From FreeBSD 6 to Debian 4
Philippe Lang
I have just installed a new Debian Etch server, supposed to replace a
FreeBSD 6 server soon.
There are a few things I miss on the Debian box, and I wonder if there
is a way of having that on Debian too:
------------
------------
1) First of all, there is a nice feature under FreeBSD: on a shell,
command history can be filtered with a few characters, when using the up
arrow. For example, if you rember you restarted a deamon before, you can
type "/etc/i" and then press the up arrow key. Only past command that
start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
------------
------------
2) Under freebsd, ports can be checked against vulnerabilities with a
simple command:
--
Portaudit -Fda
If there is anything wrong, you get:
server# portaudit -Fda
auditfile.tbz 100% of 42 kB 62 kBps
New database installed.
Database created: Fri Jun 15 09:10:07 CEST 2007
Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
75d9.html>
1 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s)
immediately.
--
Is there that on debian too?
------------
------------
3) Under FreeBSD, you get every morning a security output email, that
shows all particular events that happend the day before. It looks like:
--
Checking setuid files and devices:
fstab: /etc/fstab:0: No such file or directory
fstab: /etc/fstab:0: No such file or directory
Checking for uids of 0:
root 0
toor 0
Checking for passwordless accounts:
ipfw: getsockopt(IP_FW_GET): Operation not permitted
server.domain.ch kernel log messages:
+++ /tmp/security.6sNnuaOZ Fri Jun 15 03:01:46 2007
+pid 38178 (httpd), uid 80: exited on signal 10 pid 38176 (httpd), uid
+80: exited on signal 10 pid 38301 (httpd), uid 80: exited on signal 10
+pid 38080 (httpd), uid 80: exited on signal 10 Limiting closed port RST
+response from 218 to 200 packets/sec Limiting closed port RST response
+from 327 to 200 packets/sec Limiting closed port RST response from 278
+to 200 packets/sec pid 42633 (httpd), uid 80: exited on signal 10 pid
+50555 (httpd), uid 80: exited on signal 10 pid 51336 (httpd), uid 80:
+exited on signal 10 pid 51376 (httpd), uid 80: exited on signal 10 pid
+38070 (httpd), uid 80: exited on signal 10 pid 38073 (httpd), uid 80:
+exited on signal 10 pid 57535 (httpd), uid 80: exited on signal 10 pid
+38081 (httpd), uid 80: exited on signal 10 pid 57653 (httpd), uid 80:
+exited on signal 10 pid 62361 (httpd), uid 80: exited on signal 10
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+pid 74513 (httpd), uid 80: exited on signal 10 pid 75974 (httpd), uid
+80: exited on signal 10 pid 88387 (httpd), uid 80: exited on signal 10
+pid 89472 (httpd), uid 80: exited on signal 10 pid 86765 (httpd), uid
+80: exited on signal 10 pid 87500 (httpd), uid 80: exited on signal 10
+pid 87906 (httpd), uid 80: exited on signal 10 pid 96385 (httpd), uid
+80: exited on signal 10 pid 95468 (httpd), uid 80: exited on signal 10
server.domain.ch login failures:
server.domain.ch refused connections:
Jun 14 06:14:45 server sshd[80891]: refused connect from
y246.yellow.fastwebserver.de (217.79.182.246) Jun 14 08:22:35 server
sshd[88665]: refused connect from ahv250.internetdsl.tpnet.pl
(83.16.203.250) Jun 14 08:24:55 server sshd[88740]: refused connect from
eaf202.internetdsl.tpnet.pl (83.14.109.202) Jun 14 13:17:51 server
sshd[53964]: refused connect from 67.104.242.30.ptr.us.xo.net
(67.104.242.30)
Checking for a current audit database:
Database created: Thu Jun 14 09:10:02 CEST 2007
Checking for packages with security vulnerabilities:
Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
75d9.html>
1 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s)
immediately.
-- End of security output --
Is there that on Debian too?
------------
------------
Regards to all,
Philippe Lang
Kushal Kumaran
> Hi,
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> ------------
> ------------
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>
History and line-editing at the shell prompt is managed by the
readline library. Typing C-r will let you search backwards through
your history. man readline will also help.
> <snipped other questions>
--
Kushal Kumaran kus...@it.iitb.ac.in
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Liam O'Toole
"Philippe Lang" <philip...@attiksystem.ch> wrote:
> Hi,
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> ------------
> ------------
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the
> up arrow. For example, if you rember you restarted a deamon before,
> you can type "/etc/i" and then press the up arrow key. Only past
> command that start with "/etc/i" appear, like "/etc/init.d/apache2
> restart".
That is a feature of the shell you were using in FreeBSD. (The
default shell is csh, IIRC.) You can install and use the same shell in
Debian, if you wish. Or you can continue to use the default shell in
Debian, which is bash. The key combination ctrl-r will give you
behaviour like that which you describe above.
>
> ------------
> ------------
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:
>
> --
> Portaudit -Fda
>
> If there is anything wrong, you get:
>
> server# portaudit -Fda
> auditfile.tbz 100% of 42 kB 62
> kBps New database installed.
> Database created: Fri Jun 15 09:10:07 CEST 2007
> Affected package: awstats-6.6
> Type of problem: awstats -- arbitrary command execution vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
> 75d9.html>
>
> 1 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s)
> immediately.
> --
>
> Is there that on debian too?
The approach in Debian is to synchronise the list of available packages
(and their versions, including security fixes) against a central
software repository. The administrator can then choose to upgrade
installed packages to their latest versions. It is possible to automate
some or all of this, and to arrange for notification in various ways.
See http://www.debian.org/doc/manuals/apt-howto/ for more information.
>
> ------------
> ------------
>
> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happend the day before.
[...]
> Is there that on Debian too?
I've never used such a thing in Debian. I'm sure others on
this list are better placed to advise you.
>
> ------------
> ------------
>
> Regards to all,
>
> Philippe Lang
>
>
--
Liam
Peter Teunissen
>
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
>
< snip >
> ------------
> ------------
>
> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happened the day before. It looks like:
>
< snip >
>
> Is there that on Debian too?
>
A very useful replacement would be logcheck.
Peter
Gustavo Franco
> Hi,
Hi,
> I have just installed a new Debian Etch server, supposed to replace a
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> (...)
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:
>
> --
> Portaudit -Fda
>
> If there is anything wrong, you get:
>
> server# portaudit -Fda
> auditfile.tbz 100% of 42 kB 62 kBps
> New database installed.
> Database created: Fri Jun 15 09:10:07 CEST 2007
> Affected package: awstats-6.6
> Type of problem: awstats -- arbitrary command execution vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
> 75d9.html>
>
> 1 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s)
> immediately.
> --
>
> Is there that on debian too?
> (...)
Install the package debsecan.
regards,
-- stratus
http://stratusandtheswirl.blogspot.com
Douglas Allan Tutty
>
> FreeBSD 6 server soon.
>
> There are a few things I miss on the Debian box, and I wonder if there
> is a way of having that on Debian too:
>
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>
that shell and use it, or get to know bash.
Also FYI, debian is going through a bit of a transistion when it comes
to documentation. The Debian Free Software Guidelines (part of, or at
least related to, debian policy) are in conflict with the newer GNU
documentation licence (re unmodifiable sections). The upshot of which
is that some documentation that one would think would be in main are
actually in non-free. To get it, put non-free in your
/etc/apt/sources.list.
> ------------
> ------------
>
> 2) Under freebsd, ports can be checked against vulnerabilities with a
> simple command:
How does your freebsd box know today's vulnerabilities? It probably
accesses the freebsd repository. On debian, you do and aptitude update.
I always run aptitude interactively (just type aptitude with no
arguments), then hit 'u' to update. When its finished, if there are any
security updates, there will be a section right at the top called
"security updates". You can also subscribe to the debian security
announce mailing list to get email warnings.
> 3) Under FreeBSD, you get every morning a security output email, that
> shows all particular events that happend the day before. It looks like:
>
With debian you have some choices. To check your log there are packages
like logcheck. To check file integrity there are things like tripwire
or samhain. For other security checks there is tiger. Lots of choices.
All these choices mean that you need to get comfortable with aptitude
(get the aptitude-doc package) and its search patterns.
Welcome to debian.
Just curious: what induced you from freebsd to debian?
Doug.
Andrew Sackville-West
> On Fri, Jun 15, 2007 at 09:27:54AM +0200, Philippe Lang wrote:
> >
> > I have just installed a new Debian Etch server, supposed to replace a
> > FreeBSD 6 server soon.
> >
> > There are a few things I miss on the Debian box, and I wonder if there
> > is a way of having that on Debian too:
> >
[...]
> >
> > 2) Under freebsd, ports can be checked against vulnerabilities with a
> > simple command:
>
> How does your freebsd box know today's vulnerabilities? It probably
> accesses the freebsd repository. On debian, you do and aptitude update.
> I always run aptitude interactively (just type aptitude with no
> arguments), then hit 'u' to update. When its finished, if there are any
> security updates, there will be a section right at the top called
> "security updates". You can also subscribe to the debian security
> announce mailing list to get email warnings.
cron-apt will mail you output of its nightly run. It will include a
list of all currently available updates for your system. If you are
running stable, the only updates you'll get will be security
updates...
A
William Pursell
>
> 1) First of all, there is a nice feature under FreeBSD: on a shell,
> command history can be filtered with a few characters, when using the up
> arrow. For example, if you rember you restarted a deamon before, you can
> type "/etc/i" and then press the up arrow key. Only past command that
> start with "/etc/i" appear, like "/etc/init.d/apache2 restart".
>
As some others have pointed out, that is a feature of the shell.
With the default shell (bash) and vi key-bindings (set -o vi),
you can accomplish that with:
<esc>//etc/i<cr>
This causes the most recent occurence of a command that
matches the initial sequence '/etc/i', and you can
then cycle through the history list with 'n'. Incidentally,
^r also works with the vi-key bindings turned on, but
it feels obscene to use it :)
Kevin Mark
Debian has 3 streams of development: stable, testing and unstable.
Stable and testing have repos for 'security updates' that you can check
and install new package updates, this is just for security issues. If
you are concerned with security above all else, then it is not advised
to use testing and unstable. If you need newer software for stable, then
you can use backports.org, although it is not as tested as official
debian packages.
Also, there are security lists at lists.debian.org and there is security
info on the debian wiki (wiki.debian.org).
Debian also has support for SELinux which is a security layer, although
the policies are functional but not complete.
--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|
Philippe Lang
> Just curious: what induced you from freebsd to debian?
Hi,
Thanks all for your help. I decided to make the transition from FreeBSD
to Debian for a few reasons:
1) Virtualization: For the moment, there is no offical Dom0 XEN port on
FreeBSD, and FreeBSD jails are a little too limited for what I'm doing
(no CPU limit per jail, not RAM limit per jail). What's more, there is
an annoying old bug that prevents you from restarting a jail separately.
All these points should be corrected sooner or later.
2) LVM: there is no such beast under FreeBSD. Note that ZFS should be
available under FreeBSD 7.0.
Except that, I've always been very very happy with FreeBSD. Performances
and stability are just great.
Regards to all,
Philippe
Kevin Mark
than Linuxes. If you get a change to blog or comment here about things
you notice, I'm sure I and the other list folks would be interesting in
your observations. Hopefully keeping flameage too a minimum ;-)
Philippe Lang
> As a FLOSS person, I always like to know what make *BSD more
> attractive than Linuxes.
One thing comes to my mind: documentation. I'm sure there is plenty of
documentation and infos on Debian, everywhere, but when you start, I
imagine you feel more confortable with BSD documentation. On FreeBSD, we
have this:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
This is clear, simple to read. And this THE reference.
Philippe
Bob Proulx
> As a FLOSS person, I always like to know what make *BSD more attractive
> than Linuxes. If you get a change to blog or comment here about things
> you notice, I'm sure I and the other list folks would be interesting in
> your observations. Hopefully keeping flameage too a minimum ;-)
Some time ago I found this following rant on the topic. It is quite
well written and informative. Good reading.
http://www.over-yonder.net/~fullermd/rants/bsd4linux/bsd4linux1.php
Bob
Andrew Sackville-West
>
> Some time ago I found this following rant on the topic. It is quite
> well written and informative. Good reading.
>
> http://www.over-yonder.net/~fullermd/rants/bsd4linux/bsd4linux1.php
>
nice. thanks
A