[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

From FreeBSD 6 to Debian 4

Hi,

I have just installed a new Debian Etch server, supposed to replace a
FreeBSD 6 server soon.

There are a few things I miss on the Debian box, and I wonder if there
is a way of having that on Debian too:

------------
------------

1) First of all, there is a nice feature under FreeBSD: on a shell,
command history can be filtered with a few characters, when using the up
arrow. For example, if you rember you restarted a deamon before, you can
type "/etc/i" and then press the up arrow key. Only past command that
start with "/etc/i" appear, like "/etc/init.d/apache2 restart".

------------
------------

2) Under freebsd, ports can be checked against vulnerabilities with a
simple command:

--
Portaudit -Fda

If there is anything wrong, you get:

server# portaudit -Fda
auditfile.tbz                                 100% of   42 kB   62 kBps
New database installed.
Database created: Fri Jun 15 09:10:07 CEST 2007
Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
75d9.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s)
immediately.
--

Is there that on debian too?

------------
------------

3) Under FreeBSD, you get every morning a security output email, that
shows all particular events that happend the day before. It looks like:

--
Checking setuid files and devices:
fstab: /etc/fstab:0: No such file or directory
fstab: /etc/fstab:0: No such file or directory

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:
ipfw: getsockopt(IP_FW_GET): Operation not permitted

server.domain.ch kernel log messages:
+++ /tmp/security.6sNnuaOZ	Fri Jun 15 03:01:46 2007
+pid 38178 (httpd), uid 80: exited on signal 10 pid 38176 (httpd), uid 
+80: exited on signal 10 pid 38301 (httpd), uid 80: exited on signal 10 
+pid 38080 (httpd), uid 80: exited on signal 10 Limiting closed port RST

+response from 218 to 200 packets/sec Limiting closed port RST response 
+from 327 to 200 packets/sec Limiting closed port RST response from 278 
+to 200 packets/sec pid 42633 (httpd), uid 80: exited on signal 10 pid 
+50555 (httpd), uid 80: exited on signal 10 pid 51336 (httpd), uid 80: 
+exited on signal 10 pid 51376 (httpd), uid 80: exited on signal 10 pid 
+38070 (httpd), uid 80: exited on signal 10 pid 38073 (httpd), uid 80: 
+exited on signal 10 pid 57535 (httpd), uid 80: exited on signal 10 pid 
+38081 (httpd), uid 80: exited on signal 10 pid 57653 (httpd), uid 80: 
+exited on signal 10 pid 62361 (httpd), uid 80: exited on signal 10
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+pid 74513 (httpd), uid 80: exited on signal 10 pid 75974 (httpd), uid 
+80: exited on signal 10 pid 88387 (httpd), uid 80: exited on signal 10 
+pid 89472 (httpd), uid 80: exited on signal 10 pid 86765 (httpd), uid 
+80: exited on signal 10 pid 87500 (httpd), uid 80: exited on signal 10 
+pid 87906 (httpd), uid 80: exited on signal 10 pid 96385 (httpd), uid 
+80: exited on signal 10 pid 95468 (httpd), uid 80: exited on signal 10

server.domain.ch login failures:

server.domain.ch refused connections:
Jun 14 06:14:45 server sshd[80891]: refused connect from
y246.yellow.fastwebserver.de (217.79.182.246) Jun 14 08:22:35 server
sshd[88665]: refused connect from ahv250.internetdsl.tpnet.pl
(83.16.203.250) Jun 14 08:24:55 server sshd[88740]: refused connect from
eaf202.internetdsl.tpnet.pl (83.14.109.202) Jun 14 13:17:51 server
sshd[53964]: refused connect from 67.104.242.30.ptr.us.xo.net
(67.104.242.30)

Checking for a current audit database:

Database created: Thu Jun 14 09:10:02 CEST 2007

Checking for packages with security vulnerabilities:

Affected package: awstats-6.6
Type of problem: awstats -- arbitrary command execution vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/2df297a2-dc74-11da-a22b-000c6ec7
75d9.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s)
immediately.

-- End of security output --


Is there that on Debian too?

------------
------------

Regards to all,

Philippe Lang
Reply to: