Munin Firewall Alerts

It's a bug (or at least a bad interaction) with a difference in behavior of some shells when performing a read on the /proc filesystem. It affects (perhaps among others) recent Ubuntu and Debian releases that switched the system shell to dash.

See http://www.munin-monitoring.org/ticket/1025 - if you correct the two lines in fw_conntrack per the diff in the ticket it should fix the problem, or upgrade to a corrected version if available in your preferred installation approach.

– David

@db3l:

It's a bug (or at least a bad interaction) with a difference in behavior of some shells when performing a read on the /proc filesystem. It affects (perhaps among others) recent Ubuntu and Debian releases that switched the system shell to dash.

See http://www.munin-monitoring.org/ticket/1025 - if you correct the two lines in fw_conntrack per the diff in the ticket it should fix the problem, or upgrade to a corrected version if available in your preferred installation approach.

– David

Thanks a mill for catching that David so quickly. I'll see if I can apply the diff fix.

hmmm.

weird one.

the diff suggests replacing 2 lines of code that my version looks like it already has.

This is the relevant snippet from my

/usr/share/munin/plugins/fw_conntrack

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX 

Maybe a new bug?

actually ignore my last comment

I found another thread suggesting I switch the line of code I have.

I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!

http://bugs.debian.org/cgi-bin/bugrepor … =594695#24">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594695#24

Fix was to modify these lines:

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX 

@edbloom:

I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!
Hmm, red should in fact be remove and green add. At least when viewing repository commit diffs.

Ah, unless you're talking about viewing the patch itself. Looking at the actual patch file, it appears to be a diff from local working copy to repository, so when viewed with the default trac view will appear backwards.

But if you click on the actual committed change to the repository it shows up correctly. I should have specifically mentioned viewing the committed change to avoid confusion, sorry.

– David

@db3l:

@edbloom:

I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!
Hmm, red should in fact be remove and green add. At least when viewing repository commit diffs.

Ah, unless you're talking about viewing the patch itself. Looking at the actual patch file, it appears to be a diff from local working copy to repository, so when viewed with the default trac view will appear backwards.

But if you click on the actual committed change to the repository it shows up correctly. I should have specifically mentioned viewing the committed change to avoid confusion, sorry.

– David

:) No worries David - I figured as much in the end.

Anyway I applied the patch just over an hour ago and no more emails. Fingers crossed!