+x=usr(1536) Posted September 6, 2021 Share Posted September 6, 2021 This one has been driving me up the wall for the past 24 hours or so. If anyone can point me in the direction of the thing I've overlooked, I would be extremely grateful. Scenario: retiring the RasPi-based tnfs server and moving it over to a dedicated VM. Everything is essentially finished, but I'm running into a problem on the VM with tnfsd's logging verbosity: it likes to write the following to both /var/log/syslog and /var/log/daemon.log until they fill up /var: Spoiler Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes: Sep 6 12:04:16 tnfs tnfsd[595] The same message is written to both daemon.log and syslog at a rate of roughly 100 messages/second for both. tnfsd is running as a service, called by systemd; the same messages appear under `systemctl status tnfsd`, and their timestamps indicate that they're still being written. This is with a hand-rolled binary built from a git clone of the spectranet repo under Debian 11 on x64; the only build option was `os=LINUX`. The Debian install is super-light - it was built to run tnfsd, and nothing else. No Desktop, X, unnecessary packages, etc. Not even iptables or similar at the moment. Results are the same regardless of whether my binary or the prebuilt one from https://fujinet.online/download is being used. Any ideas? I'm grasping at straws on this one. Quote Link to comment Share on other sites More sharing options...
mozzwald Posted September 6, 2021 Share Posted September 6, 2021 49 minutes ago, x=usr(1536) said: Any ideas? I'm grasping at straws on this one. compile it without DEBUG ? Quote Link to comment Share on other sites More sharing options...
apc Posted September 6, 2021 Share Posted September 6, 2021 (edited) 31 minutes ago, mozzwald said: compile it without DEBUG ? It will not help in this case, ... tnfs/tnfsd/datagram.c printf("DEBUG: rx of tcpmsg: %d bytes: %s\n", sz, buf); I am wondering are you connecting to or listening on TCP? NTFS runs usually over UDP. Edit: Hmm, tnfsd seems to be listening always on both, UDP and TCP. The question is what triggers TCP handler in your case (as there is 0 bytes available from your logs)? Strange select()? Edited September 6, 2021 by apc Quote Link to comment Share on other sites More sharing options...
apc Posted September 6, 2021 Share Posted September 6, 2021 1 hour ago, apc said: NTFS TNFS Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted September 6, 2021 Author Share Posted September 6, 2021 4 hours ago, mozzwald said: compile it without DEBUG ? The only build option specified was for the target OS. Funnily enough, the reason why I ended up rolling my own was to eliminate the possibility of that being an issue affecting the binary on fujinet.online - I first saw this behaviour with that version and decided to see if rolling my own solved it. FWIW, I did roll one with DEBUG explicitly enabled and got what shasum declared to be the exact same binary as without it. 4 hours ago, apc said: Edit: Hmm, tnfsd seems to be listening always on both, UDP and TCP. The question is what triggers TCP handler in your case (as there is 0 bytes available from your logs)? Strange select()? I can block TCP at the firewall and see what happens. FWIW, this never happened on the RasPi as far as I can remember, and grepping the logs on that machine has no matches for `tnfsd`, which I would expect to see if it was writing to the logs. Note that I'm using a hand-rolled version there as well for both the OS and tnfsd - the prepackaged image is not in use. Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted September 6, 2021 Author Share Posted September 6, 2021 I my previous post, I said the following: 24 minutes ago, x=usr(1536) said: FWIW, I did roll one with DEBUG explicitly enabled and got what shasum declared to be the exact same binary as without it. This one, I believe, has been tracked down. I didn't realise that `make clean` by itself wouldn't clean up after a build - you have to specify `make OS=INSERTOSHERE clean` in order for it to work. If you don't insert the `OS=` flag, the makefile doesn't do a clean and just says that there's no rule to follow. I managed to miss this and happily rebuilt the same binary multiple times. Armed with that bit of knowledge, I've now built three binaries, each one confirmed different. Here's what I get: Spoiler tnfsd@tnfs:~/build/tnfsd# ls -al bin/ total 192 drwxr-xr-x 2 tnfsd tnfsd 4096 Sep 6 17:38 . drwxr-xr-x 4 tnfsd tnfsd 4096 Sep 6 17:38 .. -rwxr-xr-x 1 tnfsd tnfsd 47704 Sep 6 17:38 tnfsd -rwxr-xr-x 1 tnfsd tnfsd 86512 Sep 6 17:35 tnfsd.debug -rwxr-xr-x 1 tnfsd tnfsd 47704 Sep 6 17:37 tnfsd.usagelog tnfsd@tnfs:~/build/tnfsd# cd bin/ tnfsd@tnfs:~/build/tnfsd/bin# shasum -a 256 tnfsd tnfsd.debug tnfsd.usagelog b89d5a92ec417d475942705406c4af6653a6573183b0ad498cfcecbb7e6e337d tnfsd 9adfcc4c25a0728e6ca8ec5f7462d86c4c326e921a2b37963430a794ecdb1272 tnfsd.debug eb7bca025bbff0918a3ec48ac82e0664a8f9a2110c864ea53321126633d525b0 tnfsd.usagelog tnfsd@tnfs:~/build/tnfsd/bin# tnfsd and tnfsd.usagelog end up being the same size, but as the shasums are different their build options were likely respected. Given the lack of understanding on my behalf of what `make` wanted in the way of build options, I'm retrying with binaries that are known to be what they should be. 1 Quote Link to comment Share on other sites More sharing options...
apc Posted September 7, 2021 Share Posted September 7, 2021 (edited) It looks like a bug in tnfs/tnfsd/datagram.c I can trigger crazy tnfsd output with netcat (or telnet) to TCP port 16384 (which is open by tnfsd): $ nc localhost 16384 # just hit ctrl+c to close the connection ^C $ And you will get: DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � ... Currently, if you are running any network probes to the TCP port 16384 (network scanning or service monitoring) it will make tnfsd very unhappy. Edited September 7, 2021 by apc Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted September 7, 2021 Author Share Posted September 7, 2021 5 hours ago, apc said: It looks like a bug in tnfs/tnfsd/datagram.c I can trigger crazy tnfsd output with netcat (or telnet) to TCP port 16384 (which is open by tnfsd): $ nc localhost 16384 # just hit ctrl+c to close the connection ^C $ And you will get: DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � DEBUG: rx of tcpmsg: 0 bytes: � ... Currently, if you are running any network probes to the TCP port 16384 (network scanning or service monitoring) it will make tnfsd very unhappy. Funnily enough, I just popped in to say that I was able to reproducibly trigger this with telnet Makes sense: looking back on what was happening when this behaviour first triggered, I was testing firewall rules using telnet and tnfs_client.py. Have separate terminals up doing a tail -f on both /var/log/daemon.log and /var/log/syslog. Telnet to port 16384. When connected, hit enter twice followed by ^]. Issue the 'quit' command. Watch as the logfiles go ballistic filling with stuff: Spoiler /var/log/syslog: tnfsSep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017 Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1172]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1172]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1. Sep 7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1173]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1173]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2. Sep 7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1174]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1174]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:48 tnfs tnfsd[1175]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:48 tnfs tnfsd[1175]: Unable to bind TCP socket Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:48 tnfs tnfsd[1176]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:48 tnfs tnfsd[1176]: Unable to bind TCP socket Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: Failed to start tnfs Daemon. Sep 7 07:20:55 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:20:55 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:55 tnfs systemd[1]: Failed to start tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1198]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1198]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1. Sep 7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1199]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1199]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2. Sep 7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1200]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1200]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:28 tnfs tnfsd[1201]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:28 tnfs tnfsd[1201]: Unable to bind TCP socket Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:28 tnfs tnfsd[1202]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:28 tnfs tnfsd[1202]: Unable to bind TCP socket Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: Failed to start tnfs Daemon. Spoiler /var/log/daemon.log: Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;? Sep 7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003 Sep 7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes: Sep 7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017 Sep 7 07:20:40 tnfs systemd[1]: Configuration file /etc/systemd/system/ Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1172]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1172]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1. Sep 7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1173]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1173]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2. Sep 7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:47 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:47 tnfs tnfsd[1174]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:47 tnfs tnfsd[1174]: Unable to bind TCP socket Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:48 tnfs tnfsd[1175]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:48 tnfs tnfsd[1175]: Unable to bind TCP socket Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:20:48 tnfs tnfsd[1176]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:20:48 tnfs tnfsd[1176]: Unable to bind TCP socket Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5. Sep 7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:48 tnfs systemd[1]: Failed to start tnfs Daemon. Sep 7 07:20:54 tnfs systemd[1]: Configuration file /etc/systemd/system/ Sep 7 07:20:55 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:20:55 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:20:55 tnfs systemd[1]: Failed to start tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1198]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1198]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1. Sep 7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1199]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1199]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2. Sep 7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:27 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:27 tnfs tnfsd[1200]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:27 tnfs tnfsd[1200]: Unable to bind TCP socket Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:28 tnfs tnfsd[1201]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:28 tnfs tnfsd[1201]: Unable to bind TCP socket Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: Started tnfs Daemon. Sep 7 07:21:28 tnfs tnfsd[1202]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/" Sep 7 07:21:28 tnfs tnfsd[1202]: Unable to bind TCP socket Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5. Sep 7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly. Sep 7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'. Sep 7 07:21:28 tnfs systemd[1]: Failed to start tnfs Daemon. Only way to stop it was to use systemctl to stop tnfsd, which then refused to restart via systemctl. Rebooted in order to have everything back up cleanly. Also found some interesting things about how commands with write capability work, but will get to them separately. Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted September 7, 2021 Author Share Posted September 7, 2021 Apparently I just can't get enough of this one Running nmap against port 16384, basic UDP scan: Spoiler /var/log/daemon.log: Sep 7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received Sep 7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received Spoiler /var/log/syslog: Sep 7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received Sep 7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received And the results: Spoiler lolbox:~ jrandomuser$ sudo nmap -sU its.a.sekrit -p 16384 Starting Nmap 7.90 ( https://nmap.org ) at 2021-09-07 08:42 CDT Nmap scan report for its.a.sekrit (10.10.10.100) Host is up (0.0016s latency). PORT STATE SERVICE 16384/udp open|filtered connected Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds lolbox:~ jrandomuser$ No crashes, no crazy logfills. UDP looks to be fairly solid, at least from a quick poke at it. 1 Quote Link to comment Share on other sites More sharing options...
_The Doctor__ Posted September 7, 2021 Share Posted September 7, 2021 (edited) so what was or is the final solution so folks don't get hit with crazy logfills exactly? or can we all look forward to malicious scans etc triggering a logfill frenzy perhaps a warning of what not to do and what to do need be propagated to the fujinet/Atari world Edited September 7, 2021 by _The Doctor__ Quote Link to comment Share on other sites More sharing options...
apc Posted September 7, 2021 Share Posted September 7, 2021 46 minutes ago, _The Doctor__ said: so what was or is the final solution so folks don't get hit with crazy logfills exactly? Take care when making your TNFS server reachable from wild world. Ensure only UDP port 16384 is exposed. In general, follow security practices: - restrict TNFS to vm/container/jail/chroot/etc. - run it with dedicated user - limit the permissions on files/dirs to allow only read access - be prepared, bad ass will exploit it - do backups I am not security expert, I'm sure someone can add more rulz 2 Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted September 7, 2021 Author Share Posted September 7, 2021 3 hours ago, apc said: Take care when making your TNFS server reachable from wild world. Ensure only UDP port 16384 is exposed. This. If public-facing, it's the best quick mitigation, but far from perfect. More on that below. 3 hours ago, apc said: In general, follow security practices: - restrict TNFS to vm/container/jail/chroot/etc. Added to this: Use separate partitions for /, /home, /var, etc. If practical, set syslog and daemon.log to rotate based on size & age (this will keep them from flooding /var, but you may lose useful logs) Mount your tnfs hierarchy on a separate disk (physical or loopback, your call, but loopbacks can be scaled more easily for the amount of data being stored & served) 3 hours ago, apc said: - run it with dedicated user - limit the permissions on files/dirs to allow only read access File ACLs would also be a good idea, particularly the effective rights mask though user / group / other ACLs shouldn't be ignored. This is more of a 'just in case' on top of the regular permissions in case things start being written. 3 hours ago, apc said: - be prepared, bad ass will exploit it - do backups Also these. 3 hours ago, apc said: I am not security expert, I'm sure someone can add more rulz As mentioned at the start of this reply: allowing only UDP/16384 through the firewall to the tnfs box will prevent TCP traffic from being able to spin the logs up into a frenzy. However, it's not clear if there are issues present in UDP that haven't been found yet. This is why I refer to it as mitigation but far from perfect. Still, it should absolutely be done. Assuming a public-facing machine, put it in a DMZ, not on your internal network. The DMZ should have no access into the internal network, but the internal network should be able to reach into the DMZ for admin purposes, etc. This applies to VMs, etc. as well as physical machines. If you're already running IDS / IPS, you probably don't need to be reading this thread But a check for activity on TCP/16384 and possible block rule might not be a bad idea. If nothing else, the logging will at least let you know who is interested. I alluded to this earlier in the thread, but to flesh things out a bit more: tnfsd has the ability - by design - to both read and write. From the small amount of playing around I was able to do with it this morning, it may (note the emphasis: I want to be clear that this is unproven) be possible for an attacker to exploit that. This may sound like something that can be remedied with read-only directories. And to some extent, that's probably true. However, out of an abundance of paranoia caution regarding writing outside of tnfsd's specified directory hierarchy, use a combination of the above guidelines so that you're as shored-up as possible. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.