Bug#947861: Debian Testing Bug: oidentd 2.4.0-1 - oidentd daemon shows as up sh[pid] in logs

Tue, 31 Dec 2019 14:18:46 -0800 

Package: oidentd
Version: 2.4.0-1

ISSUE: oidentd is logged to syslog as 'sh[pid]:' after a recent apt-get 
dist-upgrade:
Dec 31 15:38:36 machine sh[3469507]: Connection from xyz.xyz.com 
(159.x.x.5):34050

FIX/WORKAROUND:
In /lib/systemd* these two files: oidentd.service oidentd@.service 
1. /lib/systemd/system/oidentd.service
2. /lib/systemd/system/oidentd\@.service

I had to remove the -S otherwise I was no longer seeing oidentd in the logs, 
instead it looked like this:
Dec 31 15:38:36 machine sh[3469507]: Connection from xyz.xyz.com 
(159.x.x.5):34050

After removing the -S, logging works properly:
Dec 31 17:06:51 atom oidentd[3511343]: Connection from xyz.xyz.com 
(159.x.x.5):34051

Kindly requesting if the -S can be removed from the oidentd setup package for 
the systemd service, otherwise fail2ban and similar applications won't be able 
to act on 'sh[pid]: Connection from' etc..

Fix/workaround:
--------------------------------
+++ oidentd.service     2019-12-31 17:05:09.693101222 -0500
@@ -5,7 +5,7 @@
 [Service]
 Environment=OIDENT_USER=nobody OIDENT_GROUP=nogroup
 EnvironmentFile=-/etc/default/oidentd
-ExecStart=/bin/sh -c "exec /usr/sbin/oidentd -S ${OIDENT_OPTIONS} -u 
\"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
+ExecStart=/bin/sh -c "exec /usr/sbin/oidentd ${OIDENT_OPTIONS} -u 
\"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
  `[ \"${OIDENT_BEHIND_PROXY}\" = \"yes\" ] && ip route show to exact 0/0 | awk 
'{print \"-P \" $3}'`"
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure

Fix/workaround:
--------------------------------
+++ oidentd@.service    2019-12-31 17:05:25.731724279 -0500
@@ -4,7 +4,7 @@
 [Service]
 Environment=OIDENT_USER=nobody OIDENT_GROUP=nogroup
 EnvironmentFile=-/etc/default/oidentd
-ExecStart=/bin/sh -c "exec /usr/sbin/oidentd -IS ${OIDENT_OPTIONS} -u 
\"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
+ExecStart=/bin/sh -c "exec /usr/sbin/oidentd -I ${OIDENT_OPTIONS} -u 
\"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
  `[ \"${OIDENT_BEHIND_PROXY}\" = \"yes\" ] && ip route show to exact 0/0 | awk 
'{print \"-P \" $3}'`"
 StandardInput=socket
 StandardError=syslog

Thanks,

Justin.

Reply via email to