Archive

Articles taggués ‘apt-get’

Dupliquer un système Debian / Ubuntu

26/09/2018 Comments off

Dupliquer un système consiste à installer, sur une machine, exactement les mêmes paquets que sur une autre. La technique n’a rien de nouveau en soi, mais il est toujours bon de la rappeler. Sous les dérivés de Debian, “dpkg” permet d’effectuer cette opération rapidement.

Sur la machine à dupliquer, exporter la liste des paquets installés :

# dpkg --get-selections > lstpkg.dpkg

Sur la machine à installer, commencez par poser un système minimal (installation via le CD-Rom “businesscard” sans sélectionner aucun groupe de paquets). Copiez la liste des paquets exportée depuis la machine à dupliquer et importez la dans le gestionnaire de paquets local :

# dpkg --set-selections < lstpkg.dpkg

puis lancez l’installation des paquets ainsi sélectionnés :

# apt-get dselect-upgrade

Note 1 : si vous souhaitez des machines réellement identique, commencez par copier “/etc/passwd” et “/etc/group” de la machine à dupliquer sur la machine cible afin que les programmes installés utilisent les mêmes UIDs et GIDs (exemple : bind, apache, etc…).

Note 2 : Lors de la sauvegarde des configurations de serveurs, conserver un export de la liste des paquets installés sur chacun d’eux peut faire gagner beaucoup de temps en cas de problème…

Source: admin-linux.fr

How can I find out if a specific program is installed?

07/11/2016 Comments off

there’s always apt-cache policy <package-name> (no sudo needed).

Not installed:

olivier@neews:/$ apt-cache policy gnuift
 gnuift:
   Installed: (none)
   Candidate: 0.1.14-11
   Version table:
      0.1.14-11 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/universe amd64 Packages

Installed:

olivier@neews:/$ apt-cache policy firefox
 firefox:
   Installed: 8.0+build1-0ubuntu0.11.10.3
   Candidate: 8.0+build1-0ubuntu0.11.10.3
   Version table:
  *** 8.0+build1-0ubuntu0.11.10.3 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages
         500 http://archive.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages
         100 /var/lib/dpkg/status
      7.0.1+build1+nobinonly-0ubuntu2 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages

Or dpkg: dpkg -l | grep -E '^ii' | grep <package name>. When it’s not installed it won’t show output. When it is, it’ll show something like:

olivier@neews:~$ dpkg -l | grep -E '^ii' | grep firefox
 ii  firefox                                                     8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla
 ii  firefox-branding                                            8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - transitional package
 ii  firefox-globalmenu                                          8.0+build1-0ubuntu0.11.10.3                            Unity appmenu integration for Firefox
 ii  firefox-gnome-support                                       8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - GNOME support
 ii  firefox-locale-en                                           8.0+build1-0ubuntu0.11.10.3                            English language pack for Firefox
It's obviously a fuzzier search but handy if you're not sure which package you're looking for.
 
 For manually installed things...
 
 A bit harder but if they're on the current path, you could just run them. That's a bit of mission so I'd rather just run:
 
 oli@bert:/$ which chromium-browser
 /usr/bin/chromium-browser

And:

oli@bert:/$ which gnuift
# returns nothing

Which is better?

That depends on the sanity of user. There’s nothing to stop somebody installing something called chromium-browser that isn’t Chromium. They could even package it up incorrectly and install that. Neither method can be 100% certain.

But assuming the owner is sane – packages should be good enough for most people.

Categories: Système Tags: , , ,

How do I replicate installed package selections from one Debian system to another? (Debian Wheezy)

07/11/2016 Comments off

To clone a Debian installation, use the apt-clone utility. It’s available (as a separate package, not part of the default installation) in Debian since wheezy and in Ubuntu since 12.04. On the existing machine, run

apt-clone clone foo

This creates a file foo.apt-clone.tar.gz. Copy it to the destination machine, and run

apt-get install apt-clone
apt-clone restore foo.apt-clone.tar.gz

If you’re working with an old system where apt-clone isn’t available, or if you just want to replicate the list of installed packages but not any configuration file, here are the manual steps.

  • On the source machine:
cat /etc/apt/sources.list /etc/apt/sources.list.d >sources.list
pkg --get-selections >selections.list
apt-mark auto >auto.list
  • On the target machine:
cp sources.list /etc/apt/
apt-get update
/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/
dpkg --set-selections <selections.list
apt-get dselect-upgrade
xargs apt-mark auto <auto.list

I believe that you’re affected by an incompatible change in dpkg that first made it into wheezy. See bug #703092 for background.

The short story is that dpkg --set-selections now only accepts package names that are present in the file /var/lib/dpkg/status or /var/lib/dpkg/available. If you only use APT to manage packages, like most people, then /var/lib/dpkg/available is not kept up-to-date.

After running apt-get update and before running dpkg --set-selections and apt-get -u dselect-upgrade, run the following command:

apt-cache dumpavail >/tmp/apt.avail
dpkg --merge-avail /tmp/apt.avail

From jessie onwards, you can simplify this to

apt-cache dumpavail | dpkg --merge-avail

Alternatively, run

/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/

or even simpler

apt-get install dctrl-tools
sync-available

Another simple method that doesn’t require installing an additional package but will download the package lists again is

dselect update

See the dpkg FAQ for more information. (This is mentioned in the dpkg man page, but more in a way that would remind you of the issue if you were already aware, not in a way that explains how to solve the problem!)

Note that cloning a package installation with dpkg --set-selections doesn’t restore the automatic/manual mark in APT. See Restoring all data and dependencies from dpkg –set-selections ‘*’ for more details. You can save the marks on the source system with

apt-mark showauto >auto.list

and restore them on the target system with

xargs apt-mark auto <auto.list
Categories: Système Tags: , ,

25 Useful Basic Commands of APT-GET and APT-CACHE for Package Management

08/05/2016 Comments off

This article explains how quickly you can learn to install, remove, update and search software packages using apt-get and apt-cache commands from the command line. This article provides some useful commands that will help you to handle package management in Debian/Ubuntu based systems.

APT-GET and APT-CACHE Commands

What is apt-get?

The apt-get utility is a powerful and free package management command line program, that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform installation of new software packages, removing existing software packages, upgrading of existing software packages and even used to upgrading the entire operating system.

What is apt-cache?

The apt-cache command line tool is used for searching apt software package cache. In simple words, this tool is used to search software packages, collects information of packages and also used to search for what available packages are ready for installation on Debian or Ubuntu based systems.

APT-CACHE – 5 Useful Basic Commands

1. How Do I List All Available Packages?

To list all the available packages, type the following command.

$ apt-cache pkgnames
esseract-ocr-epo
pipenightdreams
mumudvb
tbb-examples
libsvm-java
libmrpt-hmtslam0.9
libboost-timer1.50-dev
kcm-touchpad
g++-4.5-multilib
...

2. How Do I Find Out Package Name and Description of Software?

To find out the package name and with it description before installing, use the ‘search‘ flag. Using “search” with apt-cache will display a list of matched packages with short description. Let’s say you would like to find out description of package ‘vsftpd‘, then command would be.

$ apt-cache search vsftpd
vsftpd - lightweight, efficient FTP server written for security
ccze - A robust, modular log coloriser
ftpd - File Transfer Protocol (FTP) server
yasat - simple stupid audit tool

To find and list down all the packages starting with ‘vsftpd‘, you could use the following command.

$ apt-cache pkgnames vsftpd
vsttpd

3. How Do I Check Package Information?

For example, if you would like to check information of package along with it short description say (version number, check sums, size, installed size, category etc). Use ‘show‘ sub command as shown below.

$ apt-cache show netcat
Package: netcat
Priority: optional
Section: universe/net
Installed-Size: 30
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Ruben Molina <rmolina@udea.edu.co>
Architecture: all
Version: 1.10-40
Depends: netcat-traditional (>= 1.10-39)
Filename: pool/universe/n/netcat/netcat_1.10-40_all.deb
Size: 3340
MD5sum: 37c303f02b260481fa4fc9fb8b2c1004
SHA1: 0371a3950d6967480985aa014fbb6fb898bcea3a
SHA256: eeecb4c93f03f455d2c3f57b0a1e83b54dbeced0918ae563784e86a37bcc16c9
Description-en: TCP/IP swiss army knife -- transitional package
 This is a "dummy" package that depends on lenny's default version of
 netcat, to ease upgrades. It may be safely removed.
Description-md5: 1353f8c1d079348417c2180319bdde09
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu

4. How Do I Check Dependencies for Specific Packages?

Use the ‘showpkg‘ sub command to check the dependencies for particular software packages. whether those dependencies packages are installed or not. For example, use the ‘showpkg‘ command along with package-name.

$ apt-cache showpkg vsftpd
Package: vsftpd
Versions: 
2.3.5-3ubuntu1 (/var/lib/apt/lists/in.archive.ubuntu.com_ubuntu_dists_quantal_main_binary-i386_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/in.archive.ubuntu.com_ubuntu_dists_quantal_main_binary-i386_Packages
                  MD5: 81386f72ac91a5ea48f8db0b023f3f9b
 Description Language: en
                 File: /var/lib/apt/lists/in.archive.ubuntu.com_ubuntu_dists_quantal_main_i18n_Translation-en
                  MD5: 81386f72ac91a5ea48f8db0b023f3f9b

Reverse Depends: 
  ubumirror,vsftpd
  harden-servers,vsftpd
Dependencies: 
2.3.5-3ubuntu1 - debconf (18 0.5) debconf-2.0 (0 (null)) upstart-job (0 (null)) libc6 (2 2.15) libcap2 (2 2.10) libpam0g (2 0.99.7.1) libssl1.0.0 (2 1.0.0) libwrap0 (2 7.6-4~) adduser (0 (null)) libpam-modules (0 (null)) netbase (0 (null)) logrotate (0 (null)) ftp-server (0 (null)) ftp-server (0 (null)) 
Provides: 
2.3.5-3ubuntu1 - ftp-server 
Reverse Provides:

Lire la suite…

Categories: Système Tags: , ,

How to configure iptables to use apt-get in a server

04/03/2016 9 commentaires

Source: serverfault.com

I’m starting using iptables (newbie) to protect a linux server (specifically Debian 5.0). Before I configure the iptables settings, I can use apt-get without a problem. But after I configure the iptables, the apt-get stop working. For example I use this script in iptables:

#!/bin/sh
IPT=/sbin/iptables

## FLUSH
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 22 -j ACCEPT

$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 443 -j ACCEPT

# Allow FTP connections @ port 21
$IPT -A INPUT  -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow Active FTP Connections
$IPT -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT 

# Allow Passive FTP Connections
$IPT -A INPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED,RELATED -j ACCEPT 

#DNS
$IPT -A OUTPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT

$IPT -A INPUT -p tcp --dport 1:1024
$IPT -A INPUT -p udp --dport 1:1024

$IPT -A INPUT -p tcp --dport 3306 -j DROP
$IPT -A INPUT -p tcp --dport 10000 -j DROP
$IPT -A INPUT -p udp --dport 10000 -j DROP

then when I run apt-get I obtain:

core:~# apt-get update
0% [Connecting to ftp.us.debian.org] [Connecting to security.debian.org] [Conne

and it stalls. What rules I need to configure to make it works.

Thanks

Addendum:

After some attempts, I find that the problem is in the INPUT policy, and not in the OUTPUT one, if a modify the $IPT -P OUTPUT to $IPT -P OUTPUT ACCEPT the problem remains. But if I change the $IPT -P INPUT to $IPT -P INPUT ACCEPT then it start to work.

Categories: Réseau, Sécurité Tags: , ,