Hi,

I have just installed a new Debian Etch server, supposed to replace a
FreeBSD 6 server soon.

There are a few things I miss on the Debian box, and I wonder if there
is a way of having that on Debian too:

------------
------------

1) First of all, there is a nice feature under FreeBSD: on a shell,
command history can be filtered with a few characters, when using the up
arrow. For example, if you rember you restarted a deamon before, you can
type "/etc/i" and then press the up arrow key. Only past command that
start with "/etc/i" appear, like "/etc/init.d/apache2 restart".

------------
------------

2) Under freebsd, ports can be checked against vulnerabilities with a
simple command:

--
Portaudit -Fda

If there is anything wrong, you get:

server# portaudit -Fda
auditfile.tbz 100% of 42 kB 62 kBps
New database installed.
Database created: Fri Jun 15 09:10:07 CEST 2007
Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaud...-a22b-000c6ec7
75d9.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s)
immediately.
--

Is there that on debian too?

------------
------------

3) Under FreeBSD, you get every morning a security output email, that
shows all particular events that happend the day before. It looks like:

--
Checking setuid files and devices:
fstab: /etc/fstab:0: No such file or directory
fstab: /etc/fstab:0: No such file or directory

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:
ipfw: getsockopt(IP_FW_GET): Operation not permitted

server.domain.ch kernel log messages:
+++ /tmp/security.6sNnuaOZ Fri Jun 15 03:01:46 2007
+pid 38178 (httpd), uid 80: exited on signal 10 pid 38176 (httpd), uid
+80: exited on signal 10 pid 38301 (httpd), uid 80: exited on signal 10
+pid 38080 (httpd), uid 80: exited on signal 10 Limiting closed port RST

+response from 218 to 200 packets/sec Limiting closed port RST response
+from 327 to 200 packets/sec Limiting closed port RST response from 278
+to 200 packets/sec pid 42633 (httpd), uid 80: exited on signal 10 pid
+50555 (httpd), uid 80: exited on signal 10 pid 51336 (httpd), uid 80:
+exited on signal 10 pid 51376 (httpd), uid 80: exited on signal 10 pid
+38070 (httpd), uid 80: exited on signal 10 pid 38073 (httpd), uid 80:
+exited on signal 10 pid 57535 (httpd), uid 80: exited on signal 10 pid
+38081 (httpd), uid 80: exited on signal 10 pid 57653 (httpd), uid 80:
+exited on signal 10 pid 62361 (httpd), uid 80: exited on signal 10
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+pid 74513 (httpd), uid 80: exited on signal 10 pid 75974 (httpd), uid
+80: exited on signal 10 pid 88387 (httpd), uid 80: exited on signal 10
+pid 89472 (httpd), uid 80: exited on signal 10 pid 86765 (httpd), uid
+80: exited on signal 10 pid 87500 (httpd), uid 80: exited on signal 10
+pid 87906 (httpd), uid 80: exited on signal 10 pid 96385 (httpd), uid
+80: exited on signal 10 pid 95468 (httpd), uid 80: exited on signal 10

server.domain.ch login failures:

server.domain.ch refused connections:
Jun 14 06:14:45 server sshd[80891]: refused connect from
y246.yellow.fastwebserver.de (217.79.182.246) Jun 14 08:22:35 server
sshd[88665]: refused connect from ahv250.internetdsl.tpnet.pl
(83.16.203.250) Jun 14 08:24:55 server sshd[88740]: refused connect from
eaf202.internetdsl.tpnet.pl (83.14.109.202) Jun 14 13:17:51 server
sshd[53964]: refused connect from 67.104.242.30.ptr.us.xo.net
(67.104.242.30)

Checking for a current audit database:

Database created: Thu Jun 14 09:10:02 CEST 2007

Checking for packages with security vulnerabilities:

Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaud...-a22b-000c6ec7
75d9.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s)
immediately.

-- End of security output --


Is there that on Debian too?

------------
------------

Regards to all,

Philippe Lang

On Fri, Jun 15, 2007 at 09:27:54AM +0200, Philippe Lang wrote:
> Hi,
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> ------------
> ------------
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>

History and line-editing at the shell prompt is managed by the
readline library. Typing C-r will let you search backwards through
your history. man readline will also .

> <snipped other questions>

--
Kushal Kumaran kushal@it.iitb.ac.in


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, 15 Jun 2007 09:27:54 +0200
"Philippe Lang" <philippe.lang@attiksystem.ch> wrote:

> Hi,
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> ------------
> ------------
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the
> up arrow. For example, if you rember you restarted a deamon before,
> you can type "/etc/i" and then press the up arrow key. Only past
> command that start with "/etc/i" appear, like "/etc/init.d/apache2
> restart".

That is a feature of the shell you were using in FreeBSD. (The
default shell is csh, IIRC.) You can install and use the same shell in
Debian, if you wish. Or you can continue to use the default shell in
Debian, which is bash. The key combination ctrl-r will give you
behaviour like that which you describe above.

>
> ------------
> ------------
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:
>
> --
> Portaudit -Fda
>
> If there is anything wrong, you get:
>
> server# portaudit -Fda
> auditfile.tbz 100% of 42 kB 62
> kBps New database installed.
> Database created: Fri Jun 15 09:10:07 CEST 2007
> Affected package: awstats-6.6
> Type of problem: awstats -- arbitrary command execution vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaud...-a22b-000c6ec7
> 75d9.html>
>
> 1 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s)
> immediately.
> --
>
> Is there that on debian too?

The approach in Debian is to synchronise the list of available packages
(and their versions, including security fixes) against a central
software repository. The administrator can then choose to upgrade
installed packages to their latest versions. It is possible to automate
some or all of this, and to arrange for notification in various ways.
See http://www.debian.org/doc/manuals/apt-howto/ for more information.

>
> ------------
> ------------
>
> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happend the day before.

[...]

> Is there that on Debian too?

I've never used such a thing in Debian. I'm sure others on
this list are better placed to advise you.

>
> ------------
> ------------
>
> Regards to all,
>
> Philippe Lang
>
>


--

Liam


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

> Hi,
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
>

< snip >

> ------------
> ------------
>
> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happened the day before. It looks like:
>
< snip >
>
> Is there that on Debian too?
>

A very useful replacement would be logcheck.

Peter

On 6/15/07, Philippe Lang <philippe.lang@attiksystem.ch> wrote:
> Hi,

Hi,

> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> (...)
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:
>
> --
> Portaudit -Fda
>
> If there is anything wrong, you get:
>
> server# portaudit -Fda
> auditfile.tbz 100% of 42 kB 62 kBps
> New database installed.
> Database created: Fri Jun 15 09:10:07 CEST 2007
> Affected package: awstats-6.6
> Type of problem: awstats -- arbitrary command execution vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaud...-a22b-000c6ec7
> 75d9.html>
>
> 1 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s)
> immediately.
> --
>
> Is there that on debian too?
> (...)

Install the package debsecan.

regards,
-- stratus
http://stratusandtheswirl.blogspot.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, Jun 15, 2007 at 09:27:54AM +0200, Philippe Lang wrote:
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>
Sounds like a function of the shell. You can do two things: install
that shell and use it, or get to know bash.

Also FYI, debian is going through a bit of a transistion when it comes
to documentation. The Debian Free Software Guidelines (part of, or at
least related to, debian policy) are in conflict with the newer GNU
documentation licence (re unmodifiable sections). The upshot of which
is that some documentation that one would think would be in main are
actually in non-free. To get it, put non-free in your
/etc/apt/sources.list.

> ------------
> ------------
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:

How does your freebsd box know today's vulnerabilities? It probably
accesses the freebsd repository. On debian, you do and aptitude update.
I always run aptitude interactively (just type aptitude with no
arguments), then hit 'u' to update. When its finished, if there are any
security updates, there will be a section right at the top called
"security updates". You can also subscribe to the debian security
announce mailing list to get email warnings.

> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happend the day before. It looks like:
>

With debian you have some choices. To check your log there are packages
like logcheck. To check file integrity there are things like tripwire
or samhain. For other security checks there is tiger. Lots of choices.

All these choices mean that you need to get comfortable with aptitude
(get the aptitude-doc package) and its search patterns.

Welcome to debian.

Just curious: what induced you from freebsd to debian?

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, Jun 15, 2007 at 08:43:56AM -0400, Douglas Allan Tutty wrote:
> On Fri, Jun 15, 2007 at 09:27:54AM +0200, Philippe Lang wrote:
> >
> > I have just installed a new Debian Etch server, supposed to replace a
> > FreeBSD 6 server soon.
> >
> > There are a few things I miss on the Debian box, and I wonder if there
> > is a way of having that on Debian too:
> >

[...]

> >
> > 2) Under freebsd, ports can be checked against vulnerabilities with a
> > simple command:
>
> How does your freebsd box know today's vulnerabilities? It probably
> accesses the freebsd repository. On debian, you do and aptitude update.
> I always run aptitude interactively (just type aptitude with no
> arguments), then hit 'u' to update. When its finished, if there are any
> security updates, there will be a section right at the top called
> "security updates". You can also subscribe to the debian security
> announce mailing list to get email warnings.

cron-apt will mail you output of its nightly run. It will include a
list of all currently available updates for your system. If you are
running stable, the only updates you'll get will be security
updates...

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGcud7aIeIEqwil4YRApJiAJ495o/MAqReJRNQzBV5pnRf3E744gCgxS/I
WD0RJjcCF1kbZt7ztdWoKxg=
=4ZzN
-----END PGP SIGNATURE-----

Philippe Lang wrote:
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>

As some others have pointed out, that is a feature of the shell.
With the default shell (bash) and vi key-bindings (set -o vi),
you can accomplish that with:

<esc>//etc/i<cr>

This causes the most recent occurence of a command that
matches the initial sequence '/etc/i', and you can
then cycle through the history list with 'n'. Incidentally,
^r also works with the vi-key bindings turned on, but
it feels obscene to use it


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org