Bug#696087: Wheezy's fail2ban is affected by logrotation
sob, 25 maj 2013, 12:08:16 -0400, Yaroslav Halchenko napisał(a): On Thu, 23 May 2013, Mariusz Sawicki wrote: Version: 0.8.6-3wheezy1 Priority: important In new stable version of fail2ban there is also problem with log rotation (by logrotate) when you don't use copytruncate option. Old log is renamed, gziped and new one created, ex. auth.log and fail2ban still has opened this unexisting file: fail2ban- 2342 2554root4r REG 254,1 418124 260631 /var/log/auth.log.1 (deleted) Bug is also reported here: https://bugzilla.redhat.com/show_bug.cgi?id=833056 hm -- that one about pyinotify backend issue which was fixed post 0.8.8 and is not relevant to 0.8.6 which doesn't support pyinotify (introduced in 0.8.7) so we would need to troubleshoot here separately: what backend is used on your system ( I was using polling backend. But after returning to previous (wheezy's) version rotation works fine, also on another (upgraded to wheezy) system I could not observe previous failures after rotation. Hmm... I don't know why fail2ban was trying to read deleted file auth.log.1. I think my problem isn't repeatable so you could ignore it. Regards. M.S. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696087: Wheezy's fail2ban is affected by logrotation
Version: 0.8.6-3wheezy1 Priority: important In new stable version of fail2ban there is also problem with log rotation (by logrotate) when you don't use copytruncate option. Old log is renamed, gziped and new one created, ex. auth.log and fail2ban still has opened this unexisting file: fail2ban- 2342 2554root4r REG 254,1 418124 260631 /var/log/auth.log.1 (deleted) Bug is also reported here: https://bugzilla.redhat.com/show_bug.cgi?id=833056 After I've installed unstable version of package (0.8.9-1), the problem doesn't occurs. M.S. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700921: Newly created lxc-containers will not start in new stable (wheezy)
This bug can't be closed, because wheezy's version of lxc could not properly create LXC containers. They won't start. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676244: ifupdown: inet6 dhcp should provide accept_ra option
Package: ifupdown Version: 0.7~rc3 Severity: normal Tags: ipv6 Problem is familiar to #629837. With ,,inet6 dhcp'' method net.ipv6.conf.$DEV.accept_ra=0 is set, which disables RA, so no routing information could be acquired. There is no such informations in present DHCPv6 implementation (according to RFC3315). There should be an ,,inet6 static'' option ,,accept_ra'' that I could set to 1 allowing system to process RAs settings. ,,autoconf'' option should be also helpful. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-rt-amd64 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ifupdown depends on: ii dpkg 1.16.3 ii initscripts 2.88dsf-22.1 ii iproute 20120319-1 ii libc62.13-32 ii lsb-base 4.1+Debian4 ifupdown recommends no packages. Versions of packages ifupdown suggests: pn isc-dhcp-client [dhcp-client] 4.2.2.dfsg.1-5 pn net-tools 1.60-24.1 pn ppp2.4.5-5.1 pn rdnssd none -- no debconf information -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676244: ifupdown: inet6 dhcp should provide accept_ra option
wto, 05 cze 2012, 19:00:46 +0300, Andrew Shadura napisaÅ(a): On Tue, 5 Jun 2012 17:36:30 +0200 Mariusz Sawicki r...@e-point.pl wrote: Problem is familiar to #629837. With ,,inet6 dhcp'' method net.ipv6.conf.$DEV.accept_ra=0 is set, which disables RA, so no routing information could be acquired. There is no such informations in present DHCPv6 implementation (according to RFC3315). There should be an ,,inet6 static'' option ,,accept_ra'' that I could set to 1 allowing system to process RAs settings. ,,autoconf'' option should be also helpful. inet6 static has this option, and for SLAAC+dhcp you are supposed to use inet6 auto + dhcp yes (though I will probably add accept_ra option to dhcp as well). Hello, I know about inet6 auto but as you mentioned, this is only for statless addresses. There is lack of accept_ra in dhcp method for statefull address configuration via DHCPv6. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#619881: libpam-ldapd: shadowLastChange is not updated during password change
wto, 29 mar 2011, 23:01:35 +0200, Arthur de Jong napisał(a): On Mon, 2011-03-28 at 10:05 +0200, Mariusz Sawicki wrote: libpam-ldapd doesn’t change shadowLastChange during password modifica- tion. This problem is probably solved in 0.8.0 (according to #604147): * try to update the shadowLastChange attribute on password change It should be included in squeeze, otherwise it is unusable when password change request occures. Having the shadowLastChange attribute updated on password change is indeed a nice feature when using password expiry but not required in all environments. Of course, but it could be forced by security policy. This has indeed been implemented in 0.8.0 but the 0.8 series is currently in experimental because it is still under development. For reference, the change that was implemented for 0.8.0 can be found here: http://lists.arthurdejong.org/nss-pam-ldapd-commits/2010/msg00302.html Thanks for the patch. I could use it with my own build. Unless you can make a strong argument to have this fixed in squeeze I don't think it will be fixed there. It is suggested to use of -ldapd packages insted of -ldap: http://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#ldap-gnutls So if in libpam-ldap updating of shadowLastChange works it should also in libpam-ldapd. Regards. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#619880: libnss-ldapd: shadowLastChange is not updated during password change
Package: libnss-ldapd Version: 0.7.13 Severity: important libnss-ldapd doesn’t change shadowLastChange during password modifica- tion. This problem is probably solved in 0.8.0 (according to #604147): * try to update the shadowLastChange attribute on password change It should be included in squeeze, otherwise it is unusable when password change request occures. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages libnss-ldapd depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii nslcd 0.7.13 Daemon for NSS and PAM lookups usi libnss-ldapd recommends no packages. libnss-ldapd suggests no packages. -- debconf information: * libnss-ldapd/nsswitch: group, passwd, shadow * libnss-ldapd/clean_nsswitch: false -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#619881: libpam-ldapd: shadowLastChange is not updated during password change
Package: libpam-ldapd Version: 0.7.13 Severity: important libpam-ldapd doesn’t change shadowLastChange during password modifica- tion. This problem is probably solved in 0.8.0 (according to #604147): * try to update the shadowLastChange attribute on password change It should be included in squeeze, otherwise it is unusable when password change request occures. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-ldapd depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libpam-runtime1.1.1-6.1 Runtime support for the PAM librar ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii nslcd 0.7.13 Daemon for NSS and PAM lookups usi libpam-ldapd recommends no packages. libpam-ldapd suggests no packages. -- debconf information: libpam-ldapd/enable_shadow: true -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#619880: Acknowledgement (libnss-ldapd: shadowLastChange is not updated during password change)
This bug should be closed, beacuse it applies to libpam-ldapd. M.S. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#613373: vserver-stat: Killed
Something is wrong in src/vserver-stat.c I think in execution of
vc_sched_info function. If cpu variable reaches 32 or 34 vserver-stat is
killed with ops. There is less then 32 CPUs on my servers so I
applicated following workaround:
diff -ru util-vserver-0.30.216-pre2864.o/src/vserver-stat.c
util-vserver-0.30.216-pre2864/src/vserver-stat.c
--- util-vserver-0.30.216-pre2864.o/src/vserver-stat.c 2009-11-25
07:10:52.0 -0500
+++ util-vserver-0.30.216-pre2864/src/vserver-stat.c2011-02-22
08:31:16.0 -0500
@@ -268,7 +268,7 @@
res-utime_total = 0;
res-stime_total = 0;
// XXX: arbitrary CPU limit.
- for (cpu = 0; cpu 1024; cpu++) {
+ for (cpu = 0; cpu 32; cpu++) {
sched.cpu_id = cpu;
sched.bucket_id = 0;
if (vc_sched_info(xid, sched) == -1)
M.S.
--
Mariusz Sawicki | rash (at) e-point . pl | e-point SA
Glowny Administrator Systemow | http://www.e-point.pl
PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#613373: vserver-stat: Killed
Vserver-stat simply crashes with Killed message on i686 architecture (works
on amd64):
Now I'm not confirming that vserver-stat crashes only on i686. On
other testing architecture with vserver over drbd and
pacemaker/heartbeat it works fine.
I've got also strace:
# strace -i -v -f vserver-stat 21
[b77d8424] execve(/usr/sbin/vserver-stat, [vserver-stat],
[SHELL=/bin/bash, TERM=xterm, USER=root,
LS_COLORS=rs=0:di=01;34:ln=01;36..., MAIL=/var/mail/root,
PATH=/usr/local/sbin:/usr/local/..., PWD=/root, LANG=en_US.UTF-8,
HISTCONTROL=ignoreboth, SHLVL=1, HOME=/root, LOGNAME=root,
_=/usr/bin/strace, OLDPWD=/root]) = 0
[08049d8d] vserver(0, 0x3f, 0, 0xd, 0xb77b4414) = 131845
[08049a79] vserver(0x1, 0, 0, 0xd, 0xb77b4414) = 318771185
[b77b4424] chdir(/proc/virtual) = 0
[b77b4424] open(., O_RDONLY|O_DIRECTORY) = 3
[b77b4424] fcntl(3, F_SETFD, FD_CLOEXEC) = 0
[b77b4424] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0xbfdc4e2808634020) = 0xb77b3000
[b77b4424] getdents64(3, {{d_ino=4026531853, d_off=1, d_type=DT_DIR,
d_reclen=24, d_name=.} {d_ino=1, d_off=0, d_type=DT_DIR, d_reclen=24,
d_name=..} {d_ino=73628727, d_off=0, d_type=DT_REG, d_reclen=24,
d_name=info} {d_ino=73628728, d_off=0, d_type=DT_REG, d_reclen=32,
d_name=status} {d_ino=73576830, d_off=0, d_type=DT_DIR, d_reclen=32,
d_name=40001} {d_ino=7391, d_off=6, d_type=DT_DIR, d_reclen=32,
d_name=40002}}, 4084) = 168
[08049ab3] vserver(0x2803, 0x9c41, 0xbfdc4e10, 0xbfdc4eac, 0x804bae7) = 0
[08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e58, 0xbfdc4e38) = 0
[08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e74, 0xbfdc4e38) = 0
[08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e90, 0xbfdc4e38) = 0
[b77b4424] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0xbfdc4dec08634020) = 0xb77b2000
[b77b4424] open(/proc/uptime, O_RDONLY|O_LARGEFILE) = 4
[b77b4424] read(4, 419059.43 2895.90\n, 64) = 18
[b77b4424] close(4) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0
[08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c
unfinished ...
[] +++ killed by SIGKILL +++
Killed
Looks like vserver function goes into a loop.
M.S.
--
Mariusz Sawicki | rash (at) e-point . pl | e-point SA
Glowny Administrator Systemow | http://www.e-point.pl
PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble
Bug#613373: vserver-stat: Killed
2.17.2-9 Miscellaneous system utilities Versions of packages util-vserver recommends: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debootstrap 1.0.26 Bootstrap a basic Debian system Versions of packages util-vserver suggests: ii iptables 1.4.8-3 administration tools for packet fi ii linux-image-2.6.26-2-vse 2.6.26-26lenny1 Linux 2.6.26 image on PPro/Celeron ii linux-image-2.6.32-5-vse 2.6.32-30 Linux 2.6.32 for PCs with 4GB+ RAM ii module-init-tools3.12-1 tools for managing Linux kernel mo ii procps 1:3.2.8-9 /proc file system utilities ii vlan 1.9-3 user mode programs to enable VLANs ii wget 1.12-2.1retrieves files from the web pn yum none (no description available) -- debconf information: util-vserver/prerm_stop_running_vservers: true util-vserver/postrm_remove_vserver_configs: false M.S. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
