Bug#696087: Wheezy's fail2ban is affected by logrotation
sob, 25 maj 2013, 12:08:16 -0400, Yaroslav Halchenko napisał(a): > On Thu, 23 May 2013, Mariusz Sawicki wrote: > > Version: 0.8.6-3wheezy1 > > Priority: important > > > In new stable version of fail2ban there is also problem with log > > rotation (by logrotate) when you don't use copytruncate option. Old log > > is renamed, gziped and new one created, ex. auth.log and fail2ban still > > has opened this unexisting file: > > > fail2ban- 2342 2554root4r REG 254,1 418124 > > 260631 /var/log/auth.log.1 (deleted) > > > Bug is also reported here: > > > https://bugzilla.redhat.com/show_bug.cgi?id=833056 > hm -- that one about pyinotify backend issue which was fixed post 0.8.8 > and is not relevant to 0.8.6 which doesn't support pyinotify (introduced > in 0.8.7) > > so we would need to troubleshoot here separately: what backend is used > on your system ( I was using polling backend. But after returning to previous (wheezy's) version rotation works fine, also on another (upgraded to wheezy) system I could not observe previous failures after rotation. Hmm... I don't know why fail2ban was trying to read deleted file auth.log.1. I think my problem isn't repeatable so you could ignore it. Regards. M.S. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696087: Wheezy's fail2ban is affected by logrotation
Version: 0.8.6-3wheezy1 Priority: important In new stable version of fail2ban there is also problem with log rotation (by logrotate) when you don't use copytruncate option. Old log is renamed, gziped and new one created, ex. auth.log and fail2ban still has opened this unexisting file: fail2ban- 2342 2554root4r REG 254,1 418124 260631 /var/log/auth.log.1 (deleted) Bug is also reported here: https://bugzilla.redhat.com/show_bug.cgi?id=833056 After I've installed unstable version of package (0.8.9-1), the problem doesn't occurs. M.S. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700921: Newly created lxc-containers will not start in new stable (wheezy)
This bug can't be closed, because wheezy's version of lxc could not properly create LXC containers. They won't start. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#676244: ifupdown: inet6 dhcp should provide accept_ra option
wto, 05 cze 2012, 19:00:46 +0300, Andrew Shadura napisaÅ(a): > On Tue, 5 Jun 2012 17:36:30 +0200 > Mariusz Sawicki wrote: > > Problem is familiar to #629837. With ,,inet6 dhcp'' method > > net.ipv6.conf.$DEV.accept_ra=0 is set, which disables RA, so no > > routing information could be acquired. There is no such informations > > in present DHCPv6 implementation (according to RFC3315). There should > > be an ,,inet6 static'' option ,,accept_ra'' that I could set to 1 > > allowing system to process RAs settings. ,,autoconf'' option should > > be also helpful. > inet6 static has this option, and for SLAAC+dhcp you are supposed to > use inet6 auto + dhcp yes (though I will probably add accept_ra option > to dhcp as well). Hello, I know about inet6 auto but as you mentioned, this is only for statless addresses. There is lack of accept_ra in dhcp method for statefull address configuration via DHCPv6. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#676244: ifupdown: inet6 dhcp should provide accept_ra option
Package: ifupdown Version: 0.7~rc3 Severity: normal Tags: ipv6 Problem is familiar to #629837. With ,,inet6 dhcp'' method net.ipv6.conf.$DEV.accept_ra=0 is set, which disables RA, so no routing information could be acquired. There is no such informations in present DHCPv6 implementation (according to RFC3315). There should be an ,,inet6 static'' option ,,accept_ra'' that I could set to 1 allowing system to process RAs settings. ,,autoconf'' option should be also helpful. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-rt-amd64 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ifupdown depends on: ii dpkg 1.16.3 ii initscripts 2.88dsf-22.1 ii iproute 20120319-1 ii libc62.13-32 ii lsb-base 4.1+Debian4 ifupdown recommends no packages. Versions of packages ifupdown suggests: pn isc-dhcp-client [dhcp-client] 4.2.2.dfsg.1-5 pn net-tools 1.60-24.1 pn ppp 2.4.5-5.1 pn rdnssd -- no debconf information -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619881: libpam-ldapd: shadowLastChange is not updated during password change
wto, 29 mar 2011, 23:01:35 +0200, Arthur de Jong napisał(a): > On Mon, 2011-03-28 at 10:05 +0200, Mariusz Sawicki wrote: > > libpam-ldapd doesn’t change shadowLastChange during password modifica- > > tion. This problem is probably solved in 0.8.0 (according to #604147): > > > >* try to update the shadowLastChange attribute on password change > > > > It should be included in squeeze, otherwise it is unusable when password > > change request occures. > Having the shadowLastChange attribute updated on password change is > indeed a nice feature when using password expiry but not required in all > environments. Of course, but it could be forced by security policy. > This has indeed been implemented in 0.8.0 but the 0.8 series is > currently in experimental because it is still under development. For > reference, the change that was implemented for 0.8.0 can be found here: > http://lists.arthurdejong.org/nss-pam-ldapd-commits/2010/msg00302.html Thanks for the patch. I could use it with my own build. > Unless you can make a strong argument to have this fixed in squeeze I > don't think it will be fixed there. It is suggested to use of -ldapd packages insted of -ldap: http://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#ldap-gnutls So if in libpam-ldap updating of shadowLastChange works it should also in libpam-ldapd. Regards. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619880: Acknowledgement (libnss-ldapd: shadowLastChange is not updated during password change)
This bug should be closed, beacuse it applies to libpam-ldapd. M.S. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619881: libpam-ldapd: shadowLastChange is not updated during password change
Package: libpam-ldapd Version: 0.7.13 Severity: important libpam-ldapd doesn’t change shadowLastChange during password modifica- tion. This problem is probably solved in 0.8.0 (according to #604147): * try to update the shadowLastChange attribute on password change It should be included in squeeze, otherwise it is unusable when password change request occures. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-ldapd depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libpam-runtime1.1.1-6.1 Runtime support for the PAM librar ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii nslcd 0.7.13 Daemon for NSS and PAM lookups usi libpam-ldapd recommends no packages. libpam-ldapd suggests no packages. -- debconf information: libpam-ldapd/enable_shadow: true -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619880: libnss-ldapd: shadowLastChange is not updated during password change
Package: libnss-ldapd Version: 0.7.13 Severity: important libnss-ldapd doesn’t change shadowLastChange during password modifica- tion. This problem is probably solved in 0.8.0 (according to #604147): * try to update the shadowLastChange attribute on password change It should be included in squeeze, otherwise it is unusable when password change request occures. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages libnss-ldapd depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii nslcd 0.7.13 Daemon for NSS and PAM lookups usi libnss-ldapd recommends no packages. libnss-ldapd suggests no packages. -- debconf information: * libnss-ldapd/nsswitch: group, passwd, shadow * libnss-ldapd/clean_nsswitch: false -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#613373: vserver-stat: Killed
Something is wrong in src/vserver-stat.c I think in execution of vc_sched_info function. If cpu variable reaches 32 or 34 vserver-stat is killed with ops. There is less then 32 CPUs on my servers so I applicated following workaround: diff -ru util-vserver-0.30.216-pre2864.o/src/vserver-stat.c util-vserver-0.30.216-pre2864/src/vserver-stat.c --- util-vserver-0.30.216-pre2864.o/src/vserver-stat.c 2009-11-25 07:10:52.0 -0500 +++ util-vserver-0.30.216-pre2864/src/vserver-stat.c2011-02-22 08:31:16.0 -0500 @@ -268,7 +268,7 @@ res->utime_total = 0; res->stime_total = 0; // XXX: arbitrary CPU limit. - for (cpu = 0; cpu < 1024; cpu++) { + for (cpu = 0; cpu < 32; cpu++) { sched.cpu_id = cpu; sched.bucket_id = 0; if (vc_sched_info(xid, &sched) == -1) M.S. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#613373: vserver-stat: Killed
> Vserver-stat simply crashes with Killed message on i686 architecture (works > on amd64): Now I'm not confirming that vserver-stat crashes only on i686. On other testing architecture with vserver over drbd and pacemaker/heartbeat it works fine. I've got also strace: # strace -i -v -f vserver-stat 2>&1 [b77d8424] execve("/usr/sbin/vserver-stat", ["vserver-stat"], ["SHELL=/bin/bash", "TERM=xterm", "USER=root", "LS_COLORS=rs=0:di=01;34:ln=01;36"..., "MAIL=/var/mail/root", "PATH=/usr/local/sbin:/usr/local/"..., "PWD=/root", "LANG=en_US.UTF-8", "HISTCONTROL=ignoreboth", "SHLVL=1", "HOME=/root", "LOGNAME=root", "_=/usr/bin/strace", "OLDPWD=/root"]) = 0 [08049d8d] vserver(0, 0x3f, 0, 0xd, 0xb77b4414) = 131845 [08049a79] vserver(0x1, 0, 0, 0xd, 0xb77b4414) = 318771185 [b77b4424] chdir("/proc/virtual") = 0 [b77b4424] open(".", O_RDONLY|O_DIRECTORY) = 3 [b77b4424] fcntl(3, F_SETFD, FD_CLOEXEC) = 0 [b77b4424] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0xbfdc4e2808634020) = 0xb77b3000 [b77b4424] getdents64(3, {{d_ino=4026531853, d_off=1, d_type=DT_DIR, d_reclen=24, d_name="."} {d_ino=1, d_off=0, d_type=DT_DIR, d_reclen=24, d_name=".."} {d_ino=73628727, d_off=0, d_type=DT_REG, d_reclen=24, d_name="info"} {d_ino=73628728, d_off=0, d_type=DT_REG, d_reclen=32, d_name="status"} {d_ino=73576830, d_off=0, d_type=DT_DIR, d_reclen=32, d_name="40001"} {d_ino=7391, d_off=6, d_type=DT_DIR, d_reclen=32, d_name="40002"}}, 4084) = 168 [08049ab3] vserver(0x2803, 0x9c41, 0xbfdc4e10, 0xbfdc4eac, 0x804bae7) = 0 [08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e58, 0xbfdc4e38) = 0 [08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e74, 0xbfdc4e38) = 0 [08049a0e] vserver(0x2801, 0x9c41, 0xbfdc4e18, 0xbfdc4e90, 0xbfdc4e38) = 0 [b77b4424] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0xbfdc4dec08634020) = 0xb77b2000 [b77b4424] open("/proc/uptime", O_RDONLY|O_LARGEFILE) = 4 [b77b4424] read(4, "419059.43 2895.90\n", 64) = 18 [b77b4424] close(4) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c) = 0 [08049b5b] vserver(0xe03, 0x9c41, 0xbfdc4e14, 0xbfdc4edc, 0xbfdc4e3c [] +++ killed by SIGKILL +++ Killed Looks like vs
Bug#613373: vserver-stat: Killed
ng toolkit ii util-linux2.17.2-9 Miscellaneous system utilities Versions of packages util-vserver recommends: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debootstrap 1.0.26 Bootstrap a basic Debian system Versions of packages util-vserver suggests: ii iptables 1.4.8-3 administration tools for packet fi ii linux-image-2.6.26-2-vse 2.6.26-26lenny1 Linux 2.6.26 image on PPro/Celeron ii linux-image-2.6.32-5-vse 2.6.32-30 Linux 2.6.32 for PCs with 4GB+ RAM ii module-init-tools3.12-1 tools for managing Linux kernel mo ii procps 1:3.2.8-9 /proc file system utilities ii vlan 1.9-3 user mode programs to enable VLANs ii wget 1.12-2.1retrieves files from the web pn yum(no description available) -- debconf information: util-vserver/prerm_stop_running_vservers: true util-vserver/postrm_remove_vserver_configs: false M.S. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org