Archive

Archives pour 01/2021

How can I find out if a specific program is installed?

19/01/2021 Aucun commentaire

there’s always apt-cache policy <package-name> (no sudo needed).

Not installed:

olivier@neews:/$ apt-cache policy gnuift
 gnuift:
   Installed: (none)
   Candidate: 0.1.14-11
   Version table:
      0.1.14-11 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/universe amd64 Packages

Installed:

olivier@neews:/$ apt-cache policy firefox
 firefox:
   Installed: 8.0+build1-0ubuntu0.11.10.3
   Candidate: 8.0+build1-0ubuntu0.11.10.3
   Version table:
  *** 8.0+build1-0ubuntu0.11.10.3 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages
         500 http://archive.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages
         100 /var/lib/dpkg/status
      7.0.1+build1+nobinonly-0ubuntu2 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages

Or dpkg: dpkg -l | grep -E '^ii' | grep <package name>. When it’s not installed it won’t show output. When it is, it’ll show something like:

olivier@neews:~$ dpkg -l | grep -E '^ii' | grep firefox
 ii  firefox                                                     8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla
 ii  firefox-branding                                            8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - transitional package
 ii  firefox-globalmenu                                          8.0+build1-0ubuntu0.11.10.3                            Unity appmenu integration for Firefox
 ii  firefox-gnome-support                                       8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - GNOME support
 ii  firefox-locale-en                                           8.0+build1-0ubuntu0.11.10.3                            English language pack for Firefox
It's obviously a fuzzier search but handy if you're not sure which package you're looking for.
 
 For manually installed things...
 
 A bit harder but if they're on the current path, you could just run them. That's a bit of mission so I'd rather just run:
 
 oli@bert:/$ which chromium-browser
 /usr/bin/chromium-browser

And:

oli@bert:/$ which gnuift
# returns nothing

Which is better?

That depends on the sanity of user. There’s nothing to stop somebody installing something called chromium-browser that isn’t Chromium. They could even package it up incorrectly and install that. Neither method can be 100% certain.

But assuming the owner is sane – packages should be good enough for most people.

Categories: Système Tags: , , ,

How do I replicate installed package selections from one Debian system to another? (Debian Wheezy)

18/01/2021 Aucun commentaire

To clone a Debian installation, use the apt-clone utility. It’s available (as a separate package, not part of the default installation) in Debian since wheezy and in Ubuntu since 12.04. On the existing machine, run

apt-clone clone foo

This creates a file foo.apt-clone.tar.gz. Copy it to the destination machine, and run

apt-get install apt-clone
apt-clone restore foo.apt-clone.tar.gz

If you’re working with an old system where apt-clone isn’t available, or if you just want to replicate the list of installed packages but not any configuration file, here are the manual steps.

  • On the source machine:
cat /etc/apt/sources.list /etc/apt/sources.list.d >sources.list
pkg --get-selections >selections.list
apt-mark auto >auto.list
  • On the target machine:
cp sources.list /etc/apt/
apt-get update
/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/
dpkg --set-selections <selections.list
apt-get dselect-upgrade
xargs apt-mark auto <auto.list

I believe that you’re affected by an incompatible change in dpkg that first made it into wheezy. See bug #703092 for background.

The short story is that dpkg --set-selections now only accepts package names that are present in the file /var/lib/dpkg/status or /var/lib/dpkg/available. If you only use APT to manage packages, like most people, then /var/lib/dpkg/available is not kept up-to-date.

After running apt-get update and before running dpkg --set-selections and apt-get -u dselect-upgrade, run the following command:

apt-cache dumpavail >/tmp/apt.avail
dpkg --merge-avail /tmp/apt.avail

From jessie onwards, you can simplify this to

apt-cache dumpavail | dpkg --merge-avail

Alternatively, run

/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/

or even simpler

apt-get install dctrl-tools
sync-available

Another simple method that doesn’t require installing an additional package but will download the package lists again is

dselect update

See the dpkg FAQ for more information. (This is mentioned in the dpkg man page, but more in a way that would remind you of the issue if you were already aware, not in a way that explains how to solve the problem!)

Note that cloning a package installation with dpkg --set-selections doesn’t restore the automatic/manual mark in APT. See Restoring all data and dependencies from dpkg –set-selections ‘*’ for more details. You can save the marks on the source system with

apt-mark showauto >auto.list

and restore them on the target system with

xargs apt-mark auto <auto.list
Categories: Système Tags: , ,

Faille de sécurité : MySQL peut donner les privilèges root à des hackers

18/01/2021 Aucun commentaire

Et il n’y a toujours pas de correctif

mysql hackMySQL fait partie des systèmes de gestion de bases de données les plus utilisés du monde, que ça soit par le grand public ou par les professionnels. De nombreuses entreprises comme Google, Facebook, Yahoo, YouTube, Adobe, l’utilisent encore pour gagner du temps et faire tourner leurs larges sites web, malgré l’émergence et la montée en puissance de nouvelles solutions, notamment les systèmes de gestion de bases de données NoSQL. MySQL est également plébiscité par les petites entreprises en raison de son prix d’implantation nettement inférieur, qui fait de ce système une solution simple et peu onéreuse à mettre en œuvre pour des applications non critiques.

Le chercheur de sécurité polonais Dawid Golunsku a dévoilé deux vulnérabilités dans MySQL, compromettant la sécurité des serveurs. Le chercheur a détaillé l’une des failles de sécurité et a décrit sa méthode d’exploitation. Oracle n’a toujours pas corrigé les deux vulnérabilités, malgré le fait qu’elles ont été signalées il y a plus de quarante jours.

La première vulnérabilité affecte « tous les serveurs MySQL en configuration par défaut dans toutes les versions de MySQL (5.7, 5.6 et 5.5), dont les dernières versions ». Les variantes liées à MySQL, MariaDB et PerconaDB, n’ont pas été épargnées par cette vulnérabilité, néanmoins, des correctifs leur ont été appliqués.

« Une exploitation réussie [de la vulnérabilité CVE-2016-6662] permettrait à un attaquant d’exécuter du code arbitraire avec les privilèges root, ce qui lui permettrait de compromettre entièrement le serveur », explique le chercheur. La faille CVE-2016-6662 peut être exploitée si un hacker a accès à une connexion authentifiée à une base de données MySQL (à travers une connexion réseau ou une interface web comme phpMyAdmin) ou une injection SQL, même avec les modules SELinux et AppArmor installés. Les attaquants peuvent injecter des réglages malicieux dans les fichiers de configuration MySQL, my.cnf, le but étant d’acquérir l’accès root et d’exécuter un code malicieux additionnel. Cette vulnérabilité fait surface 13 ans après qu’un correctif avait été déployé pour remédier à un problème similaire.

Le chercheur a révélé également l’existence d’une seconde faille, néanmoins il n’est pas entré en détail sur la méthode de son exploitation. « Il est à noter que des attaquants peuvent utiliser l’une des autres failles découvertes par l’auteur de ce bulletin, auquel a été assigné l’identifiant CVE CVE-2016-6663 et est en attente de publication. Cette faille facilite la création d’un fichier /var/lib/mysql/my.cnf au contenu arbitraire, sans besoin du privilège FILE ».

Oracle n’a toujours pas adressé officiellement ces vulnérabilités, même si un correctif de sécurité a été publié il y a quelques jours, afin de limiter le risque. Il parait qu’Oracle a secrètement corrigé quelques bogues révélés par Golunski, en limitant les emplacements valides pour charger une bibliothèque au démarrage du service incriminé et en empêchant la génération des fichiers de configuration .ini ou .cnf par la base de données. Même avec ce correctif (MySQL 5.6.33, 5.7.15 et 5.5.52 ?) , le risque reste élevé, surtout avec la persistance d’une deuxième faille non encore détaillée. Si Golunski a révélé l’existence de la vulnérabilité après un mois et demi, avec un prototype limité, c’est pour mettre en garde les utilisateurs afin qu’ils puissent se protéger.

Il faut rappeler que des forks de MySQL, comme par exemple MariaDB et PerconaDB, ont été aussi notifiés de l’existence de la vulnérabilité, et ont déjà pu déployer des correctifs pour corriger les deux failles.

Source : Legalhackers

What To Do When You Are Locked Out of WordPress Admin (wp-admin)

17/01/2021 Aucun commentaire

Locked-Out-of-WordPress-AdminThis past weekend, we had a user who was locked out of WordPress Admin panel of their site. While we had written numerous articles covering each specific issue, we realized that we should combine all of them at one place to make it easier for others. In this article, we will show you what to do when you are locked out of WordPress Admin (wp-admin), so you can regain access to your site.

There are few reasons why you could be locked out of WordPress admin, so let’s take a look at each of them one by one. Hopefully through this process of elimination, you will be able to figure out the solution for your problem.

Error Establishing Database Connection

Are you seeing this error on your entire site? The reason why you get this error is because WordPress is unable to establish a database connection. This could happen for various reasons. It could happen if your database got corrupted for some reason. It could happen if your web hosting server is having some issues. If this is your issue, then please refer to our guide on how to fix the error establishing database connection in WordPress.

White Screen of Death

Are you seeing a white screen on your WordPress admin? This issue is often referred to as the WordPress white screen of death. It usually happen because you exhausted the memory limit. It could be caused by a poorly coded plugin or theme. It could also be caused by unreliable web hosting. If you are seeing this error, then please refer to our guide on how to Fix the WordPress white screen of death.

Incorrect Password Issue

Sometimes, even when you are typing the correct username and password combination, you won’t be able to login. When you try to reset your password, you never receive the email. This can happen if you were a victim of a hack. We would recommend that you reset your WordPress password from phpMyAdmin.

This method can be a bit overwhelming for new users, but this is your best bet.

Lost Admin Privileges

Sometimes, you may be able to login to your WordPress admin, but you don’t see any of the admin functionality. For example, no plugins, no themes etc. This could happen if your user permissions were modified. Often this happen due to a hack. Hackers would infect your site, and then delete your admin privileges. In this case, you should add an admin user to the WordPress database via MySQL (phpMyAdmin).

PHP Errors (i.e Syntax error, unexpected function etc)

These PHP errors usually happen when you are pasting the code from a website. Often beginners use the built-in WordPress editor from their dashboard. While that feature is pretty handy, but if you don’t know what you are doing, then it can be a disaster. If you pasted a code from a website which locked you out of your WordPress admin, then the first thing you need to do is take a deep breath. Now the only way to fix this issue is using a FTP program (How to use FTP). Once you have installed the FTP program, login to your site. Go to the theme file that you modified. Most likely it was the functions.php file. Now get rid of the code that you added in there. Re-upload the file, and you should be good to go.

Before you go on the site and comment “this code broke my website”, please refer to our beginner’s guide to pasting snippets from the web into WordPress. This is just to prevent you from looking like a fool on the web. Often its hard to admit that the mistake might be yours, so make sure of that first before you point the finger at someone else.

Hopefully after going through all of these possible scenario’s, you have already fixed your site. If one of these solutions helped fix your issue, then please let us know in the comments. If you have a solution that is not mentioned in this article, then please share it in the comments as well.

 

Source: wpbeginner.com

Categories: Logiciel Tags:

How to Fix the WordPress White Screen of Death

17/01/2021 Aucun commentaire

WordPress-White-Screen-of-Death1If you have been using WordPress for a few years, then you have encountered the white screen of death at least once. The WordPress white screen of death is one of those extremely annoying problems like error establishing a database connection. The reason why this issue is frustrating for users is because it locks you out of your WordPress admin panel. Because there is no error output in most cases, you are left clueless to figure out what is the issue. The worst thing about white screen of death is that sometimes it will only affect a certain part of your site. For example, you may only see the white screen of death on your WordPress admin while everything else works fine. In other cases, you may only see it on a specific post whereas everything else runs just fine. In this article, we will show you how to fix the WordPress white screen of death by looking at a few possible solutions.

Note: Before you make any changes to your site, make sure you have sufficient backups.

Why do you get this error?

Majority of the time when you see a white screen of death, it means that you exhausted the memory limit. This could be caused by a plugin that you may be using that is not functioning properly. It could also be caused by a poorly coded theme that you are using. It could also mean that there is an issue with your web hosting server. Since the problem can be caused by any number of things, it may require a lot of troubleshooting.

Does the problem occur on your other sites?

If you have multiple sites, then the first thing you should do is to make sure that the white screen of death is happening across the board or just on this one domain. If the issue is with all of your sites, then it is a strong indicator that your web hosting provider is having some issues. However, if the issue is only with one of your sites, then this could be an issue with a plugin or theme that you are running. If the issue is only happening with a single post or page, then you know it is definitely a problem with your specific site.

Increasing the Memory Limit

Usually this issue happens because your memory is being exhausted. Use our tutorial on how to increase PHP memory in WordPress.

Disabling All Plugins

If increasing the memory limit did not help, or if you have a high memory limit like 256M or 512M, then you need to start troubleshooting. In our experience of troubleshooting this issue, we have always found that the issue is either with a specific plugin or a theme. Let’s go ahead and disable all the plugins.

Use these instructions on how to deactivate all WordPress plugins at once.

If this fixes the issue, then enable one plugin at a time to get to the bottom of the issue.

Replace Theme with a Default Theme

If the plugin troubleshooting doesn’t fix the issue, then you should try replacing your current theme with a default twenty ten theme. The best way to do this is by backing up your theme folder. Then deleting the theme. WordPress will automatically fall back to the default theme.

Alternatively, you can go in your phpMyAdmin and update the database tables in wp_options table. The following table names would have to be updated:

template, stylesheet, and current_theme. Change the value to twentyeleven.

If this fixes the issue, then you should look at your theme’s functions.php file. If there are extra spaces at the bottom, then you should consider fixing it. If you are using a poorly coded function in your theme’s functions.php file, then it can cause this as well.

Other Fixes

If none of the above fixes it, then you should try to re-install a fresh copy of WordPress. While it is unlikely, but it is always possible that a core file may have been corrupted.

You can also use the WordPress debug function to see what type of errors are being outputted. Add the following code in your wp-config.php file.

error_reporting(E_ALL); ini_set('display_errors', 1);
define( 'WP_DEBUG', true);
 

Once you add this, the blank screen will now have errors, warnings, and notices. These may be able to help you determine the root cause.

Sometimes, you may have access to the backend, but the front-end of the site has white screen of death. This can happen because of a caching plugin. Simply empty your cache.

If you have a white screen of death only on a very long post page, then you should also try to clearing cache. Another trick that we have found to work is increasing the recursion and backtrack limit. You can paste the following code in your wp-config.php file. Or in some servers you will be required to modify your PHP.INI file.

/** Trick for long posts */
ini_set('pcre.recursion_limit',20000000);
ini_set('pcre.backtrack_limit',10000000);
 

We understand that this is a very frustrating error, and we hope that one of the tricks above fixed the issue for you. What have you tried that seemed to work for you? If you found another solution to work, then please let us know. We would be happy to expand on this resource, so others do not have to waste as much time finding a solution.

 

Source: wpbeginner.com

Categories: Logiciel Tags: