Hi, I have just installed a new Debian Etch server, supposed to replace a FreeBSD 6 server soon.
There are a few things I miss on the Debian box, and I wonder if there is a way of having that on Debian too: ------------ ------------ 1) First of all, there is a nice feature under FreeBSD: on a shell, command history can be filtered with a few characters, when using the up arrow. For example, if you rember you restarted a deamon before, you can type "/etc/i" and then press the up arrow key. Only past command that start with "/etc/i" appear, like "/etc/init.d/apache2 restart". ------------ ------------ 2) Under freebsd, ports can be checked against vulnerabilities with a simple command: -- Portaudit -Fda If there is anything wrong, you get: server# portaudit -Fda auditfile.tbz 100% of 42 kB 62 kBps New database installed. Database created: Fri Jun 15 09:10:07 CEST 2007 Affected package: awstats-6.6 Type of problem: awstats -- arbitrary command execution vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7 75d9.html> 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. -- Is there that on debian too? ------------ ------------ 3) Under FreeBSD, you get every morning a security output email, that shows all particular events that happend the day before. It looks like: -- Checking setuid files and devices: fstab: /etc/fstab:0: No such file or directory fstab: /etc/fstab:0: No such file or directory Checking for uids of 0: root 0 toor 0 Checking for passwordless accounts: ipfw: getsockopt(IP_FW_GET): Operation not permitted server.domain.ch kernel log messages: +++ /tmp/security.6sNnuaOZ Fri Jun 15 03:01:46 2007 +pid 38178 (httpd), uid 80: exited on signal 10 pid 38176 (httpd), uid +80: exited on signal 10 pid 38301 (httpd), uid 80: exited on signal 10 +pid 38080 (httpd), uid 80: exited on signal 10 Limiting closed port RST +response from 218 to 200 packets/sec Limiting closed port RST response +from 327 to 200 packets/sec Limiting closed port RST response from 278 +to 200 packets/sec pid 42633 (httpd), uid 80: exited on signal 10 pid +50555 (httpd), uid 80: exited on signal 10 pid 51336 (httpd), uid 80: +exited on signal 10 pid 51376 (httpd), uid 80: exited on signal 10 pid +38070 (httpd), uid 80: exited on signal 10 pid 38073 (httpd), uid 80: +exited on signal 10 pid 57535 (httpd), uid 80: exited on signal 10 pid +38081 (httpd), uid 80: exited on signal 10 pid 57653 (httpd), uid 80: +exited on signal 10 pid 62361 (httpd), uid 80: exited on signal 10 +em0: link state changed to DOWN +em0: link state changed to UP +em0: link state changed to DOWN +em0: link state changed to UP +pid 74513 (httpd), uid 80: exited on signal 10 pid 75974 (httpd), uid +80: exited on signal 10 pid 88387 (httpd), uid 80: exited on signal 10 +pid 89472 (httpd), uid 80: exited on signal 10 pid 86765 (httpd), uid +80: exited on signal 10 pid 87500 (httpd), uid 80: exited on signal 10 +pid 87906 (httpd), uid 80: exited on signal 10 pid 96385 (httpd), uid +80: exited on signal 10 pid 95468 (httpd), uid 80: exited on signal 10 server.domain.ch login failures: server.domain.ch refused connections: Jun 14 06:14:45 server sshd[80891]: refused connect from y246.yellow.fastwebserver.de (217.79.182.246) Jun 14 08:22:35 server sshd[88665]: refused connect from ahv250.internetdsl.tpnet.pl (83.16.203.250) Jun 14 08:24:55 server sshd[88740]: refused connect from eaf202.internetdsl.tpnet.pl (83.14.109.202) Jun 14 13:17:51 server sshd[53964]: refused connect from 67.104.242.30.ptr.us.xo.net (67.104.242.30) Checking for a current audit database: Database created: Thu Jun 14 09:10:02 CEST 2007 Checking for packages with security vulnerabilities: Affected package: awstats-6.6 Type of problem: awstats -- arbitrary command execution vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7 75d9.html> 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. -- End of security output -- Is there that on Debian too? ------------ ------------ Regards to all, Philippe Lang
