debian

DSA 1571-1 - New openssl packages fix predictable random number generator

For more info on the debian security announcement see:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Server keys for this host have been updated - any ssh users may well need to remove the old ones from their .known_hosts file (or equivalent). Just to let them know that the keys are changed and intentionally so.

Technorati Tags:

Exim4 shouldn't give up just because clamav died

I was having the issue that if clamav died (usually due to freshclam update taking too long) that exim4 would start temporary rejecting ALL mail.

Here's a suggestion from Mike Cardwell on the exim users mailing list. It adds a check on the file existing and adds a header if not instead of rejecting.


warn !condition = ${if exists{/var/run/clamav/clamd.ctl}}
     add_header = X-Virus-Checked: False
deny condition  = ${if exists{/var/run/clamav/clamd.ctl}}
     malware    = *
Technorati Tags:

Building a debian firewall on a CF card

I currently have an OpenBSD firewall running on an ancient 586. I have a mini-itx board, CF/IDE converter and a CF card and have been intending to upgrade.

However - rather than OpenBSD I'm going to try for debian (since I know that much better).

This post will end up being a "how I did it" - but at the minute is just a collection of the notes I'm grabbing for now.

Clamav not starting (exim can't find clamav.ctl)

My exim4 process is configured based on this post and other points noted here.

Today it started failing - clamav failed to read its db (locked) possibly due to freshclam runs.

Debian bug 454587 gave the hint - the packages in volatile have this fixed (a non-security update that fixes this issue in stable).

So - added to my apt-config:

deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

Technorati Tags:

Create a Maildir directory

When you create a new user - it helps to remember to create their Maildir (if you are using Maildir).

maildirmake ~/Maildir/

Technorati Tags:

Upgrading debian from sarge to etch : sa-exim

After upgrading sarge to etch - spamassassin was installed - but sa-exim wasn't running (the headers in mail showed it to be to do with the setting of SAEximRunCond stating that it should not run).

After a lot of looking at the default line in /etc/exim4/sa-exim.conf I found lower down the line:

SAEximRunCond: 0

Comment this out if you want sa-exim to run spamassassin on the mail!

Upgrading apache 2.0 to 2.2 with ldap controlled basic auth

LDAP authentication started giving:

(9)Bad file descriptor: Could not open password file: (null)

Technorati Tags:

Problems updating sarge -> etch

The following problems:

Technorati Tags:

Switching between java JDK's on debian

I use the java-package make-jpkg to install java JVM's. I have mostly used sun's JVM's up to now.

I wanted to easily switch between them (which the alternatives mechanism handles well) but also to keep the relevant JAVA_HOME in sync (for things that still need this in the environment).

Technorati Tags:

Debian sarge to etch test run

I have two servers running debian sarge (stable). Etch is nearly ready to go stable (in hard freeze) so I decided to test the upgrade on the least important box.

Technorati Tags:
Syndicate content
worried