Debian Squeeze was released last month and one of the new features was the faster dependancy based booting. However, if you attempt to upgrade your 5.0/lenny installation and you are running OSSEC, the bitchin free host-based intrusion detection sytem, the upgrade process doesn't go without a hitch: During the upgrade, the process to upgrade the System V init scripts barfs:
error: Unable to migrate to dependency based boot sequencing. error: Problems detected: insserv: warning: script 'K20ossec' missing LSB tags and overrides, insserv: warning: script 'ossec' missing LSB tags and overrides
Fantastic. Squeeze and OSSEC have decided to be the two kids that don't get along on the local playground.
After some Googling, the main link that came up was someone asking on the OSSEC list asking "OSSEC Y U NO UPGRADE CLEANLY?" with no reply. Further research showed that the problem is that the stock OSSEC script doesn't have the Linux Standard Base init headers. Thankfully, Debian has a wiki page on how to LSBize your init script, which gives a great overview on how to make LSB compliant init scripts.
So after taking a look at that along with the stock init script, whipping up a LSB header is fairly simple.
# OSSEC Controls OSSEC HIDS # Author: Daniel B. Cid <firstname.lastname@example.org> # Modified for slackware by Jack S. Lai # Modified for Debian Squeeze by Ben Jackson <email@example.com> ### BEGIN INIT INFO # Provides: ossec # Required-Start: $local_fs $remote_fs $network $syslog $named # Required-Stop: $local_fs $remote_fs $network $syslog $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: true # Short-Description: Start/stop OSSEC Host Intrusion Detection System ### END INIT INFO
Simply replacing the exiting header with this This script does err on the side of caution for the dependencies: Does OSSEC need a DNS service to start? Who knows? But it solves the problem, the update script runs cleanly, and the system boots without a hitch.