w"> </span><span class="mf">192.168</span><span class="o">.</span><span class="mf">7.1</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="mf">192.168</span><span class="o">.</span><span class="mf">7.60</span><span class="o">:</span><span class="w"> </span><span class="n">ICMP</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="n">request</span><span class="o">,</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="mi">3</span><span class="o">,</span><span class="w"> </span><span class="n">seq</span><span class="w"> </span><span class="mi">3</span><span class="o">,</span><span class="w"> </span><span class="n">length</span><span class="w"> </span><span class="mi">64</span><span class="w"></span>
</code></pre></div>
<p>Now, let's add <code>-v</code> :</p>
<div class="highlight"><pre><span></span><code><span class="mi">21</span><span class="err">:</span><span class="mi">35</span><span class="err">:</span><span class="mf">39.295943</span><span class="w"> </span><span class="n">IP</span><span class="w"> </span><span class="p">(</span><span class="n">tos</span><span class="w"> </span><span class="mh">0x0</span><span class="p">,</span><span class="w"> </span><span class="n">ttl</span><span class="w"> </span><span class="mi">64</span><span class="p">,</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="mi">18475</span><span class="p">,</span><span class="w"> </span><span class="n">offset</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="w"> </span><span class="o">[</span><span class="n">DF</span><span class="o">]</span><span class="p">,</span><span class="w"> </span><span class="n">proto</span><span class="w"> </span><span class="n">ICMP</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">),</span><span class="w"> </span><span class="n">length</span><span class="w"> </span><span class="mi">84</span><span class="p">)</span><span class="w"></span>
<span class="w"> </span><span class="mf">192.168.7.1</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="mf">192.168.7.60</span><span class="err">:</span><span class="w"> </span><span class="n">ICMP</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="n">request</span><span class="p">,</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="w"> </span><span class="n">seq</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="n">length</span><span class="w"> </span><span class="mi">64</span><span class="w"></span>
</code></pre></div>
<p>Showing stuff on screen is nice, but what if you want to save a capture for later
analysis and read it later ? tcpdump is able to do both.</p>
<p>To write your capture to a file named <code>example.pcap</code> :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i eth0 -w example.pcap
</code></pre></div>
<p>There is only one little hiccup with this command : tcpdump will not show the
network traffic on the terminal. You can have a look using the read command
below, but tcpdump will print what's on the file and then quit. To put it
differently, tcpdump read abilities are more like <code>cat</code> than <code>tail</code>. And the
read command for <code>example.pcap</code> ? Here it is :</p>
<div class="highlight"><pre><span></span><code>tcpdump -r example.pcap
</code></pre></div>
<p>What's great with the file writing feature is that you can open this file with
<a href="https://www.wireshark.org/">Wireshark</a>.</p>
<h2>Filters !</h2>
<p>One of the most powerful features of tcpdump is the ability to filter out some
traffic so you can have a look at what you are really looking for.
Let's say
you have a webserver that receives no trafic. But that webserver only has one
network interface (eth0) and is also running an FTP and SSH server. If you try
to look for HTTP traffic without filters and some people are uploading files to
the server, you're either gonna need jedi reflexes, or a lot of disk space
(assuming you're capturing to a file).</p>
<p>Following our webserver example, let's say we need to capture traffic coming
from and to 192.168.1.1 :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i eth0 host <span class="m">192</span>.168.1.1
</code></pre></div>
<p>We can be more precise, and add source or destination with the <code>src</code> and <code>dst</code>
keywords. The example below shows it with source filter :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i eth0 src host <span class="m">192</span>.168.1.1
</code></pre></div>
<p>Again with our webserver example, we can display only port 80, in order to
avoid packets coming from other services (ssh, rdp or mail) :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i eth0 port <span class="m">80</span>
</code></pre></div>
<p>Of course, the source and destination filters can be used on ports, but the
exact command is left as an exercise for the reader.</p>
<p>Another really powerful feature is logical operators. We can use things like
<code>and</code>, <code>or</code>, <code>not</code> in order to have more precise filters. Again with our web
server example, let's say we want to capture not only http packets but also
https packets. It would give :</p>
<div class="highlight"><pre><span></span><code>tcpdump -n -i eth0 port <span class="m">80</span> or port <span class="m">443</span>
</code></pre></div>
<p>I'm only scratching the surface here. More examples can be found in the
<a href="http://www.tcpdump.org/manpages/tcpdump.1.html">tcpdump man page</a>.
There is also a dedicated page about
<a href="http://www.tcpdump.org/manpages/pcap-filter.7.html">pcap-filter</a>, with many
more keywords. As for the third party documentations, I'll recommend <a href="https://jvns.ca/">Julia
Evans</a> must read "<a href="https://wizardzines.com/zines/tcpdump/">Let's learn
tcpdump!</a>", and
<a href="https://www.youtube.com/watch?v=hJJEM7k7czA">TCPDump: Set Up and Getting Started</a>
from <a href="https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ">Hak5</a>'s
<a href="https://snubsie.com/">Shannon Morse</a>.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@kazukyakayashi?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Kazuky Akayashi
</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Ban attacks against named with Fail2ban2022-01-27T21:38:00+01:002022-01-27T21:38:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2022-01-27:/post/2022/01/27/Ban-attacks-against-named-with-Fail2ban/<p><img alt="Yellow and red sign with "NO drones" written on
it" src="https://blog.anotherhomepage.org/images/2020/05/martin-sanchez-oMqswmrie4Y-unsplash_mini.jpg">
I already wrote about how to <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">ban Wordpress bruteforce attacks with
Fail2ban</a>. Then,
after my Apache logs, I started to have a look at my ISC Bind name server logs
(because I run my own DNS server). And I noticed some bad stuff in them.
Nothing really terrifying, but serious …</p><p><img alt="Yellow and red sign with "NO drones" written on
it" src="https://blog.anotherhomepage.org/images/2020/05/martin-sanchez-oMqswmrie4Y-unsplash_mini.jpg">
I already wrote about how to <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">ban Wordpress bruteforce attacks with
Fail2ban</a>. Then,
after my Apache logs, I started to have a look at my ISC Bind name server logs
(because I run my own DNS server). And I noticed some bad stuff in them.
Nothing really terrifying, but serious enough to decide to do something about
it. And I learned a thing on <code>dig</code>. More on that later...</p>
<h2>No filter to create, but a hell of a log configuration</h2>
<p>Fail2ban installations come with a boatload of filters. Depending on the
operating system, the installation path may differ, but if you know where your
<code>filter.d</code> directory is, I suggest to have a look at it and check if some of
them can be enabled, depending on the server's role. Basically, these files
tell Fail2ban how to spot bad stuff. And speaking of bad stuff, there is a file
named <code>named-refused</code> that looks for failed zone transfers and denied requests.</p>
<p>The next question is : which log file is needed for the filter to work and what
should be there ? It turns out this filter file is self-documented, and if it's
not already configured, suggests a security logging configuration for Bind.
Here is a copy of it :</p>
<div class="highlight"><pre><span></span><code>logging <span class="o">{</span>
channel security_file <span class="o">{</span>
file <span class="s2">"/var/log/named/security.log"</span> versions <span class="m">3</span> size 30m<span class="p">;</span>
severity dynamic<span class="p">;</span>
print-time yes<span class="p">;</span>
<span class="o">}</span><span class="p">;</span>
category security <span class="o">{</span>
security_file<span class="p">;</span>
<span class="o">}</span><span class="p">;</span>
<span class="o">}</span><span class="p">;</span>
</code></pre></div>
<p>For more information on the logging features of Bind, there is the
<a href="https://downloads.isc.org/isc/bind9/9.11.11/doc/arm/Bv9ARM.ch06.html#logging_grammar">Bind 9 Administrator Reference Manual</a>.</p>
<p>In my personal case, I already had extensive logging options enabled, with a
separate security log file configured.</p>
<h2>Fail2ban jail configuration</h2>
<p>Once the logging part is read, time for some jail configuration ! The minimum
configuration is just enabling the jail, but if the path to the log file is not
the default, it can be reconfigured. The below configuration :</p>
<ul>
<li>enables the jail;</li>
<li>gives the log file's path;</li>
<li>tunes the limit before an IP gets banned.</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="k">[named-refused]</span><span class="w"></span>
<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="w"></span>
<span class="na">logpath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/var/log/named/security.log</span><span class="w"></span>
<span class="na">maxretry</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">3</span><span class="w"></span>
</code></pre></div>
<h2>Fail2ban jail usage</h2>
<p>Now, let's restart the fail2ban service to get the new configurations applied,
and a few seconds later, check everything is working with the command :
<code>fail2ban-client status named-refused</code>. This should work similarly to the
previous blog post.</p>
<h2>And that thing on <code>dig</code> ?</h2>
<p>I run an autoritative-only DNS server, so I have disabled recursion. If something
makes a recurse request, it will be denied and there will be a log entry.
What I learned from these log lines is that by default, the <code>dig</code> tool makes
recurse requests. In order to stop this, it is possible to add
the <code>+norecurse</code> option.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@martinsanchez?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Martin Sanchez</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>let's move back2021-11-23T22:20:00+01:002021-11-23T22:20:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2021-11-23:/post/2021/11/23/lets-move-back/<p><img alt=""End" road sign partially covered with a lot of stickers" src="https://blog.anotherhomepage.org/images/2021/11/patrick-perkins-Pg44v2M2S6k-unsplash_mini.jpg">
So long, and thanks for all the fish !</p>
<p>This blog (exxor.xyz) is closing. If you added this blog's feed to a feed
reader, you can remove it and add <a href="https://blog.anotherhomepage.org">Another Home Page</a>'s
feed instead.</p>
<h2>What's gonna happen ?</h2>
<p>Basically, all the posts here are moving to Another Home Page …</p><p><img alt=""End" road sign partially covered with a lot of stickers" src="https://blog.anotherhomepage.org/images/2021/11/patrick-perkins-Pg44v2M2S6k-unsplash_mini.jpg">
So long, and thanks for all the fish !</p>
<p>This blog (exxor.xyz) is closing. If you added this blog's feed to a feed
reader, you can remove it and add <a href="https://blog.anotherhomepage.org">Another Home Page</a>'s
feed instead.</p>
<h2>What's gonna happen ?</h2>
<p>Basically, all the posts here are moving to Another Home Page, which now uses
the same CMS. I will add HTTP 301 redirects from posts here to there to keep
search engines happy for a while.</p>
<p>If you're reading this on Another Home Page, don't worry. It just means I moved
posts from exxor.xyz here.</p>
<h2>Why ?</h2>
<p>I really enjoyed setting up this blog with <a href="https://blog.getpelican.com/">Pelican</a>,
to the point I wanted to use the same CMS on both blogs. And since Pelican
supports articles translations, I figured it would make more sense to just
have one place to publish. So, this is not good bye, after all :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@patrickperkins?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Patrick Perkins</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Nouvelle migration2021-11-23T21:00:00+01:002021-11-23T21:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2021-11-23:/post/2021/11/23/nouvelle-migration/<p><img alt="Le mot "change" en lumière blanche et reflété sur un sol carrelé." src="https://blog.anotherhomepage.org/images/2021/11/nick-fewings-5RjdYvDRNpA-unsplash_mini.jpg"></p>
<h2>Mais ça a changé par ici ?</h2>
<p>Oui, depuis un peu plus d'une semaine, le look du site a radicalement changé. J'ai fini par suivre "la mode" et à passer d'un blog utilisant un CMS PHP, générant les pages à la demande (modulo un cache), à un CMS en Python générant …</p><p><img alt="Le mot "change" en lumière blanche et reflété sur un sol carrelé." src="https://blog.anotherhomepage.org/images/2021/11/nick-fewings-5RjdYvDRNpA-unsplash_mini.jpg"></p>
<h2>Mais ça a changé par ici ?</h2>
<p>Oui, depuis un peu plus d'une semaine, le look du site a radicalement changé. J'ai fini par suivre "la mode" et à passer d'un blog utilisant un CMS PHP, générant les pages à la demande (modulo un cache), à un CMS en Python générant les pages en statique. Plus exactement je laisse <a href="https://dotclear.org">Dotclear</a> pour <a href="https://blog.getpelican.com/">Pelican</a>.</p>
<h2>Mais pourquoi ?</h2>
<p>Depuis quelques temps l'envie d'utiliser un générateur de contenu statique me plaisait bien. De plus, Pelican me permet d'utiliser la syntaxe <a href="https://en.wikipedia.org/wiki/Markdown" title="Markdown sur Wikipédia">Markdown</a>, que j'apprécie beaucoup. Passer à un site statique me permet de faciliter un éventuel nouveau déménagement ou de faciliter une migration technique, comme il n'y a ni besoin de PHP ou de base de donnée, je pourrais envisager de passer sur un mode d'hébergement différent. Il m'arrive de penser à un futur, encoire lointain, où je n'aurai peut-être plus la motivation de maintenir un serveur web, un serveur d'application ou une base de données. Ce jour-là, un site statique sera facile à déplacer chez n'importe quel hébergement mutualisé.</p>
<h2>Changements impactants</h2>
<p>Passer d'un CMS dynamique à un CMS statique ne s'est pas fait sans heurts. En particulier car malgré son script d'import, la migration de Dotclear vers Pelican n'est pas parfaite. Les slugs ne sont pas conservés, les tags non plus, ni les commentaires. Il m'a fallu revoir tout cela manuellement. Et ce fut long, d'autant plus que j'avais bien d'autres choses à faire à côté.</p>
<p>D'ailleurs pour le moment il n'y a pas de commentaires. Pas de Disqus ou autre, je pense à la rigueur mettre un message avec une adresse mail dédiée aux commentaires, et ensuite mettre à jour les billets. Cela ne devrait pas être trop contraignant, au vu du volume de commentaires des derniers billets.</p>
<p>Cela m'a aussi fait remarquer beaucoup de choses, parfois masquées par le CMS. Par exemple, il m'est arrivé de modifier moi-même les slugs, de planifier des billets à l'avance, et tout cela avait des impacts. J'ai pu compenser certains avec des redirections 301. Dans d'autres cas de figure je me suis rendu compte que la date affichée dans le billet ne correspondait pas à celle du slug. Si jamais certains billets sont en erreur 404, signalez-le via les réseaux sociaux, je ferai mon possible pour corriger au plus vite ! Pour finir, certaines choses ne seront pas corrigées, comme par exemple l'absence de flux RSS pour les commentaires (somme toute assez logique), mais aussi certains formatages d'espace et de caractères spéciaux qui ont changé.</p>
<h2>Le mot de la fin ?</h2>
<p>Bienvenue sur cette nouvelle version d'Another Home Page !</p>
<p><em>Photo par <a href="https://unsplash.com/@jannerboy62?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Nick Fewings</a>, disponible sur <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Remembering Freenode2021-06-15T11:18:00+02:002021-06-15T11:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2021-06-15:/post/2021/06/15/Remembering-Freenode/<p>Today seems to be the day <a href="https://freenode.net/" title="Freenode">Freenode</a> <a href="https://www.devever.net/~hl/freenode_suicide" title=""Freenode">dies</a>, so I thought I would save a little part here.</p>
<p><code>9:06:15 -NickServ(NickServ@services.)- User reg. : May 17 20:16:12 2003 (18y 4w 5d ago)</code></p>Ban bots generating 404 errors with Fail2ban2021-03-17T14:05:00+01:002021-03-17T14:09:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2021-03-17:/post/2021/03/17/ban-bots-generating-404-errors-with-fail2ban/<p><img alt="Wrong way sign, written in white on a red rectangle with an orange light
" src="https://blog.anotherhomepage.org/images/2021/03/neonbrand--Cmz06-0btw-unsplash.jpg">
After a <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">first</a>
and a
<a href="/2020/05/28/ban-repeated-offenders-in-fail2ban-the-recidive-jail/">second</a>
episode on Fail2ban, time for a third one.</p>
<h2>What's happening this time ?</h2>
<p>This time it's again about Wordpress, but for the people not running Wordpress.
It's also about PHPMyAdmin, but for the people not running PHPMyAdmin. I could
go on with a list of …</p><p><img alt="Wrong way sign, written in white on a red rectangle with an orange light
" src="https://blog.anotherhomepage.org/images/2021/03/neonbrand--Cmz06-0btw-unsplash.jpg">
After a <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">first</a>
and a
<a href="/2020/05/28/ban-repeated-offenders-in-fail2ban-the-recidive-jail/">second</a>
episode on Fail2ban, time for a third one.</p>
<h2>What's happening this time ?</h2>
<p>This time it's again about Wordpress, but for the people not running Wordpress.
It's also about PHPMyAdmin, but for the people not running PHPMyAdmin. I could
go on with a list of popular PHP application but you get the idea : you've seen
it in your logs, haven't you ? All those hits on <code>wp-login.php</code>, on
<code>/phpmyadmin/index.php</code>, some variations, even some other PHP applications, but
they're not installed, resulting in massive 404 errors filling the error log
file.</p>
<p>All these hits come from bots, trying to bruteforce their way into Wordpress
blogs or phpMyAdmin instances.</p>
<h2>What are our options ?</h2>
<p>Thankfully, all we need is already in Fail2ban : filters are present in
the <code>filters.d/</code> subdirectory. Let's review them for Apache, but don't worry
Nginx users, there are corresponding files.</p>
<p>The files are:
* apache-common.conf
* botsearch-common.conf
* apache-botsearch.conf</p>
<h2>Now on to the jail configuration file</h2>
<p>Since we don't need to create a filter, let's skip to the jail configuration
file. Nothing fancy here, this is just a tiny variation on the jail already
shown in the post about blocking Wordpress bruteforce attacks.</p>
<div class="highlight"><pre><span></span><code><span class="k">[bot-jail]</span><span class="w"></span>
<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="w"></span>
<span class="na">filter</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">apache-botsearch[webroot="/path/to/documentroot/"]</span><span class="w"></span>
<span class="na">logpath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/path/to/error.log"</span><span class="w"></span>
<span class="na">maxretry</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">3</span><span class="w"></span>
</code></pre></div>
<p>Of course, the <code>maxretry</code> option can be adjusted following the needs, but I
think a value of 3 to 5 is low enough to be sure the 404 errors come from a
robot and not from a human.</p>
<p>I hope you enjoyed this post, as the rest of this series. If you did, please
share it on your favorite social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@neonbrand?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">NeONBRAND
</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Get client public ip address with Server Side Includes2020-06-22T00:00:00+02:002020-06-22T08:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-06-22:/post/2020/06/22/get-client-public-ip-address-with-server-side-includes/<p><img alt="White TV remote with batteries included on a gray couch
" src="https://blog.anotherhomepage.org/images/2020/06/batteries_included.jpg">
In a previous episode I showed how to use only a static Nginx configuration to
<a href="/2020/06/XX/get-client-public-ip-address-with-nginx/">display the client IP
address</a>. This is fun,
but I thought things could get funnier and compatible with more web servers,
while still not using a big dynamic language like PHP or Python.</p>
<p>Although as …</p><p><img alt="White TV remote with batteries included on a gray couch
" src="https://blog.anotherhomepage.org/images/2020/06/batteries_included.jpg">
In a previous episode I showed how to use only a static Nginx configuration to
<a href="/2020/06/XX/get-client-public-ip-address-with-nginx/">display the client IP
address</a>. This is fun,
but I thought things could get funnier and compatible with more web servers,
while still not using a big dynamic language like PHP or Python.</p>
<p>Although as not as featurefull as PHP or Python, I noticed a lot of things are
available in the Server Side Includes (SSI). One of the little gems available
are HTTP headers, ready to get displayed in a simple HTML page.</p>
<h2>Enable SSI on your web server</h2>
<p>First of all, let's enable SSI in the web server. This differs depending on the
web server software, but well documented. I'm not going to rewrite them, so
here are links to the most-used ones:</p>
<ul>
<li>Nginx <a href="https://www.nginx.com/resources/wiki/start/topics/examples/dynamic_ssi/">Dynamic SSI Example</a>;</li>
<li><a href="https://httpd.apache.org/docs/current/en/howto/ssi.html">Apache httpd Tutorial: Introduction to Server Side Includes</a>;</li>
<li>Lighttpd <a href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSSI">Server-Side Includes</a>.</li>
</ul>
<h2>What variable to use in your page</h2>
<p>Now that the SSI is enabled, getting the client public IP address is just a
matter of creating an HTML page with this content:</p>
<div class="highlight"><pre><span></span><code><span class="cm"><!--#echo var="REMOTE_ADDR" --></span>
</code></pre></div>
<p>More variables are available, here is another example with the user-agent:</p>
<div class="highlight"><pre><span></span><code><span class="cm"><!--#echo var="HTTP_USER_AGENT" --></span>
</code></pre></div>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by me :)</em></p>Get client public ip address with nginx2020-06-15T00:00:00+02:002020-06-15T08:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-06-15:/post/2020/06/15/get-client-public-ip-address-with-nginx/<p><img alt="Random typography letters
" src="https://blog.anotherhomepage.org/images/2020/06/amador-loureiro-BVyNlchWqzs-unsplash.jpg">
Because of some automated cronjob, I need a script to get the public IP address
associated to the host's Internet connection. There are a ton of websites that
show you your public IP address, but it's not always easy to parse HTML with a
simple shell script, and I do …</p><p><img alt="Random typography letters
" src="https://blog.anotherhomepage.org/images/2020/06/amador-loureiro-BVyNlchWqzs-unsplash.jpg">
Because of some automated cronjob, I need a script to get the public IP address
associated to the host's Internet connection. There are a ton of websites that
show you your public IP address, but it's not always easy to parse HTML with a
simple shell script, and I do prefer self-hosted solutions.</p>
<p>Now, there are a lot of ways to do it, and I went for something simple,
requiring just Nginx. No CGI, no PHP or some high-level language.</p>
<p>So here it is :</p>
<div class="highlight"><pre><span></span><code><span class="k">location</span><span class="w"> </span><span class="s">/ip</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">default_type</span><span class="w"> </span><span class="s">text/plain</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="s">"</span><span class="nv">$remote_addr\n"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>This does just what it's made to do, plain and simple. So simple I'm not sure
what to add. Maybe one thing : you can add some more locations with some other
variables if you need them, such as <code>$http_user_agent</code> for the user agent. More
variables can be found in the <a href="https://nginx.org/en/docs/varindex.html">Nginx
documentation</a>.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@amadorloureiroblanco?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Amador Loureiro
</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>generate random TCP or UDP traffic with netcat2020-06-01T00:00:00+02:002020-06-01T20:55:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-06-01:/post/2020/06/01/generate-random-tcp-or-udp-traffic-with-netcat/<p><img alt="A walk among crystal clear lakes in Plitvice, Croatia
" src="https://blog.anotherhomepage.org/images/2020/06/jonatan-pie-OPOg0fz5uIs-unsplash.jpg">
The other day at <code>${DAYJOB}</code>, I needed to debug some firewall rules. When the
protocols are quite simple to configure (e.g. HTTP/S), running the client is
also simple (e.g. curl, wget). When things are more complicated to set up (e.g.
VPN), sometimes it's faster to just …</p><p><img alt="A walk among crystal clear lakes in Plitvice, Croatia
" src="https://blog.anotherhomepage.org/images/2020/06/jonatan-pie-OPOg0fz5uIs-unsplash.jpg">
The other day at <code>${DAYJOB}</code>, I needed to debug some firewall rules. When the
protocols are quite simple to configure (e.g. HTTP/S), running the client is
also simple (e.g. curl, wget). When things are more complicated to set up (e.g.
VPN), sometimes it's faster to just throw random stuff on a port to check on
the firewall side of things, and configure the client or server later.</p>
<p>When playing with TCP, the easiest tool for this job is <code>telnet</code>. However, this
one time at <code>${DAYJOB}</code>, it was UDP traffic. Time to play with netcat.</p>
<p>The first step is to open a connection to a port. For this example, let's try
TCP port 80 (HTTP) to a host named <code>lolcathost</code> :</p>
<div class="highlight"><pre><span></span><code>nc lolcathost <span class="m">80</span>
</code></pre></div>
<p>Then you can send some data by typing in. Ideally, this should be valid HTTP
commands if you really connect to an actual HTTP server. You can end this with
a simple <code>Ctrl+C</code>.</p>
<p>Let's try again, this time with UDP port 5900 (VNC): </p>
<div class="highlight"><pre><span></span><code>nc -u lolcathost <span class="m">5900</span>
</code></pre></div>
<p>You can manually send data the same way.</p>
<p>If you want to send data in a one-liner and quit netcat:</p>
<div class="highlight"><pre><span></span><code><span class="nb">echo</span> foobar <span class="p">|</span> nc -u lolcathost <span class="m">5900</span>
</code></pre></div>
<p>And then if you want to send loads of random data, just throw in <code>/dev/random</code>
or <code>/dev/urandom</code>:</p>
<div class="highlight"><pre><span></span><code>nc -u lolcathost <span class="m">5900</span> < /dev/random
</code></pre></div>
<p>Please bear in mind these commands may or may not work depending on what's
listening on the other side of the network, or the netcat implementation.
Writing this blog post made me notice, in addition to the OpenBSD and GNU
versions, that the Nmap team created one called Ncat (now included on default
installs in Fedora, RHEL and CentOS), and Apple added options to their BSD
variant.</p>
<p>You can also find more examples on the <a href="https://en.wikipedia.org/wiki/Netcat">Wikipedia
page</a>. Seriously, this page is a quality
read.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@r3dmax?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Jonatan Pie
</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Ban repeated offenders in Fail2ban: the recidive jail2020-05-28T22:00:00+02:002020-05-28T22:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-05-28:/post/2020/05/28/ban-repeated-offenders-in-fail2ban-the-recidive-jail/<p><img alt="a sledgehammer on a red and brown ground
" src="https://blog.anotherhomepage.org/images/2020/05/obi-onyeador--xoXlVmsH6I-unsplash.jpg">
After a <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">first episode</a> on Fail2ban focused on Wordpress bruteforce attacks, I thought it would be a useful to go back to something more generic. Fail2ban is mainly used to stop SSH bruteforce attacks, or at least that's how I see it used, with the good old <code>sshd</code> jail. However …</p><p><img alt="a sledgehammer on a red and brown ground
" src="https://blog.anotherhomepage.org/images/2020/05/obi-onyeador--xoXlVmsH6I-unsplash.jpg">
After a <a href="/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/">first episode</a> on Fail2ban focused on Wordpress bruteforce attacks, I thought it would be a useful to go back to something more generic. Fail2ban is mainly used to stop SSH bruteforce attacks, or at least that's how I see it used, with the good old <code>sshd</code> jail. However, IP addresses are not banned for ever.</p>
<h2>When the ban ends</h2>
<p>An IP address gets banned for two reasons: either your fingers let you down,
or you are trying to find your (unauthorized) way on a remote system. In the
first reason, you just have to wait (or ask a friend or coworker to unban you)
betwean a few minutes and a few hours, depending on the <code>bantime</code> setting.</p>
<p>If you are bruteforcer, when you get banned, it's basically useless to continue
hammering your target. At least for the time you get banned. It's better to
move on to another target. However it can pay off to come back later, and
continue where you left things off. In the case of an SSH bruteforce attack, I
mean "go on with the rest of the dictionary". And what happens next ? Either
succeed, either you (most probably) get banned again. Rinse and repeat.</p>
<p>From the under attack system stand point, this means watching the same IP in
the logfile generating failed authentication messages, and getting banned
again. And over and over. So instead of your authentication log file, that's
fail2ban log file that gets filled up.</p>
<h2>What are our options ?</h2>
<p>When that happens, the options are:</p>
<ol>
<li>Ban forever;</li>
<li>Increase ban time;</li>
<li>Use the recidive jail.</li>
</ol>
<p>Option number 1 may be the most effective, yet the most dangerous if you are
just clumsy (I include myself in the clumsy ones).</p>
<p>Option number 2 is less extreme, but it's tricky to find the sweet spot between
too much comebacks from bruteforcers and too much time to wait if you get
banned.</p>
<p>Let's explore option number 3: the recidive jail.</p>
<h2>Enter the recidive jail</h2>
<p>The recidive jail is nothing but another filter and jail configuration. What's
make it special ? It monitors the Fail2ban log file, so there is only one jail
to configure for recidive on all the other jails.</p>
<p>A simple recidive jail configuration would be :</p>
<div class="highlight"><pre><span></span><code><span class="k">[recidive]</span><span class="w"></span>
<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="w"></span>
</code></pre></div>
<p>Simple as that. By default, this jail has the following settings:</p>
<ul>
<li>bans last one week;</li>
<li>looks for repeated offenders in the last one day.</li>
</ul>
<p>A bit of warning, though: don't rename you jail, because the filter
looks for it in order to avoid multiple counts of the same IP address. You can
set up a different name and have the filter look for it, but in my opinion,
this is adding useless complexity and looking for trouble.</p>
<p>Those two lines of configuration should ensure insisting bruteforcers stay away
from your system.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@thenewmalcolm?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Obi Onyeador
</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Create miniatures of pictures with ImageMagick2020-05-21T17:42:00+02:002020-05-21T17:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-05-21:/post/2020/05/21/create-miniatures-of-pictures-with-imagemagick/<p><img alt="2 eggs, a small one on the left and a big one on the
right" src="https://blog.anotherhomepage.org/images/2020/05/daniele-levis-pelusi-4mpsEm3EGak-unsplash_mini.jpg">
A while ago, I started to add some illustration pictures to my blog posts,
usually on the start. It's now part of the fun of writing a blog post : I like
that moment where I'm looking for something relevant to the article but find
something totally different (yet still relevant …</p><p><img alt="2 eggs, a small one on the left and a big one on the
right" src="https://blog.anotherhomepage.org/images/2020/05/daniele-levis-pelusi-4mpsEm3EGak-unsplash_mini.jpg">
A while ago, I started to add some illustration pictures to my blog posts,
usually on the start. It's now part of the fun of writing a blog post : I like
that moment where I'm looking for something relevant to the article but find
something totally different (yet still relevant).
For example, I hoped to find a picture where we could see 2
cars, the regular one on one side, and the miniature toy on the other. I guess
the eggs will do just fine. But this is not about eggs...</p>
<p>The fun stops at the moment I get the picture but want to make it smaller, like
230 pixels wide. I could just go with the full size and render it smaller with
CSS, but, hey, I'm thinking about low-bandwith connections, and I'm a
<a href="https://gtmetrix.com">GTmetrix</a> junkie (mostly the latter).</p>
<p>At the beginning of all this, I took the habit of firing up
<a href="https://www.gimp.org">Gimp</a>, and resize the picture. But this takes too long.
This is too manual. I always want the same thing : the picture gets resized to
a 230 pixels width, and automatic height so it keeps its proportions. This can
be... automated ?</p>
<p>Turns out, there's an app for that : <a href="https://imagemagick.org">ImageMagick</a>.
This tool makes wonders. Not only when used behind a PHP module, but also on
the command-line. Back to my egg thing, I then just need to invoke the <code>magick</code>
tool (pun intended) :</p>
<div class="highlight"><pre><span></span><code>magick mogrify -resize <span class="m">230</span> -format jpg -write
danielle-levis-pelusi-4mpsEm3EGak-unsplash_mini.jpg daniele-levis-pelusi-4mpsEm3EGak-unsplash.jpg
</code></pre></div>
<p>So, this command uses the <code>mogrify</code> sub-program to resize the image to a 230
pixels width, without specifying the height, which gets handled automagically.
The output format is specified, and I want to write the output to another file
(because, we never know, I might want to do something else with the source
image. Of course <code>mogrify</code> can do more, and is well
<a href="https://imagemagick.org/script/mogrify.php">documented</a>. Looks like it does
the job, right ? I'm not finished yet. I can imagine a lot of things when I'm
lazy, and I feel super-lazy. </p>
<p>So here comes the <code>minigen.sh</code> awesome script, the result of years of
engineering by the top people from... no, actually it took me about 15 minutes
and a quick visit to <a href="https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash">Stack
Overflow</a>
because I can't remember the shell parameter expansion capabilities. So here it
is :</p>
<div class="highlight"><pre><span></span><code><span class="ch">#! /usr/bin/env bash</span>
<span class="nv">source_path</span><span class="o">=</span><span class="si">${</span><span class="nv">1</span><span class="si">}</span>
<span class="nv">file_name</span><span class="o">=</span><span class="k">$(</span>basename -- <span class="s2">"</span><span class="si">${</span><span class="nv">source_path</span><span class="si">}</span><span class="s2">"</span><span class="k">)</span>
<span class="nv">dir_name</span><span class="o">=</span><span class="k">$(</span>dirname -- <span class="s2">"</span><span class="si">${</span><span class="nv">source_path</span><span class="si">}</span><span class="s2">"</span><span class="k">)</span>
<span class="nv">extension</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">file_name</span><span class="p">##*.</span><span class="si">}</span><span class="s2">"</span>
<span class="nv">file_noext</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">file_name</span><span class="p">%.*</span><span class="si">}</span><span class="s2">"</span>
magick mogrify -resize <span class="m">230</span> -format <span class="si">${</span><span class="nv">extension</span><span class="si">}</span> -write
<span class="si">${</span><span class="nv">dir_name</span><span class="si">}</span>/<span class="si">${</span><span class="nv">file_noext</span><span class="si">}</span>_mini.<span class="si">${</span><span class="nv">extension</span><span class="si">}</span> <span class="si">${</span><span class="nv">source_path</span><span class="si">}</span>
</code></pre></div>
<p>This script :</p>
<ul>
<li>uses the path to the source file to write the target file;</li>
<li>appends a suffix to the name, before the extension;</li>
<li>keeps the format of the image;</li>
<li>and does the resizing stuff.</li>
</ul>
<p>I could do more, like checking the input is actually an image file, but I'm
pretty sure ImageMagick will do this better than me.</p>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@yogidan2012?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Daniele Levis Pelusi</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Ban Wordpress bruteforce attacks with Fail2ban2020-05-06T22:30:00+02:002020-05-31T23:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-05-06:/post/2020/05/06/ban-wordpress-bruteforce-attacks-with-fail2ban/<p><img alt="door sign with "stage door band and crew only" written on
it" src="https://blog.anotherhomepage.org/images/2020/05/seabass-creatives-U3m4_cKbUfc-unsplash.jpg">
Nowadays, bruteforce attacks on Wordpress blogs are common, and defending
against them is quite documented. However, I feel my setup is unusual, so I
thought it was worth a blog post. What's the goal ? I want to stop Wordpress
bruteforce attacks using Fail2ban.</p>
<h2>So you just have to install this …</h2><p><img alt="door sign with "stage door band and crew only" written on
it" src="https://blog.anotherhomepage.org/images/2020/05/seabass-creatives-U3m4_cKbUfc-unsplash.jpg">
Nowadays, bruteforce attacks on Wordpress blogs are common, and defending
against them is quite documented. However, I feel my setup is unusual, so I
thought it was worth a blog post. What's the goal ? I want to stop Wordpress
bruteforce attacks using Fail2ban.</p>
<h2>So you just have to install this little plugin...</h2>
<p>Yeah, thank you but no thank you. One of my constraints is that I don't have
control over the Wordpress installations I want to protect. So I'd rather not
use <a href="https://wordpress.org/plugins/wp-fail2ban/">WP fail2ban</a>. Another thing
that annoys me is some of the late reviews indicating the plugin is not so
great. Hopefully, there is a work around.</p>
<h2>About Wordpress authentication</h2>
<p>In my research, I stumbled upon an article giving details on the authentication
pages in Wordpress, <code>wp-login.php</code> and <code>xmlrpc.php</code>, but I could not find it
again. Instead, I tried it for myself and noticed, when a POST request is sent
to these urls, the HTTP status code is:</p>
<ul>
<li>200 when authentication has failed;</li>
<li>302 when authentication is successful.</li>
</ul>
<p>We can now build a fail2ban filter around this, by looking for POST requests
on <code>wp-login.php</code> or <code>xmlrpc.php</code> that get a status code of 200 in Apache's
access log file.</p>
<h2>Fail2ban filter configuration</h2>
<p>The fail2ban configuration directory contains a sub-directory named <code>filter.d</code>,
where all the filters are. That's were I added my custom filter, in a file
called <code>wordpress.conf</code> (very original, isn't it ?) :</p>
<div class="highlight"><pre><span></span><code><span class="k">[Definition]</span><span class="w"></span>
<span class="na">failregex</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">^<HOST>\ \-.*\"POST\ \/(wp-login\.php|xmlrpc\.php) HTTP\/1\..*\"</span><span class="w"></span>
<span class="na">200</span><span class="w"></span>
<span class="na">ignoreregex</span><span class="w"> </span><span class="o">=</span><span class="w"></span>
</code></pre></div>
<p>The regular expression is tailored to my Apache access log file format, which is
<code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""</code>, and defined
in the <code>LogFormat</code> directive.</p>
<h2>Fail2ban jail configuration</h2>
<p>Now that the filter is ready, time to create the jail itself. As for the
filters, there is a <code>jail.d</code> sub-directory, where I created a dedicated file
for the jail :</p>
<div class="highlight"><pre><span></span><code><span class="k">[wordpress-jail]</span><span class="w"></span>
<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="w"></span>
<span class="na">filter</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">wordpress</span><span class="w"></span>
<span class="na">logpath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/path/to/website/log/access.log</span><span class="w"></span>
<span class="na">maxretry</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">10</span><span class="w"></span>
</code></pre></div>
<p>Something interesting, multiple jails can use the same filter. In my case, this
can be useful, I can create one jail for each hosted Wordpress blog, and
regroup them in the same jail file.</p>
<h2>Fail2ban usage</h2>
<p>Now, let's restart the fail2ban service to get the new configurations applied,
and a few seconds later, check everything is working with the command :
<code>fail2ban-client status wordpress-jail</code>. In this example, the jail is named
<code>wordpress-jail</code> but it can be something else. The output should look like the
following (of course this one has been redacted):</p>
<div class="highlight"><pre><span></span><code>Status <span class="k">for</span> the jail: wordpress-jail
<span class="p">|</span>- Filter
<span class="p">|</span> <span class="p">|</span>- Currently failed: <span class="m">4</span>
<span class="p">|</span> <span class="p">|</span>- Total failed: <span class="m">4</span>
<span class="p">|</span> <span class="sb">`</span>- File list: /path/to/website/log/access.log
<span class="sb">`</span>- Actions
<span class="p">|</span>- Currently banned: <span class="m">3</span>
<span class="p">|</span>- Total banned: <span class="m">3</span>
<span class="sb">`</span>- Banned IP list: <span class="m">10</span>.254.35.161 <span class="m">10</span>.254.74.30 <span class="m">10</span>.254.74.31
</code></pre></div>
<p>I hope you enjoyed this post ! If you did, please share it on your favorite
social networks :-)</p>
<p><em>Photo by <a href="https://unsplash.com/@sebbb?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">seabass
creatives</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>A fresh start2020-05-02T16:30:00+02:002020-05-02T16:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2020-05-02:/post/2020/05/02/a-fresh-start/<p><img alt=""start here" written on the ground with pink chalk" src="https://blog.anotherhomepage.org/images/2020/05/gia-oris-_uM5_nG2ssc-unsplash.jpg">
Welcome to my new personal blog !</p>
<p>Wait... what ? Why a new blog, what's going on here and what's gonna happen on
the previous one ? What's the URL of the previous one already ? Alright, then,
let's start by answering questions about what already exists, and then talk
about the future.</p>
<p>Oh …</p><p><img alt=""start here" written on the ground with pink chalk" src="https://blog.anotherhomepage.org/images/2020/05/gia-oris-_uM5_nG2ssc-unsplash.jpg">
Welcome to my new personal blog !</p>
<p>Wait... what ? Why a new blog, what's going on here and what's gonna happen on
the previous one ? What's the URL of the previous one already ? Alright, then,
let's start by answering questions about what already exists, and then talk
about the future.</p>
<p>Oh, and if you don't know who I am, I suggest you take a look at this page.
You'll know me better after this.</p>
<h2>About the "previous" blog</h2>
<p>If you speak french, go have a read at <a href="https://blog.anotherhomepage.org">Another Home Page</a>.
This is the "previous" blog. Well, not so previous, I do intend to keep it
online, and if time and will allow, I'll write again on it. Moreover, I still
use the anotherhomepage.org domain name for a lot of stuff, including personal
e-mails, so it's here to stay. </p>
<h2>Then why this ?</h2>
<p>The truth is, I wanted to experiment more. Another Home Page works great, a
little too great, almost boring. Boring should be good, right ? But it's not
only about the blogging software. To sum it up, here is what I'd like to try :</p>
<ul>
<li>writing in English;</li>
<li>using a different blogging software, something that's not the usual suspects
(read: not Wordpress/Drupal/Joomla/insert your favorite PHP CMS);</li>
<li>I do not want to impact my existing stuff (I'm wondering if writing about it
on this page is not already impacting all the existing stuff).</li>
</ul>
<p>So, trying to write blog posts from Vim, in English, using a static blog
generator seems like a good idea, at least not a boring one. And if this does
not work out, I could simple park it in a free tier Amazon S3, Github Pages or
somewhere else to avoid the maintenance burden.</p>
<h2>What content is going to land where ?</h2>
<p>I usually write about sysadmin, Free software, and other technical stuff. So I
think I'll write them here in English, and translate them in French for the
Another Home Page blog. If I'm not too lazy.</p>
<p>Thanks for reading, I hope you'll come back soon !</p>
<p><em>Photo by <a href="https://unsplash.com/@giabyte?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Gia
Oris</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>.</em></p>Bind : automatiser la mise à jour d'entrées DNS2019-07-08T09:30:00+02:002019-07-08T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2019-07-08:/post/2019/07/08/bind-mise-a-jour-automatique-dns/<p><img alt=""to be completed"" src="https://blog.anotherhomepage.org/public/2019/busyfreewaytrafficatnight.jpg">J'ai eu récemment à configurer un accès vers une machine dont l'adresse IP n'est pas fixe (typiquement derrière une box ADSL dont l'abonnement ne propose pas d'IP fixe). J'avais déjà mis en place un accès similaire il y a quelques années, mais je n'en avais pas fait de billet, voici …</p><p><img alt=""to be completed"" src="https://blog.anotherhomepage.org/public/2019/busyfreewaytrafficatnight.jpg">J'ai eu récemment à configurer un accès vers une machine dont l'adresse IP n'est pas fixe (typiquement derrière une box ADSL dont l'abonnement ne propose pas d'IP fixe). J'avais déjà mis en place un accès similaire il y a quelques années, mais je n'en avais pas fait de billet, voici donc l'occasion.</p>
<h3>Plantons un peu le décor</h3>
<p>Je suis donc dans la situation suivante : la machine, sous NetBSD, dispose d'un accès Internet derrière une box ADSL fournissant une IPv4 dynamique. Je dispose d'un nom de domaine, d'un serveur DNS public, ainsi que d'un serveur web public. En dehors des éléments, je ne souhaite pas compter sur un service tiers supplémentaire. L'idée est donc la suivante : depuis la machine en question, réussir à obtenir son adresse IP publique de sortie, et aller la donner au serveur DNS pour qu'il mette à jour une entrée afin que la dite machine soit accessible (pour un accès SSH ou HTTPS par exemple).</p>
<h3>Étape 1 : connaître son adresse IP publique</h3>
<p>Pour cette première étape, j'ai choisi d'utiliser un serveur web existant, qui tourne sous Nginx. Celui-ci me permet d'afficher l'adresse IP du client, sans utiliser de script supplémentaire PHP, Python ou autre. J'ai ajouté la configuration suivante dans mon virtual host :</p>
<div class="highlight"><pre><span></span><code><span class="k">location</span><span class="w"> </span><span class="s">/myip</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">default_type</span><span class="w"> </span><span class="s">text/plain</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="s">"</span><span class="nv">$remote_addr"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>Une fois Nginx relancé, je peux lancer une requête via un navigateur, wget ou curl pour afficher mon adresse IP :</p>
<div class="highlight"><pre><span></span><code>$ curl http://www.example.org/myip
<span class="m">109</span>.XXX.YYY.ZZZ
</code></pre></div>
<h3>Étape 2 : mettre à jour une entrée DNS sans les mains</h3>
<p>Cette deuxième étape commence par la création, manuelle, d'une nouvelle entrée de type A dans la zone DNS. Je ne détaille cette création, elle est en théorie assez basique pour toute personne qui a déjà monté un serveur DNS. Par contre il va falloir mettre à jour régulièrement cet enregistrement. Pour ne pas avoir à le mettre à jour manuellement, j'ai utilisé <a href="https://en.wikipedia.org/wiki/Nsupdate" title=""nsupdate">nsupdate</a>. Cet outil repose sur la <a href="https://tools.ietf.org/html/rfc2136" title=""RF">RFC 2136</a>, ce qui a l'avantage d'être ouvert et documenté, et de ne pas être une solution bricolée maison à base de sed dans le fichier de zone en direct.</p>
<p>Pour utiliser nsupdate, il faut commencer par créer une paire de clés TSIG sur le client, et ensuite autoriser la clé publique au niveau du serveur DNS. L'outil <em>dnssec-keygen</em> va nous aider pour la création de clés :</p>
<div class="highlight"><pre><span></span><code>$ dnssec-keygen -a HMAC-SHA256 -b <span class="m">256</span> -n HOST dynamic.example.org
Kdynamic.example.org.+163+16284
</code></pre></div>
<p>On notera que l'option -a permet de choisir l'algorithme cryptographique, -b la taille de clé, et l'option -n spécifie le type d'entrée à laquelle se destine cette paire de clés.2 fichiers sont alors produits, dans notre exemples ils se nomment <em>Kdynamic.example.org.+163+16284.key</em> (la clé publique) et <em>Kdynamic.example.org.+163+16284.private</em> (la clé privée). La clé publique a cette tête :</p>
<div class="highlight"><pre><span></span><code>$ cat Kdynamic.example.org.+163+16284.key
dynamic.example.org. IN KEY <span class="m">512</span> <span class="m">3</span> <span class="m">163</span> EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4<span class="o">=</span>
</code></pre></div>
<p>Quant à la clé privée :</p>
<div class="highlight"><pre><span></span><code>$ cat Kdynamic.example.org.+163+16284.private
Private-key-format: v1.3
Algorithm: <span class="m">163</span> <span class="o">(</span>HMAC_SHA256<span class="o">)</span>
Key: EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4<span class="o">=</span>
Bits: <span class="nv">AAA</span><span class="o">=</span>
Created: <span class="m">20181112210734</span>
Publish: <span class="m">20181112210734</span>
Activate: <span class="m">20181112210734</span>
</code></pre></div>
<p>Note : je n'ai pas de problème à divulguer cette clé, car je l'ai volontairement générée à des fins d'exemple. Bien entendu, il ne fait pas divulguer sa clé privée ;)</p>
<p>Maintenant, autorisons notre clé publique au niveau du serveur DNS Bind. Cela se situe directement dans le fichier de configuration <em>named.conf</em>, et cela se passe en deux parties. La première consiste à déclarer la clé publique :</p>
<div class="highlight"><pre><span></span><code>key <span class="s2">"dynamic.example.org."</span> <span class="o">{</span>
algorithm HMAC-SHA256<span class="p">;</span>
secret <span class="s2">"EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4="</span><span class="p">;</span>
<span class="o">}</span><span class="p">;</span>
</code></pre></div>
<p>Attention, il faut bien préciser le même algorithme que lors de la génération de clés.</p>
<p>La deuxième partie consiste à autoriser cette clé publique au niveau de la configuration de la zone DNS sur laquelle je souhaite agir :</p>
<div class="highlight"><pre><span></span><code><span class="n">zone</span><span class="w"> </span><span class="s2">"example.org"</span><span class="w"> </span><span class="n">IN</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="k">master</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="s2">"/var/named/master/example.org"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">allow</span><span class="o">-</span><span class="n">transfer</span><span class="w"> </span><span class="p">{</span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.53</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">allow</span><span class="o">-</span><span class="n">query</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">any</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">update</span><span class="o">-</span><span class="n">policy</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">grant</span><span class="w"> </span><span class="n">dynamic</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">dynamic</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">CNAME</span><span class="w"> </span><span class="n">TXT</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">grant</span><span class="w"> </span><span class="n">dynamic2</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">dynamic2</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">CNAME</span><span class="w"> </span><span class="n">TXT</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="p">};</span><span class="w"></span>
</code></pre></div>
<p>Il s'agit d'une déclaration relativement classique, mais on notera la présence d'une directive <em>update-policy</em> dans laquelle j'autorise ma clé (définie par le nom lors de la génération par <em>dnssec-keygen</em>) à modifier un enregistrement DNS (définie par <em>name</em> puis son nom) des types décrits après (ici, mon enregistrement peut être de type A, CNAME ou TXT). L'exemple ci-dessus propose même deux enregistrements modifiés par deux clés différentes.</p>
<p>On peut alors utiliser nsupdate. Créons un fichier qui va contenir les données à pousser vers le serveur DNS :</p>
<div class="highlight"><pre><span></span><code>$ cat dnsupdate.txt
server ns0.example.org
zone example.org.
update delete dynamic.example.org.
update add dynamic.example.org. <span class="m">180</span> A <span class="m">10</span>.13.37.92
show
send
</code></pre></div>
<p>Ensuite, lançons nsupdate :</p>
<div class="highlight"><pre><span></span><code>nsupdate -k ./Kdynamic.example.org.+163+16284.private -v ./dnsupdate.txt
</code></pre></div>
<p>Si tout se passe bien, l'enregistrement DNS devrait être à jour. Pour se faciliter les tests, on peut, lors de la création de celui-ci, mettre une valeur volontairement erronée, et constater qu'une fois nsupdate lancé, la valeur est correcte.</p>
<h3>Étape 3 : on secoue bien fort</h3>
<p>Maintenant qu'on a tous les outils, il ne reste plus qu'à tout englober ensemble dans un script à glisser dans une tâche cron. Voici, dessous, le script que j'ai fait pour l'exemple. Bien entendu, il utilise la méthode "La Rache" et mériterait un peu plus de rigueur dans son développement. Mais c'est un début, fonctionnel et simple à comprendre.</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/usr/pkg/bin/bash</span>
<span class="nb">set</span> -x
<span class="nv">curl_bin</span><span class="o">=</span><span class="k">$(</span>which curl<span class="k">)</span>
<span class="nv">curl_opts</span><span class="o">=</span><span class="s2">"-s"</span>
<span class="nv">dig_bin</span><span class="o">=</span><span class="k">$(</span>which dig<span class="k">)</span>
<span class="nv">nsupdate_bin</span><span class="o">=</span><span class="k">$(</span>which nsupdate<span class="k">)</span>
<span class="nv">ip_check_service</span><span class="o">=</span><span class="s2">"http://www.example.org/myip"</span>
<span class="nv">keyfile</span><span class="o">=</span><span class="s2">"/home/nils/keys/Kdynamic.example.org.+163+16284.private"</span>
<span class="nv">current_ip</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">curl_bin</span><span class="si">}</span> <span class="si">${</span><span class="nv">curl_opts</span><span class="si">}</span> <span class="si">${</span><span class="nv">ip_check_service</span><span class="si">}</span><span class="k">)</span>
<span class="nv">current_reverse</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">dig_bin</span><span class="si">}</span> +short @ns1.fdn.org -x <span class="si">${</span><span class="nv">current_ip</span><span class="si">}</span><span class="k">)</span>
<span class="nv">previous_cname</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">dig_bin</span><span class="si">}</span> +short @ns0.example.org dynamic.example.org<span class="k">)</span>
<span class="nv">dns_server</span><span class="o">=</span><span class="k">$(</span>dig +short -t A ns0.example.org<span class="k">)</span>
cat > /tmp/majdnscloud.txt <span class="s"><< EOF</span>
<span class="s">server ${dns_server}</span>
<span class="s">zone example.org.</span>
<span class="s">update delete dynamic.example.org.</span>
<span class="s">update add dynamic.example.org. 180 CNAME ${current_reverse}</span>
<span class="s">show</span>
<span class="s">send</span>
<span class="s">EOF</span>
nsupdate -k <span class="si">${</span><span class="nv">keyfile</span><span class="si">}</span> -v /tmp/majdnscloud.txt
rm -f /tmp/majdnscloud.txt
</code></pre></div>
<h3>Autres possibilités ?</h3>
<p>Il se peut qu'on ne dispose pas de ressource pour installer un serveur qui donnerait notre IP publique de sortie, il est alors possible d'utiliser un service tiers. J'en utilise occasionnellement deux : <a href="https://www.whatsmyip.org/" title=""What's">What's My IP</a> et <a href="https://ipchicken.com/" title=""IP">IP chicken</a>.</p>
<p>Pour ce qui est de la mise à jour automatisée d'un enregistrement DNS, selon le registrar, il est possible que celui-ci le propose via une API, comme <a href="https://doc.livedns.gandi.net/" title=""Gandi">Gandi LiveDNS</a> par exemple.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/iR8m2RRo-z4" title=""Jake">Jake Givens - Busy freeway traffic at night</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 08/07/2019 22:37 par cmic</h3>
<p>Hello
Cool. Je me souviens d'avoir écrit la même chose (ou presque) en Perl pour mettre ma zone à jour avec l'ajout ou la suppression d'un PC ou d'un serveur ; avec maj du reverse également.
cmic, Sysadmin à la retraite...</p>
<h3>Le 09/07/2019 19:53 par user</h3>
<blockquote>
<p>grant dynamic.anotherhomepage.org. name dynamic.anotherhomepage.org. A CNAME TXT;
grant dynamic2.anotherhomepage.org. name dynamic2.anotherhomepage.org. A CNAME TXT;</p>
</blockquote>
<p>Ça ne devrait pas être « grant dynamic.example.org. » vu le nom des clés générées au-dessus ?</p>
<p>Merci pour le tuto :)</p>
<h3>Le 09/07/2019 22:05 par Nils</h3>
<p>@user : en fait non, comme j'indique avec maladresse dans mon billet :</p>
<div class="highlight"><pre><span></span><code><span class="n">L</span><span class="p">'</span><span class="n">exemple</span><span class="w"> </span><span class="n">ci</span><span class="o">-</span><span class="n">dessus</span><span class="w"> </span><span class="n">propose</span><span class="w"> </span><span class="n">même</span><span class="w"> </span><span class="n">deux</span><span class="w"> </span><span class="n">enregistrements</span><span class="w"> </span><span class="n">modifiés</span><span class="w"> </span><span class="n">par</span><span class="w"> </span><span class="n">deux</span><span class="w"> </span><span class="n">clés</span><span class="w"> </span><span class="n">différentes</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>Je cherchais à montrer qu'en mettant une deuxième clé, on pourrait avoir pour la même zone un deuxième enregistrement dynamique, mais je n'ai pas pris la peine de dupliquer toutes les autres parties. Pardon pour la confusion !</p>Retour d'expérience sur la récente indisponibilité2019-07-01T10:00:00+02:002019-07-01T10:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2019-07-01:/post/2019/07/01/retour-experience-sur-la-recente-indisponibilite/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2019/maxim-duzij-untitled.jpg">Du 30 mai au 17 juin dernier, ce blog, ainsi que d'autres sites hébergés sur ce même serveur étaient inaccessibles. C'est l'occasion de revenir sur cet incident, le pourquoi et le comment.</p>
<h3>Résumé de l'histoire</h3>
<p>En bref, il s'agit tout simplement d'une panne du serveur physique hébergeant mon serveur web …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2019/maxim-duzij-untitled.jpg">Du 30 mai au 17 juin dernier, ce blog, ainsi que d'autres sites hébergés sur ce même serveur étaient inaccessibles. C'est l'occasion de revenir sur cet incident, le pourquoi et le comment.</p>
<h3>Résumé de l'histoire</h3>
<p>En bref, il s'agit tout simplement d'une panne du serveur physique hébergeant mon serveur web. Celui-ci s'est arrêté, et ne restait pas allumé plus de 10 minutes sans être bloqué. Lorsque j'ai contacté mon hébergeur, le diagnostic fut sans appel : panne matérielle, il faut remplacer la machine. Mais ce n'est que le début. En effet, le modèle de serveur étant en rupture de stock, il me faut alors prendre une autre machine. Cette nouvelle machine n'est d'ailleurs pas très stable, et dans un premier temps il est envisagé de la remplacer de nouveau. J'ai fini par installer l'OS ainsi que les machines virtuelles et restaurer le contenu des sites.</p>
<h3>Et donc, 2 semaines pour restaurer des sauvegardes ?</h3>
<p>Pas totalement. D'abord, il s'est écoulé plusieurs jours durant la phase de diagnostic et de mise à disposition de la nouvelle machine. D'ailleurs je considère que celle-ci n'a pas l'air totalement fonctionnelle. Ensuite, il m'a fallu du temps pour réinstaller l'hyperviseur ainsi que les machines virtuelles, puis restaurer le contenu (j'en ai profité pour glisser une mise à jour de PHP). Enfin, j'ai du faire face à certains impératifs, comme mon travail, et un évènement familial (joyeux, heureusement).</p>
<h3>La morale de l'histoire</h3>
<p>Je retiens surtout de cette histoire que je pourrais mieux gérer mes sauvegardes. Je me concentre sur les données et les configurations, mais une sauvegarde complète de mes machines virtuelles me permettrait sans doute de gérer ce genre de désagrément plus rapidement. Ma solution de sauvegarde actuelle est <a href="https://rsnapshot.org/" title="rsnapshot">rsnapshot</a>, et suite aux recommandations d'un collègue, j'envisage <a href="https://burp.grke.org/" title=""Burp">Burp</a> (à ne pas confondre avec <a href="https://portswigger.net/burp" title=""Burp">le logiciel de sécurité</a>).</p>
<h3>La suite</h3>
<p>Comme indiqué plus tôt, la nouvelle machine ne me semble pas très stable, j'ai encore eu des difficultés liées probablement au disque dur ce matin. J'espère, d'ici peu, pouvoir changer de machine.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/Cp363q1OASo" title=""Maxim">Maxim Dužij (sans titre)</a>.</em></p>
<h2>Commentaires</h2>
<h3>le 07/07/2019 11:01 par philpep</h3>
<p>Hello,</p>
<p>J'utilise burp et des snapshot lvm (thin) pour mes backup, justement pour pouvoir restaurer toute la VM facilement.
L'idée est de lancer un "backup_script_pre" qui crée les snapshot et monte les partitions des VM dans /mnt/bup/<vm> sur l'hôte (un savant mélange de lvcreate, kpartx, mount).</p>
<p>Burp fait le backup des filesystem dans /mnt/burp/<vm>, ainsi on a un backup fichier incrémental et on peut facilement voir / restaurer un seul fichier par exemple, et vu que c'est un snapshot, ce backup est aussi valide pour les base de données type postgresql.
Ensuite un "backup_script_post" qui umount, kpartx -d, lvremove le snapshot.</p>
<p>Pour restaurer toute une VM, j'ai juste à lvcreate, kpartx, mkfs.ext4, mount, burp -a r -b 1 -r '^/mnt/burp/<vm>' -d /mnt/<vm>, un coup de grub-install et modifier /mnt/<vm>/etc/fstab et /mnt/<vm>/boot/grub/grub.cfg pour changer l'UUID de la partition donné par blkid et ça démarre bien.</p>
<p>Une autre solution, pour restaurer encore plus simplement, serait de faire un backup du block device de la VM, burp sait le faire, même en incrémental, par contre tu perd la possibilité de restaurer simplement juste un seul fichier, répertoire.</p>
<p>Mon script pre/post est assez portable (supporte lvm thin et non thin et se configure via un fichier de conf), ça tourne bien sur mes debian depuis plusieurs années, si ça t'interesse je peux le partager quelque part.</p>
<h3>Le 08/07/2019 09:37 par Nils</h3>
<p>Merci pour ton commentaire philpep ! Bravo pour ton script, il ne me servira pas forcément pour mes machines NetBSD, mais je suis certain qu'il pourra en intéresser d'autres, alors n'hésite pas à le partager et à indiquer l'URL ici :-)</p>
<h3>Le 15/07/2019 13:24 par philpep</h3>
<p>Ah oui pour NetBSD ça doit être un autre filesystem et d'autres commandes.Mon script pour lvm est ici: https://philpep.org/wiki/soft:burp</p>FreeNAS VM : installation d'un invité CentOS 72018-10-25T13:50:00+02:002018-10-25T13:50:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-10-25:/post/2018/10/25/freenas-vm-installation-invite-centos-7/<p><img alt=""Riga" src="https://blog.anotherhomepage.org/public/2018/Riga_20.08.2016_53.jpg" title=""Riga">J'ai commencé à jouer avec la fonctionnalité “VM” de FreeNAS 11, la célèbre distribution BSD pour créer son propre NAS. J'ai assez de puissance sur mon NAS actuel pour lancer quelques machines virtuelles, ce qui me permettra d'utiliser d'autres OS que FreeBSD (disponible via les jails), comme par exemple ici …</p><p><img alt=""Riga" src="https://blog.anotherhomepage.org/public/2018/Riga_20.08.2016_53.jpg" title=""Riga">J'ai commencé à jouer avec la fonctionnalité “VM” de FreeNAS 11, la célèbre distribution BSD pour créer son propre NAS. J'ai assez de puissance sur mon NAS actuel pour lancer quelques machines virtuelles, ce qui me permettra d'utiliser d'autres OS que FreeBSD (disponible via les jails), comme par exemple ici CentOS.</p>
<h3>À propos de VM</h3>
<p>FreeNAS étant basé sur FreeBSD, celui-ci base sa fonction d'hyperviseur sur bhyve, l'hyberviseur BSD. Les prérequis matériels sont assez simples :</p>
<ul>
<li>assez de mémoire vive pour que FreeNAS puisse continuer à en utiliser pour gérer la partie NAS ;</li>
<li>assez de puissance CPU pour que FreeNAS puisse continuer à en utiliser pour gérer la partie NAS ;</li>
<li>assez d'espace disque (puisqu'on va aussi en allouer à nos machines virtuelles) ;</li>
<li>et enfin, s'assurer que le processeur de notre NAS dispose des instructions de virtualisation.</li>
</ul>
<p>Concernant la quantité de mémoire vive, il faut se rappeler que FreeNAS réclame au moins 8 Go de RAM, voire plus selon les usages. La section <a href="http://doc.freenas.org/11/intro.html#hardware-recommendations" title=""FreeNAS">Hardware Recommandations</a> de la documentation officielle est à ce titre à lire en premier. En ce qui me concerne, j'ai décidé d'ajouter de la mémoire vive à mon système avant de commencer à utiliser VM.</p>
<p>Concernant les instruction de virtualisation, la section <a href="http://doc.freenas.org/11/vms.html" title=""FreeNAS">VMs</a> de la documentation officielle est aussi très instructive. Pour vérifier que notre CPU dispose bien du jeu d'instruction nécessaire, deux possibilités :</p>
<ul>
<li>Sur un système Intel : <code>grep VT-x /var/run/dmesg.boot</code> ;</li>
<li>Sur un système AMD : <code>grep POPCNT /var/run/dmesg.boot</code>.</li>
</ul>
<p>Sur mon NAS, j'ai un Xeon E3-1220L V2. Cela donne donc :</p>
<div class="highlight"><pre><span></span><code>root@arreat:~ <span class="c1"># grep VT-x /var/run/dmesg.boot</span>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
</code></pre></div>
<h3>Créer sa machine virtuelle</h3>
<p>Dans l'absolu, créer sa machine virtuelle est assez simple et suivre la documentation en anglais assez facile. On commence par aller dans le menu <em>VMs</em>, puis on clique sur le bouton <em>Add VM</em>. Un menu s'affiche alors, et on peut renseigner les informations de notre système virtuel :</p>
<ul>
<li>Name : nom de la machine virtuelle ;</li>
<li>Description : un texte descriptif ;</li>
<li>Virtual CPUs : le nombre de processeurs virtuels ;</li>
<li>Memory Size (MiB) : la quantité de mémoire-vive ;</li>
<li>Boot Method : si la machine virtuelle est en UEFI pur ou en mode de compatibilité avec BIOS (UEFI-CSM), mais visiblement il vaut mieux rester en UEFI ;</li>
<li>Autostart : si la machine démarre automatiquement au démarrage du NAS.</li>
</ul>
<p>On peut ensuite créer des périphériques pour notre machine virtuelle, en la sélectionnant puis en appuyant sur le bouton "Devices" en bas de l'interface web. Un nouvel onglet apparaît, et grâce au bouton "Add device", on peut alors ajouter :</p>
<ul>
<li>Network interface : une carte réseau (Intel émulée, ou VirtIO) ;</li>
<li>Disk : un disque dur, sous forme de ZVol (en AHCI ou VirtIO) ;</li>
<li>CD-ROM : un lecteur optique, en choisissant une image ISO hébergée sur le NAS ;</li>
<li>VNC : un écran virtuel accessible via le protocole VNC.</li>
</ul>
<h3>Démarrer sa machine virtuelle et installer CentOS</h3>
<p>Une fois la machine virtuelle crée, on s'assure que le CD-ROM virtuel est bien une ISO d'installation de CentOS et on appuie sur le bouton de démarrage.Par contre, et c'est à ce moment que la documentation et peut-être bhyve sont muets, c'est à propos du périphérique VNC : j'ai perdu littéralement des heures à cause du mapping clavier, qui respecte les lettres pour de l'azerty, mais qui ne respecte pas les caractères spéciaux et les chiffres. Ceci est donc particulièrement gênant.</p>
<p>Mon astuce consiste à ne pas créer de périphérique VNC : VM crée alors une console série, à laquelle on peut accéder via la commande cu depuis un shell sur la machine FreeNAS :</p>
<div class="highlight"><pre><span></span><code>cu -s <span class="m">9600</span> -l /dev/nmdm1B
</code></pre></div>
<p>A noter que le périphérique d'accès peut changer selon la machine virtuelle, il faut donc changer la commande en conséquence.</p>
<p>Une fois que le CD-ROM est démarré, il convient d'éditer les options de démarrage en appuyant sur 'e', puis en ajoutant à la première ligne l'option <code>console=ttyS0</code>. Cette option est indiquée dans <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-anaconda-boot-options" title=""RHEL">la documentation d'installation de RHEL 7</a></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/108459338@N08/29164996475/" title=""Riga">E Livermore - Riga 20.08.2016 (53)</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 26/10/2018 08:09 par <a href="https://utux.fr">utux</a></h3>
<p>Je l'utilise depuis quelques temps et c'est vraiment pas mal, bhyve carbure bien. Je dirais même qu'avec l'interface de FreeNAS on concurrencerait presque Proxmox. Je me rappelle juste de soucis avec UEFI-CSM (Bios) et FreeNAS voulait une affectation mini de 1GB de RAM pour les VM (alors que 256 me suffisent souvent pour les tests).</p>
<p>VNC est une plaie pour le mapping de touches, l'astuce est de faire l'installation sans accents avec un mot de passe simple puis faire la modification après par SSH.</p>
<p>J'utilise beaucoup les jails, avec iocage en ligne de commandes qui est vraiment bien et qui permet les updates. L'avantage par rapport à la virtualisation je trouve c'est le stockage direct sur zfs (compression, perfs, snapshots) et l'impact moindre sur les ressources (pas obligé de réserver de manière fixe 1GB de RAM, il prend ce qu'il a besoin).</p>
<h3>Le 26/10/2018 11:17 par nzo</h3>
<p>Merci pour l'article...je vais tester cela ce week-end.</p>Firefox : 4 versions différentes du navigateur web en parallèle sur son OS2018-10-18T13:10:00+02:002018-10-18T13:10:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-10-18:/post/2018/10/18/firefox-4-versions-differentes/<p><img alt=""plusieurs marteaux alignés"" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Savez-vous qu'il est possible d'exécuter plusieurs versions de Firefox sur son ordinateur, et même de les exécuter en parallèle ? Voici une liste de différentes versions du célèbre navigateur de Mozilla que j'ai pu installer et utiliser sur les différents ordinateurs que j'ai pu utiliser ces derniers temps, que ce soit …</p><p><img alt=""plusieurs marteaux alignés"" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Savez-vous qu'il est possible d'exécuter plusieurs versions de Firefox sur son ordinateur, et même de les exécuter en parallèle ? Voici une liste de différentes versions du célèbre navigateur de Mozilla que j'ai pu installer et utiliser sur les différents ordinateurs que j'ai pu utiliser ces derniers temps, que ce soit sous GNU/Linux (Fedora), macOS voire Windows.</p>
<h3>Firefox</h3>
<p>Le classique, celui qu'on installe et utilise partout, bien entendu ! Comment s'en passer ? L'installeur pour macOS et Windows est facilement disponible, et bien entendu empaqueté dans Fedora. C'est généralement le navigateur que j'utilise pour les sites connus et de confiance.</p>
<p>Firefox est disponible à l'adresse suivante : <a href="https://www.mozilla.org/fr/firefox/" title="https://www.mozilla.org/fr/firefox/">https://www.mozilla.org/fr/firefox/</a>.</p>
<h3>Firefox Developer Edition</h3>
<p><a href="https://www.mozilla.org/fr/firefox/developer/" title=""Firefox">Firefox Developer Edition</a>, <a href="https://fr.wikipedia.org/wiki/Mozilla_Firefox#Versions_de_d%C3%A9veloppement" title=""Mozilla">anciennement Aurora</a>, est en fait la version bêta, agrémentée d'un thème sombre. Un installeur est disponible non seulement pour macOS et Windows, mais une archive est aussi disponible pour GNU/Linux. L'inconvénient de cette archive est qu'elle n'est du coup pas intégrée à la distribution ni à l'environnement de bureau (Gnome pour ma part). J'ai donc du manuellement créer des fichiers desktop, en prenant pour modèle celui de Firefox. Concernant mon utilisation, je l'utilise en mode "navigation privée" pour les sites inconnus et en lesquels je n'ai pas confiance.</p>
<h3>Tor Browser</h3>
<p><a href="https://www.torproject.org/projects/torbrowser.html.en" title=""Tor">Tor Browser</a> est une version particulière de Firefox, basée sur la version ESR, qui permet de naviguer sur le réseau Tor. En plus de la connexion au réseau d'anonymisation, cette version dispose de deux extensions : HTTPS Everywhere et NoScript. Il peut m'arriver de l'utiliser pour des tests, cela évite parfois d'utiliser un VPN lorsqu'on veut accéder à un site depuis une autre adresse IP.</p>
<h3>IceCat</h3>
<p>Enfin, <a href="http://www.gnu.org/software/gnuzilla/" title="IceCat">IceCat</a> est le navigateur du projet GNU, qu'on connaissait plutôt sous le nom d'IceWeasel. Basé lui aussi sur la version ESR de Firefox, mais totalement dépourvu de modules non-libres, IceCat dispose en plus de fonctionnalités de protection de la vie privée. Il peut servir aussi si on souhaite comparer entre deux versions de Firefox.</p>
<h3>Et pourquoi pas d'autres ?</h3>
<p>Si vous connaissez une autre variante de Firefox, vous pouvez profiter des commentaires pour m'en parler, ainsi que de l'usage que vous en faites. N'hésitez pas aussi à me parler de vos usages de celles déjà listées !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/PtgLGdMzi-Y" title=""Sonny">Sonny Ravesteijn (sans titre)</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 18/10/2018 14:13 par Eragon</h3>
<p>Je me permet de faire remarquer qu'il existe aussi Fierfox nightly, mais pour l'installation sous linux cette dernière version présente les mêmes problèmes que Firefox Devloper Edition, sa particularité est d'être mise à jour plusieurs fois par jours, elle est la version qui, si les builds fonctionnent la version se met à jour</p>
<h3>Le 19/10/2018 11:38 par el</h3>
<ul>
<li>Firefox Nightly</li>
<li>Firefox Developer Edition</li>
<li>Firefox Beta</li>
<li>Firefox</li>
<li>Firefox Extended Support Release (ESR)</li>
</ul>
<p>https://developer.mozilla.org/fr/docs/Mozilla/Firefox</p>
<h3>Le 20/10/2018 13:19 par pulp</h3>
<p>Palemoon une version allégée de firefox.
https://www.palemoon.org/</p>Installation d'OpenWRT dans VirtualBox - Another Home Page Vlog épisode 22018-05-29T13:37:00+02:002018-05-29T13:37:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-05-29:/post/2018/05/29/vlog-installation-openwrt-virtualbox/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/sharegrid.jpg">Une autre vidéo pour ce billet : cette fois il s'agit de disposer d'un routeur OpenWRT dans VirtualBox, et de configurer celui-ci pour que la machine virtuelle Kali Linux, installée dans <a href="/post/vlog-installation-kali-linux-virtualbox">l'épisode précédent</a>, l'utilise comme passerelle.</p>
<h3>On prend les mêmes et on recommence ?</h3>
<p>Comme pour la précédente vidéo, il ne s'agit …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/sharegrid.jpg">Une autre vidéo pour ce billet : cette fois il s'agit de disposer d'un routeur OpenWRT dans VirtualBox, et de configurer celui-ci pour que la machine virtuelle Kali Linux, installée dans <a href="/post/vlog-installation-kali-linux-virtualbox">l'épisode précédent</a>, l'utilise comme passerelle.</p>
<h3>On prend les mêmes et on recommence ?</h3>
<p>Comme pour la précédente vidéo, il ne s'agit pas vraiment d'une installation. Un import ? Pas tout à fait : cette manipulation consiste à télécharger l'image disque OpenWRT et à la convertir en disque dur VirtualBox. On peut alors créer une nouvelle machine virtuelle, sans stockage, et assigner le nouveau disque dur à celle-ci. Cette machine virtuelle n'ayant pas d'interface graphique, pas besoin d'addition ici. On peut retrouver la documentation qui a inspiré cette vidéo directement sur <a href="https://openwrt.org/docs/guide-user/virtualization/virtualbox-vm" title=""Wiki">le wiki d'OpenWRT</a>.</p>
<h3>Quel intérêt ?</h3>
<p>VirtualBox dispose de nombreuses options réseau assez complètes. Mais ici l'idée est de simuler un routeur ressemblant un peu à ce qu'on trouve chez soi. On peut le configurer via une interface web, et il dispose d'une puissance limitée. On peut aussi envisager de s'en servir avant d'installer OpenWRT sur du matériel, probablement d'une autre architecture, pour se faire la main. Petit truc amusant, j'ai même trouvé dans les téléchargement <a href="https://downloads.lede-project.org/releases/17.01.4/targets/x86/geode/" title=""OpenWRT">une image pour les processeurs Geode</a>, qu'on trouve par exemple dans les anciens <a href="http://soekris.eu/shop/net5501_en/" title=""Soekris">Soekris net5501</a>.</p>
<h3>Le plus important : la vidéo</h3>
<p>Pour voir la vidéo, c'est <a href="https://youtu.be/7kfts2IrDZo" title=""Installation">ici</a> :</p>
<p><a href="https://youtu.be/7kfts2IrDZo" title=""Installation"><img alt="""" src="https://blog.anotherhomepage.org/public/2018/miniature_openwrt_virtualbox_blog.png"></a></p>
<p>J'espère que vous apprécierez cette vidéo au moins autant que j'ai apprécié de la faire ! La capture de bureau m'amuse bien :) Si jamais vous avez des suggestions d'installations de systèmes en machine virtuelle, faites-m'en part : cela pourrait aussi me faire découvrir des trucs :)</p>
<p>Enfin, tout ceci ne serait pas possible sans le <a href="https://www.youtube.com/channel/UCdl83V9Dim8bTLbTU6LohBQ" title=""chaine">Studio Cyanotype</a> ! Merci à elle de m'avoir enseigné les rudiments du montage vidéo ! N'hésitez pas à aller voir sa chaine Youtube et son <a href="http://cyanotype-leblog.fr/" title=""Cyanotype">blog</a> !</p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/-x3vyyixejA" title="Sharegrid">Sharegrid</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 29/05/2018 15:34 par william</h3>
<p>Après OpenWRT, il serait intéressant de jeter un oeil sur pfSense.</p>
<p>Là c'est un vrai routeur/firewall.</p>
<h3>Le 30/05/2018 08:36 par Nils</h3>
<p>Merci pour ton commentaire William ! J’envisage déjà Pfsense et OPNsense, mais mis à part la comparaison avec OpenWRT, je n’ai rien vu de particulier qui justifie un tutoriel vidéo, pour l’instant.</p>CentOS 7 : installation vraiment minimale - errata2018-04-23T09:30:00+02:002018-04-23T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-04-23:/post/2018/04/23/centos-7-installation-vraiment-minimale-errata/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Dans un billet précédent, j'avais réalisé une <a href="/post/centos-7-installation-vraiment-minimale">installation vraiment minimale de CentOS 7</a>. Si globalement le cahier des charges était respecté, je me suis heurté à quelques petites déconvenues, je me suis donc dit qu'un billet sous forme d'errata ne serait pas de trop.</p>
<h3>SELinux</h3>
<p>Bon, d'accord, SELinux est probablement …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Dans un billet précédent, j'avais réalisé une <a href="/post/centos-7-installation-vraiment-minimale">installation vraiment minimale de CentOS 7</a>. Si globalement le cahier des charges était respecté, je me suis heurté à quelques petites déconvenues, je me suis donc dit qu'un billet sous forme d'errata ne serait pas de trop.</p>
<h3>SELinux</h3>
<p>Bon, d'accord, SELinux est probablement l'un des composants de CentOS, Fedora et RHEL le plus détesté (ou est-ce systemd ?), car nombreux sont encore les tutoriaux qui commencent par demander de désactiver celui-ci (à tort). Bref, si comme moi vous vous attendez à ce que votre système minimaliste soit paramétré en "Enforcing" (après tout c'est marqué dans le kickstart), pas de chance. Tapez 20 fois la commande <code>setenforce Enforcing</code> si vous voulez, la réponse sera la même : non.</p>
<p>Pourquoi ? Parce que votre serviteur, en allant tailler dans les paquets à la tronçonneuse, s'est débarrassé des politiques SELinux. Sans politique, cela fonctionne moins bien. Comment on les obtient ? En installant deux paquets : <code>selinux-policy</code> et <code>selinux-policy-targeted</code>. N'envisagez pas un seul instant de n'installer que le premier : le système se bloquera au démarrage.</p>
<h3>scp</h3>
<p>Quand on est sur une machine serveur, il n'est a priori pas nécessaire d'installer un quelconque client, sauf cas exceptionnel et identifié. En voici un : sans installer le paquet <code>openssh-clients</code> sur mon serveur minimaliste, je ne peux pas faire de scp vers celui-ci. Je suppose que le binaire scp doit être appelé à un moment quelconque côté serveur, mais toujours est-il que sans, bein ça ne fonctionne pas.</p>
<h3>Perl et la locale</h3>
<p>Celui-ci est assez tordu et concerne les paramétrages de langue. Il se trouve qu'après avoir installé Perl sur ce serveur minimaliste, j'ai voulu lancer un script utilisant ce langage. J'ai eu droit, durant les scripts, à un message de ce genre :</p>
<div class="highlight"><pre><span></span><code>perl: warning: Falling back to the standard locale <span class="o">(</span><span class="s2">"C"</span><span class="o">)</span>.
</code></pre></div>
<p>Alors le pourquoi exact, je ne suis toujours pas certain, je suspecte qu'il manque un paquet et que celui-ci (toujours pas identifié) fait un paramétrage particulier, toujours est-il que je me voyais mal <a href="https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl" title=""Stackoverflow">modifier ma configuration OpenSSH</a> pour aller jouer avec les variables d'environnement exportées par ce dernier. J'ai préféré finalement <a href="https://qiita.com/Kaisyou/items/9c2c5f5e1b28c24e91b7" title=""CentOS7">ajouter deux petites lignes à /etc/environment</a> :</p>
<div class="highlight"><pre><span></span><code><span class="nv">LANG</span><span class="o">=</span>en_US.utf-8
<span class="nv">LC_ALL</span><span class="o">=</span>en_US.utf-8
</code></pre></div>
<p>Cela force le système en anglais américain, en UTF-8.</p>
<h3>Les logs</h3>
<p>Bon alors celle-là, elle est fantastique : rsyslog n'est du coup plus installé par défaut et certains logiciels n'envoient plus de log, comme OpenSSH : j'ai voulu diagnostiquer des erreurs de connexion SSH et je n'avais pas de fichier <code>/var/log/secure</code> ! En effet, par défaut OpenSSH sous CentOS utilise le protocole syslog pour fournir ses logs. A noter aussi que logrotate manquait, ce qui aurait pu s'avérer plus dramatique au bout de quelques mois sur une machine de production.</p>
<h3>C'est tout ?</h3>
<p>Ce n'est probablement que le début. Je me rends compte à l'usage qu'il me manque pas mal de choses de mon petit confort (vim, less, tmux...). Un autre paquet que je n'ai pas encore réinstallé est NetworkManager, à voir si cela devient vraiment pratique.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/PtgLGdMzi-Y" title=""Same">Adam Sherez - Same but different</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 15/06/2018 06:47 par <a href="http://www.standardtelephonique.org/">Alain C</a></h3>
<p>Merci pour ton tuto ! Perso je me verrais mal bosser sans NetworkManager mais je pense que c'est facile à ré-installer une fois que CentOS 7 est ON ? Non ?
Au plaisir,
Alain</p>
<h3>Le 16/06/2018 12:12 par Nils</h3>
<p>Merci de ton commentaire Alain ! Pour ce qui est de l’installation de NetworkManager sur un système CentOS 7 existant, oui c’est facile, il suffit d’utiliser yum pour les packages ! En revanche si de nombreuses configurations réseau particulières ont été faites (bridge, bonding...) ça sera un peu plus coton.</p>
<p>Personnellement j’ai connu les versions précédentes de CentOS et de Fedora, où NetworkManager n’était pas forcément présent, donc je n’aurais pas de problème sans ;)</p>
<h3>Le 20/06/2018 06:33 par Alain C</h3>
<p>Ok super ! Merci pour ta réponse je vais essayer :)</p>VPN : test de Shellfire2018-04-16T09:30:00+02:002018-04-16T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-04-16:/post/2018/04/16/VPN-test-Shellfire/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/purple_rain_mini.jpg"><em>Avertissement : ce billet est l'objet d'un partenariat avec Shellfire, j'ai accepté de rédiger ce test en échange de 6 mois de service au niveau PremiumPlus (et d'un lien vers leur service).</em></p>
<p><a href="https://www.shellfire.fr/" title=""Shellfire">Shellfire</a> est une société qui propose un service de VPN. L'idée derrière ce genre de service est de pouvoir …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/purple_rain_mini.jpg"><em>Avertissement : ce billet est l'objet d'un partenariat avec Shellfire, j'ai accepté de rédiger ce test en échange de 6 mois de service au niveau PremiumPlus (et d'un lien vers leur service).</em></p>
<p><a href="https://www.shellfire.fr/" title=""Shellfire">Shellfire</a> est une société qui propose un service de VPN. L'idée derrière ce genre de service est de pouvoir "débloquer" sa connexion Internet, c'est-à-dire de pouvoir contourner certaines limitations, comme :</p>
<ul>
<li>accéder à des sites web ou des services autrement indisponibles à cause d'une limitation gouvernementale ou commerciale de son accès Internet ;</li>
<li>accéder à des sites web ou des services autrement indisponibles à cause d'une limitation de leur fait (exemple : service accessible uniquement dans certains pays) ;</li>
<li>augmenter le niveau d'anonymat de son accès Internet, en ne divulguant pas la véritable adresse IP de sa connexion Internet ;</li>
<li>augmenter son niveau de sécurité lorsqu'on se connecte à un réseau Wi-Fi public (gare, café, espace de coworking, ...), en particulier s'il s'agit d'un réseau ouvert (oui, un portail captif compte comme réseau ouvert).</li>
</ul>
<p>L'offre de service VPN Shellfire se décompose en trois gammes de prix :</p>
<ul>
<li>l'offre gratuite, qui annonce 2 pays de sortie (Allemage et USA), et limite le débit à 1 Mbit/sec ;</li>
<li>l'offre Premium, qui annonce 20 pays de sortie, et limite le débit à 12 Mbit/sec ;</li>
<li>l'offre PremiumPlus, qui annonce 34 pays de sortie, et ne limite pas le débit.</li>
</ul>
<p>Je n'utilise que très peu ce genre de service : mon utilisation habituelle d'un VPN consiste surtout à accéder à mon LAN depuis l'extérieur, voire aussi pour me connecter depuis un lieu public. J'ai la chance d'avoir le choix en matière de FAI, et lorsqu'un fournisseur s'est avéré insuffisant sur un point, j'ai pu aller chez un autre.</p>
<h3>Le site web</h3>
<p>Commençons par le site web de Shellfire, puisque pas mal de manipulations se passent via celui-ci. Je n'ai pas pu tester l'inscription, ni le paiement, puisque tout ceci a été réalisé pour moi dans le cadre du partenariat. J'ai par contre testé la réinitialisation du mot de passe, et cela m'a fait plaisir de ne pas voir celui-ci apparaître en clair dans un mail ! J'ai aussi pu apprécier que le site soit traduit en français (en plus de l'anglais et de l'allemand), et que de la documentation soit accessible au format PDF selon différents OS et différentes technologies de VPN. D'ailleurs l'assistance se trouve très simplement, un lien est disponible en haut des pages du site. Ce lien renvoie vers une foire au questions, contenant entres autres les documents PDF, mais aussi des informations sur la rétention des données, mais aussi sur comment résilier, ce qui semble se faire assez simplement (on se doute que je n'ai pas encore testé). Dernier point rassurant, tout le site est en HTTPS, et obtient une note de A+ au <a href="https://www.ssllabs.com/ssltest/analyze.html?d=www.shellfire.fr&hideResults=on" title=""test">test SSL Labs</a>.</p>
<p>J'ai cependant noté quelques points d'améliorations, à commencer comme le paragraphe précédent par la traduction. Bien que celle-ci soit globalement compréhensible, il y a parfois des formulations qui me semblent être des traductions littérales de l'anglais. Il y a même quelques passages non traduits, comme un titre dans l'un des PDF de documentation, resté en allemand, les impressions d'écrans de ces documentations ou l'icône de téléchargement du client Shellfire VPN, aussi en allemand. Un peu plus gênant je trouve, j'ai voulu au début utiliser le site sans Javascript, et cela a tourné court : le menu permettant d'accéder aux paramètres VPN n'est accessible que via Javascript. J'ai aussi remarqué qu'un mot de passe est affiché en clair dans l'interface web : comme il ne correspond pas au mot de passe de mon compte et qu'aucun mot de passe n'est requis pour OpenVPN, je suppose qu'il s'agit du mot de passe pour PPTP. Toujours dans les points gênants, j'ai eu la mauvaise surprise de voir des widgets Facebook, Twitter et Google Analytics. Si ceux-ci sont clairement annoncés dans la <a href="https://www.shellfire.fr/declaration-de-protection-de-donnees/déclaration" title="Shellfire - Déclaration de confidentialité">déclaration de confidentialité</a>, je trouve cela assez dommage pour une entreprise qui se vante de vouloir <a href="https://www.shellfire.fr/vision/" title="Shellfire - Vision">protéger mes données privées</a> de faire savoir à Facebook, Google et Twitter que je visite un site de VPN, sa fréquence et potentiellement plein d'informations.</p>
<h3>Le réseau VPN</h3>
<p>Passons maintenant au cœur de notre sujet, le VPN en lui-même.</p>
<h4>Protocoles et configurations réseau</h4>
<p>Il est possible de se connecter au VPN via trois protocoles principaux : PPTP, IPSec et OpenVPN. Je n'ai pas essayé les deux premiers, et me suis concentré sur le troisième. La première chose que j'ai remarquée est le nombre de points de sorties possibles (nommés serveurs sur le site de Shellfire) : 50 au moment où j'écris ces lignes. J'ai aussi remarqué la variété des pays de sortie, couvrant non seulement l'Amérique du nord et l'Europe (incluant l'Europe de l'est), mais aussi l'Asie, l'Amérique du sud et l'Afrique avec un serveur à Johannesburg ! Il est aussi possible de choisir entre TCP et UDP, ce qui selon les cas peut s'avérer utile.</p>
<p>J'ai, là aussi noté quelques points d'amélioration. Tout d'abord, le changement des points de sortie est assez contraignant : il faut se connecter sur le site, puis télécharger la configuration concernant le serveur qui nous intéresse. Cela rend une configuration précédente inopérante, et si comme moi avez plusieurs machines ou appareils, il faut alors déployer cette nouvelle configuration sur ceux-ci. De la même manière, le choix entre TCP et UDP se fait dans l'interface web, et il faut de nouveau télécharger la configuration pour l'appliquer. J'ai aussi remarqué que les serveurs ne sont accessibles que via un seul port. J'aurais trouvé beaucoup plus pratique que plusieurs ports soient disponibles, car cela veut dire que si un serveur VPN n'est pas accessible pour cause de réseau trop restrictif, je devrai choisir un serveur situé dans un autre pays.</p>
<p>Un autre point qui a retenu mon attention est le paramétrage DNS : en effet, OpenVPN applique (ou tente d'appliquer, on en reparlera plus tard) une configuration DNS pour que les requêtes DNS passent dans le VPN. Chez Shellfire, il a été décidé d'utiliser <a href="https://developers.google.com/speed/public-dns/" title="">les DNS publics de Google</a>. Je trouve dommage de s'en remettre aux GAFAM pour de nombreuses choses comme le DNS, mais je suis aussi conscient qu'il n'est pas forcément évident de maintenir une infrastructure de résolution DNS en plus du VPN (et des autres services de Shellfire).</p>
<p>Enfin, je n'ai pas vraiment testé un éventuel filtrage de port, mais je n'ai pas eu de soucis en PremiumPlus pour le web, le SSH, ainsi qu'un peu de mail.</p>
<h4>Débits</h4>
<p>On l'a vu plus tôt, l'offre tarifaire est entre autres segmentée sur les débits. Mais qu'en est-il réellement ? J'ai fait des tests de débit en utilisant plusieurs sites sites spécialisés :</p>
<ul>
<li>speedtest.net ;</li>
<li>fast.com ;</li>
<li>speedof.me ;</li>
<li>megapath.com ;</li>
<li>bandwidthplace.com .</li>
</ul>
<p>Je me suis basé sur 5 niveaux de connexion : un serveur gratuit (USA/Chicago), un Premium (France/Roubaix), deux PremiumPlus (Singapour et Suisse/Zurich), et bien entendu sans VPN. Sans surprise, sans tunnel VPN, j'ai le meilleur débit : j'ai la chance d'être en fibre optique.</p>
<p>Globalement, sur le serveur gratuit, le bridage est présent et je me retrouve bien avec un débit descendant aux alentours d'1 Mbit/s. Là où c'est amusant, c'est que le débit montant (non spécifié par Shellfire) ne semblait pas bridé, selon les tests j'ai eu entre 4 et 13 Mbit/s.</p>
<p>Le bridage est aussi bien présent sur le serveur Premium, avec selon les tests un débit descendant situé entre 11 et 13 Mbit/s. Comme pour le serveur de l'offre gratuite, le débit montant est bien plus important, entre 19 et 25 Mbit/s.</p>
<p>Alors, comment se comportent les serveurs PremiumPlus, soit disant "sans limite de débit" ? Et bien cela dépend des cas, c'est pour cela que j'en ai testé deux. Le serveur suisse, situé à Zurich, m'a fourni un débit descendant entre 18 et 26 Mbit/s selon les tests, mais j'ai eu entre 15 et 22 Mbit/s sur le débit montant. Je me serais attendu à plus au vu des serveurs moins chers. L'autre cas est un serveur situé à Singapour, qui m'a offert une toute autre expérience : entre 1,6 et 5,25 Mbit/s de débit descendant et entre 3 et 7 Mbit/s pour le débit montant, ce qui le situerait entre un serveur gratuit et un serveur Premium.</p>
<p>Côté latence, les pings ne sont pas corrélés avec l'offre tarifaire, mais plutôt avec ma distance du serveur. Ainsi je ne perds que peu de latence en restant en France (quelques millisecondes), mais je suis monté à plus de 250 ms en utilisant le serveur situé à Singapour, ce qui est somme toute assez logique.</p>
<p>Que conclure de tout cela ? D'abord, qu'il est tout simplement impensable de vouloir jouer au travers d'un VPN, mais je suppose qu'on ne m'a pas attendu pour ce constat. Ensuite, que globalement sur les offres gratuites et Premium, les débits descendant sont respectés, et bonne surprise, que les débits montant sont assez confortables pour envoyer des fichiers un peu volumineux. Pour l'offre PremiumPlus, l'absence de limite contractuelle laisserait à penser que de gigantesques tuyaux sont à disposition, mais en fait le débit dépend plutôt de ce qui est disponible sur place : un VPS ou un serveur dédié pour monter un VPN coûte peu cher en Europe, particulièrement en France et en Allemagne par exemple, mais peut coûter bien plus cher ailleurs.</p>
<h4>Chiffrement</h4>
<p>Selon les serveurs, le chiffrement n'est pas le même, il y a trois possibilités :</p>
<ul>
<li>AES-128-CBC pour les serveurs de l'offre gratuite ;</li>
<li>AES-192-CBC pour les serveurs de l'offre Premium ;</li>
<li>et enfin AES-256 pour les serveurs de l'offre PremiumPlus.</li>
</ul>
<p>D'un côté, je comprends tout à fait cette différence sur les gammes de prix, d'autant que d'après <a href="https://fr.wikipedia.org/wiki/Advanced_Encryption_Standard#Attaques" title=""Wikipédia">Wikipédia</a> (et <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security" title=""Wikipedia">ici</a> en anglais), même AES-128 est sûr. Toutefois, les attaques sur celui-ci deviennent de plus en plus nombreuses, même si elles sont de type "canal auxiliaire", c'est-à-dire qu'elles exploitent surtout des implémentations que l'algorithme en lui-même. Il est donc important de rester informé sur le sujet, en particulier si on se limite aux serveurs gratuits.</p>
<h4>Géolocalisation</h4>
<p>Je n'ai pas fait beaucoup de tests à ce niveau, si ce n'est m'assurer à l'aide d'un service <em>whois</em> que l'adresse IP de sortie (qui est celle du serveur) est bien géolocalisée dans le pays indiqué. Je me suis d'ailleurs fait une petite frayeur, puisque sur une base whois ancienne, l'IP de sortie de Singapour était géolocalisée en Nouvelle-Zélande !</p>
<p>Pour ce qui est des blocages géographiques par contre, mon test s'est limité à Netflix France, malheureusement bloqué sur l'IP de sortie française.</p>
<h3>L'assistance</h3>
<p>Durant mon test du VPN Shellfire, j'ai eu un problème, ce qui fut l'occasion parfaite pour tester le support technique. Celui-ci n'est disponible que par mail, mais répond dans un français excellent, et m'a toujours répondu en moins de 24h. Quand à l'utilité des réponses du support, si celles-ci n'étaient pas parfaites, elles m'ont mises sur la voie pour comprendre ce qui n'allait pas.</p>
<h3>En conclusion</h3>
<p>Le service qu'offre Shellfire dispose d'une base solide, avec une connexion réseau de qualité. Mais cela ne fait pas tout, et je trouve dommage que cette société succombe aux sirènes de la facilité en utilisant sans chercher plus loin des serveurs DNS, widgets de réseaux sociaux et outils de statistiques qui vont à l'encontre de son objectif d'anonymat. Je crois aussi que le service gagnerait à être plus pratique (changement de serveur, protocole et port).</p>
<p>Je ne déconseille donc pas Shellfire, mais ne le recommande que sous les conditions suivantes :</p>
<ul>
<li>penser à bloquer les connexions vers les réseaux sociaux et Google dans le navigateur ;</li>
<li>modifier les serveurs DNS paramétrés par le VPN, en les remplaçant par <a href="https://www.fdn.fr/actions/dns/" title=""FDN">les DNS publics FDN</a> par exemple.</li>
</ul>
<p>Si jamais vous avez apprécié ce test et que vous souhaitez essayer leur service (et pourquoi pas comparer les impressions), des liens de parrainage/affiliation existent, voici le mien : <a href="https://www.shellfire.fr/vpn/?ref=USKSrkcmE6" title=""Lien">ici</a>.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/7vmA7Fx1Nyo" title=""Purple">Tom Roberts - Purple Rain</a>.</em></p>Installation de Kali Linux dans VirtualBox - Another Home Page Vlog épisode 12018-02-09T20:20:00+01:002018-02-09T20:20:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-02-09:/post/2018/02/09/vlog-installation-kali-linux-virtualbox/<p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, une nouvelle vidéo ! Pour ce nouvel épisode du vlog, je change de support : au lieu de voir ma tête, c'est mon bureau (informatique) qui est affiché. J'ai dans l'idée de mettre en place plusieurs machines virtuelles pour monter une sorte de labo de tests, et j'ai choisi de commencer …</p><p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, une nouvelle vidéo ! Pour ce nouvel épisode du vlog, je change de support : au lieu de voir ma tête, c'est mon bureau (informatique) qui est affiché. J'ai dans l'idée de mettre en place plusieurs machines virtuelles pour monter une sorte de labo de tests, et j'ai choisi de commencer par installer un système graphique comportant de nombreux outils de sécurité offensive, Kali Linux. Pour voir la vidéo, c'est <a href="https://youtu.be/ClcQtdncUdw" title=""Installation">ici</a> :</p>
<p><a href="https://youtu.be/ClcQtdncUdw" title=""Installation"><img alt=""miniature_kali_virtualbox_blog.jpg"" src="https://blog.anotherhomepage.org/public/2018/miniature_kali_virtualbox_blog.jpg" title=""Miniature"></a></p>
<h3>Import ou installation ?</h3>
<p>Pour cette nouvelle vidéo, je passe donc en mode "capture de bureau" et je vous montre comment installer l'image virtuelle de Kali Linux dans VirtualBox ! Pour mettre en place cette machine virtuelle, j'ai choisi d'utiliser non pas l'image ISO, mais une image virtuelle de système déjà installé, qu'on peut récupérer sur <a href="https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/" title=""Kali">la page de téléchargement d'Offensive Security</a>. Avantage non négligeable, les VirtualBox additions sont déjà installées et facilitent donc l'utilisation de cette machine virtuelle, que ce soit au niveau graphique ou au niveau réseau.</p>
<p>J'espère que vous apprécierez cette vidéo au moins autant que j'ai apprécié de la faire ! En ce qui me concerne j'aime bien le principe de capture de bureau, et j'espère en faire d'autres prochainement. D'ailleurs, si jamais vous avez des suggestions d'installations de systèmes en machine virtuelle, faites-m'en part : cela pourrait aussi me faire découvrir des trucs :)</p>
<p>Enfin, tout ceci ne serait pas possible sans le <a href="https://www.youtube.com/channel/UCdl83V9Dim8bTLbTU6LohBQ" title=""chaine">Studio Cyanotype</a> ! Merci à elle de m'avoir enseigné les rudiments du montage vidéo ! N'hésitez pas à aller voir sa chaine Youtube et son <a href="http://cyanotype-leblog.fr/" title=""Cyanotype">blog</a> !</p>
<p><em>Crédit Photo : Vincent Battez - <a href="https://www.flickr.com/photos/146909781@N02/34103055685/" title="P1020274">P1020274</a></em></p>Bonne et heureuse année 2018 !2018-01-01T12:34:00+01:002018-01-01T12:34:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-01-01:/post/2018/01/01/bonne-et-heureuse-annee-2018/<p><img alt=""Happy" src="https://blog.anotherhomepage.org/public/2018/happynewyear.jpg" title=""Happy">Bonne et heureuse année 2018 à toutes et à tous ! Qu'elle apporte joie, bonheur et réussite aux lectrices et lecteurs de ce blog !</p>
<p>Lors de mes publications hebdomadaires de 2017, j'essayais de publier le lundi. Cette année démarrant par un lundi, je trouve du coup amusant de vouloir reprendre les …</p><p><img alt=""Happy" src="https://blog.anotherhomepage.org/public/2018/happynewyear.jpg" title=""Happy">Bonne et heureuse année 2018 à toutes et à tous ! Qu'elle apporte joie, bonheur et réussite aux lectrices et lecteurs de ce blog !</p>
<p>Lors de mes publications hebdomadaires de 2017, j'essayais de publier le lundi. Cette année démarrant par un lundi, je trouve du coup amusant de vouloir reprendre les bonnes habitudes de publication dès le premier jour.</p>
<p>À bientôt pour de nouvelles publications !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/philsidek/6607288407/in/photolist-b4S5DD-QsmQ5u-96goTb-qyfQ7K-qC8q8Z-21kaB7H-QmWFwg-qyVEmU-6Dxbce-QyrSj2-shQXci-dBWMbL-ruzRcL-qziRXJ-dGg1Ab-b4R8UB-8B6Tqf-CHgpMF-ZpjfmQ-Qf3Hrr-CCWDEP-ZXpkto-rQT3xu-qxAHkR-rMK9po-rtCqc9-96b6XZ-pFTWAg-b3R4QF-aobjqr-cA5EFd-dHmYDj-E28GcW-iQfxrZ-7rNLdi-qCCnTK-iQi74k-aoe6B7-owtmUh-BZ2naB-fWQw8X-U7k718-Q9BDso-Qf4sTW-d8KRNJ-ZACCf4-d9EBnK-d8KRTj-d8KRVW-8z5TR1" title=""Happy">Phillip Sidek - Happy new year</a>.</em></p>Merci et bonnes fêtes de fin d'année !2017-12-24T12:34:00+01:002017-12-24T12:34:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-24:/post/2017/12/24/merci-et-bonnes-fetes-de-fin-annee/<p><img alt="""" src="https://blog.anotherhomepage.org/public/partytimeagain.jpg">Aujourd'hui, rien de particulièrement technique : je voulais juste profiter de ce dernier billet “<a href="/tag/blogmas">blogmas</a>” 2017 pour te souhaiter, chère lectrice ou cher lecteur, une excellente fin d'année. Peu importe que tu la fêtes ou non, et peu importe ce que tu fêtes, je te souhaite d'agréables moments.</p>
<p>C'est aussi la …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/partytimeagain.jpg">Aujourd'hui, rien de particulièrement technique : je voulais juste profiter de ce dernier billet “<a href="/tag/blogmas">blogmas</a>” 2017 pour te souhaiter, chère lectrice ou cher lecteur, une excellente fin d'année. Peu importe que tu la fêtes ou non, et peu importe ce que tu fêtes, je te souhaite d'agréables moments.</p>
<p>C'est aussi la fin de l'année pour ce blog, et probablement l'un des derniers billets sinon le dernier de 2017. J'espère avoir pu rendre service, fait découvrir une chose ou deux à au moins une personne grâce à mes billets. J'en profite pour remercier toutes celles et ceux qui ont lu un ou plusieurs articles, voir même commenté au bas d'entre eux ou sur les réseau sociaux ! J'ai énormément apprécié vos contributions !</p>
<p>Rendez-vous en 2018 !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/comedynose/7517117010/in/photolist-csgbZG-bEhVGw-bEhSab-bTcCbK-owVuwk-9oxm1P-Z5MKqU-6MxWvn-QQXXCc-ZGPAnJ-hDBUdH-ot828W-hDNspe-mjUDxs-6z2WsP-7DdAia-i41cFp-7Dix2d-6z72EE-oeSii2-ci4RLY-odc8W8-odgiS2-4TtgXG-ou7ZK7-oeZuUV-ztuR53-oeV28k-otznNs-UdvsEi-FY5o6r-odmLW3-rrw8CN-dBCDKu-ouhCqf-hDFfP7-6dsDvE-kp4N1K-owSFsV-oeSTs5-7DhnX1-7Dix6o-owb9x9-oukmpr-owhopq-ou3L8n-ocFdq9-owtP42-odN7Db-ousimG" title=""Project">Pete - Project 366 #188: 060712 Party Time...Again!</a>.</em></p>On the road again !2017-12-23T09:30:00+01:002017-12-23T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-23:/post/2017/12/23/on-the-road-again/<p><img alt=""Mountain" src="https://blog.anotherhomepage.org/public/2017/mountainroad.jpg" title=""Mountain">Aujourd'hui, je suis sur la route des vacances de fin d'année, et n'ai pas eu le temps d'écrire un billet technique. Il me manque d'ailleurs encore deux billets pour ce blogmas, je n'aurai malheureusement pas le temps d'ici demain de les écrire.</p>
<p>Sans préciser particulièrement d'où je pars et où …</p><p><img alt=""Mountain" src="https://blog.anotherhomepage.org/public/2017/mountainroad.jpg" title=""Mountain">Aujourd'hui, je suis sur la route des vacances de fin d'année, et n'ai pas eu le temps d'écrire un billet technique. Il me manque d'ailleurs encore deux billets pour ce blogmas, je n'aurai malheureusement pas le temps d'ici demain de les écrire.</p>
<p>Sans préciser particulièrement d'où je pars et où je vais, il y a environ 6h30 de route, sans compter les pauses. Je ne fais pas souvent des journées de route comme ça mais étrangement je les apprécie.</p>
<p>Bonne journée !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/wallboat/25096261938/in/photolist-EeEUkm-Z7z3pC-YaEMJv-D6msbp-8SGDgb-Z93Nh3-jsyMqt-mjg9Nr-CS7qyB-22vrjuk-SUFEbE-WVP6B3-UyEDNM-D36t4V-21asDL6-WPobm7-cVoSNU-3zLE8P-YbUk6y-Xv7ywJ-JYawr-YMXBeu-mmYcsm-BB7bKQ-HQyKuw-aBwhwL-CZfH2D-Ya1LfB-pmGnYG-JUoW4-JY8Mi-XYLNv7-Vkw69q-XQC9NH-21jGXKk-JY13o-YN3YWx-JY16W-YN4UtT-Xw3oMd-kgzbd-z87Art-CFr182-JYagz-21emjPd-89LEcQ-mWAN33-chur5o-DoNRDL-dZNLBG" title=""Mountain">Wall Boat - Mountain road</a>.</em></p>NetBSD : haute disponibilité avec CARP2017-12-22T10:25:00+01:002017-12-22T10:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-22:/post/2017/12/22/netbsd-haute-disponibilite-avec-carp/<p><img alt=""Turner" src="https://blog.anotherhomepage.org/public/2017/turnertwins.jpg" title=""Turner">NetBSD dispose depuis la version 4.0 d'une implémentation du protocole <a href="https://fr.wikipedia.org/wiki/Common_Address_Redundancy_Protocol" title=""CARP">CARP</a>. Il s'agit d'un protocole, à l'origine prévu pour les routeurs, permettant à un groupe de machines de disposer d'une adresse IP flottante. Si la machine principale venait à être indisponible, une machine secondaire peut alors prendre le relai …</p><p><img alt=""Turner" src="https://blog.anotherhomepage.org/public/2017/turnertwins.jpg" title=""Turner">NetBSD dispose depuis la version 4.0 d'une implémentation du protocole <a href="https://fr.wikipedia.org/wiki/Common_Address_Redundancy_Protocol" title=""CARP">CARP</a>. Il s'agit d'un protocole, à l'origine prévu pour les routeurs, permettant à un groupe de machines de disposer d'une adresse IP flottante. Si la machine principale venait à être indisponible, une machine secondaire peut alors prendre le relai. CARP permet donc de mettre en place de la haute disponibilité.</p>
<p>Je me suis amusé à mettre en place une configuration CARP sur les deux serveurs DNS de mon LAN. Pourquoi ? J'ai remarqué que bien souvent, selon les OS, quand on spécifie deux serveurs DNS dans les paramètres réseau, même si la redondance est là, on peut sentir un ralentissement :</p>
<ul>
<li>le client va faire du round-robin et donc régulièrement des requêtes vont échouer ;</li>
<li>le client va d'abord s'adresser au premier serveur DNS de sa liste, et si celui-ci est indisponible, il attendra un timeout avant de passer au suivant.</li>
</ul>
<p>Il y a probablement d'autres moyens d'adresser ces problèmes, mais cela m'a fourni une excuse de jouer avec CARP, c'est le plus important :)</p>
<p>CARP se présente en fait sous forme d'une carte réseau fictive dont le pilote est disponible dans le noyau. Quand je dis disponible, c'est qu'en théorie l'option est compilée dans le noyau GENERIC, mais cela n'est pas forcément le cas sur toutes les plateformes. Ainsi, j'ai dû <a href="/post/netbsd-recompilation-noyau-npf-domu">recompiler un noyau</a> contenant “pseudo-device carp”.</p>
<p>Une fois que CARP est bien disponible, il suffit tout simplement de créer une nouvelle interface réseau sur chaque machine. La machine principale aura un poids plus fort que la machine secondaire, et portera l'adresse IP flottante en temps normal.</p>
<p>Sur la machine principale :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ifconfig carp0 create</span>
<span class="c1"># ifconfig carp0 vhid 101 pass motdepassehalakon 10.13.37.42 netmask 255.255.255.0</span>
</code></pre></div>
<p>Sur la machine secondaire :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ifconfig carp0 create</span>
<span class="c1"># ifconfig carp0 vhid 100 pass motdepassehalakon 10.13.37.42 netmask 255.255.255.0</span>
</code></pre></div>
<p>On peut alors vérifier que l'adresse IP flottante est joignable. A noter la présence d'un mot de passe permettant de limiter les cas de "vol d'IP flottante", ici positionné à "motdepassehalakon"</p>
<p>Pour que cela tienne au redémarrage, il faut bien entendu que la configuration soit enregistrée quelque part. En fait, en terme de configuration, il s'agit tout simplement de la configuration de la carte réseau <em>carp0</em>, ici sur la machine principale :</p>
<div class="highlight"><pre><span></span><code>$ cat /etc/ifconfig.carp0
create
up
vhid <span class="m">101</span> pass motdepassehalakon <span class="m">10</span>.13.37.42 <span class="m">255</span>.255.255.0
</code></pre></div>
<p>Ensuite sur la machine secondaire :</p>
<div class="highlight"><pre><span></span><code>$ cat /etc/ifconfig.carp0
create
up
vhid <span class="m">100</span> pass motdepassehalakon <span class="m">10</span>.13.37.42 <span class="m">255</span>.255.255.0
</code></pre></div>
<p>Maintenant, il ne reste plus qu'à tester... en débranchant la prise !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/statelibraryofnsw/3073045010/" title=""Turner">State Library of New South Wales - Turner Twins, acrobats, 1937 / by Sam Hood</a>.</em></p>rsnapshot, le robot de sauvegarde2017-12-21T16:50:00+01:002017-12-21T16:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-21:/post/2017/12/21/rsnapshot-robot-sauvegarde/<p><img alt=""vélo en pièces détachées"" src="https://blog.anotherhomepage.org/public/spareparts.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, aujourd'hui un billet sur <a href="http://rsnapshot.org/" title="rsnapshot">rsnapshot</a>, un logiciel de sauvegarde incrémentale basé sur rsync. Si j'en fais un billet, c'est tout simplement car c'est ce que j'ai mis en place pour sauvegarder mon infrastructure.</p>
<p>J'avoue ne pas trop savoir quoi raconter sur …</p><p><img alt=""vélo en pièces détachées"" src="https://blog.anotherhomepage.org/public/spareparts.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, aujourd'hui un billet sur <a href="http://rsnapshot.org/" title="rsnapshot">rsnapshot</a>, un logiciel de sauvegarde incrémentale basé sur rsync. Si j'en fais un billet, c'est tout simplement car c'est ce que j'ai mis en place pour sauvegarder mon infrastructure.</p>
<p>J'avoue ne pas trop savoir quoi raconter sur ce logiciel, car de nombreuses documentations existent déjà, quasiment pour chaque distribution :</p>
<ul>
<li><a href="https://doc.ubuntu-fr.org/rsnapshot" title=""documentation">chez Ubuntu-fr</a> ;</li>
<li><a href="https://wiki.archlinux.org/index.php/Rsnapshot" title=""documentation">chez ArchLinux</a> ;</li>
<li><a href="https://wiki.gentoo.org/wiki/Rsnapshot" title=""documentation">chez Gentoo</a> ;</li>
<li><a href="https://wiki.alpinelinux.org/wiki/Rsnapshot" title=""documentation">chez Alpine Linux</a> ;</li>
<li>encore pour Ubuntu, <a href="https://www.digitalocean.com/community/tutorials/how-to-install-rsnapshot-on-ubuntu-12-04" title=""tutoriel">un tutoriel chez Digital Ocean</a> ;</li>
<li>cette fois-ci pour Debian, un autre <a href="https://www.howtoforge.com/set-up-rsnapshot-archiving-of-snapshots-and-backup-of-mysql-databases-on-debian" title=""tutoriel">tutoriel rsnapshot pour MySQL</a>, de chez Howtoforge.</li>
</ul>
<p>Je vais donc parler de quelques points de ma configuration en particulier. La première particularité de celle-ci est que j'ai choisi d'installer rsnapshot sur une machine (en fait une jail FreeBSD sur mon NAS FreeNAS) et de l'utiliser en mode "robot de sauvegarde", c'est-à-dire qu'il va se connecter sur toutes les machines à sauvegarder via SSH pour effectuer les sauvegardes. J'y vois l'avantage que je n'ai qu'une seule configuration à modifier, et un utilisateur à configurer sur mes serveurs (accompagné, bien entendu, de sa configuration sudo et de la clé SSH).</p>
<p>Par exemple, pour la sauvegarde du Raspberry Pi qui fait des bulk builds :</p>
<div class="highlight"><pre><span></span><code>backup rsnapshot@netpi2:/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/usr/pkg/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/var/log/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/srv/sandbox/pkgsrc-current/usr/pbulk/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
</code></pre></div>
<p>On peut aussi noter que j'ai choisi d'ajouter des options à rsync selon mes machines, car celles-ci peuvent être de différents OS, ce qui fait que rsync et sudo ne se trouvent pas toujours au même endroit.</p>
<p>Du côté de la rétention et des intervalles de sauvegarde, j'ai fait très simple :</p>
<ul>
<li>une sauvegarde par jour (daily);</li>
<li>370 jours de rétention.</li>
</ul>
<p>370 jours peut sembler un peu abusé, mais la force de rsnapshot est dans son utilisation des liens (hardlinks) combinée à celle de rsync, qui rend les sauvegardes rapides, mais aussi moins consommatrices en espace disque car dédupliquées. Par exemple pour le serveur web de ce blog :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># du -csh daily.0/vhost2/ daily.1/vhost2/</span>
17G daily.0/vhost2/
<span class="m">2</span>.3G daily.1/vhost2/
19G total
</code></pre></div>
<p>La restauration se fait très simplement aussi, puisqu'il s'agit de fichiers tout ce qu'il y a de plus classiques, ou de liens.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/ritpir88/35264463313/in/photolist-VJcAma-5K3eF2-owvd5T-U46ZAF-oc8krN-owhDzo-otGXrC-b6RQDv-WPNxGG-otqL4r-ov2Dg3-otEoq9-ouD1K4-W8PR2f-o2uUFL-ocy4bx-ormpmj-6MBUNa-oyfnQv-odqyci-SU7dXw-ocSV29-oeZ2iy-SwkNTe-RCRYTq-w7KHtd-oye1Pp-oeZD6q-72SJuQ-ouQij4-c12JYW-od4qo2-wPnb4x-7rNLdi-ous2vd-oy6YDr-od7TTZ-ouHwxn-otF8wG-ov2ccu-ocUjQZ-orDtxb-ouj5n3-od63dh-ot696C-ocNRAC-oupxQD-VtcZkA-4jym8u-Wm1wvu" title=""Spare">Ritva Pirinen - Spare Parts</a>.</em></p>5 fichiers texte à placer à sur son site web !2017-12-20T11:05:00+01:002017-12-20T11:05:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-20:/post/2017/12/20/5-fichiers-texte-sur-son-site-web/<p><img alt="""" src="https://blog.anotherhomepage.org/public/Ninotchka1939.jpg">En regardant dans mes statistiques de visites pour un autre billet, j'ai remarqué que j'avais des tentatives d'accès sur un fichier <em>/.well-known/dnt-policy.txt</em>. Je me suis donc renseigné sur ce fichier, et de fil en aiguille, j'ai lu sur d'autres fichiers textes plus ou moins standard placés à la …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/Ninotchka1939.jpg">En regardant dans mes statistiques de visites pour un autre billet, j'ai remarqué que j'avais des tentatives d'accès sur un fichier <em>/.well-known/dnt-policy.txt</em>. Je me suis donc renseigné sur ce fichier, et de fil en aiguille, j'ai lu sur d'autres fichiers textes plus ou moins standard placés à la racine d'un site.</p>
<h3>dnt-policy.txt</h3>
<p>Commençons donc par ce fichier “dnt-policy.txt”. Le premier résultat en cherchant sur un moteur de recherche m'amène à <a href="https://www.eff.org/dnt-policy" title=""Electronic">une page du site de l'EFF</a>. A quoi sert ce fichier ? Il sert à annoncer la politique du site Internet visité concernant l'en-tête <a href="https://fr.wikipedia.org/wiki/Do_Not_Track" title=""Do">Do Not Track</a>.</p>
<p>A la lecture de tout cela, je vois que c'est quand même assez compliqué, je ne pense pas mettre en place de fichier sur mon blog dans l'immédiat.</p>
<h3>robots.txt</h3>
<p>Le grand classique, “robots.txt” permet de signaler aux moteurs de recherche quel contenu de son site indexer, et quel contenu ne pas indexer. Malgré tout, certains robots ou moteurs de recherche ne respectent pas les directives de ce fichier, puisqu'il n'y a aucune obligation.</p>
<p>Pour aller plus loin :</p>
<ul>
<li><a href="http://robots-txt.com/" title="Robots-txt.com">un site en français introductif sur ce fichier</a> et sur d'autres ressources ;</li>
<li><a href="http://www.robotstxt.org/" title="Robotstxt.org">un site en anglais sur le même sujet</a> ;</li>
<li><a href="https://fr.wikipedia.org/wiki/Protocole_d%27exclusion_des_robots" title=""Wikipédia">Wikipédia : Protocole d'exclusion des robots</a>.</li>
</ul>
<p>Bien entendu, mon blog dispose d'un tel fichier.</p>
<h3>humans.txt</h3>
<p>Dans la logique du précédent fichier, certains se sont dit : et pourquoi pas proposer un fichier à destination des "humains" et qui contient des informations sur les différentes personnes qui ont contribué à la construction du site ? Ainsi est né le fichier “humans.txt” ! On peut se renseigner sur cette initiative <a href="http://humanstxt.org/FR" title=""Humans.txt">sur humanstxt.org</a></p>
<p>Je viens de mettre en place un tel fichier, mais je n'ai pas ajouté de lien vers celui-ci dans mes balise meta. J'espère que pour le moment, cela convient.</p>
<h3>security.txt</h3>
<p>Toujours dans l'esprit d'informations faciles à obtenir, “security.txt” a pour principe d'indiquer qui contacter en cas de problème de sécurité avec le site visité. Ce fichier est en particulier utile aux chercheurs en sécurité des systèmes d'information qui souhaitent informer de manière responsable l'équipe du site de la présence d'une vulnérabilité.</p>
<p>Le fichier est assez simple dans son implémentation, on y indique généralement une adresse e-mail ainsi qu'une URL vers une éventuelle clé GPG pour s'assurer de la confidentialité des échanges. Plus d'informations sont disponibles sur <a href="https://securitytxt.org/" title=""Security.txt">le site dédié</a>.</p>
<p>J'ai profité de l'écriture de ce billet pour en mettre un ! J'espère que celui-ci est correct.</p>
<h3>hackers.txt</h3>
<p>Ce dernier fichier est un peu plus particulier. <a href="https://mrkiffie.com/2011/hackers-txt/" title=""billet">Kiffie Liversage</a> a remarqué que sur le site “humanstxt.org” qu'une image d'illustration contenait, en plus des habituels <em>robots.txt</em> et <em>humans.txt</em>, un fichier nommé <em>hackers.txt</em>. A priori il n'y a aucune norme, aucun standard ou convention pour un tel fichier, alors il a décidé d'en créer une.</p>
<p>Je n'ai pas de fichier de ce type au moment de l'écriture de ce billet. Mais l'initiative m'amuse, alors j'ai bien envie de le faire aussi à l'occasion !</p>
<h3>et d'autres ?</h3>
<p>Il existe probablement d'autres conventions, plus ou moins connues. Les seules qui me viennent à l'esprit sont le répertoire <em>/.well-known/</em> (utilisé pour <em>dnt-policy.txt</em> mais aussi pour le fichier de challenge Let's Encrypt, et décrit dans la <a href="https://tools.ietf.org/html/rfc5785" title=""RFC">RFC 5785</a>), et le fichier <em><a href="https://fr.wikipedia.org/wiki/Sitemaps" title=""Wikipédia">sitemaps.xml</a></em>, mais qui n'est pas juste du texte, comme son nom l'indique.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/jumborois/3500758501/" title=""Ninotchka">Susanlenox - Ninotchka (1939)</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 01/03/2018 17:19 par B</h3>
<p>canary.txt :s</p>
<h3>Le 04/05/2020 16:25 par <a href="https://www.visionduweb.com">Zer00CooL</a></h3>
<p>Bonjour et merci pour ce billet très intéressant.
J'en ai profité pour diffuser ma clé pubkey.txt mais je crois que je me suis trompé, j'aurais plutôt du le nommer security.txt voir à le dupliquer en security.txt plutôt que de simplement ajouter pubkey.txt.</p>
<p>Les accents ne passent pas si je consulte mon fichier pubkey.txt : https://wiki.visionduweb.fr/pubkey.txt
J'aurais mal encodé mon fichier ?</p>
<p>Sur le principe du fichier hackers.txt, je propose une nouvelle norme, le fichier green.txt qui pourrait servir à spécifier la valeur ajoutée d'un site internet, en ce qui concerne l'écologie.
Bon, je ne l'ai moi même pas encore renseigné sur mon site, mais, ça pourrait être intéressant à proposer, qu'en penses tu ?</p>
<p>Si tu valides l'idée, je te propose de l'ajouter à ta liste ;)
Merci ;)</p>sslh : faire cohabiter SSH et HTTPS2017-12-19T17:25:00+01:002017-12-19T17:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-19:/post/2017/12/19/sslh-faire-cohabiter-ssh-et-https/<p><img alt="""" src="https://blog.anotherhomepage.org/public/20160214_183534.jpg">Sur un système Unix libre, il n'est pas possible de faire écouter deux services réseau sur un même port. <a href="http://www.rutschle.net/sslh" title="sslh">sslh</a> est un logiciel qui permet d'écouter sur un port et redirige le trafic vers un service, selon les premiers octets écoutés. Il devient ainsi possible, par exemple, de partager son …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/20160214_183534.jpg">Sur un système Unix libre, il n'est pas possible de faire écouter deux services réseau sur un même port. <a href="http://www.rutschle.net/sslh" title="sslh">sslh</a> est un logiciel qui permet d'écouter sur un port et redirige le trafic vers un service, selon les premiers octets écoutés. Il devient ainsi possible, par exemple, de partager son port 443 entre un serveur SSH et un serveur HTTPS.</p>
<p>La configuration est très simple, voici ce que j'ai mis en place sur un Raspberry Pi fonctionnant sous NetBSD :</p>
<div class="highlight"><pre><span></span><code><span class="n">verbose</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">foreground</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">inetd</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">numeric</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">transparent</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">timeout</span><span class="o">:</span><span class="w"> </span><span class="mi">2</span><span class="o">;</span><span class="w"></span>
<span class="n">user</span><span class="o">:</span><span class="w"> </span><span class="s2">"nobody"</span><span class="o">;</span><span class="w"></span>
<span class="n">pidfile</span><span class="o">:</span><span class="w"> </span><span class="s2">"/var/run/sslh.pid"</span><span class="o">;</span><span class="w"></span>
<span class="n">listen</span><span class="o">:</span><span class="w"></span>
<span class="o">(</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"443"</span><span class="o">;</span><span class="w"> </span><span class="o">}</span><span class="w"></span>
<span class="o">);</span><span class="w"></span>
<span class="n">protocols</span><span class="o">:</span><span class="w"></span>
<span class="o">(</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssh"</span><span class="o">;</span><span class="w"> </span><span class="n">service</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssh"</span><span class="o">;</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"22"</span><span class="o">;</span><span class="w"> </span><span class="n">probe</span><span class="o">:</span><span class="w"> </span><span class="s2">"builtin"</span><span class="o">;</span><span class="w"> </span><span class="o">},</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssl"</span><span class="o">;</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"8443"</span><span class="o">;</span><span class="w"> </span><span class="n">probe</span><span class="o">:</span><span class="w"> </span><span class="s2">"builtin"</span><span class="o">;</span><span class="w"> </span><span class="o">}</span><span class="w"></span>
<span class="o">);</span><span class="w"></span>
</code></pre></div>
<p>Avec cette configuration, sslh redirige le trafic SSH vers netpi3 sur le port 443 vers netpi3 sur le port 22 (j'aurais pû mettre localhost), et redirige aussi le trafic HTTPS vers netpi3 sur le port 443 vers netpi3 sur le port 8443 (j'aurais aussi pû mettre localhost). Un inconvénient à ce système, c'est que le trafic vu par le serveur SSH ou par le serveur HTTPS est vu comme provenant de l'IP hébergeant sslh. Cela peut s'avérer gênant dans la configuration d'un pare-feu ou d'autres outils comme Fail2ban. Il existe toutefois une configuration pour ce dernier, et dans le cas de Linux et de FreeBSD, sslh gère une fonctionnalité de proxy transparent (voir la <a href="http://www.rutschle.net/tech/sslh/README.html" title=""sslh">documentation</a>).</p>
<p>A noter que HTTPS et SSH ne sont pas les seuls protocoles pris en charge. Il est possible de faire pareil avec XMPP et OpenVPN, par exemple.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/134947886@N02/25146087731/" title="20160214_183534">David Verbrugge - 20160214_183534</a>.</em></p>CentOS 7 : installation vraiment minimale2017-12-18T11:25:00+01:002017-12-18T11:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-18:/post/2017/12/18/centos-7-installation-vraiment-minimale/<p><img alt="""" src="https://blog.anotherhomepage.org/public/feather.jpg">Il y a deux ans, j'ai écrit un article sur une <a href="/post/2015/08/29/installation-minimaliste-de-CentOS-7">installation minimaliste de CentOS 7</a>. Celle-ci avait le mérite d'avoir été réalisée rapidement, et d'être assez satisfaisante. Bref, un bon exemple de <a href="https://fr.wikipedia.org/wiki/Principe_de_Pareto" title=""Loi">la loi de Pareto</a>. Toutefois, je n'en étais pas pleinement satisfait, par exemple à cause de paquets …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/feather.jpg">Il y a deux ans, j'ai écrit un article sur une <a href="/post/2015/08/29/installation-minimaliste-de-CentOS-7">installation minimaliste de CentOS 7</a>. Celle-ci avait le mérite d'avoir été réalisée rapidement, et d'être assez satisfaisante. Bref, un bon exemple de <a href="https://fr.wikipedia.org/wiki/Principe_de_Pareto" title=""Loi">la loi de Pareto</a>. Toutefois, je n'en étais pas pleinement satisfait, par exemple à cause de paquets de type firmware, qui peuvent être ajoutés avec le temps lors de nouvelles versions de CentOS, mais aussi parce que j'enlevais pas mal de paquets par rapport au groupe nommé “Base”. J'ai donc décidé de toucher au groupe “Core”.</p>
<p><strong>Avertissement</strong> : ce genre d'exercice ou d'expérience n'est pas à utiliser "en production" tel quel. Le système réellement basique qui en résulte ne contient pas vraiment grand-chose, et il manque ainsi de nombreux outils de diagnostic ou d'administration qui peuvent s'avérer utile en environnement professionnel. Dans le cas d'une reproduction de ces manipulations avec un système RHEL, il faudra très probablement ajouter de nombreux paquets pour gérer l'enregistrement auprès du RHN (ou d'un Satellite), ainsi que des paquets requis par le support de Red Hat.</p>
<p>Je vois donc cet exercice comme une base, me permettant ensuite d'installer les logiciels que j'estime nécessaires pour le besoin de chaque serveur.</p>
<h3>Pourquoi ?</h3>
<p>Quel est l'intérêt de faire une installation vraiment minimale ? En fait j'en vois plusieurs :</p>
<ul>
<li>tout d'abord, moins de paquets c'est moins de place occupée, même si la place sur nos disques durs augmente avec le temps, il apparaît pertinent dans le cas de machines virtuelles d'occuper le moins de place possible ;</li>
<li>ensuite, car cela peut rendre l'installation plus rapide : moins de paquets à installer, moins de temps à les installer ;</li>
<li>enfin, car c'est <a href="https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/" title=""Recommandations">une recommandation ANSSI</a>, de n'installer que le strict nécessaire, afin de limiter la surface d'attaque ; j'en viens d'ailleurs à passer pour un extrémiste auprès de certains lorsque j'annonce que les pages de manuel n'ont rien à faire sur un système de production...</li>
</ul>
<p>Un autre point à aborder avant de mettre les mains dans le cambouis : jusqu'où aller ? A quel point peut-on dire que cela est réellement une installation minimale, et à quel point le système qui en résulte est utilisable ? Voici mes critères pour cette installation :</p>
<ul>
<li>le système doit pouvoir démarrer, au moins en machine virtuelle, idéalement en machine physique ;</li>
<li>le système doit avoir un accès au réseau filaire fonctionnel avec une adresse IPv4 fixe (le DHCP n'est pas nécessaire) ;</li>
<li>le système doit pouvoir installer et mettre à jour des paquets ;</li>
<li>le partitionnement est réduit au minimum (/boot, / et swap) et utilise le système de fichiers utilisé par défaut (XFS) ;</li>
<li>les fonctions suivantes sont disponibles : serveur SSH, client NTP, pare-feu (firewalld) ;</li>
<li>le système peut rester en anglais.</li>
</ul>
<p>Tout le reste peut être retiré. Tout ? Presque, pour éviter de me casser la tête avec un clavier QWERTY, j'ai décidé d'installer le paquet <em>kbd</em>. Mais cela reste une préférence toute personnelle.</p>
<h3>Comment ?</h3>
<p>Partir d'une installation "manuelle" et retirer des éléments est contre-productif. Pour arriver à l'objectif, il va falloir automatiser l'installation, grâce à <a href="https://en.wikipedia.org/wiki/Kickstart_(Linux)" title=""Kickstart">kickstart</a>.</p>
<p>Voici donc le fichier que j'utilise pour cela :</p>
<div class="highlight"><pre><span></span><code><span class="cp"># Kickstart file automatically generated by anaconda.</span>
<span class="cp">#version=DEVEL</span>
<span class="n">install</span><span class="w"></span>
<span class="n">text</span><span class="w"></span>
<span class="n">reboot</span><span class="w"></span>
<span class="n">firstboot</span><span class="w"> </span><span class="o">--</span><span class="n">disabled</span><span class="w"></span>
<span class="n">lang</span><span class="w"> </span><span class="n">en_US</span><span class="p">.</span><span class="n">UTF</span><span class="mi">-8</span><span class="w"></span>
<span class="n">keyboard</span><span class="w"> </span><span class="n">fr</span><span class="o">-</span><span class="n">latin9</span><span class="w"></span>
<span class="n">firewall</span><span class="w"> </span><span class="o">--</span><span class="n">enabled</span><span class="w"></span>
<span class="n">authconfig</span><span class="w"> </span><span class="o">--</span><span class="n">enableshadow</span><span class="w"> </span><span class="o">--</span><span class="n">passalgo</span><span class="o">=</span><span class="n">sha512</span><span class="w"></span>
<span class="n">selinux</span><span class="w"> </span><span class="o">--</span><span class="n">enforcing</span><span class="w"></span>
<span class="n">services</span><span class="w"> </span><span class="o">--</span><span class="n">enabled</span><span class="w"> </span><span class="n">sshd</span><span class="p">,</span><span class="n">chronyd</span><span class="w"></span>
<span class="n">timezone</span><span class="w"> </span><span class="o">--</span><span class="n">utc</span><span class="w"> </span><span class="n">Europe</span><span class="o">/</span><span class="n">Paris</span><span class="w"></span>
<span class="n">network</span><span class="w"> </span><span class="o">--</span><span class="n">onboot</span><span class="w"> </span><span class="n">yes</span><span class="w"> </span><span class="o">--</span><span class="n">device</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="o">--</span><span class="n">mtu</span><span class="o">=</span><span class="mi">1500</span><span class="w"> </span><span class="o">--</span><span class="n">bootproto</span><span class="w"> </span><span class="k">static</span><span class="w"> </span><span class="o">--</span><span class="n">ip</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">D</span><span class="w"> </span><span class="o">--</span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255.255.0</span><span class="w"> </span><span class="o">--</span><span class="n">gateway</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">E</span><span class="w"> </span><span class="o">--</span><span class="n">nameserver</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">F</span><span class="w"> </span><span class="o">--</span><span class="n">activate</span><span class="w"> </span><span class="o">--</span><span class="n">hostname</span><span class="w"> </span><span class="n">pxemachine</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">loc</span><span class="w"></span>
<span class="n">rootpw</span><span class="w"> </span><span class="n">centos</span><span class="w"></span>
<span class="n">user</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">nils</span><span class="w"> </span><span class="o">--</span><span class="n">homedir</span><span class="o">=/</span><span class="n">home</span><span class="o">/</span><span class="n">nils</span><span class="w"> </span><span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="mi">1001</span><span class="w"> </span><span class="o">--</span><span class="n">gid</span><span class="o">=</span><span class="mi">1001</span><span class="w"> </span><span class="o">--</span><span class="n">password</span><span class="o">=</span><span class="n">centos</span><span class="w"> </span><span class="o">--</span><span class="n">groups</span><span class="o">=</span><span class="n">wheel</span><span class="w"></span>
<span class="n">url</span><span class="w"> </span><span class="o">--</span><span class="n">url</span><span class="w"> </span><span class="n">ftp</span><span class="o">:</span><span class="c1">//X.Y.Z.T/pub/centos/7/os/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">updates</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">ftp</span><span class="o">:</span><span class="c1">//X.Y.Z.T/pub/centos/7/updates/x86_64/</span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">--</span><span class="n">location</span><span class="o">=</span><span class="n">mbr</span><span class="w"> </span><span class="o">--</span><span class="n">driveorder</span><span class="o">=</span><span class="n">sda</span><span class="w"> </span><span class="o">--</span><span class="n">append</span><span class="o">=</span><span class="s">"crashkernel=auto rhgb quiet"</span><span class="w"></span>
<span class="n">clearpart</span><span class="w"> </span><span class="o">--</span><span class="n">all</span><span class="w"> </span><span class="o">--</span><span class="n">initlabel</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">boot</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">500</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">1024</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">1024</span><span class="w"> </span><span class="o">--</span><span class="n">grow</span><span class="w"></span>
<span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">excludedocs</span><span class="w"> </span><span class="o">--</span><span class="n">instLangs</span><span class="o">=</span><span class="n">en</span><span class="w"> </span><span class="o">--</span><span class="n">nocore</span><span class="w"></span>
<span class="n">bash</span><span class="w"></span>
<span class="n">yum</span><span class="w"></span>
<span class="n">centos</span><span class="o">-</span><span class="n">release</span><span class="w"></span>
<span class="n">passwd</span><span class="w"></span>
<span class="n">iputils</span><span class="w"></span>
<span class="n">iproute</span><span class="w"></span>
<span class="n">systemd</span><span class="w"></span>
<span class="n">rootfiles</span><span class="w"></span>
<span class="n">kbd</span><span class="w"></span>
<span class="n">openssh</span><span class="o">-</span><span class="n">server</span><span class="w"></span>
<span class="o">-</span><span class="n">bind</span><span class="o">-</span><span class="n">license</span><span class="w"></span>
<span class="o">-</span><span class="n">dhclient</span><span class="w"></span>
<span class="o">-</span><span class="n">kexec</span><span class="o">-</span><span class="n">tools</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="w"></span>
<span class="nf">%end</span><span class="w"></span>
</code></pre></div>
<p>Comme évoqué plus haut, j'ai utilisé quelques arguments de la directive “%packages” qui me permet de n'installer que le minimum : ainsi, pas de documentation, on reste en anglais, et le groupe “Core” saute ! Il m'a donc fallu spécifier volontairement les paquets indispensables, comme le noyau, bash ou encore yum. Pour aller encore plus vite, j'ai choisi d'effectuer l'installation en mode texte (je pourrais être plus brutal et remplacer “text” par “cmdline”), mais effectuer celle-ci en mode graphique n'a pas d'incidence sur le nombre de paquets installés.</p>
<p>Malgré tout, il m'a fallu retirer volontairement quelques paquets qui me semblent peu utiles pour le moment : pas besoin de gérer des partitions ext2, 3 ou 4, pas besoin de kexec, ni de dhcp.</p>
<p>Le pare-feu reste activé, ainsi que SELinux : ils s'agit de paramètres par défaut assez sains, je ne vais donc pas recommander de les retirer. A noter malgré tout que le système est utilisable sans ces deux éléments.</p>
<h3>Résultat</h3>
<p>J'ai pu abaisser l'installation à 193 paquets installés. En poussant plus loin (pas de pare-feu, pas de ssh, pas de NTP, pas de kbd), je peux descendre à environ 170.Ma partition principale est alors utilisée à 466Mo, dont 393Mo dans <em>/usr</em>, et 11Mo dans <em>/etc</em>. Jamais je n'ai installé ou démarré un système CentOS aussi vite. Jamais je n'ai eu un système CentOS aussi austère : pas de vim, pas de less, pas de htop, et c'est limite si je dois me considérer heureux de disposer de grep !</p>
<p>D'un autre côté, pas de fioritures : pas de firmware de matériel non utilisé, pas de system-config-*, ni de NetworkManager. Bon, par contre faut pas rêver, systemd est obligatoire ;)</p>
<h3>Et la suite ?</h3>
<p>A partir de maintenant il est possible de personnaliser plus en avant son installation, et de n'utiliser des outils non pas parce qu'ils sont présents, mais parce qu'on en a besoin. Je ne sais pas encore quelle suite je pourrais donner à ce billet, qui vaille la peine d'être racontée : il n'est probablement pas intéressant de faire des billets en mode "yum install" pour vim, audit, ou quelque autre logiciel. Une possibilité pourrait être de coller aux recommandations ANSSI, mais il existe déjà plein de guides de sécurité pour Linux, non ?</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/144396386@N05/27871981232/in/photolist-JsXbYy-otzCWr-otqh3v-7APFzX-5qtrDT-ocU67C-4jy9ns-otkJrQ-9GY3SR-7AAxYq-otEsUm-9hY2We-Y5AJM7-qNW86X-owqbFv-5zoJJr-cvNE2S-owdzRS-RQfbvV-otAb1v-ovkUxR-BrQ4TZ-X8s1r8-Eh7Btj-QSWPCN-VbGZQL-9GE3S6-obMEYV-otgFiJ-odFJbW-otz6QA-UY2RUD-owdB3j-oeU728-otGXrC-orRxeq-ov75pe-odwgJf-pd3FzP-otqncq-owZN72-5jVMGh-otBFZ6-oc1qnc-obYwWD-oc1gaK-sbg6wn-oweqq2-4VAJM7-otCm5a" title="Feather">badr yousef - Feather</a>.</em></p>Quelques statistiques du blog2017-12-17T20:50:00+01:002017-12-17T20:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-17:/post/2017/12/17/quelques-statistiques-du-blog/<p><img alt="""" src="https://blog.anotherhomepage.org/public/passingtime2010.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, quelques statistiques sur les billets (blogmas ou pas) sur la première quinzaine de décembre. Pour cela, je me suis servi de mes one-liners en awk décrits <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">ici</a> et <a href="/post/2012/10/01/Nombre-d-occurrences-dans-un-fichier-remix">là</a>.</p>
<h3>Les billets les plus vus</h3>
<p>Commençons par les billets les plus visités …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/passingtime2010.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, quelques statistiques sur les billets (blogmas ou pas) sur la première quinzaine de décembre. Pour cela, je me suis servi de mes one-liners en awk décrits <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">ici</a> et <a href="/post/2012/10/01/Nombre-d-occurrences-dans-un-fichier-remix">là</a>.</p>
<h3>Les billets les plus vus</h3>
<p>Commençons par les billets les plus visités :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost2</span><span class="err">:</span><span class="o">~/</span><span class="n">tmp</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="ss">"GET /post/"</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">20</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">python</span><span class="o">-</span><span class="mi">3</span><span class="o">-</span><span class="n">outils</span><span class="o">-</span><span class="n">anaylser</span><span class="o">-</span><span class="n">code</span><span class="w"> </span><span class="mi">1527</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">make</span><span class="o">-</span><span class="n">automatiser</span><span class="o">-</span><span class="n">quelques</span><span class="o">-</span><span class="n">taches</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">un</span><span class="o">-</span><span class="n">makefile</span><span class="w"> </span><span class="mi">260</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">livre</span><span class="o">-</span><span class="n">apprendre</span><span class="o">-</span><span class="n">a</span><span class="o">-</span><span class="n">programmer</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">python</span><span class="w"> </span><span class="mi">243</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">xz</span><span class="o">-</span><span class="n">pour</span><span class="o">-</span><span class="n">une</span><span class="o">-</span><span class="n">meilleure</span><span class="o">-</span><span class="n">compression</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">ses</span><span class="o">-</span><span class="n">fichiers</span><span class="w"> </span><span class="mi">224</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">centos</span><span class="o">-</span><span class="mi">7</span><span class="o">-</span><span class="n">desactiver</span><span class="o">-</span><span class="n">firewalld</span><span class="o">-</span><span class="n">reactiver</span><span class="o">-</span><span class="n">iptables</span><span class="w"> </span><span class="mi">209</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2016</span><span class="o">/</span><span class="mi">12</span><span class="o">/</span><span class="mi">29</span><span class="o">/</span><span class="n">Vous</span><span class="o">-</span><span class="n">naviguez</span><span class="o">-</span><span class="n">toujours</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">un</span><span class="o">-</span><span class="n">site</span><span class="o">-</span><span class="n">HTTPS</span><span class="w"> </span><span class="mi">192</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">livre</span><span class="o">-</span><span class="n">introduction</span><span class="o">-</span><span class="n">au</span><span class="o">-</span><span class="n">langage</span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="mi">168</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">logrotate</span><span class="o">-</span><span class="n">exemple</span><span class="o">-</span><span class="n">vite</span><span class="o">-</span><span class="n">fait</span><span class="w"> </span><span class="mi">165</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">paris</span><span class="o">-</span><span class="k">open</span><span class="o">-</span><span class="n">source</span><span class="o">-</span><span class="n">summit</span><span class="o">-</span><span class="mi">2017</span><span class="o">-</span><span class="n">jour</span><span class="o">-</span><span class="mi">2</span><span class="w"> </span><span class="mi">161</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">en</span><span class="o">-</span><span class="n">retard</span><span class="w"> </span><span class="mi">152</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">paris</span><span class="o">-</span><span class="k">open</span><span class="o">-</span><span class="n">source</span><span class="o">-</span><span class="n">summit</span><span class="o">-</span><span class="mi">2017</span><span class="w"> </span><span class="mi">143</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">centos</span><span class="o">-</span><span class="mi">7</span><span class="o">-</span><span class="n">desactiver</span><span class="o">-</span><span class="n">firewalld</span><span class="o">-</span><span class="n">reactiver</span><span class="o">-</span><span class="n">iptables</span><span class="o">/</span><span class="w"> </span><span class="mi">124</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">Trouver</span><span class="o">-</span><span class="n">des</span><span class="o">-</span><span class="n">fichiers</span><span class="o">-</span><span class="n">doublons</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">fdupes</span><span class="w"> </span><span class="mi">123</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">raspberry</span><span class="o">-</span><span class="nf">pi</span><span class="o">-</span><span class="n">attention</span><span class="o">-</span><span class="n">alimentation</span><span class="w"> </span><span class="mi">112</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2009</span><span class="o">/</span><span class="mi">11</span><span class="o">/</span><span class="mi">09</span><span class="o">/</span><span class="n">Utilisation</span><span class="o">-</span><span class="n">transparente</span><span class="o">-</span><span class="n">d</span><span class="o">-</span><span class="n">une</span><span class="o">-</span><span class="n">passerelle</span><span class="o">-</span><span class="n">SSH</span><span class="w"> </span><span class="mi">83</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2011</span><span class="o">/</span><span class="mi">10</span><span class="o">/</span><span class="mi">03</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="mi">76</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">pbulk</span><span class="o">-</span><span class="n">aller</span><span class="o">-</span><span class="n">plus</span><span class="o">-</span><span class="n">loin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">les</span><span class="o">-</span><span class="n">parametres</span><span class="w"> </span><span class="mi">72</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">systemd</span><span class="o">-</span><span class="n">reconfigurer</span><span class="o">-</span><span class="n">unite</span><span class="o">-</span><span class="n">service</span><span class="w"> </span><span class="mi">71</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2017</span><span class="o">/</span><span class="mi">02</span><span class="o">/</span><span class="mi">13</span><span class="o">/</span><span class="n">clamav</span><span class="o">-</span><span class="n">installation</span><span class="o">-</span><span class="n">et</span><span class="o">-</span><span class="n">scan</span><span class="o">-</span><span class="n">antivirus</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">macos</span><span class="w"> </span><span class="mi">69</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2016</span><span class="o">/</span><span class="mi">12</span><span class="o">/</span><span class="mi">29</span><span class="o">/</span><span class="n">Vous</span><span class="o">-</span><span class="n">naviguez</span><span class="o">-</span><span class="n">toujours</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">un</span><span class="o">-</span><span class="n">site</span><span class="o">-</span><span class="n">HTTPS</span><span class="o">&</span><span class="n">fromurl</span><span class="o">=</span><span class="n">redirect</span><span class="p">.</span><span class="n">asp</span><span class="w"> </span><span class="mi">67</span><span class="w"></span>
</code></pre></div>
<p>Le billet le plus populaire est donc celui sur <a href="/post/python-3-outils-anaylser-code">les outils d'analyse de code Python</a>, et de loin ! Je note que j'ai mal écrit "analyser" dans l'URL, il faudra vraiment que je fasse attention à cela à l'avenir ! Il m'arriver d'ailleurs régulièrement de dépublier puis republier un billet en m'apercevant que l'URL ne me convient pas. J'en profite pour remercier <a href="https://oldbytes.space/@dashie" title=""Dashie">Dashie</a> pour notre conversation sur Mastodon, sans ça je n'aurais pas eu l'idée d'écrire ce billet.</p>
<h3>Les tag les plus vus</h3>
<p>Quels tags sont les plus populaires ?</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost2</span><span class="err">:</span><span class="o">~/</span><span class="n">tmp</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="ss">"GET /tag/"</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">20</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">NetBSD</span><span class="w"> </span><span class="mi">73</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Apache</span><span class="w"> </span><span class="mi">55</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">CentOS</span><span class="w"> </span><span class="mi">50</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">PHP</span><span class="w"> </span><span class="mi">47</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Linux</span><span class="o">/</span><span class="n">page</span><span class="o">/</span><span class="mi">3</span><span class="w"> </span><span class="mi">46</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Linux</span><span class="w"> </span><span class="mi">41</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Perl</span><span class="w"> </span><span class="mi">40</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">ssl</span><span class="w"> </span><span class="mi">38</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">blogmas</span><span class="w"> </span><span class="mi">34</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Awstats</span><span class="w"> </span><span class="mi">32</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Mac</span><span class="o">%</span><span class="mi">20</span><span class="n">OS</span><span class="o">%</span><span class="mi">20</span><span class="n">X</span><span class="w"> </span><span class="mi">31</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">RHEL</span><span class="w"> </span><span class="mi">31</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">mp3</span><span class="w"> </span><span class="mi">29</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">pkgsrc</span><span class="w"> </span><span class="mi">29</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">RPM</span><span class="w"> </span><span class="mi">29</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">macOS</span><span class="w"> </span><span class="mi">28</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Xen</span><span class="w"> </span><span class="mi">27</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">ssh</span><span class="w"> </span><span class="mi">27</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">tls</span><span class="w"> </span><span class="mi">27</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">https</span><span class="w"> </span><span class="mi">25</span><span class="w"></span>
</code></pre></div>
<p>Visiblement, je commence à devenir populaire pour <a href="/tag/NetBSD">NetBSD</a>, <a href="/tag/Apache">Apache</a>, <a href="/tag/CentOS">CentOS</a> et <a href="/tag/PHP">PHP</a> ! Dommage que <a href="/tag/pkgsrc">pkgsrc</a> soit un peu bas à mon goût. Le tag <a href="/tag/blogmas">blogmas</a> n'est pas non plus super populaire.</p>
<h3>Les referers</h3>
<p>D'où viennent les visites ?</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost2</span><span class="err">:</span><span class="o">~/</span><span class="n">tmp</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="ss">"GET /post/"</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$11]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">20</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">5077</span><span class="w"></span>
<span class="ss">"http://www.google.co.uk/url?sa=t&source=web&cd=1"</span><span class="w"> </span><span class="mi">468</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/"</span><span class="w"> </span><span class="mi">203</span><span class="w"></span>
<span class="ss">"https://www.google.fr/"</span><span class="w"> </span><span class="mi">196</span><span class="w"></span>
<span class="ss">"https://www.journalduhacker.net/"</span><span class="w"> </span><span class="mi">193</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/"</span><span class="w"> </span><span class="mi">124</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/post/centos-7-desactiver-firewalld-reactiver-iptables/"</span><span class="w"> </span><span class="mi">66</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/centos-7-desactiver-firewalld-reactiver-iptables/"</span><span class="w"> </span><span class="mi">58</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/post/centos-7-desactiver-firewalld-reactiver-iptables"</span><span class="w"> </span><span class="mi">52</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/post/python-3-outils-anaylser-code"</span><span class="w"> </span><span class="mi">45</span><span class="w"></span>
<span class="ss">"https://www.google.com/"</span><span class="w"> </span><span class="mi">31</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/category/Humour"</span><span class="w"> </span><span class="mi">29</span><span class="w"></span>
<span class="ss">""</span><span class="w"> </span><span class="mi">28</span><span class="w"></span>
<span class="ss">"https://socialmediascanner.eset.com"</span><span class="w"> </span><span class="mi">24</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/page/2"</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH"</span><span class="w"> </span><span class="mi">19</span><span class="w"></span>
<span class="ss">"https://www.google.fr"</span><span class="w"> </span><span class="mi">19</span><span class="w"></span>
<span class="ss">"https://www.journalduhacker.net/s/asxn1a/python_3_outils_pour_analyser_son_code"</span><span class="w"> </span><span class="mi">16</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org"</span><span class="w"> </span><span class="mi">15</span><span class="w"></span>
<span class="ss">"https://blog.anotherhomepage.org/feed/tag/Linux/atom"</span><span class="w"> </span><span class="mi">15</span><span class="w"></span>
</code></pre></div>
<p>Pas grand-chose à dire de ce côté, si ce n'est que beaucoup n'ont pas de referer, et en creusant un peu, le lien vers Google UK est utilisé par la même IP, et toutes les visites vont sur le billet sur les outils d'analyse de code Python. J'ai par contre été cité par le Journal du Hacker, ce qui fait bien plaisir !</p>
<h3>Des erreurs ?</h3>
<p>Quelques trucs étranges :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost2</span><span class="err">:</span><span class="o">~/</span><span class="n">tmp</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$9]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
<span class="mi">200</span><span class="w"> </span><span class="mi">48038</span><span class="w"></span>
<span class="mi">301</span><span class="w"> </span><span class="mi">17578</span><span class="w"></span>
<span class="mi">304</span><span class="w"> </span><span class="mi">10958</span><span class="w"></span>
<span class="mi">404</span><span class="w"> </span><span class="mi">834</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">716</span><span class="w"></span>
<span class="mi">503</span><span class="w"> </span><span class="mi">464</span><span class="w"></span>
<span class="mi">302</span><span class="w"> </span><span class="mi">229</span><span class="w"></span>
<span class="mi">400</span><span class="w"> </span><span class="mi">143</span><span class="w"></span>
<span class="mi">206</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="mi">403</span><span class="w"> </span><span class="mi">17</span><span class="w"></span>
</code></pre></div>
<p>Voyons voir les erreurs 404 :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost2</span><span class="err">:</span><span class="o">~/</span><span class="n">tmp</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">w</span><span class="w"> </span><span class="ss">"404"</span><span class="w"> </span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="n">centos</span><span class="o">-</span><span class="mi">7</span><span class="o">-</span><span class="n">desactiver</span><span class="o">-</span><span class="n">firewalld</span><span class="o">-</span><span class="n">reactiver</span><span class="o">-</span><span class="n">iptables</span><span class="o">/</span><span class="w"> </span><span class="mi">66</span><span class="w"></span>
<span class="o">/</span><span class="n">pages</span><span class="o">/</span><span class="n">Welcomerobots</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span><span class="mi">64</span><span class="w"></span>
<span class="o">/</span><span class="n">wp</span><span class="o">-</span><span class="n">login</span><span class="p">.</span><span class="n">php</span><span class="w"> </span><span class="mi">45</span><span class="w"></span>
<span class="o">/</span><span class="n">ads</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span><span class="mi">20</span><span class="w"></span>
<span class="o">/</span><span class="n">tag</span><span class="o">/</span><span class="n">Apachepage</span><span class="o">/</span><span class="mi">2</span><span class="w"> </span><span class="mi">12</span><span class="w"></span>
<span class="o">/</span><span class="n">pages</span><span class="o">/</span><span class="n">Welcomelicense</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span><span class="mi">12</span><span class="w"></span>
<span class="o">/</span><span class="n">a2billing</span><span class="o">/</span><span class="n">common</span><span class="o">/</span><span class="n">javascript</span><span class="o">/</span><span class="n">misc</span><span class="p">.</span><span class="n">js</span><span class="w"> </span><span class="mi">11</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2017</span><span class="o">/</span><span class="mi">01</span><span class="o">/</span><span class="mi">21</span><span class="o">/</span><span class="n">macOS</span><span class="o">-</span><span class="n">installer</span><span class="o">-</span><span class="n">pkgsrc</span><span class="o">-</span><span class="n">pour</span><span class="o">-</span><span class="n">beneficier</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">plus</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">logiciels</span><span class="w"> </span><span class="mi">11</span><span class="w"></span>
<span class="o">/</span><span class="n">apple</span><span class="o">-</span><span class="n">app</span><span class="o">-</span><span class="n">site</span><span class="o">-</span><span class="n">association</span><span class="w"> </span><span class="mi">11</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="w"> </span><span class="mi">11</span><span class="w"></span>
</code></pre></div>
<p>Résultat : sans doute des tentatives de bruteforce du blog, pensant qu'il s'agit d'un Wordpress ou d'autre chose. Par contre, il faudra que je regarde plus attentivement les billets à propos de firewalld et de pkgsrc sur macOS.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/volvob12b/9380929579/in/photolist-fhXHxa-UVeCo5-WgqHu4-tm7Nah-VLsFPA-owYnhV-q1vtfs-gpFUcT-UHPJ3p-dHhcUy-ocPksS-jsvZRM-owau16-opkoj8-oukdBN-UVeBKw-WgqH5X-Ziqkwz-VwURJB-oygAD4-oeQroe-dbQDin-q43qen-ocVL9k-odAcYk-ownxco-bUqwgL-odXdq1-dUU5mx-jg6MVj-ow6fdp-kvTaiB-kvT9tR-cDUUQb-oRTN7x-ouYs4Q-a85o3G-otVA5v-oyeYst-bUL56f-91TdG3-oeXdLf-RcQL7U-btYqx2-69BbEc-UZXzHu-oeWE93-ouH3to-orozAy-odfAsQ" title=""Passing">Bernard Spragg. NZ - Passing Time 2010 )</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 19/12/2017 19:27 par <a href="https://utux.fr">utux</a></h3>
<p>Essaie goaccess pour tes stats :)
(il parse les logs exactement comme tu as fait)</p>
<h3>Le 19/12/2017 21:30 par Nils</h3>
<p>Il est dans ma TODO. A la base, et comme certains billets en attestent, j'utilisais surtout Awstats, mais j'ai eu la flemme de le configurer lors de la dernière réinstallation du serveur web qui héberge ce blog.</p>CentOS 7 : démarrer Anaconda en PXE2017-12-16T11:42:00+01:002017-12-16T11:42:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-16:/post/2017/12/16/centos-7-anaconda-pxe/<p><img alt=""Pare-brise brisé"" src="https://blog.anotherhomepage.org/public/carglass03.jpg">Je voulais, à la base, écrire un billet sur une installation particulière de CentOS 7. J'ai donc voulu utiliser mon "infrastructure de boot PXE" à la maison et commencer à gribouiller un kickstart, mais quand j'ai démarré ma machine virtuelle sur le réseau, le drame :</p>
<div class="highlight"><pre><span></span><code>dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: Could not …</code></pre></div><p><img alt=""Pare-brise brisé"" src="https://blog.anotherhomepage.org/public/carglass03.jpg">Je voulais, à la base, écrire un billet sur une installation particulière de CentOS 7. J'ai donc voulu utiliser mon "infrastructure de boot PXE" à la maison et commencer à gribouiller un kickstart, mais quand j'ai démarré ma machine virtuelle sur le réseau, le drame :</p>
<div class="highlight"><pre><span></span><code>dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: Could not boot.
dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: /dev/root does not exist
</code></pre></div>
<p>Ma configuration pxelinux à ce moment est la suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">LABEL</span> <span class="n">centos7amd64</span>
<span class="n">MENU</span> <span class="n">LABEL</span> <span class="n">Install</span> <span class="n">CentOS</span> <span class="mi">7</span> <span class="n">x86_64</span> <span class="p">(</span><span class="n">interactive</span><span class="p">)</span>
<span class="n">KERNEL</span> <span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">vmlinuz</span>
<span class="n">APPEND</span> <span class="n">initrd</span><span class="o">=</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">initrd</span><span class="p">.</span><span class="n">img</span> <span class="n">ip</span><span class="o">=</span><span class="n">dhcp</span> <span class="n">inst</span><span class="p">.</span><span class="n">repo</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span> <span class="n">inst</span><span class="p">.</span><span class="n">ks</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">ks</span><span class="o">/</span><span class="n">c7_x86_64</span><span class="p">.</span><span class="n">cfg</span>
</code></pre></div>
<p>Et bien entendu, le même type de configuration fonctionne en CentOS 6.</p>
<p>Ce message d'erreur arrive à des moments et des types d'installation parfois différents, de ce que j'ai lu. Et la résolution n'est pas toujours la même. Dans mon cas, il a fallu que j'ajoute le chemin vers un fichier squashfs, qui doit contenir l'OS minimal pour démarrer Anaconda je crois. Cela donne donc la configuration suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">LABEL</span> <span class="n">centos7amd64</span>
<span class="n">MENU</span> <span class="n">LABEL</span> <span class="n">Install</span> <span class="n">CentOS</span> <span class="mi">7</span> <span class="n">x86_64</span> <span class="p">(</span><span class="n">interactive</span><span class="p">)</span>
<span class="n">KERNEL</span> <span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">vmlinuz</span>
<span class="n">APPEND</span> <span class="n">initrd</span><span class="o">=</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">initrd</span><span class="p">.</span><span class="n">img</span> <span class="n">root</span><span class="o">=</span><span class="n">live</span><span class="p">:</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">LiveOS</span><span class="o">/</span><span class="n">squashfs</span><span class="p">.</span><span class="n">img</span> <span class="n">ip</span><span class="o">=</span><span class="n">dhcp</span> <span class="n">inst</span><span class="p">.</span><span class="n">repo</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span> <span class="n">inst</span><span class="p">.</span><span class="n">ks</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">ks</span><span class="o">/</span><span class="n">c7_x86_64</span><span class="p">.</span><span class="n">cfg</span>
</code></pre></div>
<p>J'espère que cela rendra service à d'autres !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/mnsc/4391351493/in/photolist-7G3PNM-DBw5uK-kn9btB-rPm4Rs-5nwgSk-3k2H6u-VG2vMT-sHiEDr-Stg5Rm-7G3PE8-WeAcBc-7Wd8wT-TwtQjC-RHSjHY-T4biAk-schHmv-DvKkvL-fA1Kou-SPjrVS-7Wd8gz-T4axKV-rACUHa-UgGJde-sp4J5e-SRLv3Z-rmU7fN-5bgGnY-rTHJTM-5knknw-pgu9hJ-ouZyZp-oePFWz-oujSWW-hf1735-oszBPJ-S4SUnj-CuEiHV-H6seSx-jyNXi2-SRNxcK-T1ngND-21j23Fw-Stggks-4judBT-22pgdti-SWLSjb-qYGYz8-SRNhPB-4jyEdt-s1XYCR" title=""Car">Mattias - Car Glass 03</a>.</em></p>NetBSD : recompilation d'un noyau pour intégrer NPF dans un domU2017-12-15T11:55:00+01:002017-12-15T11:55:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-15:/post/2017/12/15/netbsd-recompilation-noyau-npf-domu/<p><img alt=""Porsche 911 GT3 RS"" src="https://blog.anotherhomepage.org/public/gt3rs.jpg">Dans <a href="/post/xen-installation-domu-netbsd">un billet précédent</a>, j'abordais l'installation d'une machine virtuelle Xen NetBSD en mode paravirtuel.NetBSD, comme Linux, dispose en plus d'un noyau, de modules permettant d'étendre ses fonctionnalités. Ainsi, l'une des briques de pare-feu de NetBSD, NPF, est disponible sous forme de module. Le problème avec ce module, c'est qu'il …</p><p><img alt=""Porsche 911 GT3 RS"" src="https://blog.anotherhomepage.org/public/gt3rs.jpg">Dans <a href="/post/xen-installation-domu-netbsd">un billet précédent</a>, j'abordais l'installation d'une machine virtuelle Xen NetBSD en mode paravirtuel.NetBSD, comme Linux, dispose en plus d'un noyau, de modules permettant d'étendre ses fonctionnalités. Ainsi, l'une des briques de pare-feu de NetBSD, NPF, est disponible sous forme de module. Le problème avec ce module, c'est qu'il n'est pas compatible avec un noyau domU. Il est donc nécessaire de recompiler un noyau NetBSD pour en profiter, en incluant le pilote NPF directement dedans plutôt qu'en module.</p>
<h3>Récupération des sources</h3>
<p>Recompiler un noyau NetBSD est assez facile. D'abord, je récupère les sources, ici celles de NetBSD 7.1 :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv$ <span class="nb">export</span> <span class="nv">CVSROOT</span><span class="o">=</span><span class="s2">"anoncvs@anoncvs.NetBSD.org:/cvsroot"</span>
nils@shell2:/srv$ <span class="nb">export</span> <span class="nv">CVS_RSH</span><span class="o">=</span><span class="s2">"ssh"</span>
nils@shell2:/srv$ cvs checkout -r netbsd-7-1-RELEASE -P src
</code></pre></div>
<p>La <a href="https://www.netbsd.org/docs/guide/en/chap-build.html#chap-boot-cross-build-kernel" title=""NetBSD">documentation officielle</a> le fait dans <em>/usr/src</em>, mais je le fais dans <em>/srv/src</em>, cela ne pose pas de problème.</p>
<p>Si vous souhaitez recompiler un système complet (et pas juste le noyau), il faudra aussi récupérer xsrc, ce que je ne ferai pas ici.</p>
<h3>Création d'une configuration noyau personnalisée</h3>
<p>Maintenant que les sources sont disponibles, je crée un fichier de configuration pour notre nouveau noyau. Pour cela pas besoin de repartir de zéro, je vais tout simplement copier un fichier existant, et ajouter l'option qui m'intéresse. A noter que les configurations de noyau pour NetBSD sont placées dans les sous-arborescences des différentes architectures. Dans mon cas, mes machines virtuelles sont en x86_64, ce qui correspond à amd64 côté NetBSD :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv$ <span class="nb">cd</span> src
nils@shell2:/srv/src$ sys/arch/amd64/conf
</code></pre></div>
<p>Le fichier de configuration du noyau utilisé par défaut est <em>GENERIC</em>, et il en existe aussi un spécialisé pour un invté Xen : <em>XEN3_DOMU</em>. Je vais copier ce dernier au lieu de le modifier pour facilement différencier ma configuration de l'officielle :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src/sys/arch/amd64/conf$ cp -vp XEN3_DOMU XEN3_DOMU_NPF
</code></pre></div>
<p>Je peux ensuite éditer mon nouveau fichier, et aller chercher cette ligne :</p>
<div class="highlight"><pre><span></span><code>#pseudo-device npf # NPF packet filter
</code></pre></div>
<p>Il suffit alors de commenter cette ligne, et de sauvegarder le fichier. Passons maintenant à la compilation en elle-même.</p>
<h3>Compilation du noyau NetBSD personnalisé</h3>
<p>La compilation d'un noyau NetBSD peut se faire de deux manières : manuellement ou via l'aide d'un script nommé build.sh. Ce script est capable, depuis n'importe quel OS compatible, de créer très simplement non seulement un noyau, mais aussi une release complète de NetBSD. Ce script est fourni dans les sources, et se trouve d'ailleurs à la racine.</p>
<p>D'abord, compilons les outils nécessaires :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src/sys/arch/amd64/conf$
nils@shell2:/srv/src$ ./build.sh -U -u -m amd64 tools
</code></pre></div>
<p>Autre détail intéressant, et c'est aussi la raison de la présence de l'option <em>-U</em> dans la commande précédente, je n'ai pas besoin d'être root pour ces opérations :)Passons donc à la compilation du noyau à proprement parler :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src$ ./build.sh -U -u -m amd64 <span class="nv">kernel</span><span class="o">=</span>XEN3_DOMU_NPF
</code></pre></div>
<p>Selon la puissance de la machine, quelques minutes plus tard un résultat similaire au suivant devrait apparaître :</p>
<div class="highlight"><pre><span></span><code><span class="o">===</span>> Kernels built from XEN3_DOMU_NPF:
/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd
<span class="o">===</span>> build.sh ended: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:39 CEST <span class="nv">2017</span>
<span class="o">===</span>> Summary of results:
build.sh command: ./build.sh -U -u -m amd64 <span class="nv">kernel</span><span class="o">=</span>XEN3_DOMU_NPF
build.sh started: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:26 CEST <span class="m">2017</span>
NetBSD version: <span class="m">7</span>.1
MACHINE: amd64
MACHINE_ARCH: x86_64
Build platform: NetBSD <span class="m">7</span>.1 amd64
HOST_SH: /bin/sh
MAKECONF file: /etc/mk.conf
TOOLDIR path: /srv/src/obj/tooldir.NetBSD-7.1-amd64
DESTDIR path: /srv/src/obj/destdir.amd64
RELEASEDIR path: /srv/src/obj/releasedir
Updated makewrapper: /srv/src/obj/tooldir.NetBSD-7.1-amd64/bin/nbmake-amd64
Building kernel without building new tools
Building kernel: XEN3_DOMU_NPF
Build directory: /srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF
Kernels built from XEN3_DOMU_NPF:
/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd
build.sh ended: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:39 CEST <span class="nv">2017</span>
<span class="o">===</span>> .
</code></pre></div>
<p>Il me suffit donc de copier le fichier <em>/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd</em> sur mon dom0 et de l'utiliser dans un fichier de configuration Xen pour un domU !</p>
<h3>Et NPF alors ?</h3>
<p>Une fois notre domU démarré à l'aide de ce noyau, il suffit de suivre la <a href="https://www.netbsd.org/~rmind/npf/" title=""NPF">documentation de NPF</a>.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/fokuzx2/14286976703/" title=""GT3">D - 15 photography - GT3 RS</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 15/12/2017 22:21 par <a href="https://utux.fr">utux</a></h3>
<p>Oh, un autre utilisateur de NetBSD ^^
Avec iMil ça en fait deux répertoriés xD</p>
<h3>Le 18/12/2017 19:21 par <a href="https://mathieulubrano.com">Mathieu</a></h3>
<p>Bonjour</p>
<p>Merci pour cet article ! Npf c'est utile par les temps qui courent, et ça change un peu d'iptables.</p>
<p>Et en réponse à utux : les utilisateurs et admins NetBSD sont discrets, mais sympa et efficaces ;-)</p>
<p>Cordialement
Mathieu</p>
<h3>Le 19/12/2017 21:35 par Nils</h3>
<p>@ utux : nous sommes encore plus nombreux sur IRC, #netbsdfr sur Freenode.</p>
<p>@ Mathieu : merci du compliment :)</p>pbulk : aller plus loin sur les paramètres2017-12-14T18:42:00+01:002017-12-14T18:42:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-14:/post/2017/12/14/pbulk-aller-plus-loin-sur-les-parametres/<p><img alt=""pignons mécaniques"" src="https://blog.anotherhomepage.org/public/gears.jpg">Aujourd'hui, je me suis dit que j'allais encore parler de mon Raspberry Pi 2. Oui, celui-là même qui en ce moment passe sont temps à compiler des paquets pkgsrc. J'avais commencé par parler <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">de la mise en place de pbulk</a>, puis il y a peu j'ai abordé <a href="/post/raspberry-pi-attention-alimentation">les problèmes d'alimentation …</a></p><p><img alt=""pignons mécaniques"" src="https://blog.anotherhomepage.org/public/gears.jpg">Aujourd'hui, je me suis dit que j'allais encore parler de mon Raspberry Pi 2. Oui, celui-là même qui en ce moment passe sont temps à compiler des paquets pkgsrc. J'avais commencé par parler <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">de la mise en place de pbulk</a>, puis il y a peu j'ai abordé <a href="/post/raspberry-pi-attention-alimentation">les problèmes d'alimentation</a> rencontrés suite à cette mise en place.</p>
<p>Cette fois-ci, ce n'est pas une question d'alimentation, mais de limites systèmes. J'indiquais dans mon billet les options suivantes en tête du fichier <em>pbulk.conf</em> :</p>
<div class="highlight"><pre><span></span><code><span class="nb">ulimit</span> -t <span class="m">3600</span> <span class="c1"># set the limit on CPU time (in seconds)</span>
<span class="nb">ulimit</span> -v <span class="m">2097152</span> <span class="c1"># limits process address space</span>
</code></pre></div>
<p>Le premier problème que j'ai eu s'est matérialisé sous la forme d'un pur et simple “kill” lors de la compilation d'un paquet. Difficile ensuite de comprendre que celui-ci arrivait au bout d'une heure ! J'ai donc compilé le dit paquet manuellement et me suis rendu compte que cela mettait bien plus d'une heure. Cela peut sembler surprenant au premier abord, mais j'avais oublié que même en ayant 4 coeurs, un Raspberry Pi 2 est bien moins puissant qu'un PC classique x86_64. Il met donc, logiquement, bien plus de temps pour créer un même paquet. J'ai donc fini par commenter ces deux directives, pour voir si d'autres paquets, auparavant en échec pour des raisons obscures, peuvent compiler sans soucis.</p>
<p>A l'heure où j'écris ceci, le bulk build n'est pas terminé, mais j'ai déjà pu voir que le paquet qui m'a mis sur la voie est créé avec succès, ainsi que d'autres qui ne pouvaient pas être créés du fait de l'absence de ce premier.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/mustangjoe/22711070429/in/photolist-AAUaZP-9XHGYT-eAWnqt-2mSyH-agSVfM-drap2V-dT1izt-fpHAcp-Jm3VSU-ow87cH-asQ6mi-TqSdM4-oukRiE-QHJVMu-JmhXCu-aDPmJg-fpXQUN-oupGCq-owtNSQ-8w64xS-dkmjGr-49QMPR-ocXcSx-3Kwwmd-8zmq1v-dwrSsC-boimEK-ZcaAe2-fq3mPC-imruke-orWcYS-8uRAs7-oubu1h-WkYqVq-fJZXmL-xdqXkd-FD1fia-dnFi6i-ovTE4H-egibSs-8NghJ-ous93c-XcEPBC-8Nftq-gsGt5t-RCxBQR-oV3t79-WEUjWW-9GH5eo-cyjsHU" title="Gears">Joe deSousa - Gears</a>.</em></p>Raspberry Pi : Attention à l'alimentation !2017-12-13T15:45:00+01:002017-12-13T15:45:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-13:/post/2017/12/13/raspberry-pi-attention-alimentation/<p><img alt="""" src="https://blog.anotherhomepage.org/public/electrialfixtures.jpg">Il y a quelques mois, j'avais publié <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">un billet sur pbulk</a>. J'avais pris en exemple la configuration mise en place sur un Raspberry Pi 2B. Ce n'était pas une totale réussite, car parfois le Raspberry Pi gelait. Non, pas passer en dessous de 0°C, mais plutôt avoir un système …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/electrialfixtures.jpg">Il y a quelques mois, j'avais publié <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">un billet sur pbulk</a>. J'avais pris en exemple la configuration mise en place sur un Raspberry Pi 2B. Ce n'était pas une totale réussite, car parfois le Raspberry Pi gelait. Non, pas passer en dessous de 0°C, mais plutôt avoir un système qui ne répond plus. Plus rien, ou presque, la petite carte ne répondant qu'au ping.</p>
<p>On débranche, on rebranche, et ça repart. Jusqu'au suivant. Difficile dans ces conditions de construire presque 1500 paquets logiciels pour mes autres Raspberry Pi. La configuration d'alimentation choisie à l'époque avait pour but de limiter le nombre de prises de courant occupées : un PiHub, accompagné de son alimentation 5V 3,5A. Je pensais que pour 2 Raspberry Pi B+ et 2 2B, cela allait suffire. Finalement non, et non seulement les bulks ne passaient plus et finissaient par corrompre la carte SD, mais en plus l'alimentation a fini par lâcher.</p>
<p>Avant que l'alimentation du PiHub ne lâche, j'avais déjà déplacé le Raspberry Pi 2B dédié aux bulks sur une alimentation dédiée, en utilisant un chargeur de téléphone mobile. Lui aussi ne suffisait pas finalement, puisque j'ai eu quelques gels. Alors que faire ?</p>
<p>Une fois l'alimentation du PiHub hors service, j'ai finalement craqué pour un autre bloc, délivrant cette fois-ci 4,8A au total, mais dont certains ports peuvent délivrer jusqu'à 2A d'intensité. Depuis lors, je construits mes environ 1500 paquets par semaine sans problème depuis plus de trois semaines !</p>
<p>Moralité : il faut bien choisir l'alimentation de ses Raspberry Pi ! Cela peut poser certains problèmes !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/usfwsnortheast/15871280388/" title=""Electrial">Teresa Walter/USFWS - Electrial fixtures to control that backup power generator</a>.</em></p>En retard !2017-12-11T21:16:00+01:002017-12-11T21:16:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-11:/post/2017/12/11/en-retard/<p><img alt="""" src="https://blog.anotherhomepage.org/public/almost3am.jpg">Je n'ai pas tenu le coup. Au moment de la publication de ce billet, 2 billets manquent à l'appel : celui du 9 et celui du 11 décembre. J'aurais pu éviter celui du 11 en publiant ce billet directement, mais je ne vois pas l'intérêt de publier à une heure tardive …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/almost3am.jpg">Je n'ai pas tenu le coup. Au moment de la publication de ce billet, 2 billets manquent à l'appel : celui du 9 et celui du 11 décembre. J'aurais pu éviter celui du 11 en publiant ce billet directement, mais je ne vois pas l'intérêt de publier à une heure tardive, autant assumer.</p>
<p>Et donc, qu'est-il arrivé ? Tout simplement, deux choses :</p>
<ul>
<li>je suis arrivé à court de billets écrits à l'avance ;</li>
<li>mes journées se sont avérées plus longues et plus remplies que je ne le pensais, oubliant de publier le dernier billet que j'avais en stock.</li>
</ul>
<p>J'ai donc deux billets à rattraper. Pour quand ? Je ne sais pas. Mais j'ai bien l'intention de les publier d'ici le 24 décembre !</p>
<p>Un autre problème s'est posé à moi durant la publication des billets récemment. Quelque chose que j'arrivais à gérer lors d'une publication hebdomadaire, mais beaucoup plus difficile à maintenir lors d'une publication quotidienne : partager mes billets sur les réseaux sociaux. En effet, j'effectue tout cela à la main, lors de la publication du billet. Pourquoi ? Quelques éléments :</p>
<ul>
<li>les systèmes de partage de billets que j'ai pu tester pour Dotclear ne fonctionnent plus ;</li>
<li>hors de question de filer un accès à mes comptes de réseaux sociaux à un acteur tiers comme IFTTT ;</li>
<li>je n'ai pas encore cherché ou trouvé un système que je peux héberger moi-même pour publier mes billets sur Facebook, Twitter, Mastodon et Linkedin (et Diaspora en option) ;</li>
<li>un billet partagé a plus de visite qu'un billet non partagé sur les réseaux sociaux (oui, j'aime un minimum être lu) ;</li>
<li>j'ai, selon les billets, plus de réactions sur les réseaux sociaux que sur les commentaires.</li>
</ul>
<p>Tant que j'y suis dans les difficultés actuelles, j'ai de plus en plus de mal à trouver des images d'illustration, de préférence dans une licence très permissive : Flickr dispose d'une option "Aucune restriction de droits d’auteur connue" bien pratique.</p>
<p>Malgré tout, je souhaite continuer cette série de billets quotidiens. Qui pour m'encourager ?</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/skochkar/35691154582/in/photolist-WnUuNb-213aQNx-ZQm1sq-ZeEGYW-YpTeS1-BQPVcN-ZvK7Cq-XJ23xL-Z7ybX1-ZDFbUv-FRuii4-YQNSLW-E1MXwq-Z3esJC-Zwxczg-ZUT3up-21JUGqS-Ye2VGW-21LPGc7-Zcb1qy-XTwMqh-XCdjbJ-21fJ9H5-XtM361-22nsNqr-XWfAyk-owp9VA-TxkLRA-YMbTp1-Yhqnm8-G41r36-223smiG-ZgxKzn-Yy9QXy-ZnQh4B-YzD9c4-ZLYB1v-FYSwrH-YZfUW5-DPxJyA-ZiEHek-YhXq3t-Z7Ysjj-Z3z1EY-YuW5fQ-YGvWWS-D6HTgh-CHET8j-YxhqP3-YtEXK5" title=""Almost">Sergey Kochkarev - Almost 3am</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 12/12/2017 20:51 par</h3>
<p><a href="https://www.blog-libre.org/author/cascador/">Cascador</a></p>
<p>Salute,</p>
<p>db2twitter et feed2toot pour info : https://gitlab.com/users/chaica/projects</p>
<p>Tcho !</p>
<h3>Le 13/12/2017 18:13 par Nils</h3>
<p>Super, merci :)</p>
<h3>Le 14/12/2017 19:36 par Xate</h3>
<p><em>Malgré tout, je souhaite continuer cette série de billets quotidiens. Qui pour m'encourager ?</em></p>
<p>Allez Nils ! ;-)</p>
<p>Et quelques idées de billets :
- à quelle fréquence mets-tu à jour ton dotclear ? Ce qui déclenche cette mise à jour ? Et même question pour la machine qui l'héberge si tu as la main dessus ?
- comment as-tu construit ton système de mails (serveurs mails et autres services associés) ?
- Quel(s) outil(s) pour tes backups ?
- Quelques stats sur les visites, mots clefs surprenant ayant amené des visiteurs ?
- etc.</p>
<p>:-)</p>
<h3>Le 15/12/2017 11:56 par Nils</h3>
<p>Merci Xate pour tes questions ! Pour ce qui est de la mise à jour de Dotclear, la réponse est très rapide et ne vaut pas la peine de faire un billet : j'applique les mises à jour dès que possible, généralement dans les 48h qui suivent la disponibilité. Dans le pire des cas, il peut m'arriver d'attendre 4-5 jours, mais c'est parce que j'ai eu des grosses journées au boulot.</p>
<p>Pour le reste, je ferai des billets :)</p>Trouver des fichiers doublons avec fdupes2017-12-10T11:30:00+01:002017-12-10T11:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-10:/post/2017/12/10/Trouver-des-fichiers-doublons-avec-fdupes/<p><img alt=""Figurines en LEGO de soldats clones de l'univers Star Wars"" src="https://blog.anotherhomepage.org/public/day341.jpg">Il m'arrive d'avoir des fichiers en double : copie à l'arrache au moment de changer d'ordinateur, copie avant de modifier un fichier que je ne modifie finalement pas, sauvegardes diverses... bref, avec le temps, on peut se retrouver avec pas mal de fichiers doublons. Pour moi, c'est principalement de la musique …</p><p><img alt=""Figurines en LEGO de soldats clones de l'univers Star Wars"" src="https://blog.anotherhomepage.org/public/day341.jpg">Il m'arrive d'avoir des fichiers en double : copie à l'arrache au moment de changer d'ordinateur, copie avant de modifier un fichier que je ne modifie finalement pas, sauvegardes diverses... bref, avec le temps, on peut se retrouver avec pas mal de fichiers doublons. Pour moi, c'est principalement de la musique.</p>
<p>Un moyen de repérer ces doublons est d'utiliser <a href="https://github.com/adrianlopezroche/fdupes" title=""Fdupes">fdupes</a>. Ce logiciel vérifie plusieurs attributs pour comparer les fichiers, comme la taille, une somme de contrôle MD5, voire même une comparaison bit à bit. Il suffit de lui donner un répertoire à vérifier, et il fait le travail. Ce répertoire peut très bien être un point de montage distant, comme un export NFS ou CIFS.</p>
<p>Dans mon cas, j'ai décidé de lancer la commande suivante :</p>
<div class="highlight"><pre><span></span><code>fdupes -R -s -S /Volumes/nils/ <span class="p">|</span> tee -a ./fdupes.log
</code></pre></div>
<p>J'ai choisi de renvoyer la sortie de fdupes dans tee et de conserver un fichier de log. Pour les options :</p>
<ul>
<li>-R permet une recherche récursive ;</li>
<li>-s permet de prendre en compte les liens symboliques ;</li>
<li>-S montre la taille.</li>
</ul>
<p>Voici un exemple de la sortie, pour un fichier :</p>
<div class="highlight"><pre><span></span><code><span class="mf">3178172</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">each</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">Volumes</span><span class="o">/</span><span class="n">nils</span><span class="o">/</span><span class="n">Musique</span><span class="o">/</span><span class="n">laptop</span><span class="o">/</span><span class="n">Serge</span><span class="w"> </span><span class="n">Gainsbourg</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Histoire</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="o">/</span><span class="mf">02</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Ballade</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="mf">.</span><span class="n">mp3</span><span class="w"></span>
<span class="o">/</span><span class="n">Volumes</span><span class="o">/</span><span class="n">nils</span><span class="o">/</span><span class="n">Musique</span><span class="o">/</span><span class="n">laptop_old</span><span class="o">/</span><span class="n">Serge</span><span class="w"> </span><span class="n">Gainsbourg</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Histoire</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="o">/</span><span class="mf">02</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Ballade</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="mf">.</span><span class="n">mp3</span><span class="w"></span>
</code></pre></div>
<p>Une dernière fonctionnalité intéressante est celle de laisser fdupes gérer l'effacement des fichiers doublons, mais je préfère d'abord vérifier qu'il n'y a pas d'erreur.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/pasukaru76/4797101119/" title=""Day">Pascal - Day 341</a>.</em></p>Python : 3 outils pour analyser son code2017-12-08T09:30:00+01:002017-12-08T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-08:/post/2017/12/08/python-3-outils-anaylser-code/<p>python, Python
Status: published</p>
<p><img alt="""" src="https://blog.anotherhomepage.org/public/study_in_pink.jpg">Suite à mon billet <a href="/tag/blogmas">blogmas</a> <a href="/post/make-automatiser-quelques-taches-avec-un-makefile">make : automatiser quelques tâches avec un Makefile</a>, une discussion intéressante a suivi sur Mastodon, où <a href="https://oldbytes.space/@dashie" title=""Dashie">Dashie</a> me signalait sa préférence pour <a href="https://www.pylint.org/" title="Pylint">pylint</a> pour analyser la validité de son code Python. Je saisis donc l'occasion, non pas d'argumenter pour mon choix, ou …</p><p>python, Python
Status: published</p>
<p><img alt="""" src="https://blog.anotherhomepage.org/public/study_in_pink.jpg">Suite à mon billet <a href="/tag/blogmas">blogmas</a> <a href="/post/make-automatiser-quelques-taches-avec-un-makefile">make : automatiser quelques tâches avec un Makefile</a>, une discussion intéressante a suivi sur Mastodon, où <a href="https://oldbytes.space/@dashie" title=""Dashie">Dashie</a> me signalait sa préférence pour <a href="https://www.pylint.org/" title="Pylint">pylint</a> pour analyser la validité de son code Python. Je saisis donc l'occasion, non pas d'argumenter pour mon choix, ou celui de Dashie, mais plutôt d'énumérer quelques possibilités pour qui souhaite avoir un code lisible, et se conformer à des conventions de style de code.</p>
<h3>Exit pep8, bonjour pycodestyle !</h3>
<p>Et là, les choses deviennent très drôles, car je voulais commencer par parler de pep8. Je lance donc la commande <em>pep8</em> dans mon code Python :</p>
<div class="highlight"><pre><span></span><code>nils@dalaran-wifi:~/fabfile$ pep8 *.py
/opt/pkg/lib/python2.7/site-packages/pep8.py:2124: UserWarning:
pep8 has been renamed to pycodestyle <span class="o">(</span>GitHub issue <span class="c1">#466)</span>
Use of the pep8 tool will be removed <span class="k">in</span> a future release.
Please install and use <span class="sb">`</span>pycodestyle<span class="sb">`</span> instead.
$ pip install pycodestyle
$ pycodestyle ...
<span class="s1">'\n\n'</span>
</code></pre></div>
<p>Donc, pep8 est obsolète, il faut utiliser pycodestyle. Heureusement, celui-ci est disponible dans pkgsrc :</p>
<div class="highlight"><pre><span></span><code>nils@dalaran-wifi:~$ sudo pkgin av<span class="p">|</span>grep codestyle
py27-codestyle-2.3.1 Python style guide checker
py27-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py34-codestyle-2.3.1 Python style guide checker
py34-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py35-codestyle-2.3.1 Python style guide checker
py35-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py36-codestyle-2.3.1 Python style guide checker
py36-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
</code></pre></div>
<p>Bon, là aussi le message est clair : pep8 c'est fini, faut changer de crèmerie.</p>
<h3>flake8 l'aggrégateur</h3>
<p>Un autre outil dont j'avais entendu parler, c'est <a href="https://gitlab.com/pycqa/flake8" title="flake8">flake8</a>. Celui-ci est assez intéressant, car c'est justement une combinaison de plusieurs outils : pep8, pyflakes, mccabe, et potentiellement d'autres via des plugins.</p>
<h3>pylint, qui fait tout, sauf le café</h3>
<p>Pylint ne fait pas que vérifier la conformité par rapport à des standards ou styles de code, il permet aussi de faire de la détection d'erreur, de proposer du refactoring de code et de faire des diagrammes UML via <a href="https://www.logilab.org/blogentry/6883" title="Pyreverse">Pyreverse</a>. Entre ça, et l'intégration à un environnement de développement ou à un système d'intégration continue, le moins qu'on puisse dire, c'est que pylint est très complet !</p>
<h3>En conclusion : faut tester !</h3>
<p>Je n'ai pas encore eu le temps de me faire un avis. Je compte bien sûr tester tout cela, dès que je remet le nez dans du code Python !</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/pasukaru76/5330972736/" title=""Study">Pascal - Study in Pink</a>.</em></p>Paris Open Source Summit 2017 - jour 22017-12-07T21:50:00+01:002017-12-07T21:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-07:/post/2017/12/07/paris-open-source-summit-2017-jour-2/<p><img alt="""" src="https://blog.anotherhomepage.org/public/linuxfr.png">Ce billet arrive un peu tard, mais ces deux jours du Paris Open Source Summit 2017 furent assez remplis : entre des visiteurs sur le stand LinuxFr.org, les personnes sur les autres stands, et les tirages au sort pour faire gagner des livres, je n'ai pas eu le temps de …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/linuxfr.png">Ce billet arrive un peu tard, mais ces deux jours du Paris Open Source Summit 2017 furent assez remplis : entre des visiteurs sur le stand LinuxFr.org, les personnes sur les autres stands, et les tirages au sort pour faire gagner des livres, je n'ai pas eu le temps de m'ennuyer !</p>
<p>Quelques photos de ces deux jours de salons :</p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171206_093436.jpg" title=""Affiche"><img alt=""Affiche" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171206_093436_m.jpg" title=""Affiche"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171206_135145.jpg" title=""L'urne"><img alt=""L'urne" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171206_135145_m.jpg" title=""L'urne"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171206_170526.jpg" title=""Les"><img alt=""Les" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171206_170526_m.jpg" title=""Les"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171206_172033.jpg" title=""Le"><img alt=""Le" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171206_172033_m.jpg" title=""Le"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171206_191601.jpg" title=""LinuxFr.org"><img alt=""LinuxFr.org" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171206_191601_m.jpg" title=""LinuxFr.org"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171207_093752.jpg" title=""Une"><img alt=""Une" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171207_093752_m.jpg" title=""Une"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171207_154114.jpg" title=""La"><img alt=""La" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171207_154114_m.jpg" title=""La"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171207_172020.jpg" title=""Le"><img alt=""Le" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171207_172020_m.jpg" title=""Le"></a></p>
<p><a href="https://blog.anotherhomepage.org/public/poss2017/IMG_20171207_172407.jpg" title=""Quelques"><img alt=""Quelques" src="https://blog.anotherhomepage.org/public/poss2017/.IMG_20171207_172407_m.jpg" title=""Quelques"></a></p>
<p>A l'année prochaine pour une nouvelle édition du Paris Open Source Summit !</p>Paris Open Source Summit 20172017-12-06T15:30:00+01:002017-12-06T15:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-06:/post/2017/12/06/paris-open-source-summit-2017/<p><img alt="""" src="https://blog.anotherhomepage.org/public/linuxfr.png">Depuis maintenant plusieurs années, je suis fidèle au rendez-vous du salon qui maintenant s'appelle le <a href="http://www.opensourcesummit.paris/" title=""Paris">Paris Open Source Summit</a>. Et comme toujours, vous pourrez me retrouver sur le stand de <a href="https://linuxfr.org" title="LinuxFr.org">LinuxFr.org</a>. Toujours selon la tradition, il y aura :</p>
<ul>
<li>des autocollants ;</li>
<li>des livres à gagner (tirage au sort en fin …</li></ul><p><img alt="""" src="https://blog.anotherhomepage.org/public/linuxfr.png">Depuis maintenant plusieurs années, je suis fidèle au rendez-vous du salon qui maintenant s'appelle le <a href="http://www.opensourcesummit.paris/" title=""Paris">Paris Open Source Summit</a>. Et comme toujours, vous pourrez me retrouver sur le stand de <a href="https://linuxfr.org" title="LinuxFr.org">LinuxFr.org</a>. Toujours selon la tradition, il y aura :</p>
<ul>
<li>des autocollants ;</li>
<li>des livres à gagner (tirage au sort en fin de journée, il faut être présent pour gagner) ;</li>
<li>du chocolat (et cette année, j'ai mis le paquet !) ;</li>
<li>et une partie de l'équipe du site !</li>
</ul>
<p>Je vous attends donc au stand B29 pour ces deux jours de salon ! Si vous ne pouvez pas venir, faites-moi signe sur les réseaux sociaux, et dites-moi si vous souhaitez que je visite un stand en particulier !</p>make : automatiser quelques tâches avec un Makefile2017-12-05T09:30:00+01:002017-12-05T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-05:/post/2017/12/05/make-automatiser-quelques-taches-avec-un-makefile/<p><img alt=""Vue de rails de la ligne 14 du metro parisien, en station"" src="https://blog.anotherhomepage.org/public/meteoro.jpg">Quand on parle d'automatisation, on pense tout de suite à des outils qui permettent du déploiement automatisé, comme <a href="https://www.ansible.com/" title="Ansible">Ansible</a>, <a href="https://www.chef.io/chef/" title="Chef">Chef</a>, <a href="https://puppet.com/fr" title="Puppet">Puppet</a> ou <a href="https://saltstack.com/" title="Salt">Salt</a>. Mais bien avant d'en arriver là, il y a eu (GNU) <a href="https://fr.wikipedia.org/wiki/Make" title=""make">make</a>.</p>
<p>Après m'être pas mal amusé avec <a href="http://www.fabfile.org/" title="Fabric">Fabric</a>, en ce moment je me met à Ansible …</p><p><img alt=""Vue de rails de la ligne 14 du metro parisien, en station"" src="https://blog.anotherhomepage.org/public/meteoro.jpg">Quand on parle d'automatisation, on pense tout de suite à des outils qui permettent du déploiement automatisé, comme <a href="https://www.ansible.com/" title="Ansible">Ansible</a>, <a href="https://www.chef.io/chef/" title="Chef">Chef</a>, <a href="https://puppet.com/fr" title="Puppet">Puppet</a> ou <a href="https://saltstack.com/" title="Salt">Salt</a>. Mais bien avant d'en arriver là, il y a eu (GNU) <a href="https://fr.wikipedia.org/wiki/Make" title=""make">make</a>.</p>
<p>Après m'être pas mal amusé avec <a href="http://www.fabfile.org/" title="Fabric">Fabric</a>, en ce moment je me met à Ansible (mieux vaut tard que jamais). J'apprécie de pouvoir, assez rapidement, effacer des fichiers temporaires ou effectuer certaines vérifications. Avoir un Makefile est une solution qui, pour le moment, m'apparaît comme simple et élegante.</p>
<p>Ainsi, dans le répertoire où je stocke mes recettes Fabric, j'ai créé un fichier nommé, sans surprise, <em>Makefile</em>. Son contenu est à peu près le suivant :</p>
<div class="highlight"><pre><span></span><code><span class="nf">clean</span><span class="o">:</span>
rm -f *.pyc *.pyo *~ */*.pyc */*.pyo */*~ .*~ .DS_Store */.DS_Store
<span class="nf">pep8</span><span class="o">:</span>
pep8 *.py
</code></pre></div>
<p>J'ai donc deux cibles :</p>
<ul>
<li>la première, <em>clean</em>, fait comme on s'en doute, du nettoyage, c'est-à-dire de la suppression de fichiers temporaires ou de fichiers qui n'ont pas vocation à servir (comme les paramètres d'affichage de répertoire sous macOS) ;</li>
<li>la deuxième me permet de vérifier que mon code Python est bien conforme aux standards de style Python, regroupés dans le <a href="https://www.python.org/dev/peps/pep-0008/" title="PEP8">PEP8</a> (voir chez <a href="http://sametmax.com/le-pep8-en-resume/" title=""Le">Sam et Max</a> pour une explication en français, mais attention, c'est un peu NSFW).</li>
</ul>
<p>Une fois que je suis dans mon répertoire, et que j'ai fini d'éditer mes fichiers, je peux vérifier que tout cela respecte le PEP8 avec la commande “make pep8”. Pour faire le ménage dans mes fichiers, ça sera “make clean”. Ah, si je pouvais réellement faire le ménage chez moi comme ça ;)</p>
<p>En fait, make est bien plus complet et complexe que cela, et ne se limite pas à faire le ménage. On peut, et c'est pour cela qu'il existe, compiler et installer des programmes. Je m'en sers aussi pour <a href="https://github.com/ahpnils/cfgfiles/blob/a7d73d593b552a582c10bce6b983547ee22f2d5a/Makefile" title=""Github">installer mon petit confort</a> sur une nouvelle machine.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Et puis n'hésitez pas à proposer vos propres cibles make en commentaires !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/daquellamanera/194660985/in/photolist-icFVT-9Vxso8-ot3LJg-63W1Mt-6XcpRF-rNEMNp-sKtLik-91kMwU-GR47aF-duE1NE-5eNWGc-rNteyY-oePgYf-ssTGpj-icFSj-sKuhe6-rNEsw8-sKhfNw-nT2ST-D9a9y9-st2gZc-WLKdRU-otLFwy-YrrtxQ-bZ7pow-9Hn9px-8JMDBA-oy51MD-ow7dKq-7fzFJt-6Xcy7a-6Xcy1k-6XgnHY-6Xcy3e-7GYUQN-ouhqem-6XgxEC-ow79zb-ETxKfN-oeQdAZ-sKtndc-nT2TB-sKu1d8-8P16VL-Y7d4su-oy8Bwc-8Nzcf5-osXx4C-sH9VGA-oupu2A" title="Meteoro">Daniel Lobo - Meteoro</a>.</em></p>logrotate : exemple vite fait2017-12-04T09:30:00+01:002017-12-04T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-04:/post/2017/12/04/logrotate-exemple-vite-fait/<p><img alt=""Logs made of wood"" src="https://blog.anotherhomepage.org/public/logs.jpg">Aujourd'hui, un peu de configuration pour la rotation de ses logs, en utilisant <a href="https://github.com/logrotate/logrotate" title=""Logrotate">Logrotate</a>.</p>
<p>Sur un système Unix, bon nombre de programmes génèrent des fichiers de log. La rotation de ceux permet de séparer régulièrement les fichiers afin de les empêcher de devenir trop gros (et difficile à exploiter), et …</p><p><img alt=""Logs made of wood"" src="https://blog.anotherhomepage.org/public/logs.jpg">Aujourd'hui, un peu de configuration pour la rotation de ses logs, en utilisant <a href="https://github.com/logrotate/logrotate" title=""Logrotate">Logrotate</a>.</p>
<p>Sur un système Unix, bon nombre de programmes génèrent des fichiers de log. La rotation de ceux permet de séparer régulièrement les fichiers afin de les empêcher de devenir trop gros (et difficile à exploiter), et à effacer ceux qui sont trop vieux pour empêcher qu'ils ne saturent l'espace disque. La rotation des logs peut aussi être intéressante d'un point de vue légal, si on doit conserver un minimum ou maximum de temps les logs d'accès d'un serveur web, par exemple.</p>
<p>Continuons d'ailleurs sur l'exemple du serveur web. Je vais me baser sur une configuration proche de celle que j'utilise pour le serveur web qui rend ce blog accessible :</p>
<div class="highlight"><pre><span></span><code>/srv/www/*/*/log/*.log {
compress
compresscmd /usr/bin/xz
compressext .xz
uncompresscmd /usr/bin/unxz
delaycompress
daily
rotate 9999
create 644 root wheel
sharedscripts
missingok
prerotate
/usr/pkg/bin/perl /usr/pkg/awstats/bin/awstats_updateall.pl now -awstatsprog=/usr/pkg/awstats/cgi-bin/awstats.pl -configdir=/usr/pkg/etc/awstats/ > /dev/null
endscript
postrotate
/usr/pkg/sbin/apachectl restart > /dev/null 2>/dev/null || true
endscript
}
</code></pre></div>
<p>Dans cet exemple, on peut remarquer que les logs sont compressés (directive <em>compress</em>), mais pas immédiatement lors de la rotation (directive <em>delaycompress</em>). Il s'agit d'un compromis entre la facilité de recherche dans les logs, et l'espace occupé. Autre information intéressante, l'utilisation de xz, déjà abordé dans un <a href="/post/xz-pour-une-meilleure-compression-de-ses-fichiers">billet précédent</a>, au lieu de Gzip (paramétrage par défaut). La plupart des options sont faciles à comprendre.</p>
<p>Attardons-nous cependant sur les dernières lignes de configuration, en particulier sur les directives <em>prerotate</em> et <em>postrotate</em>. Comme leur nom l'indique, elles permettent d'agir juste avant la rotation et juste après. Ainsi, j'ai choisi dans cette configuration de lancer Awstats pour gérer les statistiques de visites de tous les sites hébergés. Concernant l'action après rotation, la relance du serveur web est obligatoire, car sinon ce dernier continue à écrire dans l'ancien fichier (car l'inode ne bouge pas, lui).</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/107640324@N05/26883118626/in/photolist-GXz1zh-GXz3Fm-H1vKwt-G69hJP-GXz4x1-H1vNFz-GXyUrf-G699sD-Gnxw8N-RQJjMv-GewNiy-GydJQu-FZgSSN-GmQcJv-GnxKap-GfYdkb-Ga6V5A-NoPvcs-F2FP1m-FKdHag-FvJFku-EAf6xR-F6mJGJ-EXhUth-F2RwRV-DSczhs-EMBnrj-DHmwz9-EwRJDM-ECLpsQ-EjnCfH-DLD1De-DYxtqj-HEQkrq-P33LAp-DBoPkn-DBoPuF-DBoPLx-CZ1f7B-Np5aiP-DpJTyK-CYvrCF-zh6Fbt-A73Wej-AoEeU8-A79QtZ-A79ZgD-AoEhRa-zrLzVB-zrLyrp" title="logs">Intermountain Region USFS - logs ET5A3073</a>.</em></p>Livre : « Introduction au langage C », de Bernard Cassagne2017-12-03T10:30:00+01:002017-12-03T10:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-03:/post/2017/12/03/livre-introduction-au-langage-c/<p><img alt="""" src="https://blog.anotherhomepage.org/public/forge.jpg">Suite au billet sur le langage Python, je voulais partager un autre ouvrage qui date de mes années de DUT, sur le langage C. Comme pour le précédent ouvrage, mon professeur d'informatique l'a utilisé comme base pour ses cours. Il s'agit de « <a href="https://c.developpez.com/cours/bernard-cassagne/" title=""Introduction">Introduction au langage C</a> », de <a href="http://www-clips.imag.fr/commun/bernard.cassagne/">Bernard Cassagne</a>. Cet …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/forge.jpg">Suite au billet sur le langage Python, je voulais partager un autre ouvrage qui date de mes années de DUT, sur le langage C. Comme pour le précédent ouvrage, mon professeur d'informatique l'a utilisé comme base pour ses cours. Il s'agit de « <a href="https://c.developpez.com/cours/bernard-cassagne/" title=""Introduction">Introduction au langage C</a> », de <a href="http://www-clips.imag.fr/commun/bernard.cassagne/">Bernard Cassagne</a>. Cet ouvrage partage quelques caractéristiques avec le précédent :</p>
<ul>
<li>il est gratuit ;</li>
<li>il est disponible en PDF (mais aussi sous forme d'archive zip) ;</li>
<li>il est en français.</li>
</ul>
<p>Un détail qui m'amuse beaucoup dans cet ouvrage, est la présence de rubriques « récréation ». Ces rubriques effectuent un commentaire d'un code source provenant du concours international du code C le plus obscur, en abrégé l'IOCCC (pour <a href="http://ioccc.org" title=""The">International Obfuscated C Code Contest</a> ). J'avoue ne jamais avoir réussi à compiler l'un de ces joyaux, mais je me rappelle toujours avec amusement de la lecture des pages 33 et 34 à propos de Charlie et de Charlotte !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/one_rod/305253111/in/photolist-sYv7F-APWzc-9UogNL-7PV1ap-9VJzT9-cK2C4w-9Q3qx-ftSkR-byfj2L-fKw7SE-fDvfk4-4SYtZJ-6Hyj3g-UHDsML-d6oatm-4rNHVJ-TfG4JN-dQenPT-dih2aN-qmHXTL-bf1Evc-bTKqv8-7BCqsr-fKewtg-eezy14-Wo48SQ-4CNjwY-53JzY-PBY5E-dK6n9s-8BhqPZ-2VMt7b-ULsT9V-6yL64Q-hyrqh2-4rJEDg-Us2cSe-8cDDhV-fppoj9-iYSsMu-dCuRgC-4X95ns-nxhWoV-TpVEug-ScvhJt-fQKd9v-R9Dqbz-Tn4Qd7-SoGMxM-8Eu9fb" title="forge">Mick - forge</a>.</em></p>xz pour une meilleure compression de ses fichiers2017-12-02T10:00:00+01:002017-12-02T10:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-02:/post/2017/12/02/xz-pour-une-meilleure-compression-de-ses-fichiers/<p><img alt=""Bell system technical journal"" src="https://blog.anotherhomepage.org/public/bell_system_technical_journal.jpg">Aujourd'hui, causons un peu compression. Habituellement, dans le monde Unix, on a tendance à utiliser <a href="https://fr.wikipedia.org/wiki/Gzip" title=""Gzip">Gzip</a>. Ce format de compression a le mérite, aujourd'hui, d'être assez rapide, mais il est loin d'être le plus efficace. Une alternative a vu le jour, il s'agit de <a href="https://fr.wikipedia.org/wiki/Bzip2" title=""bzip2">bzip2</a>. Si ce dernier est bien …</p><p><img alt=""Bell system technical journal"" src="https://blog.anotherhomepage.org/public/bell_system_technical_journal.jpg">Aujourd'hui, causons un peu compression. Habituellement, dans le monde Unix, on a tendance à utiliser <a href="https://fr.wikipedia.org/wiki/Gzip" title=""Gzip">Gzip</a>. Ce format de compression a le mérite, aujourd'hui, d'être assez rapide, mais il est loin d'être le plus efficace. Une alternative a vu le jour, il s'agit de <a href="https://fr.wikipedia.org/wiki/Bzip2" title=""bzip2">bzip2</a>. Si ce dernier est bien plus efficace, il est hélas beaucoup plus lent. Comme on cherche toujours à avoir le beurre et l'argent du beurre, d'autres formats de compression ont vu le jour plus récemment, comme <a href="https://fr.wikipedia.org/wiki/XZ_(format_de_fichier)" title=""XZ">XZ</a>, utilisant actuellement l'algorithme <a href="https://fr.wikipedia.org/wiki/LZMA" title=""LZMA">LZMA</a> 2.</p>
<p>Pour utiliser le format de compression xz, il suffit d'utiliser les outils xz et unxz. Ils sont généralement disponibles sur toutes les distributions Linux, voire même par défaut depuis longtemps. Les systèmes BSD ne sont pas en reste, puisque NetBSD 7 dispose de xz dans le système de base (une version plus récente est disponible dans pkgsrc). Enfin, seul macOS ne semble pas en disposer nativement, mais cela peut être corrigé grâce à pkgsrc, macports ou Homebrew. Selon les systèmes, en plus des outils de compression et décompression, xz vient avec des outils fichiers "classique" qui décompressent à la volée, comme xzcat, xzgrep, xzless ou xzdiff.</p>
<p>Quelques exemples d'utilisation, à commencer par la compression d'un fichier, ici en mode verbeux et avec un taux de compression maximum :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ xz -v -9 <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log</span>
<span class="c1">#gcu.2017-11-30.log (1/1)</span>
<span class="m">100</span> % <span class="m">8</span>?020 B / <span class="m">23</span>,2 <span class="nv">KiB</span> <span class="o">=</span> <span class="m">0</span>,338
</code></pre></div>
<p>Soyons fous, recherchons une chaîne de caractères :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ xzgrep -i -m <span class="m">1</span> pinpin <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log.xz </span>
<span class="m">01</span>:26 < pinpin> olivier__ runne irssi v1.0.5 - running on FreeBSD amd64
</code></pre></div>
<p>Et bien entendu, la décompression :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ unxz -v <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log.xz </span>
<span class="c1">#gcu.2017-11-30.log.xz (1/1)</span>
<span class="m">100</span> % <span class="m">8</span>?020 B / <span class="m">23</span>,2 <span class="nv">KiB</span> <span class="o">=</span> <span class="m">0</span>,338
</code></pre></div>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/internetarchivebookimages/14733726886/in/photolist-orYcFU-odZb28-ouALWf-oubHW5-owcadT-ox4T7K-ouCPjA-owyEXc-oeTAqs-odEZPn-odbtUr-oufaDH-ouqpfs-ocVsFg-owcn5w-owkuw8-ocUUBX-ocT2R9-odCbPL-odzUfe-od9WZH-odjbkp-owVry6-owVvWp-osxGbd-owpVSv-odj5YS-odjpx5-ocUaAM-ow8ZvA-ocFgzz-osCeLu-ow7naS-ouoJY9-octZyk-oxcW7M-ocHuhY-ouK3Z9-ocUDjv-ocS7LS-owLJXx-osCfpy-ocSti5-owbhG5-owoJ3n-vNf6mA-wkkWhE-osmV5G-ouNKz4-ocUAsZ" title=""The">Internet Archive Book Images - Image from page 1351 of "The Bell System technical journal" (1922)</a>.</em></p>Livre : « Apprendre à programmer avec Python », de Gérard Swinnen2017-12-01T09:30:00+01:002017-12-01T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-01:/post/2017/12/01/livre-apprendre-a-programmer-avec-python/<p><img alt="""" src="https://blog.anotherhomepage.org/public/encyclopaedia_of_sport.jpg">L'autre jour, à ${DAYJOB}, un collègue m'a demandé si j'avais des ressources pour apprendre Python. Je me suis donc dit que j'allais en faire un billet.</p>
<p>Ma ressource principale, celle avec laquelle j'ai appris Python en DUT, c'est tout simplement « <a href="http://inforef.be/swi/python.htm" title=""Apprendre">Apprendre à programmer avec Python</a> », de Gérard Swinnen. Cet ouvrage …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/encyclopaedia_of_sport.jpg">L'autre jour, à ${DAYJOB}, un collègue m'a demandé si j'avais des ressources pour apprendre Python. Je me suis donc dit que j'allais en faire un billet.</p>
<p>Ma ressource principale, celle avec laquelle j'ai appris Python en DUT, c'est tout simplement « <a href="http://inforef.be/swi/python.htm" title=""Apprendre">Apprendre à programmer avec Python</a> », de Gérard Swinnen. Cet ouvrage a, je trouve, plusieurs avantages :</p>
<ul>
<li>il est gratuit ;</li>
<li>il est sous une licence Creative Commons (bon d'accord, loin d'être la plus permissive, mais au moins c'est utilisé) ;</li>
<li>il est en français ;</li>
<li>les corrigés des exercices sont disponibles ;</li>
<li>il est disponible en PDF et ODT, pratique pour une consultation hors-ligne ;</li>
<li>il peut être acheté pour disposer d'une version papier, ou pour soutenir l'auteur.</li>
</ul>
<p>Bref, je le recommande.</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/internetarchivebookimages/14761106556/in/photolist-ouowHb-odEKJM-eS5zDv-owD9UM-A58G92-oeZpHx-odm9Uc-owsqwE-oeWYav-otzAJk-odYS7F-nGXzMM-7xrQWC-ov6PoE-ouY5XG-ovn1Et-yC5mhs-ot4Ku6-od8GeW-orRR6C-au46GF-otjCWM-odeTRP-orRRy1-ouUAra-odAZhZ-osWWJd-ow5pLz-owRw1F-ouTeqV-obGijx-owkt5Q-ott2i1-qM4R8t-rgiYaj-osSx5K-odxoGx-rgiXZE-oeWeYr-orSjVf-7xo3j2-otqyj8-odZqGH-odrdCr-owsE3R-zXWmN7-A1eNpR-t8FCum-ouA8dX-tJfVxr/" title=""The">Internet Archive Book Images - Image from page 421 of "The encyclopaedia of sport" (1897)</a>.</em></p>CentOS 7 : désactiver firewalld et réactiver iptables2017-06-27T13:10:00+02:002017-06-27T13:10:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-06-27:/post/2017/06/27/centos-7-desactiver-firewalld-reactiver-iptables/<p><img alt=""tools"" src="https://blog.anotherhomepage.org/public/tools.jpg" title=""tools,">En plus de systemd, RHEL 7 et CentOS 7 disposent d'une nouvelle interface de pare-feu : firewalld. Bien qu'il fasse plutôt bien le boulot, je me suis trouvé dans des cas où j'avais du mal à lui faire faire ce que je voulais. En fait dès l'instant où j'ai commencé à …</p><p><img alt=""tools"" src="https://blog.anotherhomepage.org/public/tools.jpg" title=""tools,">En plus de systemd, RHEL 7 et CentOS 7 disposent d'une nouvelle interface de pare-feu : firewalld. Bien qu'il fasse plutôt bien le boulot, je me suis trouvé dans des cas où j'avais du mal à lui faire faire ce que je voulais. En fait dès l'instant où j'ai commencé à jouer avec des interfaces tun, des zones et de la retransmission de paquets, j'ai commencé à avoir des difficultés. En attendant de les résoudre, j'ai noté que je pouvais revenir au fonctionnement précédent, et piloter iptables directement.</p>
<h3>Désactivation de firewalld</h3>
<p>Commençons par arrêter firewalld, et s'assurer qu'il est bien coupé :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl stop firewalld.service</span>
<span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl status firewalld.service</span>
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded <span class="o">(</span>/usr/lib/systemd/system/firewalld.service<span class="p">;</span> disabled<span class="p">;</span> vendor preset: enabled<span class="o">)</span>
Active: inactive <span class="o">(</span>dead<span class="o">)</span>
Docs: man:firewalld<span class="o">(</span><span class="m">1</span><span class="o">)</span>
Jun <span class="m">27</span> <span class="m">10</span>:27:00 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Starting firewalld - dynamic firewall daemon...
Jun <span class="m">27</span> <span class="m">10</span>:27:00 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Started firewalld - dynamic firewall daemon.
Jun <span class="m">27</span> <span class="m">10</span>:27:25 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Stopping firewalld - dynamic firewall daemon...
Jun <span class="m">27</span> <span class="m">10</span>:27:25 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Stopped firewalld - dynamic firewall daemon.
</code></pre></div>
<p>Bien sûr, cela veut dire qu'à partir de maintenant, la machine n'est plus protégée par le pare-feu.</p>
<p>Ensuite, on désactive son démarrage automatique :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl disable firewalld.service</span>
</code></pre></div>
<p>Si vraiment on ne souhaite plus pouvoir démarrer firewalld par accident, on peut le masquer :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl mask firewalld.service</span>
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
</code></pre></div>
<p>Maintenant c'est pas tout, mais faut remettre un pare-feu.</p>
<h3>Activation d'iptables</h3>
<p>Pour activer iptables, c'est très simple, commençons par installer le paquet "iptables-services" :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># yum -y install iptables-services</span>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.imt-systems.com
* extras: mirror.netcologne.de
* updates: mirror.ratiokontakt.de
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 <span class="m">0</span>:1.4.21-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies <span class="nv">Resolved</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Package Arch Version Repository <span class="nv">Size</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Installing:
iptables-services x86_64 <span class="m">1</span>.4.21-17.el7 base <span class="m">50</span> k
Transaction <span class="nv">Summary</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Install <span class="m">1</span> Package
Total download size: <span class="m">50</span> k
Installed size: <span class="m">24</span> k
Downloading packages:
iptables-services-1.4.21-17.el7.x86_64.rpm <span class="p">|</span> <span class="m">50</span> kB <span class="m">00</span>:00:00
Running transaction check
Running transaction <span class="nb">test</span>
Transaction <span class="nb">test</span> succeeded
Running transaction
Installing : iptables-services-1.4.21-17.el7.x86_64 <span class="m">1</span>/1
Verifying : iptables-services-1.4.21-17.el7.x86_64 <span class="m">1</span>/1
Installed:
iptables-services.x86_64 <span class="m">0</span>:1.4.21-17.el7
Complete!
</code></pre></div>
<p>Ensuite, on l'active dans systemd :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl enable iptables</span>
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
</code></pre></div>
<p>On peut alors le lancer :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl start iptables</span>
</code></pre></div>
<p>Comme pour RHEL 6 et CentOS 6, la configuration se trouve dans le fichier <em>/etc/sysconfig/iptables</em>, et dispose d'un jeu de règles n'ouvrant la voie qu'au ping et à SSH. La machine est, à partir de cet instant, de nouveau protégée par un pare-feu.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/velacreations/5249327029/" title="tools">velacreations - tools</a>.</em></p>Redirection de ports vers localhost sous Linux2017-06-19T09:30:00+02:002017-06-19T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-06-19:/post/2017/06/19/redirection-ports-localhost-linux/<p>Il m'est arrivé récemment de lancer des services uniquement sur la boucle locale d'une machine, par exemple un serveur web. On peut douter du bien-fondé de la démarche, mais je trouve cela intéressant à deux titres :- d'abord, si la configuration du service nécessite une adresse IP, cela sera 127.0 …</p><p>Il m'est arrivé récemment de lancer des services uniquement sur la boucle locale d'une machine, par exemple un serveur web. On peut douter du bien-fondé de la démarche, mais je trouve cela intéressant à deux titres :- d'abord, si la configuration du service nécessite une adresse IP, cela sera 127.0.0.1, et n'aura pas besoin d'être modifiée en cas de copie sur une autre machine ;- ensuite, si jamais pour une raison ou une autre le pare-feu vient à être inactif, le service ne sera pas exposé.</p>
<p>Bien sûr, cela ajoute une contrainte, celle d'effectuer une redirection de port en plus de l'ouverture de flux. De plus, je ne sais pas si cela a une influence réelle en terme de performance. Je pourrais tester cela à l'occasion, et en faire un article, tiens :)</p>
<p>Donc me voilà en train d'installer un serveur web, de le lancer sur localhost, je fais ma petite configuration à grands coups d'iptables, et là c'est le drame : le trafic ne passe pas. Quelques recherches plus tard, j'apprends qu'en fait par défaut, le noyau Linux considère que ce n'est pas normal qu'un paquet vienne de l'extérieur et ait comme destination 127.0.0.1. Ce comportement peut être modifié depuis la version 3.6, grâce à un paramètre sysctl :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># sysctl -w net.ipv4.conf.all.route_localnet=1</span>
</code></pre></div>
<p>Bien entendu, pour un résultat permanent, il faut penser à éditer /etc/sysctl.conf.</p>
<p>Petit détail sympathique, activer la retransmission de paquets (le fameux <em>ip_forward</em>) n'est pas nécessaire.</p>
<p>Source : <a href="https://superuser.com/questions/661772/iptables-redirect-to-localhost" title=""networking">Super User</a>.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>Wordpress : étude d'un site web victime de piratage2017-05-31T09:30:00+02:002017-05-31T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-31:/post/2017/05/31/wordpress-etude-site-web-piratage/<p><img alt=""A" src="https://blog.anotherhomepage.org/public/needlehaystack.jpg" title=""A">Durant le mois de février 2017, j'ai été sollicité pour analyser et "nettoyer" un site web piraté. Le site web en question fonctionnait sous Wordpress. Je partage mon expérience ici, en espérant que cela aide certaines personnes plus tard. J'ai choisi de ne pas mentionner le nom du site ou …</p><p><img alt=""A" src="https://blog.anotherhomepage.org/public/needlehaystack.jpg" title=""A">Durant le mois de février 2017, j'ai été sollicité pour analyser et "nettoyer" un site web piraté. Le site web en question fonctionnait sous Wordpress. Je partage mon expérience ici, en espérant que cela aide certaines personnes plus tard. J'ai choisi de ne pas mentionner le nom du site ou de son webmestre, si des commentaires venaient à divulguer ces informations, je me permettrai de les éditer ou de les refuser.</p>
<p>Mais avant de continuer, une mise en garde : en cas de piratage avéré de votre site, <strong>l'option la plus sûre reste de tout effacer, de restaurer des sauvegardes et de mettre à jour votre CMS ainsi que ses plugins</strong> ! Malheureusement, tout le monde ne fait pas de sauvegarde, et se retrouve parfois, selon l'hébergeur, avec un site web hors ligne le temps que le "nettoyage" soit fait.</p>
<p>Ah, et au passage : les adresses IP et noms de domaines ont été anonymisés. Si jamais il y a un oubli, faites-le moi savoir, et je corrigerai au plus vite !</p>
<h3>Première étape : l'inventaire</h3>
<p>J'ai commencé par faire un rapide inventaire de ce que je pouvais récupérer : le webmestre du site m'a aimablement fourni les accès à son hébergement et à son site, de sorte que je puisse effectuer sans difficulté toutes les actions dont j'aurais besoin. Je récupère donc les éléments suivants :</p>
<ul>
<li>logs d'accès sur environ 16 jours ;</li>
<li>copie complète des fichiers sur l'hébergement ;</li>
<li>export de la base de données.</li>
</ul>
<h3>Première recherche dans les logs</h3>
<p>Etudions donc ces logs, et voyons ce qui peut en ressortir. Je regarde d'abord le nombre de lignes de chaque fichier (la rotation semble se faire de manière quotidienne) :</p>
<div class="highlight"><pre><span></span><code><span class="m">13</span>:19 nils@shell2:~/tmp/exemple/access_logs$ wc -l *.log
<span class="m">29771</span> exemple.fr-03-02-2017.log
<span class="m">11377</span> exemple.fr-04-02-2017.log
<span class="m">12504</span> exemple.fr-05-02-2017.log
<span class="m">12279</span> exemple.fr-06-02-2017.log
<span class="m">9700</span> exemple.fr-07-02-2017.log
<span class="m">6182</span> exemple.fr-08-02-2017.log
<span class="m">11819</span> exemple.fr-09-02-2017.log
<span class="m">11918</span> exemple.fr-10-02-2017.log
<span class="m">19616</span> exemple.fr-11-02-2017.log
<span class="m">15377</span> exemple.fr-12-02-2017.log
<span class="m">11232</span> exemple.fr-13-02-2017.log
<span class="m">8253</span> exemple.fr-14-02-2017.log
<span class="m">6791</span> exemple.fr-15-02-2017.log
<span class="m">13711</span> exemple.fr-16-02-2017.log
<span class="m">23480</span> exemple.fr-17-02-2017.log
<span class="m">16602</span> exemple.fr-18-02-2017.log
<span class="m">220612</span> total
</code></pre></div>
<p>Trois jours deviennent intéressant, le premier avec 29771 requêtes, un autre 19616, et enfin un dernier à 23480. Je vais donc rechercher dans ces logs, des requêtes étranges, en particulier beaucoup de requêtes POST vers une ou plusieurs pages précises, qui ne semblent pas faire partie du site. Je suis content d'avoir retenu quelque chose de <a href="/post/2014/11/11/Relai-de-spam%2C-cela-n-arrive-qu-aux-autres">mon expérience précédente</a>.</p>
<p>Pour aller voir si quelque chose ressort des requêtes POST, je réutilise les one-liners awk dont j'avais parlé <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">ici</a> et <a href="/post/2012/10/01/Nombre-d-occurrences-dans-un-fichier-remix">là</a>. Voyons donc ce qui effectue le plus de requêtes POST dans le premier log :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/tmp/exemple/access_logs$ grep POST exemple.fr-03-02-2017.log <span class="p">|</span> grep -v <span class="s2">"POST /wp-cron.php"</span> <span class="p">|</span> awk <span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%d\\t%s" , frequencies[ip] , ip;}'</span> <span class="p">|</span> sort -rn <span class="p">|</span> head -5
<span class="m">98</span> <span class="m">10</span>.105.31.167
<span class="m">46</span> <span class="m">10</span>.169.249.134
<span class="m">13</span> <span class="m">10</span>.0.164.52
<span class="m">11</span> <span class="m">10</span>.186.33.40
<span class="m">7</span> <span class="m">10</span>.43.0.21
</code></pre></div>
<p>En effectuant des résolutions DNS inverses et des whois des adresses IP, je retrouve entre autres le FAI du webmestre, ainsi que le cluster de l'hébergeur. Mais je trouve aussi une adresse IP allemande, une autre tchétchène, et une russe. Surprenant pour un blog francophone, n'est-ce pas ? Bon, avant d'être accusé de racisme, allons voir ce que ces adresses IP ont fait comme requêtes. Extrait :</p>
<div class="highlight"><pre><span></span><code><span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:14:56:17 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/mybkl.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; MAARJS; rv:11.0) like Gecko"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:16:25:19 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/mbsrd.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:17:41:16 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/vipmpnjen.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:18:06:57 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/bvcomjjaf.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0)"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:18:10:18 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/mmgi.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 5.1; rv:50.0) Gecko/20100101 Firefox/50.0"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:18:24:07 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/gruk.php HTTP/1.1"</span> <span class="m">404</span> <span class="m">56215</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:18:24:11 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/fkjzhl.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Linux; Android 6.0.1; SM-N920V Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:18:32:00 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/ssauz.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:20:19:02 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/zpamh.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:20:47:29 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/bvcomjjaf.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:20:48:09 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/ssauz.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (iPad; CPU OS 10_0_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A403 Safari/602.1"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:20:50:33 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/vgmq.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"</span>
<span class="m">10</span>.0.164.52 www.exemple.fr - <span class="o">[</span><span class="m">03</span>/Feb/2017:21:09:03 +0100<span class="o">]</span> <span class="s2">"POST /wp-content/pwemtiqeb.php HTTP/1.1"</span> <span class="m">200</span> <span class="m">11</span> <span class="s2">"-"</span> <span class="s2">"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; ASU2JS; rv:11.0) like Gecko"</span>
</code></pre></div>
<p>Je récupère alors une archive propre de Wordpress depuis le site officiel, par acquis de conscience, mais personnellement, <em>fkjzhl.php</em> ou <em>pwemtiqeb.php</em> ça me semble louche comme nom de fichier. Comme prévu, ces fichiers n'ont absolument rien d'officiel, et les plugins Wordpress ne s'installent pas dans <em>/wp-content/</em>.</p>
<p>A ce moment-là, ma conclusion est la suivante : l'intrus (en supposant qu'il soit seul) a déposé une multitude de fichiers un peu partout dans l'arborescence afin de rendre plus difficile un éventuel nettoyage. De plus, en accédant à plusieurs fichiers, depuis plusieurs adresses IP différentes, cela noie les requêtes dans la masse et rend là aussi, la détection plus difficile.</p>
<h3>Même joueur joue encore</h3>
<p>Passons au deuxième fichier, en utilisant la même méthode :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/tmp/exemple/access_logs$ grep POST exemple.fr-17-02-2017.log <span class="p">|</span> grep -v <span class="s2">"POST /wp-cron.php"</span> <span class="p">|</span> awk <span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%d\\t%s" , frequencies[ip] , ip;}'</span> <span class="p">|</span> sort -rn <span class="p">|</span> head -5
<span class="m">10143</span> <span class="m">10</span>.9.129.250
<span class="m">240</span> <span class="m">10</span>.28.47.221
<span class="m">234</span> <span class="m">10</span>.135.219.59
<span class="m">229</span> <span class="m">10</span>.213.224.115
<span class="m">199</span> <span class="m">10</span>.123.209.172
</code></pre></div>
<p>Là aussi, la géolocalisation est assez variée : Allemagne, Hong-Kong, Pologne, Russie, Lituanie.Jetons alors un œil aux requêtes POST les plus visitées :</p>
<div class="highlight"><pre><span></span><code>grep POST exemple.fr-17-02-2017.log <span class="p">|</span> awk <span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span> <span class="p">|</span> sort -nr -k <span class="m">2</span>,2 <span class="p">|</span> grep -v <span class="s2">"/wp-cron.php"</span>
/hostdata4.php <span class="m">11299</span>
/wp-includes/js/tinymce/dir.php <span class="m">1211</span>
/xmlrpc.php <span class="m">240</span>
/wp-content/from.php <span class="m">75</span>
/wp-content/common.php <span class="m">39</span>
/wp-login.php <span class="m">8</span>
/wp-content/db_model.php <span class="m">7</span>
/wp-content/rss_feeder.class.php <span class="m">4</span>
/wp-includes/customize/db2.php <span class="m">3</span>
/wp-admin/network/plugin-editor.php <span class="m">3</span>
/wp-includes/js/tinymce/f53585.php <span class="m">3</span>
/wp-includes/Requests/Exception/HTTP/431.php <span class="m">3</span>
/wp-content/tongue_lib.php <span class="m">2</span>
/palaute.php <span class="m">2</span>
/addfavorites.php <span class="m">2</span>
/wp-content/uploads/2015/07/lib.php <span class="m">2</span>
/ranking.php <span class="m">2</span>
/confirmorder.php <span class="m">2</span>
/wp-content/press_lib.php <span class="m">2</span>
/wp-json/wp/v2/posts/5529 <span class="m">1</span>
/wp-content/adodb.class.php?test_url<span class="o">=</span><span class="nb">true</span> <span class="m">1</span>
/e28441e709.php?test_url<span class="o">=</span><span class="nb">true</span> <span class="m">1</span>
/index.php/wp-json/wp/v2/posts/5529 <span class="m">1</span>
/wp-content/index.php <span class="m">1</span>
/wp-content/powerful.inc.php <span class="m">1</span>
/wp-content/991e700dbd.html <span class="m">1</span>
/ <span class="m">1</span>
/xmlrpc.php?for<span class="o">=</span>jetpack<span class="p">&</span><span class="nv">token</span><span class="o">=</span>anonymized <span class="m">1</span>
</code></pre></div>
<p>Pas mal de fichiers me semblent bizarres, et on peut s'amuser à aller les recherche dans l'archive "saine" de Wordpress. Spoiler Alert : il n'y sont pas.</p>
<h3>Prenons un peu de hauteur</h3>
<p>Avant de passer à autre chose, j'ai décidé de regarder les requêtes POST les plus visitées sur la totalité des fichiers (en retirant un peu plus de requêtes "classiques") :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/tmp/exemple/access_logs$ <span class="k">for</span> i <span class="k">in</span> <span class="k">$(</span>find . -type f -print <span class="p">|</span> sort<span class="k">)</span><span class="p">;</span> <span class="k">do</span> cat <span class="nv">$i</span> >> ../exemple.fr-global.log<span class="p">;</span> <span class="k">done</span>
nils@shell2:~/tmp/exemple/access_logs$ grep POST ../exemple.fr-global.log <span class="p">|</span> grep -v <span class="s2">"/wp-cron.php\\|/wp-login.php\\|/xmlrpc.php"</span> <span class="p">|</span> awk <span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span> <span class="p">|</span> sort -nr -k <span class="m">2</span>,2 <span class="p">|</span> head -50
/hostdata4.php <span class="m">24322</span>
/wp-includes/js/tinymce/dir.php <span class="m">10057</span>
/_index.php <span class="m">1373</span>
/wp-admin/admin-ajax.php <span class="m">762</span>
/wp-content/izodltnu.php <span class="m">753</span>
/wp-content/vgmq.php <span class="m">705</span>
/wp-content/zpamh.php <span class="m">699</span>
/wp-content/fkjzhl.php <span class="m">654</span>
/wp-content/ulimzaggf.php <span class="m">645</span>
/wp-content/jbrv.php <span class="m">642</span>
/wp-content/omfxde.php <span class="m">629</span>
/wp-content/ohvvdgk.php <span class="m">625</span>
/wp-content/pwemtiqeb.php <span class="m">614</span>
/wp-content/mmgi.php <span class="m">613</span>
/wp-content/nrzekbal.php <span class="m">609</span>
/wp-content/bvcomjjaf.php <span class="m">605</span>
/wp-content/yuflla.php <span class="m">601</span>
/wp-content/mybkl.php <span class="m">598</span>
/wp-content/mbsrd.php <span class="m">594</span>
/wp-content/vipmpnjen.php <span class="m">578</span>
/wp-content/ssauz.php <span class="m">542</span>
/wp-content/common.php <span class="m">378</span>
/wp-content/gruk.php <span class="m">313</span>
/wp-content/db_model.php <span class="m">133</span>
/wp-content/nwjtirmy.php <span class="m">96</span>
/wp-content/nrkg/wzvzrtnqh.php <span class="m">95</span>
/wp-content/iari.php <span class="m">89</span>
/wp-content/from.php <span class="m">77</span>
/wp-admin/admin.php?page<span class="o">=</span>stats<span class="p">&</span>noheader<span class="p">&</span><span class="nv">chart</span><span class="o">=</span>flot-stats-data <span class="m">72</span>
/wp-admin/admin-ajax.php?action<span class="o">=</span>wp_ewwwio_async_optimize_media<span class="p">&</span><span class="nv">nonce</span><span class="o">=</span>c8aa5f3464 <span class="m">24</span>
/wp-content/plugins/thank-me-later/lib/start37.php <span class="m">23</span>
/wp-admin/admin-ajax.php?action<span class="o">=</span>wordfence_testAjax <span class="m">23</span>
/wp-content/uploads/2015/07/lib.php <span class="m">19</span>
/wp-includes/Requests/Exception/HTTP/431.php <span class="m">19</span>
/wp-includes/customize/db2.php <span class="m">17</span>
/wp-includes/js/tinymce/f53585.php <span class="m">13</span>
/wp-admin/meta/output.php <span class="m">12</span>
/post.php <span class="m">11</span>
/wp-admin/post.php <span class="m">9</span>
/wp-admin/network/plugin-editor.php <span class="m">9</span>
/wp-admin/admin-ajax.php?action<span class="o">=</span>wp_ewwwio_async_optimize_media<span class="p">&</span><span class="nv">nonce</span><span class="o">=</span>50967874b9 <span class="m">8</span>
/ <span class="m">7</span>
/wp-comments-post.php?for<span class="o">=</span>jetpack <span class="m">6</span>
/wp-content/egatl/wnxavysc.php <span class="m">5</span>
/3cdb6f452a.php?test_url<span class="o">=</span><span class="nb">true</span> <span class="m">5</span>
/wp-content/sad.func.php <span class="m">4</span>
/addfavorites.php <span class="m">4</span>
/palaute.php <span class="m">4</span>
/wp-content/rss_feeder.class.php <span class="m">4</span>
/wp-content/hook-filters.php <span class="m">4</span>
</code></pre></div>
<p>Afin d'éviter que ce blog tire en longueur juste pour des lignes de requête POST, je me suis limité au 50 premières lignes. Rien de plus que dans les autres recherche, on note comme avant que l'intrus a pris ses aises dans les répertoires <em>/wp-content/</em> et <em>/wp-includes/</em>. L'intérêt de faire cette recherche est de faire remonter certaines requêtes qui seraient passées sous les radars si j'avais continué fichier par fichier.</p>
<h3>Résultat des courses</h3>
<p>J'ai donc repéré comme ça un certain nombre de fichiers qui n'ont rien à voir avec le contenu réel du blog, et que je vais pouvoir supprimer sans regret. Cela n'est hélas pas suffisant, car rien n'empêche un intrus d'insérer des fichiers qui ne sont presque pas accédés. Dans un prochain billet, j'espère donc comparer au niveau fichier l'export de ce blog avec une archive saine.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p>Crédit photo : <a href="https://www.flickr.com/photos/msvg/5143096005/" title=""A">Michael Gil - A Needle in a Hay Stack</a>.</p>systemd : reconfigurer une unité de service2017-05-22T09:30:00+02:002017-05-22T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-22:/post/2017/05/22/systemd-reconfigurer-unite-service/<p><img alt=""bricolage" src="https://blog.anotherhomepage.org/public/bricolagebumper.jpg" title=""bricolage">Dans <a href="/post/haveged-ajouter-entropie-vps-linux">le billet précédent</a>, j'ai abordé haveged et je terminais sur le fait que certains paramètres pouvaient être accessibles. Cela ne semble pas forcément évident, car si on regarde la liste des fichiers du paquet RPM, on n'y trouve aucun fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>$ rpm -ql haveged
/usr/lib/systemd/system …</code></pre></div><p><img alt=""bricolage" src="https://blog.anotherhomepage.org/public/bricolagebumper.jpg" title=""bricolage">Dans <a href="/post/haveged-ajouter-entropie-vps-linux">le billet précédent</a>, j'ai abordé haveged et je terminais sur le fait que certains paramètres pouvaient être accessibles. Cela ne semble pas forcément évident, car si on regarde la liste des fichiers du paquet RPM, on n'y trouve aucun fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>$ rpm -ql haveged
/usr/lib/systemd/system/haveged.service
/usr/lib64/libhavege.so.1
/usr/lib64/libhavege.so.1.1.0
/usr/sbin/haveged
/usr/share/doc/haveged
/usr/share/doc/haveged/AUTHORS
/usr/share/doc/haveged/COPYING
/usr/share/doc/haveged/ChangeLog
/usr/share/doc/haveged/README
/usr/share/doc/haveged/havege_sample.c
/usr/share/man/man8/haveged.8.gz
</code></pre></div>
<p>De plus, si on regarde le processus lancé, on remarque que certaines options sont précisées sur la ligne de commande :</p>
<div class="highlight"><pre><span></span><code>$ ps auxwww <span class="p">|</span> grep haveged <span class="p">|</span> grep -v grep
root <span class="m">22470</span> <span class="m">0</span>.0 <span class="m">0</span>.7 <span class="m">12132</span> <span class="m">3824</span> ? Rs May16 <span class="m">0</span>:00 /usr/sbin/haveged -w <span class="m">1024</span> -v <span class="m">1</span> --Foreground
</code></pre></div>
<p>Allons un peu plus loin, le paquet contient un fichier "haveged.service" :</p>
<div class="highlight"><pre><span></span><code>$ cat /usr/lib/systemd/system/haveged.service
<span class="o">[</span>Unit<span class="o">]</span>
<span class="nv">Description</span><span class="o">=</span>Entropy Daemon based on the HAVEGE algorithm
<span class="nv">Documentation</span><span class="o">=</span>man:haveged<span class="o">(</span><span class="m">8</span><span class="o">)</span> http://www.issihosts.com/haveged/
<span class="o">[</span>Service<span class="o">]</span>
<span class="nv">Type</span><span class="o">=</span>simple
<span class="nv">ExecStart</span><span class="o">=</span>/usr/sbin/haveged -w <span class="m">1024</span> -v <span class="m">1</span> --Foreground
<span class="nv">SuccessExitStatus</span><span class="o">=</span><span class="m">143</span>
<span class="o">[</span>Install<span class="o">]</span>
<span class="nv">WantedBy</span><span class="o">=</span>multi-user.target
</code></pre></div>
<p>Il ne faut pas succomber à la tentation de modifier directement ce fichier, car une possibilité plus propre existe : <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Unit_Files.html#sect-Managing_Services_with_systemd-Unit_File_Modify" title=""RHEL">la documentation officielle RHEL 7</a> nous apprend ainsi comment créer un fichier de configuration pour le service.</p>
<p>Dans ce cas précis, je souhaite augmenter la valeur de l'argument -w à 2048. Pour l'anecdote, cette option permet d'augmenter l'utilisation de haveged en définissant une taille minimale du réservoir d'entropie. Nous allons donc d'abord créer un répertoire de configuration de service systemd, puis le fichier lui-même :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mkdir /etc/systemd/system/haveged.service.d/</span>
<span class="c1"># vi /etc/systemd/system/haveged.service.d/custom_args.conf</span>
</code></pre></div>
<p>Bon, peu importe le nom du fichier tant qu'il a pour extension ".conf", mais il est malgré tout préférable de lui donner un nom explicite (en clair, faites ce que je dis, pas ce que je fais).</p>
<p>Nous allons dans ce fichier redéfinir la directive <em>ExecStart</em>, puisque c'est celle qui définit l'option à modifier. Par contre, petite subtilité, cette directive doit être vidée pour être redéfinie. Le fichier a donc cette allure :</p>
<div class="highlight"><pre><span></span><code><span class="k">[Service]</span><span class="w"></span>
<span class="na">ExecStart</span><span class="o">=</span><span class="w"></span>
<span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/sbin/haveged -w 2048 -v 1 --Foreground</span><span class="w"></span>
</code></pre></div>
<p>Il faut maintenant recharger les unités avant de redémarrer le service haveged :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl restart haveged.service</span>
Warning: haveged.service changed on disk. Run <span class="s1">'systemctl daemon-reload'</span> to reload units.
<span class="c1"># systemctl daemon-reload</span>
<span class="c1"># systemctl restart haveged.service</span>
<span class="c1"># ps auxwww | grep haveged | grep -v grep</span>
root <span class="m">23074</span> <span class="m">2</span>.4 <span class="m">0</span>.7 <span class="m">12132</span> <span class="m">3836</span> ? Ss <span class="m">04</span>:02 <span class="m">0</span>:00 /usr/sbin/haveged -w <span class="m">2048</span> -v <span class="m">1</span> --Foreground
</code></pre></div>
<p>Le démon haveged est alors lancé avec une valeur de 2048 pour l'option -w.</p>
<p>Dernier petit détail, SELinux. J'ai testé cette manipulation sur un système configuré en "enforcing", l'édition du fichier s'est donc faite dans le bon contexte. Au cas où certains se demandent comment sont les labels, les voici :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ll -Z -d /etc/systemd/system/haveged.service.d</span>
drwxr-xr-x. root root unconfined_u:object_r:systemd_unit_file_t:s0 /etc/systemd/system/haveged.service.d
<span class="c1"># ll -Z /etc/systemd/system/haveged.service.d/custom_args.conf</span>
-rw-r--r--. root root unconfined_u:object_r:systemd_unit_file_t:s0 /etc/systemd/system/haveged.service.d/custom_args.conf
</code></pre></div>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p>Crédit photo : <a href="https://www.flickr.com/photos/khargrav/3732587579/" title=""bricolage">Katie Hargrave - bricolage bumper.</a></p>Haveged : ajouter de l'entropie à son VPS Linux2017-05-18T09:00:00+02:002017-05-18T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-18:/post/2017/05/18/haveged-ajouter-entropie-vps-linux/<p><img alt=""Entropy"" src="https://blog.anotherhomepage.org/public/entropy.jpg" title=""Entropy,">Entre deux bidouilles <a href="/tag/NetBSD">NetBSD</a>, je me suis retrouvé à des bidouilles <a href="/tag/Linux">Linux</a>. Plus particulièrement en jetant un œil à <a href="https://www.ssi.gouv.fr/entreprise/guide/recommandations-pour-un-usage-securise-dopenssh/" title=""Usage">une certaine documentation utile</a>, j'ai pu lire :</p>
<blockquote>
<p>Les clés doivent être générées dans un contexte où la source d’aléa est fiable, ou à défaut dans un environnement où suffisamment d …</p></blockquote><p><img alt=""Entropy"" src="https://blog.anotherhomepage.org/public/entropy.jpg" title=""Entropy,">Entre deux bidouilles <a href="/tag/NetBSD">NetBSD</a>, je me suis retrouvé à des bidouilles <a href="/tag/Linux">Linux</a>. Plus particulièrement en jetant un œil à <a href="https://www.ssi.gouv.fr/entreprise/guide/recommandations-pour-un-usage-securise-dopenssh/" title=""Usage">une certaine documentation utile</a>, j'ai pu lire :</p>
<blockquote>
<p>Les clés doivent être générées dans un contexte où la source d’aléa est fiable, ou à défaut dans un environnement où suffisamment d’entropie a été accumulée.</p>
</blockquote>
<p>Et là, on commence à se poser des questions : qu'est-ce que l'entropie ? Pourquoi faut-il une source fiable ? Comment avoir une meilleure entropie ?</p>
<h3>Entropie et aléa</h3>
<p>Pour résumer, disons que l'entropie c'est la qualité de la génération de nombres aléatoires. C'est un raccourci assez grossier j'en conviens, mais cela évitera d'écrire ou de paraphraser des pavés mathématiques.</p>
<p>Mais alors, pourquoi générer des nombres aléatoires ? Tout simplement parce que cela fait partie de nombreuses bases d'outils cryptographiques, comme par exemple la génération de clés SSH. C'est d'ailleurs l'occasion d'aborder la question du risque qu'on prend si on ne génère pas assez d'aléa dans notre exemple : il devient possible de générer deux fois le même couple de clés SSH, et par conséquent, que quelqu'un soit en mesure de se connecter à une machine à laquelle il ne devrait pas avoir accès.</p>
<p>Si vous pensez que cela n'arrive jamais, il suffit de se rappeler la vulnérabilité OpenSSH Debian. En 2008, la version Debian d'OpenSSL s'est trouvée modifiée, et a eu pour conséquence un très faible nombre de possibilités pour générer des clés SSH. La preuve ? On peut trouver sur cette page l'intégralité des clés DSA (1024 et 2048 bits) et RSA (1024 à 4096 bits) possibles via cette version vulnérable. J'admets volontiers que c'est un cas extrême, mais il a le mérite d'être assez parlant.</p>
<p>Bref, tout ça pour dire que plus on a d'entropie, mieux c'est.</p>
<h3>Mesurer la qualité de l'entropie</h3>
<p>Pour mesurer la qualité de l'entropie, c'est très simple :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">175</span>
</code></pre></div>
<p>On voit que cela renvoie un nombre, qui désigne la quantité de nombres aléatoires générés. On dit que ce nombre est la taille de notre réservoir d'entropie. Et donc, plus il est grand, mieux c'est. Sauf que là, 175 sur une VM Vagrant CentOS 7, bein c'est pas glorieux.</p>
<p>Une autre manière de mesurer l'entropie consiste à utiliser l'outil rngtest (disponible dans le paquet rng-tools pour CentOS). Celui-ci va lancer un certain nombre de tests utilisant le standard FIPS-140.</p>
<p>Par exemple :</p>
<div class="highlight"><pre><span></span><code>$ cat /dev/random <span class="p">|</span> rngtest -c <span class="m">1000</span>
rngtest <span class="m">5</span>
Copyright <span class="o">(</span>c<span class="o">)</span> <span class="m">2004</span> by Henrique de Moraes Holschuh
This is free software<span class="p">;</span> see the <span class="nb">source</span> <span class="k">for</span> copying conditions. There is NO warranty<span class="p">;</span> not even <span class="k">for</span> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: <span class="m">96</span>
rngtest: FIPS <span class="m">140</span>-2 successes: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2 failures: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Monobit: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Poker: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Runs: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Long run: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Continuous run: <span class="m">0</span>
rngtest: input channel speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">0</span>.000<span class="o">)</span>bits/s
rngtest: FIPS tests speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">0</span>.000<span class="o">)</span>bits/s
rngtest: Program run time: <span class="m">21307295</span> microseconds
</code></pre></div>
<p>Et là, ce n'est toujours pas glorieux, car j'ai arrêté l'exécution faute de patience.</p>
<p>Avant de remédier à ce problème, comparons avec une machine physique notre premier indicateur :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">3217</span>
</code></pre></div>
<p>On peut aussi constater que le problème d'entropie affecte particulièrement les machines virtuelles. Cela s'explique surtout par le fait qu'elles disposent de beaucoup moins d'éléments qu'une machine physique, et donc moins d'éléments à lire pour espérer y trouver de l'aléa.</p>
<p>Bon, ce n'est pas tout, mais il est temps de remédier à ce problème d'entropie sur cette VM !</p>
<h3>Haveged : générateur d'entropie en espace utilisateur</h3>
<p><a href="http://issihosts.com/haveged/" title=""haveged">Haveged</a> est un logiciel qui se présente sous la forme d'un démon qui reste en espace utilisateur. Il tire son nom de l'algorithme qu'il utilise, HAVEGE (HArdware Volatile Entropy Gathering and Expansion).</p>
<p>Côté installation, rien de plus simple, il suffit, pour CentOS, d'avoir accès au dépôt <a href="https://fedoraproject.org/wiki/EPEL" title="EPEL">Fedora EPEL</a>. Une fois que c'est fait, un simple yum -y install haveged suffit à disposer du logiciel.</p>
<p>Comme il s'agit d'un démon, il faut le démarrer. Sous CentOS 7, cela se fait via systemd :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl start haveged.service</span>
</code></pre></div>
<p>Et voilà ! Bon d'accord, cela fait peu. Maintenant, vérifions que notre entropie augmente :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">1779</span>
</code></pre></div>
<p>Voilà qui est mieux. Vérifions aussi avec rngtest :</p>
<div class="highlight"><pre><span></span><code>$ cat /dev/random <span class="p">|</span> rngtest -c <span class="m">1000</span>
rngtest <span class="m">5</span>
Copyright <span class="o">(</span>c<span class="o">)</span> <span class="m">2004</span> by Henrique de Moraes Holschuh
This is free software<span class="p">;</span> see the <span class="nb">source</span> <span class="k">for</span> copying conditions. There is NO warranty<span class="p">;</span> not even <span class="k">for</span> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: <span class="m">20000032</span>
rngtest: FIPS <span class="m">140</span>-2 successes: <span class="m">1000</span>
rngtest: FIPS <span class="m">140</span>-2 failures: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Monobit: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Poker: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Runs: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Long run: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Continuous run: <span class="m">0</span>
rngtest: input channel speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">2</span>.057<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">17</span>.351<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">25</span>.915<span class="o">)</span>Mibits/s
rngtest: FIPS tests speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">44</span>.564<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">139</span>.836<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">161</span>.640<span class="o">)</span>Mibits/s
rngtest: Program run time: <span class="m">1237535</span> microseconds
</code></pre></div>
<p>Dans ce dernier cas, la récupération des informations fut quasi-instantanée ! On peu d'ailleurs noter le nombre de tests réalisés avec succès, qui correspond mieux à nos attentes.</p>
<p>Pour ce qui est d'activer haveged au démarrage, il ne faut pas oublier la commande systemctl qui va bien :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl enable haveged.service</span>
Created symlink from /etc/systemd/system/multi-user.target.wants/haveged.service to /usr/lib/systemd/system/haveged.service.
</code></pre></div>
<p>Selon les distributions, certains paramètres supplémentaires sont accessibles, mais cela fera l'objet d'un autre article ;)</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/teatimer/6773350588/" title="Entropy">teatimer - Entropy</a></em></p>
<h2>Commentaires</h2>
<h3>Le 18/05/2017 16:20 par Melua</h3>
<p>Je vous suggère de lire cet article à ce sujet : si l'instruction RDTSC n'est pas rendue disponible par votre machine hôte, les machines virtuelles recevront toujours le même résultat (ou un résultat prévisible) rendant votre génération par haveged faussement aléatoire.</p>
<p>https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines</p>
<h3>Le 18/05/2017 20:09 par Nils</h3>
<p>Merci pour ce commentaire très pertinent, Melua !</p>
<p>Cela m'a en effet été remonté sur Mastodon (discussion <a href="https://mastodon.xyz/@Nils/2876532">ici</a>), via le wiki d'Archlinux. Visiblement on mentionne surtout les produits VMware, et un peu VirtualBox, sans que ce dernier soit concerné (je suis du coup tranquille pour le moment). J'espère faire un billet de suivi concernant cette instruction, mais il me faudra chercher pour voir si cette instruction est disponible via d'autres hypverviseurs (je pense particulièrement à Xen en paravirtuel, mais je suis intéressé aussi par KVM et Hyper-V).</p>Xen : installation d'un invité domU NetBSD2017-05-09T09:00:00+02:002017-05-09T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-09:/post/2017/05/09/xen-installation-domu-netbsd/<p><img alt=""the" src="https://blog.anotherhomepage.org/public/thehandler.jpg" title=""the">Dans <a href="/post/xen-installation-dom0-netbsd">le billet précédent</a>, j'ai abordé la création d'un hyperviseur Xen (dom0) NetBSD.Il est donc temps de s'occuper du système invité NetBSD, le domU.</p>
<h3>Création du domU Xen</h3>
<p>Pour créer notre domU, nous avons besoin de 3 éléments présents sur le dom0 :</p>
<ul>
<li>un fichier de disque dur (on pourrait …</li></ul><p><img alt=""the" src="https://blog.anotherhomepage.org/public/thehandler.jpg" title=""the">Dans <a href="/post/xen-installation-dom0-netbsd">le billet précédent</a>, j'ai abordé la création d'un hyperviseur Xen (dom0) NetBSD.Il est donc temps de s'occuper du système invité NetBSD, le domU.</p>
<h3>Création du domU Xen</h3>
<p>Pour créer notre domU, nous avons besoin de 3 éléments présents sur le dom0 :</p>
<ul>
<li>un fichier de disque dur (on pourrait utiliser LVM ou une partition, mais cela est moins flexible) ;</li>
<li>dans le cas de NetBSD, un fichier de noyau ;</li>
<li>et un fichier de configuration.</li>
</ul>
<p>D'abord, le fichier de disque dur. Pour le créer, il suffit d'utiliser la commande <em>dd</em>. La taille de ce fichier déterminera la taille du disque dur de la machine virtuelle. Créons un fichier de 4 Go (4096 blocs d'1 Mo) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">zero</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="k">disk</span><span class="o">/</span><span class="n">netbsd</span><span class="p">.</span><span class="n">img</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">m</span><span class="w"> </span><span class="nf">count</span><span class="o">=</span><span class="mi">4096</span><span class="w"></span>
</code></pre></div>
<p>On peut remarquer que cet exemple remplit notre fichier de zéros, et ne crée pas de fichier sparse. Il semble que la gestion des fichiers sparse ne soit pas parfaite sous NetBSD, d'après le <a href="https://wiki.netbsd.org/ports/xen/howto/" title="">tutoriel officiel</a>.</p>
<p>Ensuite, récupérons les fichiers noyau :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">INSTALL_XEN3_DOMU</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOMU</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
</code></pre></div>
<p>On récupère deux fichiers de noyau, car l'un d'entre eux ne sert que pour l'installation. Une fois celle-ci terminée, il faut penser à configurer notre domU avec le noyau "classique".</p>
<p>Nous pouvons enfin créer notre fichier de configuration, <em>/usr/pkg/etc/xen/netbsd</em> :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">#</span><span class="w"> </span><span class="n">netbsd</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">$</span><span class="w"></span>
<span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"netbsd"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"d0f3e8d3-2f54-11e7-b035-00301bbde894"</span><span class="w"></span>
<span class="n">kernel</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"/srv/xen/images/kernels/NetBSD/NetBSD-7.1/amd64/netbsd-INSTALL_XEN3_DOMU.gz"</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">256</span><span class="w"></span>
<span class="n">vcpus</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">[</span><span class="n"> 'bridge=bridge0,mac=00:16:3E:00:00:02' </span><span class="o">]</span><span class="w"></span>
<span class="k">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">[</span><span class="n"> '/srv/xen/images/disk/netbsd.img,raw,xvda,rw' </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Les directives du fichier de configuration sont assez explicites, néanmoins il convient de préciser certaines choses :</p>
<ul>
<li>d'abord, le nom de la machine virtuelle ("name") doit être unique ;</li>
<li>et en passant, l'uuid aussi (généré via <em>uuidgen</em>), mais il n'est pas obligatoire, la directive peut être vide ;</li>
<li>la mémoire est spécifiée en méga-octets ;</li>
<li>on peut spécifier plusieurs interfaces réseau ou disques durs.</li>
</ul>
<p>On peut ajouter bien d'autres options, mais il est préférable de commencer par un fichier simple, qui démarrera une machine en mode texte, avant d'aller plus loin.</p>
<p>Maintenant que notre fichier de configuration est prêt, démarrons notre domU :</p>
<p>````
root@rogue:/usr/pkg/etc/xen# xl create -c netbsd</p>
<div class="highlight"><pre><span></span><code>L'option -c permet d'attacher la console locale de la machine virtuelle en mode texte, et donc de pouvoir interagir avec (pour, par exemple, effectuer une installation).
### Installation de NetBSD dans le domU
L'installation se passe de manière similaire à ce qui est [présenté dans le guide officiel](https://www.netbsd.org/docs/guide/en/chap-exinst.html ""NetBSD"), mais à une différence près : une fois l'installation terminée, il faut quitter l'installeur (au lieu de redémarrer), puis éteindre la machine virtuelle :
</code></pre></div>
<h1>shutdown -p now</h1>
<div class="highlight"><pre><span></span><code>De retour dans le dom0, il faut alors changer le fichier de noyau pour un démarrage "classique" :
</code></pre></div>
<p>root@rogue:/usr/pkg/etc/xen# vi netbsd
kernel = "/srv/xen/images/kernels/NetBSD/NetBSD-7.1/amd64/netbsd-XEN3_DOMU.gz"</p>
<div class="highlight"><pre><span></span><code>On peut ensuite démarrer notre machine virtuelle, dans l'exemple suivant sans attacher la console locale de celle-ci :
</code></pre></div>
<p>root@rogue:/usr/pkg/etc/xen# xl create netbsd
```</p>
<h3>On est vraiment obligé de spécifier sur le noyau ?</h3>
<p>Dans le domU d'exemple du billet précédent, le système OpenWrt était démarré grâce à pygrub, un chargeur de démarrage pour Xen. Celui-ci n'est hélas pas capable de lire le système de fichiers FFS utilisé par NetBSD. Cela n'est pas non plus possible pour pv-grub, qui n'est de toute façon pas disponible dans les paquets Xen pkgsrc.</p>
<p>Quelles sont alors les possibilités ? La première consiste à créer une partition /boot en ext2/3/4 au début du disque virtuel, et d'y placer noyau et configuration Grub, comme l'indique <a href="http://wiki.prgmr.com/mediawiki/index.php/NetBSD_as_a_DomU#Partitioning_for_pv-grub" title=""NetBSD">ce tutoriel</a>. Une autre consiste à compiler soi-même une version de Grub2, qui semble maintenant gérer Xen, tout du moins d'après ce <a href="https://blog.xenproject.org/2015/01/07/using-grub-2-as-a-bootloader-for-xen-pv-guests/" title=""Using">billet du blog officiel Xen</a>, daté de janvier 2015.</p>
<h3>Autres actions possibles</h3>
<p>Démarrer sa machine virtuelle, c'est bien, pouvoir effectuer d'autres actions et vérifications, c'est mieux ! Voici donc, en vrac, quelques commandes utiles pour gérer ses domU :</p>
<ul>
<li><em>xl shutdown \<chemin vers le fichier de configuration></em> permet d'arrêter proprement celui-ci ;</li>
<li>besoin d'appuyer sur le bouton Off comme un gros barbare ? <em>xl destroy \<nomdudomU></em> ;</li>
<li>lister les domU en fonctionnement : <em>xl list</em> ;</li>
<li>et pour avoir cette liste en temps réel, présentée à la manière d'un <em>top</em>, on peut utiliser <em>xl top</em>.</li>
</ul>
<p>D'autres commandes et paramètres sont disponibles dans la page de manuel de la commande <em>xl</em>.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo :</em> <a href="https://www.flickr.com/photos/cmustard/34064469610/in/photolist-TUaj2y-ajyqsY-4XMPYQ-4LCSFr-2wz6-6zQVu2-G36kR-oGVpNV-7BguV-4oXq8s-7kKgjh-3KdvKY-8nM4kw-S1W13y-aFogBm-7JNRuf-aE1mHJ-8Roq1t-MQEVs-eaW368-4UFV14-hRpNi-ps4yHK-7JJWbk-6eHd2K-7RjCRN-u5qc9-dKBGda-fCAKEu-duoNYJ-fE8FRp-4vTuc8-4XMNTG-b9et7R-9eFif6-9eJp2C-9eFiez-5Q7YTg-6to7X4-6pBDge-8RogFM-bmZ5X-dqPf7h-3pm8Lc-4WBHsG-7rnC8-c3i3zN-6Yko5-a7h1Wr-6eMmmw" title=""the">ColonelMustard - the handler</a>''</p>Xen : installation d'un hyperviseur dom0 NetBSD2017-05-02T12:00:00+02:002017-05-02T12:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-02:/post/2017/05/02/xen-installation-dom0-netbsd/<p><img alt=""Army"" src="https://blog.anotherhomepage.org/public/army.jpg" title=""Army,">J'ai écrit dans le passé quelques billets concernant <a href="/tag/Xen">Xen</a>, mais jamais sur l'installation à proprement parler d'un hyperviseur Xen à base de NetBSD. Il est temps de réparer cela ! Mais avant de commencer, quelques rappels :</p>
<ul>
<li>en terminologie Xen, chaque système invité se nomme un "domaine" ;</li>
<li>une machine virtuelle est un …</li></ul><p><img alt=""Army"" src="https://blog.anotherhomepage.org/public/army.jpg" title=""Army,">J'ai écrit dans le passé quelques billets concernant <a href="/tag/Xen">Xen</a>, mais jamais sur l'installation à proprement parler d'un hyperviseur Xen à base de NetBSD. Il est temps de réparer cela ! Mais avant de commencer, quelques rappels :</p>
<ul>
<li>en terminologie Xen, chaque système invité se nomme un "domaine" ;</li>
<li>une machine virtuelle est un domaines non-privilégié, en anglais "unprivileged domain", généralement raccourci en "domU" ;</li>
<li>l'OS qui fait fonctionner l'hyperviseur est un domaine privilégié, en anglais "privileged domain", ce qui donne en raccourci "dom0".</li>
</ul>
<p>Il s'agit donc de détailler l'installation et la configuration de Xen en tant que dom0 sur un système NetBSD amd64. Pour valider son bon fonctionnement, une installation rapide d'un domU OpenWrt sera effectuée à la fin.</p>
<p>Mais avant de démarrer, voici quelques informations sur la configuration qui sera effectuée :</p>
<ul>
<li>comme la machine physique ne dispose pas des instructions de virtualisation (Intel Atom 330), seul le mode "paravirtuel" sera abordé ;</li>
<li>la machine physique se verra attribuer 256 Mo de RAM sur ses 2 Go pour son fonctionnement ;</li>
<li>la configuration réseau sera en mode "bridge", le dom0 et les domU seront donc sur le même réseau.</li>
</ul>
<p>Allons-y !</p>
<h3>Installation et configuration de NetBSD</h3>
<p>Commençons par l'installation du système d'exploitation : NetBSD 7.1 amd64. Il n'y a rien en particulier à signaler sur l'installation, cela dépend avant tout de son usage. Cette machine n'étant pas destinée à devenir un environnement de production, j'ai choisi un partitionnement minimal, à savoir juste un / qui prend tout le disque.</p>
<p>A noter aussi qu'à ce moment, il n'y a besoin de rien en particulier concernant le noyau. J'ai pris l'habitude de ne pas installer les sets de compilation ou source sur une machine sauf si j'en ai expressément besoin. Donc, je me suis limité aux sets suivants :</p>
<ul>
<li>base ;</li>
<li>etc ;</li>
<li>man ;</li>
<li>misc ;</li>
<li>modules ;</li>
<li>tests ;</li>
<li>text ;</li>
<li>xbase.</li>
</ul>
<p>Côté réseau, il sera sans doute plus simple de configurer une adresse IP statique. On va aussi dès maintenant configurer le bridge :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="p">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span>#<span class="w"> </span><span class="nb">cat</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ifconfig</span><span class="p">.</span><span class="n">bridge0</span><span class="w"> </span>
<span class="n">create</span><span class="w"></span>
<span class="s">!brconfig</span><span class="w"> </span><span class="s">$int</span><span class="w"> </span><span class="s">add</span><span class="w"> </span><span class="s">re0</span><span class="w"> </span><span class="s">up</span><span class="w"></span>
</code></pre></div>
<p>A noter que l'interface de la machine physique est re0, il convient de la modifier selon celle disponible. On va aussi autoriser la retransmission de paquets réseau :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysctl</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">net</span><span class="p">.</span><span class="n">inet</span><span class="p">.</span><span class="n">ip</span><span class="p">.</span><span class="n">forwarding</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
</code></pre></div>
<p>Ces modifications seront prises en compte au prochain démarrage du système, qu'il convient de faire dès maintenant.</p>
<p>Pour les paquets logiciels, j'ai choisi d'utiliser mon propre dépôt pkgsrc de paquets binaires. Là aussi, rien d'exceptionnel, j'ai juste installé mon petit confort personnel. Il est néanmoins possible d'utiliser le dépôt binaire pkgsrc officiel (configuré lors de l'installation) ou d'utiliser pkgsrc depuis les sources.</p>
<h3>Installation et configuration de Xen 4.6</h3>
<p>Maintenant que notre système est installé et prêt, passons à l'installation de Xen. Rien de compliqué non plus à ce niveau, il suffit d'utiliser pkgin :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># pkgin in xenkernel46 xentools46</span><span class="w"></span>
</code></pre></div>
<p>Des messages seront affichés durant l'installation des différents paquets, montrant un certain nombre de messages de conseils et de recommandations.</p>
<p>Pour que Xen fonctionne, il faut d'abord démarrer un noyau spécialisé qui chargera de lancer l'hyperviseur. Le noyau NetBSD dom0 est disponible à côté du noyau générique sur les dépôts :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">wget</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">mv</span><span class="w"> </span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="p">.</span><span class="n">gz</span><span class="w"> </span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Configurons maintenant le chargeur de démarrage. Il suffit d'insérer la ligne suivante au début du fichier /boot.cfg :</p>
<div class="highlight"><pre><span></span><code><span class="n">menu</span><span class="o">=</span><span class="n">Xen</span><span class="p">:</span><span class="nb">load</span><span class="w"> </span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="n">console</span><span class="o">=</span><span class="n">pc</span><span class="p">;</span><span class="n">multiboot</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">xen46</span><span class="o">-</span><span class="n">kernel</span><span class="o">/</span><span class="n">xen</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="n">dom0_mem</span><span class="o">=</span><span class="mi">256</span><span class="n">M</span><span class="w"></span>
</code></pre></div>
<p>Parmi les détails de cette ligne de configuration, on remarquera l'allocation de 256 Mo de mémoire vive pour le dom0.</p>
<p>Par contre, si jamais le partitionnement prévoit un /usr séparé, il vaudra mieux copier /usr/pkg/xen46-kernel/xen.gz dans / et de remplacer les chemins en accord avec la nouvelle localisation du fichier. Une fois que le chargeur de démarrage est modifié, un redémarrage est nécessaire, mais juste avant on peut créer les fichiers spéciaux dans /dev :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">sh</span><span class="w"> </span><span class="n">MAKEDEV</span><span class="w"> </span><span class="n">xen</span><span class="w"></span>
</code></pre></div>
<p>Maintenant on peut redémarrer :)</p>
<p>Mais tout n'est pas encore prêt. Par exemple, le service xencommons doit être activé et démarré. On ajoute alors la ligne suivante au fichier /etc/rc.conf :</p>
<div class="highlight"><pre><span></span><code>xencommons=YES
</code></pre></div>
<p>On peut ensuite lancer le service :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">xencommons</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>Il y a encore un fichier de configuration à modifier avant de commencer à faire joujou avec nos machines (para-)virtuelles : /usr/pkg/etc/xl.conf. Je n'ai fait que deux modifications à ce fichier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">xl</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">$</span><span class="w"></span>
<span class="n">vif</span><span class="p">.</span><span class="k">default</span><span class="p">.</span><span class="n">script</span><span class="o">=</span><span class="ss">"vif-bridge"</span><span class="w"></span>
<span class="n">vif</span><span class="p">.</span><span class="k">default</span><span class="p">.</span><span class="n">bridge</span><span class="o">=</span><span class="ss">"bridge0"</span><span class="w"></span>
</code></pre></div>
<p>Il est temps d'effectuer rapidement un test de domU !</p>
<h3>Test d'un domU OpenWrt</h3>
<p>Un moyen de tester rapidement le fonctionnement de son dom0 Xen est d'utiliser un domU OpenWrt : il s'agit en effet d'un OS léger, non seulement d'un point de vue processeur et mémoire, mais aussi d'un point de vue espace disque. Au moment de la rédaction de cet article, la dernière version stable d'OpenWrt est la 15.05.1 et porte le nom de <em>Chaos Calmer</em>.</p>
<p>Deux éléments sont nécessaires : un fichier qui sera le disque dur de la machine virtuelle, et un fichier de configuration. Dans le premier cas c'est très simple, il suffit d'aller le récupérer sur le site d'OpenWrt, de le placer dans un répertoire, et de le décompresser :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># mkdir -p /srv/xen/images/disk</span><span class="w"></span>
<span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># cd /srv/xen/images/disk</span><span class="w"></span>
<span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">disk</span><span class="c1"># wget https://downloads.openwrt.org/latest/x86/xen_domu/openwrt-15.05.1-x86-xen_domu-combined-ext4.img.gzroot@rogue:/srv/xen/images/disk# zcat openwrt-15.05.1-x86-xen_domu-combined-ext4.img.gz > openwrt.img</span><span class="w"></span>
</code></pre></div>
<p>Continuons avec le fichier de configuration, basé sur un fichier d'exemple. Il doit se trouver dans /usr/pkg/etc/xen/, et se nomme tout simplement openwrt :</p>
<div class="highlight"><pre><span></span><code><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"openwrt"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"26824417-2dde-11e7-a2aa-00301bbde894"</span><span class="w"></span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/usr/pkg/bin/pygrub"</span><span class="w"></span>
<span class="n">extra</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"root=/dev/xvda2 rw"</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">128</span><span class="w"></span>
<span class="n">vcpus</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s1">'bridge=bridge0,mac=00:16:3E:00:00:01'</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s1">'/srv/xen/images/disk/openwrt.img,raw,xvda,rw'</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
</code></pre></div>
<p>Maintenant que tout cela est en place, il ne reste plus qu'à lancer la machine virtuelle :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">xl</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">openwrt</span><span class="w"></span>
</code></pre></div>
<p>Une fois OpenWrt démarré, il suffit alors d'appuyer sur la touche entrée pour activer la console locale. Côté tests, il faut vérifier le nombre de processeurs (dans /proc/cpuinfo, il doit n'y en avoir qu'un), ainsi que la quantité de mémoire vive (dans /proc/meminfo, ou via free -m, on doit avoir 128 Mo). Si un serveur DHCP est présent, on peut facilement tester le réseau via udhcpc :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@OpenWrt</span><span class="err">:</span><span class="o">/</span><span class="err">#</span><span class="w"> </span><span class="n">udhcpc</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">br</span><span class="o">-</span><span class="n">lan</span><span class="w"></span>
</code></pre></div>
<p>On peut désormais vérifier que le réseau est bien connecté.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/marcosuk/2995294027/in/photolist-bEiYBV-5yjhGn-jn2zg-6XbeEt-6c5qwC-e7mGh-8xvUWD-4gNkcQ-gmq2dj-921mhJ-4yhA4x-9EVpBj-5qQcS4-uUVN8-wKonJq-5rpK3-8UayAc-qaQboF-4FKmj-n6r2qb-4AKCxg-4He9aP-5qUxvm-88ni6P-4tH4JW-bt4zbR-5yFEyt-7QLkdW-fgfozy-6kzPTG-8nqJ3b-8nqJzu-5qQcU8-5qQcYT-8nnCvX-9uniVc-cMA1Q-8nqLoQ-8nqM41-4DmsM3-AuZqQv-zxJvYj" title=""Colourful">Marcos Leal - Army</a></em></p>
<h2>Commentaires</h2>
<h3>Le 03/05/2017 14:35 par <a href="https://utux.fr">utux</a></h3>
<p>NetBSD ? Masochiste.</p>
<h3>Le 03/05/2017 15:05 par Nils</h3>
<p>Mais qu'est-ce que c'est bon ;-)</p>Vlog épisode 0 : changement de boitier du NAS2017-04-24T18:45:00+02:002017-04-24T18:45:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-04-24:/post/2017/04/24/vlog-changement-boitier-nas/<p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, un article un peu particulier, car il s'agit de signaler la publication de mon premier vlog ! L'idée de passer à la vidéo me trotte dans la tête depuis quelques temps, et j'ai saisi l'occasion de ce projet de changement du boitier de mon NAS pour passer à la réalisation …</p><p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, un article un peu particulier, car il s'agit de signaler la publication de mon premier vlog ! L'idée de passer à la vidéo me trotte dans la tête depuis quelques temps, et j'ai saisi l'occasion de ce projet de changement du boitier de mon NAS pour passer à la réalisation. Pour voir la vidéo, c'est <a href="https://youtu.be/d06p6fOlor8" title=""Changement">ici</a> : </p>
<h3>Le NAS, cette bonne excuse</h3>
<p>Dans cette première vidéo, je démonte mon NAS existant afin de remplacer mon boitier. Plusieurs raisons ont poussé ce changement :</p>
<ul>
<li>d'abord, l'ancien boitier manque de place, m'empêchant de disposer de six disques durs 3,5 pouces ;</li>
<li>de plus, je voulais passer à un boitier au format rackable 19 pouces, exploitant au mieux la place disponible pour le NAS (une table IKEA Lack) ;</li>
<li>enfin, l'ancien boitier ne permet d'installer au mieux qu'une carte mère micro-ATX, ce qui limite l'évolutivité.</li>
</ul>
<p>J'en ai profité pour faire le ménage de printemps, c'est-à-dire faire les poussières, et changer la pâte thermique sur le processeur. Afin de mieux prévoir mes besoins futurs en stockage et services sur le NAS, j'ai aussi ajouté de la mémoire vive. Le moins qu'on puisse dire, c'est que FreeNAS en a tout de suite profité !</p>
<p>Les composants utilisés pour cette machine ne sont pas de première jeunesse, le NAS ayant déjà deux ans de service, je crois :</p>
<ul>
<li>CPU <a href="https://ark.intel.com/fr/products/65735/Intel-Xeon-Processor-E3-1220L-v2-3M-Cache-2_30-GHz">Intel Xeon E3-1220L v2</a> ;</li>
<li>carte mère <a href="https://www.supermicro.com/products/motherboard/xeon/c202_c204/x9scm-f.cfm">Supermicro MBD-X9SCM-F-O</a> ;</li>
<li>ventirad <a href="http://www.coolermaster.com/cooling/cpu-air-cooler/geminii-m4/">Cooler Master GeminII M4</a> ;</li>
<li>pâte thermique <a href="http://www.arcticsilver.com/as5.htm">Arctic Silver 5</a> ;</li>
<li>RAM <a href="http://www.kingston.com/fr/memory/search?partId=KVR16E11%2F8">Kingstom 8G DDR3 , 1600MHz , ECC</a> * 2 ;</li>
<li>ancien boiter <a href="http://www.antec.com/product.php?id=705891&fid=5022066">Antec NSK 2480</a> ;</li>
<li><a href="https://www.amazon.fr/gp/product/B00R4Q9ZN6/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1">nouveau boitier rackable 4U 19 pouces</a> ;</li>
<li>disque dur 4To Western Digital Green (le produit n'est plus affiché sur le site de Western Digital) ;</li>
<li>clé USB <a href="https://www.sandisk.fr/home/usb-flash/cruzer-fit">Sandisk Cruzer Fit 32 Go</a> pour l'OS.</li>
</ul>
<p>Côté logiciel, l'OS installé est <a href="http://www.freenas.org/" title="FreeNAS">FreeNAS</a>.</p>
<h3>D'autres vidéos ?</h3>
<p>J'espère que vous apprécierez cette vidéo au moins autant que j'ai apprécié de la tourner. Bien sûr, c'est un premier jet, et j'espère à l'occasion d'autres vidéos m'améliorer sur certains points (euh... si si, vraiment !) Comme il s'agit pour l'instant plus d'une expérimentation que d'un véritable engagement à faire des vidéos, dans l'immédiat ce premier vlog n'est disponible que sur Youtube. Selon la demande, les vidéos seront disponibles en téléchargement direct. J'admets que ce faisant, je "nourris" un peu plus l'une des grosses sociétés d'Internet avec mes données, mais c'est aussi un moyen d'aller chercher une audience.</p>
<p>Enfin, tout ceci ne serait pas possible sans le <a href="https://www.youtube.com/channel/UCdl83V9Dim8bTLbTU6LohBQ" title=""chaine">Studio Cyanotype</a> ! Merci à elle d'avoir filmé et monté cette vidéo ! N'hésitez pas à aller voir sa chaine Youtube et son <a href="http://cyanotype-leblog.fr/" title=""Cyanotype">blog</a> !</p>
<p><em>Crédit Photo : Vincent Battez - <a href="https://www.flickr.com/photos/146909781@N02/34103055685/" title="P1020274">P1020274</a></em></p>
<h2>Commentaires</h2>
<h3>Le 24/04/2017 22:38 par <a href="https://utux.fr">utux</a></h3>
<p>Salut, je poste un commentaire ici et non sur Youtube car je n'ai pas de compte g+.
Très bonne vidéo tu es à l'aise et l'éclairage est impeccable !
Y'a juste un truc insupportable : la musique est beaucoup trop forte et aiguë, elle me casse les oreilles en plus de masquer ce que tu dis :/ Aussi la phase démontage est peut-être un peu longue.
Perso je me restreint à 4 disques durs, ça me permet d'utiliser un proliant microserver, petit et discret (et en plus les disques se rackent en façade, c'est royal). J'utilise 4x1To mais on trouve des 10To et sans doutes bientôt 12, ça fait déjà pas mal d'espace de stockage (FreeNAS est sur clé USB, mais on peut aussi ajouter un SSD 2,5" dedans).
A bientôt.</p>
<h3>Le 25/04/2017 09:17 par Nils</h3>
<p>Salut, et merci pour ton retour ! Pas de problème pour commenter ici, c'est aussi pour ça que les commentaires du blog restent ouvert.</p>
<p>Je note ta remarque sur la musique, ainsi que sur la durée du démontage. J'espère que cela ira mieux lors d'une prochaine vidéo. Comme j'ai sélectionné plusieurs morceaux pour cette vidéo, est-ce qu'il y a un moment en particulier où c'est plus désagréable, ou bien est-ce global ?</p>
<p>Concernant le nombre de disques durs, je ne pensais pas à l'origine monter à 6 disques durs. Le fait de passer à un boitier 4U me permet de le faire, donc je ne me gêne pas. J'ai 4x4To, et le moins qu'on puisse dire, c'est que plus j'en ai, plus ça se remplit !</p>
<p>@ bientôt !</p>PHP Malware Finder : gestion des listes blanches2017-04-18T12:00:00+02:002017-04-18T12:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-04-18:/post/2017/04/18/php-malware-finder-gestion-des-listes-blanches/<p><img alt=""Lime" src="https://blog.anotherhomepage.org/public/lime_and_list.jpg" title=""Lime"></p>
<p>Rappelez-vous : dans <a href="/post/php-malware-finder-detecteur-dintrusion-php">le billet précédent</a>, nous avons découvert PHP Malware Finder. Aujourd'hui, allons plus loin et passons à la gestion des listes blanches ! Pour cela, prenons l'exemple d'un blog fonctionnant sous Wordpress. Cette gestion des listes blanches se fera en trois étapes :</p>
<ul>
<li>tout d'abord, il s'agit de faire un état …</li></ul><p><img alt=""Lime" src="https://blog.anotherhomepage.org/public/lime_and_list.jpg" title=""Lime"></p>
<p>Rappelez-vous : dans <a href="/post/php-malware-finder-detecteur-dintrusion-php">le billet précédent</a>, nous avons découvert PHP Malware Finder. Aujourd'hui, allons plus loin et passons à la gestion des listes blanches ! Pour cela, prenons l'exemple d'un blog fonctionnant sous Wordpress. Cette gestion des listes blanches se fera en trois étapes :</p>
<ul>
<li>tout d'abord, il s'agit de faire un état de l'existant, en exécutant PHP Malware Finder et en observant des faux-positifs ;</li>
<li>ensuite, la deuxième étape sera de comprendre le fonctionnement des règles et des listes blanches ;</li>
<li>enfin, la troisième étape consistera à générer la liste blanche et à l'intégrer dans les règles existantes.</li>
</ul>
<p>Et pour finir, en bonus, un script de génération de liste blanche sera abordé. Au moment de l'écriture de cet article, la dernière version de Wordpress est la 4.7.3. La dernière version de PHP Malware Finder est la 0.3.4.</p>
<h3>Exécution de PHP Malware Finder sur un site de test</h3>
<p>Nous allons donc commencer par récupérer une archive de Wordpress directement sur le site officiel, afin de s'assurer qu'elle est saine :</p>
<div class="highlight"><pre><span></span><code>nils@Dalaran:~/tmp$ wget https://wordpress.org/wordpress-4.7.3.tar.gz
--2017-04-11 <span class="m">21</span>:54:31-- https://wordpress.org/wordpress-4.7.3.tar.gz
Résolution de wordpress.org… <span class="m">66</span>.155.40.250, <span class="m">66</span>.155.40.249
Connexion à wordpress.org<span class="p">|</span><span class="m">66</span>.155.40.250<span class="p">|</span>:443… connecté.
requête HTTP transmise, en attente de la réponse… <span class="m">200</span> OK
Taille : <span class="m">8008833</span> <span class="o">(</span><span class="m">7</span>,6M<span class="o">)</span> <span class="o">[</span>application/octet-stream<span class="o">]</span>
Sauvegarde en : « wordpress-4.7.3.tar.gz »
wordpress-4.7.3.tar.gz <span class="m">100</span>%<span class="o">[=========================================================================================================================================</span>><span class="o">]</span> <span class="m">7</span>,64M <span class="m">3</span>,27MB/s ds <span class="m">2</span>,3s
<span class="m">2017</span>-04-11 <span class="m">21</span>:54:34 <span class="o">(</span><span class="m">3</span>,27 MB/s<span class="o">)</span> — « wordpress-4.7.3.tar.gz » sauvegardé <span class="o">[</span><span class="m">8008833</span>/8008833<span class="o">]</span>
nils@Dalaran:~/tmp$ tar -xzf wordpress-4.7.3.tar.gz
</code></pre></div>
<p>Puis, décompressons-la et scannons son contenu :</p>
<div class="highlight"><pre><span></span><code>nils@Dalaran:~/tmp$ <span class="nb">cd</span> wordpress
nils@Dalaran:~/tmp/wordpress$ phpmalwarefinder .
ObfuscatedPhp ./wp-admin/includes/class-ftp.php
DodgyStrings ./wp-admin/includes/ajax-actions.php
ObfuscatedPhp ./wp-admin/includes/class-wp-plugins-list-table.php
DodgyPhp ./wp-admin/includes/schema.php
ObfuscatedPhp ./wp-admin/includes/media.php
DodgyStrings ./wp-admin/includes/template.php
ObfuscatedPhp ./wp-admin/includes/template.php
DodgyStrings ./wp-admin/includes/upgrade.php
ObfuscatedPhp ./wp-includes/bookmark-template.php
DodgyPhp ./wp-includes/class-pop3.php
DodgyStrings ./wp-includes/class-phpmailer.php
DodgyPhp ./wp-includes/class-phpmailer.php
ObfuscatedPhp ./wp-includes/class-wp-meta-query.php
ObfuscatedPhp ./wp-includes/class-wp-tax-query.php
DodgyStrings ./wp-includes/class-wp-query.php
DodgyStrings ./wp-includes/comment.php
ObfuscatedPhp ./wp-includes/date.php
DodgyStrings ./wp-includes/deprecated.php
ObfuscatedPhp ./wp-includes/deprecated.php
DodgyStrings ./wp-includes/functions.php
DodgyPhp ./wp-includes/functions.php
DangerousPhp ./wp-includes/functions.php
DodgyStrings ./wp-includes/formatting.php
ObfuscatedPhp ./wp-includes/IXR/class-IXR-date.php
DodgyPhp ./wp-includes/load.php
DodgyStrings ./wp-includes/media.php
ObfuscatedPhp ./wp-includes/post-template.php
ObfuscatedPhp ./wp-includes/js/tinymce/tinymce.min.js
DodgyStrings ./wp-includes/post.php
ObfuscatedPhp ./wp-includes/SimplePie/Parse/Date.php
</code></pre></div>
<p>Certains fichiers sont présentés comme malveillants, mais il n'en est rien : ce sont donc des faux-positifs. Il faut donc les mettre en liste blanche, mais avant, il convient de comprendre où sont les signatures et cette liste blanche.</p>
<h3>Signatures et listes blanches</h3>
<p>PHP Malware Finder est basé sur YARA, un outil qui recherche des fichiers selon certains critères, comme la présence d'une chaîne de caractères, ou une expression rationnelle. Les signatures sont définies dans les fichiers <em>asp.yar</em>, <em>common.yar</em> et <em>php.yar</em>. On comprend alors qu'un fichier est dédié aux fichiers ASP, un autre aux fichiers PHP, et le troisième regroupe des signatures communes aux deux langages.</p>
<p>Passons ensuite à la lecture des fichiers <em>asp.yar</em> et <em>php.yar</em> : on voit assez vite que pour qu'un fichier soit reconnu comme malveillant, il doit non seulement remplir certaines conditions (les règles définies), mais il doit aussi ne pas remplir les conditions des fichiers de liste blanche.</p>
<p>En fait, les fichiers de liste blanche sontdes sommes de contrôle SHA1 de la taille des fichiers considérés comme faux-positifs. Allons maintenant à la création du fichier contenant ces informations !</p>
<h3>Création du fichier de liste blanche</h3>
<p>Pour ajouter nos faux-positifs en liste blanche, nous allons avoir besoin de deux choses :</p>
<ul>
<li>d'abord, python-yara, une bibliothèque qui permet d'accéder à yara depuis Python ;</li>
<li>ensuite un script, generate_whitelist.py, qui se trouve être écrit... en Python.</li>
</ul>
<p>Ce script est disponible dans le répertoire utils de PHP Malware Finder, ou bien dans <em>\${PREFIX}/share/php-malware-finder/utils/</em> s'il est installé depuis pkgsrc (<em>\${PREFIX}</em> dépendant de l'installation de pkgsrc).</p>
<p>Testons donc ce script sur notre répertoire wordpress :</p>
<div class="highlight"><pre><span></span><code>nils@Dalaran:~/tmp/php-malware-finder/php-malware-finder/utils$ /opt/pkg/bin/python2.7 ./generate_whitelist.py ma_liste_blanche ~/tmp/wordpress
</code></pre></div>
<p>Le résultat est alors ressemblant à celui-ci :</p>
<div class="highlight"><pre><span></span><code>import <span class="s2">"hash"</span>
private rule maListeblanche
<span class="o">{</span>
condition:
/* maListeblanche */
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"12a18329072bed94b6f9c4d9f16d7a079ca64655"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/ajax-actions.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"6bccf04c8b46c8d6cdf79db8b509f4b76689f3bf"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/class-ftp.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"aa6a12a0325056b9649f58f8072fa02a1e264551"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/class-wp-plugins-list-table.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"3e73204644f0ce7b0971aad885fdcbcabba629fc"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/media.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"81b1ae432ba765a43c6d81fb6d6c35ce72efd0e8"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/schema.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"2ef50e790fdd42daa8ccd64d4c7c4be75d21742d"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/template.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"9835d10a7561deeef1f8381da065b4b45d7f2662"</span> or // /Users/nils/tmp/wordpress/wp-admin/includes/upgrade.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"b92aefa2917fc319ca7ceab092e183cafc651a6d"</span> or // /Users/nils/tmp/wordpress/wp-includes/bookmark-template.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"cb0c5a355409d807202bbf52749a3e74a9967a6a"</span> or // /Users/nils/tmp/wordpress/wp-includes/class-phpmailer.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"e4f0694bc96f99d5e30201171a3e7fc86e9e5ae4"</span> or // /Users/nils/tmp/wordpress/wp-includes/class-pop3.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"c06a15f4869c5459a782b714572eacea5c82d570"</span> or // /Users/nils/tmp/wordpress/wp-includes/class-wp-meta-query.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"72dbc1d4f2bbc8efdcdd834ecaf3771cbf17f64e"</span> or // /Users/nils/tmp/wordpress/wp-includes/class-wp-query.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"348c3a60d99768041be690b65b008628f53badb7"</span> or // /Users/nils/tmp/wordpress/wp-includes/class-wp-tax-query.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"0aab95245b9668f954151f4312b678fb0ee798cf"</span> or // /Users/nils/tmp/wordpress/wp-includes/comment.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"c8c9182aa25fb92ca91fcc96c3419847acdcf6e0"</span> or // /Users/nils/tmp/wordpress/wp-includes/date.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"5877695771fbe7a5667f4a06f4d897a37ef3fceb"</span> or // /Users/nils/tmp/wordpress/wp-includes/deprecated.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"806d2872676ea22e0a6fa6b32fbd4652298023ee"</span> or // /Users/nils/tmp/wordpress/wp-includes/formatting.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"3083b9a58e76d42455935811a457f29f57620145"</span> or // /Users/nils/tmp/wordpress/wp-includes/functions.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"f53f80c4ee7446f0b605443b6d2f05acd8064d13"</span> or // /Users/nils/tmp/wordpress/wp-includes/load.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"bea5ea598f537e7acb20b77a1421f819c0a9ec75"</span> or // /Users/nils/tmp/wordpress/wp-includes/media.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"abcf1a0801694db4774cd2abb29b5392e10dd632"</span> or // /Users/nils/tmp/wordpress/wp-includes/post-template.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"5ddc1e5c5c6302211b1aecbf930f76417b65d678"</span> or // /Users/nils/tmp/wordpress/wp-includes/post.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"040ef40d245242723de200e494a27545ea0b121b"</span> or // /Users/nils/tmp/wordpress/wp-includes/IXR/class-IXR-date.php
hash.sha1<span class="o">(</span><span class="m">0</span>, filesize<span class="o">)</span> <span class="o">==</span> <span class="s2">"086986cdf03ede58494034661d38c4842af38fe3"</span> // /Users/nils/tmp/wordpress/wp-includes/SimplePie/Parse/Date.php
<span class="o">}</span>
</code></pre></div>
<p>Il faut ensuite ajouter la règle générée à l'instant aux listes blanches déjà présentes. Pour aller vite, on peut directement éditer le fichier <em>whitelist.yar</em> et ajouter notre règle juste avant la dernière (IsWhitelisted). Il ne faut donc pas oublier d'ajouter dans cette dernière règle celle qu'on vient de créer. Dans mon cas, la dernière règle ressemble à cela :</p>
<div class="highlight"><pre><span></span><code>private rule IsWhitelisted
<span class="o">{</span>
condition:
Symfony or
Wordpress or
Prestashop or
Magento or
Magento2 or
Drupal or
Roundcube or
Concrete5 or
Dotclear or
Owncloud or
Phpmyadmin or
Misc or
maListeblanche
<span class="o">}</span>
</code></pre></div>
<p>Vérifions maintenant que la liste blanche est bien à jour et assurons-nous qu'il n'y a plus de faux-positif dans notre répertoire :</p>
<div class="highlight"><pre><span></span><code>nils@Dalaran:~/tmp/wordpress$ phpmalwarefinder ./
ObfuscatedPhp .//wp-includes/js/tinymce/tinymce.min.js
</code></pre></div>
<p>Et là, c'est le drame. Mais pourquoi ? En fait, c'est parce que le script utilisé à l'instant ne prend en compte que les fichiers PHP. Cela peut être une idée d'amélioration pour une version future.</p>
<h3>Création facile de liste blanche pour divers logiciels PHP</h3>
<p>Il existe un autre script fort utile : mass_whitelist.py. Son but est de faciliter la création de liste blanche pour des applications PHP connues, cela va de Wordpress à Drupal en passant par PHPMyAdmin. Il suffit de lui donner en argument le nom de l'application, l'URL de téléchargement (en remplaçant le numéro de version avec <strong><em>version</em></strong>), ainsi que les numéros de version mineurs et majeurs à rechercher.</p>
<p>Ce script va alors rechercher toutes les versions de l'application, les télécharger, et afficher une liste blanche les prenant toutes en compte. Par exemple, pour Wordpress :</p>
<div class="highlight"><pre><span></span><code>nils@Dalaran:~/tmp/php-malware-finder/php-malware-finder/utils$ /opt/pkg/bin/python2.7 mass_whitelist.py wordpress https://wordpress.org/wordpress-__version__.tar.gz <span class="m">4</span> <span class="m">7</span> <span class="m">3</span> <span class="p">|</span> tee -a wordpress.yar
</code></pre></div>
<p>Le fichier de résultat se nomme donc <em>wordpress.yar</em>. Il suffira alors de le copier dans le répertoire de règles (et écraser le précédent) afin de le prendre en compte. Attention, car ce script est long, très long !</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit Photo : List_84 - <a href="https://www.flickr.com/photos/liste1/5008852993/in/album-72157625921973253/" title=""Lime">Lime & List</a></em></p>PHP Malware Finder : détecteur d'intrusion sur site PHP2017-04-11T09:30:00+02:002017-04-11T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-04-11:/post/2017/04/11/php-malware-finder-detecteur-dintrusion-php/<p><img alt=""Dans" src="https://blog.anotherhomepage.org/public/dansmaloupe2.jpg">Lors des RMLL de Beauvais en 2015, j'ai eu l'occasion de voir une <a href="https://2015.rmll.info/analyse-forensic-d-un-serveur-web-linux" title=""Analyse">conférence</a> présentant au passage un outil fort sympathique nommé PHP Malware Finder (<a href="https://github.com/nbs-system/php-malware-finder" title=""PHP">site web</a>). Le but de ce script est de détecter du code PHP qui semble obfusqué ou malveillant, voire même des fonctions trouvées généralement dans …</p><p><img alt=""Dans" src="https://blog.anotherhomepage.org/public/dansmaloupe2.jpg">Lors des RMLL de Beauvais en 2015, j'ai eu l'occasion de voir une <a href="https://2015.rmll.info/analyse-forensic-d-un-serveur-web-linux" title=""Analyse">conférence</a> présentant au passage un outil fort sympathique nommé PHP Malware Finder (<a href="https://github.com/nbs-system/php-malware-finder" title=""PHP">site web</a>). Le but de ce script est de détecter du code PHP qui semble obfusqué ou malveillant, voire même des fonctions trouvées généralement dans des malwares ou des webshells. On trouve, sur la page du projet, une liste (non exhaustive) des malwares qu'il est capable de trouver.</p>
<p>PHP Malware Finder scanne un répertoire pour trouver les malwares, on peut donc choisir de l'utiliser directement sur son serveur, soit depuis son ordinateur en ayant au préalable copié les fichiers de son site. La première option nécessitera les droits administrateurs pour les dépendances, il vaut mieux donc choisir la deuxième option pour la découverte de cet outil, et aussi parce qu'il est assez gourmand en accès disque.</p>
<h3>Installer PHP Malware Finder</h3>
<p>Son installation et utilisation sont simples, pourvu que <a href="https://virustotal.github.io/yara/" title=""The">YARA</a> soit installé. Sur une distrbution Linux classique, une fois YARA installé, il suffit d'installer PHP Malware Finder en clonant le dépôt Github :</p>
<div class="highlight"><pre><span></span><code>git clone https://github.com/nbs-system/php-malware-finder.git
</code></pre></div>
<p>Le script <em>phpmalwarefinder</em> se trouve dans le répertoire <em>php-malware-finder/php-malware-finder/</em>.</p>
<p>Il est par contre possible, sur un système NetBSD ou macOS, de l'installer facilement via pkgsrc-wip :</p>
<div class="highlight"><pre><span></span><code>cd /usr/pkgsrc/wip/
make package-install
</code></pre></div>
<p>Avec cette manière, PHP Malware Finder est disponible directement dans \$PATH :)</p>
<h3>Utilisation</h3>
<p>Il suffit maintenant de le lancer en spécifiant un endroit où il y a des pages PHP :</p>
<div class="highlight"><pre><span></span><code>$ phpmalwarefinder /chemin/vers/ses/pages/
</code></pre></div>
<p>Si certains fichiers semblent réagir aux signatures, alors le script affichera le type de problème ainsi que le chemin du fichier. Sinon, il n'affiche rien. Bien sûr, d'autres options sont disponibles, et un résumé de celles-ci est disponible via l'option -h :</p>
<div class="highlight"><pre><span></span><code>$ phpmalwarefinder -h
Usage phpmalwarefinder <span class="o">[</span>-cfhtvl<span class="o">]</span> <file<span class="p">|</span>folder> ...
-c Optional path to a configuration file
-f Fast mode
-h Show this <span class="nb">help</span> message
-t Specify the number of threads to use <span class="o">(</span><span class="m">8</span> by default<span class="o">)</span>
-v Verbose mode
-l Set language <span class="o">(</span><span class="s1">'asp'</span>, <span class="s1">'php'</span><span class="o">)</span>
-L Check long lines
-u update rules
</code></pre></div>
<p>Par défaut, PHP Malware Finder va chercher ses signatures dans son répertoire (si utilisé depuis un clone du dépôt git), mais le paquet pkgsrc va les chercher dans <em>/usr/pkg/etc/phpmalwarefinder/</em> (ou <em>/opt/pkg/</em> pour macOS). Il est possible de préciser ses propres signatures via l'option -c.</p>
<p>D'autres options sont aussi très intéressantes, comme -f (pour accélérer le scan), ou -t qui permet de limiter le nombre de threads à utiliser en parallèle. Cela peut s'avérer très pratique dans le cas où le scan prend du temps et on veut continuer à utiliser sa machine pendant ce temps. Au passage, une recommandation : il vaut mieux éviter de lancer PHP Malware Finder directement sur son serveur, il a tendance à être assez gourmand en ressources !</p>
<p>Si vous aimez cet article, partagez-le sur les réseaux sociaux. Si vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : Olivier Penet - <a href="https://www.flickr.com/photos/115750956@N06/14884520728/" title=""Dans">Dans ma loupe-2</a></em></p>curl : utiliser une version plus récente sur macOS2017-04-04T11:30:00+02:002017-04-04T11:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-04-04:/post/2017/04/04/curl-utiliser-une-version-plus-recente-sur-macos/<p>Le système macOS dispose en standard de curl. Mais ce binaire n'est pas forcément dans une version assez récente, ou alors certaines options ne sont pas compilées.</p>
<h2>Installation de curl par pkgin</h2>
<p>Nous allons, grâce à pkgsrc, installer une autre version, sans toucher à celle installée par défaut. Pour cela …</p><p>Le système macOS dispose en standard de curl. Mais ce binaire n'est pas forcément dans une version assez récente, ou alors certaines options ne sont pas compilées.</p>
<h2>Installation de curl par pkgin</h2>
<p>Nous allons, grâce à pkgsrc, installer une autre version, sans toucher à celle installée par défaut. Pour cela, le prérequis est de suivre <a href="/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos">mon tutoriel pour installer pkgsrc</a>. Une fois que c'est fait, une commande suffit :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin in curl
</code></pre></div>
<p>Comme vu dans les billets précédents, installer un logiciel grâce à pkgin est très simple. En plus, si la variable d'environnement \$PATH définit l'emplacement des programmes issus de pkgsrc avant ceux du système, la prochaine invocation de curl dans le terminal sera celle que nous venons d'installer.</p>
<p>Mais il se peut qu'on ait besoin de plus : par exemple, ajouter ou retirer des options de compilation. Passons donc à une autre méthode d'installation, via les sources.</p>
<h2>Installation de curl par compilation des sources</h2>
<p>Tout d'abord, comparons les versions et les options de compilation :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.51.0</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin16</span><span class="mf">.0</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.51.0</span><span class="w"> </span><span class="n">SecureTransport</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">AsynchDNS</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">GSS</span><span class="o">-</span><span class="n">API</span><span class="w"> </span><span class="n">Kerberos</span><span class="w"> </span><span class="n">SPNEGO</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.53.1</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin13</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.53.1</span><span class="w"> </span><span class="n">OpenSSL</span><span class="o">/</span><span class="mf">1.0.2</span><span class="n">k</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"> </span><span class="n">libssh2</span><span class="o">/</span><span class="mf">1.8.0</span><span class="w"> </span><span class="n">nghttp2</span><span class="o">/</span><span class="mf">1.20.0</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">scp</span><span class="w"> </span><span class="n">sftp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">TLS</span><span class="o">-</span><span class="n">SRP</span><span class="w"> </span><span class="n">HTTP2</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"> </span><span class="n">HTTPS</span><span class="o">-</span><span class="n">proxy</span><span class="w"></span>
</code></pre></div>
<p>Une option dont on a besoin n'est pas présente ? Ce n'est pas grave, car on peut l'ajouter. L'étape suivante consiste à lister les options disponibles :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="n">bmake</span><span class="w"> </span><span class="n">show</span><span class="o">-</span><span class="n">options</span><span class="w"></span>
<span class="ow">Any</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">following</span><span class="w"> </span><span class="k">general</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="nl">selected</span><span class="p">:</span><span class="w"></span>
<span class="n">gssapi</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">gssapi</span><span class="w"> </span><span class="p">(</span><span class="n">Kerberos</span><span class="w"> </span><span class="n">V</span><span class="p">)</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">http2</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">2.</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">IPv6</span><span class="p">.</span><span class="w"></span>
<span class="n">ldap</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">LDAP</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">libidn</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">libidn</span><span class="w"> </span><span class="nc">text</span><span class="w"> </span><span class="n">conversion</span><span class="p">.</span><span class="w"></span>
<span class="n">libssh2</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="n">libssh2</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">SSHv2</span><span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">rtmp</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="nl">rtmp</span><span class="p">:</span><span class="o">//</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">using</span><span class="w"> </span><span class="n">rtmpdump</span><span class="p">.</span><span class="w"></span>
<span class="n">These</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">enabled</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="err">:</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">libidn</span><span class="w"></span>
<span class="n">These</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">currently</span><span class="w"> </span><span class="nl">enabled</span><span class="p">:</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">libidn</span><span class="w"> </span><span class="n">libssh2</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">build</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">setting</span><span class="w"> </span><span class="n">PKG_DEFAULT_OPTIONS</span><span class="w"></span>
<span class="ow">or</span><span class="w"> </span><span class="n">PKG_OPTIONS</span><span class="p">.</span><span class="n">curl</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>On peut alors éditer _/opt/pkg/etc/mk.conf.local_ (en tant que root, ou via _sudo_) et ajouter des options, comme par exemple http2 :</p>
<div class="highlight"><pre><span></span><code>PKG_OPTIONS.curl+= http2
</code></pre></div>
<p>Et ensuite, on recompile :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="n">bmake</span><span class="w"> </span><span class="n">package</span><span class="o">-</span><span class="n">install</span><span class="w"></span>
</code></pre></div>
<p>L'étape d'après est de vérifier la présence de l'option http2 :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.53.1</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin16</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.53.1</span><span class="w"> </span><span class="n">OpenSSL</span><span class="o">/</span><span class="mf">1.0.2</span><span class="n">k</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"> </span><span class="n">libssh2</span><span class="o">/</span><span class="mf">1.8.0</span><span class="w"> </span><span class="n">nghttp2</span><span class="o">/</span><span class="mf">1.20.0</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">scp</span><span class="w"> </span><span class="n">sftp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">TLS</span><span class="o">-</span><span class="n">SRP</span><span class="w"> </span><span class="n">HTTP2</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"> </span><span class="n">HTTPS</span><span class="o">-</span><span class="n">proxy</span><span class="w"></span>
</code></pre></div>
<p>En conclusion, il est très simple, grâce à pkgsrc, de disposer d'une autre version de logiciel que celle installée par défaut, et de la compiler avec les options dont on a besoin.</p>
<p>Si vous aimez cet article, partagez-le sur les réseaux sociaux. Si vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>Sysupgrade : mise à jour facile d'un système NetBSD2017-03-28T09:30:00+02:002017-03-28T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-28:/post/2017/03/28/sysupgrade-mise-a-jour-facile-d-un-systeme-netbsd/<p><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_1_released" title=""NetBSD">NetBSD 7.1</a> est disponible. Comme d'habitude, il est recommandé de mettre à jour son système, en particulier car cette version apporte de nombreux correctifs de sécurité.</p>
<p>Historiquement, mettre à jour son système NetBSD se fait via le logiciel d'installation, <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#upgrading-sysinst" title=""Chapter">sysinst</a>. Cependant, cette méthode a le principal désavantage de nécessiter …</p><p><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_1_released" title=""NetBSD">NetBSD 7.1</a> est disponible. Comme d'habitude, il est recommandé de mettre à jour son système, en particulier car cette version apporte de nombreux correctifs de sécurité.</p>
<p>Historiquement, mettre à jour son système NetBSD se fait via le logiciel d'installation, <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#upgrading-sysinst" title=""Chapter">sysinst</a>. Cependant, cette méthode a le principal désavantage de nécessiter de redémarrer sur l'installeur, et donc de rendre le système indisponible pendant toute la mise à jour.</p>
<p>Une deuxième possibilité consiste à décompresser soi-même les sets du système de base puis de lancer les commandes de post-installation, comme expliqué par exemple sur le <a href="http://wiki.gcu.info/doku.php?id=netbsd:upgrade_binaire" title=""Methode">wiki de GCU</a>.</p>
<p>Cette deuxième possibilité, certes plus rapide, est automatisable, mais nécessite un peu d'intelligence, comme le fait de n'installer que les sets nécessaires, un noyau différent de GENERIC (surtout dans le cas où on compile soi-même un noyau personnalisé), voire même d'effacer son répertoire de téléchargement après coup. Et cela tombe bien, car c'est ce que fait <a href="https://github.com/jmmv/sysupgrade/" title=""Automates">sysupgrade</a> ! A l'aide d'un simple fichier de configuration, celui-ci est capable de :</p>
<ul>
<li>télécharger les sets d'une version précise de NetBSD ;</li>
<li>remplacer votre noyau par le nouveau, automatiquement, ou en spécifiant un nom de configuration ;</li>
<li>d'effectuer les tâches de post-installation ;</li>
<li>et même de faire le ménage à la fin !</li>
</ul>
<p>Sysupgrade fait maintenant partie de la <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#using-sysupgrade" title=""Chapter">documentation officielle de mise à jour</a>. Pour l'utiliser, idéalement, une commande suffit :</p>
<div class="highlight"><pre><span></span><code># sysupgrade auto http://cdn.NetBSD.org/pub/NetBSD/NetBSD-7.1/amd64
</code></pre></div>
<p>En ce qui me concerne, j'ai choisi de m'assurer que certaines options sont activées dans _/usr/pkg/etc/sysupgrade.conf_, en particulier car la commande _config_, qui permet de détecter le nom de la configuration du noyau, est disponible dans le set _comp_, que je n'installe pas systématiquement (ce dernier permet de disposer d'outils de développement et de compilation, que j'estime inutiles sur un serveur web par exemple).Mon fichier de configuration ressemble donc à ceci :</p>
<div class="highlight"><pre><span></span><code>RELEASEDIR="http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.1/$(uname -m)"
KERNEL=GENERIC
ETCUPDATE=yes
</code></pre></div>
<p>Ma commande de mise à jour se résume donc à un simple <em>sysupgrade auto</em>. En revanche, la post-installation sera déclenchée et me demandera si je souhaite mettre à jour certains fichiers de configuration. Il convient donc d'être particulièrement attentif lors de cette étape.</p>
<p>Des remarques, des propositions d'améliorations ? Où même des exemples supplémentaires ? Les commentaires sont là pour ça !</p>Nmap : détection et récupération d'information sur Wordpress2017-03-20T10:00:00+01:002017-03-20T10:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-20:/post/2017/03/20/nmap-detection-et-recuperation-d-information-sur-wordpress/<p>Début mars 2017, le moteur de blog Wordpress a fait l'objet d'une nouvelle mise à jour, <a href="https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" title=""WordPress">la version 4.7.3</a>. Cette mise à jour revêt une certaine importance, puisqu'elle corrige 5 vulnérabilités !</p>
<p>Vérifier sur une installation de Wordpress que la dernière version est installée est assez simple à partir …</p><p>Début mars 2017, le moteur de blog Wordpress a fait l'objet d'une nouvelle mise à jour, <a href="https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" title=""WordPress">la version 4.7.3</a>. Cette mise à jour revêt une certaine importance, puisqu'elle corrige 5 vulnérabilités !</p>
<p>Vérifier sur une installation de Wordpress que la dernière version est installée est assez simple à partir du moment où on peut se connecter à l'interface d'administration. Il se peut toutefois que cela ne soit pas envisageable : nombre d'installations, disponibilité des identifiants de connexion (pour des raisons d'organisation). Du fait de la verbosité par défaut de Wordpress, il est possible d'obtenir des informations sans posséder d'identifiants de connexion.</p>
<p>Pour réaliser cette vérification, faisons de nouveau appel à <a href="https://nmap.org/" title=""Nmap:">Nmap</a> ! En effet, grâce à la disponibilité du langage de script NSE, il est possible de chercher plusieurs informations, comme la version. De manière générale, on peut voir la liste des scripts officiellement disponibles <a href="https://nmap.org/nsedoc/index.html" title=""NSEDoc">sur une page dédiée</a>. Dans le cas qui nous intéresse, on notera la présence d'un dépôt contenant <a href="https://github.com/peter-hackertarget/nmap-nse-scripts" title="nmap-nse-scripts">des scripts NSE personnalisés concernant Wordpress</a>.</p>
<p>L'installation de scripts NSE dans Nmap est assez facile, il suffit de localiser les scripts existant et de copier les siens au même endroit. Par exemple, sur une Fedora 25 :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">nils@fedora-workstation ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">git</span><span class="w"> </span><span class="n">clone</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">peter</span><span class="o">-</span><span class="n">hackertarget</span><span class="o">/</span><span class="n">nmap</span><span class="o">-</span><span class="n">nse</span><span class="o">-</span><span class="n">scripts</span><span class="p">.</span><span class="n">git</span><span class="w"></span>
<span class="n">Clonage</span><span class="w"> </span><span class="n">dans</span><span class="w"> </span><span class="s1">'nmap-nse-scripts'</span><span class="p">...</span><span class="w"></span>
<span class="nl">remote</span><span class="p">:</span><span class="w"> </span><span class="n">Counting</span><span class="w"> </span><span class="nl">objects</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="p">,</span><span class="w"> </span><span class="n">done</span><span class="p">.</span><span class="w"></span>
<span class="nl">remote</span><span class="p">:</span><span class="w"> </span><span class="n">Total</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="p">(</span><span class="n">delta</span><span class="w"> </span><span class="mi">0</span><span class="p">),</span><span class="w"> </span><span class="n">reused</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">(</span><span class="n">delta</span><span class="w"> </span><span class="mi">0</span><span class="p">),</span><span class="w"> </span><span class="n">pack</span><span class="o">-</span><span class="n">reused</span><span class="w"> </span><span class="mi">12</span><span class="w"></span>
<span class="n">Dépaquetage</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="nl">objets</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="o">%</span><span class="w"> </span><span class="p">(</span><span class="mi">12</span><span class="o">/</span><span class="mi">12</span><span class="p">),</span><span class="w"> </span><span class="n">fait</span><span class="p">.</span><span class="w"></span>
<span class="n">Vérification</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">la</span><span class="w"> </span><span class="n">connectivité</span><span class="p">...</span><span class="w"> </span><span class="n">fait</span><span class="p">.</span><span class="w"></span>
<span class="o">[</span><span class="n">nils@fedora-workstation ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="n">nmap</span><span class="o">-</span><span class="n">nse</span><span class="o">-</span><span class="n">scripts</span><span class="o">/</span><span class="w"></span>
<span class="o">[</span><span class="n">nils@fedora-workstation nmap-nse-scripts</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="n">wp</span><span class="o">-</span><span class="n">themes</span><span class="p">.</span><span class="n">lst</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nmap</span><span class="o">/</span><span class="n">nselib</span><span class="o">/</span><span class="w"></span>
<span class="s1">'wp-themes.lst'</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="s1">'/usr/share/nmap/nselib/wp-themes.lst'</span><span class="w"></span>
<span class="o">[</span><span class="n">nils@fedora-workstation nmap-nse-scripts</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="n">nse</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nmap</span><span class="o">/</span><span class="n">scripts</span><span class="o">/</span><span class="w"></span>
<span class="s1">'hostmap-hackertarget.nse'</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="s1">'/usr/share/nmap/scripts/hostmap-hackertarget.nse'</span><span class="w"></span>
<span class="s1">'http-wordpress-info.nse'</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="s1">'/usr/share/nmap/scripts/http-wordpress-info.nse'</span><span class="w"></span>
<span class="s1">'http-wordpress-plugins.nse'</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="s1">'/usr/share/nmap/scripts/http-wordpress-plugins.nse'</span><span class="w"></span>
<span class="s1">'http-wordpress-themes.nse'</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="s1">'/usr/share/nmap/scripts/http-wordpress-themes.nse'</span><span class="w"></span>
</code></pre></div>
<p>Lançons alors un premier scan :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">nils@fedora-workstation ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">nmap</span><span class="w"> </span><span class="o">-</span><span class="n">sV</span><span class="w"> </span><span class="o">-</span><span class="n">p80</span><span class="p">,</span><span class="mi">443</span><span class="w"> </span><span class="o">--</span><span class="n">script</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="n">info</span><span class="w"> </span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Starting</span><span class="w"> </span><span class="n">Nmap</span><span class="w"> </span><span class="mf">7.40</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">nmap</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="mi">2017</span><span class="o">-</span><span class="mi">03</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">46</span><span class="w"> </span><span class="n">CET</span><span class="w"></span>
<span class="n">Nmap</span><span class="w"> </span><span class="n">scan</span><span class="w"> </span><span class="n">report</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"> </span><span class="p">(</span><span class="mf">10.172.46.128</span><span class="p">)</span><span class="w"></span>
<span class="k">Host</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="p">(</span><span class="mf">0.0056</span><span class="n">s</span><span class="w"> </span><span class="n">latency</span><span class="p">).</span><span class="w"></span>
<span class="n">rDNS</span><span class="w"> </span><span class="n">record</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="mf">10.172.46.128</span><span class="err">:</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">PORT</span><span class="w"> </span><span class="k">STATE</span><span class="w"> </span><span class="n">SERVICE</span><span class="w"> </span><span class="n">VERSION</span><span class="w"></span>
<span class="mi">80</span><span class="o">/</span><span class="n">tcp</span><span class="w"> </span><span class="k">open</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="o">|</span><span class="n">_http</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="nl">header</span><span class="p">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="nl">info</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="nl">version</span><span class="p">:</span><span class="w"> </span><span class="n">WordPress</span><span class="w"> </span><span class="mf">4.7.3</span><span class="w"></span>
<span class="o">|</span><span class="n">_</span><span class="w"> </span><span class="nl">theme</span><span class="p">:</span><span class="w"> </span><span class="n">twentyseventeen</span><span class="w"></span>
<span class="mi">443</span><span class="o">/</span><span class="n">tcp</span><span class="w"> </span><span class="k">open</span><span class="w"> </span><span class="n">ssl</span><span class="o">/</span><span class="n">ssl</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="p">(</span><span class="n">SSL</span><span class="o">-</span><span class="k">only</span><span class="w"> </span><span class="n">mode</span><span class="p">)</span><span class="w"></span>
<span class="o">|</span><span class="n">_http</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="nl">header</span><span class="p">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="nl">info</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="nl">version</span><span class="p">:</span><span class="w"> </span><span class="n">WordPress</span><span class="w"> </span><span class="mf">4.7.3</span><span class="w"></span>
<span class="o">|</span><span class="n">_</span><span class="w"> </span><span class="nl">theme</span><span class="p">:</span><span class="w"> </span><span class="n">twentyseventeen</span><span class="w"></span>
</code></pre></div>
<p>On dispose donc de la version de Wordpress, et du thème utilisé. Il est possible, grâce au script “http-wordpress-themes”, de chercher plus en profondeurs d'éventuels thèmes supplémentaires installés. Quant à “http-wordpress-plugins”, il permet de rechercher des plugins. Le script d'information est néanmoins assez verbeux. Voici son résultat après l'installation de quelques plugins et thèmes autres :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">nils@fedora-workstation ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">nmap</span><span class="w"> </span><span class="o">-</span><span class="n">sV</span><span class="w"> </span><span class="o">-</span><span class="n">p80</span><span class="p">,</span><span class="mi">443</span><span class="w"> </span><span class="o">--</span><span class="n">script</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="n">info</span><span class="w"> </span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Starting</span><span class="w"> </span><span class="n">Nmap</span><span class="w"> </span><span class="mf">7.40</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">nmap</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="mi">2017</span><span class="o">-</span><span class="mi">03</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">53</span><span class="w"> </span><span class="n">CET</span><span class="w"></span>
<span class="n">Nmap</span><span class="w"> </span><span class="n">scan</span><span class="w"> </span><span class="n">report</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"> </span><span class="p">(</span><span class="mf">10.172.46.128</span><span class="p">)</span><span class="w"></span>
<span class="k">Host</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="p">(</span><span class="mf">0.0058</span><span class="n">s</span><span class="w"> </span><span class="n">latency</span><span class="p">).</span><span class="w"></span>
<span class="n">rDNS</span><span class="w"> </span><span class="n">record</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="mf">10.172.46.128</span><span class="err">:</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">exemple</span><span class="p">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">PORT</span><span class="w"> </span><span class="k">STATE</span><span class="w"> </span><span class="n">SERVICE</span><span class="w"> </span><span class="n">VERSION</span><span class="w"></span>
<span class="mi">80</span><span class="o">/</span><span class="n">tcp</span><span class="w"> </span><span class="k">open</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="o">|</span><span class="n">_http</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="nl">header</span><span class="p">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="nl">info</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="nl">version</span><span class="p">:</span><span class="w"> </span><span class="n">WordPress</span><span class="w"> </span><span class="mf">4.7.3</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="nl">theme</span><span class="p">:</span><span class="w"> </span><span class="n">fooding</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="nl">plugins</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="n">_</span><span class="w"> </span><span class="n">jetpack</span><span class="w"></span>
<span class="mi">443</span><span class="o">/</span><span class="n">tcp</span><span class="w"> </span><span class="k">open</span><span class="w"> </span><span class="n">ssl</span><span class="o">/</span><span class="n">ssl</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="p">(</span><span class="n">SSL</span><span class="o">-</span><span class="k">only</span><span class="w"> </span><span class="n">mode</span><span class="p">)</span><span class="w"></span>
<span class="o">|</span><span class="n">_http</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="nl">header</span><span class="p">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">http</span><span class="o">-</span><span class="n">wordpress</span><span class="o">-</span><span class="nl">info</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="nl">version</span><span class="p">:</span><span class="w"> </span><span class="n">WordPress</span><span class="w"> </span><span class="mf">4.7.3</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="nl">theme</span><span class="p">:</span><span class="w"> </span><span class="n">fooding</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="nl">plugins</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="n">_</span><span class="w"> </span><span class="n">jetpack</span><span class="w"></span>
</code></pre></div>
<p>On remarquera ici la présence du plugin bien connu Jetpack, ainsi que du thème fooding.</p>
<p>Jusqu'à maintenant, on a testé un script est assez gentil, mais d'autres sont plus brutaux, comme “http-wordpress-brute” qui cherche à obtenir un accès via bruteforce de l'interface d'administration. Il convient donc de faire très attention lors de l'utilisation de ces outils.</p>
<p>Des remarques, des propositions d'améliorations ? Où même des exemples intéressants sur certaines configurations de Wordpress ? Les commentaires sont là pour ça !</p>
<h2>Commentaires</h2>
<h3>Le 18/04/2017 15:43 par <a href="http://www.f4b1.com/">f4b1</a></h3>
<p>Pas mal cet outil, je ne connaissais pas mais c'est devenu très vite indispensable pour moi, merci pour la trouvaille !</p>dmidecode : pour en savoir un peu plus sur son matériel2017-03-13T09:30:00+01:002017-03-13T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-13:/post/2017/03/13/dmidecode-pour-en-savoir-un-peu-plus-sur-son-materiel/<p>De nombreux outils libres de détection et d'information sur le matériel de son ordinateur existent. En vrac, lspci, lshw, et <a href="http://www.nongnu.org/dmidecode/" title="Dmidecode">dmidecode</a>. J'ai un peu mis le nez dans ce dernier récemment, et j'ai remarqué quelques options intéressantes, que je partage ici.</p>
<p>Habituellement, dmidecode est lancé, sans argument, en tant que …</p><p>De nombreux outils libres de détection et d'information sur le matériel de son ordinateur existent. En vrac, lspci, lshw, et <a href="http://www.nongnu.org/dmidecode/" title="Dmidecode">dmidecode</a>. J'ai un peu mis le nez dans ce dernier récemment, et j'ai remarqué quelques options intéressantes, que je partage ici.</p>
<p>Habituellement, dmidecode est lancé, sans argument, en tant que root. En effet, celui-ci a besoin d'accéder au matériel via le <a href="https://en.wikipedia.org/wiki/System_Management_BIOS" title=""System">SMBIOS</a>. Je ne copierai pas ici un exemple de sortie, car c'est assez long. On peut commencer par limiter un peu cette longueur, en utilisant l'option “-q”, pour <em>quiet</em>. La différence est assez notable, voici une comparaison (sous NetBSD, bien entendu) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">wc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"></span>
<span class="w"> </span><span class="mi">544</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">q</span><span class="o">|</span><span class="w"> </span><span class="n">wc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"></span>
<span class="w"> </span><span class="mi">443</span><span class="w"></span>
</code></pre></div>
<p>Près de 100 lignes de différence, concernant principalement des entrées inactives et des méta-données. Cela devrait déjà aider en lisibilité.</p>
<p>Ensuite, il se peut qu'on cherche une information précise sur son système. Par exemple, le nombre de modules de mémoire vive, ainsi que le nombre total de modules présents :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">q</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">memory</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="k">Size</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">MB</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc un module de 4 Go de mémoire vive, et la machine peut en accueillir trois autres. L'option “-t” peut prendre d'autres valeurs, il suffit de ne pas en indiquer pour avoir la liste.</p>
<p>Une autre option utile est “-s”, par exemple si on recherche des informations sur son processeur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">family</span><span class="w"></span>
<span class="n">Atom</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Intel</span><span class="p">(</span><span class="n">R</span><span class="p">)</span><span class="w"> </span><span class="n">Corporation</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="n">Intel</span><span class="p">(</span><span class="n">R</span><span class="p">)</span><span class="w"> </span><span class="n">Atom</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span><span class="w"> </span><span class="n">CPU</span><span class="w"> </span><span class="n">C2350</span><span class="w"> </span><span class="err">@</span><span class="w"> </span><span class="mf">1.74</span><span class="n">GHz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">frequency</span><span class="w"></span>
<span class="mi">1743</span><span class="w"> </span><span class="n">MHz</span><span class="w"></span>
</code></pre></div>
<p>Cette option peut aussi prendre d'autres valeurs, et comme pour la précédente, il suffit de ne pas en indiquer pour avoir la liste.</p>
<p>Là où j'ai beaucoup ri, c'est quand je suis allé chercher des informations sur le système et le baseboard :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Online</span><span class="w"> </span><span class="n">Labs</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">product</span><span class="o">-</span><span class="n">name</span><span class="w"></span>
<span class="n">SR</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="p">(</span><span class="o">^</span><span class="n">_</span><span class="o">^</span><span class="p">)</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">serial</span><span class="o">-</span><span class="n">number</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Online</span><span class="w"> </span><span class="n">Labs</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">product</span><span class="o">-</span><span class="n">name</span><span class="w"></span>
<span class="n">SR</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">serial</span><span class="o">-</span><span class="n">number</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">asset</span><span class="o">-</span><span class="n">tag</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
</code></pre></div>
<p>On remarque donc que le constructeur de la machine peut y mettre un peu ce qu'il veut. On reconnaît ici clairement un serveur Dédibox.</p>
<p>Pour plus de détails, <a href="https://linux.die.net/man/8/dmidecode" title="dmidecode(8)">la page de manuel</a> reste incontournable.</p>
<p>Des remarques, des propositions d'améliorations ? Où même des exemples amusants sur certains systèmes particuliers ? Les commentaires sont là pour ça !</p>Bilan de début d'année du blog2017-03-06T09:30:00+01:002017-03-06T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-06:/post/2017/03/06/bilan-de-debut-d-annee-du-blog/<p>Cette semaine, une petite pause avec un contenu moins technique. J'ai repris depuis le début de cette année 2017 un certain rythme d'écriture sur ce blog, via la parution chaque lundi matin d'un nouveau billet. Je me demandais combien de temps j'allais pouvoir tenir cette cadence, et au bout de …</p><p>Cette semaine, une petite pause avec un contenu moins technique. J'ai repris depuis le début de cette année 2017 un certain rythme d'écriture sur ce blog, via la parution chaque lundi matin d'un nouveau billet. Je me demandais combien de temps j'allais pouvoir tenir cette cadence, et au bout de combien de temps j'allais m'essouffler, non seulement en terme de motivation, mais aussi en terme d'idées de contenu.</p>
<p>Côté motivation, pour le moment ça passe encore. Ces deux dernières semaines ont été assez remplies et ne m'ont laissé que peu de temps pour écrire. J'avais déjà fait ce constat il y a quelques temps, mais il a été encore plus flagrant en ce début d'année : je n'arrive pas à écrire en continu (comprendre : un peu chaque jour), mais par vague (par exemple, deux soirs toutes les deux ou trois semaines). En partant de ce constat, j'essaie de profiter au maximum de ces moments disponibles, et cela donne donc 10 billets depuis le début de l'année : la cadence est donc tenue !</p>
<p>Côté contenu, là aussi pour le moment j'ai encore quelques idées. Je ne les révèlerai pas pour éviter de gâcher la surprise, mais aussi pour changer de sujet si jamais je change d'avis ;) Là où je suis agréablement surpris, c'est qu'il m'arrive encore de réaliser des choses techniquement intéressantes ce qui nourrit cette sorte d'inspiration, comme le récent billet sur <a href="/post/2017/02/20/verifier-les-chiffrements-disponible-sur-un-serveur-https-avec-nmap">Nmap</a>. Pourvu que ça dure !</p>
<p>Par contre, je ressens encore quelques difficultés pour déterminer là où publier mes différents contenus. J'ai laissé ce blog en jachère pendant plusieurs mois en me disant que je serais sans doute plus lu sur <a href="https://linuxfr.org" title=""LinuxFr.org,">LinuxFr.org</a>, et que j'y aurais certainement plus de retours. Il y a 3 ans, j'ai aussi écrit un <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-166/Creation-d-un-serveur-de-demarrage-PXE-sous-NetBSD-pour-installer-NetBSD" title=""Création">article</a> pour <a href="http://www.gnulinuxmag.com/" title=""GNU/Linux">GNU/Linux Magazine France</a>. Cela fut une expérience très enrichissante car j'ai pu échanger avec quelqu'un pendant la rédaction, mais c'est bien là où j'ai eu le moins de retour (en dehors d'un collègue qui a acheté le numéro exprès). J'en suis venu à la réflexion suivante :</p>
<ul>
<li>l'actualité, c'est pour LinuxFr.org ;</li>
<li>les contenus techniques, qui ne relèvent pas d'une actualité, de taille faible à moyenne (encore qu'avec le billet sur <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">pbulk</a> on peut se poser la question) sont pour le blog ;</li>
<li>je voudrais faire publier dans un magazine les contenus techniques, qui ne relèvent pas d'une actualité, de taille moyenne à importante.</li>
</ul>
<p>Pour ce qui est de la dernière catégorie de contenu, c'est sans doute celle où j'ai le moins d'idées (mais j'en ai), mais c'est aussi pour le moment celle pour laquelle je n'ai pas vraiment pris le temps de m'y mettre sérieusement. C'est peut-être le cœur de cette difficulté, je me demande si je ne devrais pas écrire d'abord, et réflechir après afin de déterminer où publier le contenu ?</p>
<p>Je reste malgré tout sur une note positive : j'ai plus que jamais, en ce début d'année, envie d'expérimenter, de bidouiller, de mettre en place des trucs, et d'écrire sur tout ça !</p>
<p>J'en profite pour terminer sur des questions pour les courageuses et courageux qui oseront écrire dans les commentaires : avez-vous un billet préféré dans ceux de ce début d'année ? Lequel ? Est-ce que vous souhaitez que certains domaines soient approfondis, ou bien un peu de diversité serait appréciée ?</p>pbulk : compilation massive de paquets pkgsrc2017-02-27T09:30:00+01:002017-02-27T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-02-27:/post/2017/02/27/pbulk-compilation-massive-de-paquets-pkgsrc/<p>Je continue dans ma série de billets sur <a href="/tag/pkgsrc">pkgsrc</a>, mais cette fois-ci on retourne sous NetBSD. L'objectif aujourd'hui est de construire de nombreux paquets (idéalement tous, ou alors une liste précise) binaires et de créer un dépôt pour ceux-ci. On appelle cela un <em>bulk build</em> lorsqu'on tente de construire tous …</p><p>Je continue dans ma série de billets sur <a href="/tag/pkgsrc">pkgsrc</a>, mais cette fois-ci on retourne sous NetBSD. L'objectif aujourd'hui est de construire de nombreux paquets (idéalement tous, ou alors une liste précise) binaires et de créer un dépôt pour ceux-ci. On appelle cela un <em>bulk build</em> lorsqu'on tente de construire tous les paquets disponibles, et un <em>partial bulk build</em> lorsqu'on décide de n'en construire qu'une partie, en inscrivant ceux-ci dans un fichier de liste.</p>
<p>Précisons que ce contenu est en partie basé sur le tutoriel du wiki officiel : <em><a href="https://wiki.netbsd.org/tutorials/pkgsrc/pbulk/" title=""Using">Using pbulk to create a pkgsrc binary repository</a></em>. Si vous préférez la langue de Shakespeare, cela peut s'avérer un bon point de départ.</p>
<h2>Préparation</h2>
<p>Effectuer ce genre d'opérations requiert idéalement un système dédié, matériel ou virtuel. Dans mon cas, j'ai opté un Raspberry Pi 2B.</p>
<p><img alt=""braverthanithought.jpg"" src="https://blog.anotherhomepage.org/public/memes/braverthanithought.jpg" title=""extrait"></p>
<p>Bon, on va pas se faire d'illusion, c'est juste pour du bulk build partiel, n'imaginons même pas tenter de construire tous les paquets disponibles sans une cinquantaine de ces trucs.</p>
<p>Côté ressources, il est donc préférable d'avoir plusieurs coeurs, 1 giga-octet de mémoire vive minimum, et quelques dizaines de giga-octets d'espace disque. Au niveau du partitionnement, c'est un peu comme on veut tant que l'endroit où on crée la sandbox (et les paquets) est assez grand. Dans mon cas, j'ai fait un choix très simpliste, vu que le Pi ne sert qu'à cela : un / sur une carte SD de 32 giga-octets. Le répertoire pour créer les sandbox est tout simplement <em>/srv/sandbox</em>.</p>
<p>Concernant l'installation de l'OS, là aussi on va se faciliter l'existence, il suffit d'installer tous les sets, sauf les codes sources du noyau et du système (encore moins de la partie graphique). Exemple sur le Pi, la liste des sets installés :</p>
<div class="highlight"><pre><span></span><code>$ ls -hl /etc/mtree/
total <span class="m">5</span>.7M
-r--r--r-- <span class="m">1</span> root wheel 57K Sep <span class="m">25</span> <span class="m">2015</span> NetBSD.dist
-r--r--r-- <span class="m">1</span> root wheel 749K Sep <span class="m">25</span> <span class="m">2015</span> set.base
-r--r--r-- <span class="m">1</span> root wheel <span class="m">2</span>.4M Sep <span class="m">25</span> <span class="m">2015</span> set.comp
-r--r--r-- <span class="m">1</span> root wheel 43K Sep <span class="m">25</span> <span class="m">2015</span> set.etc
-r--r--r-- <span class="m">1</span> root wheel 43K Sep <span class="m">25</span> <span class="m">2015</span> set.games
-r--r--r-- <span class="m">1</span> root wheel 815K Sep <span class="m">25</span> <span class="m">2015</span> set.man
-r--r--r-- <span class="m">1</span> root wheel 96K Sep <span class="m">25</span> <span class="m">2015</span> set.misc
-r--r--r-- <span class="m">1</span> root wheel 26K Sep <span class="m">25</span> <span class="m">2015</span> set.modules
-r--r--r-- <span class="m">1</span> root wheel 90K Sep <span class="m">25</span> <span class="m">2015</span> set.text
-r--r--r-- <span class="m">1</span> root wheel 193K Sep <span class="m">25</span> <span class="m">2015</span> set.xbase
-r--r--r-- <span class="m">1</span> root wheel 473K Sep <span class="m">25</span> <span class="m">2015</span> set.xcomp
-r--r--r-- <span class="m">1</span> root wheel 11K Sep <span class="m">25</span> <span class="m">2015</span> set.xetc
-r--r--r-- <span class="m">1</span> root wheel 761K Sep <span class="m">25</span> <span class="m">2015</span> set.xfont
-r--r--r-- <span class="m">1</span> root wheel 17K Sep <span class="m">25</span> <span class="m">2015</span> set.xserver
-r--r--r-- <span class="m">1</span> root wheel 18K Sep <span class="m">25</span> <span class="m">2015</span> special
</code></pre></div>
<p>Par contre, dans certains cas, l'absence de /usr/src ou de /usr/xsrc peut arrêter net certaines manipulations. IL faut donc penser à les créer (en tant que root) : <em>mkdir /usr/src && mkdir /usr/xsrc</em>. Il n'est pas nécessaire d'installer pkgsrc, mais disposer au moins d'un dépôt de paquets binaires peut être une bonne idée (la dernière version stable suffira). Il s'agit plus d'une question de préférence ici.</p>
<h2>Création et configuration de la sandbox</h2>
<p>Nous allons donc créer une sandbox qui va contenir l'installation de l'outil pbulk. Cela a plusieurs avantages :</p>
<ul>
<li>on peut créer plusieurs sandbox pour tester différents cas, comme une version différente de pkgsrc ou des options de compilation ;</li>
<li>si une sandbox ne fonctionne plus, il est possible d'en créer une autre, voire même de scripter son installation pour aller plus vite ;</li>
<li>on pourra installer son petit confort sur le système hébergeant la sandbox (qui a dit bash, vim et git ?), et aussi installer des outils de supervision ou de métrologie.</li>
</ul>
<p>Ne soyons pas non plus trop optimistes sur la pérennité du système, dans le cas du Pi, j'en suis à la troisième réinstallation (une carte SD n'est pas un disque dur, une clé USB non plus).</p>
<p>Pour créer la sandbox, installons <a href="http://pkgsrc.se/pkgtools/mksandbox" title=""mksandbox">mksandbox</a>. Cet outil est en fait un script shell qui va utiliser des points de montage de type <em>null mountpoint</em> pour faciliter la création de nos espaces de création de paquet et éviter de recopier tout le contenu du système hôte. Au moment de l'écriture de ce billet, la version en date est la 1.7, disponible dans pkgsrc-2016Q4. Au choix, on peut <em>pkgin in mksandbox</em>, <em>pkg_add -v mksandbox</em>, ou bien <em>cd /usr/pkgsrc/pkgtools/mksandbox && make install clean clean-depends</em>.</p>
<p>Une fois mksandbox installé, créons notre premier bac à sable (en tant que root) :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mksandbox --without-pkgsrc /srv/sandbox/pkgsrc-2016q4</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">populate</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">dev</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">populate</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">etc</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="n">empty</span><span class="w"> </span><span class="n">dirs</span><span class="w"> </span><span class="n">upon</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">mount</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="n">mounts</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="o">/</span><span class="n">lock</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">utmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">utmpx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">wtmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">wtmpx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">lastlog</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">lastlogx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Mount</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Mount</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Sandbox</span><span class="w"> </span><span class="n">creation</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="n">complete</span><span class="w"></span>
</code></pre></div>
<p>La sandbox est d'ailleurs déjà montée à l'issue de sa création :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mount | grep 2016q4</span><span class="w"></span>
<span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Profitons-en pour découvrir le script de montage, démontage, et d'entrée dans la sandbox, qui se nomme <em>sandbox</em> et se trouve à la racine de celle-ci. Dans mon cas c'est donc <em>/srv/sandbox/pkgsrc-2016q4</em>.</p>
<p>Pour démonter la sandbox, c'est donc :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox umount
</code></pre></div>
<p>Pour monter la sandbox, c'est :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox umount
</code></pre></div>
<p>Et pour entrer dans la sandbox, c'est :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox chroot
</code></pre></div>
<p>Démontons-donc la sandbox, et avant de la remonter, éditons le script de sandbox. Les lignes 16 à 33 montrent la liste des répertoires à monter, et nous allons en ajouter une, qui permettra à la sandbox d'envoyer des mails (c'est donc optionnel mais pratique parfois). Il s'agit du répertoire <em>/var/spool</em>. Dans mon cas, le résultat est donc :</p>
<div class="highlight"><pre><span></span><code><span class="n">fses</span><span class="o">=</span><span class="s2">"</span><span class="se">\\</span>
<span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="w"> </span><span class="n">rw</span><span class="w"> </span>\\<span class="w"></span>
<span class="s2">"</span>
</code></pre></div>
<p>Notons qu'il s'agit du seul répertoire accessible en écriture. Nous pouvons alors monter la sandbox, et y entrer.</p>
<p>Notre sandbox est crée, mais il nous faut ajouter quelques éléments avant d'installer pbulk. Par exemple, il nous manque pkgsrc. Installons donc ce dernier :</p>
<div class="highlight"><pre><span></span><code><span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">root</span><span class="o">/</span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="w"> </span>
<span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">cvs</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">anoncvs</span><span class="nv">@anoncvs</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="nl">org</span><span class="p">:</span><span class="o">/</span><span class="n">cvsroot</span><span class="w"> </span><span class="n">co</span><span class="w"> </span><span class="o">-</span><span class="n">rpkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">Q4</span><span class="w"> </span><span class="n">pkgsrc</span><span class="w"></span>
</code></pre></div>
<p>Dans le cas d'une installation de pkgsrc-current, il suffit de retirer la partie <em>-rpkgsrc-2016Q4</em> de la commande précédente.Sauf que, dans mon cas, le Raspberry Pi (ou bien sa carte SD) ne tient pas le coup et abandonne avant la fin du checkout. Procédons à l'alternative :</p>
<div class="highlight"><pre><span></span><code><span class="nv">netpi2</span># <span class="nv">mkdir</span> <span class="o">-</span><span class="nv">p</span> <span class="o">/</span><span class="nv">root</span><span class="o">/</span>.<span class="nv">ssh</span>
<span class="nv">netpi2</span># <span class="nv">cd</span> <span class="o">/</span><span class="nv">usr</span>
<span class="nv">netpi2</span># <span class="nv">ftp</span> <span class="nv">http</span>:<span class="o">//</span><span class="nv">cdn</span>.<span class="nv">netbsd</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">pub</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="nv">Trying</span> <span class="mi">2</span><span class="nv">a04</span>:<span class="mi">4</span><span class="nv">e42</span>:<span class="mi">4</span>::<span class="mi">262</span>:<span class="mi">80</span> ...
<span class="nv">ftp</span>: <span class="nv">Can</span><span class="s1">'</span><span class="s">t connect to `2a04:4e42:4::262:80</span><span class="s1">'</span>: <span class="nv">No</span> <span class="nv">route</span> <span class="nv">to</span> <span class="nv">host</span>
<span class="nv">Trying</span> <span class="mi">151</span>.<span class="mi">101</span>.<span class="mi">61</span>.<span class="mi">6</span>:<span class="mi">80</span> ...
<span class="nv">Requesting</span> <span class="nv">http</span>:<span class="o">//</span><span class="nv">cdn</span>.<span class="nv">netbsd</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">pub</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="mi">100</span><span class="o">%</span> <span class="o">|*************************************************************************************************************************************************************************************************|</span> <span class="mi">37422</span> <span class="nv">KiB</span> <span class="mi">2</span>.<span class="mi">65</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span> <span class="mi">00</span>:<span class="mi">00</span> <span class="nv">ETA</span>
<span class="mi">38320872</span> <span class="nv">bytes</span> <span class="nv">retrieved</span> <span class="nv">in</span> <span class="mi">00</span>:<span class="mi">13</span> <span class="ss">(</span><span class="mi">2</span>.<span class="mi">65</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span><span class="ss">)</span>
<span class="nv">netpi2</span># <span class="nv">unxz</span> <span class="o">-</span><span class="nv">v</span> <span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span> <span class="ss">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">1</span><span class="ss">)</span>
<span class="mi">100</span> <span class="o">%</span> <span class="mi">36</span>.<span class="mi">5</span> <span class="nv">MiB</span> <span class="o">/</span> <span class="mi">437</span>.<span class="mi">1</span> <span class="nv">MiB</span> <span class="o">=</span> <span class="mi">0</span>.<span class="mi">084</span> <span class="mi">8</span>.<span class="mi">8</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span> <span class="mi">0</span>:<span class="mi">49</span>
<span class="nv">netpi2</span># <span class="nv">tar</span> <span class="o">-</span><span class="nv">xvpf</span> <span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>
# <span class="nv">non</span>, <span class="nv">je</span> <span class="nv">ne</span> <span class="nv">copierai</span> <span class="nv">pas</span> <span class="nv">la</span> <span class="nv">sortie</span> <span class="nv">d</span><span class="s1">'</span><span class="s">un tar verbose de pkgsrc.</span>
<span class="nv">netpi2</span># <span class="nv">cd</span> <span class="nv">pkgsrc</span> <span class="o">&&</span> <span class="nv">cvs</span> <span class="nv">update</span> <span class="o">-</span><span class="nv">dP</span>
</code></pre></div>
<p>Note pour plus tard : <em>bsdtar</em> ne prend pas en compte nativement le format xz. En attendant, les archives au format bzip2 c'est pas mal.</p>
<h2>Installation et configuration de pbulk</h2>
<p>Avant d'installer pbulk, il convient de comprendre certains détails. Pbulk s'installe via pkgsrc, mais tous les paquets qui vont être créés par la suite le seront aussi, et probablement désinstallés. Cela risque donc d'influer sur les dépendances de pbulk. L'idée est donc d'installer pbulk non pas dans l'emplacement habituel des paquets <em>/usr/pkg/</em> mais dans un autre endroit, qui se trouve être <em>/usr/pbulk</em>.</p>
<p>En préalable à l'installation de pbulk, initialisons un fichier d'options de compilation, nommé mk.conf.frag :</p>
<div class="highlight"><pre><span></span><code><span class="n">PKG_DEVELOPER</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">MAKE_JOBS</span><span class="o">=</span><span class="mi">3</span><span class="w"></span>
<span class="n">SKIP_LICENSE_CHECK</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">PKG_COMPILER</span><span class="o">=</span><span class="n">ccache</span><span class="w"> </span><span class="n">gcc</span><span class="w"></span>
<span class="n">PKG_RCD_SCRIPTS</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">ALLOW_VULNERABLE_PACKAGES</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">PKG_DEFAULT_OPTIONS</span><span class="o">+=</span><span class="w"></span>
<span class="n">KRB5_ACCEPTED</span><span class="o">=</span><span class="n">heimdal</span><span class="w"> </span><span class="n">mit</span><span class="o">-</span><span class="n">krb5</span><span class="w"></span>
<span class="n">USE_CWRAPPERS</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">PKG_OPTIONS</span><span class="o">.</span><span class="n">irssi</span><span class="o">+=</span><span class="w"> </span><span class="n">ssl</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="n">inet6</span><span class="w"></span>
<span class="n">PKGCHK_CONF</span><span class="err">?</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pkgchk</span><span class="o">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">DEPENDS_TARGET</span><span class="o">=</span><span class="w"> </span><span class="n">bulk</span><span class="o">-</span><span class="n">install</span><span class="w"></span>
<span class="n">BATCH</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">lintpkgsrc</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">pkg_install</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">ccache</span><span class="w"></span>
<span class="c1"># http://wiki.netbsd.org/tutorials/pkgsrc/cross_compile_distcc/</span><span class="w"></span>
<span class="o">.</span><span class="k">for</span><span class="w"> </span><span class="n">DISTCCDEPS</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">ccache</span><span class="w"> </span><span class="n">sysutils</span><span class="o">/</span><span class="n">checkperms</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">digest</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">distcc</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">popt</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">libtool</span><span class="o">-</span><span class="n">base</span><span class="w"> </span><span class="n">lang</span><span class="o">/</span><span class="n">f2c</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">gmake</span><span class="w"></span>
<span class="o">.</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="s2">"${PKGPATH}"</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"${DISTCCDEPS}"</span><span class="w"></span>
<span class="n">IGNORE_DISTCC</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="n">IGNORE_CCACHE</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="o">.</span><span class="w"> </span><span class="n">endif</span><span class="w"></span>
<span class="o">.</span><span class="n">endfor</span><span class="w"></span>
<span class="n">WRKOBJDIR</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="w"></span>
<span class="n">PACKAGES</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">packages</span><span class="w"></span>
<span class="n">DISTDIR</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">distfiles</span><span class="w"></span>
</code></pre></div>
<p>L'idée est d'indiquer ici des options de personnalisation de compilation. Il est possible de comprendre à quoi correspondent ces options en allant jeter un œil dans le répertoire <em>/usr/pkgsrc/mk/defaults/</em>, mais je vais malgré tout m'attarder sur l'une d'entre elles : <em>MAKE_JOBS</em>. Cette directive permet d'utiliser plusieurs commandes <em>make</em> en parallèle, et il convient de l'ajuster selon le nombre de cœurs ou de threads de votre ordinateurs. Généralement une règle simple serait au minimum "nombre de processeurs +1". Mais, le Raspberry PI, malgré ses 4 cœurs, ne tient pas le coup, j'ai donc abaissé la valeurs à 3. A noter que le contenu de ce mk.conf.frag sera copié lors de l'installation de pbulk dans le fichier <em>/etc/mk.conf</em>. On pourra le modifier entre deux builds, pas besoin de relancer l'installation. Tiens, d'ailleurs, lançons-là :</p>
<div class="highlight"><pre><span></span><code>sh /usr/pkgsrc/mk/pbulk/pbulk.sh -n -c mk.conf.frag
</code></pre></div>
<p>Une fois pbulk installé, configurons son fichier principal : <em>/usr/pbulk/etc/pbulk.conf</em>. Je ne vais pas détailler toutes les options, mais juste celles que je modifie. Commençons d'ailleurs par ajouter les deux lignes suivantes juste après la première :</p>
<div class="highlight"><pre><span></span><code>ulimit -t 3600 # set the limit on CPU time (in seconds)
ulimit -v 2097152 # limits process address space
</code></pre></div>
<p>Comme l'indiquent les commentaires en anglais (recopiés textuellement depuis la page wiki du début du billet), ils servent à limiter la consommation CPU de nos builds, au cas où. Je choisis ensuite l'URL du rapport de bulk build :</p>
<div class="highlight"><pre><span></span><code>base_url=http://pkg.anotherhomepage.org/pub/pkgsrc/reports/NetBSD/earmv6hf/7.0_2016Q
</code></pre></div>
<p>Ce rapport va me permettre de voir quels paquets n'ont pu être construits, et surtout de comprendre pourquoi grâce aux fichiers de log.</p>
<p>Avant la construction des paquets, une phase permet de lister ceux-ci et de déterminer l'ordre dans lequel les construire. Cette étape se nomme le "scan". Pour accélérer cette étape, nous pouvons conserver le résultat du scan d'un build précédent. Pour cela :</p>
<div class="highlight"><pre><span></span><code>reuse_scan_results=yes
</code></pre></div>
<p>Il est possible d'utiliser plusieurs machines avec pbulk. Ce n'est pas notre cas ici :</p>
<div class="highlight"><pre><span></span><code>master_mode=no
</code></pre></div>
<p>On passe alors aux options de publication des paquets, via rsync :</p>
<div class="highlight"><pre><span></span><code><span class="n">pkg_rsync_args</span><span class="o">=</span><span class="ss">"-rltoDPq"</span><span class="w"></span>
<span class="n">pkg_rsync_target</span><span class="o">=</span><span class="ss">"user@host:/chemin/vers/les/paquets/"</span><span class="w"></span>
<span class="n">report_rsync_args</span><span class="o">=</span><span class="ss">"-rltoDPq"</span><span class="w"></span>
<span class="n">report_rsync_target</span><span class="o">=</span><span class="ss">"user@host:/chemin/vers/les/rapports/"</span><span class="w"></span>
</code></pre></div>
<p>Le build est long, c'est pratique d'avoir un mail quand c'est fini, et qui contient le rapport :</p>
<div class="highlight"><pre><span></span><code><span class="n">report_subject_prefix</span><span class="o">=</span><span class="ss">"pkgsrc-2016Q4"</span><span class="w"></span>
<span class="n">report_recipients</span><span class="o">=</span><span class="ss">"adresse@domaine.valide"</span><span class="w"></span>
</code></pre></div>
<p>C'est d'ailleurs l'occasion de parler du <a href="https://bulktracker.appspot.com/" title="BulkTracker">BulkTracker</a>, qui permet de suivre différents bulk builds. Pour y participer, il suffit d'ajouter dans dans <em>report_recipients</em> l'adresse <em>pkgsrc-bulk chez NetBSD point org</em>.</p>
<p>On parlait de bulk buid partiel, on peut spécifier un fichier contenant une liste de paquets pour ne pas avoir à compiler tous les paquets :</p>
<div class="highlight"><pre><span></span><code>limited_list=/etc/pkgchk.conf
</code></pre></div>
<p>Dans ce fichier, chaque paquet est sur sa propre ligne. Pour le moment, on peut démarrer avec juste <em>pkgtools/pkgin</em> dedans.</p>
<p>Je choisis ensuite de modifier certains répertoires, celui qui contient les logs de construction des paquets, et celui qui contient les paquets :</p>
<div class="highlight"><pre><span></span><code>bulklog=/srv/bulklog
packages=/srv/packages
</code></pre></div>
<p>Ne pas oublier aussi, surtout pour NetBSD, de bien positionner la variable <em>make</em> :</p>
<div class="highlight"><pre><span></span><code>make=/usr/bin/make
</code></pre></div>
<p>Dernier détail, la fin du fichier contient quelques redéfinitions de variables, donc attention de les mettre en commentaire !</p>
<h2>Et tu bulk, et tu bulk, et tu bulk (mais sans t-shirt jaune ni planche de surf)</h2>
<p>Avant de lancer la construction à proprement parler, petit avertissement : il est plus que recommandé d'utiliser screen ou tmux, car cela prend énormément de temps !</p>
<p>Lançons pbulk :</p>
<div class="highlight"><pre><span></span><code><span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pbulk</span><span class="o">/</span><span class="nv">bin</span><span class="o">/</span><span class="nv">bulkbuild</span>
<span class="nv">Warning</span>: <span class="nv">All</span> <span class="nv">log</span> <span class="nv">files</span> <span class="nv">of</span> <span class="nv">the</span> <span class="nv">previous</span> <span class="nv">pbulk</span> <span class="nv">run</span> <span class="nv">will</span> <span class="nv">be</span>
<span class="nv">removed</span> <span class="nv">in</span> <span class="mi">5</span> <span class="nv">seconds</span>. <span class="k">If</span> <span class="nv">you</span> <span class="nv">want</span> <span class="nv">to</span> <span class="nv">abort</span>, <span class="nv">press</span> <span class="nv">Ctrl</span><span class="o">-</span><span class="nv">C</span>.
<span class="nv">Removing</span> <span class="nv">old</span> <span class="nv">scan</span> <span class="nv">results</span>
</code></pre></div>
<p>Si jamais un paquet ne fonctionne pas, mais qu'après mise à jour, il peut compiler, il est possible de ne pas tout recompiler :</p>
<div class="highlight"><pre><span></span><code>/usr/pbulk/bin/bulkbuild-rebuild category/pkgname
</code></pre></div>
<p>Il est aussi possible de reprendre un build arrêté inopinément :</p>
<div class="highlight"><pre><span></span><code>/usr/pbulk/bin/bulkbuild-restart
</code></pre></div>
<p>J'espère que malgré la longueur, ce billet saura se montrer utile et intéressant. Comme toujours, les commentaires sont là pour accueillir remarques, questions et compléments !</p>Vérifier les chiffrements disponibles sur un serveur HTTPS avec Nmap2017-02-20T09:30:00+01:002017-02-20T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-02-20:/post/2017/02/20/verifier-les-chiffrements-disponible-sur-un-serveur-https-avec-nmap/<p>Je me suis retrouvé l'autre jour avec une alerte de sonde de détection d'intrusion, laquelle me signalait qu'une potentielle exploitation de la faille Heartbleed avait eu lieu sur un serveur web. L'autre détail que j'avais au niveau de l'alerte : le protocole utilisé pour cette exploitation était SSL v3.</p>
<p>N'ayant pas …</p><p>Je me suis retrouvé l'autre jour avec une alerte de sonde de détection d'intrusion, laquelle me signalait qu'une potentielle exploitation de la faille Heartbleed avait eu lieu sur un serveur web. L'autre détail que j'avais au niveau de l'alerte : le protocole utilisé pour cette exploitation était SSL v3.</p>
<p>N'ayant pas la main sur la machine, je n'avais pour seule option que de vérifier côté client si le serveur utilise ce protocole. Sur l'instant, j'ai pensé à utiliser OpenSSL, qui dispose d'options pour se connecter à un serveur en utilisant certains protocoles. Cela donne pour mon cas, l'exemple et le résultat suivant :</p>
<div class="highlight"><pre><span></span><code>$ openssl s_client -connect blog.anotherhomepage.org:443 -ssl3
CONNECTED<span class="o">(</span><span class="m">00000006</span><span class="o">)</span>
<span class="m">140187574654788</span>:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1304:SSL alert number <span class="m">40</span>
<span class="m">140187574654788</span>:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/usr/src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:637:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has <span class="nb">read</span> <span class="m">7</span> bytes and written <span class="m">0</span> bytes
---
New, <span class="o">(</span>NONE<span class="o">)</span>, Cipher is <span class="o">(</span>NONE<span class="o">)</span>
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : <span class="m">0000</span>
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: <span class="m">1485895043</span>
Timeout : <span class="m">7200</span> <span class="o">(</span>sec<span class="o">)</span>
Verify <span class="k">return</span> code: <span class="m">0</span> <span class="o">(</span>ok<span class="o">)</span>
---
</code></pre></div>
<p>Alors bon, je sais pas trop vous, mais pour moi, ce n'est pas très évident que le serveur ne prend pas en charge SSL v3. Il y a quand même écrit "CONNECTED" au début, avant de me sortir "handshake failure". Néanmoins, la mission est remplie, et on peut vérifier plusieurs protocoles via les options suivantes d'OpenSSL :</p>
<p><code>* -ssl2 ;* -ssl3 ;* -tls1_2 ;* -tls1_1 ;* -tls1 ;* -dtls1.</code></p>
<p>Peu satisfait de la solution, j'ai continué mon voyage dans les moteurs de recherche, avant de tomber sur <a href="https://security.stackexchange.com/questions/70733/how-do-i-use-openssl-s-client-to-test-for-absence-of-sslv3-support" title=""Stack">une question similaire</a>, disposant de la première solution, mais d'une autre visiblement plus lisible, utilisant le célèbre <a href="https://nmap.org/" title=""Nmap:">Nmap</a>. Elle consiste à tirer parti d'une fonctionnalité assez intéressante du célèbre scanneur de ports, à savoir la disponibilité d'un langage de script permettant d'obtenir des détails supplémentaires lors d'un scan de port. Parmi les scripts disponibles, certains ont même pour but de mener des attaques par <a href="https://svn.nmap.org/nmap/scripts/telnet-brute.nse" title="telnet-brute.nse">bruteforce</a>. Là, il n'est pas question d'attaque, mais simplement d'énumération des ciphers disponibles. Comme plus haut, voici un exemple accompagné d'un résultat :</p>
<div class="highlight"><pre><span></span><code><span class="n">Starting</span><span class="w"> </span><span class="n">Nmap</span><span class="w"> </span><span class="mf">7.40</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">nmap</span><span class="o">.</span><span class="n">org</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="n">at</span><span class="w"> </span><span class="mi">2017</span><span class="o">-</span><span class="mi">02</span><span class="o">-</span><span class="mi">19</span><span class="w"> </span><span class="mi">09</span><span class="p">:</span><span class="mi">30</span><span class="w"> </span><span class="n">CET</span><span class="w"></span>
<span class="n">Nmap</span><span class="w"> </span><span class="n">scan</span><span class="w"> </span><span class="n">report</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">blog</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="w"> </span><span class="p">(</span><span class="mf">163.172</span><span class="o">.</span><span class="mf">46.128</span><span class="p">)</span><span class="w"></span>
<span class="n">Host</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="p">(</span><span class="mf">0.0012</span><span class="n">s</span><span class="w"> </span><span class="n">latency</span><span class="p">)</span><span class="o">.</span><span class="w"></span>
<span class="n">rDNS</span><span class="w"> </span><span class="n">record</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="mf">163.172</span><span class="o">.</span><span class="mf">46.128</span><span class="p">:</span><span class="w"> </span><span class="n">vhost2</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="w"></span>
<span class="n">PORT</span><span class="w"> </span><span class="n">STATE</span><span class="w"> </span><span class="n">SERVICE</span><span class="w"></span>
<span class="mi">443</span><span class="o">/</span><span class="n">tcp</span><span class="w"> </span><span class="n">open</span><span class="w"> </span><span class="n">https</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">ssl</span><span class="o">-</span><span class="k">enum</span><span class="o">-</span><span class="n">ciphers</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">0</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">ciphers</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">compressors</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">NULL</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">cipher</span><span class="w"> </span><span class="n">preference</span><span class="p">:</span><span class="w"> </span><span class="n">server</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">warnings</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">exchange</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">lower</span><span class="w"> </span><span class="n">strength</span><span class="w"> </span><span class="n">than</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">key</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">1</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">ciphers</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">compressors</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">NULL</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">cipher</span><span class="w"> </span><span class="n">preference</span><span class="p">:</span><span class="w"> </span><span class="n">server</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">warnings</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">exchange</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">lower</span><span class="w"> </span><span class="n">strength</span><span class="w"> </span><span class="n">than</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">key</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">2</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">ciphers</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">compressors</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">NULL</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">cipher</span><span class="w"> </span><span class="n">preference</span><span class="p">:</span><span class="w"> </span><span class="n">server</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">warnings</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">exchange</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">lower</span><span class="w"> </span><span class="n">strength</span><span class="w"> </span><span class="n">than</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">key</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">2</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">ciphers</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span><span class="w"> </span><span class="p">(</span><span class="n">dh</span><span class="w"> </span><span class="mi">4096</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">compressors</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">NULL</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">cipher</span><span class="w"> </span><span class="n">preference</span><span class="p">:</span><span class="w"> </span><span class="n">server</span><span class="w"></span>
<span class="o">|</span><span class="w"> </span><span class="n">warnings</span><span class="p">:</span><span class="w"> </span>
<span class="o">|</span><span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">exchange</span><span class="w"> </span><span class="p">(</span><span class="n">secp256r1</span><span class="p">)</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">lower</span><span class="w"> </span><span class="n">strength</span><span class="w"> </span><span class="n">than</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">key</span><span class="w"></span>
<span class="o">|</span><span class="n">_</span><span class="w"> </span><span class="n">least</span><span class="w"> </span><span class="n">strength</span><span class="p">:</span><span class="w"> </span><span class="n">A</span><span class="w"></span>
<span class="n">Nmap</span><span class="w"> </span><span class="n">done</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">IP</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="n">host</span><span class="w"> </span><span class="n">up</span><span class="p">)</span><span class="w"> </span><span class="n">scanned</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="mf">10.06</span><span class="w"> </span><span class="n">seconds</span><span class="w"></span>
</code></pre></div>
<p>On remarquera, dans mon exemple, l'absence de SSLv3.</p>
<p>Et pour l'alerte de mon IDS ? Et bien comme dans mon exemple, SSLv3 n'est pas apparu dans mes résultats, ce qui m'a permis de conclure au faux-positif.</p>
<p>Un dernier détail : au moment de l'écriture de ce billet, <a href="https://nmap.org/book/nse.html" title=""Chapter">NSE</a> n'est pas activé par défaut dans pkgsrc, et pour NetBSD, son activation <a href="https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51715" title=""Gnats">empêche de compiler Nmap</a>.</p>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>Clamav : installation et scan antivirus sur macOS2017-02-13T09:30:00+01:002017-02-13T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-02-13:/post/2017/02/13/clamav-installation-et-scan-antivirus-sur-macos/<p>Si installer un antivirus sur macOS peut sembler étonnant au premier abord, il n'en est pas moins utile, pour plusieurs raisons :</p>
<ul>
<li>d'abord, car la popularité de ces dernières années le rend plus attractif pour ceux qui créent des virus, vers et autres malwares en tous genres ;</li>
<li>ensuite, car il est …</li></ul><p>Si installer un antivirus sur macOS peut sembler étonnant au premier abord, il n'en est pas moins utile, pour plusieurs raisons :</p>
<ul>
<li>d'abord, car la popularité de ces dernières années le rend plus attractif pour ceux qui créent des virus, vers et autres malwares en tous genres ;</li>
<li>ensuite, car il est toujours possible d'être un porteur sain, et donc de propager des menaces vers d'autres machines, qui sont elles potentiellement vulnérables.</li>
</ul>
<p>N'ayant pas encore pris la peine d'essayer quelques-uns de la pléthore d'antivirus disponibles sur l'App Store, j'ai décidé d'installer <a href="http://www.clamav.net/" title="ClamavNet">ClamAV</a>. Une version graphique est disponible chez <a href="https://www.clamxav.com/index.html" title="ClamXav">ClamXav</a>, mais je voulais d'abord quelque chose en ligne de commande, avant d'essayer des produits disposant d'une protection résidente.</p>
<p>Comme pour Bash, on peut installer très facilement Clamav grâce à pkgsrc :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin in clamav
</code></pre></div>
<p>Ensuite, il va falloir mettre à jour les définitions de virus :</p>
<div class="highlight"><pre><span></span><code>sudo freshclam
</code></pre></div>
<p>Et maintenant, scannons tout le système ! L'argument <em>-r</em> permet d'être récursif, <em>-i</em> n'affiche que les infections (sinon, les fichiers vides ou les liens symboliques seront aussi affichés) et <em>-l</em> s'occupe d'enregistrer le résultat du scan dans un fichier de rapport. A noter que des options supplémentaires, disponibles dans la page de manuel, donneront accès à certains comportements, comme certaines actions à effectuer sur un fichier infecté (comme le copier, le déplacer, ou l'effacer).</p>
<div class="highlight"><pre><span></span><code>sudo clamscan -r / -i -l ~/clamscan_report.txt
</code></pre></div>
<p>Même si un rapport est demandé, Clamav affichera sur la sortie standard les fichiers traités (l'argument <em>-i</em> limite grandement la pollution visuelle).</p>
<p>Enfin, jetons un oeil rapide à notre rapport, en regardant si des menaces sont été trouvées. Si l'argument <em>-i</em> n'a pas été utilisé, ceci devrait aider :</p>
<div class="highlight"><pre><span></span><code>grep FOUND ~/clamscan_report.txt
</code></pre></div>
<p>Voici deux exemples de message signalant la présence d'un virus dans ma boite mail Thunderbird :</p>
<blockquote>
<p>/Users/nils/Library/Thunderbird/Profiles/XXXXX.default/ImapMail/mx.example.org/INBOX.sbd/SubDir.sbd/OtherDir: Win.Malware.Locky-542 FOUND</p>
<p>/Users/nils/Library/Thunderbird/Profiles/XXXXX.default/ImapMail/mx.example.org/Junk: Js.Downloader.Election_phishing-1 FOUND</p>
</blockquote>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>
<h2>Commentaires</h2>
<h3>Le 13/02/2017 10:28 par M@T D.</h3>
<p>Salut Nils !</p>
<p>J'aime bien la démarche: AV en ligne de commande seulement, non résident, lancé à la demande (ou périodiquement via cron). Je pense que je vais me laisser tenter :-)</p>
<h3>Le 13/02/2017 12:58 par Nils</h3>
<p>Merci M@T ! N'oublie pas d'abord d'installer <a href="https://blog.anotherhomepage.org/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos">pkgsrc</a> !</p>Bash : utiliser une version plus récente sur macOS2017-02-06T09:30:00+01:002017-02-06T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-02-06:/post/2017/02/06/bash-utiliser-une-version-plus-recente-sur-macos/<p>Dans le <a href="https://blog.anotherhomepage.org/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos/">billet précédent à propos de pkgsrc sur macOS</a>, nous avons abordé l'installation. Passons maintenant à un cas pratique ! En effet, si macOS profite de sa base Unix, et parfois dans des versions pas trop anciennes (en tous cas pour macOS Sierra, en version 10.12.3 au moment …</p><p>Dans le <a href="https://blog.anotherhomepage.org/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos/">billet précédent à propos de pkgsrc sur macOS</a>, nous avons abordé l'installation. Passons maintenant à un cas pratique ! En effet, si macOS profite de sa base Unix, et parfois dans des versions pas trop anciennes (en tous cas pour macOS Sierra, en version 10.12.3 au moment de l'écriture de ce billet), GNU Bash fait exception :</p>
<div class="highlight"><pre><span></span><code>$ /bin/bash --version
GNU bash, version <span class="m">3</span>.2.57<span class="o">(</span><span class="m">1</span><span class="o">)</span>-release <span class="o">(</span>x86_64-apple-darwin16<span class="o">)</span>
Copyright <span class="o">(</span>C<span class="o">)</span> <span class="m">2007</span> Free Software Foundation, Inc.
</code></pre></div>
<p>Si Apple a laissé une version assez ancienne du célèbre interpréteur de commande, ce n'est peut-être pas pour rien. Comment donc utiliser une version plus récente, tout en conservant celui du système ? Grâce à pkgsrc bien sûr !</p>
<p>Une fois pkgsrc installé grâce au <a href="/post/2017/01/21/macOS-installer-pkgsrc-pour-beneficier-de-plus-de-logiciels">billet précédent</a>, on peut très simplement installer Bash :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin -y install bash
</code></pre></div>
<p>Il est possible, en option, d'installer des complétions supplémentaires pour Bash via le paquet <em>bash-completions</em> :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin -y install bash-completions
</code></pre></div>
<p>Notre nouveau shell est alors disponible par le chemin <em>/opt/pkg/bin/bash</em>. Assurons-nous que ce chemin est considéré par macOS comme un shell valide, en vérifiant le fichier <em>/etc/shells</em>, et en l'éditant si besoin (il faudra faire attention à utiliser <em>sudo</em> pour cette édition). Par exemple, une fois l'édition effectuée, mon fichier ressemble à ceci :</p>
<div class="highlight"><pre><span></span><code>$ cat /etc/shells
<span class="c1"># List of acceptable shells for chpass(1).</span>
<span class="c1"># Ftpd will not allow users to connect who are not using</span>
<span class="c1"># one of these shells.</span>
/bin/bash
/bin/csh
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
/opt/pkg/bin/bash
</code></pre></div>
<p>On peut alors modifier le shell de son propre utilisateur en utilisant la commande <em>chsh</em> :</p>
<div class="highlight"><pre><span></span><code>chsh -s /opt/pkg/bin/bash
</code></pre></div>
<p>Cette nouvelle version de Bash n'est alors utilisée que pour l'utilisateur système courant, ce qui ne devrait perturber aucun script système. Une autre possibilité, si on veut limiter cette version de Bash au terminal, consiste à se rendre dans les préférences de l'application Terminal.app, puis, dans l'onglet "Général", de modifier le paramètre "Ouvrir les shells avec :", de sélectionner l'option "Commande (chemin d'accès complet) :" et de le positionner à <em>/opt/pkg/bin/bash</em>.</p>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>pkgsrc : installer un gestionnaire de paquets pour plus de logiciels sur macOS2017-01-21T09:30:00+01:002017-01-21T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-01-21:/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos/<p><strong>Disclaimer</strong> : <em>mon installation de pkgsrc étant bien entendu faite depuis quelques temps, une partie de ce billet est écrite grâce aux documentations suivies à l'époque et un peu de mémoire, je n'ai pas pu tout re-tester. Si des passages sont erronés ou que vous éprouvez des difficultés, n'hésitez pas à …</em></p><p><strong>Disclaimer</strong> : <em>mon installation de pkgsrc étant bien entendu faite depuis quelques temps, une partie de ce billet est écrite grâce aux documentations suivies à l'époque et un peu de mémoire, je n'ai pas pu tout re-tester. Si des passages sont erronés ou que vous éprouvez des difficultés, n'hésitez pas à m'en faire part dans les commentaires, je corrigerai dès que possible.</em></p>
<p>L'une des forces de macOS (anciennement OSX, anciennement Mac OS X, Apple pourrait quand même arrêter sa frénésie de renommage) est sa base héritée d'Unix. Sans rentrer dans les détails, j'apprécie de pouvoir lancer un terminal et disposer d'un interpréteur de commandes (Bash) et de certains logiciels "classiques", comme Vim, wget, curl, sed ou awk. J'apprécie aussi de pouvoir installer certains logiciels très facilement via le terminal, ce qui est le cas sur un système GNU/Linux ou BSD. Bien que cela ne soit pas disponible pour macOS, plusieurs projets viennent combler ce manque :</p>
<ul>
<li><a href="https://www.macports.org/" title=""The">MacPorts</a>, anciennement DarwinPorts ;</li>
<li><a href="http://www.finkproject.org/" title="Fink">Fink</a> ;</li>
<li><a href="https://brew.sh/index_fr.html" title=""Le">Homebrew</a> ;</li>
<li>et enfin, <a href="http://pkgsrc.org/" title=""pkgsrc">pkgsrc</a>.</li>
</ul>
<p>J'ai par le passé utilisé MacPorts, mais aujourd'hui j'utilise pkgsrc. Les raisons qui m'ont fait passer de l'un à l'autre sont surtout liées à mes contributions au dernier : au-delà de la réutilisation de connaissances liées à NetBSD/pkgsrc, je peux aussi tester certains paquets pkgsrc sous macOS. Quelque chose que j'ai apprécié aussi est la disponibilité de paquets binaires pré-compilés grâce à <a href="https://pkgsrc.joyent.com" title=""Joyent">Joyent</a>, tout en conservant la possibilité de compiler soi-même de manière rapide et simple ces propres paquets.</p>
<h3>Installation de pkgsrc pour les paquets binaires</h3>
<p>L'installation de pkgsrc sur macOS est assez simple si on souhaite juste utiliser les paquets binaires, et un peu plus longue si on souhaite aussi compiler ses propres paquets, qu'on verra dans un second temps. Une manière plus rapide d'installer pkgsrc consiste à utiliser <a href="https://github.com/cmacrae/savemacos" title=""Save">Save mac OS</a>, un script shell de boostrap qui effectuera ces opérations pour vous. Néanmoins, il me semble pertinent de comprendre un peu le pourquoi des choses, et c'est l'objectif de cette partie.</p>
<p>Démarrons par le <em>bootstrap</em>, qui consiste à installer l'arborescence de base permettant d'obtenir les paquets binaires. Je pars ici du principe qu'on dispose d'une machine au moins sous 10.9. Si vous avez une version plus ancienne, suivez ce qui est indiqué pour 10.6 chez <a href="https://pkgsrc.joyent.com/install-on-osx/" title=""Install">Joyent</a>. On commence par télécharger l'archive contenant cette arborescence :</p>
<div class="highlight"><pre><span></span><code>BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20161011.tar.gz"
curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/<span class="cp">${</span><span class="n">BOOTSTRAP_TAR</span><span class="cp">}</span>
</code></pre></div>
<p>Par principe, vérifions aussi que le téléchargement de pkgsrc s'est bien déroulé :</p>
<div class="highlight"><pre><span></span><code>BOOTSTRAP_SHA="09d6649027ce12cadf35a47fcc5ce1192f40e3b2"
echo "<span class="cp">${</span><span class="n">BOOTSTRAP_SHA</span><span class="cp">}</span> <span class="cp">${</span><span class="n">BOOTSTRAP_TAR</span><span class="cp">}</span>" >check-shasum
shasum -c check-shasum
</code></pre></div>
<p>Tant qu'on y est dans les vérifications, on peut s'occuper de la signature GPG, si celui-ci est installé (c'est optionnel, vous pouvez l'installer sur le site de <a href="https://gpgtools.org/" title="GPGTools">GPGTools</a>) :</p>
<div class="highlight"><pre><span></span><code>curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/<span class="cp">${</span><span class="n">BOOTSTRAP_TAR</span><span class="cp">}</span>.asc
gpg --recv-keys 0x1F32A9AD
gpg --verify <span class="cp">${</span><span class="n">BOOTSTRAP_TAR</span><span class="cp">}</span>{.asc,}
</code></pre></div>
<p>Passons à l'installation de pkgsrc à proprement parler, c'est maintenant qu'on a besoin de droits administrateur :</p>
<div class="highlight"><pre><span></span><code>sudo tar -zxpf <span class="cp">${</span><span class="n">BOOTSTRAP_TAR</span><span class="cp">}</span> -C /
</code></pre></div>
<p>Enfin, on prend en compte les chemins additionnels dans le \$PATH, car les paquets s'installent dans l'arborescence <em>/opt/pkg/</em> (les exécutables sont dans <em>/opt/pkg/bin</em> ou <em>/opt/pkg/sbin</em>) :</p>
<div class="highlight"><pre><span></span><code>eval $(/usr/libexec/path_helper)
</code></pre></div>
<p>Pour ce qui est des pages de manuel, on peut ajouter la ligne suivante dans son fichier <em>.profile</em> :</p>
<div class="highlight"><pre><span></span><code><span class="k">export</span><span class="w"> </span><span class="n">MANPATH</span><span class="o">=$</span><span class="n">MANPATH</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">man</span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Une fois que cela est fait, on peut vérifier que <em>pkgin</em> est bien installé, et mettre à jour la liste des paquets depuis le dépôt :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin -f up
sudo pkgin fug
</code></pre></div>
<p>On peut alors utiliser <em>pkgin</em> pour lister, installer, mettre à jour ou désinstaller des logiciels. Attention, il est préférable de l'utiliser avec <em>sudo</em>, surtout pour les actions d'installation, de désinstallation ou de mise à jour.</p>
<h3>Installation de pkgsrc pour compiler depuis les sources</h3>
<p>La partie binaire mise en place, passons aux sources. Dans cette optique, il faut commencer par installer les <a href="https://developer.apple.com/download/more/?=command%20line%20tools" title=""Downloads">command-line tools de Xcode</a>. Cette partie peut nécessiter de créer un compte développeur chez Apple. L'installation se fait de la manière suivante :</p>
<div class="highlight"><pre><span></span><code>xcode-select --install
</code></pre></div>
<p>Bien qu'un miroir <a href="https://github.com/jsonn/pkgsrc" title=""Automatically">Github de pkgsrc</a> existe, nous allons préférer utiliser CVS pour récupérer l'arbre des paquets :</p>
<div class="highlight"><pre><span></span><code><span class="n">sudo</span><span class="w"> </span><span class="n">pkgin</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">cvs</span><span class="w"></span>
<span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="w"></span>
<span class="n">sudo</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="n">pkgsrc</span><span class="w"></span>
<span class="n">sudo</span><span class="w"> </span><span class="n">chown</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="n">whoami</span><span class="p">)</span><span class="err">:</span><span class="n">wheel</span><span class="w"> </span><span class="n">pkgsrc</span><span class="w"></span>
<span class="n">cvs</span><span class="w"> </span><span class="o">-</span><span class="n">danoncvs</span><span class="nv">@anoncvs</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="nl">org</span><span class="p">:</span><span class="o">/</span><span class="n">cvsroot</span><span class="w"> </span><span class="n">checkout</span><span class="w"> </span><span class="n">pkgsrc</span><span class="w"></span>
</code></pre></div>
<p>Optionnellement, on peut ajouter <a href="http://pkgsrc.org/wip/" title="wip">pkgsrc-wip</a>, un arbre supplémentaire de paquets, qui permet entre autres aux débutants de se faire la main dans le domaine de l'empaquetage logiciel pour pkgsrc. Ici, pas besoin d'installer CVS, git est le gestionnaire de version de ce projet (et inclus de base dans macOS) :</p>
<div class="highlight"><pre><span></span><code>cd /opt/pkgsrc
git clone git://wip.pkgsrc.org/pkgsrc-wip.git wip
</code></pre></div>
<p>Pour mettre à jour les arborescences :</p>
<div class="highlight"><pre><span></span><code>cd /opt/pkgsrc
cvs update -dP
cd wip
git pull -r
</code></pre></div>
<p>Pour installer un paquet, par exemple <em>figlet</em>, on utilise la commande <em>bmake</em> (il s'agit du <em>bsd make</em>, disponible sous NetBSD directement via la commande <em>make</em>) :</p>
<div class="highlight"><pre><span></span><code>cd /opt/pkgsrc/misc/figlet
bmake install
</code></pre></div>
<p>On pourra ensuite faire le nettoyage dans l'arborescence via :</p>
<div class="highlight"><pre><span></span><code>bmake clean clean-depends
</code></pre></div>
<p>Avant de terminer, un petit mot sur le paramétrage du bootstrap et de son impact sur l'installation de logiciels via les sources : le boostrap de Joyent active la vérification par clé GPG des paquets binaires, afind de s'assurer de l'intégrité de ceux-ci. Or, cela peut perturber l'installation de paquets via les sources, car le paquet créé ne sera pas signé par Joyent. Il est possible de signer tous les paquets qu'on crée, mais cela peut devenir vite rébarbatif si le processus de compilation n'est pas automatisé. Dans le cas où l'installation d'un paquet par les sources échouerait, il est possible de modifier le niveau de confiance, en demandant de manière interactive si le paquet doit être installé ou non. Il suffit alors de positionner la variable <em>VERIFIED_INSTALLATION</em> à "trusted" dans le fichier <em>/opt/pkg/etc/pkg_install.conf</em>.</p>
<p>J'espère que ce billet aura plus et poussera plus d'utilisateurs de macOS à mieux maîtriser les possibilités de leur machine. Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>dehydrated, un client alternatif pour Let's Encrypt2017-01-16T09:30:00+01:002017-01-16T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-01-16:/post/2017/01/16/dehydrated,-un-client-alternatif-pour-Let-s-Encrypt/<p>Après quelques galères avec <a href="https://github.com/certbot/certbot" title=""Certbot,">Certbot</a>, j'ai découvert <a href="https://github.com/lukas2511/dehydrated" title=""dehydrated,">dehydrated</a>, un client pour Let's Encrypt écrit en Bash.</p>
<p>Depuis plusieurs semaines, voire mois, le client officiel de l'autorité de certification Let's Encrypt, Certbot, ne fonctionne plus sous NetBSD. Cela semble venir du fait que Python, dont dépend Certbot, est compilé avec PaX …</p><p>Après quelques galères avec <a href="https://github.com/certbot/certbot" title=""Certbot,">Certbot</a>, j'ai découvert <a href="https://github.com/lukas2511/dehydrated" title=""dehydrated,">dehydrated</a>, un client pour Let's Encrypt écrit en Bash.</p>
<p>Depuis plusieurs semaines, voire mois, le client officiel de l'autorité de certification Let's Encrypt, Certbot, ne fonctionne plus sous NetBSD. Cela semble venir du fait que Python, dont dépend Certbot, est compilé avec PaX MPROTECT. C'est tout du moins ce qu'indique <a href="https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51490" title=""NetBSD">ce rapport de bug</a>.</p>
<p>N'ayant ni le temps ni les compétences pour voir ce qui bloque exactement du côté de Certbot, j'ai fait ce que pas mal d'autres ont fait : j'ai recherché une alternative. La première alternative qui a attiré mon attention est <a href="https://kristaps.bsd.lv/acme-client/" title="acme-client">acme-client</a>, en version <a href="https://github.com/kristapsdz/acme-client-portable" title=""portable">portable</a>, d'ailleurs disponible au moment où j'écris ces lignes dans pkgsrc-wip. Mais en fait celui-ci ne semble pas fonctionner sous NetBSD, me hurlant des histoires de droits et de suid bizarres.</p>
<p>J'ai ensuite jeté mon dévolu sur dehydrated, un client écrit en Bash. Celui-ci a l'avantage non-négligeable de fonctionner, contrairement au précédent. Je me suis donc lancé dans son empaquetage (wip/dehydrated au moment où j'écris ces lignes, mais j'espère l'importer dans pkgrsc-current dès que possible). Dehydrated est assez pratique à utiliser, il nécessite des dépendances assez classiques pour un script shell (sed, awk, curl), en plus d'OpenSSL. Bien qu'il dispose de fichiers de configuration, de nombreuses options peuvent être spécifiées sur la ligne de commandes. Dehydrated prévoit aussi des scripts "hook" pour pouvoir déclencher d'autres actions avant et après le renouvellement d'un certificat par exemple.</p>
<p>Le paquet est globalement fonctionnel sous NetBSD, le seul prérequis avant de se lancer dans l'édition des fichiers de configuration est d'avoir une configuration OpenSSL existante (ce qui se fait rapidement, en copiant simplement le fichier d'exemple fourni dans <em>/usr/share/examples/openssl/</em>), et de savoir dans quel répertoire le challenge ACME sera déposé. J'espère d'ici là avoir amélioré la prise en compte d'OpenSSL d'ailleurs (utilisation de celui de pkgsrc par exemple). Idéalement, ce serait assez cool que dehydrated puisse utiliser <a href="https://www.libressl.org/" title="LibreSSL">LibreSSL</a>.</p>
<p>Il existe d'autres clients alternatifs que je n'ai pas essayés, comme <a href="https://github.com/srvrco/getssl" title=""obtain">getssl</a>, mais lequel est votre préféré et pourquoi ? Le formulaire de commentaire n'attend que votre réponse !</p>Kodi : récupérer certaines informations sur des addons2017-01-04T09:30:00+01:002017-01-04T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-01-04:/post/2017/01/04/Kodi-recuperer-certaines-informations-sur-des-addons/<p>J'ai récemment perdu le mot de passe d'un service web que j'utilise par le biais d'un addon de Kodi. Je sais, c'est pas très malin, j'ai malencontreusement écrasé ma base de mots de passe au mauvais moment. Shit happens, comme ils disent dans la langue de Shakespeare.</p>
<p>Comme c'est casse-pied …</p><p>J'ai récemment perdu le mot de passe d'un service web que j'utilise par le biais d'un addon de Kodi. Je sais, c'est pas très malin, j'ai malencontreusement écrasé ma base de mots de passe au mauvais moment. Shit happens, comme ils disent dans la langue de Shakespeare.</p>
<p>Comme c'est casse-pied de retaper un nouveau mot de passe via un clavier virtuel et une télécommande, je me suis demandé si le mot de passe était stocké en clair dans la configuration de l'addon. On sait jamais, sur un malentendu, ça pourrait marcher. J'ai donc commencé à fouiller dans l'arborescence de Kodi, et j'ai pu voir que celui-ci stocke ses informations dans <em>\~/.kodi</em>. On y trouve alors un répertoire <em>addons</em>, qui contient un répertoire par addon, ainsi qu'un répertoire <em>packages</em>, qui contient des archives des addons téléchargés. Il est intéressant de regarder le code source des addons, car c'est dans celui-ci que j'ai compris qu'il stockait bien le nom d'utilisateur et le mot de passe.</p>
<p>Au même niveau que le répertoire addons, se trouve un répertoire nommé <em>userdata</em>. Celui-ci contient un répertoire <em>addon_data</em>, dans lequel il y a un répertoire par addon. L'addon dont je souhaitais voir la configuration y a laissé un répertoire à son nom, contenant un fichier de paramètres ainsi qu'un répertoire temporaire. Un petit "cat" sur le fichier de paramètres dévoile donc le Graal :</p>
<div class="highlight"><pre><span></span><code><span class="nt"><settings></span>
<span class="nt"><setting</span> <span class="na">id=</span><span class="s">"OSpass"</span> <span class="na">value=</span><span class="s">"motdepasseenclair"</span> <span class="nt">/></span>
<span class="nt"><setting</span> <span class="na">id=</span><span class="s">"OSuser"</span> <span class="na">value=</span><span class="s">"utilisateur"</span> <span class="nt">/></span>
<span class="nt"></settings></span>
</code></pre></div>
<p>En résumé, les paramètres d'un addon Kodi se trouvent dans <em>\~/.kodi/userdata/addon_data/nomdeladdon/</em>, dans un fichier nommé <em>settings.xml</em>. Le code source se trouve quant à lui dans <em>\~/.kodi/addons/nomdeladdon/</em>.</p>
<p>Comme quoi, j'ai vraiment raison de ne vouloir utiliser qu'un unique trio e-mail/utilisateur/mot de passe sur certains sites ou certaines applications.</p>Bonne année 20172017-01-01T09:30:00+01:002017-01-01T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-01-01:/post/2017/01/01/Bonne-année-2017/<p>Bonne et heureuse année 2017 à toutes et à tous ! Qu'elle apporte joie, bonheur et réussite aux lecteurs de ce blog :)Les semaines à venir devraient apporter quelques billets, j'espère que j'aurai le temps d'en écrire d'autres après ça.</p>Vous naviguez toujours sur un site HTTPS2016-12-29T09:30:00+01:002016-12-29T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2016-12-29:/post/2016/12/29/Vous-naviguez-toujours-sur-un-site-HTTPS/<p>Bon d'accord, je suis over-méga-à la bourre sur celui-ci : en gros il y a quelques mois, après avoir <a href="/post/2016/02/10/Vous-naviguez-sur-un-site-HTTPS">passé ce blog en HTTPS</a>, je me suis rendu compte que certains couples OS/navigateurs ne fonctionnaient plus, par exemple certaines version d'Internet Explorer sous Windows 7. J'imagine que cela ne doit …</p><p>Bon d'accord, je suis over-méga-à la bourre sur celui-ci : en gros il y a quelques mois, après avoir <a href="/post/2016/02/10/Vous-naviguez-sur-un-site-HTTPS">passé ce blog en HTTPS</a>, je me suis rendu compte que certains couples OS/navigateurs ne fonctionnaient plus, par exemple certaines version d'Internet Explorer sous Windows 7. J'imagine que cela ne doit pas être beaucoup en terme de proportion, mais je me suis quand même dit que c'était vachement dommage. Je suis donc retourné voir <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" title=""Mozilla">générateur de configuration SSL proposé par Mozilla</a>, et j'ai sélectionné un choix "intermédiaire".</p>
<p>Première conséquence : une augmentation des clients compatibles, ça tombe bien, c'est le but ! Maintenant, pour profiter de ce blog, il suffit de disposer d'au minimum Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3 ou bien Java 7.</p>
<p>Deuxième conséquence : une baisse de la \^W \^W \^W \^W et bien non, même pas ! J'ai toujours une note de A+ au test <a href="https://www.ssllabs.com/ssltest/" title=""SSL">SSL Labs</a> ! Dans ces conditions, pourquoi se priver ? :)</p>
<h2>Commentaires</h2>
<h3>Le 02/01/2017 15:29 par Harvester</h3>
<p>Pense à activer l'OCSP Stapling sur ton Apache également, et à demander un certificat Let's Encrypt avec l'option "--must-staple" :)</p>
<h3>Le 02/01/2017 15:37 par Blue</h3>
<p>« je me suis rendu compte que certains couples OS/navigateurs ne fonctionnaient
plus, par exemple certaines version d'Internet Explorer sous Windows 7 »</p>
<p>Il y en a qui cherche aussi :-)</p>
<h3>Le 02/01/2017 15:52 par <a href="https://imirhil.fr/">aeris</a></h3>
<p>Oui mais non. https://tls.imirhil.fr/https/blog.anotherhomepage.org
Pour supporter les vieux navigateurs, tu dois activer 3DES qui est aujourd’hui complètement pété http://www.zdnet.fr/actualites/sweet32-les-vieux-algos-se-cachent-pour-mourir-39841068.htm
Ainsi que des suites non PFS, qui feraient qu’un heartbleed bis te ferait tout aussi mal.</p>
<p>La <strong>SEULE</strong> config viable/fiable aujourd’hui est ECHDE+AES (avec CHACHA20 si
tu le supportes), DHE montrant trop de signe de faiblesse et étant massivement
plus lent que ECHDE.</p>
<p>Cf https://blog.imirhil.fr/2015/09/02/cryptcheck-verifiez-implementations-tls.html pour plus de détails sur les choix à opérer.</p>
<h3>Le 04/01/2017 17:15 par Nils</h3>
<p>Ouah ! Tout d'abord, merci à vous trois pour vos commentaires, j'avoue que je
n'étais même pas certain que des gens lisaient encore mes billets !</p>
<p>@Harvester : c'est fait, et le certificat a été regénéré via l'option adéquate, suivie d'une vérification SSL labs + openssl !</p>
<p>@Blue : plus sérieusement, l'intérêt d'un blog, c'est parfois d'être lu. Il arrive que des gens utilisent l'OS et le navigateur imposé par leur employeur, et que pour ceux qui utilisent Windows, même la dernière version d'Internet Explorer pour Windows 7 était incapable de se connecter ici.</p>
<p>@aeris : le moins qu'on puisse dire c'est que tu as creusé le sujet en profondeur ! Concernant les vieux navigateurs, je crois qu'il faut d'abord définir desquels il s'agit. En ce qui me concerne, c'était le cas spécifique du dernier Internet Explorer pour Windows 7 qui m'avait fait modifier ma configuration, et ce n'est pas sensé être si vieux, puisque toujours maintenu par Microsoft. Je n'irai pas plus loin sur le sujet, tu l'as très bien abordé dans ton article en abordant le phénomène de dette technologique. A propos de ton outil de vérification des algorithmes de chiffrement, il est rudement bien fichu, bravo ! J'ai pu retirer sans problème les vieux algorithmes tout en vérifiant du côté de SSL Labs que les plateformes qui m'intéressent actuellement peuvent toujours accéder à ce blog. C'est d'ailleurs les 2 axes d'amélioration que je vois pour Cryptcheck : indiquer pour quel client/navigateur les algorithmes affichés sont les plus puissants, et peut-être proposer une explication de sa non-pertinence (par exemple, ajouter <a href="https://www.rc4nomore.com/">RC4 no more</a> sur les algorithmes basés sur RC4).</p>
<h3>Le 05/01/2017 10:37 par Blue</h3>
<p>@Nils : C'est vrai que certains n'ont pas le choix.</p>SSL à l'arrache, épisode 22016-12-28T09:30:00+01:002016-12-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2016-12-28:/post/2016/12/28/SSL-à-l-arrache,-épisode-2/<p>Le premier épisode est <a href="/post/2008/07/19/SSL-a-l-arrache">ici</a>. En gros, je voulais rapidement générer un certificat SSL/TLS à des fins de tests.</p>
<p>Mais pourquoi un deuxième épisode ? Parce qu'il manquait quelque chose au premier, c'est la facilité d'automatisation. Alors bon, pour un site public, aujourd'hui, <a href="https://letsencrypt.org/" title=""Let's">Let's Encrypt</a> fait très bien le travail …</p><p>Le premier épisode est <a href="/post/2008/07/19/SSL-a-l-arrache">ici</a>. En gros, je voulais rapidement générer un certificat SSL/TLS à des fins de tests.</p>
<p>Mais pourquoi un deuxième épisode ? Parce qu'il manquait quelque chose au premier, c'est la facilité d'automatisation. Alors bon, pour un site public, aujourd'hui, <a href="https://letsencrypt.org/" title=""Let's">Let's Encrypt</a> fait très bien le travail et il vaut mieux se diriger vers cela. Mais dans le cas d'un site de tests, voire utilisé uniquement dans un LAN, c'est moins évident.</p>
<p>Retournons-donc à ce bon vieil <a href="https://www.openssl.org/" title="OpenSSL">OpenSSL</a> et à <a href="https://www.openssl.org/docs/man1.0.1/apps/openssl.html" title=""Page">sa page de manuel</a>. Les autres pages de manuel sont fort utiles, elles aussi. On peut alors arriver à une seule commande créant un CSR puis un certificat. En utilisant l'argument <em>-subj</em> on peut alors indiquer directement sur la ligne de commande les informations de type pays, province, ainsi que le <em>common name</em>. On peut d'ailleurs ajouter plusieurs noms en ajoutant plusieurs directives de type "CN".</p>
<p>Voici un exemple de création de certificat auto-signé, valable un an :</p>
<div class="highlight"><pre><span></span><code>openssl req -x509 -nodes -days 365 -newkey rsa:4096 \\
-keyout default.key \\
-out default.crt \\
-subj '/C=FR/ST=IdF/L=Paris/O=Example Org/OU=Dev/CN=example/CN=example.org/CN=www.example.org'
</code></pre></div>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>
<h2>Commentaires</h2>
<h3>Le 09/01/2017 10:33 par utux</h3>
<blockquote>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>
</blockquote>
<p>Oui, sous debian/ubuntu quand tu installe 'ssl-cert' (qui vient souvent avec ca-cert et openssl) tu as un certificat auto-signé (généré lors de l'installation). /etc/ssl/private/ssl-cert-snakeoil.key et /etc/ssl/certs/ssl-cert-snakeoil.pem</p>
<p>ça peut faire gagner un peu de temps :)</p>
<h3>Le 10/01/2017 09:31 par Nils</h3>
<p>Merci utux pour ta proposition !</p>
<p>Je suis allé jeter un oeil au paquet source <a href="https://packages.debian.org/source/sid/ssl-cert">ssl-cert</a>, et je ne suis pas totalement convaincu :</p>
<ul>
<li>d'abord, l'outil semble vraiment pensé uniquement pour Debian, dès le début, le script essaie de sourcer des fichiers spécifiques (/usr/share/debconf/confmodule) ;</li>
<li>ensuite, le fait qu'il ne semble utiliser que le nom d'hôte de la machine, il n'y a pas moyen d'utiliser un nom alternatif dans le script ;</li>
<li>enfin, la clé générée n'a une longueur que de 2048 bits ; on pourra néanmoins argumenter que cela est paramétrable, et que de toute façon c'est un certificat par défaut qui a pour but d'être temporaire.</li>
</ul>Vous naviguez sur un site web HTTPS2016-02-10T12:30:00+01:002016-02-10T12:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2016-02-10:/post/2016/02/10/Vous-naviguez-sur-un-site-HTTPS/<p>Depuis hier, ce blog est dorénavant accessible uniquement en HTTPS. Pour l'exercice, j'ai fait en sorte que celui-ci dispose d'une note A+ au test <a href="https://www.ssllabs.com/ssltest/" title=""SSL">SSL Labs</a> de chez Qualys, en me basant sur une configuration proposée par le <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" title=""Mozilla">générateur de configuration SSL proposé par Mozilla</a>. J'ai choisi une configuration "moderne …</p><p>Depuis hier, ce blog est dorénavant accessible uniquement en HTTPS. Pour l'exercice, j'ai fait en sorte que celui-ci dispose d'une note A+ au test <a href="https://www.ssllabs.com/ssltest/" title=""SSL">SSL Labs</a> de chez Qualys, en me basant sur une configuration proposée par le <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" title=""Mozilla">générateur de configuration SSL proposé par Mozilla</a>. J'ai choisi une configuration "moderne". Côté certificat, j'ai choisi d'utiliser Let's Encrypt.</p>
<p>On peut très vite noter quelques impacts :</p>
<ul>
<li>d'abord, la liste des plus vieux clients compatibles : Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8 ;</li>
<li>ensuite, une légère augmentation du temps de chargement du site, qui peut s'avérer plus que significative lors d'une redirection HTTP vers HTTPS.</li>
</ul>
<p>Concernant les clients compatibles, je ne m'en fais pas trop, ce blog n'est pas très visité, et je doute que beaucoup de personnes visitent ce site avec Internet Explorer. Je suis un peu plus embêté pour Android, du fait d'une fragmentation assez importante. Du côté du temps de chargement, de nouvelles mesures réalisées un peu plus tard sont encourageantes, j'imagine donc que les divers caches possibles feront toujours leur travail et que la navigation sera confortable.</p>Java prend trop de place2015-10-21T09:30:00+02:002015-10-21T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-10-21:/post/2015/10/21/Java-prend-trop-de-place/<p>Un billet d'humeur, ça faisant longtemps. De temps en temps, il me prend l'envie de faire un peu de ménage sur mon disque dur, je pars donc à la recherche de fichiers volumineux, en double, ou inutiles. En la matière, je tiens un gagnant : Java.</p>
<p>Java, sur OS X, réclame …</p><p>Un billet d'humeur, ça faisant longtemps. De temps en temps, il me prend l'envie de faire un peu de ménage sur mon disque dur, je pars donc à la recherche de fichiers volumineux, en double, ou inutiles. En la matière, je tiens un gagnant : Java.</p>
<p>Java, sur OS X, réclame de temps à autres une mise à jour. C'est louable, de penser à la sécurité de l'utilisateur. Sauf que le téléchargement de la mise à jour se fait dans un répertoire inadapté (non, c'est trop simple de télécharger dans le répertoire "Téléchargements", on va aller mettre ça dans la bibliothèque de l'utilisateur, planqué au fond d'_Application Support_), mais en plus, le programme de mise à jour n'efface ni l'archive courante, ni les archives précédentes. Le résultat : environ 65Mo téléchargés, puis 65Mo décompressés à chaque mise à jour. Total sur ma machine : 972Mo. Je peux comprendre qu'on garde l'archive, qu'on garde l'installeur si l'installation se passe mal, mais franchement, ne pas purger les versions précédentes, je ne comprend pas.</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~/</span><span class="n">Library</span><span class="o">/</span><span class="n">Application</span><span class="w"> </span><span class="n">Support</span><span class="o">/</span><span class="n">Java</span><span class="err">$</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="o">-</span><span class="n">sh</span><span class="w"></span>
<span class="mi">972</span><span class="n">M</span><span class="w"> </span><span class="p">.</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~/</span><span class="n">Library</span><span class="o">/</span><span class="n">Application</span><span class="w"> </span><span class="n">Support</span><span class="o">/</span><span class="n">Java</span><span class="err">$</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="o">-</span><span class="n">sh</span><span class="w"> </span><span class="o">*</span><span class="w"></span>
<span class="mi">116</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.45.14</span><span class="w"></span>
<span class="mi">116</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.51.16</span><span class="w"></span>
<span class="mi">121</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.60.27</span><span class="w"></span>
<span class="mi">121</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.60.27</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
<span class="mi">121</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.60.27</span><span class="w"> </span><span class="mi">2</span><span class="w"></span>
<span class="mi">121</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.60.27</span><span class="w"> </span><span class="mi">3</span><span class="w"></span>
<span class="mi">129</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.60.27</span><span class="w"> </span><span class="mi">4</span><span class="w"></span>
<span class="mi">129</span><span class="n">M</span><span class="w"> </span><span class="n">Java</span><span class="w"> </span><span class="mf">1.8.65.17</span><span class="w"></span>
</code></pre></div>
<p>Je suis conscient de l'augmentation des capacités de stockage, mais quand même, faudrait pas pousser, non ? Ou alors, Oracle a passé un accord avec les fabricants de stockage pour vendre des disques durs encore plus gros (bon, j'avoue, ma théorie du complot est elle aussi un peu abusée) ?</p>
<p>Bon, bref, tout ça pour dire que sur une machine OS X, si vous voulez gagner quelques centaines de méga-octet facilement, il suffit de faire ceci :</p>
<div class="highlight"><pre><span></span><code>rm -rf ~/Library/Application Support/Java/*
</code></pre></div>
<h2>Commentaires</h2>
<h3>Le 26/10/2015 16:35 par Killator</h3>
<p>Java... Flash... Silverlight... Sur ma machine perso c'est dans /dev/null ;-)</p>installation minimaliste de CentOS 72015-08-29T09:30:00+02:002015-08-29T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-08-29:/post/2015/08/29/installation-minimaliste-de-CentOS-7/<p>Mieux vaut tard que jamais, j'ai commencé à jouer un peu avec CentOS 7 ! Bien que celle-ci regorge de fonctionnalités et de mécanismes intéressants, elle amène beaucoup de paquets logiciels. J'ai donc commencé par regarder ce que je pouvais retirer comme paquets, et à préparer une section _packages_ minimaliste, bien …</p><p>Mieux vaut tard que jamais, j'ai commencé à jouer un peu avec CentOS 7 ! Bien que celle-ci regorge de fonctionnalités et de mécanismes intéressants, elle amène beaucoup de paquets logiciels. J'ai donc commencé par regarder ce que je pouvais retirer comme paquets, et à préparer une section _packages_ minimaliste, bien plus que l'image iso "minimal install" fournie par les miroirs. Cette liste de paquets retirés peut se voir complétée par une liste de paquets à installer, mais il s'agit d'un choix personnel. Qu'ai-je donc retiré ? Et bien c'est simple, comme il s'agit généralement d'une installation sur une machine physique ou virtuelle reliée en réseau filaire et disposant d'une adresse IP fixe (sauf lors de l'installation), j'ai retiré tous les firmwares possibles de matériel que je n'utilise probablement pas, comme les cartes Wifi. J'ai aussi enlevé, usage serveur oblige, des paquets liés au son (alsa). Un choix discutable, j'ai retiré man et les pages de manuel de base : je considère, en particulier si la machine est "en production", que la documentation n'a rien à faire à cet endroit. Je n'ai, par contre, rien à redire à l'installation des pages de manuel sur une machine de test. De plus, comme j'utilise le système de fichiers proposé par défaut (xfs), j'estime ne pas avoir besoin des outils pour gérer les systèmes ext2-3-4 ou btrfs.</p>
<p>Voici donc, la liste :</p>
<div class="highlight"><pre><span></span><code><span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">nobase</span><span class="w"></span>
<span class="err">@</span><span class="n">core</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="o">-</span><span class="n">team</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="o">-</span><span class="n">tui</span><span class="w"></span>
<span class="o">-</span><span class="n">aic94xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">lib</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">atmel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">avahi</span><span class="o">-</span><span class="n">autoipd</span><span class="w"></span>
<span class="o">-</span><span class="n">avahi</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">b43</span><span class="o">-</span><span class="n">openfwwf</span><span class="w"></span>
<span class="o">-</span><span class="n">bfa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">biosdevname</span><span class="w"></span>
<span class="o">-</span><span class="n">btrfs</span><span class="o">-</span><span class="n">progs</span><span class="w"></span>
<span class="o">-</span><span class="n">dhclient</span><span class="w"></span>
<span class="o">-</span><span class="n">dmidecode</span><span class="w"></span>
<span class="o">-</span><span class="n">dnsmasq</span><span class="w"></span>
<span class="o">-</span><span class="n">dracut</span><span class="o">-</span><span class="n">network</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">gnutls</span><span class="w"></span>
<span class="o">-</span><span class="n">kexec</span><span class="o">-</span><span class="n">tools</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ivtv</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl1000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl105</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl135</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl2000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl2030</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3160</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3945</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl4965</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5150</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000g2a</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000g2b</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6050</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl7260</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">libertas</span><span class="o">-</span><span class="n">usb8388</span><span class="w"></span>
<span class="o">-</span><span class="n">man</span><span class="w"></span>
<span class="o">-</span><span class="n">man</span><span class="o">-</span><span class="n">db</span><span class="w"></span>
<span class="o">-</span><span class="n">mariadb</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">postfix</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql23xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2400</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2500</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt61pci</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt73usb</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">snappy</span><span class="w"></span>
<span class="o">-</span><span class="n">teamd</span><span class="w"></span>
<span class="o">-</span><span class="n">tuned</span><span class="w"></span>
<span class="o">-</span><span class="n">virt</span><span class="o">-</span><span class="n">what</span><span class="w"></span>
<span class="o">-</span><span class="n">wpa_supplicant</span><span class="w"></span>
<span class="o">-</span><span class="n">xorg</span><span class="o">-</span><span class="n">x11</span><span class="o">-</span><span class="n">drv</span><span class="o">-</span><span class="n">ati</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">zd1211</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
</code></pre></div>
<p>Il y a de fortes chances que pour une machine vraiment en production, j'ai besoin d'un MTA, mais à moins de prévoir une configuration dès l'installation, postfix fait aussi partie des exclus. De cette manière, non seulement le système s'installe rapidement, mais il démarre aussi rapidement ! On arrive à un total inférieur à 220 paquets. Cela peut varier pour vous en particulier si vous installez un système avec du RAID logiciel, qui nécessitera l'installation de mdadm.</p>
<p>Et vous, est-ce que vous retireriez d'autres paquets ?</p>Hébergement de contenu : 4 services gratuits ou presque !2015-08-27T09:30:00+02:002015-08-27T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-08-27:/post/2015/08/27/hebergement-de-contenu-4-services-gratuits-ou-presque/<p>Quand on souhaite démarrer un site web, se pose parfois la question du coût et du type d'hébergement qu'on souhaite acquérir : quelles capacités, pour quoi faire, à quel tarif ? On peut aussi se poser la question de la qualité, et vouloir démarrer petit pour ensuite grandir au fur et à …</p><p>Quand on souhaite démarrer un site web, se pose parfois la question du coût et du type d'hébergement qu'on souhaite acquérir : quelles capacités, pour quoi faire, à quel tarif ? On peut aussi se poser la question de la qualité, et vouloir démarrer petit pour ensuite grandir au fur et à mesure. Et aussi minimiser le risque financier en cas d'échec ou d'abandon. J'ai donc sélectionné pour vous quelques hébergeurs web originaux, pour démarrer votre aventure !</p>
<h3>Github Pages</h3>
<p>Si le site que vous démarrez est relatif à un projet de logiciel, ou à tout autre contenu hébergé sur Github, alors choisir <a href="https://pages.github.com/" title=""Github">Github Pages</a> vous permet de tout regrouper au même endroit. Vous pourrez, comme pour votre projet, gérer les versions de vos pages, via git, et même utiliser des générateurs de pages statiques, comme <a href="http://jekyllrb.com/" title="Jekyll">Jekyll</a> ou <a href="http://blog.getpelican.com/" title="Pelican">Pelican</a>. Il est toujours possible d'utiliser l'interface de Github pour éditer vos pages. De plus, Github Pages vous permet d'utiliser votre propre nom de domaine si vous le souhaitez ! Par contre, cela veut dire que les sources de votre site sont accessibles, à moins de payer pour un dépôt privé.</p>
<h3>Surge</h3>
<p><a href="https://surge.sh/" title="Surge">Surge</a> vous propose aussi d'héberger des pages statiques gratuitement, mais ne propose pas de gestion de version. Le service, tel qu'il est présenté sur le site, se veut néanmoins orienté développeurs, et propose d'héberger votre site en une seule ligne de commande, en utilisant un client dédié à l'hébergeur. De plus, lorsque vous déployez votre site, celui-ci est répliqué sur le CDN de Surge. Autre point intéressant, celui de pouvoir utiliser son propre nom de domaine (il y a même des <a href="https://surge.sh/help/adding-a-custom-domain" title=""Surge">explications</a> pour le faire). Enfin, Surge met aussi en avant l'utilisation d'un certificat SSL “basique”. Le client Surge est à mon sens une grande force mais aussi une grande faiblesse de ce service : bien que le code source <a href="https://github.com/sintaxi/surge" title=""code">soit disponible</a>, je n'ai pas vu de licence, et pas vu non plus d'autre moyen de déployer le contenu.</p>
<h3>Freeshell</h3>
<p>J'ai déjà eu l'occasion de vous parler de <a href="http://www.freeshell.org/" title="Freeshell">Freeshell</a> dans <a href="/post/2013/08/26/freeshell-votre-acces-terminal-UNIX-sur-internet" title="Freeshell">un billet précédent</a>. On a donc plus qu'un simple hébergement de fichiers statiques, on dispose d'un accès par SSH avec des commandes limitées. Il est possible d'avoir un accès utilisateur bien plus complet en envoyant 1 dollar ou 5 euros, et des services supplémentaires sont accessibles à d'autres tarifs. Alors certes, ce n'est pas vraiment gratuit, mais on ne donne qu'une fois. Un service comparable a été lancé en Europe : <a href="https://sdfeu.org/" title=""SDF">SDFeu</a>.</p>
<h3>RHIEN</h3>
<p>Le <a href="http://www.rhien.org/" title=""RHIEN">RHIEN</a> n'est pas qu'un hébergeur. C'est une association regroupant des hébergeurs à but non lucratif, pratiquant souvent l'auto-hébergement, et attachés à certaines valeurs comme la neutralité du net ou le Logiciel Libre. Vous y trouverez certainement plus que de l'hébergement de fichiers statiques, puisque la plupart des hébergeurs proposent PHP et MySQL.</p>
<p>Ces quatre moyens d'hébergement ont chacun des particularités qui le rendent unique. Alors, plutôt développeur, déployeur, accès shell ou indépendant ?</p>Moi aussi j'ai des lutins qui courent très vite dans les fils !2015-03-25T09:30:00+01:002015-03-25T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-03-25:/post/2015/03/25/Moi-aussi-j-ai-des-lutins-qui-courent-très-vite-dans-les-fils-!/<p>Résumé des épisodes précédents : NetBSD et PXE sont de grands copains. Démarrer ce type d'OS en PXE est faisable, pas trop difficile, documenté <a href="http://www.netbsd.org/docs/network/netboot/index.html" title=""Diskless">dans la langue de Shakespeare</a> ou dans celle de Molière que ce soit pour <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMFHS-030/NetBSD-sans-disque-ou-La-magie-des-lutins-qui-courent-tres-vite-dans-les-fils" title=""NetBSD">un système fini</a> (merci <a href="http://imil.net/wp/" title=""Emile">iMil</a>) ou juste <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-166/Creation-d-un-serveur-de-demarrage-PXE-sous-NetBSD-pour-installer-NetBSD" title=""Création">pour l'installation</a> (autopromotion sans honte).</p>
<p>Mieux …</p><p>Résumé des épisodes précédents : NetBSD et PXE sont de grands copains. Démarrer ce type d'OS en PXE est faisable, pas trop difficile, documenté <a href="http://www.netbsd.org/docs/network/netboot/index.html" title=""Diskless">dans la langue de Shakespeare</a> ou dans celle de Molière que ce soit pour <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMFHS-030/NetBSD-sans-disque-ou-La-magie-des-lutins-qui-courent-tres-vite-dans-les-fils" title=""NetBSD">un système fini</a> (merci <a href="http://imil.net/wp/" title=""Emile">iMil</a>) ou juste <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-166/Creation-d-un-serveur-de-demarrage-PXE-sous-NetBSD-pour-installer-NetBSD" title=""Création">pour l'installation</a> (autopromotion sans honte).</p>
<p>Mieux vaut tard que jamais, j'ai décidé de tenter ma chance et de configurer un système NetBSD sans disque, suite à la présence à \${HOME} d'une machine graphiquement réduite mais disposant d'une puissance de calcul non négligeable, jugez plutôt :</p>
<div class="highlight"><pre><span></span><code>marvin# egrep '(name|MHz)' /proc/cpuinfo
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2100.35
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2106.73
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2304.94
marvin# grep MemTotal /proc/meminfo
MemTotal: 3931368 kB
</code></pre></div>
<p>Merci à Madame de me laisser l'utiliser !</p>
<p>Je pourrais utiliser une clé USB, débrancher les disques durs et en ajouter un de mon stock. Mais ce ne serait pas drôle. J'ai utilisé les liens ci-dessus pour démarrer le brave Marvin via NFS, je ne vais donc pas paraphraser ces articles, mais ajouter ici quelques détails, remarques, trucs et peut-être astuces glanés ici et là et qui m'ont aidé.</p>
<p>D'abord, mieux vaut tester dans une machine virtuelle. Parce qu'aller chercher la bécane au fond sous le bureau, ça va une fois. Du coup, il faut s'assurer quand même qu'elle démarre sur le réseau, voire via Wake On LAN pour les plus fainéants. Sinon, une clé USB ou un CD Etherboot devrait faire l'affaire.</p>
<p>Ensuite, repérer la marque de la carte réseau et surtout potentiellement le pilote qui sera utilisé par NetBSD sera pratique : en effet, il faudra créer un fichier <em>ifconfig.xy0</em>, où <em>xy0</em> sera remplacé par le nom du pilote de la carte réseau, dans mon cas c'est <em>nfe0</em>. Comment trouver le nom du pilote ? Soit on démarre un noyau NetBSD (l'installeur par exemple, qui permet d'obtenir un shell et d'exécuter <em>dmesg | grep -i eth</em>), soit on connaît le modèle de carte réseau et on cherche dans <a href="http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/amd64/conf/GENERIC?only_with_tag=MAIN" title=""CVS">les sources</a>. En ce qui me me concerne, je suis allé cherché la chaîne "NVIDIA" dans le fichier de configuration du noyau.</p>
<p>Toujours dans la catégorie réseau, si vous faites des tests en machine virtuelle, vous risquez probablement de le faire depuis un ordinateur portable connecté en Wi-Fi. Mieux vaut réfléchir un instant à la qualité de son réseau sans fil, et envisager de faire les tests en filaire. Mon expérience personnelle (VM simple cœur, 2Go de ram) : en Wi-Fi, le système démarre en plus de 5 bonnes minutes, en filaire (gigabit Ethernet) cela met moins d'une minute. 5 FICHUES MINUTES QUOI !!! En prime, dès que vous allez vouloir écrire ne serait-ce qu'un méga-octet sur le système, cela va se traîner. J'ai senti ma douleur quand je me suis rendu compte que j'avais oublié de décompresser un set.</p>
<p>J'ai eu une surprise sur le fichier <em>/dev/null</em>, il peut être nécessaire de le recréer :</p>
<div class="highlight"><pre><span></span><code>marvin# cd /dev/
marvin# rm null
marvin# ./MAKEDEV -u all
</code></pre></div>
<p>L'installeur de NetBSD crée automatiquement certains fichiers ou paramètres. Sauf qu'on ne l'a pas utilisé... Parmi les trucs qu'il peut être utile de faire manuellement, il y a ces lignes dans /etc/fstab :</p>
<div class="highlight"><pre><span></span><code><span class="k">proc</span><span class="nb">fs</span><span class="w"> </span><span class="o">/</span><span class="nv">proc</span><span class="w"> </span><span class="nv">procfs</span><span class="w"> </span><span class="nv">rw</span><span class="p">,</span><span class="nv">auto</span><span class="p">,</span><span class="nv">linux</span><span class="w"></span>
<span class="nf">kernfs</span><span class="w"> </span><span class="o">/</span><span class="nv">kern</span><span class="w"> </span><span class="nv">kernfs</span><span class="w"> </span><span class="nv">rw</span><span class="w"></span>
<span class="nf">ptyfs</span><span class="w"> </span><span class="o">/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">pts</span><span class="w"> </span><span class="nv">ptyfs</span><span class="w"> </span><span class="nv">rw</span><span class="w"></span>
</code></pre></div>
<p>Il n'est pas obligatoire de monter <em>/proc</em> avec l'option <em>linux</em>, c'est juste un confort personnel. Ne pas oublier de créer les répertoires <em>/proc/</em> et <em>/kern/</em> avant.</p>
<p>Autre paramètre, celui de la date et de l'heure : par défaut, le système est en heure UTC, moi je veux l'heure de Paris. Pour cela, j'ai modifié le lien symbolique <em>/etc/localtime</em> :</p>
<div class="highlight"><pre><span></span><code>marvin# readlink -f /etc/localtime
/usr/share/zoneinfo/Europe/Paris
</code></pre></div>
<p>Cela n'exclut pas le paramétrage NTP.</p>
<p>J'ai choisi de ne configurer qu'un seul partage NFS, car je n'envisage pas dans l'immédiat d'utiliser ce partage pour d'autres machines. Du coup, je n'ai initialement pas paramétré de swap, mais j'ai ajouté un fichier après coup, en utilisant <a href="http://www.netbsd.org/docs/misc/index.html#adding-swap" title=""Adding">la documentation officielle</a>. Cela donne :</p>
<div class="highlight"><pre><span></span><code><span class="nv">marvin</span># <span class="nv">dd</span> <span class="k">if</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">zero</span> <span class="nv">bs</span><span class="o">=</span><span class="mi">1024</span><span class="nv">k</span> <span class="nv">count</span><span class="o">=</span><span class="mi">1024</span> <span class="nv">of</span><span class="o">=/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">chmod</span> <span class="mi">600</span> <span class="o">/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">swapctl</span> <span class="o">-</span><span class="nv">a</span> <span class="o">-</span><span class="nv">p</span> <span class="mi">1</span> <span class="o">/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">echo</span> <span class="s2">"</span><span class="s">/swapfile none swap sw,priority=1 0 0</span><span class="s2">"</span> <span class="o">>></span> <span class="o">/</span><span class="nv">etc</span><span class="o">/</span><span class="nv">fstab</span>
</code></pre></div>
<p>Si comme moi vous avez déjà un serveur PXE en place, avec un fichier boot.cfg utilisé par pxeboot_ia32.bin, vous n'avez pas envie de mettre tous les noyaux, d'installation ou non, dans une longue liste. Il est possible de créer un deuxième fichier, qu'on donne à manger à pxeboot en lieu et place de boot.cfg. On le paramètre au niveau du serveur DHCP, par exemple pour ISC DHCP j'ai mis en place la configuration suivante :</p>
<div class="highlight"><pre><span></span><code><span class="nt">host</span><span class="w"> </span><span class="nt">marvin</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">hardware</span><span class="w"> </span><span class="err">ethernet</span><span class="w"> </span><span class="err">01:23:45:67:89:ab</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fixed-address</span><span class="w"> </span><span class="err">192.168.1.13</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">host-name</span><span class="w"> </span><span class="err">"marvin"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">root-path</span><span class="w"> </span><span class="err">"/chemin/vers/diskless/nbmarvin"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">filename</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="err">"boot.cfg"</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">filename</span><span class="w"> </span><span class="err">"</span><span class="n">tftp</span><span class="p">:</span><span class="n">nbmarvin</span><span class="o">.</span><span class="n">boot</span><span class="o">.</span><span class="n">cfg</span><span class="err">"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span>
<span class="err">}</span><span class="w"></span>
</code></pre></div>
<p>On remarque donc que si pxeboot veut récupérer boot.cfg depuis la machine marvin, alors on lui servira nbmarvin.boot.cfg.</p>
<p>J'ai aussi remarqué que le clavier est en qwerty par défaut. Comme je n'ai pas relié de clavier ou d'écran à cette machine, et que j'ai configuré un accès SSH dès que possible, je n'ai pas changé ce paramètre. Toutefois, pour les pressés, vous pouvez utiliser <a href="https://www.netbsd.org/docs/guide/en/chap-boot.html#chap-boot-keyboard-layout" title=""Changing">la documentation officielle</a> pour changer l'agencement du clavier.</p>
<p>Et sinon, pas de bol, la carte Wi-Fi PCI n'est pas reconnue :</p>
<div class="highlight"><pre><span></span><code>vendor 0x1814 product 0x3060 (miscellaneous network) at pci1 dev 7 function 0 not configured
</code></pre></div>
<p>Bref, quelques notes en vrac qui, je l'espère, pourront s'avérer utile à l'occasion. Maintenant, il me reste à utiliser cette puissance de calcul à ma disposition (quelqu'un a dit bulk build pkgsrc ?).</p>vimrc global à son système2015-02-06T09:30:00+01:002015-02-06T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-02-06:/post/2015/02/06/vimrc-global-pour-le-système/<p>Quand on utilise Vim, on a tendance à personnaliser sa configuration en ajoutant ses options préférées dans son fichier <em>\~/.vimrc</em>. Sur un système GNU/Linux (mon expérience porte principalement sur RHEL/CentOS/Fedora), il est possible d'étendre cette personnalisation à tous les utilisateurs d'un système en modifiant <em>/etc/vimrc</em>. En …</p><p>Quand on utilise Vim, on a tendance à personnaliser sa configuration en ajoutant ses options préférées dans son fichier <em>\~/.vimrc</em>. Sur un système GNU/Linux (mon expérience porte principalement sur RHEL/CentOS/Fedora), il est possible d'étendre cette personnalisation à tous les utilisateurs d'un système en modifiant <em>/etc/vimrc</em>. En revanche, côté NetBSD, le chemin n'est pas le même. On pourrait naïvement penser qu'il suffit d'utiliser le préfixe <em>/usr/pkg</em>, hein ? Bein non, loupé : le fichier par défaut pour tous les utilisateurs est <em>/usr/pkg/share/vim/vimrc</em>. Heureusement, rien d'insurmontable, et quelques liens symboliques bien placés permettront d'harmoniser les configurations sur tous les systèmes.</p>je m'en frotte encore les yeux2015-01-26T09:30:00+01:002015-01-26T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-01-26:/post/2015/01/26/je-m-en-frotte-encore-les-yeux/<p>J'ai encore du mal à y croire : sur la page de la liste des <a href="http://www.netbsd.org/people/developers.html" title="">développeurs NetBSD</a>, on y trouve un "Nils". Et c'est moi.</p>
<p>Je. Suis. Développeur. NetBSD.</p>
<p>Je m'en frotte encore les yeux. Je me pince de temps en temps. Et il m'arrive d'aller vérifier sur la page, des …</p><p>J'ai encore du mal à y croire : sur la page de la liste des <a href="http://www.netbsd.org/people/developers.html" title="">développeurs NetBSD</a>, on y trouve un "Nils". Et c'est moi.</p>
<p>Je. Suis. Développeur. NetBSD.</p>
<p>Je m'en frotte encore les yeux. Je me pince de temps en temps. Et il m'arrive d'aller vérifier sur la page, des fois que quelqu'un soit revenu sur la décision.</p>
<p>Bon allez, c'est pas tout, j'ai des paquets à commiter.</p>
<h2>Commentaires</h2>
<h3>Le 30/01/2015 09:56 par orgrim</h3>
<p>Félicitations Mr Nils@ :-)</p>
<h3>Le 05/02/2015 09:33 par Nils</h3>
<p>Merci :)</p>CentOS Dojo Paris talk2014-12-17T12:30:00+01:002014-12-17T12:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-12-17:/post/2014/12/17/CentOS-Dojo-Paris-talk/<p><strong>EN</strong></p>
<p>Following my <a href="/post/2014/08/25/CentOS-Dojo-Paris">previous post</a> about the CentOS Dojo in Paris last August, the recording of my talk is now online : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Many thanks to <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for hosting the video !</p>
<p><strong>FR</strong></p>
<p>Suite à mon <a href="/post/2014/08/25/CentOS-Dojo-Paris">billet précédent</a> sur le CentOS Dojo à Paris en Août dernier, l'enregistrement de …</p><p><strong>EN</strong></p>
<p>Following my <a href="/post/2014/08/25/CentOS-Dojo-Paris">previous post</a> about the CentOS Dojo in Paris last August, the recording of my talk is now online : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Many thanks to <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for hosting the video !</p>
<p><strong>FR</strong></p>
<p>Suite à mon <a href="/post/2014/08/25/CentOS-Dojo-Paris">billet précédent</a> sur le CentOS Dojo à Paris en Août dernier, l'enregistrement de ma présentation est maintenant disponible : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Merci beaucoup à <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> pour l'hébergement de la vidéo !</p>On vit dans un monde formidable2014-12-17T09:30:00+01:002014-12-17T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-12-17:/post/2014/12/17/On-vit-dans-un-monde-formidable/<p>J'ai déjà fait quelques billets sur <a href="http://www.openssh.org/fr/index.html" title="OpenSSH">OpenSSH</a>, c'est toujours un plaisir d'apprendre de nouveaux trucs avec ce logiciel ! Parmi les trucs super chouette, il y a les possibilités d'<a href="/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH">utilisation transparente</a>. Si vous avez la flemme de lire le lien, en gros quand je voulais passer au travers d'un serveur …</p><p>J'ai déjà fait quelques billets sur <a href="http://www.openssh.org/fr/index.html" title="OpenSSH">OpenSSH</a>, c'est toujours un plaisir d'apprendre de nouveaux trucs avec ce logiciel ! Parmi les trucs super chouette, il y a les possibilités d'<a href="/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH">utilisation transparente</a>. Si vous avez la flemme de lire le lien, en gros quand je voulais passer au travers d'un serveur OpenSSH de manière transparente, j'utilisais ce genre de configuration :</p>
<div class="highlight"><pre><span></span><code><span class="k">Host</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="w"> </span><span class="n">Hostname</span><span class="w"> </span><span class="n">lenomouladresseipduserveurdepuislapasserelle</span><span class="w"></span>
<span class="w"> </span><span class="n">Port</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="w"> </span><span class="n">Protocol</span><span class="w"> </span><span class="mi">2</span><span class="w"></span>
<span class="w"> </span><span class="k">User</span><span class="w"> </span><span class="n">nils</span><span class="w"></span>
<span class="w"> </span><span class="n">ProxyCommand</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">nils</span><span class="nv">@passerelle</span><span class="w"> </span><span class="ss">"nc %h %p"</span><span class="w"></span>
</code></pre></div>
<p>Depuis OpenSSH 5.4 (ouais, ça date, hein), il n'y a plus besoin de faire appel à Netcat ("nc" dans la directive "ProxyCommand"). Il suffit d'utiliser la commande "ssh -W". Cela donne donc :</p>
<div class="highlight"><pre><span></span><code>Host serveurdmz1
Hostname lenomouladresseipduserveurdepuislapasserelle
Port 22
Protocol 2
User nils
ProxyCommand ssh -W %h:%p passerelle
</code></pre></div>
<p>Y a pas à dire, on vit dans un monde formidable, où des développeurs prennent en compte les utilisations de leur logiciel.</p>Relai de spam, cela n'arrive qu'aux autres ?2014-11-11T09:30:00+01:002014-11-11T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-11-11:/post/2014/11/11/Relai-de-spam,-cela-n-arrive-qu-aux-autres/<p>Ça y est. Le jour que je redoutais est arrivé : après plus de 7 années sans problème majeur, Another Home Page a été victime de l'exploitation d'une faille de sécurité. Ou, en tous cas, c'est la première dont je me rend compte ce qui n'est guère rassurant. Est-ce parce que …</p><p>Ça y est. Le jour que je redoutais est arrivé : après plus de 7 années sans problème majeur, Another Home Page a été victime de l'exploitation d'une faille de sécurité. Ou, en tous cas, c'est la première dont je me rend compte ce qui n'est guère rassurant. Est-ce parce que j'ai tardé à appliquer des mises à jour sur mon serveur ? Non, il s'agit en réalité d'une faille applicative présente sur l'un des sites que j'héberge. Pour être exact, il s'agit de l'exploitation <a href="https://www.drupal.org/PSA-2014-003" title=""Drupal">d'une faille de Drupal</a>. Le site n'a pas été mis à jour assez tôt, et mon infra s'est retrouvée relai de spam, bien malgré moi !</p>
<p>Comment m'en suis-je rendu compte ? Deux éléments m'y ont aidé : d'une part la réception d'un mail de la part d'une organisation anti-spam, <a href="http://www.junkemailfilter.com" title=""Junk">Junk Email Filter</a>. D'autre part, certaines adresses mail de destination étant invalides, j'ai reçu des réponses de type "mailer-daemon" incluant le contenu du mail en pièce jointe. D'autres éléments auraient mérité plus d'attention de ma part, comme par exemple le nombre de requêtes sur une page donnée, le nombre de mails envoyés par mon serveur de mail et surtout le nombre de mails bloqués pour cause de spam.</p>
<p>Par la suite, j'ai averti la personne responsable du site victime, qui s'est empressée de mettre à jour son site. Hélas, comme le mentionne <a href="http://www.nextinpact.com/news/90751-drupal-alerte-sur-faille-sql-comblee-mais-pas-pour-tout-monde.htm" title=""Drupal">Next INpact</a>, cela ne suffit pas. Sans rentrer dans le détail, décision a été prise d'effacer tous les sites web tournant sous Drupal. Et maintenant, je n'ai plus qu'à me refaire une réputation auprès des services de filtrage anti-spam...</p>
<p>Je n'ai d'ailleurs pris conscience que tard de la quantité impressionnante de mails que le spammeur a envoyé via mon infrastructure. Au moment de l'écriture de ce billet, je termine tout juste de purger la file d'attente de mon serveur de mails...</p>
<p>Que retenir de cet évènement ?</p>
<p>- Plus que jamais, les mises à jour de sécurité au niveau OS ne sont pas suffisantes. Il est crucial de mettre aussi à jour les applications web ;</p>
<p>- il est important de surveiller correctement ses services, en effet, le volume de mails dans la file d'attente aurait dû me mettre la puce à l'oreille ;</p>
<p>- Enfin, ma gestion des sauvegardes mériterait quelques améliorations...</p>CentOS Dojo Paris2014-08-25T20:54:00+02:002014-08-25T20:54:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-08-25:/post/2014/08/25/CentOS-Dojo-Paris/<p><em>Version en français plus bas.</em></p>
<p>For once, this blog post is available both in french and in english. Today I attended the first <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo in Paris</a>. I also had the chance to be one of the speakers, wich was a very interesting experience : even if I am almost used …</p><p><em>Version en français plus bas.</em></p>
<p>For once, this blog post is available both in french and in english. Today I attended the first <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo in Paris</a>. I also had the chance to be one of the speakers, wich was a very interesting experience : even if I am almost used to talk to a crowd, it was a long time since I used a microphone (more than 10 years if I remember correctly). Moreover, it was my first talk in english, and the demo I planned failed. Since all the talks of the day were recorded, I'm not going to tell you who talked about what. You can go to <a href="https://twitter.com/AHP_Nils" title=""Nils">my Twitter account</a> or search tweets with the hashtag <a href="https://twitter.com/hashtag/centosdojo?src=hash" title="#centosdojo">#centosdojo</a>. However I can't help thinking again about my talk and the problem in my demo. My frustration is compensated by the fact that everyone was really nice to me. Like I tweeted earlier, I learned the lesson and won't try another live demo soon. While waiting for the recordings to be online, you can <a href="http://medias.anotherhomepage.org/talks/CentOS/Paris-2014/" title=""CentOS">download the slides</a>, in french or in english. Many thanks to <a href="http://zenika.com/" title=""Zenika">Zenika</a>, <a href="http://www.normation.com/" title="Normation">Normation</a> and <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for sponsoring the event !</p>
<p>Pour une fois, ce billet est en français et en anglais. Aujourd'hui j'ai assisté au premier <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo à Paris</a>. J'ai aussi eu la chance d'être l'un des intervenants, ce qui fut une expérience très intéressante : même si j'ai à peu près l'habitude de parler en public, je n'ai pas utilisé de micro depuis très longtemps (plus de 10 ans si je me souviens bien). De plus, cela a été ma première présentation en anglais, et la démo que j'avais prévue n'a pas fonctionné. Puisque toutes les présentations du jour ont été enregistrées, je ne vais pas vous raconter qui a parlé de quoi. Vous pouvez simplement aller voir sur <a href="https://twitter.com/AHP_Nils" title=""Nils">mon compte Twitter</a> ou rechercher les tweets ayant pour hashtag <a href="https://twitter.com/hashtag/centosdojo?src=hash" title="#centosdojo">#centosdojo</a>. Cependant, je ne peux m'empêcher de penser à ma présentation et au problème lors de ma démo. Ma frustration est compensée par le fait que tout le monde a été sympa avec moi. Comme je l'ai tweeté plus tôt, j'ai compris la leçon et je ne vais pas tenter des démonstrations en direct. En attendant que les enregistrements soient en ligne, vous pouvez <a href="http://medias.anotherhomepage.org/talks/CentOS/Paris-2014/" title=""CentOS">télécharger les slides</a>, en français ou en anglais. Merci beaucoup à <a href="http://zenika.com/" title=""Zenika">Zenika</a>, <a href="http://www.normation.com/" title="Normation">Normation</a> et <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> d'avoir sponsorisé l'évènement !</p>obtenir facilement les propriétés d'un fichier avec stat2013-09-02T09:42:00+02:002013-09-02T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-09-02:/post/2013/09/02/obtenir-facilement-les-proprietes-d-un-fichier-avec-stat/<p>Généralement, quand on cherche à obtenir les propriétés d'un fichier, on utilise la commande <em>ls</em>, avec l'argument <em>-l</em>, ce qui donne un résultat proche de ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">crw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">août</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="mi">11</span><span class="err">:</span><span class="mi">21</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>C'est bien gentil, mais …</p><p>Généralement, quand on cherche à obtenir les propriétés d'un fichier, on utilise la commande <em>ls</em>, avec l'argument <em>-l</em>, ce qui donne un résultat proche de ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">crw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">août</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="mi">11</span><span class="err">:</span><span class="mi">21</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>C'est bien gentil, mais si on ne souhaite avoir comme information que le propriétaire d'un fichier, ça fait beaucoup de choses à filtrer. Filtrer la sortie de ls avec awk n'est pas le truc le plus méchant, mais je trouve que c'est comme utiliser un fusil à pompe pour se débarrasser d'une mouche. On est dans le monde UNIX, là où il y a des programmes qui ne font qu'une seule tâche, mais qui la font bien.</p>
<p>Et l'outil qui fait cela se nomme tout simplement <em>stat</em>, et est disponible sur de nombreux systèmes. Sous RHEL/CentOS, il est inclus dans le paquet <em>coreutils</em>, et il est installé avec le système de base dans NetBSD. Là où c'est par contre un peu moins drôle, c'est que l'implémentation Linux diffère de l'implémentation BSD.</p>
<p>Exemple, sous Linux :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">%</span><span class="n">U</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
</code></pre></div>
<p>Et ensuite sous NetBSD :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dev</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">%</span><span class="n">U</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="nl">stat</span><span class="p">:</span><span class="w"> </span><span class="k">unknown</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="n">c</span><span class="w"></span>
<span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">[</span><span class="n">-FlLnqrsx</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-f format</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-t timefmt</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">file ...</span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Allez, on recommence avec les bonnes options :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dev</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">f</span><span class="w"> </span><span class="o">%</span><span class="n">Su</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
</code></pre></div>
<p>Ici, j'ai cherché à afficher le nom de l'utilisateur propriétaire du fichier, mais d'autres propriétés sont disponibles, comme le nom du groupe, les UID et GID propriétaires, les droits, la taille, les dates de création et de modification, le nom du fichier... D'ailleurs, lancé sans autre argument que le nom du fichier, stat propose bon nombre d'informations.</p>freeshell : votre accès terminal UNIX sur internet2013-08-26T09:42:00+02:002013-08-26T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-26:/post/2013/08/26/freeshell-votre-acces-terminal-UNIX-sur-internet/<p>Je me suis dit que ça serait sympa de vous faire découvrir l'association <a href="http://sdf.org/?faq?BASICS?01" title="SDF">SDF</a> (pour Super Dimension Fortress) et son projet <a href="http://www.freeshell.org" title="Freeshell">freeshell</a> : un accès en mode terminal sur une machine UNIX (NetBSD pour être exact). Cet accès, dans certaines conditions, est gratuit. C'est assez chouette, ça existe depuis très longtemps …</p><p>Je me suis dit que ça serait sympa de vous faire découvrir l'association <a href="http://sdf.org/?faq?BASICS?01" title="SDF">SDF</a> (pour Super Dimension Fortress) et son projet <a href="http://www.freeshell.org" title="Freeshell">freeshell</a> : un accès en mode terminal sur une machine UNIX (NetBSD pour être exact). Cet accès, dans certaines conditions, est gratuit. C'est assez chouette, ça existe depuis très longtemps et permet d'apprendre les rudiments d'UNIX sans forcément installer en physique ou en virtuel ce type d'environnement. L'association fait cela à but éducatif et culturel, et est reconnue "non-profit" (oui, c'est une association américaine).</p>
<p>Pour accéder à freeshell, et créer un compte, il suffit de se munir d'un client SSH et de se connecter de la façon suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">ssh</span><span class="w"> </span><span class="k">new</span><span class="nv">@sdf</span><span class="p">.</span><span class="n">org</span><span class="w"></span>
</code></pre></div>
<p>il existe d'autres moyens, qui reposent généralement sur SSH ou telnet, sur la page <a href="http://sdf.org/?signup" title=""SDF">d'inscription au service</a>.</p>
<p>J'ai indiqué plus haut que sous certaines conditions, ce service est gratuit : il y a en fait différent niveaux de services, selon ce que vous êtes prêts à payer. Une fois le compte et l'accès créé, vous disposez de certains outils, comme :</p>
<ul>
<li>mutt, pop3, imap, icq, twitter, bsflite (aim), irc (sur le réseau SDF) ;</li>
<li>games, mud, lynx, gopher, TOPS-20 ;</li>
<li>hébergement HTTP statique de type http://yourlogin.sdf.org (d'autres domaines sont possibles) ;</li>
<li>traceroute, ping, whois, dig et d'autres.</li>
</ul>
<p>mais tout ça est dans un shell limité. Si vous consentez à payer une petite somme (historiquement 1 Dollar US), un accès shell "classique" (comprendre : bash, ksh, tcsh, rc ou zsh) vous est alors ouvert, avec bien plus de possibilités, comme le webmail, FTP, SFTP (en entrée, pas en sortie), ou un accès à plus d'outils. Pourquoi le shell limité et pourquoi la somme ? Pour éviter le spam d'une part, et d'autre part car le traitement peut se faire par courrier papier, il suffit d'envoyer un billet de 1 Dollar (ou de 5 Euros) à l'adresse indiquée dans la <a href="http://www.sdf.org/index.cgi?why" title=""SDF">page d'explication</a>.</p>
<p>Encore plus d'outils et de possibilités sont offertes à qui est prêt à mettre un peu plus la main au portefeuille, et certains services sont facturés au mois, comme par exemple un accès VPN. Le tout est hébergé aux USA, et il existe aussi une version européenne, hébergée en Allemagne : <a href="https://sdfeu.org/w/join:join" title=""SDF">SDFEU</a>. Rien que pour l'accès shell, traceroute, dig, whois et autres lynx, c'est assez pratique je trouve, d'avoir un point "de sortie" ailleurs que dans son pays d'origine. Cela permet par exemple de tester des filtrages (géolocalisation ?). C'est aussi, à mon sens, un moyen de disposer d'un hébergement web (statique) peu coûteux et à taille plus humaine, et à finalité moins commerciale.</p>dépôt de paquets pkgsrc en mode rapide2013-08-19T09:42:00+02:002013-08-19T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-19:/post/2013/08/19/depot-de-paquets-pkgsrc-en-mode-rapide/<p>Avec pkgsrc, on peut facilement créer des paquets binaires avant de les installer. Généralement, un simple :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@machine</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">category</span><span class="o">/</span><span class="n">software</span><span class="err">$</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">package</span><span class="w"></span>
</code></pre></div>
<p>suffit pour créer un paquet. On peut l'installer avec la cible "install" en plus, mais on peut aussi faire ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">rm</span> <span class="o">-</span><span class="nv">f</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All …</span></code></pre></div><p>Avec pkgsrc, on peut facilement créer des paquets binaires avant de les installer. Généralement, un simple :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@machine</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">category</span><span class="o">/</span><span class="n">software</span><span class="err">$</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">package</span><span class="w"></span>
</code></pre></div>
<p>suffit pour créer un paquet. On peut l'installer avec la cible "install" en plus, mais on peut aussi faire ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">rm</span> <span class="o">-</span><span class="nv">f</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All</span><span class="o">/</span><span class="nv">pkg_summary</span><span class="o">*</span>
<span class="k">for</span> <span class="nv">i</span> <span class="nv">in</span> $<span class="ss">(</span><span class="nv">ls</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All</span><span class="cm">/*.tgz | sort); do pkg_info -X $i >> /usr/pkgsrc/packages/All/pkg_summary; done</span>
<span class="cm">bzip2 /usr/pkgsrc/packages/All/pkg_summary</span>
</code></pre></div>
<p>Ensuite, ajouter dans sa configuration pkgin le dépôt suivant : <em>file:///usr/pkgsrc/packages/All</em>. Un <em>pkgin in nomdupackage</em> plus tard, et tout est installé. C'est d'autant plus sympathique pour les mises à jour. Ainsi, j'ai ajouté les commandes précédentes dans un script shell que j'appelle après compilation du paquet. Je peux aussi copier les paquets avec le fichier <em>pkg_summary.bz2</em> à un autre endroit pour que d'autres machines en profitent. Mais tout ceci est manuel et ne saurait remplacer une infrastructure de bulk build.</p>10 ans de dotclear2013-08-13T09:42:00+02:002013-08-13T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-13:/post/2013/08/13/10-ans-de-dotclear/<p>Je me prend au jeu de fêter les 10 ans du moteur de blog <a href="http://www.dotclear.net" title="Dotclear">Dotclear</a>, comme annoncé sur <a href="https://twitter.com/dotclear/status/364344872267821056" title=""Twitter">Twitter</a>, dont je reprend le texte ici, pour archive :</p>
<blockquote>
<p>Pour les 10 ans de #Dotclear le 13/08/13, publiez sur votre blog le 13 août votre texte : "Dotclear et moi, tout …</p></blockquote><p>Je me prend au jeu de fêter les 10 ans du moteur de blog <a href="http://www.dotclear.net" title="Dotclear">Dotclear</a>, comme annoncé sur <a href="https://twitter.com/dotclear/status/364344872267821056" title=""Twitter">Twitter</a>, dont je reprend le texte ici, pour archive :</p>
<blockquote>
<p>Pour les 10 ans de #Dotclear le 13/08/13, publiez sur votre blog le 13 août votre texte : "Dotclear et moi, tout une histoire" #dotclear10</p>
</blockquote>
<p>Alors voilà, Dotclear ça fait presque 8 ans que je m'en sers (voir <a href="/post/2005/11/13/1-first-post">mon premier billet,</a> rien d'original, j'ai même changé le nom du blog depuis). Et franchement, même si j'y ai pensé, je n'ai pas prévu de changer de crèmerie. Pourquoi ? Parce que :</p>
<ul>
<li>ça fonctionne ;</li>
<li>ça fournit tout ce dont j'ai besoin, ou presque ;</li>
<li>c'est du logiciel libre ;</li>
<li>c'est français (j'avoue, je suis assez chauvin sur ce coup) ;</li>
<li>ça n'a pas l'air d'une usine à gaz ;</li>
<li>et c'est encore développé.</li>
</ul>
<p>J'ai réussi à transvaser ce blog d'un hébergement Free à 1and1, puis à mon serveur dédié, sous différents OS, différentes versions d'Apache, de PHP, de MySQL, au gré de l'évolution de mes compétences techniques. Dotclear a été le premier témoin de ces évolutions, quelque part le premier outil aussi.</p>
<p>Alors, joyeux anniversaire, Dotclear ! Puisse-tu te développer encore plus et encore mieux pour les 10 prochaines années !</p>sudoers.d2013-08-12T09:42:00+02:002013-08-12T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-12:/post/2013/08/12/sudoers.d/<p>J'ai mis du temps à m'en rendre compte : la plupart des OS récents disposant de <a href="http://www.sudo.ws/" title="sudo">sudo</a> ont en plus de leur fichier <em>sudoers</em> un répertoire nommé <em>sudoers.d</em>. A quoi sert ce répertoire ? Tout simplement à inclure des fichiers de configuration sudo, en utilisant la même syntaxe que le fichier …</p><p>J'ai mis du temps à m'en rendre compte : la plupart des OS récents disposant de <a href="http://www.sudo.ws/" title="sudo">sudo</a> ont en plus de leur fichier <em>sudoers</em> un répertoire nommé <em>sudoers.d</em>. A quoi sert ce répertoire ? Tout simplement à inclure des fichiers de configuration sudo, en utilisant la même syntaxe que le fichier <em>sudoers</em>. Comment cela est-il possible ? Grâce à la capacité de sudo à inclure des fichiers de configuration, comme en témoigne cet extrait (pris sous NetBSD), généralement à la fin du fichier <em>sudoers</em> :</p>
<div class="highlight"><pre><span></span><code>## Read drop-in files from /usr/pkg/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /usr/pkg/etc/sudoers.d
</code></pre></div>
<p>Maintenant, au lieu d'ajouter de la configuration dans <em>sudoers</em>, il suffit de créer un fichier, par exemple <em>sudoers.d/toto</em> contenant notre configuration personnelle.</p>
<p>Et pour la compatibilité ? La plus vieille version de sudo que j'ai testée avec succès est la 1.7.2p1, sur une CentOS 5. J'ai aussi fait un test sur une RHEL 4.5 (disposant de sudo 1.6.7p5), mais celui-ci n'était pas concluant.</p>en cours dans pkgsrc-wip et pkgsrc2013-08-06T09:42:00+02:002013-08-06T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-06:/post/2013/08/06/en-cours-dans-pkgsrc-wip-et-pkgsrc/<p>C'est un peu bizarre, en commençant ce billet, je m'aperçois que la catégorie se nomme "Linux et Logiciels libres". Il m'apparaît que pour un billet traitant surtout de NetBSD et de pkgsrc, ce n'est pas très malin. Abracadabra ! La catégorie se nomme dorénavant "Logiciels libres". Bref, passons.</p>
<p>Je maintiens quelques …</p><p>C'est un peu bizarre, en commençant ce billet, je m'aperçois que la catégorie se nomme "Linux et Logiciels libres". Il m'apparaît que pour un billet traitant surtout de NetBSD et de pkgsrc, ce n'est pas très malin. Abracadabra ! La catégorie se nomme dorénavant "Logiciels libres". Bref, passons.</p>
<p>Je maintiens quelques paquets pour NetBSD, grâce à pkgsrc. Cela pourrait peut-être en intéresser certains, et leur donner un peu de visibilité. Commençons par celui qui a fait son entrée il y a un moment dans pkgsrc de manière stable, à savoir <a href="http://pkgsrc.se/sysutils/logrotate" title=""sysutils/logrotate">sysutils/logrotate</a> : j'en suis assez content, c'est mon premier paquet, et j'arrive à peu près à le maintenir : à l'heure où j'écris ces lignes, la dernière version est la 3.8.6 (sortie dimanche 4 août !!!), la dernière disponible dans pkgsrc-current est la 3.8.5, et pkgsrc-2013Q2 dispose de la 3.8.4.</p>
<p>Je m'étais aussi pas mal investi sur Cacti, mais quelqu'un m'a doublé et l'a importé dans net/cacti avant que je puisse proposer quoi que ce soit. Pas grave, j'ai concentré mes efforts sur <a href="http://pkgsrc.se/wip/cacti-spine" title=""cacti-spine">wip/cacti-spine</a>, qui je l'espère, sera bientôt importé. J'ai pris la peine d'ajouter quelques plugins à Cacti dans pkgsrc-wip : <a href="http://pkgsrc.se/wip/cacti-plugin-aggregate" title=""cacti-plugin-aggregate">cacti-plugin-aggregate</a>, <a href="http://pkgsrc.se/wip/cacti-plugin-realtime" title=""cacti-plugin-realtime">cacti-plugin-realtime</a>, et <a href="http://pkgsrc.se/wip/cacti-plugin-rrdclean" title=""cacti-plugin-rrdclean">cacti-plugin-rrdclean</a>. J'ai aussi mis à jour quelques autres plugins qui étaient déjà présent, comme <a href="http://pkgsrc.se/wip/cacti-plugin-weathermap" title=""cacti-plugin-weathermap">cacti-plugin-weathermap</a> ou <a href="http://pkgsrc.se/wip/cacti-plugin-thold" title=""cacti-plugin-thold">cacti-plugin-thold</a>. C'est en fait assez facile : une fois qu'un plugin est correctement empaqueté, il suffit de le copier et de remplacer son nom, la version, et les descriptions (éventuellement la licence) pour en faire un autre.</p>
<p>Dans le registre "travail en cours", j'ai pu empaqueter <a href="http://pkgsrc.se/wip/pelican" title=""pelican">wip/pelican</a> et quelques dépendances (les autres étaient déjà présentes dans pkgsrc). Je n'ai pas encore pris le temps de jouer avec, mais le concept m'intéresse assez pour que j'en fasse un paquet.</p>
<p>Bref, cher lecteur, si tu as du temps à perdre, n'hésite pas à compiler, tester ces paquets et me faire un petit retour, ça me ferait très plaisir !</p>nihilo2013-07-30T09:42:00+02:002013-07-30T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-07-30:/post/2013/07/30/nihilo/<p>Bon, mon billet précédent date de la fin de l'année dernière. Autant dire une éternité. Pendant ce temps, je n'ai rien blogué. Le néant. Et ça commence à me démanger sévère. Pourtant j'en ai fait des trucs. J'ai des projets en cours. Je vais donc tenter d'en parler. L'avantage, c'est …</p><p>Bon, mon billet précédent date de la fin de l'année dernière. Autant dire une éternité. Pendant ce temps, je n'ai rien blogué. Le néant. Et ça commence à me démanger sévère. Pourtant j'en ai fait des trucs. J'ai des projets en cours. Je vais donc tenter d'en parler. L'avantage, c'est que ce blog continuera à vivre un peu. L'inconvénient, c'est que les billets seront plus court. Enfin, est-ce bien un inconvénient ?</p>Antisèches Cisco, réseau et autres2012-12-20T09:30:00+01:002012-12-20T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2012-12-20:/post/2012/12/20/antiseches-cisco-reseau-et-autres/<p>Session de surf en mode "veille technologique" (sauf que je suis en congés), en passant par l'excellent <a href="http://planet.centos.org" title=""Planet">Planet CentOS</a>, je suis tombé sur <a href="http://www.bit-integrity.com/2012/11/best-networking-cheat-sheets.html" title=""Bit">un post de blog</a> menant à des posters antisèches pour différents domaines ! C'est super intéressant, on y trouve plein de configurations Cisco pour les protocoles de routage …</p><p>Session de surf en mode "veille technologique" (sauf que je suis en congés), en passant par l'excellent <a href="http://planet.centos.org" title=""Planet">Planet CentOS</a>, je suis tombé sur <a href="http://www.bit-integrity.com/2012/11/best-networking-cheat-sheets.html" title=""Bit">un post de blog</a> menant à des posters antisèches pour différents domaines ! C'est super intéressant, on y trouve plein de configurations Cisco pour les protocoles de routage connus, les VPN <a href="https://fr.wikipedia.org/wiki/Ipsec" title=""IPsec">IPsec</a>, voire même des configurations Wi-Fi ! D'autres posters permettent de vite retrouver les bases, comme la notation <a href="https://fr.wikipedia.org/wiki/Adresse_IP#Agr.C3.A9gation_des_adresses" title=""Notation">CIDR IPv4</a>, les filtres pour <a href="https://fr.wikipedia.org/wiki/Wireshark" title=""Wireshark">Wireshark</a> ou quelques syntaxes wiki bien utilisées.</p>
<p>Pour couronner le tour, le site propose non seulement le téléchargement de ces antisèches au format PDF, mais aussi l'impression et l'envoi d'une de ces antisèches, au format poster bien entendu !</p>
<p>Si vous êtes intéressés, le site en question est <a href="http://packetlife.net/library/cheat-sheets/" title=""Packet">Packet Life</a>, et l'antisèche disponible en poster imprimé est <a href="http://packetlife.net/posters/" title=""Poster">celle-ci</a>.</p>Nombre d'occurrences dans un fichier - remix2012-10-01T13:37:00+02:002012-10-01T13:37:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2012-10-01:/post/2012/10/01/Nombre-d-occurrences-dans-un-fichier-remix/<p>Je détaillais dans <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">un billet</a> écrit il y a déjà un sacré bout de temps comment obtenir une sorte de top 10 des adresses IP effectuant le plus de requêtes dans un fichier de log Apache. J'ai décidé de revenir dessus, et de faire quelques déclinaisons de ce one-liner selon …</p><p>Je détaillais dans <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">un billet</a> écrit il y a déjà un sacré bout de temps comment obtenir une sorte de top 10 des adresses IP effectuant le plus de requêtes dans un fichier de log Apache. J'ai décidé de revenir dessus, et de faire quelques déclinaisons de ce one-liner selon les recherches. Attention si vous voulez copier-coller ces exemples, ils ont été réalisés sous NetBSD, et la commande <em>sort</em> n'a pas les mêmes options. Grosso modo pour le moment, j'ai vu que là où on écrit <em>sort -g</em> sous GNU/Linux, il faut écrire <em>sort -n</em> sous NetBSD. J'ai aussi décidé de me limiter à un top 5 dans l'affichage, afin d'éviter un billet trop long.</p>
<p>Revenons donc d'abord sur le one-liner de base, les IP qui font le plus de requêtes, avec à gauche, l'adresse IP, et à droite le nombre de hits :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mf">81.</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="w"> </span><span class="mi">6414</span><span class="w"></span>
<span class="mf">208.</span><span class="n">F</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">I</span><span class="w"> </span><span class="mi">1578</span><span class="w"></span>
<span class="mf">178.</span><span class="n">K</span><span class="p">.</span><span class="n">G</span><span class="p">.</span><span class="n">B</span><span class="w"> </span><span class="mi">1301</span><span class="w"></span>
<span class="mf">67.</span><span class="n">D</span><span class="p">.</span><span class="n">S</span><span class="p">.</span><span class="n">T</span><span class="w"> </span><span class="mi">1179</span><span class="w"></span>
<span class="mf">77.</span><span class="n">C</span><span class="p">.</span><span class="n">I</span><span class="p">.</span><span class="n">A</span><span class="w"> </span><span class="mi">1157</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, effectuons pareil mais sur les URLs visitées, toujours avec le nombre de hits à droite :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="mi">7787</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="mi">4010</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">06</span><span class="o">/</span><span class="mi">20</span><span class="o">/</span><span class="n">Utilisateurs</span><span class="o">-</span><span class="n">virtuels</span><span class="o">-</span><span class="n">sous</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">base</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">donnees</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="mi">1910</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2007</span><span class="o">/</span><span class="mi">11</span><span class="o">/</span><span class="mi">28</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">et</span><span class="o">-</span><span class="n">configuration</span><span class="o">-</span><span class="n">dun</span><span class="o">-</span><span class="n">serveur</span><span class="o">-</span><span class="n">dedie</span><span class="o">-</span><span class="n">OpenArena</span><span class="o">-</span><span class="mi">071</span><span class="w"> </span><span class="mi">1284</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2009</span><span class="o">/</span><span class="mi">11</span><span class="o">/</span><span class="mi">09</span><span class="o">/</span><span class="n">Utilisation</span><span class="o">-</span><span class="n">transparente</span><span class="o">-</span><span class="n">d</span><span class="o">-</span><span class="n">une</span><span class="o">-</span><span class="n">passerelle</span><span class="o">-</span><span class="n">SSH</span><span class="w"> </span><span class="mi">1266</span><span class="w"></span>
</code></pre></div>
<p>Comme il ne s'agit que de modifier le numéro du champ, on peut aussi voir les codes de retour HTTP les plus obtenus :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$9]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mi">200</span><span class="w"> </span><span class="mi">57019</span><span class="w"></span>
<span class="mi">304</span><span class="w"> </span><span class="mi">6156</span><span class="w"></span>
<span class="mi">404</span><span class="w"> </span><span class="mi">1797</span><span class="w"></span>
<span class="mi">500</span><span class="w"> </span><span class="mi">114</span><span class="w"></span>
<span class="mi">403</span><span class="w"> </span><span class="mi">20</span><span class="w"></span>
</code></pre></div>
<p>On peut ensuite aller chercher avec <em>grep</em> les pages causant des erreurs 500 ou 404.</p>
<p>Toujours avec la même facilité (un simple numéro de champ à modifier), on peut afficher les referers qui amènent le plus de hits :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$11]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">44306</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5"</span><span class="w"> </span><span class="mi">3443</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL"</span><span class="w"> </span><span class="mi">686</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH"</span><span class="w"> </span><span class="mi">552</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=phpmyadmin+centos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">401</span><span class="w"></span>
</code></pre></div>
<p>On remarque que beaucoup n'ont pas de referer, mais il est probable que ce soient des hits sur le flux RSS. On remarque aussi que j'ai beaucoup de referers de mon propre site, il me suffit de les filtrer si je ne veux pas les afficher. Afin de rendre le traitement plus rapide, je décide de mettre la commande <em>grep</em> en premier dans mon traitement :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="ss">"blog.anotherhomepage.org"</span><span class="w"> </span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$11]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">44306</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=phpmyadmin+centos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">401</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=centos+phpmyadmin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">166</span><span class="w"></span>
<span class="ss">"http://forum.hardware.fr/hfr/OSAlternatifs/Installation/resolu-centos-phpmyadmin-sujet_70143_1.htm"</span><span class="w"> </span><span class="mi">121</span><span class="w"></span>
<span class="ss">"http://www.google.fr/"</span><span class="w"> </span><span class="mi">77</span><span class="w"></span>
</code></pre></div>
<p>Reprenons notre affichage des URLs les plus visitées, mais cette fois prenons en compte les méthodes (GET, HEAD, POST) et la version du protocole HTTP :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$2]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">s</span><span class="err">\\</span><span class="n">t</span><span class="o">%</span><span class="n">d</span><span class="err">"</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">field</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">frequencies</span><span class="o">[</span><span class="n">field</span><span class="o">]</span><span class="p">;</span><span class="err">}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">4</span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="w"> </span><span class="mi">4266</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">3521</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="w"> </span><span class="mi">2181</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">1829</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">06</span><span class="o">/</span><span class="mi">20</span><span class="o">/</span><span class="n">Utilisateurs</span><span class="o">-</span><span class="n">virtuels</span><span class="o">-</span><span class="n">sous</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">base</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">donnees</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">1193</span><span class="w"></span>
</code></pre></div>
<p>On note ici l'utilisation de l'option "-F" de awk pour changer le motif du séparateur de champ, ce qui me permet d'avoir des champs avec espace.</p>
<p>Enfin, dernier exemple, trions maintenant les User-Agents :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$6]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">d</span><span class="err">\\</span><span class="n">t</span><span class="o">%</span><span class="n">s</span><span class="err">"</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">frequencies</span><span class="o">[</span><span class="n">field</span><span class="o">]</span><span class="p">,</span><span class="w"> </span><span class="n">field</span><span class="p">;</span><span class="err">}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mi">10539</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">Windows</span><span class="p">;</span><span class="w"> </span><span class="n">U</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">NT</span><span class="w"> </span><span class="mf">5.1</span><span class="p">;</span><span class="w"> </span><span class="n">fr</span><span class="p">;</span><span class="w"> </span><span class="nl">rv</span><span class="p">:</span><span class="mf">1.8.1</span><span class="p">)</span><span class="w"> </span><span class="n">VoilaBot</span><span class="w"> </span><span class="n">BETA</span><span class="w"> </span><span class="mf">1.2</span><span class="w"> </span><span class="p">(</span><span class="n">support</span><span class="p">.</span><span class="n">voilabot</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"></span>
<span class="mi">6493</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">4.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">MSIE</span><span class="w"> </span><span class="mf">4.01</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">CE</span><span class="p">;</span><span class="w"> </span><span class="n">PPC</span><span class="p">;</span><span class="w"> </span><span class="mi">240</span><span class="n">x320</span><span class="p">;</span><span class="w"> </span><span class="n">SPV</span><span class="w"> </span><span class="n">M700</span><span class="p">;</span><span class="w"> </span><span class="n">OpVer</span><span class="w"> </span><span class="mf">19.123.2.733</span><span class="p">)</span><span class="w"> </span><span class="n">OrangeBot</span><span class="o">-</span><span class="n">Mobile</span><span class="w"> </span><span class="mf">2008.0</span><span class="w"> </span><span class="p">(</span><span class="n">mobilesearch</span><span class="p">.</span><span class="n">support</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"></span>
<span class="mi">4188</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Yahoo</span><span class="err">!</span><span class="w"> </span><span class="n">Slurp</span><span class="o">/</span><span class="mf">3.0</span><span class="p">;</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">help</span><span class="p">.</span><span class="n">yahoo</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">help</span><span class="o">/</span><span class="n">us</span><span class="o">/</span><span class="n">ysearch</span><span class="o">/</span><span class="n">slurp</span><span class="p">)</span><span class="w"></span>
<span class="mi">3269</span><span class="w"> </span><span class="n">msnbot</span><span class="o">/</span><span class="mf">2.0</span><span class="n">b</span><span class="w"> </span><span class="p">(</span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="k">search</span><span class="p">.</span><span class="n">msn</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">msnbot</span><span class="p">.</span><span class="n">htm</span><span class="p">)</span><span class="w"></span>
<span class="mi">3017</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Googlebot</span><span class="o">/</span><span class="mf">2.1</span><span class="p">;</span><span class="w"> </span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">google</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">bot</span><span class="p">.</span><span class="n">html</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>J'ai décidé cette fois-ci d'afficher le nombre d'occurrences à gauche, car le nombre de champs (séparés par un espace) n'est plus fixe dans le cas des User-Agents. Mais au moment d'écrire cette phrase, j'ai de nouveau parcouru <a href="http://netbsd.gw.com/cgi-bin/man-cgi?sort+.amd64+NetBSD-6.0" title=""sort">la page de manuel de sort</a> et j'ai pu voir qu'il est possible de spécifier le séparateur de champ (option -t). J'ai utilisé le caractère \$ pour séparer le nombre d'occurrences du libellé du User-Agent, suivi de 'tr' pour le remplacer par une tabulation :</p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$6]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">s</span><span class="err">$</span><span class="o">%</span><span class="n">d</span><span class="ss">" , field , frequencies[field];}' < ./access.log | sort -nr -t$ -k 2,2| tr $ "</span><span class="err">\\</span><span class="n">t</span><span class="err">"</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">Windows</span><span class="p">;</span><span class="w"> </span><span class="n">U</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">NT</span><span class="w"> </span><span class="mf">5.1</span><span class="p">;</span><span class="w"> </span><span class="n">fr</span><span class="p">;</span><span class="w"> </span><span class="nl">rv</span><span class="p">:</span><span class="mf">1.8.1</span><span class="p">)</span><span class="w"> </span><span class="n">VoilaBot</span><span class="w"> </span><span class="n">BETA</span><span class="w"> </span><span class="mf">1.2</span><span class="w"> </span><span class="p">(</span><span class="n">support</span><span class="p">.</span><span class="n">voilabot</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"> </span><span class="mi">10539</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">4.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">MSIE</span><span class="w"> </span><span class="mf">4.01</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">CE</span><span class="p">;</span><span class="w"> </span><span class="n">PPC</span><span class="p">;</span><span class="w"> </span><span class="mi">240</span><span class="n">x320</span><span class="p">;</span><span class="w"> </span><span class="n">SPV</span><span class="w"> </span><span class="n">M700</span><span class="p">;</span><span class="w"> </span><span class="n">OpVer</span><span class="w"> </span><span class="mf">19.123.2.733</span><span class="p">)</span><span class="w"> </span><span class="n">OrangeBot</span><span class="o">-</span><span class="n">Mobile</span><span class="w"> </span><span class="mf">2008.0</span><span class="w"> </span><span class="p">(</span><span class="n">mobilesearch</span><span class="p">.</span><span class="n">support</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"> </span><span class="mi">6493</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Yahoo</span><span class="err">!</span><span class="w"> </span><span class="n">Slurp</span><span class="o">/</span><span class="mf">3.0</span><span class="p">;</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">help</span><span class="p">.</span><span class="n">yahoo</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">help</span><span class="o">/</span><span class="n">us</span><span class="o">/</span><span class="n">ysearch</span><span class="o">/</span><span class="n">slurp</span><span class="p">)</span><span class="w"> </span><span class="mi">4188</span><span class="w"></span>
<span class="n">msnbot</span><span class="o">/</span><span class="mf">2.0</span><span class="n">b</span><span class="w"> </span><span class="p">(</span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="k">search</span><span class="p">.</span><span class="n">msn</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">msnbot</span><span class="p">.</span><span class="n">htm</span><span class="p">)</span><span class="w"> </span><span class="mi">3269</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Googlebot</span><span class="o">/</span><span class="mf">2.1</span><span class="p">;</span><span class="w"> </span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">google</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">bot</span><span class="p">.</span><span class="n">html</span><span class="p">)</span><span class="w"> </span><span class="mi">3017</span><span class="w"></span>
</code></pre></div>
<p>Le choix du caractère de séparateur de champ est discutable, mais il ne change pas qu'après réflexion, l'affichage de la commande précédente me semble plus lisible. Et je pense qu'afficher le nombre d'occurences en permier sera plus lisible dans d'autres cas, comme le referer ou l'URL.</p>Couleurs dans le terminal2011-12-05T08:40:00+01:002011-12-05T08:40:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-12-05:/post/2011/12/05/couleurs-dans-le-terminal/<p>Pour beaucoup de gens, la vue d'un terminal, en général en texte blanc sur fond noir (mais aussi en noir sur fond blanc ou beige sur certaines distributions), peut s'avérer très peu attrayante. En ce qui me concerne je me suis accommodé et j'ai fini par apprécier le terminal, grâce …</p><p>Pour beaucoup de gens, la vue d'un terminal, en général en texte blanc sur fond noir (mais aussi en noir sur fond blanc ou beige sur certaines distributions), peut s'avérer très peu attrayante. En ce qui me concerne je me suis accommodé et j'ai fini par apprécier le terminal, grâce à quelques modifications cosmétiques apportant de la couleur. Je trouve ainsi mon environnement beaucoup plus lisible.</p>
<h2>Le prompt</h2>
<p>Dans bash (et probablement dans d'autres shells), il est possible de modifier l'apparence du prompt via la variable d'environnement <em>PS1</em>. Regardons quelle est la valeur de PS1 sur un système CentOS (les simples quotes visent à montrer qu'il y a un espace à la fin) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'[\\u@\\h \\W]\\$ '</span><span class="w"></span>
</code></pre></div>
<p>Il est possible d'en modifier l'apparence avec de nombreux paramètres, tels que la couleur, certaines informations. Par exemple, j'ai choisi d'appliquer la personnalisation suivante sur tous mes environnements bash :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'\\[\\]\\u\\[\\]@\\[\\]\\h\\[\\]:\\w\\[\\]\\$\\[\\] '</span><span class="w"></span>
</code></pre></div>
<p>Ce qui est gênant, c'est que si ma variable d'environnement possède des couleurs, leurs codes ne sont pas affichés mais directement interprétés. En réalité, ma variable PS1 vaut :</p>
<div class="highlight"><pre><span></span><code># récupartion depuis mon bashrc :
PS1=$'\\[\\E[01;32m\\]\\u\\[\\E[0m\\]@\\[\\E[01;36m\\]\\h\\[\\E[0m\\]:\\w\\[\\E[01;32m\\]\\$\\[\\E[0m\\] '
</code></pre></div>
<p>Le nom d'utilisateur et le signe "\$" sont verts, tandis que le nom d'hôte est bleu. J'ai réalisé une variante pour l'utilisateur root où le vert est remplacé par du rouge.</p>
<p>Pour essayer, rien de plus simple : il suffit d'exporter la variable d'environnement PS1 avec une nouvelle valeur :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'[\\u@\\h \\W]\\$ '</span><span class="w"></span>
<span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">PS1</span><span class="o">=</span><span class="err">$</span><span class="s1">'\\[\\E[01;32m\\]\\u\\[\\E[0m\\]@\\[\\E[01;36m\\]\\h\\[\\E[0m\\]:\\w\\[\\E[01;32m\\]\\$\\[\\E[0m\\] '</span><span class="w"></span>
<span class="n">root</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'\\[\\]\\u\\[\\]@\\[\\]\\h\\[\\]:\\w\\[\\]\\$\\[\\] '</span><span class="w"></span>
</code></pre></div>
<p>Il est possible d'aller plus loin, comme de remplacer \\h par \\H pour obtenir le nom complet de la machine, d'insérer la date, d'afficher le prompt en gras... Vous trouverez chez <a href="http://www.cyberciti.biz/faq/bash-shell-change-the-color-of-my-shell-prompt-under-linux-or-unix/" title="Nixcraft">Nixcraft</a> les différents codes pour démarrer et stopper une couleur, ainsi que pour la mise en gras.</p>
<p>Si vos expérimentations amènent un résultat peu plaisant, deux possibilités : la première consiste à appliquer de nouveau l'ancienne valeur PS1, si vous avez copié son contenu ailleurs, ou d'aller le chercher par exemple dans /etc/bashrc ; la deuxième consiste tout simplement à fermer puis relancer votre terminal.</p>
<p>Une fois que votre nouveau prompt vous plaît, vous voulez rendre le changement définitif. Il est possible d'éditer son fichier <em>.bashrc</em>, <em>.bash_profile</em> ou <em>.profile</em> pour cela. Si vous souhaitez que ce changement soit effectif pour tous les utilisateurs, il est possible de modifier directement <em>/etc/profile</em> ou <em>/etc/bashrc</em>, mais je ne vous le recommande pas : il est possible de mal éditer le fichier et de supprimer accidentellement des commandes utiles, et donc de mettre en vrac son système.</p>
<p>Pour CentOS/RHEL/Fedora, j'ai pris l'habitude de créer un fichier nommé <em>/etc/profile.d/prompt.sh</em> : en effet, le fichier <em>/etc/profile</em> de ces distributions charge tous les .sh situés dans <em>/etc/profile.d</em>. Il devient donc aisé d'ajouter ou de retirer des personnalisations shell comme des alias, le prompt, et d'autres variables d'environnement qui affecteront tous les utilisateurs.</p>
<p>Pour NetBSD, j'ai choisi de créer un fichier <em>/usr/pkg/etc/bashrc</em> contenant ces personnalisations, et d'ajouter le contenu suivant dans <em>/etc/profile</em> (qui, par défaut, ne contient que des commentaires) :</p>
<div class="highlight"><pre><span></span><code>if [ "<span class="cp">${</span><span class="n">BASH_no</span><span class="cp">}</span>" != "no" ]; then
[ -r /usr/pkg/etc/bashrc ] <span class="err">&&</span> . /usr/pkg/etc/bashrc
fi
</code></pre></div>
<h2>De la couleur dans ls</h2>
<p>Selon votre système, cette option peut ne pas être disponible : cela fonctionne avec CentOS 4 et 5, mais pas avec NetBSD. Il s'agit tout simplement d'utiliser l'option <em>--color</em>, qui peut être complétée, par exemple <em>--color=auto</em> ou <em>--color=tty</em>. D'où viennent ces couleurs ? De la variable d'environnement LS_COLORS. On peut donc modifier cette variable pour afficher les couleurs différemment, et consulter la page de manuel de <a href="http://pwet.fr/man/linux/commandes/dircolors" title="dircolors">dircolors</a> pour plus de détails.</p>
<h2>Grep</h2>
<p>La commande <em>grep</em> possède une option <em>--color</em>, parfois activée par défaut dans un alias sur certaines distributions. Elle colore en rouge la chaîne de caractères recherchée, que ce soit sous CentOS ou NetBSD.</p>
<h2>Pages de manuel en couleur</h2>
<p><em>most</em> permet de visualiser un texte, comme <em>more</em> ou <em>less</em>. A la différence de ces deux derniers, <em>most</em> affiche les pages de manuel en couleur. Pour cela, vous pouvez utiliser la commande suivante :</p>
<div class="highlight"><pre><span></span><code>PAGER=most man <votrecommande>
</code></pre></div>
<p>Pour que ce soit définitif, exportez la variable d'environnement <em>PAGER=most</em>. Attention toutefois, vérifiez que vous n'avez pas un <em>PAGER=more</em> qui traîne quelque part. Concernant la disponibilité du package, on peut le trouver dans <a href="http://pkgsrc.se/misc/most" title=""most">pkgsrc</a> ainsi que dans <a href="http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/" title=""most">RPMForge</a>.</p>
<h2>Colorer ses fichiers de log</h2>
<p>Un outil très pratique pour avoir des fichiers de log en couleurs est <a href="http://freecode.com/projects/ccze" title="ccze">ccze</a>. Il m'arrive de l'utiliser de la manière suivante :</p>
<div class="highlight"><pre><span></span><code>tail -f /chemin/vers/mon/log/apache | ccze
</code></pre></div>
<p>Je peux aussi m'en servir sur un fichier qui n'est pas mis à jour en direct, en duo avec less :</p>
<div class="highlight"><pre><span></span><code>ccze -A < monfichierdelog | less -R
</code></pre></div>
<p>Ce petit bijou connaît de nombreux formats de fichiers de log, et les rend du coup plus agréables à lire. C'est disponible dans <a href="http://pkgsrc.se/sysutils/ccze" title=""ccze">pkgsrc</a> et dans <a href="http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/ccze.html" title=""ccze">EPEL</a></p>
<h2>Un top en couleur ?</h2>
<p><a href="http://htop.sourceforge.net/" title="htop">Htop</a> est une version “améliorée” de top qui, en plus d'afficher la couleur, affiche les taux d'occupation processeur et mémoire d'une manière un peu “graphique”. A noter cependant que cet outil est d'abord développé pour Linux, et qu'il faut, sous NetBSD, monter <em>/proc</em> avec l'option “linux” (celle-ci est cependant différente de la couche de compatibilité binaire linux). Htop est disponible dans <a href="http://pkgsrc.se/sysutils/htop" title=""htop">pkgsrc</a> et dans <a href="http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/htop.html" title=""htop">EPEL</a></p>
<h2>Coloration syntaxique avec VIm</h2>
<p>Vous trouvez <em>vi</em> trop morne et déprimant ? Installez <a href="http://www.vim.org/" title="VIm">VIm</a> et activez la coloration syntaxique ! Souvent, seul <em>vi</em> est installé. Côté pkgsrc, le package se nomme <a href="http://pkgsrc.se/editors/vim" title=""vim">vim</a> et a pour dépendance <a href="http://pkgsrc.se/editors/vim-share" title=""vim-share">vim-share</a>. Côté Red Hat, on installera <em>vim-enhanced</em> (dispo dans les dépôts de base). Une fois ceci fait, ajoutez dans votre répertoire <em>home</em> un fichier .vimrc contenant au moins :</p>
<div class="highlight"><pre><span></span><code>syn on
set nu
</code></pre></div>
<p>Ensuite, éditez un script shell, par exemple. Vous verrez la couleur et les numéros de ligne. Pour ceux qui comme moi on un fond noir ou sombre, on ajoutera la directive suivante à son <em>.vimrc</em> :</p>
<div class="highlight"><pre><span></span><code>set bg=dark
</code></pre></div>
<p>La coloration syntaxique s'adaptera ainsi au fond de votre terminal.</p>
<p>Et voilà ! C'est Noël sur votre shell :-)</p>
<h2>Commentaires</h2>
<h3>Le 13/12/2011 11:49 par <a href="http://daemontux.org">Zanko</a></h3>
<p>On peut avoir la couleur directement sous less avec quelques variables d’environnement, du style :
export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking
export LESS_TERMCAP_md=$'\E[01;38;5;33m' # begin bold
export LESS_TERMCAP_me=$'\E[0m' # end mode
export LESS_TERMCAP_se=$'\E[0m' # end standout-mode
export LESS_TERMCAP_so=$'\E[01;31;5;31m' # begin standout-mode - info box
export LESS_TERMCAP_ue=$'\E[0m' # end underline
export LESS_TERMCAP_us=$'\E[38;5;31m' # begin underline</p>Lancement de GNU Screen en arrière-plan2011-11-28T09:30:00+01:002011-11-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-11-28:/post/2011/11/28/lancement-de-gnu-screen-en-arriere-plan/<p>Les entrailles de GNU Screen (que j'abrègerai en <em>screen</em> par la suite) sont parfois difficiles à comprendre. L'histoire commence ainsi : je possède une machine NetBSD, un peu bruyante, que j'allume le matin au lever et que j'éteins le soir au coucher. J'utilise screen sur cette machine, et j'aimerais, par grosse …</p><p>Les entrailles de GNU Screen (que j'abrègerai en <em>screen</em> par la suite) sont parfois difficiles à comprendre. L'histoire commence ainsi : je possède une machine NetBSD, un peu bruyante, que j'allume le matin au lever et que j'éteins le soir au coucher. J'utilise screen sur cette machine, et j'aimerais, par grosse fénéantise, que ce dernier se lance au démarrage de ma machine, en mode détaché. De la sorte, il ne me reste qu'à lancer un bon vieux “screen -r” lorsque que je m'y connecte et mon comportement ne change pas d'autres machines allumées 24h/24 : je me connecte, je “screen -r” et je suis prêt.</p>
<p>Jusque-là rien de bien particulier : un petit tour dans la page de manuel m'apprend que cela est déjà possible :</p>
<div class="highlight"><pre><span></span><code>screen -d -m
</code></pre></div>
<p>Cette commande permet de faire en sorte qu'il démarre en mode détaché, et que c'est justement fait pour un éventuel script de démarrage. En bref, la paix dans le monde, mes amis :-)</p>
<p>Je me précipite donc sur \${EDITOR} et entame l'écriture épique d'un script shell qui va lancer screen en mode détaché sous l'identité de l'utilisateur que je suis, avec le fichier .screenrc qui convient. Le script fonctionne, le script fonctionne au démarrage de la machine (c'est mieux, hein ?), toujours la paix dans le monde, avec les oiseaux qui chantent, nous sommes dans un rêve :-)</p>
<p>Donc, plein d'illusions, je lance la commande screen -r . Et là, c'est le drame : le prompt de mon shell (bash) n'est pas coloré, et n'affiche pas le répertoire courant. Après avoir demandé conseil à mon moteur de recherche favori, je me rend compte que dans ce cas, screen a eu la bonne idée de remplacer la variable d'environnement PS1 (qui définit le prompt) par une valeur autre. D'où vient-elle ? Je ne le savais pas encore. J'ai essayé de redéfinir cette variable dans mon fichier de configuration .screenrc, sans succès. En désespoir de cause, je tente un “unset PS1”. Victoire ! J'ai mon prompt personnalisé ! je suis joie, bonheur, les oiseaux chantent, la paix dans le monde, tout ça tout ça...</p>
<p>Jusqu'à ce que j'édite un fichier texte. Et là, c'est le drame (à nouveau) : mon éditeur de texte, VIm, dispose d'une fonction de coloration syntaxique que j'active par défaut. C'est trèèèès pratique. J'active aussi la numérotation des lignes. Mais là, pas de couleur. Il s'agit pourtant d'un type de fichier connu. Je tente ma chance avec d'autres programmes disposant d'un affichage coloré, sans succès non plus. Après quelques bidouillages, je me rend compte qu'en changeant la variable d'environnement TERM de <em>screen</em> à <em>xterm-color</em>, j'obtiens à nouveau la couleur. En désespoir de cause j'ajoute “export TERM=xterm-color” au fichier /usr/pkg/etc/bashrc (ce qui m'évite de copier-coller un .bashrc dans le \$HOME de mon utilisateur et de root), je relance le script et là : couleur :-)</p>
<p>Avec le recul de l'écriture de ce billet, je me suis rendu compte que lorsque j'utilise <em>screen -d -m</em>, ce dernier charge mon fichier .profile (qui charge .shrc). Ces deux fichiers m'ont posé problème dans le passé : par exemple .profile contient deux exports qui entrent conflit avec mon bashrc, “export EDITOR=vi” et “export PAGER=more” (j'utilise vim et most à la place). J'ai aussi remarqué la ligne suivante dans le fichier <em>.shrc</em> :</p>
<div class="highlight"><pre><span></span><code><span class="k">export</span><span class="w"> </span><span class="n">PS1</span><span class="o">=</span><span class="s2">"$(whoami)@$(hostname -s)$ "</span><span class="w"></span>
</code></pre></div>
<p>Tiens, c'est marrant, c'est exactement le prompt que j'avais lors de mon premier problème... ;-)</p>
<p>Bref, ma solution n'est peut-être pas la plus élégante, mais au moins ça fonctionne. Mais comme on me l'a fait remarquer il y a presque deux mois, sur les systèmes Unix : There Is More Than One Way To Do It (<em>Il y a plus d'une façon de le faire</em>).</p>
<h2>Commentaires</h2>
<h3>Le 28/11/2011 10:50 par <a href="http://instinctive.eu/">Natacha</a></h3>
<p>Il y a plus d'une façon de faire, mais parfois certaines sont plus justes que d'autres… En l'occurrence, tricher sur le TERM risque de venir tout un jeu d'ennuis : tu fais croire aux applications qu'il faut utiliser les séquences d'échappement d'xterm-color alors que tu es dans screen, et les deux ne sont pas interchangeables.</p>
<p>Par exemple d'après le termcap que j'ai sous les yeux, screen envoit \033[4~ pour signaler à l'application que la touche Fin a été utilisée, chose que l'application ne va pas comprendre parce que xterm-color evoits \033OF. Donc je soupçonne que ce changement de TERM casse la touche Fin. Et dans l'autre sens, la séquence à envoyer à screen pour effacer l'écran est \033[H\033[J mais l'application qui croit qu'elle a affaire à un xterm enverra \033[H\033[2J à la place.</p>
<p>Si ça ne te poses pas de problème, tant mieux, mais ça fait une piste pour toutes les petites choses qui vont casser comme ça ;-)</p>
<h3>Le 28/11/2011 21:55 par Nils</h3>
<p>Ça ne me pose pas de problème pour le moment, surtout que je n'utilise pas souvent la touche Fin. Mais cela me forcera à trouver un moyen plus élégant et à écrire un autre billet :)</p>Ajouter des robots dans Awstats2011-11-21T09:30:00+01:002011-11-21T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-11-21:/post/2011/11/21/Ajouter-des-robots-dans-Awstats/<p>Aujourd'hui un nouvel épisode de mon outil de statistiques web du moment, Awstats. Souvenez-vous, nous avons déjà rencontré ce logiciel à trois reprises :</p>
<ul>
<li><a href="/post/2011/01/31/awstats">lors d'un premier billet</a> d'introduction et de configuration ;</li>
<li><a href="/post/2011/02/14/utilisation-des-plugins-awstats">pour activer des plugins</a> afin d'améliorer les statistiques ;</li>
<li><a href="/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats">mais aussi lors de l'ajout de sections personnalisées</a> spécifiques à votre …</li></ul><p>Aujourd'hui un nouvel épisode de mon outil de statistiques web du moment, Awstats. Souvenez-vous, nous avons déjà rencontré ce logiciel à trois reprises :</p>
<ul>
<li><a href="/post/2011/01/31/awstats">lors d'un premier billet</a> d'introduction et de configuration ;</li>
<li><a href="/post/2011/02/14/utilisation-des-plugins-awstats">pour activer des plugins</a> afin d'améliorer les statistiques ;</li>
<li><a href="/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats">mais aussi lors de l'ajout de sections personnalisées</a> spécifiques à votre site internet.</li>
</ul>
<p>Aujourd’hui attardons-nous sur une autre possibilité d'Awstats : la détection des robots et moteurs de recherches. Si vous avez déjà des statistiques en place, vous aurez noté que vous disposez d'une rubrique “Visiteurs Robots/Spiders” dans votre page. Awstats ne peut pas connaître tous les robots sur le marché, de nouveaux sont créés tandis que d'autres disparaissent. Certains sont dédiés à des moteurs de recherche, d'autres sont des logiciels téléchargeables, pour effectuer des recherches ou créer un aggrégateur de flux RSS. Lorsqu'Awstats repère un robot qu'il ne connait pas, il peut l'afficher de deux manières : “Unknown robot (identified by 'bot*')” ou bien “Unknown robot (identified by '*bot')”. Vous comprenez donc qu'il cherche juste le mot “bot” dans le <a href="https://fr.wikipedia.org/wiki/User-agent" title="User-agent">User-agent</a> laissé par votre visiteur dans les logs de votre serveur web.</p>
<p>Si vous regardez souvent les logs de votre serveur web (activité qui peut semble à première vue excentrique, mais Ô combien intéressante en réalité), vous trouverez sans doute un robot qui n'est pas connu d'Awstats. Ce billet prend l'exemple avec <a href="http://git.etoilebsd.net/cplanet/" title="cplanet">cplanet</a>, un aggrégateur RSS utilisé en particulier par un certain <a href="http://planet.etoilebsd.net/">planet BSD francophone</a>.</p>
<p>Awstats stocke les noms des robots qu'il connaît dans un fichier nommé “robots.pm”. Ce fichier, dans le cas d'une installation via pkgsrc sous NetBSD se trouve à l'endroit suivant : <em>/usr/pkg/awstats/cgi-bin/lib/robots.pm</em>. Effectuons-donc une copie de sauvegarde de ce fichier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">vp</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"></span>
</code></pre></div>
<p>Profitons-en pour copier la sauvegarde dans un autre fichier, que nous allons modifier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">vp</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
</code></pre></div>
<p>Avant de modifier le fichier, jetons un oeil aux logs (Apache dans mon cas) :</p>
<div class="highlight"><pre><span></span><code><span class="mf">1.2.3.4</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="err">[</span><span class="mf">04</span><span class="o">/</span><span class="n">May</span><span class="o">/</span><span class="mf">2011</span><span class="p">:</span><span class="mf">16</span><span class="p">:</span><span class="mf">30</span><span class="p">:</span><span class="mf">48</span><span class="w"> </span><span class="o">+</span><span class="mf">0200</span><span class="err">]</span><span class="w"> </span><span class="s">"GET /feed/atom HTTP/1.1"</span><span class="w"> </span><span class="mf">200</span><span class="w"> </span><span class="mf">105441</span><span class="w"> </span><span class="s">"-"</span><span class="w"> </span><span class="s">"cplanet/0.6"</span><span class="w"></span>
</code></pre></div>
<p>Le User-agent de cplanet est donc : "cplanet/0.6". Maintenant éditons notre <em>robots.pm.custom</em>. En lisant les commentaires on se rend compte que le fichier est organisé en plusieurs listes. Il faut donc ajouter notre nouveau robot dans deux d'entres elles, <em>RobotsSearchIDOrder_list\<X></em> (où \<X> désigne un chiffre) et <em>RobotsHashIDLib</em>. J'ai choisi d'ajouter mon robot dans <em>RobotsSearchIDOrder_list2</em>, qui contient des robots peu connus. Je suis allé à la fin de cette liste mais je n'ai pas ajouté mon robot en toute fin de liste mais juste après un robot nommé “zeus”. Pourquoi ? Il s'avère que certains noms de robots sont des expressions régulières, et doivent être en fin ou en début de liste. Donc je ne souhaite pas les perturber.</p>
<p>Voici les lignes contenant “zeus” et cplanet (aux alentours de la ligne 965) :</p>
<div class="highlight"><pre><span></span><code>'zeus',
'cplanet',
</code></pre></div>
<p>Passons à la deuxième liste, qui commence aux alentours de la ligne 1000. Vers la ligne 1320, on peut lire le commentaire suivant : “Other robots reported by users”. Je suis donc à nouveau descendu jusqu'à retrouver “zeus” et j'ai ajouté de cette manière cplanet, juste en-dessous :</p>
<div class="highlight"><pre><span></span><code>'cplanet','<span class="nt"><a</span> <span class="na">href=</span><span class="s">"http://git.etoilebsd.net/cplanet/"</span> <span class="na">title=</span><span class="s">"A rss feed agregator that generate static html pages"</span> <span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>CPlanet RSS agregator<span class="nt"></a></span>',
</code></pre></div>
<p>J'ai donc créé un identifiant pour mon robot, qui est en fait une chaîne de caractères basée sur le User-agent, et ai ajouté un lien vers l'URL du robot pour savoir d'où il vient, ainsi qu'un texte descriptif, en anglais. Notez bien le format de séparation, et que la virgule à la fin est <strong>obligatoire</strong>.</p>
<p>Maintenant que notre fichier personnalisé est prêt, reste à le mettre en production :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">rm</span><span class="w"> </span><span class="o">-</span><span class="n">vf</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="k">ln</span><span class="w"> </span><span class="o">-</span><span class="n">sv</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
</code></pre></div>
<p>Si jamais Awstats doit être mis à jour, celui-ci écrasera le lien symbolique. Il faudra donc vérifier (avec la commande diff par exemple) si le projet Awstats a mis à jour de son côté le fichier, et reporter nos modifications dans une copie du nouveau. Pensez d'ailleurs à proposer vos nouveaux robots sur le <a href="http://sourceforge.net/tracker/?group_id=13764&atid=363764">bug tracker d'Awstats sur Sourceforge</a></p>Installation de phpMyAdmin sur CentOS 6 - suite2011-10-17T09:30:00+02:002011-10-17T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-10-17:/post/2011/10/17/Installation-de-phpMyAdmin-sur-CentOS-6-suite/<h2>Résumé de l'épisode précédent</h2>
<p>Lors de mon précédent billet sur <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">l'installation et la configuration de phpMyAdmin sur CentOS 6</a>, nous avions obtenu une installation fonctionnelle, mais perfectible. Nous allons voir ensemble comment rendre l'installation plus confortable et tenter de la sécuriser un peu.</p>
<h2>Authentification par cookie</h2>
<p>Lors de la connexion …</p><h2>Résumé de l'épisode précédent</h2>
<p>Lors de mon précédent billet sur <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">l'installation et la configuration de phpMyAdmin sur CentOS 6</a>, nous avions obtenu une installation fonctionnelle, mais perfectible. Nous allons voir ensemble comment rendre l'installation plus confortable et tenter de la sécuriser un peu.</p>
<h2>Authentification par cookie</h2>
<p>Lors de la connexion à phpMyAdmin, c'est une authentification de type HTTP qui est envoyée. Sachant que nous n'avons pas encore activé HTTPS, les identifiants circulent en clair sur le réseau. De plus, à chaque fois qu'on ferme la fenêtre ou l'onglet du navigateur, il faut s'authentifier à nouveau. Le cookie devrait donc aider. Pour activer ce mécanisme, éditons le fichier de configuration de phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">config</span><span class="p">.</span><span class="n">inc</span><span class="p">.</span><span class="n">php</span><span class="w"></span>
</code></pre></div>
<p>A la ligne 41, on trouvera l'expression suivante :</p>
<div class="highlight"><pre><span></span><code>$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
</code></pre></div>
<p>Il suffit donc de remplacer 'http' par 'cookie' puis d'enregistrer le fichier. Le paramètre 'config' est à manipuler avec la plus grande précaution, et nécessite de renseigner les identifiants dans les champs suivants, ce qui n'est pas du tout sécurisé à mon sens. Une fois la modification effectuée, une (jolie ?) page d'identification devrait apparaître en lieu et place de l'horrible notification du navigateur demandant le login et le mot de passe. En prime, il est possible de choisir la langue :-)</p>
<p>Maintenant, un message assez étrange risque d'apparaître lors de vos prochaines connexions, en bas de l'interface de phpMyAdmin : “Vous devez ajouter dans le fichier de configuration une phrase de passe secrète (blowfish_secret).” Allons donc éditer de nouveau le fichier de configuration, à la ligne 14 :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">''</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */</span>
</code></pre></div>
<p>Et entre les guillemets simple, on insère une phrase de passe. Quelques exemples :</p>
<ul>
<li>je vois un gnou faire de la bicyclette</li>
<li>je ne sais pas programmer en python (ou perl, java, c, ruby, ce que vous voulez)</li>
<li>aieruhgpauOUGYVaerhg 07856qorieghg (oui, l'aléatoire fonctionne aussi)</li>
</ul>
<p>Le but n'est pas de fournir une phrase intelligible ou facilement mémorisable, mais une suite de caractère assez longue pour chiffrer le mot de passe dans le cookie. Il ne sera pas nécessaire de réutiliser cette phrase de passe.</p>
<h2>HTTPS</h2>
<p>L'authentification par cookie apporte un mieux, mais celui-ci peut toujours être intercepté et rejoué par quelqu'un de malintentionné. De plus l'intercepteur pourra examiner le traffic et en retirer les commandes jouées, ou pourquoi pas le contenu des base de données. L'un des moyens d'empêcher cette interception est de chiffrer le trafic entre la machine cliente et le serveur hébergeant phpMyAdmin et MySQL. Pour cela nous allons activer mod_ssl dans Apache afin de naviguer en HTTPS dans phpMyAdmin.</p>
<p>Installons donc mod_ssl :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install mod_ssl</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Loading</span><span class="w"> </span><span class="n">mirror</span><span class="w"> </span><span class="n">speeds</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">cached</span><span class="w"> </span><span class="n">hostfile</span><span class="w"></span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mod_ssl</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mod_ssl</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">183</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="n">mod_ssl</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="n">mod_ssl</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">1</span><span class="w"></span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mod_ssl</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"></span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Relançons Apache :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="n">restart</span><span class="w"></span>
<span class="n">Arrêt</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Et rendons-nous sur phpMyAdmin, en HTTPS. Dans mon cas l'url est https://crashtest/phpmyadmin/ . Un message du navigateur signale alors que le certificat utilisé pour se connecter est auto-signé.</p>
<p>Il est courant d'accepter le certificat et de le mémoriser : à plus forte raison s'il s'agit d'une machine de tests ou de développement, il suffit de s'assurer que le certificat ne changera pas en le mémorisant dans le navigateur; si jamais ce message devait à nouveau s'afficher, soit vous avez réinstallé le serveur ou changé les certificats, soit un petit malin tente une attaque de type "homme du milieu" (<em>man in the middle</em> en anglais).</p>
<p>Il est aussi possible d'accepter le certificat sans pour autant le mémoriser, et (faire) créer les certificats adéquats, selon votre type d'organisation ; les grosses entreprises possèdent leur propre autorité de certification et la déploient sur leurs postes de travail. Si votre serveur est directement accessible depuis Internet, de nombreux prestataires proposent, gratuitement ou non, de générer un certificat qu'il vous faudra ensuite installer en lieu et place de ceux par défaut. Cela peut vous éviter de vérifier manuellement sur chaque nouvelle machine cliente qu'il s'agit du bon certificat.</p>
<p>La mise en œuvre détaillée d'un serveur HTTPS et d'une infrastructure de gestion de certificats SSL d'entreprise (appelée aussi PKI de l'anglais <em>Public Key Infrastructure</em>) ne fait pas partie des objectifs de ce billet, par conséquent elle est laissée en exercice au lecteur.</p>
<p>Notre serveur accepte donc les connexions HTTP en clair et les connexions HTTPS chiffrées.</p>
<h2>Pare-feu</h2>
<p>En plus de chiffrer des connexions, il est possible de les filtrer. Dans le précédent billet, nous avons vu qu'Apache peut interdire ou accepter certains clients suivant leur adresse IP. Il est possible, avec un pare-feu (<em>firewall</em> en anglais), de filtrer les connexions Apache comme MySQL ou SSH et d'effectuer un contrôle plus fin sur les connexions.</p>
<p>Sur un système GNU/Linux, en particulier CentOS, le pare-feu de référence est <a href="http://www.netfilter.org/">Netfilter</a> (qui fournit entre autres la commande <em><a href="http://www.netfilter.org/projects/iptables/index.html">iptables</a></em>). La plupart des autres projets de pare-feu pour GNU/Linux sont généralement des surcouches à Netfilter.</p>
<p><strong>Attention !</strong> il est très facile, lorsqu'on manipule des règles de filtrage de connexions réseau, de scier la branche sur laquelle on est assis. Si bloquer accidentellement les connexions réseau lorsqu'on est devant la machine n'est pas bien grave, couper la connexion SSH qu'on utilise oblige à se déplacer, couper le pare-feu une fois devant la machine, puis repartir à son poste et se reconnecter.</p>
<p>Pour éviter ce genre de désagrément, il est possible de planifier une tâche qui coupe le firewall, par exemple toutes les 10 minutes. Ainsi, dès qu'on se rend compte que la machine ne répond plus à rien sur le réseau, il ne reste qu'à attendre 10 minutes tout au plus pour que la machine soit à nouveau accessible. L'inconvénient est qu'il faut réussir à faire ses modifications en moins de 10 minutes ! Nous allons donc éditer la “crontab” :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">crontab</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"></span>
</code></pre></div>
<p>Il est fort probable qu'elle soit vide, puisqu'il s'agit de la crontab de root et que la machine est fraîchement installée. Ajoutons la ligne suivante :</p>
<div class="highlight"><pre><span></span><code>*/10 * * * * /etc/init.d/iptables stop > /dev/null 2>&1
</code></pre></div>
<p>Et voilà ! Toutes les 10 minutes, le pare-feu sera désactivé. Le temps d'effectuer une modification, et de la valider. Attention cependant, une fois que les changements seront validés, penser à effacer cette ligne, ou à la commenter. Pour plus d'information : <a href="http://manpagesfr.free.fr/man/man5/crontab.5.html">la page de manuel</a>. Une fois le garde-fou mis en place, passons aux choses sérieuses : définir les règles de filtrage à mettre en place, puis les mettre en place.</p>
<p>Afin de rester dans les clous de la distribution, nous n'allons pas créer un script de pare-feu personnalisé, mais utiliser le fichier déjà en place pour sauvegarder les règles. Ce fichier est <em>/etc/sysconfig/iptables</em>, mais comme indiqué en anglais en tête de ce fichier, il n'est pas recommandé de l'éditer manuellement. Nous allons donc lancer le pare-feu, ajouter des règles avec la commande <em>iptables</em>, vérifier leur bon fonctionnement, les sauvegarder, et vérifier la sauvegarde.</p>
<p>Lancement du pare-feu :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Application</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Vérification des règles actuellement activées :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"></span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"></span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"></span>
<span class="mi">6</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
</code></pre></div>
<p>Et si on tente de se connecter à phpMyAdmin, cela ne fonctionne plus. Il faut donc accepter les connexions vers le port 80 (HTTP) et 443 (HTTPS). Nous allons insérer dans la chaine INPUT avant la règle numéro 5 (celle qui accepte le port 25 tcp) une règle acceptant le port 80 :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="o">-</span><span class="n">I</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="c1">--state NEW -m tcp -p tcp --dport 80 -j ACCEPT</span>
</code></pre></div>
<p>Si on se connecte à phpMyAdmin, cela fonctionne en HTTP, mais pas en HTTPS. Continuons, cette fois insérons notre règle avant la numéro 6 (décalage oblige du fait de notre insertion précédente) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="o">-</span><span class="n">I</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="mi">6</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="c1">--state NEW -m tcp -p tcp --dport 443 -j ACCEPT</span>
</code></pre></div>
<p>Voilà, maintenant nous accédons à phpMyAdmin en HTTPS. Vérifions les règles en mémoire pour comparaison avec la situation précédente :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"></span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"></span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">80</span><span class="w"></span>
<span class="mi">6</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">443</span><span class="w"></span>
<span class="mi">7</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"></span>
<span class="mi">8</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
</code></pre></div>
<p>A noter que la commande <em>iptables -L -n</em> donne le même résultat, et pourrait servir sur d'autres distributions Linux.A présent, sauvegardons notre configuration :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">save</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Sauvegarde</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="n">dans</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysconfig</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Vérifions la sauvegarde :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysconfig</span><span class="o">/</span><span class="n">iptables</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Generated</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">iptables</span><span class="o">-</span><span class="k">save</span><span class="w"> </span><span class="n">v1</span><span class="mf">.4.7</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">34</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="mi">2011</span><span class="w"></span>
<span class="o">*</span><span class="k">filter</span><span class="w"></span>
<span class="err">:</span><span class="k">INPUT</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">0:0</span><span class="o">]</span><span class="w"></span>
<span class="err">:</span><span class="n">FORWARD</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">0:0</span><span class="o">]</span><span class="w"></span>
<span class="err">:</span><span class="k">OUTPUT</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">1118:858094</span><span class="o">]</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">lo</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">25</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="o">--</span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="o">--</span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="k">COMMIT</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Completed</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">34</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="mi">2011</span><span class="w"></span>
</code></pre></div>
<p>On peut donc voir que les règles acceptant les ports 80 sont bien sauvegardées. La règle autorisant le port 25 n'est pas utile, elle fut ajoutée en exemple lors du billet sur une installation minimaliste de CentOS 6. Le retrait de cette règle est laissé en exercice au lecteur ;-)</p>
<p>Une fois les règles en place donnant satisfaction, il faut penser à retirer le garde-fou en éditant la crontab : on peut alors supprimer la ligne désactivant iptables, ou la mettre en commentaire en place le caractère "#" devant. Après le retrait du garde-fou, on peut activer le pare-feu au démarrage :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<h2>Base de données phpMyAdmin</h2>
<p>phpMyAdmin est maintenant un outil complet avec de nombreux paramètres. Certains peuvent être utilisés via le fichier de configuration, mais pour d'autres, une base de données est nécessaire. D'ailleurs, selon le paquet phpMyAdmin installé (une version à jour est arrivée pendant l'écriture des deux billets), vous pouvez avoir le message suivant en bas de l'interface : “Le stockage de configurations phpMyAdmin n'est pas complètement configuré, certaines fonctionnalités ont été désactivée. Pour en connaître la raison, cliquez ici.”Dans la version plus récente, cet avertissement a été retiré.</p>
<p>Utilisons phpMyAdmin pour créer un nouvel utilisateur dit “de contrôle” (via l'onglet “Privilèges”), et appelons-le tout simplement “phpmyadmin”. Le paramètre client est “Local”, et on génèrera le mot de passe aléatoirement. Pensez à copier ce mot de passe ailleurs, on va en avoir besoin un peu plus tard. Toujours dans l'interface de création de l'utilisateur, cochons l'option “Créer une base portant son nom et donner à cet utilisateur tous les privilèges sur cette base”. Enfin, cliquons sur le bouton du bas : “Créer un compte d'utilisateur”. Une autre manipulation est nécessaire car l'utilisateur de contrôle a besoin d'un peu plus de droits. Pour aller plus vite, rechargeons les privilèges puis cliquons sur l'onglet “SQL” et entrons le texte suivant dans le champ (j'espère que vous avez bien copié le mot de passe généré de tout à l'heure ;-)):</p>
<div class="highlight"><pre><span></span><code><span class="n">GRANT</span><span class="w"> </span><span class="n">USAGE</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.*</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="w"> </span><span class="n">IDENTIFIED</span><span class="w"> </span><span class="n">BY</span><span class="w"> </span><span class="s1">'motdepassealeatoire'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="w"> </span><span class="n">Host</span><span class="p">,</span><span class="w"> </span><span class="n">User</span><span class="p">,</span><span class="w"> </span><span class="n">Select_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Insert_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Update_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Delete_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Create_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Drop_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Reload_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Shutdown_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Process_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">File_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Grant_priv</span><span class="p">,</span><span class="w"> </span><span class="n">References_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Index_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Alter_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Show_db_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Super_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Create_tmp_table_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Lock_tables_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Execute_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Repl_slave_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Repl_client_priv</span><span class="w"></span>
<span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">user</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">db</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">host</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="p">(</span><span class="n">Host</span><span class="p">,</span><span class="w"> </span><span class="n">Db</span><span class="p">,</span><span class="w"> </span><span class="n">User</span><span class="p">,</span><span class="w"> </span><span class="n">Table_name</span><span class="p">,</span><span class="w"> </span><span class="n">Table_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Column_priv</span><span class="p">)</span><span class="w"></span>
<span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">tables_priv</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
</code></pre></div>
<p>Cliquons sur “Exécuter” et on nous signale que MySQL a retourné des résultat vides. Pensons à recharger les privilèges (dans l'onglet “Privilèges”Encore une chose. Il nous faut peupler la base de données créée pour phpMyAdmin. Pour cela, revenons dans le shell de notre serveur et utilisons le fichier SQL fourni par phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">examples</span><span class="o">/</span><span class="n">create_tables</span><span class="p">.</span><span class="k">sql</span><span class="w"></span>
</code></pre></div>
<p>A noter que sur d'anciennes versions, le répertoire est /usr/share/phpMyAdmin/scripts/create_tables.sql .Maintenant éditons à nouveau le fichier de configuration de phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">config</span><span class="p">.</span><span class="n">inc</span><span class="p">.</span><span class="n">php</span><span class="w"></span>
</code></pre></div>
<p>Et renseignons aux lignes 34 et 36 l'utilisateur de contrôle et son mot de passe :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">Servers</span><span class="s1">'</span>][$<span class="nv">i</span>][<span class="s1">'</span><span class="s">controluser</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">phpmyadmin</span><span class="s1">'</span><span class="c1">; // MySQL control user settings</span>
<span class="o">//</span> <span class="ss">(</span><span class="nv">this</span> <span class="nv">user</span> <span class="nv">must</span> <span class="nv">have</span> <span class="nv">read</span><span class="o">-</span><span class="nv">only</span>
<span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">Servers</span><span class="s1">'</span>][$<span class="nv">i</span>][<span class="s1">'</span><span class="s">controlpass</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">motdepassealeatoire</span><span class="s1">'</span><span class="c1">; // access to the "mysql/user"</span>
<span class="o">//</span> <span class="nv">and</span> <span class="s2">"</span><span class="s">mysql/db</span><span class="s2">"</span> <span class="nv">tables</span><span class="ss">)</span>.
<span class="o">//</span> <span class="nv">The</span> <span class="nv">controluser</span> <span class="nv">is</span> <span class="nv">also</span>
<span class="o">//</span> <span class="nv">used</span> <span class="k">for</span> <span class="nv">all</span> <span class="nv">relational</span>
<span class="o">//</span> <span class="nv">features</span> <span class="ss">(</span><span class="nv">pmadb</span><span class="ss">)</span>
</code></pre></div>
<p>Une fois le fichier enregistré et déconnecté puis reconnecté à phpMyAdmin, nous pouvons utiliser toutes les possibilités de cet outil !</p>
<h2>SELinux</h2>
<p>J'avoue ne pas être familier avec SELinux. Je me suis contenté d'éditer <em>/etc/sysconfig/selinux</em> et de passer le paramètre <em>SELINUX</em> à <em>enforcing</em>. Un reboot plus tard, SELinux est activé, httpd, mysqld sont lancés, et phpMyAdmin est accessible !</p>
<h2>Commentaires</h2>
<h3>Le 10/12/2011 17:19 par <a href="http://www.lapoussette.net">poussette</a></h3>
<p>Hello,bon nombre de remerciement pour ce super post que très sympathique.</p>Installation de phpMyAdmin sur CentOS 62011-10-03T09:30:00+02:002011-10-03T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-10-03:/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6/<h2>Préambule</h2>
<p>Il y a un peu plus de deux ans, j'écrivais ce qui reste (à l'écriture de ce billet) le contenu phare de ce blog : <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">installation de phpMyAdmin sur CentOS 5</a>. C'est bien simple, c'est la raison pour laquelle une grande majorité des visiteurs atterrit ici. Ca en devient presque …</p><h2>Préambule</h2>
<p>Il y a un peu plus de deux ans, j'écrivais ce qui reste (à l'écriture de ce billet) le contenu phare de ce blog : <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">installation de phpMyAdmin sur CentOS 5</a>. C'est bien simple, c'est la raison pour laquelle une grande majorité des visiteurs atterrit ici. Ca en devient presque frustrant, d'ailleurs ;-) Bref, toujours est-il que depuis juillet, CentOS 6 est (enfin) disponible , il est donc temps de remettre ce petit tutoriel au goût du jour !</p>
<p><strong>Objectifs :</strong> installer et configurer un serveur de base de données MySQL avec une interface web d'administration pour pouvoir ensuite faire du développement ou installer facilement d'autres outils web utilisant ce type de base de données, comme un CMS ou un moteur de blog.</p>
<p><strong>Outils à disposition :</strong> que du libre, bien entendu ! Le système d'exploitation est <a href="http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.0">CentOS 6</a>, le serveur de base de données <a href="https://www.mysql.com/">MySQL</a> est disponible dans les dépôts de cette distribution, ainsi que le serveur web, <a href="https://httpd.apache.org/">Apache HTTP Server</a>. Le logiciel d'administration web est le très connu <a href="http://www.phpmyadmin.net/home_page/index.php">phpMyAdmin</a>, qu'on installera (avec ses prérequis) depuis le dépôt <a href="https://fedoraproject.org/wiki/EPEL">EPEL</a>. On supposera donc que la machine a accès à Internet (pour accéder aux dépôts).</p>
<p>Je ne vais pas décrire tout depuis l'installation de l'OS, mais pour s'assurer que les bases sont saines, j'ai effectué une installation ressemblant comme deux gouttes d'eau à mon billet précédent : <a href="/post/2011/08/08/Installation-minimaliste-d-une-CentOS-6">installation minimaliste d'une CentOS 6</a> (et je vais peut-être me calmer un peu sur l’auto-promotion ;-) ). Parmi les paramètres importants, notons la désactivation de SELinux.</p>
<p>Une dernière chose avant de rentrer dans le vif du sujet : pour plus de transparence, et aussi parce que les plus intéressés par ce billet sont probablement des débutants dans le monde de GNU/Linux et des logiciels libres, j'ai choisi d'afficher autant que faire se peut les résultats des commandes. <strong>Le billet est donc assez long, mais pas complexe pour autant !</strong> Je vous recommande cependant de lire ce billet en entier avant de taper la moindre commande sur votre machine. De toutes façons, vous utilisez une machine (virtuelle) de tests, hein ?</p>
<h2>Installation d'Apache, PHP et de phpMyAdmin</h2>
<p>Commençons par ajouter le dépôt EPEL à notre installation, de sorte à faciliter l'installation de toute la bande Apache, PHP, MySQL et phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm</span><span class="w"></span>
<span class="n">Récupération</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">download</span><span class="o">.</span><span class="n">fedoraproject</span><span class="o">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">epel</span><span class="o">/</span><span class="mi">6</span><span class="o">/</span><span class="n">i386</span><span class="o">/</span><span class="n">epel</span><span class="o">-</span><span class="n">release</span><span class="o">-</span><span class="mi">6</span><span class="o">-</span><span class="mf">5.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"></span>
<span class="n">attention</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">rpm</span><span class="o">-</span><span class="n">tmp</span><span class="o">.</span><span class="n">c1BYty</span><span class="p">:</span><span class="w"> </span><span class="n">Entête</span><span class="w"> </span><span class="n">V3</span><span class="w"> </span><span class="n">RSA</span><span class="o">/</span><span class="n">SHA256</span><span class="w"> </span><span class="n">Signature</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="mi">0608</span><span class="n">b895</span><span class="p">:</span><span class="w"> </span><span class="n">NOKEY</span><span class="w"></span>
<span class="n">Préparation</span><span class="o">...</span><span class="w"> </span><span class="p">(</span><span class="mi">100</span><span class="o">%</span><span class="p">)</span><span class="w"></span>
<span class="mi">1</span><span class="p">:</span><span class="n">epel</span><span class="o">-</span><span class="n">release</span><span class="w"> </span><span class="p">(</span><span class="mi">100</span><span class="o">%</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, c'est assez simple, grâce au jeu des dépendances, nous installons phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install phpmyadmin</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Determining</span><span class="w"> </span><span class="n">fastest</span><span class="w"> </span><span class="n">mirrors</span><span class="w"></span>
<span class="n">epel</span><span class="o">/</span><span class="n">metalink</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">base</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.7</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">base</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.2</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">epel</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.3</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">epel</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.9</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">15</span><span class="w"> </span>
<span class="n">extras</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">951</span><span class="w"> </span><span class="n">B</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">extras</span><span class="o">/</span><span class="n">primary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">203</span><span class="w"> </span><span class="n">B</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">updates</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.5</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">updates</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.3</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">httpd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">mime</span><span class="o">.</span><span class="n">types</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libaprutil</span><span class="o">-</span><span class="mf">1.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libapr</span><span class="o">-</span><span class="mf">1.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libpng12</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">(</span><span class="n">PNG12_0</span><span class="p">)(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libpng12</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">62</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">4</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libfreetype</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">4</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">freetype</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">1</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libpng</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mailcap</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">phpMyAdmin</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mf">4.4</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">dependencies</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">124</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">87</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">freetype</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">359</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">811</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">68</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libX11</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">582</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">188</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libXau</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libXpm</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">59</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libjpeg</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libmcrypt</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mi">96</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libpng</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">180</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libxcb</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">mailcap</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">27</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">1.1</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">2.2</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">516</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">103</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">504</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">75</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">72</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">24</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">42</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"></span>
</code></pre></div>
<p>Comme on peut le voir, de nombreux autres logiciels viennent s'installer car phpMyAdmin en a besoin pour fonctionner, comme PHP et Apache HTTPD Server (paquets <em>httpd</em> et <em>apr-*</em>). Appuyons sur la touche y de notre clavier :</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="p">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">124</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">2</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">87</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">4</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">freetype</span><span class="o">-</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">2.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">359</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">5</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">811</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">6</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">68</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">7</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">582</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">8</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">188</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">9</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libXau</span><span class="o">-</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">10</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libXpm</span><span class="o">-</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">59</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">11</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">-</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"></span>
<span class="p">(</span><span class="mi">12</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">-</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">96</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">13</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libpng</span><span class="o">-</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">180</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">14</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">15</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">mailcap</span><span class="o">-</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">27</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">16</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">1.1</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">17</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">2.2</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">18</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">516</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">19</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">103</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">20</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">504</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">21</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">22</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">75</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">23</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">72</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">24</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.4</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">18</span><span class="w"> </span>
<span class="o">--------------------------------------------------------------------------------</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="mi">574</span><span class="w"> </span><span class="n">kB</span><span class="o">/</span><span class="n">s</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">20</span><span class="w"> </span>
<span class="n">warning</span><span class="p">:</span><span class="w"> </span><span class="n">rpmts_HdrFromFdno</span><span class="p">:</span><span class="w"> </span><span class="n">Header</span><span class="w"> </span><span class="n">V3</span><span class="w"> </span><span class="n">RSA</span><span class="o">/</span><span class="n">SHA256</span><span class="w"> </span><span class="n">Signature</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="mi">0608</span><span class="n">b895</span><span class="p">:</span><span class="w"> </span><span class="n">NOKEY</span><span class="w"></span>
<span class="n">epel</span><span class="o">/</span><span class="n">gpgkey</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.2</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span><span class="o">...</span><span class="w"> </span>
<span class="n">Importing</span><span class="w"> </span><span class="n">GPG</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="mh">0x0608B895</span><span class="w"> </span><span class="s2">"EPEL (6) <epel@fedoraproject.org>"</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">rpm</span><span class="o">-</span><span class="n">gpg</span><span class="o">/</span><span class="n">RPM</span><span class="o">-</span><span class="n">GPG</span><span class="o">-</span><span class="n">KEY</span><span class="o">-</span><span class="n">EPEL</span><span class="o">-</span><span class="mi">6</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span>
</code></pre></div>
<p>Autre interrogation intéressante : vous aurez remarqué que tout se déroule grâce à yum, et que nous avons installé un dépôt supplémentaire. Ce dépôt s'identifie via une clé GPG qu'il nous faut importer lors de sa première utilisation. Appuyons-donc sur y et continuons :</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">3</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">4</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">5</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">6</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">7</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">8</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">9</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="n">libpng</span><span class="o">-</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">10</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">freetype</span><span class="o">-</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">2.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">11</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">-</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">12</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">-</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">13</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libXau</span><span class="o">-</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">14</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">15</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mailcap</span><span class="o">-</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">16</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">17</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">18</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">19</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">20</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">21</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libXpm</span><span class="o">-</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">22</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">23</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">24</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="n">Dependency</span><span class="w"> </span><span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">freetype</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span>
<span class="w"> </span><span class="n">httpd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span>
<span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span>
<span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libpng</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">mailcap</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Pensons à activer Apache au démarrage de la machine :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="n">httpd</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="n">httpd</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<p>Vous croyez que c'est fini ? Pourtant ce n'est que le début : nous n'avons toujours pas installé MySQL et il faut encore configurer le tout.</p>
<h2>Installation et configuration de MySQL</h2>
<p>Rien de très compliqué :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install mysql-server</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Loading</span><span class="w"> </span><span class="n">mirror</span><span class="w"> </span><span class="n">speeds</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">cached</span><span class="w"> </span><span class="n">hostfile</span><span class="w"></span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="p">(</span><span class="n">DBI</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">8.1</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">dependencies</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">889</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">705</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mf">9.8</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"></span>
</code></pre></div>
<p>Là encore, on nous demande une validation avant d'installer les logiciels.</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="p">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">889</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">2</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">8.1</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">-</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">4</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">-</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">705</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="o">--------------------------------------------------------------------------------</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="mf">8.4</span><span class="w"> </span><span class="n">MB</span><span class="o">/</span><span class="n">s</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">9.8</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">01</span><span class="w"> </span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">-</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">-</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">3</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">4</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="n">Dependency</span><span class="w"> </span><span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Maintenant que MySQL est installé, démarrons-le :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">Initialisation</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">la</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">données</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">tables</span><span class="p">...</span><span class="w"></span>
<span class="n">OK</span><span class="w"></span>
<span class="n">Filling</span><span class="w"> </span><span class="n">help</span><span class="w"> </span><span class="n">tables</span><span class="p">...</span><span class="w"></span>
<span class="n">OK</span><span class="w"></span>
<span class="k">To</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="n">boot</span><span class="w"> </span><span class="nc">time</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">copy</span><span class="w"></span>
<span class="n">support</span><span class="o">-</span><span class="n">files</span><span class="o">/</span><span class="n">mysql</span><span class="p">.</span><span class="n">server</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nf">right</span><span class="w"> </span><span class="n">place</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="k">system</span><span class="w"></span>
<span class="n">PLEASE</span><span class="w"> </span><span class="n">REMEMBER</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">THE</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="err">!</span><span class="w"></span>
<span class="k">To</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="n">so</span><span class="p">,</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">server</span><span class="p">,</span><span class="w"> </span><span class="k">then</span><span class="w"> </span><span class="n">issue</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">following</span><span class="w"> </span><span class="nl">commands</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'new-password'</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">crashtest</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'new-password'</span><span class="w"></span>
<span class="n">Alternatively</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="nl">run</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysql_secure_installation</span><span class="w"></span>
<span class="n">which</span><span class="w"> </span><span class="n">will</span><span class="w"> </span><span class="n">also</span><span class="w"> </span><span class="n">give</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">removing</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
<span class="n">databases</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">anonymous</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="p">.</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"></span>
<span class="n">strongly</span><span class="w"> </span><span class="n">recommended</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">production</span><span class="w"> </span><span class="n">servers</span><span class="p">.</span><span class="w"></span>
<span class="n">See</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">manual</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">more</span><span class="w"> </span><span class="n">instructions</span><span class="p">.</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">daemon</span><span class="w"> </span><span class="k">with</span><span class="err">:</span><span class="w"></span>
<span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqld_safe</span><span class="w"> </span><span class="o">&</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">test</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">daemon</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="o">-</span><span class="n">run</span><span class="p">.</span><span class="n">pl</span><span class="w"></span>
<span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="o">-</span><span class="n">run</span><span class="p">.</span><span class="n">pl</span><span class="w"></span>
<span class="n">Please</span><span class="w"> </span><span class="n">report</span><span class="w"> </span><span class="ow">any</span><span class="w"> </span><span class="n">problems</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqlbug</span><span class="w"> </span><span class="n">script</span><span class="err">!</span><span class="w"></span>
<span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>MySQL nous informe donc que sans mot de passe administrateur, c'est un peu la fête du slip et qu'il faut absolument remédier à ça. Soyons donc civilisés, mais pas trop, car pour l'exemple, j'initialise le mot de passe root de MySQL à 'anotherhomepage' (le mot de passe en lui-même ne contient pas les guillemets simples) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'anotherhomepage'</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">crashtest</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'anotherhomepage'</span><span class="w"></span>
</code></pre></div>
<p>Activons MySQL au démarrage de la machine :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">mysqld</span><span class="w"></span>
<span class="n">mysqld</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">mysqld</span><span class="w"></span>
<span class="n">mysqld</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<h2>Configurations supplémentaires</h2>
<p>Si vous avez effectué une installation identique à celle de mon précédent billet, vous aurez remarqué que le firewall est toujours actif, et que celui-ci n'accepte que du SSH et du SMTP :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"> </span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"> </span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"> </span>
<span class="mi">6</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"> </span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"> </span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="n">Désactivons</span><span class="o">-</span><span class="n">le</span><span class="w"> </span><span class="err">:</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="n">stop</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Suppression</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Configuration</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">chaînes</span><span class="w"> </span><span class="n">sur</span><span class="w"> </span><span class="n">la</span><span class="w"> </span><span class="n">politique</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Déchargement</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">modules</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">off</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<p>Il nous faut aussi effectuer une autre modification : l'autorisation des machines du réseau à accéder à phpMyAdmin. Pour cela il nous faut éditer le fichier “/etc/httpd/conf.d/phpMyAdmin.conf” avec votre éditeur de texte préféré, ou celui installé par défaut, très probablement vi. Dans ce fichier, nous voyons ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin</span><span class="nt">/></span>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
<span class="nt"></Directory></span>
<span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin/setup</span><span class="nt">/></span>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
<span class="nt"></Directory></span>
</code></pre></div>
<p>Deux possibilités : la première, ajoutez votre réseau ou vos machines dans les deux sections “Directory” après les directives “Allow” en ajoutant justement une directive de ce type. Par exemple, avec un réseau 10.1.1.0/24, ça donnerait :</p>
<div class="highlight"><pre><span></span><code>Allow from 10.1.1.0/24
</code></pre></div>
<p>Une autre possibilité, bien moins sécurisée mais sans doute plus confortable est de tout autoriser. Dans ce cas, les sections deviennent :</p>
<div class="highlight"><pre><span></span><code><span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin</span><span class="nt">/></span>
Order Deny,Allow
Allow from All
<span class="nt"></Directory></span>
<span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin/setup</span><span class="nt">/></span>
Order Deny,Allow
Allow from All
<span class="nt"></Directory></span>
</code></pre></div>
<p>Démarrons à présent le serveur web :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Il est à présent possible d'accéder à phpMyAdmin, dans mon cas via l'adresse “http://crashtest/phpmyadmin/”. Bien entendu, un identifiant et un mot de passe seront demandés. Il s'agit de ceux de MySQL (donc 'root' et 'anotherhomepage' dans mon cas).</p>
<p>On pourrait s'arrêter là. Mais ça serait dommage, pour plusieurs raisons :</p>
<ul>
<li>l'authentification se fait via HTTP, pas d'interface d'authentification un peu jolie qui utiliserait par exemple un cookie de session;</li>
<li>HTTPS n'est pas activé, et donc le mot de passe se retrouve en clair sur le réseau;</li>
<li>le pare-feu est désactivé, sans autre forme de procès (SELinux aussi, d'ailleurs);</li>
<li>phpMyAdmin dispose de fonctions supplémentaires qu'on peut activer en créant une base de données</li>
</ul>
<p>Ces points seront abordés dans <a href="/post/2011/10/17/Installation-de-phpMyAdmin-sur-CentOS-6-suite">un prochain billet</a>, bien entendu ;-)</p>Installation minimaliste d'une CentOS 62011-08-08T11:51:00+02:002011-08-08T11:51:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-08-08:/post/2011/08/08/Installation-minimaliste-d-une-CentOS-6/<p>Suite à un billet précédent <a href="/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD">sur l'installation d'un domU Enterprise Linux sur un dom0 NetBSD</a>, et à la sortie de <a href="http://lists.centos.org/pipermail/centos-announce/2011-July/017645.html">CentOS 6.0</a>, j'ai fait quelques essais d'installations de cette distribution.</p>
<p>Il n'y a pas d'énormes différences entre le billet cité et CentOS 6.0, juste quelques surprises. La première …</p><p>Suite à un billet précédent <a href="/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD">sur l'installation d'un domU Enterprise Linux sur un dom0 NetBSD</a>, et à la sortie de <a href="http://lists.centos.org/pipermail/centos-announce/2011-July/017645.html">CentOS 6.0</a>, j'ai fait quelques essais d'installations de cette distribution.</p>
<p>Il n'y a pas d'énormes différences entre le billet cité et CentOS 6.0, juste quelques surprises. La première est au niveau de l'installation en mode texte, qui perd en possibilités, il n'est par exemple plus possible de personnaliser son partitionnement ou la liste des packages. Il faudra préférer une installation via VNC, qui permet d'afficher l'interface graphique. Les limitations en mémoire de RHEL 6 sont d'ailleurs valable pour CentOS 6, attention donc à attribuer assez de mémoire vive, au moins lors de l'installation, pour obtenir l'interface graphique.</p>
<p>J'ai donc décidé de passer par Kickstart pour quelques installations, et là aussi, il y a quelques changements, comme par exemple certains champs optionnels devenus obligatoires. Voici donc un exemple de kickstart commenté pour une installation minimaliste (mais pas minimale) personnalisée :</p>
<div class="highlight"><pre><span></span><code><span class="cp"># Langue et zone horaire</span>
<span class="n">lang</span><span class="w"> </span><span class="n">fr_FR</span><span class="w"></span>
<span class="n">keyboard</span><span class="w"> </span><span class="n">fr</span><span class="w"> </span>
<span class="n">timezone</span><span class="w"> </span><span class="o">--</span><span class="n">utc</span><span class="w"> </span><span class="n">Europe</span><span class="o">/</span><span class="n">Paris</span><span class="w"></span>
<span class="cp"># J'utilise Xen, donc je shutdown pour modifier le noyau d'installation en pygrub</span>
<span class="n">shutdown</span><span class="w"></span>
<span class="n">text</span><span class="w"></span>
<span class="cp"># on peut chiffrer le mdp root</span>
<span class="n">rootpw</span><span class="w"> </span><span class="n">changemonmdprootsvp</span><span class="w"></span>
<span class="cp"># j'autorise quelques services du firewall, la configuration au premier boot mais pas de SELinux par contre </span>
<span class="n">firewall</span><span class="w"> </span><span class="o">--</span><span class="n">service</span><span class="o">=</span><span class="n">ssh</span><span class="w"> </span><span class="o">--</span><span class="n">service</span><span class="o">=</span><span class="n">smtp</span><span class="w"></span>
<span class="n">firstboot</span><span class="w"> </span><span class="o">--</span><span class="n">enable</span><span class="w"></span>
<span class="n">selinux</span><span class="w"> </span><span class="o">--</span><span class="n">disabled</span><span class="w"></span>
<span class="cp"># Configuration du réseau</span>
<span class="n">network</span><span class="w"> </span><span class="o">--</span><span class="n">device</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="o">--</span><span class="n">bootproto</span><span class="w"> </span><span class="n">dhcp</span><span class="w"></span>
<span class="cp"># Paramétrage du disque dur : bootloader et partitionnement. Attention, on efface tout !</span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">--</span><span class="n">location</span><span class="o">=</span><span class="n">mbr</span><span class="w"> </span><span class="o">--</span><span class="n">driveorder</span><span class="o">=</span><span class="n">xvda</span><span class="w"></span>
<span class="n">authconfig</span><span class="w"> </span><span class="o">--</span><span class="n">enableshadow</span><span class="w"> </span><span class="o">--</span><span class="n">passalgo</span><span class="o">=</span><span class="n">sha512</span><span class="w"></span>
<span class="n">clearpart</span><span class="w"> </span><span class="o">--</span><span class="n">all</span><span class="w"> </span><span class="o">--</span><span class="n">initlabel</span><span class="w"> </span><span class="o">--</span><span class="n">drives</span><span class="o">=</span><span class="n">xvda</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">boot</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">500</span><span class="w"> </span>
<span class="n">part</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">5000</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">1200</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">400</span><span class="w"> </span><span class="o">--</span><span class="n">grow</span><span class="w"></span>
<span class="cp"># On fait une installation par le réseau, pensez à modifier ces urls par celles qui vous correspondent</span>
<span class="cp"># De plus, les dépôts updates et extras sont ajoutés pour que le système soit à jour dès l'installation</span>
<span class="n">url</span><span class="w"> </span><span class="o">--</span><span class="n">url</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/os/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">updates</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/updates/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">extras</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/extras/x86_64/</span>
<span class="cp"># C'est là qu'on s'amuse avec la liste des paquets.</span>
<span class="cp"># --nobase permet une installation très légère, mais il faut au moins le groupe @Core</span>
<span class="cp"># A noter que je refuse l'installation de nombreux firmwares matériels car je suis en VM.</span>
<span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">nobase</span><span class="w"></span>
<span class="err">@</span><span class="n">Core</span><span class="w"></span>
<span class="n">ntp</span><span class="w"></span>
<span class="n">openssh</span><span class="o">-</span><span class="n">clients</span><span class="w"></span>
<span class="n">wget</span><span class="w"></span>
<span class="n">vim</span><span class="o">-</span><span class="n">enhanced</span><span class="w"></span>
<span class="o">-</span><span class="n">b43</span><span class="o">-</span><span class="n">openfwwf</span><span class="w"></span>
<span class="o">-</span><span class="n">kernel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">aic94xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">atmel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">bfa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ivtv</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl1000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3945</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl4965</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5150</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6050</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">libertas</span><span class="o">-</span><span class="n">usb8388</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql23xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2400</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2500</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt61pci</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt73usb</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">xorg</span><span class="o">-</span><span class="n">x11</span><span class="o">-</span><span class="n">drv</span><span class="o">-</span><span class="n">ati</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">zd1211</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="cp"># La post-installation me permet de récupérer et d'appliquer des configurations spécifiques</span>
<span class="cp"># Très pratique pour déboguer, l'option --log :)</span>
<span class="nf">%post</span><span class="w"> </span><span class="o">--</span><span class="n">log</span><span class="o">=/</span><span class="n">root</span><span class="o">/</span><span class="n">postinstall</span><span class="p">.</span><span class="n">log</span><span class="w"></span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/prompt.sh -O /etc/profile.d/prompt.sh</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/ntp.conf -O /etc/ntp.conf</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/main.cf -O /etc/postfix/main.cf</span>
<span class="n">chkconfig</span><span class="w"> </span><span class="n">ntpd</span><span class="w"> </span><span class="n">on</span><span class="w"></span>
<span class="n">chkconfig</span><span class="w"> </span><span class="n">postfix</span><span class="w"> </span><span class="n">on</span><span class="w"></span>
</code></pre></div>
<p>Avec ce genre d'installation, on tombe à moins de 200 paquets installés :)</p>Utilisation de nombreux domU en backend fichiers sur un dom0 NetBSD2011-06-30T14:35:00+02:002011-06-30T14:35:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-06-30:/post/2011/06/30/Utilisation-de-nombreux-domU-en-backend-fichiers-sur-un-dom0-NetBSD/<p>Oui, j'utilise des machines virtuelles Xen dans des fichiers. Pas de partition, pas de LVM, non. Un bon vieux fichier qu'on peut effacer sans regrets une fois son domU "jetable" inutile. Pour utiliser ces fichiers, et pour monter des fichiers en tant que disque de manière générale, NetBSD utilise le …</p><p>Oui, j'utilise des machines virtuelles Xen dans des fichiers. Pas de partition, pas de LVM, non. Un bon vieux fichier qu'on peut effacer sans regrets une fois son domU "jetable" inutile. Pour utiliser ces fichiers, et pour monter des fichiers en tant que disque de manière générale, NetBSD utilise le pilote <a href="http://netbsd.gw.com/cgi-bin/man-cgi?vnd+4.amd64+NetBSD-5.1">vnd (4)</a>. Et par défaut, il y a 4 fichiers spéciaux vnd. Et lorsqu'on désire lancer 42 machines virtuelles en même temps, chacune ayant besoin d'un fichier vnd pour monter son disque dur, on obient une erreur du genre :</p>
<div class="highlight"><pre><span></span><code><span class="n">Error</span><span class="o">:</span><span class="w"> </span><span class="n">Device</span><span class="w"> </span><span class="mi">51712</span><span class="w"> </span><span class="o">(</span><span class="n">vbd</span><span class="o">)</span><span class="w"> </span><span class="n">could</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">connected</span><span class="o">.</span><span class="w"> </span><span class="n">Hotplug</span><span class="w"> </span><span class="n">scripts</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">working</span><span class="o">.</span><span class="w"></span>
</code></pre></div>
<p>Alors on s'affole, on copie-colle le message dans un moteur de recherche bien connu, et on tombe sur <a href="http://mail-index.netbsd.org/port-xen/2009/08/27/msg005320.html">ce genre de chose</a> :</p>
<blockquote>
<p>How much /dev/vnd*d device do you have ? Maube you need to create more ?e.g.:cd /dev./MAKEDEV vnd4 vnd5 vnd6 vnd7 vnd8</p>
</blockquote>
<p>Donc on applique :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">dev</span><span class="err">#</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">MAKEDEV</span><span class="w"> </span><span class="n">vnd4</span><span class="w"> </span><span class="n">vnd5</span><span class="w"> </span><span class="n">vnd6</span><span class="w"> </span><span class="n">vnd7</span><span class="w"> </span><span class="n">vnd8</span><span class="w"> </span><span class="n">vnd9</span><span class="w"> </span><span class="n">vnd10</span><span class="w"> </span><span class="n">vnd11</span><span class="w"> </span><span class="n">vnd12</span><span class="w"> </span><span class="n">vnd14</span><span class="w"> </span><span class="n">vnd15</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">dev</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmjetable1</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmkikoo2</span><span class="w"> </span><span class="err">\\</span><span class="w"></span>
<span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmpipeau3</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmdelire4</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">encoreunevmjetable</span><span class="w"></span>
</code></pre></div>
<p>Maintenant, c'est la RAM qui va commencer à manquer... mais c'est un autre problème ;-)</p>Installation d'un domU Xen Enterprise Linux sur un dom0 NetBSD2011-06-20T09:30:00+02:002011-06-20T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-06-20:/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD/<p>Ces derniers temps je m'amuse à faire des installations par le réseau d'un peu tout et n'importe quoi. J'utilise principalement l'outil de virtualisation <a href="www.virtualbox.org" title="VirtualBox">Oracle VirtualBox</a>, mais il m'arrive aussi de faire joujou avec <a href="http://www.xen.org" title="Xen">Xen</a>. Avec un hôte (dom0) CentOS 5 (et sans doute toutes les distribution de type "Enterprise Linux …</p><p>Ces derniers temps je m'amuse à faire des installations par le réseau d'un peu tout et n'importe quoi. J'utilise principalement l'outil de virtualisation <a href="www.virtualbox.org" title="VirtualBox">Oracle VirtualBox</a>, mais il m'arrive aussi de faire joujou avec <a href="http://www.xen.org" title="Xen">Xen</a>. Avec un hôte (dom0) CentOS 5 (et sans doute toutes les distribution de type "Enterprise Linux" telles que Red Hat Enterprise Linux ou Scientific Linux), il est très facile de créer d'autres machines virtuelles (domU) Xen de même type grâce à la commande "virt-install". Avec un dom0 NetBSD cependant, point de commande de ce type. Voyons donc comment faire.</p>
<p>Sur un système Enterprise Linux 5, il est possible de trouver une image de noyau d'installation (et l'initrd approprié) spécifique à Xen, comme par exemple sur <a href="http://ftp.free.fr/mirrors/ftp.centos.org/5/os/x86_64/images/xen/" title=""Miroir">ce miroir pour CentOS 5 64 bits</a>.</p>
<p>Ce qui me paraît étrange, c'est avec Enterprise Linux 6, tout du moins avec <a href="http://www.scientificlinux.org/" title=""Scientific">Scientific Linux</a>. Le noyau 2.6.32 dispose à priori des <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Paravirtualization#Linux_Paravirtualization_Support" title=""options">pv-ops</a>, mais SL6 dispose <a href="http://ftp.scientificlinux.org/linux/scientific/6/x86_64/os/images/" title=""FTP">d'un noyau et d'un initrd Xen</a>. Peut-être est-ce par soucis de compatibilité de chemins, car les fichiers font la même taille que dans le répertoire <em>pxeboot</em>. D'ailleurs, lors de ma synchronisation rsync avec le miroir officiel Scientific Linux, le répertoire xen n'apparaît pas. Et je n'en ai pas eu besoin :)</p>
<p>Une fois nos images de noyau et d'initrd en main, il nous reste à créer notre fichier de configuration de domU, mon exemple prend comme exemple de disque dur un fichier et une connexion réseau par bridge :</p>
<div class="highlight"><pre><span></span><code>name = "centosexample"
uuid = ""
maxmem = 512
memory = 512
kernel = "/srv/www/pub/CentOS/5/os/x86_64/images/xen/vmlinuz"
ramdisk = "/srv/www/pub/CentOS/5/os/x86_64/images/xen/initrd.img"
extra = "vnc"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ ]
disk = [ "file:/srv/xen/images/disk/centosexample.img,xvda,w" ]
vif = [ "mac=00:16:3a:e2:12:34,bridge=bridge0" ]
</code></pre></div>
<p>Il est possible de faire l'installation en mode texte en supprimant la ligne "extra", et d'ajouter l'url d'un fichier kickstart dans la directive extra, qui devient donc :</p>
<div class="highlight"><pre><span></span><code>extra = "text ks=http://monserveur/pub/cfg/centos5_x86_64.cfg"
</code></pre></div>
<p>La commande "xm create -c centosexample" vous permet de lancer votre domU et de débuter l'installation. Une fois celle-ci faite et votre domU de nouveau éteint, il suffit de commenter les lignes "kernel" et "ramdisk" et de décommenter la ligne "bootloader". Vous pouvez alors démarrer votre domU sans que le noyau de celui-ci soit sur le disque dur du dom0 :)</p>
<p>Lors de mes tests, je me suis limité au partitionnement par défaut (qui utilise LVM), à un détail près : avec Scientific Linux 6, j'ai imposé ext3 à l'installeur. Une fois l'installation terminée, éteindre son domU (proprement de préférence) et modifier la configuration qui devient :</p>
<div class="highlight"><pre><span></span><code><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"centosexample"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">""</span><span class="w"></span>
<span class="n">maxmem</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">512</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">512</span><span class="w"></span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/usr/pkg/bin/pygrub"</span><span class="w"></span>
<span class="n">on_poweroff</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"destroy"</span><span class="w"></span>
<span class="n">on_reboot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"restart"</span><span class="w"></span>
<span class="n">on_crash</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"restart"</span><span class="w"></span>
<span class="n">vfb</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"file:/srv/xen/images/disk/centosexample.img,xvda,w"</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"mac=00:16:3a:e2:12:34,bridge=bridge0"</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc remplacé le noyau et l'initrd d'installation par pygrub, qui me permet de démarrer mon domU sur le noyau et l'initrd installés. De plus, les mises à jour ne nécessitent pas de copier de nouveau le noyau et l'initrd sur le dom0.</p>
<p>Pour finir, si vous souhaitez installer un dom0 NetBSD, je ne peux que vous recommander <a href="http://blog.bsdsx.fr/post/xen_1">l'excellent billet de Bsdsx</a> !</p>Configuration d'une redondance DNS2011-05-02T09:30:00+02:002011-05-02T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-05-02:/post/2011/05/02/Configuration-d-une-redondance-DNS/<p><em>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les …</em></p><p><em>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les autres machines. Après <a href="/post/2011/04/25/Configuration-d-une-redondance-DHCP">la redondance DHCP</a>, ce billet aborde la redondance DNS. Ce billet, comme le précédent, n'aborde pas la configuration complète d'un serveur DNS mais détaille les options de configurations liées à la redondance</em></p>
<p>Une redondance basique dans un LAN est très facile à mettre en œuvre car il n'y a pas besoin de modifier quoi que ce soit chez un registrar. Il faudra cependant ajouter l'adresse IP du second serveur DNS dans la configuration de toutes les machines ayant une adresse IP statique, car celles-ci ne récupèrent pas la liste des serveurs DNS via DHCP. Une redondance DNS se compose généralement d'au moins deux serveurs : un serveur maître et un ou plusieurs serveurs esclaves. Toutes nos futures modifications dans le DNS s'effectueront sur le serveur maître et seront répliquées automatiquement vers le serveur esclave. Dans notre cas, le serveur maître utilise NetBSD 4.0 et le serveur esclave utilise NetBSD 5.1; dans les deux cas, ISC Bind est utilisé dans sa version embarquée avec l'OS, et configuré dans un chroot.</p>
<p>Sur notre serveur maître, configurons nos zones dans le fichier <em>/var/chroot/named/etc/named.conf</em> :</p>
<div class="highlight"><pre><span></span><code>zone "anotherhomepage.loc" IN {
type master;
file "anotherhomepage.loc";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.13.37.11; };
};
zone "37.13.10.in-addr.arpa" IN {
type master;
file "anotherhomepage.loc.reverse";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.13.37.11; };
};
</code></pre></div>
<p>Remarquons que nous autorisons le transfert vers 10.13.37.11 qui est le serveur esclave. Continuons dans le fichier de zone anotherhomepage.loc dont voici quelques extraits :</p>
<div class="highlight"><pre><span></span><code>$TTL 86400
@ IN SOA ns0.anotherhomepage.loc. nils.anotherhomepage.loc. (
2011042601 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
; Name servers
anotherhomepage.loc. IN NS ns0
anotherhomepage.loc. IN NS ns1
; Mail servers
anotherhomepage.loc. IN MX 10 mail
; "A" entries
ns0 IN A 10.13.37.10
ns1 IN A 10.13.37.11
mail IN A 10.13.37.12
</code></pre></div>
<p>Notre serveur esclave est donc renseigné pour le DNS, voyons voir dans le DNS inverse, fichier de zone anotherhomepage.loc.reverse :</p>
<div class="highlight"><pre><span></span><code>$TTL 86400
@ IN SOA ns0.anotherhomepage.loc. nils.anotherhomepage.loc. (
2011042601 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
IN NS ns0.anotherhomepage.loc.
IN NS ns1.anotherhomepage.loc.
IN MX 10 mail.anotherhomepage.loc.
10 IN PTR ns0.anotherhomepage.loc.
11 IN PTR ns1.anotherhomepage.loc.
12 IN PTR mail.anotherhomepage.loc.
</code></pre></div>
<p>Occupons-nous à présent de notre serveur esclave. De ce côté, un seul fichier à modifier, <em>/var/chroot/named/etc/named.conf</em>, car les autres seront transférés par les mises à jour de zone :</p>
<div class="highlight"><pre><span></span><code>zone "anotherhomepage.loc" IN {
type slave;
masters { 10.13.37.5; };
file "anotherhomepage.loc";
allow-update { 10.13.37.5; };
allow-query { any; };
allow-notify { 10.13.37.5; };
};
zone "37.13.10.in-addr.arpa" IN {
type slave;
masters { 10.13.37.10; };
file "anotherhomepage.loc.reverse";
allow-update { 10.13.37.10; };
allow-query { any; };
allow-notify { 10.13.37.10; };
};
</code></pre></div>
<p>Il ne reste maintenant qu'à vérifier notre configuration. Par défaut, les logs vont dans <em>/var/log/messages</em>. Vous pouvez définir un autre emplacement pour les logs, comme par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="n">logging</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">channel</span><span class="w"> </span><span class="n">simple_log</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="s2">"/var/log/named/bind.log"</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">severity</span><span class="w"> </span><span class="n">info</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">severity</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">category</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">category</span><span class="w"> </span><span class="n">default</span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">simple_log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">category</span><span class="w"> </span><span class="n">queries</span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">simple_log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="p">};</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple est à insérer dans votre <em>named.conf</em>.Incrémentons les numéros de série, effectuons une relance de bind sur le serveur esclave puis le serveur maître :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">ns0</span><span class="p">:</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">chroot</span><span class="o">/</span><span class="n">named</span><span class="o">/</span><span class="k">var</span><span class="c1"># /etc/rc.d/named reload</span><span class="w"></span>
<span class="n">Reloading</span><span class="w"> </span><span class="n">named</span><span class="w"> </span><span class="n">config</span><span class="w"> </span><span class="n">files</span><span class="o">.</span><span class="w"></span>
</code></pre></div>
<p>Regardons le résultat sur le serveur esclave pour la relance du serveur maître :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">ns1</span><span class="p">:</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">chroot</span><span class="o">/</span><span class="n">named</span><span class="o">/</span><span class="n">etc</span><span class="c1"># tail -f /var/chroot/named/var/log/named/bind.log</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.864</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#64893: received notify for zone '37.13.10.in-addr.arpa'</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.923</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">Transfer</span><span class="w"> </span><span class="n">started</span><span class="o">.</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.924</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'37.13.10.in-addr.arpa/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: connected using 10.13.37.60#65525</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.335</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">transferred</span><span class="w"> </span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.336</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'37.13.10.in-addr.arpa/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: Transfer completed: 1 messages, 258 records, 8672 bytes, 0.411 secs (21099 bytes/sec)</span><span class="w"></span>
<span class="mi">27</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.337</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">sending</span><span class="w"> </span><span class="n">notifies</span><span class="w"> </span><span class="p">(</span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="p">)</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.383</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#64893: received notify for zone 'anotherhomepage.loc'</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.388</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">Transfer</span><span class="w"> </span><span class="n">started</span><span class="o">.</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.390</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'anotherhomepage.loc/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: connected using 10.13.37.60#65524</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.654</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">transferred</span><span class="w"> </span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.654</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'anotherhomepage.loc/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: Transfer completed: 1 messages, 268 records, 8464 bytes, 0.263 secs (32182 bytes/sec)</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.657</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">sending</span><span class="w"> </span><span class="n">notifies</span><span class="w"> </span><span class="p">(</span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Houra ! Les transferts ont eu lieu ! Maintenant, il reste à modifier dans notre serveur DHCP les adresses IP des serveurs DNS. Dans le cas d'ISC DHCP :</p>
<div class="highlight"><pre><span></span><code>option domain-name-servers 10.13.37.10, 10.13.37.11;
</code></pre></div>
<p>Notez que ce billet permet une redondance assez basique, et loin d'être totalement sécurisée : quelqu'un d'assez malin peut, en utilisant une attaque de type “<a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Man-in-the-middle">Man-in-the-middle</a>” peut appliquer des modifications au serveur esclave. Pour les personnes qui aimeraient corriger ce défaut, il faut se tourner vers <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DNSSEC">DNSSEC</a>.</p>Configuration d'une redondance DHCP2011-04-25T09:30:00+02:002011-04-25T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-25:/post/2011/04/25/Configuration-d-une-redondance-DHCP/<p><em>Ce billet est basé sur l'excellent billet de <a href="http://www.madboa.com">Paul Heinlein</a> et publié avec son aimable autorisation. Le billet original se trouve <a href="http://www.madboa.com/geek/dhcp-failover/">ici</a></em>.</p>
<p>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je …</p><p><em>Ce billet est basé sur l'excellent billet de <a href="http://www.madboa.com">Paul Heinlein</a> et publié avec son aimable autorisation. Le billet original se trouve <a href="http://www.madboa.com/geek/dhcp-failover/">ici</a></em>.</p>
<p>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les autres machines. Ce billet ne porte cependant que sur DHCP.</p>
<p>Commençons par jeter un oeil à la configuration actuelle du serveur DHCP, elle ressemble un peu à ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nt">ddns-domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="o">;</span><span class="w"></span>
<span class="nt">ddns-update-style</span><span class="w"> </span><span class="nt">none</span><span class="o">;</span><span class="w"></span>
<span class="nt">ddns-updates</span><span class="w"> </span><span class="nt">off</span><span class="o">;</span><span class="w"></span>
<span class="nt">ignore</span><span class="w"> </span><span class="nt">client-updates</span><span class="o">;</span><span class="w"></span>
<span class="nt">authoritative</span><span class="o">;</span><span class="w"></span>
<span class="nt">allow</span><span class="w"> </span><span class="nt">unknown-clients</span><span class="o">;</span><span class="w"></span>
<span class="nt">max-lease-time</span><span class="w"> </span><span class="nt">3600</span><span class="o">;</span><span class="w"></span>
<span class="nt">default-lease-time</span><span class="w"> </span><span class="nt">1800</span><span class="o">;</span><span class="w"></span>
<span class="nt">subnet</span><span class="w"> </span><span class="nt">10</span><span class="p">.</span><span class="nc">13</span><span class="p">.</span><span class="nc">37</span><span class="p">.</span><span class="nc">0</span><span class="w"> </span><span class="nt">netmask</span><span class="w"> </span><span class="nt">255</span><span class="p">.</span><span class="nc">255</span><span class="p">.</span><span class="nc">255</span><span class="p">.</span><span class="nc">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">pool</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">deny</span><span class="w"> </span><span class="err">dynamic</span><span class="w"> </span><span class="err">bootp</span><span class="w"> </span><span class="err">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">range</span><span class="w"> </span><span class="err">10.13.37.200</span><span class="w"> </span><span class="err">10.13.37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">domain-name-servers</span><span class="w"> </span><span class="err">10.13.37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">domain-name</span><span class="w"> </span><span class="err">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">routers</span><span class="w"> </span><span class="err">10.13.37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">broadcast-address</span><span class="w"> </span><span class="err">10.13.37.255</span><span class="p">;</span><span class="w"></span>
<span class="err">group</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="err">use-host-decl-names</span><span class="w"> </span><span class="err">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="err">Virtual</span><span class="w"> </span><span class="err">Machine</span><span class="w"> </span><span class="err">de</span><span class="w"> </span><span class="err">tests</span><span class="w"> </span><span class="err">PXE</span><span class="w"></span>
<span class="err">host</span><span class="w"> </span><span class="err">pxemachine</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">hardware</span><span class="w"> </span><span class="err">ethernet</span><span class="w"> </span><span class="err">08:00:27:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="o">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fixed-address</span><span class="w"> </span><span class="err">10.13.37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">host-name</span><span class="w"> </span><span class="err">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
</code></pre></div>
<p>On y trouve un pool, un groupe et une machine dans ce groupe avec une adresse IP fixée grâce à son adresse MAC : n'importe quelle machine se verra attribuer une adresse entre 10.13.37.200 et 10.13.37.249, mais la machine dont l'adresse MAC est <em>08:00:27:d3:8f:2d</em> se verra attribuer l'IP 10.13.37.199.</p>
<p>Que se passe-t-il si je stoppe le serveur DHCP ? Les clients n'ont plus d'IP, donc plus d'accès au réseau, ce qui peut s'avérer gênant. Recopions la configuration sur l'autre serveur puis modifions celle-ci, qui va maintenant ressembler à ça :</p>
<div class="highlight"><pre><span></span><code><span class="n">ddns</span><span class="o">-</span><span class="n">domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">update</span><span class="o">-</span><span class="n">style</span><span class="w"> </span><span class="n">none</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="n">off</span><span class="p">;</span><span class="w"></span>
<span class="n">ignore</span><span class="w"> </span><span class="n">client</span><span class="o">-</span><span class="n">updates</span><span class="p">;</span><span class="w"></span>
<span class="n">authoritative</span><span class="p">;</span><span class="w"></span>
<span class="n">allow</span><span class="w"> </span><span class="n">unknown</span><span class="o">-</span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="nb">max</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">3600</span><span class="p">;</span><span class="w"></span>
<span class="n">default</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">primary</span><span class="p">;</span><span class="w"> </span><span class="c1"># declare this to be the primary server</span><span class="w"></span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.60</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">response</span><span class="o">-</span><span class="n">delay</span><span class="w"> </span><span class="mi">30</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">unacked</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="mi">10</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">load</span><span class="w"> </span><span class="n">balance</span><span class="w"> </span><span class="nb">max</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="mi">3</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">mclt</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">split</span><span class="w"> </span><span class="mi">128</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">subnet</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.0</span><span class="w"> </span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255</span><span class="o">.</span><span class="mf">255.0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">pool</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">deny</span><span class="w"> </span><span class="n">dynamic</span><span class="w"> </span><span class="n">bootp</span><span class="w"> </span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">range</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.200</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="o">-</span><span class="n">servers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">routers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">broadcast</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.255</span><span class="p">;</span><span class="w"></span>
<span class="n">group</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="n">use</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">decl</span><span class="o">-</span><span class="n">names</span><span class="w"> </span><span class="bp">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="c1"># Virtual Machine de tests PXE</span><span class="w"></span>
<span class="n">host</span><span class="w"> </span><span class="n">pxemachine</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">hardware</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="mi">08</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="p">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">fixed</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>Maintenant notre machine est serveur <strong>primaire</strong> DHCP et communique avec le serveur désigné après <em>peer address</em>. Allons d'ailleurs voir la nouvelle configuration du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code><span class="n">ddns</span><span class="o">-</span><span class="n">domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">update</span><span class="o">-</span><span class="n">style</span><span class="w"> </span><span class="n">none</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="n">off</span><span class="p">;</span><span class="w"></span>
<span class="n">ignore</span><span class="w"> </span><span class="n">client</span><span class="o">-</span><span class="n">updates</span><span class="p">;</span><span class="w"></span>
<span class="n">authoritative</span><span class="p">;</span><span class="w"></span>
<span class="n">allow</span><span class="w"> </span><span class="n">unknown</span><span class="o">-</span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="nb">max</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">3600</span><span class="p">;</span><span class="w"></span>
<span class="n">default</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">secondary</span><span class="p">;</span><span class="w"> </span><span class="c1"># declare this to be the secondary server</span><span class="w"></span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.60</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">response</span><span class="o">-</span><span class="n">delay</span><span class="w"> </span><span class="mi">30</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">unacked</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="mi">10</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">load</span><span class="w"> </span><span class="n">balance</span><span class="w"> </span><span class="nb">max</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="mi">3</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">mclt</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">split</span><span class="w"> </span><span class="mi">128</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">subnet</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.0</span><span class="w"> </span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255</span><span class="o">.</span><span class="mf">255.0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">pool</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">deny</span><span class="w"> </span><span class="n">dynamic</span><span class="w"> </span><span class="n">bootp</span><span class="w"> </span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">range</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.200</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="o">-</span><span class="n">servers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">routers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">broadcast</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.255</span><span class="p">;</span><span class="w"></span>
<span class="n">group</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="n">use</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">decl</span><span class="o">-</span><span class="n">names</span><span class="w"> </span><span class="bp">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="c1"># Virtual Machine de tests PXE</span><span class="w"></span>
<span class="n">host</span><span class="w"> </span><span class="n">pxemachine</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">hardware</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="mi">08</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="p">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">fixed</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>A noter que si vous utilisez un pare-feu sur vos machines, il faudra autoriser les ports 647/tcp et 647/udp qui permettent la communication entre les deux serveurs.</p>
<p><strong>Que se passe-t-il au démarrage et arrêt des serveurs ?</strong></p>
<p>Exemple dans les logs du serveur primaire, après ajout de la configuration, le serveur dhcp primaire est nommé <em>master-dhcp</em> et le secondaire <em>slave-dhcp</em> :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:28:30 master-dhcp dhcpd: Wrote 0 deleted host decls to leases file.
Apr 20 22:28:30 master-dhcp dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 20 22:28:30 master-dhcp dhcpd: Wrote 53 leases to leases file.
Apr 20 22:28:31 master-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to startup
Apr 20 22:28:45 master-dhcp dhcpd: failover peer dhcp-failover: I move from startup to communications-interrupted
</code></pre></div>
<p>Démarrons maintenant DHCPD sur le serveur secondaire, et voyons le résultat sur le serveur primaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:30:29 master-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to normal
Apr 20 22:30:29 master-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to normal
Apr 20 22:30:29 master-dhcp dhcpd: pool 80c3200 192.168.6/24 total 50 free 26 backup 24 lts -1
</code></pre></div>
<p>Et regardons les logs du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:30:28 slave-dhcp dhcpd: Wrote 0 deleted host decls to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: Wrote 50 leases to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: I move from normal to startup
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: I move from startup to normal
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
Apr 20 22:30:29 slave-dhcp dhcpd: pool 7f7ffd8a5150 192.168.6/24 total 50 free 26 backup 24 lts 1
</code></pre></div>
<p>Si je stoppe le serveur primaire, on le voit dans les logs du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:32:08 slave-dhcp dhcpd: peer dhcp-failover: disconnected
Apr 20 22:32:08 slave-dhcp dhcpd: failover peer dhcp-failover: I move from normal to communications-interrupted
</code></pre></div>
<p>Et le redémarrage est aussi visible :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:32:40 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to normal
Apr 20 22:32:40 slave-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to normal
Apr 20 22:32:40 slave-dhcp dhcpd: pool 7f7ffd8a5150 192.168.6/24 total 50 free 26 backup 24 lts 1
</code></pre></div>
<p>Pour finir, cette configuration n'est possible que si les deux serveurs DHCP ont la même version d'ISC DHCP. Heureusement (?), de NetBSD 4.0 jusqu'à NetBSD 5.1 inclus, ISC DHCP est toujours en version 3.0.3 ;-)</p>Effectuer une netinstall de NetBSD 52011-04-18T09:30:00+02:002011-04-18T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-18:/post/2011/04/18/Effectuer-une-netinstall-de-NetBSD-5/<p>J'avais déjà rédigé <a href="/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD">un petit tip pour NetBSDfr</a>, mais cette fois-ci je suis allé un peu plus loin : J'ai documenté l'installation par le réseau, incluant un démarrage PXE de NetBSD 5, pour i386 et amd64. Et c'est <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:netinstallnb5">sur le wiki NetBSDfr</a> que ça se passe.</p>
<p>Faites chauffer les cartes réseau …</p><p>J'avais déjà rédigé <a href="/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD">un petit tip pour NetBSDfr</a>, mais cette fois-ci je suis allé un peu plus loin : J'ai documenté l'installation par le réseau, incluant un démarrage PXE de NetBSD 5, pour i386 et amd64. Et c'est <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:netinstallnb5">sur le wiki NetBSDfr</a> que ça se passe.</p>
<p>Faites chauffer les cartes réseau !</p>configuration basique pour bozohttpd2011-04-04T09:30:00+02:002011-04-04T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-04:/post/2011/04/04/configuration-basique-pour-bozohttpd/<p>NetBSD possède dans ses sets de base quelques logiciels intéressants pour un serveur : un serveur SSH, un serveur DNS, un serveur DHCP, même un serveur TFTP et celui qui m'intéresse plus particulièrement aujourd'hui, un serveur HTTP. Il ne s'agit pas, comme on pourrait s'y attendre, d'<a href="http://httpd.apache.org/">Apache HTTP Server</a>, mais …</p><p>NetBSD possède dans ses sets de base quelques logiciels intéressants pour un serveur : un serveur SSH, un serveur DNS, un serveur DHCP, même un serveur TFTP et celui qui m'intéresse plus particulièrement aujourd'hui, un serveur HTTP. Il ne s'agit pas, comme on pourrait s'y attendre, d'<a href="http://httpd.apache.org/">Apache HTTP Server</a>, mais de <a href="http://www.eterna.com.au/bozohttpd/">bozohttpd</a>, un serveur web peu connu mais particulièrement léger et à la configuration minimaliste, pour peu que le besoin le soit aussi. D'ailleurs c'est très simple, mon besoin est on ne peut plus simple : je désire créer un miroir local de distributions Linux et NetBSD et je ne souhaite pas y passer des heures à configurer un virtualhost. Autre avantage de bozohttpd dans ce cas précis, comme il est installé par défaut dans le système de base, pas besoin de l'installer. Ca fera toujours un paquet de moins à maintenir.</p>
<p>Une fois passée l'extase du "pas besoin de l'installer, c'est déjà fait", on se met à la recherche d'un fichier de configuration. Après la frustration d'être rentré bredouille, la page d'accueil du logiciel explique très simplement que "it has no configuration file by design". Il faut donc le configurer en le lançant avec différentes options. Un petit grep bien senti permet de voir comment ça va se passer :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">arreat</span><span class="p">:</span><span class="o">~</span><span class="c1"># grep -i http /etc/defaults/rc.conf </span><span class="w"></span>
<span class="n">httpd</span><span class="o">=</span><span class="n">NO</span><span class="w"> </span><span class="n">httpd_flags</span><span class="o">=</span><span class="s2">""</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd_wwwdir</span><span class="o">=</span><span class="s2">"/var/www"</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd_wwwuser</span><span class="o">=</span><span class="s2">"_httpd"</span><span class="w"></span>
</code></pre></div>
<p>Il suffit donc de positionner les options dans la directive "httpd_flags" de son rc.conf, et éventuellement de changer "httpd_wwwdir" selon l'emplacement de ses fichiers.D'abord, copions ces options dans notre rc.conf :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">defaults</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, pour pouvoir lancer bozohttpd, on édite <em>/etc/rc.conf</em> et on passe <em>httpd=NO</em> à <em>httpd=YES</em>. Une fois l'édition terminée, on lance le serveur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">httpd</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>Par défaut, bozohttpd cherche un fichier index.html dans "httpd_wwwdir", et affiche son numéro de version. Paranoïa oblige, je souhaite enlever le numéro de version, et comme je veux juste mettre à disposition un miroir local de logiciels, je me fiche qu'il n'y ait pas d'index dans les répertoires. Et pour finir, je change le répertoire de base :</p>
<div class="highlight"><pre><span></span><code>httpd=YES
httpd_flags="-X -S 'AHP Intranet'"
httpd_wwwdir="/srv/www"
httpd_wwwuser="_httpd"
</code></pre></div>
<p>L'option "-X" active le “directory indexing”, en clair, le listage des fichiers. L'option "-S" suivie d'une chaîne de caractère permet de substituer le nom réel du serveur à un nom personnalisé, ici "AHP Intranet". Une fois le service httpd relancé, j'obtiens ma liste de fichiers :-)</p>
<p>En bref, je n'ai pas eu à passer deux heures à configurer un virtual host, ni à retirer des modules, à tuner le nombre de processus. 10 minutes montre en main. Et pour plus d'options, la documentation peut être accédée via “man 8 httpd” ou <a href="http://www.eterna.com.au/bozohttpd/bozohttpd.8.html">sur le site de bozohttpd</a>.</p>Flasher son BIOS sans DOS ni Windows2011-03-28T09:30:00+02:002011-03-28T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-03-28:/post/2011/03/28/Flasher-son-BIOS-sans-DOS-ni-Windows/<p>Mettre à jour le <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Basic_Input_Output_System">BIOS</a> de sa carte mère, voilà une activité qui peut s'avérer exaspérante au possible : par le passé, cela se faisait en utilisant une <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Disquette">disquette</a> (voire deux), contenant un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DOS">DOS</a> et deux fichiers, l'utilitaire de flashage et l'image du BIOS proprement dite.</p>
<p>Il fallait donc :- disposer …</p><p>Mettre à jour le <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Basic_Input_Output_System">BIOS</a> de sa carte mère, voilà une activité qui peut s'avérer exaspérante au possible : par le passé, cela se faisait en utilisant une <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Disquette">disquette</a> (voire deux), contenant un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DOS">DOS</a> et deux fichiers, l'utilitaire de flashage et l'image du BIOS proprement dite.</p>
<p>Il fallait donc :- disposer d'un lecteur de disquettes en état de marche, ainsi que de disquettes elles-aussi en état de marche;- disposer d'un système d'exploitation DOS ou d'un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Microsoft_Windows">Windows</a>, lequel permettait de créer une disquette de démarrage DOS.</p>
<p>Cela doit faire quelques années qu'on ne vend plus d'ordinateurs équipés de lecteur de disquettes, aussi de nombreux constructeurs fournissent des outils fonctionnant directement sous Windows. Problème : la machine dont je souhaite mettre à jour le BIOS ne possède ni lecteur de disquette, ni de Windows, et pour couronner le tout, même pas de lecteur de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/CD-ROM">CD-ROM</a>. Pour la petite histoire, le système d'exploitation de cette machine a été installé grâce à <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Preboot_Execution_Environment">PXE</a>, et j'avais aussi installé un autre en démarrant sur une clé USB.</p>
<p>Il me faut donc trouver un système capable d'exécuter des programmes DOS, et capable d'être démarré depuis le réseau ou une clé USB. Pour la première partie, c'est assez facile et archi-connu, il s'agit de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/FreeDOS">FreeDOS</a>. Pour la deuxième partie, c'est en fait tout aussi facile : FreeDOS est fourni sous forme d'image ISO. Cette image peut être copiée sur clé USB grâce à l'utilitaire <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/UNetbootin">UNetbootin</a>. Il suffit, une fois FreeDOS installé sur la clé USB, de copier l'utilitaire de flashage et l'image du BIOS à la racine de cette clé USB.</p>
<p>Le démarrage d'un ordinateur sur clé USB peut s'avérer plus difficile que prévu : il faut s'assurer en regardant dans le BIOS que celui-ci accepte de démarrer sur USB (ce n'est pas le cas de vieilles machines). Il se peut aussi qu'une option sur le type de périphérique USB (ZIP, disque dur, etc...) soit à modifier, ou la taille (fixe, dynamique). Bref, même aujourd'hui, démarrer sur l'USB, ce n'est pas trivial.</p>
<p>Arrive ensuite le menu de démarrage. UNetbootin semble avoir son propre menu, qui m'affiche plusieurs entrées (qui ne mènent à rien), dont une nommée fdos et l'autre nommée freedos. Dans mon cas, c'est la première qui a fonctionné et qui m'a amené à l'écran de démarrage de FreeDOS. Là encore, je ne détaillerai pas les options, cela dépend vraiment de la machine.</p>
<p>Une fois le prompt obtenu, reste à retrouver l'utilitaire de flashage. On remarque que le prompt affiche "A:\\>". La clé USB est en fait en C: donc on tape :</p>
<div class="highlight"><pre><span></span><code>A:\\> C:
C:\\>
</code></pre></div>
<p>On peut lire le contenu du répertoire courant par la commande "dir", comme sous le vieux DOS de Microsoft. On peut donc vérifier que l'utilitaire de flashage est bien présent dans C: et aller vérifier dans les sous-dossiers si besoin. Ensuite, la commande varie selon les outils, mais lancer l'outil via un truc du genre :</p>
<div class="highlight"><pre><span></span><code>outildeflash.exe
</code></pre></div>
<p>ou alors :</p>
<div class="highlight"><pre><span></span><code>outildeflash.exe help
</code></pre></div>
<p>devrait aider à connaître la bonne syntaxe.</p>Configuration d'OpenSSH2011-03-14T09:30:00+01:002011-03-14T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-03-14:/post/2011/03/14/configuration-openssh/<p><a href="http://www.openssh.org/fr/index.html">OpenSSH</a> est un logiciel formidable, tout le monde le sait. Quelque chose que j'aime beaucoup avec ce logiciel, c'est la manière dont son fichier de configuration permet de simplifier certaines opérations. Je vous propose de voir ou de revoir certaines options qu'on peut ajouter à la suite d'un bloc de …</p><p><a href="http://www.openssh.org/fr/index.html">OpenSSH</a> est un logiciel formidable, tout le monde le sait. Quelque chose que j'aime beaucoup avec ce logiciel, c'est la manière dont son fichier de configuration permet de simplifier certaines opérations. Je vous propose de voir ou de revoir certaines options qu'on peut ajouter à la suite d'un bloc de configuration qu'on stocke généralement dans \~/.ssh/config .</p>
<h3>La base</h3>
<p>On va configurer l'accès à la machine "testdrive" dont l'adresse IP est 192.168.13.37. Commençons avec les informations de base :</p>
<div class="highlight"><pre><span></span><code>Host testdrive
HostName 192.168.13.37
User nils
Protocol 2
Port 22
ServerAliveInterval 5
</code></pre></div>
<p>Lorsque que je taperai la commande "ssh testdrive", OpenSSH me connectera à la machine 192.168.13.37 en tant qu'utilisateur nils, en utilisant la version 2 du protocole SSH, sur le port 22 et vérifiera toutes les 5 secondes si la machine en question est toujours joignable, ce qui peut s'avérer pratique dans certains cas où on peut être déconnecté du réseau pour cause d'inactivité (réseau de téléphonie mobile, proxy...)</p>
<h3>Connexion au travers d'un proxy HTTP</h3>
<div class="highlight"><pre><span></span><code>ProxyCommand /usr/bin/corkscrew monproxy.lan 3128 %h %p ~/.ssh/proxy_auth
</code></pre></div>
<p>Ici, j'utilise un utilitaire nommé <a href="http://www.agroman.net/corkscrew/">Corkscrew</a> qui me permet de me connecter via un proxy HTTP à mon serveur. Dans mon exemple, le proxy écooute sur le port 3128 et nécessite une authentification, j'ai donc ajouté un fichier proxy_auth contenant les identifiants. Les variables %h et %p désignent l'hôte vers qui se connecter et son port. A noter que la plupart des serveurs proxy qu'on peut trouver sont configurés pour ne pas autoriser les ports autres que les ports HTTP, HTTPS, et éventuellement FTP. Il faudra donc peut-être changer le port d'écoute de notre testdrive, et mettre notre serveur SSH sur le port 80 ou 443. A noter que selon l'organisation qui administre le proxy, cette manière de faire peut être vue comme une violation de la charte informatique du réseau, ou de tout autre règlement intérieur. Ne l'utilisez donc que si vous y êtes autorisés !</p>
<h3>Créer un tunnel SOCKS</h3>
<div class="highlight"><pre><span></span><code>DynamicForward 1080
</code></pre></div>
<p>Cette option est très pratique si vous ne voulez pas vous casser la tête à créer un tunnel VPN. Une fois cette option ajoutée à la configuration de votre hôte, et la connexion à celui-ci effective, un tunnel SOCKS écoute sur la boucle locale de votre machine, sur le port 1080. Un cas concret d'utilisation est la connexion à vos sites préférés depuis un point d'accès sans fil public, comme une gare : une fois connecté au réseau, on se connecte en SSH à son serveur, puis on modifie les paramètres de proxy de notre navigateur web pour utiliser un proxy SOCKS dont l'adresse est 127.0.0.1 et le port est 1080. Tout le trafic web du navigateur passe ainsi dans la connexion SSH. Si vous faites souvent le va-et-viens dans votre configuration de proxy, Firefox possède une extension nommée FoxyProxy qui vous facilitera l'existence !</p>
<h3>Créer un tunnel pour rediriger du trafic</h3>
<div class="highlight"><pre><span></span><code>LocalForward 5901 192.168.13.38:5900
</code></pre></div>
<p>Encapsuler un trafic réseau dans SSH est quelque chose de connu, et l'exemple ci-dessus est lui aussi archi-connu : le protocole <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Virtual_Network_Computing">VNC</a> transite en clair sur le réseau, l'utilisation de SSH permet de chiffrer la transmission entre notre client et notre serveur. On transfère donc le port 5900 de la machine 192.168.13.38 (qui doit être joignable depuis notre machine testdrive) vers le port 5901 local. On lance ensuite notre client VNC en direction la machine localhost sur le port 5901.</p>
<h3>Spécifier l'algorithme de chiffrement</h3>
<div class="highlight"><pre><span></span><code>Ciphers aes128-cbc
</code></pre></div>
<p>De nombreux algorithmes de chiffrement sont disponibles avec OpenSSH, vous pourrez trouver la liste dans les pages de manuel. Certains processeurs (tels que l'<a href="https://secure.wikimedia.org/wikipedia/en/wiki/Geode_%28processor%29#Geode_LX">AMD Geode LX</a> ou le <a href="https://secure.wikimedia.org/wikipedia/en/wiki/VIA_C7">VIA C7</a>) savent déchiffrer certains algorithmes, ce qui les rend plus rapide pour ces types d'opérations. Forcer le chiffrement en <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Standard_de_chiffrement_avanc%C3%A9">AES 128</a> si vous vous connectez à une machine ayant un CPU AMD Geode peut ainsi s'avérer très efficace pour limiter l'utilisation du CPU et alléger la charge.</p>Ajouter ses sections personnalisées dans Awstats2011-02-28T09:30:00+01:002011-02-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-28:/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats/<p>Après la configuration de base et l'activation de plugins, amusons-nous maintenant à personnaliser nos statistiques avec les "Extra Sections". Avant toute chose, il convient de rappeler que comme certains plugins, ces ajouts ralentissent la vitesse d'exécution d'Awstats : sur des sites internet très visités, il peut s'avérer très utile d'avoir une …</p><p>Après la configuration de base et l'activation de plugins, amusons-nous maintenant à personnaliser nos statistiques avec les "Extra Sections". Avant toute chose, il convient de rappeler que comme certains plugins, ces ajouts ralentissent la vitesse d'exécution d'Awstats : sur des sites internet très visités, il peut s'avérer très utile d'avoir une centralisation des logs et de ne pas utiliser Awstats directement sur les serveurs web de production.</p>
<p>Il est possible, grâce à ces sections, d'ajouter des filtres. Pour un site marchand par exemple on peut trier les produits et lister les meilleures ventes selon les catégories. Il est aussi possible, pour un blog, de voir les hits sur les flux RSS et même de voir quel client RSS est utilisé. C'est ce que je vous propose dans la suite.</p>
<p>Chaque "Extra Section" s'ajoute dans Awstats à la fin du fichier de configuration. Si vous souhaitez utiliser les mêmes sections pour plusieurs fichiers de configuration, il est possible de faire de l'inclusion de fichiers. On peut par exemple créer un fichier /usr/pkg/etc/awstats/extra_sections.conf et écrire dans le fichier de configuration de notre site internet la directive :</p>
<div class="highlight"><pre><span></span><code><span class="k">Include</span> <span class="s2">"</span><span class="s">extra_sections.conf</span><span class="s2">"</span>
</code></pre></div>
<p>Cela peut s'avérer très pratique car les sections sont numérotées. La première section voit ses variables suffixées par le chiffre 1, la deuxième par le chiffre 2, ainsi de suite... Le copier-coller est donc à manier avec précaution, je n'ai jamais tenté d'avoir deux sections 1.</p>
<p>Détaillons à présent un premier exemple : je cherche à lister les visites sur mes flux RSS.</p>
<div class="highlight"><pre><span></span><code>ExtraSectionName1="Flux RSS / Atom"
ExtraSectionCodeFilter1="200 304"
ExtraSectionCondition1="URL,^\\/feed\\/.*"
ExtraSectionFirstColumnTitle1="Nom du flux"
ExtraSectionFirstColumnValues1="URL,^\\/feed\\/([\\w]+)\\/"
ExtraSectionStatTypes1=PHK
MaxNbOfExtra1=1000
MinHitExtra1=1
</code></pre></div>
<p>Cette section filtre donc les codes HTTP <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Liste_des_codes_HTTP#Succ.C3.A8s">200</a> et <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Liste_des_codes_HTTP#Redirection">304</a> ayant lieu dans le répertoires /feed/. J'affiche les URLs commençant par /feed/ pour les lister et enfin, j'indique le nombre de pages et le nombre de hits (qui dans ce cas de flux RSS ont la même valeur). Je décide de limiter le nombre d'entrée à 1000 et estime le nombre minimum de hits pour apparaître dans les stats à 1. Il est possible d'adapter simplement cet exemple à d'autres URLs.</p>
<p>Passons au deuxième exemple :</p>
<div class="highlight"><pre><span></span><code>ExtraSectionName2="Lecteurs de RSS"
ExtraSectionCodeFilter2="200 304"
ExtraSectionCondition2="URL,^\\/feed\\/.*"
ExtraSectionFirstColumnTitle2="logiciel"
ExtraSectionFirstColumnValues2="UA,^([^\\/]*)"
ExtraSectionStatTypes2=PHBL
MaxNbOfExtra2=1000
MinHitExtra2=1
</code></pre></div>
<p>Cette fois-ci je ne liste pas l'URL mais le "User Agent" qui a fait la requête sur /feed/, ce qui me permet de lister les clients RSS utilisés. Enfin, je ne me contente pas seulement de lister les hits (H) et les pages (P), mais aussi la bande passante (B) et les dernières visites (L). On peut filtrer sur de nombreux critères, les voici :</p>
<ul>
<li>URL</li>
<li>URLWITHQUERY</li>
<li>QUERY_STRING</li>
<li>REFERER</li>
<li>UA</li>
<li>HOSTINLOG</li>
<li>HOST</li>
<li>VHOST</li>
</ul>
<p>La documentation d'Awstats possède une <a href="http://awstats.sourceforge.net/docs/awstats_extra.html">page consacrée aux Extra Sections</a> dont je vous recommande la lecture. De même, un site nommé <a href="http://www.internetofficer.com/awstats/">Internet Officer</a> possède de nombreux exemples en rapport avec Google. Il est bien pratique, pour débuter avec les Extra Sections, de partir d'exemples fonctionnels proches (plus ou moins) du résultat qu'on souhaite obtenir. Enfin, le fichier de configuration d'Awstats reste en soi une excellente documentation grâce à la qualité des commentaires déjà présents.</p>Utilisation des plugins Awstats2011-02-14T09:30:00+01:002011-02-14T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-14:/post/2011/02/14/utilisation-des-plugins-awstats/<p>Nous avons vu dans un précédent billet comment mettre en oeuvre la génération de statistiques de visites avec <a href="http://awstats.sourceforge.net/">Awstats</a>. Nous allons maintenant enrichir et améliorer ces statistiques, avec dans un premier temps l'utilisation de plugins. Le prérequis pour ce billet est bien entendu d'avoir configuré Awstats et de posséder les …</p><p>Nous avons vu dans un précédent billet comment mettre en oeuvre la génération de statistiques de visites avec <a href="http://awstats.sourceforge.net/">Awstats</a>. Nous allons maintenant enrichir et améliorer ces statistiques, avec dans un premier temps l'utilisation de plugins. Le prérequis pour ce billet est bien entendu d'avoir configuré Awstats et de posséder les modules Perl suivants : URI::Escape, Storable et Geo::IP.</p>
<h2>Décoder correctement les phrases clés et les mots clés</h2>
<p>Awstats permet de voir quels mots clés et quelles phrases clés ont été utilisés dans un moteur de recherche pour arriver sur votre site. Mais avec les jeux de caractères, Awstats peut avoir du mal à décoder les chaînes de caractères. Pour remédier à cela, il suffit d'activer le plugin decodeutfkeys dans notre fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="decodeutfkeys"
</code></pre></div>
<h2>Accélération des recherches DNS</h2>
<p>Dans notre configuration précédente, Awstats est paramétré pour faire une recherche DNS inverse des IP des visiteurs, ce qui peut prendre du temps. Il est donc possible de créer un fichier de cache pour accélérer ces recherches et éviter de faire 36 fois la même requête DNS. Pour cela, on active le plugin hashfiles :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="hashfiles"
</code></pre></div>
<h2>Géolocalisation des visiteurs</h2>
<p>Il peut s'avérer très intéressant de savoir d'où viennent vos visiteurs selon le thème ou la langue du site : par exemple, un site rédigé en Français a dans le top 10 de ses visiteurs une adresse IP russe, une brésilienne et une chinoise (pays choisis au hasard). Si on regarde dans les logs, on se rend compte que 90% de leurs requêtes terminent en 404 ;) On va donc activer le plugin GeoIP :</p>
<div class="highlight"><pre><span></span><code><span class="n">LoadPlugin</span><span class="o">=</span><span class="s2">"geoip GEOIP_STANDARD /var/www/awstats/GeoIP.dat</span>
<span class="n">LoadPlugin</span><span class="o">=</span><span class="s2">"geoip_city_maxmind GEOIP_STANDARD /var/www/awstats/GeoLiteCity.dat"</span><span class="w"></span>
</code></pre></div>
<p>On remarque que dans le cas de GeoIP, il est nécessaire de disposer d'une base de données associant des plages d'adresses IP à un pays d'appartenance. Le fournisseur le plus connu pour ce type de bases de données est <a href="http://www.maxmind.com/app/ip-locate">Maxmind</a>, qui propose des solutions gratuites et payantes. Deux bases sont disponibles gratuitement, <a href="http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz">celle des pays</a> et <a href="http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz">celle des villes</a>. Ensuite, il reste à placer ces fichiers (décompressés) dans un répertoire accessible à Awstats; personnellement je le met au même endroit que les données de statistiques, donc /var/www/awstats ou /var/lib/awstats selon qu'on est sous NetBSD ou Linux. Les bases de données sont mises à jour chaque mois, pensez donc à régulièrement télécharger les nouvelles versions.</p>
<p>[Attention]{.underline} : ce type de traitement entraîne un ralentissement de la vitesse d'exécution d'Awstats, sur des gros sites cela peut très vite devenir gênant pour la carge CPU et mémoire de votre serveur.</p>
<h2>Autres infos sur les IP des visiteurs</h2>
<p>Plutôt que de copier-coller les IP de vos visiteurs dans un service de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Whois">whois</a>, il est possible d'utiliser le client whois d'Awstats via le plugin hostinfo :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="hostinfo"
</code></pre></div>
<h2>Au prochain épisode...</h2>
<p>Nous avons maintenant quelques détails de plus sur nos visiteurs grâce aux plugins, il nous reste maintenant à mieux comprendre les visites via les directives "ExtraSection", qui fera l'objet d'un prochain billet... :)</p>Logrotate dans pkgsrc : ça marche chez toi ?2011-02-09T09:30:00+01:002011-02-09T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-09:/post/2011/02/09/Logrotate-dans-pkgsrc/<p>Il y a quelques mois maintenant, je me suis inscrit au projet <a href="http://pkgsrc-wip.sourceforge.net/" title="pkgsrc-wip">pkgsrc-wip</a> chez Sourceforge, dans le but de mettre à jour <a href="https://fedorahosted.org/logrotate/" title="Logrotate">Logrotate</a>. Le résultat est maintenant utilisable : il y a un makefile et des patches, tout ça compile sans accrocs sous NetBSD 5.0.2 et 5.1 (en …</p><p>Il y a quelques mois maintenant, je me suis inscrit au projet <a href="http://pkgsrc-wip.sourceforge.net/" title="pkgsrc-wip">pkgsrc-wip</a> chez Sourceforge, dans le but de mettre à jour <a href="https://fedorahosted.org/logrotate/" title="Logrotate">Logrotate</a>. Le résultat est maintenant utilisable : il y a un makefile et des patches, tout ça compile sans accrocs sous NetBSD 5.0.2 et 5.1 (en amd64 du moins), bref de mon côté c'est au poil :)</p>
<p>Je n'ai pas forcément testé intensivement le paquet binaire, donc je lance ce léger appel à tests, si jamais ça intéresse quelqu'un. Comme <a href="http://sourceforge.net/blog/update-on-services/">Le CVS de pkgsrc-wip</a> est actuellement indisponible, vous pouvez télécharger le Makefile et les patches dans une archive <a href="http://media.anotherhomepage.org/pkgsrc/wip/logrotate-wip.tgz">ici</a>. Compilez, faites tourner les logs, merci d'avance !</p>Awstats2011-01-31T09:30:00+01:002011-01-31T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-01-31:/post/2011/01/31/awstats/<h2>Qu'est-ce qu'Awstats ? A quoi sert-il ?</h2>
<p><a href="http://awstats.sourceforge.net/">Awstats</a> est un outil web de statistiques pour un serveur web, FTP ou mail. Il permet donc de voir, pour un site internet par exemple, s'il y a beaucoup de visites, quelles sont les pages les plus visitées, quelle quantité de données est transférée, et …</p><h2>Qu'est-ce qu'Awstats ? A quoi sert-il ?</h2>
<p><a href="http://awstats.sourceforge.net/">Awstats</a> est un outil web de statistiques pour un serveur web, FTP ou mail. Il permet donc de voir, pour un site internet par exemple, s'il y a beaucoup de visites, quelles sont les pages les plus visitées, quelle quantité de données est transférée, et "qui" vient le plus souvent visiter son site. Awstats est un logiciel libre, sous licence GNU GPL. Il peut être appelé dynamiquement, générer des pages HTML de statistiques, ou, grâce à des contributions externes de créer des fichiers PDF. Autre détail qui a son importance : Awstats se base sur les fichiers de log de votre serveur, il n'est donc pas à ma connaissance compatible avec les hébergements mutualisés.</p>
<h2>De quoi ai-je besoin pour le faire fonctionner ?</h2>
<p>Awstats a avant tout besoin de <a href="http://www.perl.org/">Perl</a> ! Ensuite, selon votre besoin ou vos désirs, il faut que votre serveur web puisse exécuter des scripts CGI. Dans le cas d'Apache donc, pas besoin de <a href="http://perl.apache.org/">mod_perl</a> pour afficher vos statistiques Awstats, mais il faudra activer <a href="http://httpd.apache.org/docs/2.2/mod/mod_cgi.html">mod_cgi</a> si vous souhaitez afficher dynamiquement les statistiques.</p>
<p>De plus, selon les fonctionnalités que vous souhaiterez activer, il est nécessaire d'avoir quelques modules Perl. Si vous souhaitez suivre ces billets, il peut être de bon ton d'installer les modules Perl suivants : URI::Escape, Storable, Geo::IP (et non Geo::IPfree) et Net::XWhois . Concernant NetBSD, j'ai installé les paquets suivants :</p>
<ul>
<li>p5-Business-ISBN</li>
<li>p5-Business-ISBN</li>
<li>p5-Geo-IP</li>
<li>p5-MIME-Base64</li>
<li>p5-Net-XWhois</li>
<li>p5-Test-Simple</li>
<li>p5-URI</li>
</ul>
<h2>Installation</h2>
<p>Awstats est généralement fourni dans les paquets de votre distribution Linux ou BSD favorite. Si ce n'est pas dans les dépôts officiels, il est fort probable que des dépôts alternatifs soient disponibles. Ainsi, pour RHEL et ses clones tels que CentOS, vous pouvez utiliser le dépôt <a href="http://fedoraproject.org/wiki/EPEL">EPEL</a>. Si vous ne connaissez aucun dépôt ou que ceux-ci fournissent une version trop ancienne, vous pouvez utiliser <a href="http://awstats.sourceforge.net/#DOWNLOAD">l'archive disponible sur le site d'Awstats</a>. Point non négligeable : comme il s'agit d'un programme Perl, nul besoin de le compiler, ce qui est fort appréciable !</p>
<p>Pour la suite : tous les exemples et codes proviennent d'une machine NetBSD 5, et Awstats est installé grâce au paquet disponible sur pkgsrc.</p>
<h2>Première configuration</h2>
<p>Nous avons donc installé Awstats. Avant de configurer Awstats</p>
<p>La configuration se situe dans <em>/usr/pkg/etc/awstats/' et on y trouve déjà un fichier :</em> awstats.model.conf''. Copions ce modèle et éditons-le :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">blog</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">blog</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Examinons maintenant la configuration, nous allons renseigner :</p>
<ul>
<li>l'emplacement du fichier de logs</li>
<li>le nom (dns) du site web, ainsi que ses alias</li>
<li>renseigner les pages d'index</li>
<li>exclure Awstats des statistiques</li>
<li>exclure notre adresse IP des statistiques</li>
<li>et bien d'autres trucs encore !</li>
</ul>
<p>Attention :</p>
<ul>
<li>je n'affiche par la suite que les options que j'ai modifiées par rapport au modèle</li>
<li>ma configuration date un peu : mon fichier a été créé à l'époque d'Awstats 6.6, et de nouvelles options ont fait leur apparition</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="c1"># Emplacement du fichier de log</span><span class="w"></span>
<span class="n">LogFile</span><span class="o">=</span><span class="s2">"/var/log/httpd/blog-access.log"</span><span class="w"></span>
<span class="c1"># Nom DNS de notre site internet</span><span class="w"></span>
<span class="n">SiteDomain</span><span class="o">=</span><span class="s2">"blog.anotherhomepage.org"</span><span class="w"></span>
<span class="c1"># Autres noms DNS possibles, ou adresse IP directement</span><span class="w"></span>
<span class="n">HostAliases</span><span class="o">=</span><span class="s2">"localhost 127.0.0.1 www.blog.anotherhomepage.org 188.40.96.170"</span><span class="w"></span>
<span class="c1"># Faire une recherche inverse DNS sur les IP des visiteurs, cela permet d'avoir une meilleure visibilité en voyant</span><span class="w"></span>
<span class="c1"># les DNS inversedes FAI, mais attention : sur un gros site, cela peut énormément ralentir Awstats !</span><span class="w"></span>
<span class="c1"># Si vous avez un doute, mettez cette valeur à 0</span><span class="w"></span>
<span class="n">DNSLookup</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Localisation des bases de données des statistiques, ici le chemin NetBSD !</span><span class="w"></span>
<span class="c1"># Sous GNU/Linux, le chemin est généralement /var/lib/awstats</span><span class="w"></span>
<span class="n">DirData</span><span class="o">=</span><span class="s2">"/var/www/awstats"</span><span class="w"></span>
<span class="c1"># Localisation du GCI appelé par notre page de statistiques (awstats.pl)</span><span class="w"></span>
<span class="n">DirCgi</span><span class="o">=</span><span class="s2">"/awstats"</span><span class="w"></span>
<span class="c1"># ...</span><span class="w"></span>
<span class="n">DirIcons</span><span class="o">=</span><span class="s2">"/awstats/icon"</span><span class="w"></span>
<span class="c1"># Awstats peut proposer de mettre à jour en direct les statistiques via un bouton.</span><span class="w"></span>
<span class="c1"># C'est risqué, donc on désactive</span><span class="w"></span>
<span class="n">EnableLockForUpdate</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Je préfère générer la page web en XHTML plutôt qu'en HTML</span><span class="w"></span>
<span class="n">BuildReportFormat</span><span class="o">=</span><span class="n">xhtml</span><span class="w"></span>
<span class="c1"># C'est toujours bien les sauvegardes :)</span><span class="w"></span>
<span class="n">KeepBackupOfHistoricFiles</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Page d'index par défaut</span><span class="w"></span>
<span class="n">DefaultFile</span><span class="o">=</span><span class="s2">"index.html index.php"</span><span class="w"></span>
<span class="c1"># On peut s'exclure des visites : si on est en IP fixe, mieux vaut exclure son IP</span><span class="w"></span>
<span class="c1"># ainsi que celle du serveur et la boucle locale</span><span class="w"></span>
<span class="n">SkipHosts</span><span class="o">=</span><span class="s2">"127.0.0.1 188.40.96.170"</span><span class="w"></span>
<span class="c1"># Ici j'exclue des statistiques le panneau d'admin de Dotclear, le répertoire des thèmes et quelques fichiers</span><span class="w"></span>
<span class="c1"># en rapport avec un plugin</span><span class="w"></span>
<span class="n">SkipFiles</span><span class="o">=</span><span class="s2">"REGEX[^</span><span class="se">\\</span><span class="s2">/admin] REGEX[^</span><span class="se">\\</span><span class="s2">/awstats] REGEX[^</span><span class="se">\\</span><span class="s2">/themes] /?pf=partager2/img/delicious.png /?pf=partager2/img/digg.png /?pf=partager2/img/yahoomyweb.png /?pf=partager2/img/wikio.gif /?pf=partager2/img/sprite_partager2.png"</span><span class="w"></span>
<span class="c1"># Si vous avez des URL de type http://monsite.com/kikoo.php?variable=valeur</span><span class="w"></span>
<span class="c1"># vous pouvez différencier les requêtes selon ce que vaut "valeur"</span><span class="w"></span>
<span class="c1"># Mieux vaut faire de même pour votre referrer ;)</span><span class="w"></span>
<span class="n">URLWithQuery</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="n">URLWithQueryWithoutFollowingParameters</span><span class="o">=</span><span class="s2">"PHPSESSID jsessionid"</span><span class="w"></span>
<span class="n">URLReferrerWithQuery</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Je suis un peu parano sur les bord, je cherche à voir si des vers tentent d'accéder à mon site</span><span class="w"></span>
<span class="n">LevelForWormsDetection</span><span class="o">=</span><span class="mi">2</span><span class="w"></span>
<span class="c1"># Awstats affiche le top 10, sauf si on va dans le détail, où il affiche le top 1000 par défaut</span><span class="w"></span>
<span class="c1"># Moi j'en veux encore plus ! (mais la page est plus longue à charger)</span><span class="w"></span>
<span class="n">MaxRowsInHTMLOutput</span><span class="o">=</span><span class="mi">2000</span><span class="w"></span>
<span class="c1"># Je force la langue en Français, mais vous n'êtes pas obligé d'en faire autant</span><span class="w"></span>
<span class="n">Lang</span><span class="o">=</span><span class="s2">"fr"</span><span class="w"></span>
<span class="c1"># J'affiche les stats sur les vilains vers qui polluent le Net</span><span class="w"></span>
<span class="n">ShowWormsStats</span><span class="o">=</span><span class="n">HBL</span><span class="w"></span>
</code></pre></div>
<h2>Génération des statistiques de visites</h2>
<p>Pour lancer la génération des statistiques, la commande est la suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="c1">--config=blog.anotherhomepage.org --update</span>
</code></pre></div>
<h2>Affichage des statistiques de visites**Par défaut, la configuration suivante existe pour Apache :</h2>
<div class="highlight"><pre><span></span><code>root@vhost:~# cat /usr/pkg/etc/httpd/conf.d/awstats.conf
Alias /awstats/icon/ /usr/pkg/awstats/icon/
Alias /awstats/css/ /usr/pkg/awstats/css/
Alias /awstats/js/ /usr/pkg/awstats/js/
Alias /awstats/ /usr/pkg/awstats/cgi-bin/
<span class="nt"><Location</span> <span class="err">/awstats</span><span class="nt">/></span>
DirectoryIndex awstats.pl
Options ExecCGI FollowSymLinks
AddHandler cgi-script .pl
AddHandler cgi-script .cgi
order allow,deny
allow from all
<span class="nt"></Location></span>
</code></pre></div>
<p>Sous NetBSD, les fichiers .conf présents dans <em>/usr/pkg/etc/httpd/conf.d/</em> sont automatiquement inclus dans votre configuration, ce qui ajoute un certain confort. A noter que de cette manière, vos statistiques sont accessibles au monde entier ! Vous pouvez utiliser un fichier htaccess ou les directives Allow avec votre IP si vous êtes en IP fixe pour restreindre l'accès aux statistiques.</p>
<h2>Automatisation, multiplication et gestion de la rotation des logs</h2>
<p>Tout ça c'est bien, mais une fois qu'on a 2-3 sites internet qui tournent, on ne va pas se connecter chaque jour sur notre serveur pour lancer une mise à jour par site. Il est possible de remédier à cela grâce à un utilitaire fourni avec Awstats : awstats_updateall.pl permet de mettre à jour tous les sites configurés en une seule commande ! En utilisation dans une crontab, tout est automatisé :) Exemple :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">crontab</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">awstats</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Awstats</span><span class="w"> </span><span class="err">:</span><span class="w"></span>
<span class="mi">10</span><span class="w"> </span><span class="mi">0</span><span class="o">-</span><span class="mi">23</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats_updateall</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>Et voici nos statistiques mises à jour toutes les quatre heures, à la dixième minute (00h10, 4h10, 8h10...)</p>
<p>Si vous effectuez une rotation de vos logs avec <a href="https://fedorahosted.org/logrotate/">logrotate</a>, le plus intelligent est encore d'ajouter votre mise à jour de statistiques dans la configuration de logrotate, comme le détaille <a href="http://awstats.sourceforge.net/docs/awstats_faq.html#ROTATE">la FAQ d'Awstats</a>.</p>
<h2>Au prochain épisode...</h2>
<p>Cette configuration basique et fonctionnelle permet d'avoir des statistiques intéressantes, mais nous pouvons aller plus loin, comme par exemple avec la géolocalisation d'adresses IP et l'utilisation d'autres plugins, et même aller jusqu'à créer nos propres filtres pour avoir des statistiques sur certaines parties du site par exemple.</p>
<h2>Commentaires</h2>
<h3>Le 16/02/2011 11:49 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>"Autre détail qui a son importance : Awstats se base sur les fichiers de log de votre serveur, il n'est donc pas à ma connaissance compatible avec les hébergements mutualisés" > Oui et non... Mutualisé au sens strict, avec un prestataire qui te fourni l'espace web (et donc pas d'accès sur admin sur la machine), je suis d'accord.</p>
<p>Mais si c'est un serveur que tu administres, rien ne t'empêche de splitter les fichiers de logs Apache (access et error) pour chaque VirtualHost, de créer plusieurs fichiers de conf awstat, et d'ordonnancer plusieurs tâches Cron pour obtenir des stats propres à chaque site.</p>
<p>;-)</p>
<h3>Le 16/02/2011 19:48 par Nils</h3>
<p>Je n'ai jamais vu de prestataire fournir un hébergement mutualisé où tu peux administrer ton serveur. En général quand tu as un accès administrateur à l'OS, tu es sois sur du VPS (Virtual Private Server), soit sur du RPS (Real Private Server, qui a juste de l'espace disque sur un SAN), soit un véritable serveur dédié. Et pour moi il s'agit d'une question de bon sens de séparer l'access_log de l'error_log et bien entendu d'avoir un couple de log par virtual host.</p>
<p>Pourquoi ordonnancer plusieurs tâches cron quand on a awstats_updateall.pl comme je l'ai indiqué ?</p>
<h3>Le 22/02/2011 13:50 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Si je te dis que je considère que je fais de l'hébergement mutualisé chez moi... Tu comprends mieux mon point de vu ?
Au sens, strict du terme, je suis tout à fait d'accord avec toi ;-)</p>
<p>Sinon, j'avais pas vu la partie sur awstats_updateall.pl... Effectivement, très pratique.</p>Vérifications de permissions - suite2011-01-17T10:41:00+01:002011-01-17T10:41:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-01-17:/post/2011/01/17/verifications-de-permissions-suite/<p><em>Introduction</em> : les astuces de ce billet sont extraites du document “Guide to the Secure Configuration of Red Hat Enterprise Linux 5” édité par la <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/NSA">NSA</a>. Vous pouvez télécharger le document au format PDF dans son intégralité <a href="http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2">sur leur site</a>. Cette introduction me permet d'être en conformité avec leur <a href="http://www.nsa.gov/terms_of_use.shtml#copyright">notice de …</a></p><p><em>Introduction</em> : les astuces de ce billet sont extraites du document “Guide to the Secure Configuration of Red Hat Enterprise Linux 5” édité par la <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/NSA">NSA</a>. Vous pouvez télécharger le document au format PDF dans son intégralité <a href="http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2">sur leur site</a>. Cette introduction me permet d'être en conformité avec leur <a href="http://www.nsa.gov/terms_of_use.shtml#copyright">notice de Copyright</a>.</p>
<p>Après les droits des répertoires et le sticky bit, amusons-nous un peu avec <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Setuid">SUID</a> et SGID : un fichier possédant l'attribut SUID ou SGID permet d'être lancé avec les droits de l'utilisateur ou du groupe qui a été placé, généralement root. Ainsi, le programme <em>at</em>, permettant de lancer une tâche à un moment donné, est accessible aux utilisateurs classiques alors que son fonctionnement nécessite des droits plus élevés. Ceci peut s'avérer risqué car si un programme SUID root possède une faille, celle-ci peut être exploitée avec les droits de root, même si l'attaquant n'a pas les droits.</p>
<p>Comme pour le sticky bit, commençons par vérifier notre environnement :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# whoami
root
root@orgrimmar:~# cat /etc/redhat-release
CentOS release <span class="m">5</span>.5 <span class="o">(</span>Final<span class="o">)</span>
</code></pre></div>
<p>Recherchons maintenant tous les fichiers possédant un SUID ou un SGID :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# find / <span class="se">\\</span><span class="o">(</span> -perm -4000 -o -perm -2000 <span class="se">\\</span><span class="o">)</span> -type f -print
/bin/ping6
/bin/umount
/bin/ping
/bin/mount
/bin/su
/lib64/dbus-1/dbus-daemon-launch-helper
/usr/bin/wall
/usr/bin/chfn
/usr/bin/newgrp
/usr/bin/sudoedit
/usr/bin/chsh
/usr/bin/write
/usr/bin/at
/usr/bin/chage
/usr/bin/crontab
/usr/bin/ssh-agent
/usr/bin/passwd
/usr/bin/sudo
/usr/bin/gpasswd
/usr/bin/locate
/usr/bin/screen
/usr/libexec/openssh/ssh-keysign
/usr/libexec/libvirt_proxy
/usr/libexec/utempter/utempter
/usr/kerberos/bin/ksu
/usr/sbin/userhelper
/usr/sbin/postqueue
/usr/sbin/postdrop
/usr/sbin/usernetctl
/usr/sbin/ccreds_validate
/sbin/netreport
/sbin/mount.nfs4
/sbin/umount.nfs4
/sbin/umount.nfs
/sbin/mount.nfs
/sbin/unix_chkpwd
/sbin/pam_timestamp_check
find: /proc/9859/task/9859/fd/4: Aucun fichier ou répertoire de ce <span class="nb">type</span>
find: /proc/9859/task/9859/fd/4: Aucun fichier ou répertoire de ce <span class="nb">type</span>
find: /proc/9859/fd/4: Aucun fichier ou répertoire de ce <span class="nb">type</span>
find: /proc/9859/fd/4: Aucun fichier ou répertoire de ce <span class="nb">type</span>
root@orgrimmar:~#
</code></pre></div>
<p>Sur le coup, voir autant de lignes peut paraître effrayant, mais si on y regarde de plus près, on peut comprendre que 99% des fichiers indiqués aient besoin du SUID. Le seul qui m'inquiète, c'est screen. Je vais donc regarder sur une autre machine, bien différente cette fois-ci :</p>
<div class="highlight"><pre><span></span><code>nils@tomb:~$ uname -sr
NetBSD <span class="m">5</span>.0.2
nils@tomb:~$ ls -hl /usr/pkg/bin/scree*
lrwxr-xr-x <span class="m">1</span> root wheel 12B Jul <span class="m">11</span> <span class="m">11</span>:23 /usr/pkg/bin/screen@ -> screen-4.0.3
-r-s--x--x <span class="m">1</span> root wheel 279K Jul <span class="m">11</span> <span class="m">11</span>:23 /usr/pkg/bin/screen-4.0.3*
</code></pre></div>
<p>On voit que screen sur ma machine NetBSD a aussi un bit SUID. C'est bon, je peux aller me coucher l'esprit tranquille :) Mais avant, revenons à notre serveur CentOS, et comme pour l'affaire du sticky bit, simulons un programme dont le SUID a été ajouté inutilement :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# cat > testbin
<span class="c1">#!/bin/bash</span>
<span class="nb">echo</span> -n <span class="s2">"Je suis un programme SUID de test"</span>
<span class="nb">exit</span> <span class="m">0</span>
root@orgrimmar:~# chmod -v +x testbin
Le mode d<span class="s1">'accès de `testbin'</span> a été modifié à <span class="m">0755</span> <span class="o">(</span>rwxr-xr-x<span class="o">)</span>.
root@orgrimmar:~# ls -hl testbin
-rwxr-xr-x <span class="m">1</span> root root <span class="m">63</span> déc <span class="m">31</span> <span class="m">00</span>:44 testbin*
root@orgrimmar:~# chmod -v +s testbin
Le mode d<span class="s1">'accès de `testbin'</span> a été modifié à <span class="m">6755</span> <span class="o">(</span>rwsr-sr-x<span class="o">)</span>.
root@orgrimmar:~# ls -hl testbin
-rwsr-sr-x <span class="m">1</span> root root <span class="m">63</span> déc <span class="m">31</span> <span class="m">00</span>:44 testbin*
</code></pre></div>
<p>Relançons notre recherche :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# find /root <span class="se">\\</span><span class="o">(</span> -perm -4000 -o -perm -2000 <span class="se">\\</span><span class="o">)</span> -type f -print
/root/testbin
</code></pre></div>
<p>Supprimons maintenant le SUID et relançons la recherche :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# chmod -v -s testbin
Le mode d<span class="s1">'accès de `testbin'</span> a été modifié à <span class="m">0755</span> <span class="o">(</span>rwxr-xr-x<span class="o">)</span>.
root@orgrimmar:~# find /root <span class="se">\\</span><span class="o">(</span> -perm -4000 -o -perm -2000 <span class="se">\\</span><span class="o">)</span> -type f -print
root@orgrimmar:~#
</code></pre></div>
<p>Et voilà, nous sommes tranquilles :)</p>
<p><strong>Que faire si j'ai un doute sur un programme ?</strong> Plusieurs possibilités : s'il s'agit d'un programme qui est fourni par les paquets de votre distribution, on peut toujours aller vérifier sur d'autres machines, dont l'OS ou la distribution peut différer (comme je l'ai fait avec screen); un même programme nécessitant le SUID sur 2 OS différents peut légèrement rassurer. Si le logiciel est libre (exemple : GNU screen :D), on peut aussi aller chercher dans les fichiers de création du paquet binaire, pour les RPM il suffit de chercher le SRPM du logiciel et de l'installer sur une machine de test. Ensuite, on regarde le contenu du fichier .spec qui sert à la création de ce paquet : en effet, ces fichiers contiennent la liste et les droits des fichiers et répertoires du paquet que l'on veut compiler :) Si un .spec n'indique pas que le programme est SUID, alors il est temps de s'inquiéter !</p>Vérifications de permissions2010-12-30T11:11:00+01:002010-12-30T11:11:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-12-30:/post/2010/12/30/Vérifications-de-permissions/<p><em>Introduction</em> : les astuces de ce billet sont extraites du document “Guide to the Secure Configuration of Red Hat Enterprise Linux 5” édité par la <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/NSA">NSA</a>. Vous pouvez télécharger le document au format PDF dans son intégralité <a href="http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2">sur leur site</a>. Cette introduction me permet d'être en conformité avec leur <a href="http://www.nsa.gov/terms_of_use.shtml#copyright">notice de …</a></p><p><em>Introduction</em> : les astuces de ce billet sont extraites du document “Guide to the Secure Configuration of Red Hat Enterprise Linux 5” édité par la <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/NSA">NSA</a>. Vous pouvez télécharger le document au format PDF dans son intégralité <a href="http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2">sur leur site</a>. Cette introduction me permet d'être en conformité avec leur <a href="http://www.nsa.gov/terms_of_use.shtml#copyright">notice de Copyright</a>.</p>
<p>Je vous propose de vérifier les permissions de certains de vos fichiers sur votre serveur ou poste fonctionnant sur un système Linux. Le but est de limiter les possibilités de tentatives d'intrusion en recherchant les moyens d'entrée possibles. Commençons par vérifier notre environnement :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# whoami
root
root@orgrimmar:~# cat /etc/redhat-release
CentOS release <span class="m">5</span>.5 <span class="o">(</span>Final<span class="o">)</span>
</code></pre></div>
<p>Recherchons maintenant tous les répertoires dont les droits permettent à n'importe quel utilisateur d'écrire dedans, et dont le <em>sticky bit</em> n'est pas positionné :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# find / -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
</code></pre></div>
<p>Si jamais votre machine possède de nombreuses partitions, et qu'elles sont du genre bien remplies, il est possible de limiter la recherche de <em>find</em> à une partition à la fois :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:~# find / -xdev -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
root@orgrimmar:~# find /home -xdev -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
root@orgrimmar:~# find /var -xdev -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
</code></pre></div>
<p>Idéalement (et c'est le cas sur ma machine, ouf !), cette commande ne devrait occasionner aucun affichage. Maintenant, amusons-nous un peu :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:/tmp# mkdir insecure
root@orgrimmar:/tmp# chmod -v <span class="m">777</span> insecure
Le mode d<span class="s1">'accès de `insecure'</span> a été modifié à <span class="m">0777</span> <span class="o">(</span>rwxrwxrwx<span class="o">)</span>.
root@orgrimmar:/tmp# find /tmp/ -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
/tmp/insecure
</code></pre></div>
<p>Positionnons maintenant le sticky bit :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:/tmp# ls -hl /tmp/ <span class="p">|</span> grep insecure
drwxrwxrwx <span class="m">2</span> root root <span class="m">4</span>,0K déc <span class="m">30</span> <span class="m">23</span>:54 insecure/
root@orgrimmar:/tmp# chmod -v +t /tmp/insecure/
Le mode d<span class="s1">'accès de `/tmp/insecure/'</span> a été modifié à <span class="m">1777</span> <span class="o">(</span>rwxrwxrwt<span class="o">)</span>.
root@orgrimmar:/tmp# ls -hl /tmp/ <span class="p">|</span> grep insecure
drwxrwxrwt <span class="m">2</span> root root <span class="m">4</span>,0K déc <span class="m">30</span> <span class="m">23</span>:54 insecure/
root@orgrimmar:/tmp# find /tmp/ -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 -a ! -perm -1000 <span class="se">\\</span><span class="o">)</span> -print
root@orgrimmar:/tmp#
</code></pre></div>
<p>Qu'est-ce que le <em>sticky bit</em> ? Extrait de la page de manuel de <em>chmod</em> (man chmod) :</p>
<blockquote>
<p>t (sticky-bit) conserver le code du programme sur le périphérique de swap après exécution. Il s’agit du comportement original, mais de nos jours il sert uniquement pour les répertoires. Il indique que seuls le propriétaire du répertoire, et le propriétaire d’un fichier qui s’y trouve ont le droit de supprimer ce fichier. C’est typiquement utilisé pour les répertoires comme /tmp ayant une autorisation d’écriture générale.</p>
</blockquote>
<p>Vérifions cela :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:/tmp# <span class="nb">cd</span> /
root@orgrimmar:/# ls -hl <span class="p">|</span> grep tmp
drwxrwxrwt <span class="m">5</span> root root <span class="m">4</span>,0K déc <span class="m">30</span> <span class="m">23</span>:59 tmp/
</code></pre></div>
<p>Le sticky bit est positionné. Je suis rassuré. Néanmoins, il ne fait pas tout. Regardons donc quels répertoires sont accessibles à tous les utilisateurs, sans chercher à savoir si le sticky bit est positionné :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:/# find / -type d <span class="se">\\</span><span class="o">(</span> -perm -0002 <span class="se">\\</span><span class="o">)</span> -print
/var/tmp
/var/lib/xenstored
/dev/shm
/tmp
/tmp/insecure
/tmp/.ICE-unix
</code></pre></div>
<p>Cela fait déjà un peu plus de monde... pas très rassurant mais à part notre répertoire <em>insecure</em>, pas de quoi s'affoler : <em>/var/tmp</em> et <em>/tmp</em> sont des répertoires destinés aux fichiers temporaires des programmes en fonctionnement, <em>/var/shm</em> désigne <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/M%C3%A9moire_partag%C3%A9e">la mémoire partagée</a> et le xenstored sert <a href="http://books.google.com/books?id=XS-Jj7s2nhYC&pg=PA68&lpg=PA68&dq=/var/lib/xenstored&source=bl&ots=UUPHrW9az-&sig=NvdqPm8-x3cC6UOPlGEpRGOXKQY&hl=fr&ei=sw4dTcycMouo8QPnsrm9BQ&sa=X&oi=book_result&ct=result&resnum=4&ved=0CC8Q6AEwAw#v=onepage&q=%2Fvar%2Flib%2Fxenstored&f=false">au bon fonctionnement de l'hyperviseur Xen</a>.</p>
<p>Pour finir, nous pouvons nettoyer notre petite expérience :</p>
<div class="highlight"><pre><span></span><code>root@orgrimmar:/# rmdir -v /tmp/insecure/
rmdir: destruction du répertoire /tmp/insecure/
root@orgrimmar:/# ls -hal /tmp/ <span class="p">|</span> grep secu
</code></pre></div>
<h2>Commentaires</h2>
<h3>Le 06/01/2011 19:09 par <a href="http://www.sakana.fr/blog/">stephane</a></h3>
<p>Hello,</p>
<p>Juste un petit commentaire en passant, vu que ça fait longtemps :-)</p>
<p>Un flag de ls a connaître : -d, pour éviter le ls .... | grep .... , tu peux faire un ls -ld /tmp par exemple. Ça te sort le ls du répertoire et non de son contenu.</p>
<p>A+</p>
<p>Stéphane</p>Reconstruction d'un RAID 1 logiciel sous Linux2010-09-01T11:42:00+02:002010-09-01T11:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-09-01:/post/2010/09/01/Reconstruction-d-un-RAID-1-logiciel-sous-Linux/<p>Depuis maintenant plus d'un an, lors de l'achat de ma machine actuelle de bureau, j'ai décidé de configurer mes disques durs en <a href="http://fr.wikipedia.org/wiki/RAID_%28informatique%29#RAID_1_:_Disques_en_miroir">RAID 1</a>. Cela n'évite pas d'avoir un besoin de sauvegarde, mais ça aide beaucoup au niveau de la conscience. Et c'est quand l'un des disques ralentit tout le …</p><p>Depuis maintenant plus d'un an, lors de l'achat de ma machine actuelle de bureau, j'ai décidé de configurer mes disques durs en <a href="http://fr.wikipedia.org/wiki/RAID_%28informatique%29#RAID_1_:_Disques_en_miroir">RAID 1</a>. Cela n'évite pas d'avoir un besoin de sauvegarde, mais ça aide beaucoup au niveau de la conscience. Et c'est quand l'un des disques ralentit tout le système, et émet un "clac" bien sonore à chaque écriture qu'on se dit que bon, c'était vraiment une bonne idée, le RAID.</p>
<p>Donc, on retire le disque, l'OS couine un peu et envoie des mails parce que mon raid est dégradé. Et ensuite, on court acheter un disque dur. J'ai choisi d'acheter le même modèle que le défectueux, et de même capacité. Je rebranche le nouveau disque dans la machine à la place de l'ancien, je démarre, reçois à nouveau un mail...</p>
<p>Et ensuite? Il faut recréer les partitions, et les ajouter au raid pour que la reconstruction se fasse. Pour une raison que j'ignore, lors de l'installation, <a href="http://fedoraproject.org/">Fedora 12</a> n'a pas alloué un nombre entiers de cylindres à mes partitions (je suis depuis passé à la 13). Du coup, tenter de recréer les partitions est une véritable galère... Je pense l'espace d'un instant à cloner mon disque avec dd. Le problème, c'est que les disques durs ayant une capacité d'un téra-octet, je ne suis pas couché.</p>
<p>La solution vient de chez <a href="https://support.ikoula.com/index.php?mod_id=2&id=1997&kb_rating=yes">Ikoula</a>, et consiste à utiliser <a href="http://www.delafond.org/traducmanfr/man/man8/sfdisk.8.html">sfdisk</a> pour reproduire la table des partitions, et ensuite ajouter les partitions au RAID. Petite différence toutefois, il m'a fallu réclamer à sfdisk de forcer l'écriture de la table, sans doute à cause de cette histoire de cylindres :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">sfdisk</span><span class="w"> </span><span class="c1">--dump /dev/sda | sfdisk --force /dev/sdb </span>
</code></pre></div>
<p>Je dispose de deux arrays RAID, donc pour les reconstruire :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mdadm</span><span class="w"> </span><span class="o">--</span><span class="n">manage</span><span class="w"> </span><span class="o">--</span><span class="k">add</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">md0</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">sdb1</span><span class="w"></span>
<span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mdadm</span><span class="w"> </span><span class="c1">--manage --add /dev/md1 /dev/sdb3 </span>
</code></pre></div>
<p>Trois heures plus tard, le RAID est reconstruit ! Je peux à nouveau dormir tranquille.</p>
<h2>Commentaires</h2>
<h3>Le 01/09/2010 14:00 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>C'est en parti pour ça que je suis passé d'un serveur home made (Debian) à un
NAS QNAP...</p>
<p>Car même en ayant fait des essais de panne fictive, dans l'urgence d'un disque HS sur mon RAID5, je n'aurais pas supporté de galérer pour trouver la solution qui va bien (avec la crainte de tout effacer dans une manip' foireuse).</p>
<p>Bref, j'ai perdu un degré non négligeable de liberté avec mon NAS, mais pour ce genre de problématique... C'est du clicodrome, et même encore plus simple avec le pilotage par l'écran LCD.</p>
<p>;-)</p>
<h3>Le 01/09/2010 17:10 par Nils</h3>
<p>A mon sens ça n'a pas été si galère que ça, si je n'avais pas trouvé la solution à base de sfdisk j'aurais cloné le disque avec dd. Resynchroniser le RAID c'est deux commandes (une par array) triviales. Niveau clickodrôme, il y a un outil qui me semblait pouvoir le faire dans Fedora mais j'avoue que j'avais beaucoup moins de craintes avec mdadm.</p>Saines lectures pour l'été2010-07-26T16:24:00+02:002010-07-26T16:24:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-07-26:/post/2010/07/26/Saines-lectures-pour-l-été/<p>C'est l'été ! Parfois il est bon d'arrêter deux minutes les manipulations sur nos machines, d'aller faire un tour dans un espace vert ou à la plage, et de sortir un livre... sur nos sujet favoris, bien sûr !</p>
<p>Voici donc, en vrac, quelques pages web, livres, documentations, gratuits ou non, qui …</p><p>C'est l'été ! Parfois il est bon d'arrêter deux minutes les manipulations sur nos machines, d'aller faire un tour dans un espace vert ou à la plage, et de sortir un livre... sur nos sujet favoris, bien sûr !</p>
<p>Voici donc, en vrac, quelques pages web, livres, documentations, gratuits ou non, qui valent le coup d'être lus, en papier ou sur vos tablettes/netbook/PDA :</p>
<ul>
<li>Disponible en PDF, <a href="http://ftacademy.org/materials/fsm/2">GNU/Linux Advanced Administration</a></li>
<li><a href="http://www.haypocalc.com/wiki/Bash">Apprendre Bash</a>, cela fait partie de mes marque-pages quand j'ai un trou de mémoire au milieu d'un script</li>
<li><a href="http://www.gnulinuxmag.com/">Linux Magazine</a>, l'incontournable ! A noter que le hors-série de cet été étant consacré à Python, ceux qui veulent s'y (re)mettre peuvent trouver <a href="http://www.inforef.be/swi/python.htm">un cours Python</a></li>
<li><a href="http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.fr.pdf">Le manuel de sécurisation de Debian</a>, merci <a href="http://forums.quebecos.com/showthread.php?tid=5519">QuébecOS</a> !</li>
<li>Quand c'est accessible, une belle collection d'astuces en PDF chez <a href="http://www.cyberciti.biz/tips/nixcraft-faq-pdf-collection-now-available-to-all.html">NixCraft</a></li>
<li>Depuis le début de l'année, <a href="http://bsdmag.org/">BSD Magazine</a> est disponible gratuitement sous forme de fichier PDF : <a href="http://bsdmag.org/magazine/1267-openbsd">le numéro de Juillet</a> se concentre sur OpenBSD, avec en particulier un article sur la création de firewall avec <a href="http://www.openbsd.org/faq/pf/fr/index.html">PF</a> et <a href="http://www.fwbuilder.org/">Firewall Builder</a></li>
</ul>
<p>Bonnes vacances pour ceux qui y sont !</p>Dédé le clown et son copain le live-cd2010-05-25T16:30:00+02:002010-05-25T16:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-05-25:/post/2010/05/25/Dédé-et-son-copain-le-live-cd/<p>C'est l'histoire de Dédé le clown, ou plutôt de <a href="http://fr.wikipedia.org/wiki/Dd_%28Unix%29">dd</a> le clone, qui rend bien service lorsqu'on a des sueurs froides... Mais qu'est-ce que dd ? Depuis la page de manuel, on peut lire : "convert and copy a file". C'est tellement simple qu'on se dit que ce n'est pas très puissant …</p><p>C'est l'histoire de Dédé le clown, ou plutôt de <a href="http://fr.wikipedia.org/wiki/Dd_%28Unix%29">dd</a> le clone, qui rend bien service lorsqu'on a des sueurs froides... Mais qu'est-ce que dd ? Depuis la page de manuel, on peut lire : "convert and copy a file". C'est tellement simple qu'on se dit que ce n'est pas très puissant, mais on se met à créer des fichiers d'image disque, ou cloner des disques durs entiers, on comprend que parfois les énoncés les plus court peuvent être très complet ! La page wikipédia de dd en Français contient quelques exemples utiles, mais <a href="http://en.wikipedia.org/wiki/Dd_%28Unix%29">la page anglophone</a> en contient encore plus !</p>
<p>Imaginons maintenant la situation : vous possédez deux machines, identiques. Vous installez la première et désirez installer la seconde à l'identique, il suffit de cloner le disque dur à l'aide de dd et de copier votre clone, toujours à l'aide de dd, sur la seconde machine. Une autre situation, que je ne vous souhaite pas : vous disposez de deux machines identiques toujours, mais l'OS de l'une d'entre elles se trouve endommagés (imaginez par exemple, 3/4 des fichiers de /boot disparus, idem dans /lib et à quelques autres endroits). Ajoutons à cela là contrainte que vous ne pouvez pas éteindre la machine encore en marche, et que le temps presse. Pas besoin de chercher deux heures un outil de clonage, il est installé sur votre linux adoré : dd. Récupérons un disque dur USB dont la capacité excède celle du disque local. Voici comment on clone le disque dur :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@machinequimarche ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">M</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">sda</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">media</span><span class="o">/</span><span class="n">usb</span><span class="o">/</span><span class="n">machine1</span><span class="p">.</span><span class="n">img</span><span class="w"></span>
</code></pre></div>
<p>Je pars du principe que le disque dur s'appelle /dev/sda et que le disque USB est monté sous /media/usb/, mais cela peut différer selon la situation de chacun. On notera que l'option "bs=1M" (copier par blocs de 1 Méga-octet) rend la copie plus rapide. J'aurais bien tenté des blocs encore plus grands mais la copie s'est avérée déjà bien rapide.</p>
<p>Une fois la copie terminée (environ une bonne heure pour 70Go de disque, sachant qu'il y avait du raid 1 matériel sur du SCSI 10000 tours...), reste à se rendre devant la deuxième machine, de démarrer celle-ci sur un live-cd contenant lui aussi dd (n'importe quel live-cd de distriubtion Linux devrait l'avoir), et copier dans l'autre sens :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@machinequimarchepas ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">M</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">media</span><span class="o">/</span><span class="n">usb</span><span class="o">/</span><span class="n">machine1</span><span class="p">.</span><span class="n">img</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">sda</span><span class="w"></span>
</code></pre></div>
<p>Bien sûr, on a au préalable monté le disque USB ;) Une fois la copie terminée, le disque démonté, je recommande de monter les partitions du disque local (/dev/sda pour mon cas), et d'aller modifier les noms d'hôte, les adresses IP et autres configurations particulières qu'on pourrait trouver dans /etc, sinon la mise en réseau de la machine risquerait d'être problématique. Dans le cas d'une RHEL/CentOS/Fedora, on pensera à modifier :</p>
<ul>
<li>/etc/hosts</li>
<li>/etc/sysconfig/network</li>
<li>/etc/sysconfig/network-scripts/ifcf-* (selon vos configurations, plusieurs cartes réseau, bonding...)</li>
<li>/etc/sysconfig/iptables-config si vous sauvegardez ici votre firewall, sinon regardez votre script de firewall</li>
</ul>
<p>Autre chose, surtout pour les utilisateurs des distributions sus-cités : le mode rescue n'est disponible que sur le CD1 ou DVD1, mais pas dans le boot.iso ou tout autre média de net-install. Ce mode permet de démarrer sur un système live minimaliste permettant de monter les partitions du système, de monter un disque dur usb (si vous le branchez avant de booter pour du RHEL4), et bien sûr, d'accéder à dd :)</p>Nombre d'occurences d'un champ dans un fichier2010-03-01T12:30:00+01:002010-03-01T12:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-03-01:/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier/<p>Après la coloration d'un grep pour une histoire de cron, voici un autre cas sympathique : je souhaitais savoir qui faisait le plus de requêtes sur un serveur web (Apache), avec un classement. Un genre de top 5 ou top 10 des plus gros requêteurs de pages sur le dit serveur …</p><p>Après la coloration d'un grep pour une histoire de cron, voici un autre cas sympathique : je souhaitais savoir qui faisait le plus de requêtes sur un serveur web (Apache), avec un classement. Un genre de top 5 ou top 10 des plus gros requêteurs de pages sur le dit serveur, en somme. J'ai cherché du côté de <a href="http://fr.wikipedia.org/wiki/Awk">Awk</a>, qui permet de manipuler à loisir les sorties de programmes et autres fichiers textes.</p>
<p>Comme je ne suis pas très doué en Awk, j'ai demandé à mon moteur de recherche favori (qui n'est plus Goo... d'ailleurs) comment obtenir le nombre d'occurrences d'une chaîne de caractères. La réponse se trouvait <a href="http://www.commentcamarche.net/forum/affich-8588796-awk-nombre-d-occurrences-d-un-mot">là</a>. Par contre pour faire mon top 10, il me fallait ensuite trier la liste obtenue en utilisant le nombre d'occurrences comme critère. Après quelques pipelines et autres awk hasardeux, j'en suis venu à ça :</p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%d\\t%s" , frequencies[ip] , ip;}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">mon</span><span class="o">/</span><span class="n">fichier</span><span class="o">/</span><span class="n">de</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">apache</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">gr</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
</code></pre></div>
<p>Grâce à Awk, j'obtiens une sortie avec d'abord le nombre de requêtes, puis l'adresse ip. J'envoie ensuite cette sortie dans sort, dont l'option -g permet de faire des tris sur des nombres et l'option -r permet d'inverser le tri. Pour finir, head me permet de limiter mon classement aux 10 meilleurs. Cette ligne ne me satisfait pas complètement, car j'ai d'abord le nombre de requêtes, puis l'adresse IP. j'aurais aimé trouver une solution élégante mais tout ce que j'ai pu faire c'est invoquer à nouveau awk après le sort. Si quelqu'un a une idée, je suis preneur ;-)</p>
<h2>Commentaires</h2>
<h3>Le 01/03/2010 16:27 par <a href="http://www.sakana.fr/blog/">Stéphane</a></h3>
<p>Hello,</p>
<p>Eh oui, je lis toujours tes billets :-D</p>
<p>Pour le coup d'avoir d'abord l'IP puis le nbr de requêtes, tu peux inverser dans ton printf pour avoir l'affichage désiré, puis trier par le 2e champs avec un sort -gr -k 2,2 (je peux pas tester là, mais ça devrait à peu près coller je crois).</p>
<p>À plus !</p>
<p>Stéphane</p>
<h3>Le 02/03/2010 08:54 par Nils</h3>
<p>Effectivement, c'est bien cela ! La commande complète devient : </p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%s\t%d\n" , ip , frequencies[ip];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">mon</span><span class="o">/</span><span class="n">fichier</span><span class="o">/</span><span class="n">de</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">apache</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">gr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
</code></pre></div>
<p>Merci !</p>
<h3>Le 02/03/2010 12:46 par <a href="http://www.sakana.fr/blog/">Stéphane</a></h3>
<p>Bah de rien !</p>
<p>Tiens, une alternative ... Speciale dédicace, Nils :-)</p>
<p>http://www.sakana.fr/blog/2010/03/02/perl-counting-occurences-of-ip-addresses-in-apache-logs/</p>
<p>A+
Stéphane</p>Recherche colorée dans les logs avec perl2010-02-13T12:35:00+01:002010-02-13T12:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-02-13:/post/2010/02/13/Recherche-colorée-dans-les-logs-avec-perl/<p>Voici un petit one-liner assez sympathique, dont on m'avait parlé dans la semaine et sur lequel <a href="http://www.karlesnine.com/post/2008/05/20/Tail-mais-en-couleur">je suis tombé par hasard</a> en cherchant autre chose. Le principe est d'afficher dans une autre couleur un texte donné dans une recherche, comme par exemple une erreur précise dans un fichier de logs …</p><p>Voici un petit one-liner assez sympathique, dont on m'avait parlé dans la semaine et sur lequel <a href="http://www.karlesnine.com/post/2008/05/20/Tail-mais-en-couleur">je suis tombé par hasard</a> en cherchant autre chose. Le principe est d'afficher dans une autre couleur un texte donné dans une recherche, comme par exemple une erreur précise dans un fichier de logs. Sur une machine j'ai des problèmes avec cron, je l'utilise donc de la manière suivante :</p>
<p><code>root@lolcathost:~# tail -f /var/log/syslog | perl -pe 's/cron/\\e[1;31m$&\\e[0m/ig'</code></p>
<p>On remarque une différence avec le lien indiqué plus haut, j'ai mis "/ig" à la fin au lieu de "/g". Pourquoi? J'avais besoin de faire la recherche sans tenir compte de la casse, et j'ai trouvé l'option suite à une <a href="http://www.mindflip.com/inet/perl/regex.html">rapide recherche</a>. Je devrais vraiment me mettre à perl, ça me semble vraiment efficace et pratique :-)</p>
<p>Pour ceux qui pensent que j'ai fait une faute de frappe dans la recopie du prompt, je leur recommande d'aller voir <a href="http://sam.linuxfr.org/517">ici</a>.</p>
<h2>Commentaires</h2>
<h3>Le 25/04/2010 10:46 par <a href="http://www.karlesnine.com">karles</a></h3>
<p>Plus simple encore "grep --color" met en couleur la chaine recherché. Pour toute la ligne le one-liner en perl reste le plus efficace.</p>
<p>Karles</p>Supprimer ses daily outpout dans NetBSD2010-01-20T23:59:00+01:002010-01-20T23:59:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-01-20:/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD/<p>Il m'arrive d'écrire ailleurs qu'ici. Ma dernière contribution à l'extérieur explique comment supprimer les mails journaliers "daily output" de NetBSD sans pour autant supprimer les envois de mail "security output" envoyés si un problème de sécurité est détecté sur le système. Au lieu de tout recopier, je préfère mettre <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:dailyoutput">un …</a></p><p>Il m'arrive d'écrire ailleurs qu'ici. Ma dernière contribution à l'extérieur explique comment supprimer les mails journaliers "daily output" de NetBSD sans pour autant supprimer les envois de mail "security output" envoyés si un problème de sécurité est détecté sur le système. Au lieu de tout recopier, je préfère mettre <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:dailyoutput">un lien</a>.</p>
<p>Bonne lecture !</p>Coloration syntaxique de fichiers de configuration Apache sous Vim2009-11-13T10:35:00+01:002009-11-13T10:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-11-13:/post/2009/11/13/Coloration-syntaxique-de-fichiers-de-configuration-Apache-sous-Vim/<p>Une petite astuce qui peut s'avérer pratique si comme moi on apprécie beaucoup la coloration syntaxique de Vim. Je scinde mes virtual hosts en plusieurs fichiers de configuration, en général un par domaine. Or, contrairement au reste des fichiers de configuration classiques d'Apache, et des fichiers de configuration d'applications web …</p><p>Une petite astuce qui peut s'avérer pratique si comme moi on apprécie beaucoup la coloration syntaxique de Vim. Je scinde mes virtual hosts en plusieurs fichiers de configuration, en général un par domaine. Or, contrairement au reste des fichiers de configuration classiques d'Apache, et des fichiers de configuration d'applications web (comme phpMyAdmin, Cacti ou Nagios), mes fichiers de virtual hosts ne sont pas colorés. J'ai remarqué que le fichier de configuration Apache de phpMyAdmin sous NetBSD possédait l'en-tête suivante :</p>
<div class="highlight"><pre><span></span><code><span class="o">#</span><span class="w"> </span><span class="p">$</span><span class="nv">NetBSD</span><span class="o">:</span><span class="w"> </span><span class="nv">phpmyadmin</span><span class="o">.</span><span class="nv">conf</span><span class="p">,</span><span class="nv">v</span><span class="w"> </span><span class="mf">1.3</span><span class="w"> </span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">03</span><span class="w"> </span><span class="mi">10</span><span class="o">:</span><span class="mi">46</span><span class="o">:</span><span class="mi">28</span><span class="w"> </span><span class="nv">adrianp</span><span class="w"> </span><span class="nv">Exp</span><span class="w"> </span><span class="p">$</span><span class="w"></span>
<span class="o">#</span><span class="w"></span>
<span class="o">#</span><span class="w"> </span><span class="nv">phpmyadmin</span><span class="w"> </span><span class="nv">configuration</span><span class="w"> </span><span class="nv">file</span><span class="w"> </span><span class="nv">fragment</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nv">Apache</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc ajouté à mon fichier de virtual host l'en-tête suivante :</p>
<div class="highlight"><pre><span></span><code># <span class="nv">Another</span> <span class="nv">Home</span> <span class="nv">Page</span> <span class="nv">configuration</span> <span class="nv">file</span> <span class="nv">fragment</span> <span class="k">for</span> <span class="nv">Apache</span>
</code></pre></div>
<p>Et voici mon fichier tout coloré ! A noter qu'au préalable, j'avais activé la coloration syntaxique. Voici un fichier de configuration basique de Vim pour la coloration syntaxique à enregistrer dans <em>\~/.vimrc</em> :</p>
<div class="highlight"><pre><span></span><code>syntax on
set bg=dark
</code></pre></div>
<p>Si vous utilisez un terminal à fond blanc/clair, remplacez <em>dark</em> par <em>light</em>.</p>Utilisation transparente d'une passerelle SSH2009-11-09T11:56:00+01:002009-11-09T11:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-11-09:/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH/<p>Ou comment rebondir sans même le faire exprès !</p>
<p>J'aime beaucoup OpenSSH. C'est un très bon logiciel, au-delà des capacités de chiffrement ou de son système de transfert de fichiers. Tunnels et commandes automatisées, authentification par clés, tout est bon dans le poisson ! Comme mon billet en 3 étapes m'a semblé …</p><p>Ou comment rebondir sans même le faire exprès !</p>
<p>J'aime beaucoup OpenSSH. C'est un très bon logiciel, au-delà des capacités de chiffrement ou de son système de transfert de fichiers. Tunnels et commandes automatisées, authentification par clés, tout est bon dans le poisson ! Comme mon billet en 3 étapes m'a semblé clair, je continue sur l'organisation énoncé - possibilités - mise en œuvre.</p>
<h2>C'est quoi ton problème ?</h2>
<p>Imaginons une zone réseau (au hasard une <a href="http://fr.wikipedia.org/wiki/Zone_d%C3%A9militaris%C3%A9e">DMZ</a>) dans laquelle il y a une ou plusieurs machines, possédant toutes un serveur OpenSSH. Une seule machine peut accéder à ce réseau, cette "passerelle" servant de rebond pour accéder aux autres serveurs en SSH. Au bout d'un certain nombre de fois, il devient rébarbatif d'avoir à se connecter d'abord à la "passerelle" puis à se connecter au serveur pour y faire les manipulations désirées. Il faudrait automatiser le rebond pour qu'il se fasse tout seul, en quelque sorte.</p>
<h2>Et t'as quoi comme solution ?</h2>
<p>Il en existe plusieurs. Celle que je décris ici est celle qui me convient le mieux, mais peut ne pas vous satisfaire. Ne la considérez donc pas comme LA solution.Le principe est d'utiliser le fichier de configuration "utilisateur" d'OpenSSH (<em>\~/.ssh/config</em>)pour automatiser le rebond via la directive "ProxyCommand". Commençons d'abord par lister les logiciels nécessaires : il nous suffit d'une machine avec un client OpenSSH (disponible sur tous les unix normalement, et sous Windows avec Cygwin), et sur la machine "passerelle", en plus du serveur OpenSSH, il nous faut le client et Netcat. Notez que dans mon cas :</p>
<ul>
<li>le client est sous NetBSD 5.0.1</li>
<li>la passerelle est sous CentOS 5.4</li>
<li>les serveurs accédés sous sous l'un des deux OS mentionnés ci-dessus</li>
<li>j'ai reproduit ce système avec des RHEL 4</li>
</ul>
<p>La commande de l'outil Netcat est "nc", vérifions donc que les commandes sont disponibles, d'abord le client :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">ssh</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">ssh</span><span class="w"></span>
</code></pre></div>
<p>Et puis la passerelle :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@passerelle</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">ssh</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@passerelle</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">nc</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">nc</span><span class="w"></span>
</code></pre></div>
<p>Le chemin n'est pas forcément le même selon l'OS utilisé, l'important c'est que les outils soient installés.</p>
<h2>On passe à l'action ?</h2>
<p>Rentrons à présent dans le vif du sujet. La configuration ne se fait que depuis la machine cliente, commençons par configurer un accès vers la passerelle. Pour cela, il faut créer un fichier <em>\~/.ssh/config</em>, et l'éditer avec le logiciel qui vous conviendra le mieux : dans mon cas, il s'agit de Vim. N'oublions pas de créer le répertoire .ssh/ s'il n'existe pas :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">~</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">600</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">touch</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">644</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">vim</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
</code></pre></div>
<p>Note : les droits sont très importants ! La configuration pour la passerelle est la suivante :</p>
<div class="highlight"><pre><span></span><code>Host passerelle
Hostname lenomouladresseipdelapasserelle
Port 22
Protocol 2
User nils
ProxyCommand none
</code></pre></div>
<p>On remarque que cette configuration n'a pour but que de simplifier les connexions vers la machine passerelle, il devient ainsi aisé de taper <em>ssh passerelle</em> au lieu de <em>ssh nils\@lenomouladresseipdelapasserelle</em> (et le numéro de port si votre serveur OpenSSH n'écoute pas sur le port 22). Passons à la configuration pour accéder au serveur nommé <em>serveurdmz1</em>, qu'on ajoute à la suite du fichier config en cours d'édition :</p>
<div class="highlight"><pre><span></span><code><span class="k">Host</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="w"> </span><span class="n">Hostname</span><span class="w"> </span><span class="n">lenomouladresseipduserveurdepuislapasserelle</span><span class="w"></span>
<span class="w"> </span><span class="n">Port</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="w"> </span><span class="n">Protocol</span><span class="w"> </span><span class="mi">2</span><span class="w"></span>
<span class="w"> </span><span class="k">User</span><span class="w"> </span><span class="n">nils</span><span class="w"></span>
<span class="w"> </span><span class="n">ProxyCommand</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">nils</span><span class="nv">@passerelle</span><span class="w"> </span><span class="ss">"nc %h %p"</span><span class="w"></span>
</code></pre></div>
<p>On remarque que la directive ProxyCommand utilise directement le nom <em>passerelle</em>, grâce à la configuration précédente. On sauvegarde et on quitte (sous Vi/Vim : Echap puis ZZ). Maintenant on teste le résultat :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@passerelle</span><span class="s1">'s password:</span>
<span class="s1">nils@serveurdmz1'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@serveurdmz1</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"></span>
</code></pre></div>
<p>Ce résultat peut différer légèrement, je ne poste pas les acceptations de clés pour les premières connexions. Il suffit maintenant de répéter le deuxième bloc pour chaque serveur de votre "DMZ".</p>
<h2>Observations et améliorations possibles</h2>
<p>Après ce premier essai, on remarque qu'il y a encore de la place pour l'automatisation, en particulier le mot de passe de la passerelle qui est réclamé. Ceci peut être résolu par l'utilisation de clés de chiffrement, comme l'explique très bien <a href="http://linux-attitude.fr/post/Connexion-sans-mot-de-passe">Peck</a>.</p>
<p>Une autre remarque, si on se connecte à deux, trois serveurs : en tapant la commande <em>who</em> sur la passerelle, on voit qu'on est connecté une fois sur la passerelle pour chaque connexion vers un serveur en DMZ. Par exemple, si j'ai un shell sur la passerelle et un shell sur 3 serveurs en DMZ, la commande <em>who</em> sur la passerelle montrera que l'utilisateur nils est connecté 4 fois ! Cela peut s'avérer gênant pour certains. Pour ceux-là, il est préférable de changer de méthode, et de créer un tunnel socks puis d'utiliser ce tunnel pour accéder aux serveurs en DMZ (via la directive <em>ProxyCommand</em>), ou d'essayer de <a href="http://linux-attitude.fr/post/Un-tien-vaut-mieux-que-deux-connexions">mutualiser les connexions</a>. A noter un inconvénient du tunnel socks : il faut d'abord ouvrir le tunnel (et donc un shell) avant de pouvoir se connecter aux serveurs en DMZ.</p>
<h2>Commentaires</h2>
<h3>Le 19/04/2010 11:23 par Flo</h3>
<p>Bonjour,
Une petite question, que signifie le "nc %h %p" ?</p>
<h3>Le 20/04/2010 14:51 par Nils</h3>
<p>Comme indiqué dans le billet, nc est en fait l'outil Netcat. Les options <code>%hi</code> et <code>%pi</code> ne sont pas des options de Netcat mais de la directive <code>ProxyCommand</code>. Elles permettent de passer les arguments du nom d'hôte et du port de la machine de destination à Netcat. Ce qui fait que lorsque tu tapes <code>ssh serveurdmz1</code>, tu obtiens fonctionnellement le même résultat que <code>ssh nils@passerelle "ssh nils@serveurdmz1"</code>. Pour plus d'informations, on peut se référer à la page de manuel <code>ssh_config</code>.</p>Transfert de fichier simple et sécurisé : sftp en chroot2009-10-04T09:33:00+02:002009-10-04T09:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-10-04:/post/2009/10/04/Transfert-de-fichier-simple-et-sécurisé-:-sftp-en-chroot/<p>Meurs, FTP, meurs !</p>
<h2>C'est quoi ton problème ?</h2>
<p>Comme beaucoup de gens, pour transférer des fichiers sur un serveur web, j'utilise souvent <a href="http://fr.wikipedia.org/wiki/File_Transfer_Protocol">FTP</a>. Ce protocole possède plusieurs inconvénients :</p>
<ul>
<li>il faut ouvrir plusieurs ports dans le pare-feu, au moins deux (connexion de contrôle et de données)</li>
<li>le mot de passe transite en …</li></ul><p>Meurs, FTP, meurs !</p>
<h2>C'est quoi ton problème ?</h2>
<p>Comme beaucoup de gens, pour transférer des fichiers sur un serveur web, j'utilise souvent <a href="http://fr.wikipedia.org/wiki/File_Transfer_Protocol">FTP</a>. Ce protocole possède plusieurs inconvénients :</p>
<ul>
<li>il faut ouvrir plusieurs ports dans le pare-feu, au moins deux (connexion de contrôle et de données)</li>
<li>le mot de passe transite en clair sur le réseau, et même si on utilise <a href="http://fr.wikipedia.org/wiki/FTPS">FTPS</a>, qui chiffre la partie authentification, tous les clients et serveurs ne le supportent pas ou de manière boguée (voir chez <a href="http://forum.filezilla-project.org/viewtopic.php?f=2&t=7688">FileZilla</a> pour une explication)</li>
<li>les données transitent en clair (mince, le fichier config.php de mon appli avec les codes d'accès à la base de données...)</li>
<li>gestion du NAT catastrophique (du moins avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>)</li>
</ul>
<p>Du coup, je cherche depuis plusieurs mois à éradiquer FTP de mes machines. Ce qui m'intéresse, c'est de pouvoir enfermer les utilisateurs dans une cage, de sorte qu'ils n'aient accès qu'à leurs données et pas à celles des autres, encore moins les autres fichiers et répertoires du serveurs. On appelle ceci un <a href="http://fr.wikipedia.org/wiki/Chroot">chroot</a>. Je faisais déjà ceci avec Vsftpd, j'espérais donc le faire avec la solution de remplacement. D'ailleurs, cette solution de remplacement était déjà toute trouvée : je désirais utiliser le serveur SFTP contenu dans le très bon logiciel <a href="http://www.openssh.com/fr/index.html">OpenSSH</a>. Maintenant, il me fallait réussir à créer des utilisateurs en leur empêchant d'avoir accès au shell, et en les confinant dans un chroot.</p>
<h2>Et t'as quoi comme solution ?</h2>
<p>Pour enlever l'accès au shell, très facile : tout système Unix qui se respecte possède soit un exécutable nommé <em>false</em>, soit un autre nommé <em>nologin</em>. D'ailleurs ce dernier est très simpliste, regardons sur, au hasard, un système NetBSD 5.0.1 :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="o">/</span><span class="n">nologin</span><span class="w"> </span>
<span class="err">#!</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">sh</span><span class="w"></span>
<span class="n">echo</span><span class="w"> </span><span class="ss">"This account is currently not available."</span><span class="w"></span>
<span class="k">exit</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
</code></pre></div>
<p>Il suffit donc de remplacer le shell de l'utilisateur par le chemin vers nologin, et cette question est résolue.</p>
<p>Pour créer et maintenir un chroot, c'est une autre paire de manches. Dans Vsftpd c'était assez simple, et j'espérais trouver aussi simple. De nombreuses pages sur <a href="http://sublimation.org/scponly/wiki/index.php/Main_Page">Scponly</a> ou <a href="http://pizzashack.org/rssh/">rssh</a> expliquent comment faire un chroot pour un utilisateur n'ayant accès qu'à sftp ou scp, mais le jour où il faut mettre à jour l'OS, voire le migrer vers une version majeure plus récente (ou pourquoi pas en changer, comme passer d'un Linux à un BSD ou inversement, ou tout simplement changer de distribution Linux), le chroot doit être maintenu à jour. Et ça, je trouve que c'est totalement contre-productif, en tous cas du point de vue du sysadmin fainéant que nous avons tous en nous ;)</p>
<p>Et là, la lumière est arrivée, par <a href="http://undeadly.org/cgi?action=article&sid=20080220110039">ici</a>. Depuis la version 4.8, OpenSSH permet de créer des chroot, et n'oblige pas à recréer tout un environnement quand il s'agit de sftp. Exactement ce dont j'ai besoin ! Maintenant, reste à savoir quels systèmes disposent d'au moins OpenSSH 4.8.</p>
<p>Une petite liste non-exhaustive des systèmes chanceux :</p>
<ul>
<li>NetBSD 5.0.1</li>
<li>FreeBSD 7.2</li>
<li>Debian Lenny</li>
<li>Mac OS 10.5.8</li>
</ul>
<p>Une autre liste, mais de systèmes moins chanceux :</p>
<ul>
<li>CentOS 3,4,5.X</li>
<li>RHEL 3,4,5.X</li>
<li>Debian Etch</li>
</ul>
<p>Si votre système unix libre (ou pas, d'ailleurs, puisque j'ai listé Mac OS X) comporte OpenSSH, vous pouvez vérifier sa version par :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">OpenSSH_5</span><span class="mf">.1</span><span class="n">p1</span><span class="p">,</span><span class="w"> </span><span class="n">OpenSSL</span><span class="w"> </span><span class="mf">0.9.7</span><span class="n">l</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">2006</span><span class="w"></span>
</code></pre></div>
<p>(exemple pris sur un mac) En utilisant sshd au lieu de ssh, ça sera sans doute plus représentatif, mais l'option -V n'existe pas sur le serveur. La réponse retournée donnera quand même la version. Exemple, toujours sur le même mac :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">sshd</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="nl">sshd</span><span class="p">:</span><span class="w"> </span><span class="n">illegal</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="n">V</span><span class="w"></span>
<span class="n">OpenSSH_5</span><span class="mf">.1</span><span class="n">p1</span><span class="p">,</span><span class="w"> </span><span class="n">OpenSSL</span><span class="w"> </span><span class="mf">0.9.7</span><span class="n">l</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">2006</span><span class="w"></span>
<span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">sshd</span><span class="w"> </span><span class="o">[</span><span class="n">-46DdeiqTt</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-b bits</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-C connection_spec</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-f config_file</span><span class="o">]</span><span class="w"></span>
<span class="w"> </span><span class="o">[</span><span class="n">-g login_grace_time</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-h host_key_file</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-k key_gen_time</span><span class="o">]</span><span class="w"></span>
<span class="w"> </span><span class="o">[</span><span class="n">-o option</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-p port</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-u len</span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Si votre système ne possède pas un OpenSSH assez récent, plusieurs possibilités s'offrent à nous :</p>
<ul>
<li>changer de système</li>
<li>mettre à jour vers la dernière version majeure si celle-ci possède une version assez récente</li>
<li>installer sa propre version d'OpenSSH ou récupérer le paquet qu'aurait fait quelqu'un de généreux</li>
</ul>
<p>La dernière solution est assez documentée pour CentOS et RHEL, pour faire ses propres RPM, mais j'ai décidé de ne pas la suivre, car cela pose le problème des mises à jour : de la même manière que maintenir un chroot ne me satisfait pas, passer mon temps à guetter les nouvelles versions d'OpenSSH pour compiler un paquet ne me plait pas plus. La deuxième solution s'avère sans doute la moins gênante selon les applications en production. De mon côté, j'ai choisi la première : migration de serveur dédié oblige, j'en ai profité pour élargir mes horizons dans le monde des unix libres et depuis quelques mois, ce blog tourne sous NetBSD. C'est donc avec cet OS que je vais décrire la manipulation de création de chroot.</p>
<h2>On passe à l'action ?</h2>
<p>Je pars du principe dorénavant que nous avons un système avec un OpenSSH 4.8 ou supérieur, que le serveur sshd est activé, que nous avons deux utilisateurs : root, et notre utilisateur habituel avec lequel nous faisons tout ce qui n'a pas besoin d'être fait en root. Le but est d'avoir un ou plusieurs utilisateurs supplémentaires, enfermés dans un répertoire défini, sans shell, et pouvant accéder à ce réperoire en sftp. On pourra, en supplément, faire en sorte que l'utilisateur accède à son compte sftp avec une clé (et éventuellement une phrase de passe) plutôt qu'un mot de passe.</p>
<p>Cela va se faire en modifiant dans un premier temps le fichier de configuration <em>/etc/ssh/sshd_config</em> (en tant que root, et le chemin peut varier selon le système). Cherchons la ligne contenant <em>sftp-server</em>, pour NetBSD elle ressemble à ceci :</p>
<div class="highlight"><pre><span></span><code>Subsystem sftp /usr/libexec/sftp-server
</code></pre></div>
<p>On constate que le serveur sftp est un programme externe. Nous allons le remplacer par le sous-système sftp de sshd :</p>
<div class="highlight"><pre><span></span><code>Subsystem sftp internal-sftp
</code></pre></div>
<p>J'ai donc remplacé <em>/usr/libexec/sftp-server</em> par <em>internal-sftp</em>. Allons ensuite à la fin du fichier, et ajoutons les directives suivantes :</p>
<div class="highlight"><pre><span></span><code>Match Group wwwusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
</code></pre></div>
<p>Cela signifie que pour les utilisateurs du groupe <em>wwwusers</em>, je les emprisonne dans leur répertoire home, je les oblige à utiliser le sftp interne, et je les empêche d'utiliser les différentes techniques de forwarding habituellement à disposition avec sshd. j'aurais pu les chrooter ailleurs, d'autres sites indiquent par exemple <em>/chroot/%u</em>, où <em>%u</em> désigne le nom de l'utilisateur. Une fois ces modifications effectuées, il ne reste qu'à redémarrer le serveur ssh et à créer le groupe et les utilisateurs.</p>
<p>Petit aparté concernant NetBSD 5.01 : j'ai remarqué un bug sur cette version, qui doit aussi être présent dans la 5.0; il ne faut surtout rien ajouter au fichier de configuration <em>/etc/ssh/sshd_config</em> après cette directive, pas même un commentaire ! Si cela venait à arriver, la directive que nous venons d'ajouter serait tout simplement ignorée.</p>
<p>Créons le groupe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#groupadd</span><span class="w"> </span><span class="n">wwwusers</span><span class="w"></span>
</code></pre></div>
<p>Créons ensuite un utilisateur nommé test :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#useradd</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="o">-</span><span class="n">g</span><span class="w"> </span><span class="n">wwwusers</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="o">/</span><span class="n">nologin</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
</code></pre></div>
<p>Attribuons un mot de passe à cet utilisateur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#passwd</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
<span class="n">Changing</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">test</span><span class="p">.</span><span class="w"></span>
<span class="k">New</span><span class="w"> </span><span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">Retype</span><span class="w"> </span><span class="k">New</span><span class="w"> </span><span class="nl">Password</span><span class="p">:</span><span class="w"></span>
</code></pre></div>
<p>(le mot de passe est tapé en aveugle, bien entendu). Ensuite, assurons-nous que le répertoire home de l'utilisateur appartient non pas à l'utilisateur mais à root, avec des permissions en 755. Si ce n'est pas le cas, on y remédie de cette manière :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#chown</span><span class="w"> </span><span class="nl">root</span><span class="p">:</span><span class="n">wheel</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#chmod</span><span class="w"> </span><span class="mi">755</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
</code></pre></div>
<p>On notera que pour les OS Linux, on indique <em>root:root</em> par rapport à NetBSD qui n'a pas de groupe <em>root</em> mais un groupe <em>wheel</em>. A ne pas oublier aussi, seul <em>/home/test</em> appartient à root, pas les fichiers et répertoires à l'intérieur (i.e. pas de chmod/chown -R)</p>
<p>Depuis une autre machine, vérifions que nous pouvons nous connecter en sftp :</p>
<div class="highlight"><pre><span></span><code><span class="n">sftp</span><span class="w"> </span><span class="n">test</span><span class="nv">@vhost</span><span class="w"></span>
<span class="n">Connecting</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">vhost</span><span class="p">...</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">ls</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">pwd</span><span class="w"></span>
<span class="n">Remote</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="nl">directory</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Ici, on remarque que je me suis déjà connecté à cette machine avant, puisqu'on ne me réclame pas d'accepter de clé. On remarque aussi qu'on est directement dans le répertoire / et qu'il n'y a rien, la commande <em>pwd</em> indique <em>/</em> et pas <em>/home/test</em>. Si on crée dans ce répertoire un deuxième <em>/home/test</em>, sftp nous y emmènera directement dedans. De plus, on note qu'on ne peut pas créer ou ajouter de répertoire/fichier (normal, le répertoire appartient à root). Créons donc, sur le serveur, le second “home” de l'utilisateur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chown</span><span class="w"> </span><span class="o">-</span><span class="n">R</span><span class="w"> </span><span class="nl">test</span><span class="p">:</span><span class="n">wwwusers</span><span class="w"> </span><span class="n">home</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">755</span><span class="w"> </span><span class="n">home</span><span class="w"></span>
</code></pre></div>
<p>Reconnectons-nous à notre serveur sftp :</p>
<div class="highlight"><pre><span></span><code><span class="n">sftp</span><span class="w"> </span><span class="n">test</span><span class="nv">@vhost</span><span class="w"></span>
<span class="n">Connecting</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">vhost</span><span class="p">...</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">ls</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">pwd</span><span class="w"></span>
<span class="n">Remote</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="nl">directory</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Je peux maintenant créer des répertoires, envoyer des fichiers, en rapatrier d'autres. Mission accomplie !</p>Hadopi : Blackout du Net français2009-03-05T14:13:00+01:002009-03-05T14:13:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-03-05:/post/2009/03/05/Hadopi-:-Blackout-du-Net-français/<p><a href="http://www.laquadrature.net/HADOPI"><img alt=""black-out" src="https://blog.anotherhomepage.org/public/hadopi/Quadrature_black-out_HADOPI_125x125px.gif" title=""black-out"></a></p>Nouvel hébergé2009-03-05T13:55:00+01:002009-03-05T13:55:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-03-05:/post/2009/03/05/Nouvel-hébergé-chez-Another-Home-Page/<p>Pour les amateurs de musique :)</p>
<p>D'ici quelques jours j'espère, le forum du groupe <a href="http://www.taberlos.net/">Rémingway</a> rouvrira ses portes <a href="http://forum.taberlos.net/">ici</a>. Il est bien entendu hébergé par mes soins sur Another home page.</p>Deux sites pour bien commencer l'année2009-01-30T13:44:00+01:002009-01-30T13:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-01-30:/post/2009/01/30/Deux-sites-pour-bien-commencer-l-année/<p>Oui, ce blog vit encore :-)</p>
<p>Je commence l'année 2009 en douceur, histoire de ne pas me faire mal aux doigts sur le clavier.Ca ne m'empêche pas de faire quelques bricolages que j'aimerais bientôt relater dans ces pages. Et donc, durant quelques recherches, je suis tombé sur un site assez …</p><p>Oui, ce blog vit encore :-)</p>
<p>Je commence l'année 2009 en douceur, histoire de ne pas me faire mal aux doigts sur le clavier.Ca ne m'empêche pas de faire quelques bricolages que j'aimerais bientôt relater dans ces pages. Et donc, durant quelques recherches, je suis tombé sur un site assez sympathique : <a href="https://calomel.org/">Calomel.org</a>. Il y a pas mal de choses intéressantes, les titres font baver : "DNS Spoof "how to", "Network Speed and Performance Guide". Bref, que du bonheur :-)</p>
<p>Un autre site qui n'est pas nouveau, mais qui change d'adresse et fait peau neuve : <a href="http://irp.nain-t.net/doku.php">L'internet rapide et permanent</a>.</p>
<h2>Commentaires</h2>
<h3>Le 31/01/2009 13:10 par <a href="http://www.sakana.fr/blog/">Stephane</a></h3>
<p>Hello,</p>
<p>J'avais pas vu que t'avais changé de thème ... j'aime bien !!</p>
<p>Stéphane</p>Pourquoi faire simple quand on peut faire compliqué?2008-11-26T19:35:00+01:002008-11-26T19:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-11-26:/post/2008/11/26/Pourquoi-faire-simple-quand-on-peut-faire-compliqué/<p>Dans pas mal de tutoriaux <a href="http://awstats.sourceforge.net/">Awstats</a>, on parle de la possibilité de d'exécuter la commande de mise à jour dans une crontab.On a par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="mf">0</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">config</span><span class="o">=</span><span class="n">blog</span><span class="mf">.</span><span class="n">anotherhomepage</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="o">-</span><span class="n">update</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple met à jour la base awstats …</p><p>Dans pas mal de tutoriaux <a href="http://awstats.sourceforge.net/">Awstats</a>, on parle de la possibilité de d'exécuter la commande de mise à jour dans une crontab.On a par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="mf">0</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">config</span><span class="o">=</span><span class="n">blog</span><span class="mf">.</span><span class="n">anotherhomepage</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="o">-</span><span class="n">update</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple met à jour la base awstats de blog.anotherhomepage.org toutes les deux heures. Quand on a un seul hôte sur son serveur, c'est amplement suffisant. Oui, mais je n'ai pas que le blog. J'ai aussi la section téléchargements, le webmail, le blog de Vlad, de Dinou, et d'autres trucs. Pour le moment, c'est 9 fichiers de configuration Awstats (excepté le modèle) qui doivent être mis à jour régulièrement. Et à chaque nouveau site, c'est une configuration à écrire, et à ajouter dans la crontab.</p>
<p>Alors certes un coup de sed et un copier-coller dans la crontab, c'est pas la mort, mais pourquoi faire les deux quand on peut économiser des lignes dans la crontab? Tout simplement en utilisant awstats_updateall.pl :</p>
<div class="highlight"><pre><span></span><code><span class="o">-----</span><span class="w"> </span><span class="n">awstats_updateall</span><span class="w"> </span><span class="mf">1.0</span><span class="w"> </span><span class="p">(</span><span class="n">build</span><span class="w"> </span><span class="mf">1.15</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="n">c</span><span class="p">)</span><span class="w"> </span><span class="n">Laurent</span><span class="w"> </span><span class="n">Destailleur</span><span class="w"> </span><span class="o">-----</span><span class="w"></span>
<span class="n">awstats_updateall</span><span class="w"> </span><span class="n">launches</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="n">process</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="n">AWStats</span><span class="w"> </span><span class="n">config</span><span class="w"> </span><span class="n">files</span><span class="w"> </span><span class="p">(</span><span class="ow">except</span><span class="w"></span>
<span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="p">)</span><span class="w"> </span><span class="k">found</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">particular</span><span class="w"> </span><span class="n">directory</span><span class="p">,</span><span class="w"> </span><span class="n">so</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">easily</span><span class="w"> </span><span class="n">setup</span><span class="w"> </span><span class="n">a</span><span class="w"></span>
<span class="n">cron</span><span class="o">/</span><span class="n">scheduler</span><span class="w"> </span><span class="n">job</span><span class="p">.</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">scanned</span><span class="w"> </span><span class="n">directory</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="w"></span>
<span class="k">Usage</span><span class="err">:</span><span class="w"> </span><span class="n">awstats_updateall</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">[</span><span class="n">options</span><span class="o">]</span><span class="w"></span>
<span class="k">Where</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="err">:</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=</span><span class="n">pathtoawstatspl</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=</span><span class="n">directorytoscan</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">excludeconf</span><span class="o">=</span><span class="n">conftoexclude</span><span class="o">[</span><span class="n">,conftoexclude2,...</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="nl">Note</span><span class="p">:</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">always</span><span class="w"> </span><span class="n">excluded</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Donc, pour transformer 9 lignes de crontab en une, j'ai inséré dans la crontab :</p>
<div class="highlight"><pre><span></span><code><span class="mf">15</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="nb">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats_updateall</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>On pensera à remplacer "/usr/bin/awstats_updateall.pl" par la localisation du script, et on fera de même pour "/var/www/awstats/awstats.pl".</p>
<p>Comment ai-je pu faire avant? ;-)</p>
<h2>Commentaires</h2>
<h3>Le 01/12/2008 17:00 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Effectivement... Ca peut-être interessant...</p>
<p>Et sinon, tu n'aurrais pas une commande shell en stock qui permettrai de mettre à jour un vieux AWSTAT d'un coup les yeux fermés ?</p>Ajouts dans les liens2008-10-21T23:01:00+02:002008-10-21T23:01:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-10-21:/post/2008/10/21/Ajouts-dans-les-liens/<p>J'ai ajouté il y a peu deux blogs dans ma longue liste de blogs à suivre. Et comme ce sont des amis, je les place bien entendu dans la section "liens" en bas à droite de cette page. Les deux "nouveaux venus" sont <a href="http://www.evazone.fr/blog/">Evazone</a> et <a href="http://www.progressisme.org">le goût de l'avenir</a>. J'espère …</p><p>J'ai ajouté il y a peu deux blogs dans ma longue liste de blogs à suivre. Et comme ce sont des amis, je les place bien entendu dans la section "liens" en bas à droite de cette page. Les deux "nouveaux venus" sont <a href="http://www.evazone.fr/blog/">Evazone</a> et <a href="http://www.progressisme.org">le goût de l'avenir</a>. J'espère qu'ils posteront plus souvent que moi :-)</p>
<h2>Commentaires</h2>
<h3>Le 21/10/2008 23:35 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Hé mon jeune ami ! Je ne savais pas que tu avais un blog !</p>
<p>Et bien oui, profitons... Echange de bons procédés: 'Another Home Page' apparaît maintenant dans les liens d'Evazone ! ;-)</p>
<p>A très bientôt !</p>
<h3>Le 21/10/2008 23:58 par Nils</h3>
<p>Tu as la mémoire courte :
<a href="http://blog.anotherhomepage.org/post/2007/04/07/71-attention-au-slamming">http://blog.anotherhomepage.org/pos...</a></p>
<h3>Le 22/10/2008 00:41 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Te te te... Ça date d'un an et demi...</p>
<p>Il s'agissait des errements d'un INpactien sur le profil d'un autre membre...</p>
<p>Maintenant, nous sommes amis... Ca change un peu la donne ;-)</p>
<h3>Le 25/10/2008 12:14 par <a href="http://www.progressisme.org">Francois</a></h3>
<p>Ah ah... si tu lances un concours de post, on va faire compete ;)</p>
<p>F</p>Yeeeeeah ! Enfin !!!2008-10-20T21:33:00+02:002008-10-20T21:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-10-20:/post/2008/10/20/Yeeeeeah-Enfin/<p>Je sais, j'arrive après la bataille, mais je télécharge actuellement OpenOffice.org 3 pour Mac sans X11 !</p>
<ul>
<li>bave*</li>
</ul>
<h2>Commentaires</h2>
<h3>Le 31/01/2009 23:43 par <a href="http://www.progressisme.org">Francois</a></h3>
<p>Ben oui, moi aussi je l'ai installé mais franchement, 380 Mo d'appli, c'est
énorme, non ?</p>
<p>F</p>La mode bientôt vendue grâce à l'informatique?2008-09-22T21:33:00+02:002008-09-22T21:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-09-22:/post/2008/09/22/La-mode-bientot-vendue-grace-a-l-informatique/<p>ça nous change des top-models</p>
<p>Si quelqu'un a une idée pour se procurer ces vêtements en France, je serais presque foutu de les vouloir : <a href="http://www.lifeclever.com/how-to-dress-like-a-mac/">Comment s'habiller comme un Mac</a>. J'en rie encore :-D</p>la famille et les chaines de mails2008-09-17T21:30:00+02:002008-09-17T21:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-09-17:/post/2008/09/17/la-famille-et-les-chaines-de-mails/<p>c'est pas un peu casse-pied?</p>
<p>Je suis persuadé que je ne suis pas le seul dans ce cas : j'ai quelques membres de ma famille dans mes contacts d'une messagerie instantanée bien connue.99,99% des mails que je reçois d'eux sont soit des blagues, soit des chaines de mails que …</p><p>c'est pas un peu casse-pied?</p>
<p>Je suis persuadé que je ne suis pas le seul dans ce cas : j'ai quelques membres de ma famille dans mes contacts d'une messagerie instantanée bien connue.99,99% des mails que je reçois d'eux sont soit des blagues, soit des chaines de mails que je dois transmettre dans les 28 minutes pour éviter qu'un dinosaure bleu vienne me manger demain à 12h12.</p>
<p>J'hésite donc à faire des filtres qui envoient tous leurs mails vers /dev/null (pour non-informaticiens, remplacez "/dev/null" par "le vide intersidéral"). Sauf que 99,99% ce n'est pas 100%, j'ai reçu 3, voire 4 mails qu'il fallait que je reçoive. Et là ça devient gênant.</p>
<p>Des idées de personnes qui se sont décidées à ne plus regarder leur boite mail se remplir de conneries?</p>
<h2>Commentaires</h2>
<h3>Le 18/09/2008 00:07 par <a href="http://linux-attitude.fr">peck</a></h3>
<p>Pour les chaînes de mail tu peux en général les renvoyer (en reply all) sur hoaxbuster, c'est assez radical, après une fois ou deux il hésitent à t'envoyer des trucs.</p>
<h3>Le 22/10/2008 00:42 <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Hum ! Très bonne idée, je prends note...</p>The IT Crowd2008-09-07T23:07:00+02:002008-09-07T23:07:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-09-07:/post/2008/09/07/The-IT-Crowd/<p>Vous n'avez jamais vu de support informatique avant</p>
<p>Un collègue m'a recommandé cette série, dont je m'apprête à regarder la deuxième saison. Anglais obligatoire mais fou rire garanti !</p>
<div class="external-media" style="float: left; margin: 0 1em 1em 0;">
<object type="application/x-shockwave-flash" data="http://www.youtube.com/v/ZrOmTrXmi-I&hl=en&fs=1" width="425" height="350">
<param name="movie" value="http://www.youtube.com/v/ZrOmTrXmi-I&hl=en&fs=1" />
<param name="wmode" value="transparent" />
</object>
<br />The IT Crowd
</div>délire2008-09-02T22:30:00+02:002008-09-02T22:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-09-02:/post/2008/09/02/delire/<p>promis, j'étais sobre sur ce coup-là</p>
<p>Morceau choisi sur messagerie instantanée avec un ami (N c'est moi, P l'ami) :</p>
<blockquote>
<p>N : et ouais mais vois le bon côté des choses, t'es un geek 2.0</p>
<p>P : dsl j'préfère etre un mari 1.0 avec un anti-amantware 2.5</p>
<p>N : moi je …</p></blockquote><p>promis, j'étais sobre sur ce coup-là</p>
<p>Morceau choisi sur messagerie instantanée avec un ami (N c'est moi, P l'ami) :</p>
<blockquote>
<p>N : et ouais mais vois le bon côté des choses, t'es un geek 2.0</p>
<p>P : dsl j'préfère etre un mari 1.0 avec un anti-amantware 2.5</p>
<p>N : moi je cherche un anti-chieuseware</p>
<p>P : désolé</p>
<p>P : malgré tout les repos possibles</p>
<p>P : t'aura toujours un not found</p>
<p>N : même si je migre de bonnepoire2007 à connard2008 ?</p>
<p>P : le seul qui a réussi à développer un tel soft l'a gardé en secret</p>
<p>P : depuis, une plateforme porte son nom en sa mémoire</p>
<p>P : c robinson crusoé</p>
<p>P : c pas dit que ca marche les versions annuelles n'ont guère réussi les services marketing !</p>
<p>N : ouais mais j'arrive pas à me débarrasser des jeux tequila/champagne/clairette alors de toute faut que je formatte</p>
<p>P : oublie pas un save ou un restore point</p>
<p>P : ca peut toujours servir au cas ou</p>
<p>P : j'teste tout les ans mon restore point, le meme: au 1er de l'an</p>
<p>P : (pour check le calcul correct du timezone)</p>
</blockquote>
<p>NB : pour ceux qui ne connaissent pas : <a href="http://fr.wikipedia.org/wiki/Crusoe">le processeur Crusoe</a> de <a href="http://fr.wikipedia.org/wiki/Transmeta">Transmeta</a>.</p>Un thème de plus...2008-07-21T20:44:00+02:002008-07-21T20:44:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-07-21:/post/2008/07/21/Un-theme-de-plus/<p>Oui mais non, ça ne m'amuse pas</p>
<p>Deux choses qui m'énervaient et que je n'ai pas le courage de modifier dans le thème "Freshy v2" :- les pages provenant de l'extension "Pages" n'ont pas un rendu formidable (du moins sous Firefox)- l'impossibilité de changer de thème une fois celui-ci sélectionné (valable …</p><p>Oui mais non, ça ne m'amuse pas</p>
<p>Deux choses qui m'énervaient et que je n'ai pas le courage de modifier dans le thème "Freshy v2" :- les pages provenant de l'extension "Pages" n'ont pas un rendu formidable (du moins sous Firefox)- l'impossibilité de changer de thème une fois celui-ci sélectionné (valable aussi pour FreshyOne :-( )</p>
<p>Donc je met un autre thème, attention, les menus sont passés en bas ;-)</p>SSL à l'arrache !2008-07-19T15:42:00+02:002008-07-19T15:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-07-19:/post/2008/07/19/SSL-a-l-arrache/<p>Vite fait, mal fait.</p>
<p>Que ceux qui veulent comprendre aillent sur des pages plus complètes, ici je fais juste une petite récap.Alors genre, on a un serveur sur laquelle on veut mettre du HTTPS ou du FTP-SSL. Pas envie d'avoir un "dummy certificate" et pas envie de passer 2 …</p><p>Vite fait, mal fait.</p>
<p>Que ceux qui veulent comprendre aillent sur des pages plus complètes, ici je fais juste une petite récap.Alors genre, on a un serveur sur laquelle on veut mettre du HTTPS ou du FTP-SSL. Pas envie d'avoir un "dummy certificate" et pas envie de passer 2 heures sur le sujet. Donc on copie-colle, on répond Yes à tout et c'est torché.</p>
<p>D'abord, openssl.cnf. Il se trouve, selon les distributions, quelque part sous <em>/etc</em>. Sur ma CentOS 5, il est dans "/etc/pki/tls". On fait un petit vi dessus, et on met :</p>
<div class="highlight"><pre><span></span><code><span class="nv">dir</span> <span class="o">=</span> <span class="o">/</span><span class="nv">etc</span><span class="o">/</span><span class="nv">pki</span><span class="o">/</span><span class="nv">CA</span> # <span class="nv">Where</span> <span class="nv">everything</span> <span class="nv">is</span> <span class="nv">kept</span>
<span class="nv">certs</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">certs</span> # <span class="nv">Where</span> <span class="nv">the</span> <span class="nv">issued</span> <span class="nv">certs</span> <span class="nv">are</span> <span class="nv">kept</span>
<span class="nv">crl_dir</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">crl</span> # <span class="nv">Where</span> <span class="nv">the</span> <span class="nv">issued</span> <span class="nv">crl</span> <span class="nv">are</span> <span class="nv">kept</span>
<span class="nv">database</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">index</span>.<span class="nv">txt</span> # <span class="nv">database</span> <span class="nv">index</span> <span class="nv">file</span>.
<span class="nv">new_certs_dir</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">newcerts</span> # <span class="nv">default</span> <span class="nv">place</span> <span class="k">for</span> <span class="nv">new</span> <span class="nv">certs</span>.
</code></pre></div>
<p>Un peu plus bas, on modifie la durée de vie du certificat :</p>
<div class="highlight"><pre><span></span><code><span class="nv">default_days</span> <span class="o">=</span> <span class="mi">3650</span> # <span class="nv">how</span> <span class="nv">long</span> <span class="nv">to</span> <span class="nv">certify</span> <span class="k">for</span>
</code></pre></div>
<p>Et pour être encore plus feignasse :</p>
<div class="highlight"><pre><span></span><code><span class="k">[ req_distinguished_name ]</span><span class="w"></span>
<span class="na">countryName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Country Name (2 letter code)</span><span class="w"></span>
<span class="na">countryName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">FR</span><span class="w"></span>
<span class="na">countryName_min</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">2</span><span class="w"></span>
<span class="na">countryName_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">2</span><span class="w"></span>
<span class="na">stateOrProvinceName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">State or Province Name (full name)</span><span class="w"></span>
<span class="na">stateOrProvinceName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Ile de France</span><span class="w"></span>
<span class="na">localityName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Locality Name (eg, city)</span><span class="w"></span>
<span class="na">localityName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Paris</span><span class="w"></span>
<span class="na">0.organizationName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Organization Name (eg, company)</span><span class="w"></span>
<span class="na">0.organizationName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Another Home Page</span><span class="w"></span>
<span class="na">organizationalUnitName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Organizational Unit Name (eg, section)</span><span class="w"></span>
<span class="na">organizationalUnitName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">admin</span><span class="w"></span>
<span class="na">commonName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Common Name (eg, your name or your server\\'s hostname)</span><span class="w"></span>
<span class="na">commonName_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">64</span><span class="w"></span>
<span class="na">emailAddress</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Email Address</span><span class="w"></span>
<span class="na">emailAddress_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">64</span><span class="w"></span>
</code></pre></div>
<p>OpenSSL peut faire des alias DNS pour un même certificat, alors on ajoute ça à la fin :</p>
<div class="highlight"><pre><span></span><code><span class="k">[ALIASES]</span><span class="w"></span>
<span class="na">DNS.1</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">www.anotherhomepage.org</span><span class="w"></span>
<span class="na">DNS.2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail.anotherhomepage.org</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, on crée les répertoires et fichiers qui vont bien :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="n">newcerts</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#touch</span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="k">index</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#echo</span><span class="w"> </span><span class="mi">01</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="n">serial</span><span class="w"> </span>
</code></pre></div>
<p>Allez, on génère tout certificat de l'autorité, certificat serveur, clés...:</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="n">CA</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">req</span><span class="w"> </span><span class="o">-</span><span class="n">nodes</span><span class="w"> </span><span class="o">-</span><span class="k">new</span><span class="w"> </span><span class="o">-</span><span class="n">x509</span><span class="w"> </span><span class="o">-</span><span class="n">keyout</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="n">crt</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">req</span><span class="w"> </span><span class="o">-</span><span class="n">nodes</span><span class="w"> </span><span class="o">-</span><span class="k">new</span><span class="w"> </span><span class="o">-</span><span class="n">keyout</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">csr</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">ca</span><span class="w"> </span><span class="o">-</span><span class="n">cert</span><span class="w"> </span><span class="n">aaron</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">-</span><span class="n">keyfile</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">-</span><span class="ow">in</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">csr</span><span class="w"></span>
</code></pre></div>
<p>Et puis pour Vsftpd ça peut aider :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#cat</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">pem</span><span class="w"></span>
</code></pre></div>
<p>Emballez c'est pesé !</p>Mano Negra - Pas Assez de toi2008-06-30T22:18:00+02:002008-06-30T22:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-30:/post/2008/06/30/Mano-Negra-Pas-Assez-de-toi/<p>Allez, un peu de musique pour changer</p>
<div class="external-media" style="margin: 1em auto; text-align: center;">
<object type="application/x-shockwave-flash" data="http://www.youtube.com/v/tQbIkq_EWnQ&hl=en" width="425" height="350">
<param name="movie" value="http://www.youtube.com/v/tQbIkq_EWnQ&hl=en" />
<param name="wmode" value="transparent" />
</object>
<br />Pas Assez De Toi-Mano Negra
</div>Et après je viens me plaindre de ma connexion Internet2008-06-29T16:46:00+02:002008-06-29T16:46:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-29:/post/2008/06/29/Et-apres-je-viens-me-plaindre-de-ma-connexion-Internet/<p>j'exterminerai cette vermine jusqu'au dernier !</p>
<p>Au prochain appartement, j'ouvre les prises téléphoniques à l'emménagement !<img alt=""Condensateur" src="https://blog.anotherhomepage.org/public/Divers/.condensateur_m.jpg"></p>
<h2>Commentaires</h2>
<h3>Le 22/10/2008 00:50 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Bouh ! La grosse bêbête velue à trois pattes... Cachée derrière le conjoncteur en plus...</p>
<p>Vraiment vicieuse celle là ! ;-)</p>Script de gestion d'utilisateurs pour Vsftpd et MySQL v0.12008-06-22T14:45:00+02:002008-06-22T14:45:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-22:/post/2008/06/22/Script-de-gestion-dutilisateurs-pour-Vsftpd-et-MySQL/<p>attention, utilisez à vos risques et périls !</p>
<p>J'ai créé un script qui permet d'ajouter, de retirer ou de modifier le mot de passe d'un utilisateur virtuel pour la configuration <a href="/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL">Vsftpd+MySQL</a> dont j'ai déjà fait part sur ce blog. Ce script est assez basique et limité dans ses fonctions comme …</p><p>attention, utilisez à vos risques et périls !</p>
<p>J'ai créé un script qui permet d'ajouter, de retirer ou de modifier le mot de passe d'un utilisateur virtuel pour la configuration <a href="/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL">Vsftpd+MySQL</a> dont j'ai déjà fait part sur ce blog. Ce script est assez basique et limité dans ses fonctions comme dans son utilisation.</p>
<p>Il ne permet pour le moment que 3 choses :</p>
<ul>
<li>créer un utilisateur</li>
<li>modifier le mot de passe d'un utilisateur</li>
<li>effacer un utilisateur, avec en option la possibilité d'effacer ou de garder le répertoire de cet utilisateur</li>
</ul>
<p>Les limitations :</p>
<ul>
<li>il n'est pas possible de définir un home particulier pour chaque utilisateur, il faudra créer le fichier dans le user_config_dir avec la bonne option soi-même, valable pour la création comme pour la modification et l'effacement</li>
<li>les options n'acceptent pas d'être dans le désordre, il faut donc les taper comme indiqué dans l'aide (option --help)</li>
<li>on ne peut modifier que le mot de passe, pas le nom du compte utilisateur</li>
<li>...</li>
</ul>
<p>Voilà, ceux qui veulent s'amuser avec, c'est le fichier <a href="https://blog.anotherhomepage.org/public/vsftpd_mysql/sqlftp_01.sh.gz">sqlftp_01.sh.gz</a> qu'il suffit de décompresser, et de rendre exécutable.</p>Utilisateurs virtuels sous CentOS 5 avec base de données MySQL2008-06-20T10:30:00+02:002008-06-20T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-20:/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL/<p><code>convert\_to\_centos5\_fr.sh --url howtoforge.com</code></p>
<p>Depuis quelques temps j'essayais sans succès de faire des utilisateurs virtuels avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>, mon logiciel de serveur ftp favori, sous CentOS 5. Alors oui, la db au format Berkeley, ça marche, mais je trouve ça casse-pieds à maintenir. Et puis pour changer …</p><p><code>convert\_to\_centos5\_fr.sh --url howtoforge.com</code></p>
<p>Depuis quelques temps j'essayais sans succès de faire des utilisateurs virtuels avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>, mon logiciel de serveur ftp favori, sous CentOS 5. Alors oui, la db au format Berkeley, ça marche, mais je trouve ça casse-pieds à maintenir. Et puis pour changer le mot de passe, galère. J'avais vu qu'il était possible d'utiliser <a href="http://www-fr.mysql.com/">MySQL</a> comme base pour les utilisateurs et leurs mots de passe. Je me met en quête d'un how-to pour CentOS, sans succès. J'adapte donc <a href="http://www.howtoforge.com/vsftpd_mysql_debian_etch">ce how-to</a> de Howtoforge pour CentOS.</p>
<p>Commençons par l'installation des paquets qui vont bien. En supposant que vous ayez, comme moi, une CentOS 5 minimaliste mais à jour, ça se passe comme ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">yum</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="n">vsftpd</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, soit on ajoute à ses dépôts le dépôt extras en mode testing (et là je vous encourage à faire très attention, et de n'activer que les noms des paquets nécessaires), soit on installe "à la main" le paquet <a href="http://pam-mysql.sourceforge.net/">pam-mysql</a>, qui permettra à vsftpd de dialoguer avec MySQL. Le RPM est disponible sur <a href="http://rpm.pbone.net/index.php3/stat/4/idpl/6192385/com/pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm.html">Pbone</a>.Moi j'ai fait :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">wget</span><span class="w"> </span><span class="nl">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">ftp</span><span class="p">.</span><span class="n">pbone</span><span class="p">.</span><span class="n">net</span><span class="o">/</span><span class="n">mirror</span><span class="o">/</span><span class="n">centos</span><span class="p">.</span><span class="n">karan</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">el5</span><span class="o">/</span><span class="n">extras</span><span class="o">/</span><span class="n">testing</span><span class="o">/</span><span class="n">i386</span><span class="o">/</span><span class="n">RPMS</span><span class="o">/</span><span class="n">pam_mysql</span><span class="o">-</span><span class="mf">0.7</span><span class="o">-</span><span class="mf">0.5</span><span class="p">.</span><span class="n">rc1</span><span class="p">.</span><span class="n">el5</span><span class="p">.</span><span class="n">kb</span><span class="mf">.2</span><span class="p">.</span><span class="n">i386</span><span class="p">.</span><span class="n">rpm</span><span class="w"></span>
</code></pre></div>
<p>puis :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">rpm</span><span class="w"> </span><span class="o">-</span><span class="n">ivh</span><span class="w"> </span><span class="n">pam_mysql</span><span class="o">-</span><span class="mf">0.7</span><span class="o">-</span><span class="mf">0.5</span><span class="p">.</span><span class="n">rc1</span><span class="p">.</span><span class="n">el5</span><span class="p">.</span><span class="n">kb</span><span class="mf">.2</span><span class="p">.</span><span class="n">i386</span><span class="p">.</span><span class="n">rpm</span><span class="w"></span>
</code></pre></div>
<p>Une fois les logiciels qui vont bien installés, on peut avoir envie de gérer MySQL via phpMyAdmin, pour celà je vous renvoie à <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">un autre billet qui en parle</a>.</p>
<p>Commençons par MySQL, pour respecter l'ordre originel du howto. Une fois celui-ci installé, on configure le mot de passe de root :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>MySQL indique les commandes pour changer le mot de passe de root pour MySQL, en indiquant quel est le nom d'hôte MySQL de la machine (détail très important !)</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'changemoi'</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">tristram</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">loc</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'changemoi'</span><span class="w"></span>
</code></pre></div>
<p>(on voit donc que la machine servant à ce howto se nomme tristram.anotherhomepage.loc)Ensuite on se connecte à MySQL :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"></span>
</code></pre></div>
<p>On crée la base de données et son utilisateur, <em>vsftpd</em> et mot de passe <em>ftpdpass</em> :</p>
<div class="highlight"><pre><span></span><code>mysql> CREATE DATABASE vsftpd;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
mysql> FLUSH PRIVILEGES;
</code></pre></div>
<p>Ensuite on créé le schéma (on est toujours dans le shell de MySQL) :</p>
<div class="highlight"><pre><span></span><code><span class="n">mysql</span><span class="o">></span><span class="w"> </span><span class="k">USE</span><span class="w"> </span><span class="n">vsftpd</span><span class="p">;</span><span class="w"></span>
<span class="n">mysql</span><span class="o">></span><span class="w"> </span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n n-Quoted">`accounts`</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="n n-Quoted">`id`</span><span class="w"> </span><span class="kt">INT</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="k">AUTO_INCREMENT</span><span class="w"> </span><span class="k">PRIMARY</span><span class="w"> </span><span class="k">KEY</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="n n-Quoted">`username`</span><span class="w"> </span><span class="kt">VARCHAR</span><span class="p">(</span><span class="w"> </span><span class="mi">30</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="n n-Quoted">`pass`</span><span class="w"> </span><span class="kt">VARCHAR</span><span class="p">(</span><span class="w"> </span><span class="mi">50</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="k">UNIQUE</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="n n-Quoted">`username`</span><span class="w"></span>
<span class="p">)</span><span class="w"></span>
<span class="p">)</span><span class="w"> </span><span class="k">ENGINE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">MYISAM</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
</code></pre></div>
<p>Et on quitte MySQL :</p>
<div class="highlight"><pre><span></span><code>mysql> quit;
</code></pre></div>
<p>On créée l'utilisateur virtuel pour accéder aux comptes ; sous CentOS 5, le groupe de l'utilisateur <em>nobody</em> est <em>nobody</em>, avec comme gid 99 (vu dans <em>/etc/groups</em>) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">useradd</span><span class="w"> </span><span class="c1">--home /home/vsftpd --gid 99 -m --shell /sbin/nologin vsftpd</span>
</code></pre></div>
<p>On note aussi que pour empêcher un compte d'avoir un shell, on met plutôt <em>/sbin/nologin</em>.</p>
<p>Passons à Vsftpd. Sauvegardons la configuration par défaut et ajoutons la nôtre :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf_orig</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Le fichier <em>vsftpd.conf</em> est le suivant ( les options sont expliquées en anglais <a href="http://vsftpd.beasts.org/vsftpd_conf.html">sur le site de vsftpd</a>) :</p>
<div class="highlight"><pre><span></span><code><span class="n">listen</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">anonymous_enable</span><span class="o">=</span><span class="n">NO</span><span class="w"></span>
<span class="n">local_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">write_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">local_umask</span><span class="o">=</span><span class="mi">022</span><span class="w"></span>
<span class="n">dirmessage_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">xferlog_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">connect_from_port_20</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">nopriv_user</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">chroot_local_user</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">secure_chroot_dir</span><span class="o">=/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">pam_service_name</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">guest_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">guest_username</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">local_root</span><span class="o">=/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/$</span><span class="n">USER</span><span class="w"></span>
<span class="n">user_sub_token</span><span class="o">=$</span><span class="n">USER</span><span class="w"></span>
<span class="n">virtual_use_local_privs</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">user_config_dir</span><span class="o">=/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">user_conf</span><span class="w"></span>
</code></pre></div>
<p>Une première différence avec celui de Howtoforge, je n'ai pas mis l'option <em>rsa_cert_file=/etc/ssl/certs/vsftpd.pem</em>, je verrai ça pour un autre billet. Une autre différence est l'endroit où je stocke les configurations personnalisées par utilisateur : comme il y a un répertoire <em>/etc/vsftpd</em>, j'ai créé un sous-répertoire <em>user_conf</em> :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">user_conf</span><span class="w"></span>
</code></pre></div>
<p>Cette possibilité est bien entendue totalement optionnelle.</p>
<p>Il nous faut maintenant configurer pam, qui va permettre à vsftpd d'aller chercher les utilisateurs dans la base mysql plutôt que dans les utilisateurs système, stockés dans <em>/etc/passwd</em> et <em>/etc/shadow</em>. Comme avec Vsftpd, on sauvegarde l'ancien et on en crée un tout neuf :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd_orig</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
</code></pre></div>
<p>Le contenu de ce fichier est le suivant :</p>
<div class="highlight"><pre><span></span><code>auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
</code></pre></div>
<p>La différence avec la version howtoforge est que j'ai changé l'algorithme de hash du mot de passe. Au lieu d'utiliser la fonction PASSWORD(), je vais utiliser MD5(). Je reviendrai sur ce qui a motivé ce choix après. Pour le moment, relançons Vsftpd :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">vsftpd</span><span class="w"> </span><span class="n">restart</span><span class="w"></span>
</code></pre></div>
<p>Et maintenant, créons notre premier utilisateur dans MySQL :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"></span>
</code></pre></div>
<p>Nous sommes dans le shell MySQL :</p>
<div class="highlight"><pre><span></span><code>mysql> USE vsftpd;
mysql> INSERT INTO accounts (username, pass) VALUES('testuser', MD5('secret'));
mysql> quit;
</code></pre></div>
<p>Le répertoire de l'utilisateur testuser est <em>/home/vsftpd/testuser</em>, mais Vsftpd ne peut pas le créer automatiquement pour nous, faisons-le à la main, en prenant soin qu'il appartient bien à vsftpd :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">testuser</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chown</span><span class="w"> </span><span class="nl">vsftpd</span><span class="p">:</span><span class="n">nobody</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">testuser</span><span class="w"></span>
</code></pre></div>
<p>Connectons-nous à notre serveur FTP en utilisant Filezilla sous Windows, Konqueror ou gFTP (ou bien en ligne de commande, ftp ou lftp) sous Linux/BSD, ou encore Cyberduck sous Mac OS X. Ca marche? Parfait :-)</p>
<p>Maintenant le pourquoi du comment que j'ai mis 3 au lieu de 2 et MD5 au lieu de PASSWORD : tout simplement parce que ça ne fonctionne pas sous CentOS 5. L'explication vient du fichier README de pam-mysql, dispo là : <em>/usr/share/doc/pam_mysql-0.7/README</em></p>
<blockquote>
<p>The method to encrypt the user's password:</p>
<p>0 (or "plain") = No encryption. Passwords stored in plaintext.HIGHLY DISCOURAGED.</p>
<p>1 (or "Y") = Use crypt(3) function.</p>
<p>2 (or "mysql") = Use MySQL PASSWORD() function. It is possiblethat the encryption function used by PAM-MySQLis different from that of the MySQL server, asPAM-MySQL uses the function defined in MySQL'sC-client API instead of using PASSWORD() SQL functionin the query.</p>
<p>3 (or "md5") = Use plain hex MD5.</p>
<p>4 (or "sha1") = Use plain hex SHA1.</p>
</blockquote>
<p>La fonction PASSWORD de MySQL et celle de pam-mysql ne renvoient donc pas le même hash de mot de passe. Dommage, hein? J'ai aussi essayé l'option 0, mais elle ne m'intéressait pas. Je n'ai pas encore essayé la fonction crypt ni la fonction sha1 pour vérifier si elles fonctionnent, mais il n'y a pas de raison ;)</p>
<p>Il ne reste à présent qu'à créer une page php ou un script shell qui permette de créer, modifier et effacer les utilisateurs.</p>
<h2>Commentaires</h2>
<h3>Le 25/01/2011 15:45 par jennifer</h3>
<p>Merci pour le tuto ca fonctionne nikel juste un petit oubli de votre part il faut créer le fichier vsftpd dans /var/run/ sinon il affiche un message d'erreur suite au chemin défini pour "secure_chroot_dir=/var/run/vsftpd" dans le fichier de configuration vsftpd.conf lors du lancement du ftp.</p>Nouveau jouet2008-06-18T19:46:00+02:002008-06-18T19:46:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-18:/post/2008/06/18/Nouveau-jouet/<p>Un nouveau gadget électronique vient alourdir mes poches :-)</p>
<p>En témoigne l'habillage d'iPhone disponible pour ce blog (si ce n'est pas le thème affiché à la lecture de ce billet, allez regarder dans le menu déroulant permettant de choisir son thème), en ce moment je m'intéresse à l'Internet mobile. Dans un …</p><p>Un nouveau gadget électronique vient alourdir mes poches :-)</p>
<p>En témoigne l'habillage d'iPhone disponible pour ce blog (si ce n'est pas le thème affiché à la lecture de ce billet, allez regarder dans le menu déroulant permettant de choisir son thème), en ce moment je m'intéresse à l'Internet mobile. Dans un premier temps résolu à attendre l'arrivée <a href="https://linuxfr.org/2008/06/17/24221.html">du FreeRunner</a> du projet OpenMoko, les dysfonctionnements de mon Sony Ericsson K610i ont vite commencé à ébranler cette patience. A tel point que je pensais même acheter un HTC Touch, oui, cette immondice tournant sous Windows Mobile ! J'ai finalement craqué pour autre chose : la tablette Internet <a href="http://fr.wikipedia.org/wiki/Nokia_N800">Nokia N800</a>. Je m'amuse comme un petit fou avec ce nouveau jouet embarquant une version de Debian compilée pour son processeur ARM. Couplée à 2 grosses SD-Card de 4Go chacune, je peux y stocker quelques films de vacances, podcasts, et musiques. J'en viendrais presque à laisser tomber mon fidèle <a href="http://fr.wikipedia.org/wiki/IPod_classic#Quatri.C3.A8me_g.C3.A9n.C3.A9ration_et_iPod_photo">iPod Photo</a>, pourtant équipé de 20Go d'espace disque.</p>
<p>Doté d'une connectique USB, Bluetooth et Wifi, cet engin est un vrai bonheur. Enfin, quand je trouve un réseau Wifi, car je ne suis pas parvenu à faire fonctionner ensemble mon téléphone mobile et le N800. Alors, si quelqu'un me dit que c'est possible avec un OpenMoko, peut-être vais-je encore taper dans mes économies pour acheter le téléphone libre? En attendant, trouver un réseau Wifi ouvert dans Paris n'est pas mission impossible quand on est près à marcher 5min... :-)</p>Installation de mod_gnutls sur CentOS 52008-05-24T10:30:00+02:002008-05-24T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-24:/post/2008/05/24/Installation-de-mod_gnutls-sur-CentOS-5/<p>petit lien à garder sous le coude au cas où</p>
<p>Il y a quelques jours je voulais mettre plusieurs sites Internet en <a href="http://fr.wikipedia.org/wiki/Http#HTTPS">HTTPS</a>, sur le même serveur dédié. Or, ceci n'est (presque) pas possible en utilisant <a href="http://www.modssl.org/">mod_ssl</a> avec <a href="http://httpd.apache.org/">Apache</a>. Toutefois, ceci est rendu possible via l'utilisation de <a href="http://www.outoforder.cc/projects/apache/mod_gnutls/">mod_gnutls …</a></p><p>petit lien à garder sous le coude au cas où</p>
<p>Il y a quelques jours je voulais mettre plusieurs sites Internet en <a href="http://fr.wikipedia.org/wiki/Http#HTTPS">HTTPS</a>, sur le même serveur dédié. Or, ceci n'est (presque) pas possible en utilisant <a href="http://www.modssl.org/">mod_ssl</a> avec <a href="http://httpd.apache.org/">Apache</a>. Toutefois, ceci est rendu possible via l'utilisation de <a href="http://www.outoforder.cc/projects/apache/mod_gnutls/">mod_gnutls</a>. Pour ceux qui ont CentOS 5, voici <a href="http://www.hughesjr.com/content/view/20/29/">un petit lien</a> pour l'installer facilement. je crois que mod_gnutls est aussi disponible pour Mandriva. Sinon, il reste à compiler les sources ;-)</p>
<p><strong>Mise à jour</strong> : certains auront pu remarquer que des liens de ce billet ne fonctionnent plus, et que les dernières versions de mod_gnutls nécessitent une version de gnutls plus récente que celle livrée sur CentOS. La petite astuce ne fonctionne donc plus vraiment, sauf à utiliser une autre distribution ou à installer un gnutls plus récent. Un ami s'y est essayé il y a quelques temps sous Gentoo, un ebuild étant disponible.</p>
<h2>Commentaires</h2>
<h3>Le 30/08/2011 00:55 par <a href="http://fakessh.eu">fakessh @</a></h3>
<p>j ai dernierement package les dernieres versions de gnutls et mod_gnutls</p>
<p>je fournis les rpm source sur la page de mon blog
recompiler les rpm et bonnes mises à jour</p>
<p>http://fakessh.eu/2011/08/28/last-release-gnutls-et-mod_gnutls-pour-centos-5-6/</p>installation de phpmyadmin sur CentOS 52008-05-18T10:30:00+02:002008-05-18T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-18:/post/2008/05/18/installation-de-phpmyadmin-sur-CentOS-5/<p><code>yum install --enablerepo=extras,rpmforge httpd php phpmyadmin php-mbstring php-mcrypt</code></p>
<p><em>Mise à jour du 03/10/2011 : si vous êtes sur CentOS 6, voici <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">une version à jour de ce tutoriel</a></em></p>
<p>Je voulais me monter un petit serveur MySQL et comme je suis une feignasse, j'aime utiliser <a href="http://www.phpmyadmin.net">phpMyAdmin</a>.je me …</p><p><code>yum install --enablerepo=extras,rpmforge httpd php phpmyadmin php-mbstring php-mcrypt</code></p>
<p><em>Mise à jour du 03/10/2011 : si vous êtes sur CentOS 6, voici <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">une version à jour de ce tutoriel</a></em></p>
<p>Je voulais me monter un petit serveur MySQL et comme je suis une feignasse, j'aime utiliser <a href="http://www.phpmyadmin.net">phpMyAdmin</a>.je me fais comme à mon habitude une installation minimaliste, incluant toutefois le dépôt <a href="https://rpmrepo.org/RPMforge">RPMforge</a> (dont on note la nouvelle url). Pour ajouter le dépôt RPMForge, il suffit d'installer le RPM du dépôt, <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/">qu'on sélectionne ici selon son architecture</a>. On s'assure ensuite que par facilité, le fichier <em>/etc/yum.repos.d/rpmforge.repo</em> contient bien la ligne :</p>
<div class="highlight"><pre><span></span><code>enabled = 1
</code></pre></div>
<p>(c'est moche mais ça marche)</p>
<p>J'installe ensuite mon bazar :</p>
<div class="highlight"><pre><span></span><code>yum install httpd phpmyadmin
</code></pre></div>
<p>C'est bien la première fois que je reproche un truc à un paquet RPMforge, là ce que je reproche au paquet phpmyadmin, c'est de ne pas avoir en dépendance php, chose que je peux aussi reprocher au paquet php-mysql, ou alors j'ai pas tout compris. Allez, on installe PHP :</p>
<div class="highlight"><pre><span></span><code>yum install php
</code></pre></div>
<p>D'autres trucs sont nécessaires pour phpmyadmin, php-mbstring (pas de problème, c'est dans le dépôt base), mais aussi php-mcrypt (et là, il faut activer le dépôt extras, que j'avais désactivé) :</p>
<div class="highlight"><pre><span></span><code>yum install --enablerepo=extras php-mcrypt php-mbstring
</code></pre></div>
<p>Ensuite, on édite le fichier <em>/usr/share/phpmyadmin/config.inc.php</em>, plus exactement à la ligne 17 :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">''</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ </span>
</code></pre></div>
<p>Et on remplit la variable avec un truc bien débile :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">kikoolol</span><span class="s1">'</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ </span>
</code></pre></div>
<p>Si le serveur MySQL est sur la même machine, s'assurer qu'il est lancé et qu'on connait le mot de passe pour s'y connecter (par défaut, il n'y a pas de mot de passe pour root sur MySQL). Si le serveur est sur une autre machine, on modifie la ligne 31 :</p>
<div class="highlight"><pre><span></span><code>$cfg['Servers'][$i]['host'] = 'localhost';
</code></pre></div>
<p>on remplace "localhost" par l'adresse IP ou le nom de la machine.</p>
<p>Mais ce n'est pas fini ! Il faut encore accéder à phpMyAdmin. Pour celà, on édite aussi le fichier <em>/etc/httpd/conf.d/phpmyadmin.conf</em>, la ligne 8 contient :</p>
<div class="highlight"><pre><span></span><code>Allow from 127.0.0.1
</code></pre></div>
<p>On peut ajouter son adresse IP à la suite de la ligne, comme par exemple :</p>
<div class="highlight"><pre><span></span><code>Allow from 127.0.0.1 192.168.1.2
</code></pre></div>
<p>ou alors, ouvrir son phpMyAdmin au monde entier, mais c'est <strong>mal</strong> !</p>
<p><code>Allow from all</code></p>
<p>On notera en fin de fichier les urls possibles pour accéder à notre logiciel, on peut même ajouter à la ligne suivante par exemple :</p>
<p><code>Alias /kikoolol/ /usr/share/phpmyadmin</code></p>
<p>On lance Apache :</p>
<p><code>service httpd start</code></p>
<p>Et éventuellement MySQL :</p>
<p><code>service mysqld start</code></p>
<p>Voilà, c'est fini, on peut accéder à phpMyAdmin grâce à l'adresse : http://nomduserveur/phpmyadmin, ou http://nomduserveur/phpMyAdmin ou http://nomduserveur/mysqladmin (voire même http://nomduserveur/kikoolol pour les comiques :))</p>
<h2>Commentaires</h2>
<h3>Le 26/08/2008 20:44 par mongo</h3>
<p>Tres cool le tuto. Mais apparamment ca ne marche pas aussi simplement avec centos 5.2. J'ai le massage suivant qui resiste a ce tuto (erreur 403): You don't have permission to access /phpmyadmin/ on this server.</p>
<h3>Le 12/03/2009 11:01 par Stef</h3>
<p>Merci pour ce super tuto ;) ça m'a vachement bien aidé !</p>
<p>Et euh j'ai pareil.. erreur 403.. il suffit de lancer firefox entant que root et ça fonctionne ;)</p>
<h3>Le 23/03/2009 21:51 par Nils</h3>
<p>Je vous rappelle qu'il y a un paragraphe sur les autorisations, il faut penser à modifier la directive Allow de /etc/httpd/conf.d/phpmyadmin.conf ;)</p>
<h3>Le 15/04/2009 04:49 par kadahowa</h3>
<p>bien fait le tuto.
pour les gens qui n'ont pas pu acceder a phpmyadmin il faut changer les droit de permission du group.
et ça va marcher c'est tester et ça marche.
le seul probleme c'est j connais pas le mot de pass et le login de mon serveur mysql.
on voulant installer centos j ai cocher server donc j ai pas pu savoir quelle mot de passe et login a fait .
donc si quelqu'un sait, qu il me fille la reponse :>
merci.</p>
<h3>Le 16/04/2009 20:34 par Nils</h3>
<p>Pourrais-tu être plus précis sur "les droits de permissions du groupe" ?
Sous CentOS, par défaut, il n'y a pas de mot de passe à l'utilisateur root sur MySQL. Il te faut donc te connecter, et une fois dans le shell MySQL, tu peux changer le mot de passe. Tu peux aussi faire cela via phpMyAdmin.</p>
<h3>Le 22/04/2009 21:41 par HAZTIKA</h3>
<p>Bonjour
J'essaie de suivre ton tuto mais après : yum install --enablerepo=extras php-mcrypt php-mbstring
je vais dans le dossier /usr/share et je ne trouve pas le fichier config.inc.php que tu as indiqué ( /usr/share/phpmyadmin/config.inc.php ) , je ne trouve même pas le dossier phpmyadmin/ dans /usr/share
et j'ai aussi vérifier dans /etc/httpd/conf.d/ et je ne trouve pas le fichier phpmyadmin.conf
j'ai un centos 5.2, merci de ton aide</p>
<h3>Le 24/04/2009 19:46 par Nils</h3>
<p>@HAZTIKA : il faut d'abord installer le dépôt RPMForge, c'est expliqué entre autres <a href="http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-20e1f65f19ccf2f5fbf5adb30dbaf5ea963a64ae">ici</a>. Une fois ce dépôt installé (et activé), tu peux utiliser yum pour installer phpmyadmin et suivre le reste du billet, tu devrais alors trouver les fichiers.</p>
<h3>Le 05/06/2010 10:54 par Zerana</h3>
<p>Cool, ton tulo</p>Mise à jour et départ dans le web 2.02008-05-14T21:02:00+02:002008-05-14T21:02:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-14:/post/2008/05/14/Mise-a-jour-et-depart-dans-le-web-20/<p>Dotclear version RC, sites de social bookmarking et nouveaux flux RSS</p>
<p>Enfin ! 2 semaines après la disponibilité de <a href="http://www.dotclear.net/blog/post/2008/05/01/Dotclear-20-RC1">Dotclear 2 RC1</a>, je met à jour mon blog. J'en profite pour utiliser le plugin <a href="http://plugins.dotaddict.org/dc2/details/Partager">Partager</a> de sorte à proposer un lien vers des sites de social bookmarking, si un billet vous …</p><p>Dotclear version RC, sites de social bookmarking et nouveaux flux RSS</p>
<p>Enfin ! 2 semaines après la disponibilité de <a href="http://www.dotclear.net/blog/post/2008/05/01/Dotclear-20-RC1">Dotclear 2 RC1</a>, je met à jour mon blog. J'en profite pour utiliser le plugin <a href="http://plugins.dotaddict.org/dc2/details/Partager">Partager</a> de sorte à proposer un lien vers des sites de social bookmarking, si un billet vous plait, n'hésitez pas à le faire savoir sur l'un de ces sites !</p>
<p>Autre nouveauté, je change les flux RSS : ils sont à présent fournis par <a href="http://www.feedburner.com">FeedBurner</a>, dont <a href="http://www.sakana.fr/blog">Stéphane</a> m'en dit le plus grand bien, j'espère qu'il a raison ! Pour plus de facilité, les liens RSS fournis par Dotclear renvoient vers FeedBurner, mais pour info, les vrais liens FeedBurner sont :</p>
<p><a href="http://feeds.feedburner.com/AnotherHomePageBlog">http://feeds.feedburner.com/AnotherHomePageBlog</a><a href="http://feeds.feedburner.com/AnotherHomePageBlog-Commentaires">http://feeds.feedburner.com/AnotherHomePageBlog-Commentaires</a></p>
<p>Pour ceux qui se demandent comment utiliser FeedBurner sur un blog Dotclear, c'est <a href="http://blog.js-zone.net/index.php/post/2006/10/30/Redirection-de-flux-RSS-dotclear-vers-FeedBurner">ici</a>.</p>Session de débug DNS2008-05-12T10:30:00+02:002008-05-12T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-12:/post/2008/05/12/session-de-debug-DNS/<p>pour un site ami</p>
<p>J'ai eu à donner un petit coup de main pour le serveur DNS de <a href="http://www.quebecos.com">QuebecOS</a>, j'en profite donc pour ajouter quelques petites choses qui m'ont aidées à faire du débug de configuration DNS utilisant <a href="http://www.isc.org/index.pl?/sw/bind/index.php">Bind</a>:</p>
<div class="highlight"><pre><span></span><code> logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
</code></pre></div>
<p>dans …</p><p>pour un site ami</p>
<p>J'ai eu à donner un petit coup de main pour le serveur DNS de <a href="http://www.quebecos.com">QuebecOS</a>, j'en profite donc pour ajouter quelques petites choses qui m'ont aidées à faire du débug de configuration DNS utilisant <a href="http://www.isc.org/index.pl?/sw/bind/index.php">Bind</a>:</p>
<div class="highlight"><pre><span></span><code> logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
</code></pre></div>
<p>dans le fichier named.conf est assez pratique lorsqu'on veut voir si le serveur se lance correctement.</p>
<p>Sinon un site assez sympa pour voir si la configuration est correcte, <a href="http://www.intodns.com">IntoDNS</a> : on donne son nom de domaine et il regarde ce que rend le serveur à ses requêtes; presque tout y passe, on peut même y lire si notre configuration respecte les bonnes pratiques. A garder sous la main en plus des bons vieux nslookup et dig.</p>Y avait un truc...2008-05-04T09:18:00+02:002008-05-04T09:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-04:/post/2008/05/04/Y-avait-un-truc/<p>trucage de vidéo</p>
<p>Il y a déjà quelques temps qu'est sorti <a href="http://www.purepwnage.com/episodes/s2/4/">l'épisode 16 de Pure Pwnage</a>. Dans cet épisode on y voit le héros obtenir un score exceptionnel, voire dingue en jouant à <a href="http://fr.wikipedia.org/wiki/Rock_Band">Rock Band</a>, un jeu vidéo musical. On se doute presque tout de suite qu'il y a un …</p><p>trucage de vidéo</p>
<p>Il y a déjà quelques temps qu'est sorti <a href="http://www.purepwnage.com/episodes/s2/4/">l'épisode 16 de Pure Pwnage</a>. Dans cet épisode on y voit le héros obtenir un score exceptionnel, voire dingue en jouant à <a href="http://fr.wikipedia.org/wiki/Rock_Band">Rock Band</a>, un jeu vidéo musical. On se doute presque tout de suite qu'il y a un truc, c'est trop exceptionnel. Voici donc <a href="http://www.purepwnage.com/index.php?GUID=75489">l'explication du trucage</a> par celui qui l'a mis en œuvre, c'est tout aussi impressionnant.</p>Quelques fonds d'écran2008-04-23T18:30:00+02:002008-04-23T18:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-04-23:/post/2008/04/23/Quelques-fonds-decran/<p>Plein les yeux</p>
<p>Trouvé sur le forum PCINpact, un lien vers <a href="http://nerdbusiness.com/blog/218-hd-resolution-desktop-wallpapers-nerds">218 fonds d'écran</a> de plutôt bonne qualité. Attention, tous ne sont pas au format 16/10, certains sont adapté à une configuration bi-écran (2560*1024) par exemple.Certains valent vraiment le coup d'être vu, c'est magnifique.</p>Thème, et plugins2008-04-14T00:32:00+02:002008-04-14T00:32:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-04-14:/post/2008/04/14/Theme-et-plugins/<p>comme ça, pour le plaisir</p>
<p>Voilà, j'avais envie de pouvoir cumuler plusieurs thèmes sur ce blog, j'ai donc ajouté <a href="http://plugins.dotaddict.org/dc2/details/Arlequin">Arlequin</a>.J'aimerais poster plus de photos parfois, même si je suis loin d'être doué avec un appareil ou un téléphone mobile. Toutefois, pour la future galerie de <a href="http://tapart.anotherhomepage.org">Tap Art</a>, <a href="http://plugins.dotaddict.org/dc2/details/Lightbox">Lightbox</a> pourrait …</p><p>comme ça, pour le plaisir</p>
<p>Voilà, j'avais envie de pouvoir cumuler plusieurs thèmes sur ce blog, j'ai donc ajouté <a href="http://plugins.dotaddict.org/dc2/details/Arlequin">Arlequin</a>.J'aimerais poster plus de photos parfois, même si je suis loin d'être doué avec un appareil ou un téléphone mobile. Toutefois, pour la future galerie de <a href="http://tapart.anotherhomepage.org">Tap Art</a>, <a href="http://plugins.dotaddict.org/dc2/details/Lightbox">Lightbox</a> pourrait être très utile.</p>Survivaure2008-04-14T00:15:00+02:002008-04-14T00:15:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-04-14:/post/2008/04/14/Survivaure/<p>Argh, j'en ai manqué un paquet...</p>
<p>J'en étais resté à <a href="http://www.knarfworld.net/article.php?id_article=144">l'épisode 9</a>! Allez zou, je rattrape mon retard et je télécharge <a href="http://www.knarfworld.net/rubrique.php?id_rubrique=52">les fichiers manquants</a>, ça me fera de quoi écouter sur le chemin pour aller au boulot :-)</p>Dates de vacances scolaires2008-04-05T11:42:00+02:002008-04-05T11:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-04-05:/post/2008/04/05/Dates-de-vacances-scolaires/<p>Mais non, je ne retourne pas à l'école...</p>
<p>Petit lien utile, quand on n'a pas de calendrier avec les vacances scolaires à disposition (non mais non, il n'y en a pas besoin sur certains <a href="http://www.aubade.com/lecons/?langue=fr">calendriers</a>), c'est la page du <a href="http://www.education.gouv.fr/pid184/le-calendrier-scolaire.htmlv">calendrier scolaire</a> sur le site de l'Education Nationale. Trouvé en tapant …</p><p>Mais non, je ne retourne pas à l'école...</p>
<p>Petit lien utile, quand on n'a pas de calendrier avec les vacances scolaires à disposition (non mais non, il n'y en a pas besoin sur certains <a href="http://www.aubade.com/lecons/?langue=fr">calendriers</a>), c'est la page du <a href="http://www.education.gouv.fr/pid184/le-calendrier-scolaire.htmlv">calendrier scolaire</a> sur le site de l'Education Nationale. Trouvé en tapant "vacances scolaires" sur Wikipédia.</p>
<p>Pratique, non?</p>Créer un miroir CentOS pour les updates2008-03-23T14:55:00+01:002008-03-23T14:55:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-03-23:/post/2008/03/23/Creer-un-miroir-CentOS-pour-les-updates/<p>Et tu sync, et tu sync, et tu wget</p>
<p>Hier, j'ai commencé à me dire que ça serait sympa de rendre encore plus rapide mes installations de machines virtuelles CentOS 5. Donc, avant d'attaquer le trifouillage de mes kickstarts afin d'appliquer mes configurations de manière automatique, j'en suis venu à …</p><p>Et tu sync, et tu sync, et tu wget</p>
<p>Hier, j'ai commencé à me dire que ça serait sympa de rendre encore plus rapide mes installations de machines virtuelles CentOS 5. Donc, avant d'attaquer le trifouillage de mes kickstarts afin d'appliquer mes configurations de manière automatique, j'en suis venu à la conclusion qu'avoir le dépôt des mises à jour en local serait plus rapide que de devoir tout récupérer sur Internet.</p>
<p>Donc, il me faut me synchroniser avec un miroir. Comme je suis chez Free, j'ai voulu utiliser leur miroir. Oui mais, ce n'est qu'un miroir FTP. Et la plupart des scripts de synchronisation de miroir utilisent <a href="http://rsync.samba.org/">rsync</a>. Je me suis donc rabattu sur le miroir de <a href="http://www.ipsl.jussieu.fr/">l'IPSL Jussieu</a> qui possède un mirroir <a href="http://distrib-coffee.ipsl.jussieu.fr/pub/linux/">http</a>, <a href="ftp://distrib-coffee.ipsl.jussieu.fr/pub/linux/">ftp</a> et <a href="rsync://distrib-coffee.ipsl.jussieu.fr/pub/linux/">rsync</a>. Génial ! Quelques instants plus tard, j'adapte <a href="http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html">ce script</a> qui donne ceci :</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/bash</span>
<span class="c1">#################################################################################</span>
<span class="c1"># #</span>
<span class="c1"># CentOS mirror syncer #</span>
<span class="c1"># Comes from : #</span>
<span class="c1"># #</span>
<span class="c1"># http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html #</span>
<span class="c1"># http://wiki.monserveurperso.com/wakka.php?wiki=MirroringFTP #</span>
<span class="c1"># man wget #</span>
<span class="c1"># #</span>
<span class="c1">#################################################################################</span>
<span class="nv">RSYNC</span><span class="o">=</span><span class="sb">`</span>which rsync<span class="sb">`</span>
<span class="nv">RSYNC_OPTS</span><span class="o">=</span><span class="s2">"-aHv --delete --bwlimit=512 "</span>
<span class="nv">CHOWN</span><span class="o">=</span><span class="sb">`</span>which chown<span class="sb">`</span>
<span class="nv">CHMOD</span><span class="o">=</span><span class="sb">`</span>which chmod<span class="sb">`</span>
<span class="nv">MIRROR</span><span class="o">=</span><span class="s2">"rsync://distrib-coffee.ipsl.jussieu.fr/pub/linux/centos/5/updates/i386/"</span>
<span class="nv">LOCAL</span><span class="o">=</span><span class="s2">"/home/ftp/mirrors/centos/5/updates/i386/"</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">"/var/run/centosmirror.pid"</span>
<span class="c1"># Don't run it twice...</span>
<span class="k">if</span> <span class="o">[</span> -f <span class="s2">"</span><span class="nv">$PIDFILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">RUNPID</span><span class="o">=</span><span class="sb">`</span>cat <span class="nv">$PIDFILE</span><span class="sb">`</span>
<span class="k">if</span> ps -p <span class="nv">$RUNPID</span><span class="p">;</span> <span class="k">then</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror is already running..."</span>
<span class="nb">exit</span> <span class="m">1</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror pid found but process dead, cleaning up"</span>
rm -f <span class="nv">$PIDFILE</span>
<span class="k">fi</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"No CentOS Mirror Process Detected"</span>
<span class="k">fi</span>
<span class="nb">echo</span> <span class="nv">$$</span> > <span class="nv">$PIDFILE</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Started at "</span>
date
<span class="c1"># Download, set up rights</span>
<span class="nv">$RSYNC</span> <span class="nv">$RSYNC_OPTS</span> <span class="nv">$MIRROR</span> <span class="nv">$LOCAL</span>
<span class="nv">$CHOWN</span> -R apache:apache <span class="nv">$LOCAL</span>
<span class="nv">$CHMOD</span> -R <span class="m">755</span> <span class="nv">$LOCAL</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Ended at "</span>
date
rm -f <span class="nv">$PIDFILE</span>
</code></pre></div>
<p>Ca, c'était la version rsync. Et si on est derrière un proxy, et qu'on ne peut pas faire du rsync? Pour le moment je me suis concentré sur ftp, mais ce script devrait tourner pour http :</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/bash</span>
<span class="c1">#################################################################################</span>
<span class="c1"># #</span>
<span class="c1"># CentOS mirror syncer #</span>
<span class="c1"># Comes from : #</span>
<span class="c1"># #</span>
<span class="c1"># http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html #</span>
<span class="c1"># http://wiki.monserveurperso.com/wakka.php?wiki=MirroringFTP #</span>
<span class="c1"># man wget #</span>
<span class="c1"># #</span>
<span class="c1">#################################################################################</span>
<span class="c1"># Variables</span>
<span class="nv">WGET</span><span class="o">=</span><span class="sb">`</span>which wget<span class="sb">`</span>
<span class="nv">WGET_OPTS</span><span class="o">=</span><span class="s2">"-m --limit-rate=512k -nH --cut-dir 5"</span>
<span class="nv">CHOWN</span><span class="o">=</span><span class="sb">`</span>which chown<span class="sb">`</span>
<span class="nv">CHMOD</span><span class="o">=</span><span class="sb">`</span>which chmod<span class="sb">`</span>
<span class="nv">MIRROR</span><span class="o">=</span><span class="s2">"ftp://ftp.free.fr/mirrors/ftp.centos.org/5/updates/i386/*"</span>
<span class="nv">LOCAL</span><span class="o">=</span><span class="s2">"/home/ftp/mirrors/centos/5/updates/i386/"</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">"/var/run/centosmirror.pid"</span>
<span class="c1"># Don't run it twice...</span>
<span class="k">if</span> <span class="o">[</span> -f <span class="s2">"</span><span class="nv">$PIDFILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">RUNPID</span><span class="o">=</span><span class="sb">`</span>cat <span class="nv">$PIDFILE</span><span class="sb">`</span>
<span class="k">if</span> ps -p <span class="nv">$RUNPID</span><span class="p">;</span> <span class="k">then</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror is already running..."</span>
<span class="nb">exit</span> <span class="m">1</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror pid found but process dead, cleaning up"</span>
rm -f <span class="nv">$PIDFILE</span>
<span class="k">fi</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"No CentOS Mirror Process Detected"</span>
<span class="k">fi</span>
<span class="nb">echo</span> <span class="nv">$$</span> > <span class="nv">$PIDFILE</span>
<span class="c1"># wget + ftp = .listing files</span>
find <span class="nv">$LOCAL</span> -name <span class="s2">".listing"</span> -delete
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Started at "</span>
date
<span class="c1"># Download, set up rights</span>
<span class="nv">$WGET</span> <span class="nv">$WGET_OPTS</span> <span class="nv">$MIRROR</span> -P <span class="nv">$LOCAL</span>
<span class="nv">$CHOWN</span> -R apache:apache <span class="nv">$LOCAL</span>
<span class="nv">$CHMOD</span> -R <span class="m">755</span> <span class="nv">$LOCAL</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Ended at "</span>
date
rm -f <span class="nv">$PIDFILE</span>
find <span class="nv">$LOCAL</span> -name <span class="s2">".listing"</span> -delete
</code></pre></div>
<p>On remarquera que c'est grosso modo la même chose, la version wget générant des fichiers .listing pour le téléchargement récursif, je les efface avant et après coup, au cas où.Comme mon miroir est aussi dispo en http, je rend le tout accessible pour l'utilisateur apache. Ce dernier script reste cependant à améliorer, car contrairement à rsync, il n'efface pas les fichiers présents en local mais disparus du miroir distant.</p>Complètement malaaaaadeuh !2008-03-18T14:27:00+01:002008-03-18T14:27:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-03-18:/post/2008/03/18/Completement-malaaaaadeuh/<p>Vous pouvez mettre la chanson de Lama en fond sonore. Les versions de Dalida & Lara Fabian sont tolérées.</p>
<p>Pour faire court : une <a href="http://fr.wikipedia.org/wiki/Angine">angine</a> blanche, ça fait mal. Pour les fanas de noms compliqués, elle s'appelle aussi <a href="http://fr.wikipedia.org/wiki/Angine#Angine_.C3.A9ryth.C3.A9mateuse_ou_.C3.A9ryth.C3.A9mato-pultac.C3.A9e">angine érythémato-pultacée</a>. Moins poétique tout de même.</p>
<p>Allez, le prochain billet j'essaie de le …</p><p>Vous pouvez mettre la chanson de Lama en fond sonore. Les versions de Dalida & Lara Fabian sont tolérées.</p>
<p>Pour faire court : une <a href="http://fr.wikipedia.org/wiki/Angine">angine</a> blanche, ça fait mal. Pour les fanas de noms compliqués, elle s'appelle aussi <a href="http://fr.wikipedia.org/wiki/Angine#Angine_.C3.A9ryth.C3.A9mateuse_ou_.C3.A9ryth.C3.A9mato-pultac.C3.A9e">angine érythémato-pultacée</a>. Moins poétique tout de même.</p>
<p>Allez, le prochain billet j'essaie de le faire technique et pas du fond du lit.</p>Forcer openssh à ouvrir un terminal2008-03-05T20:56:00+01:002008-03-05T20:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-03-05:/post/2008/03/05/forcer-openssh-a-ouvrir-un-tty-pour-su-c/<p>Ces jours-ci, j'en apprend des trucs marrants !</p>
<p>L'autre jour, je voulais faire la feignasse : plutôt que de me connecter en ssh, devenir root puis taper une commande (un bête mkdir je crois), et ce sur 5-6 serveurs, je me suis demandé si je ne pouvais pas faire tout ça en …</p><p>Ces jours-ci, j'en apprend des trucs marrants !</p>
<p>L'autre jour, je voulais faire la feignasse : plutôt que de me connecter en ssh, devenir root puis taper une commande (un bête mkdir je crois), et ce sur 5-6 serveurs, je me suis demandé si je ne pouvais pas faire tout ça en une fois, au moins disons une commande par bécane, quitte à juste taper les mots de passe ensuite. Et bien c'est possible !</p>
<p>D'abord, on regarde la page de manuel de ssh, et on voit qu'on peut donner une commande en argument pour juste exécuter cette commande :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">uname</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">Linux</span><span class="w"></span>
</code></pre></div>
<p>Ensuite on se dit qu'on rajouterait bien des arguments à notre commande, donc on rajoute des guillemets :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"/bin/uname -sp"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">Linux</span><span class="w"> </span><span class="n">i686</span><span class="w"></span>
</code></pre></div>
<p>Pour s'amuser, disons qu'on veut faire un truc en tant que root. On peut, si on ne dispose pas de sudo, utiliser "su -c" pour ne taper qu'une commande en tant que root, sous réserve de connaître le mot de passe. Mais si on le fait, on se heurte à un message d'erreur :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c whoami"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">standard</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">must</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">tty</span><span class="w"></span>
</code></pre></div>
<p>Et là, c'est le drame... comment ouvre-t-on un tty? Un retour dans la page de manuel (merci <a href="http://www.sakana.fr/blog/">Stéphane</a> !) nous apprend que l'option "-t" force ssh à ouvrir un tty. Allez, on recommence :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c whoami"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="nl">Password</span><span class="p">:</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
<span class="k">Connection</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="n">closed</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>On remarquera que cette fois-ci, on me demande 2 mots de passe : le mot de passe de nils (utilisateur implicite du fait que je suis connecté en tant que nils sur darkmoon), et le mot de passe de root. Le tty est ensuite refermé avec le ssh.</p>
<p>On pourrait bien entendu se passer de taper les mots de passe en utilisant une authentification par clés pour ssh et sudo pour les commandes qui le nécessitent. Ensuite, si on désire faire ceci sur plusieurs machines d'affilée, rien n'empêche d'imbriquer tout ça dans une boucle for. Si la commande lancée après le "su -c" nécessite des arguments, alors on peut utiliser les guillemets simples :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c 'whoami --help'"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="nl">Password</span><span class="p">:</span><span class="w"> </span>
<span class="k">Usage</span><span class="err">:</span><span class="w"> </span><span class="n">whoami</span><span class="w"> </span><span class="o">[</span><span class="n">OPTION</span><span class="o">]</span><span class="p">...</span><span class="w"></span>
<span class="k">Print</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">associated</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">current</span><span class="w"> </span><span class="n">effective</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">ID</span><span class="p">.</span><span class="w"></span>
<span class="n">Same</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">-</span><span class="n">un</span><span class="p">.</span><span class="w"></span>
<span class="w"> </span><span class="o">--</span><span class="n">help</span><span class="w"> </span><span class="n">display</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">help</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">exit</span><span class="w"></span>
<span class="w"> </span><span class="o">--</span><span class="n">version</span><span class="w"> </span><span class="k">output</span><span class="w"> </span><span class="n">version</span><span class="w"> </span><span class="n">information</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">exit</span><span class="w"></span>
<span class="n">Report</span><span class="w"> </span><span class="n">bugs</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="o"><</span><span class="n">bug</span><span class="o">-</span><span class="n">coreutils</span><span class="nv">@gnu</span><span class="p">.</span><span class="n">org</span><span class="o">></span><span class="p">.</span><span class="w"></span>
<span class="k">Connection</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="n">closed</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<h2>Commentaires</h2>
<h3>Le 20/03/2008 23:27 par pierre fauquembergue</h3>
<p>Sinon, plus simple il y a cssh ( pour cluster ssh ), ca change la vie !</p>Rémingway - Marie Les Heures2008-02-27T21:15:00+01:002008-02-27T21:15:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-02-27:/post/2008/02/27/Remingway-Marie-Les-Heures/<p>Du bon son pour ce centième billet</p>
<p>Alors voilà, ça fait plusieurs jours que je me suis rendu compte que j'avais 99 billets au compteur. C'est à la fois beaucoup et peu si on considère la date de début de ce blog... Il fallait quand même quelque chose pour fêter …</p><p>Du bon son pour ce centième billet</p>
<p>Alors voilà, ça fait plusieurs jours que je me suis rendu compte que j'avais 99 billets au compteur. C'est à la fois beaucoup et peu si on considère la date de début de ce blog... Il fallait quand même quelque chose pour fêter le centième billet d'Another Home Page. J'ai pensé à du technique, du comique, mais pas à de la musique... Ce soir je faisais un tour sur le <a href="http://www.taberlos.net/forum/">forum Rémingway</a>, dont je suis, hélas, modérateur et plus ou moins administrateur. En fait, je devrais changer de pseudo et mettre "Victor, nettoyeur (de comptes)" parfois.</p>
<p>Quoi qu'il en soit je passe sur le forum et je lis dans la boite à cris qu'une nouvelle version de la chanson "Marie Les Heures" est disponible. Pour mémoire, il s'agit de la chanson qui fait débuter leur deuxième album, "Tic Tac Etc..". Cette nouvelle version est disponible sur <a href="http://www.myspace.com/remingway">la page MySpace du groupe</a>. Foncez l'écouter, et n'hésitez pas à écouter et aussi voir le reste !</p>
<p>Et surtout passez voir <a href="http://www.remingway.net">leur site</a> !</p>fichue option de fdisk2008-02-21T19:52:00+01:002008-02-21T19:52:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-02-21:/post/2008/02/21/fichue-option-de-fdisk/<p>genre, pas très harmonieux tout ça</p>
<p>Je range ce billet dans "Linux et Logiciels libres" mais ça pourrait aller dans "Humeur"; lorsque je lance fdisk en mode interactif, voilà comment cela se passe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Le</span><span class="w"> </span><span class="n">nombre</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">ce</span><span class="w"> </span><span class="n">disque</span><span class="w"> </span><span class="n">est</span><span class="w"> </span><span class="n">initialisé</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="mf">36483.</span><span class="w"></span>
<span class="n">Il …</span></code></pre></div><p>genre, pas très harmonieux tout ça</p>
<p>Je range ce billet dans "Linux et Logiciels libres" mais ça pourrait aller dans "Humeur"; lorsque je lance fdisk en mode interactif, voilà comment cela se passe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Le</span><span class="w"> </span><span class="n">nombre</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">ce</span><span class="w"> </span><span class="n">disque</span><span class="w"> </span><span class="n">est</span><span class="w"> </span><span class="n">initialisé</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="mf">36483.</span><span class="w"></span>
<span class="n">Il</span><span class="w"> </span><span class="n">n</span><span class="s1">'y a rien d''incorrect avec cela, mais c'</span><span class="n">est</span><span class="w"> </span><span class="n">plus</span><span class="w"> </span><span class="n">grand</span><span class="w"> </span><span class="n">que</span><span class="w"> </span><span class="mi">1024</span><span class="p">,</span><span class="w"></span>
<span class="n">et</span><span class="w"> </span><span class="n">cela</span><span class="w"> </span><span class="n">pourrait</span><span class="w"> </span><span class="n">causer</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">problèmes</span><span class="w"> </span><span class="n">en</span><span class="w"> </span><span class="n">fonction</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">certaines</span><span class="w"> </span><span class="nl">configurations</span><span class="p">:</span><span class="w"></span>
<span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">logiciels</span><span class="w"> </span><span class="n">qui</span><span class="w"> </span><span class="n">sont</span><span class="w"> </span><span class="n">exécutés</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="n">l</span><span class="s1">'amorçage (i.e., vieilles versions de LILO)</span>
<span class="s1">2) logiciels d'</span><span class="n">amorçage</span><span class="w"> </span><span class="n">et</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">partitionnement</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">d</span><span class="s1">'autres SE</span>
<span class="s1"> (i.e., DOS FDISK, OS/2 FDISK)</span>
<span class="s1">Commande (m pour l'</span><span class="n">aide</span><span class="p">)</span><span class="err">:</span><span class="w"> </span><span class="n">p</span><span class="w"></span>
<span class="n">Disque</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="nl">hda</span><span class="p">:</span><span class="w"> </span><span class="mf">300.0</span><span class="w"> </span><span class="k">Go</span><span class="p">,</span><span class="w"> </span><span class="mi">300090728448</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="mi">255</span><span class="w"> </span><span class="n">heads</span><span class="p">,</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="n">sectors</span><span class="o">/</span><span class="n">track</span><span class="p">,</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="n">cylinders</span><span class="w"></span>
<span class="n">Unités</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="mi">16065</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">8225280</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="n">Périphérique</span><span class="w"> </span><span class="n">Amorce</span><span class="w"> </span><span class="n">Début</span><span class="w"> </span><span class="n">Fin</span><span class="w"> </span><span class="n">Blocs</span><span class="w"> </span><span class="n">Id</span><span class="w"> </span><span class="n">Système</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda1</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="mi">96358</span><span class="o">+</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda2</span><span class="w"> </span><span class="mi">13</span><span class="w"> </span><span class="mi">152</span><span class="w"> </span><span class="mi">1124550</span><span class="w"> </span><span class="mi">82</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="n">Solaris</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda4</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">291828757</span><span class="o">+</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">Extended</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda5</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">1197</span><span class="w"> </span><span class="mi">8393931</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda6</span><span class="w"> </span><span class="mi">1198</span><span class="w"> </span><span class="mi">9964</span><span class="w"> </span><span class="mi">70420896</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda7</span><span class="w"> </span><span class="mi">9965</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">213013836</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="n">Commande</span><span class="w"> </span><span class="p">(</span><span class="n">m</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">l</span><span class="err">'</span><span class="n">aide</span><span class="p">)</span><span class="err">:</span><span class="w"></span>
</code></pre></div>
<p>On voit bien qu'on utilise la lettre "p" pour "print", afficher la table des partitions. Si par contre je veux juste afficher la table des partitions sans rien faire d'autre, en mode non-interactif, on lance fdisk de cette manière :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Disque</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="nl">hda</span><span class="p">:</span><span class="w"> </span><span class="mf">300.0</span><span class="w"> </span><span class="k">Go</span><span class="p">,</span><span class="w"> </span><span class="mi">300090728448</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="mi">255</span><span class="w"> </span><span class="n">heads</span><span class="p">,</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="n">sectors</span><span class="o">/</span><span class="n">track</span><span class="p">,</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="n">cylinders</span><span class="w"></span>
<span class="n">Unités</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="mi">16065</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">8225280</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="n">Périphérique</span><span class="w"> </span><span class="n">Amorce</span><span class="w"> </span><span class="n">Début</span><span class="w"> </span><span class="n">Fin</span><span class="w"> </span><span class="n">Blocs</span><span class="w"> </span><span class="n">Id</span><span class="w"> </span><span class="n">Système</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda1</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="mi">96358</span><span class="o">+</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda2</span><span class="w"> </span><span class="mi">13</span><span class="w"> </span><span class="mi">152</span><span class="w"> </span><span class="mi">1124550</span><span class="w"> </span><span class="mi">82</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="n">Solaris</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda4</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">291828757</span><span class="o">+</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">Extended</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda5</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">1197</span><span class="w"> </span><span class="mi">8393931</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda6</span><span class="w"> </span><span class="mi">1198</span><span class="w"> </span><span class="mi">9964</span><span class="w"> </span><span class="mi">70420896</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda7</span><span class="w"> </span><span class="mi">9965</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">213013836</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
</code></pre></div>
<p>Donc on a "l" pour "list", lister. Ok, les deux se valent, mais c'est quand même casse-pied, je tente régulièrement des fdisk -p /dev/nomdudisque et me prend un message d'erreur dans la figure ! C 'est casse-pied au possible !</p>
<p>Et pour couronner le tout, le fdisk de l'OS à la Pomme se comporte d'une autre manière !</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">sudo</span><span class="w"> </span><span class="n">fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">disk0</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="k">Disk</span><span class="err">:</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">disk0</span><span class="w"> </span><span class="nl">geometry</span><span class="p">:</span><span class="w"> </span><span class="mi">14593</span><span class="o">/</span><span class="mi">255</span><span class="o">/</span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n">234441648 sectors</span><span class="o">]</span><span class="w"></span>
<span class="nl">Signature</span><span class="p">:</span><span class="w"> </span><span class="mh">0xAA55</span><span class="w"></span>
<span class="w"> </span><span class="n">Starting</span><span class="w"> </span><span class="n">Ending</span><span class="w"></span>
<span class="w"> </span><span class="err">#:</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">cyl</span><span class="w"> </span><span class="n">hd</span><span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">cyl</span><span class="w"> </span><span class="n">hd</span><span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="o">[</span><span class="n"> start - size</span><span class="o">]</span><span class="w"></span>
<span class="o">------------------------------------------------------------------------</span><span class="w"></span>
<span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="w"> </span><span class="n">EE</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 1 - 409639</span><span class="o">]</span><span class="w"> </span><span class="o"><</span><span class="k">Unknown</span><span class="w"> </span><span class="n">ID</span><span class="o">></span><span class="w"></span>
<span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="w"> </span><span class="n">AF</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 409640 - 62652416</span><span class="o">]</span><span class="w"> </span><span class="n">HFS</span><span class="o">+</span><span class="w"> </span>
<span class="o">*</span><span class="mi">3</span><span class="err">:</span><span class="w"> </span><span class="mi">07</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 63328230 - 62460720</span><span class="o">]</span><span class="w"> </span><span class="n">HPFS</span><span class="o">/</span><span class="n">QNX</span><span class="o">/</span><span class="n">AUX</span><span class="w"></span>
<span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 125788950 - 30716280</span><span class="o">]</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">files</span><span class="o">*</span><span class="w"></span>
</code></pre></div>
<p>Quelle embrouille ;-)</p>En rentrant du boulot2008-02-06T19:14:00+01:002008-02-06T19:14:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-02-06:/post/2008/02/06/En-rentrant-du-boulot/<p>Parfois il fait presque beau...</p>
<p><a href="https://blog.anotherhomepage.org/public/.backfromwork_s.jpg"><img alt=""Back" src="https://blog.anotherhomepage.org/public/.backfromwork_s.jpg"></a></p>
<p>Ce soir, motivation énorme, je me suis dit "je rentre chez moi à pied". C'est vraiment énorme, sachant que je l'avais fait ce matin. Bon, avec un ciel comme ça en région parisienne, il faut en profiter : ces derniers jours ont été pluvieux et surtout …</p><p>Parfois il fait presque beau...</p>
<p><a href="https://blog.anotherhomepage.org/public/.backfromwork_s.jpg"><img alt=""Back" src="https://blog.anotherhomepage.org/public/.backfromwork_s.jpg"></a></p>
<p>Ce soir, motivation énorme, je me suis dit "je rentre chez moi à pied". C'est vraiment énorme, sachant que je l'avais fait ce matin. Bon, avec un ciel comme ça en région parisienne, il faut en profiter : ces derniers jours ont été pluvieux et surtout gris. Vivement les beaux jours !</p>Gestion de fichiers de grande taille sur Apache2008-01-28T23:19:00+01:002008-01-28T23:19:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-28:/post/2008/01/28/Gestion-de-fichiers-de-grande-taille-sur-Apache/<p>en fait le souci n'est pas forcément d'Apache</p>
<p>Il y a quelques temps j'utilisais Apache 2.0 et je crois qu'il ne pouvait pas gérer la présence de fichiers de plus de 2Go (il peut m'arriver d'héberger ce genre de fichiers sur <a href="http://downloads.anotherhomepage.org">Downloads.Anotherhomepage</a>, comme par exemple mirrorer les images …</p><p>en fait le souci n'est pas forcément d'Apache</p>
<p>Il y a quelques temps j'utilisais Apache 2.0 et je crois qu'il ne pouvait pas gérer la présence de fichiers de plus de 2Go (il peut m'arriver d'héberger ce genre de fichiers sur <a href="http://downloads.anotherhomepage.org">Downloads.Anotherhomepage</a>, comme par exemple mirrorer les images iso de <a href="http://kaella.linux-azur.org/index.php#telechargement">Kaella</a>). Maintenant, j'utilise Apache 2.2 et si avec mon petit Firefox adoré je vais voir si l'iso DVD est présente sur le miroir Anotherhomepage, on remarquera que non :( Or, la blague, c'est que si je connais l'url, <a href="http://www.gossamer-threads.com/lists/apache/users/304079#304079">je peux la télécharger via wget</a>.</p>
<p>Dingue, n'est-ce pas?</p>La couleur du ciel2008-01-26T09:53:00+01:002008-01-26T09:53:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-26:/post/2008/01/26/La-couleur-du-ciel/<p>Petit comparatif du week-end</p>
<p>On se demande pourquoi je me lève à 14h les week-ends lorsque je suis en région parisienne. Je crois que j'ai trouvé la réponse. Ci-dessous, le ciel de la région parisienne :</p>
<p><img alt=""Samedi nuageux en Île-de-France"" src="https://blog.anotherhomepage.org/public/.cloudysaturday_m.jpg"></p>
<p>Et ensuite, ce que je vois ce matin, vers 9h30, sur la côte d'azur :</p>
<p><img alt=""Ciel bleu sur la Côte d'Azur"" src="https://blog.anotherhomepage.org/public/.sanary_matin_m.jpg"></p>
<p>Franchement …</p><p>Petit comparatif du week-end</p>
<p>On se demande pourquoi je me lève à 14h les week-ends lorsque je suis en région parisienne. Je crois que j'ai trouvé la réponse. Ci-dessous, le ciel de la région parisienne :</p>
<p><img alt=""Samedi nuageux en Île-de-France"" src="https://blog.anotherhomepage.org/public/.cloudysaturday_m.jpg"></p>
<p>Et ensuite, ce que je vois ce matin, vers 9h30, sur la côte d'azur :</p>
<p><img alt=""Ciel bleu sur la Côte d'Azur"" src="https://blog.anotherhomepage.org/public/.sanary_matin_m.jpg"></p>
<p>Franchement, ça ne donne pas envie de se lever le matin? Moi si !</p>RPMforge2008-01-19T22:40:00+01:002008-01-19T22:40:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-19:/post/2008/01/19/RPMforge/<p>un dépôt qu'il est bien</p>
<p>Oui, il y a des dépôts tierce-partie pour les distribs Red Hat, telles que RHEL, CentOS et Fedora. Un que j'apprécie beaucoup c'est <a href="http://rpmforge.net/">RPMforge</a>. Il contient entre autres, <a href="http://htop.sourceforge.net/">Htop</a> et <a href="http://www.nagios.org/">Nagios</a>, ce qui fait que j'aime bien l'installer sur une machine CentOS ou Fedora (htop …</p><p>un dépôt qu'il est bien</p>
<p>Oui, il y a des dépôts tierce-partie pour les distribs Red Hat, telles que RHEL, CentOS et Fedora. Un que j'apprécie beaucoup c'est <a href="http://rpmforge.net/">RPMforge</a>. Il contient entre autres, <a href="http://htop.sourceforge.net/">Htop</a> et <a href="http://www.nagios.org/">Nagios</a>, ce qui fait que j'aime bien l'installer sur une machine CentOS ou Fedora (htop c'est vraiment du confort face à top). Pour l'installer, c'est très simple : il suffit d'aller récupérer le RPM qui installe le dépôt dans yum, ce qui évite de rajouter le dépôt à la main dans la configuration de ce dernier. Pour trouver le rpm "rpmforge-release", c'est <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/">ici</a>. On l'installe via un bon vieux rpm -ivh, on fait un petit yum update, et c'est parti !</p>It's alive ! Aliiiiive !2008-01-19T00:47:00+01:002008-01-19T00:47:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-19:/post/2008/01/19/Its-alive-aliiiiive/<p>Le serveur est tout neuf :)</p>
<p>Et voilà ! Après une soirée et une nuit d'efforts, j'ai réinstallé mon serveur dédié. Pour le moment tout n'est pas de nouveau dispo, mais ça arrive. Je mettrai à jour ce billet avec les services/sites à nouveau dispo :</p>
<ul>
<li>www.anotherhomepage.org : ~~KO, page blanche …</li></ul><p>Le serveur est tout neuf :)</p>
<p>Et voilà ! Après une soirée et une nuit d'efforts, j'ai réinstallé mon serveur dédié. Pour le moment tout n'est pas de nouveau dispo, mais ça arrive. Je mettrai à jour ce billet avec les services/sites à nouveau dispo :</p>
<ul>
<li>www.anotherhomepage.org : ~~KO, page blanche~~ redirection sur ce billet, il est temps de changer un peu ce site.</li>
<li>blog.anotherhomepage.org : OK, puisque ce billet l'atteste</li>
<li>vladimir.anotherhomepage.org : OK</li>
<li>downloads.anotherhomepage.org : ~~KO, site pas encore réinstallé (hey, j'ai sommeil).~~ OK, images uploadées, nouveau thème en place, autres fichiers en cours d'upload.</li>
<li>visites.anotherhomepage.org : KO, site non sauvé, grosse évolution envisagée (et ouais, je sauvegarde pas, chuis un gueudiiiiiiiin !)</li>
<li>service mail domaine anotherhomepage.org : OK (enfin, du peu de tests fait)</li>
<li>DNS : OK</li>
</ul>
<p>Allez, au dodo ! <em>baille</em></p>
<p>Mis à jour le 19/08/2008 20h55</p>Installation et configuration d'un serveur dédié OpenArena 0.7.12007-11-28T23:37:00+01:002007-11-28T23:37:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-11-28:/post/2007/11/28/Installation-et-configuration-dun-serveur-dedie-OpenArena-071/<p>(marche aussi pour Quake 3 Arena)</p>
<p>Amusons-nous un peu avec Open Arena, un First Person Shooter basé sur le moteur libéré sous GPL du génialissime Quake 3 Arena. Mais pour bien s'amuser, mieux vaut être plusieurs. Comme héberger soi-même la partie c'est lourd, utilisons une machine dédiée.</p>
<p>D'abord, on récupère …</p><p>(marche aussi pour Quake 3 Arena)</p>
<p>Amusons-nous un peu avec Open Arena, un First Person Shooter basé sur le moteur libéré sous GPL du génialissime Quake 3 Arena. Mais pour bien s'amuser, mieux vaut être plusieurs. Comme héberger soi-même la partie c'est lourd, utilisons une machine dédiée.</p>
<p>D'abord, on récupère OA 0.7.0 et le patch 0.7.1 soit via le site officiel, soit via votre gestionnaire de paquets favoris (à ma connaissance, Ubuntu et Fedora n'ont pas de version à jour dans leur dépôts, mais cela a pu changer depuis que j'ai vérifié. Aucun problème avec une Mandriva 2008), soit via mon miroir perso <a href="http://downloads.anotherhomepage.org/">http://downloads.anotherhomepage.org/</a> , rubrique Programs. On récupèrera optionnellement le mod OSP 1.03.</p>
<p>On décompresse les archives, à la racine de son répertoire home. Pour un utilisateur "quakeur" sur une machine "campgrounds", cela donne comme arborescence :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">pwd</span><span class="w"></span>
<span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">quakeur</span><span class="w"></span>
<span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">11</span><span class="n">M</span><span class="w"></span>
<span class="n">drwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="mi">8</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">07</span><span class="err">:</span><span class="mi">09</span><span class="w"> </span><span class="n">CHANGES</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">18</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">10</span><span class="w"> </span><span class="mi">17</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">COPYING</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">03</span><span class="err">:</span><span class="mi">56</span><span class="w"> </span><span class="n">CREDITS</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">765</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">877</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">6</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">6</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="o">-</span><span class="n">smp</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="o">-</span><span class="n">smp</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">16</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libogg</span><span class="o">-</span><span class="mf">0.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">154</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libvorbis</span><span class="o">-</span><span class="mf">0.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">29</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libvorbisfile</span><span class="o">-</span><span class="mf">3.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">64</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">25</span><span class="w"> </span><span class="mi">18</span><span class="err">:</span><span class="mi">35</span><span class="w"> </span><span class="n">LINUXNOTES</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">0</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">openarena</span><span class="p">.</span><span class="n">exe</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">4</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">README</span><span class="o">*</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">261</span><span class="n">M</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">30</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">41</span><span class="w"> </span><span class="n">pak0</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">27</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">38</span><span class="w"> </span><span class="n">pak1</span><span class="o">-</span><span class="n">maps</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">23</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">43</span><span class="w"> </span><span class="n">pak2</span><span class="o">-</span><span class="n">players</span><span class="o">-</span><span class="n">mature</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">65</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">46</span><span class="w"> </span><span class="n">pak2</span><span class="o">-</span><span class="n">players</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">25</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">47</span><span class="w"> </span><span class="n">pak3</span><span class="o">-</span><span class="n">music</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">67</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">48</span><span class="w"> </span><span class="n">pak4</span><span class="o">-</span><span class="n">textures</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">117</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">49</span><span class="w"> </span><span class="n">pak5</span><span class="o">-</span><span class="n">TA</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">16</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">49</span><span class="w"> </span><span class="n">pak6</span><span class="o">-</span><span class="n">misc</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="c1">--r-- 1 quakeur quakeur 12M 2007-08-08 14:36 pak7-patch.pk3</span>
</code></pre></div>
<p>2 choses : la première, le zip contient les binaires 32 et 64 bits x86 pour Linux, mais aussi un binaire 32 bits pour Windows. On peut optionnellement dégager ce dernier ainsi que les dll, vu qu'ils ne serviront pas, je pars du postulat qu'on tourne sous un OS propre, voire terreux, mais pas sale.</p>
<p>La seconde, c'est l'endroit où se situe le fichier du patch 0.7.1 : on vérifiera bien que le fichier pak7-patch.pk3 est dans \~/openarena/baseoa/ .</p>
<p>ensuite, il faut se faire un fichier de configuration. OpenArena étant basé sur le moteur libre de Quake 3 Arena, tout bon tuto qui se respecte pour ce bon vieux Q3A est à peu près valide pour OA. Voici ma configuration, utilisée pour la micro lan-party des JM2L 2007 (téléchargeable <a href="http://downloads.anotherhomepage.org/Programs/openarena/ffa.cfg">ici</a>):</p>
<div class="highlight"><pre><span></span><code><span class="sr">//</span><span class="n">Fichier</span> <span class="n">de</span> <span class="n">config</span> <span class="n">server</span> <span class="n">OA</span><span class="p">,</span> <span class="n">chaque</span> <span class="n">commentaire</span> <span class="n">commence</span> <span class="n">par</span> <span class="s">"//"</span> <span class="n">et</span> <span class="n">dure</span> <span class="n">jusqu</span><span class="s">'à la fin de la ligne.</span>
<span class="s"> //on met gametype à 0 pour Free for All (chacun pour sa pomme) </span>
<span class="s"> g_gametype 0</span>
<span class="s"> //Free For All Settings </span>
<span class="s"> //Limite de frag. Au-delà, on change de map. Pour enlever la limite, mettre à 0</span>
<span class="s"> fraglimit 20</span>
<span class="s"> //Limite de temps. Au-delà, on change de map. Pour enlever la limite, mettre à 0</span>
<span class="s"> timelimit 10</span>
<span class="s"> //Nombre max de n00bz sur le serveur</span>
<span class="s"> sv_maxclients 8</span>
<span class="s"> //Nom qui apparait dans l'</span><span class="n">interface</span> <span class="n">de</span> <span class="n">recherche</span>
<span class="n">sv_hostname</span> <span class="s">"Open Arena JM2L FFA Server"</span>
<span class="sr">//</span><span class="n">Message</span> <span class="n">du</span> <span class="n">jour</span> <span class="p">(</span><span class="n">Message</span> <span class="n">of</span> <span class="n">the</span> <span class="n">day</span><span class="p">)</span><span class="o">.</span> <span class="n">Optionnel</span>
<span class="n">set</span> <span class="n">g_motd</span> <span class="s">"JM2L Open Arena serveur, amusez-vous bien !"</span>
<span class="sr">//</span><span class="n">On</span> <span class="n">peut</span> <span class="n">réclamer</span> <span class="n">un</span> <span class="n">mot</span> <span class="n">de</span> <span class="n">passe</span> <span class="n">à</span> <span class="n">l</span><span class="s">'entrée du servur 1="je veux un mot de passe", 0="je m'</span><span class="n">en</span> <span class="n">cogne</span><span class="s">" (Défaut: 0)</span>
<span class="s"> sv_privateClients 0</span>
<span class="s"> //Si t'as mis 1 à la valeur précédente, indique ici ton mot de passe (on commente si c'est 0)</span>
<span class="s"> //sv_privatePassword ""</span>
<span class="s"> //Mot de passe de la console d'admin</span>
<span class="s"> rconpassword "</span><span class="n">lamepassword</span><span class="s">"</span>
<span class="s"> //Sorte d'anti-triche qui vérifie l'intégrité des fichiers pak 1=activé, 0=désactivé (Défaut: 1)</span>
<span class="s"> sv_pure 1</span>
<span class="s"> //Rafraîchissement max des n00bz qui viennent jouer, on recommande une valeur de 8000 à 10000 Max: 25000 </span>
<span class="s"> //(Défaut: 0)</span>
<span class="s"> sv_maxRate 10000</span>
<span class="s"> //Sélection des map, dans quel ordre, et ensuite on charge la première map</span>
<span class="s"> set d1 "</span><span class="nb">map</span> <span class="n">oa_rpg3dm2</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d2</span><span class="s">"</span>
<span class="s"> set d2 "</span><span class="nb">map</span> <span class="n">q3dm6ish</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d3</span><span class="s">"</span>
<span class="s"> set d3 "</span><span class="nb">map</span> <span class="n">oa_dm1</span> <span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d4</span><span class="s">"</span>
<span class="s"> set d4 "</span><span class="nb">map</span> <span class="n">fan</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d5</span><span class="s">"</span>
<span class="s"> set d5 "</span><span class="nb">map</span> <span class="n">suspended</span> <span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d1</span><span class="s">"</span>
<span class="s"> vstr d1</span>
<span class="s"> //temps de réapparition (respawn) des armes en secondes. S'il y a plein de n00bz sur le serveur,</span>
<span class="s"> // mieux vaut augmenter la valeur (Défaut: 5)</span>
<span class="s"> set g_weaponrespawn 5</span>
<span class="s"> //Possibilité de voter 1=oui, 0=non (Défaut: 1)</span>
<span class="s"> set g_allowvote 1</span>
<span class="s"> //multiple de puissance du quad damage </span>
<span class="s"> //(Défaut: 3. donc un coup de roquette fait 3 fois plus de dégâts quand on a le quad damage)</span>
<span class="s"> set g_quadfactor 3</span>
<span class="s"> //variable nécessairement à 1 pour les clients qui veulent enregistrer la partie, </span>
<span class="s"> //mais cela ralentit légèrement le jeu (Défaut: 0)</span>
<span class="s"> set g_syncronousClients 0</span>
<span class="s"> //petites infos parfois utiles</span>
<span class="s"> sets "</span><span class="n">Administrator</span><span class="s">" "</span><span class="n">r00t</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">Email</span><span class="s">" "</span><span class="n">mail</span><span class="nv">@domain</span><span class="o">.</span><span class="n">tld</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">URL</span><span class="s">" "</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">domain</span><span class="o">.</span><span class="n">tld</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">Location</span><span class="s">" "</span><span class="n">au</span> <span class="n">fond</span> <span class="n">à</span> <span class="n">droite</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">CPU</span><span class="s">" "</span><span class="n">Quadri</span> <span class="n">Xeon</span><span class="s">"</span>
<span class="s"> // Si on utilise un pack de maps persos, il faut en faire profiter les autres :))</span>
<span class="s"> //sets "</span><span class="n">mappack</span><span class="s">" "</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">myserver</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">mappack</span><span class="o">.</span><span class="n">zip</span><span class="s">"</span>
<span class="s">// --- bots ---</span>
<span class="s">seta bot_enable "</span><span class="mi">1</span><span class="s">" // Activer les bots : 1 = activé, 0 = désactivé</span>
<span class="s">seta bot_minplayers "</span><span class="mi">3</span><span class="s">" // Nombre minimum de n00bz pour que les bots se barrent</span>
<span class="s">seta bot_nochat "</span><span class="mi">1</span><span class="err">"</span> <span class="sr">//</span> <span class="n">Les</span> <span class="n">bots</span> <span class="n">peuvent</span> <span class="n">parler</span><span class="o">.</span> <span class="mi">1</span> <span class="o">=</span> <span class="n">ils</span> <span class="n">peuvent</span> <span class="n">faire</span> <span class="n">les</span> <span class="n">piplettes</span><span class="p">,</span> <span class="mi">0</span> <span class="o">=</span> <span class="n">ils</span> <span class="n">la</span> <span class="n">bouclent</span>
<span class="sr">//</span> <span class="n">End</span> <span class="n">of</span> <span class="n">file</span><span class="o">.</span>
</code></pre></div>
<p>Ce fichier, appelons-le ffa.cfg (puisque c'est un serveur Free For All) et plaçons-le dans notre répertoire de configuration OA (le jeu fonctionne dans un mode plus ou moins chrooté, alors mieux vaut qu'il puisse trouver la config) :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">pwd</span><span class="w"></span>
<span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">quakeur</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"></span>
<span class="n">drwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">88</span><span class="n">K</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">75</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">28</span><span class="w"> </span><span class="n">games</span><span class="p">.</span><span class="nf">log</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">21</span><span class="err">:</span><span class="mi">00</span><span class="w"> </span><span class="n">ffa</span><span class="p">.</span><span class="n">cfg</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">956</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">20</span><span class="w"> </span><span class="n">q3config</span><span class="p">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="err">$</span><span class="w"></span>
</code></pre></div>
<p>les fichiers games.log et q3config.cfg peuvent ne pas exister, ils seront créés après un premier lancement du jeu. A la rigueur, selon la quantité de mémoire vive de votre serveur dédié, il peut être bien de positionner la variable com_hunkMegs à la quantité de mémoire vive que vous désirez allouer.</p>
<p>Et maintenant? Et bien on lance le serveur :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="p">.</span><span class="o">/</span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">i386</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">dedicated</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">net_ip</span><span class="w"> </span><span class="mf">192.168.0.3</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">net_port</span><span class="w"> </span><span class="mi">27960</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">g_log</span><span class="w"> </span><span class="n">games</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">+</span><span class="k">exec</span><span class="w"> </span><span class="n">ffa</span><span class="p">.</span><span class="n">cfg</span><span class="w"></span>
</code></pre></div>
<p>Spécifier l'adresse IP est une bonne chose si vous avez de multiples interfaces réseau, mais c'est optionnel. Idem pour le port, mis par défaut à 27960 si ma mémoire est bonne (utile si on a un monstre de puissance et qu'on fait tourner plusieurs instances du jeu avec des confs différentes). Il est possible, si on utilise un mod, d'ajouter l'option +set fs_game nomdumod , sachant que le répertoire du mod doit être dans le répertoire de configuration (je ne comprend pas pourquoi, mais ça marche comme ça chez moi :/). Le fichier de config, et celui de log seront aussi dans ce répertoire :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="o">$</span><span class="n">cd</span><span class="w"> </span><span class="n">osp</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="o">/</span><span class="n">osp</span><span class="w"> </span><span class="o">$$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">92240</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">738</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="mi">1</span><span class="n">v1</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">20</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">680</span><span class="n">B</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">Docs</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="n">K</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">INSTALL</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">348</span><span class="n">K</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">jan</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">OSP</span><span class="w"> </span><span class="n">Config</span><span class="w"> </span><span class="n">Generator</span><span class="o">.</span><span class="n">exe</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">OSP</span><span class="w"> </span><span class="n">Match</span><span class="w"> </span><span class="n">Quick</span><span class="w"> </span><span class="n">Start</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">12</span><span class="n">K</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">README</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">27</span><span class="n">K</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">VoodooStats</span><span class="o">-</span><span class="n">ReadME</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">306</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">DefaultModeReference</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">136</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">GfxExample</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">272</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">maps</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">762</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">clanarena</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ctf</span><span class="o">-</span><span class="n">public</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">736</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ctf</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">30</span><span class="n">B</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">mar</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">description</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">738</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ffa</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">filters</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">885</span><span class="n">B</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">freezetag</span><span class="o">-</span><span class="n">vanilla</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">856</span><span class="n">B</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">freezetag</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">96</span><span class="n">K</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">15</span><span class="p">:</span><span class="mi">26</span><span class="w"> </span><span class="n">games</span><span class="o">.</span><span class="n">log</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">728</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">instagib</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">136</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">locs</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">10</span><span class="n">K</span><span class="w"> </span><span class="mi">11</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">16</span><span class="p">:</span><span class="mi">09</span><span class="w"> </span><span class="n">q3config</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">49</span><span class="n">B</span><span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">22</span><span class="p">:</span><span class="mi">01</span><span class="w"> </span><span class="n">q3history</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-------</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">167</span><span class="n">B</span><span class="w"> </span><span class="mi">11</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">16</span><span class="p">:</span><span class="mi">09</span><span class="w"> </span><span class="n">q3key</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="n">K</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2000</span><span class="w"> </span><span class="n">spectool</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">760</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">team</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">102</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">vm</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">476</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">voodoo</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">35</span><span class="n">M</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak0</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">31</span><span class="w"> </span><span class="n">jan</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak1</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">162</span><span class="n">K</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak2</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">158</span><span class="n">K</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak3</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">239</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">mar</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">server3a</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="o">$</span><span class="w"></span>
</code></pre></div>
<p>On note la présence d'un fichier ffa.cfg, d'un q3config.cfg, d'un games.log et de plein d'autres fichiers très intéressants à lire si on souhaite approfondir le sujet (connaissance de l'anglais obligatoire). Le fichier "OSP Config Generator.exe" permet, sous Windows, de générer des fichiers de configuration en mode graphique. Je ne l'ai pas testé sous wine.</p>
<p>Pour plus d'informations :</p>
<p><a href="http://planetquake.gamespy.com/View.php?view=Guides.Detail&id=47&game=4">Planet Quake sur Gamespy</a></p>
<p><a href="http://faq.tuxfamily.org/Game:OpenArena/Fr">FAQ TuxFamily sur OpenArena</a></p>
<p><a href="http://openarena.wikia.com/wiki/Servers">Wiki Open Arena</a></p>
<p><a href="http://www.sp1r1t.org/networks/q3_install/q3_linux_server_howto.php">Une autre doc très bien faite</a></p>
<p>GLHF !</p>Monter une partition via FTP en utilisant Fuse et curlftpfs2007-11-25T20:44:00+01:002007-11-25T20:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-11-25:/post/2007/11/25/Monter-une-partition-via-FTP-en-utilisant-Fuse-et-ftpfs/<p>manipulation sous CentOS 5 et Mandriva 2008</p>
<p>Je possède une freebox v5, avec un boitier HD contenant un disque dur de 40Go. Mais, lorsqu'on n'est pas un grand amateur de télévision, et surtout qu'on enregistre pas de programme via ce boitier, il est peu utile (pourquoi déplacer mes films sur …</p><p>manipulation sous CentOS 5 et Mandriva 2008</p>
<p>Je possède une freebox v5, avec un boitier HD contenant un disque dur de 40Go. Mais, lorsqu'on n'est pas un grand amateur de télévision, et surtout qu'on enregistre pas de programme via ce boitier, il est peu utile (pourquoi déplacer mes films sur le boitier HD puisque je peux les regarder en local?). Mais quand même, 40Go qui dorment, c'est rageant.</p>
<p>Alors m'est venue une idée "halakon" : et si je tentais d'accéder à ce disque comme à une partition de mon disque dur? L'idée semble séduisante, mais il y a un hic : le disque dur de la freebox n'est accessible qu'en ftp. Qu'à cela ne tienne, je prend mon moteur de recherches favori pour voir si des gens ont déjà tenté de monter un système de fichiers en ftp, comme on le ferait en NFS ou via Samba (SMB,CIFS). Et mon moteur de recherche favori (c'est long pour désigner G***, non?) me désigne une url chez <a href="http://www.coagul.org/article.php3?id_article=466">Coagul</a>, me présentant le projet <a href="http://fuse.sourceforge.net/">Fuse</a>, dont le but est :</p>
<blockquote>
<p>faciliter le développement de nouveaux programmes permettant de monter toutes sortes de systèmes de fichiers distants (ssh, ftp, webdav,...)</p>
</blockquote>
<p>On remarque donc qu'il existe un logiciel pour monter une partition via ftp : curlftps (je parie qu'il s'appuie sur le logiciel curl, semblable à wget ;) ). La documentation Coagul est très claire et pour les explications, je m'arrête là sinon ça serait moins bien (ou alors je plagie :p ). Mais... mais aptitude ça ne le fait pas trop pour ma CentOS ou ma Mandriva (le premier qui me dit installe). Voyons donc comment s'y prendre avec des rpms :)</p>
<p>Pour CentOS 5 : première chose à faire (si ce n'est pas déjà fait), ajouter à yum le dépôt <a href="http://rpmforge.net/user/faq/">RPMforge</a>, cela peut se faire simplement en installant <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm">ce RPM</a>, puis en tapant en tant que root la commande <code>yum update</code>. Une fois que c'est fait, il ne reste plus qu'à installer fuse et curlftpfs en tapant en tant que root "yum install curlftpfs" (fuse viendra avec en dépendance). Pour le reste, c'est tout pareil que chez Coagul : modprobe, curlftpfs ou même fstab.</p>
<p>Pour Mandriva : là aussi il faut ajouter un dépôt, celui des contributions. Si on n'est pas déjà passé par la case <a href="http://easyurpmi.zarb.org/?language=fr">Easy urpmi</a>, il en est encore temps ! une fois le dépôt contrib ajouté (pour les pressés, un petit <code>urpmi.addmedia contrib ftp://ftp.lip6.fr/pub/linux/distributions/Mandrakelinux/official/2008.0/i586/media/contrib/release with media_info/hdlist.cz</code> en tant que root sous Mandriva 2008 devrait faire l'affaire), on installe curlftpfs par la commande <code>urpmi curlftpfs</code>, fuse vient aussi en tant que dépendance. Idem que pour CentOS, modprobe et compagnie sont très bien expliqués chez Coagul.</p>
<p>Bon, après tout ça, et avoir monté son ftpfs sur sa freebox HD avec frénésie, on se rend compte que c'est pas une idée extra, ou alors que curlftpfs marche pas top : j'ai personnellement eu des soucis dès que j'ai voulu faire de l'écriture, genre effacer un fichier. Pour savoir si c'est le serveur ftp intégré qui est mal fait, j'ai monté un serveur ftp sur une de mes machines avec vsftpd. Et le résultat reste le même.</p>
<p>Moralité : c'est pas maintenant que je vais exploiter les 40Go de la freebox HD :(</p>
<p>PS : si les dépôts (médias) ne sont pas configurés sous Mandriva, se référer au <a href="http://wiki.mandriva.com/fr/Urpmi">wiki Mandriva</a>.</p>quelques modifications invisibles mais qui donnent satisfaction2007-10-29T23:22:00+01:002007-10-29T23:22:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-10-29:/post/2007/10/29/quelques-modifications-invisibles-mais-qui-donnent-satisfaction/<p>de quoi dire que mon blog respecte les standards...</p>
<p>Je me suis rendu compte, en postant mon billet sur Serj Tankian plus tôt dans la soirée, que les vidéos flash plus ou moins embarquées dans les pages web le sont avec un code non valide quant aux recommandations du <a href="http://www.w3.org/">W3C …</a></p><p>de quoi dire que mon blog respecte les standards...</p>
<p>Je me suis rendu compte, en postant mon billet sur Serj Tankian plus tôt dans la soirée, que les vidéos flash plus ou moins embarquées dans les pages web le sont avec un code non valide quant aux recommandations du <a href="http://www.w3.org/">W3C</a>. Une fois le code inutile enlevé, je me suis rendu compte qu'il restait une erreur. Cette erreur venait du fait que la manière suivante n'es pas correcte pour le validateur XHTML :</p>
<div class="highlight"><pre><span></span><code><html lang="fr">
</code></pre></div>
<p>Je jette un coup d'oeil dans le thème par défaut de Dotclear, et me rend compte qu'il s'agit en fait de :</p>
<div class="highlight"><pre><span></span><code><span class="x"><html lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">"></span>
</code></pre></div>
<p>Je suis donc la recommandation du W3C qui me propose de mettre :</p>
<div class="highlight"><pre><span></span><code><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
</code></pre></div>
<p>je met donc, pour pouvoir récupérer les valeurs correctement, je met ça :</p>
<div class="highlight"><pre><span></span><code><span class="x"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">" lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">"></span>
</code></pre></div>
<p>Maintenant, la question à 1 million : où fait-on ces modifications? Et bien, ça dépend. Il y a 2 cas de figure. Le premier, c'est si on utilise le thème par défaut ou que le thème utilisé ne possède pas de fichier home.html ni de post.html; dans ce cas, il faudra éditer ceux du thème par défaut. La ligne à modifier est la ligne 3 je crois.Le 2e cas de figure, c'est si le thème possède ces fichiers : on modifie alors les fichiers correspondant dans le répertoire du thème.</p>Chaînes de mail, canulars et autres hoax2007-10-29T20:56:00+01:002007-10-29T20:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-10-29:/post/2007/10/29/Chaines-de-mail-canulars-et-autres-hoax/<p>énervant.... vraiment.</p>
<p>En l'espace de 24 heures, j'ai reçu 3 mails chainés, en 2 versions différentes. Et là, trop c'est trop, j'en ai ma claque. Je sens que je vais devenir plus virulent dans mes réponses, et ne pas simplement citer <a href="http://www.hoaxbuster.com/hoaxliste/hoax.php?idArticle=56528">Hoax Buster</a> pour que les gens comprennent. Je sais …</p><p>énervant.... vraiment.</p>
<p>En l'espace de 24 heures, j'ai reçu 3 mails chainés, en 2 versions différentes. Et là, trop c'est trop, j'en ai ma claque. Je sens que je vais devenir plus virulent dans mes réponses, et ne pas simplement citer <a href="http://www.hoaxbuster.com/hoaxliste/hoax.php?idArticle=56528">Hoax Buster</a> pour que les gens comprennent. Je sais, ça joue sur la corde sensible, c'est souvent triste mais ça devient vraiment lourd.</p>
<p>En plus pour en rajouter une couche, je ne sais pas si c'est générationnel, mais l'orthographe des personnes qui m'envoient ça se détériore de plus en plus.</p>
<p>Bref, <strong>vérifiez !</strong> ça ne prend qu'un instant, c'est aussi simple que de cliquer sur "transmettre" : on entre les mots-clés qui vont bien, et on voit ce qui en sort. Bien souvent, les hoax du moment sont en première page, il n'y a parfois pas besoin de réfléchir plus.</p>Serj Tankian - Elect The Dead2007-10-29T20:56:00+01:002007-10-29T20:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-10-29:/post/2007/10/29/Serj-Tankian-Elect-The-Dead/<p>Album solo du chanteur de System of a DownIl m'arrive parfois d'allumer la télé... enfin, la freebox HD. Et de zapper sur une chaine musicale. Comme je paie chaque mois pour MTV2, je me suis dit que j'allais pas payer pour rien et matter cette chaine, enfin plutôt écouter. Et …</p><p>Album solo du chanteur de System of a DownIl m'arrive parfois d'allumer la télé... enfin, la freebox HD. Et de zapper sur une chaine musicale. Comme je paie chaque mois pour MTV2, je me suis dit que j'allais pas payer pour rien et matter cette chaine, enfin plutôt écouter. Et puis je suis tombé sur ça : </p>
<p><strong>Note de 2021: à cet emplacement se situait un encart utilisant la technologie Flash, vers le site "Myspace". Depuis, Flash n'existe plus et Myspace a beaucoup changé...</strong></p>
<p>Il s'agit du premier titre de l'album solo de <a href="http://fr.wikipedia.org/wiki/Serj_Tankian">Serj Tankian</a>, chanteur des <a href="http://fr.wikipedia.org/wiki/System_of_a_Down">System of a Down</a>. Je suis toujours fan du ton de sa voix, et de ses variations de vitesses. En plus, le son est plus rock que métal, et du coup, je trouve que c'est plus facile à écouter que SOAD. </p>
<p>L'album n'est pas disponible en France, mais on peut dores et déjà l'apprécier dans sa totalité sans l'acheter sur <a href="http://www.myspace.com/serjtankian">la page My Space de Serj Tankian</a>. Bonne écoute !</p>Visite de La Boudeuse2007-10-29T20:39:00+01:002007-10-29T20:39:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-10-29:/post/2007/10/29/Visite-de-La-Boudeuse/<p>Allez on change, pas d'informatique aujourd'hui :)</p>
<p>Je suis allé voir ce week-end <a href="http://www.la-boudeuse.org/">la Boudeuse</a>, un joli 3 mâts, qui ne paie pas de mine entre les ponts parisiens et la bibliothèque nationale de France, mais qui est impressionnant sur les photos.D'ailleurs, ce n'est qu'une fois arrivé devant qu'on se …</p><p>Allez on change, pas d'informatique aujourd'hui :)</p>
<p>Je suis allé voir ce week-end <a href="http://www.la-boudeuse.org/">la Boudeuse</a>, un joli 3 mâts, qui ne paie pas de mine entre les ponts parisiens et la bibliothèque nationale de France, mais qui est impressionnant sur les photos.D'ailleurs, ce n'est qu'une fois arrivé devant qu'on se rend compte de la hauteur des mâts, je me sentais vraiment tout petit à côté (bon d'accord, à la base je ne suis pas grand). Bref, n'hésitez pas à aller y faire tour, la contribution est volontaire et les personnes qui font la visites très sympas :)</p>Such a lonely day2007-09-16T02:25:00+02:002007-09-16T02:25:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-09-16:/post/2007/09/16/Such-a-lonely-day/<p>And it's mine</p>
<p>Voilà, c'est dimanche. Toujours du mal à m'endormir.Comme beaucoup de dimanches, je vais ressentir une certaine solitude. Et chaque dimanche devient<a href="http://www.radioblogclub.fr/open/142976/lonely_day/System%20of%20a%20Down%20-%20Lonely%20Day">the most loneliest day of my life</a></p>streaming sur son réseau local en quelques minutes2007-09-12T23:12:00+02:002007-09-12T23:12:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-09-12:/post/2007/09/12/streaming-sur-son-reseau-local-en-quelques-minutes/<p>genre, vouloir mater un film dans son lit, avec le film situé sur le disque dur de son ordinateur de bureau</p>
<p>Voici la situation : j'ai un laptop, avec un espace disque limité, et pas envie d'avoir un disque dur usb qui risque de trop chauffer sur le lit... (comment ça …</p><p>genre, vouloir mater un film dans son lit, avec le film situé sur le disque dur de son ordinateur de bureau</p>
<p>Voici la situation : j'ai un laptop, avec un espace disque limité, et pas envie d'avoir un disque dur usb qui risque de trop chauffer sur le lit... (comment ça je quitte jamais mon lit?)</p>
<p>La solution que j'ai utilisé pendant quelques temps était le partage réseau. Je lisais directement les vidéos depuis un partage SMB/CIFS. Parfois, il m'arrivait de copier le fichier directement le fichier sur mon disque local.</p>
<p>Je suis passé à une autre méthode : le streaming, ou plutôt en bon français la lecture en continu. Cela me permet d'éviter de monter un partage réseau, ou de copier le fichier sur mon disque local (donc je ne remplis pas mon disque inutilement). On peut faire cette manipulation très simplement avec <a href="http://www.videolan.org">VLC</a>. Histoire d'être vraiment efficace en minimisant les déplacements du lit vers le bureau, chargeons-nous de contrôler le stream depuis le laptop, idéalement via un clickodrome ou une interface web.</p>
<p>Pour cette manipulation, il nous faut :- un ordinateur fixe avec VLC d'installé (avec un maximum de codecs, sans oublier les pages HTML pour l'interface web); l'OS importe peu, mais dans cet exemple il fonctionne sous Mandriva Linux 2007.1- un ordinateur fixe, lui aussi avec VLC dessus. Encore une fois, l'OS importe peu, mais dans cet exemple il fonctionne sous Mac OS X 10.4.10- les ports 8080 et 8081 libres et ouverts sur l'ordinateur fixe- un réseau local qui fonctionne, par exemple : ethernet, wifi, pigeon voyageur (bon d'accord celui-là c'est pour déconner !)</p>
<p>Sur l'ordinateur de bureau, on se trouve un répertoire avec des vidéos dedans. Si vous n'avez pas de vidéo sur votre ordinateur, vous pouvez utiliser des fichiers audios. Si vous n'en avez pas non plus, sachez qu'il y a plein d'endroits où on en télécharge gratuitement et légalement (ce billet ne traite pas le problème du contenu \^\^ ). Ensuite, il suffit de lire la documentation disponible sur le <a href="http://wiki.videolan.org/Documentation:Streaming_HowTo/Easy_Streaming">wiki</a> de VLC, anglophone certes, mais en images. Il suffit donc de suivre les images et de lire un peu (ou de faire traduire par un outil sur le web). On en profitera pour le régler en streaming http sur le port 8080. Oui, mais... mais là c'est graphique, faut être sur l'ordinateur de bureau pour mettre sa playlist, et ça, c'est pas bien parce qu'il faut se lever. On remarque alors qu'on peut lancer VLC depuis la ligne de commande, et qu'il y a <a href="http://wiki.videolan.org/Documentation:Streaming_HowTo/Command_Line_Examples">plein d'exemples</a> ! Si j'essaie l'une d'entre elles pour streamer ma vidéo en http, cela donne ceci :</p>
<p><code>vlc -vvv Digital_Underground.tv_-_Episode_0005.avi --sout '#standard{access=http,mux=ogg,dst=nastymachine.anotherhomepage.loc:8080}'</code></p>
<p>On remarquera vite que "-vvv" rend le truc très bavard, le truc .avi c'est la vidéo, tandis que "--sout" permet de manipuler la sortie. On l'envoie donc via "access=http", le nom de la machine étant nastymachine.anotherhomepage.loc, et on stream tout ça sur le port 8080.</p>
<p>Si jamais on essaie ceci en ssh depuis le laptop (minimiser les déplacements !), on se rend vite compte d'un problème : ça foire, parce que VLC ne sait pas où s'afficher (Error: Unable to initialize gtk, is DISPLAY set properly?). A partir de là, soit on fait un export DISPLAY (perso, j'aime pas), soit on utilise l'interface web de VLC, qui est abordée dans <a href="http://www.videolan.org/doc/vlc-user-guide/fr/ch05.html">le guide utilisateur</a>.</p>
<p>Je relance donc ma vidéo dans mon ssh, de cette manière :</p>
<p><code>vlc -vvv Digital_Underground.tv_-_Episode_0005.avi --sout '#standard{access=http,mux=ogg,dst=nastymachine.anotherhomepage.loc:8080}' -I http --http-src /usr/share/vlc/http/ --http-host nastymachine.anotherhomepage.loc:8081</code></p>
<p>Ici, on rajoute le type d'interface (-I http), on indique où sont situées les pages HTML (le chemin est celui de ma Mandriva, il n'est sans doute pas le même sur d'autres distribs), et on spécifie le nom d'hôte et le port. Une fois ceci fait, on prend notre Firefox adoré pour se rendre sur http://nastymachine:8081 pour contrôler VLC. Les paranoïaques pourront toujours lancer l'interface en https (à eux de fournir clés et certificats), les amateurs de web 2.0 pourront trouver ou créer une nouvelle interface web, et la tester en spécifiant le chemin dans la commande.</p>
<p>Il est possible de transcoder la vidéo avant de la diffuser, le choix du format de diffusion est possible, et au lieu du http, on peut faire du rtp. Le wiki de VLC est très bien fait, une bonne documentation que je recommande.</p>
<p>Je tiens à préciser qu'il ne faut pas manger gras en regardant un film, je ne saurais être tenu pour responsable de prises de poids suite au manque d'exercice occasionné par les manipulations décrites ici. Pensez aussi à éteindre votre laptop et à le poser sur un endroit stable si vous sentez que vous vous endormez ;)</p>Dédé, part deux2007-08-26T19:48:00+02:002007-08-26T19:48:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-08-26:/post/2007/08/26/Dede-part-deux/<p>Après l'effacement, la copie.</p>
<p>Dans un précédent billet j'expliquais qu'il était possible d'utiliser dd pour écrire du vide ou des valeurs aléatoire sur un disque dur afin d'en effacer son contenu. Grâce à dd, il est aussi possible de cloner une partition ou un disque entier vers un autre. En …</p><p>Après l'effacement, la copie.</p>
<p>Dans un précédent billet j'expliquais qu'il était possible d'utiliser dd pour écrire du vide ou des valeurs aléatoire sur un disque dur afin d'en effacer son contenu. Grâce à dd, il est aussi possible de cloner une partition ou un disque entier vers un autre. En utilisant un live-cd, avec /dev/hda comme disque à cloner et /dev/hdb comme futur clone, la commande pour exécuter la copie est :</p>
<p><code>dd if=/dev/hda of=/dev/hdb</code></p>
<p>Bien sûr, aucun contrôle de copie n'est fait et même les espaces vides sont copiés. Donc si vous clonez un disque de 80 Go rempli à moitié, ce n'est pas 40 Go qui seront copiés mais bel et bien 80. A titre d'information, la copie d'un disque IDE de 80 Go a duré environ 2h50 (disque dur IDE, la machine est un pentium 3 1GHz avec un chipset i815e et 512Mo de mémoire vive pc133).</p>
<p>Il faut penser à s'assurer que le futur clone dispose d'assez d'espace disque pour ce genre de manoeuvre. On n'oublie pas non plus que les données du futur clone seront détruites. Tant qu'on y est dans les précautions, dd ne fait aucune vérification, donc il faut vérifier les données après coup, et les partitions doivent être démontées pour cette opération, de l'utilité d'avoir un live-cd ou un disque supplémentaire avec un système dessus. Pour ce qui est du live-cd, n'importe lequel peut convenir, du system rescue cd à Kaella en passant par Ubuntu ou Mandriva One.</p>
<p>Si le futur clone est plus grand, il est possible de créer une partition avec l'espace restant. Mais si on utilise LVM, il est possible de rajouter toute ou partie de cet espace à des partitions existantes. Ainsi, après clonage d'un disque de 80 Go sur un disque de 300 Go, j'ai pu agrandir la partition /home sans problème. Pour plus de détails concernant LVM, je recommande l'explication de <a href="http://lea-linux.org/cached/index/Leapro-pro_sys-lvm.html#">Léa-Linux</a>.</p>nettoyage par le vide2007-06-28T15:05:00+02:002007-06-28T15:05:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-28:/post/2007/06/28/nettoyage-par-le-vide/<p>plutôt nettoyage par l'aléatoire, mais au final il n'y a plus grand-chose de toute façon...</p>
<p>J'aime, lorsque je rend une ressource comme un disque dur, la rendre propre. On m'attribue une machine pour un travail, et si j'y pense, je formatte le disque avant de quitter ce travail. Jusqu'alors, pour …</p><p>plutôt nettoyage par l'aléatoire, mais au final il n'y a plus grand-chose de toute façon...</p>
<p>J'aime, lorsque je rend une ressource comme un disque dur, la rendre propre. On m'attribue une machine pour un travail, et si j'y pense, je formatte le disque avant de quitter ce travail. Jusqu'alors, pour faire un formattage bas-niveau, j'utilisais loformat, une application DOS qui fait des écritures/réécritures successives de 0 et de 1, en vérifiant ce qu'elle a écrit pour faire un formattage bas-niveau. En fait, le besoin est surtout d'empêcher de retrouver les fichiers et leur contenu (au hasard comme ça le fichier /etc/shadow \^\^).</p>
<p>Sous Linux, il y a deux moyens :le premier, utiliser dd. Ca donne quelque chose comme ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">dd</span> <span class="k">if</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">zero</span> <span class="nv">of</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">hda</span>
</code></pre></div>
<p>Plus d'infos à <a href="http://linuxgazette.net/issue37/tag/38.html">cette adresse</a>.</p>
<p>L'avantage c'est que c'est un outil dispo sur n'importe quel Linux. L'inconvénient c'est que ça n'écrit que des 0 sur le disque, et ça ne vérifie pas... il se peut qu'il reste quelque chose. On voit clairement que ce n'est pas fait pour faire le ménage.</p>
<p>L'autre moyen, c'est shred. Shred permet de réécrire le contenu d'un fichier avec des données aléatoires. Shred peut ensuite réécrire le fichier avec uniquement des 0, ou réécrire autant de fois qu'on le désire. Exemple :</p>
<div class="highlight"><pre><span></span><code>shred -z -n 40 -v /dev/hda
</code></pre></div>
<p>Dans cette exemple, j'ajoute une écriture avec que des 0 (-z), je vais faire avant 40 écritures aléatoires (-n 40, la valeur par défaut est 25), je le fais de manière verbeuse (-v) sur le fichier /dev/hda (sous Unix, tout est fichier ;) je peux donc aussi faire un shred sur /home/nils/unfilm.avi en effaçant ensuite le fichier via l'option -u).</p>
<p>Niveau avantages, comme dd, c'est dispo sur n'importe quel système Linux (shred fait partie du paquet core-utils !), c'est fait pour faire le ménage, les options le montrent bien. Ce qui est dommage, par contre c'est qu'il ne semble pas vérifier ce qu'il écrit (donc c'est vraiment que pour faire le vide, pour faire de la vérification de disque on réutilisera loformat ou les outils constructeurs comme SeaTool ou Maxblast). Autres inconvénients inhérent à tous les outils du genre, ça prend 100% du CPU et c'est un peu lent.</p>
<p>J'allais oublier : bien entendu lorsqu'on fait cela sur un disque entier, on pense à ne pas utiliser les données de ce disque, dont l'OS qui pourrait être dessus. N'importe quel live-cd pourra donc convenir, personnellement j'utilise le <a href="http://www.sysresccd.org/Page_Principale">system rescue CD</a>.</p>10.4.102007-06-21T12:20:00+02:002007-06-21T12:20:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-21:/post/2007/06/21/10410/<p>Toujours deux redémarrages...</p>
<div class="highlight"><pre><span></span><code><span class="n">thenastyboy</span><span class="nv">@NastyBook</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">uname</span><span class="w"> </span><span class="o">-</span><span class="n">aDarwin</span><span class="w"> </span><span class="n">ibook</span><span class="p">.</span><span class="n">centile</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="mf">8.10.0</span><span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">Kernel</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="mf">8.10.0</span><span class="err">:</span><span class="w"> </span><span class="n">Wed</span><span class="w"> </span><span class="n">May</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="mi">16</span><span class="err">:</span><span class="mi">50</span><span class="err">:</span><span class="mi">59</span><span class="w"> </span><span class="n">PDT</span><span class="w"> </span><span class="mi">2007</span><span class="p">;</span><span class="w"> </span><span class="nl">root</span><span class="p">:</span><span class="n">xnu</span><span class="o">-</span><span class="mf">792.21.3</span><span class="err">\</span><span class="o">~</span><span class="mi">1</span><span class="o">/</span><span class="k">RELEASE</span><span class="err">\</span><span class="n">_PPC</span><span class="w"> </span><span class="nf">Power</span><span class="w"> </span><span class="n">Macintosh</span><span class="w"> </span><span class="n">powerpc</span><span class="w"></span>
</code></pre></div>
<p>Il parait que les machines seraient un peu plus réactives... pour le …</p><p>Toujours deux redémarrages...</p>
<div class="highlight"><pre><span></span><code><span class="n">thenastyboy</span><span class="nv">@NastyBook</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">uname</span><span class="w"> </span><span class="o">-</span><span class="n">aDarwin</span><span class="w"> </span><span class="n">ibook</span><span class="p">.</span><span class="n">centile</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="mf">8.10.0</span><span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">Kernel</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="mf">8.10.0</span><span class="err">:</span><span class="w"> </span><span class="n">Wed</span><span class="w"> </span><span class="n">May</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="mi">16</span><span class="err">:</span><span class="mi">50</span><span class="err">:</span><span class="mi">59</span><span class="w"> </span><span class="n">PDT</span><span class="w"> </span><span class="mi">2007</span><span class="p">;</span><span class="w"> </span><span class="nl">root</span><span class="p">:</span><span class="n">xnu</span><span class="o">-</span><span class="mf">792.21.3</span><span class="err">\</span><span class="o">~</span><span class="mi">1</span><span class="o">/</span><span class="k">RELEASE</span><span class="err">\</span><span class="n">_PPC</span><span class="w"> </span><span class="nf">Power</span><span class="w"> </span><span class="n">Macintosh</span><span class="w"> </span><span class="n">powerpc</span><span class="w"></span>
</code></pre></div>
<p>Il parait que les machines seraient un peu plus réactives... pour le moment RAS.</p>Une petite image drôle pour la route2007-06-19T23:53:00+02:002007-06-19T23:53:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-19:/post/2007/06/19/Une-petite-image-drole-pour-la-route/<p>sur les joueuses...</p>
<p>Mesdemoiselles, ne le prenez pas mal, <a href="http://www.flickr.com/photo_zoom.gne?id=540300594&context=photostream&size=o">c'est de la faute du photographe</a> ;-)</p>
<p>(Edit 01/04/2008 : la photo ne passe pas donc je l'ai laissée en lien, suffit de cliquer sur le texte souligné ;-) )</p>
<h2>Commentaires</h2>
<h3>Le 31/03/2008 12:12 par melissa</h3>
<p>il y a pas …</p><p>sur les joueuses...</p>
<p>Mesdemoiselles, ne le prenez pas mal, <a href="http://www.flickr.com/photo_zoom.gne?id=540300594&context=photostream&size=o">c'est de la faute du photographe</a> ;-)</p>
<p>(Edit 01/04/2008 : la photo ne passe pas donc je l'ai laissée en lien, suffit de cliquer sur le texte souligné ;-) )</p>
<h2>Commentaires</h2>
<h3>Le 31/03/2008 12:12 par melissa</h3>
<p>il y a pas dimage</p>Free dégroupé avec un Speedtouch 510v42007-06-15T19:20:00+02:002007-06-15T19:20:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-15:/post/2007/06/15/Free-degroupe-avec-un-Speedtouch-510v4/<p>et en prime, le téléphone !</p>
<p>Je vais résilier mon abonnement Free, mais j'aimerais en profiter au moins un peu jusqu'au bout. J'ai donc ressorti du placard ce bon vieux Thomson Speedtouch 510v4. Mais pour le dégroupage total, c'est un peu sioux, donc voici quelques liens pour configurer son speedtouch et …</p><p>et en prime, le téléphone !</p>
<p>Je vais résilier mon abonnement Free, mais j'aimerais en profiter au moins un peu jusqu'au bout. J'ai donc ressorti du placard ce bon vieux Thomson Speedtouch 510v4. Mais pour le dégroupage total, c'est un peu sioux, donc voici quelques liens pour configurer son speedtouch et continuer de bénéficier de la téléphonie.</p>
<p>Tout d'abord, le speedtouch. Dans mon cas il est équipé du firmware dans sa version 4.2.3.0. Je suis allé sur <a href="http://perso.orange.fr/michel-m/speedtouch.htm">ce site</a>, récupérer les profils (archive zip en haut de la page). J'ai ajouté le profil IPoA en allant dans la webadmin, mode "Advanced", puis "Templates" sur le menu de gauche et uploadé le fichier ipoa.tpl.</p>
<p>Ensuite, il faut configurer la connexion elle-même. Mais l'assistant ne voit pas le profil IPoA, il faut donc uploader dans le modem un fichier de paramètres tout prêt. Plutôt que de se casser la tête en lisant la doc Thomson, on ira sur <a href="http://perso.efrei.fr/~ansari/special/st510v4_free_degroup.php">cette page</a> en entrant son adresse ip free, on obtient un fichier .ini, qu'on uploadera dans le modem via la webadmin, mode "Advanced", puis "System".</p>
<p>Une fois qu'on a le net, on se dit qu'on aimerait bien continuer à profiter de la téléphonie. 2 solutions, on téléphone avec un ordinateur ou sans ordinateur. Pour le premier cas, on installe le logiciel "X-Lite" et on le configure grâce à ce <a href="http://www.freenews.fr/nat/3393-telephonie-tutorial-x-lite-et-freephonie.html">tutoriel</a>. J'ai plutôt choisi la deuxième solution, j'ai emprunté un Linksys PAP2 (50 euros fdp in sur le net, moins cher sur Ebay, mais il vient de Hong-Kong et n'a pas de prise de courant française), et je l'ai configuré via <a href="http://www.freephonie.org/doku/tutoriel:linksys_pap2_t">ce tutoriel</a>.</p>
<p>Je devrais pouvoir tenir 2 semaines sans la freebox :) Merci aux rédacteurs de ces tutos et autres configurateurs, c'est bien pratique !</p>
<p>Edit : bon en fait ça marche à moitié, je peux appeler mais on peut pas m'appeler... pourtant j'ai redirigé les ports SIP, bizarre...</p>
<h2>Commentaires</h2>
<h3>Le 10/04/2009 09:47 par Rackam</h3>
<p>Bonjour,
Ce topic est un peu vieux (un peu !!!) mais m'intéresse bien, surtout le moyen de se faire un fichier .ini sur cette page:
http://perso.efrei.fr/~ansari/special/st510v4_free_degroup.php
qui malheureusement n'existe plus.
Y a t-il moyen de me faire parvenir un fichier .ini pour free dégroupé, que je puisse m'en inspirer pour mon SpeedTouch ?
Merci d'avance !</p>Les caractères accentués dans le terminal OS X2007-06-14T10:17:00+02:002007-06-14T10:17:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-14:/post/2007/06/14/Les-caracteres-accentues-dans-le-terminal-OS-X/<p>RTFM quoi...</p>
<p>Lire la deuxième question de cette <a href="http://iterm.sourceforge.net/faq.shtml">FAQ</a>. Ca s'applique aussi bien à Terminal.app qu'à iTerm.</p>
<p>Comme quoi des fois, la réponse est juste sous mon nez. A noter que si le fichier .inputrc n'existe pas, il suffit de le créer.</p>un n00b2007-05-31T11:05:00+02:002007-05-31T11:05:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-31:/post/2007/05/31/un-n00b/<p>sur IRC</p>
<p><n00b> TheNastyBoy, j'ai l'écran et clavier qui répondent plus mais la souris qui bouge mais le clic est inefficace
<n00b> comme freeze
<TheNastyBoy> rm -rf /<em>
<n00b> TheNastyBoy, pas d'accord
<TheNastyBoy> :D
<n00b> et ctrl alt back :impossible le clavier répond pas
<n00b> TheNastyBoy, tu m'as bien formé :D
<TheNastyBoy> ça fait un peu lèche-b</em>** là...
<n00b> non …</n00b></thenastyboy></n00b></n00b></p><p>sur IRC</p>
<p><n00b> TheNastyBoy, j'ai l'écran et clavier qui répondent plus mais la souris qui bouge mais le clic est inefficace
<n00b> comme freeze
<TheNastyBoy> rm -rf /<em>
<n00b> TheNastyBoy, pas d'accord
<TheNastyBoy> :D
<n00b> et ctrl alt back :impossible le clavier répond pas
<n00b> TheNastyBoy, tu m'as bien formé :D
<TheNastyBoy> ça fait un peu lèche-b</em>** là...
<n00b> non pas du tout :sifflotte:
<TheNastyBoy> c'est bon tu peux passer à la droite
<n00b> à la droite de quoi?</p>
<p>:-D</p>Beryl, bi-écran et Nvidia part 32007-05-30T10:18:00+02:002007-05-30T10:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-30:/post/2007/05/30/Beryl-bi-ecran-et-Nvidia-part-3/<p>Changement de carte graphique</p>
<p>J'ai changé de carte graphique, je suis passé d'une Geforce FX5700VE à une Geforce 6800. On pourrait penser que ça ne change rien, mais en fait j'ai eu un changement d'importance : l'écran sur le port VGA (D-SUB) n'est plus vu en CRT-0 mais en CRT-1. C'est …</p><p>Changement de carte graphique</p>
<p>J'ai changé de carte graphique, je suis passé d'une Geforce FX5700VE à une Geforce 6800. On pourrait penser que ça ne change rien, mais en fait j'ai eu un changement d'importance : l'écran sur le port VGA (D-SUB) n'est plus vu en CRT-0 mais en CRT-1. C'est gênant parce que si j'applique le fichier de conf de la partie précédente de cette série de billets, Xorg plante lamentablement en se plaignant que ma conf n'est pas applicable à mon matériel (faudra que je remette la config "cassée" pour donner le message d'erreur exact).</p>
<p>Je ne sais pas si c'est valable pour toutes les cartes depuis la série 6, mais au cas où, le mieux à faire est en général de vérifier les ports grâce à l'outil nvidia-settings. C'est grâce à ça que j'ai vu que mon moniteur cathodique était répertorié en CRT-1.</p>Découverte du train-train parisien2007-05-29T10:51:00+02:002007-05-29T10:51:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-29:/post/2007/05/29/Decouverte-du-train-train-parisien/<p>Choose your future. Choose life.</p>
<p>Arriver à l'heure dimanche à Paris Gare de Lyon. Mettre son blouson, parce que mine de rien, le temps est moche. Poireauter un bon moment, <a href="http://www.pcinpact.com/forum/index.php?showtopic=109635&st=0&p=1858498&#entry1858498">récupérer une carte graphique d'occaze</a>, puis s'engouffrer dans le métro. Acheter un carnet de 10 pour aller à Télégraphe, en …</p><p>Choose your future. Choose life.</p>
<p>Arriver à l'heure dimanche à Paris Gare de Lyon. Mettre son blouson, parce que mine de rien, le temps est moche. Poireauter un bon moment, <a href="http://www.pcinpact.com/forum/index.php?showtopic=109635&st=0&p=1858498&#entry1858498">récupérer une carte graphique d'occaze</a>, puis s'engouffrer dans le métro. Acheter un carnet de 10 pour aller à Télégraphe, en se disant que ça resservira plus tard.</p>
<p>Partir lundi matin de télégraphe avec ses tickets de métro dans les poches. Voir les mines renfrognées des gens. Descendre à Chatelet. Se perdre quelques minutes avant de trouver le quai pour aller à Noisiel. Voir les mines toujours renfrognées des gens, se concentrer sur <a href="http://www.taberlos.net/forum/viewtopic.php?t=628">la musique qu'on a dans les oreilles</a> et sur les loupiottes indiquant les stations du parcours. Ouf, on est dans le bon sens.</p>
<p>Descendre à Noisiel, se rendre compte que la borne rejette le ticket pour sortir. Au bout d'un moment, passer par la porte qui vient de s'ouvrir. Faire le tour de la station de métro et revenir demander où est l'avenue Pierre Mendès France à la jolie demoiselle au guichet. Retrouver son chemin pour finalement se rendre à l'heure à la visite médicale.</p>
<p>Repartir en achetant un ticket 4 fois plus cher que la veille, comprendre en mangeant le midi l'histoire des zones tarifaires. Bein j'espère que Monsieur RATP, lorsqu'il me fera la carte de transport, mettra les zones 1 à 7 :-)</p>
<p>Choisissez votre employeur, choisissez le service public.</p>Rémingway - Les Aléas Du Direct2007-05-23T20:09:00+02:002007-05-23T20:09:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-23:/post/2007/05/23/Remingway-Les-Aleas-Du-Direct/<p>Nouveau diskkk :-)</p>
<p>Ca y est ! J'avais demandé à <a href="http://www.photofanch.com/">Fanch</a> de m'envoyer le CD, contre bien entendu l'avance du prix du CD et des frais de port. J'ai donc la galette avec moi, troisième disque du groupe Rémingway, les "nouveaux" titres passent déjà en boucle sur l'ordinateur portable, le CD n'ayant …</p><p>Nouveau diskkk :-)</p>
<p>Ca y est ! J'avais demandé à <a href="http://www.photofanch.com/">Fanch</a> de m'envoyer le CD, contre bien entendu l'avance du prix du CD et des frais de port. J'ai donc la galette avec moi, troisième disque du groupe Rémingway, les "nouveaux" titres passent déjà en boucle sur l'ordinateur portable, le CD n'ayant fait que deux tours dans la machine : un tour d'écoute, et un tour de rip :-).</p>
<p>Je n'en dévoilerai pas plus sur le contenu, qui, malgré les (seulement) six titres, est en fait plutôt bien rempli. Pour en savoir plus, direction <a href="http://www.taberlos.net/forum/viewtopic.php?t=628&start=0&postdays=0&postorder=asc&highlight=">le forum RWY</a> !</p>La matrice Mac2007-05-23T10:04:00+02:002007-05-23T10:04:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-23:/post/2007/05/23/La-matrice-Mac/<p>de la place pour un de plus? Ma réponse</p>
<p>Je viens de lire <a href="http://forums.mactalk.com.au/showthread.php?p=297904">cet article</a>, trouvé via <a href="http://digg.com/apple/The_Mac_Matrix_Space_for_one_more">Digg.com</a>, le célèbre site d'actualités. Autant d'un côté je suis d'accord sur le fait qu'Apple n'exploite pas totalement la gamme Intel, je trouve dommage que les processeurs Core 2 Duo ne soient …</p><p>de la place pour un de plus? Ma réponse</p>
<p>Je viens de lire <a href="http://forums.mactalk.com.au/showthread.php?p=297904">cet article</a>, trouvé via <a href="http://digg.com/apple/The_Mac_Matrix_Space_for_one_more">Digg.com</a>, le célèbre site d'actualités. Autant d'un côté je suis d'accord sur le fait qu'Apple n'exploite pas totalement la gamme Intel, je trouve dommage que les processeurs Core 2 Duo ne soient pas utilisés dans une solution de bureau Apple, surtout que cela ne serait pas gênant au niveau de la maintenance matérielle : Apple a bien gardé plusieurs années une gamme fixe/serveur en G5 et portable en G4.</p>
<p>Autant d'un autre, je crois que les gens sur ce forum ont oublié <a href="http://fr.wikipedia.org/wiki/Power_Mac_G4_Cube">le cube</a>, et son manque de succès, malgré une machine plutôt réussie techniquement semble-t-il. Aujourd'hui, on peut avoir un PC décent pour quoi, moins de 1000 euros sans écran? Et quand je dis décent, je crois que je suis en-dessous de la vérité. Le gars nous imagine une machine à près de 1800 dollars sans écran. Vu le prix du Macbook Pro en ce moment (prix plancher : 2000 euros), j'espère que la machine de base se rapprocherait de la barre des 1000 euros, surtout que le gars sur le forum n'envisage pas de clavier ni de souris, il faudrait les acheter séparément.</p>
<p>Bon, je vais quand même nuancer mes propos : Apple sur le bureau, pour moi, non merci. Que le portable soit galère à faire évoluer, ça ne me dérange pas trop, autant l'ordinateur de bureau, là non. Ces dernières années, j'ai changé : mémoire vive, carte mère, boitier, ventilateur CPU, carte vidéo, disque dur, lecteur optique. Il n'y a que le processeur que je n'ai pas changé depuis 3 ans. Je ne pourrais jamais faire ça avec une machine de bureau Apple, à plus forte raison si cette machine est plus chère.</p>
<p>Je crois que pour satisfaire les client désireux d'une machine de bureau un peu puissante sans être un monstre comme le Mac Pro (l'auteur du sujet est du même avis que moi sur ce point), je crois que ce "Mac" n'a pas besoin tout de suite d'exister : un bel effort serait la possibilité d'avoir une vraie carte graphique dans le Mac mini (et dans le Macbook au passage), pas forcément haut de gamme, mais une Geforce 7300 ou 7200 un peu bridée (avec la place qu'il y a, on va pas trop en demander) ou équivalent ATI ne serait pas de refus.</p>filtre chaud courrier2007-05-21T23:32:00+02:002007-05-21T23:32:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-21:/post/2007/05/21/filtre-chaud-courrier/<p>heureusement que je n'utilise plus de compte chez eux pour ma messagerie instantanée :-)</p>
<p>Un ami à moi voulait faire un site. Quand j'ai vu l'horreur qu'il obtenait avec la moulinette de l'hébergeur, je lui ai proposé mon aide. D'abord, je lui ai montré que <a href="http://dev.dotclear.net/2.0/">Dotclear 2</a> c'est de la balle …</p><p>heureusement que je n'utilise plus de compte chez eux pour ma messagerie instantanée :-)</p>
<p>Un ami à moi voulait faire un site. Quand j'ai vu l'horreur qu'il obtenait avec la moulinette de l'hébergeur, je lui ai proposé mon aide. D'abord, je lui ai montré que <a href="http://dev.dotclear.net/2.0/">Dotclear 2</a> c'est de la balle atomique, même si on en est à la beta 6. Et puis je lui ai proposé qu'il prenne son nom de domaine, parce qu'un sous domaine chez moi c'est pas très funky avec ce qu'il veut faire. On est allé du côté de <a href="http://eu.org/fr/">EU.org</a> parce que mon ami est fauché comme pas possible. Seulement, dans le mail de contact on a mis son adresse de messagerie instantanée de chez <a href="http://www.hotmail.com">"chaud courrier"</a>. Et comme le courriel de confirmation n'est jamais arrivé, j'en déduis qu'ils ont vraiment filtré comme des dingues chez Mike Rosoft. Heureusement, l'ami en question a un FAI qui a la gentillesse de lui créer une autre adresse de courriel. Ouf ! :-)</p>
<p>Maintenant qu'il y a un super filtre de malade chez ces gens, un utilisateur de leurs services peut-il me dire s'il reçoit des courriels tout court? :-D</p>Status de quelques modifs2007-05-21T23:21:00+02:002007-05-21T23:21:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-21:/post/2007/05/21/Status-de-quelques-modifs/<p>non-geeks s'abstenir</p>
<p>Bon alors pour info, <a href="http://www.qmailrocks.org/">ce truc</a> commençait à me courir sur le haricot, et j'ai bavé en lisant <a href="http://www.free-4ever.net/index.php/Mail:Configuration_postfix_backend_ldap">ceci</a>, fait par mon sysadmin. J'ai passé des heures et des heures pour réussir <a href="http://www.free-4ever.net/index.php/Openldap:configuration_slapd_standard">la base centrale de tout le toutim</a>, et maintenant, ce sont <a href="http://www.free-4ever.net/index.php/Mail:Configuration_postfix_backend_ldap">encore lui</a>, ainsi que <a href="http://www.free-4ever.net/index.php/Mail:Configuration_courier_imapd_backend_ldap">ce …</a></p><p>non-geeks s'abstenir</p>
<p>Bon alors pour info, <a href="http://www.qmailrocks.org/">ce truc</a> commençait à me courir sur le haricot, et j'ai bavé en lisant <a href="http://www.free-4ever.net/index.php/Mail:Configuration_postfix_backend_ldap">ceci</a>, fait par mon sysadmin. J'ai passé des heures et des heures pour réussir <a href="http://www.free-4ever.net/index.php/Openldap:configuration_slapd_standard">la base centrale de tout le toutim</a>, et maintenant, ce sont <a href="http://www.free-4ever.net/index.php/Mail:Configuration_postfix_backend_ldap">encore lui</a>, ainsi que <a href="http://www.free-4ever.net/index.php/Mail:Configuration_courier_imapd_backend_ldap">ce bazar</a>, et <a href="http://www.free-4ever.net/index.php/Mail:Configuration_postfix_smtp_auth">celui-ci sans doute</a> qui commencent à me les hâcher menu...</p>
<p>Si vous ne vous intéressez pas aux serveurs de mails, ne cliquez surtout pas sur les liens.</p>Beryl, bi-écran et Nvidia part 22007-05-21T23:09:00+02:002007-05-21T23:09:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-21:/post/2007/05/21/Beryl-bi-ecran-et-Nvidia-part-2/<p>Le fichier pour Mandriva 2007 Spring</p>
<p>Dans un billet précédent j'indiquais mon fichier de configuration xorg.conf pour profiter du bi-écran, de l'accélération 3D matérielle et de Beryl avec ma carte vidéo Nvidia et Mandriva 2007. La 2007.1 Spring ayant fait quelques modifications entre autres dans les chemins des …</p><p>Le fichier pour Mandriva 2007 Spring</p>
<p>Dans un billet précédent j'indiquais mon fichier de configuration xorg.conf pour profiter du bi-écran, de l'accélération 3D matérielle et de Beryl avec ma carte vidéo Nvidia et Mandriva 2007. La 2007.1 Spring ayant fait quelques modifications entre autres dans les chemins des pilotes, le fichier n'est plus trop à jour, voici donc celui que j'ai refait pour 2007.1 Spring :</p>
<div class="highlight"><pre><span></span><code><span class="nv">Section</span> <span class="s2">"Files"</span>
<span class="nv">ModulePath</span> <span class="s2">"/usr/lib/xorg/modules/extensions/nvidia97xx"</span>
<span class="nv">ModulePath</span> <span class="s2">"/usr/lib/xorg/modules"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">font</span> <span class="s s-Atom">server</span> <span class="s s-Atom">independent</span> <span class="s s-Atom">of</span> <span class="s s-Atom">the</span> <span class="nv">X</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">render</span> <span class="s s-Atom">fonts</span><span class="p">.</span>
<span class="nv">FontPath</span> <span class="s2">"unix/:-1"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">minimal</span> <span class="s s-Atom">fonts</span> <span class="s s-Atom">to</span> <span class="s s-Atom">allow</span> <span class="nv">X</span> <span class="s s-Atom">to</span> <span class="s s-Atom">run</span> <span class="s s-Atom">without</span> <span class="s s-Atom">xfs</span>
<span class="nv">FontPath</span> <span class="s2">"/usr/share/fonts/misc:unscaled"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Extensions"</span>
<span class="nv">Option</span> <span class="s2">"Composite"</span>
<span class="nv">Option</span> <span class="s2">"RENDER"</span> <span class="s2">"Enable"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerFlags"</span>
<span class="s s-Atom">#</span><span class="nv">DontZap</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">BS</span><span class="o">></span> <span class="p">(</span><span class="s s-Atom">server</span> <span class="s s-Atom">abort</span><span class="p">)</span>
<span class="nv">AllowMouseOpenFail</span> <span class="s s-Atom">#</span> <span class="s s-Atom">allows</span> <span class="s s-Atom">the</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">start</span> <span class="s s-Atom">up</span> <span class="s s-Atom">even</span> <span class="s s-Atom">if</span> <span class="s s-Atom">the</span> <span class="s s-Atom">mouse</span> <span class="s s-Atom">does</span> <span class="o">not</span> <span class="s s-Atom">work</span>
<span class="s s-Atom">#</span><span class="nv">DontZoom</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">KP_</span><span class="s s-Atom">+>/<</span><span class="nv">KP_</span><span class="s s-Atom">-></span> <span class="p">(</span><span class="s s-Atom">resolution</span> <span class="s s-Atom">switching</span><span class="p">)</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Module"</span>
<span class="nv">Load</span> <span class="s2">"dbe"</span> <span class="s s-Atom">#</span> <span class="nv">Double</span><span class="o">-</span><span class="nv">Buffering</span> <span class="nv">Extension</span>
<span class="nv">Load</span> <span class="s2">"v4l"</span> <span class="s s-Atom">#</span> <span class="nv">Video</span> <span class="s s-Atom">for</span> <span class="nv">Linux</span>
<span class="nv">Load</span> <span class="s2">"extmod"</span>
<span class="nv">Load</span> <span class="s2">"type1"</span>
<span class="nv">Load</span> <span class="s2">"freetype"</span>
<span class="nv">Load</span> <span class="s2">"glx"</span> <span class="s s-Atom">#</span> <span class="mi">3</span><span class="nv">D</span> <span class="s s-Atom">layer</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Keyboard1"</span>
<span class="nv">Driver</span> <span class="s2">"kbd"</span>
<span class="nv">Option</span> <span class="s2">"XkbModel"</span> <span class="s2">"microsoftmult"</span>
<span class="nv">Option</span> <span class="s2">"XkbLayout"</span> <span class="s2">"fr"</span>
<span class="nv">Option</span> <span class="s2">"XkbOptions"</span> <span class="s2">"compose:rwin"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Mouse1"</span>
<span class="nv">Driver</span> <span class="s2">"mouse"</span>
<span class="nv">Option</span> <span class="s2">"Protocol"</span> <span class="s2">"ExplorerPS/2"</span>
<span class="nv">Option</span> <span class="s2">"Device"</span> <span class="s2">"/dev/mouse"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Monitor"</span>
<span class="nv">Identifier</span> <span class="s2">"monitor1"</span>
<span class="nv">VendorName</span> <span class="s2">"BenQ"</span>
<span class="nv">ModelName</span> <span class="s2">"BenQ FP71E"</span>
<span class="nv">HorizSync</span> <span class="mi">31</span><span class="o">-</span><span class="mf">83.0</span>
<span class="nv">VertRefresh</span> <span class="mf">56.0</span><span class="o">-</span><span class="mf">76.0</span>
<span class="s s-Atom">#</span> <span class="nv">TV</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">mode</span> <span class="s s-Atom">or</span> <span class="nv">DVD</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">output</span><span class="p">.</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">79</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mi">50</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">50.00</span> <span class="mi">768</span> <span class="mi">832</span> <span class="mi">846</span> <span class="mi">1000</span> <span class="mi">576</span> <span class="mi">590</span> <span class="mi">595</span> <span class="mi">630</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">100</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mf">61.6</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">63.07</span> <span class="mi">768</span> <span class="mi">800</span> <span class="mi">960</span> <span class="mi">1024</span> <span class="mi">576</span> <span class="mi">578</span> <span class="mi">590</span> <span class="mi">616</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Device"</span>
<span class="nv">Identifier</span> <span class="s2">"device1"</span>
<span class="nv">VendorName</span> <span class="s2">"nVidia Corporation"</span>
<span class="nv">BoardName</span> <span class="s2">"NVIDIA GeForce FX - GeForce 7950"</span>
<span class="nv">Driver</span> <span class="s2">"nvidia"</span>
<span class="nv">Option</span> <span class="s2">"DPMS"</span>
<span class="nv">Option</span> <span class="s2">"AddARGBGLXVisuals"</span>
<span class="nv">Option</span> <span class="s2">"RenderAccel"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"DisableGLXRootClipping"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"BackStoring"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"Metamodes"</span> <span class="s2">"DFP-0: 1280x1024 +0+0, CRT-0: 1280x1024 +1280+0 ; 1024x768 +0+0, 1024x768 +1024+0 ; 800x600 +0+0, 800x600 +800+0 ; 640x480 +0+0, 640x480 +640+0 ;"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorVertRefresh"</span> <span class="s2">"50-120"</span>
<span class="nv">Option</span> <span class="s2">"ConnectedMonitor"</span> <span class="s2">"DFP-0, CRT-0"</span>
<span class="nv">Option</span> <span class="s2">"TwinViewOrientation"</span> <span class="s2">"CRT-0 RightOf DFP-0"</span>
<span class="nv">Option</span> <span class="s2">"Twinview"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorHorizSync"</span> <span class="s2">"30-70"</span>
<span class="nv">Option</span> <span class="s2">"IgnoreEDID"</span> <span class="s2">"0"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Screen"</span>
<span class="nv">Identifier</span> <span class="s2">"screen1"</span>
<span class="nv">Device</span> <span class="s2">"device1"</span>
<span class="nv">Monitor</span> <span class="s2">"monitor1"</span>
<span class="nv">DefaultColorDepth</span> <span class="mi">24</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">8</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">15</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">16</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">24</span>
<span class="s s-Atom">#</span><span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">Virtual</span> <span class="mi">2560</span> <span class="mi">1024</span>
<span class="nv">EndSubsection</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerLayout"</span>
<span class="nv">Identifier</span> <span class="s2">"layout1"</span>
<span class="nv">InputDevice</span> <span class="s2">"Keyboard1"</span> <span class="s2">"CoreKeyboard"</span>
<span class="nv">InputDevice</span> <span class="s2">"Mouse1"</span> <span class="s2">"CorePointer"</span>
<span class="nv">Screen</span> <span class="s2">"screen1"</span>
<span class="nv">EndSection</span>
</code></pre></div>
<p>Comme je suis une grosse feignasse, je n'ai pas remis les commentaires. Allez voir dans le billet précédent :)</p>Mise à jour2007-04-18T15:37:00+02:002007-04-18T15:37:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-04-18:/post/2007/04/18/Mise-a-jour/<p>C'est le printemps, on en profite :)</p>
<p>Enfin !</p>
<p>Depuis le temps que je bavais devant <a href="http://doc.dotclear.net/2.0">Dotclear 2 Beta</a>, j'ai finalement osé l'installer. Exit donc Dotclear 1.2, et passage à l'url http://blog.anotherhomepage.org (je mettrai une redirection depuis http://www.anotherhomepage.org/blog/). J'ai trouvé un thème qui me …</p><p>C'est le printemps, on en profite :)</p>
<p>Enfin !</p>
<p>Depuis le temps que je bavais devant <a href="http://doc.dotclear.net/2.0">Dotclear 2 Beta</a>, j'ai finalement osé l'installer. Exit donc Dotclear 1.2, et passage à l'url http://blog.anotherhomepage.org (je mettrai une redirection depuis http://www.anotherhomepage.org/blog/). J'ai trouvé un thème qui me convient, <a href="http://mxlweb.net/blog/post/2007/03/04/LoadFoo-v2-pour-Dotclear">LoadFoo</a>. J'ai modifié 2 marges dans la CSS afin d'éviter des coupures de titres en 1024x768. Après ça, le compteur de visites : j'ai trouvé un <a href="http://www.schnouki.net/post/2007/01/15/Plugin-phpMyVisites-pour-DotClear-2-52">plugin</a> pour <a href="http://www.phpmyvisites.net">phpMyVisites</a>. Je n'ai eu qu'un seul <a href="http://www.impatiente.com/lephotographemaniaque/index.php/?2007/02/24/266-blog-is-not-defined">petit problème</a>, bien vite résolu.</p>
<p>Bref, que du bonheur ! Vivement Dotclear 2.0 finale ! :)</p>code PhpMyVisites dans un forum Punbb et portail Puntal2007-04-11T17:33:00+02:002007-04-11T17:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-04-11:/post/2007/04/11/72-code-phpmyvisites-dans-un-forum-punbb-et-portail-puntal/<p>petit pense-bête</p>
<p>Ayant mis à jour <a href="http://www.mandinux.info/forum/">un forum Punbb</a> il y a peu, et que ce forum est couplé à PhpMyVisites pour comptabiliser les visites, ça serait bien que je ne perde pas 2 heures à chaque fois pour retrouver où coller le code, je le note ici. En plus …</p><p>petit pense-bête</p>
<p>Ayant mis à jour <a href="http://www.mandinux.info/forum/">un forum Punbb</a> il y a peu, et que ce forum est couplé à PhpMyVisites pour comptabiliser les visites, ça serait bien que je ne perde pas 2 heures à chaque fois pour retrouver où coller le code, je le note ici. En plus, ça pourrait servir à d'autres :) Mais bon, c'est certain, à la prochaine mise à jour, j'irai chercher encore l'info sur Google. Pourvu que ce billet ait un bon pagerank ;)</p>
<p>Sinon, pour le code PhpMyVisites, en fait il faut le mettre dans /chemin/vers/forum/footer.php. Pour la version française de Punbb, il y aura, aux environs de la ligne 110 :</p>
<blockquote>
<p>Traduction par \<a href="http://www.punbb.fr/">punbb.fr\</a>\</p></p>
</blockquote>
<p>Il suffit d'insérer le code entre \</a> et \</p>. C'est aussi simple que ça.</p>
<p>Ensuite, pour Puntal, le code doit être inséré dans /chemin/vers/portail/inc/footer.php. Toujours pour la version française, on trouvera, aux alentours de la ligne 74 :</p>
<blockquote>
<p>\<p class="conr">Propulsé par \<a href="http://www.forx.fr/puntal/">Puntal\</a> © 2005 \<a href="http://www.forx.fr/">Vincent Garnier - forx.fr\</a>\</p></p>
</blockquote>
<p>Toujours pareil, le code se glisse entre \</a> et \</p>.</p>
<p>En espérant que ça serve à quelqu'un :)</p>
<h2>Commentaires</h2>
<h3>Le 25 mai 2008, 02:04 par PapaLoco</h3>
<p>Merci Nils pour ton tuyeau ... ça vient de me servir ;o)</p>Attention au slamming !2007-04-07T09:50:00+02:002007-04-07T09:50:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-04-07:/post/2007/04/07/71-attention-au-slamming/<p>ne transférons pas notre domaine chez n'importe qui.</p>
<p>Je ne pensais pas qu'un bête domaine comme anotherhomepage.org pourrait intéresser <a href="http://www.gandi.net/news/view/32">ce genre d'escrocs</a>. Et bien si. Il y avait déjà eu semble-t-il <a href="http://www.lebardegandi.net/post/2006/09/15/Le-slamming">un paquet de monde</a> qui recevait cette foutue lettre du DROA. Cette semaine, j'en ai aussi reçu une …</p><p>ne transférons pas notre domaine chez n'importe qui.</p>
<p>Je ne pensais pas qu'un bête domaine comme anotherhomepage.org pourrait intéresser <a href="http://www.gandi.net/news/view/32">ce genre d'escrocs</a>. Et bien si. Il y avait déjà eu semble-t-il <a href="http://www.lebardegandi.net/post/2006/09/15/Le-slamming">un paquet de monde</a> qui recevait cette foutue lettre du DROA. Cette semaine, j'en ai aussi reçu une. J'hésite entre la déchirer et la garder pour une éventuelle action. Mais j'ai l'impression que cela serait peine perdue. M'enfin, pour le moment ce n'est pas moi qui a perdu quelques dollars à envoyer un courrier inutile, héhé.</p>
<h2>Commentaires</h2>
<h3>Le 11 avr. 2007, 02:30 par M@T D. [INpactien]</h3>
<p>Salut NastyBoy,</p>
<p>C'est dingue toutes les arnaques relatives aux noms de domaine... Certain
n'hésite pas à interroger les bases Whois pour récupérer les adresses mails de
Webmaster afin de les arroser de spam...</p>
<p>Bref Internet est capable du meilleur, comme du pire...</p>
<p>Sinon, longue vie à ton blog ! ;-)</p>
<h3>Le 11 avr. 2007, 05:41 par Nils</h3>
<p>C'est d'ailleurs pour cela qu'un hébergeur et registrar américan (je ne sais
plus lequel entre GoDaddy et DreamHost) propose de masquer ces données dans les
bases Whois. Je ne sais pas si mon registrar le fait, mais je pense que je ne
vais pas tarder à me renseigner sur le sujet...</p>
<h3>Le 12 avr. 2007, 09:21 par M@T D. [INpactien]</h3>
<p>Je viens d'acquérir la titularité de mon .fr (qui était à mon registrar
avant)... Maintenant, il y a une option te garantissant l'anonymat dans la base
Whois... Une sorte de liste rouge...</p>
<p>Et c'est gratuit... :-)</p>
<h3>Le 12 avr. 2007, 10:35 par Nils</h3>
<p>Parfait :)</p>FreeBSD et NetBSD en domU dans Xen2007-03-21T12:26:00+01:002007-03-21T12:26:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-03-21:/post/2007/03/21/70-freebsd-et-netbsd-en-domu-dans-xen/<p>je repasserai plus tard...</p>
<p>Bon, après la cohabitation Xen/VMware, j'ai voulu essayer des BSD en virtuel sur ma FC6 xenifiée... et juste à cause de ce PAE de merde, je ne peux pas les installer. Donc soit j'ai le PAE sur tous les noyaux des OS que je virtualise …</p><p>je repasserai plus tard...</p>
<p>Bon, après la cohabitation Xen/VMware, j'ai voulu essayer des BSD en virtuel sur ma FC6 xenifiée... et juste à cause de ce PAE de merde, je ne peux pas les installer. Donc soit j'ai le PAE sur tous les noyaux des OS que je virtualise, soit aucun. Et comme j'ai grave la flemme de recompiler le noyau de ma FC6 pour enlever PAE, bein FreeBSD et NetBSD en domU, pour le moment, j'oublie. Dommage, les tutos étaient simple.</p>Quand on veut juste lire un document MS Office...2007-03-20T23:44:00+01:002007-03-20T23:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-03-20:/post/2007/03/20/69-quand-on-veut-juste-lire-un-document-ms-office/<p>et qu'on ne veut pas sortir l'artillerie lourde, que ce soit un Windows émulé/virtualisé ou OOo</p>
<p>Et bein on utilise les visionneuses MS Office ! Et comme on est sous Linux, on utilise Wine :) C'est fou comme wine et Word Viewer c'est plus rapide qu'Open Office. Attention, je ne dénigre …</p><p>et qu'on ne veut pas sortir l'artillerie lourde, que ce soit un Windows émulé/virtualisé ou OOo</p>
<p>Et bein on utilise les visionneuses MS Office ! Et comme on est sous Linux, on utilise Wine :) C'est fou comme wine et Word Viewer c'est plus rapide qu'Open Office. Attention, je ne dénigre pas le travail de l'équipe d'Open Office, c'est une suite bureautique que j'apprécie et que j'utilise, lorsque je dois éditer des documents.</p>
<p>Je trouve que c'est un peu lourd s'il s'agit juste d'afficher un document. Alors je me demandais si les visionneuses Office pouvaient s'installer via <a href="http://www.winehq.org">Wine</a>, qui n'est pas un émulateur même si ça en a l'air. 2,5 secondes de recherche plus tard (sur G... pour ne pas le nommer), je tombe sur <a href="http://appdb.winehq.org/appview.php?iVersionId=5376&iTestingId=6383">ceci</a>, qui me dit qu'en fait il est fort probable que ça marche. Je m'assure via un coup d'urpmi que ma Mandriva possède un wine un peu à jour (0.9.32) et je reproduis le mini-tuto de bas de page.</p>
<p>Comme le tuto, je n'ai pas essayé de documents imagés, je verrai à l'usage. Par contre, c'est dommage, il n'est pas possible d'imprimer (limitation causée par Wine). Mais bon, ça ira, je veux juste lire rapido un .doc ou un .ppt (oui, c'est aussi sensé marcher pour la visionneuse Pauvre Point, que j'ai installée mais pas testée).</p>10.4.92007-03-14T22:30:00+01:002007-03-14T22:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-03-14:/post/2007/03/14/68-1049/<p>deux réparations des autorisations et deux redémarrages plus tard...</p>
<div class="highlight"><pre><span></span><code><span class="n">thenastyboy</span><span class="nv">@NastyBook</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">uname</span><span class="w"> </span><span class="o">-</span><span class="n">a</span><span class="w"></span>
<span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">NastyBook</span><span class="p">.</span><span class="k">local</span><span class="w"> </span><span class="mf">8.9.0</span><span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">Kernel</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="mf">8.9.0</span><span class="err">:</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Feb</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">54</span><span class="err">:</span><span class="mi">07</span><span class="w"> </span><span class="n">PST</span><span class="w"> </span><span class="mi">2007</span><span class="p">;</span><span class="nl">root</span><span class="p">:</span><span class="n">xnu</span><span class="o">-</span><span class="mf">792.17.14</span><span class="o">~</span><span class="mi">1</span><span class="o">/</span><span class="n">RELEASE_PPC</span><span class="w"> </span><span class="nf">Power</span><span class="w"> </span><span class="n">Macintosh</span><span class="w"> </span><span class="n">powerpc</span><span class="w"></span>
</code></pre></div>
<p>Ca sent le léopard... il est …</p><p>deux réparations des autorisations et deux redémarrages plus tard...</p>
<div class="highlight"><pre><span></span><code><span class="n">thenastyboy</span><span class="nv">@NastyBook</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">uname</span><span class="w"> </span><span class="o">-</span><span class="n">a</span><span class="w"></span>
<span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">NastyBook</span><span class="p">.</span><span class="k">local</span><span class="w"> </span><span class="mf">8.9.0</span><span class="w"> </span><span class="n">Darwin</span><span class="w"> </span><span class="n">Kernel</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="mf">8.9.0</span><span class="err">:</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Feb</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">54</span><span class="err">:</span><span class="mi">07</span><span class="w"> </span><span class="n">PST</span><span class="w"> </span><span class="mi">2007</span><span class="p">;</span><span class="nl">root</span><span class="p">:</span><span class="n">xnu</span><span class="o">-</span><span class="mf">792.17.14</span><span class="o">~</span><span class="mi">1</span><span class="o">/</span><span class="n">RELEASE_PPC</span><span class="w"> </span><span class="nf">Power</span><span class="w"> </span><span class="n">Macintosh</span><span class="w"> </span><span class="n">powerpc</span><span class="w"></span>
</code></pre></div>
<p>Ca sent le léopard... il est temps pour Apple de réagir face à Windows Vista...</p>Quel héros de film es-tu ?2007-02-18T15:24:00+01:002007-02-18T15:24:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-02-18:/post/2007/02/18/67-quel-heros-de-film-es-tu/<p>Genre, questionnaire "à la con"</p>
<p><a href="http://quel-heros-de-film.es-tu.com/resultat.php">Quel héros de film es-tu ?</a> (trouvé via les <a href="http://www.pcinpact.com/actu/news/34749-liens-idiots-esc-animator-pirelli-film.htm">LIDD de PCINpact</a>)</p>
<p><img alt="""" src="http://quel-heros-de-film.es-tu.com/images/elements/3.jpg"></p>
<p>Néo (Matrix) : 74% </p>
<p>Batman / Bruce Wayne : 74%</p>
<p>Hannibal Lecter : 74%</p>
<p>Indiana Jones : 72%</p>
<p>James Bond : 72%</p>
<p>Jim Levenstein (American Pie) : 72%</p>
<p>Maximus (Gladiator) : 70%</p>
<p>Eric Draven (The Crow) : 68%</p>
<p>Forrest Gump : 67%</p>
<p>Tony Montana …</p><p>Genre, questionnaire "à la con"</p>
<p><a href="http://quel-heros-de-film.es-tu.com/resultat.php">Quel héros de film es-tu ?</a> (trouvé via les <a href="http://www.pcinpact.com/actu/news/34749-liens-idiots-esc-animator-pirelli-film.htm">LIDD de PCINpact</a>)</p>
<p><img alt="""" src="http://quel-heros-de-film.es-tu.com/images/elements/3.jpg"></p>
<p>Néo (Matrix) : 74% </p>
<p>Batman / Bruce Wayne : 74%</p>
<p>Hannibal Lecter : 74%</p>
<p>Indiana Jones : 72%</p>
<p>James Bond : 72%</p>
<p>Jim Levenstein (American Pie) : 72%</p>
<p>Maximus (Gladiator) : 70%</p>
<p>Eric Draven (The Crow) : 68%</p>
<p>Forrest Gump : 67%</p>
<p>Tony Montana (Scarface) : 67%</p>
<p>Schrek : 61%</p>
<p>Yoda (Star Wars) : 60%</p>
<p>Bon, c'est un peu beaucoup idiot on va dire, mais ça fait rire sur le coup, hein? Je suis un peu déçu de n'être Yoda qu'à 60% et d'être Hannibal Lecter à 74% (j'aime la viande, mais faut pas abuser !!!). Il ne me reste plus qu'à renouveler ma garde-robe en conséquence :-) </p>
<p>PS : le code HTML généré est pourri, j'ai dû le retravailler pour qu'il soit valide. Dommage...</p>Faire cohabiter Xen et VMware2007-02-09T19:22:00+01:002007-02-09T19:22:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-02-09:/post/2007/02/09/66-faire-cohabiter-xen-et-vmware/<p>On repassera plus tard</p>
<p><a href="http://blog.vodkamelone.de/archives/122-Fun-with-vmware-server.html">VMware et Xen ne sont pas compatibles</a>. Je suis 'achement déçu, parce qu'au boulot on envisageait avec espoir cette cohabitation. Le souci c'est que notre machine ne possède pas les instructions de virtualisation dans ses processeurs (Intel VT ou AMD Pacifica), du coup pour virtualiser des …</p><p>On repassera plus tard</p>
<p><a href="http://blog.vodkamelone.de/archives/122-Fun-with-vmware-server.html">VMware et Xen ne sont pas compatibles</a>. Je suis 'achement déçu, parce qu'au boulot on envisageait avec espoir cette cohabitation. Le souci c'est que notre machine ne possède pas les instructions de virtualisation dans ses processeurs (Intel VT ou AMD Pacifica), du coup pour virtualiser des Windows, ça va être galère...</p>
<p>EDIT : <a href="http://lists.xensource.com/archives/html/xen-users/2006-09/msg00805.html">La balle est dans le camp de VMware</a></p>Beryl, bi-écran et Nvidia2007-02-04T19:06:00+01:002007-02-04T19:06:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-02-04:/post/2007/02/04/65-beryl-et-le-bi-ecran/<p>Sisi, c'est possible (sur un air connu)</p>
<p>J'ai eu un peu de mal, mais c'est passé. J'ai reconfiguré mon bi-écran, et j'ai pu lancer <a href="http://www.beryl-project.org/">Beryl</a>. Je me suis inspiré de ma configuration existance, que j'ai légèrement modifiée, sinon, pas d'effet 3D :( D'ailleurs c'est grâce à un topic du <a href="http://forum.club.mandriva.com/viewtopic.php?t=59821&highlight=">forum du …</a></p><p>Sisi, c'est possible (sur un air connu)</p>
<p>J'ai eu un peu de mal, mais c'est passé. J'ai reconfiguré mon bi-écran, et j'ai pu lancer <a href="http://www.beryl-project.org/">Beryl</a>. Je me suis inspiré de ma configuration existance, que j'ai légèrement modifiée, sinon, pas d'effet 3D :( D'ailleurs c'est grâce à un topic du <a href="http://forum.club.mandriva.com/viewtopic.php?t=59821&highlight=">forum du club Mandriva</a> que j'ai obtenu les petites options qui font toute la différence pour Beryl.</p>
<p>Voici donc Ze fichier xorg.conf :</p>
<div class="highlight"><pre><span></span><code><span class="nv">Section</span> <span class="s2">"Files"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">font</span> <span class="s s-Atom">server</span> <span class="s s-Atom">independent</span> <span class="s s-Atom">of</span> <span class="s s-Atom">the</span> <span class="nv">X</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">render</span> <span class="s s-Atom">fonts</span><span class="p">.</span>
<span class="nv">FontPath</span> <span class="s2">"unix/:-1"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">minimal</span> <span class="s s-Atom">fonts</span> <span class="s s-Atom">to</span> <span class="s s-Atom">allow</span> <span class="nv">X</span> <span class="s s-Atom">to</span> <span class="s s-Atom">run</span> <span class="s s-Atom">without</span> <span class="s s-Atom">xfs</span>
<span class="nv">FontPath</span> <span class="s2">"/usr/share/fonts/misc:unscaled"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Extensions"</span>
<span class="nv">Option</span> <span class="s2">"Composite"</span> <span class="s2">"Enable"</span>
<span class="nv">Option</span> <span class="s2">"RENDER"</span> <span class="s2">"Enable"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerFlags"</span>
<span class="s s-Atom">#</span><span class="nv">DontZap</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">BS</span><span class="o">></span> <span class="p">(</span><span class="s s-Atom">server</span> <span class="s s-Atom">abort</span><span class="p">)</span>
<span class="nv">AllowMouseOpenFail</span> <span class="s s-Atom">#</span> <span class="s s-Atom">allows</span> <span class="s s-Atom">the</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">start</span> <span class="s s-Atom">up</span> <span class="s s-Atom">even</span> <span class="s s-Atom">if</span> <span class="s s-Atom">the</span> <span class="s s-Atom">mouse</span> <span class="s s-Atom">does</span> <span class="o">not</span> <span class="s s-Atom">work</span>
<span class="s s-Atom">#</span><span class="nv">DontZoom</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">KP_</span><span class="s s-Atom">+>/<</span><span class="nv">KP_</span><span class="s s-Atom">-></span> <span class="p">(</span><span class="s s-Atom">resolution</span> <span class="s s-Atom">switching</span><span class="p">)</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Module"</span>
<span class="nv">Load</span> <span class="s2">"dbe"</span> <span class="s s-Atom">#</span> <span class="nv">Double</span><span class="o">-</span><span class="nv">Buffering</span> <span class="nv">Extension</span>
<span class="nv">Load</span> <span class="s2">"v4l"</span> <span class="s s-Atom">#</span> <span class="nv">Video</span> <span class="s s-Atom">for</span> <span class="nv">Linux</span>
<span class="nv">Load</span> <span class="s2">"extmod"</span>
<span class="nv">Load</span> <span class="s2">"type1"</span>
<span class="nv">Load</span> <span class="s2">"freetype"</span>
<span class="nv">Load</span> <span class="s2">"/usr/lib/xorg/modules/extensions/nvidia/libglx.so"</span>
<span class="s s-Atom">#</span><span class="nv">Load</span> <span class="s2">"glx"</span> <span class="s s-Atom">#</span> <span class="mi">3</span><span class="nv">D</span> <span class="s s-Atom">layer</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Keyboard1"</span>
<span class="nv">Driver</span> <span class="s2">"kbd"</span>
<span class="nv">Option</span> <span class="s2">"XkbModel"</span> <span class="s2">"microsoftmult"</span>
<span class="nv">Option</span> <span class="s2">"XkbLayout"</span> <span class="s2">"fr"</span>
<span class="nv">Option</span> <span class="s2">"XkbOptions"</span> <span class="s2">"compose:rwin"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Mouse1"</span>
<span class="nv">Driver</span> <span class="s2">"mouse"</span>
<span class="nv">Option</span> <span class="s2">"Protocol"</span> <span class="s2">"ExplorerPS/2"</span>
<span class="nv">Option</span> <span class="s2">"Device"</span> <span class="s2">"/dev/mouse"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Monitor"</span>
<span class="nv">Identifier</span> <span class="s2">"monitor1"</span>
<span class="nv">VendorName</span> <span class="s2">"BenQ"</span>
<span class="nv">ModelName</span> <span class="s2">"BenQ FP71E"</span>
<span class="nv">HorizSync</span> <span class="mi">31</span><span class="o">-</span><span class="mf">83.0</span>
<span class="nv">VertRefresh</span> <span class="mf">56.0</span><span class="o">-</span><span class="mf">76.0</span>
<span class="s s-Atom">#</span> <span class="nv">TV</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">mode</span> <span class="s s-Atom">or</span> <span class="nv">DVD</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">output</span><span class="p">.</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">79</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mi">50</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">50.00</span> <span class="mi">768</span> <span class="mi">832</span> <span class="mi">846</span> <span class="mi">1000</span> <span class="mi">576</span> <span class="mi">590</span> <span class="mi">595</span> <span class="mi">630</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">100</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mf">61.6</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">63.07</span> <span class="mi">768</span> <span class="mi">800</span> <span class="mi">960</span> <span class="mi">1024</span> <span class="mi">576</span> <span class="mi">578</span> <span class="mi">590</span> <span class="mi">616</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Device"</span>
<span class="nv">Identifier</span> <span class="s2">"device1"</span>
<span class="nv">VendorName</span> <span class="s2">"nVidia Corp."</span>
<span class="nv">BoardName</span> <span class="s2">"NVIDIA GeForce FX (generic)"</span>
<span class="nv">Driver</span> <span class="s2">"nvidia"</span>
<span class="nv">Option</span> <span class="s2">"DPMS"</span>
<span class="nv">Option</span> <span class="s2">"RenderAccel"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"DisableGLXRootClipping"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"BackStoring"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"MetaModes"</span> <span class="s2">"DFP-0: 1280x1024 +0+0, CRT-0: 1280x1024 +1280+0 ; 1024x768, 1024x768 ; 800x600, 800x600 ; 640x480, 640x480 ;"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorVertRefresh"</span> <span class="s2">"50-120"</span>
<span class="nv">Option</span> <span class="s2">"ConnectedMonitor"</span> <span class="s2">"DFP-0, CRT-0"</span>
<span class="nv">Option</span> <span class="s2">"TwinViewOrientation"</span> <span class="s2">"CRT-0 RightOf DFP-0"</span>
<span class="nv">Option</span> <span class="s2">"AllowGLXWithComposite"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"TwinView"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorHorizSync"</span> <span class="s2">"30-70"</span>
<span class="nv">Option</span> <span class="s2">"IgnoreEDID"</span> <span class="s2">"0"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Screen"</span>
<span class="nv">Identifier</span> <span class="s2">"screen1"</span>
<span class="nv">Device</span> <span class="s2">"device1"</span>
<span class="nv">Monitor</span> <span class="s2">"monitor1"</span>
<span class="nv">DefaultColorDepth</span> <span class="mi">24</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">8</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">15</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">16</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">24</span>
<span class="s s-Atom">#</span><span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">Virtual</span> <span class="mi">2560</span> <span class="mi">1024</span>
<span class="nv">EndSubsection</span>
<span class="nv">Option</span> <span class="s2">"AddARGBGLXVisuals"</span> <span class="s2">"True"</span> <span class="s s-Atom">#</span> <span class="nv">Necessaire</span> <span class="s s-Atom">pour</span> <span class="nv">Beryl</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerLayout"</span>
<span class="nv">Identifier</span> <span class="s2">"layout1"</span>
<span class="nv">InputDevice</span> <span class="s2">"Keyboard1"</span> <span class="s2">"CoreKeyboard"</span>
<span class="nv">InputDevice</span> <span class="s2">"Mouse1"</span> <span class="s2">"CorePointer"</span>
<span class="nv">Screen</span> <span class="s2">"screen1"</span>
<span class="nv">EndSection</span>
</code></pre></div>
<p>Pour information, je possède une carte vidéo Nvidia Geforce FX 5700 VE, j'ai un écran plat BenQ et un cathodique Packard Bell. Le cathodique est à droite, le plat à gauche.</p>Songbird : bientôt le firefox des lecteurs de musique?2007-01-29T12:37:00+01:002007-01-29T12:37:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-01-29:/post/2007/01/29/64-songbird-bientot-le-firefox-des-lecteurs-de-musique/<p>Faut dire qu'il y avait comme un manque...</p>
<p>Songbird est un logiciel de lecture audio, orienté bibliothèque, basé sur XUL (Firefox) et VLC. J'avais essayé la première version diffusée, 0.1, puis une pré 0.2. Depuis deux mois environ, une 0.2.1 est disponible, mais je ne l'ai …</p><p>Faut dire qu'il y avait comme un manque...</p>
<p>Songbird est un logiciel de lecture audio, orienté bibliothèque, basé sur XUL (Firefox) et VLC. J'avais essayé la première version diffusée, 0.1, puis une pré 0.2. Depuis deux mois environ, une 0.2.1 est disponible, mais je ne l'ai installée que depuis moins de deux semaines. Ca commence à être un peu utilisable, mais pas trop, genre les chansons ne sont pas dans l'ordre dans l'album (sisi j'ai mis les tag mp3 pour que tout soit dans l'ordre). Mais si comme moi en ce moment vous êtes plus souvent à écouter des streams que de la musique en local, ce n'est pas gênant.</p>
<p>Tout ça pour dire que Songbird, ça commence à devenir bien. Et que ça va pas tarder à être au niveau d'iTunes et d'Amarok. Parce que bon, soyons sérieux une minute, gtkpod et rythmbox c'est un peu 25000 niveaux en dessous niveau interface. Je rêvais d'un bon lecteur de musique pour Gnome, Songbird est en train d'en faire une réalité.</p>
<p><a href="http://www.songbirdnest.com">Songbirdnest : le site de Songbird</a></p>
<h2>Commentaires</h2>
<h3>Le 01/02/2007 14:28 par <a href="http://ashux.over-blog.com">Ash</a></h3>
<p>Salut!
J'avais testé songbird fut un temps... Bon, c'était pas très stable (certains
titres sortaient avec un etrange son "digitalisé", genre Jean Michel Jarre
après le reveillon), l'application s'arretait subitement et autres déboires
traditionnelles de versions dites "de test".
Néanmoins, l'interface a la itunes en noir m'avait séduit (c'est vrai que
rythmbox a coté...) et le concept aussi.
Donc je m'envais de ce pas voir ce qui se passe chez ce volatile sonore...
@+</p>Unix way of heartbreaks2007-01-29T12:10:00+01:002007-01-29T12:10:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-01-29:/post/2007/01/29/63-unix-way-of-heartbreaks/<p>J'ai comme une impression de déjà vécu...</p>
<p><em>Edit de 2021 : image perdue</em></p>
<p>J'ai récupéré cette image dans les méandres de l'internet. Si son auteur ne souhaite pas qu'Another Home Page la diffuse, qu'il me contacte au plus vite.</p>Hak.5 - Trust your technolust2007-01-11T09:34:00+01:002007-01-11T09:34:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-01-11:/post/2007/01/11/62-hak5-trust-your-technolust/<p>une émission IPtv qu'elle est bien</p>
<p>Je vous propose de découvrir un show IPTV. Outre-atlantique, l'IPTV ce n'est pas le fait de recevoir la télévision par internet (xDSL ou câble) mais des émissions qu'on télécharge, gratuitement ou contre paiement. Hak.5 fait partie de ce genre d'émission, téléchargeable gratuitement dans …</p><p>une émission IPtv qu'elle est bien</p>
<p>Je vous propose de découvrir un show IPTV. Outre-atlantique, l'IPTV ce n'est pas le fait de recevoir la télévision par internet (xDSL ou câble) mais des émissions qu'on télécharge, gratuitement ou contre paiement. Hak.5 fait partie de ce genre d'émission, téléchargeable gratuitement dans de nombreux formats (Xvid, iPod, WMV, iTunes). L'émission est d'ailleurs sous licence Creative Commons.</p>
<p>Mais c'est quoi cette émission, Hak.5? Et bien il s'agit tout simplement d'une émission présentant un certain nombre de bidouilles en rapport avec l'informatique, l'électronique, et tout ce qui y est associé. On trouvera parmi les sujets traités depuis le début de ce show : l'influence de la vitesse lors du wardriving, comment se monter une bonne d'arcade avec un PC, du plexi et du bois, explication des buffer-overflows avec de la bière, ou encore doom sur iPod, DS, ou mac mini. Il y en a pour tous les goûts, et pour ceux qui aiment rire, les fausses pubs et autres sketches sont parfaits.</p>
<p>Disponible le 5 de chaque mois, Hak5 dure une cinquantaine de minutes. Après une première saison de 10 épisodes et un DVD, la deuxième saison en est à l'épisode 6, un peu tronqué pour cause de changement de maison des créateurs et animateur du show. J'oublierais presque de préciser que le show est en anglais, sans sous-titre, mais quel excellent moyen de progresser en anglais ! D'ailleurs pour les sous-titres, c'est en cours, l'épisode 2 de la saison 2 est intégralement sous-titré en anglais, et je suis en train de le traduire vers le français.</p>
<p>Ah, et le plus important : où télécharger les épisodes? <a href="http://www.hak5.org">http://www.hak5.org</a></p>Voiture, quel gouffre à fric2007-01-11T09:18:00+01:002007-01-11T09:18:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-01-11:/post/2007/01/11/61-voiture-quel-gouffre-a-fric/<p>je commence bien l'année</p>
<p>L'année commence bien pour ma voiture, on change la commande des phares, la courroie et l'alternateur. Coût total de l'opération, dans les 480 euros. Heureusement après ça, j'ai l'impression que ma clio roule mieux. Pour le prix, c'est préférable !</p>Dotclear 2 Beta 42006-12-30T19:02:00+01:002006-12-30T19:02:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-12-30:/post/2006/12/30/60-dotclear-2-beta-4/<p>Le père Noël est passé chez Dotclear :)</p>
<p>J'ai essayé en local <a href="http://www.dotclear.net/log/post/2006/12/26/Dotclear-2-beta-4-et-documentation">Dotclear 2 Beta 4</a> hier, et j'avoue que je le trouve tellement bien que j'envisage de mettre à jour le blog avant que la finale ne sorte. Sincèrement, ça a l'air vraiment pas mal. La dernière fois que j'avais …</p><p>Le père Noël est passé chez Dotclear :)</p>
<p>J'ai essayé en local <a href="http://www.dotclear.net/log/post/2006/12/26/Dotclear-2-beta-4-et-documentation">Dotclear 2 Beta 4</a> hier, et j'avoue que je le trouve tellement bien que j'envisage de mettre à jour le blog avant que la finale ne sorte. Sincèrement, ça a l'air vraiment pas mal. La dernière fois que j'avais essayé une beta de Dotclear 2, il n'était pas possible de mettre à jour depuis la 1.2. Maintenant c'est possible, via <a href="http://doc.dotclear.net/2.0/administration/mise_a_jour">une extension d'import/export</a>. D'ailleurs j'ai pu voir plusieurs blogs fonctionner avec cette version, je n'ai pas vu de problèmes extérieurs. Cela ne veut pas dire qu'il n'y a pas de problèmes et que la version finale est imminente, mais cela reste une bonne nouvelle :-)</p>
<p>Du côté des thèmes, j'ai eu l'occasion d'essayer <a href="http://www.campingclairdelune.fr/tests/?gallery/dotclear/themes-dc-2/dotunes#gallery">DoTunes</a>, qui donne une interface type iTunes. J'aurais aimé essayé <a href="http://www.campingclairdelune.fr/tests/?gallery/dotclear/themes-dc-2/black_and_white#gallery">Black & White</a>, mais il n'est pas disponible au téléchargement :-( . Cependant les thèmes sont déjà nombreux et de qualité, et rien ne m'empêche de contacter l'auteur pour l'obtenir.</p>Déplacement officiellement terminé !2006-12-23T11:38:00+01:002006-12-23T11:38:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-12-23:/post/2006/12/23/59-deplacement-officiellement-termine/<p>Changement d'hébergeur, maintenant, l'hébergeur, c'est un peu moi :)</p>
<p>J'ai enfin trouvé le temps de finir de déplacer Another home page (ou Anotherhomepage, il faudrait que j'harmonise...), il me suffit à présent de mettre un renvoi depuis le .info vers le .org, et une fois l'offre 1and1 terminée, rapatrier le .info …</p><p>Changement d'hébergeur, maintenant, l'hébergeur, c'est un peu moi :)</p>
<p>J'ai enfin trouvé le temps de finir de déplacer Another home page (ou Anotherhomepage, il faudrait que j'harmonise...), il me suffit à présent de mettre un renvoi depuis le .info vers le .org, et une fois l'offre 1and1 terminée, rapatrier le .info sur mon serveur dédié.</p>Astuce du jour : logcheck2006-09-01T09:35:00+02:002006-09-01T09:35:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-09-01:/post/2006/09/01/56-astuce-du-jour-logcheck/<p>ou comment ne pas se faire pourrir sa boite mail</p>
<p>Voilà, hier j'ai installé logcheck et comme un con j'ai laissé la configuration par défaut. Résultat des courses, un mail toutes les heures pour m'informer de ce qui se passe sur mon serveur... Je suis un peu parano sur les …</p><p>ou comment ne pas se faire pourrir sa boite mail</p>
<p>Voilà, hier j'ai installé logcheck et comme un con j'ai laissé la configuration par défaut. Résultat des courses, un mail toutes les heures pour m'informer de ce qui se passe sur mon serveur... Je suis un peu parano sur les bords, mais point trop n'en faut. Après quelques recherches, je me suis rendu compte que logcheck avait une entrée cron qui se trouve dans /etc/cron.d/logcheck, et qui lui disait d'envoyer le rapport chaque heure. J'ai modifié la commande pour qu'il envoie ça un peu moins souvent. Je poste l'astuce, des fois que ça serve à quelqu'un...</p>Kjukebox : l'ancêtre d'Amarok et de bien d'autres logiciels2006-08-30T22:00:00+02:002006-08-30T22:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-30:/post/2006/08/30/55-kjukebox-l-ancetre-d-amarok-et-de-bien-d-autres-logiciels/<p>Un logiciel en avance sur son temps... il y a plusieurs années</p>
<p>Il y a plusieurs années de cela, quand j'ai découvert GNU/Linux, j'ai été impressionné par un logiciel de lecture de musique nommé Kjukebox. Je le trouvais plus complet et plus intégré à KDE qu'un autre logiciel que …</p><p>Un logiciel en avance sur son temps... il y a plusieurs années</p>
<p>Il y a plusieurs années de cela, quand j'ai découvert GNU/Linux, j'ai été impressionné par un logiciel de lecture de musique nommé Kjukebox. Je le trouvais plus complet et plus intégré à KDE qu'un autre logiciel que j'utilisais (et que j'utilise toujours de temps en temps) : Xmms. Aujourd'hui, la plupart des lecteurs de musique du marché fonctionnent avec un système de bibliothèque musicale : iTunes, Winamp, Windows Media Player, Amarok et le très attendu Songbird ne demandent qu'à scanner vos disques durs à la recherche de musique à indexer. Là où Kjukebox possédait une fonction aujourd'hui totalement disparue, c'est le fait de posséder 2 lecteurs simultanés. Bien sûr, à l'époque le graphisme de KDE 1 était loin de KDE 3, mais on s'y faisait assez vite. Cela fait partie des logiciels morts que je n'oublierai pas :) </p>
<p>Pour lire une description de Kjukebox, c'est <a href="http://chl.be/glmf/www.linuxmag-france.org/old/lm7/kjukebox.html">ici</a>, et pour avoir une impression d'écran, c'est <a href="http://de.kde.org/appmonth/2000/kjukebox/main.html">là</a> (attention, commentaires en allemand).</p>Sortie PCINpact du 26-27/08 à Nice2006-08-28T15:30:00+02:002006-08-28T15:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-28:/post/2006/08/28/54-sortie-pcinpact-du-26-27-08-a-nice/<p>A boire, à manger, encore plus à boire, un t-shirt et des photos</p>
<p>Je suis totalement vanné. Vanné mais heureux. Qu'est-ce qu'on s'est bien amusé ! J'arrive 2h avant tout le monde, puis tout s'enchaîne : bière, sandwich, puis boissons de nouveau. Moules frites le soir, on continue la soirée dans un …</p><p>A boire, à manger, encore plus à boire, un t-shirt et des photos</p>
<p>Je suis totalement vanné. Vanné mais heureux. Qu'est-ce qu'on s'est bien amusé ! J'arrive 2h avant tout le monde, puis tout s'enchaîne : bière, sandwich, puis boissons de nouveau. Moules frites le soir, on continue la soirée dans un pub pour la finir sur la plage de la promenade des anglais. Direction l'hôtel et surtout le plumard vers 6h du matin. Etrangement le lendemin, personne n'a bu d'alcool à midi... ;) </p>
<p>Bien entendu, il y a eu des photos.
Quelques-unes sont déjà dispo <a href="http://www.pcinpact.com/forum/index.php?s=&showtopic=91686&view=findpost&p=1608102">sur le forum PCINpact</a>. Je ne suis pas fan des photos, je crois qu'on l'aura remarqué. Promis, la prochaine fois je rangerai ma langue... ou pas. </p>
<p><strong>MAJ :</strong> Quelques photos supplémentaires <a href="http://arafel.mine.nu/INpact-Nice/">ici</a>.</p>On n'est jamais mieux servi que par soi-même2006-08-22T18:20:00+02:002006-08-22T18:20:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-22:/post/2006/08/22/53-on-n-est-jamais-mieux-servi-que-par-soi-meme/<p>Ou quand un expert en sécurité informatique voit son site internet défacé...</p>
<p><a href="http://www.clubic.com/actualite-37692-insolite-site-kevin-mitnick-hacke.html">Clubic</a> a publié un article sur le défaçage du site Internet de <a href="http://fr.wikipedia.org/wiki/Mitnick">Kevin Mitnick</a>. En lisant l'article, on apprend qu'en fait Kevin a fait appel à un prestataire pour son site, qui, après visite, n'est tout simplement qu'une …</p><p>Ou quand un expert en sécurité informatique voit son site internet défacé...</p>
<p><a href="http://www.clubic.com/actualite-37692-insolite-site-kevin-mitnick-hacke.html">Clubic</a> a publié un article sur le défaçage du site Internet de <a href="http://fr.wikipedia.org/wiki/Mitnick">Kevin Mitnick</a>. En lisant l'article, on apprend qu'en fait Kevin a fait appel à un prestataire pour son site, qui, après visite, n'est tout simplement qu'une vitrine. </p>
<p>Cela diminue la portée de l'exploit, car on peut supposer que Mitnick n'est qu'un client parmi d'autres pour le prestataire, et que ce dernier possède des infrastructures de taille assez conséquente pour ne pas placer la sécurité de ses systèmes en priorité numéro un. On se permettra quand même une petite morale pour monsieur Mitnick : "on n'est jamais mieux servi que par soi-même".</p>L'internaute essaie Linux2006-08-22T15:31:00+02:002006-08-22T15:31:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-22:/post/2006/08/22/52-l-internaute-essaie-linux/<p>Et l'internaute essaie Mandriva One :)</p>
<p>On m'a relayé <a href="http://www.linternaute.com/hightech/micro/linux/index.shtml">un article de l'internaute consacré à la découverte de Linux</a>. Après lecture des 3 parties, j'avoue que c'est un article plutôt bon (forcément, il est positif et prêche un converti), bien qu'il présente quelques erreurs. La partie du matériel requis est légèrement …</p><p>Et l'internaute essaie Mandriva One :)</p>
<p>On m'a relayé <a href="http://www.linternaute.com/hightech/micro/linux/index.shtml">un article de l'internaute consacré à la découverte de Linux</a>. Après lecture des 3 parties, j'avoue que c'est un article plutôt bon (forcément, il est positif et prêche un converti), bien qu'il présente quelques erreurs. La partie du matériel requis est légèrement fausse je trouve, et j'aimerais savoir quelle machine leur a donné du fil a retordre. Quoi qu'il en soit, l'installation que j'ai faite de Mandriva One sur l'ordinateur de mon père s'est bien passée en entrant au démarrage l'option noapic. Mais j'admet qu'il faut connaître l'astuce...</p>Transformer une machine un peu puissante en 2cv2006-08-22T09:02:00+02:002006-08-22T09:02:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-22:/post/2006/08/22/51-transformer-une-machine-un-peu-puissante-en-2cv/<p>tour de magie inside</p>
<p>Cela fait déjà un moment que je n'ai pas réinvesti dans un PC. J'ai pour le moment un Athlon XP 2600+ sur une carte mère Asus A7N8X-E, 1024Mo de DDR-SDRAM 400MHz et une gentille Geforce FX5700. Puissance raisonable et suffisante pour la plupart des actions que …</p><p>tour de magie inside</p>
<p>Cela fait déjà un moment que je n'ai pas réinvesti dans un PC. J'ai pour le moment un Athlon XP 2600+ sur une carte mère Asus A7N8X-E, 1024Mo de DDR-SDRAM 400MHz et une gentille Geforce FX5700. Puissance raisonable et suffisante pour la plupart des actions que j'effectue sur cette machine. Mais depuis ce week-end, j'ai réussi à trouver que cette bécane est totalement à la ramasse, et qu'elle se traîne. Comment j'ai fait? J'ai tout simplement acheté Quake 4. Et le moins qu'on puisse dire, c'est que le jeu est gourmand ! J'ai l'impression de me retrouver à l'époque où je possédais un processeur Celeron 466Mhz, 64Mo de ram et un chipset graphique Intel i810... genre à cette époque pour obtenir 45fps en 1024x768 il me fallait dégrader les textures comme un fou ! Chose que je n'ai pas encore faite sur Quake 4, parce que pour le moment ça reste jouable (je n'ai touché que le mode solo), et j'oscille entre 35 et 45fps. Ce qui me rassure c'est qu'il semble impossible d'aller au-delà de 60fps. Je ne suis donc pas si loin de la limite maximale, mais en 1024x768. Bein oui si je peux jouer à Guild Wars ou Trackmania Nations en 1280x1024, j'aimerais aussi jouer à Quake 4 en 1280x1024. </p>
<p>Bon, ma 2cv ne marche pas si mal que ça, mais j'ai l'impression d'un bond de quelques années en arrière. </p>
<p><strong>MAJ :</strong> si je pouvais, je ferais <a href="http://www.ctrlaltdel-online.com/comic.php?d=20030523">ceci</a></p>Room 1012006-08-14T23:22:00+02:002006-08-14T23:22:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-14:/post/2006/08/14/50-room-101/<p>petit voyage dans le temps sympa, sur le thème des bureaux informatiques</p>
<p>J'ai trouvé <a href="http://r-101.blogspot.com/">cette petite galerie photo</a> qui retrace l'évolution des bureaux graphiques des systèmes Windows, Mac OS et KDE. Je trouve que c'est assez sympa comme idée, cependant je regrette qu'on y trouve pas d'autres bureaux, je pense …</p><p>petit voyage dans le temps sympa, sur le thème des bureaux informatiques</p>
<p>J'ai trouvé <a href="http://r-101.blogspot.com/">cette petite galerie photo</a> qui retrace l'évolution des bureaux graphiques des systèmes Windows, Mac OS et KDE. Je trouve que c'est assez sympa comme idée, cependant je regrette qu'on y trouve pas d'autres bureaux, je pense à Gnome, NeXTstep (puis WindowMaker) ou encore CDE. Autre chose aussi, je trouve dommage que les images soient redimensionnées à environ 500x400. Mais bon, ne gâchons pas notre plaisir, je savoure encore ce bon vieux KDE 2 de ma Mandrake 8.0 :)</p>Tempcheck2006-08-13T12:36:00+02:002006-08-13T12:36:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-13:/post/2006/08/13/49-tempcheck/<p>première version, peut-être aussi la dernière</p>
<p>J'avais essayé de faire il y a quelques temps un petit script en Perl qui permet d'éteindre sa machine Linux si elle a trop chaud. Comme je n'arrive pas à grand-chose, et si ça peut servir à quelqu'un, voici le <a href="https://medias.anotherhomepage.org/archives/tempcheck.tar.gz">programme</a>, sous licence GPL …</p><p>première version, peut-être aussi la dernière</p>
<p>J'avais essayé de faire il y a quelques temps un petit script en Perl qui permet d'éteindre sa machine Linux si elle a trop chaud. Comme je n'arrive pas à grand-chose, et si ça peut servir à quelqu'un, voici le <a href="https://medias.anotherhomepage.org/archives/tempcheck.tar.gz">programme</a>, sous licence GPL. Si quelqu'un veut s'amuser avec...</p>Synergy : pas tout à fait KVM, mais pas VNC2006-08-11T15:38:00+02:002006-08-11T15:38:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-11:/post/2006/08/11/48-synergy-pas-tout-a-fait-kvm-mais-pas-vnc/<p>un super soft pour ceux qui comme moi, ont plusieurs machines et plusieurs écrans</p>
<p>Vous avez plusieurs écrans, claviers, souris? Vous ne pouvez pas utiliser de KVM parce que vous avez un laptop ou un imac? Alors <a href="http://synergy2.sourceforge.net/">Synergy</a> est fait pour vous ! </p>
<p>J'ai essayé ce matin ce logiciel, je peux …</p><p>un super soft pour ceux qui comme moi, ont plusieurs machines et plusieurs écrans</p>
<p>Vous avez plusieurs écrans, claviers, souris? Vous ne pouvez pas utiliser de KVM parce que vous avez un laptop ou un imac? Alors <a href="http://synergy2.sourceforge.net/">Synergy</a> est fait pour vous ! </p>
<p>J'ai essayé ce matin ce logiciel, je peux à présent utiliser le clavier et la souris (ou trackpad) de mon ibook sur mon ordinateur Linux, sans perte de puissance, sans grosse consommation mémoire, et avec le tunnel ssh, je ne me fais pas sniffer les frappes clavier ! </p>
<p>Je ne sais pas encore ce que ça va donner mais j'ai hâte d'essayer avec mon ordinateur personnel en bi-écran. </p>
<p>Pour ceux qui ne sont pas convaincus, une démo pas super claire mais sympa est celle de <a href="http://www.hak5.org/archives/130">Hak.5</a>.</p>Apple fait quelques efforts pour l'opensource2006-08-08T10:59:00+02:002006-08-08T10:59:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-08:/post/2006/08/08/47-apple-fait-quelques-efforts-pour-l-opensource/<p>C'est toujours mieux que rien</p>
<p>Il y a quelques temps, l'équipe d'OpenDarwin annonçait la mort du projet : “OpenDarwin was meant to be a development community and a proving ground for fixes and features for Mac OS X and Darwin, which could be picked up by Apple for inclusion in the …</p><p>C'est toujours mieux que rien</p>
<p>Il y a quelques temps, l'équipe d'OpenDarwin annonçait la mort du projet : “OpenDarwin was meant to be a development community and a proving ground for fixes and features for Mac OS X and Darwin, which could be picked up by Apple for inclusion in the canonical sources. OpenDarwin has failed to achieve its goals in 4 years of operation, and moves further from achieving these goals as time goes on. For this reason, OpenDarwin will be shutting down.” </p>
<p>Je viens de lire sur <a href="http://apple.slashdot.org/article.pl?sid=06/08/07/2359256">Slashdot</a> qu'Apple lance une plateforme d'hébergement pour les composants open-source de ses projets, nommée <a href="http://www.macosforge.org/">Mac OS Forge</a>. </p>
<p>C'est une initiative qu'elle est bonne, je trouve, j'espère que l'initiative gagnera en popularité, et que cela montrera à Apple qu'il ne faut pas négliger ses bases, à plus forte raison si elles sont open-source. </p>
<p>MAJ : LinuxFR vient de pondre un <a href="http://linuxfr.org/2006/08/11/21188.html">article</a> assez bien sur le sujet.</p>Le net. Pas très rapide, pas de téléphone2006-07-06T22:41:00+02:002006-07-06T22:41:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-07-06:/post/2006/07/06/46-le-net-pas-tres-rapide-pas-de-telephone/<p>après un mois d'attente, un service dégradé</p>
<p>Je postais il y a peu depuis mon lieu de travail que j'étais sans connexion internet, puisque je fais partie des (mal)heureux migrés en NRA HD. En quoi cela consiste-t-il? Le principe du NRA HD est en fait de faire une sorte …</p><p>après un mois d'attente, un service dégradé</p>
<p>Je postais il y a peu depuis mon lieu de travail que j'étais sans connexion internet, puisque je fais partie des (mal)heureux migrés en NRA HD. En quoi cela consiste-t-il? Le principe du NRA HD est en fait de faire une sorte de "rallonge" haut-débit pour les gens en bout de ligne, ce qui leur permet d'avoir plus de débit puisqu'ils se retrouvent avec un NRA bien plus près. HD signifie donc "haute distance" et non "haute définition" (la confusion est facile avec toutes ces pubs pour la télé HD). Cela me fait passer de 2900 à 1500m du NRA, et je suis sensé avoir donc un meilleur débit. </p>
<p>Dans la théorie, ma freebox v4 étant capable de ma connecter en ADSL 2+, je devrais profiter d'un débit proche de 20Mbit/s, peut-être d'avoir la télé, et bien entendu le téléphone. Dans la pratique : avant j'avais 5Mbit/s, le téléphone, mais pas de télé. Maintenant, j'ai entre 3 et 6Mbit/s selon les tests, pas de télé et pas de téléphone ! C'est gênant quand on est en dégroupé total... </p>
<p>Bon, maintenant que j'ai Internet, si je réorganisais un peu ce blog?</p>Pas le temps, pas de net.2006-06-29T09:56:00+02:002006-06-29T09:56:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-06-29:/post/2006/06/29/45-pas-le-temps-pas-de-net/<p>Rien en fait. Ah si, un peu de réflexion, mais rien de concret. pff...</p>
<p>Je suis sans internet depuis près de 3 semaines (ça fera 3 semaines demain en fait). Je suis fatigué, et je n'ai pas le courage de blogguer. Mais je réfléchis à réorganiser le beau boxon qu'est …</p><p>Rien en fait. Ah si, un peu de réflexion, mais rien de concret. pff...</p>
<p>Je suis sans internet depuis près de 3 semaines (ça fera 3 semaines demain en fait). Je suis fatigué, et je n'ai pas le courage de blogguer. Mais je réfléchis à réorganiser le beau boxon qu'est ce site/blog et j'aimerais trouver un moyen de faire un espace de téléchargement sympa, et peut-être réorganiser les galeries photo dont je ne me sers pas pour le moment. </p>
<p>Si vous voulez avoir une idée de quand mon accès au net reviendra, les liens suivants vous aideront : </p>
<p><a href="http://www.freenews.fr/forum/viewtopic.php?pid=219085">Freenews forum : Biot - Les templiers, on s'y connecte également</a> </p>
<p><a href="http://francois04.free.fr/connex_dslam.php?nra=HTR06">François04 : statistique du DSLAM HTR06</a> </p>
<p>Pour la petite histoire, je fais partie des gens qui sont migrés en NRA HD.</p>Quelques vidéos d'iBook ou de PowerBook2006-05-05T21:26:00+02:002006-05-05T21:26:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-05-05:/post/2006/05/05/43-quelques-videos-d-ibook-ou-de-powerbook/<p>sur YouTube</p>
<p>J'ai trouvé sur le très célèbre <a href="http://www.youtube.com">You Tube</a>, site de vidéos en ligne, de nombreuses vidéos mettant en scène un iBook ou un PowerBook. <a href="http://www.youtube.com/watch?v=nKwvh1vnpB4&search=ibook">Celle-ci</a> m'a particulièrement impressionné. Pensez aussi à regarder les autres, certaines sont pas mal aussi.</p>Vieux sons Apple - Coincoin2006-05-03T17:15:00+02:002006-05-03T17:15:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-05-03:/post/2006/05/03/42-vieux-sons-apple-coincoin/<p>Vieux, mais toujours aussi drôle !</p>
<p>Sur les vieux mac, on se souvient le plus souvent de leurs sons assez drôle, dont le célèbre "coin-coin" de canard, repris depuis dans les célèbres sketches des Guignols de l'info. Parti d'un délire avec des collègues de travail, j'ai retrouvé ce son :), il est …</p><p>Vieux, mais toujours aussi drôle !</p>
<p>Sur les vieux mac, on se souvient le plus souvent de leurs sons assez drôle, dont le célèbre "coin-coin" de canard, repris depuis dans les célèbres sketches des Guignols de l'info. Parti d'un délire avec des collègues de travail, j'ai retrouvé ce son :), il est <a href="http://julpie.free.fr/french/index.php3?page=classicsoundssystem">sur ce site perso</a>. Par contre je ne sais pas si les utilisateurs Windows peuvent ouvrir les fichiers .dmg ... </p>
<p>Happy coin-coin !</p>
<h2>Commentaires</h2>
<h3>Le 25 mar. 2009, 01:16 par <a href="http://www.noobz.fr/">superlapin62</a></h3>
<p>Si t'as le même en version windows je suis preneur :D</p>Premier script de listing php2006-05-03T00:32:00+02:002006-05-03T00:32:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-05-03:/post/2006/05/03/41-premier-script-de-listing-php/<p>ça ne fait pas grand-chose et c'est moche, mais ça le mérite d'être fonctionnel.</p>
<p>Je voulais changer le script de téléchargement de mon site. J'ai vu qu'il n'y a pas grand-chose qui me convient alors j'envisage de coder le mien. Pour le moment il n'y a qu'un fichier, je ne …</p><p>ça ne fait pas grand-chose et c'est moche, mais ça le mérite d'être fonctionnel.</p>
<p>Je voulais changer le script de téléchargement de mon site. J'ai vu qu'il n'y a pas grand-chose qui me convient alors j'envisage de coder le mien. Pour le moment il n'y a qu'un fichier, je ne le met pas à disposition dans l'immédiat vu le manque d'organisation dans le code. J'espère y apporter plein d'améliorations bientôt. Surtout que poser comme ça du code php dans Dotclear ça ne fait pas top...</p>Ma carte mère parle !2006-05-02T18:39:00+02:002006-05-02T18:39:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-05-02:/post/2006/05/02/40-ma-carte-mere-parle/<p>C'est beau le progès</p>
<p>Ce week-end, j'ai changé de carte mère, je suis passé d'une carte à base de chipset Via KT600 à une à base de Nvidia Nforce 2 ultra 400, la bien connue <a href="http://www.prixdunet.com/details/Asus_A7N8XE_Deluxe/">Asus A7N8X-E Deluxe</a>, que j'ai eu d'occasion (le lien c'est juste pour les infos techniques …</p><p>C'est beau le progès</p>
<p>Ce week-end, j'ai changé de carte mère, je suis passé d'une carte à base de chipset Via KT600 à une à base de Nvidia Nforce 2 ultra 400, la bien connue <a href="http://www.prixdunet.com/details/Asus_A7N8XE_Deluxe/">Asus A7N8X-E Deluxe</a>, que j'ai eu d'occasion (le lien c'est juste pour les infos techniques). J'ai eu la surprise d'entendre, une fois la machine remontée, une voix (féminine) m'indique que les tests avant le boot sont passés avec succès, et que la machine va démarrer l'OS. C'est assez marrant, une fois, deux fois mais au bout de trois on va dans le BIOS et on désactive. Il parait que la version française est beaucoup moins sexy...</p>
<h2>Commentaires</h2>
<h3>Le 14/05/2006 11:20 par scientifik_u</h3>
<p>Tient, je savait que sur certains models, au lieu d'entendre les "bips" du
speaker interne lors d'erreur, il y avait une voix qui disait les erreur par
l'haut parleur.</p>
<p>Mais, c'est vrai que pour chaque démarrage ... euh, c'est saoulant :-/</p>
<p>A part si on l'utilise comme serveur et qu'elle reboot une fois tout les 6 mois
:P</p>
<p>perso, j'ai une a7n8x-la ... sans voix off ^^'</p>Quelques liens pour rire sur Bash et BashFR2006-04-29T16:24:00+02:002006-04-29T16:24:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-29:/post/2006/04/29/39-quelques-liens-pour-rire-sur-bash-et-bashfr/<p>Faut se détendre de temps en temps</p>
<p>Si vous ne connaissez pas <a href="http://www.bash.org/">Bash</a> et <a href="http://www.bashfr.org/">BashFR</a> (à ne pas confondre avec le shell unix), ce sont deux sites qui reprennent des morceaux de discussion sur le net. Quelques morceaux choisis pour bien passer le week-end :</p>
<ul>
<li><a href="http://www.bashfr.org/?2719">Ah, les sciences...</a></li>
<li><a href="http://www.bashfr.org/?3087">Mamie perd la …</a></li></ul><p>Faut se détendre de temps en temps</p>
<p>Si vous ne connaissez pas <a href="http://www.bash.org/">Bash</a> et <a href="http://www.bashfr.org/">BashFR</a> (à ne pas confondre avec le shell unix), ce sont deux sites qui reprennent des morceaux de discussion sur le net. Quelques morceaux choisis pour bien passer le week-end :</p>
<ul>
<li><a href="http://www.bashfr.org/?2719">Ah, les sciences...</a></li>
<li><a href="http://www.bashfr.org/?3087">Mamie perd la mémoire</a></li>
<li><a href="http://www.bashfr.org/?1337">Pardon aux familles tout ça</a></li>
<li><a href="http://www.bashfr.org/?2670">Linux, un os dangereux</a></li>
<li><a href="http://www.bashfr.org/?878">D'où viens-tu?</a></li>
</ul>
<p>Enjoy ;) (et pendant ce temps, réinstallation de machine pour cause de changement de carte mère).</p>Quand une petite fille de 9 ans veut proposer des idées à Apple2006-04-18T09:00:00+02:002006-04-18T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-18:/post/2006/04/18/38-quand-une-petite-fille-de-9-ans-veut-proposer-des-idees-a-apple/<p>c'est pour sa pomme...</p>
<p>Ce matin, en lisant ~~mon journal~~ les news du net, je suis passé comme tous les jours sur <a href="http://www.pcinpact.com">PCINpact</a>. J'y ai trouvé <a href="http://www.pcinpact.com/actu/news/28099-Bonjour-jai-9-ans-et-jai-des-idees-pour-Appl.htm">un article</a> racontant l'histoire d'une petite fille de 9 ans qui voulait proposer à Steve Jobs quelques idées pour améliorer l'iPod Nano (article repris …</p><p>c'est pour sa pomme...</p>
<p>Ce matin, en lisant ~~mon journal~~ les news du net, je suis passé comme tous les jours sur <a href="http://www.pcinpact.com">PCINpact</a>. J'y ai trouvé <a href="http://www.pcinpact.com/actu/news/28099-Bonjour-jai-9-ans-et-jai-des-idees-pour-Appl.htm">un article</a> racontant l'histoire d'une petite fille de 9 ans qui voulait proposer à Steve Jobs quelques idées pour améliorer l'iPod Nano (article repris d'une news de CBS5 disponible <a href="http://cbs5.com/investigates/local_story_103023852.html">ici</a>). </p>
<p>Cette histoire me fait sourire et réfléchir à plus d'un titre, d'abord, même si la politique de l'entreprise n'est pas de prendre en compte les idées et les demandes spontanées des consommateurs, j'estime qu'il y a moyen de répondre avec un ton qui n'est ni hypocrite ni dur. Je n'enverrai pas de lettre à Steve Jobs pour ça, mais je suppose qu'Apple doit régulièrement sonder ses clients, pour savoir ce qui les intéresse et s'ils sont satisfait de leurs produits. Si c'est effectivement le cas, le signaler dans la réponse serait une bonne idée et conviendrait à la fois à une file de 9 et à quelqu'un de plus âgé. </p>
<p>Ensuite, le fait que sa mère ait porté l'histoire devant la télé... Aurait-elle voulu en profiter pour faire un peu de médiatisation, faire un petit procès et récupérer quelques dollars d'Apple? La tentation de répondre oui est grande, de penser que toutes les petites histoires peuvent, au pays de l'oncle Sam, se finir en procès. Mais devant la candeur de Shea, la petite fille de 9 ans, je vais essayer d'agir avec tact et penser qu'au moins, elle aura fait changer le ton des lettres de réponse d'Apple :)</p>Dotclear 1.2.42006-04-16T14:42:00+02:002006-04-16T14:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-16:/post/2006/04/16/36-dotclear-124/<p>Mettez à jour votre blog</p>
<p>Quelques jours après sa sortie, je viens de mettre à jour mon blog, qui est à présent propulsé par Dotclear 1.2.4. Les nouveautés ne sont pas vraiment visibles, que ce soit pour le bloggueur ou le lecteur. Il s'agit principalement d'une mise à …</p><p>Mettez à jour votre blog</p>
<p>Quelques jours après sa sortie, je viens de mettre à jour mon blog, qui est à présent propulsé par Dotclear 1.2.4. Les nouveautés ne sont pas vraiment visibles, que ce soit pour le bloggueur ou le lecteur. Il s'agit principalement d'une mise à jour de sécurité comme vous pourrez le lire sur <a href="http://www.dotclear.net">le site officiel de Dotclear</a>. On notera aussi la sortie d'une nouvelle version de <a href="http://www.vanschklift.com/blog/index.php?p=51">Spamplemousse</a>, qui passe en version 0.1.4. </p>
<p>Cependant, j'hésite à rouvrir les trackbacks... bon allez je vais voir si le nouveau Spamplemousse est efficace.</p>
<p>N'oubliez pas de suivre à la lettre les documentations pour <a href="http://petit.dotclear.net/pages/2005/05/13/86-obligatoire-importante-et-incontournable-la-sauvegarde">sauvegarder votre blog</a> et <a href="http://www.dotclear.net/trac/wiki/DotClear/fr/Installer/MiseAjour">le mettre à jour</a>.</p>Encore du spam2006-04-08T14:53:00+02:002006-04-08T14:53:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-08:/post/2006/04/08/35-encore-du-spam/<p>Et ça continue, encore et encore...</p>
<p>Malgré l'utilisation de <a href="http://zeubeubeu.net/blog/plugins-dotclear">Spamplemousse</a> (topic Dotclear dédié <a href="http://www.dotclear.net/forum/viewtopic.php?id=13328">ici</a>), j'ai encore pas mal de cochonneries à nettoyer au moins tous les 2 jours... peut-être patcher moi-même le plugin pour filtrer automatiquement certaines IP? J'avoue que certains spams n'ont aucun mot qui choque, et je ne …</p><p>Et ça continue, encore et encore...</p>
<p>Malgré l'utilisation de <a href="http://zeubeubeu.net/blog/plugins-dotclear">Spamplemousse</a> (topic Dotclear dédié <a href="http://www.dotclear.net/forum/viewtopic.php?id=13328">ici</a>), j'ai encore pas mal de cochonneries à nettoyer au moins tous les 2 jours... peut-être patcher moi-même le plugin pour filtrer automatiquement certaines IP? J'avoue que certains spams n'ont aucun mot qui choque, et je ne veux pas filtrer les mots anglais, des fois que je me mette à poster en anglais.</p>
<p>C'était mon coup de gueule du jour...</p>
<p>Mise à jour : suite aux spams s'insinuant même dans les trackbacks, je les ai fermés. Marre de faire le ménage à la main, et pas le courage de bricoler Spamplemousse... et surtout pas le niveau :p</p>DRM : clé pour le succès grand public de Linux ?2006-04-07T18:18:00+02:002006-04-07T18:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-07:/post/2006/04/07/34-drm-cle-pour-le-succes-grand-public-de-linux/<p>Mon petit commentaire sur un article de Clubic...</p>
<p>Clubic publie ce jour un article sur <a href="http://www.clubic.com/actualite-33597-drm-cle-pour-le-succes-grand-public-de-linux.html">Linux et les DRM</a>. Il y a des fois je me demande si l'industrie comprend ce que c'est que Linux et le logicel libre, et je pense à deux choses précisément. </p>
<p>D'abord, le mode d'organisation …</p><p>Mon petit commentaire sur un article de Clubic...</p>
<p>Clubic publie ce jour un article sur <a href="http://www.clubic.com/actualite-33597-drm-cle-pour-le-succes-grand-public-de-linux.html">Linux et les DRM</a>. Il y a des fois je me demande si l'industrie comprend ce que c'est que Linux et le logicel libre, et je pense à deux choses précisément. </p>
<p>D'abord, le mode d'organisation : je m'inscris sur le site www.exemple.com qui me propose de la musique, des clips et des films avec des DRM. Il me faut donc de quoi reconnaître ce DRM. Et cela, quel que soit le système d'exploitation. Là où ça coince, c'est que le site en question est prêt à faire de quoi lire son DRM sous Windows, sous OS X à la rigueur, mais pas sous Linux. On attend la communauté, of course. Elle a bon dos, cette communauté, parce que lorsqu'un membre fait du reverse-engineering pour apporter une compatibilité Linux (ou autre système libre, comme les BSD et les distributions d'OpenSolaris), il se fait matraquer pour l'exemple. D'ailleurs, en parlant d'exemple, je crois que c'est ce bon vieux DVDJon qui avait programmé un client Linux pour l'iTMS d'Apple, Apple qui a bien entendu fait en sorte que ce logiciel devienne vite incompatible avec leur plateforme de vente en ligne de musique. Que serait-il arrivé si Apple avait fait une version d'iTunes pour Linux? Certes, le rapport coût de développement/augmentation des ventes sur l'iTMS ne sera pas aussi grand que pour OS X/Windows, mais au moins il y aura un support Linux. </p>
<p>Et Linux aussi il a bon dos : <em>Linux sera relégué aux serveurs et aux ordinateurs professionnels tant qu'il ne proposera pas les technologies multimédias demandées par les consommateurs</em> selon Jeff Ayars de Real Networks. Pourquoi est-ce qu'une technologie faite pour le multimédia irait se loger dans le coeur même du système d'exploitation? Le codec MP3, il est dans le kernel? Même sans lire le code source du noyau Linux, je crois pouvoir répondre non. Et de toute façon, pour le multimédia, je ne vois pas l'intérêt de plonger dans les basses coûches du système... (cela dit peut-être que le DRM à plus bas niveau est utile, mais en tout cas pas pour de la musique). </p>
<p>Donc, je crois que l'industrie ne sait pas ce qu'elle veut, ou alors qu'elle est à la solde de quelques gros qui ne voient pas d'un bon oeil l'arrivée de logiciels libres dans les foyers des utilisateurs lambda. Soyons sérieux un instant, un coup on veut pas que la communauté fasse du reverse engineering, un coup on veut que Linux supporte les DRM. Si ça ce n'est pas prendre la communauté pour une bande de moutons qu'on peut balader comme on veut, alors je n'ai rien compris (cela dit la probabilité est grande...); mais je ne demande qu'à comprendre, hein.</p>Succès de mon article sur Mac OS X2006-03-30T10:50:00+02:002006-03-30T10:50:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-30:/post/2006/03/30/33-succes-de-mon-article-sur-mac-os-x/<p>suite à sa publication sur QuébecOS</p>
<p>Le webmestre de <a href="http://www.quebecos.com">QuébecOS</a> a publié dans la section des tests mon article sur mon <a href="https://blog.anotherhomepage.org/post/2006/03/11/28-mac-os-x-tiger-6-mois-apres-le-bilan/">bilan après 6 mois d'utilisation de Mac OS X Tiger</a>. Je suis content de voir que l'article a été vu plus de 1000 fois dans la première journée et …</p><p>suite à sa publication sur QuébecOS</p>
<p>Le webmestre de <a href="http://www.quebecos.com">QuébecOS</a> a publié dans la section des tests mon article sur mon <a href="https://blog.anotherhomepage.org/post/2006/03/11/28-mac-os-x-tiger-6-mois-apres-le-bilan/">bilan après 6 mois d'utilisation de Mac OS X Tiger</a>. Je suis content de voir que l'article a été vu plus de 1000 fois dans la première journée et plus 1500 fois après 2 jours. j'espère que les visiteurs ont pris autant de plaisir à le lire que j'en ai eu à l'écrire. Je n'ai eu pour le moment aucun retour, ni positif, ni négatif, c'est dommage.</p>
<p>En attendant, ça ne fait pas avancer mon article sur Mandriva One...</p>Galerie Photo2006-03-15T21:16:00+01:002006-03-15T21:16:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-15:/post/2006/03/15/31-galerie-photo/<p>Enfin choisie !</p>
<p>J'ai enfin choisi et installé la galerie photo d'Another Homepage. Il s'agit donc de Coppermine avec un thème Kubrick. Pour le moment j'ai mis quelques wallpapers Linux, j'espère pouvoir ajouter d'autres choses bientôt. Pour aller voir la galerie, c'est ~~<a href="http://anotherhomepage.info/albums/">ici</a>~~ (édit de 2021 : le service n'existe plus).</p>
<p>Sinon …</p><p>Enfin choisie !</p>
<p>J'ai enfin choisi et installé la galerie photo d'Another Homepage. Il s'agit donc de Coppermine avec un thème Kubrick. Pour le moment j'ai mis quelques wallpapers Linux, j'espère pouvoir ajouter d'autres choses bientôt. Pour aller voir la galerie, c'est ~~<a href="http://anotherhomepage.info/albums/">ici</a>~~ (édit de 2021 : le service n'existe plus).</p>
<p>Sinon, je pense qu'avant de coder moi-même mon espace de téléchargements, je vais regarder ce qui se fait.</p>Nouveaux scripts sur Another Homepage2006-03-14T20:28:00+01:002006-03-14T20:28:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-14:/post/2006/03/14/29-nouveaux-scripts-sur-another-homepage/<p>Quelques nouveautés déjà parues et à venir :)</p>
<p>J'ai installé ce jour <a href="http://www.phpmyvisites.net/">phpMyVisites</a> sur Another Homepage. Je l'avais déjà installé sur <a href="http://adsl.free.fr/">Free</a> à l'époque où je n'avais pas encore pris l'hébergement chez <a href="http://www.1and1.fr/">1and1</a>. Après avoir regardé un peu leur module de gestion des visites, j'ai préféré installer phpMyVisites. Pourquoi? Parce que …</p><p>Quelques nouveautés déjà parues et à venir :)</p>
<p>J'ai installé ce jour <a href="http://www.phpmyvisites.net/">phpMyVisites</a> sur Another Homepage. Je l'avais déjà installé sur <a href="http://adsl.free.fr/">Free</a> à l'époque où je n'avais pas encore pris l'hébergement chez <a href="http://www.1and1.fr/">1and1</a>. Après avoir regardé un peu leur module de gestion des visites, j'ai préféré installer phpMyVisites. Pourquoi? Parce que je vais pouvoir filtrer mes visites et surtout mes visites sur l'interface d'administration du blog, qui commencent à se faire de plus en plus nombreuses, en témoigne mon article bilan sur <a href="https://blog.anotherhomepage.org/post/2006/03/11/28-mac-os-x-tiger-6-mois-apres-le-bilan/">Mac OS X</a>, que je n'ai certainement pas rédigé d'une seule traite.</p>
<p>J'en ai aussi profité pour créer une nouvelle rubrique consacrée à Apple et à ses machines. J'espère que ça me donnera des occasions de remplir ce blog plus souvent :)\</p>
<p>Du côté des nouveautés à venir, j'espère mettre une gallerie photo et pouvoir l'intégrer avec le design actuel du blog et du site. Il me faut aussi modifier le script de l'espace de téléchargement, qui ne me convient pas du tout car d'une part, il y a un bug d'affichage des images, et d'autre part, le code n'est pas conforme aux recommandations du <a href="http://www.w3.org/">W3C</a>. Je vais tester entre autres <a href="http://www.phpwebgallery.net/">PhpWebGallery</a>. Je pense aussi utiliser <a href="http://coppermine-gallery.net/">Coppermine</a>, je viens de voir qu'il possède un thème Kubrick qui s'intègrera parfaitement à l'ensemble :)</p>
<p>Stay tuned ;)</p>Mac OS X Tiger 6 mois après, le bilan2006-03-11T23:28:00+01:002006-03-11T23:28:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-11:/post/2006/03/11/28-mac-os-x-tiger-6-mois-apres-le-bilan/<p>J'ai acheté un mac en septembre 2005. Après environ 6 mois d'utilisation, un petit bilan s'impose.</p>
<p><img alt=""Mac OS X Tiger logo"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/tiger_logo042905.gif"></p>
<h2>Le contexte : besoin d'un ordinateur portable</h2>
<p>Septembre 2005. Je rédige mon mémoire de fin d'année, je me prépare à affronter la recherche d'emploi. Pour le moment, j'utilise un ordinateur portable, prêté par le laboratoire …</p><p>J'ai acheté un mac en septembre 2005. Après environ 6 mois d'utilisation, un petit bilan s'impose.</p>
<p><img alt=""Mac OS X Tiger logo"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/tiger_logo042905.gif"></p>
<h2>Le contexte : besoin d'un ordinateur portable</h2>
<p>Septembre 2005. Je rédige mon mémoire de fin d'année, je me prépare à affronter la recherche d'emploi. Pour le moment, j'utilise un ordinateur portable, prêté par le laboratoire de recherche où je travaille en alternance. Il faut dire ce qui est, la machine a pas mal vécu, la batterie est hors-service et le câble d'alimentation a lui aussi fait beaucoup de chemin. Ca faisait un moment que j'en voulais un, et c'était sans doute l'une des dernières occasions pour moi d'avoir un ordinateur portable à prix préférentiel (MIPE inside ;) ). Possédant déjà un ordinateur fixe, j'avais envie d'un ultra-portable, quelque chose de petit, que je puisse emmener partout, avec une bonne autonomie et avec une bonne compatibilité Linux. La cerise sur le gâteau étant, si possible, de pouvoir jouer à Quake 3 et Diablo 2. Je me penchais sur l'entrée de gamme, mais rien de vraiment transcendant. J'ai en plus un certain a priori sur les cartes graphiques à mémoire partagée. Mes deux premiers PC étaient équipés des chipsets graphiques Intel i810 et i815e, le moins qu'on puisse dire c'est que ce n'était pas des puces taillées pour le jeu et le multimédia.</p>
<h2>Offre MIPE, une machine "différente"</h2>
<p>Une machine cependant semblait sortir du lot des portables de l'offre <a href="http://microportable.fr/mipe/index.htm">MIPE</a>. Au niveau hardware, tout semblait être correct : 2Kg à la pesée, disque dur 40 Go, 512Mo de mémoire vive, carte vidéo Radeon 9550 (avec seulement 32Mo de mémoire, dommage) sur écran 12 pouces, 6h d'autonomie, et processeur à 1,33GHz. En gros, ce que je voulais... à un détail près : c'est un Mac, ce qui veut dire processeur PowerPC (en l'occurence G4) et système d'exploitation Mac OS X Tiger. J'avais eu l'occasion d'avoir un aperçu de Mac OS X Tiger grâce au Mac mini de ma copine de l'époque, et j'avoue que le système me plaisait bien. Toutefois, j'avais suivi sa galère lors de l'installation sur son mini de Kubuntu, puis de Gentoo. Une réflexion s'imposait. D'un côté, je risquais d'avoir une machine avec 2 OS (taxe Microsoft quasi-impossible à enlever, voyez le calvaire des gens du groupe de <a href="http://www.detaxe.org/">Détaxe</a>), ce qui consomme de la place. De l'autre, un seul système, avec des bases unix donc possibilité d'avoir certains softs que je connais déjà sous Linux. Avec en plus la sensation d'une nouvelle aventure. Le prix était raisonnable, la machine semblait relativement équilibrée et complète.</p>
<h2>Petit tour à l'Apple Store, crédit ou pas?</h2>
<p>C'est donc parti pour l'aventure. Appel à l'Apple Store, j'étudie une proposition de crédit. Apple propose une offre de paiment sous-traitée par Sofinco. Et j'avoue que cette offre, comparée à celle des banques, ne me plait pas vraiment, elle ne vaut pas vraiment le coup. D'un autre côté, aucune banque n'avait répondu à mes requêtes de rendez-vous pour un prêt MIPE. Après le temps de la réflexion, je prend donc la décision de prendre la machine comptant. Nouvel appel, je commande la machine un samedi ou un dimanche. A noter que les vendeurs Apple francophones sont assez sympa, du moins de ce que j'ai pu en juger, puisqu'ils donnent assez facilement leur adresse mail pour qu'on puisse poser des questions en cas de besoin. Cela dit ça n'a pas empêché le vendeur de vouloir me refourguer MS Office. Je commande un iBook G4 12 pouces de l'offre MIPE, avec une pochette Second Skin Tucano grise. Le tout rentrant dans un sac standard, je pourrai ainsi me balader sans qu'on voit que je transporte un ordinateur portable. Le transporteur fut sans histoire, j'ai même pu leur demander de faire réceptionner par une autre personne que moi. A noter toutefois que de ce que j'ai lu sur le net, les transporteurs sont parfois défaillant.</p>
<h2>La découverte</h2>
<p>Mes premières impressions sur cette machine sont bonnes. Je commence par réinstaller le système d'exploitation. Après Windows 98,2000, XP et 2003, plus quelques Linux dont Red Hat, Fedora, Mandriva, et Gentoo, je découvre l'installation de Mac OS X. C'est simple, c'est le moins qu'on puisse dire. C'est agréable, tout est graphique. Je trouve l'installation aussi agréable et aisée que Mandriva, et surtout, gros plus par rapport à Windows, entièrement graphique. Je ne me souviens pas exactement de la place prise par le système, mais il est quand même un peu gourmand en espace disque, du moins si l'on se met à installer certaines applications multimédia comme Garageband (que je n'ai pas installé). On est tout de suite ébahi par la simplicité du système, parfois à la limite du simpliste. On notera que le clic droit est remplacé par Ctrl+clic, à moins d'avoir une souris à 2 boutons. Le trackpad est d'ailleurs agréable, et au lieu d'avoir une zone pour le défilement, permet de le faire en appuyant avec 2 doigts à la fois.</p>
<h2>Sur le capot</h2>
<p>Les haut-parleurs intégrés sortent un bon son, un peu juste par contre pour une fête entre amis, sûrement tout aussi juste si on désire le brancher sur une télévision pour regarder un film. On choisira donc de brancher des enceintes externes dès qu'il s'agit de monter le son très fort. Toujours côté audio, je note l'absence de connectique pour microphone, celui-ci est intégré dans l'écran. Pour le moment, je ne l'utilise que peu, donc il me convient. Niveau connectique, la machine est munie d'un port Firewire400 que j'ai dû utiliser 2 fois à tout casser (c'est ma seule machine à port Firewire), ainsi que 2 ports USB 2. Un port mini-dvi (?) est aussi sur le côté, et permet, avec un adaptateur fourni, de se brancher sur un écran VGA. On remarquera que le clavier n'est pas un AZERTY standard, il n'y a pas de touche Suppr, et entre autres, l'arobase, le point d'exclamation, le tiret et l'underscore ne sont pas à leur place habituelle. Certes, on s'y habitue, mais les premiers instants sont difficiles. L'interface Ethernet est 10/100, et il y a aussi un port modem 56k. Du côté droit, le lecteur optique (combo lecteur dvd/graveur cd) est un avaleur, et la prise de courant. Il n'y a rien derrière, et rien devant si ce n'est une diode blanche et la touche d'ouverture. Dessus, la pomme s'allume lorsque la machine fonctionne et s'éteint lors de la mise en veille, c'est totalement inutile certes mais tellement marrant qu'on voudrait le voir sur tous les ordinateurs portables :) Dessous, la batterie possède une jauge de charge que l'on active à l'aide d'un petit bouton. Le connecteur du câble d'alimentation fait aussi dans le style "fashion", il est cerclé de vert lorsque la batterie est pleine, et orange lorsqu'elle est en charge. </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/v600i/connectique.jpg"><img alt=""Connectique de l'iBook G4 12 pouces"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/v600i/connectique.jpg"></a></p>
<p><em>La connectique latérale de l'iBook. Tout est quasiment ici, seuls le connecteur d'alimentation et le lecteur optique sont de l'autre côté. (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/v600i/clavier.jpg"><img alt=""Clavier de l'iBook G4 12 pouces"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/v600i/clavier.jpg"></a></p>
<p><em>Le clavier, petit et non standard AZERTY. La taille ne me gêne absolument pas, mais il aura fallu que je m'habitue à certains emplacements de touches. (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/v600i/mange_disque.jpg"><img alt=""Le"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/v600i/mange_disque.jpg"></a></p>
<p><em>Le mange-disques, attention pas de disque de 8cm ! (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/v600i/pomme_lumineuse.jpg"><img alt=""la"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/v600i/pomme_lumineuse.jpg"></a></p>
<p><em>L'élément le plus fashion et inutile. Heureusement qu'il n'est pas à l'envers !(cliquer pour agrandir)</em></p>
<h2>Sous le capot</h2>
<p>Côté puissance, l'iBook se traîne un peu au démarrage, sans doute le G4 qui accuse le poids des années, j'ai vu le même phénomène sur un mac mini. Mais une fois lancé, Mac OS X est inarretable, j'en veux pour preuve deux exemples : le premier concerne Dashboard, lorsque je viens juste de me connecter sur ma machine, les widgets mettent du temps à se charger (j'en ai 14 au total), mais après ce premier chargement, il est très difficile de le prendre en défaut (sauf si vous faites une tâche un peu lourde dans un Windows XP émulé via Virtual PC). L'autre exemple est l'uptime de ma machine. Au moment où j'écris (avant de multiples relectures), il n'est que de 4 jours, mais j'ai déjà fait un uptime de 31 jours (reboot pour un baladeur mp3, manifestement non reconnu, quel gâchis). Oui, je n'éteins quasiment jamais mon iBook, sauf pour les mises à jour Mac OS et les modifications hardware. Et oui, j'ai ajouté de la mémoire vive à ma machine, lancer plusieurs OS en même temps est de cette manière un peu moins lourd. Mais ça n'a pas changé grand-chose côté jeux, pour Diablo 2 et Quake 3, c'est bien la carte graphique et ses 32 Mo qui font défaut. Bien qu'il soit possible d'overclocker la Radeon 9550 qui équipe les derniers iBooks, je ne préfère pas tenter le diable, et j'émet l'hypothèse que c'est surtout le manque de mémoire qui empêche ces jeux de tourner aussi bien que sur PC (j'ai possédé une Radeon 9550, je peux plus ou moins comparer). Un dernier mot sur les mémoires vives : bien que sur les dernières générations d'iBook, Apple ne soit pas trop radin sur les barrettes mémoires, je ne recommande pas d'acheter de barrettes sur l'Apple Store, elles y sont 2 à 3 fois plus chères que des barrettes de mémoire vive PC, qui peuvent fonctionner sur l'iBook puisque celui-ci utilise des barrettes de mémoire de type DDR-SDRAM SODIMM. J'ai d'ailleurs acheté en novembre 2005 une barrette de 512Mo chez Surcouf pour 60 euros (selon l'iBook, l'Apple Store vous la vend <a href="http://store.apple.com/Apple/WebObjects/francestore.woa/6114040/wo/oB7caiBApAos2m9AUPKkLACFaeE/1.SLID?nclm=87330B4A">110</a> à <a href="http://store.apple.com/Apple/WebObjects/francestore.woa/6114040/wo/oB7caiBApAos2m9AUPKkLACFaeE/1.SLID?nclm=80715AC5">160</a> euros), et elle est garantie 10 ans (Quelques idées de prix au mois de mars 2006 <a href="http://www.surcouf.com/Catalogue/VisuelProduit.aspx?idnoeud=423">ici</a> et <a href="http://prixdunet.com/liste/Memoire/?t=3&p_min=&p_max=&f_0%5B%5D=&f_542%5B%5D=SO-DIMM+DDR+SDRam&f_543%5B%5D=512+Mo&f_544%5B%5D=PC2700+-+333+MHz&f_645%5B%5D=">là</a>). L'ajout du module s'est fait sans problèmes, cela m'a permis de voir que la première barrette de 512 Mo n'existe pas, mais que les puces sont directement soudées sur la carte mère. L'iBook est définitivement une machine difficile à upgrader : en farfouillant sur le net, j'ai pu voir un tutorial pour démonter un iBook, et il semble que cela relève de <a href="http://www.powerbook-fr.com/ibook/demontage/ibook_g4_article19.html?page=1">l'opération chirurgicale</a>, mais ce n'est pas impossible. </p>
<p><img alt=""tarifs" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/prix1.png"><img alt=""tarifs"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/prix2.png"></p>
<p><em>Les composants ne sont pas donnés chez Apple. Quelle est la différence entre les deux modules mémoire de 512Mo? (cliquer pour agrandir)</em></p>
<h2>L'OS lui-même, et le réseau</h2>
<p>Quittons un peu le hardware intéressons-nous aux logiciels. Commençons par Mac OS, le système d'exploitation. Je le prend rarement en défaut. Les seuls kernel panic que j'ai eu étaient causés par Virtual PC. L'OS est un peu capricieux au sortir d'une veille prolongée, mais vu comme je le maltraite, je pense que ça serait moche de ma part de m'en plaindre. L'interface Aqua est facile et agréable à prendre en main. Le système se configure en quelques clics, je trouve rapidement des astuces pour activer le compte root, naviguer dans le système de fichiers est facile, je change mes raccourcis claviers, je paramètre mon réseau (LAN + Wifi), tout ça très rapidement. Mention spéciale à la configuration du réseau, oui j'en rajoute une couche, car c'est pour moi un vrai plus de cet OS : les profils réseau, un vrai bonheur à utiliser, en un clic, on passe d'une configuration réseau à l'autre, que ce soit ip fixe, dhcp, ethernet ou sans fil, voire même modem (que je n'ai pas essayé). Côté compatibilité réseau, Apple gère les réseaux Windows grâce à Samba, là aussi on peut très facilement accéder à des partages Windows depuis l'explorateur. AppleTalk et NFS sont aussi gérés, mais je ne me sers que de Samba. Côtés fonctionnalités, je vais m'attarder sur celles d'entre elles dont on parle souvent lorsque qu'on cause d'OS X, et plus particulièrement de Tiger : exposé, dashboard et spotlight. Exposé permet, comme son nom l'indique, d'avoir une vue d'ensemble de toutes les fenêtres. L'utilisation standard de cette fonctionnalité est en lieu et place de l'alt+tab pour les habitués de Windows/Linux. Le simple équivalent sous Mac étant Pomme+tab. J'utilise assez peu cette fonctionnalité car c'est la seule de mes machines qui la possède, et je n'ai pas été convaincu par <a href="http://www.framasoft.net/article4119.html">Komposé</a>. Continuons avec dashboard. C'est sans doute l'une des trois que j'utilise le plus. C'est simple, mon dashboard est rempli de widgets, petit tour : un calendrier, une calculette, 2 météos, un résumé système, un widget de screenshots, un aggrégateur RSS et 7 bloc-notes. Heureusement que je n'ai qu'un écran 12 pouces, je n'imagine pas le nombre de bloc-notes sur un 17 pouces ! Pour finir, spotlight : je ne l'utilise pas trop, car en général je sais où est ce que je cherche sur un ordinateur. Mais pour les fois où je ne sais pas, j'avoue qu'il est puissant. Là où il est très fort, c'est qu'il va jusqu'à chercher dans les fichiers certaines informations, ou même dans les signets ! Je suis surpris qu'il ne semble pas consommer beaucoup de ressources. </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/bureau.png"><img alt=""bureau"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/bureau.png"></a></p>
<p><em>Le bureau, simple et efficace. Le gestionnaire de fichiers, Finder, lui aussi fait dans la simplicité. On peut voir que les options sont dans la barre en haut de l'écran et non dans la fenêtre de l'application. (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/syspref.png"><img alt=""préférences"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/syspref.png"></a></p>
<p><em>Le panneau des préférences systèmes, accessible très rapidement en cliquant sur la pomme en haut à gauche de l'écran, puis sur "Préférences Système...". (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/netconf.png"><img alt=""configuration"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/netconf.png"></a></p>
<p><em>Menu de configuration réseau. On remarquera le système de profil, ici "Maison". (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/dashboard.png"><img alt=""dashboard"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/dashboard.png"></a></p>
<p><em>Dashboard, ici tellement utilisé que j'ai préféré masquer certaines données personnelles. (cliquer pour agrandir)</em> </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/partages.png"><img alt=""partages"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/partages.png"></a></p>
<p><em>On peut se connecter depuis ce simple panneau à de nombreux systèmes de transfert de fichiers, dont SMB, FTP et NFS. (cliquer pour agrandir)</em> </p>
<p><img alt=""un"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/montage.png"></p>
<p><em>Exemple d'un partage réseau monté. La même chose apparaît lors de l'installation d'une application ou lors de l'insertion d'un CD ou DVD.</em></p>
<p><strong>Reconnaissance de périphériques, pilotes</strong> </p>
<p>De ce côté-là, c'est le pied ! Ma souris USB "de base" a fonctionné sans problème, et la Logitech que j'ai acheté il y a peu (sans fil quand tu nous tiens) fonctionne sans avoir à installer de pilotes. De même pour l'imprimante combo HP chez mes parents, je n'ai pas testé le scanner mais l'impression fonctionnait au poil. Au bureau, les imprimantes réseau ont été gérées avec la même facilité. Les clés et disques dur USB passent sans problème, enfin, s'ils sont formatés en HPFS (système de fichiers Mac OS) ou en FAT. J'ai essayé avec un disque dur en ext3, sans succès. Dommage qu'Apple ait enlevé le support de certains systèmes de fichiers, ils piochent tellement dans le libre que la gestion des partitions Linux, j'aurais vraiment apprécié. Je n'ai pas encore essayé d'utiliser un graveur externe USB ou firewire, mais j'ose espérer que cela fonctionnera. Pour les webcams, il semble que ma boue de chez Labtec qui, ô miracle, passe sous Linux, pourrait fonctionner sous OS X grâce à <a href="http://webcam-osx.sourceforge.net/">un projet libre</a>. Cela dit, je pense que ce bon résultat côté périphériques était à attendre, cela fait un moment que je fais très attention au matériel informatique que j'achète. La compatibilité Linux et dorénavant OS X fait partie de mes priorités lorsque j'achète du matériel (je me souviens encore lorsque j'ai acheté la souris logitech : "bonjour, je veux une souris pour ordinateur portable sans fil et compatible Mac". Ca fait déjà pas chieur comme client). Pour le bluetooth, j'ai eu l'occasion de le tester avec un v600i, toujours pareil, quelques clics et c'est réglé, je transfère quelques photos avec un bon débit, et je peux même m'en servir comme souris en lieu et place de celle branchée ou du trackpad, c'est impressionnant :) </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/assistant_bt.png"><img alt=""Assistant"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/assistant_bt.png"></a></p>
<p><em>L'un des nombreux assistants, ici celui de configuration d'un périphérique Bluetooth, en l'occurence le téléphone portable de ma petite soeur que je remercie pour m'avoir donné quelques minutes de son temps. (cliquer pour agrandir)</em></p>
<h2>Personnalisation et logithèque</h2>
<p>Côté personnalisation, c'est maigre, du moins aussi maigre que Windows XP. Il est possible d'y remédier en achetant un logiciel, mais l'interface grise fournie avec celle bleue que tout le monde connait me convient. Quelque chose d'important sur un OS, sa logithèque. On pourrait penser qu'on a moins de logiciels sous Mac que sous PC Windows ou Linux. Si c'est le cas, ça ne se voit pas. Pour ma part, j'ai installé : 4 navigateurs web, 2 clients FTP, 1 logiciel de téléphonie IP, plusieurs outils réseau console et graphique, 3 clients de messagerie instantanée, 1 client IRC, un éditeur de texte, un client VPN, 3 ou 4 lecteurs multimedia, 3 jeux, 1 suite bureautique, un logiciel de retouche d'images et d'autres trucs... Je crois qu'avec ça j'ai mon bonheur. Alors parce qu'on cherche toujours des équivalent, voici ze list :</p>
<ul>
<li>Navigateur web : Safari, Firefox, Camino, Flock</li>
<li>Client FTP : Cyberduck, gFTP (disponible via Darwinports)</li>
<li>Téléphonie IP : X-Lite (OpenWengo en plugin pour Firefox)</li>
<li>Outils réseau (non-exhaustif) : Nmap, Ethereal, Tcpdump, Ngrep, Kismac, Macstumbler</li>
<li>Messagerie instantanée : aMSN, iChat, AdiumX</li>
<li>Client IRC : X-chat Aqua</li>
<li>Editeur de texte : Smultron</li>
<li>VPN : Tunnelblick (client OpenVPN)</li>
<li>Lecteurs multimédia : iTunes, VLC, Mplayer OSX, Lecteur Windows Media, Xine, QuickTime, RealPlayer</li>
<li>Jeux : Armagetron, Quake 3 Arena, Diablo 2, Marble Blast Gold (fourni avec la machine)</li>
<li>Suite bureautique : OpenOffice.org, NeoOffice (que je n'utilise plus depuis qu'OOo2 est sorti)</li>
<li>Retouche d'image : installation de Gimp via Darwinports, lancement via Gimp.app et GimpShop</li>
</ul>
<p>Sincèrement, niveau logiciels, je suis comblé. On notera que je parle pas des clients mail. Ma messagerie reste sous Linux, sur mon ordinateur de bureau. Si un jour Evolution est dispo pour OS X ou que j'installe Linux sur l'iBook, je transfèrerai peut-être mes mails. En attendant, lorsque j'utilise l'iBook, les webmails me conviennent. Comme c'est une machine qui se veut d'appoint, je n'utilise au final qu'assez peu les logiciels de la suite iLife, je n'ai pas installé GarageBand ni iPhoto, et j'ai mis du temps à utiliser iTunes. Pour ce dernier, j'ai fini par m'y mettre, et finalement il a des fonctions bien agréables, comme le "mix de soirée", qui joue aléatoirement les titres de toute la bibliothèque. Pour les linuxiens, <a href="http://fink.sourceforge.net/">Fink</a> ou <a href="http://www.darwinports.org/">Darwinports</a> combiné à l'installation de X11 (En l'occurrence XFree86 4.4.0) ajoute pas mal de choses. Cela dit, les applications X11 sont un peu plus lourdes que les applications natives Aqua, ce qui est dommage, en tout cas pour OOo2 et Gimp, qui sont les applis X11 que j'utilise le plus. </p>
<p><a href="https://blog.anotherhomepage.org/public/2006/Bilan_osx/itunes.png"><img alt=""iTunes"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/itunes.png"></a></p>
<p><em>Le célèbre iTunes, ici en configuration "Mix de soirée". (cliquer pour agrandir)</em> </p>
<p><a href="http://www.anotherhomepage.info/Photos/Bilan_osx/adium.png"><img alt=""AdiumX"" src="https://blog.anotherhomepage.org/public/2006/Bilan_osx/Bilan_mini/adium.png"></a></p>
<p><em>Adium, un client de messagerie instantanée multiprotocle. Ce logiciel est tellement bien que je regrette qu'il n'existe pas de version Linux. (cliquer pour agrandir)</em></p>
<h2>En conclusion, et le futur</h2>
<p>Cette machine et son système d'exploitation sont aujourd'hui mon compagnon de tous les jours dans mon sac, son système simple et efficace me satisfait dans l'utilisation basique que j'en ai. Les rares problèmes que j'ai pu avoir lors de mes débuts ont été résolus par une communauté francophone sans cesse grandissante, et aujourd'hui je suis pleinement satisfait de cette machine. Pour le futur, plusieurs questions se posent : vais-je acheter d'autres mac? Vais-je n'acheter que des mac? Est-ce que j'investirai dans Mac OS X Leopard lorsqu'il sera sorti? Pour la première question, je ne sais pas, cela dépendra du moment. Ce qui est sûr, c'est que si j'achète un autre mac, cela sera en remplacement de celui-ci, donc un portable. Pour les machines de bureau, je considère que les mac ne m'apporteront pas assez de modularité au niveau composants hardware. En plus, je suis pas très Intel questions processeurs... je n'achèterai donc pas que des mac. Quant à investir dans Leopard, je crois que je verrai aussi à sa sortie, les questions que je me poserai à ce moment-là : qu'apporte-t-il qui vaille la peine de mettre à jour? A quel tarif? GNU/Linux aura-t-il assez progressé pour remplacer OS X sur cette machine?\</p>
<h2>Commentaires</h2>
<h3>Le 13/03/2006 01:21 par <a href="http://www.cngz.be">scientifik_u</a></h3>
<p>Salut, très bon article :)
J'ai jamais pu touché vraiment à du mac, mais la, on voit bien tout les détail
;-)
Merci pour m'avoir montré ce système 'inconnu' pour ma part, et bonne soirée :P</p>
<h3>Le 17/03/2006 14:34 par M@T</h3>
<p>Merci de m'avoir indiquer ton blog.
Ton article a fini de me convaincre d'en acheter un... ^^</p>
<p>A+</p>
<p>Un lecteur de PC INpact heureux !</p>
<h3>Le 17/03/2006 21:22 par Nils</h3>
<p>Et en plus tu as la preuve en image que la pomme s'allume :)</p>
<h3>Le 28/03/2006 15:04 par boo</h3>
<p>Moi je regrette que adium n existe pas sous Linux et Windows il ferais un carton :D
Sinon nickel cette article :p</p>Ma mule dans toute sa splendeur2006-03-01T23:34:00+01:002006-03-01T23:34:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-01:/post/2006/03/01/27-ma-mule-dans-toute-sa-splendeur/<p>par les logiciels libres, et pour les logiciels libres</p>
<p><em>Edit de 2021 : l'image "aMule uploade des distributions Linux" a été hélas perdue.</em></p>
<p>Je suis ravi de pouvoir décharger un peu les miroirs FTP :D</p>De la beauté de l'interface utilisateur2006-03-01T23:31:00+01:002006-03-01T23:31:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-01:/post/2006/03/01/26-de-la-beaute-de-l-interface-utilisateur/<p>Chez Alienware</p>
<p>Heureusement pour nous, Alienware nous laisse ses thèmes Windows gratuitement, car même s'ils semblent de bonne qualité, ses ordinateurs ne sont pas donnés. En plus d'AlienMorph et d'ALXMorph, deux nouveaux thèmes ont fait leur apparition, Invader et Darkstar. D'ailleurs, Invader m'a beaucoup plu, au point d'en montrer une …</p><p>Chez Alienware</p>
<p>Heureusement pour nous, Alienware nous laisse ses thèmes Windows gratuitement, car même s'ils semblent de bonne qualité, ses ordinateurs ne sont pas donnés. En plus d'AlienMorph et d'ALXMorph, deux nouveaux thèmes ont fait leur apparition, Invader et Darkstar. D'ailleurs, Invader m'a beaucoup plu, au point d'en montrer une image ici : </p>
<p><em>Edit de 2021 : l'image "thème Alienware Invader" a été hélas perdue.</em></p>
<p>~~Etant donné que les téléchargements sur le site d'Alienware ne sont pas rapides, je vous propose de télécharger les thèmes et applications pour les appliquer <a href="http://anotherhomepage.info/ftp.php?d=Applications/Windows/Personnalisation">ici</a>~~. Trop de téléchargements, j'ai supprimé le fichier de mon site. Désolé !</p>Le spam s'insinue même dans les blogs !2006-02-25T12:50:00+01:002006-02-25T12:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-02-25:/post/2006/02/25/24-le-spam-s-insinue-meme-dans-les-blogs/<p>Du cul du cul du cul ! Faudrait remonter au dessus de la ceinture de temps en temps...Je voulais juste pousser un coup de gueule, contre ces gens qui pensent qu'en venant pourrir les commentaires des blogs, ils attireront des visiteurs sur des sites peu recommandables. Déjà qu'on me propose …</p><p>Du cul du cul du cul ! Faudrait remonter au dessus de la ceinture de temps en temps...Je voulais juste pousser un coup de gueule, contre ces gens qui pensent qu'en venant pourrir les commentaires des blogs, ils attireront des visiteurs sur des sites peu recommandables. Déjà qu'on me propose pas mal de saletés par mail, si en plus je dois supprimer le peu de commentaires que j'ai, ça risque vraiment de me faire sortir de mes gonds. Je n'envisage pas pour le moment de mettre un <a href="http://www.atelierphp5.com/un-captcha-accessible.html">Captcha</a>, je crois que c'est trop contraignant, surtout du fait de l'audience de ce site. Cependant un autre plugin existe, il s'agit de Spamplemousse, disponible pour le moment en version <a href="http://zeubeubeu.net/vrac/plugins/plugin-spamplemousse-0.1.3.pkg.gz">0.1.3</a>. Pour le moment, ça marche pas trop mal, et j'espère ne pas avoir à utiliser des méthodes plus radicales, comme celle de fermer les commentaires. Cela serait vraiment dommage. </p>
<p>D'autres solutions sont disponibles en recherchant sur un moteur de recherche avec les mots-clé <a href="http://www.google.fr/search?hs=a2w&hl=fr&client=firefox-a&rls=org.mozilla%3Afr%3Aofficial&q=dotclear+commentaires+spam&btnG=Rechercher&meta=">Dotclear, commentaires et spam</a> ou en allant sur le <a href="http://www.dotclear.net/forum/">forum de Dotclear</a>. Un certain nombre impliquent une édition du code de Dotclear, c'est plus du bricolage qu'autre chose, mais bon, ça a au moins le mérite de fonctionner.</p>Les dangers de l'utilisateur root2006-02-24T14:35:00+01:002006-02-24T14:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-02-24:/post/2006/02/24/23-les-dangers-de-l-utilisateur-root/<p>En anglais, mais désopilant...</p>
<p>Parmi les nombreux flux RSS disponibles dans mon aggrégateur, j'ai récemment ajouté <a href="http://www.theregister.co.uk">The Register</a>, et je dois dire que par moment, il me fait bien rire. Voyez par vous-même : <a href="http://www.theregister.co.uk/2006/02/24/bofh_2006_episode_8/">ici</a>. Attention, c'est en anglais....</p>La flambée du prix de la ram2006-02-08T11:50:00+01:002006-02-08T11:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-02-08:/post/2006/02/08/20-la-flambee-du-prix-de-la-ram/<p>On va finir par spéculer sur le cours de la RAMAprès les supers ordis des 3 Suisses (voir billet concerné), voici le prix de barrettes de mémoire vive sur LDLC. Si ça se vend, je demande à savoir qui a osé en acheter ! </p>
<p><a href="http://anotherhomepage.info/Photos/Humour/ldlc_fr.png">Screenshot tarif RAM LDLC 8 février 2006 …</a></p><p>On va finir par spéculer sur le cours de la RAMAprès les supers ordis des 3 Suisses (voir billet concerné), voici le prix de barrettes de mémoire vive sur LDLC. Si ça se vend, je demande à savoir qui a osé en acheter ! </p>
<p><a href="http://anotherhomepage.info/Photos/Humour/ldlc_fr.png">Screenshot tarif RAM LDLC 8 février 2006</a></p>Un super ordinateur multimédia2006-02-06T20:17:00+01:002006-02-06T20:17:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-02-06:/post/2006/02/06/19-un-super-ordinateur-multimedia/<p>Le prix de la miniaturisation</p>
<p>Je n'ai pas les moyens de l'acheter, et en plus il n'est réservé qu'aux femmes, voyez vous-mêmes : <a href="http://www.glazman.org/weblog/dotclear/index.php?2006/01/30/1538-best-of-tc-2">PC Multimedia sur Glazblog</a>. </p>
<p>Les 3 suisses, j'aime bien :)) </p>
<p>Edit : j'ai trouvé encore mieux, c'est génial et c'est <a href="http://blog.neovov.com/?2006/01/29/37-mortel">sur Sea Blog</a>.<br>
J'adore les 3 suisses, ils sont à …</p><p>Le prix de la miniaturisation</p>
<p>Je n'ai pas les moyens de l'acheter, et en plus il n'est réservé qu'aux femmes, voyez vous-mêmes : <a href="http://www.glazman.org/weblog/dotclear/index.php?2006/01/30/1538-best-of-tc-2">PC Multimedia sur Glazblog</a>. </p>
<p>Les 3 suisses, j'aime bien :)) </p>
<p>Edit : j'ai trouvé encore mieux, c'est génial et c'est <a href="http://blog.neovov.com/?2006/01/29/37-mortel">sur Sea Blog</a>.<br>
J'adore les 3 suisses, ils sont à la pointe de la technologie :D</p>Tarifs du Mozilla Store2006-02-06T20:11:00+01:002006-02-06T20:11:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-02-06:/post/2006/02/06/18-tarifs-du-mozilla-store/<p>Faudrait qu'on m'explique...Je suis fan des T-shirts à motifs sérigraphiés. J'en ai peu, mais j'aime en avoir des sympas. Dans ma liste actuelle, on trouve : un t-shirt Magic, un sur l'asso de mon IUT (Valence), un avec Spiderman, d'autres associés à des évènements ou à un commerce... </p>
<p>Un truc …</p><p>Faudrait qu'on m'explique...Je suis fan des T-shirts à motifs sérigraphiés. J'en ai peu, mais j'aime en avoir des sympas. Dans ma liste actuelle, on trouve : un t-shirt Magic, un sur l'asso de mon IUT (Valence), un avec Spiderman, d'autres associés à des évènements ou à un commerce... </p>
<p>Un truc qui me fait triper depuis longtemps, ce sont les t-shirts geeks. Vous savez, ceux vantant les mérites de vos logiciels favoris, ou des citations, des commandes, enfin bref, des trucs de geek, quoi. A ce titre, la référence internationale est <a href="http://www.thinkgeek.com/">Think Geek</a>, mais commander aux US quand on est en France, ça fait mal au portefeuille à cause de la douane. </p>
<p>Mais il y a le <a href="http://store.mozilla.org/">Mozilla Store</a> ! Et là, après un rapide coup d'oeil, on voit qu'il y en a 2 : un pour l'amérique, et un pour le reste du monde. Ce dernier est situé au Royaume-Uni. "Chouette !" peut-on se dire. Je me suis donc dit que je pourrais faire une commande avec un collègue de travail. La commande, elle ne risque pas de se faire, à cause des frais de port. Je veux bien comprendre que les frais de ports augmentent si la masse du colis augmente, mais j'avoue que le mode de calcul échappe à ma logique... Voyez par vous-mêmes : </p>
<p><img alt=""2 T-shirts taille large"" src="https://blog.anotherhomepage.org/public/2006/MozillaStore/2tshirtslarge.png"></p>
<p><img alt=""2 T-shirts taille
moyenne"" src="https://blog.anotherhomepage.org/public/2006/MozillaStore/2tshirtsmedium.png"></p>
<p>Edit de 2021 : l'image des 4 T-shirts a été perdue.</p>
<p>On remarque que les frais de ports pour 4 T-shirts sont plus importants que la somme de 2 commandes de 2 T-shirts. Quelqu'un a une explication rationnelle?</p>Une documentation, ça évolue2006-01-31T18:51:00+01:002006-01-31T18:51:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-31:/post/2006/01/31/17-une-documentation-ca-evolue/<p>Surtout une documentation sur le web</p>
<p>Certaines et certains se souviennent peut-être du FAI Infonie, mort et enterré il y a de cela plusieurs années. J'ai eu l'idée saugrenue de taper ce mot dans la barre de recherche pour Google dans mon Firefox adoré, et dans les 3 premiers liens …</p><p>Surtout une documentation sur le web</p>
<p>Certaines et certains se souviennent peut-être du FAI Infonie, mort et enterré il y a de cela plusieurs années. J'ai eu l'idée saugrenue de taper ce mot dans la barre de recherche pour Google dans mon Firefox adoré, et dans les 3 premiers liens, on trouvera <a href="http://hotline.chez-alice.fr/linux/">ceci</a>. </p>
<p>Bon, sérieusement, je sais pas vous, mais rien qu'à voir l'url et le contenu, ça me fait bien marrer :)) (maintenant on sait pourquoi c'est pas cher Alice)</p>Mandriva Security Update2006-01-14T11:44:00+01:002006-01-14T11:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-14:/post/2006/01/14/16-mandriva-security-update/<p><img alt="Logo de la distribution Mandriva" src="https://web.archive.org/web/20051015204543/http://upload.wikimedia.org/wikipedia/en/9/95/Mandriva_logo.png">Mettez à jour votre distribution !Mandriva a publié de nouvelles mises à jour, 2 sont importantes, mais à des titres différents :</p>
<ul>
<li>La première est une mise à jour de sécurité, il s'agit d'une faille concernant kdegraphics, quelques applications l'utilisant sont aussi corrigées;</li>
<li>La deuxième est sans doute une mise à …</li></ul><p><img alt="Logo de la distribution Mandriva" src="https://web.archive.org/web/20051015204543/http://upload.wikimedia.org/wikipedia/en/9/95/Mandriva_logo.png">Mettez à jour votre distribution !Mandriva a publié de nouvelles mises à jour, 2 sont importantes, mais à des titres différents :</p>
<ul>
<li>La première est une mise à jour de sécurité, il s'agit d'une faille concernant kdegraphics, quelques applications l'utilisant sont aussi corrigées;</li>
<li>La deuxième est sans doute une mise à jour de bug ou un cadeau de la part de Mandriva : Xorg 6.9 Final ! On a enfin une version de Xorg stable dans Mandriva 2006 !</li>
</ul>
<p>Pour installer ces mises à jour, la bonne vieille méthode en mode texte marche toujours :</p>
<div class="highlight"><pre><span></span><code>urpmi.update -a
</code></pre></div>
<p>en ayant pris soin d'avoir le media "updates", sinon ajoutez-le à l'aide de <a href="http://easyurpmi.zarb.org">Easy Urpmi</a>;</p>
<div class="highlight"><pre><span></span><code>urpmi --auto-select
</code></pre></div>
<p>installera tous les paquets plus récents que ceux installés. Si vous voulez automatiser complètement la tâche, l'option --force permet d'éviter la demande de confirmation d'urpmi; bien entendu, ces deux commandes sont à taper en tant que root. </p>
<p>Pour les allergiques à la ligne de commande, je rappelle que vous pouvez faire ces mises à jour depuis le centre de contrôle Mandriva, cherchez "Configurer votre ordinateur" dans le menu de KDE ou Gnome, ou tapez Alt+F2 puis entrez "mcc" dans la boite de dialogue. Le mot de passe root sera ensuite demandé. </p>
<p>Source pour la correction de kdegraphics : <a href="http://www.frsirt.com/bulletins/3535">FrSirt</a> </p>
<p>Source pour Xorg : moi en faisant la mise à jour :p</p>Firefox est plutôt sexy2006-01-12T17:06:00+01:002006-01-12T17:06:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-12:/post/2006/01/12/15-firefox-est-plutot-sexy/<p>Firefox + sexe + Google = argent ?J'ai lu quelquechose d'assez peu ordinaire sur le <a href="http://standblog.org/blog/2006/01/12/93114608-marketing-101">Standblog</a> de Tristan Nitot. Un webmestre a trouvé l'astuce pour se faire du blé simplement : le principe est de proposer une vidéo d'une demoiselle qui va s'effeuiller pour nous... à condition d'installer Firefox (et la Google Toolbar, ce …</p><p>Firefox + sexe + Google = argent ?J'ai lu quelquechose d'assez peu ordinaire sur le <a href="http://standblog.org/blog/2006/01/12/93114608-marketing-101">Standblog</a> de Tristan Nitot. Un webmestre a trouvé l'astuce pour se faire du blé simplement : le principe est de proposer une vidéo d'une demoiselle qui va s'effeuiller pour nous... à condition d'installer Firefox (et la Google Toolbar, ce qui a son importance)! Plus nous serons nombreux, plus nous aurons accès à une grande partie de la vidéo. Pour les intéressés, c'est <a href="http://www.fire-mary.com/firefox-fr.php">ici en français</a>. Après compréhension et relecture, cette initiative est totalement indépendante de la fondation Mozilla et la seule personne qui en tire bénéfice, c'est le webmestre qui s'en file plein les poches grâce à Google. Y'a des futés... </p>
<p>Bon, maintenant ce que j'en pense. C'est, comment dire... Je trouve que c'est un peu limite. Déjà je trouve ça salaud que certains sites déjà peu recommandables installent des saletés dans notre dos, mais je trouve qu'utiliser une logique proche de celle des sites de Q, même si là le logiciel est tout ce qu'il y a de plus recommandable, ça va un peu loin. Mais bon, je ne peux pas contredire Tristan sur le fait que le sexe fait vendre... </p>
<p>Et si je pensais à allumer mon deuxième cerveau? (je rappelle que l'homme possède deux cerveaux, le premier est situé entre les jambes et le second au-dessus des épaules, et que pour des raisons d'économie d'énergie, j'allume rarement le second)</p>Transférer Dotclear de Free à 1and12006-01-12T13:39:00+01:002006-01-12T13:39:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-12:/post/2006/01/12/14-transferer-dotclear-de-free-a-1and1/<p>Attention à vos bases de données !De nombreux blogueurs utilisant <a href="http://www.dotclear.net">Dotclear</a> chez Free on saisi la chance que leur offrait <a href="http://www.1and1.fr">1and1</a>, offre qui a pris fin au 4 janvier. Cette offre, alléchante, consiste en :</p>
<ul>
<li>un hébergement web de 2000 Mo;</li>
<li>PHP 4, MySQL 4 (base limitée à 100Mo);</li>
<li>un nom …</li></ul><p>Attention à vos bases de données !De nombreux blogueurs utilisant <a href="http://www.dotclear.net">Dotclear</a> chez Free on saisi la chance que leur offrait <a href="http://www.1and1.fr">1and1</a>, offre qui a pris fin au 4 janvier. Cette offre, alléchante, consiste en :</p>
<ul>
<li>un hébergement web de 2000 Mo;</li>
<li>PHP 4, MySQL 4 (base limitée à 100Mo);</li>
<li>un nom de domaine en .info avec sous-domaines possibles;</li>
<li>accès SSH;</li>
<li>500 comptes mail POP/IMAP;</li>
<li>traffic limité (je ne me souviens plus de la limite);</li>
<li>tarif : gratuit pendant 3 ans.</li>
</ul>
<p>En clair, l'affaire de l'année 2005 ! </p>
<p>Mais (oui, il y a un mais, sinon ce n'est pas drôle), certains utilisateurs auront remarqué qu'une fois migré de Free à 1and1, il n'est plus possible d'ajouter un billet, un commentaire ou un lien sans obtenir une erreur du type :</p>
<div class="highlight"><pre><span></span><code><span class="s2">"</span><span class="s">MySQL : 1062 - Duplicate entry '0' for key 1</span><span class="s2">"</span>
</code></pre></div>
<p>Cela est provoqué par le fait que certains champs des tables de Dotclear devraient être en "auto_increment". L'export de la base de données n'a pas mémorisé ces incrémentations automatiques. Si vous avez encore vos tables intactes chez Free, le plus simple reste encore de modifier les fonctions d'exportation pour obtenir ces attributs aux champs concernés. Par précaution, pensez à exporter la base en mode compatibilité "MYSQL40", car Free utilise MySQL 4.1 et 1and1 MySQL 4.0. <a href="http://asi.insa-rouen.fr/~lfallet/informatique/bdd/bdd.php">Ce tutoriel</a> pourrait aussi être utile. Si comme moi vous vous êtes empressés de vider vos bases de données chez Free, il y a encore un espoir. Il suffit d'aller rajouter via phpMyAdmin les attributs "auto_increment" dans les bons champs. En l'occurence :\</p>
<ul>
<li>table "dc_comment", champ "comment_id" pour les commentaires</li>
<li>table "dc_post", champ "post_id" pour les billets</li>
<li>table "dc_link", champ "link_id" pour les liens</li>
<li>table "dc_categorie", champ "cat_id" pour les catégories (ajouté le 06/02/2005)</li>
<li>j'en suspecte d'autres, je les rajouterai ici au fur et à mesure</li>
</ul>
<p>En cas de problème, n'oublions pas que le site de Dotclear est doté d'un <a href="http://www.dotclear.net/forum">forum</a>, et que quelques problèmes ont déjà été relevés, passez donc voir si celui-ci n'a pas été résolu ;)</p>
<h2>Commentaires</h2>
<h3>Le 15/03/2006 10:14 par <a href="http://jmax.blog@free.fr">jMax</a></h3>
<p>Merci pour cette info qui m'a permis de chercher du bon côté...</p>
<p>et de me rendre compte qu'il y a aussi le champ ping_id dans dc_ping</p>Promotion chez Mandinux2006-01-11T20:29:00+01:002006-01-11T20:29:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-11:/post/2006/01/11/13-promotion-chez-mandinux/<p>Merci à tout le staff :)Depuis quelques jours, je suis passé modérateur sur <a href="http://mandinux.free.fr">Mandinux</a>, une communauté d'utilisateurs de Mandriva Linux. J'en suis content car cela me donne les moyens d'aider cette communauté à se donner des ambitions, et quelque part cela récompense mes efforts au sein de celle-ci. En attendant …</p><p>Merci à tout le staff :)Depuis quelques jours, je suis passé modérateur sur <a href="http://mandinux.free.fr">Mandinux</a>, une communauté d'utilisateurs de Mandriva Linux. J'en suis content car cela me donne les moyens d'aider cette communauté à se donner des ambitions, et quelque part cela récompense mes efforts au sein de celle-ci. En attendant, il me reste à transférer Mandinux sur un nouveau serveur, car je ne suis pas le seul à avoir profité de l'offre de fin d'année de <a href="http://www.1and1.fr">1and1</a>. </p>
<p>Quoi qu'il en soit, je tiens à remercier tout le staff de Mandinux pour la confiance qu'ils m'accordent, et j'espère être à la hauteur.</p>
<h2>Commentaires</h2>
<h3>Le 14 jan. 2006, 11:26 par <a href="http://www.hicham.cliranet.com/slashroot">/root</a></h3>
<p>bienvenue dans l'équipe, je suis heureux de te compter parmi nous...</p>
<h3>Le 09 fév. 2006, 19:36, par boo</h3>
<p>Exacte je suis bien contant de te voir dans l equipe ;)</p>
<p>@++</p>Déménagement et changement2006-01-11T13:02:00+01:002006-01-11T13:02:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-11:/post/2006/01/11/12-demenagement-et-changement/<div class="highlight"><pre><span></span><code>$ mv /pagespersos/free/anothergeekblog /pagespros/1and1/anotherhomepage/blog
</code></pre></div>
<p>Another Homepage est née, et Another Geek Blog devient son blog :) </p>
<p>Je passe des pages persos de mon FAI à un hébergeur professionnel, avec nom de domaine. Ca change, rien que les services proposés me font tourner la tête... </p>
<p>Il me reste …</p><div class="highlight"><pre><span></span><code>$ mv /pagespersos/free/anothergeekblog /pagespros/1and1/anotherhomepage/blog
</code></pre></div>
<p>Another Homepage est née, et Another Geek Blog devient son blog :) </p>
<p>Je passe des pages persos de mon FAI à un hébergeur professionnel, avec nom de domaine. Ca change, rien que les services proposés me font tourner la tête... </p>
<p>Il me reste à prévenir les gens qui connaissent l'ancienne adresse, à créer des redirections, bref, les données ont migré mais le déménagement ne fait que commencer ! L'année débute bien :) </p>
<p>J'en profite pour faire passer mes meilleurs voeux à tout le web !</p>Faille WMF, Microsoft se fait attendre2006-01-06T12:26:00+01:002006-01-06T12:26:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-06:/post/2006/01/06/11-faille-wmf-microsoft-se-fait-attendre/<p>Et en plus le patch ne vient même pas de chez eux !On aura tout vu ! Microsoft ne se presse pas pour publier les rustines pour ses systèmes d'exploitation, du coup il est recommandé d'utiliser un patch qui ne vient pas de chez eux ! </p>
<p>L'article est <a href="http://www2.canoe.com/techno/nouvelles/archives/2006/01/20060103-231205.html">ici</a>, vous pouvez télécharger …</p><p>Et en plus le patch ne vient même pas de chez eux !On aura tout vu ! Microsoft ne se presse pas pour publier les rustines pour ses systèmes d'exploitation, du coup il est recommandé d'utiliser un patch qui ne vient pas de chez eux ! </p>
<p>L'article est <a href="http://www2.canoe.com/techno/nouvelles/archives/2006/01/20060103-231205.html">ici</a>, vous pouvez télécharger le patch sur <a href="http://isc.sans.org/diary.php?storyid=1010">cette page</a>. </p>
<p>Sans vouloir troller, j'ai trouvé une parade infaillible : ne pas utiliser de logiciels Microsoft. Bon, j'avoue, elle est un peu facile celle-là, j'essaierai de trouver mieux la prochaine fois.</p>Une définition des blogs qu'elle est bien bonne2006-01-05T21:27:00+01:002006-01-05T21:27:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-05:/post/2006/01/05/10-une-definition-des-blogs-qu-elle-est-bien-bonne/<p>Merci Daniel GlazmanDaniel Glazman (<a href="http://www.glazman.org/weblog/dotclear/index.php">Blog</a>) vient de publier un billet qui fait me tordre de rire tellement il est vrai. Je pensais qu'on en avait fini avec toutes ces histoires sur la bulle Internet, les start-up (qu'on aurait dû appeler start-down, vu le nombre qui se sont ramassés), mais non …</p><p>Merci Daniel GlazmanDaniel Glazman (<a href="http://www.glazman.org/weblog/dotclear/index.php">Blog</a>) vient de publier un billet qui fait me tordre de rire tellement il est vrai. Je pensais qu'on en avait fini avec toutes ces histoires sur la bulle Internet, les start-up (qu'on aurait dû appeler start-down, vu le nombre qui se sont ramassés), mais non. Le web 2.0 et Ajax (si vous pensez que je parle du produit nettoyant, vous êtes à des années lumières de ce dont je cause) prennent le relai, sans oublier Ze grande mode du moment, les blogs. </p>
<p>Du coup, Daniel Glazman nous sort sa <a href="http://www.glazman.org/weblog/dotclear/index.php?2006/01/05/1474-ma-definition-d-un-blog-20">"définition d'un blog 2.0"</a>. Et ça vaut le détour, croyez-moi.</p>Mandriva Security Update2005-12-24T13:26:00+01:002005-12-24T13:26:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-12-24:/post/2005/12/24/9-mandriva-security-update/<p><img alt="Logo de la distribution Mandriva" src="https://web.archive.org/web/20051015204543/http://upload.wikimedia.org/wikipedia/en/9/95/Mandriva_logo.png">Mettez à jour votre distribution !</p>
<p>Mandriva vient de sortir quelques mises à jour de sécurité pour le noyau. Il est bien entendu plus que recommandé d'installer ces mises à jour. Vous pouvez trouver plus de renseignements sur la page dédiée à cette mise à jour sur <a href="http://www.frsirt.com/bulletins/3327">FrSirt</a>.</p>
<p>Un noyau ne …</p><p><img alt="Logo de la distribution Mandriva" src="https://web.archive.org/web/20051015204543/http://upload.wikimedia.org/wikipedia/en/9/95/Mandriva_logo.png">Mettez à jour votre distribution !</p>
<p>Mandriva vient de sortir quelques mises à jour de sécurité pour le noyau. Il est bien entendu plus que recommandé d'installer ces mises à jour. Vous pouvez trouver plus de renseignements sur la page dédiée à cette mise à jour sur <a href="http://www.frsirt.com/bulletins/3327">FrSirt</a>.</p>
<p>Un noyau ne se met pas à jour comme ça. Vous devez installer le noyau en parallèle de l'ancien et redémarrer. N'oubliez pas de modifier la configuration de votre chargeur de démarrage (Lilo ou Grub, modification possible depuis le centre de contrôle). Comme ce genre de mise à jour est impossible à automatiser, le paquet du noyau n'est pas affiché dans la rubrique de mises à jour de paquets Mandriva dans le centre de contrôle. Il vous faudra installer volontairement ce paquet en allant dans la rubrique adéquate. Le nouveau paquet de noyau a pour numéro de version 2.6.12.14mdk-1-1mdk. Bien entendu, si vous utilisez un kernel "spécial" de Mandriva, comme le kernel "entreprise", ou ceux gérant jusqu'à 1 ou 4Go de mémoire vive (ce qui est mon cas), une mise à jour est disponible.</p>
<p>Une fois la machine redémarrée, vérifiez bien que vous êtes sur le nouveau
noyau via la commande "uname -a". Dans mon cas :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>thenastyboy@nastymachine ~<span class="o">]</span>$ uname -a
Linux nastymachine <span class="m">2</span>.6.12-14mdk-i586-up-1GB <span class="c1">#1 Tue Dec 20 14:17:34 MST 2005 i686 AMD Athlon(tm) XP2600+ unknown GNU/Linux</span>
</code></pre></div>Journée de démonstration et d'installation de logiciels libres2005-12-14T14:45:00+01:002005-12-14T14:45:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-12-14:/post/2005/12/14/8-journee-de-demonstration-et-d-installation-de-logiciels-libres/<p>Venez samedi 17 décembre 2005 à la MJC D'Etoile sur Rhône ! </p>
<p>Une journée dédiée à la découverte des logiciels libres est organisée par l'association <a href="http://www.g3l.org">G3L</a>. Vous pourrez venir voir des démonstrations de logiciels libres mais vous pourrez aussi venir vous faire installer GNU/Linux sur votre machine, et posez des …</p><p>Venez samedi 17 décembre 2005 à la MJC D'Etoile sur Rhône ! </p>
<p>Une journée dédiée à la découverte des logiciels libres est organisée par l'association <a href="http://www.g3l.org">G3L</a>. Vous pourrez venir voir des démonstrations de logiciels libres mais vous pourrez aussi venir vous faire installer GNU/Linux sur votre machine, et posez des questions à ce sujet. </p>
<p>Pour vous y rendre, le plan est <a href="http://www.g3l.org/modules/tinycontent/content/plan_acces.pdf">ici</a>. Plus d'informations <a href="http://www.g3l.org/modules/tinycontent/index.php?id=25">sur la page dédiée à l'évènement</a>. </p>
<p><img alt="Affiche de la journée de découverte des logiciels libres à Etoile sur Rhône" src="http://www.g3l.org/modules/tinycontent/content/affiches/2005-12-17-affiche-reduite.png"></p>Passer de Windows à Mac2005-12-13T13:54:00+01:002005-12-13T13:54:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-12-13:/post/2005/12/13/7-passer-de-windows-a-mac/<p>Un rédacteur de Clubic a sauté le pas et nous raconte son aventure... </p>
<p><img alt="Logo Windows devenant l'icône du Finder Apple" src="https://web.archive.org/web/20060212021044/http://img.clubic.com/photo/00210630.jpg">Clubic a publié hier un article détaillant le passage d'un de ces rédacteurs de Microsoft Windows à Mac OS 10.4 Tiger. Vous trouverez cet article <a href="http://www.clubic.com/article-29756-1-passer-de-windows-a-mac-os-x-le-cote-pratique.html">ici</a>. </p>
<p>D'une manière générale, je suis assez d'accord avec cet article …</p><p>Un rédacteur de Clubic a sauté le pas et nous raconte son aventure... </p>
<p><img alt="Logo Windows devenant l'icône du Finder Apple" src="https://web.archive.org/web/20060212021044/http://img.clubic.com/photo/00210630.jpg">Clubic a publié hier un article détaillant le passage d'un de ces rédacteurs de Microsoft Windows à Mac OS 10.4 Tiger. Vous trouverez cet article <a href="http://www.clubic.com/article-29756-1-passer-de-windows-a-mac-os-x-le-cote-pratique.html">ici</a>. </p>
<p>D'une manière générale, je suis assez d'accord avec cet article, que je trouve assez bien fait. Je suis toutefois moins en accord lorsqu'il est question du matériel. Autant je le reconnais, le coup de la barrette de RAM intégrée à la carte mère sur les portables, je trouve ça pas sympa, autant dire que la plateforme Centrino est plus performante, je ne suis pas spécialement d'accord. Surtout au niveau de l'autonomie : là où la plupart des portables équipés d'une plateforme Centrino (modèles ULV exclus)atteignent 4h ou 4h30, les PowerBook atteignent 5h et les iBook 6h ! Pour ce qui est de la puissance pure, cela dépend évidemment des applications, mais dans une utilisation bureautique et multimédia classique (traitement de texte, lecture de musique et de films, navigation web). </p>
<p>Continuons dans le logiciel. Je trouve que dans cet article, Safari est un peu trop dénigré. C'est vrai, sur certains sites (exemples concrêts : Caramail, ou le service de vente de musique en ligne de Virgin), il n'est pas possible de surfer dans de bonnes conditions. Mais le nombre de sites incompatibles reste réduit, et j'en profite pour rappeler qu'il est le seul navigateur à passer Acid2, du moins pour le moment. J'espère que Firefox rattrapera vite ce retard. Je suis aussi un peu déçu par le fait que l'article ne mentionne pas la présence sur plateforme Mac d'OpenOffice ou de NeoOffice : que le rédacteur préfère Microsoft Office est une chose, mais je trouve que dans ce cas c'est un peu partial comme attitude. </p>
<p>Enfin, et j'espère que cet article fera avancer les mentalités, il ne faut pas que les gens qui désirent s'équiper en matériel informatique aient peur du changement. Personnellement, après avoir connu Windows puis Linux, le changement de système d'exploitation, et je dirais même de philosophie informatique, ce n'est plus un problème. Ce n'est hélas pas une généralité, la plupart des gens ont peur du changement, surtout au niveau de l'interface. Si cet article avait pour mission de rassurer les gens et à considérer Apple comme une alternative qui mérite d'avoir un poids dans la balance, alors je crois que cette mission est globalement réussie.</p>
<h2>Commentaires</h2>
<h3>Le 16 déc. 2005, 19:07 par <a href="http://www.hicham.cliranet.com/slashroot">/root</a></h3>
<p>peroso la 3D est vraiment importante pour moi donc c'est un frein au passage à
mac, en plus le fait de ne pas être libre de modifier, changer ou upgrader ma
machine me donne l'impression d'avoir des menottes. cela dis je trouve les
fonctionnalités et l'interface hyper moderne et jolies.</p>
<h3>Le 18 déc. 2005, 15:05, par Nils</h3>
<p>Pour ce qui est de l'argument logiciel, je ne saurais pas trop répondre, la 3D
ce n'est pas dans mes compétences. Cela dit je crois que Blender passe sous
OSX, mais ce n'est sans doute pas suffisant. Pour ce qui est de l'aspect
matériel, tout dépend du type de machine qu'on souhaite, en tout cas au moins
pour les ordinateurs portables la possibilité d'upgrade est à peu près la même
sur un PC ou un Mac (je parle en connaissance de cause, j'ai déjà démonté
plusieurs ordinateurs portables). Pour les ordinateurs fixe, il est vrai que le
PC x86 reste une machine hautement configurable matériellement parlant. Je ne
crois pas qu'on peut parler de "menottes", il s'agit je pense d'un état
d'esprit : il y a ceux qui veulent tout contrôler, quitte à prendre du temps
pour comprendre comment ça marche, et il y a ceux qui ne veulent pas se prendre
la tête. Pour ma part, j'ai choisi de contrôler mon desktop et de ne pas me
prendre la tête sur mon laptop ;)</p>Rapid'news2005-12-03T14:07:00+01:002005-12-03T14:07:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-12-03:/post/2005/12/03/5-rapidnews/<p>Les derniers faits marquants du momentJ'inaugure cette rubrique par la sortie de <strong>Firefox 1.5</strong>, qu'on ne téléchargera plus sur <a href="http://www.mozilla.org">http://www.mozilla.org</a> mais sur <a href="http://www.mozilla.com">http://www.mozilla.com</a>. J'ai téléchargé et installé la version Mac, mais je ne l'ai pas encore testé en profondeur. </p>
<p>La loi <strong>DADVSI</strong>, c'est …</p><p>Les derniers faits marquants du momentJ'inaugure cette rubrique par la sortie de <strong>Firefox 1.5</strong>, qu'on ne téléchargera plus sur <a href="http://www.mozilla.org">http://www.mozilla.org</a> mais sur <a href="http://www.mozilla.com">http://www.mozilla.com</a>. J'ai téléchargé et installé la version Mac, mais je ne l'ai pas encore testé en profondeur. </p>
<p>La loi <strong>DADVSI</strong>, c'est mal ! Le pourquoi du comment <a href="http://www.eucd.info/138.shtml">ici</a>. </p>
<p><strong>Apache 2.2.0</strong>, le serveur web le plus utilisé dans le monde, est sorti ! Plus d'infos sur <a href="http://linuxfr.org/2005/12/02/19996.html">LinuxFR</a>. </p>
<p>Et pendant ce temps, je cherche toujours un emploi...</p>L'indiscrétion est à la mode...2005-11-20T22:28:00+01:002005-11-20T22:28:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-20:/post/2005/11/20/4-l-indiscretion-est-a-la-mode/<p>Et la vie privée c'est pour la collection automne-hiver 2040?Vous avez pu le suivre sur tous les bons sites internet d'information liée à l'informatique, les déboires de Sony et de son dernier système de protection contre la copie. Sachez que Sony n'est pas le seul à faire des bêtises …</p><p>Et la vie privée c'est pour la collection automne-hiver 2040?Vous avez pu le suivre sur tous les bons sites internet d'information liée à l'informatique, les déboires de Sony et de son dernier système de protection contre la copie. Sachez que Sony n'est pas le seul à faire des bêtises, vous pourrez trouvez quelques exemples supplémentaires sur le blog <a href="http://formats-ouverts.org/blog/2005/11/15/615-ces-operations-sur-votre-ordinateur-qui-voudraient-rester-plutot-discretes">Pour les formats ouverts</a>. </p>
<p>Je crois que j'ai vraiment bien fait de ne pas me mettre à World Of Warcraft... c'est dommage, c'est pourtant un jeu qui me semble agréable au vu du test que j'en ai effectué. La sécurité est donc un combat de tous les instants, et au vu des dernières décisions ministérielles, le manque d'ouverture de certains logiciels semblent être néfastes pour la sécurité des utilisateurs. Je me demande bien ce que fait Windows sur tant de machines dans les écoles françaises :))</p>Mandriva Linux 2006 Free dans les bacs !2005-11-14T15:52:00+01:002005-11-14T15:52:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-14:/post/2005/11/14/3-mandriva-linux-2006-free-dans-les-bacs/<p>Ou plutôt sur les bons miroirs FTPOn a failli attendre ! Un mois après <a href="http://frontal2.mandriva.com/fr/company/press/pr/mandriva_releases_2006_convergence_products_extends_innovation">la version Club</a>, Mandriva Linux 2006 Free débarque sur les serveurs FTP publics, prête à être téléchargée. Les plus impatients auront déjà profité de la net-install, grâce à une petite image ISO de 12Mo qui permet de …</p><p>Ou plutôt sur les bons miroirs FTPOn a failli attendre ! Un mois après <a href="http://frontal2.mandriva.com/fr/company/press/pr/mandriva_releases_2006_convergence_products_extends_innovation">la version Club</a>, Mandriva Linux 2006 Free débarque sur les serveurs FTP publics, prête à être téléchargée. Les plus impatients auront déjà profité de la net-install, grâce à une petite image ISO de 12Mo qui permet de télécharger les paquets RPM. Ouioui, braves gens, c'est que les RPMs sont déjà dispo depuis un mois ! </p>
<p>Cette version, contrairement au PowerPacks, est entièrement redistribuable, vous pouvez en faire cadeau à qui vous voulez, c'est gratuit et c'est libre ! Je tiens à préciser que si vous trouvez les PowerPacks sans être membre du club, vous êtes dans l'illégalité, du fait des applications commerciales incluses, et dont la redisitribution n'est pas libre. </p>
<p>Enfin bref, téléchargez, installez, et pensez à mettre à jour (ouioui, des updates sont déjà disponibles), quelques mirroirs : </p>
<ul>
<li><a href="ftp://ftp.free.fr/mirrors/ftp.mandriva.com/MandrivaLinux/official/iso/2006.0">mirroir Free.fr (Paris)</a> </li>
<li><a href="ftp://linux.ups-tlse.fr/Mandrakelinux/official/iso/2006.0">mirroir FTP Toulousain</a> </li>
<li><a href="ftp://ftp.ciril.fr/pub/linux/mandrakelinu...cial/iso/2006.0">mirroir Ciril (Nancy)</a> </li>
</ul>
<p>L'info sur quelques sites : </p>
<p><a href="http://www.pcinpact.com/actu/news/Mandriva_2006_disponible_gratuitement_en_ISO_CD_et.htm">PCINpact</a><br>
<a href="http://mandinux.free.fr/forums/index.php?showtopic=761">Mandinux</a></p>Flock, nouveau navigateur web?2005-11-14T00:41:00+01:002005-11-14T00:41:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-14:/post/2005/11/14/2-flock-nouveau-navigateur-web/<p>Elle est où la nouveauté?On avait pas connu ça depuis Firefox. Un nouveau navigateur web. Enfin, un navigateur web qui naît des cendres d'un autres. Pas sûr non plus, Firefox est tout ce qu'il y a de plus vivant. Son nom est Flock. Ce nom m'embête pas, mais il …</p><p>Elle est où la nouveauté?On avait pas connu ça depuis Firefox. Un nouveau navigateur web. Enfin, un navigateur web qui naît des cendres d'un autres. Pas sûr non plus, Firefox est tout ce qu'il y a de plus vivant. Son nom est Flock. Ce nom m'embête pas, mais il y a déjà une application nommée Flock sur mon système Linux, c'est gênant. </p>
<p>Revenons à nos moutons. J'ai commencé à tester ce navigateur, disponible pour le moment en préversion. A l'heure où j'écris ce billet, la version actuelle est la 0.4.10. Bon, c'est inévitable, on va le comparer à Firefox. Pourquoi? Tout simplement parce Flock est basé sur Firefox. Ce n'est pas un fork, du moins ça n'en a pas la prétention. Il semble d'ailleurs que les contributions à Flock pourraient devenir des contributions à Firefox. </p>
<p>Bon alors, si c'est basé sur Firefox, qu'est-ce que ça a de mieux ou de différent? D'abord, le look. Autant le thème par défaut de Firefox me branche moyen (ça m'a permis d'aller fureter durant des heures sur les pages de thèmes chez Mozilla pour trouver ze thème qui déchire tout), autant le thème par défaut de Flock ne me donne pas envie de changer, du moins pas dans les prochains jours. Je trouve qu'il se marie plutôt bien avec les interfaces de type Aqua (Mac OS X pour les non-initiés) dont je suis, il faut l'avouer, friand. Je crois qu'on peut le dire, Flock, au démarrage, il a de la gueule, son logo et son interface donnent envie de s'en servir. </p>
<p>Mais ce n'est pas tout. Flock c'est un navigateur social, et ça se voit dans son comportement : quand j'ai voulu enregister un signet/marque-page/favori (rayer les mentions inutiles), il m'a proposé d'aller le mettre chez <a href="http://del.icio.us">Del.icio.us</a>, Ze site de partage de liens, du moins le principal. Je n'ai pas eu l'occasion de vérifier, mais il semble que, social pour social, Flock aide aussi les gens à faire leur blog sur <a href="http://wordpress.com/">Wordpress</a> (pas de bol, j'ai pris Dotclear), ou de partager leurs images sur <a href="http://www.flickr.com/">Flickr</a>. Que de choses à tester, pour moi, resté au navigateur qui à la rigueur m'affiche la météo, arrête les pop-ups (de moins en moins, hélas) et me propose une recherche sur Google ou Wikipédia. Ca fait un choc, et une fois de temps en temps, ça ne fait pas de mal. </p>
<p>Je n'ai pas vérifié, mais il semble que pour peu qu'on cherche, il est possible d'ajouter à Firefox des extensions qui permettront d'en faire autant, et avec la maturité d'un logiciel qui a déjà passé la 1.0. Je dirais même que je trouve Flock un peu buggé pour le moment, ses fonctions d'import de signets ne sont pas au point. Pourtant, ça marche chez les copains de chez Mozilla. </p>
<p>Alors quoi? Pétard mouillé ou réelle innovation? Je crois qu'il faut voir sur le long terme. Même si je trouve Flock moins abouti que Firefox lorsque j'ai commencé à m'en servir (0.6), je trouve qu'il a du potentiel. On pourrait assister, à la sortie de Windows Vista, à une guerre des navigateurs comme on en avait pas vu depuis Netscape. Ca pourrait se résumer ainsi : </p>
<ul>
<li>IE 7 Pour les habitués du monde Microsoft, et avec un poil dans la main (j'appelle au troll, mais je prend quand même le risque); </li>
<li>Safari : c'est déjà un choc d'acheter un Mac, alors mieux vaut avoir un navigateur déjà installé (poil dans la main 2, mais en mieux, Acid2 inside); </li>
<li>Mozilla Firefox : le navigateur "à la carte", prenez-moi, et remplissez-moi d'extensions. Attention toutefois au changement de version; </li>
<li>SeaMonkey : feu Mozilla, "la suite Internet", qui suit la suite bureautique. Et après, on fait la suite multimédia? </li>
<li>Flock : le navigateur social, pour la génération "Real TV" qui veut qu'on sache tout de sa vie, et qui la montre sur le net (bande de voyeurs !). </li>
</ul>
<p>La fondation Mozilla aurait-elle d'ores et déjà rempli sa mission? Apporter de l'innovation et du choix. Je n'en suis pas si sûr, sur nos 5 valeureux guerriers, 3 se sont fourni chez le motoriste Gecko. le vainqueur n'est peut-être pas celui qu'on croit...\
Pour tester : <a href="http://www.flock.com">www.flock.com</a></p>C'est parti !2005-11-13T23:42:00+01:002005-11-13T23:42:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-13:/post/2005/11/13/1-first-post/<p>Début d'une nouvelle aventure?</p>
<p>C'est parti pour une nouvelle ère ! Après mon CV en ligne (voir dans les liens), je me met au blog ! Je l'intitule tout simplement "Another Geek Blog", parce que la thématique est fortement orientée informatique, réseaux et télécommunications. </p>
<p>Ce que ce blog a de différent des …</p><p>Début d'une nouvelle aventure?</p>
<p>C'est parti pour une nouvelle ère ! Après mon CV en ligne (voir dans les liens), je me met au blog ! Je l'intitule tout simplement "Another Geek Blog", parce que la thématique est fortement orientée informatique, réseaux et télécommunications. </p>
<p>Ce que ce blog a de différent des autres? Mon caractère ;)</p>