From owner-freebsd-questions@FreeBSD.ORG Mon Aug 18 04:24:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A21B37B401 for ; Mon, 18 Aug 2003 04:24:25 -0700 (PDT) Received: from mail.bellavista.cz (mail.bellavista.cz [213.235.167.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 408024401F for ; Mon, 18 Aug 2003 04:24:24 -0700 (PDT) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by mail.bellavista.cz (Postfix) with ESMTP id CCEC128; Mon, 18 Aug 2003 13:24:21 +0200 (CEST) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id A71E52FDA01; Mon, 18 Aug 2003 13:24:21 +0200 (CEST) Date: Mon, 18 Aug 2003 13:24:21 +0200 From: Roman Neuhauser To: Kris Kennaway Message-ID: <20030818112421.GE94462@freepuppy.bellavista.cz> Mail-Followup-To: Kris Kennaway , Dan Nelson , Ralph Dratman , freebsd-questions@freebsd.org References: <20030818052132.GA70374@rot13.obsecurity.org> <20030818055019.GF2653@dan.emsphone.com> <20030818060154.GA70687@rot13.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030818060154.GA70687@rot13.obsecurity.org> User-Agent: Mutt/1.5.1i cc: Dan Nelson cc: freebsd-questions@freebsd.org cc: Ralph Dratman Subject: Re: Fragments of kernel log text in "security run" message X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Aug 2003 11:24:25 -0000 # kris@obsecurity.org / 2003-08-17 23:01:54 -0700: > On Mon, Aug 18, 2003 at 12:50:19AM -0500, Dan Nelson wrote: > > > > I get this as well on RELENG_4...I wish I knew why. Often it causes > > > syslogd to log it at LOG_EMERG priority (=spams every logged in user > > > with the truncated message). > > > > I think this happens after the kernel's message buffer starts rolling > > over. The very first line in the dmesg output sometimes gets cut in > > half, so diff prints it as a change block, and the security script > > prints the "add" portion. Maybe the check_diff function should remove > > the first line of the dmesg output before doing the diff? > > I guess I'm talking about a different problem, actually (syslogd), > although I see the truncated security script mail as well. The oldest security run mail I found this artifact in is dated Fri, 6 Sep 2002 03:01:14 +0000 (GMT): ishtar.bellavista.cz kernel log messages: > tfix/local[3952]: fatal: open database /etc/aliases.db: No such file or directory Next day's security run shows I updated the box to 4.7-PRERELEASE on Sep 7, but I don't know what version it was running till then. Hope this is of *some* help. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html