Don't understand german? Read or subscribe to my english-only feed.

Debian GNU/Linux 5.0 codename Lenny – News for sysadmins

Alright, Debian GNU/Linux 5.0 AKA as Lenny has been released. Time for a Debian unstable unfreeze party! 8-)

What does the new stable release bring for system administrators? I’ll give an overview what news you might expect when upgrading from Debian GNU/Linux 4.0, codename Etch (released on 8th April 2007) to the current version Debian GNU/Linux 5.0, codename Lenny (released on 14th February 2009). I try to avoid duplicated information so make sure to read the release announcement and the official release notes for Lenny beforehand.

Noteworthy Changes

  • initrd-tools got replaced by initramfs-tools
  • netkit-inetd got replaced by openbsd-inetd
  • the default syslog daemon sysklogd got replaced by rsyslog
  • new defaults when creating ext2/ext3 file systems: dir_index and resize_inode feature enabled by default and use blocksize = 4096, inode_size = 256 and inode_ratio = 16384 (see /etc/mke2fs.conf)
  • improved IPv6 support
  • init.d-scripts for dependency-based init systems
  • Debian-Volatile (hosting packages providing data that needs to be regularly updated over time, such as timezones definitions, anti-virus signature files,…) is an official service
  • EVMS (Enterprise Volume Management System) was removed
  • compatibility with the FHS v2.3
  • software developed for version 3.2 of the LSB
  • official Debian Lenny live systems for the amd64 and i386 architectures
  • several new d-i features


Virtualisation related new tools:

  • ganeti: Cluster-based virtualization management software
  • libvirt-bin: Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms.
  • virtinst: Programs to create and clone virtual machines
  • virt-manager: desktop application for managing virtual machines
  • xen-shell: Console based Xen administration utility
  • xenstore-utils: Xenstore utilities for Xen
  • xenwatch: Virtualization utilities, mostly for Xen

Desktop oriented packages like virtualbox and qemu are available as well of course.

Noteworthy Updates

This is a (selective) list of some noteworthy updates:

New packages

Lenny ships over 7000 new packages. Lists of new/removed/replaced packages are available online. I’ll name 238 sysadmin related packages that might be worth a look. (Note: I don’t list addon stuff like optional server-modules, docs-only and kernel-source related packages. I plan to present some of the following packages in more detail in separate blog entries.)

  • ack-grep: A grep-like program specifically for large source trees
  • acpitail: Show ACPI information in a tail-like style
  • adns-tools: Asynchronous-capable DNS client library and utilities
  • aggregate: ipv4 cidr prefix aggregator
  • aosd-cat: an on screen display tool which uses libaosd
  • apt-cacher-ng: Caching proxy for distribution of software packages
  • apt-cross: retrieve, build and install libraries for cross-compiling
  • aptfs: FUSE filesystem for APT source repositories
  • apt-p2p: apt helper for peer-to-peer downloads of Debian packages
  • apt-transport-https: APT https transport, use ‘deb https://foo distro main’ lines in the sources.list
  • arp-scan: arp scanning and fingerprinting tool
  • array-info: command line tool reporting RAID status for several RAID types
  • balance: Load balancing solution and generic tcp proxy
  • bash-completion: programmable completion for the bash shell
  • blktrace: utilities for block layer IO tracing
  • daemonlogger: simple network packet logger and soft tap daemon
  • daemontools: a collection of tools for managing UNIX services
  • dbndns: Debian fork of djbdns, a collection of Domain Name System tools
  • dcfldd: enhanced version of dd for forensics and security
  • dctrl2xml: Debian control data to XML converter
  • debomatic: automatic build machine for Debian source packages
  • desproxy: tunnel TCP traffic through a HTTP proxy
  • detox: utility to replace problematic characters in filenames
  • di-netboot-assistant: Debian-Installer netboot assistant
  • dish: the diligence/distributed shell for parallel sysadmin
  • djbdns: a collection of Domain Name System tools
  • dns2tcp: TCP over DNS tunnel client and server
  • dnscache-run: djbdns dnscache service
  • dnshistory: Translating and storing of IP addresses from log files
  • dnsproxy: proxy for DNS queries
  • dsyslog: advanced modular syslog daemon
  • etckeeper: store /etc in git, mercurial, or bzr
  • ext3grep: Tool to help recover deleted files on ext3 filesystems
  • fair: high availability load balancer for TCP connections
  • fatresize: FAT16/FAT32 filesystem resizer
  • flog: dump STDIN to file and reopen on SIGHUP
  • freeradius-utils: FreeRadius client utilities
  • ganeti: Cluster-based virtualization management software
  • gfs2-tools: Red Hat cluster suite – global file system 2 tools
  • gitosis: git repository hosting application
  • gptsync: GPT and MBR partition tables synchronisation tool
  • grokevt: scripts for reading Microsoft Windows event log files
  • grub2: GRand Unified Bootloader, version 2
  • gt5: shell program to display visual disk usage with navigation
  • haproxy: fast and reliable load balancing reverse proxy
  • havp: HTTP Anti Virus Proxy
  • heirloom-mailx: feature-rich BSD mail(1)
  • hfsprogs: mkfs and fsck for HFS and HFS+ file systems
  • hinfo: Check address ownership and DNSBL listings for spam reporting
  • hlbr: IPS that runs over layer 2 (no TCP/IP stack required)
  • hobbit: monitoring system for systems, networks and applications – server
  • hotwire: Extensible graphical command execution shell
  • hunchentoot: the Common Lisp web server formerly known as TBNL
  • ifupdown-extra: Network scripts for ifupdown
  • ike: Shrew Soft VPN client – Daemon and libraries
  • incron: cron-like daemon which handles filesystem events
  • inoticoming: trigger actions when files hit an incoming directory
  • iodine: tool for tunneling IPv4 data through a DNS server
  • iotop: simple top-like I/O monitor
  • ipplan: web-based IP address manager and tracker
  • ips: Intelligent process status
  • iscsitarget: iSCSI Enterprise Target userland tools
  • isns: Internet Storage Naming Service
  • itop: simple top-like interrupt load monitor
  • iwatch: realtime filesystem monitoring program using inotify
  • jetring: gpg keyring mantainance using changesets
  • john: active password cracking tool
  • kanif: cluster management and administration swiss army knife
  • keepassx: Cross Platform Password Manager
  • keysafe: A safe to put your passwords in
  • killer: Background job killer
  • kpartx: create device mappings for partitions
  • kvm: Full virtualization on x86 hardware
  • latencytop: A tool for developers to visualize system latencies
  • lbcd: Return system load via UDP for remote load balancers
  • ldb-tools: LDAP-like embedded database – tools
  • ldnsutils: ldns library for DNS programming
  • lfhex: large file hex editor
  • live-helper: Debian Live build scripts
  • live-magic: GUI frontend to create Debian LiveCDs, netboot images, etc.
  • logapp: supervise execution of applications producing heavy output
  • lsat: Security auditor tool
  • lustre-utils: Userspace utilities for the Lustre filesystem
  • lwat: LDAP Web-based Administration Tool
  • maatkit: Command-line utilities for MySQL
  • mantis: web-based bug tracking system
  • memdump: memory dumper
  • memlockd: daemon to lock files into RAM
  • metainit: Generates init scripts
  • mirmon: monitor the state of mirrors
  • mkelfimage: utility to create ELF boot images from Linux kernel images
  • mongrel: A small fast HTTP library and server for Ruby
  • monkey: fast, efficient, small and easy to configure web server
  • monkeytail: tail variant designed for web developers monitoring logfiles
  • mpy-svn-stats: Simple and easy to use svn statistics generator
  • mr: a Multiple Repository management tool
  • msr-tools: Utilities for modifying MSRs from userspace
  • mtd-utils: Memory Technology Device Utilities
  • munge: authentication service to create and validate credentials
  • mxallowd: Anti-Spam-Daemon using nolisting/iptables
  • mylvmbackup: quickly creating backups of MySQL server’s data files
  • myrescue: rescue data from damaged harddisks
  • mysql-proxy: high availability, load balancing and query modification for mysql
  • mysqltuner: high-performance MySQL tuning script
  • nagvis: Visualization addon for Nagios
  • ncdu: ncurses disk usage viewer
  • netrw: netcat like tool with nice features to transport files over network
  • netsend: a speedy filetransfer and network diagnostic program
  • network-config: Simple network configuration tool
  • nfdump: netflow capture daemon
  • ngetty: getty replacement – one single daemon for all consoles
  • nilfs2-tools: Continuous Snapshotting Log-structured Filesystem
  • ninja: Privilege escalation detection system for GNU\Linux
  • noip2: client for dynamic DNS service
  • nsd3: authoritative domain name server (3.x series)
  • ntfs-3g: read-write NTFS driver for FUSE
  • nulog: Graphical firewall log analysis interface
  • nuttcp: network performance measurement tool
  • ocsinventory-server: Hardware and software inventory tool (Communication Server)
  • odt2txt: simple converter from OpenDocument Text to plain text
  • olsrd: optimized link-state routing daemon (unik-olsrd)
  • onesixtyone: fast and simple SNMP scanner
  • openais: Standards-based cluster framework (daemon and modules)
  • opencryptoki: PKCS#11 implementation for Linux (daemon)
  • openvas-client: Remote network security auditor, the client
  • ophcrack: Microsoft Windows password cracker using rainbow tables
  • op: sudo like controlled privilege escalation
  • otpw-bin: OTPW programs for generating OTPW lists
  • packeth: Ethernet packet generator
  • paperkey: extract just the secret information out ouf OpenPGP secret key
  • paris-traceroute: New version of well known tool traceroute
  • password-gorilla: a cross-platform password manager
  • pathfinderd: Daemon for X.509 Path Discovery and Validation
  • pathfinder-utils: Utilities to use with the Pathfinder Daemon
  • pcaputils: specialized libpcap utilities
  • pcp: System level performance monitoring and performance management
  • perlconsole: small program that lets you evaluate Perl code interactively
  • pgloader: loads flat data files into PostgreSQL
  • pgpool2: connection pool server and replication proxy for PostgreSQL
  • pgsnap: PostgreSQL report tool
  • pmailq: postfix mail queue manager
  • pnputils: Plug and Play BIOS utilities
  • policykit: framework for managing administrative policies and privileges
  • postfwd: Postfix policyd to combine complex restrictions in a ruleset
  • postpone: schedules commands to be executed later
  • powertop: Linux tool to find out what is using power on a laptop
  • prayer: standalone IMAP-based webmail server
  • prelude-correlator: Hybrid Intrusion Detection System [ Correlator ]
  • privbind: Allow unprivileged apps to bind to a privileged port
  • pssh: Parallel versions of SSH-based tools
  • ptop: PostgreSQL performance monitoring tool akin to top
  • pyftpd: ftp daemon with advanced features
  • rancid-core: rancid — Really Awesome New Cisco confIg Differ
  • rancid-util: Utilities for rancid
  • rdnssd: IPv6 recursive DNS server discovery daemon
  • rdup: utility to create a file list suitable for making backups
  • reglookup: utility to read and query Windows NT/2000/XP registry
  • rgmanager: Red Hat cluster suite – clustered resource group manager
  • rinse: RPM installation environment
  • rofs: Read-Only Filesystem for FUSE
  • rsyslog: enhanced multi-threaded syslogd
  • safe-rm: wrapper around the rm command to prevent accidental deletions
  • samba-tools: tools provided by the Samba suite
  • samdump2: Dump Windows 2k/NT/XP password hashes
  • scalpel: A Frugal, High Performance File Carver
  • scamper: advanced traceroute and network measurement utility
  • scanmem: Locate and modify a variable in a running process
  • schedtool: Queries/alters process’ scheduling policy and CPU affinity
  • screenie: a small and lightweight GNU screen(1) wrapper
  • scrounge-ntfs: Data recovery program for NTFS filesystems
  • ser: Sip Express Router, very fast and configurable SIP proxy
  • serverstats: a simple tool for creating graphs using rrdtool
  • shutdown-at-night: System to shut down clients at night, and wake them in the morning
  • sipcrack: SIP login dumper/cracker
  • sks: Synchronizing OpenPGP Key Server
  • slack: configuration management program for lazy admin
  • sma: Sendmail log analyser
  • smbind: PHP-based tool for managing DNS zones for BIND
  • smbnetfs: User-space filesystem for SMB/NMB (Windows) network servers and shares
  • softflowd: Flow-based network traffic analyser
  • speedometer: measure and display the rate of data across a network connection
  • spf-milter-python: RFC 4408 compliant Python SPF Milter for Sendmail and Postfix
  • spf-tools-perl: SPF tools (spfquery, spfd) based on the Mail::SPF Perl module
  • spf-tools-python: sender policy framework (SPF) tools for Python
  • sqlgrey: Postfix Greylisting Policy Server
  • ssdeep: Recursive piecewise hashing tool
  • sshfp: DNS SSHFP records generator
  • sshm: A command-line tool to manage your ssh servers
  • sshproxy: ssh gateway to apply ACLs on ssh connections
  • sslscan: Fast SSL scanner
  • strace64: A system call tracer for 64bit binaries
  • sucrack: multithreaded su bruteforcer
  • supercat: program that colorizes text for terminals and HTML
  • superiotool: Super I/O detection tool
  • system-config-lvm: A utility for graphically configuring Logical Volumes
  • system-config-printer: graphical interface to configure the printing system
  • tack: terminfo action checker
  • taktuk: efficient, large scale, parallel remote execution of commands
  • tcpwatch-httpproxy: TCP monitoring and logging tool with support for HTTP 1.1
  • terminator: Multiple GNOME terminals in one window
  • timelimit: Simple utility to limit a process’s absolute execution time
  • tipcutils: TIPC utilities
  • tor: anonymizing overlay network for TCP
  • tpm-tools: Management tools for the TPM hardware (tools)
  • tracker-utils: metadata database, indexer and search tool – commandline tools
  • tumgreyspf: external policy checker for the postfix mail server
  • ucspi-tcp: command-line tools for building TCP client-server applications
  • unbound: validating, recursive, caching DNS resolver
  • unhide: Forensic tool to find hidden processes and ports
  • uniutils: Tools for finding out what is in a Unicode file
  • unsort: reorders lines in a file in semirandom ways
  • uphpmvault: upload recovery images to HP MediaVault2 via Ethernet
  • usermode: Graphical tools for certain user account management tasks
  • utf8-migration-tool: Debian UTF-8 migration wizard
  • uuid-runtime: universally unique id library
  • vblade-persist: create/manage supervised AoE exports
  • vde2: Virtual Distributed Ethernet
  • vdmfec: recover lost blocks using Forward Error Correction
  • virtinst: Programs to create and clone virtual machines
  • virt-manager: desktop application for managing virtual machines
  • virtualbox-ose: x86 virtualization solution – binaries
  • virt-viewer: Displaying the graphical console of a virtual machine
  • watchupstream: Look for newer upstream releases
  • whirlpool: Implementation of the whirlpool hash algorithm
  • win32-loader: Debian-Installer loader for win32
  • xavante: Lua HTTP 1.1 Web server
  • xdelta3: A diff utility which works with binary files
  • xen-shell: Console based Xen administration utility
  • xenstore-utils: Xenstore utilities for Xen
  • xenwatch: Virtualization utilities, mostly for Xen
  • xfingerd: BSD-like finger daemon with qmail support
  • xl2tpd: a layer 2 tunneling protocol implementation
  • xrdp: Remote Desktop Protocol (RDP) server
  • yersinia: Network vulnerabilities check software
  • zerofree: zero free blocks from ext2/3 file-systems
  • zipcmp: compare contents of zip archives
  • zipmerge: merge zip archives
  • ziproxy: compressing HTTP proxy server

Further Ressources

7 Responses to “Debian GNU/Linux 5.0 codename Lenny – News for sysadmins”

  1. Marcus Friedman Says:

    Hi Michael, just wanted to thank you for such an interesting and valuable article. This is the best one I’ve found covering Lenny from a sysadmin perspective.

    Best regards,

  2. Aaron Toponce Says:

    Well written! This is a shining example of how admin articles should be written. Good job!

  3. Rene Mayorga Says:

    I believe that you forgot to mention Asterisk, there is a big version bump there and some etch config files will have problems.

  4. Jan Horacek Says:

    excelent summary for me as a sysadmin. not only role-based ACLs should be used. role-based relase notes are the way to go ;o) thanks mika.

  5. Christian Rhomberg Says:

    Thank you very much for that article!
    Helped me to decide to upgrade my Xen DomU hosts.

  6. Mr. Foo Says:

    Thanks, for that detailed explaination…

  7. mirabilos Says:

    mksh: update from 28.0-2 to 35.2-3 (current: 36.2-1)