Bug#604053: marked as done (nsca: starts as daemon although disabled in debconf)

Debian Bug Tracking System Tue, 30 Nov 2010 05:36:20 -0800

Your message dated Tue, 30 Nov 2010 13:32:21 +0000
with message-id <e1pnqjh-0005gt...@franck.debian.org>
and subject line Bug#604053: fixed in nsca 2.7.2+nmu1
has caused the Debian Bug report #604053,
regarding nsca: starts as daemon although disabled in debconf
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
604053: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604053
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: nsca
Version: 2.7.2
Severity: serious

Installing nsca and answering 'no' to the debcanf question which asks if
you want to run the nsca daemon still results in a running daemon with a
pretty unusual PID:

4294967295 12373   1  0 21:08 ?        00:00:00 /usr/sbin/nsca --daemon -c 
/etc/nsca.cfg

I'm filing this as serious as I consider daemons which run and listen on
tcp ports without being configured to do so as a security issue.
Especially when they run with a UID which might b in use otherwise.
I'd guess it tries to use -1 as UID as that was the UID of nobody some
ancient times ago.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35.7-think (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nsca depends on:
ii  debconf [debconf-2.0]         1.5.36     Debian configuration management sy
ii  libc6                         2.11.2-7   Embedded GNU C Library: Shared lib
ii  libmcrypt4                    2.5.8-3.1  De-/Encryption Library

nsca recommends no packages.

Versions of packages nsca suggests:
pn  nagios                        <none>     (no description available)
ii  nagios-plugins                1.4.15-2   Plugins for the nagios network mon
ii  nagios-plugins-basic          1.4.15-2   Plugins for the nagios network mon

-- Configuration Files:
/etc/init.d/nsca changed:
DAEMON=/usr/sbin/nsca
NAME=nsca
DESC="Nagios Service Check Acceptor"
CONF=/etc/nsca.cfg
OPTS="--daemon -c $CONF"
PIDFILE="/var/run/nsca.pid"
if [ ! -x $DAEMON ]; then
        exit 0
fi
get_config(){
        grep "^[[:space:]]*$1=" $CONF 2>/dev/null | tail | cut -d= -f2-
}
PIDFILE=`get_config pid_file`
if [ -z "$PIDFILE" ];  then 
        # then this is the default PIDFILE
        PIDFILE="/var/run/nsca.pid"
        # run nsca in the foreground, and have s-s-d fork it for us
        OPTS="-f $OPTS"
        # and then this is how we call SSD
        SSD_STARTOPTS="--background --pidfile $PIDFILE --make-pidfile"
        SSD_STOPOPTS="--pidfile $PIDFILE"
else
        # but if pid_file is set, we don't have to do anything
        SSD_STARTOPTS="--pidfile $PIDFILE"
        SSD_STOPOPTS="--pidfile $PIDFILE"
fi
SSD_START="/sbin/start-stop-daemon --oknodo -S $SSD_STARTOPTS --exec $DAEMON"
SSD_STOP="/sbin/start-stop-daemon --oknodo -K $SSD_STOPOPTS --exec $DAEMON"
die(){
        echo $@
        exit 1
}
case "$1" in
start)
        echo -n "Starting $DESC: "
        if [ ! -d "/var/run/nagios" ]; then
                mkdir -p /var/run/nagios || die "ERROR: couldn't create 
/var/run/nagios"
        fi
        $SSD_START -- $OPTS || die "ERROR: could not start $NAME."
        echo "$NAME."
;;
stop)
        echo -n "Stopping $DESC: "
        $SSD_STOP -- $OPTS || die "ERROR: could not stop $NAME."
        rm -f $PIDFILE
        echo "$NAME."
;;
reload|force-reload)
        echo -n "Reloading $DESC: "
        $SSD_STOP --signal HUP -- $OPTS || die "ERROR: could not reload $NAME."
        echo "$NAME."
;;
restart)
        $0 stop
        $0 start
;;
esac

/etc/nsca.cfg changed:
pid_file=/var/run/nsca.pid
server_port=5667
nsca_user=nagios
nsca_group=nogroup
debug=0
command_file=/var/lib/nagios3/rw/nagios.cmd
alternate_dump_file=/var/run/nagios/nsca.dump
aggregate_writes=0
append_to_file=0
max_packet_age=30
decryption_method=1

/etc/send_nsca.cfg changed:
encryption_method=1


-- debconf information:
  nsca/run-nsca-daemon:

--- End Message ---

--- Begin Message ---

Source: nsca
Source-Version: 2.7.2+nmu1

We believe that the bug you reported is fixed in the latest version of
nsca, which is due to be installed in the Debian FTP archive:

nsca_2.7.2+nmu1.dsc
  to main/n/nsca/nsca_2.7.2+nmu1.dsc
nsca_2.7.2+nmu1.tar.gz
  to main/n/nsca/nsca_2.7.2+nmu1.tar.gz
nsca_2.7.2+nmu1_amd64.deb
  to main/n/nsca/nsca_2.7.2+nmu1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 604...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Oswald <xosw...@debian.org> (supplier of updated nsca package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 28 Nov 2010 10:59:05 +0100
Source: nsca
Binary: nsca nsca-client
Architecture: source amd64
Version: 2.7.2+nmu1
Distribution: unstable
Urgency: low
Maintainer: Debian Nagios Maintainer Group 
<pkg-nagios-de...@lists.alioth.debian.org>
Changed-By: Xavier Oswald <xosw...@debian.org>
Description: 
 nsca       - Nagios service monitor agent
 nsca-client - Nagios service monitor agent - client package
Closes: 604053
Changes: 
 nsca (2.7.2+nmu1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix nsca starting as daemon when disabled in debconf and using an unusual
     PID (Closes: #604053).
Checksums-Sha1: 
 509f8fcd53fd7ee7444750c170fa1365502decb1 1551 nsca_2.7.2+nmu1.dsc
 2f941a43222faab726eb86d9651f8a2cc0da6dfb 129467 nsca_2.7.2+nmu1.tar.gz
 4c9cdf7520089147a59e5fcfd6abfcb22891b54e 45630 nsca_2.7.2+nmu1_amd64.deb
Checksums-Sha256: 
 723d49be9ba7b73b66cc6d0c0e98a05d967fbc3fec3d3069a0a884f5b02bf04f 1551 
nsca_2.7.2+nmu1.dsc
 fa7d3f4f79ccca446bc941e3e558853f03b88d41931275f43ca629fd2e7a52c9 129467 
nsca_2.7.2+nmu1.tar.gz
 b2eb367ab4e77b2753d1caac31e3e02405a2621f8345445110c061da4a3e0f32 45630 
nsca_2.7.2+nmu1_amd64.deb
Files: 
 f4492ccb35d21535e7084632332b08e7 1551 net optional nsca_2.7.2+nmu1.dsc
 f13242d2aa89210cd97c18a3565016e6 129467 net optional nsca_2.7.2+nmu1.tar.gz
 86c7179e784856115b20b93e254cd7c6 45630 net optional nsca_2.7.2+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJM8lMsAAoJEIW5DSNGS43jOyMP/1ZRVODrDbMgUW6M29OnoO1e
Ft+6CiEMN1WEJImCe8scVShnB5G1xPIsbps+WTPkVGjxoXezRhvs6lFTwqHb3nWr
jeP8qUkaVApK43meD2mAkWURPqIiBMJqWoejfqm8eJVliSqfOPQ28ivucw0xmyf7
TMhUqSJj2ojXCipRHgA9dFAeyhTuGc/r8hCtf0z9rgm3IPUXiYMuU78ZdzIeX69j
sqtxJAD8AO1ULUIDIlCYW1Myehig1/wAmz7NZSIYUpNifmm+e+4ySjzQ5VDPgcgR
bS8vIDTjHaJIbf5qq90SEFVb5vh1vKW7p+wXJYiGpEZEm4dLQfvALoWC/Xu5B6Ao
uiuJRCJXx/pPmD8yrgSq+ynmwDwBnSc5T/pYC+grvnlv/NpTdZS5mkHFVI6D4IVS
RXVTVf7gEyFkuAzR6e6dswMhp8t3MEUWdUWdRVh5cJXBUuiVuB76sRXLrnn7niyF
PQWoCa9e9R8aIwDFZGcY73Shw3boXMw8PlHUk6m2AzaSptRt1We3aECQaOD2NEee
AjuZJYspeNLyFhLDAwJzEEag9rLHps6RcYCyIH+okgnxCVuE52UX2cC5UAAz1YKQ
gzg7rfPQVRICY5Ui2qrb+HqZWt4xOGQBqdV4z5z3w8M4GfctrLslJpQ6aiFt/55N
nilWa2uX5giD0zJIWhS+
=Z4l6
-----END PGP SIGNATURE-----

--- End Message ---

Bug#604053: marked as done (nsca: starts as daemon although disabled in debconf)

Reply via email to