Date: Fri, 22 May 1998 19:14:22 -0500 From: "J.A. Terranson" <sysadmin@mfn.org> To: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Notes on serial consoles. Message-ID: <01BD85B5.D4461760@w3svcs.mfn.org>
next in thread | raw e-mail | index | archive | help
Just for those of us who have recently been involved in this issue, a couple of quick notes: (1) After actually running with a serial console, you can disable root from loggin in on the console (we have done this to add a layer to the physical security. Not only do they have to get to the machine with a valid login, but *then* they have to su on top of it!). Simply create a sym link from /dev/console to the serial line in use for your console, probably /dev/ttyd0. Then edit /etc/ttys: uncomment the "console" line (be sure to set the correct speed) and make sure it is "on". Now comment out the "ttyd0" line, and Whala! No direct root access! This is really nice for loggin too: you KNOW who was on the box before the "su"! (2) We took out the "options UCONSOLE" with no ill effects, but then, this machine is not/will not have *anything* to do with X. (3) We took out "pseudo-devices pty (n)" with no ill effects, but then, this machine has no business talking to anyone not on the console... (4) We enabled AUTO_EOI_1 (with no ill effects) since we are (obviously) generating a lot more IRQ overhead with our serial console. AUTO_EOI_2 made this machine choke (*ancient* motherboard!). (5) We were unable to get the GPL_MATH_EMULATE to function on this setup, even though it works on other similar (but *not* identical) setups here. For the moment I am considering them to be incompatable. (6) It is interesting to note that we *thought* we had disabled the boot prompt "opportunity" by commenting out "USERCONFIG" and "USERCONFIG_BOOT", and "VISUAL_USERCONFIG". What makes this interesting is that there is NO change in the boot behaviour that I can see! (7) Just an aside, since it may not be obvious at first glance, the "sc0" driver is *NOT* included in the make. It *CAN* be however: we did it both ways with success. Pros: you can toggle back to the hardware console via /boot.config if you have to, cons: probably a security risk if you are expecting a tty to be syscons, and, of course, the kernel space it occupies (which is minimal actually). Thanks to all from whom information was gleaned, and good luck to all who hope to use this information! J.A. Terranson sysadmin@mfn.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BD85B5.D4461760>