From cjc@rfx-216-196-73-168.users.reflexcom.com  Thu Jan 18 19:30:41 2001
Return-Path: <cjc@rfx-216-196-73-168.users.reflexcom.com>
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP
	id 827F037B69B; Thu, 18 Jan 2001 19:30:41 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Thu, 18 Jan 2001 19:28:39 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0J3UPa75677;
	Thu, 18 Jan 2001 19:30:25 -0800 (PST)
	(envelope-from cjc)
Message-Id: <200101190330.f0J3UPa75677@rfx-216-196-73-168.users.reflexcom.com>
Date: Thu, 18 Jan 2001 19:30:25 -0800 (PST)
From: cjclark@reflexcom.com
Reply-To: cjclark@alum.mit.edu
To: FreeBSD-gnats-submit@freebsd.org
Cc: current@freebsd.org
Subject: syslogd(8) does not update hostname
X-Send-Pr-Version: 3.113

>Number:         24444
>Category:       bin
>Synopsis:       syslogd(8) does not update hostname
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    cjc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 18 19:40:00 PST 2001
>Closed-Date:    Sat Sep 22 01:53:05 PDT 2001
>Last-Modified:  Sat Sep 22 01:58:06 PDT 2001
>Originator:     Crist J. Clark
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:

	All standard FreeBSD distributions. The code discussed is from
5.0-CURRENT, but should trivially merge back to -STABLE.

>Description:

	Many tools and progams within FreeBSD date back to a time when
it was expected that a machines IP and hostname seldom, if ever,
changed. Even when a IP and hostname were received at boot, it rarely
changed until shutdown. With many users using protocols like DHCP
where IP and hostname change with time, many tools do not deal well
with this behavior.

	One of these tools is syslogd(8). syslogd(8) is typically
started at boot time and runs until shutdown. However, syslogd(8)
loads the hostname at startup and syslogd(8)'s idea of the hostname
can never change while it is running.

	One might expect that a SIGHUP would cause syslogd(8) to load
the new hostname since a SIGHUP can cause syslogd(8) to re-read its
configuration file and re-open the log files, but it does not.

	The fact that the hostname does not change can cause confusion
in the log files. It could be especially troublesome when a machine is
logging to a central loghost. At any given time, the names in the log
files may not have any correspondence to the names the hosts currently
have. There are even issues on a host that gets its IP and hostname
via DHCP at boot and the name never changes. syslogd(8) is started
before any network services are initialized in /etc/rc.

	I propose that syslogd(8) should reload the hostname with a
SIGHUP. I cannot think of any reason that one should not update the
hostname, but as I pointed out, there are reasons why one would want
that behavior.

>How-To-Repeat:

	# hostname -s
	bubbles
	# hostname bubbles-test.domain.org
	# kill -HUP `cat /var/run/syslog.pid`
	# logger -p user.notice "hostname test"
	# tail -4 /var/log/messages
	Jan 17 21:45:00 bubbles /boot/kernel/kernel: acd0: CDROM <CD-532E-A> at ata0-slave using BIOSPIO
	Jan 17 21:45:00 bubbles /boot/kernel/kernel: Mounting root from ufs:/dev/ad0s1a
	Jan 18 00:41:14 bubbles su: cjc to root on /dev/ttyp0
	Jan 18 00:58:34 bubbles cjc: hostname test

>Fix:

	I do not see any reason we cannot move the code that gets the
hostname from the main() function into init(). init() is called when
to "reload" settings. The hostname is never used in main() before
init() is called. The patch is against -CURRENT and my box has not
exploded yet.

	Here is what the above test looks like with the change in
place.

	# hostname -s
	bubbles
	# hostname bubbles-test.cjclark.org
	# kill -HUP `cat /var/run/syslog.pid `
	# logger -p user.notice "syslogd hostname test"
	# hostname bubbles.cjclark.org
	# kill -HUP `cat /var/run/syslog.pid `
	# logger -p user.notice "syslogd hostname test"
	# tail -4 /var/log/messages
	Jan 18 13:36:58 bubbles su: BAD SU cjc to root on /dev/ttyp0
	Jan 18 13:37:03 bubbles su: cjc to root on /dev/ttyp0
	Jan 18 13:38:40 bubbles-test cjc: syslogd hostname test
	Jan 18 13:39:11 bubbles cjc: syslogd hostname test


--- syslogd.c   2001/01/18 08:06:34
+++ syslogd.c   2001/01/18 08:09:23
@@ -395,12 +395,6 @@
 
        consfile.f_type = F_CONSOLE;
        (void)strcpy(consfile.f_un.f_fname, ctty + sizeof _PATH_DEV - 1);
-       (void)gethostname(LocalHostName, sizeof(LocalHostName));
-       if ((p = strchr(LocalHostName, '.')) != NULL) {
-               *p++ = '\0';
-               LocalDomain = p;
-       } else
-               LocalDomain = "";
        (void)strcpy(bootfile, getbootfile());
        (void)signal(SIGTERM, die);
        (void)signal(SIGINT, Debug ? die : SIG_IGN);
@@ -1342,6 +1336,16 @@
        char host[MAXHOSTNAMELEN+1];
 
        dprintf("init\n");
+
+       /*
+        * Load hostname (may have changed)
+        */
+       (void)gethostname(LocalHostName, sizeof(LocalHostName));
+       if ((p = strchr(LocalHostName, '.')) != NULL) {
+               *p++ = '\0';
+               LocalDomain = p;
+       } else
+               LocalDomain = "";
 
        /*
         *  Close all open log files.

>Release-Note:
>Audit-Trail:

From: Dag-Erling Smorgrav <des@ofug.org>
To: cjclark@alum.mit.edu
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: 19 Jan 2001 12:32:53 +0100

 cjclark@reflexcom.com writes:
 > 	I propose that syslogd(8) should reload the hostname with a
 > SIGHUP. I cannot think of any reason that one should not update the
 > hostname, but as I pointed out, there are reasons why one would want
 > that behavior.
 
 It should also log a message if the hostname changes.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
 

From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: Fri, 19 Jan 2001 11:03:41 -0800

 On Fri, Jan 19, 2001 at 12:32:53PM +0100, Dag-Erling Smorgrav wrote:
 > cjclark@reflexcom.com writes:
 > > 	I propose that syslogd(8) should reload the hostname with a
 > > SIGHUP. I cannot think of any reason that one should not update the
 > > hostname, but as I pointed out, there are reasons why one would want
 > > that behavior.
 > 
 > It should also log a message if the hostname changes.
 
 Should that be a responsibility of syslogd(8) or hostname(1)?
 
 Personally, it might be a slippery slope to start adding things that
 syslogd(8) should maintain state on, but since syslogd(8) actually
 uses the hostname... One also could start arguing that syslogd(8)
 should check the hostname everytime it logs something despite the
 performance hit. As for what syslogd(8) does now, if you look at the
 example output in the PR, notice syslogd(8) didn't even log when it
 was HUP'ed.
 
 IMHO, I think it is beyond the scope of syslogd(8) to actually track
 changes in the hostname in real-time. Noticing a change when given a
 HUP signal, would seem reasonable, but if hostname(1) were to log
 changes, that would also be fairly redundant.
 -- 
 Crist J. Clark                           cjclark@alum.mit.edu
 

From: Dag-Erling Smorgrav <des@ofug.org>
To: cjclark@alum.mit.edu
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: 19 Jan 2001 23:09:24 +0100

 "Crist J. Clark" <cjclark@reflexnet.net> writes:
 > On Fri, Jan 19, 2001 at 12:32:53PM +0100, Dag-Erling Smorgrav wrote:
 > > It should also log a message if the hostname changes.
 > Should that be a responsibility of syslogd(8) or hostname(1)?
 
 I meant syslogd(8), but putting it in hostname(1) might makes sense,
 except that hostname(1) is not the only way to set the hostname
 ('sysctl -w kern.hostname=foo' is another)
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
 

From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: Fri, 19 Jan 2001 11:03:41 -0800

 *This message was transferred with a trial version of CommuniGate(tm) Pro*
 On Fri, Jan 19, 2001 at 12:32:53PM +0100, Dag-Erling Smorgrav wrote:
 > cjclark@reflexcom.com writes:
 > > 	I propose that syslogd(8) should reload the hostname with a
 > > SIGHUP. I cannot think of any reason that one should not update the
 > > hostname, but as I pointed out, there are reasons why one would want
 > > that behavior.
 > 
 > It should also log a message if the hostname changes.
 
 Should that be a responsibility of syslogd(8) or hostname(1)?
 
 Personally, it might be a slippery slope to start adding things that
 syslogd(8) should maintain state on, but since syslogd(8) actually
 uses the hostname... One also could start arguing that syslogd(8)
 should check the hostname everytime it logs something despite the
 performance hit. As for what syslogd(8) does now, if you look at the
 example output in the PR, notice syslogd(8) didn't even log when it
 was HUP'ed.
 
 IMHO, I think it is beyond the scope of syslogd(8) to actually track
 changes in the hostname in real-time. Noticing a change when given a
 HUP signal, would seem reasonable, but if hostname(1) were to log
 changes, that would also be fairly redundant.
 -- 
 Crist J. Clark                           cjclark@alum.mit.edu
 
 
 To Unsubscribe: send mail to majordomo@FreeBSD.org
 with "unsubscribe freebsd-current" in the body of the message
 

From: Dag-Erling Smorgrav <des@ofug.org>
To: cjclark@alum.mit.edu
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: 19 Jan 2001 23:09:24 +0100

 *This message was transferred with a trial version of CommuniGate(tm) Pro*
 "Crist J. Clark" <cjclark@reflexnet.net> writes:
 > On Fri, Jan 19, 2001 at 12:32:53PM +0100, Dag-Erling Smorgrav wrote:
 > > It should also log a message if the hostname changes.
 > Should that be a responsibility of syslogd(8) or hostname(1)?
 
 I meant syslogd(8), but putting it in hostname(1) might makes sense,
 except that hostname(1) is not the only way to set the hostname
 ('sysctl -w kern.hostname=foo' is another)
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
 
 
 To Unsubscribe: send mail to majordomo@FreeBSD.org
 with "unsubscribe freebsd-current" in the body of the message
 

From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: Sat, 20 Jan 2001 17:01:55 -0800

 On Fri, Jan 19, 2001 at 11:09:24PM +0100, Dag-Erling Smorgrav wrote:
 > "Crist J. Clark" <cjclark@reflexnet.net> writes:
 > > On Fri, Jan 19, 2001 at 12:32:53PM +0100, Dag-Erling Smorgrav wrote:
 > > > It should also log a message if the hostname changes.
 > > Should that be a responsibility of syslogd(8) or hostname(1)?
 > 
 > I meant syslogd(8), but putting it in hostname(1) might makes sense,
 > except that hostname(1) is not the only way to set the hostname
 > ('sysctl -w kern.hostname=foo' is another)
 
 How about just logging a sethostname(3) call?
 
 But anyway, syslogd(8) does not track the state of any other system
 parameters, I think asking syslogd(8) to notice a change in the
 hostname on its own in a real-time fashion is beyond its scope.
 
 That said, I agree that syslogd(8) making a note when its own idea of
 the hostname changes would be useful. If one is analyzing logs, an
 entry indicating that messages from a given machine no longer will be
 labeled as coming from 'foo' but 'foobar' would be very helpful.
 
 Patches, patches, patches:
 
 --- usr.sbin/syslogd/syslogd.c	2001/01/18 08:06:34	1.1
 +++ usr.sbin/syslogd/syslogd.c	2001/01/21 00:55:53	1.3
 @@ -318,7 +318,7 @@
  	struct sockaddr_un sunx, fromunix;
  	struct sockaddr_storage frominet;
  	FILE *fp;
 -	char *p, *hname, line[MAXLINE + 1];
 +	char *hname, line[MAXLINE + 1];
  	struct timeval tv, *tvp;
  	struct sigaction sact;
  	sigset_t mask;
 @@ -395,12 +395,6 @@
  
  	consfile.f_type = F_CONSOLE;
  	(void)strcpy(consfile.f_un.f_fname, ctty + sizeof _PATH_DEV - 1);
 -	(void)gethostname(LocalHostName, sizeof(LocalHostName));
 -	if ((p = strchr(LocalHostName, '.')) != NULL) {
 -		*p++ = '\0';
 -		LocalDomain = p;
 -	} else
 -		LocalDomain = "";
  	(void)strcpy(bootfile, getbootfile());
  	(void)signal(SIGTERM, die);
  	(void)signal(SIGINT, Debug ? die : SIG_IGN);
 @@ -1340,10 +1334,23 @@
  	char cline[LINE_MAX];
   	char prog[NAME_MAX+1];
  	char host[MAXHOSTNAMELEN+1];
 +	char oldLocalHostName[MAXHOSTNAMELEN+1];
 +	char hostMsg[2*(MAXHOSTNAMELEN+1)+40];
  
  	dprintf("init\n");
  
  	/*
 +	 * Load hostname (may have changed)
 +	 */
 +	strncpy(oldLocalHostName, LocalHostName, sizeof(LocalHostName));
 +	(void)gethostname(LocalHostName, sizeof(LocalHostName));
 +	if ((p = strchr(LocalHostName, '.')) != NULL) {
 +		*p++ = '\0';
 +		LocalDomain = p;
 +	} else
 +		LocalDomain = "";
 +
 +	/*
  	 *  Close all open log files.
  	 */
  	Initialized = 0;
 @@ -1492,6 +1499,17 @@
  
  	logmsg(LOG_SYSLOG|LOG_INFO, "syslogd: restart", LocalHostName, ADDDATE);
  	dprintf("syslogd: restarted\n");
 +	/*
 +	 * Log a change in hostname, but only on a restart
 +	 */
 +	if ((signo != 0) &&
 +	    (strncmp(oldLocalHostName, LocalHostName, sizeof(LocalHostName)) != 0)) {
 +		snprintf(hostMsg, sizeof(hostMsg),
 +			 "syslogd: hostname changed, \"%s\" to \"%s\"", 
 +			 oldLocalHostName, LocalHostName);
 +		logmsg(LOG_SYSLOG|LOG_INFO, hostMsg, LocalHostName, ADDDATE);
 +		dprintf("%s\n", hostMsg);
 +	}
  }
  
  /*
 
 
 -- 
 Crist J. Clark                           cjclark@alum.mit.edu
 

From: Dag-Erling Smorgrav <des@ofug.org>
To: cjclark@alum.mit.edu
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: 21 Jan 2001 04:32:33 +0100

 "Crist J. Clark" <cjclark@reflexnet.net> writes:
 > How about just logging a sethostname(3) call?
 
 Still doesn't help. There are (at least) two different ways of setting
 the hostname, one being a syscall and the other being a sysctl. One
 could of course have the kernel print a message to the console about
 it, syslogd(8) would pick that up.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
 

From: Andrea Campi <andrea@webcom.it>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: cjclark@alum.mit.edu, FreeBSD-gnats-submit@FreeBSD.ORG,
	current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: Sun, 21 Jan 2001 11:51:22 +0100

 > the hostname, one being a syscall and the other being a sysctl. One
 > could of course have the kernel print a message to the console about
 > it, syslogd(8) would pick that up.
 
 Yes, I was about to propose this, but then I thought: why? If we go this way,
 then we should definitely also log an IP address change, maybe even our default
 router change MAC address... why not even hardware changes since last reboot?
 
 Working in a security job, I can understand worries about important events
 going unnoticed. But doing this in kernel is IMHO overkill, maybe it could be
 interesting for TrustetBSD, but not in the normal kernel; at least, it should
 be configurable at both compile time and runtime (high securelevel and/or a
 sysctl).
 
 The Right Way (tm) to do this is to use (or write) an host intrusion detection
 system.
 
 Having said this, the proposed patch looks fine to me and I think it should be
 committed.
 
 Bye,
 	Andrea
 
 -- 
                Speak softly and carry a cellular phone.
 
Responsible-Changed-From-To: freebsd-bugs->cjc 
Responsible-Changed-By: dd 
Responsible-Changed-When: Mon Jun 18 17:51:10 PDT 2001 
Responsible-Changed-Why:  
Over to originator. 
(FWIW, I don't think syslogd or hostname should log a hostname change; 
that's the job of the kernel.  See PR 26787) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24444 
State-Changed-From-To: open->closed 
State-Changed-By: cjc 
State-Changed-When: Sat Sep 22 01:53:05 PDT 2001 
State-Changed-Why:  
Functionality added to -CURRENT and -STABLE. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24444 
>Unformatted:
