Charlie Bravo To Go

I’m not sure why Citizen’s Band (CB) radios have gotten a bad rap in the US, but my hypothesis is that because it was a fad, a craze, in the 70’s and everybody went over the top with the novelty of it, we laugh about it as a relic of ancient history in this modern era of connected phones. The world of unlicensed people generally dump on the medium, but licensed Amateur Radio operators (like me) are the worst at putting it down, calling it a “license downgrade”.

Fact is, lots of hams got their start in CB, and once they got a taste for long-distance (DX) communications and got interested in the technical aspects of radio, they studied, took the test, and got a license to legally operate on the frequency bands that get them closer to that sweet DX. Sometimes, people forget their roots.

CB (left) and Amateur radio (right) are mounted on a rack for sliding under the seat.

I decided to buy a new CB against all the snide judgment of friends who told me I was wasting my money and time. Be that as it may, this CB has actually proven useful while traveling. Usually I’ll have brief exchanges with other drivers (almost always truck drivers) when the traffic’s shitty, as a way to find out what’s happening ahead of me, or to offer observations so they can get a sense for what’s going on. Tit for tat: life on the road sucks, and if you have a chance to be kind, be kind.

2m/70cm (ham) and 11m (CB) radios in car ready for travel
2m/70cm mag-mount antenna on roof, 11m CB antenna on trunk

There’s absolutely no reason for me to not have a CB in my car along with my dual-band Amateur radio. After having it there for almost a year, to not be there feels like cutting the nerves to a specialized ear that can hear CB transmissions. Every radio extends your senses and your ability to communicate. Ultimately, that’s what radio is for: communications.

Intake

I’ve turned a corner into a transitional period in my life. Once upon a time, I was a producer. I wrote, drew, created, sang, played, built, did lots of really nice things to build something where there was once nothing but parts.

Now I’m primarily a consumer. I eat, drink, watch, read, listen, and do little more than belch my thoughts.

Is this normal? I used to do things with my time. Should I feel this ashamed?

Stumble

In a world full of people who will gladly roll you if they could do it with impunity, I’m sincerely glad that I live in an area of Austin, Texas where I can stumble through neighborhood streets at 12am and not have somebody run up on me to make sure I don’t turn the corner with valuables in my pockets. It really is a charmed place, and I’m dumbstruck that I can be so stupid in my implicit trust of the hard streets of Northfield Neighborhood. It ain’t Highland, but it ain’t Hyde Park either.

FreeNAS and the Freak Warnings

I have a FreeNAS fileserver at home for backups and whatever. There’s a system job that runs nightly to look at the security logs and alert me if something’s wrong, for instance, if someone attempted to login and used an incorrect password. For as long as this box has been alive, I’d occasionally get emails like this:

bigbox.lan login failures:
Nov  6 22:12:14 bigbox sshd[722]: Failed password for root from 192.168.1.50 port 41002 ssh2
-- End of security output --

These are fine, usually, because sometimes I get things wrong. However, I’d occasionally get these even if I know for a fact I haven’t logged in at all. The source address is my desk workstation, and I know I didn’t make the session attempt. This gives me great cause for concern. Grave concern. Has somebody broken into my workstation and is trying to reach out?

So a few weeks ago I set up an iptables rule on my workstation to log the TCP SYN packet of every outbound SSH attempt:

iptables -A OUTPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "ssh_outbound "

This makes records like this in /var/log/syslog:

Nov  1 23:30:12 workstation kernel: [1473867.997608] ssh_outbound IN= OUT=enp3s0 SRC=192.168.1.50 DST=192.168.1.44 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20475 DF PROTO=TCP SPT=53594 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0

So when I got another alert this morning, I grepped my syslog and found absolutely nothing. Is the issue less nefarious than I feared? Is it a misconfiguration somewhere? So what’s going on?

Having had enough, I looked at my FreeNAS security log. It’s about 51KB and contains lots of entries. The entry triggering this morning’s alert is there. But it’s also followed by future dates. Future dates? Ah-hah! The stupid security logging daemon doesn’t store the year in the timestamps, and logwatcher doesn’t know it! This is an alert from last year! So why are old records still hanging around?

FreeNAS has a version of logrotate called newsyslog which gets its config from /etc/newsyslog.conf, which itself has the following entry for auth.log:

# logfilename     [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/auth.log                  600  7     100  *     JC

Huh. So the asterisk (*) means to not look at time when rotating the log, only the file size. Well, since the file’s not 100KB yet, it will sit until it is. This file is 4 years old! Wacky! So my fix is to change the asterisk to “$M1D0“, meaning monthly, day 1, regardless of size.

Now I only have a few more future alerts to look forward to until December starts and the log is rotated. I think I can live with that and rest a little more peacefully.

Hooray! We did it! We solved Blues Clues!