if [ -n "$NOISE" ]; then
NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"`
NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"`
sed -n "1,/^Detailed information about changes:/p; "$LOGDIR/$LOGFILE" | grep "^\\(changed|removed|added\\):" | grep -v "^added: THERE WERE ALSO [0-9]\\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2
if [ -n "$NOISE" ]; then
< $NOISETMP2 grep -v "^\\(changed|removed|added\\):$NOISE" > $NOISETMP
rm -f $NOISETMP2
echo "De-Noised output removes everything matching $NOISE"
else
mv $NOISETMP2 $NOISETMP
echo "No noise expression was given."
fi
fi
Too bad that a shell doesn't complain about unreachable code. I must have smoked some very strange stuff when submitting that patch to aide years ago.
After taking over aide co-maintainership in January and successfully convincing Mike to put the project on alioth, I have done some work on aide and have uploaded 0.10-8 on September 18 and 0.10-9 on September 27 to experimental.
These two versions acknowledge the two NMUs we recently had and fix some issues that I thought would be worth fixing. Please test. I plan on uploading to unstable on a week, if no bad goofs surface during the experimental phase.
Unfortunately, aide's upstream is quite dead, so it is unlikely that any upstream bugs will get fixed without you submitting patches.
Next step will be convincing Mike to allow creation of a pkg-aide-maintainers mailing list for the Maintainer:-Field, so that messages sent to the maintainer field instead of aide@packages.debian.org can reach me as well.
My advice as a new exim4 / debian user myself is to read the documentation first. Then read the documentation. (There is a lot of it.) Read the documentation, or some people might point out that you have not read the documentation.
Thanks, Jeremiah Foster, this has just made my day.
After using the unofficial kde 3.4 packages from alioth for some months, I have migrated back to Debian unstable on the weekend, and my main work machine is now plain sid again. That means that I am running x.org and official transitioned kde 3.4, and can finally report bugs against the official setup again. So, kde and x.org people, brace for impact of bug reports and keep up your excellent work.
Well, I have a wishlist as well (of course all items should be configurable):
Save cronjob output to a file
Append that output to log files on the system, after applying regexp filters
Send E-Mail to a number configurable addresses
Have a list of regexps that the output is filtered through before being included in the e-mail
Allow the preceding operation to be done multiple times for a single mail, allowing to include different "verbosity levels" in a single message to have the admin decide which to read
Allow certain parts of messages to be tacced (printed with line order reversed)
Modify message subject if certain conditions are met (for including tags like [OK], [ALERT] etc)
Allow arbitrary texts (preferably using macro expansion) in between message parts
This is only what immediately comes to my mind. I will keep this wishlist updated, and have a Wiki Page.
Looks like there is no passwd-compatible crypt(1) for the command line. htpasswd, unfortunately, uses a different algorithm.
This short perl script might be a replacement:
#!/usr/bin/perl -w
use strict;
while(<>) {
my $seed = `apg -a 1 -m 8`;
chomp;
print crypt(“$_”, “\\$1\\$$seed”). “\\n”;
}
Or do we have something better already in the distribution?
Update: looks like mkpasswd (from the whois package, whatever makes it belong in there) does the job quite nicely, but the script shown above takes care of automatic salt creation as well. Any ideas how to do that more elegantly, without requireing apg?
A lot of recent systems I have to work with have Tigon3 ethernet interfaces, which behave strangly when used under Linux in settings that are non-trivial, networking-wise.
While browsing Debian Planet, I happened to have the desire to comment on one article innutmeg's Blog. What I found was a blog I couldn't comment on, but one whose format I know pretty well: It looks suspiciously like a Debian changelog. nutmeg then told me that he uses a script from Romain Francoise which indeed builds an RSS feed from a Debian changelog to feed his blog to Debian Planet.
This is something I love Debian for. Use existing tools for new challenges. Well done.
merlix berichtet darüber, wie sich ein Dieb als telefonierendes Anhängsel eines Hardwaretechnikers in eine Firma eingeschlichen hat und - zum Glück "nur" - Portemonnaies und Wertgegenstände eingesammelt hat. Man möchte gar nicht wissen, was für ein Schaden hätte entstehen können, wenn der Eindringling nach den Geschäftsgeheimnissen des Unternehmens aus gewesen wäre.
Ich persönlich finde es zwar superlästig, erstmal am Empfang seitenlang Formulare mit persönlichen Angaben ausfüllen zu müssen, um dann meinen Ausweis gegen einen offen zu tragenden Hausausweis eintauschen zu dürfen und den ganzen Tag als "Auswärtiger" gebrandmarkt herumzulaufen, kann aber immer mehr verstehen, dass Unternehmen ab einer gewissen Größe gerne kontrollieren wollen, wer sich auf dem Gelände bewegt.
Um so mehr verwundert es mich, dass manche, auch gerade große Firmen, solche Verfahren zwar in den Ansätzen realisiert haben, aber in die Prozesse Sicherheitslücken eingebaut haben, durch die man mit einem ganzen Möbelwagen durchfahren könnte. Nicht selten erlebt man Verfahren, die die Nachteile genauer Zugangskontrolle ("lästig") mit den Nachteilen nicht stattfindender Zugangskontrolle ("wir wissen weder, ob der Besucher wirklich dort war wo er behauptete hinzuwollen, noch ob er schon wieder gegangen ist") verbindet.
In Deutschland scheint es diesbezüglich besonders hohen Beratungsbedarf zu geben. Ob man diesbezügliche Bratungsleistungen in den Rundum-Sorglos-Securityservice mit aufnehmen sollte?
Das brauch ich immer dann, wenn ich Philip Hazels exim-Buch, aus dem diese Kommandozeile stammt, nicht griffbereit habe:
openssl req -x509 -sha256 -newkey rsa:4096 -keyout keyfile -out certfile -days 9000 -nodes
Wichtig: Vorher /etc/ssl/openssl.cnf anpassen, sonst hat man leicht "Some-Foo" in irgend einem Feld stehen.
9999 Tage kann man nicht mehr nehmen, das sprengt die Zeitrechnung. openssl nimmt das klaglos, und OpenVPN beschwert sich danach über ein abgelaufenes Zertifikat.
Ausgabe zur Prüfung geht dann mit openssl x509 -in certfile -text
Gegen ein CA-Zertifikat prüft man mit: openssl verify -CAfile fsckCA/cacert.crt -verbose -purpose sslserver
wobei man den "purpose" noch varrieren kann (z.B. sslclient für ein Client-Zertifikat).
Danke außer an Philip noch an Andreas Pommer, der mir das vor vielen Monaten per E-Mail schrieb.
In a fit of carelessness, I decided to pull one of my test notebooks to current unstable, including the Xfree 86 => X.org migration. To my surprise, the migration was not only absolutely painless, but the new X server worked on the first try. This is a new experience with X11 for me.
Splendid work, Guys! Keep it up!
After the weekend (where I need my main notebook to be operational), I am going to try moving my main work vehicle to X.org.
The update of my main work notebook was as painless as expected after the test with the unimportant box. aptitude, clean up dependencies, and you're back in business. On the first starts (from the command line), fonts were broken (too large), but after rebooting and logging in from kdm, the fonts are ok again.
Thanks to Jörg Hoh, who submitted a number of cleanup patches against adduser, the package has changed quite bit. This is the reason for the 3.68 upload going into experimental. Please go ahead, test, report bugs, submit patches. Thanks!
