Hi Thilo I had a quick look again at your current version uploaded to mentors.d.n. Really thanks for your work you put into that package. I'm adding only again some comments: current lintian reports the following two: W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called N: by any routines, all unfortified calls have already been fully validated N: at compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CPPFLAGS. N: N: NB: Due to false-positives, Lintian ignores some unprotected functions N: (e.g. memcpy). N: N: Refer to http://wiki.debian.org/Hardening and N: http://bugs.debian.org/673112 for details. N: N: Severity: normal, Certainty: possible N: N: Check: binaries, Type: binary, udeb N: This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the CPPFLAGS asignmend should do unless I missed something. After doing so my resulting binary had: foo/usr/bin/logsurfer: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! I: logsurfer: FSSTND-dir-in-manual-page usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/ N: N: The manual page references a directory that is specified in the FSSTND N: but not in the FHS which is used by Debian. This can be an indicator of N: a mismatch of the location of files as installed for Debian and as N: described by the man page. N: N: If you have to change file locations to abide by Debian Policy please N: also patch the man page to mention these new locations. N: N: Severity: wishlist, Certainty: certain N: N: Check: manpages, Type: binary N: No files are installed into the wrong directory, but looking at the manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is references as default configuration file. Trying to start logsurfer: # logsurfer warning: logsurfer started as root error opening configfile /usr/local/etc/logsurfer.conf error reading configfile /usr/local/etc/logsurfer.conf For more information on Configuration files[1], in particular see 'Location' and 'Behaviour'. Location of a default configuration file seems configurable in the configure part. [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files debian/changelog: For the initial upload it is only needed to have the 'Initial release (Closes: #670875)' entry, the others as part of the inital packaging could be removed. Hmm, maybe would be good to actually add a README.Debian to give an introduction on how to use logsurfer on a Debian system? How to set up monitoring of a logfile? cronjobs? Hope this could help you, Regards, Salvatore
Attachment:
signature.asc
Description: Digital signature