Re: aptitude/apt-get hangs during update (plus) on IPv6
Rick Thomas writes: On Jun 5, 2011, at 9:46 AM, Pascal Hambourg wrote: Rick Thomas a écrit : On Jun 3, 2011, at 10:46 AM, Jeffrey B. Green wrote: The RFCs say that any conforming implementation MUST handle an MTU of 1280, and may not necessarily handle anything larger. What is your point in mentionning this requirement? Do you mean that the server should not send packets bigger than 1280 bytes if it fails to handle properly path MTU discovery ? If so, I fully agree. My point is that by setting your MTU to 1280, you have done *your* part. At least you can be assured that all your packets will get thru without fragmentation, even if the host at the other end -- or some intervening router -- is improperly configured. If the host on the other end sets its MTU to something larger and an intervening router doesn't do fragmentation, they (or the admins of the router) need to fix that. An easy recommendation that you can make in this case (if the server admin on the other end is clueless but willing to help) is for them to set their MTU to 1280 as well. That will fix the problem regardless of intervening routers. Finding a (possible series of) mis-configured intermediate router(s) and convincing the respective router-admin(s) to fix their configuration is often difficult. It's easier if you have only one person to talk to, the server admin on the other end. In my case, I was able to explore some of the pitfalls of MTUs, in particular in crossing a firewall. I know that I was not able to easily take care of a decreasing MTU mismatch _across the firewall_ in the case of IPv4; so the internal lan-side MTU must match the wan-side MTU for our location. (Not sure at present if the MTU correction messages were not making it back or if some of the workstations were being obstinate in setting the MTU or if the firewall was killing the latter fragments.) And at present only the servers and a handful of workstations here are accessing the world by IPv6, and consequently any tunnel impact on MTU here was minimal. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4df0bc4f.1080...@kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Fri, 03 Jun 2011 09:42:49 +0200 Pascal Hambourg pascal.m...@plouf.fr.eu.org wrote: Hello, Jeffrey B. Green a écrit : I'm seeing if there is an alternate answer here before filing a bug. (I believe) All of the servers here that have IPv6 configured hang while attempting an update on security.debian.org. If I turn off IPv6 by deconfiguring the IPv6 address, then the update goes through fine. It could be an MTU/MSS issue. See the recent discussion in the debian-ipv6 list with subject schein.debian.org [2001:4f8:8:36::6]. Many thanks. Changing the MTU to 1480 as suggested worked. Indeed as was mentioned my connection to the IPv6 network is via a tunnel and I'm assuming as a poster commented that someone on the path is not handling the packaging correctly. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110603104634.467a8...@naro.kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Wed, 1 Jun 2011 10:00:17 -0400 Jeffrey B. Green j...@kikisoso.org wrote: Doing the update from the firewall works, a conversation of 29 packets in the captured pcap file. There are still 404s but none of the out of sequence/lost sequence messages. Hmmm, now to see which of the packets are being dropped... Okay, below is the flow graph from wireshark for the failed communication. If I let the app run, it eventually shifts to IPv4 and completes. The completion here is due to me killing the app with a ^C. |Time | ::::: | | | | 2001:4f8:8:36::6 | |0.000| SYN | |Seq = 0 Ack = 1879259867 | |(34859) -- (80) | |0.107| SYN, ACK | |Seq = 0 Ack = 1 | |(34859) -- (80) | |0.107| ACK | |Seq = 1 Ack = 1 | |(34859) -- (80) | |0.117| ACK - Len: 1408 |Seq = 1 Ack = 1 | |(34859) -- (80) | |0.119| PSH, ACK - Len: 288 |Seq = 1409 Ack = 1 | |(34859) -- (80) | |0.226| ACK | |Seq = 1 Ack = 1409 | |(34859) -- (80) | |0.227| ACK | |Seq = 1 Ack = 1697 | |(34859) -- (80) | |0.228| PSH, ACK - Len: 1107 |Seq = 1 Ack = 1697 | |(34859) -- (80) | |0.228| ACK | |Seq = 1697 Ack = 1108 | |(34859) -- (80) | |0.233| PSH, ACK - Len: 544 |Seq = 1108 Ack = 1697 | |(34859) -- (80) | |0.233| ACK | |Seq = 1697 Ack = 1652 | |(34859) -- (80) | |0.233| PSH, ACK - Len: 547 |Seq = 1652 Ack = 1697 | |(34859) -- (80) | |0.233| ACK | |Seq = 1697 Ack = 2199 | |(34859) -- (80) | |0.341| PSH, ACK - Len: 979 |Seq = 5055 Ack = 1697 | |(34859) -- (80) | |0.341| ACK | |Seq = 1697 Ack = 2199 | |(34859) -- (80) | |0.356| PSH, ACK - Len: 218 |Seq = 1697 Ack = 2199 | |(34859) -- (80) | |0.459| PSH, ACK - Len: 166 |Seq = 6034 Ack = 1915 | |(34859) -- (80) | |0.459| ACK | |Seq = 1915 Ack = 2199 | |(34859) -- (80) | |15.474 | FIN, ACK | |Seq = 6200 Ack = 1915 | |(34859) -- (80) | |15.474 | ACK | |Seq = 1915 Ack = 2199 | |(34859) -- (80) | |33.860 | FIN, ACK | |Seq = 1915 Ack = 2199 | |(34859) -- (80) | |33.973 | ACK | |Seq = 6201 Ack = 1916 | |(34859) -- (80) | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110602145723.20908...@naro.kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
Chris Brennan writes: On Tue, May 31, 2011 at 1:20 PM, Andrei Popescu andreimpope...@gmail.com wrote: On Ma, 31 mai 11, 09:50:48, Jeffrey B. Green wrote: So, if anyone knows what going on here or whether this looks like an official bug, then let me know. This sounds like you might want to contact debian-admin ;) I know. It's like you can never find a good admin around when you need one. [I'm somewhat emoticon ignorant and so will not attempt to insert the appropriate one here...just assume I'm giving a knowing smile...however not to assume that I indeed know.] The 404's you were getting, I got them as well on my Debian 6 VPS. No firewall in place on he VPS (yet, as I am still setting it up) but every time I run an update, I see the 404's against s.d.o ... the VPS is IPv4 only but the hosting provider may be doing IPv6 w/o my knowledge. It seems like it should be quickly solvable since the conversations are so short (20-22 packets) and that it works just fine for IPv4 but not IPv6. I'm just not knowledgeable enough about the protocol/processing followed here. [The dream is to have all revealed in /u/s/doc/whatever, e.g. aptitude in this case. But as always, code first, docs second, or possibly third, sometimes fourth, maybe...at times I'm thankful for what I do get. However, one's prerogative to grumble has a certain priority.] For my case, the firewall really does appear to be innocent, though until the solution appears, it is not totally off the hook. Also, the behavior that it works okay (in the past) for awhile and then does not seems to indicate something transient or at least changing somehow. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4de63c19.60...@kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Wed, 01 Jun 2011 09:18:17 -0400 Jeffrey B. Green j...@kikisoso.org wrote: Chris Brennan writes: The 404's you were getting, I got them as well on my Debian 6 VPS. No firewall in place on he VPS (yet, as I am still setting it up) but every time I run an update, I see the 404's against s.d.o ... the VPS is IPv4 only but the hosting provider may be doing IPv6 w/o my knowledge. For my case, the firewall really does appear to be innocent, though until the solution appears, it is not totally off the hook. Also, the behavior that it works okay (in the past) for awhile and then does not seems to indicate something transient or at least changing somehow. Doing the update from the firewall works, a conversation of 29 packets in the captured pcap file. There are still 404s but none of the out of sequence/lost sequence messages. Hmmm, now to see which of the packets are being dropped... -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110601100017.47eb0...@naro.kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Wed, 1 Jun 2011 10:00:17 -0400 Jeffrey B. Green j...@kikisoso.org wrote: Doing the update from the firewall works, a conversation of 29 packets in the captured pcap file. There are still 404s but none of the out of sequence/lost sequence messages. Hmmm, now to see which of the packets are being dropped... [Succ: successful conversation; Fail: failed conversation] The first point of departure is at packet 8: Succ: HTTP/1.1 304 Not Modified Fail: HTTP/1.1 200 OK (text/plain) Both responses from debian.org Then at packet 14: Succ: GET /dists/squeeze/updates/Release HTTP/1.1 Fail: [TCP Previous segment lost] Continuation or non-HTTP traffic (text/html) The succ is a request from me; the fail is a debian.org response. The corresponding line on the fail seems to be at packet 16. Packet 15 is a dup ack in response to 14 (dup of 13). The debian.org response to packet 16 is: Fail: HTTP/1.1 304 Not Modified The failed conversation then ends with a dup-ack, a fin-ack, a dup-ack, a fin-ack, and a ack, in alternating directions exc. for 2nd fin-ack. [If I'm making gross misinterpretations that people see, then please let me know. Thanks.] -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110601115020.03d6e...@naro.kikisoso.org
aptitude/apt-get hangs during update (plus) on IPv6
Hi, I'm seeing if there is an alternate answer here before filing a bug. (I believe) All of the servers here that have IPv6 configured hang while attempting an update on security.debian.org. If I turn off IPv6 by deconfiguring the IPv6 address, then the update goes through fine. When I check with tcpdump to be sure the firewall isn't the culprit, I find that all of the packets that reach the firewall also make it to the server and a conversation of 20-22 packets occurs (20 on one server, 22 on a different one). [If anyone wants to provide me with a state transition diagram, or even a description, for the protocol aptitude follows in doing the update, then I'd be happy to track down where exactly in the process it hangs.] I can go back and forth with enabling and disabling IPv6, and IPv4 always seems to work (just tried it with one server). So, if anyone knows what going on here or whether this looks like an official bug, then let me know. thanks, -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110531095048.27e52...@naro.kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Tue, 31 May 2011 09:50:48 -0400 Jeffrey B. Green j...@kikisoso.org wrote: When I check with tcpdump to be sure the firewall isn't the culprit, I find that all of the packets that reach the firewall also make it to the server and a conversation of 20-22 packets occurs (20 on one server, 22 on a different one). Doing a capture to file and examining with wireshark shows several 404 Not Found HTTP messages, in particular: The requested URL /dists/squeeze/updates/contrib/i18n/Translation-en_US.bz2 was not found on this server. -AND- The requested URL /dists/squeeze/updates/contrib/i18n/Translation-en.bz2 was not found on this server. I'm guessing the IPv4 and IPv6 security servers are not the same machine. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2011053513.62473...@naro.kikisoso.org
Re: Re: aptitude/apt-get hangs during update (plus) on IPv6
David Erwin writes: On Tue, May 31, 2011 at 03:50:48PM CEST, Jeffrey B. Green j...@kikisoso.org said: Hi, I'm seeing if there is an alternate answer here before filing a bug. (I believe) All of the servers here that have IPv6 configured hang while attempting an update on security.debian.org. If I turn off IPv6 by deconfiguring the IPv6 address, then the update goes through fine. It might be a routing/firewall problem on IPv6 the way between you and security.debian.org, since it works for me. Do you succeed in browsing http://security.debian.org with IPv6 activated ? Yes. I do a wget since it's a server without any windowing. Also, the updates/upgrades had been working just fine until this one. I tracked the conversation at the firewall to be sure the wget was going through IPv6 and it was. The Debian server it goes to is: 2001:4f8:8:36::6. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4de509ca.3040...@kikisoso.org
Re: aptitude/apt-get hangs during update (plus) on IPv6
On Tue, 31 May 2011 11:15:13 -0400 Jeffrey B. Green j...@kikisoso.org wrote: On Tue, 31 May 2011 09:50:48 -0400 Jeffrey B. Green j...@kikisoso.org wrote: When I check with tcpdump to be sure the firewall isn't the culprit, I find that all of the packets that reach the firewall also make it to the server and a conversation of 20-22 packets occurs (20 on one server, 22 on a different one). Doing a capture to file and examining with wireshark shows several 404 Not Found HTTP messages, in particular: Another tidbit: I did an update (IPv4) and then a safe-upgrade (IPv6) which hung. I got a tcpdump of that. There was a 404 in common with the previous IPv6 update plus a: 14 11:00:09.380965 2001:4f8:8:36::6 :::xx HTTP[TCP Previous segment lost] Continuation or non-HTTP traffic (text/html) That was in common across both. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110531115856.2a32a...@naro.kikisoso.org
aptitude update/upgrade not syncing properly for a squeeze upgrade
Hi, I'm posting to both lists since it seems to be relevant to both. The problem that I'm experiencing only seems to be happening on my armel (nslu2) systems. Squeeze upgrades to the i386 systems seem to be working properly. However, since aptitude is not (afaict) particularly an app targeted for one architecture, I thought the general debian community might be appropriate. Anyway, in a nutshell, I'm upgrading from a reprepro local repository that is currently up to date with the debian repositories. I mirror the architectures that are used for production work here, armel and i386 being two. After having upgraded four i386 systems with no major problems, I tried upgrading one of my NAS nslu2 systems. It upgraded partially and is in a working state, but I have not gone any further until I solve the problem I am having. From a pure lenny system, I do a aptitude update and it updates okay. Checking the lists in /v/l/apt/lists confirm that they are correct. When I do an aptitude install aptitude, it says that there is nothing to do. If I run aptitude in curses mode and search for aptitude it shows only the installed version 0.4.11 of aptitude and not the newer (not installed) version 0.6.3. Doing everything with apt-get produces the same results. I did do a safe-upgrade on one slug and it did upgrade some packages and consequently something is registering from squeeze in the Package updates but not the complete upgrade. It still runs okay. Doing a squeeze update and attempted aptitude install aptitude on another lenny slug also produces the same behavior, i.e. nothing to install. I did a bit of a web search but did not find anything relevant. I also looked at the man pages to see if there was any reset functionality in apt-get or aptitude. Removing the lists in /v/l/apt/lists didn't fix it. Nothing in /etc/apt/apt.conf.d seems to be the issue (no /etc/apt/apt.conf). And so I'm not sure (or remember) which file is screwing things up. My choice now is diving into the code, which I'm sure would be very educational, or forcing the aptitude upgrade via dpkg, supplying all of the dependencies that I noticed from the i386 upgrades in the process. However, I suspect someone out there knows what is happening well enough to short circuit this process and provide a quicker solution. Thanks for any help. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5297af.6020...@kikisoso.org
Re: aptitude update/upgrade not syncing properly for a squeeze upgrade
On 02/09/2011 08:33 AM, Jeffrey B. Green wrote: [...snip...] Anyway, in a nutshell, I'm upgrading from a reprepro local repository that is currently up to date with the debian repositories. [...snip...] The reprepro Package list(s) seem to be the problem. Checking out the /v/l/dpkg/available after totally rebuilding it showed an i386 deb being provided for the armel aptitude package. Going to the local repository and looking at the Packages file there confirms it. So on to that problem... cheers, -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d52ac88.1060...@kikisoso.org
IPv6 and timing oddities
Hi, I'm not sure if this issue has been covered here before since I don't subscribe to debian-users. Anyway, it seems that the recent minor release upgrade for lenny may have uncovered some timing issues that were not present beforehand. My inet6 configurations in /etc/network/interfaces were not working anymore for most of the machines running lenny that I oversee. There were a couple of machines that were still working correctly. These two machines were quite old and quite slow. One ran at a clock speed of 233.299 MHz and the other was a slug running at its original factory clock speed (33MHz?? /proc/cpuinfo doesn't say). All other faster machines including an overclocked slug were not configuring correctly. Also, the sysctl.conf settings for ipv6 were not going through. All of the non-configuring machines would configure manually for IPv6 after coming up. The same holds for the sysctl kernel settings. It seems that there is a timing situation with the ipv6 kernel module that is happening here. After explicitly loading the module at startup via the /etc/modules file, all was working correctly. All was also working okay prior to this recent upgrade that involved a kernel upgrade (same version). -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c867355.1090...@kikisoso.org
Re: clamscan vs. clamscan with mb2md
In a previous msg, I wrote: Running clamscan over a PDC/BDC with roaming profiles will (obviously) generate sporadic alerts on mbox files assoicated with assorted mail clients, icedove/tbird in this case. In order to track down the specific message, I've used mbox2maildir (in the past) and mb2md presently to convert them into a broken out situation, i.e. a structure where each message is its own file. I now have a case where the clamscan on the Inbox gives a positive and clamscan on the mb2md (or mbox2maildir) directory of messages gives a negative. Is this case known? I believe it has occurred for me in the past (forgotten exactly how long ago) and so it seems to be a neglected bug. However, I'm not sure which package (or support package) is responsible here. Is clamscan giving a false positive/false negative or is mb2md changing the message in question so that clamscan misses it? It is a user's mailbox and therefore not properly public for debugging purposes. The clamscan alert is .../Inbox: Email.Phishing.Webmail-37 FOUND. I found some time to track down the offending message in the Inbox and the only difference wrt causing a clamscan alert or not is the initial From line on the message. The Inbox had the line and the broken out mb2md files did not. If I put just that line back into the broken out message, then the alert returned when scanning the maildir messages. (This is on a lenny system with clamav 0.96.1+dfsg-1~volatile1, so if it is a known bug fixed in squeeze, then let me know. thx) I'll go ahead, if no one objects, and file a bug on clamav since mbox2maildir preserves a modified form of the from line (prefixes the line with MBOX-Line: ) but still doesn't trigger a clamscan alert. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c4321af.6080...@kikisoso.org
clamscan vs. clamscan with mb2md
Hi, Running clamscan over a PDC/BDC with roaming profiles will (obviously) generate sporadic alerts on mbox files assoicated with assorted mail clients, icedove/tbird in this case. In order to track down the specific message, I've used mbox2maildir (in the past) and mb2md presently to convert them into a broken out situation, i.e. a structure where each message is its own file. I now have a case where the clamscan on the Inbox gives a positive and clamscan on the mb2md (or mbox2maildir) directory of messages gives a negative. Is this case known? I believe it has occurred for me in the past (forgotten exactly how long ago) and so it seems to be a neglected bug. However, I'm not sure which package (or support package) is responsible here. Is clamscan giving a false positive/false negative or is mb2md changing the message in question so that clamscan misses it? It is a user's mailbox and therefore not properly public for debugging purposes. The clamscan alert is .../Inbox: Email.Phishing.Webmail-37 FOUND. -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c406c80.9050...@kikisoso.org
sympa user/group prob on list creation (possibly)
Hi, I have my sympa web setup with a suexecusergroup to sympa sympa. However it seems that when I do a list creation via the web interface, everything in the /var/lib/sympa/expl/listname directory gets the default apache setup for the owner and group, i.e. www-data:www-data. Doing a (trimmed down) ps (of pgrep sympa) gives: UID CMD www-data /usr/bin/perl -U /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi www-data /usr/bin/perl -U /var/www/sympa/cgi-bin/wwsympa.fcgi www-data /usr/bin/perl -U /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi www-data /usr/bin/perl -U /var/www/sympa/cgi-bin/wwsympa.fcgi sympa /usr/bin/perl /usr/lib/sympa/bin/sympa.pl Obviously, the suexecusergroup isn't being applied to the fcgi scripts. Anyone have the answer for why it is not? Or alternatively should it work and should I be digging deeper into the logs, i.e. I have a config error somewhere? thanks, -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bd99bc6.50...@kikisoso.org
Re: sympa user/group prob on list creation (possibly)
Jeffrey B. Green wrote: Obviously, the suexecusergroup isn't being applied to the fcgi scripts. Anyone have the answer for why it is not? Or alternatively should it work and should I be digging deeper into the logs, i.e. I have a config error somewhere? A misconfig. Finding and following the instructions on the sympa.org site got it right, e.g. UID CMD sympa /usr/bin/perl /usr/lib/sympa/bin/sympa.pl sympa /usr/bin/perl -U /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi sympa /usr/bin/perl -U /usr/lib/cgi-bin/sympa/wwsympa.fcgi sympa /usr/bin/perl -U /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi sympa /usr/bin/perl -U /usr/lib/cgi-bin/sympa/wwsympa.fcgi -jeff -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bd9ae85.4030...@kikisoso.org
Tool for immediate tabulation of [shorewall] ulog files
Hi,
I didn't find anything for immediate use to tabulate occurrences in
shorewall ulog files and so I wrote the below script after doing
similarly on the command line. I needed it to focus in on behavior that
showed up at a higher level. I offer it below for general use via GPL. I
believe there are no present bugs, however I keep polishing (revising)
it and don't do any systematic regression testing and so can offer no
guarantees, nor any particular coding standard.
-jeff
#!/bin/ksh
#
# Author: Jeff Green (2-1-09)
# nb: This cmd requires the input to be in ulog format
# License: GPLv3 or any later GPL license.
#
prog=`basename $0`
usage()
{
echo Usage: [ zcat zipped_ulog_files | ] cat ulog_files [-] | $prog
[-utsdnSDOh] pattern
}
help()
{
echo -e \
\t-u\trestricted to UDP messages\n\
\t-t\trestricted to TCP messages\n\
\t-s\ttablulate source IP addresses \n\
\t-d\ttablulate destination IP addresses\n\
\t-S\ttablulate source PORT numbers \n\
\t-D\ttablulate destination PORT numbers\n\
\t-n\tdo not output day tabulation table\n\
\t-O\toutput a sorted (Ordered) by count table \n\
\t-h\tThis message;
}
unset UDP TCP FKEY ENUM NODATE PORT PKEY
argcnt=0
while getopts utsdnSDOh opt ; do
case $opt in
u) UDP='| grep PROTO=UDP ' ; argcnt=$((argcnt+1)) ;;
t) TCP='| grep PROTO=TCP ' ; argcnt=$((argcnt+1)) ;;
s) ENUM=1 ; FKEY=9 ; argcnt=$((argcnt+1)) ;;
d) ENUM=1 ; FKEY=10 ; argcnt=$((argcnt+1)) ;;
n) NODATE=1 ; argcnt=$((argcnt+1)) ;;
S) ENUM=1 ; PORT=1 ; PKEY=1 ; argcnt=$((argcnt+1)) ;;
D) ENUM=1 ; PORT=1 ; PKEY=2 ; argcnt=$((argcnt+1)) ;;
O) ORDERED='sort -n -t: -k2' ; argcnt=$((argcnt+1)) ;;
h) usage; help; exit 0 ;;
*) usage; exit 1 ;;
esac
done
if
[ ! -z $UDP -a ! -z $TCP ]
then
echo $prog: both -u and -t cannot be set
exit 1
fi
if
[ ! -z $ORDERED -a -z $FKEY -a -z $PKEY ]
then
echo $prog: -O option is irrelevant w/o the -s, -d, -S, or -D option
exit 1
fi
shift $argcnt
if
[ $# -ne 1 ]
then
usage
exit 1
fi
unset CNT CIP CPORT
[ -z $NODATE ] typeset -A CNT
[ ! -z $ENUM ] typeset -A CIP
[ ! -z $ENUM -a ! -z $PORT ] typeset -A CPORT
ITER=0
CMD=grep \$1\ ${UDP:-} ${TCP:-}
cat - | sh -c $CMD | while read line
do
if
[ -z $NODATE ]
then
DATE=`echo $line | cut -d' ' -f1-2 | tr _`
CNT[$DATE]=$((CNT[$DATE] + 1))
fi
if
[ ! -z $ENUM -a ! -z $FKEY ]
then
DST=`echo $line | cut -d' ' -f${FKEY} | cut -d'=' -f2`
CIP[$DST]=$((CIP[$DST]+1))
fi
if
[ ! -z $ENUM -a ! -z $PORT ]
then
PT=`echo $line | sed -e 's/^.*SPT=/SPT=/' | cut -d' ' -f${PKEY} | cut -d'='
-f2`
CPORT[$PT]=$((CPORT[$PT]+1))
fi
done
if
[ -z $NODATE ]
then
for i in ${!CNT[*]}
do
echo $i - ${CNT[$i]}
done | sort -t' ' -k1
fi
if
[ ! -z $ENUM -a ! -z $FKEY ]
then
for i in ${!CIP[*]}
do
echo $i:${CIP[$i]}
done | sh -c ${ORDERED:-cat -}
fi
if
[ ! -z $ENUM -a ! -z $PORT ]
then
for i in ${!CPORT[*]}
do
echo $i:${CPORT[$i]}
done | sh -c ${ORDERED:-cat -}
fi
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Tool for immediate tabulation of [shorewall] ulog files
Hi,
I didn't find anything for immediate use to tabulate occurrences in
shorewall ulog files and so I wrote the below script after doing
similarly on the command line. I needed it to focus in on behavior that
showed up at a higher level. I offer it below for general use via GPL. I
believe there are no present bugs, however I keep polishing (revising)
it and don't do any systematic regression testing and so can offer no
guarantees, nor any particular coding standard.
-jeff
#!/bin/ksh
#
# Author: Jeff Green (2-1-09)
# nb: This cmd requires the input to be in ulog format
# License: GPLv3 or any later GPL license.
#
prog=`basename $0`
usage()
{
echo Usage: [ zcat zipped_ulog_files | ] cat ulog_files [-] | $prog
[-utsdnSDOh] pattern
}
help()
{
echo -e \
\t-u\trestricted to UDP messages\n\
\t-t\trestricted to TCP messages\n\
\t-s\ttablulate source IP addresses \n\
\t-d\ttablulate destination IP addresses\n\
\t-S\ttablulate source PORT numbers \n\
\t-D\ttablulate destination PORT numbers\n\
\t-n\tdo not output day tabulation table\n\
\t-O\toutput a sorted (Ordered) by count table \n\
\t-h\tThis message;
}
unset UDP TCP FKEY ENUM NODATE PORT PKEY
argcnt=0
while getopts utsdnSDOh opt ; do
case $opt in
u) UDP='| grep PROTO=UDP ' ; argcnt=$((argcnt+1)) ;;
t) TCP='| grep PROTO=TCP ' ; argcnt=$((argcnt+1)) ;;
s) ENUM=1 ; FKEY=9 ; argcnt=$((argcnt+1)) ;;
d) ENUM=1 ; FKEY=10 ; argcnt=$((argcnt+1)) ;;
n) NODATE=1 ; argcnt=$((argcnt+1)) ;;
S) ENUM=1 ; PORT=1 ; PKEY=1 ; argcnt=$((argcnt+1)) ;;
D) ENUM=1 ; PORT=1 ; PKEY=2 ; argcnt=$((argcnt+1)) ;;
O) ORDERED='sort -n -t: -k2' ; argcnt=$((argcnt+1)) ;;
h) usage; help; exit 0 ;;
*) usage; exit 1 ;;
esac
done
if
[ ! -z $UDP -a ! -z $TCP ]
then
echo $prog: both -u and -t cannot be set
exit 1
fi
if
[ ! -z $ORDERED -a -z $FKEY -a -z $PKEY ]
then
echo $prog: -O option is irrelevant w/o the -s, -d, -S, or -D option
exit 1
fi
shift $argcnt
if
[ $# -ne 1 ]
then
usage
exit 1
fi
unset CNT CIP CPORT
[ -z $NODATE ] typeset -A CNT
[ ! -z $ENUM ] typeset -A CIP
[ ! -z $ENUM -a ! -z $PORT ] typeset -A CPORT
ITER=0
CMD=grep \$1\ ${UDP:-} ${TCP:-}
cat - | sh -c $CMD | while read line
do
if
[ -z $NODATE ]
then
DATE=`echo $line | cut -d' ' -f1-2 | tr _`
CNT[$DATE]=$((CNT[$DATE] + 1))
fi
if
[ ! -z $ENUM -a ! -z $FKEY ]
then
DST=`echo $line | cut -d' ' -f${FKEY} | cut -d'=' -f2`
CIP[$DST]=$((CIP[$DST]+1))
fi
if
[ ! -z $ENUM -a ! -z $PORT ]
then
PT=`echo $line | sed -e 's/^.*SPT=/SPT=/' | cut -d' ' -f${PKEY} | cut -d'='
-f2`
CPORT[$PT]=$((CPORT[$PT]+1))
fi
done
if
[ -z $NODATE ]
then
for i in ${!CNT[*]}
do
echo $i - ${CNT[$i]}
done | sort -t' ' -k1
fi
if
[ ! -z $ENUM -a ! -z $FKEY ]
then
for i in ${!CIP[*]}
do
echo $i:${CIP[$i]}
done | sh -c ${ORDERED:-cat -}
fi
if
[ ! -z $ENUM -a ! -z $PORT ]
then
for i in ${!CPORT[*]}
do
echo $i:${CPORT[$i]}
done | sh -c ${ORDERED:-cat -}
fi
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Processes comminicating with outside sites
On 2 Nov 2008, Michael Iatrou wrote: When the date was Sunday 02 November 2008, Jeffrey B. Green wrote: So I'm wondering, is there a list that itemizes all outside communications and associates them with the relevant package/file? You need something like the output of: # netstat -ntuap Thanks much. I'll write that command down in a convenient place so that there'll be a chance for me to use it next time a suspicious IP comes wandering through. -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processes comminicating with outside sites
Hi, I believe I've asked this question before and don't remember a response for it. Basically, I'll have a server that exhibits communication with some outside site, and I've not explicitly set up such a communication. I assume that that are many standard communications going on for some reason or another that the developer has set up in the code for the process. Maybe not. The particular instance that's triggered this inquiry is a communication with a server at your.org. So I'm wondering, is there a list that itemizes all outside communications and associates them with the relevant package/file? And if not, isn't that a good idea in this day and age of sneaky code that can slip onto a system. -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Autonomous CPAN connections
Hi, I'm wondering if anyone knows which packages generate autonomous CPAN connections. My connection logs show a high activity (dport 80) for several servers to one of the CPAN sites (cpan-sj.viaverio.com). When I researched it, I noticed that it has been going on for a long time. thanks, -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Samba PDC LDAP NSS prob.
Hi, I'm having a problem getting my PDC to join a domain as per the Samba By Example chap. 5 instructions. In particular, I get [EMAIL PROTECTED]:/root[5887] net rpc join -S DANA -U admin Connection failed: NT_STATUS_LOGON_FAILURE Password: Connection failed: NT_STATUS_LOGON_FAILURE Unable to join domain KCN. [EMAIL PROTECTED]:/root[5888] smbclient -U admin //DANA/admin Password: Domain=[KCN] OS=[Unix] Server=[Samba 3.0.24] smb: \ quit [EMAIL PROTECTED]:/root[5889] It seems to be an authentication/account problem as opposed to a connection problem, i.e. that the admin doesn't have the capabilites to add the server to the domain. I have this slice of the trace from the net command from the logs. It covers the complete time span of the command although it does not contain everything produced. (A line starts with the date, e.g. Mar 28 06:11:09 ... and then wraps.) Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn= Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Admins,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=sambaSID=S-1-5-32-545,ou=Groups,dc=kcn,dc=kikisoso,dc=o rg Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=sambaSID=S-1-5-32-545,ou=Groups,dc=kcn,dc=kikisoso,dc=o rg Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Admins,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=root,ou=Users,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org Mar 28 06:11:09 dana slapd[20952]: = send_search_entry: conn 35 dn=uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org ...and the trace ends not too long after that search. In an earlier (and therefore different) incarnation of this setup I was able to get as far as joining a workstation (not the PDC) to the domain but could not connect, i.e. sign in with a user. Haven't tested that part yet with this version...want to get the above going first. Anyway, the processing associated with the net command does connect with the LDAP server but at some point fails, so for me it looks to be a credentials problem but I'm a bit mystified as to what. Also note that smbclient does connect okay. However, there is a nt logon failure msg before the password is even requested on the net cmd. I'll keep on it, but I am wondering if anyone has any pointers that might shorten the task at hand. thanks, -jeff pls cc me on replies since I'm not subscribing to the list at the moment...thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Samba PDC LDAP NSS prob.
Some additional info. I've discovered this clip from the log about a page before the error message appears: UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/03/28 16:12:42, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/03/28 16:12:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=13 flg2=0xc801 [2007/03/28 16:12:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(995) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/03/28 16:12:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010) sesssetupX:[EMAIL PROTECTED] ... and then later on, [2007/03/28 16:12:42, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/03/28 16:12:42, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/03/28 16:12:42, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] ... and finally, [2007/03/28 16:12:42, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2007/03/28 16:12:42, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [] - [] FAILED with error NT_STATUS_NO_SUCH_USER So, something isn't getting translated correctly somewhere, i.e. the admin - root mapping goes astray. Bug or misconfig?? Ideas? -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Samba PDC LDAP NSS prob.
Okay, got it... Commented out the auth methods and it works. Details details. later, -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New DVD+-R/RW/RAM drive
So far it's okay. I was able to burn a CD and read it okay. (However cdrecord and cdrdao both have this thing about not recognizing the cd in the drive after burning; I needed to eject and reinsert the cd to get the cd to mount.) The DVD-RAM part works okay too though only if formatted with an ext2 partition. I tried ext3 but it didn't seem to work okay after formatting; it would do things like go into overdrive and then ignore everything I would do to get its attention. I still have to try writing standard DVDs but I don't expect problems at this point. It is quite an attractive unit. I mount mine vertically which gave me a bit of a pause at first since it's a tray loading model. There are little lips in the tray to hold the disk. The sbp2 driver has a few oddities that I am still getting used to. jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Wacom Mouse - Footnote
Thomas H. George wrote: On Wed, May 31, 2006 at 11:24:26AM -0400, Thomas H. George wrote: [...snip...] Tom George I have edited /etc/X11/xorg.conf manually adding the following items: Section InputDevice Driver wacom Identifier eraser Option Device /dev/input/event0 Option Typeeraser Option USB on EndSection I notice that you are referring to the event rather than a more symbolic name such as /dev/input/wacom. Although the kernel can choose the same event name each time it boots (or whatever), it doesn't necessary do so, and in particular in my experience it doesn't. Use the local rules in udev to force a symlink to the specific event. In my /etc/udev/rules.d/10-local.rules, I have the line (one cont. line): BUS=usb, DRIVER=wacom, KERNEL=event[0-9]*, NAME=input/%k SYMLINK=input/wacom and in my X config files I refer to that device name. The above is still in the context of sarge but maybe, just maybe, it might help. (I plan to install testing on that machine fairly soon.) jeff [...snip...] Tom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New DVD+-R/RW/RAM drive
Curt Howland wrote: On Sunday 04 June 2006 12:25, Jeffrey B. Green [EMAIL PROTECTED] was heard to say: I'll be getting a new Sony DRX 820UL/T drive in within the next week. Does anyone here have any experience getting it to work (obviously I mean with debian)? I looked up the specs, that looks like a nice drive. Yeah, to me too; and it does look like the r/rw pieces may work okay. However, I haven't seen whether the ram features work in linux. Do you know what are the relevant drivers involved for DVD-RAM to work? It's unfortunate that none of the resellers, nor Sony, list which Linux version started support for that drive. The two retailers I checked that listed Windows versions, Mac versions, and a contact address have received an email from me asking why they don't list which Linux kernel (ie: Linux 2.4.19 or later) versions support the drive. How can I order hardware if I don't know if it will run on my system? Just make sure, if it doesn't work, that you return it for a FULL refund and tell them why. Curt- jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New DVD+-R/RW/RAM drive
Martin A. Brooks wrote: Curt Howland wrote: How can I order hardware if I don't know if it will run on my system? Just make sure, if it doesn't work, that you return it for a FULL refund and tell them why. Surely a better approach would be to simply not buy it if you're not sure? _Then_ you send a note to their marketing department saying Your product XYZ packaging does not clearly indicate whether or not it's Linux compatible therefore I have purchased product ABC from your competitor's range instead. I actually was trying to employ such an approach by searching for some sort of compatibility database or matrix, but my soich was to no avail. I did look at the database on xlr8yourmac and many posts on cdfreaks but came up with nothing conclusive. I definitely did not find anything (starting from google) that satisfied my linux information needs. Also, the units that I did find info on such as a couple of plexar and lg units, I couldn't find (conveniently) available in the marketplace. I was (and am) somewhat short on time and so could not do extensive searches. jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
New DVD-R/RW/RAM drive
Hi all, I'll be getting a new Sony DRX 820UL/T drive in within the next week. Does anyone here have any experience getting it to work (obviously I mean with debian)? I would like to use it with my pmac running sarge and plan to put testing on some spare partitions on it pretty soon. Also, I would like to use it on my iBook with sarge which only has USB (i.e. no firewire) and on an hp intel machine with testing on it that would be useful to use it on (also possibly having only USB). jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Odd ksh+ssh interaction
Hi, I was exploring hello-dbs from afar this morning by ssh from home to the machine at work. I did the standard dpkg-source -x, cd'ed into the directory and did a debian/rules setup. At that point the session completely started ignoring the keyboard. I had to kill the ssh connection locally. I'm a longtime ksh user and so that's what was running. The behavior is the same on any action (tested it on 1 or 2 more) passed to debian/rules. However, if I push a csh, then everything works a okay. Also, if I immediately put the command into the background via '', then it doesn't lock me out (though still doesn't work as it should, stopped output for tty). Everything works okay when I invoke debian/rules without going through ssh. I'm assuming this is a bug of some sort. I'm also assuming this problem is something associated with grabbing a tty. Let me know if this needs to be reported as a bug or if it (or a close relative) has been reported already. jeff P.S. I'm currently not on the debian-user list, so please cc to me...thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
