2010
bastille (1:3.0.9-13) unstable; urgency=high
* Bastille/Debian_API.pm: Fix bug in the permissions
definition in the B_statoverride.Also, return inmediately if distribution
is Debian or if dpkg-statoverride is not available.
This bug caused bastille to set 0000 permissions when using
dpkg-statoveride, thus the 'high' urgency. (Closes: #596954, 545052)
* Bastille/API.pm: do not warn multiple times about the OS not being supported,
just send this message to STDERR once.
* Use debhelper compatibility version 5
* debian/control: Depend on perl instead of on perl5.
* debian/bastille.substvars: removed
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 19 Sep 2010 14:46:19 +0200
bastille (1:3.0.9-12.1) unstable; urgency=low
* Non-maintainer upload
* Change dependency in init LSB header to use $network rather than
$local_fs to make sure networking is available during boot and to
make the package installation work again (Closes: #563784)
Thanks to Petter Reinholdtsen
-- Steffen Joeris <white@debian.org> Sat, 23 Jan 2010 13:08:40 +0100
2009
bastille (1:3.0.9-12) unstable; urgency=low
* Set bin/bastille to be a bash shell since 'set +o privilege' is not
supported by other shells (Closes: #504321)
* Change author's email address in manpages and replace 'a' with '\['a]' to
present an accented character if the locale supports it.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 31 May 2009 13:33:41 +0200
bastille (1:3.0.9-11) unstable; urgency=low
* Fix bashims in script (Closes: #530050) - bin/bastille: replace "\n" in echo with a new echo call so that another line is printed. - bastille-tmpdir.sh and bastille-tmpdir-defense.sh : make them bash scripts. This is not really necessary since the scripts already use /dev/urandom if available instead of $RANDOM but that way we will not get false positives for people looking for bashisms.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 28 May 2009 01:46:11 +0200
bastille (1:3.0.9-10) unstable; urgency=low
* Update upstream's manpage (doc/bastille.1m) to reflect that it supports
many more Debian versions.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 18 Apr 2009 01:51:21 +0200
bastille (1:3.0.9-9) unstable; urgency=low
* Fix Bastille/Debian.pm: replace calls to ActionLog with B_log (Closes: #520435)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 21 Mar 2009 23:25:46 +0100
bastille (1:3.0.9-8) unstable; urgency=low
* Upload to unstable, this package has been sitting in experimental
for too long. Time to get wider testing.
* Fix typo in calls to modprobe (Closes: #518251)
* Fix Bastille/API.pm:
- Make the check that determines wether it runs as root or not
work properly
- Replace a call to ErrorLog to a call to B_log
* Update the latest stable version of Debian in Bastille/API.pm
* Add DB4.1 and DB5.0 as supported Debian versions. This is not
fully true, however, as Bastille has not been fully tested in sid or lenny.
It will help people test it out though (Closes: #510884)
* Update Bastille/API.pm.sweth to support Debian even if it's not
currently used:
- include definitions for testing Debian releases
- include the list of Debian releases and the file locations
- adapt chkconfig_off to support Debian
- modify the code so that it uses statoverride
- move chkconfig_on from Bastille/API.pm and adapt it to use
the new functions
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 05 Mar 2009 22:01:36 +0100
2008
bastille (1:3.0.9-7) experimental; urgency=low
* Remove empty directories from debian/dirs
* Roll over changes from 2.1.1-19:
- Add LSB-formatted headers to the init.d script (Closes: #460860)
- Specify that the init.d file is a bash script (Closes: #464492)
- Update watch file with the one provided by Raphael
Geissert (Closes: #449715)
- Recode copyright to be UTF-8
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 24 Feb 2008 23:38:34 +0100
2007
bastille (1:3.0.9-6) experimental; urgency=low
* Change location of the Bastille site in multiple files, it has been
purchased by a domain squatter, see
http://www.bastille-unix.org/press-release-newname.html
Replaced it with bastille-unix.org
* Use Homepage: in the package headers
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 08 Nov 2007 21:15:17 +0100
bastille (1:3.0.9-5) experimental; urgency=low
* Fix location of INITBASEDIR in bastille-firewall-reset (Closes: #436713) * Do not try to load/unload modules if the kernel does not support modules (i.e. modules.dep does not exist) (Closes: #362701, #436713)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 09 Aug 2007 20:34:34 +0200
bastille (1:3.0.9-4) experimental; urgency=low
* Update to the latest stable release. * Change maintainer's email address in debian/control
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 17 Jul 2007 18:25:51 +0200
2006
bastille (1:3.0.9-3) experimental; urgency=low
* Make Bastille work in new etch systems (Debian 4.0) * Add binary-arch targets in Makefile, even if not used
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 1 Nov 2006 13:22:53 +0100
bastille (1:3.0.9-2) experimental; urgency=low
* Simplify the Bastille/Debian_API.pm file * Update the information in the README.Debian file
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 28 Jun 2006 02:12:35 +0200
bastille (1:3.0.9-1) experimental; urgency=low
* New upstream release (Closes: #259361, #305969, #320248) - forward port all the relevant patches from the 2.x releases - still have to test the new --assess functionality to see how it applies to Debian and review the OSMap/LINUX.Bastille definitions - upload to experimental to get some testing - separate the dpkg-statoverride calls to a separate Debian.pm library * Make the package Arch: all (Closes: #357049) * Patch bastille's TMPDIR.pm so that it does not install profile.d scripts if the /etc/profile.d directory does not exist (Closes: #350442) * Use patch from Nicolas Francois to recode manpages to ASCII and avoid manpage warnings (Closes: #349717) * Change RS0 in manpage to RS
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 5 Jun 2006 15:05:11 +0200
2005
bastille (1:2.1.1-12) unstable; urgency=low
* The "closing bugs before I package new upstream version"
* Adjust the grub test so it uses /boot/grub/menu.lst instead of the
/etc/grub.conf file (Closes: #312182)
* Use modprobe instead of insmod to load the ip_nat modules (Closes:
#328870)
* Restrict use of all the fsck tools under /sbin, not just 'fsck'
(Closes: #320662)
* Use dpkg-statoverride in Debian systems to preserve filesystem
changes even on the even of package upgrades (Closes: #182494)
* Use debhelper compatibility version 4
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 3 Nov 2005 19:24:20 +0100
2004
bastille (1:2.1.1-11) unstable; urgency=low
* Fixed bastille-firewall to use /var/lock/bastille/bastille-firewall
instead of /var/lock/subsys (Closes: #282419)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 23 Nov 2004 11:27:57 +0100
bastille (1:2.1.1-10) unstable; urgency=low
* Improved the description in the control field with the patch
provided by Thomas Hood (Closes: #281170)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 14 Nov 2004 12:38:18 +0100
bastille (1:2.1.1-9) unstable; urgency=low
* Have the postrm script behave better when purging (Closes: #280379)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 14 Nov 2004 01:15:20 +0100
bastille (1:2.1.1-8) unstable; urgency=low
* Modified bastille so that the user is warned to use 'bastille -c'
if he cannot run the (default) X11 interface due to missing libraries.
Also, if no DISPLAY is defined the Curses interface is used unless
specified differently in the command line.
(Closes: #274464)
* [bastille] moved the root check down so that all users can run 'bastille -h'
* [InteractiveBastille] Print the Usage information if it tries to use
the Curses interface but the libraries are not available.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 3 Oct 2004 12:26:17 +0200
bastille (1:2.1.1-7) unstable; urgency=low
* Add support for Debian sarge (DB3.1) (Closes: #263599) * Quote strings of the menu file * Fixed PSAD configuration of the EMAIL_ADDRESS (Closes: #236785) * Allow LOCAL access in /etc/hosts.allow to avoid having issues with local services (FAM and printer services mostly) * Modified Questions.txt so that it describes that you need to permit echo-request if you want incoming ICMP probes (Closes: #232265) * Start the bastille-firewall at S40 so that it can work when filesystems are up (i.e. it starts later than lvm or NFS) (Closes: #214744) * Added lintian.override
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 5 Aug 2004 15:13:18 +0200
bastille (1:2.1.1-6) unstable; urgency=low
* bastille script now uses bash since it uses 'set +o privileged', I can't find if this is POSIX so I'm fixing it this way (Closes: #237792)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 13 Mar 2004 23:20:55 +0100
bastille (1:2.1.1-5) unstable; urgency=low
* Install Bastille modules in /usr/share/perl5 instead of on /usr/lib/perl5 * Fixed spelling error in README. * Make a manpage symlink for UndoBastille. * Proper copyright in debian/copyright. * Updated Standards-Version.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 23 Jan 2004 18:18:47 +0100
bastille (1:2.1.1-4) unstable; urgency=low
* Added missing GLOBAL definitions (Closes: #225878) * Clarified (even more) in the README.Debian file why the dependancies are set the way they are. I'm even placing this element the first one in the list just for the lazy readers and also copying this information to the manpages (bastille and InteractiveBastille) (Closes: #210399, #212156) * Add a note in the README.Debian about debootstrap (to setup a chroot test environment, works like a charm) * Added notes in the Questions.txt regarding how Amanda might break if the settings are applied, this might avoid people getting bitten by #118613 and #155510 (but "it's not a bug, it's a feature")
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 9 Jan 2004 16:12:56 +0100
2003
bastille (1:2.1.1-3) unstable; urgency=low
* Fixed properly API.pm now.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 15 Jul 2003 16:10:40 +0200
bastille (1:2.1.1-2) unstable; urgency=low
* Fixed API.pm which made bastille break due to a
syntax error (missing parenthesis) (Closes: #200979)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 12 Jul 2003 19:11:48 +0200
bastille (1:2.1.1-1) unstable; urgency=low
* The "It's been a while since I tinkered with Bastille" release
(many of the changes in this package need to be pushed upstream).
* New upstream version.
- This upstream version works properly wrt to syslog settings
(Closes: #158918)
- UndoBastille no longer exists (Closes: #194355)
* Removed the Credits file from /usr/share/bastille (it's already under
the documentation) and replace it with a symlink
* Added the *config files to the examples dir.
* Modified debian/rules to create a symbolic link for UndoBastille since
it's no longer there. Also, the UndoBastille manpage has been modified
to be used for RevertBastille and all manpages point to RevertBastille.
* Added find_bastille_affected_files.pl to the examples.
* Added docs/bastille.1m to the manpages
* Moved the documentation calls in debian/rules to debian/docs so that
it's easier to follow.
* Modified the chroot script for makejail to use coreutils instead of
fileutils.
* Fixed the bastille-ipchains script as described by Henrik Johansson and
have the package recommend bind9-host or host. Notice that I cannot
add a dependancy since not all users will be setting up a local
firewall (Closes: #184767)
* Modified API/Bastille.pm so that chkconfig_off in Debian also removes
the 'S' links. Notice that not _all_ rc files are removed since this
would mean that on upgrade all the files would be recreated. Also
the chkconfig_on code has been modified to work with Debian even if
it's not used (calls to it from Firewall.pm and PSAD.pm have been
disabled since the packages provide already init.d scripts and their
rc.d links)
(Closes: #193906)
* Modified the installation of the bastille-firewall so that it runs on
the system at priority 20 which means that it should be started before
any network services, it is also stopped at level 89.
* Reapplied the changes to Bastille/IOLoader.pm to add new DebugLogs.
* Modified Questions.txt to fit Debian specific stuff.
* Modified docs/bastille.1m to include some of the undocumented options
as well as the Debian-specific information. Also modified all trailing
'.C' to '.B'
* Changed 'LINUX' to refer also to 'DB'
* Added /var/log/Bastille/revert/backup to the directories to remove stuff
from if we purge the package (Closes: #185951)
* Fixed API.pm so that /var/log/Bastille/revert is used instead of
/var/log/Bastillerevert (missing '/')
* Modified Bastille/PSAD.pm so that it does not attempt to install PSAD,
also the location of the PSAD init script has been modified for Debian.
Modified also Questions.txt to add a dependancy for the 'psad' file
so that it will only run if the PSAD package has been installed.
With this changes bastille now configures PSAD properly if available
(Closes: #147153)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 24 Jun 2003 10:26:53 +0200
bastille (1:2.0.4-3) unstable; urgency=low
* Changed the Dependancies so that the X interfaces are only installed if the user asks for them, the curses interface is always installed now (Closes: #164227) * Improved the package description (hopefully) following some of the guidelines on the Developer's Reference, including a Homepage * Fixed the debian/control file using the patch provided in the bug report. Thanks to James A. Morrison. (Closes: #184179) (I still need to write proper manpages for many of the scripts...)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 25 Mar 2003 00:09:07 +0100
bastille (1:2.0.4-2) unstable; urgency=low
* Added /var/log/Bastille/Revert and /var/log/Bastille/old-config
to the list of directories to remove (Closes: #182919)
* Changed the init file so it does not offer the HINT if asked to
stop (so that it is not presented when removing/purging the package)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 2 Mar 2003 10:29:59 +0100
2002
bastille (1:2.0.4-1) unstable; urgency=low
* New upstream release
* Added proper references to ping6/traceroute6
* Enabled psad configuration since 'psad' package is now available in Debian
* Fixed Questions.txt for apache configuration (mentioned httpd)
* Added a note on BUGS and on the README.Debian file regarding the Amanda
issues. They are not a bug, they are simply a user's shooting himself on
the foot by retricting too much the system. This is related to bugs
#118613 and #155510. A debconf note might be added if enough users report
this.
* Added a Conflicts to libcurses-widget-perl as a quick way to avoid bug
#164227. The Bastille upstream team will probably need to decide how to
tackle this.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 24 Nov 2002 22:52:38 +0100
bastille (1:2.0.1-1) unstable; urgency=low
* New upstream release.
* Now provides a postrm to remove all logs and configuration files placed
by Bastille (could be useful if a user installs Bastille, uses it and
then removes it from the system. Note: in this case the firewall would
not work, of course)
* Removed psad (there's a New Maintainer packaging it, it will be integrated
into Bastille as soon as the package is done). Bastille now Recommends:
psad (should it recommended firewalling code too???)
* IMPROVED:
Added a new debugging option (-d) for those #print statements in API.pm
(should be used by developers to populate other modules)
Changed bastille to provide the -v, -d and -l options to the Backends
Also changed InteractiveBastille to reflect what API.pm says
Questions.txt now includes some information specific to Debian
(chkconfig stuff mostly)
Added a bastille-makejail.py example for 'makejail' to build a
chrooted testing environment (works for me, YMMV)
* FIXED:
InteractiveBastille did not show Usage because GLOBAL_ERROR was not
exported in API.pm and because API.pm was not loaded before
showUsage was called
RootTTYLogins fixed to remove all ttys, not just tty1-tty6,
tty10-tty60....
Bastille manpage now properly displays valid options
Some links (called chkconfig) are provided for Debian (need to provide
more by checking which runlevel/number is used by some packages)
* CHANGED:
The init script will not launch if no bastille-firewall.cfg exist
There is no /var/lock/subsys, /var/lock/bastille used instead
* TODO: Port the fixes done to previous versions.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 19 Aug 2002 13:21:12 +0200
bastille (1:1.3.0-6) unstable; urgency=medium
* Changed exit 1 to exit 0 in the bastille-firewall script so installation/postinstallation works ok (Closes: #149424)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 10 Jun 2002 14:22:31 +0200
bastille (1:1.3.0-5) unstable; urgency=high
* Changed the init.d script to not run if there is no /etc/Bastille/bastille-firewall.cfg this should work when the user has answered questions in InteractiveBastille and created the cfg file. * Added a pre-configuration of the firewall just as bastille-firewall-install does. Instead of changing Bastille/Firewall.pm to add Debian to the configuration (line 338) this is IMHO a better approach since changes in the init.d script or the software does not require re-installation of the firewall. * This closes bug #147643 for sid, but woody configuration does give the user a sense of "false security" since they configure the firewall but it's not enabled either after installation or on reboot. * Added some missing dirs to debian/dirs * Added /etc files to conffiles (Note: the bastille-firewall.cfg is not since is not provided yet in the package, it is generated through the Bastille programs)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 21 May 2002 11:27:29 +0200
bastille (1:1.3.0-4) unstable; urgency=medium
* Added /var/lock/subsys to debian/dirs so that the firewall runs nicely. * Fixed an unreported bug in INCs that prevented it from finding Bastille_Tk.pm (due to it being moved in 1.3.0-3) * Edited the psad installation to work non-interactively (install.debian.pl) * Removed psad from debian/rules so that it is not activated by Bastille. This software is not ready for release in Debian since installation should be done in a separate package (sorry guys, you will need to take the source package to make it work) * Edited InstallBastille to remove DB from the LINUX alias in order to not ask about Psad (in Questions.txt it is linked to LINUX)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 16 May 2002 09:52:12 +0200
bastille (1:1.3.0-3) unstable; urgency=medium
* Move /usr/lib/Bastille to /usr/share/perl5/ to comply with the FHS * Removed creation of /usr/share/Bastille/Psad.pm since it was not being used. * Fixed Bastille/Logging.pm (typo, an if was missing) (Closes: #146921) * Made /usr/share/Bastille/PSAD.pm a symlink to Psad.pm * Made changes in debian/rules to conform to Debian's Perl policy.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 14 May 2002 13:13:28 +0200
bastille (1:1.3.0-2) unstable; urgency=low
* Removed man1 manpages (since they were in the psad directories debhelper decided to add them too!) (Closes: #141217)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 5 Apr 2002 15:33:21 +0200
bastille (1:1.3.0-1) unstable; urgency=low
* New upstream version.
* New upstream version (and if case you wonder: "yes, this package
was also made during my last vacations").
* The new version provides support for Debian (changes made in previous
releases have been included). This version, however, recognises
'3.0' as a valid release name and supports it along with 2.2
* Fixed (somewhat) the Questions.txt
* Included DB into the "LINUX" definition in Questions.txt (so that
it shows all the Questions for Debian)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 29 Mar 2002 00:26:03 +0100
bastille (1:1.2.0-6) unstable; urgency=low
* Fixed Bastille Firewall.pm and bastille-firewall-reset so proper substitution is being made for the RC and INIT directories (Closes: 129635)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 17 Jan 2002 10:19:24 +0100
bastille (1:1.2.0-5) unstable; urgency=low
* Changed Logging.pm so that it works in Debian properly noticed that Debian's default behavior already provides for syslog and kern.log rotationi (Closes: #129480)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 16 Jan 2002 14:29:56 +0100
bastille (1:1.2.0-4) unstable; urgency=medium
* Fixed API/Logging.pm (Closes: #123860) * Removed CVS directory from /usr/share/doc/ (Closes: #123890) * Fixed typo in README.Debian * Added proper dependencies for c-shell * Updated standards version * Added a if-then clause to remove the chkconfig errors if it is not available (Closes: #122193)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 15 Jan 2002 11:55:20 +0100
2001
bastille (1:1.2.0-3) unstable; urgency=high
* Changed setting of debian version in preparation for upcoming 3.0 release. Bastille know acknowledges woody existence (Closes: #123809)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 13 Dec 2001 14:23:31 +0100
bastille (1:1.2.0-2) unstable; urgency=low
* Fixed Questions.txt so that bastille firewall is disabled in Debian (will not close 122193 bug, just retitle it and file it as wishlist)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 3 Dec 2001 14:59:57 +0100
bastille (1:1.2.0-1) unstable; urgency=low
* New upstream version * Fixed Questions.txt so the tempdir feature is disabled in Debian (Closes: #114641) * Changed message when /etc/debian_version is not from a stable release. Added information on unstable support in README.Debian (Closes: #115300) * Applied patch submitted by Era Eriksson for manoages (Closes: #110775) * More verbose when Curses.pm, Gtk.pm or Tk.pm not found added info to README.Debian (Closes: #112572, #113013, #112626) * Added SuSE detection borrowed from Marc's Heuse harden-suse (TODO: add security hardening done here too...) * Used epochs since they forced me too with the rcXXX :(
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 12 Nov 2001 22:49:33 +0100
bastille (1.2.0.rc6-3) unstable; urgency=low
* Fixed final } in AutomatedBastille
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 14 Sep 2001 23:58:26 +0200
bastille (1.2.0.rc6-2) unstable; urgency=low
* Fixed menu entry (Closes: #110533)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 29 Aug 2001 15:50:15 +0200
bastille (1.2.0.rc6-1) unstable; urgency=low
* Initial Release. * Beta-release for Debian configuration (not thoroughly tested to see that it works) * Changed API in order to recognise Debian * Modified PatchDownload in order to upgrade from security.debian.org * Added notes regarding process accounting (need to install acctlog) * Fixed some errors and warnings in the scripts which made them not run correctly * Wrote manpages for all binaries (InteractiveBastille, AutomatedBastille, UndoBastille, BastilleBackend, BastilleChooser) and for the package (Bastille)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 10 May 2001 11:42:29 +0200