Debian Bug report logs - #415529
harden-doc: please enhance the lsof one-liner

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <frx@firenze.linux.it>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: harden-doc: please enhance the lsof one-liner

Date: Tue, 20 Mar 2007 01:07:34 +0100

Package: harden-doc
Version: 3.11
Severity: wishlist

Hi!

Section 4.2.1 _Security update of libraries_[1] suggest the following one-liner to detect programs that need to be restarted in order to benefit from a library security update:

  # lsof | grep <the_upgraded_library> | awk '{print $1, $9}' | uniq | sort +0


Firstoff, when I execute this pipeline on a Debian testing system, sort complains that the +NUMBER option is deprecated and that the '-k NUMBER' option should be used instead.
Hence, I would say

  s/sort +0/sort -k 1/

if understand the -k syntax correctly...


Secondly, on older versions of the manual, the suggested one-liner used to be:

  # lsof | grep dpkg- | awk '{print $1, $8}' | sort +0

Grepping for a fixed string is certainly muuuuch more practical than having to issue one different one-liner for each upgraded package.
Why does the current one-liner grep for the library name?
Doesn't grepping for dpkg- work anymore?
Could you please explain?


[1] which is inside
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-security-update

Message #10 received at 415529@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <frx@firenze.linux.it>

To: 415529@bugs.debian.org

Subject: Any progress on fixing the one-liner?

Date: Fri, 10 Jul 2009 00:22:56 +0200

[Message part 1 (text/plain, inline)]

Hi!

Is there any progress on this bug?

-- 
 New location for my website! Update your bookmarks!
 http://www.inventati.org/frx
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

[Message part 2 (application/pgp-signature, inline)]

Message #17 received at 415529-done@bugs.debian.org (full text, mbox, reply):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>

To: Francesco Poli <frx@firenze.linux.it>, 415529-done@bugs.debian.org

Subject: Re: Bug#415529: Any progress on fixing the one-liner?

Date: Wed, 23 Jan 2013 02:31:55 +0100

[Message part 1 (text/plain, inline)]

Version: 3.8

On Fri, Jul 10, 2009 at 12:22:56AM +0200, Francesco Poli wrote:
> Hi!
> 
> Is there any progress on this bug?

Yes, this one liner was actually fixed in the harden-doc package version 3.8, uploaded in August
2006:

harden-doc (3.8) unstable; urgency=low

  * Updated to latest CVS version (3.8)
(...)
    - Fix lsof call as suggested by Christophe Sahut. (Closes: #375312)

Unfortunately this bug was not closed with that upload, so I'm closing it
now. Sorry for not taken care of this issue sooner.

Best regards,

Javier

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 415529@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>

To: 415529@bugs.debian.org

Subject: Re: Bug#415529 closed by Javier Fernández-Sanguino Peña <jfs@computer.org> (Re: Bug#415529: Any progress on fixing the one-liner?)

Date: Wed, 23 Jan 2013 19:47:25 +0100

[Message part 1 (text/plain, inline)]

On Wed, 23 Jan 2013 01:36:06 +0000 Debian Bug Tracking System wrote:

[...] 
> On Fri, Jul 10, 2009 at 12:22:56AM +0200, Francesco Poli wrote:
> > Hi!
> > 
> > Is there any progress on this bug?
> 
> Yes, this one liner was actually fixed in the harden-doc package version 3.8, uploaded in August
> 2006:
> 
> harden-doc (3.8) unstable; urgency=low
> 
>   * Updated to latest CVS version (3.8)
> (...)
>     - Fix lsof call as suggested by Christophe Sahut. (Closes: #375312)

Fixed even before I reported the bug itself?!?
This sounds like the best Debian package maintainer performance
*ever*!   ;-)

Seriously, the version number looks suspicious, unless I reported the
bug against the wrong version (which is anyway possible, but I think I
checked against the version which was online at the time...). 

> 
> Unfortunately this bug was not closed with that upload, so I'm closing it
> now. Sorry for not taken care of this issue sooner.

Thanks for replying.

The second part of the bug report does not seem to have been addressed,
though:

| Secondly, on older versions of the manual, the suggested one-liner used to be:
| 
|   # lsof | grep dpkg- | awk '{print $1, $8}' | sort +0
| 
| Grepping for a fixed string is certainly muuuuch more practical than having to issue one different one-liner for each upgraded package.
| Why does the current one-liner grep for the library name?
| Doesn't grepping for dpkg- work anymore?
| Could you please explain?


-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Message #33 received at 415529-close@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 415529-close@bugs.debian.org

Subject: Bug#415529: fixed in harden-doc 3.16

Date: Fri, 16 Jan 2015 22:18:33 +0000

Source: harden-doc
Source-Version: 3.16

We believe that the bug you reported is fixed in the latest version of
harden-doc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 415529@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated harden-doc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 30 Dec 2014 12:31:43 +0000
Source: harden-doc
Binary: harden-doc
Architecture: source all
Version: 3.16
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
 harden-doc - useful documentation to secure a Debian system
Closes: 415529 420380 442893 694822 713311 750554 755003 773904
Changes:
 harden-doc (3.16) unstable; urgency=low
 .
   [ Javier Fernández-Sanguino Peña ]
   * Update to latest version in SVN:
     - en/after-install.sgml: Extend the information regarding securing console
       access, including limiting the Magic SysRq key (Closes: #442893)
     - en/after-install.sgml: Update the information on PAM
       configuration, removing references to obsolete variables.
       (Closes: #420380)
     - Makefile - 'clean' target is independent from bash brace expansion. In
       some systems, those where /bin/sh is linked to dash, bash-style brace
       expansion does not work. Based on patch provided by Felix Gatzemeier
       (Closes: #694822)
 .
   [ Thijs Kinkhorst ]
   * Update to latest version in SVN:
     - No longer include the Security Team FAQ verbatim, because it duplicates
       information documented elsewhere and is hence perpetually out of date.
       (Closes: #773904)
     - Update section on restart after library upgrades to mention needrestart.
       (Closes: #773904, #415529)
     - Avoid gender-specific language. Patch by Myriam. (Closes: #755003)
     - Use LSB headers for firewall script. Patch by Dominic Walden.
       (Closes: #750554)
   * Add self to uploaders.
 .
   [ David Prévot ]
   * Add missing texlive-lang- build-dependencies (Closes: #713311)
   * Workaround issue #725931 from po4a
Checksums-Sha1:
 2f5802da6f7d20a43adef02eabcfdf0f8cd72c2e 1477 harden-doc_3.16.dsc
 659a6d21b3e3fa739532fc996b87fd87fe1dd2b3 1056620 harden-doc_3.16.tar.gz
 fd0af2e090b9501bf6315a3e968a9b0ce28b7d15 4456120 harden-doc_3.16_all.deb
Checksums-Sha256:
 e3976f5a26d5d66fe79d5c791f0e4fa1b5fb983a987c6c273a04c6c9aa940684 1477 harden-doc_3.16.dsc
 285cf0b962224609695e2008f3ab7c4f2180ab78a80cabab924c01c07238f9f3 1056620 harden-doc_3.16.tar.gz
 b2fc87b7a764b8b92d64e2ec6e5ec606059c11055d8bb28480f2a9ed47bc08a7 4456120 harden-doc_3.16_all.deb
Files:
 1c1c9da2b9808aaac3d08abd52f53e01 1477 doc extra harden-doc_3.16.dsc
 fc19013a53bc42da40fa35a18b36201f 1056620 doc extra harden-doc_3.16.tar.gz
 802831e0eccaa578a0b9e297b6e7ecd2 4456120 doc extra harden-doc_3.16_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUuYurAAoJEFb2GnlAHawE9qUH/iEmCw3xPoiHaUPKrlbMaC72
IBrEujlvW9rL1TrfBi+9xXa1OULdHnDCBD+opBgQ1JSzAFx/XIeN3LHGm31TYsTx
Lh9eRaIutVc/hwFoHTobiKadINNqqYJ2CmlJl7o149nlH+kbuv9cVmj/itQQU/1a
5gg3HVl7KS9zjmPo3xHd1bQqPOQKjlpMj5TNAXvrzKLnHXRBrR/GsqTe3xtPFj4A
TkKpImdnXKLVPRwuQWmsbJdTyjPHDu+p+fHnfqxJw/HZW9s5qYi9KUWvfrYTFQxI
kTCrjRKIcx5GL8AERq40TmMaFwYOwvp2L4dgVs3ztyfKAF5hfm55kgASzX0SSQA=
=DgCE
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.