Archive

Articles taggués ‘apt-get’

How to configure iptables to use apt-get in a server

02/04/2019 9 commentaires

Source: serverfault.com

I’m starting using iptables (newbie) to protect a linux server (specifically Debian 5.0). Before I configure the iptables settings, I can use apt-get without a problem. But after I configure the iptables, the apt-get stop working. For example I use this script in iptables:

#!/bin/sh
IPT=/sbin/iptables

## FLUSH
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 22 -j ACCEPT

$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 443 -j ACCEPT

# Allow FTP connections @ port 21
$IPT -A INPUT  -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow Active FTP Connections
$IPT -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT 

# Allow Passive FTP Connections
$IPT -A INPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED,RELATED -j ACCEPT 

#DNS
$IPT -A OUTPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT

$IPT -A INPUT -p tcp --dport 1:1024
$IPT -A INPUT -p udp --dport 1:1024

$IPT -A INPUT -p tcp --dport 3306 -j DROP
$IPT -A INPUT -p tcp --dport 10000 -j DROP
$IPT -A INPUT -p udp --dport 10000 -j DROP

then when I run apt-get I obtain:

core:~# apt-get update
0% [Connecting to ftp.us.debian.org] [Connecting to security.debian.org] [Conne

and it stalls. What rules I need to configure to make it works.

Thanks

Addendum:

After some attempts, I find that the problem is in the INPUT policy, and not in the OUTPUT one, if a modify the $IPT -P OUTPUT to $IPT -P OUTPUT ACCEPT the problem remains. But if I change the $IPT -P INPUT to $IPT -P INPUT ACCEPT then it start to work.

Debian / Ubuntu: apt-get Force Reinstall Package

06/01/2019 Comments off

Source: nixCraft

I am a new Debian Linux v.7.x / Ubuntu Linux LTS user. How do I reinstall a package using apt-get command line?

The Advanced Packaging Tool (APT) works on both Debian / Ubuntu and it can handle the installation and removal of software. You need use apt-get command as follows to forcefully reinstall package. The syntax is:

apt-get --reinstall install PackageNameHere

OR

apt-get --reinstall install Package1 Package2

The --reinstall option re-install packages that are already installed and at the newest version.

Pro tip: Backup configuration files before you reinstall packages. For example, if you are reinstalling nginx web server package, backup /etc/nginx/ with cp command i.e. mkdir /root/nginx.mmddyyyy/; cp -avr /etc/nginx/* /root/nginx.mmddyyy/

Examples

The following command will reinstall rsync package. Open a terminal and then type:
$ sudo apt-get --reinstall install rsync
OR
# apt-get --reinstall install rsync
Sample outputs:

apt-get-reinstall-command

Fig.01: Debian / Ubuntu Linux reinstall a package using apt-get command

If above method failed for you, try the following syntax. Make sure you backup config file before typing the following commands. Please note that the --purge option is identical to remove except that packages are removed and purged including any configuration files are deleted too.

 
sudo apt-get --purge remove package1
sudo apt-get install package1
Categories: Système Tags: , , ,

Debian Linux apt-get package management cheat sheet

03/01/2019 Comments off

Source: nixCraft

Both Debian and Ubuntu Linux provides a number of package management tools. This article summaries package management command along with it usage and examples for you.

  • apt-get : APT is acronym for Advanced Package Tool. It supports installing packages over internet using ftp or http protocols. You can also upgrade all packages in a single operations, which makes it even more attractive.
  • dpkg : Debian packaging tool which can be use to install, query, uninstall packages.

Gui tools: You can also try GUI based or high level interface to the Debian GNU/Linux package system. Following list summaries them:

  • aptitude: It is a text-based interface to the Debian GNU/Linux package system.
  • synaptic: GUI front end for APT

Red hat Linux package names generally end in .rpm, similarly Debian package names end in .deb, for example:

apache_1.3.31-6_i386.deb

Where,

  1. apache : Package name
  2. 1.3.31-6 : Version number
  3. i386 : Hardware Platform on which this package will run (i386 == intel x86 based system)
  4. .deb : Extension that suggest it is a Debian package

Remember, whenever I refer .deb file it signifies complete file name, and whenever I refer package name it must be first part of .deb file. For example, when I refer to a package sudo it means sudo only and not the .deb file i.e. sudo_1.6.7p5-2_i386.deb. You can find out debian package name with the following command:

apt-cache search {package-name}
apt-cache search apache

Finally, most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell. Lire la suite…

Categories: Système Tags: , , , , ,

Clone Your Ubuntu installation

07/12/2018 Comments off

If you want to create a system that is similar to a different system you have already set up, it can be difficult to remember each and every package you had installed.This method works best when you are exporting to and importing from the same distribution and, specifically, the same releasefor example, exporting from Ubuntu Dapper to Ubuntu Dapper or ubuntu edgy to ubuntu edgy.

Ubuntu uses the APT package management system which handles installed packages and their dependencies. If we can get a list of currently installed packages you can very easily duplicate exactly what you have installed now on your new machine. Below is a command you can use to export a list of your installed packages.

sudo dpkg --get-selections | grep '[[:space:]]install$='| awk '{print $1}' > installedpackages
Now you should end up with a file called “installedpackages” which consists of a long list of every package your currently have installed.

The next step would be to tell the clone machine to install each of those packages. You’ll have to copy that file to the clone machine (via network, usb drive, email, etc) and also make sure to duplicate the /etc/apt/sources.list file. Without the same access to repositories it may not be able to find the packages.

To tell your system to use the previously exported package list use the following command (after making sure to also clone your /etc/apt/sources.list file).

Update the source list using the following command

sudo aptitude update

Import the package list using the following command

cat installedpackages | xargs sudo aptitude install

 

dpkg –set-selections results in “warning: package not in database….”

29/11/2018 Comments off

When you want to restore your packages that you’ve backup-ed with :

sudo dpkg --get_selections > selections.txt

And when you restore them with:

dpkg --set-selections < selections.txt

And the result is a whole bunch of warnings like “warning: package blabla not in database….”

Then theres a easy fix:

$ sudo apt-get install dselect
$ sudo dselect 
 -> Update
 -> Install
Categories: Système Tags: , , ,