When you see the backup of a (non localhost) client failing with the message:

Fatal error: Failed to authenticate Storage daemon

Keep in mind that bacula uses tcpwrappers, though probably not in the way you expect it.

instead of doing:

bacula-sd : 111.222.333.444

do:

$name-sd : 111.222.333.444

where $name is the name you specified in the bacula-sd.conf

Most services that use tcpwrappers (tcpd) use the name of the service (bacula-sd in this case), but bacula has a cute approach to it that listens only to the name you defined for the service. As far as I can tell this applies only to bacula-sd, and not bacula-dir or bacula-fd.

So, say you would have the following config in bacula-sd.conf:

1
2
3
4
5
6
7

Storage {                             # definition of myself
  Name = foo.bar-sd
  SDPort = 9103                  # Director's port
  WorkingDirectory = "/var/lib/bacula"
  Pid Directory = "/var/run/bacula"
  Maximum Concurrent Jobs = 20
}

then your /etc/hosts.allow would read:

1

foo.bar-sd : 111.222.333.444

Please note that you will still need to take care of your passwords on both ends, any mismatches there will results in no backups being made. Be sure to test your backups regularly.

general bacula, open source

Someone on IRC pointed me to this wonderful bug in Spamassassin, it’s easy to quickfix, but the fix itself will become a bug in 10 years, in any case, until they push an update that correctly fixes this:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

( meaning emails sent in 2010  will also trigger the scoring )

should be changed into:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

Making it not a problem until we reach 2020

On my ubuntu box the rule is found in:

/usr/share/spamassassin/72_active.cf

Special thanks to Habbie for making me aware of the problem on IRC!

oh and by the way:

Happy New Year!

general, work open source, spam

always remember to do the following after upgrading PHP, but before restarting apache:

1
2

cd /usr/ports/www/suphp
make deinstall && make reinstall

when using eaccelerator do:

1
2

cd /usr/ports/www/eaccelerator
make deinstall && make reinstall

too.

Saves you a LOT of headaches

FreeBSD FreeBSD, open source, PHP

The FreeBSD developers are clearly stepping up the pace with the second RC for 7.1 out in almost no time after the first one hit.

What’s next guys? -RELEASE before new years?

FreeBSD FreeBSD, open source, OS

One day, you’re bouncing all over the place because there’s an official 7.1-RC1, the next, there’s already two security advisories.

To sum them up:

• protosw
  safe to ignore unless you have local users, safe to ignore if you haven’t loaded / compiled in the ng_* modules

  Index: sys/kern/uipc_domain.c
  ===================================================================
  --- sys/kern/uipc_domain.c	(revision 186366)
  +++ sys/kern/uipc_domain.c	(working copy)
  @@ -112,13 +112,18 @@
   
   #define DEFAULT(foo, bar)	if ((foo) == NULL)  (foo) = (bar)
   	DEFAULT(pu->pru_accept, pru_accept_notsupp);
  +	DEFAULT(pu->pru_bind, pru_bind_notsupp);
   	DEFAULT(pu->pru_connect, pru_connect_notsupp);
   	DEFAULT(pu->pru_connect2, pru_connect2_notsupp);
   	DEFAULT(pu->pru_control, pru_control_notsupp);
  +	DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp);
   	DEFAULT(pu->pru_listen, pru_listen_notsupp);
  +	DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp);
   	DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp);
   	DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp);
   	DEFAULT(pu->pru_sense, pru_sense_null);
  +	DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp);
  +	DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp);
   	DEFAULT(pu->pru_sosend, sosend_generic);
   	DEFAULT(pu->pru_soreceive, soreceive_generic);
   	DEFAULT(pu->pru_sopoll, sopoll_generic);

• ftpd
  you can ignore it if you don’t run this ftp daemon, or if you have disabled ftp all together. Otherwise: patch it right the heck now!

  Index: libexec/ftpd/ftpcmd.y
  ===================================================================
  --- libexec/ftpd/ftpcmd.y	(revision 185134)
  +++ libexec/ftpd/ftpcmd.y	(working copy)
  @@ -1191,7 +1191,7 @@
   /*
    * getline - a hacked up version of fgets to ignore TELNET escape codes.
    */
  -char *
  +int
   getline(char *s, int n, FILE *iop)
   {
   	int c;
  @@ -1207,7 +1207,7 @@
   			if (ftpdebug)
   				syslog(LOG_DEBUG, "command: %s", s);
   			tmpline[0] = '\0';
  -			return(s);
  +			return(0);
   		}
   		if (c == 0)
   			tmpline[0] = '\0';
  @@ -1244,13 +1244,24 @@
   			}
   		}
   		*cs++ = c;
  -		if (--n <= 0 || c == '\n')
  +		if (--n <= 0) {
  +			/*
  +			 * If command doesn't fit into buffer, discard the
  +			 * rest of the command and indicate truncation.
  +			 * This prevents the command to be split up into
  +			 * multiple commands.
  +			 */
  +			while (c != '\n' && (c = getc(iop)) != EOF)
  +				;
  +			return (-2);
  +		}
  +		if (c == '\n')
   			break;
   	}
   got_eof:
   	sigprocmask(SIG_SETMASK, &osset, NULL);
   	if (c == EOF && cs == s)
  -		return (NULL);
  +		return (-1);
   	*cs++ = '\0';
   	if (ftpdebug) {
   		if (!guest && strncasecmp("pass ", s, 5) == 0) {
  @@ -1270,7 +1281,7 @@
   			syslog(LOG_DEBUG, "command: %.*s", len, s);
   		}
   	}
  -	return (s);
  +	return (0);
   }
   
   static void
  @@ -1300,9 +1311,14 @@
   		case CMD:
   			(void) signal(SIGALRM, toolong);
   			(void) alarm(timeout);
  -			if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
  +			n = getline(cbuf, sizeof(cbuf)-1, stdin);
  +			if (n == -1) {
   				reply(221, "You could at least say goodbye.");
   				dologout(0);
  +			} else if (n == -2) {
  +				reply(500, "Command too long.");
  +				(void) alarm(0);
  +				continue;
   			}
   			(void) alarm(0);
   #ifdef SETPROCTITLE
  Index: libexec/ftpd/extern.h
  ===================================================================
  --- libexec/ftpd/extern.h	(revision 185134)
  +++ libexec/ftpd/extern.h	(working copy)
  @@ -46,7 +46,7 @@
   void    ftpd_logwtmp(char *, char *, struct sockaddr *addr);
   int	ftpd_pclose(FILE *);
   FILE   *ftpd_popen(char *, char *);
  -char   *getline(char *, int, FILE *);
  +int	getline(char *, int, FILE *);
   void	lreply(int, const char *, ...) __printflike(2, 3);
   void	makedir(char *);
   void	nack(char *);
  Index: libexec/ftpd/ftpd.c
  ===================================================================
  --- libexec/ftpd/ftpd.c	(revision 185134)
  +++ libexec/ftpd/ftpd.c	(working copy)
  @@ -2794,15 +2794,20 @@
   myoob(void)
   {
   	char *cp;
  +	int ret;
   
   	if (!transflag) {
   		syslog(LOG_ERR, "Internal: myoob() while no transfer");
   		return (0);
   	}
   	cp = tmpline;
  -	if (getline(cp, 7, stdin) == NULL) {
  +	ret = getline(cp, 7, stdin);
  +	if (ret == -1) {
   		reply(221, "You could at least say goodbye.");
   		dologout(0);
  +	} else if (ret == -2) {
  +		/* Ignore truncated command. */
  +		return (0);
   	}
   	upper(cp);
   	if (strcmp(cp, "ABOR\r\n") == 0) {

I noticed that the -RC2 branch is in place too now. Almost there…. must … be … patient …

FreeBSD FreeBSD, open source, OS

You got to love the way they write the release announcements:

“Gee. Did we really implement that new interface that way? That needs a bit more work.”

So,  it’s now the last few legs of the release cycle, and I’m looking forward to it.

DO read the release announcement or /usr/src/UPDATING, specialy if you currently have a system that uses the em(4) driver (Intel E1000 NIC), it might change with this release, to igb(4).

FreeBSD FreeBSD, open source, OS

We’re only a little bit removed from the next major FreeBSD release. The branch has been tagged, and the ports-tree is (thank God!) unfrozen once again. The first Release Candidate has hit the FTP servers.

I’ve been running -PRERELEASE for a while now, and haven’t found any problems so far, not on real-steal hardware, nor on vmware virtualized hardware.

FreeBSD FreeBSD, open source, OS

Firefox Download Day 2008 has started.

Everyone, please download Firefox, so we can set a world record!

general Firefox, open source

First of all: do not panic

Second: get some coffee

Finaly: rm /var/db/pkg/pkgdb.db

I think this comes from upgrading portupgrade somewhere along the line, and accidentaly switching between database formats (hash, or bdb4 btree). The strangest thing is that I’ve searched high and low with Google, but no results anywhere. (not even any of the FreeBSD maillinglists). So it took me a little while to figure out this one.

FreeBSD FreeBSD, open source, OS

I like HP servers. True enough, I like Supermicro better, but big companies tend not to like Supermicro due to the fact you have to assemble them yourself, and there’s no real support / SLA agreement possible with them (for now – I hear it’s in the works). Most people in the ISP world know however, that Supermicro is extremely reliable stuff, and priced extremely nicely.

Anyhow, I’m stuck with HP, which is not a bad platform to get stuck with to begin with. FreeBSD runs beautifully on it, but then you have to do without the insight manager agents, the same deal applies when you run Ubuntu. Centos 4 and 5 are a breeze, just edit /etc/redhat-release so it reflects a RedHat version of Enterprise Server, and install the software like you normaly do.

One thing I seriously dislike however, is that when I run Ubuntu or FreeBSD on a HP box, my monitoring capabilities drop to almost zero. With RedHat or Centos I can monitor through the insight manager agents (who hook into SNMP), and use the nagios check_compaq_insight.pl, and as soon as something breaks: I get paged. With FreeBSD (and ubuntu) that seems completely impossible. My last attempt on an Ubuntu box to install those agents resulted in some very serious library problems, because the installer auto-installed some distro-specific rpm’s. That showed me who’s boss. (not!).

Anyhow, during my daily stroll at the Nagios Exchange I noticed a plugin that I hadn’t noticed before: check_ilo2_health. This is a great little plugin written in Perl. Instead of the old: talk to snmpd approach, this little bugger talks directly to the ilo2 interface (ilo/il01 won’t work), and more specifically: it’s XML interface.

wait. did you say XML interface?

Yup, the ILO2 sports a nice new XML interface, with which you can communicate. HP even provides a bunch of examples on how to talk shop with it. Nice hey?

Now I thought, did HP actually put everything you can monitor with the insight agents into the ILO2 and make it accessible with XML?

Unfortunatly: no. (yes, that was quite disappointing).

You can get quite a bit of useful information through the XML interface, including the speed of the fans, temperature readings from all the internal sensors. You can even configure a lot of things, like users and IP settings through it. You can even upgrade the ILO2 firmware through the XML interface. But nothing on RAID status, rebuild status, etc. I tried this against a brand spanking new DL380 G5, so if it doesn’t work there, it won’t work anywhere.

If anyone at HP reads this: please extend the ILO2 so everything is accessible through it’s XML interface. That saves us a lot of trouble of trying to get those agents installed on other operating systems. FreeBSD is too good an OS to ignore, even for an OEM as big as you. (and you don’t, judging from this news-snippet (PDF)). So either open up the XML interface more, or provide us with insight manager agents for FreeBSD. (I would be more then happy to help with testing).

FreeBSD, general, work FreeBSD, open source, OS