Package: sslwrap Version: 2.0.6-16 Severity: grave Tags: sid Hi Jonathan,
A combination of factors now gives me this on console every time /etc/init.d/sslwrap stop is called: # /etc/init.d/sslwrap stop Stopping sslwrap: Trying to add the following entry: #<off># https stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 80 There is already an entry for #<off># https in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># https stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 80 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># ssmtp stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 25 There is already an entry for #<off># ssmtp in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># ssmtp stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 25 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># nntps stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 119 There is already an entry for #<off># nntps in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># nntps stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 119 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># telnets stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 23 There is already an entry for #<off># telnets in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># telnets stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 23 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># ircs stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 194 There is already an entry for #<off># ircs in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># ircs stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 194 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># ftps-data stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 20 There is already an entry for #<off># ftps-data in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># ftps-data stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 20 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># ftps stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 21 There is already an entry for #<off># ftps in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># ftps stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 21 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n Trying to add the following entry: #<off># ldaps stream tcp nowait sslwrap:sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 389 There is already an entry for #<off># ldaps in /etc/inetd.conf, but I don't recognise it. Here is what it looks like: #<off># ldaps stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/sslwrap/server.pem -addr 127.0.0.1 -port 389 Do you want to ignore this potential problem and continue, or would you rather not do so now ? Continue? (n/y) n imaps pop3s sswat. # This is especially pleasant because ssh is stopped before sslwrap on shutdown, and on startup, ssh will reject connections because /etc/nologin is still present at the time the init script is prompting for these answers. Even better, I don't actually use *any* of these default services (sswat is the only one I'm interested in), and even if I did, I don't see any reason for sslwrap to be twiddling the contents of /etc/inetd.conf in an init script -- it's the *inetd* init script's job to start and stop inetd-controlled services. The trigger for all of these extra entries in /etc/inetd.conf seems to be bug #277294; let us say that the upgrade did not go smoothly. Nevertheless, I believe the real RC bug here is the gratuitous invocation of update-inetd. Contents of /etc/inetd.conf available upon request if you need more info to reproduce this problem. Cheers, -- Steve Langasek postmodern programmer -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages sslwrap depends on: ii debconf 1.4.47 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
