Bug#1071157: www.debian.org: securing debian manual: broken links
Package: www.debian.org Severity: minor X-Debbugs-Cc: debian-b...@henk.geekmail.org Dear Maintainer, * What led up to the situation? Collecting information on SysRq. Followed by trying to find information how to report issues with the documentation. * What was the outcome of this action? For both tasks: stumble over broken links. * What outcome did you expect instead? Working links. https://www.debian.org/doc/manuals/securing-debian-manual/restrict-sysrq.en.html has the following text: »For more information, read security chapter in the Remote Serial Console HOWTO, Kernel SysRQ documentation. and the Magic_SysRq_key wikipedia entry.« The link to the »Kernel SysRQ documentation« is broken and leads to https://kernel.org/doc/Documentation/sysrq.txt correct link would probably be https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html https://www.debian.org/doc/manuals/securing-debian-manual/changelog.en.html has the following text: »You can download or view the latest version of the Securing Debian Manual from the Debian Documentation Project.« The link to »Debian Documentation Project« leads to https://www.debian.org/doc/manuals/securing-debian-howto/ which shows »Page not found« and should maybe instead lead to https://www.debian.org/doc/ddp. It looks like there are possibly more broken links, among other to alioth.debian.org. So generally it might be a good idea to regularly run a broken link checker over all docs. Thanks!
Bug#1070744: /usr/bin/puppet: puts non-regeneratable data in /var/cache
Package: puppet-agent Version: 7.23.0-1 Severity: minor File: /usr/bin/puppet X-Debbugs-Cc: debian-b...@henk.geekmail.org Dear Maintainer, * What led up to the situation? I was trying to build an exclude list for my backups and went through the content of my filesystems. * What was the outcome of this action? I noticed that there are reports of puppet runs in /var/cache/puppet/reports. * What outcome did you expect instead? I did expect all data in /var/cache and its subdirectories to be regeneratable and not contain any information one might want to backup. According to the FHS in https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05. > /var/cache is intended for cached data from applications. Such data is > locally generated as a result of time-consuming I/O or calculation. The > application must be able to regenerate or restore the data. This is not the case for reports: Puppet can not regenerate the report for a specific run. Also "cache" usually refers to data that will be reused which is not the case for these reports. /var/log seems a better fit for those. In my concrete case, it seems suboptimal that these reports are in a directory that I would like to exclude from backups because it should not contain anything worth backing up anyway as all data in there is supposed to be regeneratable and these reports clearly are not. Under the "Rationale" this use case is even mentioned explicitly: > The existence of a separate directory for cached data allows system > administrators to set different disk and backup policies from other > directories in /var. The argument has been made on IRC that usually reports are not stored locally anyway, but it seemed implied that the server would also store the reports in a directory named "cache", but outside the FHS in /opt/puppetlabs/puppet/cache/reports in the case of a non-debian installation. I have no puppetserver installation with debian on hand, so I don’t know how the debian package would behave. Another argument has been made that the reports are stored in puppetdb and the reports are thus only stored temporarily as files on a disk. IMHO that still wouldn’t make them "cache" data. "temporary" data maybe, so in that case they should probably go to /var/tmp or /tmp. Or, as https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s14.html mentions: > /var/spool contains data which is awaiting some kind of later processing. > Data in /var/spool represents work to be done in the future (by a program, > user, or administrator); often data is deleted after it has been processed. Both of these arguments are kind of OK for a certain set of circumstances but not everybody is running a puppetdb or even a puppetserver. I am running puppet standalone, i.e. with `puppet apply`, so the reports will not be transferred to the server and will not be consumed into/by puppetdb. In any case, treating reports as "cached" data seems quite clearly wrong. In the case of standalone puppet (i.e. `puppet apply`) IMHO they are "logs" and should go to /var/log. In the case of a puppet-agent (i.e. a puppet client/agent connecting to a puppet server _without_ a puppetdb), they should probably not be saved on the client at all but if so, they are also "logs" IMHO and should be treated like mentioned above. On the server, they should also be treated like "logs" but not necessarily go to /var/log like machine-local log data. I don’t think I have a concrete sensible suggestion for this case. Maybe /var/lib. In the case of a puppetserver with a puppetdb, they should probably not be saved as files at all on the server. Unless they are sent directly to the puppetdb from the puppedserver, but consumed later, they are probably "spool" data. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (1, 'unstable'), (1, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-20-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages puppet-agent depends on: ii adduser3.134 ii debconf [debconf-2.0] 1.5.82 ii facter 4.3.0-2 ii hiera 3.10.0-1 ii init-system-helpers1.65.2 ii ruby 1:3.1 ii ruby-augeas1:0.5.0+gem-1 ii ruby-concurrent1.1.6+dfsg-5 ii ruby-deep-merge1.1.1-2 ii ruby-semantic-puppet 1.0.4-1 ii ruby-shadow2.5.1-1 ii ruby-sorted-set1.0.3-3 Versions of packages puppet-agent recommends: pn augeas-tools ii debconf-utils 1.5.82 ii lsb-release12.0-1 pn ruby-selinux Versions of packages puppet-agent suggests: pn hiera-eyaml pn puppet-module-puppetlabs-augeas-core
Bug#1055149: rng-utils-debian: logcheck rules do not use high-precision timeformat
Package: rng-utils-debian Version: rng-tools-debian Severity: minor X-Debbugs-Cc: debian-b...@henk.geekmail.org Dear Maintainer, I started seeing a lot of log messages from `rngd` in my logcheck reports. Checking on where that service comes from and whether I have configured anything about it, I noticed that it comes with a logcheck file in /etc/logcheck/ignore.d.server/rng-tools-debian That’s very nice! But the file is not up-to-date with the recent development of logs using high-precision timestamps as described in https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#rsyslog-timestamp-change-affects-logcheck The release notes also link to the solution. Thank you! Best regards henk -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (1, 'unstable'), (1, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled
Bug#1040636: Kernel bug
Hi Regarding the kernel bug: I found the following bug about this: https://bugs.archlinux.org/task/78908 which led me to: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=master=3e70489721b6c870252c9082c496703677240f53 Talking to people about it indicated that this bug is fixed in linux 6.1.43. It might be better to reassign this to the linux kernel package. Since this pretty much breaks a security relevant component in some scenarios and nftables is the default, I think severity should be raised to important. And it would be nice to get an updated kernel without this issue into stable. Cheers henk pgp9jw65qI30d.pgp Description: OpenPGP digital signature
Bug#1006921: apache2: security.conf can be improved
Hi I took your suggestions and prepared some merge requests. On Tue, 08 Mar 2022 03:10:00 -0600 Daniel Lewart wrote: > The attached patch improves security.conf (last updated Jun 24, 2015) > in the following ways: > * Change Subversion example to git and improve it I have changed the subversion example and added the same for git. https://salsa.debian.org/apache-team/apache2/-/merge_requests/29 > * Change obsolete X-Frame-Options to Content-Security-Policy https://salsa.debian.org/apache-team/apache2/-/merge_requests/30 I removed the link to the docs here and … > * Add reference URLs to comments … also here. IMHO these references should not be part of the config files because keeping them up to date will cause these files to change on production systems which is unnecessary noise. People can search the Web for these directives and mechanisms or refer to the official Apache HTTPd manual if they need to look something up. > * Change indentation from spaces to tabs Also a merge request: https://salsa.debian.org/apache-team/apache2/-/merge_requests/32 Related: uncommenting that example: https://salsa.debian.org/apache-team/apache2/-/merge_requests/33 I’m not really involved in packaging, just currently trying to improve the apache packaging (because I have other things to do but love Productive Procrastination), so I can’t promise that any of this will be merged … Thanks for your inputs, nevertheless! henk
Bug#1023810: acct: Initscript complains about non-existant /var/lock/subsys/
Package: acct Version: 6.6.4-4 Severity: normal X-Debbugs-Cc: debian-b...@henk.geekmail.org Dear Maintainer, * What led up to the situation? A mail from Anacron containing: /etc/cron.daily/acct: touch: cannot touch '/var/lock/subsys/acct': No such file or directory Running the initscript manually gives the same error. (Accounting needs to be enabled in /etc/default/acct or the error will not occur) * What exactly did you do (or not do) that was effective (or ineffective)? /var/lock/subsys/ does not exist on my sysvinit-based systems: # namei -l '/var/lock/subsys/acct' f: /var/lock/subsys/acct drwxr-xr-x root root / drwxr-xr-x root root var lrwxrwxrwx root root lock -> /run/lock drwxr-xr-x root root / drwxr-xr-x root root run drwxrwxrwt root root lock subsys - No such file or directory AFAIU this directory is created on systemd-based systems but does not seem to get created on sysvinit-based systems. Since it’s on a tmpfs, creating it manually would not help permanently: # df -h /var/lock/ Filesystem Size Used Avail Use% Mounted on tmpfs 5.0M 0 5.0M 0% /run/lock I don’t know where this directory is supposed to be coming from on sysvinit-based systems. Maybe the acct initscript should check whether it exists and create it if needed? Thanks Hendrik -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (1, 'unstable'), (1, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-15-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages acct depends on: ii init-system-helpers 1.60 ii libc62.31-13+deb11u3 ii lsb-base 11.1.0 acct recommends no packages. acct suggests no packages. -- no debconf information
Bug#919242: fails to start with apparmor enabled
Hi
I run into a similar problem running quassel-core with the provided
init-script as a system service.
Excerpts from the audit.log are attached.
The problem is first that the ssl keyfile in /etc/ssl/private/ can not
be read. After adding this line to
/etc/apparmor.d/local/usr.bin.quasselcore
a number of other files are becoming the issue.
Also the process cannot be handled by the init-script anymore because
it’s not allowed to receive signals, it seems.
I added the following lines the local apparmor profile before giving up:
/usr/bin/quasselcore {
#include
/etc/ssl/private/quassel.example.org.key r,
/lib/i386-linux-gnu/libdl-2.28.so rm,
/lib/i386-linux-gnu/libz.so.1.2.11 rm,
signal (receive),
}
I then decided to just disable the apparmor profile.
This profile is provided by the apparmor package, so I’m adding onto
this package.
As it seems to make the package unusable (or maybe just with sysvinit?)
this is IMHO not wishlist but at least serious.
Is this possibly related to and fixed by #940482?
Thanks!
Hendrik
type=AVC msg=audit(1619561765.074:5182): apparmor="DENIED" operation="open" profile="/usr/bin/quasselcore" name="/etc/ssl/private/quassel.example.org.key" pid=1006 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
type=AVC msg=audit(1619561787.225:5188): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/bin/quasselcore" pid= comm="apparmor_parser"
type=AVC msg=audit(1619561792.697:5191): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=1149 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619561792.729:5192): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=1173 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=exists peer="unconfined"
type=AVC msg=audit(1619561863.707:5203): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=1419 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619561863.735:5204): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=1444 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=exists peer="unconfined"
type=AVC msg=audit(1619561878.338:5206): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=17822 comm="zsh" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619561889.466:5207): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=1574 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619561899.978:5209): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=17822 comm="zsh" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619561979.279:5216): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=17822 comm="zsh" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619562153.658:5235): apparmor="DENIED" operation="signal" profile="/usr/bin/quasselcore" pid=2364 comm="start-stop-daem" requested_mask="receive" denied_mask="receive" signal=term peer="unconfined"
type=AVC msg=audit(1619562190.033:5241): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/bin/quasselcore" pid=2568 comm="apparmor_parser"
type=AVC msg=audit(1619562193.076:5245): apparmor="DENIED" operation="mknod" profile="/usr/bin/quasselcore" name="/var/lib/quassel/quassel-storage.sqlite-journal" pid=1006 comm="quasselcore" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
type=AVC msg=audit(1619562193.116:5246): apparmor="DENIED" operation="mknod" profile="/usr/bin/quasselcore" name="/var/lib/quassel/quassel-storage.sqlite-journal" pid=1006 comm="QThread" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
type=AVC msg=audit(1619562193.120:5247): apparmor="DENIED" operation="mknod" profile="/usr/bin/quasselcore" name="/var/lib/quassel/quassel-storage.sqlite-journal" pid=1006 comm="QThread" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
type=AVC msg=audit(1619562193.120:5248): apparmor="DENIED" operation="mknod" profile="/usr/bin/quasselcore" name="/var/lib/quassel/quassel-storage.sqlite-journal" pid=1006 comm="QThread" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
type=AVC msg=audit(1619562193.124:5249): apparmor="DENIED" operation="open" profile="/usr/bin/quasselcore" name="/proc/sys/vm/overcommit_memory" pid=1006 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
type=AVC msg=audit(1619562193.124:5250): apparmor="DENIED" operation="open" profile="/usr/bin/quasselcore" name="/sys/devices/system/cpu/online" pid=1006 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
type=AVC
Bug#824002: O: vifm -- flexible vi-like file manager using ncurses
Package: wnpp Severity: normal I intend to orphan the vifm package. The package description is: Vifm is a file manager providing a vi-like usage experience. It has similar keybindings and modes (e.g. normal, command line, visual). The interface uses ncurses, thus vifm can be used in text-only environments. It supports a wide range of features, some of which are known from the vi-editor: - utf8 support - user mappings (almost like in vi) - ranges in command-line commands - user defined commands (with support for ranges) - registers - operation undoing/redoing - fuse file systems support - trash - multiple files renaming - support of filename modifiers - colorschemes support - file name color according to file type - path specific colorscheme customization - bookmarks - operation backgrounding - customizable file viewers - handy less-like preview mode - filtering out and searching for files using regular expressions - one or two panes view With the package comes a plugin to use vifm as a vim file selector. pgp9WEsag2BVo.pgp Description: OpenPGP digital signature
Bug#812982: update issues when default instance is missing
Source: redmine Version: 3.0~20140825-8~deb8u1 Severity: normal In postinst the Gemfile is created. Creation seems to use /etc/redmine/default/database.yml to find gems to include. In my case that file did not exist because I did not create a default instance, only one with a real name. The resulting Gemfile did not include the 'pg' gem. This caused an error since my instance does use a postgresql database for the backend. Errors I got: Please configure your config/database.yml first Populating database for redmine instance "hnjs". This may take a while. Please configure your config/database.yml first Please configure your config/database.yml first rake aborted! Gem::LoadError: Specified 'postgresql' for database adapter, but the gem is not loaded. Add `gem 'pg'` to your Gemfile (and ensure its version is at the minimum required by ActiveRecord). Gem::LoadError: pg is not part of the bundle. Add it to Gemfile. Tasks: TOP => db:migrate => environment (See full trace by running task with --trace) Error when running rake db:migrate, check database configuration. The workaround that worked for me: mkdir /etc/redmine/default && cp /etc/redmine/hnjs/database.yml /etc/redmine/default/database.yml dpkg-reconfigure redmine If my interpretation of the problem is correct: is it even possible to have multiple instances use different database backends or will the bundle-stuff only include the gem needed for the backend in the default instance? Cheers henk -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? pgp6ia7ImOQkR.pgp Description: OpenPGP digital signature
Bug#770195: vim-plugin not installed correctly
Package: vifm Version: 0.7.8-3 Severity: normal The vifm-plugin for vim is not installed correctly. 'vim-addons' reports the plugin as unavailable and with '-v' explains why: # vim-addons -v […] vifmunavailable (missing source files: /usr/share/vim/addons/doc/vifm.txt)unavailable (missing source files: /usr/share/vim/addons/doc/vifm.txt) […] -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vifm depends on: ii libc6 2.19-13 ii libmagic1 1:5.20-2 ii libncursesw5 5.9+20140913-1 ii libtinfo5 5.9+20140913-1 Versions of packages vifm recommends: ii libx11-6 2:1.6.2-3 ii vim-addon-manager 0.5.3 vifm suggests no packages. -- no debconf information -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Learn to E-Mail properly: http://email.about.com pgpZvOzVwRmKv.pgp Description: OpenPGP digital signature
Bug#767308: pypi-install fails without 'requests'-module
Package: python-stdeb Version: 0.8.2-3 Severity: normal % pypi-download cdist Traceback (most recent call last): File /usr/bin/pypi-download, line 4, in module from stdeb.downloader import myprint, get_source_tarball File /usr/lib/python2.7/dist-packages/stdeb/downloader.py, line 10, in module import requests ImportError: No module named requests Installing 'python-requests' fixes the issue. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-stdeb depends on: ii debhelper 9.20141022 ii python 2.7.8-2 ii python-setuptools 5.5.1-1 pn python:any none Versions of packages python-stdeb recommends: ii apt-file2.5.4 ii dpkg-dev1.17.21 ii python-all 2.7.8-2 Versions of packages python-stdeb suggests: ii python-all-dev 2.7.8-2 -- no debconf information -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Learn to E-Mail properly: http://email.about.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#522275: closed by Alexandre Raymond alexandre.j.raym...@gmail.com ()
Hi Alexandre, On Sun, 14 Jul 2013 17:47:48 -0400 Alexandre Raymond alexandre.j.raym...@gmail.com wrote: In order to help me troubleshoot your issue, could you please provide me the following information: - does this bug still manifest itself with Password Gorilla v1.5.3.7? I do not know since I do not have access to the database file in question anymore. - are you using any third-party software to access your database file? - which version of Password Gorilla did you use to create this database file? It was created with passwordsafe and is a passwordsafe v3 database file as stated in the initial bug report. - does this erroneous behavior occur systematically with your database file, or is it a random occurrence? It occured everytime I tried that command. - can you provide me with a sample database which exhibits this bug? Alternatively, can you provide me with detailed steps to reproduce it? No, as the error is pretty undescriptive I have no idea what exactly in the database causes the bug. There are no other steps involved than what I mentioned already: - have a (broken?) passwordsafe v3 database file - run the password-gorilla command mentioned in the initial post on it Thanks and best regards henk -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? signature.asc Description: PGP signature
Bug#706996: vifm: new upstream version available
Hi, On Wed, 8 May 2013 00:54:43 +0200 Hendrik Jäger d...@henk.geekmail.org wrote: Would it be possible to package the newest versions? I will not be able to build a package of the newest upstream version in time before the freeze, sorry. If anyone else would like to do that, feel free to contact me if you need any information I may be able to provide. Best regards henk signature.asc Description: PGP signature
Bug#522275: closed by Alexandre Raymond alexandre.j.raym...@gmail.com ()
Control: reopen -1! Hi, http://www.debian.org/Bugs/Developer#closing states: »Debian bug reports should be closed when the problem is fixed.« There is no indication that the problem is fixed, so the bug should not be closed. http://www.debian.org/Bugs/Developer#tags also states: »moreinfo This bug can't be addressed until more information is provided by the submitter. The bug will be closed if the submitter doesn't provide more information in a reasonable (few months) timeframe. This is for bugs like It doesn't work. What doesn't work?« I don’t think my bugreport fits that category. I also do not think that asking does it work in a newer version? can be considered 'moreinfo', but rather 'followupinfo'. Furthermore one should take a second to see where this might be going. Should every bug report be re-examined for every new version released and closed if no one specifically does say yes, it happens in the new version? I cannot provide the information asked for but don’t consider that fact reason enough to close the bug. If there is actually any indication that the bug might be fixed in a certain version and no one can confirm then that the bug still exists, I’d be ok with it being closed. Simply saying there is a new version, I’ll just assume this fixes all bugs from previous version seems highly naive and counterproductive to me. Thanks for considering Hendrik Jaeger On Fri, 28 Jun 2013 22:39:17 + ow...@bugs.debian.org (Debian Bug Tracking System) wrote: This is an automatic notification regarding your Bug report which was filed against the password-gorilla package: #522275: password-gorilla: crashes while loading passwordsafe v3 database It has been closed by Alexandre Raymond alexandre.j.raym...@gmail.com. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Alexandre Raymond alexandre.j.raym...@gmail.com by replying to this email. signature.asc Description: PGP signature
Bug#675468: tiger: E-Mail-reports FROM-address should use FQDN, not just hostname
Package: tiger Version: 1:3.2.3-10 Severity: minor The default config contains a section to set the From:-address to be used for e-mail reports: # Who sends output from 'tigercron'? # Default is root@$HOSTNAME (gets expanded by tigercron) # # Tiger_Mail_FROM=root@`uname -n` The output of 'uname -n' is just the hostname, not the FQDN, on all my systems, which results in an unqualified domain name in the From:-field of tiger’s email-reports. This triggers rules in spamscanners or even sanity checks in certain MTA-configurations. IMHO the default should contain the FQDN (maybe by use of `hostname -f`) or leave it to the MTA to qualify the address by setting only root. Thanks for consideration and best regards Hendrik -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (1000, 'testing'), (10, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-6 ii bsdmainutils 9.0.2 ii debconf [debconf-2.0] 1.5.43 ii libc6 2.13-32 ii net-tools 1.60-24.1 ii ucf3.0025+nmu3 Versions of packages tiger recommends: pn chkrootkit 0.49-4.1 pn exim4-daemon-light [mail-transport-agent] 4.77-1+b1 pn john none pn tripwire | aidenone Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- debconf information excluded signature.asc Description: PGP signature
Bug#657310: tiger: SHA-512 hashes in shadow seen as disabled login
Package: tiger Version: 1:3.2.3-4 Severity: normal Hi, Tiger does not handle SHA-512 (and probably other SHA-mechanisms) properly by default. I keep getting a message (see below) for all users using a hash starting with '$6$cSCDbP…' while those starting with '$1$bz7U…' are never reported. I assume the setting Tiger_Passwd_Hashes='crypt3|md5' is responsible and needs to be complemented with the proper term for SHA mechanisms. I was unable to find what needs to be put there, though. It seems to be neither 'SHA-512' nor 'sha512'. The reported problem is: NEW: --WARN-- [pass014w] Login (hendrik) is disabled, but has a valid shell. The corresponding check is in file /usr/lib/tiger/scripts/check_passwd:173 Since the default mechanism for setting passwords seems to have changed in debian, IMHO tigers default config should be adjusted accordingly. Also it seems that possible values for this setting are not documented anywhere which would be helpful in this situation. Thank you and best regards henk -- Hendrik Jaeger Linux Systemadministrator Init Seven AG Elias-Canetti-Strasse 7 CH-8050 Zürich phone: +41 44 315 44 00 fax: +41 44 315 44 01 http://www.init7.net/ signature.asc Description: PGP signature
Bug#637115: signing-party: Support for mailto-Links
Package: signing-party Version: 1.1.3-1 Severity: wishlist Hi, While trying to sign multiple GPG-keys, I noticed that it seems very difficult to send the mails with the MUA that I use on a daily basis. I consider this a pretty big drawback, since that is where my settings for sending mail are. No other MUA is configured to be able to send mail on this system and there is no MTA installed and configured to be able to send mails to the internet, since this is just a desktop machine. Also it does not seem possible to send via an MTA configured to require an encrypted connection to allow authentication. The patch on [1] is supposed to make it possible to use any MUA that understands the mailto-link syntax. [1]: http://kratz00.org/dokuwiki/doku.php?id=software:claws-mail Thanks and best regards Hendrik Jäger -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (1010, 'testing'), (10, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.39-2-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages signing-party depends on: ii gnupg 1.4.11-3 GNU privacy guard - a free PGP rep ii libc6 2.13-10 Embedded GNU C Library: Shared lib ii libclass-methodmaker-perl 2.18-1 Perl module for creating generic m ii libgnupg-interface-perl 0.44-1 Perl interface to GnuPG ii libmailtools-perl 2.08-1 Manipulate email in perl programs ii libmime-tools-perl 5.502-1 Perl5 modules for MIME-compliant m ii libterm-readkey-perl2.30-4+b1A perl module for simple terminal ii libtext-template-perl 1.45-2 Text::Template perl module ii perl5.12.4-2 Larry Wall's Practical Extraction ii qprint 1.0.dfsg.2-2 encoder and decoder for quoted-pri Versions of packages signing-party recommends: ii exim44.76-2 metapackage to ease Exim MTA (v4) ii exim4-daemon-heavy [mail-tra 4.76-2 Exim MTA (v4) daemon with extended pn libgd-gd2-noxpm-perl | libgd none (no description available) ii libpaper-utils 1.1.24+nmu1 library for handling paper charact ii libtext-iconv-perl 1.7-4 converts between character sets in ii recode 3.6-17 Character set conversion utility ii whiptail 0.52.11-2.1 Displays user-friendly dialog boxe Versions of packages signing-party suggests: ii imagemagick 8:6.6.9.7-5 image manipulation programs ii mutt 1.5.21-5text-based mailreader supporting M ii texlive-latex-recommended2009-11 TeX Live: LaTeX recommended packag pn wipe none (no description available) -- no debconf information -- Hendrik Jaeger Linux Systemadministrator Init Seven AG Elias-Canetti-Strasse 7 CH-8050 Zürich phone: +41 44 315 44 00 fax: +41 44 315 44 01 http://www.init7.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#605392: puppet: resource inheritance not working as expected
Package: puppet Version: 2.6.2-1~bpo50+1 Severity: important As stated in #5349 (http://projects.puppetlabs.com/issues/5349) inheritance does not work as expected and not as it used to in versions 2.6. I'm not sure about this bugs severity, since it affects only one, but a quite important aspect of the description language. I see inheritance as one of the features without which puppet is a lot more complex to use efficiently. I'd rather see a working 0.25 version in a stable release than 2.6 with this problem. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#600053: logcheck rules needs updating for 'puppet-agent'
Package: puppet Version: 2.6.0-4 Severity: minor Hi, I noticed the name puppetd logs with to syslog has changed, when in lenny the lines looked like this: puppetd[2851]: Finished catalog run in 5.80 seconds they look like this in squeeze: puppet-agent[2736]: Finished catalog run in 0.19 seconds I'm not sure what causes that or what else is influenced. Kind regards Hendrik -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable'), (10, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-hnj-0.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#596933: apt-file: files provided by alternatives cannot be found
Package: apt-file Version: 2.1.5 Severity: normal Hi, apt-file is not able to find files provided by the alternative system. I understand that those files are not exactly a file in the package but the package is reponsible for the file being there and therefore apt-file should find it. I stumbled upon that when searching for packages that provide /usr/bin/mail. Both apt-file and packages.debian.org only find the package 'mailutils' but IIRC there are at least 3 other packages which provide it via the alternatives system, bsd-mailx for example. I was unsure of the priority of this bug. On the one hand i'd say it's a wish, on the other hand i think this tool is pretty useless if it's just going to ignore things like alternatives and who knows what else might come altogether and just displays a minor subset of relevant packages. Thank you and best regards Hendrik -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (1010, 'stable'), (10, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-hnj-0.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apt-file depends on: ii curl 7.18.2-8lenny4 Get a file from an HTTP, HTTPS or ii libapt-pkg-perl 0.1.22+b1 Perl interface to libapt-pkg ii libconfig-file-perl 1.42-1 Parses simple configuration files ii liblist-moreutils-perl 0.22-1+b1 Addition list functions not found ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction ii wget 1.11.4-2+lenny2 retrieves files from the web Versions of packages apt-file recommends: ii menu 2.1.41 generates programs menu for all me Versions of packages apt-file suggests: ii openssh-client1:5.1p1-5 secure shell client, an rlogin/rsh ii sudo 1.6.9p17-3 Provide limited super user privile -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590675: [logcheck-database] additional rules for bind
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
We have some additional rules for bind:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]:
(general: )?(info: )?received control channel command 'stats'$ ^\w{3}
[ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]:
(general: )?(info: )?dumpstats complete$
HTH
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590674: [logcheck-database] rules for atftpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
We use these rules for atftpd messages:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ atftpd\[[[:digit:]]+\]:
timeout: retrying...$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
atftpd\[[[:digit:]]+\]: Fetching from
([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3} to [[:alnum:]\.-]+$
HTH
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590677: [logcheck-database] additional rules for nagios/radius
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
check_radius output filter:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check_radius: rc_avpair_gen:
received VSA attribute with unknown Vendor-Id [[:digit:]]+$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]:
synchronized to ([0-9.]{7,15}|[0-9a-fA-F:.]{4,39}), stratum [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronized to
LOCAL\([0-9]+\), stratum [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync
(disabled|enabled) [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync
(enabled|status( change)?) [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: precision =
[0-9]+\.[0-9]+ usec$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: peer
([.0-9]{7,15}|[0-9a-fA-F:.]{4,39}) now (in)?valid$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local
clock by -?[.0-9]+s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjust time server
-?[.0-9]+ offset$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590683: [logcheck-database] rules for puppetmasterd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetmasterd\[[0-9]+\]: Caught
TERM; shutting down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetmasterd\[[0-9]+\]: Compiled
catalog for [._[:alnum:]-]+ in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetmasterd\[[0-9]+\]: Shutting
down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetmasterd\[[0-9]+\]: Starting
Puppet server version [.0-9]+$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590682: [logcheck-database] rules for puppetd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some more rules for puppetd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caching
configuration at [\/._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Calling
puppetmaster.getconfig$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caught
(TERM|INT); shutting down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]:
\(/File\[/var/lib/puppet/lib\]/checksum\) checksum changed
'{mtime}\w{3} \w{3} [ :0-9]{11} \+[ 0-9]{9}' to '{mtime}\w{3} \w{3}
[ :0-9]{11} \+[ 0-9]{9}'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished catalog
run in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished
configuration run in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: getting config$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring cache$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring --listen
on onetime run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loaded state in
[.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loading fact .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Other end went
away; restarting connection and retrying$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Restarting
with .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieved
configuration in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieving
plugins$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Shutting down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting catalog
run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting
configuration run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting Puppet
client version [.0-9]+$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590684: [logcheck-database] rules for rsyslog
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: imklog 3\.18\.6, log
source = /proc/kmsg started\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin
software=rsyslogd swVersion=3.18.6 x-pid=[[:digit:]]+
x-info=http://www.rsyslog.com\] restart$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#590544: [kannel] sensible handling of values in /etc/default/kannel
Package: kannel Severity: minor --- Please enter the report below this line. --- Hi, The values in /etc/default/kannel aren't handled as expected. As long as the variable is not unset, it will always be regarded as 'true'. This is probably caused by the init-script only doing this: test ! -z $START_WAPBOX ( IMHO it should check if that variable is 1 and only then start that service. The way it's done atm is confusing because setting 0 doesn't make the service not start. Kind regards Hendrik Jaeger --- System information. --- Architecture: i386 Kernel: Linux 2.6.32-5-686 Debian Release: squeeze/sid 1010 testing security.debian.org 1010 testing mirror.switch.ch 10 unstablemirror.switch.ch --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty. -- Hendrik Jaeger Linux Systemadministrator Init Seven AG Elias-Canetti-Strasse 7 CH-8050 Zürich phone: +41 44 315 44 00 fax: +41 44 315 44 01 http://www.init7.net/ signature.asc Description: PGP signature
Bug#587106: apt-dater-host: Uses apt-get despite being configured for aptitude
Package: apt-dater-host
Severity: normal
Hi,
apt-dater-host uses apt-get instead of aptitude, which it is configured
to use. AFAICT the problem is in line 178 where apt-get seems to be
called directly:
unless(open(HAPT, $GETROOT apt-get -q -s -f upgrade |)) {
print \nADPERR: Failed to execute '$GETROOT apt-get -q -s
upgrade' ($!).\n; exit(1);
Hope that helps.
Regards
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
Bug#545940: check_ircd: argument handling
Package: nagios-plugins-basic Version: 1.4.12-5 Severity: normal The check_ircd plugin works just fine using the commandline using this command: /usr/lib/nagios/plugins/check_ircd -H localhost -p 1984 Configuring this command for nagios: command_line/usr/lib/nagios/plugins/check_ircd -H '$HOSTADDRESS$' -p '$ARG1$' This check will return an UNKNOWN state in nagios with an error output: invalid port: -H The same happens with other constellations. The solution i found on the web was to remove '-H' so that the command looks like: command_line/usr/lib/nagios/plugins/check_ircd '$HOSTADDRESS$' -p '$ARG1$' That command works just fine, so i assume there is an error in the argument parsing logic. Best regards Hendrik Jaeger -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (1010, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-hnj-17lenny2 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nagios-plugins-basic depends on: ii iputils-ping3:20071127-1 Tools to test the reachability of ii libc6 2.7-18 GNU C Library: Shared libraries ii libssl0.9.8 0.9.8g-15+lenny3 SSL shared libraries ii procps 1:3.2.7-11 /proc file system utilities ii ucf 3.0016 Update Configuration File: preserv nagios-plugins-basic recommends no packages. Versions of packages nagios-plugins-basic suggests: ii nagios3 3.0.6-4~lenny2 A host/service/network monitoring -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545940: [Pkg-nagios-devel] Bug#545940: check_ircd: argument handling
Hi Jan,
On Thu, 10 Sep 2009 10:10:06 +0200
Jan Wagner w...@cyconet.org wrote:
The check_ircd plugin works just fine using the commandline using
this command: /usr/lib/nagios/plugins/check_ircd -H localhost -p
1984
Unfortunately I can't reproduce your effect:
nagios:~# /usr/lib/nagios/plugins/check_ircd -H 'irc.freenode.org' -p
'6667' Critical Number Of Clients Connected : 6456 (Limit = 100)
nagios:~# /usr/lib/nagios/plugins/check_ircd --hostname
'irc.freenode.org' -p '6667'
Critical Number Of Clients Connected : 6456 (Limit = 100)
nagios:~# /usr/lib/nagios/plugins/check_ircd 'irc.freenode.org' -p
'6667' Critical Number Of Clients Connected : 6457 (Limit = 100)
I'm sorry, I phrased that so unclearly.
That's what I meant to say: It works just fine in a shell with any
combination of arguments/options I tried. No problem so far.
Configuring this command for nagios:
command_line/usr/lib/nagios/plugins/check_ircd -H
'$HOSTADDRESS$' -p '$ARG1$'
This check will return an UNKNOWN state in nagios with an error
output: invalid port: -H
The same happens with other constellations.
The solution i found on the web was to remove '-H' so that the
command looks like:
command_line/usr/lib/nagios/plugins/check_ircd '$HOSTADDRESS$'
-p '$ARG1$'
Could you please be more verbose?
My command definitions:
snip
define command {
command_namecheck_ircd
command_line/usr/lib/nagios/plugins/check_ircd '$HOSTADDRESS$'
$ARG1$
}
define command {
command_namecheck_ircd_fail
command_line/usr/lib/nagios/plugins/check_ircd -H '$HOSTADDRESS$'
$ARG1$
}
snap
And this are the services using those commands:
snip
define service {
host_name localhost
service_description IRCd
check_command check_ircd!-p 1984
use henk-stdsrv
notification_interval 0
}
define service {
host_name localhost
service_description IRCd-fail
check_command check_ircd_fail!-p 1984
use henk-stdsrv
notification_interval 0
}
snap
The first one reports the service as OK:
IRCD ok - Current Local Users: 17
While the second says UNKNOWN:
Invalid warning threshold: -H
When i make the following change in both service definitions, both
report OK with the above mentioned message:
check_command check_ircd!-p 1984 -w 55 -c 80
Note that all of those commands work just fine in a shell, just not in
nagios. But as i now tested only when the embedded perl interpreter is
used implicitly. So I guess this bug can be closed or perhaps
reassigned.
Sorry for the trouble.
Best regards
Hendrik
signature.asc
Description: PGP signature
Bug#522780: tftpd-hpa: postinst fails without update-inetd installed
Package: tftpd-hpa Version: 0.49-1 Severity: minor Installing tftpd-hpa on squeeze gives an error message. The postinst-script complains that 'update-inetd' cannot be run and thus fails. The package does not have a dependency on update-inetd, but recommends it and the installation works fine when it is installed. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#522275: password-gorilla: crashes while loading passwordsafe v3 database
Package: password-gorilla
Version: 1.4-4
Severity: normal
Loading a passwordsafe v3 like seen below asks for the password, verifies it
and loads the DB's content. The window disappears and i get the following
output:
$ password-gorilla mypwds.dat
Error in startup script: group name can not be empty
while executing
error group name can not be empty
(procedure ::pwsafe::db::splitGroup body line 15)
invoked from within
pwsafe::db::splitGroup $groupName
(procedure AddGroupToTree line 9)
invoked from within
AddGroupToTree $groupName
(procedure AddRecordToTree line 8)
invoked from within
AddRecordToTree $rn
(procedure AddAllRecordsToTree line 3)
invoked from within
AddAllRecordsToTree
(procedure gorilla::Open line 53)
invoked from within
gorilla::Open $databaseToLoad
invoked from within
if {$::gorilla::init == 0} {
if {[string first -norc $argv0] != -1} {
set ::gorilla::preference(norc) 1
}
set haveDatabaseToLoad 0
...
(file /usr/share/password-gorilla/gorilla.tcl line 6232)
invoked from within
source [file join [file dirname $myName] gorilla.tcl]
(file /usr/share/password-gorilla/gorilla line 10)
-- System Information:
Debian Release: squeeze/sid
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages password-gorilla depends on:
ii bwidget1.8.0-3 A set of extension widgets for Tcl
ii itcl3 3.2.1-5 [incr Tcl] OOP extension for Tcl -
ii tcl8.4 8.4.19-3 Tcl (the Tool Command Language) v8
ii tcllib 1.11.1-dfsg-2 the Standard Tcl Library
ii tk8.4 8.4.19-3 Tk toolkit for Tcl and X11, v8.4 -
password-gorilla recommends no packages.
password-gorilla suggests no packages.
-- no debconf information
--
squatcho, n.:
The button at the top of a baseball cap.
-- Sniglets, Rich Hall Friends
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#502308: debconf-set-selections does not handle superfluous whitespace
Package: debconf Version: 1.5.11etch2 Severity: normal Tags: patch The debconf-set-selections script does not handle multiple whitespaces directly before $content in the input correctly. Using a file with the following content will not give an error, but will be ignored it seems: beep beep/suid_option select not suid at all Note: there are two spaces before the '$content' and debconf-set-selection will take all but one whitespace to be part of $content: # debconf-set-selections -v beep.preseed info: Trying to set 'beep/suid_option' [select] to 'not suid at all' This can be easily fixed with this patch: 125c125 my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/; --- my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s+(.*))?/; HTH Hendrik Jaeger -- An artist should be fit for the best society and keep out of it. signature.asc Description: Digital signature
