Bug#729900: courier-authdaemon: Postfix - SASL authentication failure
I'm sorry the posted script have some mistakes. Attached is the script /etc/init.d/courier-authdaemon with a better solution to the reported problem that uses a dedicated function postfix_check(). Guido Bozzetto. #! /bin/sh -e # ### BEGIN INIT INFO # Provides: courier-authdaemon # Required-Start:$remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO prefix="/usr" exec_prefix=${prefix} sysconfdir="/etc/courier" sbindir="${exec_prefix}/sbin" daemonscript="${sbindir}/authdaemond" rundir_courier="/var/run/courier" rundir="/var/run/courier/authdaemon" pidfile="${rundir}/pid" . /lib/lsb/init-functions # Check for a leftover init script if [ ! -x $daemonscript ]; then exit 0 fi #== Postfix chrooted ==#+20131117 postfix_check() { local PFINIT=/etc/init.d/postfix local PFMASTER=/etc/postfix/master.cf local PFSMTPD=/etc/postfix/sasl/smtpd.conf if [ -s $PFINIT ] && [ -s $PFMASTER ] ; then # Use Postfix if [ "$(/usr/bin/awk '$1~/^smtp$/ && $8~/smtpd/ {print $5} ' $PFMASTER)0" != "n0" ] then # chroot: Yes if [ -s $PFSMTPD ] && [ "0$(/bin/sed -n \ -e '/^authdaemond_path:/s,.\+:\s*,,p' $PFSMTPD)" = "0$rundir/socket" ] && [ ! -L $rundir ] then /bin/rm -fr $rundir && /bin/ln -s /var/spool/postfix/$rundir $rundir_courier fi else # chroot: No if [ -L $rundir ] ;then /bin/rm -fr $rundir fi fi # Postfix chrooted ? fi # Use Postfix } # postfix_check() #-- Postfix chrooted --# case "$1" in start) # Start daemon. cd / log_daemon_msg "Starting Courier authentication services" "authdaemond" if [ ! -d "$rundir_courier" ]; then mkdir -m 0775 $rundir_courier chown daemon:daemon $rundir_courier # set file context for SELinux (#668564) [ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier fi postfix_check if [ ! -d "$rundir" ]; then mkdir -m 0750 $rundir chown daemon:daemon $rundir # set file context for SELinux (#668564) [ -x /sbin/restorecon ] && /sbin/restorecon $rundir fi $daemonscript start log_end_msg 0 ;; stop) # Stop daemon. cd / log_daemon_msg "Stopping Courier authentication services" "authdaemond" $daemonscript stop log_end_msg 0 ;; restart|force-reload) $0 stop $0 start ;; status) status_of_proc -p "$pidfile" "" "authdaemond" && exit 0 || exit $? ;; *) echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 exit 2 ;; esac exit 0
Bug#729900: courier-authdaemon: Postfix - SASL authentication failure
Package: courier-authdaemon Version: 0.63.0-6+b1 Severity: minor Tags: patch Dear Maintainer, with updating system from Debian 6.0.8 to 7.2 the Postfix authentication don't work. courier-authdaemon authenticate the system's users that are used to send email from external on SMTP connections. The postfix logs reporting: postfix/smtpd[]: warning: SASL authentication failure: cannot connect to Courier authdaemond: Connection refused postfix/smtpd[]: warning: X[Y.Z.J.K]: SASL LOGIN authentication failed: generic failure The solution is: rm -r /var/run/courier/authdaemon ln -s /var/spool/postfix/var/run/courier/authdaemon /var/run/courier because postfix, in the standard installation, is in a chroot environment. I propose a solution that make the job automagically. Modify the courier-authdaemon start up script in the following manner: ~# diff -c /etc/init.d/courier-authdaemon /etc/init.d/courier-authdaemon_orig *** /etc/init.d/courier-authdaemon 2013-11-18 18:48:58.868867113 +0100 --- /etc/init.d/courier-authdaemon_orig 2012-06-09 18:45:14.0 +0200 *** *** 35,50 # set file context for SELinux (#668564) [ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier fi - #== Postfix chroot ==# - if _PFIX=/etc/postfix/master.cf && [ -s $_PFIX ] && - [ "$(/usr/bin/awk '$1~/^smtp$/ && $8~/smtpd/ {print $5} -' $_PFIX)" != "n" ] && - _PFIX=/etc/postfix/sasl/smtpd.conf && - [ ! -L $rundir ] - then - /bin/ln -s /var/spool/postfix/$rundir $rundir_courier - fi - #-- Postfix chroot --# if [ ! -d "$rundir" ]; then mkdir -m 0750 $rundir chown daemon:daemon $rundir --- 35,40 Thank you, Guido. -- System Information: Debian Release: 7.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages courier-authdaemon depends on: ii courier-authlib 0.63.0-6+b1 ii lsb-base 4.1+Debian8+deb7u1 courier-authdaemon recommends no packages. courier-authdaemon suggests no packages. -- Configuration Files: /etc/courier/authdaemonrc [Errno 13] Permesso negato: u'/etc/courier/authdaemonrc' /etc/init.d/courier-authdaemon changed: prefix="/usr" exec_prefix=${prefix} sysconfdir="/etc/courier" sbindir="${exec_prefix}/sbin" daemonscript="${sbindir}/authdaemond" rundir_courier="/var/run/courier" rundir="/var/run/courier/authdaemon" pidfile="${rundir}/pid" . /lib/lsb/init-functions if [ ! -x $daemonscript ]; then exit 0 fi case "$1" in start) # Start daemon. cd / log_daemon_msg "Starting Courier authentication services" "authdaemond" if [ ! -d "$rundir_courier" ]; then mkdir -m 0775 $rundir_courier chown daemon:daemon $rundir_courier # set file context for SELinux (#668564) [ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier fi if _PFIX=/etc/postfix/master.cf && [ -s $_PFIX ] && [ "$(/usr/bin/awk '$1~/^smtp$/ && $8~/smtpd/ {print $5} ' $_PFIX)" != "n" ] && _PFIX=/etc/postfix/sasl/smtpd.conf && [ ! -L $rundir ] then /bin/ln -s /var/spool/postfix/$rundir $rundir_courier fi if [ ! -d "$rundir" ]; then mkdir -m 0750 $rundir chown daemon:daemon $rundir # set file context for SELinux (#668564) [ -x /sbin/restorecon ] && /sbin/restorecon $rundir fi $daemonscript start log_end_msg 0 ;; stop) # Stop daemon. cd / log_daemon_msg "Stopping Courier authentication services" "authdaemond" $daemonscript stop log_end_msg 0 ;; restart|force-reload) $0 stop $0 start ;; status) status_of_proc -p "$pidfile" "" "authdaemond" && exit 0 || exit $? ;; *) echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 exit 2 ;; esac exit 0 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#612405: aide: Configuration error on bind9 LowLogs
Package: aide Version: 0.15.1-2 Severity: normal Tags: patch On the aide upgrade the package don't work. The error is: ~# aide.wrapper --verbose=255 ... 221:@@ifdef BINDCHROOT 222:Variable substitution 222:Selrule 222:Error in expression:�g Configuration error The problem is in the file: /etc/aide/aide.conf.d/31_aide_bind9 where there is the wrong line: @@{BINDCHROOT}/dev/log$ LowLogs while the correct, I suppose, is: @@{BINDCHROOT}/dev/log$ LowLog Thank you, Guido Bozzetto. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (560, 'stable'), (545, 'proposed-updates'), (540, 'stable'), (460, 'testing'), (445, 'testing-proposed-updates'), (440, 'testing'), (20, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages aide depends on: ii aide-common0.15.1-2 Advanced Intrusion Detection Envir ii bsd-mailx 8.1.2-0.20100314cvs-1 simple mail user agent ii liblockfile1 1.08-4NFS-safe locking library, includes ii ucf3.0025+nmu1 Update Configuration File: preserv Versions of packages aide recommends: ii cron 3.0pl1-116 process scheduling daemon aide suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#600586: open-vm-tools: Solved VMXNET2 network adapter functionality
Package: open-vm-tools Severity: normal With the kernel 2.6.32-5-686 2.6.32-27 the ethernet network adapter VMXNET 2 (Enhanced) work. Thank you. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-tools depends on: ii libc6 2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib ii libfuse2 2.8.4-1.1 Filesystem in USErspace library ii libgcc11:4.4.5-4 GCC support library ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libicu44 4.4.1-6 International Components for Unico ii libstdc++6 4.4.5-4 The GNU Standard C++ Library v3 Versions of packages open-vm-tools recommends: ii ethtool 1:2.6.34-3 display or change Ethernet device ii open-vm-source 2010.06.16-268169-3 Source for VMware guest systems dr ii zerofree 1.0.1-2 zero free blocks from ext2/3 file- Versions of packages open-vm-tools suggests: ii open-vm-toolbox 2010.06.16-268169-3 tools and components for VMware gu -- Configuration Files: /etc/vmware-tools/tools.conf changed: -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#600586: open-vm-tools: vmxnet_init_ring alloc_page failed with kernel 2.6.32-25
Package: open-vm-tools Version: 2010.06.16-268169-3 Severity: normal After the last upgrade of the system the network do not start. The error appears in the networking startup script execution is: eth0: vmxnet_init_ring alloc_page failed. SIOCSIFFLAGS: Cannot allocate memory with the old kernel: 2.6.32-23 (linux-image-2.6.32-5-686) the vmxnet module work correctly. I've the "VMXNET 2 (Enhanced)" network adapter configured in the virtual guest. The "Flexible" network adapter, that use the pcnet32 module, work correctly. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-tools depends on: ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib ii libfuse2 2.8.4-1.1 Filesystem in USErspace library ii libgcc1 1:4.4.5-2 GCC support library ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libicu44 4.4.1-6International Components for Unico ii libstdc++64.4.5-2The GNU Standard C++ Library v3 Versions of packages open-vm-tools recommends: ii ethtool 1:2.6.34-3 display or change Ethernet device ii open-vm-source 2010.06.16-268169-3 Source for VMware guest systems dr ii zerofree 1.0.1-2 zero free blocks from ext2/3 file- Versions of packages open-vm-tools suggests: ii open-vm-toolbox 2010.06.16-268169-3 tools and components for VMware gu -- Configuration Files: /etc/vmware-tools/tools.conf changed: -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#580868: correct cron.d/mdadm suggest
Package: mdadm Version: 3.0.3-2 Severity: normal I suggest the following line into the /etc/cron.d/mdadm file: 57 0 * * 0 root if [ -x /usr/share/mdadm/checkarray ] && [ $(date +\%d) -le 7 ];then /usr/share/mdadm/checkarray --cron --all --quiet;fi If the test is false the exit status is false (0). -- Package-specific info: WARNING: the following output was not generated by the root user. If you can, please replace the following up until "-- System Information:" with the output of /usr/share/bug/mdadm/script 3>&1 run as root. Thanks! --- mount output /dev/mapper/Cosmo-ROOT on / type ext3 (rw,user_xattr,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) /dev/mapper/Cosmo-home on /home type jfs (rw,nosuid,nodev) /dev/mapper/ctmp on /tmp type ext2 (rw,noexec,nosuid,nodev) /dev/mapper/Cosmo-usr on /usr type ext3 (rw) /dev/mapper/Cosmo-var on /var type ext3 (rw,noexec,nosuid,nodev) /tmp on /var/tmp type none (rw,noexec,nosuid,nodev,bind) fusectl on /sys/fs/fuse/connections type fusectl (rw) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev) /dev/mapper/Crypto-SPACE on /opt/space type jfs (rw,noexec,nosuid,nodev) /dev/mapper/Crypto-uCosmo on /opt/uCosmo type jfs (ro) /dev/md0 on /opt/uCosmo/boot type ext2 (ro,noexec,nosuid,nodev) /tmp on /opt/uCosmo/tmp type none (rw,noexec,nosuid,nodev,bind) /tmp on /opt/uCosmo/var/tmp type none (rw,noexec,nosuid,nodev,bind) proc-uCosmo on /opt/uCosmo/proc type proc (rw) /dev on /opt/uCosmo/dev type none (rw,bind,mode=0755) /dev/pts on /opt/uCosmo/dev/pts type none (rw,noexec,nosuid,bind,gid=5,mode=620) //sys03/Da_stampare on /media/gb/sys03/Da_stampare type cifs (rw,mand,noexec,nosuid,nodev) //dcgc01/inasset on /media/gb/dcgc01/inasset type cifs (rw,mand,noexec,nosuid,nodev) /home/gb/.Private on /home/gb/Private type ecryptfs (ecryptfs_sig=24c920f75c6a4c43,ecryptfs_cipher=aes,ecryptfs_key_bytes=16) --- mdadm.conf # mdadm.conf # # Please refer to mdadm.conf(5) for information about this file. # # by default, scan all partitions (/proc/partitions) for MD superblocks. # alternatively, specify devices to scan, using wildcards if desired. DEVICE partitions # auto-create devices with Debian standard permissions CREATE owner=root group=disk mode=0660 auto=yes # automatically tag new arrays as belonging to the local system HOMEHOST # instruct the monitoring daemon where to send mail alerts MAILADDR root # definitions of existing MD arrays ARRAY /dev/md0 level=raid1 num-devices=2 UUID=77e326dc:6e14c11b:a651d75b:f1f14b73 ARRAY /dev/md1 level=raid1 num-devices=2 UUID=c0c625ce:7ef2335f:3f11248e:bd61a445 ARRAY /dev/md2 level=raid1 num-devices=2 UUID=f79c8b36:3fe6f14a:6a040ff2:21c20a6f # This file was auto-generated on Wed, 30 Jul 2008 11:10:52 + # by mkconf $Id$ --- /proc/mdstat: Personalities : [raid1] md2 : active raid1 sda3[0] sdb3[1] 49705024 blocks [2/2] [UU] md1 : active raid1 sda2[0] sdb2[1] 28314496 blocks [2/2] [UU] md0 : active raid1 sda1[0] sdb1[1] 128384 blocks [2/2] [UU] unused devices: --- /proc/partitions: major minor #blocks name 8 16 78150744 sdb 8 17 128488 sdb1 8 18 28314562 sdb2 8 19 49705110 sdb3 80 78156288 sda 81 128520 sda1 82 28314562 sda2 83 49705110 sda3 84 1 sda4 85 7969 sda5 90 128384 md0 91 28314496 md1 92 49705024 md2 2530 749568 dm-0 25318982528 dm-1 25322097152 dm-2 2533 11972608 dm-3 2534 589824 dm-4 25353919872 dm-5 25363919872 dm-6 2537 589824 dm-7 2538 49703996 dm-8 25396754304 dm-9 253 10 42946560 dm-10 --- initrd.img-2.6.32-5-amd64: 63723 blocks b03f089e64c85ce3e1db4f77c9af2a3b ./etc/mdadm/mdadm.conf 17311b7efaf3bcd78a295df0066ccf10 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/raid6_pq.ko ad9c9f0bc8b1505d2c9f1649b96874d3 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-mod.ko 72540066781e37234f9eeedb655b1c80 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-crypt.ko 7b5f5120b51c864c3acb6c3dd165e63a ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-snapshot.ko 1a410ee1543901e87ed8fb7534ac4d33 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-log.ko 3a5180278967756089c2c03b0aa7e764 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-region-hash.ko e497019adf1ad00831a3e0f193590395 ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-mirror.ko b38eb108e73b8e19e422bbe46c43ccfd ./lib/modules/2.6.32-5-amd64/kernel/drivers/md/md-mod.ko 33d4ea150792de2399e676f
Bug#581160: open-vm-source: compile(install) fails on pvscsi.o inexistent file
Package: open-vm-source Version: 2010.04.25-253928-1 Severity: grave Justification: renders package unusable open-vm module compiling fails with: ~# M=open-vm;m-a update;m-a clean $M;m-a prepare $M;m-a -t build $M ... # Installing the modules set -e; for MODULE in pvscsi vmblock vmci vmhgfs vmmemctl vmsync vmxnet vsock; \ do \ install -D -m 0644 modules/linux/$MODULE.o debian/open-vm-modules-2.6.32-3-amd64/lib/modules/2.6.32-3-amd64/misc/$MODULE.ko; \ done install: impossibile eseguire stat di "modules/linux/pvscsi.o": No such file or directory make[1]: *** [binary-modules] Error 1 make[1]: Leaving directory `/usr/src/modules/open-vm' make: *** [kdist_build] Error 2 BUILD FAILED! See /var/cache/modass/open-vm-source.buildlog.2.6.32-3-amd64.1273565546 for details. ~$ tail -n 5 /var/cache/modass/open-vm-source.buildlog.2.6.32-3-amd64.1273565546 done install: impossibile eseguire stat di "modules/linux/pvscsi.o": No such file or directory make[1]: *** [binary-modules] Error 1 make[1]: Leaving directory `/usr/src/modules/open-vm' make: *** [kdist_build] Error 2 Guido. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-source depends on: ii bzip2 1.0.5-4high-quality block-sorting file co ii debhelper 7.4.19 helper programs for debian/rules ii make 3.81-8 An utility for Directing compilati ii quilt 0.48-7 Tool to work with series of patche Versions of packages open-vm-source recommends: ii module-assistant 0.11.3 tool to make module package creati ii open-vm-tools2010.04.25-253928-1 tools and components for VMware gu Versions of packages open-vm-source suggests: ii open-vm-toolbox 2010.04.25-253928-1 tools and components for VMware gu -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#577163: Impossible boot ordering info in init.d script
Package: open-vm-tools Version: 2010.03.20-243334-4 Severity: normal The open-vm-tools also load the network kernel module "vmxnet" that is necessary to configure the network so I think that the correct startup is in the S level/directory: # Required-Start: $local_fs # X-Start-Before: $network # X-Stop-After: $network # Default-Start:S Guido Bozzetto -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (990, 'testing-proposed-updates'), (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-3-686 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-tools depends on: ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libfuse2 2.8.1-1.2 Filesystem in USErspace library ii libgcc1 1:4.4.2-9 GCC support library ii libglib2.0-0 2.24.0-1 The GLib library of C routines ii libicu42 4.2.1-3International Components for Unico ii libstdc++64.4.2-9The GNU Standard C++ Library v3 Versions of packages open-vm-tools recommends: ii ethtool 1:2.6.33-1 display or change Ethernet device ii open-vm-source 2010.03.20-243334-4 Source for VMware guest systems dr ii zerofree 1.0.1-2 zero free blocks from ext2/3 file- Versions of packages open-vm-tools suggests: pn open-vm-toolbox(no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#574553: PostInst fails (err. 2). "awk: fatal: ( o \(desemparejados: /(md/"
Package: initramfs-tools Version: 0.93.4 Severity: normal ~# LANG=C dpkg --configure initramfs-tools update-initramfs: Generating /boot/initrd.img-2.6.32-3-amd64 awk: fatal: Unmatched ( or \(: /(hd/ I've lilo and grub2 together for backup. For me a working solution is to modify the line 192 from: && groot=$(awk '/^set root=/{print substr($2, 7, 3); exit}' \ to: && groot=$(awk '/^set root=/{print substr($2, 7, length($2)-7); exit}' \ I do not know if this is correct anyway so the correct part of the string is interpreted without the final "'": ~# LANG=C dpkg --configure initramfs-tools update-initramfs: Generating /boot/initrd.img-2.6.32-3-amd64 Warning: '/proc/partitions' does not match '/dev' directory structure. ... 7 warnings were issued. ~# dpkg -l initramfs-tools Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Nome Versione Descrizione +++-==-==- ii initramfs-tool 0.93.4 tools for generating an initramfs Thanks, Guido Bozzetto. -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=(hd0,1)/vmlinuz root=UUID=773e7969-3634-4445-98cd-c3aebd7e2784 ro -- /proc/filesystems ext4 ext2 ext3 -- lsmod Module Size Used by sha256_generic 8644 4 ppdev 5030 0 lp 7462 0 autofs420629 5 nfsd 252838 13 exportfs3122 1 nfsd nfs 239263 0 lockd 57203 2 nfsd,nfs fscache29786 1 nfs nfs_acl 2031 2 nfsd,nfs auth_rpcgss33444 2 nfsd,nfs sunrpc159873 13 nfsd,nfs,lockd,nfs_acl,auth_rpcgss ipt_REDIRECT 17 xt_owner1063 4 ipt_REJECT 1953 3 ipt_LOG 4486 35 xt_limit1782 25 nf_nat_ftp 1919 0 nf_conntrack_ftp5473 1 nf_nat_ftp xt_state1303 123 xt_tcpudp 2287 431 iptable_mangle 2817 0 iptable_filter 2258 1 iptable_nat 4299 1 ip_tables 13675 3 iptable_mangle,iptable_filter,iptable_nat nf_nat 13212 3 ipt_REDIRECT,nf_nat_ftp,iptable_nat x_tables 12653 9 ipt_REDIRECT,xt_owner,ipt_REJECT,ipt_LOG,xt_limit,xt_state,xt_tcpudp,iptable_nat,ip_tables nf_conntrack_ipv4 9753 126 iptable_nat,nf_nat nf_conntrack 46295 6 nf_nat_ftp,nf_conntrack_ftp,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4 nf_defrag_ipv4 1139 1 nf_conntrack_ipv4 quota_v22637 4 quota_tree 6051 1 quota_v2 ext3 106278 1 jbd36813 1 ext3 ext2 52953 2 cryptd 5286 0 aes_x86_64 7340 7 aes_generic25714 1 aes_x86_64 cbc 2507 5 dm_crypt 10491 5 dm_snapshot18425 0 dm_mirror 10843 0 dm_region_hash 6648 1 dm_mirror dm_log 7381 2 dm_mirror,dm_region_hash dm_mod 53306 14 dm_crypt,dm_snapshot,dm_mirror,dm_log snd_pcsp6579 0 snd_pcm60263 1 snd_pcsp snd_timer 15406 1 snd_pcm i2c_piix4 8328 0 serio_raw 3752 0 parport_pc 18855 1 snd45822 3 snd_pcsp,snd_pcm,snd_timer parport27666 3 ppdev,lp,parport_pc psmouse49505 0 soundcore 4566 1 snd container 2389 0 i2c_core 15216 1 i2c_piix4 evdev 7336 0 snd_page_alloc 6169 1 snd_pcm shpchp 26216 0 processor 30135 0 ac 2192 0 pci_hotplug21171 1 shpchp ext4 284811 14 mbcache 4970 3 ext3,ext2,ext4 jbd2 66759 1 ext4 crc16 1319 1 ext4 sd_mod 29465 21 crc_t10dif 1276 1 sd_mod ide_pci_generic 2788 0 ata_generic 2983 0 libata131655 1 ata_generic mptspi 11185 18 mptscsih 15768 1 mptspi mptbase48046 2 mptspi,mptscsih scsi_transport_spi 18566 1 mptspi piix4568 0 floppy 49087 0 intel_agp 25593 1 ide_core 76578 2 ide_pci_generic,piix button 4634 0 scsi_mod 121509 5 sd_mod,libata,mptspi,mptscsih,scsi_transport_spi e1000 85437 0 thermal11610 0 fan
Bug#568480: libpam-cracklib: Solve "libpam.so.0 required by pam_cracklib.so"
Package: libpam-cracklib Severity: normal Restarting cron: /etc/init.d/cron restart solve the problem. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-cracklib depends on: ii cracklib-runtime 2.8.15-6+b1 runtime support for password check ii libc62.10.2-2GNU C Library: Shared libraries ii libcrack22.8.15-6+b1 pro-active password checker librar ii libpam-runtime 1.1.1-1 Runtime support for the PAM librar ii libpam0g 1.1.1-1 Pluggable Authentication Modules l ii witalian [wordlist] 1.7.3-0.1 The Italian dictionary words for / libpam-cracklib recommends no packages. libpam-cracklib suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#564069: open-vm-tools daemon start only on X11
Package: open-vm-tools Version: 2009.12.16-217847-1 Severity: important At system start-up the open-vm-tools daemon don't start while the vm modules are correctly loaded. After some test I observed that without X the open-vm-tools don't work: server:~# /etc/init.d/open-vm-tools restart Stopping open-vm guest daemon: vmtoolsd/etc/init.d/open-vm-tools: line 49: kill: (16571) - No such process . Removing open-vm-tools modules: vmhgfs vmmemctl vmsync. Loading open-vm-tools modules: vmhgfs vmmemctl vmsync. Starting open-vm daemon: vmtoolsd. X11 connection rejected because of wrong authentication. server:~# ps ax|grep vm 21090 ?S< 0:00 [vmmemctl] while with an X11 active environment: server:~# export XAUTHORITY=~user/.Xauthority server:~# /etc/init.d/open-vm-tools restart Stopping open-vm guest daemon: vmtoolsd/etc/init.d/open-vm-tools: line 49: kill: (21099) - No such process . Removing open-vm-tools modules: vmhgfs vmmemctl vmsync. Loading open-vm-tools modules: vmhgfs vmmemctl vmsync. Starting open-vm daemon: vmtoolsd. panama:~# ps ax|grep vm 22697 ?S< 0:00 [vmmemctl] 22706 ?S 0:00 /usr/bin/vmtoolsd --plugin-path /etc/vmware-tools/plugins Obviously when finish the ssh session on server and so close the X11 output on my client machine the vmtoolsd daemon dies :-(( -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (990, 'testing-proposed-updates'), (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.31-1-686 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-tools depends on: ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libgcc1 1:4.4.2-8 GCC support library ii libglib2.0-0 2.22.3-1 The GLib library of C routines ii libicu42 4.2.1-3International Components for Unico ii libstdc++64.4.2-8The GNU Standard C++ Library v3 Versions of packages open-vm-tools recommends: ii ethtool 6+20091202-1display or change Ethernet device ii open-vm-source 2009.12.16-217847-1 Source for VMware guest systems dr ii zerofree 1.0.1-2 zero free blocks from ext2/3 file- Versions of packages open-vm-tools suggests: ii open-vm-toolbox 2009.12.16-217847-1 tools and components for VMware gu -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#555322: open-vm-source: Error on compiling: vmmemctl/os.c error expected ... before OS_Identity
Package: open-vm-source Version: 2009.10.15-201664-1 Severity: important Justification: fails to build from source It is not possible to make the modules: # m-a update # m-a clean # m-a a-i open-vm then fails with the following messages: ... make[4]: Entering directory `/usr/src/linux-headers-2.6.30-2-686' CC [M] /usr/src/modules/open-vm/modules/linux/vmmemctl/os.o /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:290: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'OS_Identity' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:356: error: expected ')' before 'handle' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:383: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'OS_ReservedPageAlloc' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:413: error: expected ')' before 'handle' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:439: error: conflicting types for 'OS_TimeStart' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.h:56: error: previous declaration of 'OS_TimeStart' was here /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:604: error: conflicting types for 'OS_Init' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.h:39: error: previous declaration of 'OS_Init' was here /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c: In function 'init_module': /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:677: error: implicit declaration of function 'Baloon_ModuleInit' /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:677: error: 'BALLOON_SUCCESS' undeclared (first use in this function) /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:677: error: (Each undeclared identifier is reported only once /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:677: error: for each function it appears in.) /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c: In function 'cleanup_module': /usr/src/modules/open-vm/modules/linux/vmmemctl/os.c:692: error: implicit declaration of function 'Baloon_ModuleCleanup' *** [/usr/src/modules/open-vm/modules/linux/vmmemctl/os.o] Error 1 *** [_module_/usr/src/modules/open-vm/modules/linux/vmmemctl] Error 2 *** [sub-make] Error 2 *** [all] Error 2 The last working version for me the compiles with 2.6.30-2-686 is the 2009.08.24-187411-1. The last open-vm-modules that I have compiled successfully is: open-vm-modules-2.6.30-2-686_2009.08.24-187411-1+2.6.30-8_i386.deb Thank you, Guido. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages open-vm-source depends on: ii bzip2 1.0.5-3high-quality block-sorting file co ii debhelper 7.4.3 helper programs for debian/rules ii make 3.81-6 An utility for Directing compilati ii quilt 0.48-2 Tool to work with series of patche Versions of packages open-vm-source recommends: ii module-assistant 0.11.1 tool to make module package creati ii open-vm-tools2009.10.15-201664-1 tools and components for VMware gu Versions of packages open-vm-source suggests: ii open-vm-toolbox 2009.10.15-201664-1 tools and components for VMware gu -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#548996: libpam-cracklib: Log message: `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so)
Package: libpam-cracklib Version: 1.1.0-4 Severity: minor After the packages upgrade appears on auth.log file the following messages: Sep 27 04:15:01 debian CRON[30595]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:15:01 debian CRON[30595]: PAM adding faulty module: /lib/security/pam_cracklib.so Sep 27 04:15:01 debian CRON[30594]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:15:01 debian CRON[30594]: PAM adding faulty module: /lib/security/pam_cracklib.so Sep 27 04:15:01 debian CRON[30598]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:15:01 debian CRON[30598]: PAM adding faulty module: /lib/security/pam_cracklib.so Sep 27 04:16:01 debian CRON[30626]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:16:01 debian CRON[30626]: PAM adding faulty module: /lib/security/pam_cracklib.so Sep 27 04:17:01 debian CRON[30649]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:17:01 debian CRON[30649]: PAM adding faulty module: /lib/security/pam_cracklib.so Sep 27 04:18:01 debian CRON[30693]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/libpam.so.0: version `LIBPAM_EXTENSION_1.1' not found (required by /lib/security/pam_cracklib.so) Sep 27 04:18:01 debian CRON[30693]: PAM adding faulty module: /lib/security/pam_cracklib.so in the /etc/pam.d there is: debian:~# grep cracklib /etc/pam.d/* /etc/pam.d/common-password:password requisite pam_cracklib.so retry=3 minlen=8 difok=3 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-cracklib depends on: ii cracklib-runtime 2.8.13-12 runtime support for password check ii libc6 2.9-25 GNU C Library: Shared libraries ii libcrack2 2.8.13-12 pro-active password checker librar ii libpam-runtime1.1.0-4Runtime support for the PAM librar ii libpam0g 1.1.0-4Pluggable Authentication Modules l ii wamerican [wordlist] 6-3American English dictionary words ii witalian [wordlist] 1.7.3-0.1 The Italian dictionary words for / libpam-cracklib recommends no packages. libpam-cracklib suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#485397: ipmasq: hangs on post.inst configure step
Package: ipmasq Version: 4.0.8-5 Severity: minor Tags: patch After package installation/update in the post installation script: /var/lib/dpkg/info/ipmasq.postinst configure the system hangs with: The following partially installed packages will be configured: ipmasq Configuro ipmasq (4.0.8-5) ... "ps axu" show the following problem: root 21948 0.7 2.1 14612 11216 pts/1S+ 10:14 0:00 /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/ipm root 21957 0.0 0.0 0 0 pts/1Z+ 10:14 0:00 [ipmasq.postinst] The solution is to login into another terminal and manually do: server:~# ipmasq and the installation script correctly finish. Thank you, Guido Bozzetto. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages ipmasq depends on: ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii iptables 1.4.0-4administration tools for packet fi ipmasq recommends no packages. -- debconf information: ipmasq/external-rules-moved: true * ipmasq/start-location: After network interfaces are brought up ipmasq/dpkg-conffiles: * ipmasq/ppp-turn-off: ipmasq/old-ipmasq.conf: true ipmasq/old-rc.boot-file: true * ipmasq/start: true ipmasq/ppp-turn-on: ipmasq/move-ipmasq.rules: true * ipmasq/ppp-recompute: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#483359: spamassassin: Use of uninitialized value $vpopdir
Package: spamassassin Version: 3.2.4-2 Severity: normal Tags: patch With vpopmail configuration (/etc/default/spamassassin): ENABLED=1 CRON=yes NICE="--nicelevel 5" TMPDIR=/var/tmp/spamd OPTIONS="--nouser-config --create-prefs --max-children=32 --min-children=6 --min-spare=4 --max-spare=8 --syslog-socket=unix" # Cfr.: /usr/share/doc/spamassassin/README.spamd-vpopmail OPTIONS="${OPTIONS} -v -u vpopmail" when arrive a valid message the mail.log reports: spamd[4943]: spamd: connection from localhost [127.0.0.1] at port 50132 spamd[4943]: Use of uninitialized value $vpopdir in concatenation (.) or string at /usr/sbin/spamd line 2106, line 2. spamd[4943]: Can't exec "/bin/vuserinfo": No such file or directory at /usr/sbin/spamd line 2106, line 2. spamd[4943]: Use of uninitialized value $vpopdir in concatenation (.) or string at /usr/sbin/spamd line 2111, line 2. spamd[4943]: Can't exec "/bin/valias": No such file or directory at /usr/sbin/spamd line 2111, line 2. spamd[4943]: Use of uninitialized value $dir in scalar chomp at /usr/sbin/spamd line 2118, line 2. the problem is in the subroutine handle_user_set_user_prefs. The working solution is to check if exist $dir variable: --- spamd.orig 2008-05-14 03:58:52.0 +0200 +++ spamd 2008-05-28 12:28:53.0 +0200 @@ -2099,6 +2099,7 @@ sub handle_user_set_user_prefs { my ($dir, $username) = @_; +if (defined $dir) {#+20080318 <[EMAIL PROTECTED]> # If vpopmail config enabled then set $dir to virtual homedir # if ( $opt{'vpopmail'} ) { @@ -2117,6 +2118,7 @@ } chomp($dir); } +} # don't do this if we weren't passed a directory if ($dir) { I hope this is usefull. Thank you, Guido Bozzetto. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (460, 'stable'), (450, 'stable'), (440, 'proposed-updates'), (20, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages spamassassin depends on: ii libdigest-sha1-perl 2.11-2+b1 NIST SHA-1 message digest algorith ii libhtml-parser-perl 3.56-1+b1 A collection of modules that parse ii libnet-dns-perl 0.63-1+b1 Perform DNS queries from a Perl sc ii libsocket6-perl 0.20-1 Perl extensions for IPv6 ii libsys-hostname-long-perl 1.4-2 Figure out the long (fully-qualifi ii libwww-perl 5.812-1WWW client/server library for Perl ii perl 5.10.0-10 Larry Wall's Practical Extraction ii perl-modules [libarchive-tar- 5.10.0-10 Core Perl modules Versions of packages spamassassin recommends: ii gcc 4:4.2.2-2 The GNU C compiler ii gnupg 1.4.6-2.2 GNU privacy guard - a free PGP rep ii libc6-dev 2.7-10 GNU C Library: Development Librari ii libmail-spf-perl 2.005-1Perl implementation of Sender Poli ii libsys-syslog-perl0.24-1+b1 Perl interface to the UNIX syslog( ii make 3.81-4 The GNU version of the "make" util ii re2c 0.13.3-1 tool for generating fast C-based r ii spamc 3.2.4-2Client for SpamAssassin spam filte -- debconf information: spamassassin/upgrade/2.40: spamassassin/upgrade/2.40w: spamassassin/upgrade/cancel: Continue spamassassin/upgrade/2.42m: No spamassassin/upgrade/2.42u: No --- spamd.orig 2008-05-14 03:58:52.0 +0200 +++ spamd 2008-05-28 12:28:53.0 +0200 @@ -2099,6 +2099,7 @@ sub handle_user_set_user_prefs { my ($dir, $username) = @_; +if (defined $dir) { #+20080318 <[EMAIL PROTECTED]> # If vpopmail config enabled then set $dir to virtual homedir # if ( $opt{'vpopmail'} ) { @@ -2117,6 +2118,7 @@ } chomp($dir); } +} # don't do this if we weren't passed a directory if ($dir) {
Bug#475729: p3scan crash with "nor a good viruscode, but 2"
The simple working solution is to set the sticky bit for the group to directory: /var/spool/p3scan/children ~# chmod g+s /var/spool/p3scan/children My system: ~# id clamav uid=101(clamav) gid=105(clamav) gruppi=105(clamav),106(p3scan) ~# dpkg -l clamav p3scan clamav 0.92.1~dfsg2-1.1 p3scan 2:2.3.2-3 Thanks, Guido Bozzetto. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#475983: [Pkg-aide-maintainers] Bug#475983: Suggestion: bind9 chroot rule
On domenica 04 maggio 2008, alle 09:38, Marc Haber wrote: > tags #475983 wontfix > thanks > > On Mon, Apr 14, 2008 at 11:06:14AM +0200, Guido Bozzetto wrote: > > I suggest the following changes to the rule 31_aide_bind9 to > > automatically create the correct rules with bind9 running into a chroot > > environment. ... > > correctly initialize the aide's BINDCHROOT variable: > I currently think that this is driving the magic "too far". If one > decides to run bind chrooted, that one should also be able to modify > the aide rules themselves. OK, it's clear. I think is usefull to insert something like example: - directly in commented lines into 31_aide_bind9: #! /bin/bash # # # Automagically extract chroot directory # . /etc/default/bind9 # set $OPTIONS # for i in $@;do # if [ "$1" == "-t" ] # then echo "@@define BINDCHROOT $2"; break # else shift # fi # done # # Or manually set chroot directory # # BINDCHROOT=/var/cache/bind cat << !EOF @@ifdef BINDCHROOT @@{BINDCHROOT}/dev/log$ LowLogs @@{BINDCHROOT}/dev VarDir @@endif @@{BINDCHROOT}/var/cache/bind VarFile @@{BINDCHROOT}/var/log/bind/queries\.log$ Logs @@{BINDCHROOT}/var/log/bind/queries\.log\.0$ LoSerMemberLog @@{BINDCHROOT}/var/log/bind/queries\.log\.[1-8]$ SerMemberLog @@{BINDCHROOT}/var/log/bind/queries\.log\.9$ HiSerMemberLog @@{BINDCHROOT}/var/log/bind VarDir @@{BINDCHROOT}/var/run/bind/run/named\.pid$ VarFile @@{BINDCHROOT}/var/run/bind/run$ VarDir !EOF - Surely is better to divide the proposed 31_aide_bind9 script in 2 parts like inn2 (cfr.: 30_inn2_vars and 31_aide_inn2) so the commented part is the 30_bind9_vars script - Introduce /usr/share/doc/aide-common/examples/30_bind9_vars: #! /bin/bash # # Initilize BINDCHROOT variable for 31_aide_bind9 while bind9 run # in a chroot environment. # # Automagically extract chroot directory . /etc/default/bind9 set $OPTIONS for i in $@;do if [ "$1" == "-t" ] then echo "@@define BINDCHROOT $2"; break else shift fi done # # Manually set chroot directory #BINDCHROOT=/var/cache/bind In the aide 0.13.1-10 about the rule 31_aide_bind9 I thing that: - is misleading the name "BINDCHROOT", if initalized with the chroot dir of bind9 don't work correctly. If is not defined BINDCHROOT the rule 31_aide_bind9 work correctly and so is useless the @@define BINDCHROOT /var assignment. See the first example in the mail. - the named.pid file is in /var/run/bind/run and not in the /var/run/bind directory. See the binary named: ~# strings /usr/sbin/named|grep named\.pid /var/run/bind/run/named.pid - in the /etc/bind9/named.conf.options installation file of bind9 there is the directive directory "/var/cache/bind"; so is usefull to introduce: @@{BINDCHROOT}/cache/bind VarFile (I think is better: @@{BINDCHROOT}/var/cache/bind VarFile) I hope that is usefull, thank you for your attention. Guido Bozzetto. -- Guido Bozzetto - Systems & Network Administrator - CCDA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#475983: Suggestion: bind9 chroot rule
Package: aide Version: 0.13.1-9 Severity: wishlist Tags: patch I suggest the following changes to the rule 31_aide_bind9 to automatically create the correct rules with bind9 running into a chroot environment. I suppose that the changes to bind9 standard installation are into /etc/default/bind9: at the variable OPTIONS is added "-t " to permit the use of a previously created chroot environment for bind in the directory. The following aide's rule automatically extract the chroot directory, if bind start with "-t" option, and correctly initialize the aide's BINDCHROOT variable: #! /bin/bash . /etc/default/bind9 set $OPTIONS for i in $@;do if [ "$1" == "-t" ]; then echo "@@define BINDCHROOT $2" break else shift fi done cat << !EOF @@ifdef BINDCHROOT @@{BINDCHROOT}/dev/log$ LowLogs @@{BINDCHROOT}/dev VarDir @@endif @@{BINDCHROOT}/var/cache/bind VarFile @@{BINDCHROOT}/var/log/bind/queries\.log$ Logs @@{BINDCHROOT}/var/log/bind/queries\.log\.[0-8]$ RotatedLogs @@{BINDCHROOT}/var/log/bind/queries\.log\.9$ RotatedLogs+ARF @@{BINDCHROOT}/var/log/bind VarDir @@{BINDCHROOT}/var/run/bind/run/named\.pid$ VarFile @@{BINDCHROOT}/var/run/bind/run$ VarDir !EOF The changed /etc/default/bind9 is: OPTIONS="-u bind" # Set RESOLVCONF=no to not run resolvconf RESOLVCONF=yes OPTIONS="$OPTIONS -t $(grep ^bind: /etc/passwd|cut -f6 -d:)" The important configuration directives in ~bind/etc/bind/named.conf are: options { directory "/var/cache/bind"; }; # logging { # channel "file-queries" { # file "/var/log/bind/queries.log" versions 5 size 256m; # }; # category "queries" { # "file-queries"; # }; # }; Thank you for your attention, Guido Bozzetto. -- System Information: Debian Release: lenny/sid APT prefers stable APT policy: (560, 'stable'), (545, 'proposed-updates'), (540, 'stable'), (460, 'testing'), (445, 'testing-proposed-updates'), (440, 'testing'), (20, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages aide depends on: ii aide-common0.13.1-9 Advanced Intrusion Detection Envir ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-2 A simple mail user agent ii liblockfile1 1.06.1NFS-safe locking library, includes ii mailx 1:20071201-2 Transitional package for mailx ren ii ucf3.006 Update Configuration File: preserv Versions of packages aide recommends: ii cron 3.0pl1-100 management of regular background p -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#464503: linux-image-2.6.24-1-amd64: Hangs on boot with SCSI/blkdev probing "comm: scsi_scan_0"
On domenica 10 febbraio 2008, alle 22:33, maximilian attems wrote: > > http://charm.itp.tuwien.ac.at/~mattems/git15/ > currently building git22, let me know on aboves. OK, now the system boot correctly with: http://charm.itp.tuwien.ac.at/~mattems/git15/linux-image-2.6.24-trunk-amd64_2.6.24-trunk1_i386.deb astro:~$ uname -a Linux astro 2.6.24-trunk-amd64 #1 SMP Fri Feb 8 15:55:21 CET 2008 x86_64 GNU/Linux astro:~$ uptime 11:01:48 up 8 min, 2 users, load average: 0.14, 0.33, 0.26 Thank you, Guido Bozzetto. -- Guido Bozzetto - Systems & Network Administrator - CCDA GTN S.P.A. - Viale Tricesimo 181 - I-33100 Udine (UD) - Italy http://www.gtngroup.it/ - Ph./Fax: +39 0432 499311/45366 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#464503: linux-image-2.6.24-1-amd64: Hangs on boot with SCSI/blkdev probing "comm: scsi_scan_0"
On giovedì 07 febbraio 2008, alle 15:11, maximilian attems wrote: > On Thu, Feb 07, 2008 at 03:05:35PM +0100, Guido Bozzetto wrote: > > linux-image-2.6.24-trunk-amd64_2.6.24-trunk1~snapshot.10302_i386.deb > > thanks for your quick tests, have git15 build from yesterday > http://photon.itp.tuwien.ac.at/~mattems/linux-image-2.6.24-trunk-amd64_2.6.24-trunk1_amd64.deb > check > http://photon.itp.tuwien.ac.at/~mattems/linux-image-2.6.24-trunk-amd64_2.6.24-trunk1_amd64.deb.sha1sum > > that is fixed in newer linus, so please give aboves a shot, > too bad kernel buildserver isn't up.. The sistem is i386 archicture and not amd64. Please can you make a _i386.deb ? Thank you, Guido Bozzetto. -- Guido Bozzetto - http://E-Company.it/gb/ GTN S.P.A. - http://www.gtngroup.it/ Viale Tricesimo 181 - Ph.: +39 0432 499311 I-33100 Udine (UD) - Fax: +39 0432 45366 Italy - Systems & Network Administrator - CCDA Key fingerprint = 4C26 1DE5 78BD 7ACB FBD2 DB50 740D D6E3 BFF3 B080 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#464503: linux-image-2.6.24-1-amd64: Hangs on boot with SCSI/blkdev probing "comm: scsi_scan_0"
On giovedì 07 febbraio 2008, alle 14:40, maximilian attems wrote: > [ please keep bug report on cc, cool thanks :) ] > > On Thu, Feb 07, 2008 at 02:16:44PM +0100, Guido Bozzetto wrote: > > On giovedì 07 febbraio 2008, alle 11:16, maximilian attems wrote: > [..] > > > can you please try? > > > linux-image-2.6.24-1-amd64 2.6.24-3 > > > > The problem is the same :-( > > you please just try out latest 2.6.24-trunk-amd64 > that has latest linus git10 or such. > http://kernel-archive.buildserver.net/pool/main/l/linux-2.6/linux-image-2.6.24-trunk-amd64_2.6.24-trunk1~snapshot.10365_amd64.deb I tested the last for i386 arch: linux-image-2.6.24-trunk-amd64_2.6.24-trunk1~snapshot.10302_i386.deb Don't boot, the system write on console: kernel BUG at drivers/ide/ide-cd.c:1726! invalid opcopde: [1]SMP CPU 1 Modules linked in: ide_cd cdrom ata_generic libata generic usbhid hid sg sd_mod piix ips scsi_mod ide_core floppy ehci_hcd tg3 uhci_hcd thermal processor fan Pid: 0, comm: swapper Not tainted 2.6.24-trunk-amd64 #1 RIP: 0010:... Guido Bozzetto. -- Guido Bozzetto - http://E-Company.it/gb/ GTN S.P.A. - http://www.gtngroup.it/ Viale Tricesimo 181 - Ph.: +39 0432 499311 I-33100 Udine (UD) - Fax: +39 0432 45366 Italy - Systems & Network Administrator - CCDA Key fingerprint = 4C26 1DE5 78BD 7ACB FBD2 DB50 740D D6E3 BFF3 B080 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#464503: linux-image-2.6.24-1-amd64: Hangs on boot with SCSI/blkdev probing "comm: scsi_scan_0"
Package: linux-image-2.6.24-1-amd64 Version: 2.6.24-2 Severity: important The system boot correctly with: linux-image-2.6.22-3-amd64 2.6.22-6 linux-image-2.6.24-1-686 2.6.24-2 while with: linux-image-2.6.24-1-amd64 2.6.24-2 the system don't boot with registers dump. The system have e IBM ServerRaid 7k with BIOS/Firmware Version 7.12.02: scsi0 : IBM PCI ServeRAID 7.12.05 Build 761 sd 0:0:0:0: [sda] 72744960 512-byte hardware sectors (37245 MB) sd 0:0:0:0: [sda] Assuming Write Enabled sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] 72744960 512-byte hardware sectors (37245 MB) sd 0:0:0:0: [sda] Assuming Write Enabled sd 0:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sda2 sda3 sda4 < sda5 sda6 sda7 sda8 sda9 sda10 sda11 sda12 sda13 sda14 > sd 0:0:0:0: [sda] Attached SCSI disk sd 0:0:1:0: [sdb] 500748288 512-byte hardware sectors (256383 MB) sd 0:0:1:0: [sdb] Assuming Write Enabled sd 0:0:1:0: [sdb] Assuming drive cache: write through sd 0:0:1:0: [sdb] 500748288 512-byte hardware sectors (256383 MB) sd 0:0:1:0: [sdb] Assuming Write Enabled sd 0:0:1:0: [sdb] Assuming drive cache: write through sdb: sdb1 sdb2 sdb3 sdb4 < sdb5 sdb6 sdb7 sdb8 sdb9 sdb10 sdb11 sdb12 sdb13 sdb14 sdb15 > sd 0:0:1:0: [sdb] Attached SCSI disk The message, after the registers dump, is about the following: Modules linked in: generic usbhid hid ips floppy scsi_mod piix ide_core ehci_hcd uhci_hcd tg3 thermal processor fan Pid: 964, comm: scsi_scan_0 Not tainted 2.6.24-1-amd64 #1 RIP: Thank you for your attention, Guido Bozzetto. -- Package-specific info: ** Version: Linux version 2.6.24-1-686 (Debian 2.6.24-2) ([EMAIL PROTECTED]) (gcc version 4.1.3 20080114 (prerelease) (Debian 4.1.2-19)) #1 SMP Thu Jan 31 20:35:50 UTC 2008 ** Command line: auto BOOT_IMAGE=Linux-686 ro root=802 ** Not tainted ** Kernel log: ** Loaded modules: Module Size Used by nfsd 203984 13 auth_rpcgss39744 1 nfsd exportfs4736 1 nfsd ppdev 8804 0 parport_pc 33668 0 lp 11076 0 parport34280 3 ppdev,parport_pc,lp autofs420644 5 nfs 228168 1 lockd 60744 3 nfsd,nfs nfs_acl 3520 2 nfsd,nfs sunrpc170780 14 nfsd,auth_rpcgss,nfs,lockd,nfs_acl ipt_MASQUERADE 3776 1 ipt_REDIRECT2080 10 ipt_owner 1984 4 ipt_REJECT 4480 3 ipt_LOG 5952 42 xt_limit2656 29 nf_nat_ftp 3296 0 nf_conntrack_ftp8896 1 nf_nat_ftp xt_state2464 132 xt_tcpudp 3136 419 iptable_mangle 2784 0 iptable_filter 2976 1 iptable_nat 6916 1 ip_tables 13188 3 iptable_mangle,iptable_filter,iptable_nat nf_nat 18316 4 ipt_MASQUERADE,ipt_REDIRECT,nf_nat_ftp,iptable_nat x_tables 14244 10 ipt_MASQUERADE,ipt_REDIRECT,ipt_owner,ipt_REJECT,ipt_LOG,xt_limit,xt_state,xt_tcpudp,iptable_nat,ip_tables nf_conntrack_ipv4 17352 134 iptable_nat nf_conntrack 62240 7 ipt_MASQUERADE,nf_nat_ftp,nf_conntrack_ftp,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4 ipv6 240772 44 quota_v28992 6 reiserfs 210976 1 ext2 65608 2 dm_snapshot16964 0 dm_mirror 21600 0 dm_mod 55812 2 dm_snapshot,dm_mirror pcspkr 3200 0 rtc13052 0 serio_raw 6660 0 psmouse36464 0 button 8432 0 i2c_i8019232 0 i2c_core 22432 1 i2c_i801 iTCO_wdt 11268 0 e752x_edac 11304 0 edac_core 42060 1 e752x_edac shpchp 31028 0 pci_hotplug27712 1 shpchp evdev 11104 0 ext3 122920 21 jbd43732 1 ext3 mbcache 8288 2 ext2,ext3 sd_mod 27104 27 sg 33264 0 ide_cd 36224 0 cdrom 32512 1 ide_cd ata_generic 7428 0 usbhid 28096 0 libata144464 1 ata_generic hid34272 1 usbhid generic 4388 0 [permanent] floppy 54628 0 ips40892 25 scsi_mod 141196 4 sd_mod,sg,libata,ips ehci_hcd 32524 0 uhci_hcd 23376 0 piix7492 0 [permanent] ide_core 108292 3 ide_cd,generic,piix usbcore 132940 4 usbhid,ehci_hcd,uhci_hcd tg388964 0 thermal16028 0 processor 36520 1 thermal fan 4772 0 ** PCI devi
Bug#462060: fail2ban: log dropped packets with netfilter
Package: fail2ban Version: 0.8.1-3 Severity: wishlist Tags: patch The iptables actions don't log the dropped packets. It is important to know the dropped packets. To log packets without adding to iptables new matches I added a new chain that log the packets before discarding them. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python2.4.4-6An interactive high-level object-o ii python-central0.5.15-0.1 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables1.3.8.0debian1-1 administration tools for packet fi -- no debconf information iptables-logmultiport.local Description: application/not-regular-file
Bug#461890: ipmasq: integration with portsentry
Package: ipmasq Version: 4.0.8-4 Severity: wishlist Tags: patch With portsentry package installed and with portsentry daemon running with ipfwadm/ipchains/iptables KILL_ROUTE commands if you restart ipmasq the rules created by portsentry are dropped without update the blocked IP list. The attached file (ipmasq rule) solve the problem. Thank you, Guido Bozzetto. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages ipmasq depends on: ii debconf [debconf-2.0] 1.5.18 Debian configuration management sy ii iptables1.3.8.0debian1-1 administration tools for packet fi ipmasq recommends no packages. -- debconf information: ipmasq/external-rules-moved: true * ipmasq/start-location: After network interfaces are brought up ipmasq/dpkg-conffiles: * ipmasq/ppp-turn-off: ipmasq/old-ipmasq.conf: true ipmasq/old-rc.boot-file: true * ipmasq/start: true ipmasq/ppp-turn-on: ipmasq/move-ipmasq.rules: true * ipmasq/ppp-recompute: true ZZZzzz|portsentry.rul Description: application/not-regular-file
Bug#461861: ipmasq: rule to work with ipac or ipac-ng packages
Package: ipmasq Version: 4.0.8-4 Severity: wishlist Tags: patch The example rule to make ipmasq working with IP-ACcountig, ipac or ipac-ng, is dated. In attachment there is the updated solution. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages ipmasq depends on: ii debconf [debconf-2.0] 1.5.18 Debian configuration management sy ii iptables1.3.8.0debian1-1 administration tools for packet fi ipmasq recommends no packages. -- debconf information: ipmasq/external-rules-moved: true * ipmasq/start-location: After network interfaces are brought up ipmasq/dpkg-conffiles: * ipmasq/ppp-turn-off: ipmasq/old-ipmasq.conf: true ipmasq/old-rc.boot-file: true * ipmasq/start: true ipmasq/ppp-turn-on: ipmasq/move-ipmasq.rules: true * ipmasq/ppp-recompute: true ZZZzzz|ipac-ng.rul Description: application/shellscript
Bug#461426: fail2ban: xinetd FAIL
Package: fail2ban Version: 0.8.1-3 Severity: wishlist The xinetd daemon recognize some wrong conditions: - deny_from and only_from directives to limit source IP - tcp wrappers limitations so is simply to recognize attacks on the host. The attached files are: jail.local= jail configuration xinetd-fail.local = the filter file: match the FAIL status iptables-nat-logdropall.local = the action file: LOG and DROP anything from the bad IP in the PREROUTING chain of the nat table. Is simple to block anything with raw table so also the tracked connections are dropped. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python2.4.4-6An interactive high-level object-o ii python-central0.5.15 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables1.3.8.0debian1-1 administration tools for packet fi -- no debconf information [xinetd-fail] enabled = true filter= xinetd-fail port = all banaction = iptables-nat-logdropall logpath = /var/log/daemon.log maxretry = 1 # /etc/fail2ban/filter.d/xinetd.local [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P\S+) # Values: TEXT # # Cfr.: /var/log/(daemon\.|sys)log # libwrap => tcp wrappers: hosts.(allow|deny) # address => xinetd: deny_from|only_from # load => xinetd: max_load (temporary problem) failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=$ xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = # fail2ban/action.d/iptables-nat-logdropall.local [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = /sbin/iptables -t nat -N fail2ban- /sbin/iptables -t nat -A fail2ban- -j LOG --log-prefix "$(expr fail2ban- : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 /sbin/iptables -t nat -A fail2ban- -j DROP # Option: actionend # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = /sbin/iptables -t nat -F fail2ban- /sbin/iptables -t nat -X fail2ban- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = /sbin/iptables -t nat -n -L fail2ban- >/dev/null # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: IP address #number of failures #unix timestamp of the ban time # Values: CMD # actionban = /sbin/iptables -t nat -I PREROUTING 1 -s -j fail2ban- # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: IP address #number of failures #unix timestamp of the ban time # Values: CMD # actionunban = /sbin/iptables -t nat -D PREROUTING -s -j fail2ban- [Init] # Defaut name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: # port = anyport # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = all
Bug#461417: fail2ban: integration with ipmasq
Package: fail2ban Version: 0.8.1-3 Severity: normal Tags: patch The ipmasq package can destroy all the chains. When shutdown ipmasq the netfilter rules are dropped. The proposed rule for ipmasq restart fail2ban when the ipmasq start if the fail2ban is running. The rule is a file named" /etc/ipmasq/rules/ZZZzzz|fail2ban.rul". -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python2.4.4-6An interactive high-level object-o ii python-central0.5.15 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables1.3.8.0debian1-1 administration tools for packet fi -- no debconf information ZZZzzz|fail2ban.rul Description: application/not-regular-file
Bug#461412: fail2ban: proftpd filter wrong failregex.
Package: fail2ban Version: 0.8.1-3 Severity: normal Tags: patch The failregex don't match the incorrect password event ": USER ... (Login failed)". Also the failregex don't math the root login attempts "SECURITY VIOLATION". I also added a general proftpd's authentication error "Maximum login attempts". I suggest the following failregex for the rule /etc/fail2ban/filter.d/proftpd.conf: failregex = \(\S+\[\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ \(\S+\[\]\): USER \S+ \(Login failed\): Incorrect password\.$ \(\S+\[\]\): SECURITY VIOLATION: \S+ login attempted\.$ \(\S+\[\]\): Maximum login attempts \(\d+\) exceeded$ -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python2.4.4-6An interactive high-level object-o ii python-central0.5.15 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables1.3.8.0debian1-1 administration tools for packet fi -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#438580: ipmasq: Whishlist A03flush.def delete user-defined chains
Package: ipmasq Version: 4.0.8-4 Followup-For: Bug #438580 The proposed scripts for netfilter: /etc/ipmasq/rules/A03flush.rul /etc/ipmasq/ipmasq-down/A03flush.rul are wrong in the sense that flush and set default policy on all available tables and not only on kernel's loaded tables. The side effect of this is that if a table are unused, for example "raw", then the relative kernel module is loaded also if useless. The lines: ls -1 /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/iptable_*.ko | sed -n -e 's,^.*/iptable_\([^/]\+\)\.ko$,\1,p' are wrong, the correct form is: lsmod | sed -n -e '/^iptable_/s,^iptable_\(\S\+\)\>.*,\1,p' To better understand my whishlist I attach the two proposed scripts for ipmasq start and stop (only netfilter section): /etc/ipmasq/rules/A03flush.rul: #: Flush all and set default policy of deny. case $MASQMETHOD in netfilter) for table in $( lsmod | sed -n -e '/^iptable_/s,^iptable_\(\S\+\)\>.*,\1,p' ) do unset userchain for chain_polref in $( iptables -t $table -nL | sed -n '/^Chain \S\+ (/s/^Chain \(\S\+\) (\(\S\+\) .*/\1:\2/p' ) do chain="${chain_polref%:*}" if [ "${chain_polref##*:}" == "policy" ];then if [ "$table" == filter ] then $IPTABLES -t $table -P $chain DROP else $IPTABLES -t $table -P $chain ACCEPT fi $IPTABLES -t $table -F $chain else $IPTABLES -t $table -F $chain userchain="$chain $userchain" fi done for chain in $userchain ; do $IPTABLES -t $table -X $chain 2>/dev/null || echo "Error: deleting user-defined chain $chain on table $table" >&2 done done ;; esac /etc/ipmasq/ipmasq-down/A03flush.rul: #: Flush all and set default policy of deny on forward, and accept input #: and output. case $MASQMETHOD in netfilter) for table in $( lsmod | sed -n -e '/^iptable_/s,^iptable_\(\S\+\)\>.*,\1,p' ) do unset userchain for chain_polref in $( iptables -t $table -nL | sed -n '/^Chain \S\+ (/s/^Chain \(\S\+\) (\(\S\+\) .*/\1:\2/p' ) do chain="${chain_polref%:*}" if [ "${chain_polref##*:}" == "policy" ];then if [ "$table" == filter ] && [ $chain == FORWARD ] then $IPTABLES -t $table -P $chain DROP else $IPTABLES -t $table -P $chain ACCEPT fi $IPTABLES -t $table -F $chain else $IPTABLES -t $table -F $chain userchain="$chain $userchain" fi done for chain in $userchain ; do $IPTABLES -t $table -X $chain 2>/dev/null || echo "Error: deleting user-defined chain $chain on table $table" >&2 done done ;; esac -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (550, 'testing'), (540, 'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Shell: /bin/sh linked to /bin/bash Versions of packages ipmasq depends on: ii debconf [debconf-2.0] 1.5.16 Debian configuration management sy ii iptables1.3.8.0debian1-1 administration tools for packet fi ipmasq recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#451093: fail2ban: SSH refused connect from @::ffff:X.Y.Z.W
Package: fail2ban Version: 0.8.1-2 Severity: wishlist The filters: /etc/fail2ban/filter.d/sshd.conf /etc/fail2ban/filter.d/sshd-ddos.conf don't trigger the IP addresses blocked by the /etc/hosts.deny file. I think is desirable that fail2ban identify these attempts. I've added the following line to sshd.conf failregex = refused connect from \s that correctly work with: Nov 13 03:42:11 Server sshd[4240]: refused connect from :::210.21.243.47 (:::210.21.243.47) but don't work with the following line, from my auth.log: Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@:::218.249.210.161 (:::218.249.210.161) the error on fail2ban.log file is: 2007-11-12 14:16:33,923 fail2ban.filter : WARNING Unable to find a corresponding IP address for _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@:::218.249.210.161 I think that "" macro on filters is bad. I also tried with "" but without any success. My configuration files are: jail.local: [ssh] maxretry = 2 protocol = tcp sshd.local: [Definition] failregex = (?:error: PAM: )?Authentication failure for .* from \s*$ Failed [-/\w]+ for .* from (?: port \d*)?(?: ssh\d*)?\s*$ ROOT LOGIN REFUSED.* FROM \s*$ [iI](?:llegal|nvalid) user .* from \s*$ User .+ from not allowed because not listed in AllowUsers\s*$ User .+ from not allowed because none of user's groups are listed in AllowGroups\s*$ refused connect from \s ignoreregex = Thank you for your attention and thank you for package maintaining. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii iptables1.3.8.0debian1-1 administration tools for packet fi ii lsb-base3.1-24 Linux Standard Base 3.1 init scrip ii python 2.4.4-6 An interactive high-level object-o ii python-central 0.5.15 register and build utility for Pyt fail2ban recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#420958: ipac-ng: Couldn't load match ... undefined symbol: parse_port
Package: ipac-ng Version: 1.31-4+b1 Followup-For: Bug #420958 I confirm that also on unstable package there is the problem with UDP or TCP protocol specification. Correctly work the following: Incoming Total System|ipac~o|eth0|all ICMP Incoming Total System|ipac~o|eth0|icmp while don't work: TCP Incoming Total System|ipac~o|eth0|tcp UDP Incoming Total System|ipac~o|eth0|udp with the message: # /etc/init.d/ipac-ng start Starting IP Accounting: Couldn't load match `tcp':/lib/iptables/libipt_tcp.so: undefined symbol: parse_port or Starting IP Accounting: Couldn't load match `udp':/lib/iptables/libipt_udp.so: undefined symbol: parse_port Thank you for attention. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (550, 'testing'), (540, 'testing-proposed-updates'), (250, 'stable'), (240, 'proposed-updates'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-686 (SMP w/1 CPU core) Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages ipac-ng depends on: ii cron3.0pl1-100 management of regular background p ii iptables1.3.6.0debian1-5 administration tools for packet fi ii libc6 2.6-2GNU C Library: Shared libraries ii libgdbm31.8.3-3 GNU dbm database routines (runtime ii libpq5 8.2.4-2 PostgreSQL C client library ii libsqlite0 2.8.17-2 SQLite shared library ii netbase 4.29 Basic TCP/IP networking system ii perl5.8.8-7 Larry Wall's Practical Extraction Versions of packages ipac-ng recommends: ii libgd-gd2-perl1:2.34-1 Perl module wrapper for libgd - gd -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#363391: fail2ban: LC_ALL temporary solution
Package: fail2ban Version: 0.6.1-1 Followup-For: Bug #363391 A working solution is to add LC_ALL=C to /etc/default/fail2ban configuration file: echo "LC_ALL=C" >> /etc/default/fail2ban -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (150, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.15-1-686-smp Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1) (ignored: LC_ALL set to it_IT) Versions of packages fail2ban depends on: ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis ii python2.3.5-2An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327344: ipac-ng: Error in config file near line 8: syntax error
Package: ipac-ng Version: 1.31-1 Severity: important The configuration files supplied with the package are wrong. At the startup and every 10 minutes there is the following message: admin:~# /etc/init.d/ipac-ng start Starting IP Accounting: Error in config file near line 8: syntax error admin:~# /usr/bin/nice /usr/sbin/fetchipac Error in config file near line 8: syntax error The directive "classic mode =" is now obsolete and should not be in the ipac.conf file because version 1.31 only supports classic mode. The syntax of rules.conf file also is changed and now there is a called field "extension". The attachments are the sample configuration files from source with storage changed from PostgreSQL to Files (that is not recommended !!!). -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ipac-ng depends on: ii cron 3.0pl1-91 management of regular background p ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis ii libc6 2.3.5-6GNU C Library: Shared libraries an ii libgdbm3 1.8.3-2GNU dbm database routines (runtime ii netbase 4.21 Basic TCP/IP networking system ii perl 5.8.7-3Larry Wall's Practical Extraction Versions of packages ipac-ng recommends: ii libgd-perl1.41-13Perl module wrapper for libgd -- no debconf information # This is the main ipac-ng configuration file. It contains the # configuration directives that give the ipac-ng its instructions. # Install as /etc/ipac-ng/ipac.conf ## accouting agent. iptables and ipchains available now. account agent = iptables ## storage. gdbm, postgre and files supported. (files is not recommended) #=20050909 <[EMAIL PROTECTED]> storage = postgre #=20050909 <[EMAIL PROTECTED]> storage = gdbm storage = plain-file ## rules file rules file = /etc/ipac-ng/rules.conf # dont store lines contains only zeroes to speedup processing and to save space drop zero lines = yes ## This parameters controls database location ## 'db host', 'db port' can be left blank for a local database ## as now, both databasess (access and storage) configured by these parameters #db host = localhost #db port = 5432 ## ATTENTION: no underscore '_' in the following parameters allowed! db name = ipac db user = ipac db pass = "" # Example config file with accounting rules for iptables # Install as /etc/ipac-ng/rules.conf # # Format: # Name of rule|direction|interface|protocol|source|destination|extension| # WARNING spaces are not allowed before and after '|'. # # where # Name of rule Any string to identify this rule # direction ipac~fi - forward in # ipac~fo - forward out # ipac~i - outgoing from machine with ipac-ng to other host(/net) # (or incoming to otherhost) # ipac~o - incoming to machine with ipac-ng # (or outgoing from otherhost) # # interface interface name, '+' means all interfaces (dont try to use ip numbers here!) # protocol tcp | udp | icmp | all # source\ # destination both as described in ipfwadm(8), or empty # # #W A R N I N G ! ! ! # # Don't use symbols other than '0-9A-z[space]' in rules names. You may encounter # some strange troubles. Incoming Total System|ipac~o|eth0|all Incoming Total System|ipac~fi|eth0|all Outgoing Total System|ipac~i|eth0|all Outgoing Total System|ipac~fo|eth0|all