headers
croco | 13 May 2013 10:18
Favicon

Anyone has Owl image for Raspberry Pi?

Colleagues,

despite that ARM is not mentioned at
http://www.openwall.com/Owl/ARCHITECTURES.shtml, I recall someone in the
past reported some experiments with Owl on ARM.  I wonder now whether
anyone tried to bring Owl up on Raspberry Pi.  Actually, what I need is a
(tiny, and definitely console-only) OS for Raspberry Pi being used as a
controlling computer in applications such as smart house, and it seems to
me that Owl is natural choice.

So, if there are any results so far in this area, please point me on them; 
if there are none, I'm going to try to build Owl for Raspberry Pi myself,
and in this case I'd be pleased for any tips and advices.  I only would
like to confirm I will not repeat someone else's work doing that.

Please note I've got an image of Debian for Raspberry Pi which is already
up and running; however, I doubt whether it is wise to use the Raspberry Pi
board itself for building a whole distro :) (well, as a last resort I'd do
even that).

Thanks!

--
Croco
Permalink | Reply | 0 comments |
headers
misha shiposh | 7 May 2013 15:45
Picon

software raid with device busy status

Good day, guys!
 
I was wander, if there are any faq or guides of how to totally destroy raid array?
 
In my case I'll trying in a virtual sandbox to emulate this thing, without success...
 
After I create software raid 1, I'll try to delete it with the following steps:
 
Also this raid is root for my os,
 
first delete one of disk
mdadm --manage /dev/md0 --fail /dev/hda1
mdadm --manage /dev/md0 --remove /dev/hda1
 
then if I try to stop array md0 it says that it's busy.... no wonder...
then I'll try to boot from removed disk and after that totally removing raid.
 
and no success!
 
stopping raid says it's busy, other way trying to delete the second disk without any result because of device is busy...
 
is there any way to totally destroy raid ?
 
 
Thanks!
 
 
 
 
 
Permalink | Reply | 2 comments |
headers
Zenny | 4 May 2013 15:45
Picon

Owl encrypted / and tcplay

Hi:

Is there a way to encrypt Owl / with aes-xts-plain64 which can be
remotely authenticated remotely for decryption (like using dropbear in
initrd or mandos server-client mechanism in debian using hooks)?

Also interested in tcplay, but would be nice to know to securely
integrated with Owl 3.0.

Thanks!
Permalink | Reply | 4 comments |
headers
Zenny | 4 May 2013 15:41
Picon

openvz kernel

Hi:

In Owl 3.0 there is 2.6.18-348.3.1.el5.028stab106.2 kernel and vzctl
is 3.0.23. This has some limitations like vswap (--ram and --swap
parameters) which is not available below 3.0.30
(http://wiki.openvz.org/Vswap).

Is it ideal to update to RHEL6 kernels from openvz? If yes, how is
that accomplished in Owl? Is there a specific way to do so?

Thanks!
Permalink | Reply | 3 comments |
headers
Solar Designer | 11 Apr 2013 14:07
Favicon

Owl-current and 3.0-stable 2013/04/08 snapshot

Hi,

A few days ago, we've released new snapshots of Owl-current and Owl
3.0-stable, as usual including ISO images, OpenVZ container templates,
binary packages for i686 and x86_64, and full sources:

http://www.openwall.com/Owl/

The Linux kernel has been rebased on the latest from OpenVZ's
RHEL5-based branch (RHEL 5.9-based currently), thereby fixing a number
of vulnerabilities including the PTRACE_SETREGS vs. process death race
condition (CVE-2013-0871), which could allow for a local root compromise
and OpenVZ container escape.  (However, the risk probability might have
been low due to the race being difficult to win.)

GnuPG has been updated to 1.4.13, which fixes a memory corruption bug
(CVE-2012-6085).  The bug allowed an attacker to crash gpg(1) and
corrupt the public keyring database file.  Arbitrary code execution was
not possible because the attacker cannot control the corrupted data.
The corrupted data is stored in the keyring file, so the DoS effect is
persistent, but the keyring can be manually restored by recovering from
the pubring.gpg~ backup file (which is created by gpg(1) itself).

In Owl 3.0-stable, both of the above changes have been merged (although
the kernel has fewer features enabled than Owl-current's), and
additionally the earlier xinetd security update from Owl-current and
some glibc bugfixes have been merged.  Owl 3.0-stable's kernel is now
compressed with Zopfli (pigz -11) instead of gzip -9.

More detail is available in the change logs:

http://www.openwall.com/Owl/CHANGES-current.shtml
http://www.openwall.com/Owl/CHANGES-3.0-stable.shtml

There's one known regression in Owl-current as compared to 3.0-stable:
the strace program fails to work against 32-bit x86 program binaries.
Indeed, we're going to correct this.

This Owl-current update is a lot more conservative than what we've been
planning to have by this date.  Frankly, progress has been slow.  We did
prepare an experimental update of Owl to RHEL6'ish kernels, and it was
in fact committed, but in light of severe security issues discovered in
the Linux kernel we chose to temporarily revert the major update and to
provide the security fixes on top of a more stable system first.

Alexander
Permalink | Reply | 18 comments |
headers
а х | 20 Feb 2013 08:49
Picon

Manage network interfaces

Hello,
Can you tell me, please how to manage interfaces in OWL. For example, I need eth0 to become eth1 and eth1 become eth0. As I see not with udev? And parameter HWADDR in ifcfg scripts does not help.
Or show me, please, doc about this tip.
Thank you!

Permalink | Reply | 2 comments |
headers
Zenny | 3 Jan 2013 20:34
Picon

/etc/inittab exisits, yet reports none!

Hi,

I installed Owl-3_0-stable version on a separate /boot usb stick and /
in a hdd. After installation, boot halts reporting 'INIT: no inittab
file found \n Enter run level:' I entered 3 and it errored back:
'INIT: no more processes left in this run level'.

I tried to boot live iso in rescue mode, but reported kernel panic. So
I booted again in safe mode from the live iso image. Checked
/etc/inittab in the installed /etc (I allocated a separate partition
for /etc) directory and the file /etc/inittab duly exists.

What could be the problem?

/zenny
Permalink | Reply | 1 comment |
headers
Zenny | 3 Jan 2013 11:20
Picon

virtualization in openwall

Zdrasdsviche!

Belated happy new year 2013 to all Owl team!

BTW, I would like to know whether anyone has experience with
virtualization like xen or kvm with xen in Owl?

The reason I am asking is because a Polish distro Qubes-OS claims it
is secured. And I could not find anything more secured than Owl. If
xen or kvm with qemu be integrated to Owl, how will it scale in terms
of performance and security?

Any inputs would be appreciated! Spacibo bolshoi!

/zenny
Permalink | Reply | 2 comments |
headers
David Parrish | 18 Dec 2012 23:10
Picon

Re: Owl kickstart - Owl-current (VirtualBox Guest Additions)

I like that idea, but for now I'm still stuck trying to get guest additions working with Owl.  I tried Owl-current today and I had compile errors building the guest additions.  I copied the kernel and patch and applied the patch to the kernel source before trying to build the guest additions.  Here is a snippet of what I tried and the output I got.

echo "Install virtualbox guest additions"
cd /usr/src/
unxz patch-308.11.1.el5.028stab102.1-combined.xz
patch -p0 <patch-308.11.1.el5.028stab102.1-combined
mv linux-2.6.18 linux
cd /usr/src/linux
yes "" | make oldconfig
yes "" | make prepare
yes "" | make modules_prepare
cd ~
mount -o loop VBoxGuestAdditions_4.1.22.iso /mnt
sh /mnt/VBoxLinuxAdditions.run

Output from the /var/log/vbox-install.log file: http://bpaste.net/show/65251/

The tail of the output is:

In file included from /tmp/vbox.0/r0drv/linux/the-linux-kernel.h:89:0,
                 from /tmp/vbox.0/vfsmod.h:21,
                 from /tmp/vbox.0/vfsmod.c:31:
include/linux/pagemap.h: In function 'fault_in_pages_readable':
include/linux/pagemap.h:227:16: warning: variable 'c' set but not used [-Wunused-but-set-variable]
/tmp/vbox.0/vfsmod.c: In function 'sf_read_super_aux':
/tmp/vbox.0/vfsmod.c:293:5: error: 'struct inode' has no member named 'u'
/tmp/vbox.0/vfsmod.c: In function 'sf_clear_inode':
/tmp/vbox.0/vfsmod.c:361:12: error: 'struct inode' has no member named 'u'
/tmp/vbox.0/vfsmod.c:368:5: error: 'struct inode' has no member named 'u'
make[2]: *** [/tmp/vbox.0/vfsmod.o] Error 1
make[1]: *** [_module_/tmp/vbox.0] Error 2
make: *** [vboxsf] Error 2

At this point I'm at a loss.  I'm not sure if I have the right source, or if VirtualBox Guest Additions are incompatible with Owl.  Unless someone has an idea of what to try next, I'll probably just go with CentOS.

I appreciate the help so far!
David
Permalink | Reply | 1 comment |
headers
David Parrish | 17 Dec 2012 19:00
Picon

Owl2 VirtualBox Guest additions

I'm having some trouble getting VirtualBox Guest Additions installed on an Owl2 VM.  I have installed the kernel headers and I'm using the VirtualBox image VBoxGuestAdditions_4.1.22.iso.


Here is my script for installing the additions and the error messages:

vagrant!root:~# mount -o loop VBoxGuestAdditions_$VBOX_VERSION.iso /mnt
vagrant!root:~# sh /mnt/VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.1.22 Guest Additions for Linux.........
VirtualBox Guest Additions installer
Removing installed version 4.1.22 of VirtualBox Guest Additions...
modprobe: Can't open dependencies file /lib/modules/2.4.32-ow1/modules.dep (No such file or directory)
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules
The headers for the current running kernel were not found. If the following
module compilation fails then this could be the reason.

Not building the VirtualBox advanced graphics driver as this Linux version is
too old to use it.
Building the main Guest Additions module ...fail!
(Look at /var/log/vboxadd-install.log to find out what went wrong)
Doing non-kernel setup of the Guest Additions ...done.
Installing the Window System drivers ...fail!
(Could not find the X.Org or XFree86 Window System.)
vagrant!root:~# cat /var/log/vboxadd-install.log 
/tmp/vbox.0/Makefile.include.header:100: Warning: using /usr/src/linux as the source directory of your Linux kernel. If this is not correct, specify KERN_DIR=<directory> and run Make again.
/tmp/vbox.0/Makefile.include.header:126: *** Unable to find the folder to install the module to.  Stop.
Creating user for the Guest Additions.

Are there any suggestions for installing the Guest Additions on Owl2?

Thanks,
David




Permalink | Reply | 4 comments |
headers
Jon Hermansen | 15 Dec 2012 22:21
Picon

OWL development snapshots on an ALIX 2d2 board

Hey all,
 I've been lurking here for a bit. I was quite excited by the prospect of a software firewall stack based on RHEL. One of the issues I encountered with CentOS when trying it with my ALIX 2D2 was that EL6 no longer supports any processor less than an i686 (which the AMD Geode is almost, except it doesn't support the nopl instruction).

I see on the main page mentions of an i386 kernel. Can anyone tell me if they've tried this kernel recently? And possibly on a Geode processor?

Permalink | Reply | 1 comment |

Gmane