question about uptime stats

Discussion in 'NZ Computing' started by Guest, Jan 18, 2005.

  1. Guest

    Guest Guest

    Hiya, y'all.

    Another coupla questions...

    With FreeBSD, when going to single user mode (entering "init 1" from the
    console by root), does that reset the uptime?

    Also, what would be the signs (other than uptime) of a server having
    spontaneously rebooted?

    Thanking you


    Divine
     
    Guest, Jan 18, 2005
    #1
    1. Advertisements

  2. Guest

    Peter Guest

    logs ?

    In Linux, it is in /var/log/messages and I'm guessing there is something
    equivalent in BSD.

    HTH

    Peter
     
    Peter, Jan 18, 2005
    #2
    1. Advertisements

  3. logs showing the boot processes but no shutdown processes.
     
    Dave - Dave.net.nz, Jan 18, 2005
    #3
  4. Guest

    thing Guest

    I wrote a script to place a lock file on boot (using touch) after making
    sure no lock file was present. On a normal shutdown the lock file is
    removed. If the script discovers a lock file on boot it moves it to
    create a new file giving a simple time stamp, writes a new lock file and
    emails me that it has noted a likely spontanious reboot.

    If you see syslogd going down on a signal 15 in messages its likely it
    was told to do so, check the bash history of root if you think you might
    of been hacked, while not fool proof it catches most simple automated
    scripts and script kiddies.

    regards

    Thing
     
    thing, Jan 19, 2005
    #4
  5. Guest

    Guest Guest

    Cool - thanks for the info - appreciated.


    Divine
     
    Guest, Jan 19, 2005
    #5
  6. thats how I used to check things at work until I actually got some
    decent monitoring.
     
    Dave - Dave.net.nz, Jan 19, 2005
    #6
  7. No reason why it should, on any UN*X-type system. Uptime means kernel
    uptime, whereas changing run levels simply involves stopping and
    starting processes, nothing more.
     
    Lawrence D’Oliveiro, Jan 19, 2005
    #7
  8. belt braces and sewn to your tee shirt huh?
     
    Dave - Dave.net.nz, Jan 21, 2005
    #8
  9. Guest

    Guest Guest

    Hi, Thing.

    Sounds like a very userful script. Any chance of me getting a copy? And
    how did you put it into the bootup/shutdown process?

    It's not likely that my server was hacked - they'd have to get past my
    firewall, which does not respond to connections initiated from the
    Internet and then locate the server on the LAN and then get login access
    to it, and THEN get increased privileges. And on top of that, cannot
    login to ROOT on that box via the network - only from the console.

    So that box should be reasonably safe from hackers.


    Divine
     
    Guest, Jan 21, 2005
    #9
  10. Guest

    froggy Guest

    bootup scripts can be referenced in /etc/rc.local (for linux)

    for freebsd
    On FreeBSD startup scripts generally should go in `/usr/local/etc/rc.d/'.
    The rc(8) manual page also states that scripts in this directory are only
    executed, if their basename matches the shell globbing pattern *.sh. Any
    other files or directories present within the directory are silently
    ignored.
    as to not being able to login to root via the network.. i sure hope that
    isnt a reference to the sshd blocking root login access
    because as su can be performed, and vulns can be exploited from the
    account with a weak password etc etc etc
     
    froggy, Jan 21, 2005
    #10
  11. Guest

    Guest Guest

    Cool - that's what I thought - thanks for the info - appreciated.

    Now another question: :eek:)

    I found it was easy to go to runlevel 1 - by entering "init 1", but I'm
    not sure how to return back to runlevel 3 afterwards.

    I ended up somehow moving it back to multiuser mode, but I then had to
    start all the networking/named/inetd/sshd stuff by hand.

    On a linux box all one has to do is key in "telinit 3" and it will return
    back to runlevel 3. FreeBSD didn't know "telinit 3" and "init 3" came back
    with an error message.

    So what is the best/correct method to return to runlevel 3 from
    single user mode?

    Any help on this point would also be appreciated. :eek:)


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #11
  12. Guest

    froggy Guest

    spot on
    and if 'divine' had bothered to google it.....
     
    froggy, Jan 21, 2005
    #12
  13. Guest

    AD. Guest

    BSDs don't use the SysV style init run levels as far as I'm aware.

    They use rc scripts and I think you've either got 0 or 1 as basic
    security levels. Or at least that's how OpenBSD and NetBSD work - FreeBSD
    might be different.
     
    AD., Jan 21, 2005
    #13
  14. Guest

    Guest Guest

    Yup. I don't want my server to be hacked. I suppose I could set it to only
    permit SSH connections from one of my Linux workstations. :eek:)


    Divine

    --
    Michael Stutz: "There is an area affecting business and home use where Linux
    is greatly deficient, and I see no solution coming at all. I refer to the
    area of e-mail viruses - they just don't make them for Linux like they do for
    Windows. Same with a lot of those crippling meltdowns and system errors. If
    you want a blue screen of death freeze-up, you pretty much have to run Windows
    to get it. You won't be able to run those trojan horses that steal all your
    passwords and copy your files out to the Internet, and you're out of luck with
    all those funny attachments that wreak havoc in the workplace - there isn't
    any Linux compatibility here at all."
     
    Guest, Jan 21, 2005
    #14
  15. Guest

    Guest Guest

    I was under the impression that SU can only be performed by users who are
    a member of the Wheel group.

    And I do not have any passwordless accounts. They would have to use a
    brute-force password attack, and login failures are logged, and logging in
    is disabled from a given IP number after a couple of failures, and I read
    the system/network reports/stats daily.


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #15
  16. Guest

    froggy Guest

    yes su can only be performed by members of wheel <woops>
    however
    http://www.google.co.nz/search?as_q...i&as_sitesearch=securityfocus.com&safe=images

    and
    http://www.google.co.nz/search?hl=e...d+4.9+escalation+privilege+&btnG=Search&meta=

    and no they wouldnt _have_ to use brute force to gain a shell
    ips are also easily hidden behind proxies ( my logs show multiple ips
    trying the nobody account on my firewall machine all within a very short
    space of time)
    or even spoofed
    if the above links get fux0red go to google :\
     
    froggy, Jan 21, 2005
    #16
  17. Guest

    Guest Guest

    Interesting!

    So what I should have done when moving from single user mode to runlevel 3
    is typed in "./rc". Is that correct?

    What does "rc" stand for?

    For all this I'm thinking about FreeBSD admin.


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #17
  18. Guest

    Guest Guest

    There are 5 security levels than that in FreeBSD, IIRC. -1, 0, 1, 2, 3.

    :eek:)


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #18
  19. Guest

    Guest Guest

    Why have you got a network login available on your firewall that is
    visible from the outer side of your firewall?


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #19
  20. Guest

    Guest Guest

    I'm running FreeBSD 5.3-RELEASE - the latest stable production version of
    FreeBSD.

    Looking though that list, having adjusted the search for "5.3" I didn't
    notice a vulnerability that applied to FreeBSD-5.3-RELEASE.

    :eek:)


    Divine

    --
    "Installing and running Unix hardly counts as one of the more difficult
    intellectual tasks. It's hard, sure, if you're used to something different,
    but the description 'windows people' includes novelists, artists and nuclear
    scientists who just don't give a damn about the stupid OS their computer
    runs."
     
    Guest, Jan 21, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.