A logging issue.
For some time now both ipchains and ntpd stopped logging their events to their usual log files. Here these log files are kern.log and ntpd.log, and maybe other log files. Moreover, ipchains did write its logging rules to the terminal but not to the log files. Both ipchains, ntpd and syslogd seem to otherwise work correctly. I believe that this behavior has started after apt-get install ipchians and/or syslogd to their current woody versions in order to keep track of woody, but not sure about it. Rebooting the machine made the log files show their usual messages. Did anyone else noticed the same behavior? Is this an issue with the configuration of the machine or a bug somewhere? -- Shaul Karl email: shaulka(replace with the at - @ - character)bezeqint.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: stoppling console logging
On Wed, Apr 17, 2002 at 11:24:14AM -0400, Ben Collins wrote: On Wed, Apr 17, 2002 at 08:32:33AM -0400, Rick Pasotto wrote: syslog keeps sending messages to whichever console I happen to be on, thus messing up the display. Recently I started getting these messages every couple of minutes because of mailman: PAM_unix[24436]: (cron) session opened for user list by (uid=0) PAM_unix[24436]: (cron) session closed for user list How can I stop the *console* logging or at least get the messages to all go to the same console (prfereably #8) instead of following me around? Restart cron in this case: /etc/init.d/cron restart Whatever that was supposed to do, it didn't make any difference. -- If a thousand men were not to pay their tax bills, that would not be so violent and bloody a measure as it would be to pay them and enable the state to commit violence and shed innocent blood. - Henry David Thoreau Rick Pasotto[EMAIL PROTECTED]http://www.niof.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: stoppling console logging
On Wed, Apr 17, 2002 at 09:27:18PM -0400, Rick Pasotto wrote: /etc/init.d/cron restart Whatever that was supposed to do, it didn't make any difference. I think you are trying to get rid of the messages syslog(?) directs to the console. I believe your solution lies in the tweaking of the /etc/syslog.conf file. Read through it, there is a section that talks about redirecting messages. The tweak is relatively straightforward. -Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Logging transactions
Is there some way for me to write this info to a log file for troubleshooting, and still be able to see it on the screen? man tee HTH Stony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables not logging (much)
I cannot get my iptables firewall to log syslog.conf: kern.* -/var/log/kern.log lsmod shows ipt_LOG moduled loaded I created this test firewall in an attempt to log something iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination LOGall -- anywhere anywhere LOG level emerg Chain FORWARD (policy ACCEPT) target prot opt source destination LOGall -- anywhere anywhere LOG level emerg ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination LOGall -- anywhere anywhere LOG level emerg I get nothing in the logs. However, some firewall logging does work. For instance I can log martians with: for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo 1 $f done Any ideas on how to get logging to work? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Logging input and output
Send and receive Hotmail on your mobile device: Click Here -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Logging transactions
Hi All, I'm using Debian 2.2r5. Is there some place that the input and output that you see on the screen gets logged? I'm trying to install some software from a cd-rom, and I get through about 75% percent of the installation (15 screens full of information that scrolls by pretty quickly), before I run into an error. Is there some way for me to write this info to a log file for troubleshooting, and still be able to see it on the screen? Thanks, Tony.Join the worlds largest e-mail service with MSN Hotmail. Click Here -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logging transactions
On Sat, 2002-03-30 at 19:43, Tony Anand wrote: Hi All, I'm using Debian 2.2r5. Is there some place that the input and output that you see on the screen gets logged? I'm trying to install some software from a cd-rom, and I get through about 75% percent of the installation (15 screens full of information that scrolls by pretty quickly), before I run into an error. Is there some way for me to write this info to a log file for troubleshooting, and still be able to see it on the screen? You can use the command script to capture the screen output of an entire session. It is in a required package, so you should already have it on your system. -- Oliver Elphick[EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C But the fruit of the Spirit is love, joy, peace, patience, kindness, goodness, faithfulness, gentleness, self control; against such there is no law.Galatians 5:22,23 signature.asc Description: This is a digitally signed message part
Re: Logging transactions
On Sat, 30 Mar 2002, Tony Anand wrote: Hi All, I'm using Debian 2.2r5. Is there some place that the input and output that you see on the screen gets logged? I'm trying to install some software from a cd-rom, and I get through about 75% percent of the installation (15 screens full of information that scrolls by pretty quickly), before I run into an error. Is there some way for me to write this info to a log file for troubleshooting, and still be able to see it on the screen? Thanks, Tony. man script -- Dave Mallery, K5EN (r/h 7.2 krud; debian woody+ximian) PO Box 520 Ramah, NM 87321 no gates .~. no windows... /V\ /( )\ running GNU/Linux ^^-^^ (Linux TM Linus Torvalds) free at last! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Iptables keeps logging to console (eventhough of dmesg -n 1)
Greetings, I (and one other fellow too) have suffered of the problem which is iptables' logging related. Iptables keeps logging to the local console eventhough I have typed dmesg -n 1. Dmesg's manual says the following: For example, -n 1 prevents all messages, expect panic messages, from appearing on the console. However, they will also appear in the log files (and dmesg of course). I am using Linux 2.4.18 (and the other fellow uses 2.4.17) and Debian testing. I didn't do an official bug report, because I am not that sure if the bug is iptables related. Notice! I am not on the list so please also reply to me privately.
Re: Iptables keeps logging to console (eventhough of dmesg -n 1)
On Mon, 2002-03-18 at 11:18, Karo Salminen wrote: Greetings, I (and one other fellow too) have suffered of the problem which is iptables' logging related. Iptables keeps logging to the local console eventhough I have typed dmesg -n 1. Dmesg's manual says the following: For example, -n 1 prevents all messages, expect panic messages, from appearing on the console. However, they will also appear in the log files (and dmesg of course). I am using Linux 2.4.18 (and the other fellow uses 2.4.17) and Debian testing. I didn't do an official bug report, because I am not that sure if the bug is iptables related. Notice! I am not on the list so please also reply to me privately. Read up on klogd. These messages are from the kernel and can be controlled by configuring the kernel log daemon. Swiped from the manpage: For example, to have the kernel display all mes sages with a priority level of 3 (KERN_ERR) or more severe the following command would be executed: klogd -c 4 --mike signature.asc Description: This is a digitally signed message part
Re: [Fwd: PAM Critical error, but no logging]
Okay, (Doh!) it looks like I don't have the cracklib_dict.pwd file
installed on the system where PAM doesn't work with cracklib. I've
tried apt-get remove-ing and re-installing any crack-related packages
I've been able to find using apt-cache, but still no *_dict.* files.
I've also searched the old mailing list archives for this, so either
this is a bug or anomaly in the progression of packages, and in either
case there's no evidence anybody has known about it up until now. I'm
betting it's a part of some normal package I'd put in on a complete
install but which I just cannot presently think of. At any rate, I'd
like two forms of feedback:
1) What is the stable package I need to install to get these *_dict.*
files?
2) Does anyone have any suggestions on how to better search for this
kind of problem using the apt-* facilities?
TIA. I'll forward the final results to the pam-list, as I presume most
of you are not on that. See Igmar's comments below for more
information.
Sincerely, Xeno
Igmar Palsenberg wrote:
Hi,
This is the actual problem :
stat(/var/cache/cracklib/cracklib_dict.pwd, 0xbfff9a1c) = -1 ENOENT
It's also consitent with the code (pam_cracklib.c) :
if (!stat(buf,st) st.st_size)
return PAM_SUCCESS;
else {
if (ctrl PAM_DEBUG_ARG)
_pam_log(LOG_NOTICE,dict path '%s'[.pwd] is invalid,
CRACKLIB_DICTPATH);
return PAM_ABORT;
}
In other words : It can't find your dicts file. What I do find strange it
the path it is looking for : /var/cache/cracklib. On all RH systems I've
been on it's in /usr/lib
You have two options : Make a symlink, copy the files, etc, or recompile
the cracklib module.
Igmar
--
http://www.eskimo.com/~xeno
[EMAIL PROTECTED]
Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
PAM Critical error, but no logging
I've honestly been looking at this for a couple of hours now (and have been reading about PAM for a couple of days) and have mainly established that I myself am not crazy. I have a new configuration for the file /etc/pam.d/passwd as follows: authrequired/lib/security/pam_pwdb.so account required/lib/security/pam_pwdb.so passwordrequired/lib/security/pam_cracklib.so retry=3 minlen=32 passwordrequired/lib/security/pam_pwdb.so md5 use_authtok but when I give the passwd command to change my password, I get the following error: passwd: Critical error - immediate abort I get no message in the /var/log directory for this. Also, when I use the distribution defaults the passwd command prompts just fine without the error. It also fails similarly when I use: passwordrequiredpam_cracklib.so retry=3 passwordrequiredpam_unix.so use_authtok nullok md5 but it succeeds when I leave off pam_cracklib.so and just use the default setting from the distribution: passwordrequiredpam_unix.so nullok obscure min=4 max=8 md5 I've looked at the modules, and they are all in /lib/security. I even tried uninstalling and then reinstalling libpam-modules and it's the same. I also tried upgrading form kernel 2.2.17 to kernel 2.2.19, and it didn't change. Finally, I have another debian stable machine which has the same environment (as near as I can tell of course) that works with the pam_cracklib.so module and the pam_unix.so module together just fine. So, I'm perplexed. The really bothersome thing is that I can't find any diagnostic output. I search for pam in the /var/log directory, and the only pam related stuff is old from other problems this afternoon that I fixed because there were diagnostic messages explaining the problems. So, did I find a bug, or am I doing something stupid here? -- http://www.eskimo.com/~xeno [EMAIL PROTECTED] Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
Re: PAM Critical error, but no logging
Xeno Campanoli wrote: Sorry, I forgot to say this was on stable, using 2.2.17 and then moving to 2.2.19. I've honestly been looking at this for a couple of hours now (and have been reading about PAM for a couple of days) and have mainly established that I myself am not crazy. I have a new configuration for the file /etc/pam.d/passwd as follows: authrequired/lib/security/pam_pwdb.so account required/lib/security/pam_pwdb.so passwordrequired/lib/security/pam_cracklib.so retry=3 minlen=32 passwordrequired/lib/security/pam_pwdb.so md5 use_authtok but when I give the passwd command to change my password, I get the following error: passwd: Critical error - immediate abort I get no message in the /var/log directory for this. Also, when I use the distribution defaults the passwd command prompts just fine without the error. It also fails similarly when I use: passwordrequiredpam_cracklib.so retry=3 passwordrequiredpam_unix.so use_authtok nullok md5 but it succeeds when I leave off pam_cracklib.so and just use the default setting from the distribution: passwordrequiredpam_unix.so nullok obscure min=4 max=8 md5 I've looked at the modules, and they are all in /lib/security. I even tried uninstalling and then reinstalling libpam-modules and it's the same. I also tried upgrading form kernel 2.2.17 to kernel 2.2.19, and it didn't change. Finally, I have another debian stable machine which has the same environment (as near as I can tell of course) that works with the pam_cracklib.so module and the pam_unix.so module together just fine. So, I'm perplexed. The really bothersome thing is that I can't find any diagnostic output. I search for pam in the /var/log directory, and the only pam related stuff is old from other problems this afternoon that I fixed because there were diagnostic messages explaining the problems. So, did I find a bug, or am I doing something stupid here? -- http://www.eskimo.com/~xeno [EMAIL PROTECTED] Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- http://www.eskimo.com/~xeno [EMAIL PROTECTED] Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
postgres 7.1 - too much logging
Hi, thanks to help from this list I now finally have successfully upgraded to postgresql 7.1. But now my syslog gets to much logging from postgres. In postgresql.conf I have: debug_level = 0 log_connections = on log_pid = on log_timestamp = on syslog = 2 # if syslog is 0, turn silent_mode off! silent_mode = off syslog_facility = LOCAL0 trace_notify = off So I would expect there to be no debugging info, but my syslog is full of DEBUG and NOTICE (and other) messages from postgres. How could I effectively reduce the logging to a sensible amount (no debugging, no NOTICES at least)? Thanks in advance! Andreas Goesele
RE: postgres 7.1 - too much logging
| But now my syslog gets to much logging from postgres. In | postgresql.conf I have: | | debug_level = 0 | log_connections = on | log_pid = on | log_timestamp = on | syslog = 2 | # if syslog is 0, turn silent_mode off! | silent_mode = off | syslog_facility = LOCAL0 | trace_notify = off Try these settings debug_level = 0 log_connections = off log_pid = off log_timestamp = off syslog = 0 # if syslog is 0, turn silent_mode off! silent_mode = off syslog_facility = LOCAL0 trace_notify = off HTH, Brooks
Re: postgres 7.1 - too much logging
Hi Andreas! On Mon, 18 Feb 2002, Andreas Goesele wrote: thanks to help from this list I now finally have successfully upgraded to postgresql 7.1. But now my syslog gets to much logging from postgres. In postgresql.conf I have: debug_level = 0 log_connections = on if only localhost is allowed to connect to your postgres database you propably won't need this log_pid = on i don't log process id's unless i need to debug log_timestamp = on don't use that as well syslog = 2 and i use 0 here as well as the system is running like a charm # if syslog is 0, turn silent_mode off! silent_mode = off syslog_facility = LOCAL0 trace_notify = off So I would expect there to be no debugging info, but my syslog is full of DEBUG and NOTICE (and other) messages from postgres. How could I effectively reduce the logging to a sensible amount (no debugging, no NOTICES at least)? if turn off what you don't need only criticle messages are logged. yours martin -- [EMAIL PROTECTED] -- NO HTML MAILS PLEASE PGP/GPG encrypted and signed messages preferred pgpkTgcZ0rwv9.pgp Description: PGP signature
Users activity logging..
i'm wondering if there is a software that would log everything a user types,does,accesses,somewhere in a safe location.. thanx Petre L. Daniel,System Administrator Canad Systems Pitesti Romania, http://www.cyber.ro email:[EMAIL PROTECTED] tel:+4048220044 +4048206200
Re: Users activity logging..
also sprach Petre Daniel [EMAIL PROTECTED] [2002.01.06.1509 +0100]: i'm wondering if there is a software that would log everything a user types,does,accesses,somewhere in a safe location.. i think that the closest you can get without seriously offending your users privacy is process accounting: [1] keeping track of file accesses and keystrokes would IMHO be possible but absolute overkill, and i wouldn't want to be a user on your system... 1. http://www.linuxdoc.org/HOWTO/mini/Process-Accounting/ -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] i have the power to channel my imagination into ever-soaring levels of suspicion and paranoia. pgpEQevBR0hvl.pgp Description: PGP signature
Re: Users activity logging..
Moin, * Petre Daniel [EMAIL PROTECTED] [02-01-06 15:09]: i'm wondering if there is a software that would log everything a user types,does,accesses,somewhere in a safe location.. Yup, it's called Carnivore. http://www.fbi.gov/hq/lab/carnivore/carnivore2.htm Thorsten -- There is no drug known to man which becomes safer when its production and distribution are handed over to criminals.
Re: Users activity logging..
Petre Daniel([EMAIL PROTECTED]) is reported to have said: i'm wondering if there is a software that would log everything a user types,does,accesses,somewhere in a safe location.. thanx reading man script should be what you want. -- The Queue Principle: The longer you wait in line, the greater the likelihood that you are standing in the wrong line. ___
Re: rm logging
on Mon, Dec 03, 2001 at 01:37:12AM +0100, Kim De Smaele ([EMAIL PROTECTED]) wrote: No, I'm running solaris 7 on it. I'just trying to find out a way to setup a logging for the rm command. Not for every user on the entire system, just for some users, defined by default group ( defined in /etc/profile ( ksh )). I was told by one of our OVMS admins that there is a logging available on OVMS. I 'm more looking for a history of all the times 'rm' is used ( executed by user or program ). Please fix your quoting style and use postfix (response follows quoted) style. There is a process accounting package which will log use of specific commands under GNU/Linux, though not with the arguments used. See the Debian acct package for more info. The other option is to provide a wrapper (shell or programmatic) around 'rm' which logs invocations, e.g.: #!/bin/sh # define the real rm command REALRM=path to real 'rm' command # log data to file logger -f /var/log/cmdlog $( date ) $USER $* # run real command on quoted arguments $REALRM $@ Note that it would be trivial for an even slightly experienced user to bypass this facility. Peace. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html pgpt23m3EQOJ1.pgp Description: PGP signature
RE: rm logging
No, I'm running solaris 7 on it. I'just trying to find out a way to setup a logging for the rm command. Not for every user on the entire system, just for some users, defined by default group ( defined in /etc/profile ( ksh )). I was told by one of our OVMS admins that there is a logging available on OVMS. I 'm more looking for a history of all the times 'rm' is used ( executed by user or program ). any ideas? cheers, Kim -Oorspronkelijk bericht- Van: Kirk Strauser [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 30 november 2001 20:17 Aan: debian-user@lists.debian.org Onderwerp: Re: rm logging At 2001-11-30T14:13:05Z, DE SMAELE Kim (BMB) [EMAIL PROTECTED] writes: I am trying to setup an remove logging on a few of our sun E10K development servers. You're running Debian GNU/Linux on an E10K? Not that there's anything wrong with that, but I thought that would be pretty unusual. Is there any one of you who has an idea howto log every rm command ( not in the syslog or with the sysdaemon if possible ). What are you trying to accomplish? Do you want to individually record each and every file that gets deleted, by all programs and users, transparently throughout the entire system? Or do you just want a history of all the times you typed 'rm'? Your answer will greatly influence the responses you get. DISCLAIMER This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. This notice is a little bit goofy when attached to an email to a public mailing list with world-viewable web archives. -- Kirk Strauser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
rm logging
Hi all, I am trying to setup an remove logging on a few of our sun E10K development servers. Is there any one of you who has an idea howto log every rm command ( not in the syslog or with the sysdaemon if possible ). Thanks in advance. Best Regards, Kim De Smaele Proximus Belgacom Mobile IT Infrastructure - Layered Products Solaris system administrator DISCLAIMER "This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer". Thank you for your cooperation. For further information about Proximus mobile phone services please see our website at http://www.proximus.be or refer to any Proximus agent.
Re: rm logging
On Fri, Nov 30, 2001 at 03:13:05PM +0100, DE SMAELE Kim (BMB) wrote: I am trying to setup an remove logging on a few of our sun E10K development servers. Is there any one of you who has an idea howto log every rm command ( not in the syslog or with the sysdaemon if possible ). You will have to recompile rm. You'll also almost certainly have to use the syslog, because anything else would require either having a world-writeable log file (rather pointless for this task) or a new setuid/setgid program (bad idea). I can't help thinking you're trying to solve the wrong problem. What happens if somebody uses the unlink() system call, or if somebody just truncates a file to zero length? You can't log everything unless you want to hack the kernel and have a great deal of time to analyse log files. -- Colin Watson [EMAIL PROTECTED]
Re: rm logging
At 2001-11-30T14:13:05Z, DE SMAELE Kim (BMB) [EMAIL PROTECTED] writes: I am trying to setup an remove logging on a few of our sun E10K development servers. You're running Debian GNU/Linux on an E10K? Not that there's anything wrong with that, but I thought that would be pretty unusual. Is there any one of you who has an idea howto log every rm command ( not in the syslog or with the sysdaemon if possible ). What are you trying to accomplish? Do you want to individually record each and every file that gets deleted, by all programs and users, transparently throughout the entire system? Or do you just want a history of all the times you typed 'rm'? Your answer will greatly influence the responses you get. DISCLAIMER This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. This notice is a little bit goofy when attached to an email to a public mailing list with world-viewable web archives. -- Kirk Strauser
Re: logging out users
did you try to ps x process and kill -TERM the right bash/sh/csh/whatever pid ? - Original Message - From: Karsten M. Self kmself@ix.netcom.com To: debian-user debian-user@lists.debian.org Sent: Thursday, November 22, 2001 2:21 AM Subject: Re: logging out users
Re: logging out users
on Tue, Nov 20, 2001 at 10:05:21AM -0800, Richard Weil ([EMAIL PROTECTED]) wrote: How do you logout leftover sessions? For example, I ssh'd into my debian box, the connection went down because of line problems, and when I log back in the old session is still there. I don't know how to kill it. This happened a couple of times, so in one case I killed the the ssh pid thinking that would take care of it, but now I have an orphaned login. Any help is appreciated. Thanks. $ apt-cache show idled -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html pgpRYBtMj6HCo.pgp Description: PGP signature
logging out users
How do you logout leftover sessions? For example, I ssh'd into my debian box, the connection went down because of line problems, and when I log back in the old session is still there. I don't know how to kill it. This happened a couple of times, so in one case I killed the the ssh pid thinking that would take care of it, but now I have an orphaned login. Any help is appreciated. Thanks. Richard __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
Re: logging out users
On Tue, Nov 20, 2001 at 10:05:21AM -0800, Richard Weil wrote: How do you logout leftover sessions? For example, I ssh'd into my debian box, the connection went down because of line problems, and when I log back in the old session is still there. I don't know how to kill it. This happened a couple of times, so in one case I killed the the ssh pid thinking that would take care of it, but now I have an orphaned login. Any help is appreciated. Thanks. Kill the bash process instead. Once that's gone, ssh will automatically exit also. -- When we reduce our own liberties to stop terrorism, the terrorists have already won. - reverius Innocence is no protection when governments go bad. - Mr. Slippery
Re: logging out users
How do you logout leftover sessions? For example, I ssh'd into my debian box, the connection went down because of line problems, and when I log back in the old session is still there. I don't know how to kill it. This happened a couple of times, so in one case I killed the the ssh pid thinking that would take care of it, but now I have an orphaned login. Any help is appreciated. Thanks. If it's only broken off ssh sessions you want to clean out, set the server to send keep-alive-pings (man sshd) and don't forget to adjust the client ssh to answer to them. Look in man sshd for KeepAlive... Then, if the server doesn't get answers from the client it disconnects automagically. If you want to kill leftover processes: on redhat sun 'kill -9 -1' always worked. It just tries to kill off about every process (but it only succeeds for those belonging to you ofcourse) For some reason kill -9 -1 doesn't work on debian. I use /usr/sbin/slay another user with slay in punish-mode, does about the same thing you don't have to lookup ps-numbers... Dries
apache upgrade stops logging
Yesterday I upgraded apache to the testing 1.3.22-2 and entries are no longer being made to the access.log. The other logs (error, agent, and referrer) are still being written to. Doing a diff on the old/new httpd.conf and srm.conf files reveals no changes relating to logging. How do I get my access logging back? -- Why do we go around killing people who kill people in order to show to the world that it is wrong to kill people? Rick Pasotto[EMAIL PROTECTED]http://www.niof.net
Re: Logging de ftp y telnet
Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:29:33(+0100): Nada es nada. Sigue grabando :) Ajá, ya sabía yo que no podía ser tan fácil :^). -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgp3jOOQCUvuJ.pgp Description: PGP signature
Re: Logging de ftp y telnet
David Serrano dijo: O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no grabe lo que hago :^). ¿Es tan sencillo? jeje. Yo uso Snoopy, http://sourceforge.net/project/?group_id=2091 Snoopy is designed to aid the taks of a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications it hooks in as a library providing a wrapper around calls to execve() calls. Logging is done via syslogd and written to authpriv allowing secure offsite logging of activity, generally the authpriv is stored as /var/log/auth.log. Ejemplo de la salida: [EMAIL PROTECTED]tail -f /var/log/auth.log nov 8 11:46:14 onix snoopy[8399]: [amaya, uid:1000 sid:7614]: vi ChangeLog nov 8 11:47:17 onix snoopy[8400]: [amaya, uid:1000 sid:7614]: su - Nov 8 11:47:19 onix su[8400]: + pts/1 amaya-root nov 8 11:47:19 onix PAM_unix[8400]: (su) session opened for user root by amaya(uid=1000) nov 8 11:47:19 onix snoopy[8400]: [amaya, uid:0 sid:7614]: -su Nov 8 11:47:19 onix snoopy[8401]: [amaya, uid:0 sid:7614]: fortune -a Nov 8 11:47:20 onix snoopy[8402]: [amaya, uid:0 sid:7614]: tty -s Nov 8 11:47:20 onix snoopy[8403]: [amaya, uid:0 sid:7614]: stty cs8 -istrip -parenb Nov 8 11:47:20 onix snoopy[8405]: [amaya, uid:0 sid:7614]: /usr/bin/dircolors Nov 8 11:47:27 onix snoopy[8407]: [amaya, uid:0 sid:7614]: tail -f /var/log/auth.log nov 8 11:47:42 onix snoopy[8409]: [(null), uid:1000 sid:8409]: gnome-terminal --use-factory --start-factory-server nov 8 11:47:43 onix snoopy[8413]: [amaya, uid:1000 sid:8412]: fortune -a nov 8 11:47:43 onix snoopy[8414]: [amaya, uid:1000 sid:8412]: tty -s nov 8 11:47:43 onix snoopy[8415]: [amaya, uid:1000 sid:8412]: stty cs8 -istrip -parenb nov 8 11:47:43 onix snoopy[8417]: [amaya, uid:1000 sid:8412]: /usr/bin/dircolors nov 8 11:47:49 onix snoopy[8418]: [amaya, uid:1000 sid:8412]: ls -F -p -N --color=auto Sumado a logcolorize, es fácil detectar actividad sospechosa. Va de vicio, pero los logs suben de tamaño que da gusto :-) -- Open your mind, and your ass will follow- Michael Balzary, aka Flea, RHCP Amaya Rodrigo Sastre www.andago.com Sta Engracia, 54 28010 Madrid BOFH-dev CVS Evangelist Tfn: 912041124Fax: 91204 Listening to: %s
Re: Logging de ftp y telnet
Nada es nada. Sigue grabando :) Javi Wed, Nov 07, 2001 at 10:18:01PM +0100, Hue-Bond wrote: Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:45:42(+0100): Thanks. Comprobado, typescript no hace nada: No entiendo. ¿Deja de grabar la sesión? ¿O la sesión termina? -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069
Re: Logging de ftp y telnet
On Tue, Nov 06, 2001 at 10:03:52PM +0100, Hue-Bond wrote: Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:37:43(+0100): Script no se detiene (parece). Pero me podeis decir cómo enviar el ctrl+D con un echo? No lo consigo... Thanks. Comprobado, typescript no hace nada: $ script Script iniciado; el archivo es typescript jfs$ echo -n ^D jfs$ Use exit to leave the shell. -- aqui pulso Ctrl+D jfs$ Script terminado; el archivo es typescript -- idem Javi
Re: Logging de ftp y telnet
Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:45:42(+0100): Thanks. Comprobado, typescript no hace nada: No entiendo. ¿Deja de grabar la sesión? ¿O la sesión termina? -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgpkbpLNJvZkL.pgp Description: PGP signature
Re: Logging de ftp y telnet
Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:58:57(+0100): Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) Por supuesto, el .profile no lo debe poder editar. Cosas como estas se comentaron en bugtraq (o vuln-dev... para el caso es lo mismo). La conclusión final fue que no tiene sentido tocar en el $HOME de un usuario porque éste siempre tiene permiso de escritura sobre el directorio, lo que le permite borrar archivos aunque no sean suyos. Se me ocurre crear un $HOME/otro-directorio donde el usuario sí tenga permiso de escritura y cambiar el propietario de $HOME a root. Entonces el usuario sí que no podría tocar nada. Y si quieres ser totalmente paranoico, coges las fuentes de bash, la editas para hacer una bash que copie todo lo que teclee el usuario a un fichero y se la pones como shell Esto sí que me convence. Y asegurarse de que no hay más shells en el sistema (ni el usuario puede llevarse una por correo). -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgpVrl9BjkYbd.pgp Description: PGP signature
Re: Logging de ftp y telnet
Francisco Callejo, [EMAIL PROTECTED]:17:35(+0100): El sábado, 3 de noviembre de 2001, Hue-Bond escribió: Es un programa. Cuando se ejecuta, graba toda la sesión en un fichero (por omisión `typescript') hasta que se pulsa Control-D o encuentra un final de fichero. O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no grabe lo que hago :^). ¿Es tan sencillo? jeje. Con echo ^D no se cierra la sesión, sólo pulsando Control-D directamente. Pero casualmente ^D es una marca de final de archivo. Si el programa se detiene al verla... [EMAIL PROTECTED] -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgp7t4qyPNdyl.pgp Description: PGP signature
Re: Logging de ftp y telnet
En mar, 2001-11-06 a 16:21, Hue-Bond escribi? Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:58:57(+0100): Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) Por supuesto, el .profile no lo debe poder editar. Cosas como estas se comentaron en bugtraq (o vuln-dev... para el caso es lo mismo). La conclusión final fue que no tiene sentido tocar en el $HOME de un usuario porque éste siempre tiene permiso de escritura sobre el directorio, lo que le permite borrar archivos aunque no sean suyos. Se me ocurre crear un $HOME/otro-directorio donde el usuario sí tenga permiso de escritura y cambiar el propietario de $HOME a root. Entonces el usuario sí que no podría tocar nada. Para eso existe acct (accton,acctof) etc, que guardan auditoria de lo que hace un usuario. Las soluciones basadas en el restringir lo que reside en $HOME son artesanales y nunca van a llegar a buen fin, mas que ganar el odio de un usuario molesto. -- German Poo Caaman~o mailto:[EMAIL PROTECTED] http://www.ubiobio.cl/~gpoo/chilelindo.html
Re: Logging de ftp y telnet
On Tue, Nov 06, 2001 at 08:21:38PM +0100, Hue-Bond wrote: Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:58:57(+0100): Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) Por supuesto, el .profile no lo debe poder editar. Cosas como estas se comentaron en bugtraq (o vuln-dev... para el caso es lo mismo). La conclusión final fue que no tiene sentido tocar en el $HOME de un usuario porque éste siempre tiene permiso de escritura sobre el directorio, lo que le permite borrar archivos aunque no sean suyos. Se me ocurre crear un $HOME/otro-directorio donde el usuario sí tenga permiso de escritura y cambiar el propietario de $HOME a root. Entonces el usuario sí que no podría tocar nada. Sip. Tienes razón eso mismo he enviado en un correo hace 1 min. :) Y si quieres ser totalmente paranoico, coges las fuentes de bash, la editas para hacer una bash que copie todo lo que teclee el usuario a un fichero y se la pones como shell Esto sí que me convence. Y asegurarse de que no hay más shells en el sistema (ni el usuario puede llevarse una por correo). Sip. Pero aunque ejecute una bash dentro de una bash la captura del teclado debería funcionar (creo). Javi
Re: Logging de ftp y telnet
On Tue, Nov 06, 2001 at 04:34:08PM -0300, German Poo Caaman~o wrote: En mar, 2001-11-06 a 16:21, Hue-Bond escribi? Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:58:57(+0100): Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) Por supuesto, el .profile no lo debe poder editar. Cosas como estas se comentaron en bugtraq (o vuln-dev... para el caso es lo mismo). La conclusión final fue que no tiene sentido tocar en el $HOME de un usuario porque éste siempre tiene permiso de escritura sobre el directorio, lo que le permite borrar archivos aunque no sean suyos. Se me ocurre crear un $HOME/otro-directorio donde el usuario sí tenga permiso de escritura y cambiar el propietario de $HOME a root. Entonces el usuario sí que no podría tocar nada. Para eso existe acct (accton,acctof) etc, que guardan auditoria de lo que hace un usuario. Las soluciones basadas en el restringir lo que reside en $HOME son artesanales y nunca van a llegar a buen fin, mas que ganar el odio de un usuario molesto. Ummm... qué hay del uso de capabilities en el kernel? A alguien se le ocurre si se podría utilizar? En cualquier caso yo me planteaba *solo* el caso que se proponía: una persona de sistemas que tiene que entrar a tu sistema a hacer mantenimiento. Evidentemente no lo proponía como solución general. Javi
Re: Logging de ftp y telnet
Script no se detiene (parece). Pero me podeis decir cómo enviar el ctrl+D con un echo? No lo consigo... De todas formas si lo tiene como shell y se sale del sistema. Saludos Javi On Tue, Nov 06, 2001 at 08:23:00PM +0100, Hue-Bond wrote: O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no grabe lo que hago :^). ¿Es tan sencillo? jeje. Con echo ^D no se cierra la sesión, sólo pulsando Control-D directamente. Pero casualmente ^D es una marca de final de archivo. Si el programa se detiene al verla... [EMAIL PROTECTED] -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069
Re: Logging de ftp y telnet
Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:31:25(+0100): Se me ocurre crear un $HOME/otro-directorio donde el usuario sí tenga permiso de escritura y cambiar el propietario de $HOME a root. Entonces el usuario sí que no podría tocar nada. Sip. Tienes razón eso mismo he enviado en un correo hace 1 min. :) Leyéndote ahora me viene a la mente nuestro amigo chattr y creo que usarlo sería más elegante que crear un directorio bajo $HOME. -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgpkvJKWZ4rNv.pgp Description: PGP signature
Re: Logging de ftp y telnet
Javier Fdz-Sanguino Pen~a, [EMAIL PROTECTED]:37:43(+0100): Script no se detiene (parece). Pero me podeis decir cómo enviar el ctrl+D con un echo? No lo consigo... echoespacioguiónnespacioctrl+vctrl+denter Y la desmostración: $ echo -n ^D | hexdump 000 0004 001 $ _ ¿Se puede hacer que hexdump muestre los bytes al derecho? El man me inspira algo parecido al miedo... ;^). -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgpyVAVqRIEYQ.pgp Description: PGP signature
Re: Logging de ftp y telnet
El Mar 06 Nov 2001 20:37, Javier Fdz-Sanguino Pen~a escribió: Script no se detiene (parece). Pero me podeis decir cómo enviar el ctrl+D con un echo? No lo consigo... $echo -n ^D El ^D se consigue pulsando Ctrl+V y a continuación Ctrl+D. La combinación Ctrl+V hace que el shell ponga el siguiente carácter en la línea de comandos, en lugar de interpretarlo directamente. Ten en cuenta que ^D no es imprimible, por lo que con la línea anterior no verás nada. Pero si lo rediriges a un fichero, verás que el carácter está ahí. También funciona con: $echo -ne \004 Saludos, -- Antonio Luque Estepa Escuela Superior de Ingenieros de Sevilla [EMAIL PROTECTED] http://woody.us.es/~aluque
Re: Logging de ftp y telnet
En mar, 2001-11-06 a 18:06, Antonio Luque Estepa escribi? El Mar 06 Nov 2001 20:37, Javier Fdz-Sanguino Pen~a escribió: Script no se detiene (parece). Pero me podeis decir cómo enviar el ctrl+D con un echo? No lo consigo... $echo -n ^D El ^D se consigue pulsando Ctrl+V y a continuación Ctrl+D. La combinación Ctrl+V hace que el shell ponga el siguiente carácter en la línea de comandos, en lugar de interpretarlo directamente. Si la idea es realizar un logout despues del script, lo mejor es utilizar 'exec script'. -- German Poo Caaman~o mailto:[EMAIL PROTECTED] http://www.ubiobio.cl/~gpoo/chilelindo.html
Re: Logging de ftp y telnet
German Poo Caaman~o, [EMAIL PROTECTED]:18:35(-0300): Si la idea es realizar un logout despues del script, lo mejor es utilizar 'exec script'. La idea es hacer que el programa script deje de realizar su trabajo antes de lo que debería ;^). [EMAIL PROTECTED] -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgpb74HobRg4r.pgp Description: PGP signature
Re: Logging de ftp y telnet
On Fri, Nov 02, 2001 at 10:52:59AM +0100, Josep wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Ya te han dicho que ttysnoop te permitirá obtener la información de telnet *y* ssh (porque al final abre un tty :) Sobre ftp: puedes poner el servidor en modo de máxima depuración de forma que guarde en los logs todas las operaciones realizadas por todos los usuarios (CDs, GET, USER...) Si quieres mantenerle en un entorno restringido vía telnet, prueba rbash. Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) y le pones un .profile que no le permita reducir el número de comandos a 0 (variable HISTSIZE) ni indicar otro fichero de historia (HISTFILE) ni reducir el tamaño (HISTFILESIZE), puedes hacer esto con HISTFILE=/home/XXX/.bash_history HISTSIZE=10 HISTFILESIZE=1 set -o HISTFILE set -o HISTSIZE set -o HISTFILESIZE export HISTFILE HISTSIZE HISTFILESIZE Por supuesto, el .profile no lo debe poder editar. Y si quieres ser totalmente paranoico, coges las fuentes de bash, la editas para hacer una bash que copie todo lo que teclee el usuario a un fichero y se la pones como shell (algo parecido a 'script' pero creo que no puedes ponerle 'script' de shell ni aún poniendolo en /etc/shells, aunque tendría que probarlo) Javi
Re: Logging de ftp y telnet
El lun, 05 de nov de 2001, a las 12:58:57 +0100, Javier Fdz-Sanguino Pen~a comento ... Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Si quieres mantenerle en un entorno restringido vía telnet, prueba rbash. Si quieres ver qué comandos ejecuta y utiliza una bash asegurate de que le pones un .bash_history que no pueda borrar (pero sí escribir) Hola, solamente queria preguntar como se puede hacer eso. Poner un .bash_history que no se pueda borrar pero si escribir... Se podria poner como propietario al root y luego configurar el permiso de others que admita w Ahora mismo no caigo ... y le pones un .profile que no le permita reducir el número de comandos a 0 (variable HISTSIZE) ni indicar otro fichero de historia (HISTFILE) ni reducir el tamaño (HISTFILESIZE), puedes hacer esto con HISTFILE=/home/XXX/.bash_history HISTSIZE=10 HISTFILESIZE=1 set -o HISTFILE set -o HISTSIZE set -o HISTFILESIZE export HISTFILE HISTSIZE HISTFILESIZE Pero las variables HIST* se le puede cambiar el valor, no??? basta que haga 'export HISTSIZE=0' no se ... debo estar torpe. No se como hacerlo ... dios -- Baltasar Perez (aka 'ponto') | ETSIT - ULPGC Powered by Debian GNU/Linux Woody (Nucleo 2.4.9 con ReiserFS) Linux user: #198228; Machine: #112080; Libranet: #84615 GnuPG: pub 1024D/3C9FACE7 fingerprint = 22E9 8141 658F A9C1 7782 A667 B694 28AC 3C9F ACE7 00:34:07 up 4 days, 15:46, 2 users, load average: 0.01, 0.01, 0.00
Re: Logging de ftp y telnet
# apt-get install ttysnoop Alguien te recomendo esto, es lo mejor para esta situacion. No solo podrás ver que esta haciendo el técnico sino que podes interactuar con el a través del teclado. Es un producto impresionante y en debian esta muy bien documentado...y es muuuy simple...RECOMENDADO Fernando - Original Message - From: Josep [EMAIL PROTECTED] To: debian-user-spanish@lists.debian.org Sent: Friday, November 02, 2001 6:52 AM Subject: Logging de ftp y telnet -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Gracias por adelantado. - --- Josep Sànchez i Mesegué +---+ |Transports Pujol i Pujol, S.L. ! |Camí del Papalús, S/N ! |17310 Lloret de Mar! |Girona ! |Telf: 972-365157 | |Fax.: 972-370918 | +---+ -BEGIN PGP SIGNATURE- Version: PGP 6.0.2i iQA/AwUBO+Je5H4FqwI4gmL6EQLUngCg3ptBHq2AMnwJwuRMklde2RJC/XcAn1fQ hZX0G4acE2vkaHAdC9b6D4hA =Zc7c -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Logging de ftp y telnet
Francisco Callejo, [EMAIL PROTECTED]:59:10(+0100): Es un programa. Cuando se ejecuta, graba toda la sesión en un fichero (por omisión `typescript') hasta que se pulsa Control-D o encuentra un final de fichero. O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no grabe lo que hago :^). ¿Es tan sencillo? jeje. [EMAIL PROTECTED] -- David Serrano [EMAIL PROTECTED] - Linux Registered User #87069 pgprX5T4Ty19t.pgp Description: PGP signature
Re: Logging de ftp y telnet
El sábado, 3 de noviembre de 2001, Hue-Bond escribió: Es un programa. Cuando se ejecuta, graba toda la sesión en un fichero (por omisión `typescript') hasta que se pulsa Control-D o encuentra un final de fichero. O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no grabe lo que hago :^). ¿Es tan sencillo? jeje. Con echo ^D no se cierra la sesión, sólo pulsando Control-D directamente. -- Francisco Callejo Giménez [EMAIL PROTECTED]
Logging de ftp y telnet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Gracias por adelantado. - --- Josep Sànchez i Mesegué +---+ |Transports Pujol i Pujol, S.L. ! |Camí del Papalús, S/N ! |17310 Lloret de Mar! |Girona ! |Telf: 972-365157 | |Fax.: 972-370918 | +---+ -BEGIN PGP SIGNATURE- Version: PGP 6.0.2i iQA/AwUBO+Je5H4FqwI4gmL6EQLUngCg3ptBHq2AMnwJwuRMklde2RJC/XcAn1fQ hZX0G4acE2vkaHAdC9b6D4hA =Zc7c -END PGP SIGNATURE-
Re: Logging de ftp y telnet
El Fri, Nov 02, 2001 at 10:52:59AM +0100, Josep dijo: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Necesitas instalar el paquete : ttysnoop - TTY Snoop - allows you to spy on telnet+serial connections Salu2, Miguel. -- By doing just a little every day, you can gradually let the task completely overwhelm you. Powered by Debian GNU/LiNUX sid - Kernel 2.4.13
Re: Logging de ftp y telnet
On Fri, 2 Nov 2001, Josep wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Gracias por adelantado. Yo para eso uso 'script' Un saludo Antonio Castro +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ /\ /\ Ciberdroide Informática (Tienda de Linux) \\W// http://www.ciberdroide.com _|0 0|_ +-oOOO--(___o___)--OOOo+ | . . . . U U . . . . Antonio Castro Snurmacher [EMAIL PROTECTED] | | . . . . . . . . . . | +()()()--()()()+ | *** 1.700 sitios clasificados por temas sobre Linux en ***Donde_Linux*** | | http://www.ciberdroide.com/misc/donde/dondelinux.html | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Re[2]: Logging de ftp y telnet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hola Antonio, En fecha Friday, November 02, 2001, 4:37:55 PM, escribió: Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Gracias por adelantado. AC Yo para eso uso 'script' Fale...:-) y para quién no sepa (aún) hacer scripts...??? o es que 'script' es un programa ya hecho pa eso en concreto??? (siento la supina ignorancia...) - -- Saludos, papapepmailto:[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGP 6.0.2i iQA/AwUBO+LJCn4FqwI4gmL6EQJ22wCcDL7VZ4LmOb/d5efbGjR3MiWA+EMAn0Cl mh5+Z5LDloySlUMkjA0yhgeM =ASxY -END PGP SIGNATURE-
Re: Logging de ftp y telnet
Supongo que te refieres a que alguien se conecta desde algún sitio a tu máquina. En ese caso si es por ssh, olvídate (por lo menos no se me ocurre nada), oblígale a que entre por telnet (sin SSL) y trata de capturar los paquetes con ethereal (modo gráfico) o tcpdump, poniendo la interfaz por la que entra en modo promiscuo. Haz pruebas antes. Saludos. - Original Message - From: Josep [EMAIL PROTECTED] To: debian-user-spanish@lists.debian.org Sent: Friday, November 02, 2001 10:52 AM Subject: Logging de ftp y telnet -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per: debian-user-spanish, Como se puede crear un log de toda una sesión ftp o telnet remota (incluso hecha con ssh)? Se debe hacer algo especial o eso ya queda registrado por defecto? Es que un técnico debe conectarse a nuestro servidor, y me gustaria conservar el rastro de lo que ha hecho. Gracias por adelantado. - --- Josep Sànchez i Mesegué +---+ |Transports Pujol i Pujol, S.L. ! |Camí del Papalús, S/N ! |17310 Lloret de Mar! |Girona ! |Telf: 972-365157 | |Fax.: 972-370918 | +---+ -BEGIN PGP SIGNATURE- Version: PGP 6.0.2i iQA/AwUBO+Je5H4FqwI4gmL6EQLUngCg3ptBHq2AMnwJwuRMklde2RJC/XcAn1fQ hZX0G4acE2vkaHAdC9b6D4hA =Zc7c -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Logging URLs?
Hi all, Not sure if I've got the right lists here, but here goes. I need to log all URLs that people go to in the company. We have a hardware firewall/router which I can configure to only accept from the Potato box on my desk. I was thinking of pointing all the (MS-based) machines towards the Debian box as a gateway and forwarding all requests on to the firewall/router. What package should I use to log the URLs and forward requests on? I'd prefer something I can install with a simple 'apt-get install '. TIA Andy Laurence IT Support Engineer Midwest Technologies Ltd. +44 (0) 1249 455 200
Re: Logging URLs?
On Mon, Oct 22, 2001 at 12:35:06PM +0100, Andrew Laurence wrote: Hi all, Not sure if I've got the right lists here, but here goes. I need to log all URLs that people go to in the company. We have a hardware firewall/router which I can configure to only accept from the Potato box on my desk. I'd say squid would be your friend in this matter read the documentation thoroughly though, it's not just apt-get install , fire up squid, start using, it takes some tweaking -- Yours Digitally, Tommi Jensen ^ /e\There is no conspiracy --- pgpNuC4tL9rsg.pgp Description: PGP signature
Re: Logging URLs?
On Mon, 22 Oct 2001, Tommi Jensen wrote: (snip) I'd say squid would be your friend in this matter (snip) Absolutely. In fact, if your users' browser caches are mounted over NFS or something, then sometimes you can save network bandwidth by using squid and disabling all their caches, making squid effectively a common cache for everyone instead of people duplicating things in their individual caches. Just a thought. -- Mark
logging Firewall traffic
Hi, I have 2 nics in my server with ipmasq installed. I would like to have some kind of information of how much data is passing through the firewall. I use squid for Internet access, and so I can use squid's logs to view web browsing, but it doesn't really tell me how much data went through, at what times, etc. Is there such a package out there that can monitor data travelling through your server? Thanks for your help!! Cheers, Mike
Re: logging Firewall traffic
I use ippl to track network traffic. I've never configured it to track things like NAT usage, or anything complex. However, by combining some carefully chosen ipchains with the -l option with ippl, you should be able to log most anything. http://pltplp.net/ippl/ http://packages.debian.org/stable/net/ippl.html On Thu, Oct 18, 2001 at 09:18:35AM -0700, Mike Egglestone wrote: Hi, I have 2 nics in my server with ipmasq installed. I would like to have some kind of information of how much data is passing through the firewall. I use squid for Internet access, and so I can use squid's logs to view web browsing, but it doesn't really tell me how much data went through, at what times, etc. Is there such a package out there that can monitor data travelling through your server? Thanks for your help!! Cheers, Mike
rsync logging and permission problems
Dear People, I am taking the liberty of asking this here though it is not strictly about Debian, but I know very many Debian people do use rsync. I have just started using rsync for backups. I have had a couple of issues. Note I'm trying to use rsync as user using ssh between two machines both running Debian GNU/Linux potato (2.2r3). The local machine is currently running 2.4.6-1 and the remote 2.3.2-1.2. 1) When I run rsync with the vv option, stuff scrolls of my screen faster than I can read it. I was wondering if there is a logging option I could use. I didn't see it in the documentation. I can use something like rsync -avvz -e ssh localdir/ remotemachine:remotedir/ 21 | less to look at the output, piping both standard output and standard error to less. However, I'm puzzled why lines like Mail/190 is uptodate are sent to standard error. Surely they should be sent to standard output? 2) I am trying to copy the file /var/spool/mail/faheem on the local machine to /var/spool/mail/faheem on the remote machine. The problem is that only the file on the remote machine (but not the directory) is owned by me. rsync first tries to write some other file to /var/spool/mail but can't. I then used --temp-dir=/tmp and rsync stopped complaining about not being able to write to /var/spool/mail. However, it still does not seem able to write the file correctly to the remote machine (I get error messages like :rename /tmp/.faheem.Tb4wnj - /var/spool/mail/faheem : Permission denied). I don't understand why this is happening, though. Can anyone make suggestions about what to do? I would prefer not to run rsync as root on the remote machine. In any case, I tried to do so and could not, perhaps because Debian does not allow remote logins as root by default. Please cc any reply to me; I'm not on the mailing list. Thanks in advance. Sincerely, Faheem Mitha.
Snort with postgres logging
Hi, i know there ist a snort-mysql package, but is there an snort-pgsql package to? Or did i overlook s.th.? I want to install snort an my firewall, but didn't want the logging to be done on that box but on an box with postgres installed (7.1 on potato). And i don't want both db on that machine (political reason :). Can anybody help? Thanks in advance, aer -- [ampersand online agentur] [andreas rabus] [programmierung] theresienstraße 29 / IV 80333 münchen tel 0 89 - 28 67 72 - 27 fax 0 89 - 28 67 72 - 21 [EMAIL PROTECTED] http://www.ampersand.de
Re: Snort with postgres logging
servus, I want to install snort an my firewall, but didn't want the logging to be done on that box but on an box with postgres installed (7.1 on potato). And i don't want both db on that machine (political reason :). by the changelog on woody, mfr added that support on 2000-07-06: * New output plugins cover all old logging and alerting options * New output plugin now logs to MySQL, PostgreSQL, unixODBC databases this is snort version 1.7-9 martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- because light travels faster than sound, some people appear to be intelligent, until you hear them speak. pgpNtUKfFhCxL.pgp Description: PGP signature
Logging
After installing potato and running fine for several days, all logging has stopped. Is there a common cause for this? The machine has: base C/C++ Development sendmail procmail logcheck imapd ipop3d -- Christopher Maujean IT Director Premierelink Communications www.premierelink.com [EMAIL PROTECTED] PLEASE encrypt all sensitive information using the following: GnuPG: 0x5DE74D38 Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x5DE74D38
Re: Logging
on Mon, Aug 20, 2001 at 03:40:10PM -0700, Christopher Maujean ([EMAIL PROTECTED]) wrote: After installing potato and running fine for several days, all logging has stopped. Is there a common cause for this? Are your logging daemons running? To check: $ ps aux | grep [l]ogd To (re)start: $ /etc/init.d/klogd restart $ /etc/init.d/sysklogd restart Cheers. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org Free Dmitry! Boycott Adobe! Repeal the DMCA!http://www.freesklyarov.org Geek for Hirehttp://kmself.home.netcom.com/resume.html pgpJSnrRsIooE.pgp Description: PGP signature
Re: Logging
Yes they are. any other ideas? (I have a gig free in /var so thats not it.) On Mon, Aug 20, 2001 at 04:27:48PM -0700, Karsten M. Self wrote: on Mon, Aug 20, 2001 at 03:40:10PM -0700, Christopher Maujean ([EMAIL PROTECTED]) wrote: After installing potato and running fine for several days, all logging has stopped. Is there a common cause for this? Are your logging daemons running? To check: $ ps aux | grep [l]ogd To (re)start: $ /etc/init.d/klogd restart $ /etc/init.d/sysklogd restart Cheers. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org Free Dmitry! Boycott Adobe! Repeal the DMCA!http://www.freesklyarov.org Geek for Hirehttp://kmself.home.netcom.com/resume.html -- Christopher Maujean IT Director Premierelink Communications www.premierelink.com [EMAIL PROTECTED] PLEASE encrypt all sensitive information using the following: GnuPG: 0x5DE74D38 Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x5DE74D38
Re: Logging
Doh! In my initial system lockdown run (/etc/inetd.conf, /etc/securetty, etc) I inadvertantly shut off syslog in /etc/services. its all better now. --Christopher On Mon, Aug 20, 2001 at 03:40:10PM -0700, Christopher Maujean wrote: After installing potato and running fine for several days, all logging has stopped. Is there a common cause for this? The machine has: base C/C++ Development sendmail procmail logcheck imapd ipop3d -- Christopher Maujean IT Director Premierelink Communications www.premierelink.com [EMAIL PROTECTED] PLEASE encrypt all sensitive information using the following: GnuPG: 0x5DE74D38 Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x5DE74D38 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Christopher Maujean IT Director Premierelink Communications www.premierelink.com [EMAIL PROTECTED] PLEASE encrypt all sensitive information using the following: GnuPG: 0x5DE74D38 Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x5DE74D38
ipchains and logging to the console
Hi fellow debs Short and simple question: How can ipchains be told not to log to /dev/console? It can get quite annoying when your terminal gets all messed up with packet logs ... Cheers! Sven -- Powered by Debian GNU/Linux
Logging packets -- sysklogd / klogd / iptables
OK, I'm going crazy here trying to get iptables to log packets to a file called /var/log/kern.info. I've got these rules at the beginning of my chains: iptables -A INPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \ -j LOG --log-level info --log-prefix 'INPUT packet ' \ --log-tcp-options --log-ip-options iptables -A OUTPUT --source 0.0.0.0/0 --destination 0.0.0.0/0 \ -j LOG --log-level info --log-prefix 'OUTPUT packet ' \ --log-tcp-options --log-ip-options And this line in my /etc/syslog.conf: kern.=info -/var/log/kern.info But /var/log/kern.info is empty: -rw-r-1 root adm0 Jul 30 10:04 /var/log/kern.info I've stopped and started /etc/init.d/sysklogd and /etc/init.d/klogd multiple times (and in various orders), as well as re-running iptables. I've also tried deleting /var/log/kern.info, changing it's ownership and permissions, and all combinations of these things. But still the file remains empty. I know the configuration files are correct, because I got it working earlier, and iptables is logging stuff to wherever 'dmesg' reads from. But ever since I decided to clear /var/log/kern.info by deleting it and touching it, I can't get sysklogd to put stuff into the file. What am I missing? And what is the right procedure to clear a log without causing sysklogd / klogd to choke? Thanks, Chris -- Christopher S. Swingley 930 Koyukuk Drive System / Network ManagerUniversity of Alaska Fairbanks IARC -- Frontier ProgramFairbanks, AK 99775 phone: 907-474-2689 fax: 907-474-2643 email: [EMAIL PROTECTED]GNUPG and PGP2 keys at my web site web: http://www.frontier.iarc.uaf.edu/~cswingle pgpg5CObSTjcs.pgp Description: PGP signature
Re: Logging packets -- sysklogd / klogd / iptables
Quoting Christopher S. Swingley [EMAIL PROTECTED]: OK, I'm going crazy here trying to get iptables to log packets to a file called /var/log/kern.info. snip What am I missing? And what is the right procedure to clear a log without causing sysklogd / klogd to choke? I spent another hour trying to get this to work. Here's what did work: * stop sysklogd and klogd * delete the log file * start sysklogd and klogd * stop sysklogd and klogd * chown root:adm, chmod 640 log file * start sysklogd and klogd I'm not sure which of these steps are strictly necessary, but I finally have it working now. . . Chris -- Christopher S. Swingley 930 Koyukuk Drive System / Network ManagerUniversity of Alaska Fairbanks IARC -- Frontier ProgramFairbanks, AK 99775 phone: 907-474-2689 fax: 907-474-2643 email: [EMAIL PROTECTED]GNUPG and PGP2 keys at my web site web: http://www.frontier.iarc.uaf.edu/~cswingle pgpG12T4uHlLU.pgp Description: PGP signature
Question about ipchains logging with syslog
Hello all, I am using ipchains on my pc and i'm logging all denied packets via syslog with kern.* in the syslog.conf. My problem now is that i get a lot of other messages too. I want to log only the denied packets in a separate logfile. Has anyone an idea how i could do this? Thanks a lot! Greetings, Matthias -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a
Re: Question about ipchains logging with syslog
Hello Jost, i've read the man page, but this doesn't help me. I tried to use different logging levels for the kern facility, but i don't had had any succes in filtering the ipchains output sole in the file. But thanks for your reply. Bye, Matthias 11.07.2001 19:16:19, [EMAIL PROTECTED] (Joost Kooij) wrote: On Wed, Jul 11, 2001 at 03:56:27PM +0200, [EMAIL PROTECTED] wrote: I am using ipchains on my pc and i'm logging all denied packets via syslog with kern.* in the syslog.conf. My problem now is that i get a lot of other messages too. I want to log only the denied packets in a separate logfile. Has anyone an idea how i could do this? man syslogd.conf GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a Don't advertise on the debian lists! Cheers, Joost
Re: Question about ipchains logging with syslog
On Wed, Jul 11, 2001 at 11:39:35PM +0200, Matthias Pitzl wrote: Hello Jost, i've read the man page, but this doesn't help me. I tried to use different logging levels for the kern facility, but i don't had had any succes in filtering the ipchains output sole in the file. But thanks for your reply. Alas, you can only let syslogd filter on service and loglevel. You'll have to add an extra command to the utility that rotates the logfiles from cron. After rotating the logs, grep the just archived log for denied packet loggings and output this to a file of your choice. Look at /etc/cron.daily/sysklogd Cheers, Joost
Re: Logging Init output?
On Sat, Jun 23, 2001 at 12:06:27AM +0200, Joost Kooij wrote: On Fri, Jun 22, 2001 at 10:52:03PM +0200, Mart van de Wege wrote: I was actually being ironic when I mentioned my 'scant' knowledge. At That's okay, because there are many subscribers to debian-user and some of them appreciate an answer that does more than reply to strictly the question asked. That way, just by reading posts by others, I learnt a lot myself and I enjoyed it. When I post, people can correct me if I'm wrong about something, which is good because people tend to be a lot more forgiving than computers. least I am happy to report that I know how init works, but I am still a little wary of fooling with shell scripting of any sort. Funny thing is that I *do* understand moderately complex Perl a lot better. Am I weird or not? Yes, definately. Just go and bash ahead at those shell scripts. What can go really wrong here? Just don't do it on your company's database server. Wait, did you mention weird? ;-) /lurk okay, here's another thought-- # apt-get install bsdutils # cd /etc/init.d # mv rc rc.real # touch rc # chmod +x rc # vi rc and in the new rc, put something like #!/bin/sh script /etc/init.d/rc.startup.LOG EOF /etc/init.d/rc.real $@ EOF echo Remember to look at /etc/init.d/rc.startup.LOG, okay? and then when you're through with all that nonsense, do # cd /etc/init.d # mv rc.real rc note -- this code is untested and is bound to cause cavities and hair loss. caveat debianista. -- DEBIAN NEWBIE TIP #54 from Will Trillich [EMAIL PROTECTED] : Tired of SLOW BROWSING THROUGH THE ONLINE APACHE MANUAL? Get your own local copy and never worry about bandwidth again: apt-get install apache-doc Then browse /usr/share/doc/apache/manual.html, quick like a bunny. Also see http://newbieDoc.sourceForge.net/ ...
Re: Logging Init output?
It is annoying that not all the messages that go to the screen go somewhere else. As one possible reason for this, I'll just tell you what happened when I tried to alter the scripts to write more stuff to a file: it didn't work. The problem is that early in the boot process the file system is read-only (or at least some of the file system is). Then the fact that I got errors from illegal writes in turn caused more serious problems. At least that was my interpretation of what happened. I backed out the logging, and things went back to normal.
Re: Logging Init output?
On Thu, 21 Jun 2001 18:12:48 -0500 will trillich [EMAIL PROTECTED] wrote: On Thu, Jun 21, 2001 at 04:26:41PM -0600, Jimmy Richards wrote: On Thu, Jun 21, 2001 at 11:36:58PM +0200, Mart van de Wege wrote: I'll provide a little background first: this weekend, the loopback interface on my laptop stopped working. I checked all config files, and they are ok, I can also bring up the loopback manually with 'ifconfig lo 127.0.0.1 up' after which it functions normally. I have seen however an error message flashing by during boot, but it passes too fast for me to see what it says. Thus my question: is it somehow possible to log the output of the init scripts somehow, so that I can debug this problem (the error message only started appearing after I lost loopback, so I'm guessing they are related). You can try to catch it with a CTRL-S while booting. This will 'suspend' any further processing of the boot process until you press CTRL-Q to let it continue. It gives you a chance to read and examine the boot messages at your leisure, but it can be hard to catch it when it's on the last one or two boot processes though. 1) ^S/^Q can work wonders (after the kernel enables it) 2) shift-pageup/shift-pagedown to scroll console (and rxvt/xterm windows) 3) man dmesg snip The program helps users to print out their bootup mes sages. Instead of copying the messages by hand, the user need only: dmesg boot.messages and mail the boot.messages file to whoever can debug their problem. snip Ok, Thanks both of you. I'll answer your suggestions in this email. Jimmy: It is in fact one of the first init messages after the kernel boot messages, and I have a lot of services on this laptop (I intend to use it as an all-purpose mobile development workstation), so that is why it flashes by so quick. Had it been the last message, I would have no problem, as Debian does not clear the console after boot, so ctrl-alt-f1 would have solved it. I'll try freezing init on the next boot though (it might be a while, I suspend this laptop instead of switching off). Will: Thanks for the tip with shift-pageup. I do know about that but I keep forgetting it. I don't know if it goes back far enough for my purposes, but I'll give it a shot next time. For the record though, I wasn't talking about the kernel boot messages, which is what dmesg returns, but about the init messages, which to my scant knowledge aren't logged anywhere. Thanks Mart
Re: Logging Init output?
On Fri, Jun 22, 2001 at 10:28:59AM +0200, Mart van de Wege wrote: Thanks for the tip with shift-pageup. I do know about that but I keep forgetting it. I don't know if it goes back far enough for my purposes, but I'll give it a shot next time. For the record though, I wasn't talking about the kernel boot messages, which is what dmesg returns, but about the init messages, which to my scant knowledge aren't logged anywhere. The output of sysvinit scripts is sent to standard output and any errors that occur are naturally sent to standard error. Maybe it would be a nice feature indeed to have all these messages sent to syslog for the record. You could submit a wishlist bug about that against sysvinit. In your case, which is really about debugging some particular problem in one of the init scripts, don't be afraid to hack a little on some of these sysvinit scripts. They are the files in /etc/init.d and they're supposed to by modifyable by the local admin (that's why they're in /etc and not in /usr/lib). You can simply put in some extra echo's and if you want the script to pause at some point, put in read dummy and the shell will stop at that point to read input from standard input (the console in this case) into the variable dummy (be careful that the script you're hacking didn't accidentally already use that variable :-) ). If you are unsure about your editing of these system files, just make a backup with .orig appended onto the filename. Now you should find the proceeding of things during boot time more clear. If not, just hack a bit more :-) If you happen to succeed in making the sysvinit boot system crap out (this should be really hard to make happen though) due to bad code in some of your edits: You can aways boot your linux with init=/bin/bash appended on the lilo prompt. That way, regular /sbin/init will not be started and the sysvinit scripts are skipped altogether. In fact if you boot with a different init, you may not even get to see login, just a bare root prompt. Which is why console access to a machine forms a security risk, unless you carefull tune some things (like turning of the default handler for ctrl-alt-del - in /etc/inittab iirc). man init man inittab and maybe man run-parts Cheers, Joost
Re: Logging Init output?
On Fri, 22 Jun 2001 12:35:51 +0200 [EMAIL PROTECTED] (Joost Kooij) wrote: very long and good explanation snipped Thanks Joost. I was actually being ironic when I mentioned my 'scant' knowledge. At least I am happy to report that I know how init works, but I am still a little wary of fooling with shell scripting of any sort. Funny thing is that I *do* understand moderately complex Perl a lot better. Am I weird or not? Thanks again, Mart
Re: Logging Init output?
On Fri, Jun 22, 2001 at 10:52:03PM +0200, Mart van de Wege wrote: I was actually being ironic when I mentioned my 'scant' knowledge. At That's okay, because there are many subscribers to debian-user and some of them appreciate an answer that does more than reply to strictly the question asked. That way, just by reading posts by others, I learnt a lot myself and I enjoyed it. When I post, people can correct me if I'm wrong about something, which is good because people tend to be a lot more forgiving than computers. least I am happy to report that I know how init works, but I am still a little wary of fooling with shell scripting of any sort. Funny thing is that I *do* understand moderately complex Perl a lot better. Am I weird or not? Yes, definately. Just go and bash ahead at those shell scripts. What can go really wrong here? Just don't do it on your company's database server. Wait, did you mention weird? ;-) Don't be afraid to fool with the scripts in /etc/init.d. It's a feature of the os. Notice that these files are all interpreted scripts, not a single one is a precompiled binary. If the init system were compiled c code, then that would make booting a lot faster. The one good reason why they are shell scripts still, is exactly so that you can hack them. Even when the system is otherwise totally broken. As long as /bin/sh, /bin/awk and some friends work, you can fix things (note you don't really need an editor even). I think I learnt a lot about shell scripting from precisely this, futzing with initscripts and maintainer scripts and some of my own little creatures. Cheers, Joost
Logging Init output?
Folks, I'll provide a little background first: this weekend, the loopback interface on my laptop stopped working. I checked all config files, and they are ok, I can also bring up the loopback manually with 'ifconfig lo 127.0.0.1 up' after which it functions normally. I have seen however an error message flashing by during boot, but it passes too fast for me to see what it says. Thus my question: is it somehow possible to log the output of the init scripts somehow, so that I can debug this problem (the error message only started appearing after I lost loopback, so I'm guessing they are related). Mart
Re: Logging Init output?
On Thu, Jun 21, 2001 at 11:36:58PM +0200, Mart van de Wege wrote: Folks, I'll provide a little background first: this weekend, the loopback interface on my laptop stopped working. I checked all config files, and they are ok, I can also bring up the loopback manually with 'ifconfig lo 127.0.0.1 up' after which it functions normally. I have seen however an error message flashing by during boot, but it passes too fast for me to see what it says. Thus my question: is it somehow possible to log the output of the init scripts somehow, so that I can debug this problem (the error message only started appearing after I lost loopback, so I'm guessing they are related). Mart Hi Mart, You can try to catch it with a CTRL-S while booting. This will 'suspend' any further processing of the boot process until you press CTRL-Q to let it continue. It gives you a chance to read and examine the boot messages at your leisure, but it can be hard to catch it when it's on the last one or two boot processes though. Cheers, Jimmy Richards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] binhzjdP6i5m2.bin Description: PGP Key 0x0062D7A7. pgpSzBBPER3iI.pgp Description: PGP signature
Re: Logging Init output?
On Thu, Jun 21, 2001 at 04:26:41PM -0600, Jimmy Richards wrote: On Thu, Jun 21, 2001 at 11:36:58PM +0200, Mart van de Wege wrote: I'll provide a little background first: this weekend, the loopback interface on my laptop stopped working. I checked all config files, and they are ok, I can also bring up the loopback manually with 'ifconfig lo 127.0.0.1 up' after which it functions normally. I have seen however an error message flashing by during boot, but it passes too fast for me to see what it says. Thus my question: is it somehow possible to log the output of the init scripts somehow, so that I can debug this problem (the error message only started appearing after I lost loopback, so I'm guessing they are related). You can try to catch it with a CTRL-S while booting. This will 'suspend' any further processing of the boot process until you press CTRL-Q to let it continue. It gives you a chance to read and examine the boot messages at your leisure, but it can be hard to catch it when it's on the last one or two boot processes though. 1) ^S/^Q can work wonders (after the kernel enables it) 2) shift-pageup/shift-pagedown to scroll console (and rxvt/xterm windows) 3) man dmesg snip The program helps users to print out their bootup mes sages. Instead of copying the messages by hand, the user need only: dmesg boot.messages and mail the boot.messages file to whoever can debug their problem. snip -- DEBIAN NEWBIE TIP #6 from Will Trillich [EMAIL PROTECTED] : How do you keep text from SCROLLING BY TOO DAMN FAST? :) Before pressing the ENTER key of a command that you know will generate a lot of output, pipe it through your pager: ls -lR | pager locate tgz | pager grep -r pattern /home | pager You can also try SHIFT-PAGE-UP to scroll back. This works both at the console and in rxvt/xterm windows. Also see http://newbieDoc.sourceForge.net/ ...
Re: iptables logging to console (all basic solutions have failed)
Hey Adam! I was right about to reply to that message, but you were faster at reposting my old reply to it! LOL it's great fun seeing your messages recycled :) Hope it helped (again) :) Miquel On Thu, Jun 14, 2001 at 09:55:28PM +1200, Adam Warner wrote: This looks extremely fruitful. If it DOESNT work I'll let the list know: http://lists.debian.org/debian-user-0105/msg00052.html ---Begin Quote--- Hi there! Sorry to bring up such an old threat, but I didn't see any solutions posted, and I just found the cause. The problem was ipchains (or iptables) printing messages on the console no matter how much you tried to make it shut up :) Well, I had the problem also with smbmount. Anyway, the problem was that klogd is displaying on the console all the messages with any priority greater than debug (7) (see man klogd). To keep it from doing that, load it with klogd -c 5 for example. That will log only errors or highr priorities and will prevent the flooding! If you use debian, edit /etc/init.d/klogd and edit the line where it says: KLOGD= to be KLOGD=-c 4 Have fun! Miquel ---End Quote--- And the follow up post was: ---Begin Quote--- Thank you, thank you. I just checked to see if you had filed a bug report and found that the bug (and the fix) had been filed 11 days ago. One good thing about this bug is that all those console messages about my ipchains REJECTs and DENYs resulted in a better firewall. But why did it affect (apparently) only a handful of people? Lindsay ---End Quote--- -Original Message- From: Adam Warner [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2001 7:33 p.m. To: debian-user@lists.debian.org Subject: iptables logging to console (all basic solutions have failed) Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Logging
On Sat, Jun 16, 2001 at 07:05:14PM -0700, Reza wrote: Hi everybody, I need a little bit help I wondered if someone is doing ftp, or trying to sh me, can I see the logging? and also if someone's trying to packet me, would it be log? if yes, can anyone let me know? thank you Take a look at /var/log -- Casper Gielen [EMAIL PROTECTED], [EMAIL PROTECTED] -- People just generally like to disagree. Bill Joy
Some logging not working after reinstallation
I have just reinstalled debian potato on this system and now some things don't work as they did before. Now I copied a lot of my config files before reinstalling so things really should be the same. Here is a specific example: I run fetchmail after establishing my ppp connection - it all works fine and gets the mail fine but I no longer can watch the progress in /var/log/syslog - no logging whatsoever. I call fetchmail with the --syslog flag and also the fetchmailrc has set syslog in it. It is also the same fetchmailrc and script calling fetchmail as I had on the previous system which worked fine. I think it must have something to do with how I installed sysklogd or something like that. But I have checked /etc/syslog.conf and it is the same as on another potato system which works fine - also with same fetchmail calling script and substantially the same fetchmailrc. It doesn't make sense to me. Any ideas? Thanks. Mark.
Logging
Hi everybody, I need a little bit help I wondered if someone is doing ftp, or trying to sh me, can I see the logging? and also if someone's trying to packet me, would it be log? if yes, can anyone let me know? thank you Regards, Reza __ Do You Yahoo!? Spot the hottest trends in music, movies, and more. http://buzz.yahoo.com/
iptables logging to console (all basic solutions have failed)
Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam
Re: iptables logging to console (all basic solutions have failed)
On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago. pgphNfkpxrhHV.pgp Description: PGP signature
RE: iptables logging to console (all basic solutions have failed)
Thanks John, OK I appended debug=0 to /etc/lilo.conf (append=debug=0), re-run lilo and rebooted. And the outcome was not good. No services run. All I get is lots of errors: /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found /etc/init.d/rc: 0: command not found etc. Anyway, why would setting the level of debugging (which certainly didn't work here) have anything to do with whether messages go to the console or not? Thanks for trying. Regards, Adam -Original Message- From: John R Lenton [mailto:[EMAIL PROTECTED] Behalf Of John R Lenton Sent: Thursday, 14 June 2001 8:08 p.m. To: Adam Warner Cc: Debian User Mailing List Subject: Re: iptables logging to console (all basic solutions have failed) On Thu, Jun 14, 2001 at 07:32:46PM +1200, Adam Warner wrote: Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. set your debug level to 0. This can be done at boot (iirc debug=0), or alt-sysrq-0. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. I'm not sure, but wouldn't the line about 'emerg' apply? -- John Lenton ([EMAIL PROTECTED]) -- Random fortune: O cigarro disse ao fumante: Hoje você me acende, amanhã eu te apago.
RE: iptables logging to console (all basic solutions have failed)
This looks extremely fruitful. If it DOESNT work I'll let the list know: http://lists.debian.org/debian-user-0105/msg00052.html ---Begin Quote--- Hi there! Sorry to bring up such an old threat, but I didn't see any solutions posted, and I just found the cause. The problem was ipchains (or iptables) printing messages on the console no matter how much you tried to make it shut up :) Well, I had the problem also with smbmount. Anyway, the problem was that klogd is displaying on the console all the messages with any priority greater than debug (7) (see man klogd). To keep it from doing that, load it with klogd -c 5 for example. That will log only errors or highr priorities and will prevent the flooding! If you use debian, edit /etc/init.d/klogd and edit the line where it says: KLOGD= to be KLOGD=-c 4 Have fun! Miquel ---End Quote--- And the follow up post was: ---Begin Quote--- Thank you, thank you. I just checked to see if you had filed a bug report and found that the bug (and the fix) had been filed 11 days ago. One good thing about this bug is that all those console messages about my ipchains REJECTs and DENYs resulted in a better firewall. But why did it affect (apparently) only a handful of people? Lindsay ---End Quote--- -Original Message- From: Adam Warner [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2001 7:33 p.m. To: debian-user@lists.debian.org Subject: iptables logging to console (all basic solutions have failed) Hi all, I'm running Debian testing with a custom compiled 2.4.5 kernel. Since I've enabling logging with my iptables rules (at info and warn levels) every single log is being output to the current console. At no point in /etc/syslog.conf do I have any logging to /dev/console. And attempts to log to, say, /dev/tty8 work but continue to log to the current console. Yes, I used apt-get install klogd after searching archives and finding that this should be installed (I initially started a while ago with a floppy install of 2.2r3). I've tried rebooting, restarting syskogd and klogd and finding messages in the archives that go along the line of yeah, this appears to be happening to some people. As you can imagine, it's very easy for iptables logs to flood the console in a second. Thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
logging in over serial line
Hi All, I've set up a box here where the main method for logging in is through the serial line S0:2345:respawn:/sbin/getty ttyS0 9600 snipped from inittab the problem is that the default setting is to not allow root loggins. Does anyone know where these permissions live? thanks, Andy -- Andrew D. Dixon Software Engineer Seranao Networks 978-8973434 x231
Re: logging in over serial line
On Mon, Jun 11, 2001 at 11:36:08AM -0500, Andrew D Dixon wrote: Hi All, I've set up a box here where the main method for logging in is through the serial line S0:2345:respawn:/sbin/getty ttyS0 9600 snipped from inittab the problem is that the default setting is to not allow root loggins. Does anyone know where these permissions live? Check /etc/securetty -- Thus, there is not a single ill afflicting the nation for which the government has not voluntarily made itself responsible. Is it astonishing, then, that each little twinge should be a cause of revolution? -- Fr?d?ric Bastiat (1801-1850) Rick Pasotto[EMAIL PROTECTED]http://www.niof.net
trouble logging in through
Hello, tonight I upgraded my system, and now I can't log in through gdm. I can still start X windows on the console by typing starx. What has changed? Should I check X configuration files or gdm config files? On the side, this remarks. Earlier I posted a problem with starting xscreensaver automatically by means of the xsession file. I noticed that when I start X with startx the xscreensaver gets started. This leads me to assuming that when I log in to X using gdm the .xsession file doesn't get interpreted. Is my assumption correct? -- Jeroen Valcke jeroen@valcke.com ICQ# 30116911 Home page: http://www.valcke.com/jeroen Phone +32(0)56 32 91 37 Mobile +32(0)486 88 21 26
Re: trouble logging in through
On Sun, Jun 10, 2001 at 12:14:36AM +0200, Jeroen Valcke wrote: tonight I upgraded my system, and now I can't log in through gdm. I can still start X windows on the console by typing starx. What has changed? Should I check X configuration files or gdm config files? Oke, I found this myself already. A friend tipped me off. Apparantly wmaker was moved to another location with the update. It is now in /usr/bin/wmaker before the upgrade it was in /usr/bin/X11/wmaker. I found out that I had to change a gdm config file. The last line in /etc/gdm/Sessions/Debian is now exec wmaker, where it used to be exec /usr/bin/X11/wmaker On the side, this remarks. Earlier I posted a problem with starting xscreensaver automatically by means of the xsession file. I noticed that when I start X with startx the xscreensaver gets started. This leads me to assuming that when I log in to X using gdm the .xsession file doesn't get interpreted. Is my assumption correct? Hmmm, I just added xscreensaver to the /etc/gdm/Sessions/Debian file and now xscreensaver starts fine when I log in. However is this the right way to do this. Can I source the .xsession file just like the .bashrc file (source .xsession) I could just add this to my .../Sessions/Debian file. Better? -- Jeroen Valcke jeroen@valcke.com ICQ# 30116911 Home page: http://www.valcke.com/jeroen Phone +32(0)56 32 91 37 Mobile +32(0)486 88 21 26 If the only tool you have is a hammer, you treat everything like a nail. -Maslow's Maxim-
logging to active console is driving me crazy
I have a iptables firewall with 2.4.4 kernel. I have it log packets that are illegal etc. How do I stop these logs from being displayed on the active console. I am running potato with Adrian Bunk's stuff for 2.4 kernel support. Here is what my /etc/syslog.conf has in it. auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.*-/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* -/var/log/uucp.log mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err/var/log/mail.err news.crit /var/log/news/news.crit news.err/var/log/news/news.err news.notice -/var/log/news/news.notice *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages Everything else is commented out. Even commented out the following lines: # Emergencies are sent to everybody logged in. # #*.emerg* So what gives? How do I stop this logging to the active console?
Re: logging to active console is driving me crazy
On Sat, May 19, 2001 at 04:51:03AM +1000, [EMAIL PROTECTED] wrote: Everything else is commented out. Even commented out the following lines: # Emergencies are sent to everybody logged in. # #*.emerg* So what gives? How do I stop this logging to the active console? I had something similar recently.. turned out installing klogd and setting the threshold in the init.d file for it filters out the kernel messages (-c option IIRC).
Re: logging to active console is driving me crazy
On Fri, 18 May 2001 13:51:03 you wrote: I have a iptables firewall with 2.4.4 kernel. I have it log packets that are illegal etc. How do I stop these logs from being displayed on the active console. I am running potato with Adrian Bunk's stuff for 2.4 kernel support. Here is what my /etc/syslog.conf has in it. auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.*-/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* -/var/log/uucp.log mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err/var/log/mail.err news.crit /var/log/news/news.crit news.err/var/log/news/news.err news.notice -/var/log/news/news.notice *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages Everything else is commented out. Even commented out the following lines: # Emergencies are sent to everybody logged in. # #*.emerg* If you use the below, everything goes to tty8 on my system. (ctrl-shift-f8) daemon,mail.*;\ news.=crit;news.=err;news.=notice;\ *.=debug;*.=info;\ *.=notice;*.=warn /dev/tty8 This should work, although I don't have the logging setup yet for iptables. I was going to compile that in today. (missed it before) Dana
