From owner-freebsd-security  Tue Jan 11 12:19:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id ED36C14C31
	for <security@freebsd.org>; Tue, 11 Jan 2000 12:19:19 -0800 (PST)
	(envelope-from adam@algroup.co.uk)
Received: from algroup.co.uk ([192.168.57.1]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id UAA10428 for <security@freebsd.org>; Tue, 11 Jan 2000 20:19:12 GMT
Message-ID: <387B9043.62415CF3@algroup.co.uk>
Date: Tue, 11 Jan 2000 20:19:15 +0000
From: Adam Laurie <adam@algroup.co.uk>
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: security@freebsd.org
Subject: console disappears after reboot
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

I realise this is slightly off topic, but as the situation arises due to
a security procedure, I hope someone else here as already seen similar
problems...

I am working at a facility that has a locked server room with an annexe
just outside where you can access the servers without being in the
cold/noise. For security reasons, the vga/keyboard switch that feeds the
annexe is switched off when there's no-one there. This setup has worked
fine for a number of years. However, we are now installing some new
servers and we've found that if they get rebooted when the switch is
off, the console gets changed to a serial device. This means we've lost
the machine(s) until we log in remotely and reboot again. Not good. 

It seems that FreeBSD 3.1+ scans for a console, and if it can't find kb
/ vga it switches to serial. The old machines all work fine as they are
3.0 or less.

I know I can set the console device in /boot/loader.conf, but this leads
to other problems (possibly a bug here): on some machines we get a
"/boot/loader not found - Disk error 0x1", and we suspect that this is
to do with the boot partition not being constrained to the first 1024
cylinders.

Anyway, to cut a long story short, I would prefer to simply do something
in /etc/rc.local to force the console back to local kb/vga, or disable
the serial console in the kernel itself... so my question is: what? Is
there such a command/setting?

cheers,
Adam 
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message