question about uptime stats

Hiya, y'all.

Another coupla questions...

With FreeBSD, when going to single user mode (entering "init 1" from the
console by root), does that reset the uptime?

Also, what would be the signs (other than uptime) of a server having
spontaneously rebooted?

Thanking you


Divine

 

logs ?

In Linux, it is in /var/log/messages and I'm guessing there is something
equivalent in BSD.

HTH

Peter

 

logs showing the boot processes but no shutdown processes.

 

I wrote a script to place a lock file on boot (using touch) after making
sure no lock file was present. On a normal shutdown the lock file is
removed. If the script discovers a lock file on boot it moves it to
create a new file giving a simple time stamp, writes a new lock file and
emails me that it has noted a likely spontanious reboot.

If you see syslogd going down on a signal 15 in messages its likely it
was told to do so, check the bash history of root if you think you might
of been hacked, while not fool proof it catches most simple automated
scripts and script kiddies.

regards

Thing

 

Cool - thanks for the info - appreciated.


Divine

 

thats how I used to check things at work until I actually got some
decent monitoring.

 

No reason why it should, on any UN*X-type system. Uptime means kernel
uptime, whereas changing run levels simply involves stopping and
starting processes, nothing more.

 

belt braces and sewn to your tee shirt huh?

 

Hi, Thing.

Sounds like a very userful script. Any chance of me getting a copy? And
how did you put it into the bootup/shutdown process?

It's not likely that my server was hacked - they'd have to get past my
firewall, which does not respond to connections initiated from the
Internet and then locate the server on the LAN and then get login access
to it, and THEN get increased privileges. And on top of that, cannot
login to ROOT on that box via the network - only from the console.

So that box should be reasonably safe from hackers.


Divine

 

bootup scripts can be referenced in /etc/rc.local (for linux)

for freebsd
On FreeBSD startup scripts generally should go in `/usr/local/etc/rc.d/'.
The rc(8) manual page also states that scripts in this directory are only
executed, if their basename matches the shell globbing pattern *.sh. Any
other files or directories present within the directory are silently
ignored.
as to not being able to login to root via the network.. i sure hope that
isnt a reference to the sshd blocking root login access
because as su can be performed, and vulns can be exploited from the
account with a weak password etc etc etc

 

Cool - that's what I thought - thanks for the info - appreciated.

Now another question: )

I found it was easy to go to runlevel 1 - by entering "init 1", but I'm
not sure how to return back to runlevel 3 afterwards.

I ended up somehow moving it back to multiuser mode, but I then had to
start all the networking/named/inetd/sshd stuff by hand.

On a linux box all one has to do is key in "telinit 3" and it will return
back to runlevel 3. FreeBSD didn't know "telinit 3" and "init 3" came back
with an error message.

So what is the best/correct method to return to runlevel 3 from
single user mode?

Any help on this point would also be appreciated. )


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."

 

spot on
and if 'divine' had bothered to google it.....

 

BSDs don't use the SysV style init run levels as far as I'm aware.

They use rc scripts and I think you've either got 0 or 1 as basic
security levels. Or at least that's how OpenBSD and NetBSD work - FreeBSD
might be different.

 

Yup. I don't want my server to be hacked. I suppose I could set it to only
permit SSH connections from one of my Linux workstations. )


Divine

--
Michael Stutz: "There is an area affecting business and home use where Linux
is greatly deficient, and I see no solution coming at all. I refer to the
area of e-mail viruses - they just don't make them for Linux like they do for
Windows. Same with a lot of those crippling meltdowns and system errors. If
you want a blue screen of death freeze-up, you pretty much have to run Windows
to get it. You won't be able to run those trojan horses that steal all your
passwords and copy your files out to the Internet, and you're out of luck with
all those funny attachments that wreak havoc in the workplace - there isn't
any Linux compatibility here at all."

 

I was under the impression that SU can only be performed by users who are
a member of the Wheel group.

And I do not have any passwordless accounts. They would have to use a
brute-force password attack, and login failures are logged, and logging in
is disabled from a given IP number after a couple of failures, and I read
the system/network reports/stats daily.


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."

 

yes su can only be performed by members of wheel <woops>
however
http://www.google.co.nz/search?as_q...i&as_sitesearch=securityfocus.com&safe=images

and
http://www.google.co.nz/search?hl=e...d+4.9+escalation+privilege+&btnG=Search&meta=

and no they wouldnt _have_ to use brute force to gain a shell
ips are also easily hidden behind proxies ( my logs show multiple ips
trying the nobody account on my firewall machine all within a very short
space of time)
or even spoofed
if the above links get fux0red go to google :\

 

Interesting!

So what I should have done when moving from single user mode to runlevel 3
is typed in "./rc". Is that correct?

What does "rc" stand for?

For all this I'm thinking about FreeBSD admin.


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."

 

There are 5 security levels than that in FreeBSD, IIRC. -1, 0, 1, 2, 3.

)


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."

 

Why have you got a network login available on your firewall that is
visible from the outer side of your firewall?


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."

 

I'm running FreeBSD 5.3-RELEASE - the latest stable production version of
FreeBSD.

Looking though that list, having adjusted the search for "5.3" I didn't
notice a vulnerability that applied to FreeBSD-5.3-RELEASE.

)


Divine

--
"Installing and running Unix hardly counts as one of the more difficult
intellectual tasks. It's hard, sure, if you're used to something different,
but the description 'windows people' includes novelists, artists and nuclear
scientists who just don't give a damn about the stupid OS their computer
runs."