We want to watch for promiscuous flags in
the interfaces. Similar to cpm for SunOS 4.
We do know that by the time the friendly hacker
can put an interface into promisuous mode, she can
also disable any checks, among other things.
Thanks to those who responded.
Three people suggested running "sysconfig -s". But
I don't see an obvious correlation between the output and packetfilter.
Our kernels do have packetfilter configured.
Dr. Tom Blinn says there is no way.
Mingzuo
-----sysconfig -s-----
"Serguei Patchkovskii" <patchkov_at_ucalgary.ca>
Yvon Lauriault <yvon.lauriault_at_nlc-bnc.ca>
Caprica7_at_aol.com
-----run tcpdump and see if it fails-----
wmills_at_WellsFargo.COM
-----no way to know-----
"Dr. Tom Blinn, 603-884-0646" <tpb_at_doctor.zk3.dec.com>
What problem are you trying to solve? Because there's isn't going to be any
easy way to do what you seem to want to use as part of the solution. Maybe
there is a better way.
If you want to know if a given option is built into the running kernel, you've
probably got a difficult time. Because there is no guarantee that the running
kernel corresponds to anything in the file system.
The kernel configuration generates a Makefile which lives in the kernel config
directory. The Makefile drives a compilation and link process. The contents
of the Makefile are determined in part by the kernel configuration file, but a
large part of what makes it up is the information in the "files" files, which
list which "modules" need to be used to build the running kernel, depending on
a lot of complicated rules.
I personally know of no way to use dbx to examine the running kernel to figure
out what's actually built into it, either statically, or boot linked, or
loaded after the fact.
Tom
-----Original message-----
We are running 4.0D.
We can use "grep options /usr/sys/conf/HOSTNAME". But this does not
necessarily mean these have been built into a vmunix file.
Is there a way to examine what modules are built in a vmunix file?
My task at hand is too see whether the packetfilter has been
configured. Would this be a good test?
what /vmunix | grep -i bpf_filter
$RCSfile: bpf_filter.c,v $ $Revision: 1.1.9.2 $ (DEC) $Date: 1995/08/21 23:57:30 $
or
strings /vmunix | grep bpf
_at_(#)$RCSfile: bpf_filter.c,v $ $Revision: 1.1.9.2 $ (DEC) $Date: 1995/08/21 23:57:30 $
_at_(#)$RCSfile: pfilt_bpf.c,v $ $Revision: 1.1.12.2 $ (DEC) $Date: 1996/08/15 21:58:59 $
What I think is the most definite test is to run some command against
the running kernel, like "dbx -k /vmunix /dev/mem".
Here is where I need a pointer.
What command to enter at the (dbx) prompt.
Received on Mon Feb 01 1999 - 22:06:56 NZDT