From brian at shmoo.com Mon May 3 09:51:11 2004 From: brian at shmoo.com (Brian Wotring) Date: Mon, 3 May 2004 07:51:11 -0600 Subject: [osiris-devel] osiris-4.0.1 release candidate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.1 release candidate - ---------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains many new enhancements and fixes. The complete ChangeLog is as follows: Differences with version 4.0.1 ================================================= FEATURES: - - added the ability to edit comparison filters with the CLI. - - added command completion to the CLI, and added a history list of commands (up/down arrows). This is still experimental, enable this with the configure option: --enable-fancy-cli - - added more scan database options to host configuration. Hosts can now be configured to archive all databases, archive databases only when there are changes, or to not save any databases at all. In addition, hosts can now be configured to auto-accept changes, meaning that changes will only be logged (and/or sent out via email notifications) once. - - added support for gentoo install. - - added ability to configure scan agent listen port. FIXES: - - fixed silly bug with push-config prompts not filtering out beginning or trailing whitespaces in the response. - - fixed minor bug in Darwin installer. - - fixed a number of typos in CLI and log messages. - - fixed string format bug with log entry in cert creation code. - - fixed the allow list so regular expressions work properly, and hostnames now work properly. Previously, only IP addresses were valid entries. - - fixed minor formatting bug with notification email when http port is not enabled. - - fixed bug with rm-host command on CLI not parsing argument correctly. Downloads: http://osiris.shmoo.com/data/osiris-4.0.1-rc.tar.gz Checksums and Signatures: MD5(osiris-4.0.1-rc.tar.gz)= 675ce9363aa764cefe232eedbd004fa0 http://osiris.shmoo.com/data/osiris-4.0.1-rc.tar.gz.sig Please forward any questions or comments to the Osiris mailing list: osiris at lists.shmoo.com, and any questions related to development to the development list: osiris-devel at lists.shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJZOYQ3seZ6WdHY9EQL8HwCgywqd6yoZ/2FogiU8a9RAQBIYSP8AoJPT GjYglgou1v/Zoa93iwZ60DDR =NPco -----END PGP SIGNATURE----- From brian at shmoo.com Tue May 4 12:26:46 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 4 May 2004 10:26:46 -0600 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.1 release candidate2 - ---------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains many new enhancements and fixes. The complete ChangeLog is as follows: Differences with version 4.0.1 ================================================= FEATURES: - - added the ability to edit comparison filters with the CLI. - - added command completion to the CLI, and added a history list of commands (up/down arrows). This is still experimental, enable this with the configure option: --enable-fancy-cli=yes - - added more scan database options to host configuration. Hosts can now be configured to archive all databases, archive databases only when there are changes, or to not save any databases at all. In addition, hosts can now be configured to auto-accept changes, meaning that changes will only be logged (and/or sent out via email notifications) once. - - added support for gentoo install. - - added ability to configure scan agent listen port. FIXES: - - fixed silly bug with push-config prompts not filtering out beginning or trailing whitespaces in the response. - - fixed minor bug in Darwin installer. - - fixed a number of typos in CLI and log messages. - - fixed string format bug with log entry in cert creation code. - - fixed the allow list so regular expressions work properly, and hostnames now work properly. Previously, only IP addresses were valid entries. - - fixed minor formatting bug with notification email when http port is not enabled. - - fixed bug with rm-host command on CLI not parsing argument correctly. - - added more log messages to the scheduler module. - - fixed SIGCHLD handler bug with management console/CLI leaving zombies. Downloads: http://osiris.shmoo.com/data/osiris-4.0.1-rc2.tar.gz Checksums and Signatures: MD5(osiris-4.0.1-rc2.tar.gz)= 3dec89ee194ae6d90b105017ceb754cc http://osiris.shmoo.com/data/osiris-4.0.1-rc2.tar.gz.sig Please forward any questions or comments to the Osiris mailing list: osiris at lists.shmoo.com, and any questions related to development to the development list: osiris-devel at lists.shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJfEVA3seZ6WdHY9EQKx6ACgpwDFg7ivlZhBvN4h8AQYjiBKcDYAn1JB WRxUwNf+0Vb971BFFtQQ9UCF =Q3uR -----END PGP SIGNATURE----- From osiris-devel at lemmin.gs Tue May 4 19:52:11 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Wed, 5 May 2004 09:52:11 +1000 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: References: Message-ID: <20040504235211.GA16899@digger.lemmin.gs> Hi Brian, On Tue, May 04, 2004 at 10:26:46AM -0600, Brian Wotring wrote: > > - - fixed SIGCHLD handler bug with management console/CLI leaving zombies. Our 4.0.0 release management console is leaving zombies. Doing a ps shows that the zombies are children of the scheduling thread. The diff between rc & rc2 shows that the waitpid loop is only being used for the management console/CLI and not the scheduler process. emmanuel From osiris-devel at lemmin.gs Tue May 4 20:02:22 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Wed, 5 May 2004 10:02:22 +1000 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: References: Message-ID: <20040505000222.GA16994@digger.lemmin.gs> Hi Brian, In a previous email of mine, I said that I noticed that the scheduler was in a blocked waiting on a lock. This morning our 4.0.0 release MD was locked again. Investigation via gdb revealed that the cause is the log_info() call inside md_schedule.c:scheduling_signal_handler() (syslog is not reentrant). emmanuel From brian at shmoo.com Wed May 5 01:06:22 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 4 May 2004 23:06:22 -0600 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: <20040505000222.GA16994@digger.lemmin.gs> References: <20040505000222.GA16994@digger.lemmin.gs> Message-ID: You're right, the handler should not be calling syslog(), or anything like it. I have attached a diff that should address this issue, reviews are very much appreciated. Thanks emmanuel. -------------- next part -------------- A non-text attachment was scrubbed... Name: md_schedule.c.diff Type: application/octet-stream Size: 3773 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040504/eb5fe1cd/attachment.obj -------------- next part -------------- On May 4, 2004, at 6:02 PM, osiris-devel at lemmin.gs wrote: > Hi Brian, > > In a previous email of mine, I said that I noticed that the scheduler > was in a blocked waiting on a lock. This morning our 4.0.0 release MD > was locked again. > > Investigation via gdb revealed that the cause is the log_info() call > inside > md_schedule.c:scheduling_signal_handler() (syslog is not reentrant). > > emmanuel -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From osiris-devel at lemmin.gs Wed May 5 09:10:15 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Wed, 5 May 2004 23:10:15 +1000 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: References: <20040505000222.GA16994@digger.lemmin.gs> Message-ID: <20040505131015.GA18554@digger.lemmin.gs> Hi Brian, On Tue, May 04, 2004 at 11:06:22PM -0600, Brian Wotring wrote: > > You're right, the handler should not be calling syslog(), or anything > like it. I have attached a diff that should address this issue, > reviews are very much appreciated. The diff looks good. The only thing that should change is the variable declaration: static int received_* should instead be: static volatile sig_atomic_t received_* emmanuel From brian at shmoo.com Wed May 5 10:25:14 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 5 May 2004 08:25:14 -0600 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: <20040505131015.GA18554@digger.lemmin.gs> References: <20040505000222.GA16994@digger.lemmin.gs> <20040505131015.GA18554@digger.lemmin.gs> Message-ID: <0632E9AF-9EA0-11D8-9584-000393578C14@shmoo.com> Agreed. The other handler flags have also been marked volatile and declared atomic (if the type exists). Thanks for the review, this was a good catch. Release candidate 3 will be out shortly. On May 5, 2004, at 7:10 AM, osiris-devel at lemmin.gs wrote: > Hi Brian, > > On Tue, May 04, 2004 at 11:06:22PM -0600, Brian Wotring wrote: >> >> You're right, the handler should not be calling syslog(), or anything >> like it. I have attached a diff that should address this issue, >> reviews are very much appreciated. > > The diff looks good. The only thing that should change is the > variable declaration: > > static int received_* > > should instead be: > > static volatile sig_atomic_t received_* > > emmanuel > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From brian at shmoo.com Wed May 5 10:35:32 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 5 May 2004 08:35:32 -0600 Subject: [osiris-devel] osiris-4.0.1 release candidate 3 Message-ID: <76C6AA55-9EA1-11D8-9584-000393578C14@shmoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.1 release candidate3 - ---------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains many new enhancements and fixes. The complete ChangeLog is as follows: Differences with version 4.0.1 ================================================= FEATURES: - - added the ability to edit comparison filters with the CLI. - - added command completion to the CLI, and added a history list of commands (up/down arrows). This is still experimental, enable this with the configure option: --enable-fancy-cli=yes - - added more scan database options to host configuration. Hosts can now be configured to archive all databases, archive databases only when there are changes, or to not save any databases at all. In addition, hosts can now be configured to auto-accept changes, meaning that changes will only be logged (and/or sent out via email notifications) once. - - added support for gentoo install. - - added ability to configure scan agent listen port. FIXES: - - fixed silly bug with push-config prompts not filtering out beginning or trailing whitespaces in the response. - - fixed minor bug in Darwin installer. - - fixed a number of typos in CLI and log messages. - - fixed string format bug with log entry in cert creation code. - - fixed the allow list so regular expressions work properly, and hostnames now work properly. Previously, only IP addresses were valid entries. - - fixed minor formatting bug with notification email when http port is not enabled. - - fixed bug with rm-host command on CLI not parsing argument correctly. - - added more log messages to the scheduler module. - - fixed SIGCHLD bug with management console/CLI leaving zombies. - - fixed make distclean target in scan agent modules directory. - - fixed signal handler bug with the scheduler that rendered the scheduling process vulnerable to freezes, or crashes. Downloads: http://osiris.shmoo.com/data/osiris-4.0.1-rc3.tar.gz Checksums and Signatures: MD5(osiris-4.0.1-rc3.tar.gz)= c1c678d9ca5a545ba5b955def7d16f67 http://osiris.shmoo.com/data/osiris-4.0.1-rc3.tar.gz.sig Please forward any questions or comments to the Osiris mailing list: osiris at lists.shmoo.com, and any questions related to development to the development list: osiris-devel at lists.shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJj7vw3seZ6WdHY9EQLQ4wCg0WS2yifmJcpC+QKLYXB9Dr9PMm0AoKe6 fVWmbXWB4ESlXoiHibE/W6Yc =zzIa -----END PGP SIGNATURE----- From osiris-devel at lemmin.gs Wed May 5 11:15:39 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Thu, 6 May 2004 01:15:39 +1000 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 In-Reply-To: <0632E9AF-9EA0-11D8-9584-000393578C14@shmoo.com> References: <20040505000222.GA16994@digger.lemmin.gs> <20040505131015.GA18554@digger.lemmin.gs> <0632E9AF-9EA0-11D8-9584-000393578C14@shmoo.com> Message-ID: <20040505151539.GA30897@digger.lemmin.gs> On Wed, May 05, 2004 at 08:25:14AM -0600, Brian Wotring wrote: > > Agreed. The other handler flags have also been marked volatile and > declared atomic (if the type exists). Thanks for the review, this was > a good catch. One thing I missed is that check_for_signals() needs to be called regardless inside md_scheduler_wait just before the wait_for_data: label. Otherwise signals that occur whilst not waiting on the select will not be handled (until a signal happens to interrupt the select). If you want to bother, it could be useful if log_info inside the sigchld block of check_for_signals() was inside the while loop and if it printed out the return value of the child. emmanuel From Alexei_Roudnev at exigengroup.com Wed May 5 14:13:42 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev) Date: Wed, 5 May 2004 11:13:42 -0700 Subject: [osiris-devel] osiris-4.0.1 release candidate 2 References: <20040504235211.GA16899@digger.lemmin.gs> Message-ID: <054c01c432cc$b2ce05a0$2c7f300a@sjc.exigengroup.com> My 2.4.2 console do not left a zombies (it is Windowws -:)), but I can see many frozen / zombie like connections on the Windows agent machines. So, something is still wrong. We fixed one problem with zombies many months ago, but others can still exist. I can see numerous CLOSE_WAIT connections on Windows agents. (It is, more liklely, some problem with winsock level in the scanner). ----- Original Message ----- From: To: "Osiris Developers" Sent: Tuesday, May 04, 2004 4:52 PM Subject: Re: [osiris-devel] osiris-4.0.1 release candidate 2 > Hi Brian, > > On Tue, May 04, 2004 at 10:26:46AM -0600, Brian Wotring wrote: > > > > - - fixed SIGCHLD handler bug with management console/CLI leaving zombies. > > Our 4.0.0 release management console is leaving zombies. Doing a ps > shows that the zombies are children of the scheduling thread. The diff > between rc & rc2 shows that the waitpid loop is only being used for > the management console/CLI and not the scheduler process. > > emmanuel > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > From mmoglia at libero.it Fri May 7 05:22:41 2004 From: mmoglia at libero.it (mmoglia at libero.it) Date: Fri, 7 May 2004 11:22:41 +0200 Subject: [osiris-devel] Problem EXE size compiling on MINGW Message-ID: I successfully recompiled the applications from sources but I have obtained exe file with a lerger size then the exe that are in the binary distribution. 4,081,883 osiris.exe 3,107,063 osirisd.exe 4,165,221 osirismd.exe What mistake have I make ? Forgotten something ? Thanks Michele Moglia p.s. I am not a newbie of C but this my fist experience with MinGW. From brian at shmoo.com Fri May 7 08:34:38 2004 From: brian at shmoo.com (Brian Wotring) Date: Fri, 7 May 2004 06:34:38 -0600 Subject: [osiris-devel] Problem EXE size compiling on MINGW In-Reply-To: References: Message-ID: Use strip. On May 7, 2004, at 3:22 AM, mmoglia at libero.it wrote: > I successfully recompiled the applications from sources but > I have obtained exe file with a lerger size then the exe that are > in the binary distribution. > > 4,081,883 osiris.exe > 3,107,063 osirisd.exe > 4,165,221 osirismd.exe > > What mistake have I make ? > Forgotten something ? > > Thanks > > Michele Moglia > > p.s. > I am not a newbie of C but this my fist experience with MinGW. > > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From brian at shmoo.com Mon May 10 12:28:10 2004 From: brian at shmoo.com (Brian Wotring) Date: Mon, 10 May 2004 10:28:10 -0600 Subject: [osiris-devel] osiris-4.0.1 released Message-ID: <06AFBCBA-A29F-11D8-A180-000393578C14@shmoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.1 release - --------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains a few new enhancements, and many fixes: Differences with version 4.0.1 ================================================= FEATURES: - - added the ability to edit comparison filters with the CLI. - - added command completion to the CLI, and added a history list of commands (up/down arrows). This is still experimental, enable this with the configure option: --enable-fancy-cli=yes - - added more scan database options to host configuration. Hosts can now be configured to archive all databases, archive databases only when there are changes, or to not save any databases at all. In addition, hosts can now be configured to auto-accept changes, meaning that changes will only be logged (and/or sent out via email notifications) once. - - added support for gentoo install (ebuilds currently being integrated) - - added ability to configure scan agent listen port. FIXES: - - fixed silly bug with push-config prompts not filtering out beginning or trailing whitespaces in the response (Thanks to Karen Wieprecht) - - fixed minor bug in Darwin installer. - - fixed a number of typos in CLI and log messages. - - fixed string format bug with log entry in cert creation code (Thanks to Brian Daugherty) - - fixed the allow list so regular expressions work properly, and hostnames now work properly. Previously, only IP addresses were valid entries (Thanks to Karen Wieprecht) - - fixed minor formatting bug with notification email when http port is not enabled. - - fixed bug with rm-host command on CLI not parsing argument correctly. - - added more log messages to the scheduler module. - - fixed SIGCHLD bug with management console/CLI leaving zombies (Thanks to emmanuel) - - fixed make distclean target in scan agent modules directory. - - fixed signal handler bug with the scheduler that rendered the scheduling process vulnerable to freezes, or crashes (Thanks to emmanuel) Downloads: http://osiris.shmoo.com/data/osiris-4.0.1.tar.gz http://osiris.shmoo.com/data/osiris-4.0.1-win32.exe Checksums and Signatures: MD5(osiris-4.0.1.tar.gz)= 86e046e79ab895aba0f0c4767524306b MD5(osiris-4.0.1-win32.exe)= 37c2012a51d4deac7892e6b9e4f2fd94 http://osiris.shmoo.com/data/osiris-4.0.1.tar.gz.sig http://osiris.shmoo.com/data/osiris-4.0.1-win32.exe.sig Please forward any questions or comments to the Osiris mailing list: osiris at lists.shmoo.com, and any questions related to development to the development list: osiris-devel at lists.shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJ+trA3seZ6WdHY9EQL60ACgteAuiJgM0tFKAn0WmW4idO8oM7kAoJBx RfAsvxWfmYcJd9Ugiu6ZFcL2 =S4Rp -----END PGP SIGNATURE----- From brian at shmoo.com Tue May 18 13:34:59 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 18 May 2004 11:34:59 -0600 Subject: [osiris-devel] osiris-4.0.2 release candidate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.2 release candidate - ---------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains many new enhancements and fixes. The complete ChangeLog is as follows: Differences with version 4.0.2 ================================================= FIXES: - - fixed subject headers, missing CRLF - - fixed log message of type error, should have been type: info. - - fixed notify_flags (scan failed) not being set correctly. - - fixed bogus scan-failure messages from being sent by the scheduler. FEATURES: - - added Date header to email notification messages. Download: http://osiris.shmoo.com/data/osiris-4.0.2-rc.tar.gz Checksum: MD5(osiris-4.0.2-rc.tar.gz)= 403dc04961ebce37cc3b2f8a6d3a9e1b Please forward any questions or comments to the Osiris mailing list: osiris at lists.shmoo.com, and any questions related to development to the development list: osiris-devel at lists.shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQKpJRA3seZ6WdHY9EQJFmgCdF9ro7AQxL7fmjVXLDi+iWTOUeJYAnjZ2 tC7SAJh7G4yDKzGN6N+LFkwd =VbOs -----END PGP SIGNATURE----- From brian at shmoo.com Tue May 25 15:12:17 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 25 May 2004 13:12:17 -0600 Subject: [osiris-devel] Fwd: [osiris] init script install problem Message-ID: <704A0E20-AE7F-11D8-9B50-000393578C14@shmoo.com> Why not just use the -m option to stop after the first match? For example: cat /proc/version | grep -oi -m 1 -e 'SuSE' -e 'Red Hat' -e 'Redhat' -e 'Debian' -e 'Gentoo' | gr A-Z a-z Begin forwarded message: > From: Jason 'XenoPhage' Frisvold > Date: May 25, 2004 10:34:55 AM MDT > To: Osiris Users > Subject: Re: [osiris] init script install problem > Reply-To: Osiris Users > > On Tue, 2004-05-18 at 17:02, Jason 'XenoPhage' Frisvold wrote: >> Hrm.. slight problem with the install script for the init scripts... >> Check this out : >> >> [friz at jake install]$ cat /proc/version >> Linux version 2.4.21-15.EL (bhcompile at bugs.build.redhat.com) (gcc >> version 3.2.3 20030502 (Red Hat Linux 3.2.3-34)) #1 Thu Apr 22 >> 00:27:41 >> EDT 2004 >> [friz at jake install]$ cat /proc/version | grep -oi -e 'SuSE' -e 'Red >> Hat' >> -e 'Redhat' -e 'Debian' -e 'Gentoo' | tr A-Z a-z >> red hat >> redhat >> red hat > > Well, I figured out what's causing this, but I'm not sure how to > correct > it... I'm hacking on that bit now... > > The grep command uses the LC_ALL, LC_*, and LANG variables to determine > what language to use .... On one system (old redhat 9 system), it > works > fine.. LANG is set to C. On my new systems (RHES 3.0), it's set to > us_EN.UTF-8 and gives the output above... > > So, I guess the trick here is to figure out how to get it to report > correctly in all languages, or to find a different means of detecting > the OS. > > Any ideas? > > -- > --------------------------- > Jason 'XenoPhage' Frisvold > Engine / Technology Programmer > friz at godshell.com > RedHat Certified - RHCE # 803004140609871 > MySQL Pro Certified - ID# 207171862 > MySQL Core Certified - ID# 205982910 > --------------------------- > "Something mysterious is formed, born in the silent void. Waiting alone > and unmoving, it is at once still and yet in constant motion. It is the > source of all programs. I do not know its name, so I will call it the > Tao of Programming." > _______________________________________________ > osiris mailing list > osiris at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris From brian at shmoo.com Tue May 25 17:12:49 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 25 May 2004 15:12:49 -0600 Subject: [osiris-devel] Fwd: [osiris] init script install problem In-Reply-To: <704A0E20-AE7F-11D8-9B50-000393578C14@shmoo.com> References: <704A0E20-AE7F-11D8-9B50-000393578C14@shmoo.com> Message-ID: <46C12AFC-AE90-11D8-9B50-000393578C14@shmoo.com> This should fix a couple of problems with that line in the install script. Thanks for the help, Jason. =================================================================== RCS file: /home/cvs/projects/osiris/src/install/install.sh.in,v retrieving revision 1.42 diff -r1.42 install.sh.in 701c701 < DISTRO=`cat /proc/version | grep -oi -e 'SuSE' -e 'Red Hat' -e 'Redhat' -e 'Debian' -e 'Gentoo' | tr A-Z a-z` --- > DISTRO=`cat /proc/version | grep -oi -e 'suse' -e 'red hat' -e 'redhat' -e 'debian' -e 'gentoo' | tr A-Z a-z | head -n 1` On May 25, 2004, at 1:12 PM, Brian Wotring wrote: > > Why not just use the -m option to stop after the first match? For > example: > > cat /proc/version | grep -oi -m 1 -e 'SuSE' -e 'Red Hat' -e > 'Redhat' -e 'Debian' -e 'Gentoo' | gr A-Z a-z > > Begin forwarded message: > >> From: Jason 'XenoPhage' Frisvold >> Date: May 25, 2004 10:34:55 AM MDT >> To: Osiris Users >> Subject: Re: [osiris] init script install problem >> Reply-To: Osiris Users >> >> On Tue, 2004-05-18 at 17:02, Jason 'XenoPhage' Frisvold wrote: >>> Hrm.. slight problem with the install script for the init scripts... >>> Check this out : >>> >>> [friz at jake install]$ cat /proc/version >>> Linux version 2.4.21-15.EL (bhcompile at bugs.build.redhat.com) (gcc >>> version 3.2.3 20030502 (Red Hat Linux 3.2.3-34)) #1 Thu Apr 22 >>> 00:27:41 >>> EDT 2004 >>> [friz at jake install]$ cat /proc/version | grep -oi -e 'SuSE' -e 'Red >>> Hat' >>> -e 'Redhat' -e 'Debian' -e 'Gentoo' | tr A-Z a-z >>> red hat >>> redhat >>> red hat >> >> Well, I figured out what's causing this, but I'm not sure how to >> correct >> it... I'm hacking on that bit now... >> >> The grep command uses the LC_ALL, LC_*, and LANG variables to >> determine >> what language to use .... On one system (old redhat 9 system), it >> works >> fine.. LANG is set to C. On my new systems (RHES 3.0), it's set to >> us_EN.UTF-8 and gives the output above... >> >> So, I guess the trick here is to figure out how to get it to report >> correctly in all languages, or to find a different means of detecting >> the OS. >> >> Any ideas? >> >> -- >> --------------------------- >> Jason 'XenoPhage' Frisvold >> Engine / Technology Programmer >> friz at godshell.com >> RedHat Certified - RHCE # 803004140609871 >> MySQL Pro Certified - ID# 207171862 >> MySQL Core Certified - ID# 205982910 >> --------------------------- >> "Something mysterious is formed, born in the silent void. Waiting >> alone >> and unmoving, it is at once still and yet in constant motion. It is >> the >> source of all programs. I do not know its name, so I will call it the >> Tao of Programming." >> _______________________________________________ >> osiris mailing list >> osiris at lists.shmoo.com >> https://lists.shmoo.com/mailman/listinfo/osiris > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From friz at godshell.com Tue May 25 21:25:46 2004 From: friz at godshell.com (Jason 'XenoPhage' Frisvold) Date: Tue, 25 May 2004 21:25:46 -0400 (EDT) Subject: [osiris-devel] Fwd: [osiris] init script install problem In-Reply-To: <46C12AFC-AE90-11D8-9B50-000393578C14@shmoo.com> References: <704A0E20-AE7F-11D8-9B50-000393578C14@shmoo.com> <46C12AFC-AE90-11D8-9B50-000393578C14@shmoo.com> Message-ID: <1172.24.229.44.44.1085534746.squirrel@www.protectors.cc> Brian Wotring said: > > This should fix a couple of problems with that line in the install > script. Thanks for the help, Jason. No problem ... lemme know if you need me to break anything else moving forward.. *grin* --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer friz at godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." From friz at godshell.com Tue May 25 21:25:46 2004 From: friz at godshell.com (Jason 'XenoPhage' Frisvold) Date: Tue, 25 May 2004 21:25:46 -0400 (EDT) Subject: [osiris-devel] Fwd: [osiris] init script install problem In-Reply-To: <46C12AFC-AE90-11D8-9B50-000393578C14@shmoo.com> References: <704A0E20-AE7F-11D8-9B50-000393578C14@shmoo.com> <46C12AFC-AE90-11D8-9B50-000393578C14@shmoo.com> Message-ID: <1172.24.229.44.44.1085534746.squirrel@www.protectors.cc> Brian Wotring said: > > This should fix a couple of problems with that line in the install > script. Thanks for the help, Jason. No problem ... lemme know if you need me to break anything else moving forward.. *grin* --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer friz at godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." From osiris-devel at lemmin.gs Wed May 26 07:57:17 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Wed, 26 May 2004 21:57:17 +1000 Subject: [osiris-devel] osiris-4.0.2 release candidate In-Reply-To: References: Message-ID: <20040526115717.GA11570@digger.lemmin.gs> On Tue, May 18, 2004 at 11:34:59AM -0600, Brian Wotring wrote: > FEATURES: > > - - added Date header to email notification messages. osi_time_to_string does not include the time zone. This makes some mail readers think that the time is GMT, thus making the time displayed wrong by GMT offset hours. Did some MTA's not add the date header? emmanuel From friz at godshell.com Wed May 26 09:03:06 2004 From: friz at godshell.com (Jason 'XenoPhage' Frisvold) Date: Wed, 26 May 2004 09:03:06 -0400 Subject: [osiris-devel] osiris-4.0.2 release candidate In-Reply-To: <20040526115717.GA11570@digger.lemmin.gs> References: <20040526115717.GA11570@digger.lemmin.gs> Message-ID: <1085576585.886.46.camel@corp> On Wed, 2004-05-26 at 07:57, osiris-devel at lemmin.gs wrote: > osi_time_to_string does not include the time zone. This makes > some mail readers think that the time is GMT, thus making the time > displayed wrong by GMT offset hours. Some mail readers also consider this an invalid date ... I'm guessing it's because of the absence of the GMT stamp... Squirrelmail is the one that comes to mind quickest... :) > Did some MTA's not add the date header? > > emmanuel > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer friz at godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040526/43224852/attachment.pgp From friz at godshell.com Sun May 30 11:32:43 2004 From: friz at godshell.com (Jason 'XenoPhage' Frisvold) Date: Sun, 30 May 2004 11:32:43 -0400 (EDT) Subject: [osiris-devel] Feature Request - Dated Ignores Message-ID: <1224.24.229.44.44.1085931163.squirrel@www.protectors.cc> Hi all, During certain scheduled times, files on my system are set to change.. Most notably are rebuilds of ssl certs, and lockfiles for running processes when logs rotate. I know about these, and I'd like to automatically ignore them on a regular schedule. However, if they change outside of that schedule, I need to know since there may be a problem.. So, I propose adding some sort of ignore system to osiris that would allow a user to ignore a file during a certain period of time. Obviously the system would have to rehash that file and automatically add it to the db... I was imagining something like this: IgnoreFile "filename" "0 0 * * *" Where the first field is the filename and the second field is a crontab-like entry of the time to ignore the file... ie, in the above example, it would ignore the file at midnight each night... Thoughts, comments, flames? :) --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer friz at godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." From brian at shmoo.com Sun May 30 13:01:33 2004 From: brian at shmoo.com (Brian Wotring) Date: Sun, 30 May 2004 11:01:33 -0600 Subject: [osiris-devel] Feature Request - Dated Ignores In-Reply-To: <1224.24.229.44.44.1085931163.squirrel@www.protectors.cc> References: <1224.24.229.44.44.1085931163.squirrel@www.protectors.cc> Message-ID: <00AD2E2A-B25B-11D8-B07C-003065A506B2@shmoo.com> A couple of thoughts: First, the scan configuration files have nothing really to do with the comparison process. That is, the scan configs are not consulted during the comparison process, only when performing a scan. I think adding this to the configuration syntax would complicate it a great deal, as well as require changes to the management console's analysis engine. Second, this is only half the solution. I'm sure you've thought of this, but because it is so important I think I should mention it. In order to maintain any sort of faith in the integrity of these files, you have to know the time window, and more importantly, the next resultant state of the files. That is, a time window alone is almost worthless because in the cases you've listed you will have to leave some breathing room and that means that any change in that window would be considered legitimate; not a good thing ;) As far as managing the alerts go, I think it falls outside the scope of the management console. If you know the schedules of these items, you should be able to deal with this at a higher level. For example, email notifications could easily be filtered/archived according to content. For syslog entries, a log analysis program (e.g. swatch) could easily be used to look for these scheduled changes and report on the ones that fall outside of your time window, and deal with the time window problem by triggering an alert if more than one change happens inside that window. I hope this helps. On May 30, 2004, at 9:32 AM, Jason 'XenoPhage' Frisvold wrote: > Hi all, > > During certain scheduled times, files on my system are set to change.. > Most notably are rebuilds of ssl certs, and lockfiles for running > processes when logs rotate. I know about these, and I'd like to > automatically ignore them on a regular schedule. However, if they > change > outside of that schedule, I need to know since there may be a problem.. > > So, I propose adding some sort of ignore system to osiris that would > allow > a user to ignore a file during a certain period of time. Obviously the > system would have to rehash that file and automatically add it to the > db... I was imagining something like this: > > IgnoreFile "filename" "0 0 * * *" > > Where the first field is the filename and the second field is a > crontab-like entry of the time to ignore the file... ie, in the above > example, it would ignore the file at midnight each night... > > Thoughts, comments, flames? :) > > > --------------------------- > Jason 'XenoPhage' Frisvold > Engine / Technology Programmer > friz at godshell.com > RedHat Certified - RHCE # 803004140609871 > MySQL Pro Certified - ID# 207171862 > MySQL Core Certified - ID# 205982910 > --------------------------- > "Something mysterious is formed, born in the silent void. Waiting alone > and unmoving, it is at once still and yet in constant motion. It is the > source of all programs. I do not know its name, so I will call it the > Tao > of Programming." > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D