sudo-sys March 2023

sudo-sys@sudoroom.org

7 participants
9 discussions

Re: help setup apache2 on new sudogateway

by Sven Pedersen

I’m new here, but I build this kind of tech infrastructure in my job. I agree with Yardena that it makes sense not to put a web server function directly on an internet front line of defense; if possible you want it somewhere else to avoid opening holes for attackers. You can simply forward (proxy) the needed ports as suggested. If you’re wanting to retire the older server or just avoid complexity of maintaining them both that’s also reasonable, but it isn’t as safe in case Omni or Sudo Room become targets. As an alternative related to the earlier discussion about logging changes, it might make sense to use some infrastructure tools like cfengine to track changes as code and simultaneously make it possible to trivially rebuild a system if it fails, but maybe not yet as it isn’t familiar to everybody who might be helping. Sven

1 year, 8 months

omnidoor issues

by Jake

i got a call that the front door system wasn't working this morning and i guess something went wrong with the USB stuff, also I noticed a lot of stuff like this in syslog which i doubt is related: localhost avahi-daemon[647]: Invalid response packet from host 100.64.66.172. since it was fully clogging syslog (2-5 messages per minute?) I did /etc/init.d/avahi-daemon stop then I saw the reason doorjam was upset, which i believe was the USB hub having a bad day: localhost kernel: [1013706.296645] ftdi_sio ttyUSB0: ftdi_set_termios FAILED to set databits/stopbits/parity localhost kernel: [1013706.312473] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.312542] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.312573] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.312604] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.312629] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.312653] usb 1-1.1: usbfs: usb_submit_urb returned -19 localhost kernel: [1013706.317080] ftdi_sio ttyUSB0: ftdi_set_termios urb failed to set baudrate localhost node[10334]: Magstripe reader not found. Exiting. localhost kernel: [1013706.331416] ftdi_sio ttyUSB0: urb failed to clear flow control localhost kernel: [1013706.337926] ftdi_sio ttyUSB0: usb_serial_generic_submit_read_urb - usb_submit_urb failed: -19 localhost kernel: [1013706.348097] ftdi_sio ttyUSB0: error from flowcontrol urb localhost systemd[1]: doorjam.service: main process exited, code=exited, status=1 localhost systemd[1]: doorjam.service holdoff time over, scheduling restart. localhost systemd[1]: Unit doorjam.service entered failed state. localhost systemd[1]: doorjam.service start request repeated too quickly, refusing to start. so I rebooted it. But then it didn't come up on the network, so I asked Sierk to power cycle it, which he did (by unplugging and replugging both USB plugs from the white USB power supply) and then he tested that his card was working. and then I did rwroot chmod a-x /etc/init.d/avahi-daemon but I understand this will stop us broadcasting omnidoor.local until it's fixed. I also modified /etc/init.d/boot_scripts.sh to disable "timestamp" which was adjusting the system clock to May 15 2014 for no good reason. also, and this has been an issue for a while, ntpd fails when it runs (once at boot), even though it works if run after the network and dns is stable. It gets called from /etc/init.d/timesync it would be great if this system had reliable timestamps since we need to look at the log so much for door card activity (when people register new cards they tell us when they swiped their new card) anyone want to help? -jake

1 year, 8 months

https://sudoroom.org - SSL Certificate Valid!

by StatusCake Team

This is an HTML mail. Please use a mail-client that supports this message

1 year, 9 months

https://sudoroom.org - SSL Certificate Expiring Soon!

by StatusCake Team

This is an HTML mail. Please use a mail-client that supports this message

1 year, 9 months

please give me ssh access to the new router

by Yardena Cohen

I have been asking for access to the new router for a couple weeks now, and people told me it wasn't ready. Now I see it's apparently already operating? Please give me access. ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMr+EGaBTbbmdYesr/VrXeWjjILOA9zHxqq9ZA3N6nK yardenack(a)gmail.com

1 year, 9 months

help setup apache2 on new sudogateway

by Jake

Can someone tell me how to install apache2 on sudogateway so that I can copy over the CGI configs, and the scripts that open the doors? Or if you want to do that yourself and then let me know, that's fine. basically this is in /etc/apache2/sites-available/www.conf # Enable basic CGI with Basic Auth (only behind TLS) <Directory /home/web/cgi-bin> AuthType Basic AuthName "Blarg" AuthBasicProvider file AuthUserFile "/home/web/passwords" Require valid-user Options ExecCGI SetHandler cgi-script </Directory> and the files /home/web/passwords /home/web/accessadd.sh /home/web/cgi-bin/* I can do some of this myself but setting up apache2 with certbot for room.sudoroom.org to work would be a long shot for my first try, and i figured other people have more experience. -jake

1 year, 9 months

getting email bounces when people request a wiki account

by Jake

it seems like every time someone requests a wiki username on sudoroom.org/wiki, we get these bounce messages: <bullitt(a)elleko.net>: connect to elleko.net[154.212.119.153]:25: Connection timed out <mail(a)substack.net>: connect to substack.net[198.51.233.1]:25: Connection timed out so I guess there's something in the wiki config to send messages directly to those people when someone requests an account? And we should take those out. but i have no idea where to begin looking for that stuff, or whether i have permission to make changes (I do seem to have permission to approve new account requests though) how do I fix this? Unfortunately I can't bring substack back, and I don't know who bullitt is, so I guess we need to remove their emails from our system. -jake From MAILER-DAEMON(a)sudoroom.org Thu Mar 2 15:39:06 2023 Date: Thu, 2 Mar 2023 15:38:46 -0800 (PST) From: Mail Delivery System <MAILER-DAEMON(a)sudoroom.org> To: apache(a)sudoroom.org Subject: [sudo-info] Delayed Mail (still being retried) This is the mail system at host sudoroom.org. #################################################################### # THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # #################################################################### Your message could not be delivered for more than 3 hour(s). It will be retried until it is 2 day(s) old. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <mail(a)substack.net>: connect to substack.net[198.51.233.1]:25: Connection timed out [ Part 1.2: "Delivery report" ] Reporting-MTA: dns; sudoroom.org X-sudoroom-org-Queue-ID: 123A7C09A2 X-sudoroom-org-Sender: rfc822; apache(a)sudoroom.org Arrival-Date: Thu, 2 Mar 2023 11:59:46 -0800 (PST) Final-Recipient: rfc822; mail(a)substack.net Original-Recipient: rfc822;mail(a)substack.net Action: delayed Status: 4.4.1 Diagnostic-Code: X-sudoroom-org; connect to substack.net[198.51.233.1]:25: Connection timed out Will-Retry-Until: Sat, 4 Mar 2023 11:59:46 -0800 (PST) Return-Path: <apache(a)sudoroom.org> Received: by sudoroom.org (sudoroom.org, from userid 1001) id 123A7C09A2; Thu, 2 Mar 2023 11:59:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sudoroom.org; s=21sudo; t=1677787187; bh=HuIx6RhtxZjsnja1CO1JIXAshXh16GtXcLOprxq6GsQ=; h=To:Subject:From:Date:List-Unsubscribe:From; b=RKKMzmZVzlFXkQO/iqpvxpC9Cg4ANdmBkho0Oj2eAx7R+TR0ndsxWeLXeqW2Z9zF1 7dLSr5QNxCLUg72akA5gOwVcNo4MFmNdc0Grcw0QzkHd4Unw3rKSlMxMKsYrbYpH/X WTvFI57AofCaqoOElpHa/uQYu2GQ8RRxfTtPyvnzO6uVZ+8/8IQXX3kEZ8ii8MRDSV NLeP6nF3mRTJz02/7ApGmxCsimEoS1eLNC9GegH5Ksz3XJ0M4pfbnjCeFUZboHO1gl JzNHLXJk/4m1Qg4RoMBtv7gftWybhMQXHftWUKJbcCKGg6RQutLcUSs4zgzSHCtpXR 1XWxeC+jMZ6aQ== To: "Substack" <mail(a)substack.net> Subject: Sudo Room account request From: "Sudo Room" <apache(a)sudoroom.org> Date: Thu, 02 Mar 2023 11:59:46 -0800 Message-ID: <sudowiki-sw_.64010032deeb87.72013933(a)sudoroom.org> X-Mailer: MediaWiki mailer List-Unsubscribe: <https://sudoroom.org/wiki/Special:Preferences> MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit [ Part 2: "Attached Text" ] NOTE: emails to the Info list were sent to an individual email address (such as info(a)sudoroom.org) with the PRESUMPTION OF PRIVACY. They may include personal information which the sender would not have sent to a public list (such as sudo-discuss). If you must forward messages to a public list, please take great care to REMOVE SENSITIVE INFORMATION! _______________________________________________ Info mailing list -- info(a)sudoroom.org To unsubscribe send an email to info-leave(a)sudoroom.org From MAILER-DAEMON(a)sudoroom.org Thu Mar 2 15:39:43 2023 Date: Thu, 2 Mar 2023 15:38:46 -0800 (PST) From: Mail Delivery System <MAILER-DAEMON(a)sudoroom.org> To: apache(a)sudoroom.org Subject: [sudo-info] Delayed Mail (still being retried) This is the mail system at host sudoroom.org. #################################################################### # THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # #################################################################### Your message could not be delivered for more than 3 hour(s). It will be retried until it is 2 day(s) old. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <bullitt(a)elleko.net>: connect to elleko.net[154.212.119.153]:25: Connection timed out [ Part 1.2: "Delivery report" ] Reporting-MTA: dns; sudoroom.org X-sudoroom-org-Queue-ID: 529EFC09A4 X-sudoroom-org-Sender: rfc822; apache(a)sudoroom.org Arrival-Date: Thu, 2 Mar 2023 11:59:47 -0800 (PST) Final-Recipient: rfc822; bullitt(a)elleko.net Original-Recipient: rfc822;bullitt(a)elleko.net Action: delayed Status: 4.4.1 Diagnostic-Code: X-sudoroom-org; connect to elleko.net[154.212.119.153]:25: Connection timed out Will-Retry-Until: Sat, 4 Mar 2023 11:59:47 -0800 (PST) Return-Path: <apache(a)sudoroom.org> Received: by sudoroom.org (sudoroom.org, from userid 1001) id 529EFC09A4; Thu, 2 Mar 2023 11:59:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sudoroom.org; s=21sudo; t=1677787187; bh=HuIx6RhtxZjsnja1CO1JIXAshXh16GtXcLOprxq6GsQ=; h=To:Subject:From:Date:List-Unsubscribe:From; b=iae1vuBqU6Bih+k0qVVs6W71Z0SyinPLNmBAuSnjzPDYw9OgSxroJynUVamn3PvBi f0CwicEZHpzkFlQkAoS7nDRPDVYQKW2kFlbY925rNSaOYrBHbISJhIXT90UMePKaBb /nkGK2Ap3Qj+hZfT4Bm1xTknyq0/o1D/uXBmXDzhSPfp3RZEr+I7jM+D7DgtXFAAty J9KEvHkjIRmYKIcsrEv+X4HRzP+7mqW6ZAA73eu4othM1osqhhCkt2s/oJAfs5g1iI KQtQow4b++rATgK2ZGQADMYzFR4nF6PQ8c0dCNSeQ1jK4bm+U+4fDc54E31IzNEEBl 3X9nRfkTba5Qw== To: "Bb" <bullitt(a)elleko.net> Subject: Sudo Room account request From: "Sudo Room" <apache(a)sudoroom.org> Date: Thu, 02 Mar 2023 11:59:46 -0800 Message-ID: <sudowiki-sw_.64010032f3c4f6.90526151(a)sudoroom.org> X-Mailer: MediaWiki mailer List-Unsubscribe: <https://sudoroom.org/wiki/Special:Preferences> MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit [ Part 2: "Attached Text" ] NOTE: emails to the Info list were sent to an individual email address (such as info(a)sudoroom.org) with the PRESUMPTION OF PRIVACY. They may include personal information which the sender would not have sent to a public list (such as sudo-discuss). If you must forward messages to a public list, please take great care to REMOVE SENSITIVE INFORMATION! _______________________________________________ Info mailing list -- info(a)sudoroom.org To unsubscribe send an email to info-leave(a)sudoroom.org

1 year, 9 months

Sudo Room account request

by Sudo Room

Jcadle has requested an account and is waiting for confirmation. The email address has been confirmed. You can confirm the request here: https://sudoroom.org/wiki/Special:ConfirmAccounts

1 year, 9 months

Cron <www-data@sudoroom> [ -f /usr/bin/django-admin ] && flock -n /var/run/mailman3-web/cron.monthly /usr/share/mailman3-web/manage.py runjobs monthly

by root＠sudoroom.org

ERROR OCCURED IN JOB: update_and_clean_index (APP: hyperkitty) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django_extensions/management/commands/runjobs.py", line 40, in runjobs job().execute() File "/usr/lib/python3/dist-packages/hyperkitty/jobs/update_and_clean_index.py", line 37, in execute run_with_lock(update_index, remove=True) File "/usr/lib/python3/dist-packages/hyperkitty/lib/utils.py", line 181, in run_with_lock log.exception("Failed to update the fulltext index: %s", e) File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 447, in __exit__ self.unlock() File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 398, in unlock raise NotLockedError('Already unlocked') flufl.lock._lockfile.NotLockedError: Already unlocked

1 year, 9 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

sudo-sys March 2023