From zonker@jeffk.com Sat Sep 14 13:23:55 2002 Received: from jeffk.com (client13.fre.communitycolo.net [216.218.240.162]) by underdog.stansell.org (8.12.4/8.12.4) with ESMTP id g8EKNsRc008104 for ; Sat, 14 Sep 2002 13:23:55 -0700 (PDT) Received: (from zonker@localhost) by jeffk.com (8.12.4/8.12.4) id g8EKNo91019945 for users@conserver.com; Sat, 14 Sep 2002 13:23:50 -0700 Date: Sat, 14 Sep 2002 13:23:50 -0700 From: "David K. Z. Harris" To: users@conserver.com Subject: Call for real-world site examples... Message-ID: <20020914132350.A19517@jeffk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Hi all, I'm wrapping up my slides for two half-day tutorials for LISA this year (http://www.usenix.org/events/lisa2002/), and I'll be discussing some interesting deployments of Conserver. While I have three strong examples to discuss, I'm looking for a few more sites to discuss as well. Can I discuss yours? I'm looking for some of the folks stretching the boundries a bit; - large sites (a few thousand consoles, and/or distributed mode) - critical sites (where Conserver is being used to help support and operate imporatant devices, like core servers for the phone or power companies...) - integration to other tools to monitor log files. (which tools? Was it out-of-the-box, or in-house custom code to tie the monitor to the logs. how successful has the integration been?) - sensitive sites, where you've deployed with security in mind, and how you deployed it (without breaching non-disclosure issues...) - how you sold your company to fund your deployment... I'm happy to keep your name (or campany name) out of the class, but I'm looking for some more real-world examples to discuss. (Of course, if it's OK to mention you, or your site names, I'm always happy to give proper credit for my sources. :-) Please email me this week if you want your [company] name on the slides. You can also follow-up with me later, but I won't be able to get them in the tutorial handouts or on the CD-ROM. Thanks for your consideration. -Z- From fparki@acxiom.co.uk Tue Sep 17 09:10:35 2002 Received: from aerynsun.acxiom.com (aerynsun.acxiom.com [65.64.17.121]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8HGAXSx023803 for ; Tue, 17 Sep 2002 09:10:35 -0700 (PDT) Received: from relay.conway.acxiom.com (unverified) by aerynsun.acxiom.com (Content Technologies SMTPRS 4.2.10) with ESMTP id for ; Tue, 17 Sep 2002 11:10:25 -0500 Received: from srvlon20.uk.acxiom.com (unverified) by relay.conway.acxiom.com (Content Technologies SMTPRS 4.2.10) with ESMTP id for ; Tue, 17 Sep 2002 11:10:22 -0500 Received: by srvlon20.uk.acxiom.com with Internet Mail Service (5.5.2653.19) id <31Z0C4S2>; Tue, 17 Sep 2002 17:05:10 +0100 Message-ID: From: Parkin Frank - fparki To: "'users@conserver.com'" Subject: TRU64 question Date: Tue, 17 Sep 2002 17:11:44 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: We have several TRU64 servers whose console serial cables are connected to a DEC 900 terminal server. We currently use TECSys Consoleworks for remote administration but we are looking for an alternative. I have set-up one console. When I try to connect I get the following message: ./console bfm console: bfm is down [Enter `^Ec?' for help] [read-only -- use ^E c ? for help] The console log (nohup) reports only the following ... conserver (75809): bfm: login root@mersey [Tue Sep 17 16:49:08 2002] conserver (75809): bfm: logout root@mersey [Tue Sep 17 16:54:43 2002] conserver.cf reads ... LOGDIR=/var/consoles bfm:!10.92.54.13:2022:&: %% trusted: mersey conserver.passwd reads ... any:*passwd*:any /etc/services reads ... console 782/tcp conserver Output from from conserver -V ... conserver: conserver.com version 7.2.2 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: configuration in `/usr/local/etc/conserver.cf' conserver: password in `/usr/local/etc/conserver.passwd' conserver: logfile is `/var/log/conserver' conserver: pidfile is `/var/run/conserver.pid' conserver: limited to 16 members per group conserver: on port 782 (referenced as `conserver') conserver: secondary channel base port 0 (referenced as `0') conserver: built with `./configure --with-64bit --with-master=mersey' DEC server 900 config is as follows ... Local> DEFINE PORT 5 ACCESS REMOTE AUTOBAUD DISABLED Local> DEFINE PORT 5 SPEED 9600 MODEM CONTROL ENABLED Local> DEFINE PORT 5 AUTOPROMPT DISABLED BROADCAST DISABLED Local> DEFINE PORT 5 PREFERRED NONE DEDICATED NONE Local> LOGOUT PORT 5 Local> CHANGE TELNET LISTENER 2005 PORT 5 ENABLED Local> CHANGE TELNET LISTENER 2005 CONNECTIONS ENABLED Can anyone point me in the right direction? The DEC 900 settings work fine with Consoleworks therefore I am assuming that this a conserver set-up problem. Thanks Frank ********************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. From bryan@conserver.com Tue Sep 17 10:57:52 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8HHvoSx024732 for ; Tue, 17 Sep 2002 10:57:52 -0700 (PDT) Received: (from nobody@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8HHvoWk024731 for users@conserver.com; Tue, 17 Sep 2002 10:57:50 -0700 (PDT) X-Authentication-Warning: underdog.stansell.org: nobody set sender to bryan@conserver.com using -f To: "'users@conserver.com'" Subject: Re: TRU64 question Message-ID: <1032285470.3d876d1e81249@www.stansell.org> Date: Tue, 17 Sep 2002 10:57:50 -0700 (PDT) From: bryan@conserver.com References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.8 X-Originating-IP: 207.61.230.184 Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: well, i have two suggestions for you. first, with things shut down, can you successfully do a 'telnet 10.92.54.13 2022' and get connected to the serial port? if so, then things *should* be good. if not, either consoleworks is still managing the port, or there's another problem. if the telnet works and cranking up conserver shows the port as down, then try running conserver with the -v option for a little more info. it should (ideally, it should have said something without the -v) say something about why the port is still down - like a connection refused or something of that nature. if the -v doesn't enlighten things, try adding a -D as well. try a connection (that results in a down message), and send me the entire log. i might be able to tell you what's going on, if it doesn't jump out at you. Bryan From fparki@acxiom.co.uk Wed Sep 18 01:30:11 2002 Received: from crichton.acxiom.com (crichton.acxiom.com [65.64.17.120]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8I8UBSx004553; Wed, 18 Sep 2002 01:30:11 -0700 (PDT) Received: from relay2.conway.acxiom.com (unverified) by crichton.acxiom.com (Content Technologies SMTPRS 4.2.10) with ESMTP id ; Wed, 18 Sep 2002 03:30:05 -0500 Received: from srvlon20.uk.acxiom.com (unverified) by relay2.conway.acxiom.com (Content Technologies SMTPRS 4.2.10) with ESMTP id ; Wed, 18 Sep 2002 03:30:04 -0500 Received: by srvlon20.uk.acxiom.com with Internet Mail Service (5.5.2653.19) id <31Z0C46N>; Wed, 18 Sep 2002 09:24:52 +0100 Message-ID: From: Parkin Frank - fparki To: "'bryan@conserver.com'" , "'users@conserver.com'" Subject: RE: TRU64 question Date: Wed, 18 Sep 2002 09:31:25 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Thank you for the quick response. You were "spot-on" ... Consoleworks was managing the port. As soon as we deleted the entry in Consoleworks ... conserver was able to do its stuff. A couple of questions ... 1. All client/server traffic (including root and user passwords) is passed ``in the clear''. Extreme care should be taken to insure no one is ``snooping'' this private data. One day the traffic will be encrypted. Has anyone got any suggestions to harden the security of conserver? 2. Also, once connected to a console, how do you exit back to your original Telnet session ... tried ctrl+c ... ctrl+d? Many thanks Frank -----Original Message----- From: bryan@conserver.com [mailto:bryan@conserver.com] Sent: 17 September 2002 18:58 To: 'users@conserver.com' Subject: Re: TRU64 question well, i have two suggestions for you. first, with things shut down, can you successfully do a 'telnet 10.92.54.13 2022' and get connected to the serial port? if so, then things *should* be good. if not, either consoleworks is still managing the port, or there's another problem. if the telnet works and cranking up conserver shows the port as down, then try running conserver with the -v option for a little more info. it should (ideally, it should have said something without the -v) say something about why the port is still down - like a connection refused or something of that nature. if the -v doesn't enlighten things, try adding a -D as well. try a connection (that results in a down message), and send me the entire log. i might be able to tell you what's going on, if it doesn't jump out at you. Bryan _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users ********************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. From bryan@stansell.org Wed Sep 18 20:00:26 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8J30PSx014856 for ; Wed, 18 Sep 2002 20:00:26 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8J30Plk014855 for users@conserver.com; Wed, 18 Sep 2002 20:00:25 -0700 (PDT) Date: Wed, 18 Sep 2002 20:00:25 -0700 From: Bryan Stansell To: "'users@conserver.com'" Subject: Re: TRU64 question Message-ID: <20020919030025.GH11659@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: On Wed, Sep 18, 2002 at 09:31:25AM +0100, Parkin Frank - fparki wrote: > A couple of questions ... > > 1. All client/server traffic (including root and user passwords) is > passed > ``in the clear''. Extreme care should be taken to insure no > one is > ``snooping'' this private data. One day the traffic will be > encrypted. > > Has anyone got any suggestions to harden the security of conserver? i've mentioned a couple ideas on the users mailing list. you can do a search on the main page to find stuff. dedicated, protected, networks are your best bet at the moment, i believe. > 2. Also, once connected to a console, how do you exit back to your > original Telnet session ... tried ctrl+c ... ctrl+d? 'ctrl-e', 'c', '.' is the default sequence. the console.man page should fill in all the details about what a client can do - everything is accessed via 'ctrl-e', 'c' by default. Bryan From czwanzig@panasas.com Wed Sep 18 20:57:30 2002 Received: from PIKES.panasas.com (gw2.panasas.com [65.194.124.178]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8J3vTSx015334; Wed, 18 Sep 2002 20:57:30 -0700 (PDT) Received: from panasas.com ([172.17.132.187]) by PIKES.panasas.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id RYSG750Q; Wed, 18 Sep 2002 23:57:23 -0400 Message-ID: <3D894B21.E7E93F91@panasas.com> Date: Wed, 18 Sep 2002 20:57:21 -0700 From: Carl Zwanzig X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Bryan Stansell CC: "'users@conserver.com'" Subject: Re: TRU64 question References: <20020919030025.GH11659@underdog.stansell.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Bryan Stansell wrote: > On Wed, Sep 18, 2002 at 09:31:25AM +0100, Parkin Frank - fparki wrote: > > Has anyone got any suggestions to harden the security of conserver? > i've mentioned a couple ideas on the users mailing list. you can do a > search on the main page to find stuff. dedicated, protected, networks > are your best bet at the moment, i believe. FWIW, the large show network at Networld+Interop (remember that?) always included a unrouted (flat) network to connect all of the terminals servers & device management ports. You could only get to it from the NOC network via NOC routers (aggressively filtered). We would also sometimes play games with not setting default routes on some equipment to keep them from talking to unknown sources. z! Carl Zwanzig From woods@proven.weird.com Sun Sep 22 09:26:13 2002 Received: from most.weird.com (IDENT:sQ30eD/h8PUNj5szgYewbYx4KW8gtsA8T0fCO2cLFto8Ctk2OOhUk7U5WA11/OZsnlC5vA8ISZ4@most.weird.com [204.92.254.2]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8MGQCSx014133 for ; Sun, 22 Sep 2002 09:26:13 -0700 (PDT) Received: from proven.weird.com([204.92.254.15]) (3637 bytes) by most.weird.com via smail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) (ident <[euwnAcw2xRmkIahSprouVY69JO9o5EMz6YY1dg1LS0otEsEqKi3HcbMEJqtYmicPXEtqIuqD2M+e/HWRuS2t3Q==]> using rfc1413) id for ; Sun, 22 Sep 2002 12:26:10 -0400 (EDT) (Smail-3.2.0.115-Pre 2001-Aug-6 #1 built 2002-Sep-17) Received: by proven.weird.com (Postfix, from userid 1000) id 611CCA; Sun, 22 Sep 2002 12:26:09 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Face: ;j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz;@-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= References: <20020607121551.GA74819@totem.fix.no> <20020607160229.9C22FAC@proven.weird.com> <20020607085331.K18566@jeffk.com> <20020607104025.G10610@underdog.stansell.org> X-Mailer: VM 7.07 under Emacs 21.2.1 Reply-To: users@conserver.com (ConServer Users Mailing List) Organization: Planix, Inc.; Toronto, Ontario; Canada Message-Id: <20020922162609.611CCA@proven.weird.com> Date: Sun, 22 Sep 2002 12:26:09 -0400 (EDT) Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: [ On Friday, June 7, 2002 at 10:40:25 (-0700), Bryan Stansell wrote: ] > Subject: consoles and memory leaks (was Re: How many consoles?) > > On Fri, Jun 07, 2002 at 12:02:29PM -0400, Greg A. Woods wrote: > > That said, as you can see above there's still a very serious memory > > leak somewhere, and that'll drastically affect scalability in any > > production system.... The second conserver process is allocating an > > additional 1.2KB or so with every client connection (I have a cron job > > that makes console client connections to collect data from my three UPS > > units once every minute). > > hmmm...i just did a test with 7.2.2 (and i don't know why it would be > different with 7.2.1) by having conserver manage five consoles. i then > did: > > i=1; while true; do (echo "echo $1"; sleep 1) | \ > ~/./conserver/playpen/conserver-7.2.2/console/console bash; \ > i=$((i + 1)); done > > it's currently spewing: > > underdog (root) 288:# [Enter `^Ec?' for help] > echo 287 > 287 > underdog (root) 289:# > > and still going. the memory size hasn't grown at all (using both pmap > and ps to check sizes - solaris here). i also have a redhat 7.3 system > running the same test - just started it up. it's up to 109 connections > and there hasn't been a change in memory usage, according to ps. Well I've finally upgraded to 7.2.2 and re-integrated my 'chat' patches, but I'm still seeing the memory leak on my good old NetBSD-1.3.2 server. After re-jigging the debug output in many places, and keeping much more careful track of when file descriptors are created and closed, I've finally narrowed it down to somewhere in the massive Kiddie() function (or something it calls) in the "MAIN" while(1) loop. It looks like its closer to an ~2KB increase for every client connection. I can't see any obvious problems yet though. it looks like all the file descriptors are getting closed properly and so on. All the new chat code is quiescent during this time too. I'm going to link against libefence and/or libvmalloc and see if I can't pin it down.... -- Greg A. Woods +1 416 218-0098; ; Planix, Inc. ; VE3TCP; Secrets of the Weird From cfowler@outpostsentinel.com Mon Sep 23 06:07:36 2002 Received: from skylab.outpostsentinel.com (dsl-64-129-133-253.telocity.com [64.129.133.253]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8ND7ZKW027111 for ; Mon, 23 Sep 2002 06:07:36 -0700 (PDT) Received: from [192.168.2.8] ([192.168.2.8]) by skylab.outpostsentinel.com (8.11.6/8.11.6) with ESMTP id g8ND7Fk09287 for ; Mon, 23 Sep 2002 09:07:19 -0400 Subject: Re: consoles, client, and memory leaks From: cfowler To: ConServer Users Mailing List In-Reply-To: <20020922162609.611CCA@proven.weird.com> References: <20020607121551.GA74819@totem.fix.no> <20020607160229.9C22FAC@proven.weird.com> <20020607085331.K18566@jeffk.com> <20020607104025.G10610@underdog.stansell.org> <20020922162609.611CCA@proven.weird.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 (1.0.3-6) Date: 23 Sep 2002 09:08:23 -0400 Message-Id: <1032786507.16061.8.camel@cfowler.outpostsentinel.com> Mime-Version: 1.0 Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: I'm slaming my server with conserver connections to test this problem. I'm not seeing anything but I am using a heavily modified version of 7.2.2. I'm doing my test on Linux 2.4.18. Maybe something in the NetBSD build. Make sure all malloc()'s have a free(). On Sun, 2002-09-22 at 12:26, Greg A. Woods wrote: > [ On Friday, June 7, 2002 at 10:40:25 (-0700), Bryan Stansell wrote: ] > > Subject: consoles and memory leaks (was Re: How many consoles?) > > > > On Fri, Jun 07, 2002 at 12:02:29PM -0400, Greg A. Woods wrote: > > > That said, as you can see above there's still a very serious memory > > > leak somewhere, and that'll drastically affect scalability in any > > > production system.... The second conserver process is allocating an > > > additional 1.2KB or so with every client connection (I have a cron job > > > that makes console client connections to collect data from my three UPS > > > units once every minute). > > > > hmmm...i just did a test with 7.2.2 (and i don't know why it would be > > different with 7.2.1) by having conserver manage five consoles. i then > > did: > > > > i=1; while true; do (echo "echo $1"; sleep 1) | \ > > ~/./conserver/playpen/conserver-7.2.2/console/console bash; \ > > i=$((i + 1)); done > > > > it's currently spewing: > > > > underdog (root) 288:# [Enter `^Ec?' for help] > > echo 287 > > 287 > > underdog (root) 289:# > > > > and still going. the memory size hasn't grown at all (using both pmap > > and ps to check sizes - solaris here). i also have a redhat 7.3 system > > running the same test - just started it up. it's up to 109 connections > > and there hasn't been a change in memory usage, according to ps. > > Well I've finally upgraded to 7.2.2 and re-integrated my 'chat' patches, > but I'm still seeing the memory leak on my good old NetBSD-1.3.2 server. > > After re-jigging the debug output in many places, and keeping much more > careful track of when file descriptors are created and closed, I've > finally narrowed it down to somewhere in the massive Kiddie() function > (or something it calls) in the "MAIN" while(1) loop. It looks like its > closer to an ~2KB increase for every client connection. I can't see any > obvious problems yet though. it looks like all the file descriptors are > getting closed properly and so on. All the new chat code is quiescent > during this time too. > > I'm going to link against libefence and/or libvmalloc and see if I can't > pin it down.... > > -- > Greg A. Woods > > +1 416 218-0098; ; > Planix, Inc. ; VE3TCP; Secrets of the Weird > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > > > From bryan@stansell.org Mon Sep 23 15:05:46 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8NM5kKW002489; Mon, 23 Sep 2002 15:05:46 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8NM5k8k002488; Mon, 23 Sep 2002 15:05:46 -0700 (PDT) Date: Mon, 23 Sep 2002 15:05:45 -0700 From: Bryan Stansell To: announce@conserver.com, users@conserver.com Subject: conserver 7.2.3 and LISA 2002 Message-ID: <20020923220545.GA26964@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: First, I'd like to say there are quite an array of changes going into 7.2.3. Bug fixes (like the fixes for duplicate console names and bad conditionals in the code) and new features (PAM support [basic tests done on Solaris 8 and RedHat Linux 7.2] and the new -F option) are exciting to me. I hope folks enjoy the new version. As always, if you find problems, please let me know. Second, I wanted folks to know that I'm planning on being at the LISA conference this year (Nov 3-8, http://www.usenix.org/events/lisa02/). Well, one part, anyway. Specifically, there are plans of having a conserver BOF (like two years ago), and I'm planning on being there (a lot of great things came out of the BOF and went into the code last time). If you're either going to the conference or just in the neighborhood (Philadelphia), it would be a blast to see you there! I'll be more than happy to talk about conserver or my current occupation of traveling full-time out of a backpack (tips on places to visit throughout the world greatly appreciated - and if you have pictures, even better). I'll give you one guess as to why I'm not attending the rest of the conference. ;-) As always, to wrap up, here's the complete list of changes... version 7.2.3 (Sep 23, 2002): - checking for duplicate console names got lost in the major 7.2.0 rewrite of that code. it's back now, with a couple of other edge-case fixes i noticed while scanning the code - reported by Dave Stuit - added --with-pam and PAM authentication support - suggested by Stu May - added -F server option to prevent automatic reinitialization of failed consoles ('|' syntax consoles which exit with a zero status are still reinitialized) - requested by William P LePera and Malcolm Gibbs - successful automatic reinitialization of consoles now attaches a client that wants read-write mode - added read-only client wish to become read-write in -i output - moved to autoconf-2.54 and fixed some small configure.in bugs Many thanks to John R. Jackson for the following fixes, cleanups, and enhancements... - "lost timestamps" bug (SIGALRM/sleep()/usleep()/tcp_wrapper interaction) - compiler warnings, bad fileOpenFD tests, and ability to use a colon after an equal in the config file (LOGDIR=C:\Logs) - autologin fix for Solaris BSM support Bryan Stansell From abuse@directhit.com Tue Sep 24 10:15:32 2002 Received: from odyssey.int.directhit.com (ghost.directhit.com [65.214.38.10]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8OHFVKW013931 for ; Tue, 24 Sep 2002 10:15:32 -0700 (PDT) Received: from directhit.com (localhost.localdomain [127.0.0.1]) by odyssey.int.directhit.com (8.11.6/8.11.6) with ESMTP id g8OHFPQ24322 for ; Tue, 24 Sep 2002 13:15:26 -0400 Message-ID: <3D909CA6.9080405@directhit.com> Date: Tue, 24 Sep 2002 13:11:02 -0400 From: Bruce Pennypacker User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606 X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@conserver.com Subject: Sending F1, F2, etc. Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Hi all, We have three RedHat 7.2 servers with Cyclades Z series serial cards and running conserver 7.2.2 to manage about 100 servers. Everything has been going great with the setup but I'm now running into a stumbling block. Some of our servers are standard PC based systems and I need to be able to hit F1, F2, etc. during bootup to get into the BIOS settings or to bypass various warnings. According to the information at http://www.jimprice.com/jim-asc.htm the keyboard code for F1 is a combination of decimal 00 and 59. I tried adding BREAK1=\000\073 to my conserver.cf but when I issue the break the server doesn't recognize it. So what am I doing wrong? How do I go about getting conserver to issue an F1 or other similar keystroke? Thanks, Bruce From lepera@us.ibm.com Tue Sep 24 11:00:57 2002 Received: from e6.ny.us.ibm.com (e6.ny.us.ibm.com [32.97.182.106]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8OI0uKW014274 for ; Tue, 24 Sep 2002 11:00:56 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e6.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g8OI0oGb236360 for ; Tue, 24 Sep 2002 14:00:50 -0400 Received: from d01ml251.pok.ibm.com (d01ml251.pok.ibm.com [9.56.224.79]) by northrelay02.pok.ibm.com (8.12.3/NCO/VER6.4) with ESMTP id g8OI0mLK073362 for ; Tue, 24 Sep 2002 14:00:48 -0400 Subject: Re: Sending F1, F2, etc. To: users@conserver.com X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: From: "William P LePera" Date: Tue, 24 Sep 2002 14:00:41 -0400 X-MIMETrack: Serialize by Router on D01ML251/01/M/IBM(Release 5.0.10 |March 22, 2002) at 09/24/2002 02:00:48 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: I don't think you have to make any changes to the conserver configuration. Do you see the POST/BIOS screens on your serial console, and cannot interrupt them? Some PC servers that support serial console redirection also support a specific emulation. Try sending the standard VT100 escape sequences for the keys and see if that works. F1 = ESC O P, F2 = ESC O Q. You can specify the key translations in a -xrm option of the xterm command, and probably other ways too. If you don't even see the POST/BIOS screens, your server may not support the serial console redirection. Check your server docs, or your vendor's website for a BIOS update that implements this feature. Bill LePera IBM Server Group Poughkeepsie, NY Bruce Pennypacker cc: Sent by: Subject: Sending F1, F2, etc. users-admin@conse rver.com 09/24/2002 01:11 PM Hi all, We have three RedHat 7.2 servers with Cyclades Z series serial cards and running conserver 7.2.2 to manage about 100 servers. Everything has been going great with the setup but I'm now running into a stumbling block. Some of our servers are standard PC based systems and I need to be able to hit F1, F2, etc. during bootup to get into the BIOS settings or to bypass various warnings. According to the information at http://www.jimprice.com/jim-asc.htm the keyboard code for F1 is a combination of decimal 00 and 59. I tried adding BREAK1=\000\073 to my conserver.cf but when I issue the break the server doesn't recognize it. So what am I doing wrong? How do I go about getting conserver to issue an F1 or other similar keystroke? Thanks, Bruce _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users From bryan@conserver.com Wed Sep 25 20:30:00 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8Q3U0KW002925 for ; Wed, 25 Sep 2002 20:30:00 -0700 (PDT) Received: (from www@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8Q3U0G3002924 for users@conserver.com; Wed, 25 Sep 2002 20:30:00 -0700 (PDT) To: users@conserver.com Subject: ssl for conserver client/server communications Message-ID: <1033011000.3d927f381f156@www.stansell.org> Date: Wed, 25 Sep 2002 20:30:00 -0700 (PDT) From: bryan@conserver.com MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.8 X-Originating-IP: 65.48.110.149 Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: well folks, i've been reading the new o'reilly openssl book and trying to get my head around what it would take to incorporate openssl into the client/server code. looks relatively easy on the surface, but then i started to look at the details. because the code is using non-blocking sockets and ssl connections can be renegotiated (i'm not 100% sure if the app *has* to initiate it or if it really can happen after a certain amount of data transfer, so that keys change) many things need to change inside the main select() loop. why am i saying this? well, two reasons. first, i wanted folks to know that i'm actively working on encrypting the data between the client and server. i have a need to learn something new - openssl is it (and by no means am i going to call myself an expert once this is over, just more knowlegable than before). second, i'm looking for pointers or help regarding openssl from any experts that might be out there. maybe it could be a code review or maybe just a list of dos and don'ts. basically, if you're familiar with the openssl api and have time, i'd love to know you exist (like the whole renegotiation thing - since we're in control of the client and server, can i just ignore it since i'm not asking for one and not have to rewrite major chunks of code?). with that, i'll leave you all. i'm going to go dig more into that whole renegotiation thing, maybe the answer is in a man page. either way i'll probably just ignore it for now and cause the code to die a horrible death if it's happening. at least i'll be making progress and i can redo the ugly stuff later. again, i'd love to hear from anyone with more knowledge than the o'reilly book. ;-) Bryan From jrj@gandalf.cc.purdue.edu Fri Sep 27 11:48:48 2002 Received: from gandalf.cc.purdue.edu (IDENT:root@gandalf.cc.purdue.edu [128.210.135.25]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8RImmKW025918; Fri, 27 Sep 2002 11:48:48 -0700 (PDT) Received: from gandalf.cc.purdue.edu (IDENT:jrj@localhost [127.0.0.1]) by gandalf.cc.purdue.edu (8.12.5/8.12.5) with ESMTP id g8RImlv8013975; Fri, 27 Sep 2002 13:48:47 -0500 (EST) Message-Id: <200209271848.g8RImlv8013975@gandalf.cc.purdue.edu> To: bryan@conserver.com cc: users@conserver.com Subject: Re: ssl for conserver client/server communications In-reply-to: Your message of "Wed, 25 Sep 2002 20:30:00 MST." <1033011000.3d927f381f156@www.stansell.org> Reply-to: jrj@purdue.edu Date: Fri, 27 Sep 2002 13:48:46 -0500 From: "John R. Jackson" Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: >well folks, i've been reading the new o'reilly openssl book and trying to get >my head around what it would take to incorporate openssl into the client/server >code. ... When we went through a major console server upgrade a few months ago I was interested in doing this as well. However the work involved exceeded my time, so I came up with an alternative that uses normal ssh to access our server. I threatened to write this all up several months ago :-), but your letter prompted me to actually do it. See: ftp://gandalf.cc.purdue.edu/pub/conserver/README.ssh Note: I am by no stretch of the imagination a security person. If anyone sees anything wrong with what I've done, please sing out. Also, I've haven't done a lot of review of the README, and haven't even looked at the code in a while. Comments are welcome, but please be kind :-). >Bryan John R. Jackson, Technical Software Specialist, jrj@purdue.edu From bryan@stansell.org Fri Sep 27 12:25:31 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8RJPVKW009028 for ; Fri, 27 Sep 2002 12:25:31 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8RJPVLK009027 for users@conserver.com; Fri, 27 Sep 2002 12:25:31 -0700 (PDT) Date: Fri, 27 Sep 2002 12:25:31 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: ssl for conserver client/server communications Message-ID: <20020927192531.GA25779@underdog.stansell.org> References: <1033011000.3d927f381f156@www.stansell.org> <200209271848.g8RImlv8013975@gandalf.cc.purdue.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200209271848.g8RImlv8013975@gandalf.cc.purdue.edu> User-Agent: Mutt/1.4i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: On Fri, Sep 27, 2002 at 01:48:46PM -0500, John R. Jackson wrote: > I threatened to write this all up several months ago :-), but your > letter prompted me to actually do it. See: > > ftp://gandalf.cc.purdue.edu/pub/conserver/README.ssh > > Note: I am by no stretch of the imagination a security person. If anyone > sees anything wrong with what I've done, please sing out. this is so very cool! i hope others out there can benefit from it. i didn't look at it closely, but what i saw was very helpful. i figured i'd also take this opportunity to tell folks that i am making progress in the ssl realm. the server code is in and a "proof-of-concept" of sorts of the client code is working - unfortunately, the client code has to be adjusted more than i realized so it too can take advantage of encryption. i also want to warn folks that i'm not putting in any certificate exchange/validation (which would require folks to build certs for the server) into the code (yet). this exposes (according to the book) the app to man-in-the-middle attacks (and maybe other types of attacks that i don't remember, but i don't think so). i'm planning on adding certs as an optional step, but the first round of code (call it alpha or beta or whatever) will leave it out. i'd just like to see an encrypted (however nonauthenticated) session - and figured that would make a lot of other folks happy as well. i'll make patches available as soon as i get to a stable point and find an internet cafe that lets me attach my laptop so i can upload them. ;-) Bryan From bryan@stansell.org Sun Sep 29 15:32:06 2002 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.6/8.12.6) with ESMTP id g8TMW5KW014165; Sun, 29 Sep 2002 15:32:06 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.6/8.12.6/Submit) id g8TMW5So014164; Sun, 29 Sep 2002 15:32:05 -0700 (PDT) Date: Sun, 29 Sep 2002 15:32:05 -0700 From: Bryan Stansell To: users@conserver.com, announce@conserver.com Subject: alpha OpenSSL patches available Message-ID: <20020929223205.GA8576@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: I've made the first round of OpenSSL patches (that is, support for OpenSSL within conserver) available. You can find them at ftp://ftp.conserver.com/conserver/openssl-patches/ or http://www.conserver.com/openssl-patches/ in the file 7.2.3-to-7.2.4-alpha1.patch. I want to warn folks again that's it's a very basic implementation of the SSL bits. There is no certificate exchange, and there are more than likely many ways to make the code crash (both client and server). But, I have successfully make the new code do it's thing (encrypted connections) as well as talk to the old code (7.2.3) non-encrypted. It's surprisingly functional, but I can't guarantee you won't make it choke immediately or that it won't leak memory like a sieve. With the first level of functionality there, I'll be looking into these types of things next. But, I wanted it available so that interested folks could look and play and hopefully point out all the bad things I did (or didn't do) with the OpenSSL API. Here's the CHANGES file additions, to show what I've got... version 7.2.4 (): - added --with-openssl for client/server encryption - added -E option to client and server to allow for non-encrypted connections (encryption is the default if compiled in) - expanded -V output to show what optional bits actually got compiled into the code (libwrap, regex, etc) Bryan Stansell