lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 29 Mar 2014 13:22:21 +0100
From:	Struan Bartlett <struan.bartlett@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: Support for netconsole as default tty/console?

Hi

I help maintain a range of raw metal hosts, VMs, and Amazon EC2
instances that boot Linux within secure private networks. Where
possible, we connect raw metal hosts to a central logging server using
serial lines, and use the console=ttyS0 kernel command line option to
redirect not just kernel boot logs, but all boot script tty output,
via the serial line for central logging. This is particularly useful,
as when critical start-up scripts report issues to the console (as
opposed to logs files) those issues can be monitored centrally, and
diagnosed without the need to log in. In some cases, critical error
messages are only logged to the console, and not to the logs files.

Serial lines do not scale well and, on some of our VMs, and certainly
on EC2 instances, platforms are headless and may be accessed only by
our private network. As mentioned, our systems are running in known
secure private networks accessible only to sysadmins, so
authenticating access to the terminal output is not a particular
concern.

We have had a good experience of using netconsole to provide remote
real-time access to the kernel logs during Linux boot, via our syslog
server. However we have yet to find a reliable way to redirect all
console output (i.e. start-up script not just kernel logs) via the
private network to our logging server, as is possible via a serial
line. We have tried to address the issue in user-space. Patching of
boot scripts to pipe output via tee and socat has been attempted, but
it is hard to make this work comprehensively, and it appears to
interfere with standard shutdown scripts that expect all processes to
be able to be killed (without terminating standard output/error pipes)
before switching run levels.

Adding console=netconsole to the command line does not appear to have
the desired effect. I am not sure if this is because netconsole,
unlike the serial console, does not provide a tty. Can anyone advise
if this understanding is correct? If so, is there an independent
solution to this problem? Failing that, is there general interest in a
tty-capable (maybe output only) extension to the netconsole module?

Kind regards
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists