[Bug 853384] New: arpwatch: systemd ignores settings in /etc/sysconfig/arpwatch
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c0 Summary: arpwatch: systemd ignores settings in /etc/sysconfig/arpwatch Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bw@inside-security.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 If ARPWATCH_INTERFACE in /etc/sysconfig/arpwatch is set at all or set to a non-default interface or several interfaces systemd just ignores this and always starts only one instance of arpwatch without parameters. Reproducible: Always Steps to Reproduce: 1. Configure interfaces arpwatch should watch (one that is not default or several) 2. Have systemd start arpwatch Actual Results: Only one instance of arpwatch is running and without parameters Expected Results: One instance per configured interface should be started and it should actually listen to the configured interface Probably an arpwatch.target and arpwatch@<interface>.service should be introduced to start arpwatch from systemd. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |draht@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c1 Roman Drahtmueller <draht@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |draht@suse.com AssignedTo|draht@suse.com |systemd-maintainers@suse.de --- Comment #1 from Roman Drahtmueller <draht@suse.com> 2013-12-04 13:29:30 UTC --- reassigning to systemd-maintainers@suse.de. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c2 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |systemd-maintainers@suse.de | |, werner@suse.com AssignedTo|systemd-maintainers@suse.de |draht@suse.com --- Comment #2 from Dr. Werner Fink <werner@suse.com> 2013-12-04 13:44:12 UTC --- (In reply to comment #1) Why do you think that systemd is suitable for reading and interpreting /etc/sysconfig/arpwatch ? rpm -qf /usr/lib/systemd/system/arpwatch.service arpwatch-2.1a15-154.30.i586 and with this I get osc maintainer arpwatch --email draht@suse.com IMHO you may do your own home work ;)
From /usr/lib/systemd/system/arpwatch.service I see
[Unit] Description=Arpwatch daemon which keeps track of ethernet/ip address pairings After=syslog.target network.target [Service] Type=forking EnvironmentFile=-/etc/sysconfig/arpwatch/sysconfig.arpwatch PrivateTmp=yes ExecStart=/usr/sbin/arpwatch $OPTIONS [Install] WantedBy=multi-user.target and if /usr/sbin/arpwatch does not read the configuration file then the service file or the configuration file is broken. Please note that the configuration file is not a shell script but a ascii file where the variables are read line by line (-> systemd.exec(5)) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c3 Robert Milasan <rmilasan@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rmilasan@suse.com --- Comment #3 from Robert Milasan <rmilasan@suse.com> 2013-12-04 13:47:19 UTC --- Here is how it suppose to look like: [Unit] Description=Arpwatch daemon which keeps track of ethernet/ip address pairings After=syslog.target network.target [Service] Type=forking EnvironmentFile=-/etc/sysconfig/arpwatch PrivateTmp=yes ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS [Install] WantedBy=multi-user.target There is no /etc/sysconfig/arpwatch/sysconfig.arpwatch, the sysconfig file will be /etc/sysconfig/arpwatch after fill-up. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c4 --- Comment #4 from Dr. Werner Fink <werner@suse.com> 2013-12-04 13:49:11 UTC --- Beside this, /etc/sysconfig/arpwatch is not /etc/sysconfig/arpwatch/sysconfig.arpwatch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c5 --- Comment #5 from Dr. Werner Fink <werner@suse.com> 2013-12-04 13:50:25 UTC --- (In reply to comment #3) Yep .. same second ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c6 --- Comment #6 from Robert Milasan <rmilasan@suse.com> 2013-12-04 13:54:57 UTC --- Pushed the fix: https://build.opensuse.org/request/show/209401 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c7 --- Comment #7 from Boris Wesslowski <bw@inside-security.de> 2013-12-04 13:58:58 UTC --- ARPWATCH_ARGS is only for *additional* arguments The idea is that if you set ARPWATCH_INTERFACE="eth0 vlan4 vlan5 vlan25 vlan100" the following 5 processes should be startet with the following parameters: /usr/sbin/arpwatch -i eth0 -f /var/lib/arpwatch/arp.dat.eth0 /usr/sbin/arpwatch -i vlan4 -f /var/lib/arpwatch/arp.dat.vlan4 /usr/sbin/arpwatch -i vlan5 -f /var/lib/arpwatch/arp.dat.vlan5 /usr/sbin/arpwatch -i vlan25 -f /var/lib/arpwatch/arp.dat.vlan25 /usr/sbin/arpwatch -i vlan100 -f /var/lib/arpwatch/arp.dat.vlan100 Previous init scripts worked like this. I was thinking that instead of using /etc/sysconfig/arpwatch for ARPWATCH_INTERFACE, interfaces should be enabled for arpwatch like config files are enabled individually for openvpn by systemctl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c8 --- Comment #8 from Robert Milasan <rmilasan@suse.com> 2013-12-04 14:05:58 UTC --- Or it can be added a new script, which can be run like ExecutePre=..../scriptname. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c9 --- Comment #9 from Dr. Werner Fink <werner@suse.com> 2013-12-04 14:14:35 UTC --- It is possible to use arpwatch@.service with e.g. [Unit] Description=Arpwatch daemon which keeps track of ethernet/ip address pairings After=syslog.target network.target [Service] Type=forking Environment=ARPWATCH_ARGS= EnvironmentFile=-/etc/sysconfig/arpwatch/sysconfig.arpwatch PrivateTmp=yes ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS -i %i -f /var/lib/arpwatch/arp.dat.%i [Install] WantedBy=multi-user.target then you may start arpwatch on e.g. eth0 with systemctl start arpwatch@eth0.service -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c10 --- Comment #10 from Robert Milasan <rmilasan@suse.com> 2013-12-04 14:19:26 UTC --- Unit] Description=Arpwatch daemon which keeps track of ethernet/ip address pairings After=syslog.target network.target [Service] Type=forking Environment=ARPWATCH_ARGS= EnvironmentFile=-/etc/sysconfig/arpwatch PrivateTmp=yes ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS -i %i -f /var/lib/arpwatch/arp.dat.%i [Install] WantedBy=multi-user.target Maybe like this :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c11 --- Comment #11 from Robert Milasan <rmilasan@suse.com> 2013-12-04 14:20:05 UTC --- One single question: How do you start arpwatch if you don't wanna use a certain interface? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c12 --- Comment #12 from Dr. Werner Fink <werner@suse.com> 2013-12-04 14:37:21 UTC --- Created an attachment (id=570204) --> (http://bugzilla.novell.com/attachment.cgi?id=570204) arpwatch@.service A touch is required to be abel tp open a valid MAC/IP address database filename -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c13 --- Comment #13 from Dr. Werner Fink <werner@suse.com> 2013-12-04 14:38:21 UTC --- linux:system # systemctl status arpwatch@enp0s3.service arpwatch@enp0s3.service - Arpwatch daemon which keeps track of ethernet/ip address pairings Loaded: loaded (/usr/lib/systemd/system/arpwatch@.service; enabled) Active: active (running) since Wed 2013-12-04 15:31:59 CET; 2min 35s ago Process: 15300 ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS -i %i -f /var/lib/arpwatch/arp.dat.%i (code=exited, status=0/SUCCESS) Process: 15297 ExecStartPre=/usr/bin/touch /var/lib/arpwatch/arp.dat.%i (code=exited, status=0/SUCCESS) Main PID: 15301 (arpwatch) CGroup: /system.slice/system-arpwatch.slice/arpwatch@enp0s3.service `-15301 /usr/sbin/arpwatch -i enp0s3 -f /var/lib/arpwatch/arp.dat.enp0s3 Dec 04 15:34:20 linux arpwatch[15301]: bogon 149.44.176.6 0:16:3e:32:95:f2 Dec 04 15:34:21 linux arpwatch[15301]: 0-source 0.0.0.0 0:e:c:43:1b:6d Dec 04 15:34:22 linux arpwatch[15301]: new station 10.120.4.229 e:69:e7:8c:d5:1e Dec 04 15:34:22 linux arpwatch[15301]: 0-source 0.0.0.0 0:e:c:43:1b:6e Dec 04 15:34:23 linux arpwatch[15301]: new station 10.120.224.1 ca:fe:ba:be:1:1 Dec 04 15:34:27 linux arpwatch[15301]: new station 10.120.5.56 18:3:73:d5:64:77 Dec 04 15:34:27 linux arpwatch[15301]: new station 10.120.0.116 0:7:e9:5:65:ff Dec 04 15:34:31 linux arpwatch[15301]: 0-source 0.0.0.0 0:e:c:43:1b:6d Dec 04 15:34:32 linux arpwatch[15301]: new station 10.120.67.219 b8:ca:3a:ab:8b:20 Dec 04 15:34:32 linux arpwatch[15301]: 0-source 0.0.0.0 0:e:c:43:1b:6e -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c14 --- Comment #14 from Robert Milasan <rmilasan@suse.com> 2013-12-04 14:48:35 UTC --- Werner, what about my comment #11? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c15 --- Comment #15 from Dr. Werner Fink <werner@suse.com> 2013-12-04 14:49:28 UTC --- For enabling several arpwatch processes there exist two ways ... e.g. once root does on the command line prompt . /etc/sysconfig/arpwatch for dev in $ARPWATCH_INTERFACE ; do systemctl enable arpwatch@${dev}.service done or add a generator script which does the above lines at boot but without using systemctl but with ln -sf arpwatch@.service /run/systemd/generator/multi-user.target.wants/arpwatch@${dev}.service -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c16 --- Comment #16 from Dr. Werner Fink <werner@suse.com> 2013-12-04 14:51:39 UTC --- AFAICS from manual page of arpwatch the default is eth0 and /var/lib/arpwatch/arp.dat and this would be the plain service file above ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c17 --- Comment #17 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-01-07 13:00:14 CET --- This is an autogenerated message for OBS integration: This bug (853384) was mentioned in https://build.opensuse.org/request/show/212993 Factory / arpwatch https://build.opensuse.org/request/show/213000 13.1 / arpwatch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c18 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #18 from Benjamin Brunner <bbrunner@suse.com> 2014-01-14 11:18:13 CET --- Update released for openSUSE 13.1. Resolved fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=853384 https://bugzilla.novell.com/show_bug.cgi?id=853384#c19 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2014-01-14 12:04:38 UTC --- openSUSE-RU-2014:0054-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 853384 CVE References: Sources used: openSUSE 13.1 (src): arpwatch-2.1a15-153.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com