Fragments of kernel log text in "security run" message
Roman Neuhauser
dev-null at bellavista.cz
Mon Aug 18 04:24:25 PDT 2003
# kris at obsecurity.org / 2003-08-17 23:01:54 -0700:
> On Mon, Aug 18, 2003 at 12:50:19AM -0500, Dan Nelson wrote:
>
> > > I get this as well on RELENG_4...I wish I knew why. Often it causes
> > > syslogd to log it at LOG_EMERG priority (=spams every logged in user
> > > with the truncated message).
> >
> > I think this happens after the kernel's message buffer starts rolling
> > over. The very first line in the dmesg output sometimes gets cut in
> > half, so diff prints it as a change block, and the security script
> > prints the "add" portion. Maybe the check_diff function should remove
> > the first line of the dmesg output before doing the diff?
>
> I guess I'm talking about a different problem, actually (syslogd),
> although I see the truncated security script mail as well.
The oldest security run mail I found this artifact in is dated
Fri, 6 Sep 2002 03:01:14 +0000 (GMT):
ishtar.bellavista.cz kernel log messages:
> tfix/local[3952]: fatal: open database /etc/aliases.db: No such file or directory
Next day's security run shows I updated the box to 4.7-PRERELEASE on
Sep 7, but I don't know what version it was running till then.
Hope this is of *some* help.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
More information about the freebsd-questions
mailing list