Bug#802917: do not migrate denyhosts to testing: who will do security support?

2017-05-13 Thread Peter Souter 
Hi All,

As an active denyhosts user for a long time now (I guess 3-4 years) I find
it way more intuitive and easy to setup than fail2ban, and I hope we can
find a way of getting it into a debian release in the future... probably a
long way away as stretch has since frozen... I guess buster at this rate? :)

The main benefits I've had with it over fail2ban is mainly the ease of
syncing multiple bans to a central hub. It's pretty straightforward
to setup, especially since I've been toying with Jan's denyhosts-server
project. It's pretty cool to be able to visualise when attacks are
happening, where they're coming from and the other various metrics and the
graphs that come with it.

I think with a bit of love from Jan and myself, we can probably
get denyhosts up to a polished standard with a majority of tickets
resolved.

I'm not python expert but I can do what I can to help, and have plenty of
infrastructure and automation knowledge to configure systems if needed.
Looking through some of the closed tickets mentioned, a number appear to
have already been fixed upstream, or patches provided either at the
github.com repo, the Sourceforge ticket or in the emails tickets but not
followed up on in the package upstream.

Thanks

Regards

Bug#846350: bug can be closed

2016-11-30 Thread Peter Souter 
Huh, that's pretty strange.

When I test it with the standard Debian redis-server package, it
doesn't fail even if I delete the run directory and any pid files...

$ apt-get -y install redis-server;
$ systemctl stop redis-server;
$ rm -rf /var/run/redis*;
$ service start redis-server;
$ redis-cli ping;
PONG

And I can see the pointer to the pid setting in the config... it seems
to be running ok even after it gets deleted?

root@debian-redis-test:~# cat /etc/redis/redis.conf | grep pid
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
# default. You can specify a custom pid file location here.
pidfile /var/run/redis/redis-server.pid
root@debian-redis-test:~# ls -l /var/run/redis/redis-server.pid
ls: cannot access /var/run/redis/redis-server.pid: No such file or directory

So missing the config setting should affect it... but it doesnt?

I've got a deploy link to setup a disposable Debian 8 instance that
I'm testing this with if you want to recreate
https://dply.co/b/bGEVS8CF

On 30 November 2016 at 16:11, Chris Lamb <la...@debian.org> wrote:
> Peter Souter wrote:
>
>> This issue doesn't affect the Debian package as it doesn't specify pid
>> location, so it defaults to /var/run/redis.pid, the /var/run dir will
>> always exist.
>
> Are you sure? Under systemd we use:
>
>   /var/run/redis/redis-server.pid
>
> (This bug cannot affect the SysVInit script as it calls "mkdir 
> /var/run/redis")
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#846350: bug can be closed

2016-11-30 Thread Peter Souter 
My mistake, as can be seen, this is the dotdeb-redis package.

I was testing multiple packages and I thought it affected both.

I've fixed that upstream https://github.com/gplessis/dotdeb-redis/pull/9

This issue doesn't affect the Debian package as it doesn't specify pid
location, so it defaults to /var/run/redis.pid, the /var/run dir will
always exist.

This bug can be closed! :)

Bug#846350: redis-server does not start if /var/run/redis does not exist

2016-11-30 Thread Peter Souter 
Subject: redis-server does not start if /var/run/redis does not exist
Package: redis-server
Version: 2:3.2.5-1~dotdeb+8.1
Severity: normal

Dear Maintainer,

redis-server does not start if /var/run/redis does not exist

>From my understanding of the systemd directory, this can be fixed by
adding a RuntimeDirectory to the servicefile

>From the docs:

  System daemons frequently require private runtime directories below
/run to place communication sockets and similar in. For these,
consider declaring them in their unit files using RuntimeDirectory=
(see systemd.exec(5) for details), if this is feasible.

So I believe adding RuntimeDirectory=redis to the
"/lib/systemd/system/redis-server.service" file in the package will
prevent this issue

Reproducible steps:

root@debian-redis-test:~# apt-get install redis-server --reinstall
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libjemalloc1
Use 'apt-get autoremove' to remove it.
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 27 not upgraded.
Need to get 0 B/509 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 44319 files and directories currently installed.)
Preparing to unpack .../redis-server_2%3a3.2.5-1~dotdeb+8.1_amd64.deb ...
Unpacking redis-server (2:3.2.5-1~dotdeb+8.1) over (2:3.2.5-1~dotdeb+8.1) ...
Processing triggers for systemd (215-17+deb8u5) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up redis-server (2:3.2.5-1~dotdeb+8.1) ...

root@debian-redis-test:~# systemctl status redis-server
● redis-server.service - Advanced key-value store
   Loaded: loaded (/lib/systemd/system/redis-server.service; enabled)
   Active: active (running) since Wed 2016-11-30 14:24:32 UTC; 1s ago
 Docs: http://redis.io/documentation,
   man:redis-server(1)
  Process: 6253 ExecStartPost=/bin/run-parts --verbose
/etc/redis/redis-server.post-up.d (code=exited, status=0/SUCCESS)
  Process: 6250 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
(code=exited, status=0/SUCCESS)
  Process: 6247 ExecStartPre=/bin/run-parts --verbose
/etc/redis/redis-server.pre-up.d (code=exited, status=0/SUCCESS)
 Main PID: 6252 (redis-server)
   CGroup: /system.slice/redis-server.service
   └─6252 /usr/bin/redis-server 127.0.0.1:6379

Nov 30 14:24:32 debian-redis-test run-parts[6247]: run-parts:
executing /etc/redis/redis-server.pre-up.d/00_example
Nov 30 14:24:32 debian-redis-test run-parts[6253]: run-parts:
executing /etc/redis/redis-server.post-up.d/00_example
Nov 30 14:24:32 debian-redis-test systemd[1]: Started Advanced key-value store.

root@debian-redis-test:~# systemctl stop redis-server

root@debian-redis-test:~# rm -rf /var/run/redis/

root@debian-redis-test:~# systemctl start redis-server
Job for redis-server.service failed. See 'systemctl status
redis-server.service' and 'journalctl -xn' for details.

root@debian-redis-test:~# journalctl -u redis-server --no-pager | grep pid
Nov 30 13:29:04 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:30:34 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:32:30 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:32:31 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:32:31 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:32:31 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 13:32:31 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:05:02 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:05:03 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:05:03 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:05:03 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:05:03 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:24:54 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:24:54 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:24:54 debian-redis-test systemd[1]: PID file
/var/run/redis/redis-server.pid not readable (yet?) after start-post.
Nov 30 14:24:55 debian-redis-test systemd[1]: PID