Re: three questions

From: Eric Kjeldergaard (kjelderg_at_gmail.com)
Date: 11/30/04

  • Next message: Yannack: "Re: Multiple NICs" 
    Date: Tue, 30 Nov 2004 09:41:07 +0000
To: Alexander Bubnov <ab_fatal@mail.ru>

    > Hi!
    > Could you answer my questions, please?

    I'll try.

    >
    > 1) When I halt or reboot FreeBSD 5.3 I always receive following:
    > Syncing disks vnodes remaining... 4 3 3 1 1 0 done
    >
    > Is it OK? What does it mean?

    This is relatively normal. What it means is that it is syncing your
    hard disk before shutting down. As long as it ends up with a 0, it's
    fine.

    >
    > 2) When I download something from the Internet for a long time (around 9
    > hours) I always receive 3 strange letters (unfortunately, I deleted
    > third letter, sorry) from my OS (FreeBSD any versions), see below. What
    > for? What happen? Why do I receive them?
    >

    These strange letters seem like usual system messages that are
    generated by systems kinda late at night (early in the morning). They
    are completely normal and they are just to give the administrator
    (root by default) a quick summary of what's happened on the computer
    recently. Learning to read these letters can make administering a
    system substantially easier.

    > 3) I change resolution for consoles as vidcontrol -g 100x37 VESA_800x600
    > green. Can I change rate? How to do it?
    >

    The rate of what? I'm not exactly sure what you mean by this part.

    > letters:
    > *******
    > *first*
    > *******
    > removing stale files from /var/preserve:
    > Cleaning out old system announcements:
    > Removing stale files from /var/rwho:
    > Backup passwd and group files:
    > Verifying group file syntax:
    > Backing up mail aliases:

    This is your system taking care of some occasional clean-up/back-up
    tasks. It's just telling you that it did stuff for you. This way you
    (in a state of relief) know that you don't have to do these things
    yourself.

    > Disk status:
    > Filesystem 1K-blocks Used Avail Capacity Mounted on
    > /dev/ad0s4a 257998 51810 185550 22% /
    > /dev/ad0s4f 1032142 70 949502 0% /tmp
    > /dev/ad0s4g 6399156 3999490 1887734 68% /usr
    > /dev/ad0s4e 1032142 20328 929244 2% /var
    > procfs 4 4 0 100% /proc
    > /dev/ad0s2 10231440 9594792 636648 94% /mnt/dos
    > Last dump(s) done (Dump '>' file systems):

    These messages have to do with the status of your disks as of this system check.

    > UUCP status:
    > Network interface status:
    > Name Mtu Network Address Ipkts Ierrs Opkts
    > Oerrs Coll
    > rl0* 1500 <Link#1> 00:c0:26:a4:b6:b0 0 0 0
    > 0 0
    > lp0* 1500 <Link#2> 0 0 0
    > 0 0
    > lo0 16384 <Link#3> 0 0 0
    > 0 0
    > lo0 16384 sinn ::1 0 - 0
    > - -
    > lo0 16384 fe80:3::1 fe80:3::1 0 - 0
    > - -
    > lo0 16384 your-net sinn 0 - 0
    > - -
    > ppp0* 1500 <Link#4> 0 0 0
    > 0 0
    > sl0* 552 <Link#5> 0 0 0
    > 0 0
    > faith 1500 <Link#6> 0 0 0
    > 0 0
    > tun0 1500 <Link#7> 12259 0 13232
    > 0 0
    > tun0 1500 ts3-a0.NNovgo ts3-a29.NNovgor 12259 - 13231
    > - -
    > tun1* 1500 <Link#8> 0 0 111
    > 0 0
    >

    Like the disk status above, this is information about your network interfaces.

    > cal system status:
    > 3:10AM up 1:10, 2 users, load averages: 0.64, 0.70, 0.62

    This is the output of the command `uptime`.

    > Mail in local queue:
    > /var/spool/mqueue is empty
    > Total requests: 0
    > Mail in submit queue:
    > /var/spool/clientmqueue is empty
    > Total requests: 0

    This is information about pending mail messages.

    > Security check:
    > (output mailed separately)

    The Security check is a separate "letter" to you. In fact, the second
    one that you included here is the Security check.

    > Checking for rejected mail hosts:
    > Checking for denied zone transfers (AXFR and IXFR):
    > Tidying Exim hints databases:
    > Usage: exim_tidydb [-t <time>] <spool-directory> <database-name>
    > <database-name> = retry | misc | wait-<transport-name> | callout
    > Checking for rejected mail:

    These checks tell about mail due to attempted open relay searches and
    such except for teh Tidying. That is a little problem in that the
    Tidying of the Exim hints databases is likely not actually occurring.
    It appears that the script that is generating this has the wrong
    command for updating the database. Perhaps your exim isn't configured
    quite proper?

    >
    > ********
    > *second*
    > ********
    > ubject: security run output
    > Status: O
    > Content-Length: 534
    > Lines: 22

    The length and status of the security run output. Length sould
    reflect the contents of this message.

    > Checking setuid files and devices:
    > Checking for uids of 0:
    > root 0
    > toor 0

    A list of the people of have uid 0: root powers

    > Checking for passwordless accounts:
    > trial::1000:1000::0:0:Unknow:/home/trial:/bin/tcsh

    This tells you that trial has no password. Accounts that can login
    should have passwords.

    > kernel log messages:
    > > CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2399.94-MHz 686-class CPU)

    This is what got put in your systemlog recently. (Seems there should
    be more than what is here, perhaps you <snip>ed?)

    > login failures:
    > Nov 27 02:00:33 login: 1 LOGIN FAILURE ON ttyv1
    > Nov 27 02:00:33 login: 1 LOGIN FAILURE ON ttyv1, alec
    > Nov 27 16:59:47 login: 1 LOGIN FAILURE ON ttyv0
    > Nov 27 16:59:47 login: 1 LOGIN FAILURE ON ttyv0, root
    > refused connections:
    >

    Well, the login failures sectoin means (almost assuredly) that you
    mistyped passwords or in some other way attempted to login improperly.
     Everyone does it. The local ones (ttyv0 - ttyv7) aren't a security
    hazard in most situations. Attempted brute force attacks show up here
    (generally by lots of root attempts from one or a small number of
    ips).

    >
    > Thanks.
    >
    No problem. Hope I helped. 

    -- 
If I write a signature, my emails will appear more personalised.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Yannack: "Re: Multiple NICs"

    Relevant Pages

    • Re: Security controls in a web application
      ... I do not recall ever seeing a checklist of security procedures but I can tell you that one way that works well is to think like an attacker. ... -> Can I try to login using the same ip without getting banned etc... ... 3.What are default usernames and passwords -> Is it the users first name and the fist letter of his last AKA jamesm or the opposite? ... I'm afraid that my web app is lacking of many security controls. ...
      (microsoft.public.security)
    • Re: Change Password
      ... passwords without needing to implement any security changes. ... public has execute permissions on this system ... login id that can allow a user to change their own password. ...
      (microsoft.public.sqlserver.security)
    • Re: Is my system secure? What else should I do?
      ... > onto other partitions, have them automatically mounted read-only at ... As with any security, it must be a balance between secure and useability. ... and /sbin to remain on the root partition to be used on boot up and you ... If you have no requirement to login to your system from a remote ...
      (comp.os.linux.security)
    • Re: Change Password
      ... When you mean the Public role are you referring to the Public role in my ... passwords without needing to implement any security changes. ... login id that can allow a user to change their own password. ...
      (microsoft.public.sqlserver.security)
    • RFX NETWORKS ALERT
      ... below was posted to some security websites. ... | in security and scalable server management on varying levels. ... Got Root? ... Your Server login ID is: ...
      (alt.linux)