Re: log monitoring recommendations?
Patrick Dohman writes: > Any opinions/ideas regarding log monitoring. > Preferably something with definable actions. > Hoping to test/obtain a fail2ban equivalent for BSD > > The following utilities were located in openports.se > hatchet > logsentry > logsurfer > swatch > > Regards > Patrick > Check out SEC which is also in the ports. http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html Timo
log monitoring recommendations?
Any opinions/ideas regarding log monitoring. Preferably something with definable actions. Hoping to test/obtain a fail2ban equivalent for BSD The following utilities were located in openports.se hatchet logsentry logsurfer swatch Regards Patrick
OpenBSD 6-stable vmd
Hello misc. For testing purposes I compiled kernel with vmd support. After start the vm -> vmctl start "myvm" -m 512M -i 1 -d disk.img -k /bsd.rd I created a bridge and added vether0 and tap0 In the vm I have configured an ip 192.168.1.30 If I perform ping from OpenBSD Hypervisor -> ping 192.168.1.30 all packages are send and received "on the fly" But if I perform the same step from "myvm", there is no packet loss but the packets take so long to be send and consecutively replied I am performing this tests on Linux running Vmware Workstation 12 . Is this behavior expected ? Any directions will be appreciated. Thank you myvm dmesg: OpenBSD 6.0 (RAMDISK_CD) #2100: Tue Jul 26 13:05:59 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD RTC BIOS diagnostic error 20 real mem = 520093696 (496MB) avail mem = 502673408 (479MB) mainbus0 at root bios0 at mainbus0 acpi at bios0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 14335.74 MHz cpu0: FPU,VME,DE,PSE,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,AVX,F1 6C,RDRAND,HV,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT pvbus0 at mainbus0: OpenBSD pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "OpenBSD VMM PCI Host Bridge" rev 0x00 virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00 viornd0 at virtio0 virtio0: irq 3 virtio1 at pci0 dev 2 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus0 at vioblk0: 2 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 5120MB, 512 bytes/sector, 10485760 sectors virtio1: irq 5 virtio2 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio2: address fe:e1:ba:d0:d0:94 virtio2: irq 9 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo com0: console softraid0 at root scsibus1 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b WARNING: invalid time in clock chip WARNING: CHECK AND RESET THE DATE! openbsd hypervisor : OpenBSD 6.0-stable (GENERIC.MP) #0: Fri Oct 21 20:07:42 BRST 2016 root@puffysor.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2130640896 (2031MB) avail mem = 2061631488 (1966MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 07/02/2015 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 3800.69 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLIN E,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 65MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 3810.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLIN E,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) "PNP0001" at acpi0 not configured "PNP0303" at acpi0 not configured "VMW0003" at acpi0 not configured "PNP0A05" at acpi0 not configured acpiac0 at acpi0: AC unit online pvbus0 at mainbus0: VMware vmt0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removab
Re: console mode not allowing login
Hi Todd, On 21 October 2016 at 12:58, Todd C. Miller wrote: > It sounds like you need to enable getty on the serial port. To > login on the serial console you should have a line like the following > in /etc/ttys: > > tty00 "/usr/libexec/getty std.9600" vt220 on secure > That did it! Thanks so much for the simple fix. > - todd -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info
Re: security(8) doesn't know about mailbox locks
Kamil Cholewiński wrote: >Try using aliases(5) instead Okay, but still, security(8) ought not to generate bogus warnings regardless of the method used to forward emails (and there are also probably other ways that a lock file might end up in /var/mail, using a .forward file just happens to be the way that made me notice the problem). Cheers, Philippe
Re: console mode not allowing login
It sounds like you need to enable getty on the serial port. To login on the serial console you should have a line like the following in /etc/ttys: tty00 "/usr/libexec/getty std.9600" vt220 on secure - todd
console mode not allowing login
Hi All, After my machine is completed booting up and ready for login, I can't see anymore text in the console. Which also means I can't login to the machine via console. # cat /etc/boot.conf set tty com0 set timeout 60 I'm connecting to the openbsd machine via freebsd with this command: cu -l /dev/cuaU0 -9600 DHCPREQUEST on bge0 to 255.255.255.255 DHCPACK from 192.168.0.1 (6c:b0:ce:59:cf:bb) bound to 192.168.0.20 -- renewal in 1800 seconds. reordering libraries: done. starting early daemons: syslogd pflogd ntpd. starting RPC daemons:. savecore: no core dump acpidump: RSDT entry 6 is corrupt checking quotas: done. clearing /tmp kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd smtpd sndiod. starting local daemons: cron. Fri Oct 21 12:45:19 PDT 2016 The date is the last line printed. Any suggestions? -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info
Re: security(8) doesn't know about mailbox locks
On Fri, 21 Oct 2016, Philippe Meunier wrote: > When cron runs /etc/daily, that script runs df and netstat and the > output is sent by email to root. On my system, emails to root are > forwarded to local user meunier using /root/.forward. The forwarding > itself temporarily creates a lock file in /var/mail: Try using aliases(5) instead
Re: dmidecode and access to /dev/mem denied
> Index: securelevel.7 > === > RCS file: /cvs/src/share/man/man7/securelevel.7,v > retrieving revision 1.29 > diff -u -p -r1.29 securelevel.7 > --- securelevel.7 28 Sep 2016 17:58:17 - 1.29 > +++ securelevel.7 21 Oct 2016 15:22:49 - > @@ -66,7 +66,7 @@ securelevel may no longer be lowered exc > .Pa /dev/mem > and > .Pa /dev/kmem > -may not be written to > +may not be read or written to > .It > raw disk devices of mounted file systems are read-only > .It Actually, it may not be opened.
security(8) doesn't know about mailbox locks
Hello, When cron runs /etc/daily, that script runs df and netstat and the output is sent by email to root. On my system, emails to root are forwarded to local user meunier using /root/.forward. The forwarding itself temporarily creates a lock file in /var/mail: -rw--- 1 root wheel 0 Oct 21 23:55 meunier.lock At the same time, /etc/daily runs /usr/libexec/security. The check_mailboxes function in that file loops over all the files in /var/mail and checks whether the owner of the file matches the name of the file. If check_mailboxes happens to be running exactly at the same time as the system is forwarding /etc/daily's first email, then check_mailboxes sees meunier.lock, the check for that file fails, and the result is another email sent to root: Running security(8): Checking mailbox ownership. user meunier.lock mailbox is owned by root So I think the check_mailboxes function in /usr/libexec/security should either skip lock files or check them in a different way... Cheers, Philippe
Re: dmidecode and access to /dev/mem denied
> On 2016-10-21, Kapetanakis Giannis wrote: > > Hi, > > > > # dmidecode > > # dmidecode 3.0 > > Scanning /dev/mem for entry point. > > /dev/mem: Operation not permitted > > > > I guess this is similar to > > http://marc.info/?l=openbsd-misc&m=147575799412450&w=2 > > > > where stu@ said: > > "Kernel virtual memory access is no longer permitted by the kernel on a > > normally running system. The relevant parts of net-snmp will need to be > > disabled or rewritten" > > sthen@ != stu@ > > > Any way to get through that and read DMI entries? > > There is a sysctl kern.allowkmem: > >KERN_ALLOWKMEM >Allow userland processes access to /dev/kmem. When running with a >securelevel(7) greater than 0, this variable may not be changed. > For the simple reason that this is 2016 not 1986, and userland code that can sniff through the kernel's physical address space is a ridiculous process. It needs to die; or have proper device driver interface that gives it exactly what it needs.
Re: dmidecode and access to /dev/mem denied
On 21/10/16 16:54, Stuart Henderson wrote: > On 2016-10-21, Kapetanakis Giannis wrote: >> >> where stu@ said: >> "Kernel virtual memory access is no longer permitted by the kernel on a >> normally running system. The relevant parts of net-snmp will need to be >> disabled or rewritten" > > sthen@ != stu@ Sorry for that. Saw the uid on your domain and thought it was the same :) >> Any way to get through that and read DMI entries? > > There is a sysctl kern.allowkmem: > >KERN_ALLOWKMEM >Allow userland processes access to /dev/kmem. When running with a >securelevel(7) greater than 0, this variable may not be changed. Thanks for the hint. Just for the records, since I didn't want to set it permanently I did this in /etc/rc.securelevel if [[ -x /usr/local/sbin/dmidecode ]]; then /usr/local/sbin/dmidecode > /var/run/dmidecode.boot fi G ps. Maybe this applies? Index: securelevel.7 === RCS file: /cvs/src/share/man/man7/securelevel.7,v retrieving revision 1.29 diff -u -p -r1.29 securelevel.7 --- securelevel.7 28 Sep 2016 17:58:17 - 1.29 +++ securelevel.7 21 Oct 2016 15:22:49 - @@ -66,7 +66,7 @@ securelevel may no longer be lowered exc .Pa /dev/mem and .Pa /dev/kmem -may not be written to +may not be read or written to .It raw disk devices of mounted file systems are read-only .It
Re: dmidecode and access to /dev/mem denied
On 2016-10-21, Kapetanakis Giannis wrote: > Hi, > > # dmidecode > # dmidecode 3.0 > Scanning /dev/mem for entry point. > /dev/mem: Operation not permitted > > I guess this is similar to > http://marc.info/?l=openbsd-misc&m=147575799412450&w=2 > > where stu@ said: > "Kernel virtual memory access is no longer permitted by the kernel on a > normally running system. The relevant parts of net-snmp will need to be > disabled or rewritten" sthen@ != stu@ > Any way to get through that and read DMI entries? There is a sysctl kern.allowkmem: KERN_ALLOWKMEM Allow userland processes access to /dev/kmem. When running with a securelevel(7) greater than 0, this variable may not be changed.
Re: Build a new kernel for apcupsd
On 2016/10/21 11:42, lilit-aibolit wrote: > On 10/20/2016 07:25 PM, Stuart Henderson wrote: > > On 2016-10-20, lilit-aibolit wrote: > > > Hi list. > > > In recent OpeBSD versions usb devices attached to upd driver. > > > This is why apcupsd doesn't detect APC USB devices. > > > > > > After installing apcupsd there is statement > > > how to deal with above situation: > > > ... > > > The option with fewest side-effects is to add the following entries to > > > the table in /sys/dev/usb/usb_quirks.c and build a new kernel: > > > > > > { USB_VENDOR_APC, USB_PRODUCT_APC_UPS, ANY, { UQ_BAD_HID }}, > > > { USB_VENDOR_APC, USB_PRODUCT_APC_UPS5G, ANY, { UQ_BAD_HID }}, > > > > > > Alternatively, if you do not use a USB keyboard/mouse, you could simply > > > disable the upd and uhid drivers. The following line creates a new kernel > > > with the relevant changes: > > > > > > printf 'disable uhid\ndisable upd\nquit\n' | config -e -o /bsd.no-uhid > > > /bsd > > > ... > > > Second option isn't suitable because I have usb keyboard > > > and on very rare occasions it's used to fix something locally. > > > So regardless of undefined "fewest side-effects" I have to use > > > first option and build new kernel. I downloaded and extracted > > > src.tar.gz and sys.tar.gz into /usr/src. Then I modified usb_quirks.c file > > > and added specified lines into usb_quirks[] table. > > See the "Build and install a new kernel" step in release(8). > > > > > Then I've read faq5.html and man config but didn't get > > > a clue how to build new kernel with applied changed in usb_quirks.c file. > > > > > > In config man page there is statement that "Most people save their > > > backup kernels as //bsd.1/, //bsd.2/, etc." I'd also like to know how to > > > save my current kernel > > cp(1) > > > > > and how to switch between new and old ones in case > > > of some troubles with new kernel. > > at the boot-loader prompt, you can type "boot bsd.1" > > > > > Hi and thanks for your answer. > I followed steps in release(8) and executed: > > # cd /usr/src/sys/arch/i386/conf/ > # config GENERIC.MP > # cd ../compile/GENERIC.MP/ > # make clean && make > > However the size of my current kernel > is exactly the same as just built one: > > # ls -la /bsd > -rw-r--r-- 1 root wheel 10628645 May 5 2015 /bsd > # ls -la ./bsd > -rwxr-xr-x 1 root wsrc 10628645 Oct 21 11:24 ./bsd > > Is it expected result and new kernel > includes changes in usb_quirks.c? You don't give enough information to be able to tell. Why don't you try it and compare dmesg?
Re: OT: shell / terminal / console / tty / cua / getty
2016-10-21 12:04 GMT+02:00 Mihai Popescu : > terminal: physical stuff, keyboard + screen + serial port for > mainframe connection Relevant: https://www.jwz.org/blog/2016/10/export-termaaa-60/ > enough. Also a link or a book indication for all this stuff will be > fine. We have man pages and wikipedia exists. :-) Best Martin
dmidecode and access to /dev/mem denied
Hi, # dmidecode # dmidecode 3.0 Scanning /dev/mem for entry point. /dev/mem: Operation not permitted I guess this is similar to http://marc.info/?l=openbsd-misc&m=147575799412450&w=2 where stu@ said: "Kernel virtual memory access is no longer permitted by the kernel on a normally running system. The relevant parts of net-snmp will need to be disabled or rewritten" Any way to get through that and read DMI entries? thanks G
Re: Build a new kernel for apcupsd
On 10/20/2016 07:25 PM, Stuart Henderson wrote: On 2016-10-20, lilit-aibolit wrote: Hi list. In recent OpeBSD versions usb devices attached to upd driver. This is why apcupsd doesn't detect APC USB devices. After installing apcupsd there is statement how to deal with above situation: ... The option with fewest side-effects is to add the following entries to the table in /sys/dev/usb/usb_quirks.c and build a new kernel: { USB_VENDOR_APC, USB_PRODUCT_APC_UPS, ANY, { UQ_BAD_HID }}, { USB_VENDOR_APC, USB_PRODUCT_APC_UPS5G, ANY, { UQ_BAD_HID }}, Alternatively, if you do not use a USB keyboard/mouse, you could simply disable the upd and uhid drivers. The following line creates a new kernel with the relevant changes: printf 'disable uhid\ndisable upd\nquit\n' | config -e -o /bsd.no-uhid /bsd ... Second option isn't suitable because I have usb keyboard and on very rare occasions it's used to fix something locally. So regardless of undefined "fewest side-effects" I have to use first option and build new kernel. I downloaded and extracted src.tar.gz and sys.tar.gz into /usr/src. Then I modified usb_quirks.c file and added specified lines into usb_quirks[] table. See the "Build and install a new kernel" step in release(8). Then I've read faq5.html and man config but didn't get a clue how to build new kernel with applied changed in usb_quirks.c file. In config man page there is statement that "Most people save their backup kernels as //bsd.1/, //bsd.2/, etc." I'd also like to know how to save my current kernel cp(1) and how to switch between new and old ones in case of some troubles with new kernel. at the boot-loader prompt, you can type "boot bsd.1" Hi and thanks for your answer. I followed steps in release(8) and executed: # cd /usr/src/sys/arch/i386/conf/ # config GENERIC.MP # cd ../compile/GENERIC.MP/ # make clean && make However the size of my current kernel is exactly the same as just built one: # ls -la /bsd -rw-r--r-- 1 root wheel 10628645 May 5 2015 /bsd # ls -la ./bsd -rwxr-xr-x 1 root wsrc 10628645 Oct 21 11:24 ./bsd Is it expected result and new kernel includes changes in usb_quirks.c?
OT: shell / terminal / console / tty / cua / getty
Hello, I was asking long time ago about a terminal here, and I got some good answers from people who might been using it back in time. That question was a begining for understanding what is the relation among all the stuff from the post subject. Please help with some clarifications if you can. I'm not saying I have no idea about each of them, but I hardly understand the relation among them. So, here is what I know or I think I know so far: shell: software, used for user interraction, commands for the OS,etc. terminal: physical stuff, keyboard + screen + serial port for mainframe connection console: ? stdout, stderr, xconsole? have no idea yet! tty: software, but that's all i know! maybe to manage a terminal at server side? cua: software, device for interraction with serial port of the computer getty: software to manage tty? Don't bother with OS implementation details, a relation description is enough. Also a link or a book indication for all this stuff will be fine. Thank you very much.
Re: 4th nic for pcengines apu2
Fri, 21 Oct 2016 09:32:08 +0200 Marc Peters > Am 10/20/16 um 18:26 schrieb Stuart Henderson: > > > > You should find out if they have IPMI. Standard config on many Supermicros > > is to have it enabled, sharing the first main network port if you don't have > > anything plugged into the dedicated one, with the same password on every > > machine. You do not want this. > > > > Yeah, we have a couple of Supermicros, which have IPMI. Actually, the > IPMI will share any connected onboard nic, if the dedicated is not > connected. These machines at least don't have IPMI and i don't know, if > you can buy any equipped with IPMI. > Hi Marc, You can use these online resources to locate your motherboard and verify its capabilities or if there is new BIOS and IPMI firmware respectively: Supermicro: Motherboard Matrix http://www.supermicro.com/ResourceApps/MB_matrix.aspx Supermicro: Firmware List http://supermicro.com/support/bios/firmware0.aspx Thomas Krenn Wiki: (Supermicro) Motherboards https://www.thomas-krenn.com/en/wiki/Category:Motherboards A basic search for secure IPMI deployment guide will be of good results. Kind regards, Anton
Re: Because Theo de Raadt said that the buttons are for idiots?
The poster is just trolling, and trying to get reactions. Don't answer. On 2016 Oct 20 (Thu) at 23:57:26 +0200 (+0200), Alexander Hall wrote: :On this list, English is the language to use, and Google translate does not :cut it. I do think I understand what you're after, but have someone help you :write comprehensible English and try again. : :/Alexander : :On October 20, 2016 8:11:20 PM GMT+02:00, SOUL_OF_ROOT 55 : wrote: :>Because nobody answer? :> :>2016-10-18 18:45 GMT-02:00 SOUL_OF_ROOT 55 : :> :>> Because Theo de Raadt said that the buttons are for idiots? :>> :>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/ :>> Attic/theo.c?rev=1.125 :>> :>> Peoples that participate in IRC of openbsd-br suggested for me ask :>this :>> here in openbsd misc and for the Theo de Raadt.
Re: 4th nic for pcengines apu2
Am 10/20/16 um 18:26 schrieb Stuart Henderson: > > You should find out if they have IPMI. Standard config on many Supermicros > is to have it enabled, sharing the first main network port if you don't have > anything plugged into the dedicated one, with the same password on every > machine. You do not want this. > Yeah, we have a couple of Supermicros, which have IPMI. Actually, the IPMI will share any connected onboard nic, if the dedicated is not connected. These machines at least don't have IPMI and i don't know, if you can buy any equipped with IPMI.