lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 17 Jun 2012 18:57:18 +1000
From:	Veyrdite <veyrdite@...il.com>
To:	unlisted-recipients:; (no To-header on input)
CC:	Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-console@...r.kernel.org
Subject: Re: wishlist: vnc framebuffer device?

Hey Harald,

 > To make a headless system "less headless", would it be possible
 > to integrate a vnc framebuffer device into the kernel?

VNC as I understand is more suitable for graphical environments.  For
just text SSH or even telnet/netcat would be more practical.

 > The idea is to have a vnc server instead of a local screen and
 > keyboard to show the boot output and to provide a console login
 > on /dev/tty{1..6}. It would be pretty similar to qemu. No need
 > for fancy graphics, of course. The IP address might either be
 > obtained using DHCP, or it might use an IP address/netmask
 > given on the kernel command line.

As I understand it most init implementations log all of their messages
to a file in /var/log, so you can view them all post-bootup once you
have vnc'd or into the box.  This would be the simplest and most
foolproof solution, but may not be what you want.

If you are going to send your messaged over a trusted LAN or network
( ie not the internet ) then I'd go with the 'netconsole' module for the
kernel.

See https://www.kernel.org/doc/Documentation/networking/netconsole.txt

It (hopefully) would just require an extra kernel command line on the
headless machine and a 'netcat -ul portnumber' on the receiving machine.
  'Hopefully' because I am unsure if your kern

The problem is that everything is sent as unencrypted plaintext.

 > I understand that authentication might be an issue here.

Yes, if you mean the security of the transmitted data.

It is unlikely your ISP and other routing companies will violate your
security, but there is always a risk of someone doing something they
shouldn't be.  It is also *very* unhackerlike to send any plaintext over
the internet, and you should be secretly ashamed deep down if you do so.

If you do need to secure this information, it might be possible to link
SSH to your innitab and have things sent that way.  That is idealistic.

In the worst case scenario, you will just have to write a script that
acts as an init service that delays all bootup until it can make an SSH
connection to another computer and shove the lines of bootup information
from /var/log to the other computer as they appear.

If my words have gone over your head, please tell me.  I have no clue
what you skill level and experience is, and I am making assumptions :)

Regards, William
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ