All perguntas(unix)

Estou usando Ubuntu (Linux).

Tenho os dois programas simples a seguir.

Pai:

package main

import (
    "fmt"
    "syscall"
    "time"
)

func main() {
    attr := &syscall.ProcAttr{
        Files: []uintptr{0, 1, 2},
        Sys: &syscall.SysProcAttr{ // child in its own group
            Setpgid: true,
            Pgid:    0,
        },
    }

    _, err := syscall.ForkExec("./child/child", []string{"child"}, attr)
    if err != nil {
        fmt.Println("Error:", err)
        return
    }

    for {
        fmt.Println("Parent is live")
        time.Sleep(10 * time.Second)
    }
}

Criança (criança em seu próprio grupo):

package main

import (
    "fmt"
    "time"
)

func main() {
    for {
        fmt.Println("hi from child")
        time.Sleep(time.Second * 20)
    }
}

Após iniciar o programa pai ( ./parent), o resultado da chamada do comando ps(especificamente, ps -t /dev/pts/0 -o pid,ppid,pgid,stat,comm) é o seguinte:

    PID    PPID    PGID STAT COMMAND
 466922  466896  466922 Ss   bash
 467049  466922  467049 Sl+  parent
 467054  467049  467054 Sl   child

Após terminar o processo pai (com kill -SIGKILL 467049, kill -SIGINT 467049ou CTRL-C), o filho continua a trabalhar (estado S/R). É exatamente isso que eu espero.

    PID    PPID    PGID STAT COMMAND
 466922  466896  466922 Ss+   bash
 467054  467049  467054 Sl   child

O que me confunde é o seguinte cenário. Primeiro, eu inicio o processo pai ( ./parent). O resultado do pscomando é o mesmo do caso anterior. Então eu suspendo o processo filho com kill -SIGTSTP 467054ou kill -SIGSTOP 467054. O resultado do pscomando é o seguinte:

    PID    PPID    PGID STAT COMMAND
 466922  466896  466922 Ss   bash
 467049  466922  467049 Sl+  parent
 467054  467049  467054 Tl   child

Então, eu termino o processo pai (com kill -SIGKILL 467049, kill -SIGINT 467049ou CTRL-C). Por alguma razão, neste caso o filho também é terminado! Resultado do pscomando:

    PID    PPID    PGID STAT COMMAND
 466922  466896  466922 Ss+   bash

Como? Por quê?

Para o meu trabalho, estou usando uma série de dispositivos montando o Debian 9 stretch. Ouvi falar da vulnerabilidade do rsync, que nossos dispositivos usam. Li no anúncio do Debian que o Bullseye (11) não é afetado. No entanto, no anúncio sobre o mesmo tópico para o Ubuntu, é dito que as versões afetadas upstream do rsync são de 3.1.0 a pelo menos 3.2.7, ou seja, de 2014 até agora, então eu esperaria que as versões upstream do Debian também fossem afetadas. Por exemplo, posso ver que meus dispositivos usam o rsync 3.1.2. Então minha pergunta é: posso ter certeza de que as versões pré-Bullseye do Debian não são afetadas (devido a, eu acho, diferentes patches aplicados em relação ao Ubuntu?), ou devo compilar a partir da fonte a nova versão do rsync, para ter certeza?

No manual da rplopção -shabilite o modo dry-run, ou seja, ele simula as substituições sem alterar os arquivos reais.

Se eu tentar, obtenho a seguinte saída:

$ rpl --dry-run 'JLCPCB Part #' 'LCSC Part #' * 

rpl: Simulating replacement of "JLCPCB Part #" with "LCSC Part #" (case sensitive; partial words matched)

rpl: The files listed below would be modified in a replace operation
  /home/mark/Kicad/library/fmt_adc.kicad_sym
  /home/mark/Kicad/library/fmt_connectors.kicad_sym
  /home/mark/Kicad/library/fmt_device.kicad_sym
  /home/mark/Kicad/library/fmt_diodes.kicad_sym
  /home/mark/Kicad/library/fmt_interface.kicad_sym
  /home/mark/Kicad/library/fmt_modules.kicad_sym
  /home/mark/Kicad/library/fmt_power.kicad_sym
  /home/mark/Kicad/library/fmt_switches.kicad_sym
  /home/mark/Kicad/library/fmt_transistor.kicad_sym

rpl: 24 matches found in 9 out of 21 files

mas isso é bem inútil, já que não consigo ver as mudanças reais que ele vai fazer. Mesmo adicionando o sinalizador verbose não mostra as mudanças.

É uma maneira de habilitar um teste real? Minha saída esperada seria algo como:

old-text: ./fmt_adc.kicad_sym:70:       (property "JLCPCB Part #" "C84284"
new-text: ./fmt_adc.kicad_sym:70:       (property "LCSC Part #" "C84284"

e assim por diante.

Após reinstalar uma máquina Linux, executei inadvertidamente wipefs -ano pendrive instalador:

$ wipefs -a /dev/sd?
/dev/sda: 8 bytes were erased at offset 0x00010040 (btrfs): 5f 42 48 52 66 53 5f 4d
/dev/sdb: 8 bytes were erased at offset 0x00010040 (btrfs): 5f 42 48 52 66 53 5f 4d
...
/dev/sdw: 8 bytes were erased at offset 0x00010040 (btrfs): 5f 42 48 52 66 53 5f 4d
/dev/sdx: 8 bytes were erased at offset 0x00010040 (btrfs): 5f 42 48 52 66 53 5f 4d
/dev/sdy: 5 bytes were erased at offset 0x00008001 (iso9660): 43 44 30 30 31
/dev/sdy: 2 bytes were erased at offset 0x000001fe (dos): 55 aa
/dev/sdy: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54
/dev/sdy: calling ioctl to re-read partition table: Success

Como wipefsa saída contém o deslocamento e o conteúdo dos bytes deletados, parece possível restaurar /dev/sdy. Como você faria isso?

Estou configurando um servidor de impressão Bonjour usando CUPS e Avahi. Estou curioso sobre a função da seguinte linha em /etc/cups/cupsd.conf.

Browsing on

1. Esta linha parece independente do cups-browsedserviço. Pelo que entendi, cups-browsedestá relacionada à descoberta de outras impressoras na rede. Como este é um servidor de impressão que estou configurando, cups-browsednão é usado. De fato, se eu desligar cups-browsed, nada de ruim acontece. A discussão abaixo é toda com cups-browseddesligado.
2. No entanto, se eu definir Browsing off, os computadores Windows 11 na mesma rede não poderão mais descobrir o servidor de impressão, embora o iPhone ainda pareça ser capaz de usá-lo. Se eu definir Browsing on, o servidor de impressão aparecerá imediatamente no Windows.

Estou confuso sobre o que cups-browsedrealmente acontece aqui. Meu entendimento é que a comunicação real entre o cliente e o servidor de impressão é feita por meio do Avahi, então, desde que eu possa imprimir no servidor de impressão localmente, estou bem. Por que preciso definir browsing on?

Sou um novo convertido ao Fedora Linux, Gnome desktop, e uma coisa que continua me atrapalhando é que os títulos das janelas ativas parecem praticamente idênticos aos inativos. Isso geralmente me faz fechar a janela errada, pois tenho um monitor grande com 6 ou 7 janelas lado a lado a qualquer momento.

O que eu quero fazer é personalizar o título da janela ativa para que eu tenha uma forte indicação visual de qual janela está ativa em um dado momento. Eu criei um ~/.config/gtk-4.0/gtk.cssarquivo, com o seguinte:

headerbar,
.titlebar {
    background                          : #9D4904 linear-gradient(to bottom, shade(#9D4904,1.2), shade(#9D4904, 0.8));
    border                              : none;
    border-radius                       : 0;
    padding                             : 2px;
    transition                          : 200ms ease-out;
    }

que funciona para quase tudo (uma exceção notável são as janelas do navegador).

Entretanto, em algumas janelas há uma lacuna inexplicável na parte superior:

E em algumas outras partes da barra de título há uma lacuna na parte inferior e superior:

Qualquer ajuda para eliminar isso (e para janelas do navegador também!) seria muito apreciada. Eu tentei todo tipo de adivinhação sobre qual seria a tag/classe CSS para o contêiner, e todo tipo de configuração de preenchimento, mas não tive nenhum efeito.

Toda vez que tento executar, sudo rsnapshot -v alpharecebo esse tipo de erro (ocorre em todas as entradas de backup que tenho):

    ERROR: /usr/bin/rsync returned 255 while processing [email protected]:/etc/
    /usr/bin/rsync -a --delete --numeric-ids --relative --delete-excluded \
        --rsh=/usr/bin/ssh -i /home/user/ssh/id_ed25519 \
        [email protected]:/usr/share/ \
        /var/cache/rsnapshot/alpha.0/server_backup/

1. Sim, rsync instalado no servidor e nesta máquina
2. Sim, o rsync funciona se eu tentar copiar manualmente alguns arquivos com essas credenciais de root do remoto
3. Há uma coisa que pode ser potencialmente isso. Quando tentei executar o comando errored out, ele exigiu aspas em torno dos argumentos para o rsh. Caso contrário, ele lançaria um erro de sintaxe. Mas não tenho certeza de como forçar o rsnapshot a fazer isso. E se eu executar o comando errored out com aspas em torno da chave rsh, ele também apresentará um erro com o código 255.
4. O firewall não bloqueia o ssh.
5. O servidor permite apenas autenticação de chave pública
6. Eu hospedo meu servidor Ubuntu no Vultr

Aqui está meu rsnapshot.confarquivo

    #################################################
    # rsnapshot.conf - rsnapshot configuration file #
    #################################################
    #                                               #
    # PLEASE BE AWARE OF THE FOLLOWING RULE:        #
    #                                               #
    # This file requires tabs between elements      #
    #                                               #
    #################################################

    #######################
    # CONFIG FILE VERSION #
    #######################

    config_version  1.2

    ###########################
    # SNAPSHOT ROOT DIRECTORY #
    ###########################

    # All snapshots will be stored under this root directory.
    #
    snapshot_root   /var/cache/rsnapshot/

    # If no_create_root is enabled, rsnapshot will not automatically create the
    # snapshot_root directory. This is particularly useful if you are backing
    # up to removable media, such as a FireWire or USB drive.
    #
    #no_create_root 1

    #################################
    # EXTERNAL PROGRAM DEPENDENCIES #
    #################################

    # LINUX USERS:   Be sure to uncomment "cmd_cp". This gives you extra features.
    # EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
    #
    # See the README file or the man page for more details.
    #
    cmd_cp      /bin/cp

    # uncomment this to use the rm program instead of the built-in perl routine.
    #
    cmd_rm      /bin/rm

    # rsync must be enabled for anything to work. This is the only command that
    # must be enabled.
    #
    cmd_rsync   /usr/bin/rsync

    # Uncomment this to enable remote ssh backups over rsync.
    #
    cmd_ssh /usr/bin/ssh

    # Comment this out to disable syslog support.
    #
    cmd_logger  /usr/bin/logger

    # Uncomment this to specify the path to "du" for disk usage checks.
    # If you have an older version of "du", you may also want to check the
    # "du_args" parameter below.
    #
    #cmd_du     /usr/bin/du

    # Uncomment this to specify the path to rsnapshot-diff.
    #
    #cmd_rsnapshot_diff /usr/bin/rsnapshot-diff

    # Specify the path to a script (and any optional arguments) to run right
    # before rsnapshot syncs files
    #
    #cmd_preexec    /path/to/preexec/script

    # Specify the path to a script (and any optional arguments) to run right
    # after rsnapshot syncs files
    #
    #cmd_postexec   /path/to/postexec/script

    # Paths to lvcreate, lvremove, mount and umount commands, for use with
    # Linux LVMs.
    #
    #linux_lvm_cmd_lvcreate /sbin/lvcreate
    #linux_lvm_cmd_lvremove /sbin/lvremove
    #linux_lvm_cmd_mount    /bin/mount
    #linux_lvm_cmd_umount   /bin/umount

    #########################################
    #     BACKUP LEVELS / INTERVALS         #
    # Must be unique and in ascending order #
    # e.g. alpha, beta, gamma, etc.         #
    #########################################

    retain  alpha   6
    retain  beta    7
    retain  gamma   4
    #retain delta   3

    ############################################
    #              GLOBAL OPTIONS              #
    # All are optional, with sensible defaults #
    ############################################

    # Verbose level, 1 through 5.
    # 1     Quiet           Print fatal errors only
    # 2     Default         Print errors and warnings only
    # 3     Verbose         Show equivalent shell commands being executed
    # 4     Extra Verbose   Show extra verbose information
    # 5     Debug mode      Everything
    #
    verbose     2

    # Same as "verbose" above, but controls the amount of data sent to the
    # logfile, if one is being used. The default is 3.
    # If you want the rsync output, you have to set it to 4
    #
    loglevel    3

    # If you enable this, data will be written to the file you specify. The
    # amount of data written is controlled by the "loglevel" parameter.
    #
    logfile /var/log/rsnapshot.log

    # If enabled, rsnapshot will write a lockfile to prevent two instances
    # from running simultaneously (and messing up the snapshot_root).
    # If you enable this, make sure the lockfile directory is not world
    # writable. Otherwise anyone can prevent the program from running.
    #
    lockfile    /var/run/rsnapshot.pid

    # By default, rsnapshot check lockfile, check if PID is running
    # and if not, consider lockfile as stale, then start
    # Enabling this stop rsnapshot if PID in lockfile is not running
    #
    #stop_on_stale_lockfile     0

    # Default rsync args. All rsync commands have at least these options set.
    #
    #rsync_short_args   -a
    #rsync_long_args    --delete --numeric-ids --relative --delete-excluded

    # ssh has no args passed by default, but you can specify some here.
    #
    ssh_args    -i /home/user/ssh/id_ed25519

    # Default arguments for the "du" program (for disk space reporting).
    # The GNU version of "du" is preferred. See the man page for more details.
    # If your version of "du" doesn't support the -h flag, try -k flag instead.
    #
    #du_args    -csh

    # If this is enabled, rsync won't span filesystem partitions within a
    # backup point. This essentially passes the -x option to rsync.
    # The default is 0 (off).
    #
    #one_fs     0

    # The include and exclude parameters, if enabled, simply get passed directly
    # to rsync. If you have multiple include/exclude patterns, put each one on a
    # separate line. Please look up the --include and --exclude options in the
    # rsync man page for more details on how to specify file name patterns.
    #
    #include    ???
    #include    ???
    #exclude    ???
    #exclude    ???

    # The include_file and exclude_file parameters, if enabled, simply get
    # passed directly to rsync. Please look up the --include-from and
    # --exclude-from options in the rsync man page for more details.
    #
    #include_file   /path/to/include/file
    #exclude_file   /path/to/exclude/file

    # If your version of rsync supports --link-dest, consider enabling this.
    # This is the best way to support special files (FIFOs, etc) cross-platform.
    # The default is 0 (off).
    #
    #link_dest  0

    # When sync_first is enabled, it changes the default behaviour of rsnapshot.
    # Normally, when rsnapshot is called with its lowest interval
    # (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest
    # intervals. With sync_first enabled, "rsnapshot sync" handles the file sync,
    # and all interval calls simply rotate files. See the man page for more
    # details. The default is 0 (off).
    #
    #sync_first 0

    # If enabled, rsnapshot will move the oldest directory for each interval
    # to [interval_name].delete, then it will remove the lockfile and delete
    # that directory just before it exits. The default is 0 (off).
    #
    #use_lazy_deletes   0

    # Number of rsync re-tries. If you experience any network problems or
    # network card issues that tend to cause ssh to fail with errors like
    # "Corrupted MAC on input", for example, set this to a non-zero value
    # to have the rsync operation re-tried.
    #
    #rsync_numtries 0

    # LVM parameters. Used to backup with creating lvm snapshot before backup
    # and removing it after. This should ensure consistency of data in some special
    # cases
    #
    # LVM snapshot(s) size (lvcreate --size option).
    #
    #linux_lvm_snapshotsize 100M

    # Name to be used when creating the LVM logical volume snapshot(s).
    #
    #linux_lvm_snapshotname rsnapshot

    # Path to the LVM Volume Groups.
    #
    #linux_lvm_vgpath   /dev

    # Mount point to use to temporarily mount the snapshot(s).
    #
    #linux_lvm_mountpath    /path/to/mount/lvm/snapshot/during/backup

    ###############################
    ### BACKUP POINTS / SCRIPTS ###
    ###############################

    # REMOTE SERVER
    backup  [email protected]:/home/ server_backup/
    backup  [email protected]:/etc/  server_backup/

    #backup_script  /usr/local/bin/backup_pgsql.sh  localhost/postgres/
    # You must set linux_lvm_* parameters below before using lvm snapshots
    #backup lvm://vg0/xen-home/ lvm-vg0/xen-home/

    # EXAMPLE.COM
    #backup_exec    /bin/date "+ backup of example.com started at %c"
    #backup [email protected]:/home/ example.com/    +rsync_long_args=--bwlimit=16,exclude=core
    #backup [email protected]:/etc/  example.com/    exclude=mtab,exclude=core
    #backup_exec    ssh [email protected] "mysqldump -A > /var/db/dump/mysql.sql"
    #backup [email protected]:/var/db/dump/  example.com/
    #backup_exec    /bin/date "+ backup of example.com ended at %c"

    # CVS.SOURCEFORGE.NET
    #backup_script  /usr/local/bin/backup_rsnapshot_cvsroot.sh  rsnapshot.cvs.sourceforge.net/

    # RSYNC.SAMBA.ORG
    #backup rsync://rsync.samba.org/r   syncftp/    rsync.samba.org/rsyncftp/

Meus logs sshd têm esta aparência:

2025-01-21T16:47:06.445342+00:00 server sshd[2069]: Connection from 99.11.11.11 port 57908 on 151.131.222.222 port 22 rdomain ""
2025-01-21T16:47:06.445890+00:00 server sshd[2069]: debug1: Local version string SSH-2.0-OpenSSH_9.7p1 Ubuntu-7ubuntu4
2025-01-21T16:47:06.446150+00:00 server sshd[2069]: debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
2025-01-21T16:47:06.446387+00:00 server sshd[2069]: debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
2025-01-21T16:47:06.448025+00:00 server sshd[2069]: debug1: permanently_set_uid: 109/65534 [preauth]
2025-01-21T16:47:06.448401+00:00 server sshd[2069]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
2025-01-21T16:47:06.448865+00:00 server sshd[2069]: debug1: SSH2_MSG_KEXINIT sent [preauth]
2025-01-21T16:47:06.473088+00:00 server sshd[2069]: debug1: SSH2_MSG_KEXINIT received [preauth]
2025-01-21T16:47:06.473305+00:00 server sshd[2069]: debug1: kex: algorithm: curve25519-sha256 [preauth]
2025-01-21T16:47:06.473602+00:00 server sshd[2069]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
2025-01-21T16:47:06.473829+00:00 server sshd[2069]: debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
2025-01-21T16:47:06.474193+00:00 server sshd[2069]: debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
2025-01-21T16:47:06.474496+00:00 server sshd[2069]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
2025-01-21T16:47:06.502026+00:00 server sshd[2069]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
2025-01-21T16:47:06.509345+00:00 server sshd[2069]: debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
2025-01-21T16:47:06.509768+00:00 server sshd[2069]: debug1: rekey out after 134217728 blocks [preauth]
2025-01-21T16:47:06.510085+00:00 server sshd[2069]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
2025-01-21T16:47:06.510210+00:00 server sshd[2069]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
2025-01-21T16:47:06.510573+00:00 server sshd[2069]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
2025-01-21T16:47:06.543286+00:00 server sshd[2069]: debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
2025-01-21T16:47:06.543606+00:00 server sshd[2069]: debug1: SSH2_MSG_NEWKEYS received [preauth]
2025-01-21T16:47:06.543946+00:00 server sshd[2069]: debug1: rekey in after 134217728 blocks [preauth]
2025-01-21T16:47:06.544260+00:00 server sshd[2069]: debug1: KEX done [preauth]
2025-01-21T16:47:06.636933+00:00 server sshd[2069]: debug1: userauth-request for user root service ssh-connection method none [preauth]
2025-01-21T16:47:06.637064+00:00 server sshd[2069]: debug1: attempt 0 failures 0 [preauth]
2025-01-21T16:47:06.638069+00:00 server sshd[2069]: debug1: PAM: initializing for "root"
2025-01-21T16:47:06.641531+00:00 server sshd[2069]: debug1: PAM: setting PAM_RHOST to "99.11.11.11"
2025-01-21T16:47:06.642045+00:00 server sshd[2069]: debug1: PAM: setting PAM_TTY to "ssh"
2025-01-21T16:47:06.664190+00:00 server sshd[2069]: Connection closed by authenticating user root 99.11.11.11 port 57908 [preauth]
2025-01-21T16:47:06.665162+00:00 server sshd[2069]: debug1: do_cleanup [preauth]
2025-01-21T16:47:06.666011+00:00 server sshd[2069]: debug1: monitor_read_log: child log fd closed
2025-01-21T16:47:06.666354+00:00 server sshd[2069]: debug1: do_cleanup
2025-01-21T16:47:06.666609+00:00 server sshd[2069]: debug1: PAM: cleanup
2025-01-21T16:47:06.667644+00:00 server sshd[2069]: debug1: Killing privsep child 2070
2025-01-21T16:47:06.668031+00:00 server sshd[2069]: debug1: audit_event: unhandled event 12

Minhas regras do iptables são assim:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             mdns.mcast.net       udp dpt:mdns
ACCEPT     udp  --  anywhere             239.200.200.200      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-track-forward (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* 'dapp_OpenSSH' */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  anywhere             dns.google           udp dpt:domain
ACCEPT     tcp  --  anywhere             dns.google           tcp dpt:domain

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warn prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination

Meu arquivo sshd_config:

PermitRootLogin yes


# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Include /etc/ssh/sshd_config.d/*.conf

# When systemd socket activation is used (the default), the socket
# configuration must be re-generated after changing Port, AddressFamily, or
# ListenAddress.
#
# For changes to take effect, run:
#
#   systemctl daemon-reload
#   systemctl restart ssh.socket
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
LogLevel DEBUG

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Obrigado pela atenção, espero que alguém possa me ajudar a resolver isso. Passei o dia todo nessa questão.

Se você acha que eu posso usar outra ferramenta para os backups, por favor me avise. Sou novo em administração de sistemas, então agradeceria qualquer ajuda!

Eu tenho um script bash simples que deve criar um arquivo de despejo de um banco de dados

docker exec -i container sh -c "mongodump --archive" > \
    ~/dumps/db-$(date + "%d%m%Y").dump 2> \
    ~/logs/dumps/db-$(date + "%d%m%Y").log \

Pediram-me para garantir que o script lidaria com quaisquer erros, então tentei adicionar o seguinte ao script.

docker exec -i container sh -c "mongodump --archive" > \
    ~/dumps/db-$(date + "%d%m%Y").dump 2> \
    ~/logs/dumps/db-$(date + "%d%m%Y").log \

exit_status=$?
if [ exit_status -ne 0 ]; then
    echo "An error occured while running mongodump. Exit Status: $exit_status"
fi

O acima foi minha tentativa. Se o status de saída for qualquer coisa menos 0, envie uma mensagem de eco com o código de saída real. O script cria com sucesso um arquivo de despejo, no entanto, recebo o seguinte erro:

[: exit_status: integer expression expected

Minha suposição é que, por causa do meu redirecionamento de log, o comando em si não relata um status de saída na conclusão. Mas não tenho tanta certeza. Ainda estou aprendendo as manhas do script Bash, então qualquer conselho é bem-vindo.

Eu tenho um pacote de estatísticas binário de 32 bits (P-Stat) que não é mais produzido (esta é a última versão). Eu executo isso com sucesso adicionando

sudo dpkg --add-architecture i386
sudo apt update
sudo apt install lib32stdc++6 lib32z1 lib32ncurses6

Fiz isso depois de instalar o Linux Mint 22, e também fiz isso com sucesso em sistemas de 64 bits mais antigos. O /lib/ld-linux.so.2interpretador está presente no sistema, correspondendo aos detalhes da execução do filecomando no p-statbinário.

Agora me enviaram uma versão ainda mais antiga do binário P-Stat para testar em alguns formatos de dados muito antigos, e filediz que precisa, /lib/ld-linux.so.1o que eu não tenho [ainda]. Duas perguntas:

1. Posso ter ld-linux.so.1 e ld-linux.so.2 presentes no mesmo sistema?
2. O que preciso instalar para obter o ld-linux.so.1?

Notei que no meu servidor RHEL 7 no GCP, meus serviços habilitados (como o test.service) só serão iniciados se eu encerrar o serviço multi-user.target usando systemctl. Haveria algum motivo para o multi-user.target travar as coisas?