Honey Dove
Gah. Unenthused sarlok is unenthused.
Warning: This post may have no meaning beyond providing a brief interlude to my current lapse of boredom.
I fixed a frick-load of broken URL's spread across my blog posts of old, most of which I broke myself after re-jigging the random images folder. Wound up splitting the one monster folder into several subs to cut back on disk chatter.
Hindsight, having fixed the broken links, I'm now re-thinking my choice of hard-coding paths and images, and have some idea for a permalink that should be sane enough to keep up with auto-filing image folders… maybe by the time my next post is done.
My new toy.
Spontaneous purchase was spontaneous. My old bow was already fast at ~320fps.
Splurged on some nice light 250 grain arrows to go with the new bow though.
My new other toy.
My initial observations were how amazingly well built the thing is. I thought Dell and IBM's servers were well made, but after cracking the T2000 open… It's very, very nice.
Master plan is to move *.sarlok.com to the T2000, and re-purpose fluctuator as a storage backend on account of the 8 drive-bays.
That aside, this made me chuckle seeing it for the first time post-install.
I especially love how base has fewer processes than there are cores… well, threads I guess - but still.
root@sparksmith:~ # uname -a
OpenBSD sparksmith.sarlok.com 5.6 GENERIC.MP#166 sparc64
root@sparksmith:~ # top -d1
load averages: 0.12, 0.19, 0.14 sparksmith.my.domain 19:46:57
26 processes: 24 idle, 2 on processor
CPU00 states: 0.0% user, 0.0% nice, 0.3% system, 0.8% interrupt, 98.9% idle
CPU01 states: 0.0% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.8% idle
CPU02 states: 0.1% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.8% idle
CPU03 states: 0.1% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.8% idle
CPU04 states: 0.0% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.8% idle
CPU05 states: 0.0% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.9% idle
CPU06 states: 0.0% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.8% idle
CPU07 states: 0.0% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.8% idle
CPU08 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU09 states: 0.0% user, 0.0% nice, 0.5% system, 0.0% interrupt, 99.5% idle
CPU10 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU11 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU12 states: 0.1% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.9% idle
CPU13 states: 0.0% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.8% idle
CPU14 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.9% idle
CPU15 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU16 states: 0.0% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.8% idle
CPU17 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU18 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU19 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU20 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU21 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU22 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU23 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU24 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU25 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU26 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU27 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU28 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU29 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU30 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU31 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
Memory: Real: 26M/110M act/tot Free: 31G Cache: 25M Swap: 0K/4097M
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
6537 root 2 0 4440K 4096K idle select 11:09 0.00% sshd
15852 _smtpd 2 0 2184K 3152K sleep kqread 0:29 0.00% smtpd
5908 _smtpd 2 0 1848K 2384K sleep kqread 0:29 0.00% smtpd
5247 _smtpd 2 0 2216K 2624K sleep kqread 0:29 0.00% smtpd
28491 root 10 0 712K 1472K idle wait 0:27 0.00% man
28367 root 2 0 4240K 4088K sleep select 0:22 0.00% sshd
25118 _pflogd 4 0 1120K 400K sleep bpf 0:12 0.00% pflogd
16328 _spamd 4 0 1176K 1160K sleep bpf 0:11 0.00% spamlogd
2506 root 3 0 712K 1416K idle ttyin 0:04 0.00% getty
31521 _syslogd 2 0 960K 1152K sleep poll 0:01 0.00% syslogd
1 root 10 0 864K 528K sleep wait 0:01 0.00% init
29136 root 2 0 2088K 2504K idle kqread 0:01 0.00% smtpd
27422 root 18 0 928K 784K sleep pause 0:00 0.00% ksh
11990 root 2 0 1536K 1736K idle select 0:00 0.00% sshd
32385 root 18 0 1024K 776K idle pause 0:00 0.00% ksh
17628 _smtpq 2 0 2112K 2688K sleep kqread 0:00 0.00% smtpd
17078 _smtpd 2 0 2112K 2680K sleep kqread 0:00 0.00% smtpd
5727 root 2 0 1168K 1424K idle select 0:00 0.00% cron
Let's see… what else has been randomly interesting of late…
I blew half-an-hour chasing down some random problems with our internal mediawiki at work. I was surprised, and amused by the cause of a phantom reset packet. Probably would have caught on sooner if I decided to tcpdump right off the bat and saw said reset, but oh-well.
Turns out, copy-pasta of a unidiff one-liner for an unprivileged user from master.passwd into the wiki page body for documentation didn't get past the ASA IPS module sitting at the edge of a number of our servers.
evIdsAlert: eventId=1379435087058567927 vendor=Cisco severity=medium alarmTraits=32768
originator:
hostId: sensor
appName: sensorApp
appInstanceId: 1178
time: Jul 04, 2014 21:34:24 UTC offset=-420 timeZone=UTC
signature: description=Unix Password File Access Attempt id=3201 version=S238 type=vulnerability created=20010202
subsigId: 3
sigDetails: [ \x26=?.]/etc/master.passwd[ \x26=?]
interfaceGroup: vs0
vlan: 0
participants:
attacker:
addr: 1.2.3.4 locality=OUT
port: 29983
target:
addr: 10.0.0.10 locality=OUT
port: 80
os: idSource=learned type=bsd relevance=relevant
actions:
droppedPacket: true
deniedFlow: true
tcpOneWayResetSent: true
context:
fromAttacker:000000 3A 73 74 61 63 6B 73 69 7A 65 2D 63 75 72 3D 38 :stacksize-cur=8
000010 4D 3A 5C 0D 0A 2B 20 20 20 20 20 20 20 20 3A 6C M:\..+ :l
000020 6F 63 61 6C 63 69 70 68 65 72 3D 62 6C 6F 77 66 ocalcipher=blowf
000030 69 73 68 2C 38 3A 5C 0D 0A 2B 20 20 20 20 20 20 ish,8:\..+
000040 20 20 3A 74 63 3D 64 65 66 61 75 6C 74 3A 0D 0A :tc=default:..
000050 65 2D 2D 2D 2D 2D 40 72 2D 2D 2D 2D 2D 3A 7E 20 e-----@r-----:~
000060 24 20 20 73 75 64 6F 20 64 69 66 66 20 2D 75 20 $ sudo diff -u
000070 2F 76 61 72 2F 62 61 63 6B 75 70 73 2F 6D 61 73 /var/backups/mas
000080 74 65 72 2E 70 61 73 73 77 64 2E 63 75 72 72 65 ter.passwd.curre
000090 6E 74 20 2F 65 74 63 2F 6D 61 73 74 65 72 2E 70 nt /etc/master.p
0000A0 61 73 73 77 64 0D 0A 2D 2D 2D 20 2F 76 61 72 2F asswd..--- /var/
0000B0 62 61 63 6B 75 70 73 2F 6D 61 73 74 65 72 2E 70 backups/master.p
0000C0 61 73 73 77 64 2E 63 75 72 72 65 6E 74 20 20 53 asswd.current S
0000D0 61 74 20 41 70 72 20 20 35 20 30 31 3A 33 30 3A at Apr 5 01:30:
0000E0 31 34 20 32 30 31 34 0D 0A 2B 2B 2B 20 2F 65 74 14 2014..+++ /et
0000F0 63 2F 6D 61 73 74 65 72 2E 70 61 73 73 77 64 20 c/master.passwd
(output trimmed)
No music video today, and I had nothing more to say, so… Attack cat, ATTACK!
|
