RE: Errors when running cron(Debian 6)
Check your logs - search for the grandchild number - you should be able to tell what cron job is causing the error. > -Original Message- > From: OLCESE, Marcelo Oscar. [mailto:molc...@ancal.com.ar] > Sent: Tuesday, May 17, 2011 3:29 PM > To: Desai, Jason; micah anderson; debian-security@lists.debian.org > Subject: Re: Errors when running cron(Debian 6) > > not my case, I tried but still the same. > > Thanks anyway. > Marcelo.- > - Original Message - > From: "Desai, Jason" > To: "micah anderson" ; "OLCESE, Marcelo Oscar." > ; > Sent: Tuesday, May 17, 2011 3:49 PM > Subject: RE: Errors when running cron(Debian 6) > > > I had similar issues when php4-common or something similar was removed, > but not purged. "dpkg --purge php4-common" fixed the issue. > > > -Original Message- > > From: micah anderson [mailto:mi...@riseup.net] > > Sent: Tuesday, May 17, 2011 11:13 AM > > To: OLCESE, Marcelo Oscar.; debian-security@lists.debian.org > > Subject: Re: Errors when running cron(Debian 6) > > > > On Tue, 17 May 2011 11:39:58 -0300, "OLCESE, Marcelo Oscar." > > wrote: > > > Marcelo Oscar OlceseDear: > > > > > > Upgraded debian 5 to 6 and now I have some mistakes. > > > > > > Know they can be? > > > - Cron Begin > > > > > > Errors when running cron: > > > grandchild #27213 failed with exit status 1: 1 Time(s) > > > > Your cronjob returns an exit status 1, previously crond didn't report > > that, but now it does. Make your cronjob return a zero exit code to > make > > it go away. > > > > micah > - > This message is intended only for the addressee and may contain information > that is company confidential or privileged. Any technical data in this > message may be exported only in accordance with the U.S. International > Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export > Administration Regulations (15 CFR Parts 730-774). Unauthorized use is > strictly prohibited and may be unlawful. If you are not the intended > recipient, or the person responsible for delivering to the intended > recipient, you should not read, copy, disclose or otherwise use this > message. If you have received this email in error, please delete it, and > advise the sender immediately. > - > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/ECEFB42F27B24A88AA3E5A06B4F11FBD@Marcelopc - This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. - -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b41bded4114e044089f69b5b7fa2b8090105b...@corpatsmail4.corp.sensis.com
RE: Errors when running cron(Debian 6)
I had similar issues when php4-common or something similar was removed, but not purged. "dpkg --purge php4-common" fixed the issue. > -Original Message- > From: micah anderson [mailto:mi...@riseup.net] > Sent: Tuesday, May 17, 2011 11:13 AM > To: OLCESE, Marcelo Oscar.; debian-security@lists.debian.org > Subject: Re: Errors when running cron(Debian 6) > > On Tue, 17 May 2011 11:39:58 -0300, "OLCESE, Marcelo Oscar." > wrote: > > Marcelo Oscar OlceseDear: > > > > Upgraded debian 5 to 6 and now I have some mistakes. > > > > Know they can be? > > - Cron Begin > > > > Errors when running cron: > > grandchild #27213 failed with exit status 1: 1 Time(s) > > Your cronjob returns an exit status 1, previously crond didn't report > that, but now it does. Make your cronjob return a zero exit code to make > it go away. > > micah - This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. - -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b41bded4114e044089f69b5b7fa2b8090105b...@corpatsmail4.corp.sensis.com
RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
My system is still up and running. So I suspect that for whatever reason, going from ext2 -> ext3 seems to have fixed the issue. Jase > -Original Message- > From: Desai, Jason [mailto:[EMAIL PROTECTED] > Sent: Friday, February 29, 2008 5:48 PM > To: Vladislav Kurz > Cc: debian-security@lists.debian.org; [EMAIL PROTECTED] > Subject: RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > packages fix several issues > > Just to update anyone who cares, I moved the modules back and > rebooted, > and verified that the system would have on bootup. Then I converted > from ext2 to ext3, and was able to boot just fine. I will let this > system run over the weekend and see how it is on Monday. > > Jase > > > -Original Message- > > From: Desai, Jason > > Sent: Friday, February 29, 2008 12:23 PM > > To: 'Vladislav Kurz' > > Cc: 'debian-security@lists.debian.org'; > > '[EMAIL PROTECTED]' > > Subject: RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > > packages fix several issues > > > > I have noticed very similar things with one of my boxes which > > was upgraded to the latest 2.4.27 kernel. Sometimes, it > > would even hang when running depmod from the modutils init > > script when booting. I did some troubleshooting, and found > > that the older kernel boots fine. Moving some modules out to > > a different directory allowed the system to boot. But it > > would eventually hang after a few hours, sometimes after only > > minutes. Like you indicated - ping would work. But there > > was nothing in the logs on the screen for me. > > > > I had other systems upgraded to this kernel too, and they > > seem ok. Most use ext3. However one does use ext2, and so > > far it has been ok. The system giving me problems is a VM > > running inside of VMWare Server. I was thinking the issue > > may have been with VMWare. > > > > I may consider trying to go to ext3 to see if that improves things. > > > > Jase > > > > > -Original Message- > > > From: Vladislav Kurz [mailto:[EMAIL PROTECTED] > > > Sent: Friday, February 29, 2008 11:06 AM > > > To: debian-security@lists.debian.org > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > > > packages fix several issues > > > > > > Hello all, > > > > > > I wanted to file this through BTS but I'm not sure which > > > package is the right > > > place ot file kernel related bugs. Therefore I post here. > > > > > > It seems that last upgrade of kernel 2.4.27 is causing system > > > crash and maybe > > > even filesystem corruption at least with ext2 filesystem. > > > > > > Yesterday I have upgraded and rebooted couple of machines > > > that still use > > > kernel version 2.4.27, and one of them crashed after 5 and > > half hours. > > > It still responded to pings, maybe routing and firewalling as > > > well, but SSH > > > and other services were unavailable. This is the only machine > > > still using > > > ext2 filesystem. > > > > > > After rebooting i worked fine until I tried to access > some parts of > > > filesystem. I susected problems with hard disk but there were > > > no messages on > > > console (I expected I/O errors and such). Memory was fine as well. > > > Checking filesystem with read-olny badblock scan "fsck -c > > > /dev/hda2" reported > > > everything OK. But at the moment I tried to copy (rsync, tar) > > > the filesystem > > > to new disk it crashed again. Copying the filesystem with dd > > > was fine, but > > > when i loop-mounted the image and tried to copy from there, > > > system crashed > > > again. So I ruled out hardware problems and tried to reboot > > > with old kernel, > > > and to my surprise I could read the "broken" filesystem > > > without any problems. > > > > > > With old kernel I was able to rsync files to new hard drives, > > > so the system is > > > up and running now. (Using old kernel.) I can provide > > > filesystem image > > > of "broken" /usr partition for analysis. > > > > > > All my other servers running 2.4.27-4 kernels use ext3 > > > filesystems seem to be > > > OK, but I'm quite afraid if it might happen on ext3 as well. > &
RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
Just to update anyone who cares, I moved the modules back and rebooted, and verified that the system would have on bootup. Then I converted from ext2 to ext3, and was able to boot just fine. I will let this system run over the weekend and see how it is on Monday. Jase > -Original Message- > From: Desai, Jason > Sent: Friday, February 29, 2008 12:23 PM > To: 'Vladislav Kurz' > Cc: 'debian-security@lists.debian.org'; > '[EMAIL PROTECTED]' > Subject: RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > packages fix several issues > > I have noticed very similar things with one of my boxes which > was upgraded to the latest 2.4.27 kernel. Sometimes, it > would even hang when running depmod from the modutils init > script when booting. I did some troubleshooting, and found > that the older kernel boots fine. Moving some modules out to > a different directory allowed the system to boot. But it > would eventually hang after a few hours, sometimes after only > minutes. Like you indicated - ping would work. But there > was nothing in the logs on the screen for me. > > I had other systems upgraded to this kernel too, and they > seem ok. Most use ext3. However one does use ext2, and so > far it has been ok. The system giving me problems is a VM > running inside of VMWare Server. I was thinking the issue > may have been with VMWare. > > I may consider trying to go to ext3 to see if that improves things. > > Jase > > > -Original Message- > > From: Vladislav Kurz [mailto:[EMAIL PROTECTED] > > Sent: Friday, February 29, 2008 11:06 AM > > To: debian-security@lists.debian.org > > Cc: [EMAIL PROTECTED] > > Subject: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > > packages fix several issues > > > > Hello all, > > > > I wanted to file this through BTS but I'm not sure which > > package is the right > > place ot file kernel related bugs. Therefore I post here. > > > > It seems that last upgrade of kernel 2.4.27 is causing system > > crash and maybe > > even filesystem corruption at least with ext2 filesystem. > > > > Yesterday I have upgraded and rebooted couple of machines > > that still use > > kernel version 2.4.27, and one of them crashed after 5 and > half hours. > > It still responded to pings, maybe routing and firewalling as > > well, but SSH > > and other services were unavailable. This is the only machine > > still using > > ext2 filesystem. > > > > After rebooting i worked fine until I tried to access some parts of > > filesystem. I susected problems with hard disk but there were > > no messages on > > console (I expected I/O errors and such). Memory was fine as well. > > Checking filesystem with read-olny badblock scan "fsck -c > > /dev/hda2" reported > > everything OK. But at the moment I tried to copy (rsync, tar) > > the filesystem > > to new disk it crashed again. Copying the filesystem with dd > > was fine, but > > when i loop-mounted the image and tried to copy from there, > > system crashed > > again. So I ruled out hardware problems and tried to reboot > > with old kernel, > > and to my surprise I could read the "broken" filesystem > > without any problems. > > > > With old kernel I was able to rsync files to new hard drives, > > so the system is > > up and running now. (Using old kernel.) I can provide > > filesystem image > > of "broken" /usr partition for analysis. > > > > All my other servers running 2.4.27-4 kernels use ext3 > > filesystems seem to be > > OK, but I'm quite afraid if it might happen on ext3 as well. > > > > These bugfixes seem to be the only ones that have to do > > something with > > ext2/ext3. Could someone look into this issue? I will try to > > be as heplful as > > possibe debugging this stuff. > > > > > CVE-2006-6053 > > > > > > LMH reported a potential local DoS which could be > exploited by a > > > malicious user with the privileges to mount and read a > > corrupted ext3 > > > filesystem. > > > > > > CVE-2006-6054 > > > > > > LMH reported a potential local DoS which could be > exploited by a > > > malicious user with the privileges to mount and read a > > corrupted ext2 > > > filesystem. > > > > > > > Anyway, big thanks to the security team for the work that thay do. > > > > -- > > Regards > > Vladislav Kurz > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > >
RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
I have noticed very similar things with one of my boxes which was upgraded to the latest 2.4.27 kernel. Sometimes, it would even hang when running depmod from the modutils init script when booting. I did some troubleshooting, and found that the older kernel boots fine. Moving some modules out to a different directory allowed the system to boot. But it would eventually hang after a few hours, sometimes after only minutes. Like you indicated - ping would work. But there was nothing in the logs on the screen for me. I had other systems upgraded to this kernel too, and they seem ok. Most use ext3. However one does use ext2, and so far it has been ok. The system giving me problems is a VM running inside of VMWare Server. I was thinking the issue may have been with VMWare. I may consider trying to go to ext3 to see if that improves things. Jase > -Original Message- > From: Vladislav Kurz [mailto:[EMAIL PROTECTED] > Sent: Friday, February 29, 2008 11:06 AM > To: debian-security@lists.debian.org > Cc: [EMAIL PROTECTED] > Subject: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 > packages fix several issues > > Hello all, > > I wanted to file this through BTS but I'm not sure which > package is the right > place ot file kernel related bugs. Therefore I post here. > > It seems that last upgrade of kernel 2.4.27 is causing system > crash and maybe > even filesystem corruption at least with ext2 filesystem. > > Yesterday I have upgraded and rebooted couple of machines > that still use > kernel version 2.4.27, and one of them crashed after 5 and half hours. > It still responded to pings, maybe routing and firewalling as > well, but SSH > and other services were unavailable. This is the only machine > still using > ext2 filesystem. > > After rebooting i worked fine until I tried to access some parts of > filesystem. I susected problems with hard disk but there were > no messages on > console (I expected I/O errors and such). Memory was fine as well. > Checking filesystem with read-olny badblock scan "fsck -c > /dev/hda2" reported > everything OK. But at the moment I tried to copy (rsync, tar) > the filesystem > to new disk it crashed again. Copying the filesystem with dd > was fine, but > when i loop-mounted the image and tried to copy from there, > system crashed > again. So I ruled out hardware problems and tried to reboot > with old kernel, > and to my surprise I could read the "broken" filesystem > without any problems. > > With old kernel I was able to rsync files to new hard drives, > so the system is > up and running now. (Using old kernel.) I can provide > filesystem image > of "broken" /usr partition for analysis. > > All my other servers running 2.4.27-4 kernels use ext3 > filesystems seem to be > OK, but I'm quite afraid if it might happen on ext3 as well. > > These bugfixes seem to be the only ones that have to do > something with > ext2/ext3. Could someone look into this issue? I will try to > be as heplful as > possibe debugging this stuff. > > > CVE-2006-6053 > > > > LMH reported a potential local DoS which could be exploited by a > > malicious user with the privileges to mount and read a > corrupted ext3 > > filesystem. > > > > CVE-2006-6054 > > > > LMH reported a potential local DoS which could be exploited by a > > malicious user with the privileges to mount and read a > corrupted ext2 > > filesystem. > > > > Anyway, big thanks to the security team for the work that thay do. > > -- > Regards > Vladislav Kurz > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
RE: [SECURITY] [DSA 1090-1] New spamassassin packages fix remote command execution
MailScanner does not use spamd, but the perl api of spamassassin, so it is not vulnerable. Jase > -Original Message- > From: James Harper [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 06, 2006 6:19 AM > To: debian-security@lists.debian.org; Debian Security Announcements > Subject: RE: [SECURITY] [DSA 1090-1] New spamassassin > packages fix remote command execution > > No mention of if this is exploitable when spamassassin is used by > MailScanner? > > James > > > -Original Message- > > From: Martin Schulze [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 6 June 2006 19:18 > > To: Debian Security Announcements > > Subject: [SECURITY] [DSA 1090-1] New spamassassin packages > fix remote > > command execution > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > - > -- > -- > > -- > > Debian Security Advisory DSA 1090-1 > [EMAIL PROTECTED] > > http://www.debian.org/security/ Martin > Schulze > > June 6th, 2006 > http://www.debian.org/security/faq > > - > -- > -- > > -- > > > > Package: spamassassin > > Vulnerability : programming error > > Problem type : remote > > Debian-specific: no > > CVE ID : CVE-2006-2447 > > > > A vulnerability has been discoverd in SpamAssassin, a > Perl-based spam > > filter using text analysis, that can allow remote attackers > to execute > > arbitrary commands. This problem only affects systems > where spamd is > > reachable via the internet and used with vpopmail virtual users, via > > the "-v" / "--vpopmail" switch, and with the "-P" / "--paranoid" > > switch which is not the default setting on Debian. > > > > The old stable distribution (woody) is not affected by this problem. > > > > For the stable distribution (sarge) this problem has been fixed in > > version 3.0.3-2sarge1. > > > > For the volatile archive for the stable distribution (sarge) this > > problem has been fixed in version 3.1.0a-0volatile3. > > > > For the unstable distribution (sid) this problem has been fixed in > > version 3.1.3-1. > > > > We recommend that you upgrade your spamd package. > > > > > > Upgrade Instructions > > - > > > > wget url > > will fetch the file for you > > dpkg -i file.deb > > will install the referenced file. > > > > If you are using the apt-get package manager, use the line for > > sources.list as given at the end of this advisory: > > > > apt-get update > > will update the internal database > > apt-get upgrade > > will install corrected packages > > > > You may use an automated update by adding the resources from the > > footer to the proper configuration. > > > > > > Debian GNU/Linux 3.1 alias sarge > > - > > > > Source archives: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amassassin > _3 > > .0.3-2sarge1.dsc > > Size/MD5 checksum: 788 f9cce6d19fd73d0d62561a14672e9564 > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amassassin > _3 > > .0.3-2sarge1.diff.gz > > Size/MD5 checksum:45414 8804e76766eefa4324509b94dc005afa > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amassassin > _3 > > .0.3.orig.tar.gz > > Size/MD5 checksum: 999558 ca96f23cd1eb7d663ab55db98ef8090c > > > > Architecture independent components: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amassassin > _3 > > .0.3-2sarge1_all.deb > > Size/MD5 checksum: 769158 c4f10367da201b11d09a1c15da946f3b > > > > Alpha architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_alpha.deb > > Size/MD5 checksum:61720 3415e7c2962d21b897c6301c8ce88d8c > > > > AMD64 architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_amd64.deb > > Size/MD5 checksum:59700 4ee41384f107a46440c74bd2c6ff3cd4 > > > > ARM architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_arm.deb > > Size/MD5 checksum:58494 909e85063300d2ddfc38270e19f39b9c > > > > Intel IA-32 architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_i386.deb > > Size/MD5 checksum:57626 adb71b8190e535646d936333da1180ca > > > > Intel IA-64 architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_ia64.deb > > Size/MD5 checksum:65166 63435fc25e69eb3dcbdd95b9f682fbe5 > > > > HP Precision architecture: > > > > > > > http://security.debian.org/pool/updates/main/s/spamassassin/sp > amc_3.0.3- > > 2sarge1_hppa.deb > > Size/MD5 checksum:603
RE: iptables and apt-get
Hi. My guess is that security.debian.org was not available when you tried it (there were other posts to this list indicating that the server was down). So you were getting icmp errors back. The RELATED state allows this. If security.debian.org was up and running, you probably would not have had any errors at all. Jason > -Original Message- > From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 11:31 AM > To: debian-security@lists.debian.org > Subject: Re: iptables and apt-get > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi there > On Tuesday 11 March 2003 15:48, Ian Goodall wrote: > > All is fine now. Adding the line: > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > fixes the problem. Does anyone know what this line does? I > found this using > > an online script generator at http://www.iptables.1go.dk/index1.php. > > You are probably using some ftp server in your sources.list, > ftp and probably > you are using the so called active ftp, in this kind of > connections server > itselft initiate data transfers conection with the client > host ( so , SYNs > are sended directly from server to client, and in a > fiweralled enviroment > they are dropped. > > The added rule takes care of this kind of conections telling > iptables that > SYNs sended from the ftp server to the client host are related to a > established ftp conection opened from the client host to the > server and > should be permited ( even when they come with a SYN request > from the server) > ( it acts like a state module ( somehow related to ip_masq > modules tu ftp, > quake o irc ) that ensure that this kind or conections ( that > used a range of > ports higher than 1023 , but not asigned until the conection > is established ) > > I' ll hope it helps, excuse my english and have a look to > Netfilter Howto, any > good page about ftp server in firewalled enviroments will > help to. Have a > look at: > > http://slacksite.com/other/ftp.html > > And if you are very very interesting you can allways look for > the ftp rfc. > > > > > Thanks for all your help. This is the sort of thing that > this list should > > be used for instead of debating what should be on it / other spam :) > > - Original Message - > > > Kind Regards > Victor > > > > From: "I.R.van Dongen" <[EMAIL PROTECTED]> > > To: "Ian Goodall" <[EMAIL PROTECTED]> > > Cc: > > Sent: Tuesday, March 11, 2003 12:59 PM > > Subject: Re: iptables and apt-get > > > > > iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT > > > > > > On Tue, 11 Mar 2003 00:45:48 - > > > > > > "Ian Goodall" <[EMAIL PROTECTED]> wrote: > > > > Hi Guys, > > > > > > > > I am setting up iptables on my debain woody box. I have > decided to > > > > close > > > > everyting and then open up just ssh and ssl. This obviously > prevents my > > apt-get update from working. What ports do I need to open > for this to work. > > If it helps I am going through a proxy to get to the internet. > > > > > > Thanks > > > > > > > > ijg0 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE+bguJEzqHF8R72ekRApCeAJ9xBSZUqs/4anueP+qUXevmwLMEdQCfTg43 > NBzKsI3G9/3SKJN8+N2J540= > =opBe > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
RE: iptables and apt-get
Hi. My guess is that security.debian.org was not available when you tried it (there were other posts to this list indicating that the server was down). So you were getting icmp errors back. The RELATED state allows this. If security.debian.org was up and running, you probably would not have had any errors at all. Jason > -Original Message- > From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 11:31 AM > To: [EMAIL PROTECTED] > Subject: Re: iptables and apt-get > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi there > On Tuesday 11 March 2003 15:48, Ian Goodall wrote: > > All is fine now. Adding the line: > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > fixes the problem. Does anyone know what this line does? I > found this using > > an online script generator at http://www.iptables.1go.dk/index1.php. > > You are probably using some ftp server in your sources.list, > ftp and probably > you are using the so called active ftp, in this kind of > connections server > itselft initiate data transfers conection with the client > host ( so , SYNs > are sended directly from server to client, and in a > fiweralled enviroment > they are dropped. > > The added rule takes care of this kind of conections telling > iptables that > SYNs sended from the ftp server to the client host are related to a > established ftp conection opened from the client host to the > server and > should be permited ( even when they come with a SYN request > from the server) > ( it acts like a state module ( somehow related to ip_masq > modules tu ftp, > quake o irc ) that ensure that this kind or conections ( that > used a range of > ports higher than 1023 , but not asigned until the conection > is established ) > > I' ll hope it helps, excuse my english and have a look to > Netfilter Howto, any > good page about ftp server in firewalled enviroments will > help to. Have a > look at: > > http://slacksite.com/other/ftp.html > > And if you are very very interesting you can allways look for > the ftp rfc. > > > > > Thanks for all your help. This is the sort of thing that > this list should > > be used for instead of debating what should be on it / other spam :) > > - Original Message - > > > Kind Regards > Victor > > > > From: "I.R.van Dongen" <[EMAIL PROTECTED]> > > To: "Ian Goodall" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Tuesday, March 11, 2003 12:59 PM > > Subject: Re: iptables and apt-get > > > > > iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT > > > > > > On Tue, 11 Mar 2003 00:45:48 - > > > > > > "Ian Goodall" <[EMAIL PROTECTED]> wrote: > > > > Hi Guys, > > > > > > > > I am setting up iptables on my debain woody box. I have > decided to > > > > close > > > > everyting and then open up just ssh and ssl. This obviously > prevents my > > apt-get update from working. What ports do I need to open > for this to work. > > If it helps I am going through a proxy to get to the internet. > > > > > > Thanks > > > > > > > > ijg0 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE+bguJEzqHF8R72ekRApCeAJ9xBSZUqs/4anueP+qUXevmwLMEdQCfTg43 > NBzKsI3G9/3SKJN8+N2J540= > =opBe > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: [SECURITY] [DSA 159-1] New Python packages fix insecure tempo rary file use
Try running apt-get -u dselect-upgrade and see if apt wants to install or remove anything else. > -Original Message- > From: Siegbert Baude [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 28, 2002 9:34 AM > To: 'Debian Security' > Subject: Re: [SECURITY] [DSA 159-1] New Python packages fix insecure > temporary file use > > > Hi, > > after an "apt-get update" on my potato box, the following happens: > > wurm:~# apt-get upgrade > Reading Package Lists... Done > Building Dependency Tree... Done > The following packages have been kept back > python-base python-tk > 0 packages upgraded, 0 newly installed, 0 to remove and 2 not > upgraded. > wurm:~# > > > Why are the new python packages kept back? > > Ciao > Siegbert > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
Support for Potato
Does anybody know how long Debian will officially be supporting Potato and providing security updates for it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Iptables not logging
Are you using syslog-ng? If so, when it gets restarted, klogd also needs to be restarted. Looks like there was a bug reported about this - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=129819 Not sure when it's going to make it into woody, though. The simple fix is to modify your /etc/init.d/syslog-ng script to restart klogd. Jase > I upgraded to Debian 3.0 (Woody). Ok, not too bad. But, now > iptables no > longer logs the messages I was sending to LOG. Any clues? > > Hint, kern.log was empty also. I have restarted klogd and > then sysklogd. > There is a little in kern.log now but not much. During the > original boot, I > thought I saw some messages about modules not loading. Could > not see the > same messages in the logs. I have Kernel v 2.4.18. Do not > have ipmasq > installed. Was originally running iptables and stuff from > Bunk's downloads. > (Dumped the init.d script that came with this version of > iptables, already > had my script written.) > > Pat Moffitt > MIS Administrator > Western Recreational Vehicles, Inc. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Ssh not upgraded when doing apt-get upgrade?
You can also use apt-get dselect-upgrade. I think the problem was that one of the first ssh upgrades conflicted with an rsh package. apt-get dselect-upgrade removed it for me and installed the new ssh. > > Use apt-get -u upgrade to show what packages are being upgraded, then > apt-get install them to fetch the dependencies as well, or just use > apt-get dist-upgrade, which gets additional dependencies (And removed > conflicting packages), automatically. > > On Thu, 2002-06-27 at 19:14, Howland, Curtis wrote: > > I noticed the same thing when doing the 3.3 thing two days > ago that I commented on on this list. > > > > The security server is in my apt.sources list, but when I > executed "apt-get upgrade", it said "0 new, 0 to be removed, > 1 package(s) not updated". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Where to get updates
Hello. Can someone tell me the difference between packages in the dists/potato-proposed-updates and packages on the security.debian.org site? I had been using the proposed-updates in my sources.list file for a while, but I have not found the updated bind package there. But I did find it on the security.debian.org site. Thanks for any help. Jase
Where to get updates
Hello. Can someone tell me the difference between packages in the dists/potato-proposed-updates and packages on the security.debian.org site? I had been using the proposed-updates in my sources.list file for a while, but I have not found the updated bind package there. But I did find it on the security.debian.org site. Thanks for any help. Jase -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
