From owner-freebsd-security Tue Jan 11 23:37:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from mentisworks.com (valkery.mentisworks.com [207.227.89.226]) by hub.freebsd.org (Postfix) with ESMTP id 5CFFB14F72 for ; Tue, 11 Jan 2000 23:37:40 -0800 (PST) (envelope-from nathank@mentisworks.com) Received: from [24.29.246.53] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 651409; Wed, 12 Jan 2000 01:37:47 -0600 Received: from [192.168.245.111] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 2350013; Wed, 12 Jan 2000 01:37:47 -0600 Message-ID: <387C2E9B.ACEC62AD@mentisworks.com> Date: Wed, 12 Jan 2000 01:34:51 -0600 From: Nathan Kinsman Organization: Mentisworks, LLC X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Adam Laurie Cc: freebsd-security@freebsd.org Subject: Re: console disappears after reboot References: <387B9043.62415CF3@algroup.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam Laurie wrote: > > Hi, > > I realise this is slightly off topic, but as the situation arises due to > a security procedure, I hope someone else here as already seen similar > problems... > > I am working at a facility that has a locked server room with an annexe > just outside where you can access the servers without being in the > cold/noise. For security reasons, the vga/keyboard switch that feeds the > annexe is switched off when there's no-one there. This setup has worked > fine for a number of years. However, we are now installing some new > servers and we've found that if they get rebooted when the switch is > off, the console gets changed to a serial device. This means we've lost > the machine(s) until we log in remotely and reboot again. Not good. > > It seems that FreeBSD 3.1+ scans for a console, and if it can't find kb > / vga it switches to serial. The old machines all work fine as they are > 3.0 or less. > > I know I can set the console device in /boot/loader.conf, but this leads > to other problems (possibly a bug here): on some machines we get a > "/boot/loader not found - Disk error 0x1", and we suspect that this is > to do with the boot partition not being constrained to the first 1024 > cylinders. > > Anyway, to cut a long story short, I would prefer to simply do something > in /etc/rc.local to force the console back to local kb/vga, or disable > the serial console in the kernel itself... so my question is: what? Is > there such a command/setting? This is from /usr/src/sys/i386/conf/LINT: # `flags' for atkbd: # 0x01 Force detection of keyboard, else we always assume a keyboard have you tried this in your kernel config? > > cheers, > Adam > -- > Adam Laurie Tel: +44 (181) 742 0755 > A.L. Digital Ltd. Fax: +44 (181) 742 5995 > Voysey House > Barley Mow Passage http://www.aldigital.co.uk > London W4 4GB mailto:adam@algroup.co.uk > UNITED KINGDOM PGP key on keyservers > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Nathan Kinsman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message