| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Mar 2014 13:22:21 +0100 From: Struan Bartlett <struan.bartlett@...il.com> To: linux-kernel@...r.kernel.org Subject: Support for netconsole as default tty/console? Hi I help maintain a range of raw metal hosts, VMs, and Amazon EC2 instances that boot Linux within secure private networks. Where possible, we connect raw metal hosts to a central logging server using serial lines, and use the console=ttyS0 kernel command line option to redirect not just kernel boot logs, but all boot script tty output, via the serial line for central logging. This is particularly useful, as when critical start-up scripts report issues to the console (as opposed to logs files) those issues can be monitored centrally, and diagnosed without the need to log in. In some cases, critical error messages are only logged to the console, and not to the logs files. Serial lines do not scale well and, on some of our VMs, and certainly on EC2 instances, platforms are headless and may be accessed only by our private network. As mentioned, our systems are running in known secure private networks accessible only to sysadmins, so authenticating access to the terminal output is not a particular concern. We have had a good experience of using netconsole to provide remote real-time access to the kernel logs during Linux boot, via our syslog server. However we have yet to find a reliable way to redirect all console output (i.e. start-up script not just kernel logs) via the private network to our logging server, as is possible via a serial line. We have tried to address the issue in user-space. Patching of boot scripts to pipe output via tee and socat has been attempted, but it is hard to make this work comprehensively, and it appears to interfere with standard shutdown scripts that expect all processes to be able to be killed (without terminating standard output/error pipes) before switching run levels. Adding console=netconsole to the command line does not appear to have the desired effect. I am not sure if this is because netconsole, unlike the serial console, does not provide a tty. Can anyone advise if this understanding is correct? If so, is there an independent solution to this problem? Failing that, is there general interest in a tty-capable (maybe output only) extension to the netconsole module? Kind regards -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists