Hello Mike Strange, should be one "out of the box"...
Daniel -------- Forwarded Message -------- > From: Juergen Richtsfeld <[EMAIL PROTECTED]> > To: Daniel Gubser <[EMAIL PROTECTED]> > Subject: RE: [Fwd: Re: Bug#357253: psad: kmsgsd segfaults] > Date: Thu, 16 Mar 2006 17:03:58 +0100 > here it is. it's the default as delivered in debian sarge > > # > ########################################################################### > # > # This is the configuration file for psad kmsgsd daemon (for more > # information, read the kmsgsd man page). Normally this file gets > # installed at /etc/psad/kmsgsd.conf, but can be put anywhere in the > # filesystem and then the path can be specified on the command line > # argument "-c <file>" to kmsgsd. The syntax of this file is as follows: > # > # -Each line has the form "<variable name> <value>;". Note the semi- > # colon after the <value>. All characters after the semicolon will be > # ignored to provide space for comments. > # > ########################################################################### > # > # $Id: kmsgsd.conf,v 1.3 2003/09/13 01:36:53 mbr Exp $ > # > > ### The following variables can be modified to look for logging messages > ### that are specific to your firewall configuration (specified by the > ### "--log-prefix" for iptables firewalls). For example, if your firewall > ### uses the string "Audit" for packets that have been blocked, then you > ### could set FW_MSG_SEARCH = "Audit"; > FW_MSG_SEARCH DROP; > SNORT_SID_STR SID; ### for snort "sid" values generated > ### by fwsnort or snort2iptables > > ### Files > FW_DATA_FILE /var/log/psad/fwdata; > KMSGSD_PID_FILE /var/run/psad/kmsgsd.pid; > PSAD_FIFO /var/lib/psad/psadfifo; > > hth, > juergen > > > -----Original Message----- > > From: Daniel Gubser [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 16, 2006 5:02 PM > > To: Juergen Richtsfeld; [EMAIL PROTECTED] > > Subject: [Fwd: Re: Bug#357253: psad: kmsgsd segfaults] > > > > Hello Jürgen > > > > Can you please send us your kmsgsd.conf file? > > > > > > Thanks > > > > Daniel > > > > -------- Forwarded Message -------- > > > From: Michael Rash <[EMAIL PROTECTED]> > > > To: Daniel Gubser <[EMAIL PROTECTED]> > > > Subject: Re: Bug#357253: psad: kmsgsd segfaults > > > Date: Thu, 16 Mar 2006 10:55:08 -0500 > > > Hmm, strange. Do you happen to have the /etc/psad/kmsgsd.conf file? > > > It might be because the FW_MSG_SEARCH variable is not > > defined correctly > > > (some defensive code has been added since the 1.4.1 release > > to handle > > > this case, so in later versions it would not be a problem). > > I'll try > > > to reproduce it if you have the file handy... > > > > > > Thanks, > > > > > > -- > > > Michael Rash > > > http://www.cipherdyne.org/ > > > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > > > > > > > > On M?r 16, 2006, Daniel Gubser wrote: > > > > > > > Hello Mike > > > > > > > > Do you have any clue about this segfault? > > > > > > > > Thanks > > > > Daniel > > > > > > > > On Thu, 2006-03-16 at 13:19 +0100, Juergen Richtsfeld wrote: > > > > > Package: psad > > > > > Version: 1.4.1-1 > > > > > Severity: grave > > > > > Justification: renders package unusable > > > > > > > > > > > > > > > > > > > > strace kmsgsd > > > > > execve("/usr/sbin/kmsgsd", ["kmsgsd"], [/* 8 vars */]) = 0 > > > > > uname({sys="Linux", node="troubadix", ...}) = 0 > > > > > brk(0) = 0x804b000 > > > > > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_ANONYMOUS, > > > > > -1, 0) = 0xb7fd2000 > > > > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No > > such file or > > > > > directory) > > > > > open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No > > such file or > > > > > directory) > > > > > open("/etc/ld.so.cache", O_RDONLY) = 3 > > > > > fstat64(3, {st_mode=S_IFREG|0644, st_size=11553, ...}) = 0 > > > > > old_mmap(NULL, 11553, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fcf000 > > > > > close(3) = 0 > > > > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No > > such file or > > > > > directory) > > > > > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > > > > > read(3, > > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`Z\1\000"..., > > > > > 512) = 512 > > > > > fstat64(3, {st_mode=S_IFREG|0755, st_size=1254468, ...}) = 0 > > > > > old_mmap(NULL, 1264780, PROT_READ|PROT_EXEC, > > MAP_PRIVATE, 3, 0) = > > > > > 0xb7e9a000 > > > > > old_mmap(0xb7fc4000, 36864, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_FIXED, > > > > > 3, 0x129000) = 0xb7fc4000 > > > > > old_mmap(0xb7fcd000, 7308, PROT_READ|PROT_WRITE, > > > > > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7fcd000 > > > > > close(3) = 0 > > > > > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_ANONYMOUS, > > > > > -1, 0) = 0xb7e99000 > > > > > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e99460, > > > > > limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, > > > > > limit_in_pages:1, seg_not_present:0, useable:1}) = 0 > > > > > munmap(0xb7fcf000, 11553) = 0 > > > > > brk(0) = 0x804b000 > > > > > brk(0x806c000) = 0x806c000 > > > > > brk(0) = 0x806c000 > > > > > open("/etc/psad/kmsgsd.conf", O_RDONLY) = 3 > > > > > fstat64(3, {st_mode=S_IFREG|0644, st_size=1427, ...}) = 0 > > > > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_ANONYMOUS, -1, > > > > > 0) = 0xb7fd1000 > > > > > read(3, "#\n##############################"..., 4096) = 1427 > > > > > read(3, "", 4096) = 0 > > > > > close(3) = 0 > > > > > munmap(0xb7fd1000, 4096) = 0 > > > > > open("/etc/psad/fw_search.conf", O_RDONLY) = 3 > > > > > fstat64(3, {st_mode=S_IFREG|0644, st_size=1593, ...}) = 0 > > > > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_ANONYMOUS, -1, > > > > > 0) = 0xb7fd1000 > > > > > read(3, "### The FW_SEARCH_ALL variable c"..., 4096) = 1593 > > > > > read(3, "", 4096) = 0 > > > > > close(3) = 0 > > > > > munmap(0xb7fd1000, 4096) = 0 > > > > > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > > > > > +++ killed by SIGSEGV +++ > > > > > > > > > > > > > > > please execuse the number of reports, but my email > > wasn't correct. > > > > > > > > > > -- System Information: > > > > > Debian Release: 3.1 > > > > > Architecture: i386 (i686) > > > > > Kernel: Linux 2.6.15.21 > > > > > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) > > > > > > > > > > Versions of packages psad depends on: > > > > > ii iptables 1.2.11-10 Linux > > kernel 2.4+ iptables adminis > > > > > ii libc6 2.3.2.ds1-22 GNU C > > Library: Shared libraries an > > > > > ii libcarp-clan-perl 5.3-3 Perl > > enhancement to Carp error log > > > > > ii libdate-calc-perl 5.4-3 Perl > > library for accessing dates > > > > > ii libnetwork-ipv4addr-perl 0.10-1.1 The > > Net::IPv4Addr perl module API > > > > > ii libunix-syslog-perl 0.100-4 Perl > > interface to the UNIX syslog( > > > > > ii perl 5.8.4-8sarge3 Larry > > Wall's Practical Extraction > > > > > ii psmisc 21.5-1 Utilities > > that use the proc filesy > > > > > ii syslog-ng 1.6.5-2.2 Next > > generation logging daemon > > > > > ii whois 4.7.5 the GNU > > whois client > > > > > > > > > > -- no debconf information > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
