LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-30-2005, 10:04 AM   #1
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Rep: Reputation: 15
How to stop firewall logging to terminal screen


I am running a Debian system, using Firestarter as my firewall. All is working fine, except that in addittion to logging all attempts to access firewalled ports to the log file, these attempts also appear on the console screen.

It is driving me insane!! - I get halfway through typing a command, and suddenly it disappears beneath four lines of text telling me all the details of the inbound assault on port 135 from wherever!

I have looked through Firestarters firewall script, and also the config file. There doesn't seem to be anything about logging to the terminal aswell as to a log file. I wonder if it is part of some system logging feature I'm not aware of...

My question is... Is there an easy way to turn it off ??

Thanks!
 
Old 09-30-2005, 11:05 AM   #2
-X-
Member
 
Registered: Oct 2003
Location: Tx,USA
Distribution: Slackware, Red Hat, CentOS
Posts: 495

Rep: Reputation: 30
Does it show on F2?
 
Old 09-30-2005, 11:09 AM   #3
-X-
Member
 
Registered: Oct 2003
Location: Tx,USA
Distribution: Slackware, Red Hat, CentOS
Posts: 495

Rep: Reputation: 30
Also, look in /etc/syslog.conf for /dev/console. Me, I would just use F2.
 
Old 09-30-2005, 11:21 AM   #4
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Original Poster
Rep: Reputation: 15
er.... I'm a little new to this - could you elaborate on F2 ?

Thanks!
 
Old 09-30-2005, 11:27 AM   #5
-X-
Member
 
Registered: Oct 2003
Location: Tx,USA
Distribution: Slackware, Red Hat, CentOS
Posts: 495

Rep: Reputation: 30
You're in console F1 and probably have F1 - F8 to work with. Press Alt-F2 to go to console F2, etc for the others. The syslog.conf has "some" messages going to F1, so just use F2 for your work, which lets you press Alt-F1 to see messages.

Or kill the message output by changing the syslog.conf and restarting the syslog. Since you're new, just reboot. We'll go slow to get you up to speed.

Last edited by -X-; 09-30-2005 at 11:40 AM.
 
Old 09-30-2005, 11:33 AM   #6
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Original Poster
Rep: Reputation: 15
Aha! Didn't know I could do that!
Changing to F2 works fine, so I'll go with that.

Thanks!
 
Old 09-30-2005, 01:24 PM   #7
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Original Poster
Rep: Reputation: 15
No, wait - it does just the same thing!

Pages of blocked inbound attempts, on whichever tty I choose!

Where is it all coming from???

...and there doesn't seem to be any mention of /dev/console in /etc/syslog.conf
 
Old 09-30-2005, 01:53 PM   #8
-X-
Member
 
Registered: Oct 2003
Location: Tx,USA
Distribution: Slackware, Red Hat, CentOS
Posts: 495

Rep: Reputation: 30
hmmm....
Not famillar with firestart. Post your syslog.conf, maybe something's there.
 
Old 09-30-2005, 02:13 PM   #9
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
As root, run "dmesg -n 5" and add this command to /etc/rc.d/rc.local
See the manpage for the explanation.
 
Old 10-01-2005, 04:06 AM   #10
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Original Poster
Rep: Reputation: 15
Here's the contents of /etc/syslog.conf - you can see I have already edited out a few likely candidates without success.

# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log

#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#daemon.*;mail.*;\
# news.crit;news.err;news.notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole

############ BASTILLE ADDITIONS BELOW : #################
# Log all kernel messages to the new file /var/log/kernel
kern.* /var/log/kernel

# Log all logins to /var/log/loginlog
auth.*;user.*;daemon.none /var/log/loginlog

# Log additional data to the Alt-F7 and Alt-F8 screens (Pseudo TTY 7 and 8)
# DISABLED BY ME
#*.info;mail.none;authpriv.none /dev/tty7
#authpriv.* /dev/tty7
#*.warn;*.err /dev/tty7
#kern.* /dev/tty7
#mail.* /dev/tty8

#*.* /dev/tty12
########## BASTILLE ADDITIONS CONCLUDED : ###############
88,1 Bot
 
Old 10-01-2005, 04:32 AM   #11
ozymandias
Member
 
Registered: Aug 2005
Location: West Midlands, UK
Posts: 61

Original Poster
Rep: Reputation: 15
Ah! Thanks Primo!
The dmesg command seems to kill those messages successfully.

Thanks once again,

Oz.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X Terminal Session Logging phiw1123 Linux - Software 1 04-26-2005 03:15 PM
Logging with Start stop daemon bigsness Linux - General 0 01-19-2005 03:25 PM
Error when logging in to terminal rwalkerphl Linux - General 7 06-22-2004 07:07 PM
Stop Printer Messages Logging to TTY Cyyb Linux - General 2 06-20-2003 02:02 PM
terminal history logging alue Linux - General 4 03-15-2002 01:59 AM


All times are GMT -5. The time now is 09:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration