Ive been receiving this error daily since a week ago, i know that rkhunter gives some false positives sometimes and the server kept working fine all this time so i ignored it a few days...but its starting to get annoying (and worrysome):
/etc/cron.daily/01-rkhunter:
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': yes
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
/etc/cron.daily/conf-mod_ssl:
ERROR in /etc/e-smith/templates//home/e-smith/ssl.crt: Program fragment delivered error <<ERROR: Date::Manip unable to determine TimeZone.
at /usr/lib/perl5/vendor_perl/5.8.5/Date/Manip.pm line 3495
Date::Manip::Date_TimeZone called at /usr/lib/perl5/vendor_perl/5.8.5/Date/Manip.pm line 661
Date::Manip::Date_Init() called at /usr/lib/perl5/vendor_perl/5.8.5/Date/Manip.pm line 1395
Date::Manip::ParseDate('Sep 2 17:13:08 GMT 2009\x{a}') called at /etc/e-smith/templates//home/e-smith/ssl.crt line 29
eval 'package esmith::__TEMPLATE__::3; ;
#line 1 /etc/e-smith/templates//home/e-smith/ssl.crt
use constant KEYLIFEINDAYS => 365;
use Date::Manip;
use Cwd;
my $here = getcwd;
my $FQDN = "$SystemName.$DomainName";
my $commonName = $modSSL{CommonName} || $FQDN;
my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
my $key = "/home/e-smith/ssl.key/$FQDN.key";
my $defaultCity = $ldap{defaultCity};
my $defaultCompany = $ldap{defaultCompany};
my $defaultDepartment = $ldap{defaultDepartment};
my $email = "admin\\@$DomainName";
# crop fields that are too long for X509:
$defaultCity = substr($defaultCity, 0, 128);
$defaultCompany = substr($defaultCompany, 0, 64);
$defaultDepartment = substr($defaultDepartment, 0, 64);
$email = substr($email, 0, 64);
$commonName = substr($commonName, 0, 64);
if ( -f $crt )
{
my $expire = `openssl x509 -enddate -noout -in $crt`;
$expire =~ s/^notAfter=//;
$expire =~ s#(\\d{4}) (\\w{3})#$2 $1#;
if ( Date_Cmp(\'today\', ParseDate($expire)) < 0 ) {
my $expected_issuer = \'/C=--\' .
\'/ST=----\';
$expected_issuer .= \'/L=\' . ($defaultCity ? $defaultCity : \'Newbury\');
$expected_issuer .= \'/O=\' . ($defaultCompany ? $defaultCompany : \'My Company Ltd\');
$expected_issuer .= "/OU=$defaultDepartment" if $defaultDepartment;
$expected_issuer .= "/CN=$commonName" .
"/emailAddress=$email";
my $issuer = `openssl x509 -issuer -noout -in $crt`;
chomp $issuer;
$issuer =~ s/^issuer= //;
if ($issuer eq $expected_issuer)
{
# Old key file is still good. Read it out - processTemplate will work
# out that it hasn\'t changed, and leave the old one in place
open(C, "$crt") or die "Couldn\'t open crt file: $!";
my @crt = <C>;
chomp @crt;
$OUT = join "\\n", @crt;
close(C);
return;
}
}
}
# go to somewhere private and safe where we can run programs
# as root
unless (-e "/tmp/ssl")
{
mkdir "/tmp/ssl", 0700;
}
chdir "/tmp/ssl" or die "Couldn\'t change to secure directory: $!";
$SIG{ALRM} = sub { die "whoops, $program pipe broke" };
unless (open(SSL,"-|"))
{
my $pid = open(RSACERT, "|-");
if ($pid)
{
# parent
foreach (
"--",
"----",
"$defaultCity",
"$defaultCompany",
"$defaultDepartment",
"$commonName",
"$email"
)
{
print RSACERT "$_\\n";
}
close(RSACERT) || die "RSACERT kid exited $?";
exit (0);
}
else
{
# child
exec("/usr/bin/openssl",
qw(req -new -key),
$key,
qw(-x509 -days), KEYLIFEINDAYS,
qw(-set_serial), time(),
)
|| die "can\'t exec program: $!";
# NOTREACHED
}
}
while (<SSL>)
{
$OUT .= $_;
}
close(SSL) or die "Closing openssl pipe reported: $!";
chdir $here;
;' called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 319
Text::Template::fill_in('Text::Template=HASH(0x89e610c)', 'HASH', 'ARRAY(0x89ddea0)', 'PACKAGE', 'esmith::__TEMPLATE__::3', 'BROKEN', 'CODE(0x89e7d94)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 382
Text::Template::fill_in_file('/etc/e-smith/templates//home/e-smith/ssl.crt', 'HASH', 'ARRAY(0x89ddea0)', 'PACKAGE', 'esmith::__TEMPLATE__::3', 'BROKEN', 'CODE(0x89e7d94)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/site_perl/esmith/templates.pm line 556
esmith::templates::processTemplate('HASH(0x89f0ad8)') called at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 10
eval 'package esmith::__TEMPLATE__::1; ;
#line 1 /etc/e-smith/templates//home/e-smith/ssl.pem/40crt
my $domain = $DomainName || "localdomain";
my $hostname = $SystemName || "localhost";
my $crt = $modSSL{\'crt\'};
unless ($crt)
{
$crt = "/home/e-smith/ssl.crt/$hostname.$domain.crt";
use esmith::templates;
esmith::templates::processTemplate({
TEMPLATE_PATH => "/home/e-smith/ssl.crt/crt",
OUTPUT_FILENAME => $crt,
});
}
open(CRT, $crt) or die "Could not open crt file: $!";
my @crt = <CRT>;
chomp @crt;
$OUT = join "\\n", @crt;
close CRT;
;' called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 319
Text::Template::fill_in('Text::Template=HASH(0x89d2d30)', 'HASH', 'ARRAY(0x8890c50)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x89128c0)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 382
Text::Template::fill_in_file('/etc/e-smith/templates//home/e-smith/ssl.pem/40crt', 'HASH', 'ARRAY(0x8890c50)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x89128c0)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/site_perl/esmith/templates.pm line 556
esmith::templates::processTemplate('HASH(0x86f6b44)') called at /sbin/e-smith/expand-template line 45>> at template line 1
WARNING in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: ERROR: Template processing failed for //home/e-smith/ssl.crt/server.canje.com.crt: 1 fragment generated errors
at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 10
WARNING: Template processing succeeded for //home/e-smith/ssl.pem/server.canje.com.pem: 1 fragment generated warnings
at /sbin/e-smith/expand-template line 45
Can someone explain me what does all that mean? (ignore the telnet-enabled-error part, i know what it means and how to solve it, the rest is the problem)
Im not a newbie on stuff like that but im not a developer or programmer either, so all that looks like chinese to me...
Looking at it it looks like there is a timezone problem, but im not sure and everything else work perfect, why it is giving that strange error? should i post a bug report?
Oh, BTW, its an sme server 7.3 on server-only mode serving 4 low traffic sites and a bunch of mail addresses, all working fine, some contribs i can remember from the top of my head: email-wbl, ddclient, qmhandle, gallery, unjunkmail (dont remember receiving the last unjunker mail this friday), mailman(with the personalization mod), spamassasin activated, all the latest updates done a few weeks ago...cant remember anything else...
Note: the server have not received any change in config for the last month at least, so i cant track something particular to be the cause...(the last install was qmhandle, can that be the cause?)
Note2: the time in the server is fine, and setup to update with smeserver.pool.ntp.org...
3 Replies
1332 Views