[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: syslog facility and conserver

Greg A. Woods woods@weird.com
Wed, 29 Nov 2006 16:14:34 -0800 (PST) 

At Mon, 20 Nov 2006 16:57:50 -0800,
Phillip Pacheco wrote:
> 
> I am about to configure Conserver 8.1.14 on Solaris.  I will be using it
> to control the ports on several Cyclades TS2000's.  Currently we are
> using conserver 7.x on FreeBSD, which I did not setup. 

I've finally recently converted to conserver-8 on my home network too.
I use some DECserver units to provide the serial ports.

In conserver-8.x the logging can be set by default for each console
port with a "default" block in the conserver.cf file:

#
# The character '&' in logfile names are substituted with the console
# name.  Any logfile name that doesn't begin with a '/' has LOGDIR
# prepended to it.  So, most consoles will just have a '&' as the logfile
# name which causes /var/consoles/<consolename> to be used.
#
default * {
        logfile /var/log/consoles/&;
        timestamp 1lab;
}

Previously in older versions that was done in the 4'th field of the
conserver.cf file, with perhaps a default LOGDIR and TIMESTAMP entry to
set some common parameters for logging.

I'll paste a copy of my whole new conserver.cf file here just for
general reference.  I had some difficulty getting the new chat feature
working so that I could have conserver automatically login to my
terminal servers, plus some of the other features were not well enough
documented for me to figure out in my haste and with my conserver-7
mindset and there weren't any good comprehensive examples easily found
with google to accomplish all of what I wanted.  (And the undocumented
conserverconvert program was pretty much useless to me.)

I must say I'm quite pleased with the new release, except for the fact
that it is WAY too anal about requiring SSL links (and maybe for the
fact it wouldn't ignore the trailing colon in my old conserver.passwd
files :-)).  I'm considering hacking the SSL code back out of it (with a
compile-time option, of course, if that's not already possible).  I
can't think of any situation where I would ever use conserver and could
ever even conceive of needing encryption within it.  It's just a
terrible waste of CPU (that I don't have enough of on some older
clients) and doesn't buy me any security whatsoever, and never can.  I
think I already have all the security I need directly at the network
layer wherever it is needed.  (And I need network layer security anyway
for the telnet connections to the terminal servers -- protecting
conserver connections is pointless if the terminal server connections
are wide open to attack.)

-- 
						Greg A. Woods

H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>       Secrets of the Weird <woods@weird.com>


# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	conserver.cf
#	conserver.chat-constantly
#	conserver.passwd
#	console.cf
#
echo x - conserver.cf
sed 's/^X//' >conserver.cf << 'END-of-conserver.cf'
X#
X#	/etc/conserver.cf - conserver(8) configuration
X#
Xconfig * {
X	setproctitle yes;
X	sslrequired no;
X}
X#
X# The character '&' in logfile names are substituted with the console
X# name.  Any logfile name that doesn't begin with a '/' has LOGDIR
X# prepended to it.  So, most consoles will just have a '&' as the logfile
X# name which causes /var/consoles/<consolename> to be used.
X#
Xdefault * {
X	logfile /var/log/consoles/&;
X	timestamp 1lab;
X}
Xdefault decserver {
X	type host;
X	#
X	# start one down from reality so that we can use the the physical port
X	# numbers in the console blocks and they will work as expected
X	#
X	portbase 1999;
X	portinc 1;
X}
Xdefault tserv {
X	include decserver;
X	host tserv.weird.com;
X	initcmd "/usr/sbin/chat -I -f /etc/conserver.chat-tserv";
X}
Xdefault constantly {
X	include decserver;
X	host constantly.weird.com;
X	initcmd "/usr/sbin/chat -I -f /etc/conserver.chat-constantly";
X}
X#
X# for the DEC AlphaServer 4x00 with remote console monitor:
X#BREAK3=^]^]rcm
X# for the DEC AlphaServer 4x00 with custom hw.cnmagic setting for DDB:
X#BREAK4=^]^]ddb
X#
Xgroup sysadmins {
X	users root,woods,andreas,peter;
X}
X#
Xconsole callerid {
X	master very.weird.com;
X	type device;
X	device remote;
X	baud 1200;
X	parity none;
X	rw woods;
X	ro sysadmins;
X}
X##
Xconsole becoming {
X	master localhost;
X	port 2;
X	include tserv;
X	rw sysadmins;
X}
Xconsole omniswitch {
X	master localhost;
X	port 3;
X	include tserv;
X	rw sysadmins;
X}
Xconsole sometimes {
X	master localhost;
X	port 4;
X	include tserv;
X	rw sysadmins;
X}
Xconsole raid-00 {
X	master localhost;
X	logfile /dev/null;
X	port 5;
X	include tserv;
X	rw sysadmins;
X}
X#raid-01:!tserv:2005:/dev/null:
Xconsole proven {
X	master localhost;
X	port 7;
X	include tserv;
X	rw sysadmins;
X}
Xconsole isit {
X	master localhost;
X	port 8;
X	include tserv;
X	rw sysadmins;
X}
X#becoming:!tserv:2008:&:
X#almost:!tserv:2009:&:
X#most:!tserv:2010:&:
Xconsole starting-out {
X	master localhost;
X	port 12;
X	include tserv;
X	rw sysadmins;
X}
Xconsole building {
X	master localhost;
X	port 13;
X	include tserv;
X	rw sysadmins;
X}
Xconsole best-3.1-0 {
X	master localhost;
X	port 14;
X	include tserv;
X	rw cricket, sysadmins;
X}
Xconsole best-3.1-1 {
X	master localhost;
X	port 15;
X	include tserv;
X	rw cricket, sysadmins;
X}
Xconsole whats {
X	master localhost;
X	port 16;
X	include tserv;
X	rw sysadmins;
X}
Xconsole always {
X	master localhost;
X	port 17;
X	include tserv;
X	rw sysadmins;
X}
Xconsole always-mgmt {
X	master localhost;
X	port 18;
X	include tserv;
X	rw sysadmins;
X}
X##
Xconsole hubly {
X	master localhost;
X	port 2;
X	include constantly;
X	rw sysadmins;
X}
X#
X#
X# list of clients we allow
X# {trusted|allowed|rejected} : machines
X#
X# machines may be an IP ddress or a domain name
X#
X# we firewall ports 2000-2064, but just to be sure....
X#
Xaccess * {
X	allowed 127.0.0.1 204.92.254.0/24;
X}
END-of-conserver.cf
echo x - conserver.chat-constantly
sed 's/^X//' >conserver.chat-constantly << 'END-of-conserver.chat-constantly'
X''	'\n'	'\043-\n-\043'	'BellSux\n'
END-of-conserver.chat-constantly
echo x - conserver.passwd
sed 's/^X//' >conserver.passwd << 'END-of-conserver.passwd'
Xroot:
Xwoods:
Xwoods-l:
Xcricket:
Xandy:*passwd*
Xandreas:*passwd*
Xpeter:*passwd*
Xgrant:*passwd*
END-of-conserver.passwd
echo x - console.cf
sed 's/^X//' >console.cf << 'END-of-console.cf'
X#
X#	/etc/console.cf - console(1) configuration
X#
Xconfig * {
X	sslenabled no;
X	sslrequired no;
X}
END-of-console.cf
exit