[Bug 1893716] Re: scripts in /etc/update-motd.d/ run even on login via non-interactive scp and sftp sessions
** Description changed: My client has 200+ devices automatically uploading information via sftp and scp to a server every few minutes. After a recent update, I noticed the load on their server spiking through the roof. Upon investigation, I discovered a horde of landscape-sysinfo and /usr/bin/lsb_release processes running that correlated with login session notifications in - /etc/syslog and the load spikes. + /var/log/syslog and the load spikes. It appears that even in non-interactive sessions where this information will never be seen, the configuration options below in /etc/pam.d/sshd cause these items to be launched (in fact, probably everything in /etc /update-motd.d). This only started on the system in question after a recent set of system updates were in stalled. The content of /etc/update-motd.d/* really, really, really shouldn't be executed if the session in question is not interactive, as it provides no value at all. Unfortunately, to disable it for these non-interactive sessions, we also have to disable it for the interactive ones as well where it has some value (though not enough to make spiking the load on this server through the roof an acceptable tradeoff). # Print the message of the day upon successful login. # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. #sessionoptional pam_motd.so motd=/run/motd.dynamic #sessionoptional pam_motd.so noupdate Also, looking at the script 00-header in /etc/update-motd.d/, /usr/bin/lsb_release is being improperly launched, as /etc/lsb_release does include the necessary information: [ -r /etc/lsb-release ] && . /etc/lsb-release if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then - # Fall back to using the very slow lsb_release utility - DISTRIB_DESCRIPTION=$(lsb_release -s -d) + # Fall back to using the very slow lsb_release utility + DISTRIB_DESCRIPTION=$(lsb_release -s -d) fi # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS" ** Description changed: My client has 200+ devices automatically uploading information via sftp and scp to a server every few minutes. After a recent update, I noticed the load on their server spiking through the roof. Upon investigation, I discovered a horde of landscape-sysinfo and /usr/bin/lsb_release processes running that correlated with login session notifications in /var/log/syslog and the load spikes. It appears that even in non-interactive sessions where this information will never be seen, the configuration options below in /etc/pam.d/sshd cause these items to be launched (in fact, probably everything in /etc /update-motd.d). This only started on the system in question after a - recent set of system updates were in stalled. + recent set of system updates were installed. The content of /etc/update-motd.d/* really, really, really shouldn't be executed if the session in question is not interactive, as it provides no value at all. Unfortunately, to disable it for these non-interactive sessions, we also have to disable it for the interactive ones as well where it has some value (though not enough to make spiking the load on this server through the roof an acceptable tradeoff). # Print the message of the day upon successful login. # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. #sessionoptional pam_motd.so motd=/run/motd.dynamic #sessionoptional pam_motd.so noupdate Also, looking at the script 00-header in /etc/update-motd.d/, /usr/bin/lsb_release is being improperly launched, as /etc/lsb_release does include the necessary information: [ -r /etc/lsb-release ] && . /etc/lsb-release if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then # Fall back to using the very slow lsb_release utility DISTRIB_DESCRIPTION=$(lsb_release -s -d) fi # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893716 Title: scripts in /etc/update-motd.d/ run even on login via non-interactive scp and sftp sessions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1893716/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893716] [NEW] scripts in /etc/update-motd.d/ run even on login via non-interactive scp and sftp sessions
Public bug reported: My client has 200+ devices automatically uploading information via sftp and scp to a server every few minutes. After a recent update, I noticed the load on their server spiking through the roof. Upon investigation, I discovered a horde of landscape-sysinfo and /usr/bin/lsb_release processes running that correlated with login session notifications in /etc/syslog and the load spikes. It appears that even in non-interactive sessions where this information will never be seen, the configuration options below in /etc/pam.d/sshd cause these items to be launched (in fact, probably everything in /etc /update-motd.d). This only started on the system in question after a recent set of system updates were in stalled. The content of /etc/update-motd.d/* really, really, really shouldn't be executed if the session in question is not interactive, as it provides no value at all. Unfortunately, to disable it for these non-interactive sessions, we also have to disable it for the interactive ones as well where it has some value (though not enough to make spiking the load on this server through the roof an acceptable tradeoff). # Print the message of the day upon successful login. # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. #sessionoptional pam_motd.so motd=/run/motd.dynamic #sessionoptional pam_motd.so noupdate Also, looking at the script 00-header in /etc/update-motd.d/, /usr/bin/lsb_release is being improperly launched, as /etc/lsb_release does include the necessary information: [ -r /etc/lsb-release ] && . /etc/lsb-release if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then # Fall back to using the very slow lsb_release utility DISTRIB_DESCRIPTION=$(lsb_release -s -d) fi # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS" ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893716 Title: scripts in /etc/update-motd.d/ run even on login via non-interactive scp and sftp sessions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1893716/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1869429] [NEW] package apparmor 2.12-4ubuntu5.1 failed to install/upgrade: installed apparmor package post-installation script subprocess returned error exit status 12
Public bug reported: I was running "do-release-upgrade". It prompted me that my /etc/ssh/sshd_config file was different from the maintainers; I went to look at the differences, and somehow I wasn't able to go back and say "keep my version", instead things errored out. I was able to recover at the end of the process. ProblemType: Package DistroRelease: Ubuntu 18.04 Package: apparmor 2.12-4ubuntu5.1 ProcVersionSignature: Ubuntu 4.15.0-91.92~16.04.1-generic 4.15.18 Uname: Linux 4.15.0-91-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.12 Architecture: amd64 Date: Fri Mar 27 20:01:57 2020 Df: Dmesg: ErrorMessage: installed apparmor package post-installation script subprocess returned error exit status 12 InstallationDate: Installed on 2017-05-04 (1057 days ago) InstallationMedia: Ubuntu-Server 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.8) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-91-generic root=UUID=9e033fda-4dfa-44ab-9f9d-2984aae489de ro quiet splash pcie_aspm=off vt.handoff=7 Python3Details: /usr/bin/python3.6, Python 3.6.9, python3-minimal, 3.6.7-1~18.04 PythonDetails: /usr/bin/python2.7, Python 2.7.17, python-minimal, 2.7.15~rc1-1 RelatedPackageVersions: dpkg 1.19.0.5ubuntu2.3 apt 1.6.12 SourcePackage: apparmor Syslog: Mar 27 18:17:18 laptopsanytime dbus[861]: [system] AppArmor D-Bus mediation is enabled Mar 27 18:20:14 laptopsanytime dbus[955]: [system] AppArmor D-Bus mediation is enabled Mar 27 18:22:56 laptopsanytime dbus[963]: [system] AppArmor D-Bus mediation is enabled Mar 27 19:02:11 laptopsanytime dbus[865]: [system] AppArmor D-Bus mediation is enabled Title: package apparmor 2.12-4ubuntu5.1 failed to install/upgrade: installed apparmor package post-installation script subprocess returned error exit status 12 UpgradeStatus: Upgraded to bionic on 2020-03-27 (0 days ago) ** Affects: ubuntu Importance: Undecided Status: New ** Tags: amd64 apport-package bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1869429 Title: package apparmor 2.12-4ubuntu5.1 failed to install/upgrade: installed apparmor package post-installation script subprocess returned error exit status 12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1869429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722060] Re: Some programs (e.g. Widelands) crash when playing sounds with sdl2 2.0.6
This also affects the 1.0 release of Flare (www.flarerpg.org) when compiled from source. I ran into this a couple of days ago. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722060 Title: Some programs (e.g. Widelands) crash when playing sounds with sdl2 2.0.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ioquake3/+bug/1722060/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033598] Re: the CAPTCHA challenge in Ubuntu Software Center is much too difficult to solve for a real human being
This says so much about both Canonical and the open source development community... a piece of software that is front and center to the (new, especially) user experience has a flaw which prevents a very visible piece of functionality from being accessible, and it is left unfixed and unaddressed for three years. I've indicated the bug affected me, subscribed, etc. Does no one with any influence actually look at these things? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033598 Title: the CAPTCHA challenge in Ubuntu Software Center is much too difficult to solve for a real human being To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-center/+bug/1033598/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 681423] Re: [MIR] libssh2
Hey, we'd really like it if the packaged version of curl supported sftp, it is unexpected from an end user standpoint when it doesn't, especially given that the man page specifically says so: curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user inter‐ action. *** The end user shouldn't have to run curl -V to find out that this is not true for Ubuntu. Looking through the comments here, it looks like the patches Robin Munn submitted actually fix the issues identified. What's the block on implementing this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/681423 Title: [MIR] libssh2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/681423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1371362] [NEW] Update chkrootkit to 0.50
Public bug reported: New version of chkrootkit released on June 4th, 2014, per chkrootkit.org (README excerpt below, web site says June 4th): 09/30/2009 - Version 0.49 new tests: Mac OS X OSX.RSPlug.A. Enhanced tests: suspicious sniffer logs, suspicious PHP files, shell history file anomalies. Bug fixes in chkdirs.c, chkproc.c and chkutmp.c. 04/30/2014 - Version 0.50 new tests: linuxrootkit-AMD-64-sound Operation Windigo ssh backdoor detection Minor bug fixes Please consider upgrading this, as the previous version is now almost five years old. ** Affects: chkrootkit (Ubuntu) Importance: Undecided Status: New ** Tags: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to chkrootkit in Ubuntu. https://bugs.launchpad.net/bugs/1371362 Title: Update chkrootkit to 0.50 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1371362/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 454566] Re: False positive for SucKit
Current version of chkrootkit is 0.50, released on June 4th, 2014. Maybe we could get that version packaged up and backported? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to chkrootkit in Ubuntu. https://bugs.launchpad.net/bugs/454566 Title: False positive for SucKit To manage notifications about this bug go to: https://bugs.launchpad.net/server-papercuts/+bug/454566/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1011151] Re: Wording of /etc/default/rkhunter
I had this same issue. I installed it, looked at the content of this file, and assumed that default meant default. I was only able to fix the situation after changing CRON_DAILY_RUN to true as described, and I also set CRON_DB_UPDATE to true. This is a bug, as no rational person with any experience would read this as requiring true to be added for the cron job to run. There's a discussion about this here as well. Wasted more time than makes me happy before I figured this out. http://askubuntu.com/questions/382992/rkhunter-sends-no-email -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1011151 Title: Wording of /etc/default/rkhunter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1011151/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1303564] Re: Please update rkhunter to 1.4.2
This is essentially a duplicate of bug #1220425, which asks that LTS be upgraded to the supported version. https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1220425 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1303564 Title: Please update rkhunter to 1.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1303564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1371362] [NEW] Update chkrootkit to 0.50
Public bug reported: New version of chkrootkit released on June 4th, 2014, per chkrootkit.org (README excerpt below, web site says June 4th): 09/30/2009 - Version 0.49 new tests: Mac OS X OSX.RSPlug.A. Enhanced tests: suspicious sniffer logs, suspicious PHP files, shell history file anomalies. Bug fixes in chkdirs.c, chkproc.c and chkutmp.c. 04/30/2014 - Version 0.50 new tests: linuxrootkit-AMD-64-sound Operation Windigo ssh backdoor detection Minor bug fixes Please consider upgrading this, as the previous version is now almost five years old. ** Affects: chkrootkit (Ubuntu) Importance: Undecided Status: New ** Tags: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1371362 Title: Update chkrootkit to 0.50 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1371362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 454566] Re: False positive for SucKit
Current version of chkrootkit is 0.50, released on June 4th, 2014. Maybe we could get that version packaged up and backported? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/454566 Title: False positive for SucKit To manage notifications about this bug go to: https://bugs.launchpad.net/server-papercuts/+bug/454566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1172436] [NEW] Filenames not updated in xymon-client.logrotate
Public bug reported: The file and path names for xymon-client have not been updated in xymon- client.logrotate, they specify /var/log/hobbit/*.log and /etc/init.d /hobbit-client when they should be /var/log/xymon/*.log and /etc/init.d /xymon-client. Note: when the xymon server is installed, then the path in /etc/init.d/xymon ... not sure how the installation script handles this. ** Affects: xymon (Ubuntu) Importance: Undecided Status: New ** Patch added: Updated xymon-client.logrotate file with correct names and paths https://bugs.launchpad.net/bugs/1172436/+attachment/3652546/+files/xymon-client.logrotate -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1172436 Title: Filenames not updated in xymon-client.logrotate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1172436/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1014894] [NEW] Amanda config examples missing
Public bug reported: The sample configuration files normally found in /usr/share/doc/amanda- common/examples are missing. This makes it very difficult to quickly build a working configuration, as many sample tutorials presume their existence. These files are missing in precise, but are present in oneiric: /usr/share/doc/amanda-common/examples/3hole.ps.gz /usr/share/doc/amanda-common/examples/8.5x11.ps.gz /usr/share/doc/amanda-common/examples/DIN-A4.ps.gz /usr/share/doc/amanda-common/examples/DLT-A4.ps.gz /usr/share/doc/amanda-common/examples/DLT.ps.gz /usr/share/doc/amanda-common/examples/EXB-8500.ps.gz /usr/share/doc/amanda-common/examples/HP-DAT.ps.gz /usr/share/doc/amanda-common/examples/Makefile.am /usr/share/doc/amanda-common/examples/Makefile.gz /usr/share/doc/amanda-common/examples/Makefile.in.gz /usr/share/doc/amanda-common/examples/amanda-client-postgresql.conf /usr/share/doc/amanda-common/examples/amanda-client-postgresql.conf.in /usr/share/doc/amanda-common/examples/amanda-client.conf /usr/share/doc/amanda-common/examples/amanda-client.conf.in /usr/share/doc/amanda-common/examples/amanda.conf.gz /usr/share/doc/amanda-common/examples/amanda.conf.in.gz /usr/share/doc/amanda-common/examples/chg-multi.conf /usr/share/doc/amanda-common/examples/chg-scsi.conf /usr/share/doc/amanda-common/examples/config.log.gz /usr/share/doc/amanda-common/examples/disklist /usr/share/doc/amanda-common/examples/inetd.conf.amandaclient /usr/share/doc/amanda-common/examples/inetd.conf.amandaclient.in /usr/share/doc/amanda-common/examples/inetd.conf.amandaserver /usr/share/doc/amanda-common/examples/inetd.conf.amandaserver.in /usr/share/doc/amanda-common/examples/template.d/README /usr/share/doc/amanda-common/examples/template.d/advanced.conf.gz /usr/share/doc/amanda-common/examples/template.d/advanced.conf.in.gz /usr/share/doc/amanda-common/examples/template.d/amanda-S3.conf /usr/share/doc/amanda-common/examples/template.d/amanda-S3.conf.in /usr/share/doc/amanda-common/examples/template.d/amanda-harddisk.conf /usr/share/doc/amanda-common/examples/template.d/amanda-harddisk.conf.in /usr/share/doc/amanda-common/examples/template.d/amanda-single-tape.conf /usr/share/doc/amanda-common/examples/template.d/amanda-single-tape.conf.in /usr/share/doc/amanda-common/examples/template.d/amanda-tape-changer.conf /usr/share/doc/amanda-common/examples/template.d/amanda-tape-changer.conf.in /usr/share/doc/amanda-common/examples/template.d/chg-manual.conf /usr/share/doc/amanda-common/examples/template.d/dumptypes.gz /usr/share/doc/amanda-common/examples/template.d/tapetypes.gz /usr/share/doc/amanda-common/examples/xinetd.amandaclient /usr/share/doc/amanda-common/examples/xinetd.amandaclient.in /usr/share/doc/amanda-common/examples/xinetd.amandaserver /usr/share/doc/amanda-common/examples/xinetd.amandaserver.in ** Affects: amanda (Ubuntu) Importance: Undecided Status: New ** Tags: backup config examples -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1014894 Title: Amanda config examples missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amanda/+bug/1014894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 932064] Re: amtape crash
This was reported in February. This has been fixed in 12.10 in April. When is the fix going to be backported to 12.04?!? My backup solution is totally hosed as a result of this. I am going to have to simply install Amanda from source at this point. Very annoying. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/932064 Title: amtape crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amanda/+bug/932064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 541512] Re: open-iscsi shutdown failure due to missing dir
FYI: the portmap package in Lucid creates this directory on boot, so that a symlink to the portmap.pid can be placed there. Installing it is a way of ensuring that this directory is created properly without creating a custom hack. I believe that later versions of this included in packages after Lucid may change this behavior. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/541512 Title: open-iscsi shutdown failure due to missing dir To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/541512/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
