Date: Thu, 4 Oct 2001 15:25:41 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-audit@FreeBSD.ORG Subject: Re: dmesg.boot Gets Overwritten without Reboot Message-ID: <20011004152541.I297@blossom.cjclark.org> In-Reply-To: <xzpelojfwdk.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, Oct 04, 2001 at 02:00:23PM %2B0200 References: <20011003221310.Q8391@blossom.cjclark.org> <xzpelojfwdk.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 02:00:23PM +0200, Dag-Erling Smorgrav wrote:
> "Crist J. Clark" <cristjc@earthlink.net> writes:
> > Any comments on the patch or the concept?
>
> Is there any way you can compare the timestamp on /var/run/dmesg.boot
> with `sysctl -n kern.boottime`? This would DTRT in almost all cases
> (the exception being the case where you set the clock back before
> returning from single-user mode)
Right, but is there a more graceful way than,
# Not too bad
LASTBOOT=`sysctl -n kern.boottime | sed 's/^{ sec = \([0-9]*\), .*/\1/'`
# Gack!
LASTDMESG=`ls -lT /var/run/dmesg.boot | awk '{ print $6 " " $7 " " $8 " " $9; }'`
LASTDMESG=`date -j -f "%Ef %T %Y" "$LASTDMESG" +%s`
To get those two secs numbers to compare. I've looked for a utility
that will return the [acm]time of a file in UNIX Epoch seconds before,
but I don't think I've ever found one in the base system.
Here's the rc(8) patch,
Index: src/etc/rc
===================================================================
RCS file: /export/ncvs/src/etc/rc,v
retrieving revision 1.283
diff -u -r1.283 rc
--- src/etc/rc 2001/10/02 12:00:39 1.283
+++ src/etc/rc 2001/10/04 22:23:18
@@ -339,10 +339,28 @@
clean_var() {
if [ ! -f /var/run/clean_var ]; then
+ # We may wish to save the boot messages.
+ if [ -f /var/run/dmesg.boot ]; then
+ mv -f /var/run/dmesg.boot /tmp/dmesg.boot
+ fi
purgedir /var/run /var/spool/lock
rm -rf /var/spool/uucp/.Temp/*
- # Keep a copy of the boot messages around
- dmesg >/var/run/dmesg.boot
+ # Check if the dmesg.boot is from (younger than)
+ # the most recent reboot.
+ if [ -f /tmp/dmesg.boot ]; then
+ LASTBOOT=`sysctl -n kern.boottime | \
+ sed 's/^{ sec = \([0-9]*\), .*/\1/'`
+ LASTDMESG=`ls -lT /tmp/dmesg.boot | \
+ awk '{ print $6 " " $7 " " $8 " " $9; }'`
+ LASTDMESG=`date -j -f "%Ef %T %Y" "$LASTDMESG" +%s`
+ if [ $LASTBOOT -lt $LASTDMESG ]; then
+ mv -f /tmp/dmesg.boot /var/run/dmesg.boot
+ fi
+ rm -f /tmp/dmesg.boot
+ fi
+ if [ ! -f /var/run/dmesg.boot ]; then
+ dmesg >/var/run/dmesg.boot
+ fi
# And an initial utmp file
(cd /var/run && cp /dev/null utmp && chmod 644 utmp;)
>/var/run/clean_var
--
Crist J. Clark cjclark@alum.mit.edu
cjclark@jhu.edu
cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004152541.I297>