[Confirme] Netfilter iptables (suite)

Fri, 20 Jun 2003 14:30:34 -0700

Pour info j’utilise une Mandrake 9.0

Voici un extrait de mes logs où l’on voit le passge à l’etat promiscuous de eth0 puis

le retour au mode normal

 

jun 14 22:12:28 localhost xfs: Démarrage de xfs succeeded

Jun 14 22:12:28 localhost xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/drakfont (unreadable)

Jun 14 22:12:28 localhost xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/drakfont/Type1 (unreadable)

Jun 14 22:12:28 localhost xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/drakfont/ttf (unreadable)

jun 14 22:12:28 localhost netfs: Montage des autres systèmes de fichiers :  succeeded

Jun 14 22:12:29 localhost apmd[1203]: Version 3.0.2 (APM BIOS 1.2, Linux driver 1.16)

jun 14 22:12:29 localhost apmd: Démarrage de apmd succeeded

jun 14 22:12:29 localhost dm: Starting display manager:

jun 14 22:12:29 localhost dm: Démarrage du gestionnaire d'affichage succeeded

jun 14 22:12:29 localhost dm:

jun 14 22:12:29 localhost rc: Lancement de dm :  succeeded

jun 14 22:12:29 localhost upmon[1241]: no UPSMON definitions in /etc/ups/

Jun 14 22:12:29 localhost xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/pcf_drakfont:unscaled (unreadable)

jun 14 22:12:29 localhost atd: Démarrage de atd succeeded

Jun 14 22:12:30 localhost saslauthd[1277]: START: saslauthd 1.5.27

jun 14 22:12:30 localhost saslauthd: Démarrage de saslauthd succeeded

Jun 14 22:12:30 localhost apmd[1203]: Charge: * * * (-1% unknown)

Jun 14 22:12:30 localhost saslauthd[1283]: daemon started, listening on /var/lib/sasl/mux

Jun 14 22:12:30 localhost kdm_config[1278]: Invalid option value 'All' at /usr/share/config/kdm/kdmrc:67

Jun 14 22:12:32 localhost xinetd[1305]: xinetd Version 2.3.7 started with libwrap options compiled in.

Jun 14 22:12:32 localhost xinetd[1305]: Started working: 1 available service

Jun 14 22:12:33 localhost xinetd: xinetd startup succeeded

Jun 14 22:12:33 localhost kernel: parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE,EPP]

Jun 14 22:12:33 localhost kernel: parport0: irq 7 detected

Jun 14 22:12:34 localhost kernel: parport0: Printer, HEWLETT-PACKARD DESKJET 950C

Jun 14 22:12:34 localhost kernel: lp0: using parport0 (polling).

jun 14 22:12:40 localhost cups: Démarrage de cupsd succeeded

jun 14 22:12:40 localhost rwhod: Démarrage de rwhod succeeded

jun 14 22:12:40 localhost loadkeys: Loading /usr/lib/kbd/keymaps/i386/azerty/fr-latin1.kmap.gz

jun 14 22:12:40 localhost keytable: Chargement du affectation clavier : fr-latin1 succeeded

jun 14 22:12:40 localhost loadkeys: Loading /usr/lib/kbd/keymaps/include/compose.latin9.inc.gz

jun 14 22:12:40 localhost keytable: Chargement des touches compose: compose.latin9.inc succeeded

jun 14 22:12:40 localhost keytable:  succeeded

jun 14 22:12:41 localhost postfix: Lancement du service de courrier Postfix :

jun 14 22:12:44 localhost postfix:  succeeded

jun 14 22:12:44 localhost postfix: ^[[65G[^[[1;32m

jun 14 22:12:44 localhost postfix:

jun 14 22:12:44 localhost rc: Lancement de postfix :  succeeded

Jun 14 22:12:45 localhost prelude_report: - Initializing report plugins

Jun 14 22:12:45 localhost prelude_report: ^IInitialized FileMod.

Jun 14 22:12:45 localhost prelude_report: htmlmod.c:setup_htmldoc:90 : (errno=No such file or directory) :

Jun 14 22:12:45 localhost prelude_report: couldn't delete /var/log/prelude/html/latest

Jun 14 22:12:45 localhost prelude_report: ^IInitialized XmlMod.

Jun 14 22:12:45 localhost prelude_report: - Starting Prelude Report as a daemon.

Jun 14 22:12:45 localhost prelude_report: Daemon started, PID is 1663.

Jun 14 22:12:45 localhost prelude_report: - Starting report server

Jun 14 22:12:45 localhost prelude_report: ^IStarting Unix report server.

jun 14 22:12:46 localhost prelude: Démarrage de prelude_report succeeded

Jun 14 22:12:46 localhost kernel: eth0: Promiscuous mode enabled.

Jun 14 22:12:46 localhost kernel: device eth0 entered promiscuous mode

Jun 14 22:12:46 localhost prelude:  Prelude, (c) 1998 - 2001 Vandoorselaere Yoann. Developed under the GPL license. 

Jun 14 22:12:46 localhost prelude: - Initializing rules engine.

Jun 14 22:12:46 localhost prelude: - Initializing protocols plugins.

Jun 14 22:12:46 localhost prelude: ^I^IHttpMod subscribed for "http" protocol handling.

Jun 14 22:12:46 localhost prelude: ^I^IRpcMod subscribed for "rpc" protocol handling.

Jun 14 22:12:46 localhost prelude: ^I^ITelnetMod subscribed for "telnet" protocol handling.

Jun 14 22:12:46 localhost prelude: - Initializing detections plugins.

Jun 14 22:12:46 localhost prelude: ^I^IArpSpoof subscribing to : "[

Jun 14 22:12:46 localhost prelude: ARP

Jun 14 22:12:46 localhost prelude: ]".

Jun 14 22:12:46 localhost prelude: ^I^IScanDetect subscribing to : "[

Jun 14 22:12:46 localhost prelude: TCP

Jun 14 22:12:46 localhost prelude: ,

Jun 14 22:12:46 localhost prelude: UDP

Jun 14 22:12:46 localhost prelude: ]".

Jun 14 22:12:46 localhost prelude: snort-rules.c:parse_signature_file:355 : (errno=No such file or directory) :

Jun 14 22:12:46 localhost prelude: error opening '/etc/prelude/prelude.rules'.

Jun 14 22:12:46 localhost prelude: ^I^ISignature engine added 0 and ignored 0 signature.

Jun 14 22:12:46 localhost prelude: - Initializing Report Queue.

Jun 14 22:12:46 localhost prelude: - Starting Prelude as a daemon.

Jun 14 22:12:46 localhost prelude: - Initializing connection to report server.

Jun 14 22:12:46 localhost prelude: ^I- Connecting to Unix prelude report server.

Jun 14 22:12:46 localhost prelude_report: new local connection.

Jun 14 22:12:46 localhost prelude: - Initializing packet capture

Jun 14 22:12:46 localhost prelude: Daemon started, PID is 1674.

jun 14 22:12:46 localhost prelude: Démarrage de prelude succeeded

jun 14 22:12:46 localhost numlock: Lancement du verrouillage numérique:

jun 14 22:12:46 localhost numlock:

jun 14 22:12:46 localhost rc: Lancement de numlock :  succeeded

jun 14 22:12:47 localhost internet: No connection to start succeeded

Jun 14 22:12:47 localhost crond[1736]: (CRON) STARTUP (fork ok)

jun 14 22:12:47 localhost crond: Démarrage de crond succeeded

jun 14 22:12:47 localhost mysql:  succeeded

jun 14 22:12:48 localhost safe_mysqld: Starting mysqld daemon with databases from /var/lib/mysql

jun 14 22:12:48 localhost su(pam_unix)[1781]: session opened for user postgres by (uid=0)

jun 14 22:12:49 localhost su(pam_unix)[1781]: session closed for user postgres

jun 14 22:12:50 localhost postgresql: Starting postgresql service:  succeeded

jun 14 22:12:50 localhost start: Starting Webmin server in /usr/share/webmin

jun 14 22:12:51 localhost webmin: Lancement de Webmin succeeded

jun 14 22:12:52 localhost lisa: Lancement de lisa :  succeeded

jun 14 22:12:52 localhost rc: Lancement de kheader :  succeeded

Jun 14 22:12:52 localhost devfsd[114]: Caught SIGHUP

Jun 14 22:12:52 localhost devfsd[114]: unknown group: "video", defaulting to GID=0

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//dvd.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//hdb.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//dynamic.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//rdvd.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//mouse.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfs/conf.d//psaux.conf"

Jun 14 22:12:52 localhost devfsd[114]: read config file: "/etc/devfsd.conf"

jun 14 22:12:52 localhost devfsd: Actions devfsd actives: succeeded

jun 14 22:12:53 localhost netconf:   Vérification de la configuration du noyau

jun 14 22:12:53 localhost linuxconf: Running Linuxconf hooks:  succeeded

Jun 14 22:12:53 localhost kernel: Splash status on console 0 changed to off

jun 14 22:12:53 localhost echo: 0

jun 14 22:12:53 localhost rc: Désactivation du logo de démarrage succeeded

Jun 14 22:12:56 localhost kde3(pam_unix)[1306]: session opened for user carole by (uid=0)

Jun 14 22:12:56 localhost kernel: inserting floppy driver for 2.4.19-16mdk

Jun 14 22:12:56 localhost kernel: Floppy drive(s): fd0 is 1.44M

Jun 14 22:12:56 localhost kernel: FDC 0 is a post-1991 82077

Jun 14 22:12:56 localhost kernel: Attached scsi CD-ROM sr0 at scsi0, channel 0, id 2, lun 0

Jun 14 22:12:56 localhost kernel: sr0: scsi3-mmc drive: 4x/40x writer cd/rw xa/form2 cdda tray

Jun 14 22:13:57 localhost sudo:   carole : TTY=unknown ; PWD=/home/carole ; USER=root ; COMMAND=/usr//bin/start-adsl

Jun 14 22:13:57 localhost modem_run[2273]: modem_run version CVS_19_11_2002 started by root uid 0

Jun 14 22:13:59 localhost kernel: usb_control/bulk_msg: timeout

Jun 14 22:13:59 localhost kernel: usbdevfs: USBDEVFS_BULK failed dev 2 ep 0x85 len 512 ret -110

Jun 14 22:14:19 localhost modem_run[2273]: ADSL synchronization has been obtained

Jun 14 22:14:19 localhost modem_run[2273]: ADSL line is up (608 kbit/s down | 160 kbit/s up)

Jun 14 22:14:20 localhost kernel: CSLIP: code copyright 1989 Regents of the University of California

Jun 14 22:14:20 localhost kernel: PPP generic driver version 2.4.2

Jun 14 22:14:20 localhost pppd[2313]: pppd 2.4.1 started by root, uid 0

Jun 14 22:14:20 localhost pppoa3[2314]: pppoa3 version CVS_19_11_2002 started by root (uid 0)

Jun 14 22:14:20 localhost pppoa3[2314]: Control thread ready

Jun 14 22:14:20 localhost pppd[2313]: Using interface ppp0

Jun 14 22:14:20 localhost pppd[2313]: Connect: ppp0 <--> /dev/pts/2

Jun 14 22:14:20 localhost /etc/hotplug/net.agent: assuming ppp0 is already up

Jun 14 22:14:20 localhost kernel: HDLC line discipline: version $Revision: 3.3 $, maxframe=4096

Jun 14 22:14:20 localhost kernel: N_HDLC line discipline registered.

Jun 14 22:14:20 localhost pppoa3[2328]: host  --> pppoa3 --> modem stream ready

Jun 14 22:14:20 localhost pppoa3[2329]: modem --> pppoa3 --> host  stream ready

jun 14 22:14:21 localhost su(pam_unix)[2308]: session opened for user root by carole(uid=502)

Jun 14 22:14:24 localhost pppd[2313]: local  IP address 81.53.248.193

Jun 14 22:14:24 localhost pppd[2313]: remote IP address 193.253.160.3

Jun 14 22:14:24 localhost pppd[2313]: primary   DNS address 193.252.19.3

Jun 14 22:14:24 localhost pppd[2313]: secondary DNS address 193.252.19.4

jun 14 22:20:49 localhost su(pam_unix)[2308]: session closed for user root

Jun 14 22:20:57 localhost kde3(pam_unix)[1306]: session closed for user carole

Jun 14 22:20:58 localhost gpm[1036]: info: [mice.c(1751)]:

Jun 14 22:20:58 localhost gpm[1036]: imps2: Auto-detected intellimouse PS/2

Jun 14 22:20:59 localhost init: Switching to runlevel: 6

Jun 14 22:21:00 localhost kernel: Splash status on console 0 changed to on

jun 14 22:21:00 localhost lisa: Arrêt de lisa :  succeeded

jun 14 22:21:00 localhost dm: Stopping display manager:

jun 14 22:21:00 localhost dm: arrêt du gestionnaire d'affichage succeeded

jun 14 22:21:00 localhost dm:

jun 14 22:21:00 localhost rc: Arrêt de dm :  succeeded

jun 14 22:21:00 localhost devfsd: Arrêt de devfsd succeeded

jun 14 22:21:00 localhost devfsd: Stopping devfsd daemon:  succeeded

Jun 14 22:21:00 localhost Font Server[1147]: terminating

jun 14 22:21:00 localhost xfs: Arrêt de xfs succeeded

jun 14 22:21:00 localhost internet: No connection to stop succeeded

jun 14 22:21:01 localhost gpm: Arrêt de gpm succeeded

jun 14 22:21:01 localhost numlock:

jun 14 22:21:01 localhost rc: Arrêt de numlock :  succeeded

jun 14 22:21:01 localhost rc: Arrêt de kheader :  succeeded

jun 14 22:21:01 localhost rc: Arrêt de partmon :  succeeded

jun 14 22:21:01 localhost rwhod: Arrêt de rwhod succeeded

jun 14 22:21:01 localhost stop: Stopping Webmin server in /usr/share/webmin

jun 14 22:21:01 localhost webmin: Lancement de Webmin succeeded

jun 14 22:21:01 localhost postfix: Arrêt du service de courrier Postfix :

jun 14 22:21:01 localhost postfix:  succeeded

jun 14 22:21:01 localhost postfix: ^[[65G[^[[1;32m

jun 14 22:21:01 localhost postfix:

jun 14 22:21:01 localhost rc: Arrêt de postfix :  succeeded

Jun 14 22:21:01 localhost prelude: rsend.c:sigpipe_handler:71 : (errno=Success) :

Jun 14 22:21:01 localhost prelude: PID 1674 caught pipe signal.

Jun 14 22:21:01 localhost prelude: 28 packets received by filter. (prelude counted), will reset after 2e64-1.

Jun 14 22:21:01 localhost prelude: 0 packets dropped by the kernel. 

Jun 14 22:21:01 localhost prelude: Average cpu time by packet : 0.000000s, 0.000000ms, 0.000000us. 

Jun 14 22:21:01 localhost prelude: Page reclaims = 27

Jun 14 22:21:01 localhost prelude: Page faults = 4

Jun 14 22:21:01 localhost prelude: Swap = 0

Jun 14 22:21:01 localhost kernel: device eth0 left promiscuous mode

Jun 14 22:21:01 localhost prelude_report: closing local connection.

Jun 14 22:21:01 localhost prelude: HttpMod

Jun 14 22:21:01 localhost prelude: (infos=http) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 26 time : 0.000001s average

Jun 14 22:21:01 localhost prelude: RpcMod

Jun 14 22:21:01 localhost prelude: (infos=rpc) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 26 time : 0.000002s average

Jun 14 22:21:01 localhost prelude: TelnetMod

Jun 14 22:21:01 localhost prelude: (infos=telnet) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 26 time : 0.000001s average

Jun 14 22:21:01 localhost prelude: ArpSpoof

Jun 14 22:21:01 localhost prelude: (infos=ARP) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 4 time : 0.000002s average

Jun 14 22:21:01 localhost prelude: ScanDetect

Jun 14 22:21:01 localhost prelude: (infos=TCP) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 0 time : nans average

Jun 14 22:21:01 localhost prelude: ScanDetect

Jun 14 22:21:01 localhost prelude: (infos=UDP) :

Jun 14 22:21:01 localhost prelude: ^I^I- plugin: called 23 time : 0.000027s average

Jun 14 22:21:01 localhost prelude: Asynchronous I/O subsystem flushed 0 alerts.

jun 14 22:21:01 localhost prelude: Arrêt de prelude succeeded

Jun 14 22:21:01 localhost prelude_report: Caught signal 15.

jun 14 22:21:02 localhost prelude: Arrêt de prelude_report succeeded

Jun 14 22:21:02 localhost xinetd[1305]: Exiting...

jun 14 22:21:02 localhost xinetd: Arrêt de xinetd succeeded

jun 14 22:21:02 localhost atd: Arrêt de atd succeeded

jun 14 22:21:02 localhost crond: Arrêt de crond succeeded

jun 14 22:21:02 localhost cups: Arrêt de cupsd succeeded

Jun 14 22:21:02 localhost saslauthd[1283]: Caught signal 15. Cleaning up and terminating.

jun 14 22:21:02 localhost saslauthd: Arrêt de saslauthd succeeded

jun 14 22:21:03 localhost sound: Sauvegarde des réglages du son succeeded

Jun 14 22:21:03 localhost apmd[1203]: Exiting

jun 14 22:21:04 localhost apmd: Arrêt de apmd succeeded

jun 14 22:21:04 localhost dd: 1+0 enregistrements lus.

jun 14 22:21:04 localhost dd: 1+0 enregistrements écrits.

jun 14 22:21:04 localhost random: Sauvegarde de la graine aléatoire :  succeeded

Jun 14 22:21:04 localhost rpc.statd[1018]: Caught signal 15, un-registering and exiting.

jun 14 22:21:04 localhost nfslock: Arrêt de rpc.statd succeeded

Jun 14 22:21:04 localhost kernel: Kernel logging (proc) stopped.

Jun 14 22:21:04 localhost kernel: Kernel log daemon terminating.

Jun 14 22:21:05 localhost exiting on signal 15

Jun 14 22:22:07 localhost syslogd 1.4.1: restart.

Répondre à