Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi Salvatore,
Am 20.09.2012 um 19:37 schrieb Salvatore Bonaccorso <carnil@debian.org>:
> Hi Thilo
>
> I had a quick look again at your current version uploaded to
> mentors.d.n. Really thanks for your work you put into that package.
> I'm adding only again some comments:
>
> current lintian reports the following two:
>
> W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer
> N:
> N: This package provides an ELF binary that lacks the use of fortified libc
> N: functions. Either there are no potentially unfortified functions called
> N: by any routines, all unfortified calls have already been fully validated
> N: at compile-time, or the package was not built with the default Debian
> N: compiler flags defined by dpkg-buildflags. If built using
> N: dpkg-buildflags directly, be sure to import CPPFLAGS.
> N:
> N: NB: Due to false-positives, Lintian ignores some unprotected functions
> N: (e.g. memcpy).
> N:
> N: Refer to http://wiki.debian.org/Hardening and
> N: http://bugs.debian.org/673112 for details.
> N:
> N: Severity: normal, Certainty: possible
> N:
> N: Check: binaries, Type: binary, udeb
> N:
>
> This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the
> CPPFLAGS asignmend should do unless I missed something. After doing so
> my resulting binary had:
>
> foo/usr/bin/logsurfer:
> Position Independent Executable: no, normal executable!
> Stack protected: yes
> Fortify Source functions: yes (some protected functions found)
> Read-only relocations: yes
> Immediate binding: no, not found!
Yes, that worked for me, too. I included the patch.
> I: logsurfer: FSSTND-dir-in-manual-page usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/
> N:
> N: The manual page references a directory that is specified in the FSSTND
> N: but not in the FHS which is used by Debian. This can be an indicator of
> N: a mismatch of the location of files as installed for Debian and as
> N: described by the man page.
> N:
> N: If you have to change file locations to abide by Debian Policy please
> N: also patch the man page to mention these new locations.
> N:
> N: Severity: wishlist, Certainty: certain
> N:
> N: Check: manpages, Type: binary
> N:
While I think that lintian show this warning because of "/var/adm", I get your point.
> No files are installed into the wrong directory, but looking at the
> manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is
> references as default configuration file. Trying to start logsurfer:
>
> # logsurfer
> warning: logsurfer started as root
> error opening configfile /usr/local/etc/logsurfer.conf
> error reading configfile /usr/local/etc/logsurfer.conf
>
> For more information on Configuration files[1], in particular see
> 'Location' and 'Behaviour'. Location of a default configuration file
> seems configurable in the configure part.
>
> [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
I changed the default to /etc/logsurfer.conf. The warning about /var/adm is
still there, but I think that should be ok.
> debian/changelog: For the initial upload it is only needed to have the
> 'Initial release (Closes: #670875)' entry, the others as part of the
> inital packaging could be removed.
Fixed.
> Hmm, maybe would be good to actually add a README.Debian to give an
> introduction on how to use logsurfer on a Debian system? How to set up
> monitoring of a logfile? cronjobs?
Yes, I thought about that as well. For now I created a small README.Debian.
But maybe it would be a good idea to include some examples like an init.d
script to start logsrufer on system boot.
> Hope this could help you,
Yes, very much! I uploaded a new version to mentors.d.n.
Thanks again,
Thilo
Reply to: