Netcat on Debian Security advice please nc -(dknl) [closed]

This is with regards to a Netcat based script running on a Debian based distribution, specifically the Proxmox hypervisor (see here if unknown https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment)

I would need to run a script to start a Virtual Machine from a remote PC within the network. The script running on this Proxmox (Debian) distribution is as follows:

**nc -dknl -p 9 -u |**  stdbuf -o0 xxd -c 6 -p | stdbuf -o0 uniq | stdbuf -o0 grep -v 'ffffffffffff' | while read ; do MAC=$  {REPLY:0:2}:$  {REPLY:2:2}:$  {REPLY:4:2}:$  {REPLY:6:2}:$  {REPLY:8:2}:$  {REPLY:10:2}; echo Received Address: $  MAC if [ "$  MAC" == "0c:d2:92:48:68:9b" ] then echo STARTING VM! qm start 101   # Proxmox Command to start Virtual machine. fi done 

Could the Debian running above script be exploited, as Netcat listens on Port 9 UDP (it could of course listen to another port as well if I change that)? Naturally, anyone in the network could start a VM, but is there another risk?

Debian GUI programming question

I do not know how to correctly formulate the question. I have utilities on the bash, with communication with the user through zenity. It became a little crowded, and in general, I want the IDE, states, databases, tray icons

I look closely at PyQt. It seems like Qt will facilitate the creation of an interface and Python is a progressive language. Complexities and subtleties are not necessary, but ready-made ones would be welcome.

Or am I looking the wrong way?

Why is Debian not showing the GPG signatures on keys that Arch Linux is?

I downloaded a Qubes OS ISO and I’m trying to verify its legitimacy using this guide. GPG was behaving weirdly, so I created a separate user with a separate keyring to reproduce the issue.

When I try to verify the key on my Debian system, the signature on the release signing key is not there:

$   gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc gpg: directory '/home/test/.gnupg' created gpg: keybox '/home/test/.gnupg/pubring.kbx' created gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc' gpg: /home/test/.gnupg/trustdb.gpg: trustdb created gpg: key DDFA1A3E36879494: public key "Qubes Master Signing Key" imported gpg: Total number processed: 1 gpg:               imported: 1 $   gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc' gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported gpg: Total number processed: 1 gpg:               imported: 1 $   gpg --list-sigs "Qubes OS" pub   rsa4096 2017-03-06 [SC]       5817A43B283DE5A9181A522E1848792F9E2795E9 uid           [ unknown] Qubes OS Release 4 Signing Key sig 3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key $   

I expected another line with a signature from the master key, such as

sig          DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key 

Surprised, I decided to check on another system. This one is running Arch Linux. I trust it less than the Debian system. Perplexingly, the signature does show up — the output is just as above, but with the added signature line.

The GPG version is 2.2.17 on both machines.

What could be causing this discrepancy?

DEBIAN 10 UPDATING ISSUES

I have just done a clean installation of debian buster, and I’m having trouble with apt update (I’m posting this question to this community since ubuntu it’s just a distribution of debian, so i guessed somebody could help).

UPDATES PROBLEM

I run sudo apt update and I get this

    Ign:1 cdrom://[Debian GNU/Linux 10.1.0 _Buster_ - Official amd64 NETINST 20190908-01:07] buster InRelease Err:2 cdrom://[Debian GNU/Linux 10.1.0 _Buster_ - Official amd64 NETINST 20190908-01:07] buster Release   Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs Hit:3 http://deb.debian.org/debian buster InRelease               Ign:4 http://deb.debian.org/debian buster/updates InRelease       Hit:5 http://deb.debian.org/debian buster-updates InRelease Err:6 http://deb.debian.org/debian buster/updates Release   404  Not Found [IP: 151.101.132.204 80] Reading package lists... Done E: The repository 'cdrom://[Debian GNU/Linux 10.1.0 _Buster_ - Official amd64 NETINST 20190908-01:07] buster Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.debian.org/debian buster/updates Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list:3 and /etc/apt/sources.list:4 

Here you have the content of my sources.list

    #   deb cdrom:[Debian GNU/Linux 10.1.0 _Buster_ - Official amd64 NETINST 20190908-01:07]/ buster main deb cdrom:[Debian GNU/Linux 10.1.0 _Buster_ - Official amd64 NETINST 20190908-01:07]/ buster main  deb http://deb.debian.org/debian/ buster main deb-src http://deb.debian.org/debian/ buster main  deb http://deb.debian.org/debian/ buster/updates main deb-src http://deb.debian.org/debian/ buster/updates main  # buster-updates, previously known as 'volatile' deb http://deb.debian.org/debian/ buster-updates main deb-src http://deb.debian.org/debian/ buster-updates main  # This system was installed using small removable media # (e.g. netinst, live or single CD). The matching "deb cdrom" # entries were disabled at the end of the installation process. # For information about how to configure apt package sources, # see the sources.list(5) manual. 

I really can’t understand what’s the problem here, if these are the default sources that came with my clean installation inside the file, I changed nothing.

Can I create an uninstallable debian package which overwrite’s another package’s files?

I’m trying to create a Debian package which installs a custom keyboard layout. In order to do this, you need to modify two files in /usr/share/X11/xkb. So my package just includes the new versions of those files. When I try to install it, dpkg complains about conflicts with the xkeyboard package and won’t let me. I’m aware that I could use --force-overwrite to install it anyway, but I’m worried about uninstalling the package later. I’d like to create a Debian package with the following behavior:

  1. When installed, overwrites files belonging to another package.
  2. When uninstalled, files return to the state they were in before the installation.

Is this possible?

I want to install Ubuntu on my Google Coral. It comes with a custom derivative of Debian

I want to install Ubuntu on my Google Coral. It comes with a custom derivative of Debian. The OS that ships with it is pretty limited. I can’t do anything and a lot of things are missing. It would probably be easier to run the additional software they bundle with it on Ubuntu or maybe Ubuntu can use the TPU like an accelerator dongle.

Install Debian on a dedicated server remotely without sending any clear-text credentials

As stated in the title, are there any existing best practices to install Debian on a remote server, without sending clear text passwords over the link?

For example – a lot of dedicated server providers will give their customers direct access to the KVM of the supermicro board. This gives them a lot of choices – for example, I can mount any local ISO image as if it were in the CD drive.

However, installing Debian would be a no-go, because I’ll have to type in the root password during the setup, which an eavesdropper can read too.

My guess would be to create a pre-made installation image, with the SSH public key already installed. You would no longer rely on what’s on the KVM screen, but rather connect to the SSH service immediately. You’d still open yourself up to man in the middle attacks, since someone eavesdropping on the KVM connection could copy the public key and the hostkey, and intercept the connection, but I imagine it would be difficult to do in a timely fashion.

Is there any better way I am missing?

I can’t install electron for debian 10 [on hold]

I am new in Linux and I am working with debian10 When I’m trying to install electron by tutorialspoint.com website instructions and ran this code :

npm init // Then I entered the inputs  sudo npm install -g electron-prebuilt 

But It will give me an error. The whole output is like this :

npm WARN deprecated electron-prebuilt@1.4.13: electron-prebuilt has been renamed to electron. For more details, see http://electron.atom.io/blog/2016/08/16/npm-install-electron /usr/bin/electron -> /usr/lib/node_modules/electron-prebuilt/cli.js > electron-prebuilt@1.4.13 postinstall /usr/lib/node_modules/electron-prebuilt > node install.js  /usr/lib/node_modules/electron-prebuilt/install.js:22   throw err   ^  Error: EACCES: permission denied, mkdir '/usr/lib/node_modules/electron-prebuilt/.electron' npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! electron-prebuilt@1.4.13 postinstall: `node install.js` npm ERR! Exit status 1 npm ERR!  npm ERR! Failed at the electron-prebuilt@1.4.13 postinstall script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above.  npm ERR! A complete log of this run can be found in: npm ERR!     /root/.npm/_logs/2019-09-01T11_10_33_770Z-debug.log 

`